Do you have a running oVirt or RHEV platform but wondering how you can add user accounts to it. This article will give you few examples on how to Add and Manage User Accounts on oVirt and RHEV.
What is oVirt?
oVirt is an open-source complete virtualization management platform founded by Red Hat as a community project. oVirt builds on the powerful kernel-based virtual machine (KVM hypervisor) and on the RHEV-M management server.
What’s included in oVirt?
- Rich web-based user interfaces for both admin and non-admin users
- Live migration of virtual machines and disks between hosts and storage
- Integrated management of hosts, storage, and network configuration
- High availability of virtual machines in the event of a host failure
Create User Account on oVirt
oVirt / RHEV comes with command line tool located under ovirt-aaa-jdbc-tool that’s used to manage user accounts. For a full list of options supported, run:
# ovirt-aaa-jdbc-tool user --help Usage: /usr/bin/ovirt-aaa-jdbc-tool [options] user module ... Perform user related tasks. Options: --help Show help for this module. Modules: add edit delete unlock password-reset show help
The modules available are add, edit, delete, unlock, password-reset, show. To add a new user to the system, use the syntax:
# ovirt-aaa-jdbc-tool user add <username> --attribute=firstName=<First-Name> \ --attribute=lastName=<Last-Name>
# ovirt-aaa-jdbc-tool user add josphat --attribute=firstName=Josphat \ --attribute=lastName=Mutai
You should get output like below:
adding user josphat... user added successfully Note: by default created user cannot log in. see: /usr/bin/ovirt-aaa-jdbc-tool user password-reset --help.
Reset User Password on oVirt
By default, the added user cannot log in, you need to set a password for it.
# ovirt-aaa-jdbc-tool user password-reset josphat Password: Reenter password: updating user josphat... user updated successfully
You’ll be asked for a password, enter and confirm it. The same command is used for resetting lost password.
View User details on oVirt
To view user account details on oVirt, use the command:
# ovirt-aaa-jdbc-tool user show josphat -- User josphat(03b76cc8-6bbb-4a65-a3e0-b40f257a6878) --Namespace: *Name: josphat ID: 03b76cc8-6bbb-4a65-a3e0-b40f257a6878 Display Name: Email: First Name: Josphat Last Name: Mutai Department: Title: Description: Account Disabled: false Account Locked: falseAccount Unlocked At: 1970-01-01 00:00:00Z Account Valid From: 2018-04-03 07:09:58Z Account Valid To: 2218-04-03 07:09:58Z Account Without Password: false Last successful Login At: 2018-04-11 18:49:09Z Last unsuccessful Login At: 2018-04-03 09:33:54Z Password Valid To: 2018-09-30 09:33:54Z
Assign User a Role on oVirt
This user account doesn’t have privileges to manage all functions of oVirt. We need to assign this user privileges for SuperUser if you want it to work like any admin user account, else assign specific permissions.
Log in to the dashboard as the admin user, and navigate to:
Administration > Configure > System Permissions > Add
On the next window, search for the user added, in my case josphat and click the GO button.
Once the account is shown click on the checkbox to select it.
Change the Role to Assign to “SuperUser”. For other roles, select appropriately. Click the OK button once done. New role should be assigned to the user account.
Delete User on oVirt
If the user account is no longer required, it can be deleted using the commands:
# ovirt-aaa-jdbc-tool user delete josphat deleting user josphat... user deleted successfully
If you try to view user details, you should get an error message saying user account not found.
# ovirt-aaa-jdbc-tool user show josphat user josphat not found
Disable a user account on oVirt
To lock a user account on oVirt use:
# ovirt-aaa-jdbc-tool user edit <username> --flag=+disabled
Enable a disabled user account on oVirt
To disable a user account, use the command:
# ovirt-aaa-jdbc-tool user edit <username> --flag=-disabled
Unlocking locked user account on oVirt
If a user account has been locked for many failed logins, you can unlock it using the command:
# ovirt-aaa-jdbc-tool user unlock <username>
# ovirt-aaa-jdbc-tool user unlock josphat
Editing User email address
To change email address, use the command:
# ovirt-aaa-jdbc-tool user edit josphat [email protected]
These commands should be sufficient for managing user accounts on oVirt. If you have any query or in need of any assistance with your oVirt administration, let me know by dropping a comment.
More on oVirt