Managing users in ADE Private Edition
Edition: Private
In Agile Data Engine Private edition users are configured in the main configuration file and updated with a script provided with the installation utilities. The script uses SSH to make changes to the environment specific bastion hosts.
Configuring users in the main configuration file
Users are configured to the main configuration file into the users block under each environment and into the main level users block. Add user specific SSH public keys to the main level users block.
See example:
...
# Add users to the the users block for each environment
adeEnvironments:
design:
name: design
...
users:
- user: username
roles:
- bastion-user
...
runtimes:
- name: dev
...
users:
- user: username
roles:
- bastion-user
...
# Add users to the main level user definition block
users:
- username: username
email: first.last@domain.fi
firstname: Firstname
lastname: Lastname
publicKeys:
- ssh-rsa AAAAB3NzaC1yc2EA...
...
Users can generate their SSH key pairs with the ssh-keygen command, for example:
ssh-keygen -t rsa -b 4096 -C "first.last@domain.fi"
Or they can use e.g. PuTTYgen.
Configuring SSH
The user management script uses SSH to make changes to the bastion hosts. Therefore, SSH configuration must be completed on the ADE installation virtual machine before running the script. If your Agile Data Engine installation is not new and users already exist, it is most likely that this step is already done and can be skipped.
Find out the public IP addresses of the Agile Data Engine environment specific bastion hosts. These should be listed in your private documentation, also the installation process writes the IPs in file main.json.
Log in to your ADE installation VM with the installation user. Edit the SSH configuration file:
~/.ssh/config
Add the ADE bastion hosts and save the file, for example:
Host 123.123.123.123
HostName 123.123.123.123
ServerAliveInterval 60
TCPKeepAlive yes
IdentityFile path-to-design-private-key.pem
Host 123.123.123.124
HostName 123.123.123.124
ServerAliveInterval 60
TCPKeepAlive yes
IdentityFile path-to-runtime-private-key.pem
...
Where:
Bastion host public IP address is given as Host and HostName.
Path to the private key file is given as IdentityFile.
Private keys listed in the configuration have to match the public keys defined per environment in the main configuration:
...
adeEnvironments:
design:
name: design
...
bastionHost:
sshPublicKey: ssh-rsa AAAAB3NzaC1yc2EA...
...
runtimes:
- name: dev
...
bastionHost:
sshPublicKey: ssh-rsa AAAAB3NzaC1yc2EA...
...
Private key file access rights have to be limited, for example:
chmod 400 path-to-private-key.pem
Updating bastion users
Bastion users are updated with the update_ade_bastion_users.sh script which is provided with the Agile Data Engine installation utilities.
After editing the main configuration file run the script to update bastion users in an environment:
./update_ade_bastion_users.sh path-to-main-configuration.yaml environmentname
For example:
./update_ade_bastion_users.sh ../ade-main-conf.yaml design
You can also update all environments at once by omitting the environment name, for example:
./update_ade_bastion_users.sh ../ade-main-conf.yaml