Use this procedure to create credentials for root and non-root users in
PowerFlex Manager.
Prerequisites
To import and create the SSH keys for a PowerFlex node, switch,
OS Admin,
OS User, ensure you generate SSH key pairs of RSA type without passphrase. See
Related information for more information.
About this task
You can now use a non-root user instead of the root user for PowerFlex system administration functions. This enhances security by disabling the root user during node discovery, operating system installation, and non-disruptive updates. The default non-root user name is
pflex.
NOTE:The credential type
OS Admin is used for root users, and
OS User is used for non-root user.
OS Admin and
OS User credential types apply for the deployment the resource groups.
For non-root user authentication, after the deployment of the resource group, the SSH access to the user root is disabled, password is still available to take console access for troubleshooting.
PowerFlex Manager allows you to specify a non-root user when you configure a template for a compute-only, storage-only, hyperconverged or PowerFlex file deployment.
NOTE:SSH key pairs based root or non-root deployments are not supported for PowerFlex file deployments.
PowerFlex Manager allows you to use an LDAP user for PowerFlex system administration functions. When you create or edit an operating system user credential, you can optionally specify the LDAP domain. This allows you to use an active directory (AD) user rather than a local user for administration functions.
Steps
On the menu bar, click
Settings > Security.
Click
Resource Credentials. The Credentials Management page opens.
Click
Create.
In the
Create Credentials dialog box, from the
Credential Type drop-down list, select one of the following resource types for which you want to create non-root credentials:
Node
Switch
OS Admin
OS User
The
OS Admin and
OS User credential types apply to deployed items, not to
PowerFlex Manager.
If you are creating an OS user credential set for the management virtual machines on a PowerFlex management controller resource group, select
OS User.
In the
Credential Name field, enter the name to identify the credential.
NOTE:If you are creating an
OS User credential set for the management virtual machines on a PowerFlex management controller resource group, do the following:
Enter
MVM delladmin to identify the credential.
In the
User Name field, enter
delladmin.
Enter the delladmin account password in the
Password and
Confirm Password fields.
Click
Enable Key Pairs to enable log in with SSH key pairs and perform the following:
Table 1. Key pairs optionsThe following table provides procedures to log in with SSH key pairs.
To...
Do this...
Enable key pairs for the
Node or
Switch credential:
Click
Import SSH Key Pair.
NOTE:Manually generate the SSH keys pairs.
Click
Choose File and browse to the file that contains the private key.
Type a name for the key pair.
Click
Import.
Create keys using
PowerFlex Manager for the
OS Admin or
OS User credential and enable key pairs:
Click
Create a new key.
Click
Create & Download Key Pair.
On
Key Pair Name, type the name for key pair.
Click
Create.
Click
Download Public Key.
To manually generate and import an existing key pairs for the
OS Admin or
OS User credential
Click
Import SSH Key Pair.
NOTE:Manually generate the SSH keys pairs.
Click
Choose File and browse to the file that contains the public and private key.
Type a name for the key pair.
Click
Import.
If you enable SSH key pairs for a
Node or
Switch credential and use that credential for discovery,
PowerFlex Manager uses public or private RSA key pairs to SSH into your node or switch securely, instead of using a user name and password.
If you enable SSH key pairs for an
OS User or
OS Admin credential and use that credential for a deployment,
PowerFlex Manager uses RSA public or private key pairs for the deployment operations.
NOTE:PowerFlex Manager does not consume SSH keys for all component types. For example, if you enable SSH key pairs for an admin credential, the SSH keys are not used for the deployment of a CloudLink Center VM. Instead, the user name and password are used instead for all communication.
To enable LDAP for an
OS User (optional):
On the
Create Credentials page, in the
Credential type field, enter
OS User.
In the
Credential Name field, enter
LDAP.
Enter the domain name and username in the
Domain and
User Name fields.
Enter the passwords and click
Save.
NOTE:Create username with domain name on active directory server. NTP server and active directory server time must sync. Configure DNS server and prefix on the management network configuration.
In the
User Name field, enter the username for the credential.
For
Nodes (iDRAC),
root is the only valid username for root-level credentials. For a non-root user name, enter the default non-root user name.
For the
OS Admin credential type, the
User Name field is disabled because the user is assumed to be root. You must use the root user for new deployments.
For the
OS User credential type, enter the default non-root user name.
For the embedded operating system, this user account must have SSH enabled and have sudo access. For VMware ESXi, the account must be configured with the administrator role on the local server permission setting, which should enable SSH and other tools like esxcli. You can add existing resource groups with a non-root user. The account on the SVM and/or PowerFlex storage-only nodes for the
OS User credential type must have a /home directory and have the correct group permissions.
In the
Password and the
Confirm Password boxes, enter the password for the credential.
Data is not available for the Topic
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please select whether the article was helpful or not.
Comments cannot contain these special characters: <>()\