oneuser
- manages OpenNebula users
oneuser
command [args] [options]
--adjust x,y,z Adjust size to not truncate selected columns
-a, --append Append new attributes to the current template
-c, --cert path_to_user_cert_pem Path to the Certificate of the User
--csv Write table in csv format
--csv-del del Set delimiter for csv output
-d, --delay x Sets the delay in seconds for top command
--describe Describe list columns
--driver driver Driver to authenticate this user
--endpoint endpoint URL of OpenNebula xmlrpc frontend
--expand [x=prop,y=prop] Expands the columns size to fill the terminal.
For example: $onevm list --expand
name=0.4,group=0.6 will expand name 40% and
group 60%. $onevm list --expand name,group will
expand name and group based on its size.$onevm
list --expand will expand all columns.
-f, --filter x,y,z Filter data. An array is specified with
column=value pairs. Valid operators
=,!=,<,<=,>,>=,~ e.g. NAME=test (match name with
test) NAME~test (match test, te, tes..)
--force Force one_auth file rewrite
--global Find a global Token.
--group id|name Comma-separated list of Groups for the new User.
The first Group will be the main one.
-h, --help Show this message
-j, --json Show the resource in JSON format
-k, --key path_to_private_key_pem Path to the Private Key of the User
-l, --list x,y,z Selects columns to display with list command
-c, --listconf conf Selects a predefined column list
--no-expand Disable expand
--no-header Hides the header of the table
--no-pager Disable pagination
-n, --numeric Do not translate user and group IDs
--operator operator Logical operator used on filters: AND, OR.
Default: AND.
--password password Password to authenticate with OpenNebula
--proxy path_to_user_proxy_pem Path to the user proxy certificate
-r, --read-file Read password from file
--sha256 The password will be hashed using the sha256
algorithm
-s, --size x=size,y=size Change the size of selected columns. For example:
$ onevm list --size "name=20" will make column
name size 20.
--ssh SSH Auth system
--stdin_password enable stdin password
--time x Token duration in seconds, defaults to 36000 (10
h). To reset the token set time to 0.To generate
a non-expiring token use -1 (not valid for ssh
and x509 tokens).
--token token_hint The Token to be loaded.
--user name User name used to connect to OpenNebula
-v, --verbose Verbose mode
-V, --version Show version and copyright information
--x509 x509 Auth system for x509 certificates
--x509_proxy x509 Auth system based on x509 proxy certificates
-x, --xml Show the resource in xml format
-y, --yaml Show the resource in YAML format
addgroup range|userid_list groupid Adds the User to a secondary group
batchquota range|userid_list [file] Sets the quota limits in batch for various users. If a path is not provided the editor will be launched to create new quotas.
chauth userid [auth] [password] Changes the User's auth driver and its password (optional) Examples: oneuser chauth my_user core oneuser chauth my_user core new_password oneuser chauth my_user core -r /tmp/mypass oneuser chauth my_user --ssh --key /home/oneadmin/.ssh/id_rsa oneuser chauth my_user --ssh -r /tmp/public_key oneuser chauth my_user --x509 --cert /tmp/my_cert.pem valid options: cert, driver, key, read_file, sha256, ssh, x509
chgrp range|userid_list groupid Changes the User's primary group
create username [password] Creates a new User Examples: oneuser create my_user my_password oneuser create my_user -r /tmp/mypass oneuser create my_user my_password --group users,102,testers oneuser create my_user --ssh --key /tmp/id_rsa oneuser create my_user --ssh -r /tmp/public_key oneuser create my_user --x509 --cert /tmp/my_cert.pem valid options: cert, driver, group, key, read_file, sha256, ssh, x509
defaultquota [file] Sets the default quota limits for the users. If a path is not provided the editor will be launched to modify the current default quotas.
delete range|userid_list Deletes the given User
delgroup range|userid_list groupid Removes the User from a secondary group
disable range|userid_list Disables the given User
enable range|userid_list Enables the given User
encode username [password] Encodes user and password to use it with ldap
key Shows a public key from a private SSH key. Use it as password for the SSH authentication mechanism. valid options: key
list Lists Users in the pool valid options: adjust, csv, csv_del, delay, describe, expand, filter, json, list, listconf, no_expand, no_header, no_pager, numeric, operator, size, xml, yaml
login [username] Alias of token-create. valid options: cert, force, group, key, proxy, ssh, stdin_password, time, x509, x509_proxy
passwd userid [password] Changes the given User's password valid options: cert, driver, key, read_file, sha256, ssh, x509
passwdsearch driver password Searches for users with a specific auth driver that has the given string in their password field valid options: csv, xml
quota userid [file] Set the quota limits for the user. If a path is not provided the editor will be launched to modify the current quotas.
show [userid] Shows information for the given User valid options: json, xml, yaml
token-create [username] Creates the login token for authentication. The token can be used together with any authentication driver. The token will be stored in $HOME/.one/one_auth, and can be used subsequently to authenticate with oned through API, CLI or Sunstone.
If <username> is ommited, it will infer it from the ONE_AUTH file.
Example, request a valid token for a generic driver (e.g. core auth, LDAP...):
oneuser token-create my_user --time 3600
Example, request a group spefici token (new resources will be created in that
group and only resources that belong to that group will be listed):
oneuser token-create my_user --group <id|group>
Example, generate and set a token for SSH based authentication:
oneuser token-create my_user --ssh --key /tmp/id_rsa --time 72000
Example, same using X509 certificates:
oneuser token-create my_user --x509 --cert /tmp/my_cert.pem
--key /tmp/my_key.pk --time 72000
Example, now with a X509 proxy certificate
oneuser token-create my_user --x509_proxy --proxy /tmp/my_cert.pem
--time 72000
valid options: cert, force, group, key, proxy, ssh, stdin_password, time, x509, x509_proxy
token-delete [username] token Expires a token and removes the associated ONE_AUTH file if present. valid options: cert, force, group, key, proxy, ssh, stdin_password, time, x509, x509_proxy
token-delete-all username Delete all the tokens of a user. This command is intented to be executed by a user that has MANAGE permissions of the target user. valid options: cert, force, group, key, proxy, ssh, stdin_password, time, x509, x509_proxy
token-set [username] Generates a ONE_AUTH file that contains the token.
You must provide one (and only one) of the following options:
--token <token> searches for a token that starts with that string. It must be
unique
--group <id|group> returns the most durable token that provides access to that
specific group.
--global returns the most durable global token (non group specific).
The argument 'username' is optional, if omitted it is inferred from the ONE_AUTH
file.
Example, set a token:
$ oneuser token-set my_user --token 1d47
export ONE_AUTH=/var/lib/one/.one/<file>.token; export ONE_EGID=-1
You can copy & paste the output of the command and will load the proper
environment variables.
valid options: cert, force, global, group, key, proxy, ssh, stdin_password, time, token, x509, x509_proxy
umask range|userid_list [mask] Changes the umask used to create the default permissions. In a similar way to the Unix umask command, the expected value is a three-digit base-8 number. Each digit is a mask that disables permissions for the owner, group and other, respectively.
If mask is not given, or if it is an empty string, the umask will
be unset
update userid [file] Update the template contents. If a path is not provided the editor will be launched to modify the current content. valid options: append
file Path to a file
groupid OpenNebula GROUP name or id
password User password
range List of id's in the form 1,8..15
text String
userid OpenNebula USER name or id
userid_list Comma-separated list of OpenNebula USER names or ids
OpenNebula 6.0.0.3 Copyright 2002-2021, OpenNebula Project, OpenNebula Systems