github.com/greenboxal/deis@v1.12.1/docs/managing_deis/operational_tasks.rst (about) 1 :title: Operational tasks 2 :description: Common operational tasks for your Deis cluster. 3 4 .. _operational_tasks: 5 6 Operational tasks 7 ~~~~~~~~~~~~~~~~~ 8 9 Below are some common operational tasks for managing the Deis platform. 10 11 12 Managing users 13 ============== 14 15 There are two classes of Deis users: normal users and administrators. 16 17 * Users can use most of the features of Deis - creating and deploying applications, adding/removing domains, etc. 18 * Administrators can perform all the actions that users can, but they also have owner access to all applications. 19 20 The first user created on a Deis installation is automatically an administrator. 21 22 23 Promoting users to administrators 24 --------------------------------- 25 26 You can use the ``deis perms`` command to promote a user to an administrator: 27 28 .. code-block:: console 29 30 $ deis perms:create john --admin 31 32 .. _disable_user_registration: 33 34 Disabling user registration 35 --------------------------- 36 37 You can disable user registration for everybody except admins: 38 39 .. code-block:: console 40 41 $ deisctl config controller set registrationMode="admin_only" 42 43 If you want to entirely disable user registration: 44 45 .. code-block:: console 46 47 $ deisctl config controller set registrationMode="disabled" 48 49 Re-issuing User Authentication Tokens 50 ------------------------------------- 51 52 The controller API uses a simple token-based HTTP Authentication scheme. Token authentication is 53 appropriate for client-server setups, such as native desktop and mobile clients. Each user of the 54 platform is issued a token the first time that they sign up on the platform. If this token is 55 compromised, it will need to be regenerated. 56 57 A user can regenerate their own token like this: 58 59 .. code-block:: console 60 61 $ deis auth:regenerate 62 63 An administrator can also regenerate the token of another user like this: 64 65 .. code-block:: console 66 67 $ deis auth:regenerate -u test-user 68 69 70 At this point, the user will no longer be able to authenticate against the controller with his auth 71 token: 72 73 .. code-block:: console 74 75 $ deis apps 76 401 UNAUTHORIZED 77 Detail: 78 Invalid token 79 80 They will need to log back in to use their new auth token. 81 82 If there is a cluster wide security breach, an administrator can regenerate everybody's auth token like this: 83 84 .. code-block:: console 85 86 $ deis auth:regenerate --all=true