[Fiware-lab-federation-nodes] Instructions to upgrade Community users

Cristian CMECIU ccmeciu at images-et-reseaux.com
Mon Oct 16 16:49:38 CEST 2017
Previous message: [Fiware-lab-federation-nodes] Instructions to upgrade Community users
Next message: [Fiware-lab-federation-nodes] Instructions to upgrade Community users
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hi José ,

For the point 6, I didn’t understand very well the way it works.
From what I understand here we can link a project with a Region. It is possible to link a project to multiple Regions?

6. Assign the corresponding endpoint_group to the project associated to the user

            - curl -H "X-Auth-Token: {admin-token}” -X PUT http://cloud.lab.fiware.org:4730/v3//OS-EP-FILTER/endpoint_groups/{region_endpoint_group_id}/projects/{project_id}<http://cloud.lab.fiware.org:4730/v3/OS-EP-FILTER/endpoint_groups/%7Bregion_endpoint_group%7D/projects/%7Bproject_id%7D>

I used a test project_id and Lannion4 for {region_endpoint_group_id} => 72ea5ae5793e4e84a77c6e64687d8da4
Do you think that is the right way to use this command?
curl -H "X-Auth-Token: 1a9b21294d3f40…” -X PUT http://cloud.lab.fiware.org:4730/v3//OS-EP-FILTER/endpoint_groups/72ea5ae5793e4e84a77c6e64687d8da4/projects/00000000000000000000000000004<http://cloud.lab.fiware.org:4730/v3/OS-EP-FILTER/endpoint_groups/72ea5ae5793e4e84a77c6e64687d8da4/projects/00000000000000000000000000004>...

BR,
Cristian

De : José Ignacio Carretero [mailto:joseignacio.carretero at fiware.org]
Envoyé : lundi 16 octobre 2017 13:22
À : Cristian CMECIU <ccmeciu at images-et-reseaux.com>; Álvaro Alonso <aalonsog at dit.upm.es>
Cc : fiware-lab-federation-nodes at lists.fiware.org
Objet : Re: [Fiware-lab-federation-nodes] Instructions to upgrade Community users


Hi Cristian,

That last curl (the one to get the token) is for keystone v2.0 --- That works with url: http://cloud.lab.fiware.org:4730/v2.0/tokens

but it is deprecated and sometime it will be removed, despite of getting an unusable token out of Scope. --- Why  not using openstack CLI tools?
1. Create a virtual environment for python:
    virtualenv os
2. Install the Openstack tools (you'll need python 2.7 and python-dev installed in order to make this work):
    source os/bin/activate
    pip install python-openstackclient
3. Issue a token (not needed):
    openstack token issue
4. Get user data:
    openstack user show ${user_name}

---

Anyway, if you insist in using "curl", I'd suggest having installed the jq command (which is a json parser, etc. --- Just a wonderful tool to work with json input).

Getting a Token for Keystone V3:
data="{ \"auth\": {
        \"identity\": {
            \"methods\": [ \"password\" ],
            \"password\": {
                \"user\": {
                    \"name\": \"$OS_USERNAME\",
                    \"domain\": {\"id\":\"default\"},
                    \"password\": \"$OS_PASSWORD\"
                }
            }
        }
    }
}"
curl -i http://cloud.lab.fiware.org:4730/v3/auth/tokens -H "Content-Type: application/json"-d  "$data" 2>/dev/null |awk '/^X-Subject-Token: / {print $2}'

Now, you can use the 2nd curl:
curl -H "X-Auth-Token: ${token}" -H "Accept: application/json" http://cloud.lab.fiware.org:4731/v3/users?name=${user_name}

Hope this helps.

Best regards,
José Ignacio
El 16/10/2017 a las 14:54, Cristian CMECIU escribió:
Hi Álvaro,

I didn’t succeeded to check if a user is created using:
curl -H "X-Auth-Token: {admin_token}" http://cloud.lab.fiware.org:4730/v3/users?name=“{user_email}<http://cloud.lab.fiware.org:4730/v3/users?name=%E2%80%9C%7buser_email%7d>”

Using v2.0 endpoint, I get the token but I get this error  when I check the user:
{"error": {"message": "The resource could not be found.", "code": 404, "title": "Not Found"}}

For v3 version I cannot get any token:
# curl -d '{"auth":{"passwordCredentials":{"username": "admin-lannion", "password": "admin_passwd"}}}' -H 'Content-type: application/json' --url http://cloud.lab.fiware.org:4730/v3/tokens

Is there another way to get the admin token?

BR,
Cristian CMECIU
Fiware-Lab/ Lannion Region
Images et Réseaux Support Engineer

[FIWARE_lab]




De : fiware-lab-federation-nodes-bounces at lists.fiware.org<mailto:fiware-lab-federation-nodes-bounces at lists.fiware.org> [mailto:fiware-lab-federation-nodes-bounces at lists.fiware.org] De la part de Álvaro Alonso
Envoyé : mercredi 11 octobre 2017 16:12
À : fiware-lab-federation-nodes at lists.fiware.org<mailto:fiware-lab-federation-nodes at lists.fiware.org>
Objet : [Fiware-lab-federation-nodes] Instructions to upgrade Community users

Dear IOs,

I include below detailed instructions regarding how to upgrade users to community.

