[Freeipa-users] Question about oVirt

Jim Kinney jkinney at emory.edu
Thu Nov 6 17:04:52 UTC 2014 

On Tue, 2014-11-04 at 15:16 -0500, Dmitri Pal wrote:
> On 11/04/2014 01:27 PM, Dmitri Pal wrote:
> 
> > Hello Jim,
> > 
> > I am re-posting your question to the FreeIPA list as it belongs
> > there.
> > 
> > Here is the copy of the original question.
> > 
> > Subject: 
> > [ovirt-users] templates and freeipa
> > From: 
> > Jim Kinney <jim.kinney at gmail.com>
> > Date: 
> > 10/31/2014 02:55 PM
> > To: 
> > "users at ovirt.org" <users at ovirt.org>
> > 
> > Ovirt 3.5 is running well for me and I have freeIPA controlling
> > access to the user portal. I would like to provide templates of
> > various linux setups that all have freeipa for user authentication
> > in the VM for my developers to be able to create a new VM from and
> > then log in using their freeIPA access and sudo control. I'm wanting
> > to group developers by project and use freeIPA to set sudo commands
> > as needed (group A get oracle, group B get postgresql, etc). Wanting
> > to maximize developer ability while minimizing my clean up time :-)
> > They will be able to delete VMs they create.
> > 
> > 
> > It's possible to do a kickstart deploy with freeIPA registration but
> > a template from that will be a problem as it will have the same keys
> > for all VMs.
> > 
> > 
> > Is there a post-creation scripting process I can attach to in ovirt
> > or should I look at a default root user  and script that
> > personalizes the new VM?
> > 
> > -- 
> > 
> > -- 
> > Thank you,
> > Dmitri Pal
> > 
> > Sr. Engineering Manager IdM portfolio
> > Red Hat, Inc.
> > 
> > 
> Which provisioning technique you are using?
> Would something like what Adam describes here [1] or Foreman uses here
> [2] would be relevant?
> 
> [1] http://adam.younglogic.com/2013/09/register-vm-freeipa/
> [2] http://theforeman.org/manuals/1.5/index.html#4.3.11FreeIPARealm
> 
> -- 
> Thank you,
> Dmitri Pal
> 
> Sr. Engineering Manager IdM portfolio
> Red Hat, Inc.

I'm currently using a pre-built template that the devs have access to
clone from.

The scripted process from Adam Young is what I'm looking at now. I've
not grokked enough of Foreman yet to begin a test implementation. It
looks to be more capable (the remove DNS entry on delete is a key thing)
and will likely be the direction I go.

-- 
Jim Kinney
Senior System Administrator
Department of BioMedical Informatics
Emory University
jimkinney at emory.edu
404.712.0300
bmi.emory.edu

More information about the Freeipa-users mailing list