On Tue, 2014-11-04 at 15:16 -0500, Dmitri Pal wrote:
> On 11/04/2014 01:27 PM, Dmitri Pal wrote:
> 
> > Hello Jim,
> > 
> > I am re-posting your question to the FreeIPA list as it belongs
> > there.
> > 
> > Here is the copy of the original question.
> > 
> > Subject: 
> > [ovirt-users] templates and freeipa
> > From: 
> > Jim Kinney <jim.kin...@gmail.com>
> > Date: 
> > 10/31/2014 02:55 PM
> > To: 
> > "us...@ovirt.org" <us...@ovirt.org>
> > 
> > Ovirt 3.5 is running well for me and I have freeIPA controlling
> > access to the user portal. I would like to provide templates of
> > various linux setups that all have freeipa for user authentication
> > in the VM for my developers to be able to create a new VM from and
> > then log in using their freeIPA access and sudo control. I'm wanting
> > to group developers by project and use freeIPA to set sudo commands
> > as needed (group A get oracle, group B get postgresql, etc). Wanting
> > to maximize developer ability while minimizing my clean up time :-)
> > They will be able to delete VMs they create.
> > 
> > 
> > It's possible to do a kickstart deploy with freeIPA registration but
> > a template from that will be a problem as it will have the same keys
> > for all VMs.
> > 
> > 
> > Is there a post-creation scripting process I can attach to in ovirt
> > or should I look at a default root user  and script that
> > personalizes the new VM?
> > 
> > -- 
> > 
> > -- 
> > Thank you,
> > Dmitri Pal
> > 
> > Sr. Engineering Manager IdM portfolio
> > Red Hat, Inc.
> > 
> > 
> Which provisioning technique you are using?
> Would something like what Adam describes here [1] or Foreman uses here
> [2] would be relevant?
> 
> [1] http://adam.younglogic.com/2013/09/register-vm-freeipa/
> [2] http://theforeman.org/manuals/1.5/index.html#4.3.11FreeIPARealm
> 
> -- 
> Thank you,
> Dmitri Pal
> 
> Sr. Engineering Manager IdM portfolio
> Red Hat, Inc.

I'm currently using a pre-built template that the devs have access to
clone from.

The scripted process from Adam Young is what I'm looking at now. I've
not grokked enough of Foreman yet to begin a test implementation. It
looks to be more capable (the remove DNS entry on delete is a key thing)
and will likely be the direction I go.

-- 
Jim Kinney
Senior System Administrator
Department of BioMedical Informatics
Emory University
jimkin...@emory.edu
404.712.0300
bmi.emory.edu

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project

Reply via email to