Add host to oVirt: unprovisioned without using username/password in vdsm-tool
Hi All, In the past I was using an URL to add my hosts to over so they exists in the ovirt WebGui but they were unprovisioned so I needed to install them only. This is what I used: http://OVIRTENGINE_FQDN/OvirtEngineWeb/register?vds_ip=HOSTFQDN&port=54321&vds_name=HOSTNAME&vds_unique_id=%60dmidecode%20-s%20system-uuid%60&ticket=&__VIEWSTATE=' Is there some way to accomplish this still without using a user/pass combiation ? Thanks! Matt
Have you tried using SSH public key auth.? Y. On Mon, Jan 30, 2017 at 9:57 AM, Matt . <yamakasi.014@gmail.com> wrote:
Hi All,
In the past I was using an URL to add my hosts to over so they exists in the ovirt WebGui but they were unprovisioned so I needed to install them only.
This is what I used:
http://OVIRTENGINE_FQDN/OvirtEngineWeb/register?vds_ ip=HOSTFQDN&port=54321&vds_name=HOSTNAME&vds_unique_id=% 60dmidecode%20-s%20system-uuid%60&ticket=&__VIEWSTATE='
Is there some way to accomplish this still without using a user/pass combiation ?
Thanks!
Matt _______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Could do but then there is still some password like thingy around in my provisioning system, a key is just a fingerprint which is matched. What is also the case is that I want to decide in the engine if it's valid to be provisioned or not. Security wise it's not ideal if you ask me, that is why I did it using the URL, http/https was possible. No clue there ? Thanks! Matt 2017-01-30 10:32 GMT+01:00 Yaniv Kaul <ykaul@redhat.com>:
Have you tried using SSH public key auth.? Y.
On Mon, Jan 30, 2017 at 9:57 AM, Matt . <yamakasi.014@gmail.com> wrote:
Hi All,
In the past I was using an URL to add my hosts to over so they exists in the ovirt WebGui but they were unprovisioned so I needed to install them only.
This is what I used:
Is there some way to accomplish this still without using a user/pass combiation ?
Thanks!
Matt _______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
On Mon, Jan 30, 2017 at 12:03 PM, Matt . <yamakasi.014@gmail.com> wrote:
Could do but then there is still some password like thingy around in my provisioning system, a key is just a fingerprint which is matched.
It's not JUST a fingerprint. It's the fingerprint of a SSH key we use for the authentication.
What is also the case is that I want to decide in the engine if it's valid to be provisioned or not.
So don't add that SSH key to hosts that you don't want to provision. We don't have this extra phase of 'approving a host when you add it'. If you have permissions to add a host, it'll be added - via the Engine, by the Engine.
Security wise it's not ideal if you ask me, that is why I did it using the URL, http/https was possible.
No clue there ?
I'm probably missing the use case here. Y.
Thanks!
Matt
2017-01-30 10:32 GMT+01:00 Yaniv Kaul <ykaul@redhat.com>:
Have you tried using SSH public key auth.? Y.
On Mon, Jan 30, 2017 at 9:57 AM, Matt . <yamakasi.014@gmail.com> wrote:
Hi All,
In the past I was using an URL to add my hosts to over so they exists in the ovirt WebGui but they were unprovisioned so I needed to install them only.
This is what I used:
ip=HOSTFQDN&port=54321&vds_name=HOSTNAME&vds_unique_id=% 60dmidecode%20-s%20system-uuid%60&ticket=&__VIEWSTATE='
Is there some way to accomplish this still without using a user/pass combiation ?
Thanks!
Matt _______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
In a puppetized environment it's just too easy to include a manifest/class that will use the ssh key for that manifest, I want to avoid that and control the acceptance from the GUI when a possible host is added to to engine but not capable to join the cluster yet. The idea how I used it was very plain and simple, the host exists in oVirt but was unprovisioned, you clicked install and there it went. If that would be possible again or is in some way I would like to know. 2017-01-30 14:07 GMT+01:00 Yaniv Kaul <ykaul@redhat.com>:
On Mon, Jan 30, 2017 at 12:03 PM, Matt . <yamakasi.014@gmail.com> wrote:
Could do but then there is still some password like thingy around in my provisioning system, a key is just a fingerprint which is matched.
It's not JUST a fingerprint. It's the fingerprint of a SSH key we use for the authentication.
