Managing Apache CloudStack Accounts

Description

Apache Cloudstack provides Accounts as a way to allocate resources within your cloud infrastructure. Upon delivery, you received a pre-configured domain with resources and a domainadmin account (with 1 user added to it). To get maximum benefits from your cloud infrastructure, please review the fundamental concepts behind accounts and resources:

• An account is an administrative container that can contain multiple users.
• An account can be of two types: Admin (domainadmin) or User. Once you set the role, it cannot be changed. Users added to an account will inherit the account’s role (account type).
• A domainadmin type account has full rights for that domain. A user-type account has fewer privileges. The most important distinctions are that a user can only manage allocated resources, and has no right over other users. A domainadmin has full privileges within the domain, including over other accounts and users.
• Users within an account have their own password for accessing the UI and can have their own API keys to use the API. You do not login with the account name, instead, you must login as a user belonging to an account. Note: A username within an account can be identical to the account name.
• An account has resources (within the limits of the domain resources of course) assigned to it.
• Using accounts is a way to segment the available resources within your domain. 
• Upon creation of an account, the resource limits for the account are set to unlimited (-1). However, the resource for an account cannot exceed the total allocated resource for the domain.

Contents

Adding an Account

Perform the following steps to add an account:

1. On the left panel, click Accounts.
   The Accounts page displays.
   

2. Click the + Add Account button.
   The  Add Account dialog box displays.

   

   
   

3. Enter the following information and click Add.
   

   Information

   Field Name	Description
   Account	Enter the name of the account you are creating. Note: Once the account is created, you can add multiple users to it.
   Domain	Select the domain name under which you are creating the account. Note: Currently, Leaseweb provides only one domain.
   Role/Type	Select the account type. It can either be ADMIN (domainadmin) or USER. Notes: When you add users to this account, all users will inherit the same role as you set in this field. For example, if you select ADMIN, all users added to this account will have domain-admin privileges. Once you set the type for an account, it cannot be edited. If you select the type USER for this account, when you add a user to this account and when the user logs in, the user will not be able to view some of the panels in CloudStack, such as Accounts, Domains, Projects, and Service Offerings.
   Username	Enter the user name that will be used to log in to the Apache CloudStack platform.
   Password	Enter a password for the user to log in to the Apache CloudStack platform.
   Confirm password	Re-enter the password to confirm it.
   Email	Enter the email address of the user.
   First Name	Enter the first name of the user you are creating for the account.
   Last Name	Enter the last name of the user you are creating.
   Timezone	Select a time zone corresponding to the locale of the account.
   Network Domain	Enter the prefix, if any, for the domain name for all networks created within your account. Example: If you enter “test”, your network domain will become “test.Leasewebcloud.com“. If you do not enter a value, the network domain will display “Leasewebcloud.com“.

Viewing an Account

Perform the following steps to view an account:

1. On the left panel, click Accounts.
   The Accounts page displays.
   

2. You can view the following information on this page:

   Information

   Column Name	Description
   Name	Displays the name of the account.
   Role	Displays the account type (role). Note: Based on the account type, all users added to this account with inherit the same role.
   Domain	Displays the domain name.
   State	Displays the current state of the account.
   Quickview	Displays an overview of the account, the tasks that can be performed, and a quick link to users within the account.

Editing an Account

Perform the following steps to edit an account:

1. On the left panel, click Accounts.
   The Accounts page displays.
   
    
2. Click the account that you want to edit.
   The Details tab displays.
   

3. Click on Configure limits as shown in the below image 
   
    

4. Update the values and click Submit.
   The updated values display. 

   Information

   Editable fields: Name, Network Domain, Instance Limits, Public IP Limits, Volume Limits, Snapshot Limits, Template Limits, VPC Limits, CPU Limits, Memory Limits (MiB), Network Limits, Primary Storage Limits (GiB), Secondary Storage Limits (GiB)

Updating Resource Count

For each account, Apache CloudStack maintains usage information such as network traffic, storage used, or instances created. Updating resource count fetches the latest data from CloudStack.

Perform the following steps to update the resource count for an account: 

1. On the left panel, click Accounts.
   The Accounts page displays.
   

2. Click the account for which you want to update the resource count.
   The Details tab displays.
   
3. Click the Update Resource Count icon.
   

   A Confirmation dialog box displays. 
   

Disabling an Account

If you want to temporarily disallow an account to perform any actions on the CloudStack platform, you can disable the account. All users within that account cannot perform any tasks. All instances associated with this account will be shut down.

Perform the following steps to disable an account:

1. On the left panel, click Accounts.
   The Accounts page displays.
   

2. Click the account that you want to disable.
   The Details tab displays.
   

3. Click the Disable account icon.
   

   A Confirmation dialog box displays.
   

4. Click OK to confirm disabling the account.
   The state of the account displays as disabled.
   
5. To enable the account icon. In the confirmation dialog box, click OK.

Information

Locking an Account

Locking is similar to disabling an account. However, all instances associated with the account continue to run. All users within the account cannot perform any tasks. You can only lock “Enabled” accounts. 

Perform the following steps to lock an account:

1. On the left panel, click Accounts.
   The Accounts page displays.
   

2. Click the account that you want to lock.
   The Details tab displays.
   

3. Click the Lock account icon.
   

   A Confirmation dialog box displays.
   

4. Click OK to confirm locking this account.
   The state of the account displays as locked.
   

   Information

   To unlock an account, click the Enable account icon. In the Confirmation dialog box, click OK.
   

