github.com/rvaralda/deis@v1.4.1/docs/managing_deis/operational_tasks.rst

github.com/rvaralda/deis@v1.4.1/docs/managing_deis/operational_tasks.rst (about)

     1  :title: Operational tasks
     2  :description: Common operational tasks for your Deis cluster.
     3  
     4  .. _operational_tasks:
     5  
     6  Operational tasks
     7  ~~~~~~~~~~~~~~~~~
     8  
     9  Below are some common operational tasks for managing the Deis platform.
    10  
    11  
    12  Managing users
    13  ==============
    14  
    15  There are two classes of Deis users: normal users and administrators.
    16  
    17  * Users can use most of the features of Deis - creating and deploying applications, adding/removing domains, etc.
    18  * Administrators can perform all the actions that users can, but they also have owner access to all applications.
    19  
    20  The first user created on a Deis installation is automatically an administrator.
    21  
    22  
    23  Promoting users to administrators
    24  ---------------------------------
    25  
    26  You can use the ``deis perms`` command to promote a user to an administrator:
    27  
    28  .. code-block:: console
    29  
    30      $ deis perms:create john --admin
    31  
    32  .. _disable_user_registration:
    33  
    34  Disabling user registration
    35  ---------------------------
    36  
    37  You can disallow all users from registering with the Deis cluster using the following command:
    38  
    39  .. code-block:: console
    40  
    41      $ deisctl config controller set registrationEnabled=0
    42  
    43  
    44  Re-issuing User Authentication Tokens
    45  -------------------------------------
    46  
    47  The controller API uses a simple token-based HTTP Authentication scheme. Token authentication is
    48  appropriate for client-server setups, such as native desktop and mobile clients. Each user of the
    49  platform is issued a token the first time that they sign up on the platform. If this token is
    50  compromised, you'll need to manually intervene to re-issue a new authentication token for the user.
    51  To do this, SSH into the node running the controller and drop into a Django shell:
    52  
    53  .. code-block:: console
    54  
    55      $ fleetctl ssh deis-controller
    56      $ docker exec -it deis-controller python manage.py shell
    57      >>>
    58  
    59  At this point, let's re-issue an auth token for this user. Let's assume that the name for the user
    60  is Bob (poor Bob):
    61  
    62  .. code-block:: console
    63  
    64      >>> from django.contrib.auth.models import User
    65      >>> from rest_framework.authtoken.models import Token
    66      >>> bob = User.objects.get(username='bob')
    67      >>> token = Token.objects.get(user=bob)
    68      >>> token.delete()
    69      >>> exit()
    70  
    71  At this point, Bob will no longer be able to authenticate against the controller with his auth
    72  token:
    73  
    74  .. code-block:: console
    75  
    76      $ deis apps
    77      401 UNAUTHORIZED
    78      Detail:
    79      Invalid token
    80  
    81  For Bob to be able to use the API again, he will have to authenticate against the controller to be
    82  re-issued a new token:
    83  
    84  .. code-block:: console
    85  
    86      $ deis login http://deis.example.com
    87      username: bob
    88      password:
    89      Logged in as bob
    90      $ deis apps
    91      === Apps