[ovirt-users] Users Digest, Vol 37, Issue 201

Amedeo Salvati amedeo at oscert.net
Sun Nov 2 09:16:02 EST 2014


Hi Jim,

I use ovirt template and freeipa for authentication, and on template i 
put a simple script "setup-freeipa-client.sh" to run on first boot, 
specifically for first boot I use cloud-init functions on ovirt, via web 
UI or via python sdk, and with cloud-init you can pass **evethings** you 
need -> new hostname, new ssh keys, new network configurations, new root 
password, new content on configuration files, or simply executing a new 
script.

If you are interested on cloud-init functions on python sdk have a look 
on a simple script that i wrote for our disaster recovery automation 
where on function buildYamlFile(line 124-137) by using cloud-init 
execution program/script, I change our freeipa server (lines 132-136) 
avoiding sssd timeout on contacting first two production freeipa server.

https://github.com/amedeos/ovirt-scripts-dr/blob/master/StartAllVM.py

HTH
Amedeo Salvati

Il 31/10/2014 20:01, users-request at ovirt.org ha scritto:
> Date: Fri, 31 Oct 2014 14:55:46 -0400
> From: Jim Kinney<jim.kinney at gmail.com>
> To:"users at ovirt.org"  <users at ovirt.org>
> Subject: [ovirt-users] templates and freeipa
> Message-ID:
> 	<CAEo=5PwfhT=cvvahCuj4GsxkufD-UFUNbsN0q5Mi9ee76eg3ug at mail.gmail.com>
> Content-Type: text/plain; charset="utf-8"
>
> Ovirt 3.5 is running well for me and I have freeIPA controlling access to
> the user portal. I would like to provide templates of various linux setups
> that all have freeipa for user authentication in the VM for my developers
> to be able to create a new VM from and then log in using their freeIPA
> access and sudo control. I'm wanting to group developers by project and use
> freeIPA to set sudo commands as needed (group A get oracle, group B get
> postgresql, etc). Wanting to maximize developer ability while minimizing my
> clean up time:-)  They will be able to delete VMs they create.
>
> It's possible to do a kickstart deploy with freeIPA registration but a
> template from that will be a problem as it will have the same keys for all
> VMs.
>
> Is there a post-creation scripting process I can attach to in ovirt or
> should I look at a default root user  and script that personalizes the new
> VM?



More information about the Users mailing list