What is also the case is that I want to decide in the engine if it's valid to be provisioned or not.
So don't add that SSH key to hosts that you don't want to provision. We don't have this extra phase of 'approving a host when you add it'. If you have permissions to add a host, it'll be added - via the Engine, by the Engine.
Security wise it's not ideal if you ask me, that is why I did it using the URL, http/https was possible.
No clue there ?
I'm probably missing the use case here. Y.
Thanks!
Matt
2017-01-30 10:32 GMT+01:00 Yaniv Kaul <ykaul@redhat.com>:
Have you tried using SSH public key auth.? Y.
On Mon, Jan 30, 2017 at 9:57 AM, Matt . <yamakasi.014@gmail.com> wrote:
Hi All,
In the past I was using an URL to add my hosts to over so they exists in the ovirt WebGui but they were unprovisioned so I needed to install them only.
This is what I used:
Is there some way to accomplish this still without using a user/pass combiation ?
Thanks!
Matt _______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Hello Matt, On 01/30/2017 08:52 AM, Matt . wrote:
In a puppetized environment it's just too easy to include a manifest/class that will use the ssh key for that manifest, I want to avoid that and control the acceptance from the GUI when a possible host is added to to engine but not capable to join the cluster yet.
I would suggest: # vdsm-tool register --engine-fqdn myengine.localdomain or without the check of fqdn: # vdsm-tool register --engine-fqdn IP_ADDRESS --check-fqdn false Later you might want to approve the host via GUI, SDK or REST API. A quick example of rest api: https://github.com/dougsland/ovirt-restapi-scripts/commit/91dcb3fcd2cae6570a...
The idea how I used it was very plain and simple, the host exists in oVirt but was unprovisioned, you clicked install and there it went. If that would be possible again or is in some way I would like to know.
2017-01-30 14:07 GMT+01:00 Yaniv Kaul <ykaul@redhat.com>:
On Mon, Jan 30, 2017 at 12:03 PM, Matt . <yamakasi.014@gmail.com> wrote:
Could do but then there is still some password like thingy around in my provisioning system, a key is just a fingerprint which is matched.
It's not JUST a fingerprint. It's the fingerprint of a SSH key we use for the authentication.
What is also the case is that I want to decide in the engine if it's valid to be provisioned or not.
So don't add that SSH key to hosts that you don't want to provision. We don't have this extra phase of 'approving a host when you add it'. If you have permissions to add a host, it'll be added - via the Engine, by the Engine.
Security wise it's not ideal if you ask me, that is why I did it using the URL, http/https was possible.
No clue there ?
I'm probably missing the use case here. Y.
Thanks!
Matt
2017-01-30 10:32 GMT+01:00 Yaniv Kaul <ykaul@redhat.com>:
Have you tried using SSH public key auth.? Y.
On Mon, Jan 30, 2017 at 9:57 AM, Matt . <yamakasi.014@gmail.com> wrote:
Hi All,
In the past I was using an URL to add my hosts to over so they exists in the ovirt WebGui but they were unprovisioned so I needed to install them only.
This is what I used:
Is there some way to accomplish this still without using a user/pass combiation ?
Thanks!
Matt _______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Hi Douglas, I think we discussed this in 2013 as well, thanks for catching up... you were mentioned on irc already by rgolan :) I needed the --check-fqdn false which fixed it. Very nice and thanks for the example :) Will check further what the possibilities are! Cheers, Matt 2017-01-30 16:46 GMT+01:00 Douglas Schilling Landgraf <dlandgra@redhat.com>:
Hello Matt,
On 01/30/2017 08:52 AM, Matt . wrote:
In a puppetized environment it's just too easy to include a manifest/class that will use the ssh key for that manifest, I want to avoid that and control the acceptance from the GUI when a possible host is added to to engine but not capable to join the cluster yet.
I would suggest:
# vdsm-tool register --engine-fqdn myengine.localdomain
or without the check of fqdn:
# vdsm-tool register --engine-fqdn IP_ADDRESS --check-fqdn false
Later you might want to approve the host via GUI, SDK or REST API.
A quick example of rest api: https://github.com/dougsland/ovirt-restapi-scripts/commit/91dcb3fcd2cae6570a...
The idea how I used it was very plain and simple, the host exists in oVirt but was unprovisioned, you clicked install and there it went. If that would be possible again or is in some way I would like to know.
