CLI Documentation - ovirt-china/manage-domains-plugin GitHub Wiki
We have taken the output of the command engine-manage-domains --help and made it a bit more readable to help us develop the plugin.
Using the engine-manage-domains tool it is possible to add/edit/delete/validate/list authentication domains to serve as resource for users authenticating to oVirt engine.
engine-manage-domains <action> [<args>]
| Actions | Description |
|---|---|
| add | add a domain using specified provider and user |
| edit | edit an existing domain |
| delete | delete an existing domain |
| validate | validate the current configuration |
| list | list the current configuration |
engine-manage-domains add --domain=DOMAIN --provider=PROVIDER --user=USER [--add-permissions] [--config-file=CFG_FILE] [--ldap-servers=SERVERS] [--resolve-kdc] [--password-file=PASS_FILE] [--change-password-msg]
engine-manage-domains edit --domain=DOMAIN [--provider=PROVIDER] [--user=USER] [--add-permissions] [--config-file=CFG_FILE] [--ldap-servers=SERVERS] [--resolve-kdc] [--password-file=PASS_FILE] [--change-password-msg]
engine-manage-domains delete --domain=DOMAIN [--force] [--config-file=CFG_FILE] [--password-file=PASS_FILE]
engine-manage-domains validate [--report] [--config-file=CFG_FILE]
engine-manage-domains list [--config-file=CFG_FILE]
| Options | Description |
|---|---|
--add-permissions |
Add engine superuser permissions to the user. |
--change-password-msg |
Reads interactively a URL or a message to be returned to the user in case the password has expired. |
--config-file=CFG_FILE |
Use the given alternate configuration file. |
--domain=DOMAIN |
The domain you wish to perform the action on. |
--force |
Skip confirmation of a delete operation. |
--help |
Show this help message and exit. |
--ldap-servers=SERVERS |
A comma delimited list of LDAP servers to be set to the domain. |
--log-file=LOG_FILE |
Sets file to write logging into (if not set nothing is logged). |
--log-level=LOG_LEVEL |
Sets log level, one of DEBUG (default), INFO, WARN, ERROR (case insensitive). |
--log4j-config=XML_FILE |
Sets log4j.xml file which logging configuration is loaded from. |
--provider=PROVIDER |
The LDAP provider type¹ of server used for the domain. |
--report |
Report all validation error, if occured (default behaviour is to exit when a validation error occurs). |
--resolve-kdc |
Resolve KDC servers using DNS (don't assume they are the same as LDAP servers). |
--user=USER |
The domain user. |
--password-file=PASS_FILE |
A file containing the password (if it's not set, the password will be read interactively). |
¹ The LDAP provider type of server used for the domain, can be one of (case insensitive):
| Type | Descripion |
|---|---|
| ad | Microsoft Active Directory |
| ipa | freeIPA |
| rhds | Red Hat Directory Server |
| itds | IBM Tivoli Directory Server |
| oldap | OpenLDAP |
[root@localhost ~]# engine-manage-domains add --domain=DOMAIN --provider=ipa --user=USER
Enter password:
The domain DOMAIN has been added to the engine as an authentication source but no users from that domain have been granted permissions within the oVirt Manager.
Users from this domain can be granted permissions by editing the domain using action edit and specifying --add-permissions or from the Web administration interface logging in as admin@internal user.
oVirt Engine restart is required in order for the changes to take place (service ovirt-engine restart).
Manage Domains completed successfully
###Listing domains
[root@localhost ~]# engine-manage-domains list
Domain: DOMAIN
User name: USER@DOMAIN
Manage Domains completed successfully
###Deleting domain
[root@localhost ~]# engine-manage-domains delete --domain=DOMAIN
Are you sure you like to delete domain DOMAIN (yes/no): yes
Successfully deleted domain DOMAIN. Please remove all users and groups of this domain using the Administration portal or the API. oVirt Engine restart is required in order for the changes to take place (service ovirt-engine restart).
Manage Domains completed successfully
