Bugzilla – Bug 7035
new create-user process
Last modified: 2010-06-30 23:48:59
You need to log in before you can comment on or make changes to this bug.
A standalone script that replaces “cloud-admin.sh —add-dn” * a. create cert * b. add to gridmap * c. add to groupauthz * d. set up w/ cumulus Python, adjusts files locally. The idea of remote admin API for this commandline (and any other admin utility) is on hold. The webapp of the future will probably be limited to running localhost to the Nimbus service.
$NIMBUS_HOME/bin/nimbus-new-user has been written and merged for 2.5 (implementation @ http://github.com/nimbusproject/nimbus/blob/master/home/libexec/nimbus_new_user.py ) Also: nimbus-edit-user nimbus-list-users nimbus-new-cert nimbus-remove-user ----------------------------------- It's help output is the best source of information. There will also be some text in z2c guide (Bug 7034) about it. It will create certificate and query tokens that work for the cloud setup, out of the box. It will populate a cloud.properties template to make what the user should get. It can interact with the web application and give you the URL to send the user to activate his/her account and retrieve the newly created credentias. And it can slice bread.
Here is a sample usage with the web application enabled (which is why I will pass in the -W flag). $ ./bin/nimbus-new-user tfreeman@mcs.anl.gov -W cert : /tmp/nimbus/var/ca/tmpuc04Dtcert/usercert.pem key : /tmp/nimbus/var/ca/tmpuc04Dtcert/userkey.pem dn : /O=Auto/OU=something/CN=tfreeman@mcs.anl.gov canonical id : e306d470-84ca-11df-93dc-00234d216c49 access id : 3egY6bEPOSiLu2AKbIp7J access secret : sTbKozBNIK8skUoNsCsLDm09YRmhhidxsBTwgfcp9o url : https://localhost:1443/nimbus/register/token/kLwbC [etc...] web id : tfreeman cloud properties : /tmp/nimbus/var/ca/tmpuc04Dtcert/cloud.properties Notice the webapp integration. The url is present to send to the user in the welcome email. When the URL is visited, the user will be able to reset the webapp password. Then, after logging in, all of his credentials and that generated cloud.properties file will be available.
Help text for Nimbus 2.5 RC1. Awesome program, John. ============================================================== Usage: [options] <email> Create/edit a nimbus user Options: --version show program's version number and exit -h, --help show this help message and exit -b, --batch Set to batch mode for machine parsing -q, --quiet Display no output -V, --verbose Display much output -s DN, --dn=DN This is used when the user already has a cert. This option will use the given DN instead of generating a new cert -c CERT, --cert=CERT Instead of generating a new key pair use this certificate. This must be used with the --key option -k KEY, --key=KEY Instead of generating a new key pair use this key. This must be used with the --cert option -n CN, --cn=CN This is used to set the common name when generating a new certificate. If none is specified the email address is used. This can be optionally used in conjunction with --key and --cert -a ACCESS_ID, --access-id=ACCESS_ID Instead of generating a new access id/secret pair, use this one. This must be used with the --access-secret option -p ACCESS_SECRET, --access-secret=ACCESS_SECRET Instead of generating a new access id/secret pair, use this one. This must be used with the --access-id option -d DEST, --dest=DEST The directory to put all of the new files into. -g GROUP, --group=GROUP Put this user in the given group : {01 | 02 | 03 | 04} -w WEB_ID, --web-id=WEB_ID Set the web user name. If not set and a web user is desired a username will be created from the email address. -W, --web Insert user into webapp for key(s) pickup -P, --nocloud-properties Do not make the cloud.properties file -C, --nocert Do not add a DN -D DELIM, --delim=DELIM Character between columns in the report -A, --noaccess Do not add access tokens -r REPORT, --report=REPORT Report the selected columns from the following: cert,k ey,dn,canonical_id,access_id,access_secret,url,web_id, cloud_properties
