Lab 4 - Power User Portal
The power user portal is a trimmed down version of the administration portal, tailored for end user self provisioning of virtual machines. It is simultaneously a gateway for logging in to virtual machines, and also a platform to create virtual machines and manage resources specific to those virtual machines. This lab illustrates the functions of the power user portal, which is available to users with PowerUserRole permissions. At the end of this lab you will be able to create and manage virtual machines from the power user portal.
To log in to the power user portal, all you need is either a Red Hat Enterprise Linux client running Mozilla Firefox 3.5 and higher (you can use your Manager server) or a Windows client running Internet Explorer 7 and higher (you can use your administration portal client).
Previously, you have logged in to the administration portal as the admin
user on the internal
domain, which was automatically set up during the installation of the Red Hat Enterprise Virtualization Manager. However, to authenticate new users, you need an external directory service. The term directory service refers to the collection of software, hardware, and processes that store information about an enterprise, subscribers, or both, and make that information available to users. Red Hat Enterprise Virtualization supports IPA and Active Directory.
This lab assumes that you already have an existing IPA directory service. However if you need further assistance to install and configure IPA, see the
Red Hat Enterprise Linux — Enterprise Identity Management Guide. In this lab, you will attach an IPA domain to the Red Hat Enterprise Virtualization Manager using the
rhevm-manage-domains tool, and create users in the IPA directory. Alternatively, if you have an Active Directory setup, you can attach it to the manager and use it for this lab. See
Section 1, “Add Active Directory Domain”, and then proceed to
Section 2, “Assign PowerUserRole Permissions”.
Perform the following procedure on the Red Hat Enterprise Virtualization Manager server.
To add an IPA domain
Log in to the Red Hat Enterprise Virtualization Manager server console.
Run the following command, and provide the domain administrator password when prompted:
# rhevm-manage-domains -action=add -domain=ipadomain.demo.redhat.com -user=admin -interactive
Restart the service for the changes to be applied across the system.
# service jbossas restart
Restarting the JBoss service disconnects you from the administration portal. After a few minutes, the restart completes, and the IPA domain is added to the Red Hat Enterprise Virtualization Manager.
1.1. Add New Users in the IPA Directory
Before you can add users in the Red Hat Enterprise Virtualization Manager, you must first add them in the IPA directory. For this track, you need at least two users. The names used in this guide are rhevpower
and rhevuser
. Perform the following procedure on the Manager server.
To add users you must first authenticate as the directory server administrator. Use the kinit admin
command to do this, entering the administrator password when prompted.
$ kinit admin
Password for admin@DIRECTORY.DEMO.REDHAT.COM:
To add a user interactively use the ipa user-add
command. The command will prompt you for all values required to create the user.
$ ipa user-add
First name: RHEV
Last name: User
User login [rhevuser]:
---------------------
Added user "rhevuser"
---------------------
User login: rhevuser
First name: RHEV
Last name: User
Full name: RHEV User
Display name: RHEV User
Initials: RU
Home directory: /home/rhevuser
GECOS field: rhevuser
Login shell: /bin/sh
Kerberos principal: rhevuser@DIRECTORY.DEMO.REDHAT.COM
UID: 1316000004
To allow the new user to log in you must set their initial password. Use the ipa passwd
command, followed by the username for which you are setting the password, to do this.
$ ipa passwd
rhevuser
Password:
Enter Password again to verify:
----------------------------------------------------------
Changed password for "rhevuser@DIRECTORY.DEMO.REDHAT.COM"
----------------------------------------------------------
A new user has been added to the directory server and their password has been set. You are now able to add them to the Red Hat Enterprise Virtualization Manager. For this track, repeat steps 2 and 3 for another user called rhevpower
and as necessary if you wish to use other users.
Now, you know how to create users for Red Hat Enterprise Virtualization. Next, you will learn how to assign roles and privileges to these users.