Hi,
as mentioned in
https://bugzilla.redhat.com/show_bug.cgi?id=2021497 from
oVirt 4.5.1 for new installations we are configuring internal instance of
Keycloak to provide authentication for oVirt engine.
oVirt AAA providers has been deprecated and even though they continue to
work and there are no plans at the moment to remove them, it's advised to
plan the switch to Keycloak. So here are possible scenarios:
1. New oVirt 4.5.1+ deployments -> it's advised use either internal or
external Keycloak to provide authentication
2. New oVirt 4.5.1+ deployment with AAA -> it's possible during
engine-setup phase of installation process to choose to use AAA instead of
Keycloak
3. Upgrade of older oVirt releases to 4.5.1+
a. If old installation used AAA, then during upgrade nothing changes
and upgraded setup will continue to use AAA
b. If old installation used Keycloak, then during upgrade nothing
changes and upgraded setup will continue to use Keycloak
4. If administrators wants to switch from AAA to internal Keycloak in oVirt
4.5.1+, there is automated way to do it using engine-setup
https://github.com/oVirt/ovirt-engine-keycloak/blob/master/keycloak_usage...
5. If administrators wants to switcht from AAA to external Keycloak, there
is manual procedure described in
https://www.ovirt.org/documentation/administration_guide/index.html#Confi...
and
https://blogs.ovirt.org/2019/01/federate-ovirt-engine-authentication-to-o...
For now the documentation around internal Keycloak instance is available at
https://github.com/oVirt/ovirt-engine-keycloak/blob/master/keycloak_usage.md
and in the near future it will be incorporated into official oVirt
documentation at
https://www.ovirt.org/documentation/
For Keycloak related documentation please refer to
https://www.keycloak.org/documentation
Regards,
Martin
On Tue, Aug 2, 2022 at 11:21 AM r greg <itforums51(a)gmail.com> wrote:
--
Martin Perina
Manager, Software Engineering
Red Hat Czech s.r.o.