On Tue, 2014-11-04 at 15:16 -0500, Dmitri Pal wrote:
> On 11/04/2014 01:27 PM, Dmitri Pal wrote:
> > Hello Jim,
> > I am re-posting your question to the FreeIPA list as it belongs
> > there.
> > Here is the copy of the original question.
> > Subject:
> > [ovirt-users] templates and freeipa
> > From:
> > Jim Kinney <jim.kin...@gmail.com>
> > Date:
> > 10/31/2014 02:55 PM
> > To:
> > "us...@ovirt.org" <us...@ovirt.org>
> > Ovirt 3.5 is running well for me and I have freeIPA controlling
> > access to the user portal. I would like to provide templates of
> > various linux setups that all have freeipa for user authentication
> > in the VM for my developers to be able to create a new VM from and
> > then log in using their freeIPA access and sudo control. I'm wanting
> > to group developers by project and use freeIPA to set sudo commands
> > as needed (group A get oracle, group B get postgresql, etc). Wanting
> > to maximize developer ability while minimizing my clean up time :-)
> > They will be able to delete VMs they create.
> > It's possible to do a kickstart deploy with freeIPA registration but
> > a template from that will be a problem as it will have the same keys
> > for all VMs.
> > Is there a post-creation scripting process I can attach to in ovirt
> > or should I look at a default root user and script that
> > personalizes the new VM?
> > --
> > --
> > Thank you,
> > Dmitri Pal
> > Sr. Engineering Manager IdM portfolio
> > Red Hat, Inc.
> Which provisioning technique you are using?
> Would something like what Adam describes here  or Foreman uses here
>  would be relevant?
>  http://adam.younglogic.com/2013/09/register-vm-freeipa/
>  http://theforeman.org/manuals/1.5/index.html#4.3.11FreeIPARealm
> Thank you,
> Dmitri Pal
> Sr. Engineering Manager IdM portfolio
> Red Hat, Inc.
I'm currently using a pre-built template that the devs have access to
The scripted process from Adam Young is what I'm looking at now. I've
not grokked enough of Foreman yet to begin a test implementation. It
looks to be more capable (the remove DNS entry on delete is a key thing)
and will likely be the direction I go.
Senior System Administrator
Department of BioMedical Informatics
Manage your subscription for the Freeipa-users mailing list:
Go To http://freeipa.org for more info on the project