Managing System Administrators

Anaconda Enterprise distinguishes between System Administrators responsible for authorizing AE platform users, and System Administrators responsible for managing AE resources. This enables enterprises to grant the permissions required for configuring each to different individuals, based on their area of responsibility within the organization.

Note

The login credentials for the Operations Center are initally set as part of the post-install configuration process. Follow the steps outlined below to authorize additional Admin users to manage cluster resources, using the Operations Center UI or using a command line. If you prefer to use OpenID Connect (OIDC), see Configuring Operations Center Admins using Google OIDC.


Managing Operations Center Admins using the UI

  1. Log in to Anaconda Enterprise, select the Menu icon icon in the top right corner and click the Administrative Console link displayed at the bottom of the slide out window.

  1. Click Manage Resources.

  2. Login to the Operations Center using the Administrator credentials configured after installation.

  3. Select Settings in the login menu in the upper-right corner.

../../_images/telekube_admin.png

  1. In the left menu, select Users, then click + New User in the upper-right corner.

  2. Select @teleadmin from the Roles drop-down list, and click Create invite link.

../../_images/new-telekube-user.png
  1. Copy the invitation URL that is generated, replace the private IP address with the fully-qualified domain name of the host, if necessary, and send it to the individual using your preferred method of secure communication. They’ll use it to set their password, and will be automatically logged in to the Operations Center when they click Continue.

    To generate a new invitation URL, select Renew invitation in the Actions menu for the user.

../../_images/telekube-invitation.png

Select Revoke invitation to prevent them from being able to use the invitation to create a password and access the Operations Center. This effectively deletes the user before they have a chance to set their credentials.

To delete—or otherwise manage—an Operations Center user after they have set their credentials and completed the authorization process, select the appropriate option from the Actions menu.

../../_images/existing-telekube-user.png

Managing Operations Center Admins using a command line

To create a new Admin:

Run the following commands on the Anaconda Enterprise master node, replacing <email> and <yourpass> with the email address and password for the user:

sudo gravity enter
gravity --insecure user create --type=admin --email=<email> --password=<yourpass> --ops-url=https://gravity-site.kube-system.svc.cluster.local:3009

To verify that the user was created, run the following command:

sudo gravity resource get users

To update an Admin user’s password:

To update an Admin user’s password, you’ll need to delete the user account, then re-create it, replacing <email> and <yourpass> with the email address and new password:

sudo gravity enter
gravity --insecure user delete --email=<email> --ops-url=https://gravity-site.kube-system.svc.cluster.local:3009
gravity --insecure user create --type=admin --email=<email> --password=<yourpass> --ops-url=https://gravity-site.kube-system.svc.cluster.local:3009