Managing Apache CloudStack Accounts

Managing Apache CloudStack Accounts

Description

Apache Cloudstack provides Accounts as a way to allocate resources within your cloud infrastructure. Upon delivery, you received a pre-configured domain with resources and a domainadmin account (with 1 user added to it). To get maximum benefits from your cloud infrastructure, please review the fundamental concepts behind accounts and resources:

  • An account is an administrative container that can contain multiple users.
  • An account can be of two types: Admin (domainadmin) or User. Once you set the role, it cannot be changed. Users added to an account will inherit the account’s role (account type).
  • A domainadmin type account has full rights for that domain. A user-type account has fewer privileges. The most important distinctions are that a user can only manage allocated resources, and has no right over other users. A domainadmin has full privileges within the domain, including over other accounts and users.
  • Users within an account have their own password for accessing the UI and can have their own API keys to use the API. You do not login with the account name, instead, you must login as a user belonging to an account. Note: A username within an account can be identical to the account name.
  • An account has resources (within the limits of the domain resources of course) assigned to it.
  • Using accounts is a way to segment the available resources within your domain. 
  • Upon creation of an account, the resource limits for the account are set to unlimited (-1). However, the resource for an account cannot exceed the total allocated resource for the domain.

Contents

Adding an Account

Perform the following steps to add an account:

  1. On the left panel, click Accounts.
    The Accounts page displays.
    82575520

  2. Click the + Add Account button.
    The  Add Account dialog box displays.

    82575519


  3. Enter the following information and click Add.

    Information

    Field Name Description
    Account Enter the name of the account you are creating. Note: Once the account is created, you can add multiple users to it.
    Domain Select the domain name under which you are creating the account. Note: Currently, Leaseweb provides only one domain.
    Role/Type

    Select the account type. It can either be ADMIN (domainadmin) or USER.

    Notes:

    When you add users to this account, all users will inherit the same role as you set in this field. For example, if you select ADMIN, all users added to this account will have domain-admin privileges.
    Once you set the type for an account, it cannot be edited.
    If you select the type USER for this account, when you add a user to this account and when the user logs in, the user will not be able to view some of the panels in CloudStack, such as Accounts, Domains, Projects, and Service Offerings.
    Username Enter the user name that will be used to log in to the Apache CloudStack platform.
    Password Enter a password for the user to log in to the Apache CloudStack platform.
    Confirm password Re-enter the password to confirm it.
    Email Enter the email address of the user.
    First Name Enter the first name of the user you are creating for the account.
    Last Name Enter the last name of the user you are creating.
    Timezone Select a time zone corresponding to the locale of the account.
    Network Domain Enter the prefix, if any, for the domain name for all networks created within your account. Example: If you enter “test”, your network domain will become “test.Leasewebcloud.com“. If you do not enter a value, the network domain will display “Leasewebcloud.com“.

Viewing an Account

Perform the following steps to view an account:

  1. On the left panel, click Accounts.
    The Accounts page displays.
    82575518
  2. You can view the following information on this page:

    Information

    Column Name Description
    Name Displays the name of the account.
    Role Displays the account type (role). Note: Based on the account type, all users added to this account with inherit the same role.
    Domain Displays the domain name.
    State Displays the current state of the account.
    Quickview Displays an overview of the account, the tasks that can be performed, and a quick link to users within the account.

Editing an Account

Perform the following steps to edit an account:

  1. On the left panel, click Accounts.
    The Accounts page displays.
    82575517
     
  2. Click the account that you want to edit.
    The Details tab displays.
    82575516

  3. Click on Configure limits as shown in the below image 
    82575515
     

  4. Update the values and click Submit.
    The updated values display. 

    Information

    Editable fields: Name, Network Domain, Instance Limits, Public IP Limits, Volume Limits, Snapshot Limits, Template Limits, VPC Limits, CPU Limits, Memory Limits (MiB), Network Limits, Primary Storage Limits (GiB), Secondary Storage Limits (GiB)

Updating Resource Count

For each account, Apache CloudStack maintains usage information such as network traffic, storage used, or instances created. Updating resource count fetches the latest data from CloudStack.

