System Administration

This document describes the system administration functions necessary for configuring SIF policy with the bwctl-api command-line tool or via a web interface. The steps below will guide you through the creation of domains and administrators.

Note

Both the bwctl-api command-line tool and the web interface utilize the same orchestrator northbound interface (NBI).

Login to Orchestrator

Default Credentials

As part of orchestrator configuration process performed with the fabric manager, a FQDN of orchestrator NBI and default administrator credentials were automatically generated.

Note

The FQDN of orchestrator NBI is always defined in the following manner: orchestrator-<fabric>.<company>.<DNS hosted zone> wherein company and DNS hosted zone are from the fabric management configuration and same for all fabrics.

The default administrator credentials are always as follows:

  • Orchestrator URL - FQDN of orchestrator NBI
  • Domain - default
  • Username - admin
  • Password - PASSWORD from the configuration step.

Using Web Interface

Go to the orchestrator Login page using the FQDN of orchestrator northbound interface–in this example orchestrator- myfab5.myorg4.poc.bayware.io.

Orchestrator Login Page

Fig. 128 Orchestrator Login Page

Authenticate into the orchestrator and you will be redirected to the Resource Graph page.

Note

Use the default administrator credentials when login to the orchestrator for the first time.

Example of Resource Graph Page

Fig. 129 Example of Resource Graph Page

Using BWCTL-API

You can install the BWCTL-API CLI tool on your workstation and work with the orchestrator using a command-line interface.

Note

The BWCTL-API CLI tool comes preinstalled on all fabric manager nodes.

Configure the tool with the administrator credentials.

Note

Again, Use the default administrator credentials when login to the orchestrator for the first time.

To set up the credentials using the BWCTL-API default configuration file, run this command:

]$ nano .bwctl-api/config.yml

After editing, your credential file will look similar to:

hostname: 'orchestrator-myfab5.myorg4.poc.bayware.io'
domain: 'default'
login:  'admin'
password: 'aEPbj6AMa2Yz'

To check whether you are able to authenticate into the orchestrator, run this command:

]$ bwctl-api show domain

You should see the default domain specification:

---
apiVersion: policy.bayware.io/v1
kind: Batch
metadata:
  name: List of Domains
spec:
- kind: Domain
  metadata:
    domain: default
    domain_description: System default administrative domain
  spec:
    auth_method:
    - LocalAuth
    - LDAP
    domain_type: Administrative

Create Administrative Domain

Default Domain

After the orchestrator installation, only the default domain exists for administrative purposes.

Note

You can keep using this domain for resource and application policy management only if you don’t need to reduce administrative scope.

Using Web Interface

To add a new domain, in the Admin > Domains section, click Add Domain.

New Domain Page

Fig. 130 New Domain Page

Fill out the fields on the New Domain page:

domain name
desired domain name;
type
Administrative and Application – an administrative domain is used to manage application and/or resource policy, while an application domain is used to manage application policy only;
description
add description for domain;
authorization method
LocalAuth in local orchestrator database or LDAPAuth at directory server.

Submit the new domain configuration and you should see the domain appears in the list on the Admin > Domains page.

List of Domains

Fig. 131 List of Domains

Using BWCTL-API

To create a new domain from bwctl-api, run this command with the desired domain name and type–in this example resources and Administrative respectively–as the arguments:

]$ bwctl-api create domain resources -type Administrative

You should see output similar to this:

[2019-10-15 18:28:49.711]  Domain 'resources' created successfully

Now, check again the list of existing domains by running this command:

]$ bwctl-api show domain

You should see the new domain specification among others:

---
apiVersion: policy.bayware.io/v1
kind: Batch
metadata:
  name: List of Domains
spec:
- kind: Domain
  metadata:
    domain: default
    domain_description: System default administrative domain
  spec:
    auth_method:
    - LocalAuth
    - LDAP
    domain_type: Administrative
- kind: Domain
  metadata:
    domain: resources
    domain_description: resources
  spec:
    auth_method:
    - LocalAuth
    domain_type: Administrative

Note

When options are not specified, the bwctl-api tool applies default configuration settings. See BWCTL-API CLI Manual for specific details.

Create Administrator

Default Administrator

The new orchestrator is always set up with a default administrator admin placed in the administrative domain default.

Using Web Interface

If needed, to create a named administrator account click Add Admin on the All Domains > Administrators page.

New Administrator Page

Fig. 132 New Administrator Page

Fill out the fields on the New Administrator page:

User Name
desired administrator name;
User Description
administrator description;
User status
choose between Enabled and Disabled;
Domain
select domain where administrator will operate;

Auth Method LocalAuth in local database or LDAPAuth at directory server (available options are inherited from domain authentication type);

Roles
administrator permissions– systemAdmin or domainAdmin;
Password, Repeat password
administrator password.

Submit the new administrator configuration and you should see the new administrator appears in the list on the All Domains > Administrators page.

List of Administrators

Fig. 133 List of Administrators

Using BWCTL-API

To create a new administrator from bwctl-api, run this command with the desired administrator name in given domain and role–in this example admin@resources and systemAdmin respectively–as the arguments:

]$ bwctl-api create administrator admin@resources --roles systemAdmin

You will be prompted to enter and repeat password:

Password:
Repeat for confirmation:
[2019-10-15 20:57:55.891]  Administrator 'admin' created successfully

Now, check the list of existing administrators by running this command:

]$ bwctl-api show domain

You should see output similar to:

---
apiVersion: policy.bayware.io/v1
kind: Batch
metadata:
  name: List of Administrators
spec:
- kind: Administrator
  metadata:
    user_domain: resources
    username: admin
  spec:
    is_active: true
    roles:
    - systemAdmin
    user_auth_method: LocalAuth
- kind: Administrator
  metadata:
    user_domain: default
    username: admin
  spec:
    is_active: true
    roles:
    - systemAdmin
    user_auth_method: LocalAuth

Note

When options are not specified, the bwctl-api tool applies default configuration settings. See BWCTL-API CLI Manual for specific details.