W E K A
4.4
4.4
  • WEKA v4.4 documentation
    • Documentation revision history
  • WEKA System Overview
    • Introduction
      • WEKA system functionality features
      • Converged WEKA system deployment
    • Cluster capacity and redundancy management
    • Filesystems, object stores, and filesystem groups
    • WEKA networking
    • Data lifecycle management
    • WEKA client and mount modes
    • WEKA containers architecture overview
    • Glossary
  • Planning and Installation
    • Prerequisites and compatibility
    • WEKA cluster installation on bare metal servers
      • Plan the WEKA system hardware requirements
      • Obtain the WEKA installation packages
      • Install the WEKA cluster using the WMS with WSA
      • Install the WEKA cluster using the WSA
      • Manually install OS and WEKA on servers
      • Manually prepare the system for WEKA configuration
        • Broadcom adapter setup for WEKA system
        • Enable the SR-IOV
      • Configure the WEKA cluster using the WEKA Configurator
      • Manually configure the WEKA cluster using the resources generator
        • VLAN tagging in the WEKA system
      • Perform post-configuration procedures
      • Add clients to an on-premises WEKA cluster
    • WEKA Cloud Deployment Manager Web (CDM Web) User Guide
    • WEKA Cloud Deployment Manager Local (CDM Local) User Guide
    • WEKA installation on AWS
      • WEKA installation on AWS using Terraform
        • Terraform-AWS-WEKA module description
        • Deployment on AWS using Terraform
        • Required services and supported regions
        • Supported EC2 instance types using Terraform
        • WEKA cluster auto-scaling in AWS
        • Detailed deployment tutorial: WEKA on AWS using Terraform
      • WEKA installation on AWS using the Cloud Formation
        • Self-service portal
        • CloudFormation template generator
        • Deployment types
        • AWS Outposts deployment
        • Supported EC2 instance types using Cloud Formation
        • Add clients to a WEKA cluster on AWS
        • Auto scaling group
        • Troubleshooting
    • WEKA installation on Azure
      • Azure-WEKA deployment Terraform package description
      • Deployment on Azure using Terraform
      • Required services and supported regions
      • Supported virtual machine types
      • Auto-scale virtual machines in Azure
      • Add clients to a WEKA cluster on Azure
      • Troubleshooting
      • Detailed deployment tutorial: WEKA on Azure using Terraform
    • WEKA installation on GCP
      • WEKA project description
      • GCP-WEKA deployment Terraform package description
      • Deployment on GCP using Terraform
      • Required services and supported regions
      • Supported machine types and storage
      • Auto-scale instances in GCP
      • Add clients to a WEKA cluster on GCP
      • Troubleshooting
      • Detailed deployment tutorial: WEKA on GCP using Terraform
      • Google Kubernetes Engine and WEKA over POSIX deployment
    • WEKA installation on OCI
  • Getting Started with WEKA
    • Manage the system using the WEKA GUI
    • Manage the system using the WEKA CLI
      • WEKA CLI hierarchy
      • CLI reference guide
    • Run first IOs with WEKA filesystem
    • Getting started with WEKA REST API
    • WEKA REST API and equivalent CLI commands
  • Performance
    • WEKA performance tests
      • Test environment details
  • WEKA Filesystems & Object Stores
    • Manage object stores
      • Manage object stores using the GUI
      • Manage object stores using the CLI
    • Manage filesystem groups
      • Manage filesystem groups using the GUI
      • Manage filesystem groups using the CLI
    • Manage filesystems
      • Manage filesystems using the GUI
      • Manage filesystems using the CLI
    • Attach or detach object store buckets
      • Attach or detach object store bucket using the GUI
      • Attach or detach object store buckets using the CLI
    • Advanced data lifecycle management
      • Advanced time-based policies for data storage location
      • Data management in tiered filesystems
      • Transition between tiered and SSD-only filesystems
      • Manual fetch and release of data
    • Mount filesystems
      • Mount filesystems from Single Client to Multiple Clusters (SCMC)
      • Manage authentication across multiple clusters with connection profiles
    • Snapshots
      • Manage snapshots using the GUI
      • Manage snapshots using the CLI
    • Snap-To-Object
      • Manage Snap-To-Object using the GUI
      • Manage Snap-To-Object using the CLI
    • Snapshot policies
      • Manage snapshot policies using the GUI
      • Manage snapshot policies using the CLI
    • Quota management
      • Manage quotas using the GUI
      • Manage quotas using the CLI
  • Additional Protocols
    • Additional protocol containers
    • Manage the NFS protocol
      • Supported NFS client mount parameters
      • Manage NFS networking using the GUI
      • Manage NFS networking using the CLI
    • Manage the S3 protocol
      • S3 cluster management
        • Manage the S3 service using the GUI
        • Manage the S3 service using the CLI
      • S3 buckets management
