github.com/inflatablewoman/deis@v1.0.1-0.20141111034523-a4511c46a6ce/docs/managing_deis/operational_tasks.rst

github.com/inflatablewoman/deis@v1.0.1-0.20141111034523-a4511c46a6ce/docs/managing_deis/operational_tasks.rst (about)

     1  :title: Operational tasks
     2  :description: Common operational tasks for your Deis cluster.
     3  
     4  .. _operational_tasks:
     5  
     6  Operational tasks
     7  ~~~~~~~~~~~~~~~~~
     8  
     9  Below are some common operational tasks for managing the Deis platform.
    10  
    11  
    12  Managing users
    13  ==============
    14  
    15  There are two classes of Deis users: normal users and administrators.
    16  
    17  * Users can use most of the features of Deis - creating and deploying applications, adding/removing domains, etc.
    18  * Administrators can perform all the actions that users can, but they also have owner access to all applications.
    19  
    20  The first user created on a Deis installation is automatically an administrator.
    21  
    22  
    23  Promoting users to administrators
    24  ---------------------------------
    25  
    26  You can use the ``deis perms`` command to promote a user to an administrator:
    27  
    28  .. code-block:: console
    29  
    30      $ deis perms:create john --admin
    31  
    32  
    33  Re-issuing User Authentication Tokens
    34  -------------------------------------
    35  
    36  The controller API uses a simple token-based HTTP Authentication scheme. Token authentication is
    37  appropriate for client-server setups, such as native desktop and mobile clients. Each user of the
    38  platform is issued a token the first time that they sign up on the platform. If this token is
    39  compromised, you'll need to manually intervene to re-issue a new authentication token for the user.
    40  To do this, SSH into the node running the controller and drop into a Django shell:
    41  
    42  .. code-block:: console
    43  
    44      $ fleetctl ssh deis-controller
    45      $ docker exec -it deis-controller python manage.py shell
    46      >>>
    47  
    48  At this point, let's re-issue an auth token for this user. Let's assume that the name for the user
    49  is Bob (poor Bob):
    50  
    51  .. code-block:: console
    52  
    53      >>> from django.contrib.auth.models import User
    54      >>> from rest_framework.authtoken.models import Token
    55      >>> bob = User.objects.get(username='bob')
    56      >>> token = Token.objects.get(user=bob)
    57      >>> token.delete()
    58      >>> exit()
    59  
    60  At this point, Bob will no longer be able to authenticate against the controller with his auth
    61  token:
    62  
    63  .. code-block:: console
    64  
    65      $ deis apps
    66      401 UNAUTHORIZED
    67      Detail:
    68      Invalid token
    69  
    70  For Bob to be able to use the API again, he will have to authenticate against the controller to be
    71  re-issued a new token:
    72  
    73  .. code-block:: console
    74  
    75      $ deis login http://deis.example.com
    76      username: bob
    77      password:
    78      Logged in as bob
    79      $ deis apps
    80      === Apps