On Tue, 2014-11-04 at 15:16 -0500, Dmitri Pal wrote: > On 11/04/2014 01:27 PM, Dmitri Pal wrote: > > > Hello Jim, > > > > I am re-posting your question to the FreeIPA list as it belongs > > there. > > > > Here is the copy of the original question. > > > > Subject: > > [ovirt-users] templates and freeipa > > From: > > Jim Kinney <[email protected]> > > Date: > > 10/31/2014 02:55 PM > > To: > > "[email protected]" <[email protected]> > > > > Ovirt 3.5 is running well for me and I have freeIPA controlling > > access to the user portal. I would like to provide templates of > > various linux setups that all have freeipa for user authentication > > in the VM for my developers to be able to create a new VM from and > > then log in using their freeIPA access and sudo control. I'm wanting > > to group developers by project and use freeIPA to set sudo commands > > as needed (group A get oracle, group B get postgresql, etc). Wanting > > to maximize developer ability while minimizing my clean up time :-) > > They will be able to delete VMs they create. > > > > > > It's possible to do a kickstart deploy with freeIPA registration but > > a template from that will be a problem as it will have the same keys > > for all VMs. > > > > > > Is there a post-creation scripting process I can attach to in ovirt > > or should I look at a default root user and script that > > personalizes the new VM? > > > > -- > > > > -- > > Thank you, > > Dmitri Pal > > > > Sr. Engineering Manager IdM portfolio > > Red Hat, Inc. > > > > > Which provisioning technique you are using? > Would something like what Adam describes here [1] or Foreman uses here > [2] would be relevant? > > [1] http://adam.younglogic.com/2013/09/register-vm-freeipa/ > [2] http://theforeman.org/manuals/1.5/index.html#4.3.11FreeIPARealm > > -- > Thank you, > Dmitri Pal > > Sr. Engineering Manager IdM portfolio > Red Hat, Inc.
I'm currently using a pre-built template that the devs have access to clone from. The scripted process from Adam Young is what I'm looking at now. I've not grokked enough of Foreman yet to begin a test implementation. It looks to be more capable (the remove DNS entry on delete is a key thing) and will likely be the direction I go. -- Jim Kinney Senior System Administrator Department of BioMedical Informatics Emory University [email protected] 404.712.0300 bmi.emory.edu -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project
