How to manage user accounts (deb/2.9/CLI)

Presumably, you have already created an administrative user, but MAAS can also have regular users (who log in to the interface or use the CLI). What users you create depends on how you intend to use MAAS. An administrator can manage all aspects of MAAS, whereas a non-administrator user can perform a subset of tasks on machines they acquire and deploy. MAAS limits the details a non-admin user can view, such as nodes allocated to other users. Also, non-admin users cannot access the global settings page in the web UI, nor any of the equivalent API calls from the command line.

Additionally, in order for a user to log into a MAAS-deployed machine that user must have their public SSH key installed on it. This article explains how to create users and add their public SSH keys to MAAS, so that every deployed machine will automatically have that key installed.

Five questions you may have:

  1. How do I add a user?
  2. How do I change a user’s preferences?
  3. How do I add an SSH key for a user?
  4. How do I add an API key for a user?
  5. How do users change their password?

You can manage user accounts from the ‘Users’ tab of the ‘Settings’ page.

A currently logged in user cannot delete themselves from the web UI.

USERNAME        EMAIL                     ADMIN?
--------        -----                     ------
admin           admin@admin.com           true
billwear        bwear@stormrider.io       true
MAAS            maas@localhost            false
maas-init-node  node-init-user@localhost  false

You can generate a list like this with the command:

maas admin users read \
| jq -r '(["USERNAME", "EMAIL", "ADMIN?"]
| (., map(length*"-"))), (.[]
| [.username, .email, .is_superuser]) | @tsv' \
| column -t

Note that you do not need line continuations within the jq command because it’s quoted for the shell.

Add a user

Clicking the ‘Add user’ button will result in a form to be displayed:

Fill in the fields and hit ‘Add user’ when done.

User preferences

Clicking the MAAS username in the top right corner will show that user’s preferences.

To add a regular user, enter the following command:

maas $PROFILE users create username=$USERNAME \
    email=$EMAIL_ADDRESS password=$PASSWORD is_superuser=0

All the options are necessary. Note that stipulating a password on the CLI may be a security hazard, depending on your environment.

SSH keys

Before a user can deploy a machine, they must import at least one public SSH key into MAAS. This key allows the user to access the deployed machine with the corresponding private key, which the user must possess. See Public key authentication (ssh.com) if you’re not familiar with SSH keys.

Assuming a public key exists in /home/ubuntu/.ssh/id_rsa.pub - add a key with the following command:

ubuntu@maas:~$ maas $PROFILE sshkeys create key="$(cat /home/ubuntu/.ssh/id_rsa.pub)"
Success.

The user normally imports their initial SSH key on the first login to the web UI.

[tabs]

To add a locally-generated public key, select ‘Upload’ from the ‘Source’ menu and paste the complete contents of your key file, usually called id_rsa.pub, into the ‘Public key’ field. Click ‘Import’ to add the key to MAAS.

Public keys residing on either Launchpad or GitHub can also be added. Select either from the ‘Source’ menu and specify the user ID associated with the key(s). Press the ‘Import’ button to add any keys MAAS discovers to the current user’s MAAS account.

API key

The user preferences page includes an API key for the currently active user. This key can be copied and regenerated as needed. The API key is used to login to the API from the MAAS CLI. Other services connecting to MAAS such as Juju will also need this key.

We recommend that you use the web UI to set or change a user’s API key. To see how, select the “UI” choice in the dropdown above.

[/tabs

Change password

The current user can change their password at the bottom of the page by entering the old password and entering the new password twice. Click ‘Save password’ to finish.

An administrator can change any user’s password from within the ‘Users’ tab of the ‘Settings’ page.

We recommend that you use the web UI to change user passwords. To see how, select the “UI” choice in the dropdown above.