Product SiteDocumentation Site

Lab 4 - Power User Portal

The power user portal is a trimmed down version of the administration portal, tailored for end user self provisioning of virtual machines. It is simultaneously a gateway for logging in to virtual machines, and also a platform to create virtual machines and manage resources specific to those virtual machines. This lab illustrates the functions of the power user portal, which is available to users with PowerUserRole permissions. At the end of this lab you will be able to create and manage virtual machines from the power user portal.
This lab assumes that you have correctly installed and configured Red Hat Enterprise Virtualization so you can log in to the power user portal. You should have at least two running virtual machines in your environment. You should have successfully completed Lab 3 - Live Migration Scenarios if you are on Track A or Lab 2 - Create Virtual Machines if you are on Track B.
To log in to the power user portal, all you need is either a Red Hat Enterprise Linux client running Mozilla Firefox 3.5 and higher (you can use your Manager server) or a Windows client running Internet Explorer 7 and higher (you can use your administration portal client).
Lab 4 - Objectives
This lab takes you through the tasks necessary to create virtual machines from the power user portal and assign user permissions. This lab should take you about 35 minutes.
Section 1, “Add IPA Domain” shows you how to attach an IPA domain to the Red Hat Enterprise Virtualization Manager and create IPA user accounts. (15 minutes)
Section 2, “Assign PowerUserRole Permissions” shows you how to assign privileges for a user to access the power user portal. (2 minutes)
Section 3, “Log in to the Power User Portal” shows you how to install required SPICE plugins and log in to the power user portal. (3 minutes)
Section 4, “Create a Red Hat Enterprise Linux Virtual Machine” shows you how to create a Red Hat Enterprise Linux virtual machine based on an existing template. (5 minutes)
Section 5, “Access a Virtual Machine” shows you how to connect to a virtual machine. (3 minutes)
Section 6, “Create a Virtual Machine Template” shows you how to create a virtual machine template from the power user portal. (5 minutes)
Section 7, “Verify Permissions” shows you how to view permissions on virtual machines and templates. (2 minutes)

1. Add IPA Domain

Previously, you have logged in to the administration portal as the admin user on the internal domain, which was automatically set up during the installation of the Red Hat Enterprise Virtualization Manager. However, to authenticate new users, you need an external directory service. The term directory service refers to the collection of software, hardware, and processes that store information about an enterprise, subscribers, or both, and make that information available to users. Red Hat Enterprise Virtualization supports IPA and Active Directory.
This lab assumes that you already have an existing IPA directory service. However if you need further assistance to install and configure IPA, see the Red Hat Enterprise Linux — Enterprise Identity Management Guide. In this lab, you will attach an IPA domain to the Red Hat Enterprise Virtualization Manager using the rhevm-manage-domains tool, and create users in the IPA directory. Alternatively, if you have an Active Directory setup, you can attach it to the manager and use it for this lab. See Section 1, “Add Active Directory Domain”, and then proceed to Section 2, “Assign PowerUserRole Permissions”.
Perform the following procedure on the Red Hat Enterprise Virtualization Manager server.
To add an IPA domain
  1. Log in to the Red Hat Enterprise Virtualization Manager server console.
  2. Run the following command, and provide the domain administrator password when prompted:
    # rhevm-manage-domains -action=add -domain=ipadomain.demo.redhat.com -user=admin -interactive
  3. Restart the service for the changes to be applied across the system.
    # service jbossas restart
    Restarting the JBoss service disconnects you from the administration portal. After a few minutes, the restart completes, and the IPA domain is added to the Red Hat Enterprise Virtualization Manager.

1.1. Add New Users in the IPA Directory

Before you can add users in the Red Hat Enterprise Virtualization Manager, you must first add them in the IPA directory. For this track, you need at least two users. The names used in this guide are rhevpower and rhevuser. Perform the following procedure on the Manager server.
  1. To add users you must first authenticate as the directory server administrator. Use the kinit admin command to do this, entering the administrator password when prompted.
    $ kinit admin
    Password for admin@DIRECTORY.DEMO.REDHAT.COM:
    
  2. To add a user interactively use the ipa user-add command. The command will prompt you for all values required to create the user.
    $ ipa user-add
      First name: RHEV
      Last name: User
      User login [rhevuser]:
      ---------------------
      Added user "rhevuser"
      ---------------------
      User login: rhevuser
      First name: RHEV
      Last name: User
      Full name: RHEV User
      Display name: RHEV User
      Initials: RU
      Home directory: /home/rhevuser
      GECOS field: rhevuser
      Login shell: /bin/sh
      Kerberos principal: rhevuser@DIRECTORY.DEMO.REDHAT.COM
      UID: 1316000004
  3. To allow the new user to log in you must set their initial password. Use the ipa passwd command, followed by the username for which you are setting the password, to do this.
    $ ipa passwd rhevuser
    Password: 
    Enter Password again to verify: 
    ----------------------------------------------------------
    Changed password for "rhevuser@DIRECTORY.DEMO.REDHAT.COM"
    ----------------------------------------------------------
    
  4. A new user has been added to the directory server and their password has been set. You are now able to add them to the Red Hat Enterprise Virtualization Manager. For this track, repeat steps 2 and 3 for another user called rhevpower and as necessary if you wish to use other users.
Now, you know how to create users for Red Hat Enterprise Virtualization. Next, you will learn how to assign roles and privileges to these users.