        • Manage S3 buckets using the GUI
        • Manage S3 buckets using the CLI
      • S3 users and authentication
        • Manage S3 users and authentication using the CLI
        • Manage S3 service accounts using the CLI
      • S3 lifecycle rules management
        • Manage S3 lifecycle rules using the GUI
        • Manage S3 lifecycle rules using the CLI
      • Audit S3 APIs
        • Configure audit webhook using the GUI
        • Configure audit webhook using the CLI
        • Example: How to use Splunk to audit S3
        • Example: How to use S3 audit events for tracking and security
      • S3 supported APIs and limitations
      • S3 examples using boto3
      • Configure and use AWS CLI with WEKA S3 storage
    • Manage the SMB protocol
      • Manage SMB using the GUI
      • Manage SMB using the CLI
  • Security
    • WEKA security overview
    • Obtain authentication tokens
    • Manage token expiration
    • Manage account lockout threshold policy
    • Manage KMS
      • Manage KMS using GUI
      • Manage KMS using CLI
    • Manage TLS certificates
      • Manage TLS certificates using GUI
      • Manage TLS certificates using CLI
    • Manage Cross-Origin Resource Sharing
    • Manage CIDR-based security policies
    • Manage login banner
  • Secure cluster membership with join secret authentication
  • Licensing
    • License overview
    • Classic license
  • Operation Guide
    • Alerts
      • Manage alerts using the GUI
      • Manage alerts using the CLI
      • List of alerts and corrective actions
    • Events
      • Manage events using the GUI
      • Manage events using the CLI
      • List of events
    • Statistics
      • Manage statistics using the GUI
      • Manage statistics using the CLI
      • List of statistics
    • Insights
    • System congestion
    • User management
      • Manage users using the GUI
      • Manage users using the CLI
    • Organizations management
      • Manage organizations using the GUI
      • Manage organizations using the CLI
      • Mount authentication for organization filesystems
    • Expand and shrink cluster resources
      • Add a backend server
      • Expand specific resources of a container
      • Shrink a cluster
    • Background tasks
      • Set up a Data Services container for background tasks
      • Manage background tasks using the GUI
      • Manage background tasks using the CLI
    • Upgrade WEKA versions
    • Manage WEKA drivers
  • Monitor the WEKA Cluster
    • Deploy monitoring tools using the WEKA Management Station (WMS)
    • WEKA Home - The WEKA support cloud
      • Local WEKA Home overview
      • Deploy Local WEKA Home v3.0 or higher
      • Deploy Local WEKA Home v2.x
      • Explore cluster insights
      • Explore performance statistics in Grafana
      • Manage alerts and integrations
      • Enforce security and compliance
      • Optimize support and data management
      • Export cluster metrics to Prometheus
    • Set up WEKAmon for external monitoring
    • Set up the SnapTool external snapshots manager
  • Kubernetes
    • Composable clusters for multi-tenancy in Kubernetes
    • WEKA Operator deployment
    • WEKA Operator day-2 operations
  • WEKApod
    • WEKApod Data Platform Appliance overview
    • WEKApod servers overview
    • Rack installation
    • WEKApod initial system setup and configuration
    • WEKApod support process
  • AWS Solutions
    • Amazon SageMaker HyperPod and WEKA Integrations
      • Deploy a new Amazon SageMaker HyperPod cluster with WEKA
      • Add WEKA to an existing Amazon SageMaker HyperPod cluster
    • AWS ParallelCluster and WEKA Integration
  • Azure Solutions
    • Azure CycleCloud for SLURM and WEKA Integration
  • Best Practice Guides
    • WEKA and Slurm integration
      • Avoid conflicting CPU allocations
    • Storage expansion best practice
  • Support
    • Get support for your WEKA system
    • Diagnostics management
      • Traces management
        • Manage traces using the GUI
        • Manage traces using the CLI
      • Protocols debug level management
        • Manage protocols debug level using the GUI
        • Manage protocols debug level using the CLI
      • Diagnostics data management
  • Appendices
    • WEKA CSI Plugin
      • Deployment
      • Storage class configurations
      • Tailor your storage class configuration with mount options
      • Dynamic and static provisioning
      • Launch an application using WEKA as the POD's storage
      • Add SELinux support
      • NFS transport failback
      • Upgrade legacy persistent volumes for capacity enforcement
      • Troubleshooting
    • Convert cluster to multi-container backend
    • Create a client image
    • Update WMS and WSA
    • BIOS tool
Powered by GitBook
On this page
  • Create a local user
  • Display list of users
  • Display current user information
  • Log-in to the WEKA cluster
  • Change a local user password
  • Revoke user access
  • Update a local user
  • Delete a local user
  • Authenticate users from an LDAP user directory
  • Configure an LDAP user directory
  • View a configured LDAP User Directory
  • Disable or enable a configured LDAP user directory
  1. Operation Guide
  2. User management

