Managing SmartDataCenter Users and Passwords

Modified: 15 Mar 2016 19:21 UTC
                <table class="sectionMacro" border="0" cellpadding="5" cellspacing="0" width="100%"><tbody><tr>

SmartDataCenter uses several different user accounts and passwords to authenticate different parts of its components. This page describes the different account, what they're used for, and how to change their passwords.

Head and Compute Node Passwords

The head node has two user accounts whose passwords are set at installation time:

You can use these accounts to log directly into the head node using SSH. The admin account can run sudo without a password. You can use this account to grant access to the head node without giving up root.

The root password on compute nodes is set to be identical to the root password on the head node.

The SmartDataCenter operating system is a live image that exists only in memory. When you reboot the head node, the operating system is loaded into memory from the USB key. That means that changes, such as changing the root password, need to be written back to the USB key in order to survive rebooting.

See Changing Head and Compute Node Passwords.

Using SSH Keys to Log In to the Head Node

You can use SSH keys to log in to the head node using the usual procedure: place the public keys in the /root/.ssh/authorized_keys file.

In order to preserve the keys across reboots of the head node, follow these steps:

  1. Log in the to the global zone of the head node.
  2. Mount the US
    headnode# /usbkey/scripts /usbkey/scripts/mount-usb.sh
    
  3. Create the file root.authorized_keys in the /mnt/usbkey/config.inc directory. Copy the public keys into this file.
    headnode# cd /mnt/usbkey/config.inc
    headnode# vim root.authorized_keys
    

Every time you reboot the head node, the keys in root.authorized_keys will be copied to /root/.ssh/authorized_keys.

You can change the name of the file that contains the authorized keys in /mnt/usbkey/config.inc/generic. Change the section that reads:
# Set this to the name of a file in config.inc and it will be copied in as
# root's .ssh/authorized_keys in GZs:
root_authorized_keys_file=root.authorized_keys

API Passwords

The different head node applications use basic authentication within the admin network to communicate with the Cloud Management API (MAP) and the Customers API. The credentials for this process are set at installation time.

See Changing the CAPI and MAPI Passwords After Setup.

Customers API (CAPI) Passwords

The Operations Portal and the Customer Portal use login credentials stored in the Customers API (CAPI). The installation process creates a user named "Admin" in the Customers API database with a password you specify at installation time.

You can change the password for this user in the Customers section of the Operations Portal.

At a Glance

SmartDataCenter uses several different user accounts and passwords to authenticate different parts of its components.