How to manage user accounts
Presumably, you have already created an administrative user, but MAAS can also have regular users (who log in to the interface or use the CLI). What users you create depends on how you intend to use MAAS. An administrator can manage all aspects of MAAS, whereas a non-administrator user can perform a subset of tasks on machines they allocate and deploy. MAAS limits the details a non-admin user can view, such as nodes allocated to other users. Also, non-admin users cannot access the global settings page in the web UI, nor any of the equivalent API calls from the command line.
Additionally, in order for a user to log into a MAAS-deployed machine that user must have their public SSH key installed on it. This article explains how to create users and add their public SSH keys to MAAS, so that every deployed machine will automatically have that key installed. This article will help you learn:
- How to add a user
- How to change a user’s preferences
- How to add an SSH key for a user
- How to add an API key for a user
- How users can change their password
You can manage user accounts from the ‘Users’ tab of the ‘Settings’ page.
A currently logged in user cannot delete themselves from the web UI.
USERNAME EMAIL ADMIN? -------- ----- ------ admin firstname.lastname@example.org true billwear email@example.com true MAAS maas@localhost false maas-init-node node-init-user@localhost false
You can generate a list like this with the command:
maas admin users read \ | jq -r '(["USERNAME", "EMAIL", "ADMIN?"] | (., map(length*"-"))), (. | [.username, .email, .is_superuser]) | @tsv' \ | column -t
Note that you do not need line continuations within the
jq command because it’s quoted for the shell.
Clicking the ‘Add user’ button will result in a form to be displayed:
Fill in the fields and hit ‘Add user’ when done.
Clicking the MAAS username in the top right corner will show that user’s preferences.
To add a regular user, enter the following command:
maas $PROFILE users create username=$USERNAME \ email=$EMAIL_ADDRESS password=$PASSWORD is_superuser=0
All the options are necessary. Note that stipulating a password on the CLI may be a security hazard, depending on your environment.
Before a user can deploy a machine, they must import at least one public SSH key into MAAS. This key allows the user to access the deployed machine with the corresponding private key, which the user must possess. See Public key authentication (ssh.com) if you’re not familiar with SSH keys.
Assuming a public key exists in
/home/ubuntu/.ssh/id_rsa.pub - add a key with the following command:
ubuntu@maas:~$ maas $PROFILE sshkeys create key="$(cat /home/ubuntu/.ssh/id_rsa.pub)" Success.
The user normally imports their initial SSH key on the first login to the web UI.
To add a locally-generated public key, select ‘Upload’ from the ‘Source’ menu and paste the complete contents of your key file, usually called
id_rsa.pub, into the ‘Public key’ field. Click ‘Import’ to add the key to MAAS.
Public keys residing on either Launchpad or GitHub can also be added. Select either from the ‘Source’ menu and specify the user ID associated with the key(s). Press the ‘Import’ button to add any keys MAAS discovers to the current user’s MAAS account.
The user preferences page includes an API key for the currently active user. This key can be copied and regenerated as needed. The API key is used to login to the API from the MAAS CLI. Other services connecting to MAAS such as Juju will also need this key.
We recommend that you use the web UI to set or change a user’s API key. To see how, select the “UI” choice in the dropdown above.
The current user can change their password at the bottom of the page by entering the old password and entering the new password twice. Click ‘Save password’ to finish.
An administrator can change any user’s password from within the ‘Users’ tab of the ‘Settings’ page.
We recommend that you use the web UI to change user passwords. To see how, select the “UI” choice in the dropdown above.