[ovirt-users] Add host to oVirt: unprovisioned without using username/password in vdsm-tool

Matt . yamakasi.014 at gmail.com
Mon Jan 30 13:52:42 UTC 2017


In a puppetized environment it's just too easy to include a
manifest/class that will use the ssh key for that manifest, I want to
avoid that and control the acceptance from the GUI when a possible
host is added to to engine but not capable to join the cluster yet.

The idea how I used it was very plain and simple, the host exists in
oVirt but was unprovisioned, you clicked install and there it went. If
that would be possible again or is in some way I would like to know.



2017-01-30 14:07 GMT+01:00 Yaniv Kaul <ykaul at redhat.com>:
>
>
> On Mon, Jan 30, 2017 at 12:03 PM, Matt . <yamakasi.014 at gmail.com> wrote:
>>
>> Could do but then there is still some password like thingy around in
>> my provisioning system, a key is just a fingerprint which is matched.
>
>
> It's not JUST a fingerprint. It's the fingerprint of a SSH key we use for
> the authentication.
>
>>
>> What is also the case is that I want to decide in the engine if it's
>> valid to be provisioned or not.
>
>
> So don't add that SSH key to hosts that you don't want to provision.
> We don't have this extra phase of 'approving a host when you add it'.
> If you have permissions to add a host, it'll be added - via the Engine, by
> the Engine.
>
>>
>>
>> Security wise it's not ideal if you ask me, that is why I did it using
>> the URL, http/https was possible.
>>
>> No clue there ?
>
>
> I'm probably missing the use case here.
> Y.
>
>>
>>
>> Thanks!
>>
>> Matt
>>
>> 2017-01-30 10:32 GMT+01:00 Yaniv Kaul <ykaul at redhat.com>:
>> > Have you tried using SSH public key auth.?
>> > Y.
>> >
>> >
>> > On Mon, Jan 30, 2017 at 9:57 AM, Matt . <yamakasi.014 at gmail.com> wrote:
>> >>
>> >> Hi All,
>> >>
>> >> In the past I was using an URL to add my hosts to over so they exists
>> >> in the ovirt WebGui but they were unprovisioned so I needed to install
>> >> them only.
>> >>
>> >> This is what I used:
>> >>
>> >>
>> >>
>> >> http://OVIRTENGINE_FQDN/OvirtEngineWeb/register?vds_ip=HOSTFQDN&port=54321&vds_name=HOSTNAME&vds_unique_id=%60dmidecode%20-s%20system-uuid%60&ticket=&__VIEWSTATE='
>> >>
>> >> Is there some way to accomplish this still without using a user/pass
>> >> combiation ?
>> >>
>> >> Thanks!
>> >>
>> >> Matt
>> >> _______________________________________________
>> >> Users mailing list
>> >> Users at ovirt.org
>> >> http://lists.ovirt.org/mailman/listinfo/users
>> >
>> >
>
>


More information about the Users mailing list