This use case details tasks for creating an administrator. These tasks require that you have your account credentials for sending requests to Eucalyptus using the command line interface (CLI) tools. To create an administrator account, perform the following tasks.
Eucalyptus recommends using account credentials as little as possible. You can avoid using account credentials by creating a group of users with administrative privileges.
Create a group called administrators.
euare-groupcreate -g administrators
Verify that the group was created.
Eucalyptus returns a listing of the groups that have been created, as in the following example.
Add a policy to the administrators group that allows its members to perform all actions in Eucalyptus.
Enter the following command to create a policy called
admin-root that grants all actions on all resources to all users in the administrators group:
euare-groupaddpolicy -p admin-root -g administrators -e Allow -a "*" -r "*" -o
Create a user for day-to-day administrative work and add that user to the administrators group.
Eucalyptus admin tools and Euca2ools commands need configuration from ~/.euca . If the directory does not yet exist, create it:
Create an administrative user, for example alice and create it along with an access key:
euare-usercreate -wd DOMAIN USER >~/.euca/FILE.ini
means output access keys and region information in a euca2ools.ini type configuration file.
DOMAIN is the DNS domain to use for region information in configuration file output (default: based on IAM URL).
USER is the name of the new admin user: alice.
FILE can be anything; we recommend a descriptive name that includes the user’s name; for example:
euare-usercreate -wd DNS_DOMAIN alice >~/.euca/alice.ini
This creates a user admin file with a region name that matches that of your cloud’s DNS domain.
Add the new admin user to the administrators group.
euare-groupadduser -u alice administrators
To list the new user’s access keys:
euare-userlistkeys --region alice@DNS_DOMAIN