66Operational tasks
77~~~~~~~~~~~~~~~~~
88
9+ Below are some common operational tasks for managing the Deis platform.
10+
11+
912Managing users
1013==============
1114
@@ -16,6 +19,7 @@ There are two classes of Deis users: normal users and administrators.
1619
1720The first user created on a Deis installation is automatically an administrator.
1821
22+
1923Promoting users to administrators
2024---------------------------------
2125
@@ -24,3 +28,53 @@ You can use the ``deis perms`` command to promote a user to an administrator:
2428.. code-block :: console
2529
2630 $ deis perms:create john --admin
31+
32+
33+
34+ -------------------------------------
35+
36+ The controller API uses a simple token-based HTTP Authentication scheme. Token authentication is
37+ appropriate for client-server setups, such as native desktop and mobile clients. Each user of the
38+ platform is issued a token the first time that they sign up on the platform. If this token is
39+ compromised, you'll need to manually intervene to re-issue a new authentication token for the user.
40+ To do this, SSH into the node running the controller and drop into a Django shell:
41+
42+ .. code-block :: console
43+
44+ $ fleetctl ssh deis-controller
45+ $ docker exec -it deis-controller python manage.py shell
46+ >>>
47+
48+
49+ is Bob (poor Bob):
50+
51+ .. code-block :: console
52+
53+ >>> from django.contrib.auth.models import User
54+ >>> from rest_framework.authtoken.models import Token
55+ >>> bob = User.objects.get(username='bob')
56+ >>> token = Token.objects.get(user=bob)
57+ >>> token.delete()
58+ >>> exit()
59+
60+
61+ token:
62+
63+ .. code-block :: console
64+
65+ $ deis apps
66+ 401 UNAUTHORIZED
67+ Detail:
68+ Invalid token
69+
70+
71+ re-issued a new token:
72+
73+ .. code-block :: console
74+
75+ $ deis login http://deis.example.com
76+ username: bob
77+ password:
78+ Logged in as bob
79+ $ deis apps
80+ === Apps
0 commit comments