Bug 7035 - new create-user process
: new create-user process
Status: RESOLVED FIXED
: Nimbus
Installer
: 2.4
: PC Linux
: P3 enhancement
: 2.5
Assigned To:
:
:
:
: 7013
  Show dependency treegraph
 
Reported: 2010-06-07 15:15 by
Modified: 2010-06-30 23:48 (History)


Attachments


Note

You need to log in before you can comment on or make changes to this bug.


Description From 2010-06-07 15:15:36
A standalone script that replaces “cloud-admin.sh —add-dn”

    * a. create cert
    * b. add to gridmap
    * c. add to groupauthz
    * d. set up w/ cumulus

Python, adjusts files locally. The idea of remote admin API for this
commandline (and any other admin utility) is on hold. The webapp of the future
will probably be limited to running localhost to the Nimbus service.
------- Comment #1 From 2010-06-30 22:11:45 -------
$NIMBUS_HOME/bin/nimbus-new-user has been written and merged for 2.5

(implementation @
http://github.com/nimbusproject/nimbus/blob/master/home/libexec/nimbus_new_user.py
)

Also:

nimbus-edit-user
nimbus-list-users
nimbus-new-cert
nimbus-remove-user

-----------------------------------

It's help output is the best source of information.  There will also be some
text in z2c guide (Bug 7034) about it.

It will create certificate and query tokens that work for the cloud setup, out
of the box.  It will populate a cloud.properties template to make what the user
should get.  It can interact with the web application and give you the URL to
send the user to activate his/her account and retrieve the newly created
credentias.  And it can slice bread.
------- Comment #2 From 2010-06-30 23:47:00 -------
Here is a sample usage with the web application enabled (which is why I will
pass in the -W flag).


$ ./bin/nimbus-new-user tfreeman@mcs.anl.gov -W
cert            : /tmp/nimbus/var/ca/tmpuc04Dtcert/usercert.pem
key             : /tmp/nimbus/var/ca/tmpuc04Dtcert/userkey.pem
dn              : /O=Auto/OU=something/CN=tfreeman@mcs.anl.gov
canonical id    : e306d470-84ca-11df-93dc-00234d216c49
access id       : 3egY6bEPOSiLu2AKbIp7J
access secret   : sTbKozBNIK8skUoNsCsLDm09YRmhhidxsBTwgfcp9o
url             : https://localhost:1443/nimbus/register/token/kLwbC [etc...]
web id          : tfreeman
cloud properties : /tmp/nimbus/var/ca/tmpuc04Dtcert/cloud.properties



Notice the webapp integration.  The url is present to send to the user in the
welcome email.  When the URL is visited, the user will be able to reset the
webapp password.  Then, after logging in, all of his credentials and that
generated cloud.properties file will be available.
------- Comment #3 From 2010-06-30 23:48:59 -------
Help text for Nimbus 2.5 RC1.  Awesome program, John.

==============================================================

Usage: [options] <email>
Create/edit a nimbus user


Options:
  --version             show program's version number and exit
  -h, --help            show this help message and exit
  -b, --batch           Set to batch mode for machine parsing
  -q, --quiet           Display no output
  -V, --verbose         Display much output
  -s DN, --dn=DN        This is used when the user already has a cert.  This
                        option will use the given DN instead of generating a
                        new cert
  -c CERT, --cert=CERT  Instead of generating a new key pair use this
                        certificate.  This must be used with the --key option
  -k KEY, --key=KEY     Instead of generating a new key pair use this key.
                        This must be used with the --cert option
  -n CN, --cn=CN        This is used to set the common name when generating a
                        new certificate.  If none is specified the email
                        address is used.  This can be optionally used in
                        conjunction with --key and --cert
  -a ACCESS_ID, --access-id=ACCESS_ID
                        Instead of generating a new access id/secret pair, use
                        this one.  This must be used with the --access-secret
                        option
  -p ACCESS_SECRET, --access-secret=ACCESS_SECRET
                        Instead of generating a new access id/secret pair, use
                        this one.  This must be used with the --access-id
                        option
  -d DEST, --dest=DEST  The directory to put all of the new files into.
  -g GROUP, --group=GROUP
                        Put this user in the given group : {01 | 02 | 03 | 04}
  -w WEB_ID, --web-id=WEB_ID
                        Set the web user name.  If not set and a web user is
                        desired a username will be created from the email
                        address.
  -W, --web             Insert user into webapp for key(s) pickup
  -P, --nocloud-properties
                        Do not make the cloud.properties file
  -C, --nocert          Do not add a DN
  -D DELIM, --delim=DELIM
                        Character between columns in the report
  -A, --noaccess        Do not add access tokens
  -r REPORT, --report=REPORT
                        Report the selected columns from the following: cert,k
                        ey,dn,canonical_id,access_id,access_secret,url,web_id,
                        cloud_properties