In MAAS (Metal as a Service), createadmin is a command used to create a new administrative user account. This user gains full access to MAAS, including web UI, API, and CLI functionalities, allowing them to manage deployments, configure network settings, and control authentication policies.
Purpose in MAAS
The createadmin command is essential for:
- Setting up the first admin user when initializing a new MAAS deployment.
- Adding additional administrators to manage MAAS in multi-user environments.
- Recovering access if all existing admin accounts are lost or disabled.
Administrators have full control over MAAS, including modifying machine states, managing user accounts, configuring network and storage settings, and interacting with MAAS via API keys.
Scope & behavior in MAAS
- Only superusers can create new admin accounts – The first admin is set up during initialization.
- Admin users have unrestricted privileges – Unlike standard users, admins can modify system-wide settings and manage all machines.
- Applies to local MAAS authentication – Does not apply to externally managed accounts (e.g., LDAP, SSO).
- Admin credentials work across all MAAS interfaces – Web UI, CLI, and API.
MAAS CLI usage
Creating an admin user
maas createadmin
Prompts for username, email, and password interactively.
Creating an admin user with predefined credentials
maas createadmin --username=myadmin --email=myadmin@example.com --password=mysecurepassword
Creates an admin user without requiring interactive input.
Listing all admin users
maas users read
Displays all MAAS users, including admin accounts.
Key considerations
- At least one admin must exist – Removing all admin users will lock you out of MAAS.
- Admins can manage all users – Regular users have limited access to system-wide settings.
- For security, limit admin accounts – Use standard accounts with API keys for automation when possible.
- No password complexity enforcement by default – Secure passwords should be manually enforced.
Last updated 14 hours ago.