Perform the following steps to update the resource count for an account: 

  1. On the left panel, click Accounts.
    The Accounts page displays.
    82575514

  2. Click the account for which you want to update the resource count.
    The Details tab displays.
    82575513
  3. Click the Update Resource Count icon.
    82575512

    A Confirmation dialog box displays. 
    82575568

Disabling an Account

If you want to temporarily disallow an account to perform any actions on the CloudStack platform, you can disable the account. All users within that account cannot perform any tasks. All instances associated with this account will be shut down.

Perform the following steps to disable an account:

  1. On the left panel, click Accounts.
    The Accounts page displays.
    82575510

  2. Click the account that you want to disable.
    The Details tab displays.
    82575509

  3. Click the Disable account icon.
    82575511

    A Confirmation dialog box displays.
    82575565

  4. Click OK to confirm disabling the account.
    The state of the account displays as disabled.
    82575564
  5. To enable the account icon. In the confirmation dialog box, click OK.

Information

To enable the account, click the Enable account icon. In the Confirmation dialog box, click OK.

82575480

Locking an Account

Locking is similar to disabling an account. However, all instances associated with the account continue to run. All users within the account cannot perform any tasks. You can only lock “Enabled” accounts. 

Perform the following steps to lock an account:

  1. On the left panel, click Accounts.
    The Accounts page displays.
    82575510

  2. Click the account that you want to lock.
    The Details tab displays.
    82575509

  3. Click the Lock account icon.
    82575508

    A Confirmation dialog box displays.
    82575561

  4. Click OK to confirm locking this account.
    The state of the account displays as locked.
    82575560

    Information

    To unlock an account, click the Enable account icon. In the Confirmation dialog box, click OK.
    82575479

    The Confirmation dialog box displays. Click OK to confirm enabling the disabled account.

Deleting an Account

On deleting an account, all users within the account and all resources associated with the account will be deleted. 

Perform the following steps to delete an account:

  1. On the left panel, click Accounts.
    The Accounts page displays.
    82575510
  2. Click the account that you want to delete.
    The Details tab displays.
    82575504

  3. Click the Delete account icon.
    82575503
  4. Confirmation dialog box displays. 
    82575557

  5. Click OK to confirm deleting the account.

Viewing a User within an Account

Perform the following steps to view user(s) within an account:

  1. On the left panel, click Accounts.
    The Accounts page displays.
    82575510

  2. Click the account for which you want to view the user details.
    The Details tab displays.
    82575507
  3. Click on the View Users icon as shown in the below screenshot.
    82575502

  4. The Users page displays.
    82575501

  5. The following information is displayed.

    Information

    Column Name Description
    Username Displays the username for the user. Note: This username is required to log in to the user’s account.
    First Name Displays the first name of the user.
    Last Name Displays the last name of the user.
    Quickview Displays an overview of the user and the tasks that can be performed on it.

Adding a User to an Account

When you add a user to an account, the user inherits the account’s type (role).

Perform the following steps to add a user to an account:

  1. On the left panel, click Accounts.
    The Accounts page displays.
    82575510

  2. Click the account to which you want to add a user.
    The Details tab displays.
    82575500

  3. Click View Users.
    The Users page displays.
    82575502

  4. Click the +Add User button.
    The Add User dialog box displays.
    82575548
  5. Enter the following information and click OK.

    Information

    Field Name Description
    Username Enter the username using which the user can log in. Note: This is an editable field.
    Password Enter the password using which the user can log in.
    Confirm password Re-enter the password.
    Email Enter the email address. Note: This is an editable field.
    First Name Enter the first name of the user. Note: This is an editable field.
    Last Name Enter the last name of the user. Note: This is an editable field.
    Timezone Select the timezone of the user’s locale. Note: This is an editable field.