2017-01-30 14:07 GMT+01:00 Yaniv Kaul <ykaul@redhat.com>:
On Mon, Jan 30, 2017 at 12:03 PM, Matt . <yamakasi.014@gmail.com> wrote:
Could do but then there is still some password like thingy around in my provisioning system, a key is just a fingerprint which is matched.
It's not JUST a fingerprint. It's the fingerprint of a SSH key we use for the authentication.
What is also the case is that I want to decide in the engine if it's valid to be provisioned or not.
So don't add that SSH key to hosts that you don't want to provision. We don't have this extra phase of 'approving a host when you add it'. If you have permissions to add a host, it'll be added - via the Engine, by the Engine.
Security wise it's not ideal if you ask me, that is why I did it using the URL, http/https was possible.
No clue there ?
I'm probably missing the use case here. Y.
Thanks!
Matt
2017-01-30 10:32 GMT+01:00 Yaniv Kaul <ykaul@redhat.com>:
Have you tried using SSH public key auth.? Y.
On Mon, Jan 30, 2017 at 9:57 AM, Matt . <yamakasi.014@gmail.com> wrote:
Hi All,
In the past I was using an URL to add my hosts to over so they exists in the ovirt WebGui but they were unprovisioned so I needed to install them only.
This is what I used:
Is there some way to accomplish this still without using a user/pass combiation ?
Thanks!
Matt _______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Hi, I found out that a browser times out when you select an "Pending Approval" host, the browser becomes unresponsive for a while. This could be because of the installed cockpit module maybe, I'm not sure but I see more bad response on selecting hosts where the cockpit package is not installed but the tab in oVirt is loaded. Regards, Matt 2017-01-30 16:54 GMT+01:00 Matt . <yamakasi.014@gmail.com>:
Hi Douglas,
I think we discussed this in 2013 as well, thanks for catching up... you were mentioned on irc already by rgolan :)
I needed the --check-fqdn false which fixed it.
Very nice and thanks for the example :) Will check further what the possibilities are!
Cheers,
Matt
2017-01-30 16:46 GMT+01:00 Douglas Schilling Landgraf <dlandgra@redhat.com>:
Hello Matt,
On 01/30/2017 08:52 AM, Matt . wrote:
In a puppetized environment it's just too easy to include a manifest/class that will use the ssh key for that manifest, I want to avoid that and control the acceptance from the GUI when a possible host is added to to engine but not capable to join the cluster yet.
I would suggest:
# vdsm-tool register --engine-fqdn myengine.localdomain
or without the check of fqdn:
# vdsm-tool register --engine-fqdn IP_ADDRESS --check-fqdn false
Later you might want to approve the host via GUI, SDK or REST API.
A quick example of rest api: https://github.com/dougsland/ovirt-restapi-scripts/commit/91dcb3fcd2cae6570a...
The idea how I used it was very plain and simple, the host exists in oVirt but was unprovisioned, you clicked install and there it went. If that would be possible again or is in some way I would like to know.
2017-01-30 14:07 GMT+01:00 Yaniv Kaul <ykaul@redhat.com>:
On Mon, Jan 30, 2017 at 12:03 PM, Matt . <yamakasi.014@gmail.com> wrote:
Could do but then there is still some password like thingy around in my provisioning system, a key is just a fingerprint which is matched.
It's not JUST a fingerprint. It's the fingerprint of a SSH key we use for the authentication.
What is also the case is that I want to decide in the engine if it's valid to be provisioned or not.
So don't add that SSH key to hosts that you don't want to provision. We don't have this extra phase of 'approving a host when you add it'. If you have permissions to add a host, it'll be added - via the Engine, by the Engine.
Security wise it's not ideal if you ask me, that is why I did it using the URL, http/https was possible.
No clue there ?
I'm probably missing the use case here. Y.
Thanks!
Matt
2017-01-30 10:32 GMT+01:00 Yaniv Kaul <ykaul@redhat.com>:
Have you tried using SSH public key auth.? Y.