Manage users using the CLI

Explore the CLI to perform a broader range of user management tasks, including creating, updating, and deleting local users, managing access, and authenticating users through the LDAP or AD directory.

PreviousManage users using the GUINextOrganizations management

Last updated 3 months ago

Using the CLI, you can:

Create a local user

Command: weka user add

Use the following command line to create a local user:

weka user add <username> <role> [password] [--posix-uid uid] [--posix-gid gid]

Parameters

Name
Value
Default

username*

Name for the new user

role

Role of the new created user. Possible values: clusteradmin, csi, orgadmin, readonly, regular, s3

password

New user password. If not supplied, the command prompts to supply the password.

posix-uid

POSIX UID of underlying files representing objects created by this S3 user access/keys credentials. For S3 user roles only.

0

posix-gid

POSIX GID of underlying files representing objects created by this S3 user access/keys credentials. For S3 user roles only.

0

Example:

$ weka user add my_new_user regular S3cret

This command line creates a user with a username of my_new_user, a password of S3cret and a role of a Regular user.

Display list of users

Run the weka user command to display the list of users defined in WEKA.

$ weka user
Username    | Source   | Role
------------+----------+--------
my_new_user | Internal | Regular
admin       | Internal | Admin

Display current user information

Run the weka user whoami command to receive information about the current user running the command.

To use the new user credentials, use theWEKA_USERNAME and WEKA_PASSWORDenvironment variables:

$ WEKA_USERNAME=my_new_user WEKA_PASSWORD=S3cret weka user whoami
Username    | Source   | Role
------------+----------+--------
my_new_user | Internal | Regular

Log-in to the WEKA cluster

Command: weka user login

Use the following command to log a user into the WEKA cluster. If login is successful, the user credentials are saved to the user's home directory.

weka user login [username] [password] [--org org] [--path path]

Parameters

Parameter
Description

username*

User's username

password*

User's password

org

Organization name or ID

path

The path where the login token will be saved (default: ~/.weka/auth-token.json). This path can also be specified using the WEKA_TOKEN environment variable.

After logging-in, use the WEKA_TOKEN environment variable to specify where the login token is located.

Manage authentication tokens in WEKA

The --path parameter is used to control the directory and file where the authentication token is written. The specified path, which includes the filename, can then be assigned to the WEKA_TOKEN environment variable.

Example 1: Using the --path parameter

The following example demonstrates how to log in and specify the path for the authentication token. After logging in, the path is set to the WEKA_TOKEN environment variable.

weka user login user1 password1 --path /home/user1/.weka/user1-token.json
export WEKA_TOKEN=/home/user1/.weka/user1-token.json

Example 2: Using the WEKA_TOKEN environment variable

Alternatively, you can set the WEKA_TOKEN environment variable first, which removes the need to use the --path parameter during the login process.

export WEKA_TOKEN=/home/user1/.weka/user1-token.json
weka user login user1 password1

Related topic

Obtain authentication tokens

Change a local user password

Command: weka user passwd

Use the following command to change a local user password:

weka user passwd <password> [--username username]

Parameters

Name
Value
Default

password*

New password

username

Name of the user to change the password for. It must be a valid local user.

The current logged-in user

  • If necessary, provide or setWEKA_USERNAME or WEKA_PASSWORD.

  • To regain access to the system after changing the password, the user must re-authenticate using the new password.

Revoke user access

Command: weka user revoke-tokens

Use the following command to revoke internal user access to the system and mounting filesystems:

weka user revoke-tokens <username>

You can revoke the access for LDAP users by changing the user-revocation-attribute defined in the LDAP server configuration.

Parameters

Name
Value

username*

A valid user in the organization of the Organization Admin running the command.

NFS and SMB are different protocols from WekaFS, which require additional security considerations when used. For example, The system grants NFS permissions per server. Therefore, manage the permissions for accessing these servers for NFS export carefully.