Editing User Details in an Account

Perform the following steps to edit the user details in an account:

  1. On the left panel, click Accounts.
    The Accounts page displays.
    82575510

  2. Click the account that contains the user you want to edit.
    The Details tab displays.
    82575478
  3. Click View Users.
    82575502
  4. The Users page displays.
    82575477
  5. Click the user whose details you want to edit.
    The Details tab displays.
    82575498
  6. Click the Edit icon.
    The editable fields allow you to enter/select new values.
    82575497
  7. Update the values and click OK.
    The updated values display.
    82575496

    Information

    Editable fields: Name, Email, First Name, Last Name, Timezone

Changing Password for a User

Perform the following steps to change the user password:

  1. On the left panel, click Accounts.
    The Accounts page displays.
    82575510
  2. Click the account that contains the user for whom you want to change the password.
    The Details tab displays.
    82575483
  3. Click View Users.
    The Users page displays.
    82575502
  4. Click the user for whom you want to change the password.
    The Details tab displays.
    82575494
  5. Click the Change Password icon.
    The Change Password dialog box displays.
    82575493

    82575535

  6. Enter a new password for the user, confirm the password by re-entering it, and click OK.
    The new password is effective. 

Generating Keys for a User

You can generate keys to access the API.

Perform the following tasks to generate the API and Secret keys for a user:

  1. On the left panel, click Accounts.
    The Accounts page displays.
    82575510

  2. Click the account that contains the user for whom you want to generate the keys. 
    The Details tab displays.
    82575476
  3. Click View Users.
    The Users page displays.
    82575502

    82575492

  4. Click the user for whom you want to generate the key.
    The Details tab displays. Click on the Generate keys icon.
    82575491
  5. A Confirmation dialog box displays.
    82575531
  6. Click OK to confirm generating the keys for the user.
    The API Key and Secret Key fields display the new values. Click on the copy to clipboard icon next to the key to copy them. The UI will not show complete key
    82575490

Disabling a User

If you want to temporarily disallow a user to perform any actions on the CloudStack platform, you can disable the user. 

Perform the following steps to disable a user within an account:

  1. On the left panel, click Accounts.
    The Accounts page displays.
    82575510
  2. Click the account that contains the user that you want to disable.
    The Details tab displays
    82575482
  3. Click View Users.
    82575502
  4. The Users page displays.
    82575492
  5. Click the user you want to disable.
    The Details tab displays.
    82575489
  6. Click the Disable User icon.
    82575488

    A Confirmation dialog box appears.
    82575526

  7. Click OK to confirm disabling the user.
    The state of the user displays as disabled.

Information

To enable a disabled user, click the Enable icon. In the Confirmation dialog box, click Yes.
82575487

Deleting a User

Perform the following steps to delete a user:

  1. On the left panel, click Accounts.
    The Accounts page displays
    82575510
  2. Click the account that contains the user that you want to delete.
    The Details tab displays.
    82575486

  3. Click View Users.
    82575485

    The Users page displays.
    82575492

  4. Click the user you want to delete.
    The Details tab displays.
    82575481

  5. Click the Delete User icon.
    82575484

    A Confirmation dialog box displays.
    82575521

  6. Click OK to confirm deleting the user.

Setting up Two-Factor Authentication (2FA) for CloudStack Dashboard login

The CloudStack Dashboard login can be secured with two factor authentication using TOTP method.

  1. In the CloudStack Dashboard, on the left menu click Accounts
  2. Click on your account name, than click the View Users button
  3. From the actions in the top right corner (below your profile name), click the Setup User Two Factor Authentication icon
  4. In the following window you can start configuring 2FA by selecting the Provider
  5. Now setup 2FA by scanning the QR code with your 2FA app or use the setup key
  6. Provide the 2FA code generated by your app and click Verify
    102498306
  7. Now you will be prompted to provide the 2FA code with each login for this account
  8. To disable 2FA, click the Disable User Two Factor Authentication icon.