Appendix B. Additional Utilities

B.1. Domain Management Tool

B.1.1. What is the Domain Management Tool?

Red Hat Enterprise Virtualization Manager authenticates users using directory services. To add users to Red Hat Enterprise Virtualization Manager you must first use the internal admin user to add the directory service that the users must be authenticated against. You add and remove directory services domains using the included domain management tool, engine-manage-domains.
The engine-manage-domains command is only accessible on the machine on which Red Hat Enterprise Virtualization Manager is installed. The engine-manage-domains command must be run as the root user.

See Also:

Report a bug

B.1.2. Syntax for the Domain Management Tool

The usage syntax is: 
engine-manage-domains -action=ACTION [options]
Available actions are:
add
Add a domain to Red Hat Enterprise Virtualization Manager's directory services configuration.
edit
Edit a domain in Red Hat Enterprise Virtualization Manager's directory services configuration.
delete
Delete a domain from Red Hat Enterprise Virtualization Manager's directory services configuration.
validate
Validate Red Hat Enterprise Virtualization Manager's directory services configuration. This command attempts to authenticate each domain in the configuration using the configured user name and password.
list
List Red Hat Enterprise Virtualization Manager's current directory services configuration.
These options can be combined with the actions on the command line:
-domain=DOMAIN
Specifies the domain on which the action will be performed. The -domain parameter is mandatory for add, edit, and delete.
-provider=PROVIDER
Specifies the LDAP provider type of the directory server for the domain. Valid values are:
  • ActiveDirectory - Active Directory.
  • IPA - Identity Management (IdM).
  • RHDS - Red Hat Directory Server. Red Hat Directory Server does not come with Kerberos. Red Hat Enterprise Virtualization requires Kerberos authentication. RHDS must be made a service within a Kerberos domain to provide directory services to the Manager.

    Note

    If you want to use RHDS as your directory server, you must have the memberof plugin installed in RHDS. To use the memberof plugin, your users must be inetusers. For more information about using the memberof plugin, see the Red Hat Directory Server Plug-in Guide.
-user=USER
Specifies the domain user to use. The -user parameter is mandatory for add, and optional for edit.
-passwordFile=FILE
Specifies that the domain user's password is on the first line of the provided file. This option, or the -interactive option, must be used to provide the password for use with the add action.
-addPermissions
Specifies that the domain user will be given the SuperUser role in Red Hat Enterprise Virtualization Manager. By default, if the -addPermissions parameter is not specified, the SuperUser role is not assigned to the domain user. The -addPermissions option is optional. It is only valid when used in combination with the add and edit actions.
-interactive
Specifies that the domain user's password is to be provided interactively. This option, or the -passwordFile option, must be used to provide the password for use with the add action.
-configFile=FILE
Specifies an alternate configuration file that the command must load. The -configFile parameter is always optional.
-report
In conjunction with the validate action results in the output of a report of all encountered validation errors.
For full usage information consult the engine-manage-domains command's help output: 
# engine-manage-domains --help

See Also:

Report a bug

B.1.3. Adding Domains to Configuration

In this example, the engine-manage-domains command is used to add the IdM domain directory.demo.redhat.com to the Red Hat Enterprise Virtualization Manager configuration. The configuration is set to use the admin user when querying the domain; the password is provided interactively.

Example B.1. engine-manage-domains Add Action

# engine-manage-domains -action=add -domain=directory.demo.redhat.com -provider=IPA -user=admin -interactive
loaded template kr5.conf file
setting default_tkt_enctypes
setting realms
setting domain realm
success
User guid is: 80b71bae-98a1-11e0-8f20-525400866c73
Successfully added domain directory.demo.redhat.com. oVirt Engine restart is required in order for the changes to take place (service ovirt-engine restart).

See Also:

Report a bug

B.1.4. Editing a Domain in the Configuration

In this example, the engine-manage-domains command is used to edit the directory.demo.redhat.com domain in the Red Hat Enterprise Virtualization Manager configuration. The configuration is updated to use the admin user when querying this domain; the password is provided interactively.

Example B.2. engine-manage-domains Edit Action

# engine-manage-domains -action=edit -domain=directory.demo.redhat.com -user=admin -interactive
loaded template kr5.conf file
setting default_tkt_enctypes
setting realms
setting domain realmo
success
User guide is: 80b71bae-98a1-11e0-8f20-525400866c73
Successfully edited domain directory.demo.redhat.com. oVirt Engine restart is required in order for the changes to take place (service ovirt-engine restart).

See Also:

Report a bug

B.1.5. Deleting a Domain from the Configuration

In this example, the engine-manage-domains command is used to remove the directory.demo.redhat.com domain from the Red Hat Enterprise Virtualization Manager configuration. Users defined in the removed domain will no longer be able to authenticate with the Red Hat Enterprise Virtualization Manager. The entries for the affected users will remain defined in the Red Hat Enterprise Virtualization Manager until they are explicitly removed.
The domain being removed in this example is the last one listed in the Red Hat Enterprise Virtualization Manager configuration. A warning is displayed highlighting this fact and that only the admin user from the internal domain will be able to log in until another domain is added.

Example B.3. engine-manage-domains Delete Action

# engine-manage-domains -action=delete -domain='directory.demo.redhat.com'
WARNING: Domain directory.demo.redhat.com is the last domain in the configuration. After deleting it you will have to either add another domain, or to use the internal admin user in order to login.
Successfully deleted domain directory.demo.redhat.com. Please remove all users and groups of this domain using the Administration portal or the API.

See Also:

Report a bug

B.1.6. Validating Domain Configuration

In this example, the engine-manage-domains command is used to validate the Red Hat Enterprise Virtualization Manager configuration. The command attempts to log into each listed domain with the credentials provided in the configuration. The domain is reported as valid if the attempt is successful.

Example B.4. engine-manage-domains Validate Action

# engine-manage-domains -action=validate
User guide is: 80b71bae-98a1-11e0-8f20-525400866c73
Domain directory.demo.redhat.com is valid.

See Also:

Report a bug

B.1.7. Listing Domains in Configuration

The engine-manage-domains command lists the directory services domains defined in the Red Hat Enterprise Virtualization Manager configuration. This command prints the domain, the user name in User Principal Name (UPN) format, and whether the domain is local or remote for each configuration entry.

Example B.5. engine-manage-domains List Action

# engine-manage-domains -action=list
Domain: directory.demo.redhat.com
    User name: admin@DIRECTORY.DEMO.REDHAT.COM
    This domain is a remote domain.

See Also:

Report a bug