The power user portal is a trimmed-down version of the administration portal, tailored for end user self provisioning of virtual machines. It is simultaneously a gateway for logging in to virtual machines, and also a platform to create virtual machines and manage resources specific to those virtual machines. This lab illustrates the functions of the power user portal, which is available to users with PowerUserRole permissions. At the end of this lab you will be able to create and manage virtual machines from the power user portal.
This lab assumes that you have correctly installed and configured Red Hat Enterprise Virtualization so you can log in to the power user portal. You should have at least two running virtual machines in your environment. You should have successfully completed Chapter 3, Live Migration Scenarios if you are on Track A or Chapter 2, Create Virtual Machines if you are on Track B.
To log in to the power user portal, you need a Red Hat Enterprise Linux client running Mozilla Firefox 3.5 and higher (you can use your Manager server).
Lab 4 - Objectives
This lab takes you through the tasks necessary to create virtual machines from the power user portal and assign user permissions. This lab should take you about 35 minutes.
Section 4.1, “Add IPA Domain” shows you how to attach an IPA domain to the Red Hat Enterprise Virtualization Manager and create IPA user accounts. (15 minutes)
Section 4.2, “Assign PowerUserRole Permissions” shows you how to assign privileges for a user to access the power user portal. (2 minutes)
Section 4.3, “Log in to the Power User Portal” shows you how to install required SPICE plugins and log in to the power user portal. (3 minutes)
Section 4.4, “Create a Red Hat Enterprise Linux Virtual Machine” shows you how to create a Red Hat Enterprise Linux virtual machine based on an existing template. (5 minutes)
Section 4.5, “Access a Virtual Machine” shows you how to connect to a virtual machine. (3 minutes)
Section 4.6, “Create a Virtual Machine Template” shows you how to create a virtual machine template from the power user portal. (5 minutes)
Section 4.7, “Verify Permissions” shows you how to view permissions on virtual machines and templates. (2 minutes)
Previously, you have logged in to the administration portal as the
admin user on the internal domain, which was automatically set up during the installation of the Red Hat Enterprise Virtualization Manager. However, to authenticate new users, you need an external directory service. The term directory service refers to the collection of software, hardware, and processes that store information about an enterprise, subscribers, or both, and make that information available to users. Red Hat Enterprise Virtualization supports IPA and Active Directory.
This lab assumes that you already have an existing IPA directory service. However if you need further assistance to install and configure IPA, see the Red Hat Enterprise Linux — Enterprise Identity Management Guide. In this lab, you will attach an IPA domain to the Red Hat Enterprise Virtualization Manager using the rhevm-manage-domains tool, and create users in the IPA directory. Alternatively, if you have an Active Directory setup, you can attach it to the manager and use it for this lab. See Section 8.1, “Add Active Directory Domain”, and then proceed to Section 4.2, “Assign PowerUserRole Permissions”.
Perform the following procedure on the Red Hat Enterprise Virtualization Manager server.
To add an IPA domain
- Log in to the Red Hat Enterprise Virtualization Manager server console.
- Run the following command, and provide the domain administrator password when prompted:
# rhevm-manage-domains -action=add -domain=ipadomain.demo.redhat.com -user=admin -interactive
- Restart the service for the changes to be applied across the system.
# service ovirt-engine restart
Before you can add users in the Red Hat Enterprise Virtualization Manager, you must first add them in the IPA directory. For this track, you need at least two users. The names used in this guide are
rhevpower and rhevuser. Perform the following procedure on the Manager server.
- To add users you must first authenticate as the directory server administrator. Use the
kinitcommand to do this, entering the administrator password when prompted.admin$
kinitPassword for admin@DIRECTORY.DEMO.REDHAT.COM:admin - To add a user interactively use the
ipacommand. The command will prompt you for all values required to create the user.user-add$
ipaFirst name: RHEV Last name: User User login [rhevuser]: --------------------- Added user "rhevuser" --------------------- User login: rhevuser First name: RHEV Last name: User Full name: RHEV User Display name: RHEV User Initials: RU Home directory: /home/rhevuser GECOS field: rhevuser Login shell: /bin/sh Kerberos principal: rhevuser@DIRECTORY.DEMO.REDHAT.COM UID: 1316000004user-add - To allow the new user to log in you must set their initial password. Use the
ipacommand, followed by the username for which you are setting the password, to do this.passwd$
ipaPassword: Enter Password again to verify: ---------------------------------------------------------- Changed password for "rhevuser@DIRECTORY.DEMO.REDHAT.COM" ----------------------------------------------------------passwdrhevuser - A new user has been added to the directory server and their password has been set. You are now able to add them to the Red Hat Enterprise Virtualization Manager. For this track, repeat steps 2 and 3 for another user called
rhevpowerand as necessary if you wish to use other users.
Now, you know how to create users for Red Hat Enterprise Virtualization. Next, you will learn how to assign roles and privileges to these users.