User management in Nebula Rumi, July 31, 2015July 31, 2015 Adding and Deleting Users User accounts within the OpenNebula system are managed by oneadmin with the oneuser create and oneuser delete commands. This section will show you how to create the different account types supported in OpenNebula Administrators Administrators can be easily added to the system like this: $ oneuser create otheradmin password ID: 2 $ oneuser chgrp otheradmin oneadmin $ oneuser list ID GROUP NAME AUTH PASSWORD 0 oneadmin oneadmin core 5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8 1 oneadmin serveradmin server_c 1224ff12545a2e5dfeda4eddacdc682d719c26d5 2 oneadmin otheradmin core 5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8 $ oneuser show otheradmin USER 2 INFORMATION ID : 2 NAME : otheradmin GROUP : 0 PASSWORD : 5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8 AUTH_DRIVER : core ENABLED : Yes USER TEMPLATE Regular Users Simply create the usets with the create command: $ oneuser create regularuser password ID: 3 The enabled flag can be ignored as it doesn’t provide any functionality. It may be used in future releases to temporarily disable users instead of deleting them. Public Users Public users needs to define a special authentication method that internally relies in the core auth method. First create the public user as it was a regular one: $ oneuser create publicuser password ID: 4 and then change its auth method (see below for more info) to the public authentication method. $ oneuser chauth publicuser public Server Users Server user accounts are used mainly as proxy authentication accounts for OpenNebula services. Any account that uses the server_cipher or server_x509 auth methods are a server user. You will never use this account directly. To create a user account just create a regular account $ oneuser create serveruser password ID: 5 and then change its auth method to server_cipher (for other auth methods please refer to the :ref:`Authentication guide <external_auth>`): $ oneuser chauth serveruser server_cipher Src: https://github.com/OpenNebula/docs/blob/master/source/administration/users_and_groups/manage_users.rst Related Opennebula
Branding the Sunstone Portal July 31, 2015July 31, 2015 You can easily add you logos to the login and main screens by updating the logo: attribute as follows: The login screen is defined in the /etc/one/sunstone-views.yaml. The logo of the main UI screen is defined for each view in the view file. Find more on: http://docs.opennebula.org/4.8/administration/sunstone_gui/suns_views.html Related Read More
Reset Oneadmin password July 31, 2015 In case of lost password you can use another user in oneadmin group to change the lost password: $ oneuser passwd –sha1 oneadmin ‘newpassword’ Or Change the password directly in the database: Stop OpenNebula daemons (this is needed as some data is cached). Connect to the database and get the… Read More
How to login OpenNebula VM using Putty by public key exchanging July 31, 2015July 31, 2015 Generating OpenSSH-compatible Keys for Use with PuTTY To generate a set of RSA keys with PuTTYgen: Start the PuTTYgen utility, by double-clicking on its .exe file; For Type of key to generate, select SSH-2 RSA; In the Number of bits in a generated key field, specify either 2048 or 4096… Read More
Q1 With OpenNebula and vCenter, identical admin credentials must be created in all ESX hosts, in vCenter and in OpenNebula. Can this password be changed easily if one of our administrators quits his his job ? Q2 We prefer using personal administrator accounts with personal passwords. How can we continue doing so with OpenNebula ? Q3 Can we expose a Sunstone Cloud View web portal for customers to the public internet, without allowing admin users to log on to this portal ? Reply
Hi, I’m trying to ans- Q1- Yes possible with a process defined by your organization Q2- Not sure what you mean by personal password or personal administrator. However, every individual VM account user can enjoy logging to shell by using public key exchange through SSH Q3- Yes, of course you can expose Sunstone web portal to customer for their own account logging and managing own VMs- that’s how it is designed 🙂 Reply