oVirt添加内部域用户并分配权限
添加用户到内部域(internal)
首先ssh登录到engine上;
使用ovirt-aaa-jdbc-tool工具添加用户test1,配置姓名属性:
ovirt-aaa-jdbc-tool user add test1 --attribute=firstName=San --attribute=lastName=Zhang
为用户test1设置密码和密码有效期:
ovirt-aaa-jdbc-tool user password-reset test1 --password-valid-to=“2025-08-01 12:00:00-0800”
–注意"2025-08-01 12:00:00-0800"双引号不可是中文
查看添加的用户test1
ovirt-aaa-jdbc-tool user show test1
Activate the web console with: systemctl enable --now cockpit.socket
Last login: Mon Jun 6 09:08:43 2022 from 192.168.52.138
[root@engine110 ~]# ovirt-aaa-jdbc-tool user add user1 --attribute=firstName=qb --attribute=lastName=wang
Picked up JAVA_TOOL_OPTIONS: -Dcom.redhat.fips=false
adding user user1...
user added successfully
Note: by default created user cannot log in. see:
/usr/bin/ovirt-aaa-jdbc-tool user password-reset --help.
[root@engine110 ~]# ovirt-aaa-jdbc-tool user password-reset user1 --password-valid-to=“2035-08-01 12:00:00-0800”
Picked up JAVA_TOOL_OPTIONS: -Dcom.redhat.fips=false
Pattern for argument 'password-valid-to' does not match, pattern is '\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2}[\w\-+:]+', value is '“2035-08-01'
[root@engine110 ~]# ovirt-aaa-jdbc-tool user password-reset use1 --password-valid-to=“2025-08-01 12:00:00-0800”
Picked up JAVA_TOOL_OPTIONS: -Dcom.redhat.fips=false
Pattern for argument 'password-valid-to' does not match, pattern is '\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2}[\w\-+:]+', value is '“2025-08-01'
[root@engine110 ~]# ovirt-aaa-jdbc-tool user password-reset user1 --password-valid-to=“2025-08-01 12:00:00-0800”^C
[root@engine110 ~]# ovirt-aaa-jdbc-tool user password-reset user1 --password-valid-to="2025-08-01 12:00:00-0800"
Picked up JAVA_TOOL_OPTIONS: -Dcom.redhat.fips=false
Password:
Reenter password:
updating user user1...
user updated successfully
[root@engine110 ~]# ovirt-aaa-jdbc-tool user show user1
Picked up JAVA_TOOL_OPTIONS: -Dcom.redhat.fips=false
-- User wqb(c42730f9-6aff-4fce-b869-0d6789eb3b8f) --
Namespace: *
Name: user1
ID: c42730f9-6aff-4fce-b869-0d6789eb3b8f
Display Name:
Email:
First Name: qb
Last Name: wang
Department:
Title:
Description:
Account Disabled: false
Account Locked: false
Account Unlocked At: 1970-01-01 00:00:00Z
Account Valid From: 2022-06-08 08:14:52Z
Account Valid To: 2222-06-08 08:14:52Z
Account Without Password: false
Last successful Login At: 1970-01-01 00:00:00Z
Last unsuccessful Login At: 1970-01-01 00:00:00Z
Password Valid To: 2025-08-01 20:00:00Z
[root@engine110 ~]#
添加用户到engine
到“管理”->“用户”页面,点“添加”操作;
在这里插入图片描述
oVirt添加内部域用户并分配权限
搜索并添加用户test1;
oVirt添加内部域用户并分配权限
为test1用户分配虚机权限
到“虚拟机”->“权限”页面,点击“添加”;
oVirt添加内部域用户并分配权限
搜索并选中用户test1,选择要分配的角色为“UserRole”,点确定添加;
![在这里插入图片描述](https://img-blog.csdnimg.cn/a732b274d73f443b8a0cccdde729e665.pn
oVirt添加内部域用户并分配权限
使用test1用户
进入虚拟机门户;
oVirt添加内部域用户并分配权限
使用test1用户登录;
oVirt添加内部域用户并分配权限
就可以看到刚才分配给test1用户的虚机了,并且可以针对有权限的虚机进行操作了;
oVirt添加内部域用户并分配权限
删除用户test1
ssh到engine上;
使用命令删除用户test1: