<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">On 11/04/2014 01:27 PM, Dmitri Pal
wrote:<br>
</div>
<blockquote cite="mid:54591AA9.9000906@redhat.com" type="cite">
<meta http-equiv="content-type" content="text/html;
charset=ISO-8859-1">
Hello Jim,<br>
<br>
I am re-posting your question to the FreeIPA list as it belongs
there.<br>
<br>
Here is the copy of the original question.<br>
<br>
<table class="header-part1" border="0" cellpadding="0"
cellspacing="0" width="100%">
<tbody>
<tr>
<td>
<div class="headerdisplayname" style="display:inline;">Subject:
</div>
[ovirt-users] templates and freeipa</td>
</tr>
<tr>
<td>
<div class="headerdisplayname" style="display:inline;">From:
</div>
Jim Kinney <a moz-do-not-send="true"
class="moz-txt-link-rfc2396E"
href="mailto:jim.kinney@gmail.com"><jim.kinney@gmail.com></a></td>
</tr>
<tr>
<td>
<div class="headerdisplayname" style="display:inline;">Date:
</div>
10/31/2014 02:55 PM</td>
</tr>
</tbody>
</table>
<table class="header-part2" border="0" cellpadding="0"
cellspacing="0" width="100%">
<tbody>
<tr>
<td>
<div class="headerdisplayname" style="display:inline;">To:
</div>
<a moz-do-not-send="true" class="moz-txt-link-rfc2396E"
href="mailto:users@ovirt.org">"users@ovirt.org"</a> <a
moz-do-not-send="true" class="moz-txt-link-rfc2396E"
href="mailto:users@ovirt.org"><users@ovirt.org></a></td>
</tr>
</tbody>
</table>
<br>
<div class="moz-text-html" lang="x-unicode">
<div dir="ltr">
<div>
<div>Ovirt 3.5 is running well for me and I have freeIPA
controlling access to the user portal. I would like to
provide templates of various linux setups that all have
freeipa for user authentication in the VM for my
developers to be able to create a new VM from and then log
in using their freeIPA access and sudo control. I'm
wanting to group developers by project and use freeIPA to
set sudo commands as needed (group A get oracle, group B
get postgresql, etc). Wanting to maximize developer
ability while minimizing my clean up time :-) They will be
able to delete VMs they create.<br>
<br>
</div>
It's possible to do a kickstart deploy with freeIPA
registration but a template from that will be a problem as
it will have the same keys for all VMs.<br>
<br>
</div>
Is there a post-creation scripting process I can attach to in
ovirt or should I look at a default root user and script that
personalizes the new VM?<br clear="all">
<div>
<div>
<div><br>
-- <br>
<div dir="ltr">-- <br>
James P. Kinney III<br>
<i><i><i><i><br>
</i></i></i></i>Every time you stop a school,
you will have to build a jail. What you gain at one
end you lose at the other. It's like feeding a dog on
his own tail. It won't fatten the dog.<br>
- Speech 11/23/1900 Mark Twain<br>
<i><i><i><i><br>
<a moz-do-not-send="true"
href="http://heretothereideas.blogspot.com/"
target="_blank">http://heretothereideas.blogspot.com/</a><br>
</i></i></i></i></div>
</div>
</div>
</div>
</div>
</div>
<pre class="moz-signature" cols="72">--
Thank you,
Dmitri Pal
Sr. Engineering Manager IdM portfolio
Red Hat, Inc.</pre>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
</blockquote>
Which provisioning technique you are using?<br>
Would something like what Adam describes here [1] or Foreman uses
here [2] would be relevant?<br>
<br>
[1] <a class="moz-txt-link-freetext" href="http://adam.younglogic.com/2013/09/register-vm-freeipa/">http://adam.younglogic.com/2013/09/register-vm-freeipa/</a><br>
[2] <a class="moz-txt-link-freetext" href="http://theforeman.org/manuals/1.5/index.html#4.3.11FreeIPARealm">http://theforeman.org/manuals/1.5/index.html#4.3.11FreeIPARealm</a><br>
<br>
<pre class="moz-signature" cols="72">--
Thank you,
Dmitri Pal
Sr. Engineering Manager IdM portfolio
Red Hat, Inc.</pre>
</body>
</html>