ovirt如何使用命令行管理用户和用户组 | 姚华blog

创建用户

这里我们可以使用ovirt-aaa-jdbc-tool user --help查看配置方法

[root@localhost ~]# ovirt-aaa-jdbc-tool user --help
Picked up JAVA_TOOL_OPTIONS: -Dcom.redhat.fips=false
Usage: /usr/bin/ovirt-aaa-jdbc-tool [options] user module ...
Perform user related tasks.
Options:
  --help
    Show help for this module.
Modules:
  add
  edit
  delete
  unlock
  password-reset
  show
  help
See: /usr/bin/ovirt-aaa-jdbc-tool [options] user module --help for help on a specific user module.

示例：

先创建用户

[root@localhost ~]# ovirt-aaa-jdbc-tool user add test
Picked up JAVA_TOOL_OPTIONS: -Dcom.redhat.fips=false
adding user test...
user added successfully
Note: by default created user cannot log in. see:
/usr/bin/ovirt-aaa-jdbc-tool user password-reset --help.

配置密码

[root@localhost ~]# ovirt-aaa-jdbc-tool user password-reset test
Picked up JAVA_TOOL_OPTIONS: -Dcom.redhat.fips=false
Password:

密码默认需要6个字符以上，默认过期期限是180天，可以通过ovirt-aaa-jdbc-tool settings show查看

[root@localhost ~]# ovirt-aaa-jdbc-tool settings show
Picked up JAVA_TOOL_OPTIONS: -Dcom.redhat.fips=false
-- setting --
name: MIN_LENGTH
value: 6
type: class java.lang.Integer
description: passwords are at least X characters long
-- setting --
name: INTERVAL_HOURS
value: 24
type: class java.lang.Integer
...............................................

配置完成后，我们可以查看用户信息

[root@localhost ~]# ovirt-aaa-jdbc-tool user show test
Picked up JAVA_TOOL_OPTIONS: -Dcom.redhat.fips=false
-- User test(8bc566e9-cd2b-437c-b81a-7379cd426d6c) --
Namespace: *
Name: test
ID: 8bc566e9-cd2b-437c-b81a-7379cd426d6c
Display Name:
Email:
First Name:
Last Name:
Department:
Title:
Description:
Account Disabled: false
Account Locked: false
Account Unlocked At: 1970-01-01 00:00:00Z
Account Valid From: 2022-10-21 22:59:51Z
Account Valid To: 2222-10-21 22:59:51Z
Account Without Password: false
Last successful Login At: 1970-01-01 00:00:00Z
Last unsuccessful Login At: 1970-01-01 00:00:00Z
Password Valid To: 1970-01-01 00:00:00Z

我们也可以修改这些设置，如修改所有用户的默认登录会话时长，将其设置为60分钟

ovirt-aaa-jdbc-tool settings set --name=MAX_LOGIN_MINUTES --value=60

也可以更新多少次登录失败会被锁定

ovirt-aaa-jdbc-tool settings set --name=MAX_FAILURES_SINCE_SUCCESS --value=3

假如没用了可以选择删除

[root@localhost ~]# ovirt-aaa-jdbc-tool user delete test
Picked up JAVA_TOOL_OPTIONS: -Dcom.redhat.fips=false
deleting user test...
user deleted successfully

接下来是创建用户组，方法是相似的

[root@localhost ~]# ovirt-aaa-jdbc-tool group add group
Picked up JAVA_TOOL_OPTIONS: -Dcom.redhat.fips=false
adding group group...