Skip to main content
Skip table of contents

Managing users in ADE Private Edition

Edition: Private

In Agile Data Engine Private edition users are configured in the main configuration file and updated with a script provided with the installation utilities. The script uses SSH to make changes to the environment specific bastion hosts.

Configuring users in the main configuration file

Users are configured to the main configuration file into the users block under each environment and into the main level users block. Add user specific SSH public keys to the main level users block.

See example:

YAML 
...
# Add users to the the users block for each environment
adeEnvironments:
  design:
    name: design
    ...
    users:
    - user: username
      roles:
      - bastion-user
    ...
  runtimes:
  - name: dev
    ...
    users:
    - user: username
      roles:
      - bastion-user
...
 
# Add users to the main level user definition block
users:
- username: username
  email: first.last@domain.fi
  firstname: Firstname
  lastname: Lastname
  publicKeys:
  - ssh-rsa AAAAB3NzaC1yc2EA...
...

Users can generate their SSH key pairs with the ssh-keygen command, for example:

BASH 
ssh-keygen -t rsa -b 4096 -C "first.last@domain.fi"

Or they can use e.g. PuTTYgen.

Configuring SSH

The user management script uses SSH to make changes to the bastion hosts. Therefore, SSH configuration must be completed on the ADE installation virtual machine before running the script. If your Agile Data Engine installation is not new and users already exist, it is most likely that this step is already done and can be skipped.

Find out the public IP addresses of the Agile Data Engine environment specific bastion hosts. These should be listed in your private documentation, also the installation process writes the IPs in file main.json.

Log in to your ADE installation VM with the installation user. Edit the SSH configuration file:

~/.ssh/config

Add the ADE bastion hosts and save the file, for example:

NONE 
Host 123.123.123.123
 HostName               123.123.123.123
 ServerAliveInterval    60
 TCPKeepAlive           yes
 IdentityFile path-to-design-private-key.pem

Host 123.123.123.124
 HostName               123.123.123.124
 ServerAliveInterval    60
 TCPKeepAlive           yes
 IdentityFile path-to-runtime-private-key.pem
...

Where:

  • Bastion host public IP address is given as Host and HostName.

  • Path to the private key file is given as IdentityFile.

Private keys listed in the configuration have to match the public keys defined per environment in the main configuration:

YAML 
...
adeEnvironments:
  design:
    name: design
    ...
    bastionHost:
      sshPublicKey: ssh-rsa AAAAB3NzaC1yc2EA...
    ...
  runtimes:
  - name: dev
    ...
    bastionHost:
      sshPublicKey: ssh-rsa AAAAB3NzaC1yc2EA...
...

Private key file access rights have to be limited, for example:

BASH 
chmod 400 path-to-private-key.pem

Updating bastion users

Bastion users are updated with the update_ade_bastion_users.sh script which is provided with the Agile Data Engine installation utilities.

After editing the main configuration file run the script to update bastion users in an environment:

BASH 
./update_ade_bastion_users.sh path-to-main-configuration.yaml environmentname

For example:

BASH 
./update_ade_bastion_users.sh ../ade-main-conf.yaml design

You can also update all environments at once by omitting the environment name, for example:

BASH 
./update_ade_bastion_users.sh ../ade-main-conf.yaml

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close