After your cloud is running and DNS is functional, create a user and access key for day-to-day cloud administration.
This is where you would begin using the admin role, if you want to use that feature.
Eucalyptus admin tools and Euca2ools commands need configuration from ~/.euca . If the directory does not yet exist, create it:
Choose a name for the new user and create it along with an access key:
euare-usercreate -wld DOMAIN USER >~/.euca/FILE.ini
This creates a file with a region name that matches that of your cloud’s DNS domain; you can edit the file to change the region name if needed.
This creates an admin user in the built-in eucalyptus account. The admin user has full control of all aspects of the cloud. For additional security, you might instead want to create a new account and grant it access to a more limited administration role.
Switch to the new admin user:
# eval `clcadmin-release-credentials` # export AWS_DEFAULT_REGION=REGION
As long as this file exists in ~/.euca , you can use it by repeating the
export command above. These
euca2ools.ini configuration files are a flexible means of managing cloud regions and users.
Alternatively you can configure the default region in the global section of your Euca2ools configuration:
# cat ~/.euca/global.ini [global] default-region = REGION
setting the REGION to the one from the earlier step means you do not have to use export to select the region.
The eucalyptus account can act as other accounts for administrative purposes. To act as the admin user in the account-1 account run:
# eval `clcadmin-impersonate-user -a account-1 -u admin`
Impersonating an account allows you to view and modify resources for that account. For example, you can clean up resources in an account before deleting it.
To stop impersonating run:
The remainder of this guide assumes you have completed the above steps.
Use these credentials after this point.