How to manage user accounts (deb/3.0/CLI)
Presumably, you have already created an administrative user, but MAAS can also have regular users (who log in to the interface or use the CLI). What users you create depends on how you intend to use MAAS. An administrator can manage all aspects of MAAS, whereas a non-administrator user can perform a subset of tasks on machines they acquire and deploy. MAAS limits the details a non-admin user can view, such as nodes allocated to other users. Also, non-admin users cannot access the global settings page in the web UI, nor any of the equivalent API calls from the command line.
Additionally, in order for a user to log into a MAAS-deployed machine that user must have their public SSH key installed on it. This article explains how to create users and add their public SSH keys to MAAS, so that every deployed machine will automatically have that key installed.
Five questions you may have:
- How do I add a user?
- How do I change a user’s preferences?
- How do I add an SSH key for a user?
- How do I add an API key for a user?
- How do users change their password?
USERNAME EMAIL ADMIN? -------- ----- ------ admin firstname.lastname@example.org true billwear email@example.com true MAAS maas@localhost false maas-init-node node-init-user@localhost false
You can generate a list like this with the command:
maas admin users read \ | jq -r '(["USERNAME", "EMAIL", "ADMIN?"] | (., map(length*"-"))), (. | [.username, .email, .is_superuser]) | @tsv' \ | column -t
Note that you do not need line continuations within the
jq command because it’s quoted for the shell.
To add a regular user, enter the following command:
maas $PROFILE users create username=$USERNAME \ email=$EMAIL_ADDRESS password=$PASSWORD is_superuser=0
All the options are necessary. Note that stipulating a password on the CLI may be a security hazard, depending on your environment.
Before a user can deploy a machine, they must import at least one public SSH key into MAAS. This key allows the user to access the deployed machine with the corresponding private key, which the user must possess. See Public key authentication (ssh.com) if you’re not familiar with SSH keys.
The user normally imports their initial SSH key on the first login to the web UI (see Configuration journey).
We recommend that you use the web UI to set or change a user’s API key. To see how, select the “UI” choice for your version and delivery method at the top of this page.
We recommend that you use the web UI to change user passwords. To see how, select the “UI” choice for your version and delivery method at the top of this page.