Revision c126bd02 docs/quick-install-admin-guide.rst
b/docs/quick-install-admin-guide.rst | ||
---|---|---|
840 | 840 |
|
841 | 841 |
# snf-manage migrate im |
842 | 842 |
# snf-manage migrate quotaholder_app |
843 |
# snf-manage migrate oa2 |
|
843 | 844 |
|
844 | 845 |
Then, we load the pre-defined user groups |
845 | 846 |
|
... | ... | |
868 | 869 |
component UI. If you want to follow the default setup, set |
869 | 870 |
the UI URL to ``<base_url>/ui/`` where ``base_url`` the component's base |
870 | 871 |
URL as explained before. (You can later change the UI URL with |
871 |
``snf-manage component-modify <component_name> --url new_ui_url``.) |
|
872 |
``snf-manage component-modify <component_name> --ui-url new_ui_url``.)
|
|
872 | 873 |
|
873 | 874 |
The command will also register automatically the resource definitions |
874 | 875 |
offered by the services. |
... | ... | |
905 | 906 |
|
906 | 907 |
We now have to specify the limit on resources that each user can employ |
907 | 908 |
(exempting resources offered by projects). When specifying storage or |
908 |
memory size limits consider to add an appropriate size suffix to the |
|
909 |
numeric value, i.e. 10240 MB, 10 GB etc. |
|
909 |
memory size limits you can append a unit to the value, i.e. 10240 MB, |
|
910 |
10 GB etc. Use the special value ``inf``, if you don't want to restrict a |
|
911 |
resource. |
|
910 | 912 |
|
911 | 913 |
.. code-block:: console |
912 | 914 |
|
913 | 915 |
# snf-manage resource-modify --default-quota-interactive |
914 | 916 |
|
917 |
Setting Resource Visibility |
|
918 |
--------------------------- |
|
919 |
|
|
920 |
It is possible to control whether a resource is visible to the users via the |
|
921 |
API or the Web UI. The default value for these options is denoted inside the |
|
922 |
default resource definitions. Note that the system always checks and |
|
923 |
enforces resource quota, regardless of their visibility. You can inspect the |
|
924 |
current status with:: |
|
925 |
|
|
926 |
# snf-manage resource-list |
|
927 |
|
|
928 |
You can change a resource's visibility with:: |
|
929 |
|
|
930 |
# snf-manage resource-modify <resource> --api-visible=True (or --ui-visible=True) |
|
931 |
|
|
915 | 932 |
.. _pithos_view_registration: |
916 | 933 |
|
917 | 934 |
Register pithos view as an OAuth 2.0 client |
918 | 935 |
------------------------------------------- |
919 | 936 |
|
920 | 937 |
Starting from synnefo version 0.15, the pithos view, in order to get access to |
921 |
the data of a protect pithos resource, has to be granted authorization for the
|
|
922 |
specific resource by astakos. |
|
938 |
the data of a protected pithos resource, has to be granted authorization for
|
|
939 |
the specific resource by astakos.
|
|
923 | 940 |
|
924 | 941 |
During the authorization grant procedure, it has to authenticate itself with |
925 |
astakos since the later has to prevent serving requests by unknown/unauthorized
|
|
926 |
clients. |
|
942 |
astakos since the latter has to prevent serving requests by
|
|
943 |
unknown/unauthorized clients.
|
|
927 | 944 |
|
928 | 945 |
Each oauth 2.0 client is identified by a client identifier (client_id). |
929 | 946 |
Moreover, the confidential clients are authenticated via a password |
... | ... | |
931 | 948 |
Then, each client has to declare at least a redirect URI so that astakos will |
932 | 949 |
be able to validate the redirect URI provided during the authorization code |
933 | 950 |
request. |
934 |
If a client is trusted (like a pithos view) astakos grants access on behalf |
|
951 |
If a client is trusted (like a pithos view), astakos grants access on behalf
|
|
935 | 952 |
of the resource owner, otherwise the resource owner has to be asked. |
936 | 953 |
|
937 | 954 |
To register the pithos view as an OAuth 2.0 client in astakos, we have to run |
... | ... | |
990 | 1007 |
him/her an activation email. See how to do this at the :ref:`User |
991 | 1008 |
activation <user_activation>` section. |
992 | 1009 |
|
993 |
Now let's go back to the homepage. Open ``http://node1.example.com/astkos/ui/`` with |
|
1010 |
Now let's go back to the homepage. Open ``http://node1.example.com/astakos/ui/`` with
|
|
994 | 1011 |
your browser again. Try to sign in using your new credentials. If the Astakos |
995 | 1012 |
menu appears and you can see your profile, then you have successfully setup |
996 | 1013 |
Astakos. |
Also available in: Unified diff