Basic User Management#
This documentation is part of NVIDIA DGX BasePOD: Deployment Guide Featuring NVIDIA DGX A100 Systems.
Base Command Manager (BCM) uses its own LDAP service to manage users and groups with a centralized LDAP database server running on the head node, and not by entries in /etc/passwd or /etc/group files. An external LDAP server can be setup for authentication services to replace the existing BCM LDAP service, but it is outside of the scope of this document.
Only the basic user management tasks are outlined in this guide to provide a starting point. Refer to the Base Command Manager Administrator Manual for complete options and additional details.
Although user management can be done in both cmsh and Base View, cmsh is used in this chapter.
Warning
The # prompt indicates commands that you execute as the root user on a head node. The % prompt indicates commands that you execute within cmsh.
Configuring a User#
Add a user (userone in this case).
1# cmsh 2% user 3% add userone 4% set password 7adGnv0!K 5% commit
userone will reset the password after successfully logging in.
1userone@basepod-head2:~$ passwd 2(current) LDAP Password: 3New password: 4Retype new password: 5passwd: password updated successfully 6userone@basepod-head2:~$
Use show to view user parameters and values.
1[basepod-head2->user[userone]]% show 2Parameter Value 3-------------------------------- -------------------------------------------- 4Accounts 5Managees 6Name userone 7Primary group userone 8Revision 9Secondary groups 10ID 1004 11Common name userone 12Surname userone 13Group ID 1004 14Login shell /bin/bash 15Home directory /home/ userone 16Password ********* 17email 18Profile 19Create cmjob certificate no 20Write ssh proxy config no 21Shadow min 0 22Shadow max 999999 23Shadow warning 7 24Inactive 0 25Last change 2022/10/20 26Expiration date 2037/12/31 27Project manager <submode> 28Notes <0B>
Use set to change parameters.
1[basepod-head2->user[userone]]% set 2commonname expirationdate id name profile shadowmax surname 3createcmjobcertificate groupid inactive notes projectmanager shadowmin writesshproxyconfig 4email homedirectory loginshell password revision shadowwarning
Procedures to Remove a User#
This block of code will delete a user.
1# cmsh
2% user
3% remove userone
4% commit
Adding the -d option to remove will also delete the home directory.
Adding a User to K8s#
To use K8s services, a user must also be added to the K8s cluster.
Add each K8s user with cm-kubernetes-setup.
1root@basepod-head1:~# cm-kubernetes-setup --add-user userone
2Connecting to CMDaemon
3Executing 10 stages
4################### Starting execution for 'Kubernetes Setup'
5- kubernetes
6- docker
7## Progress: 0
8#### stage: kubernetes: Get Kube Cluster
9## Progress: 10
10#### stage: kubernetes: Check Permissions User Chart
11## Progress: 20
12#### stage: kubernetes: Check User
13## Progress: 30
14#### stage: kubernetes: Check Add User
15## Progress: 40
16#### stage: kubernetes: Check Namespace Does Not Exist
17## Progress: 50
18#### stage: kubernetes: Check Cluster Admin Has No Operators
19## Progress: 60
20#### stage: kubernetes: Deploy user
21User userone created successfully!
22## Progress: 70
23#### stage: kubernetes: List Installed Operators
24## Progress: 80
25#### stage: kubernetes: Update Operator Permissions
26## Progress: 90
27#### stage: kubernetes: Log Text
28User added successfully!
29## Progress: 100
30
31Took: 00:06 min.
32Progress: 100/100
33################### Finished execution for 'Kubernetes Setup', status: completed
34
35Kubernetes Setup finished!
Removing a User from K8s#
To remove a user (userone) from K8s, execute this command:
1# cm-kubernetes-setup --remove-user userone
The user will no longer be able to use the K8s service.
If an attempt is made, this error message will be shown:
1Error from server (Forbidden): nodes is forbidden: User "userone" cannot list resource "nodes" in API group "" at the cluster scope