Please, note that actions like searching a user or project are usually done using Horizon filters. However, due to large number of entities we currently have in our Keystone instance, rendering those amount of users/projects in the interface is not feasible. For that reason we have enabled a pagination to display some entities (projects and users). Unfortunately, the filter just acts over the rendered entities so it is not posible to use it to find users or projects globally.

Instructions:

1. If the user is not created you have to create it.
2. If the user doesn’t have an associated project to create cloud resources, you have to create it and to assign the user as a member of the project.
3. Include in the metadata of the user (“description” field) the date in which the user has been upgraded to Community (with the format "community_started_at": "YYYY-MM-DD”).

            - You can check if the user is already created using this API request: curl -H "X-Auth-Token: {admin_token}" http://cloud.lab.fiware.org:4730/v3/users?name=“{user_email}<http://cloud.lab.fiware.org:4730/v3/users?name=%E2%80%9C%7buser_email%7d>”
            - In the user creation wizard, you can directly create an associated project to the user. Thus, the user is automatically associated as member of that project.
            - Identity -> Users -> Create User


4. Assign the role “Community” in the domain “default” to the user.

            - Identiity -> Domains -> Manage Members (Default Domain) -> Search the user in the left side bar -> Select the user (+ icon) -> Search the user in the right side bar -> Select Community role

5.  If you want to assign different quotas than the default ones, assign the desired quotas to the created project in your node

            - Projects -> Project details -> Modify quotas
            - To find the project details you can use the URL https://cloud.lab.fiware.org/identity/{project_id<https://cloud.lab.fiware.org/identity/%7bproject_id>}detail/<https://cloud.lab.fiware.org/identity/9de7c6071e834a07a869969e467d099d/detail/>
            - To find the project associated to a user you can check user details in https://cloud.lab.fiware.org/identity/users/{user_id}/detail/<https://cloud.lab.fiware.org/identity/users/%7Buser_id%7D/detail/>
            - To check user id you can use the API curl -H "X-Auth-Token: {admin_token}" http://cloud.lab.fiware.org:4730/v3/users?name=“{user_email}<http://cloud.lab.fiware.org:4730/v3/users?name=%E2%80%9C%7buser_email%7d>”

6. Assign the corresponding endpoint_group to the project associated to the user

            - curl -H "X-Auth-Token: {admin-token}” -X PUT http://cloud.lab.fiware.org:4730/v3//OS-EP-FILTER/endpoint_groups/{region_endpoint_group_id}/projects/{project_id}<http://cloud.lab.fiware.org:4730/v3/OS-EP-FILTER/endpoint_groups/%7Bregion_endpoint_group%7D/projects/%7Bproject_id%7D>
            - IMPORTANT: if no endpoint group is assigned to a user, it has access to every node. So please, this step is very important.
            - You can find your node’s endpoint group id in the attached document.

7. Notify the user of the account creation. Ask him/her to change the password the first time accessing the portal.

BR
--
Álvaro




__________________________________________________________________________________________



You can get more information about our cookies and privacy policies on the following links:

- http://forge.fiware.org/plugins/mediawiki/wiki/fiware/index.php/FIWARE_Privacy_Policy

- http://forge.fiware.org/plugins/mediawiki/wiki/fiware/index.php/Cookies_Policy_FIWARE



Fiware-lab-federation-nodes mailing list

Fiware-lab-federation-nodes at lists.fiware.org<mailto:Fiware-lab-federation-nodes at lists.fiware.org>

https://lists.fiware.org/listinfo/fiware-lab-federation-nodes



--
−−−
José Ignacio Carretero



FIWARE Cloud and Platform Expert
FIWARE Foundation

[FIWARE                  Foundation]

Franklinstrasse 13A
10587 Berlin

email: joseignacio.carretero at fiware.org<mailto:joseignacio.carretero at fiware.org>
www: http://fiware.org
twitter: @jicarreterogu @FIWARE
skype: jicarretero


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.fiware.org/private/fiware-lab-federation-nodes/attachments/20171016/146968a0/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 6250 bytes
Desc: image001.png
URL: <https://lists.fiware.org/private/fiware-lab-federation-nodes/attachments/20171016/146968a0/attachment-0002.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.png
Type: image/png
Size: 251283 bytes
Desc: image002.png
URL: <https://lists.fiware.org/private/fiware-lab-federation-nodes/attachments/20171016/146968a0/attachment-0003.png>
Previous message: [Fiware-lab-federation-nodes] Instructions to upgrade Community users
Next message: [Fiware-lab-federation-nodes] Instructions to upgrade Community users
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the Fiware-lab-federation-nodes mailing list
You can get more information about our cookies and privacy policies clicking on the following links: Privacy policy Cookies policy