   The Confirmation dialog box displays. Click OK to confirm enabling the disabled account.

Deleting an Account

On deleting an account, all users within the account and all resources associated with the account will be deleted. 

Perform the following steps to delete an account:

1. On the left panel, click Accounts.
   The Accounts page displays.
   
2. Click the account that you want to delete.
   The Details tab displays.
   

3. Click the Delete account icon.
   
4. Confirmation dialog box displays. 
   

5. Click OK to confirm deleting the account.

Viewing a User within an Account

Perform the following steps to view user(s) within an account:

1. On the left panel, click Accounts.
   The Accounts page displays.
   

2. Click the account for which you want to view the user details.
   The Details tab displays.
   
3. Click on the View Users icon as shown in the below screenshot.
   

4. The Users page displays.
   

5. The following information is displayed.

   Information

   Column Name	Description
   Username	Displays the username for the user. Note: This username is required to log in to the user’s account.
   First Name	Displays the first name of the user.
   Last Name	Displays the last name of the user.
   Quickview	Displays an overview of the user and the tasks that can be performed on it.

Adding a User to an Account

When you add a user to an account, the user inherits the account’s type (role).

Perform the following steps to add a user to an account:

1. On the left panel, click Accounts.
   The Accounts page displays.
   

2. Click the account to which you want to add a user.
   The Details tab displays.
   

3. Click View Users.
   The Users page displays.
   

4. Click the +Add User button.
   The Add User dialog box displays.
   

5. Enter the following information and click OK.

   Information

   Field Name	Description
   Username	Enter the username using which the user can log in. Note: This is an editable field.
   Password	Enter the password using which the user can log in.
   Confirm password	Re-enter the password.
   Email	Enter the email address. Note: This is an editable field.
   First Name	Enter the first name of the user. Note: This is an editable field.
   Last Name	Enter the last name of the user. Note: This is an editable field.
   Timezone	Select the timezone of the user’s locale. Note: This is an editable field.

Editing User Details in an Account

Perform the following steps to edit the user details in an account:

1. On the left panel, click Accounts.
   The Accounts page displays.
   

2. Click the account that contains the user you want to edit.
   The Details tab displays.
   
3. Click View Users.
   
4. The Users page displays.
   
5. Click the user whose details you want to edit.
   The Details tab displays.
   
6. Click the Edit icon.
   The editable fields allow you to enter/select new values.
   

7. Update the values and click OK.
   The updated values display.
   

   Information

   Editable fields: Name, Email, First Name, Last Name, Timezone

Changing Password for a User

Perform the following steps to change the user password:

1. On the left panel, click Accounts.
   The Accounts page displays.
   
2. Click the account that contains the user for whom you want to change the password.
   The Details tab displays.
   
3. Click View Users.
   The Users page displays.
   
4. Click the user for whom you want to change the password.
   The Details tab displays.
   
5. Click the Change Password icon.
   The Change Password dialog box displays.
   

   

6. Enter a new password for the user, confirm the password by re-entering it, and click OK.
   The new password is effective. 

Generating Keys for a User

You can generate keys to access the API.

Perform the following tasks to generate the API and Secret keys for a user:

1. On the left panel, click Accounts.
   The Accounts page displays.
   

2. Click the account that contains the user for whom you want to generate the keys. 
   The Details tab displays.
   
3. Click View Users.
   The Users page displays.
   

   

4. Click the user for whom you want to generate the key.
   The Details tab displays. Click on the Generate keys icon.
   
5. A Confirmation dialog box displays.
   
6. Click OK to confirm generating the keys for the user.
   The API Key and Secret Key fields display the new values. Click on the copy to clipboard icon next to the key to copy them. The UI will not show complete key
   

Disabling a User

If you want to temporarily disallow a user to perform any actions on the CloudStack platform, you can disable the user. 

Perform the following steps to disable a user within an account:

1. On the left panel, click Accounts.
   The Accounts page displays.
   
2. Click the account that contains the user that you want to disable.
   The Details tab displays
   
3. Click View Users.
   
4. The Users page displays.
   
5. Click the user you want to disable.
   The Details tab displays.
   
6. Click the Disable User icon.
   

   A Confirmation dialog box appears.
   

7. Click OK to confirm disabling the user.
   The state of the user displays as disabled.

Information

Deleting a User

Perform the following steps to delete a user:

1. On the left panel, click Accounts.
   The Accounts page displays
   
2. Click the account that contains the user that you want to delete.
   The Details tab displays.
   

3. Click View Users.
   

   The Users page displays.
   

4. Click the user you want to delete.
   The Details tab displays.
   

5. Click the Delete User icon.
   

   A Confirmation dialog box displays.
   

6. Click OK to confirm deleting the user.

Setting up Two-Factor Authentication (2FA) for CloudStack Dashboard login

The CloudStack Dashboard login can be secured with two factor authentication using TOTP method.

1. In the CloudStack Dashboard, on the left menu click Accounts
2. Click on your account name, than click the View Users button
3. From the actions in the top right corner (below your profile name), click the Setup User Two Factor Authentication icon
4. In the following window you can start configuring 2FA by selecting the Provider
5. Now setup 2FA by scanning the QR code with your 2FA app or use the setup key
6. Provide the 2FA code generated by your app and click Verify
   
7. Now you will be prompted to provide the 2FA code with each login for this account
8. To disable 2FA, click the Disable User Two Factor Authentication icon.