RH318 - ch04s06

In this exercise, you will log in to the VM Portal and Administration Portal to observe how user roles determine the level of access in the Red Hat Virtualization environment.

Outcomes

You should be able to use the VM Portal and the Administration Portal to manage the Red Hat Virtualization environment.

Four different users are mapped from the lab.example.com profile to the appropriate roles in the Red Hat Virtualization environment, as described below:

rhvadmin to SuperUser role system-wide.
normaluser to UserRole role system-wide.
poweruser to PowerUserRole role system-wide.
dcadmin to DataCenterAdmin role for the development data center.

Log in as the student user on workstation and run the lab users-portals start command. This command ensures that the domain users of the Red Hat Enterprise Linux Identity Management server in the classroom are mapped to the appropriate roles in the Red Hat Virtualization environment. This command also ensures that the development data center does not have any description.

[student@workstation ~]$ lab users-portals start

Log in to the Administration Portal as normaluser from the lab.example.com profile.
1. On workstation, open Firefox and navigate to https://rhvm.lab.example.com/ovirt-engine. Click on the Administration Portal link. Log in as normaluser with the password redhat. Select the lab.example.com profile.
2. Notice that the role assigned to normaluser prevents it from accessing the Administration Portal. In the upper right corner of the Red Hat Virtualization page, you can see that normaluser is successfully logged in. This page also indicates that normaluser is not authorized to access the Administration Portal.
Log in to the VM Portal as normaluser from the lab.example.com profile.
1. The UserRole role is assigned to the normaluser user. This role permits the user to access only the VM Portal. Within the VM Portal, the user can only view the virtual machines. The normaluser user has access to the console of the virtual machine, and is able to start, stop, suspend, or reboot virtual machines.
2. While still logged in as normaluser, click on the VM Portal link in the Red Hat Virtualization page, located at http://rhvm.lab.example.com/ovirt-engine. You have successfully logged in to the VM Portal of Red Hat Virtualization.
  You should see a running virtual machine called rhel-vm1. Click on the Console button of rhel-vm1 to open its console. The Console dialog box opens with an error related to single sign-on. Ignore the error and click Connect. The Opening console.vv dialog box opens and prompts for your confirmation to open the connection file (console.vv). Click the OK button to open the console.vv file using Remote Viewer. Optionally, log in to the virtual machine as root with the password redhat.
  Note
  If Remote Viewer prompts for your confirmation to inhibit shortcuts, click Allow.
3. Click View → Full screen on the menu bar of the rhel-vm1:1 - Remote Viewer window to open the rhel-vm1 virtual machine console in full-screen mode.
4. Hover your mouse over the upper part of the console and click the X button to close the virtual machine console. Click OK to confirm and close the console.
5. If the rhel-vm1 virtual machine is running, click the drop-down button displayed near the Console button. Click Shutdown. The Shutdown the VM dialog box displays, prompting for confirmation to stop the virtual machine either forcefully or gracefully. Click Yes and wait for few seconds to gracefully stop the virtual machine. Notice that the rhel-vm1 virtual machine is stopped.
  Note
  If you click the Force button, the virtual machine is immediately stopped without gracefully terminating the processes in the virtual machine, which is not a recommended practice.
6. Click the Run button to start the rhel-vm1 virtual machine. Wait for a minute and notice that the virtual machine, rhel-vm1, is started.
7. Stop rhel-vm1.
8. Log out of the VM Portal as normaluser.
Log in to the Administration Portal as poweruser from the lab.example.com profile.
1. Click on the Administration Portal link.
2. Log in as poweruser with the password redhat. Select the lab.example.com profile.
3. Notice that the PowerUserRole role, assigned to poweruser, does not allow poweruser to access the Administration Portal. In the upper right corner of the Red Hat Virtualization page, you can see that poweruser is successfully logged in, but not authorized to access the Administration Portal.
Log in to the VM Portal as poweruser from the lab.example.com profile.
1. As poweruser, click the VM Portal link on the Red Hat Virtualization web page. You have successfully logged in to VM Portal of the Red Hat Virtualization.
