github.com/greenboxal/deis@v1.12.1/docs/managing_deis/operational_tasks.rst

github.com/greenboxal/deis@v1.12.1/docs/managing_deis/operational_tasks.rst (about)

     1  :title: Operational tasks
     2  :description: Common operational tasks for your Deis cluster.
     3  
     4  .. _operational_tasks:
     5  
     6  Operational tasks
     7  ~~~~~~~~~~~~~~~~~
     8  
     9  Below are some common operational tasks for managing the Deis platform.
    10  
    11  
    12  Managing users
    13  ==============
    14  
    15  There are two classes of Deis users: normal users and administrators.
    16  
    17  * Users can use most of the features of Deis - creating and deploying applications, adding/removing domains, etc.
    18  * Administrators can perform all the actions that users can, but they also have owner access to all applications.
    19  
    20  The first user created on a Deis installation is automatically an administrator.
    21  
    22  
    23  Promoting users to administrators
    24  ---------------------------------
    25  
    26  You can use the ``deis perms`` command to promote a user to an administrator:
    27  
    28  .. code-block:: console
    29  
    30      $ deis perms:create john --admin
    31  
    32  .. _disable_user_registration:
    33  
    34  Disabling user registration
    35  ---------------------------
    36  
    37  You can disable user registration for everybody except admins:
    38  
    39  .. code-block:: console
    40  
    41      $ deisctl config controller set registrationMode="admin_only"
    42  
    43  If you want to entirely disable user registration:
    44  
    45  .. code-block:: console
    46  
    47      $ deisctl config controller set registrationMode="disabled"
    48  
    49  Re-issuing User Authentication Tokens
    50  -------------------------------------
    51  
    52  The controller API uses a simple token-based HTTP Authentication scheme. Token authentication is
    53  appropriate for client-server setups, such as native desktop and mobile clients. Each user of the
    54  platform is issued a token the first time that they sign up on the platform. If this token is
    55  compromised, it will need to be regenerated.
    56  
    57  A user can regenerate their own token like this:
    58  
    59  .. code-block:: console
    60  
    61      $ deis auth:regenerate
    62  
    63  An administrator can also regenerate the token of another user like this:
    64  
    65  .. code-block:: console
    66  
    67      $ deis auth:regenerate -u test-user
    68  
    69  
    70  At this point, the user will no longer be able to authenticate against the controller with his auth
    71  token:
    72  
    73  .. code-block:: console
    74  
    75      $ deis apps
    76      401 UNAUTHORIZED
    77      Detail:
    78      Invalid token
    79  
    80  They will need to log back in to use their new auth token.
    81  
    82  If there is a cluster wide security breach, an administrator can regenerate everybody's auth token like this:
    83  
    84  .. code-block:: console
    85  
    86      $ deis auth:regenerate --all=true