Wondering how to Create and Manage User Accounts on oVirt? We can help you.

As part of our oVirt Support, Management & Monitoring Services, we assist our customers with several Red Hat queries.

Today, let us see how to create and manage user accounts to a running oVirt or RHEV platform

 

What is included in oVirt

oVirt is an open-source complete virtualization management platform found by Red Hat as a community project.

It includes:

• Rich web-based user interfaces for both admin and non-admin users
• Live migration of virtual machines and disks between hosts and storage
• Integrated management of hosts, storage, and network configuration
• High availability of virtual machines in the event of a host failure

Create and Manage User Accounts on oVirt

Moving ahead, we can see an effective method our Support Engineers employ, in order to create and manage user accounts.

• Create User Account on oVirt

oVirt/RHEV comes with a command-line tool under ovirt-aaa-jdbc-tool, to manage user accounts.

For a full list of options, we run:

# ovirt-aaa-jdbc-tool user –help
Usage: /usr/bin/ovirt-aaa-jdbc-tool [options] user module …
Perform user related tasks.

Options:
–help
Show help for this module.

Modules:
add
edit
delete
unlock
password-reset
show
help

The modules available are, add, edit, delete, unlock, password-reset, and show.

On the other hand, to add a new user to the system, we use the syntax:

# ovirt-aaa-jdbc-tool user add <username> –attribute=firstName=<First-Name> \ –attribute=lastName=<Last-Name>

For instance,

# ovirt-aaa-jdbc-tool user add bob –attribute=firstName=Bob \
–attribute=lastName=James

We should get output like below:

adding user bob…
user added successfully
Note: by default created user cannot log in. see:
/usr/bin/ovirt-aaa-jdbc-tool user password-reset –help.

 

• Reset User Password on oVirt

By default, the user cannot log in, we need to set a password for it.

# ovirt-aaa-jdbc-tool user password-reset josphat
Password:
Reenter password:
updating user bob…
user updated successfully

Then, we will be asked for a password, enter, and confirm it. We use the same command for resetting the lost password.

 

• View User details on oVirt

To view user account details on oVirt, we use the command:

# ovirt-aaa-jdbc-tool user show josphat
— User bob(03b76cc8-6bbb-4a65-a3e0-b40f257a6878) –Namespace: *Name: bob
ID: 03b76cc8-6bbb-4a65-a3e0-b40f257a6878
Display Name:
Email: First Name: Bob
Last Name: James
Department:
Title:
Description: Account Disabled: false
Account Locked: falseAccount Unlocked At: 1970-01-01 00:00:00Z
Account Valid From: 2018-04-03 07:09:58Z
Account Valid To: 2218-04-03 07:09:58Z
Account Without Password: false
Last successful Login At: 2018-04-11 18:49:09Z
Last unsuccessful Login At: 2018-04-03 09:33:54Z
Password Valid To: 2018-09-30 09:33:54Z

 

• Assign User a Role on oVirt

This user account does not have privileges to manage all functions of oVirt. Hence, we need to assign this user privileges for SuperUser if we want it to work like any admin user account, else assign specific permissions.

Initially, log in to the dashboard as the admin user, and navigate to:

Administration > Configure > System Permissions > Add

On the next window, search for the user-added, in this case, bob, and click the GO button.

Once the account is shown, click on the checkbox to select it.

Change the Role to Assign to “SuperUser”. For other roles, select appropriately. Then click the OK button. A new role should assign to the user account.

 

• Delete User on oVirt

If we no longer require the user account, we can delete it using the commands:

# ovirt-aaa-jdbc-tool user delete bob
deleting user bob…
user deleted successfully

Now, if we try to view user details, we should get an error message saying user account not found.

# ovirt-aaa-jdbc-tool user show bob
user bob not found

 

• Disable a user account on oVirt

To lock a user account on oVirt we use:

# ovirt-aaa-jdbc-tool user edit <username> –flag=+disabled

 

• Enable a disabled user account on oVirt

Similarly, to disable a user account, we use:

# ovirt-aaa-jdbc-tool user edit <username> –flag=-disabled

 

• Unlock locked user account on oVirt

If a user account lock for many failed logins, we can unlock it using the command:

# ovirt-aaa-jdbc-tool user unlock <username>

For example,

# ovirt-aaa-jdbc-tool user unlock bob

 

• Edit User email address

To change the email address, use the command:

# ovirt-aaa-jdbc-tool user edit bob –attribute=email=bob@example.com

[Stuck with any of the above steps? We’d be happy to assist]

 

Conclusion

To conclude, in order to Create and Manage User Accounts on oVirt and RHEV we use PowerShell commands. Today, we saw how our Support Engineers handle this query.