2. The PowerUserRole, assigned to poweruser, allows this user to access the VM Portal with more privileges than are granted to users with the UserRole role. From within the VM Portal, the poweruser user has access to the Create Virtual Machine button to create a new virtual machine. The poweruser user can create new virtual machines based on existing templates.
3. Click the Create Virtual Machine button in the upper right corner of the page. The Create a New Virtual Machine page displays, which allows poweruser to create a virtual machine.
4. Click Close to close the Create a New Virtual Machine page.
5. Log out of the VM Portal as poweruser.
Log in to the Administration Portal as dcadmin from the lab.example.com profile.
1. Return to the Red Hat Virtualization web page. Click on the Administration Portal link.
2. Log in as dcadmin with the password redhat. Select the lab.example.com profile.
3. Notice that the DataCenterAdmin role assigned to dcadmin allows the user to access the Administration Portal.
Try to create a new storage domain called nfs-data as dcadmin. This operation fails because the dcadmin user does not have the required permissions to create a new storage domain.
1. While logged in as dcadmin in the Administration Portal, click Storage on the left navigation pane, and then click Domains.
2. Click New Domain to open the New Domain dialog box.
3. In the the New Domain dialog box, specify nfs-data as the name of the new storage domain in the Name field. Leave all the other fields except Export Path with their default values.
4. In the Export Path field, specify utility.lab.example.com:/dcstorage as the Network File System path for this new storage domain.
5. Click OK to create this new storage domain. As you can see, the dcadmin user is not allowed to create new storage domains in the data center.
6. Click Close to close the Operation Canceled dialog box. Click Cancel to close the New Domain dialog box.
  Note that the dcadmin user has various privileges within the Administration Portal. For example, the dcadmin user can create, delete, start, and stop virtual machines, as well as hypervisor hosts.
Try to create a new data center called operations as dcadmin. This operation fails because the dcadmin user does not have the required permissions to create a new data center.
1. While logged in as dcadmin in the Administration Portal, click Compute on the left navigation pane, and then click Data Centers.
2. Click the New button to open the New Data Center dialog box.
3. In the the New Data Center dialog box, specify operations as the name of the new data center in the Name field. Leave all the other fields with their default values.
4. Click the OK button to create this new data center. As you can see, the dcadmin user is not allowed to create new data centers.
5. Click Close to close the Operation Canceled dialog box.
Edit the existing development data center as the dcadmin user to set dcadmin example to the description of the data center. This operation succeeds because the dcadmin user has permission to modify the existing data center called development.
1. While logged in as dcadmin in the Administration Portal, click Compute on the left navigation pane, and then click Data Centers.
2. Select the development data center from the list of available data centers.
3. Click the Edit button in the upper right part of the page. The Edit Data Center dialog box displays.
4. In the Edit Data Center dialog box, modify the Description field to have dcadmin example display the description of the development data center.
5. Click OK to confirm the change.
6. Notice that dcadmin was allowed to make changes to the specific data center because it is assigned the DataCenterAdmin role. The dcadmin user has the DataCenterAdmin role assigned only for the development data center.
7. Log out from the Administration Portal as dcadmin.

Finish

On workstation, run the lab users-portals finish script to complete this exercise.

[student@workstation ~]$ lab users-portals finish

This concludes the guided exercise.

Discuss Red Hat Virtualization

Go to community

Welcome to the Red Hat Virtualization (RH318) group in the Red Hat Learning Community!

cschunke

26 wrz 2023

We are excited to launch a space dedicated to the Red Hat Training course Red Hat Virtualization! To gain the most value from this group - click the "Join Group" button in the upper right hand corner of the group home page.We encourage group members to collaborate in this group to discuss topics, ask questions, share best practices and tips, provide course feedback, and share their accomplishments as it relates to RH318.Read more about Red Hat Virtualization here.

284

Revision: rh318-4.3-c05018e

Red Hat Virtualization

Guided Exercise: Navigating the VM Portal and the Administration Portal

Note

Note