Update a local user

Command: weka user update

Use the following command line to update a local user:

weka user update <username> [--role role] [--posix-uid uid] [--posix-gid gid]

Parameters

Name
Value

username*

Name of an existing user. It must be a valid local user.

role

Updated user role. Possible values: regular, s3,readonly, orgadmin or clusteradmin

posix-uid

POSIX UID of underlying files representing objects created by this S3 user access/keys credentials. For S3 user roles only.

posix-gid

POSIX GID of underlying files representing objects created by this S3 user access/keys credentials. For S3 user roles only.

Delete a local user

Command: weka user delete

To delete a user, use the following command line:

weka user delete <username>

Parameters

Name
Value

username*

Name of the user to delete. It must be a valid local user.

Example:

$ weka user add my_new_user

Then run theweka user command to verify that the user was deleted:

$ weka user
Username | Source   | Role
---------+----------+------
admin    | Internal | Admin

Authenticate users from an LDAP user directory

To authenticate users from an LDAP user directory, the LDAP directory must first be configured to the Weka system. This is performed as follows.

Configure an LDAP user directory

Command: weka user ldap setup weka user ldap setup-ad

One of two CLI commands is used to configure an LDAP user directory for user authentication. The first is for configuring a general LDAP server and the second is for configuring an Active Directory server.

To configure an LDAP server, use the following command line:

weka user ldap setup <server-uri> <base-dn> <user-object-class> <user-id-attribute> <group-object-class> <group-membership-attribute> <group-id-attribute> <reader-username> <reader-password> <cluster-admin-group> <org-admin-group> <regular-group> <readonly-group> [--start-tls start-tls] [--ignore-start-tls-failure ignore-start-tls-failure] [--server-timeout-secs server-timeout-secs] [--protocol-version protocol-version] [--user-revocation-attribute user-revocation-attribute]

To configure an Active Directory server, use the following command line:

weka user ldap setup-ad <server-uri> <domain> <reader-username> <reader-password> <cluster-admin-group> <org-admin-group> <regular-group> <readonly-group> [--start-tls start-tls] [--ignore-start-tls-failure ignore-start-tls-failure] [--server-timeout-secs server-timeout-secs] [--user-revocation-attribute user-revocation-attribute]

Parameters

Name
Value
Default

server-uri*

Either the LDAP server hostname/IP or a URI. Format: ldap://hostname:port or ldaps://hostname:port

base-dn*

Base DN under which users are stored. It must be a valid name.

user-id-attribute*

Attribute storing user IDs. It must be a valid name.

user-object-class*

Object class of users. It must be a valid name.

group-object-class*

Object class of groups. It must be a valid name.

group-membership-attribute*

Attribute of group containing the DN of a user membership in the group. It must be a valid name.

group-id-attribute*

Attribute storing the group name. The name must match the names used in the <admin-group>, <regular group> and <readonly group>

reader-username and reader-password*

Credentials of a user with read access to the directory. The password is kept in the Weka cluster configuration in plain text, as it is used to authenticate against the directory during user authentication.

cluster-admin-group*

Name of group containing users defined with cluster admin role. It must be a valid name.

org-admin-group*

Name of group containing users defined with organization admin role. It must be a valid name.

regular-group*

Name of group containing users defined with regular privileges. It must be a valid name.

readonly-group*

Name of group containing users defined with read only privileges. It must be a valid name.

server-timeout-secs

Server connection timeout in seconds.

protocol-version

Selection of LDAP version. Possible values: LDAP v2 or LDAP v3

LDAP v3

user-revocation-attribute

The LDAP attribute; when its value changes in the LDAP directory, user access and mount tokens are revoked. The user must re-login after a change is detected.

start-tls

Issue StartTLS after connecting. Possible values: yes or no Do not use with ldaps://

no

ignore-start-tls-failure

Ignore start TLS failure. Possible values: yes or no

no

The sAMAccountName (user logon name) in the Cluster Admin, Organization Admin, Regular User, and Read-only User Role Groups can be up to 20 characters long.

View a configured LDAP User Directory

Command: weka user ldap

This command is used for viewing the current LDAP configuration used for authenticating users.

Disable or enable a configured LDAP user directory

Command: weka user ldap disable weka user ldap enable

These commands are used for disabling or enabling user authentication through a configured LDAP user directory.

You can only disable an LDAP configuration, but not delete it.

Create a local user
Log-in to the WEKA cluster
Change a local user password
Revoke user access
Update a local user
Delete a local user
Authenticate users from an LDAP user directory