(Last Updated On: April 11, 2018)

Do you have a running oVirt or RHEV platform but wondering how you can add user accounts to it. This article will give you few examples on how to Add and Manage User Accounts on oVirt and RHEV.

What is oVirt?

oVirt is an open-source complete virtualization management platform founded by Red Hat as a community project. oVirt builds on the powerful kernel-based virtual machine (KVM hypervisor) and on the RHEV-M management server.

What’s included in oVirt?

  • Rich web-based user interfaces for both admin and non-admin users
  • Live migration of virtual machines and disks between hosts and storage
  • Integrated management of hosts, storage, and network configuration
  • High availability of virtual machines in the event of a host failure

Create User Account on oVirt

oVirt / RHEV comes with command line tool located under ovirt-aaa-jdbc-tool that’s used to manage user accounts. For a full list of options supported, run:

# ovirt-aaa-jdbc-tool user --help
Usage: /usr/bin/ovirt-aaa-jdbc-tool [options] user module ...
Perform user related tasks.

Options:
 --help
 Show help for this module.

Modules:
 add
 edit
 delete
 unlock
 password-reset
 show
 help

The modules available are add, edit, delete, unlock, password-reset, show. To add a new user to the system, use the syntax:

# ovirt-aaa-jdbc-tool user add <username> --attribute=firstName=<First-Name> \
--attribute=lastName=<Last-Name>

Example:

# ovirt-aaa-jdbc-tool user add josphat --attribute=firstName=Josphat \
--attribute=lastName=Mutai

You should get output like below:

adding user josphat...
user added successfully
Note: by default created user cannot log in. see:
/usr/bin/ovirt-aaa-jdbc-tool user password-reset --help.

Reset User Password on oVirt

By default, the added user cannot log in, you need to set a password for it.

# ovirt-aaa-jdbc-tool user password-reset josphat
Password:
Reenter password:
updating user josphat...
user updated successfully

You’ll be asked for a password, enter and confirm it. The same command is used for resetting lost password.

View User details on oVirt

To view user account details on oVirt, use the command:

]# ovirt-aaa-jdbc-tool user show josphat
-- User josphat(03b76cc8-6bbb-4a65-a3e0-b40f257a6878) --Namespace: *Name: josphat
ID: 03b76cc8-6bbb-4a65-a3e0-b40f257a6878
Display Name: 
Email: First Name: Josphat
Last Name: Mutai
Department: 
Title: 
Description: Account Disabled: false
Account Locked: falseAccount Unlocked At: 1970-01-01 00:00:00Z
Account Valid From: 2018-04-03 07:09:58Z
Account Valid To: 2218-04-03 07:09:58Z
Account Without Password: false
Last successful Login At: 2018-04-11 18:49:09Z
Last unsuccessful Login At: 2018-04-03 09:33:54Z
Password Valid To: 2018-09-30 09:33:54Z

Assign User a Role on oVirt

This user account doesn’t have privileges to manage all functions of oVirt. We need to assign this user privileges for SuperUser if you want it to work like any admin user account, else assign specific permissions.

Log in to the dashboard as the admin user, and navigate to:

Administration > Configure > System Permissions > Add

On the next window, search for the user added, in my case josphat and click the GO button.

Once the account is shown click on the checkbox to select it.

Change the Role to Assign to “SuperUser”. For other roles, select appropriately. Click the OK button once done. New role should be assigned to the user account.

Delete User on oVirt

If the user account is no longer required, it can be deleted using the commands:

# ovirt-aaa-jdbc-tool user delete josphat
deleting user josphat...
user deleted successfully

If you try to view user details, you should get an error message saying user account not found.

# ovirt-aaa-jdbc-tool user show josphat
user josphat not found

Disable a user account on oVirt

To lock a user account on oVirt use:

# ovirt-aaa-jdbc-tool user edit <username> --flag=+disabled

Enable a disabled user account on oVirt

To disable a user account, use the command:

# ovirt-aaa-jdbc-tool user edit <username> --flag=-disabled

Unlocking locked user account on oVirt

If a user account has been locked for many failed logins, you can unlock it using the command:

# ovirt-aaa-jdbc-tool user unlock <username>

E.g

# ovirt-aaa-jdbc-tool user unlock josphat

Editing User email address

To change email address, use the command:

# ovirt-aaa-jdbc-tool user edit josphat [email protected]

These commands should be sufficient for managing user accounts on oVirt. If you have any query or in need of any assistance with your oVirt administration, let me know by dropping a comment.