Wondering how to Create and Manage User Accounts on oVirt? We can help you.
As part of our oVirt Support, Management & Monitoring Services, we assist our customers with several Red Hat queries.
Today, let us see how to create and manage user accounts to a running oVirt or RHEV platform
What is included in oVirt
oVirt is an open-source complete virtualization management platform found by Red Hat as a community project.
- Rich web-based user interfaces for both admin and non-admin users
- Live migration of virtual machines and disks between hosts and storage
- Integrated management of hosts, storage, and network configuration
- High availability of virtual machines in the event of a host failure
Create and Manage User Accounts on oVirt
Moving ahead, we can see an effective method our Support Engineers employ, in order to create and manage user accounts.
Create User Account on oVirt
oVirt/RHEV comes with a command-line tool under
ovirt-aaa-jdbc-tool, to manage user accounts.
For a full list of options, we run:
# ovirt-aaa-jdbc-tool user –help Usage: /usr/bin/ovirt-aaa-jdbc-tool [options] user module … Perform user related tasks. Options: –help Show help for this module. Modules: add edit delete unlock password-reset show help
The modules available are, add, edit, delete, unlock, password-reset, and show.
On the other hand, to add a new user to the system, we use the syntax:
# ovirt-aaa-jdbc-tool user add <username> –attribute=firstName=<First-Name> \ –attribute=lastName=<Last-Name>
# ovirt-aaa-jdbc-tool user add bob –attribute=firstName=Bob \ –attribute=lastName=James
We should get output like below:
adding user bob… user added successfully Note: by default created user cannot log in. see: /usr/bin/ovirt-aaa-jdbc-tool user password-reset –help.
Reset User Password on oVirt
By default, the user cannot log in, we need to set a password for it.
# ovirt-aaa-jdbc-tool user password-reset josphat Password: Reenter password: updating user bob… user updated successfully
Then, we will be asked for a password, enter, and confirm it. We use the same command for resetting the lost password.
View User details on oVirt
To view user account details on oVirt, we use the command:
# ovirt-aaa-jdbc-tool user show josphat — User bob(03b76cc8-6bbb-4a65-a3e0-b40f257a6878) –Namespace: *Name: bob ID: 03b76cc8-6bbb-4a65-a3e0-b40f257a6878 Display Name: Email: First Name: Bob Last Name: James Department: Title: Description: Account Disabled: false Account Locked: falseAccount Unlocked At: 1970-01-01 00:00:00Z Account Valid From: 2018-04-03 07:09:58Z Account Valid To: 2218-04-03 07:09:58Z Account Without Password: false Last successful Login At: 2018-04-11 18:49:09Z Last unsuccessful Login At: 2018-04-03 09:33:54Z Password Valid To: 2018-09-30 09:33:54Z
Assign User a Role on oVirt
This user account does not have privileges to manage all functions of oVirt. Hence, we need to assign this user privileges for SuperUser if we want it to work like any admin user account, else assign specific permissions.
Initially, log in to the dashboard as the admin user, and navigate to:
Administration > Configure > System Permissions > Add
On the next window, search for the user-added, in this case, bob, and click the GO button.
Once the account is shown, click on the checkbox to select it.
Change the Role to Assign to “SuperUser”. For other roles, select appropriately. Then click the OK button. A new role should assign to the user account.
Delete User on oVirt
If we no longer require the user account, we can delete it using the commands:
# ovirt-aaa-jdbc-tool user delete bob deleting user bob… user deleted successfully
Now, if we try to view user details, we should get an error message saying user account not found.
# ovirt-aaa-jdbc-tool user show bob user bob not found
Disable a user account on oVirt
To lock a user account on oVirt we use:
# ovirt-aaa-jdbc-tool user edit <username> –flag=+disabled
Enable a disabled user account on oVirt
Similarly, to disable a user account, we use:
# ovirt-aaa-jdbc-tool user edit <username> –flag=-disabled
Unlock locked user account on oVirt
If a user account lock for many failed logins, we can unlock it using the command:
# ovirt-aaa-jdbc-tool user unlock <username>
# ovirt-aaa-jdbc-tool user unlock bob
Edit User email address
To change the email address, use the command:
# ovirt-aaa-jdbc-tool user edit bob –firstname.lastname@example.org
[Stuck with any of the above steps? We’d be happy to assist]
To conclude, in order to Create and Manage User Accounts on oVirt and RHEV we use PowerShell commands. Today, we saw how our Support Engineers handle this query.