On Mon, Jan 30, 2017 at 9:57 AM, Matt . <yamakasi.014@gmail.com> wrote: > > > Hi All, > > In the past I was using an URL to add my hosts to over so they exists > in the ovirt WebGui but they were unprovisioned so I needed to install > them only. > > This is what I used: > > > > > http://OVIRTENGINE_FQDN/OvirtEngineWeb/register?vds_ip=HOSTFQDN&port=54321&vds_name=HOSTNAME&vds_unique_id=%60dmidecode%20-s%20system-uuid%60&ticket=&__VIEWSTATE=' > > Is there some way to accomplish this still without using a user/pass > combiation ? > > Thanks! > > Matt > _______________________________________________ > Users mailing list > Users@ovirt.org > http://lists.ovirt.org/mailman/listinfo/users
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
I also see that a Approved Host doesn't show it's network interfaces on the "Network Interfaces" tab. I'm investigating this but I'm not sure where it goes wrong. 2017-01-31 8:30 GMT+01:00 Matt . <yamakasi.014@gmail.com>:
Hi,
I found out that a browser times out when you select an "Pending Approval" host, the browser becomes unresponsive for a while.
This could be because of the installed cockpit module maybe, I'm not sure but I see more bad response on selecting hosts where the cockpit package is not installed but the tab in oVirt is loaded.
Regards,
Matt
2017-01-30 16:54 GMT+01:00 Matt . <yamakasi.014@gmail.com>:
Hi Douglas,
I think we discussed this in 2013 as well, thanks for catching up... you were mentioned on irc already by rgolan :)
I needed the --check-fqdn false which fixed it.
Very nice and thanks for the example :) Will check further what the possibilities are!
Cheers,
Matt
2017-01-30 16:46 GMT+01:00 Douglas Schilling Landgraf <dlandgra@redhat.com>:
Hello Matt,
On 01/30/2017 08:52 AM, Matt . wrote:
In a puppetized environment it's just too easy to include a manifest/class that will use the ssh key for that manifest, I want to avoid that and control the acceptance from the GUI when a possible host is added to to engine but not capable to join the cluster yet.
I would suggest:
# vdsm-tool register --engine-fqdn myengine.localdomain
or without the check of fqdn:
# vdsm-tool register --engine-fqdn IP_ADDRESS --check-fqdn false
Later you might want to approve the host via GUI, SDK or REST API.
A quick example of rest api: https://github.com/dougsland/ovirt-restapi-scripts/commit/91dcb3fcd2cae6570a...
The idea how I used it was very plain and simple, the host exists in oVirt but was unprovisioned, you clicked install and there it went. If that would be possible again or is in some way I would like to know.
2017-01-30 14:07 GMT+01:00 Yaniv Kaul <ykaul@redhat.com>:
On Mon, Jan 30, 2017 at 12:03 PM, Matt . <yamakasi.014@gmail.com> wrote:
Could do but then there is still some password like thingy around in my provisioning system, a key is just a fingerprint which is matched.
It's not JUST a fingerprint. It's the fingerprint of a SSH key we use for the authentication.
What is also the case is that I want to decide in the engine if it's valid to be provisioned or not.
So don't add that SSH key to hosts that you don't want to provision. We don't have this extra phase of 'approving a host when you add it'. If you have permissions to add a host, it'll be added - via the Engine, by the Engine.
Security wise it's not ideal if you ask me, that is why I did it using the URL, http/https was possible.
No clue there ?
I'm probably missing the use case here. Y.
Thanks!
Matt
2017-01-30 10:32 GMT+01:00 Yaniv Kaul <ykaul@redhat.com>: > > Have you tried using SSH public key auth.? > Y. > > > On Mon, Jan 30, 2017 at 9:57 AM, Matt . <yamakasi.014@gmail.com> wrote: >> >> >> Hi All, >> >> In the past I was using an URL to add my hosts to over so they exists >> in the ovirt WebGui but they were unprovisioned so I needed to install >> them only. >> >> This is what I used: >> >> >> >> >> http://OVIRTENGINE_FQDN/OvirtEngineWeb/register?vds_ip=HOSTFQDN&port=54321&vds_name=HOSTNAME&vds_unique_id=%60dmidecode%20-s%20system-uuid%60&ticket=&__VIEWSTATE=' >> >> Is there some way to accomplish this still without using a user/pass >> combiation ? >> >> Thanks! >> >> Matt >> _______________________________________________ >> Users mailing list >> Users@ovirt.org >> http://lists.ovirt.org/mailman/listinfo/users > > >
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
participants (3)
-
Douglas Schilling Landgraf -
Matt . -
Yaniv Kaul