3.6 Walkthrough: Creating a User Account

Although PlateSpin Orchestrate has some pre-assembled jobs, such as the cpuInfo discovery job that you learned about earlier, most jobs must be developed by a job developer, then be run and managed by a user (also called a job manager). Without an authorized individual who can log in to the PlateSpin Orchestrate system to manage the use of a job, the product does not realize its potential.

This section of the walkthrough introduces the basics of creating a user account:

3.6.1 Opening the Users Monitor

Now that the Orchestrate Server has run discovery jobs and you have deployed a sample job, you can begin to create user accounts. To do so, open the Orchestrate Development Client and click Users in the toolbar to open the Users Monitor in the Workspace panel of the Development Client.

Figure 3-4 Users Monitor of the PlateSpin Orchestrate Development Client

In this monitor, you can see the users that are connected to the server and what they are doing in the grid.

If a user logs in but has not been registered (that is, no account is created for that user), the authentication to the server is retried every 90 seconds. If this is the case, the User Registration icon has a “flag up” status, meaning that a user is waiting to register. If the icon has a “flag down” status, either no user accounts have been created or all active users are logged in, so none are waiting to register.

You can use the Development Client to register a user automatically (see Section 3.6.2, Automatically Registering a User) or to register a user manually (see Section 3.6.3, Manually Registering a User). You can also select which users can log in to create accounts (see Section 3.3.4, Selecting a Resource for Manual Registration).

The Users Monitor has many features to help you manage users when they are registered, including the jobs and joblets assigned to individual users. For more detailed information about the Users Monitor, see the PlateSpin Orchestrate 2.5 Development Client Reference.

3.6.2 Automatically Registering a User

If your network environment does not require a high level of security (such as in a development and testing environment) and you want a quick way to create a user account without a password, you can do so at the Orchestrate Development Client.

  1. In the Explorer panel of the Development Client, select the grid object representing the Orchestrate Server to open the Info/Configuration page of the grid object, then select the Authentication tab to open the Authentication page.

  2. In the Users section of the page, select the Auto Register Users check box, then click the Save icon.

  3. Use the zos command line interface to log in to the server.

    1. From a system terminal, enter the following command:

      zos login -u user_ID
      

      If you are attempting to log in to a machine other than the local host, you can alter the command to the following:

      zos login Orchestrate_Server_name -u user_ID
      
    2. When prompted for the user password, press Enter.

    3. (Conditional) If you are prompted for a decision regarding whether you want to accept the server certificate, enter yes.

NOTE:You can assign a password for the user at a later time in the Info/Groups page of the User Object.

When a user logs out, the User object icon is dimmed in the Explorer panel or in the Information view of each User group to which it belongs.

3.6.3 Manually Registering a User

If you want a higher level of security for authorized users, you can manually create a user account in the Development Client before the user logs in. When a user is created in the PlateSpin Orchestrate Development Client, that user is ready to run jobs.

To create a new user in the Development Client Explorer panel:

  1. In the Explorer panel in the Development Client, right-click Users > click New User to display the Create a New User dialog box.

  2. Specify the name of the new user you want to create in the New User Name field, then click OK.

    The user account is created, but is not currently running jobs, as indicated by its object icon in the Explorer panel or in the Information view of each User group to which it belongs.

To create a new user through the Actions menu:

  1. In the Development Client, click Actions > Create User to display an expanded version of the Create a New User dialog box.

    This dialog box includes a method for designating the user as a member of the administrators user group. In this walkthrough, we will create the user as a member of the all group, which does not place the user in the administrators group.

  2. Specify the new username in the New User Name field, click Create, then click Close.

  3. Define the user password.

    1. In the Orchestrate Development Client Explorer tree, select the new User in the Users object all group to open its Info/Groups page.

    2. In the Info/Groups page, select the collapse/expand icon in the Personal Information section to open the fields of that section.

    3. In the Password field, change the default password, then click the Save icon to display the Password Confirmation dialog box.

    4. In the Confirm New Password field, enter the password you defined previously, click OK, then click the Save icon to save the password.

When a user logs out, the User object icon is dimmed in the Explorer panel or in the Information view of each User group to which it belongs.

3.6.4 Logging In a User for Manual Registration

If you do not select the Auto Register Users check box on the grid object’s Info/Configuration page, you have the option of explicitly accepting or denying the login attempts of a user, thus preventing that user from creating an account.

  1. Make sure that the Auto Register Users check box on the grid object’s Authentication page is not selected (see Step 2) and that you have created a new user.

  2. Use the zos command line interface to log in to the server.

    1. From a system terminal or from a PlateSpin Orchestrator login in Windows, enter the following command:

      zos login --user=user
      

      If you are attempting to log in to a machine other than the local host, you can alter the command to the following:

      zos login Orchestrator_Server_name --user=user 
      
    2. Enter the password for the user credentials. For this walkthrough, you can simply press Enter to enter an empty password.

    3. When prompted for a decision regarding whether you want to accept the server certificate, enter yes.

      An eror message is generated:

      ERROR: login failed: user name or password ‘incorrect’
      
  3. In the Users Monitor, click the User Registration icon to open the User Registration Monitor dialog box.

    This dialog box lets you preview the users who are trying to log in to the server. The top row of radio buttons is a mass selector for all listed users, allowing you the choice to accept, deny, or ignore automatic registration for all listed agents.

    If you want to choose the users that can be allowed to auto register, you can identify the user by name and select how you want to handle that agent’s request for registration the next time it tries to log in.

  4. For this example, select the Accept radio button adjacent to the user you want to register, then click OK.

    The user account is created, but is not currently running jobs, as indicated by its object icon in the Explorer panel, or in the Information view of each User group to which it belongs.

3.6.5 Directory Service Authentication (Optional)

There are some configuration steps you need to follow in the PlateSpin Development Client if you want to immediately configure the authentication of both users and resources to the PlateSpin Orchestrate Server using a directory service like ADS or LDAP. For more information, see The Orchestrate Server Authentication Page in the PlateSpin Orchestrate 2.5 Development Client Reference.