Unfortunately, in the free version, you can't assign Roles to users added, but it's a nice feature, and it will stop people using the root account. If you don't have DHCP enabled in your AD infrastructure, although I doubt it, you can add your Domain Controllers as DNS servers on XenServer like this:
xe pif-reconfigure-ip mode=static dns=And if you'd like to disable external authentication, you can go to XenCenter and delete the joined domain/users or use the CLI to do it.
xe pool-disable-external-authXenCenter and CLI defines users in different names. XenCenter uses "user", and CLI uses "subject". So, adding users from XenCenter is pretty straight-forward, but, from CLI you should type this:
xe subject-add subject-name=To remove a user, you should follow a 2 step procedure:
first, you should get the subject's identifier like this:
xe subject-listor using filter to do it:
xe subject-list other-config:subject-name='and then, use the following command to remove a subject:
xe subject-remove subject-identifier=Terminating all authenticated sessions can be done also from CLI:
xe session-subject-identifier-logout-allRole-based access control (RBAC)
This is a feature in XenServer Enterprise or higher. By default, there are 6 roles defined with different levels of access: Pool Admin, Pool Operator, VM Power Admin, VM Admin, VM Operator, Read Only. You can see them all using CLI. Other useful role managing commands using CLI are listed below.
show subject's role
xe subject-listadd a subject to RBAC
xe subject-add subject-name=
xe subject-role-add uuid=or
xe subject-role-add uuid=change a user's RBAC role uses a role-remove and a role-add commands to do it
xe subject-role-remove uuid=Resource pools
To add hosts in a resource pool you can use both XenCenter and CLI to do it.
Hmm, I've tried to find a way to remove a host from a pool using XenCenter and couldn't find a way. So the only chance might be the CLI. I tried to create a new pool and add the machine I wanted to remove to that new pool, but it said it's already connected to the master of the pool. Damn!
Although I will not be able to try this right now, I'll just write this here, for future reference when I'll need it.
So, to be able to use HA feature, you'll need:
- shared storage for all VMs in the resource pool
- a shared resource (SR) with at least 356MB of storage
--- 4MB heartbeat volume
--- 256MB metadata volume
- a XenServer resource pool
- Enterprise licence on all pool hosts
- static IP addresses on all pool hosts
Not having the enterprise license, I can only write about CLI commands that I can find in the manual. So, here they are:
enable HA on a resource pool
xe pool-ha-enable heartbeat-sr-uuids=set restart priority for every HA protected VM
xe vm-param-set uuid=calculation of maximum hosts that can fail before the pool will run out of resources to run all VMs in HA
xe vm-param-set uuid=specify the number of failures to tolerate - must be less or equal than the computed value from above
xe pool-param-set ha-host-failures-to-tolerate=<2>remove HA protection of a VM
xe vm-param-set uuid=shutting down a host when HA is enabled
xe host-disable host=To be continued.. :)
xe host-evacuate uuid=
xe host-shutdown host=