Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
ON THIS PAGE
 

Manage Paragon Shell Users

System administrators (root user) use Paragon Shell to add users so that these users can access and manage Paragon Automation cluster configurations. The users created in Paragon Shell and Paragon Automation Web GUI are not shared across the two user interfaces.

The following sections describe the user management tasks you can perform by using Paragon Shell.

Note:

User information configured on one node is deployed across all the nodes in the Paragon Automation cluster.

Create a User

System administrators and superusers can use Paragon Shell to create users who can access and manage the Paragon Automation cluster based on the privileges defined by the role assigned to them.

To create a user:

  1. SSH to a node in the Paragon Automation cluster.
  2. Log in to Paragon Shell.
    If you are a system administrator, log in as the root user. If you are a superuser, log in with your login credentials shared by the system administrator.
    You are placed in the operational mode of Paragon Shell.
  3. Enter the configuration mode.
  4. Configure the username, access privileges, and authentication method to authenticate the user.

    Where,

    • username is the unique name that identifies the user.

    • class is the access privilege assigned to the user. The options are:

      • read-only—User can access Paragon Shell and view details about the Paragon Automation cluster but cannot enter configuration mode to modify cluster configuration.

      • super-user—User can access Paragon Shell and enter configuration mode to modify cluster configuration.

    • authentication is the possible authentication methods that can be used to authenticate users. The options are:

      • plain-text-password—Enter the password in plain text. The password can contain alphanumeric and special characters and must have a minimum of six characters. The password is stored in an encrypted format in the configuration file.

      • encrypted-password—Enter the encrypted password and enclose it in quotation marks. Currently, the supported encryption algorithm is SHA-512.

      • ssh-algorithm—Generate an SSH key pair and use the key to authenticate users. The three types of SSH key algorithms that can be used are:

        • ssh-ecdsa

        • ssh-ed25519

        • ssh-rsa

    Note:

    • You can use both password and SSH keys to authenticate users.

    • You can configure more than one SSH key to authenticate users.
  5. Commit the changes and exit the configuration mode.

    The user is successfully created.

  6. Deploy the configuration on all the nodes in the cluster.

    The configuration is deployed on all the nodes in the Paragon Automation cluster.

    The system administrator must manually share the IP addresses and log in credentials with the user and the user can log in to Paragon Shell to view and manage the Paragon Automation cluster based on the access privileges assigned to them.

  7. (Optional) Confirm the user details.

For every user created by using Paragon Shell, a Linux user with identical username, access privileges, and authentication method is created on every single node in the Paragon Automation cluster.

Note:

  • When a commit is initiated from one node (node A), commit is first attempted on the rest of the nodes (node B, C, D) before it is attempted on the node on which the commit was initiated (node A). In case the commit fails on any of the nodes, the changes committed is rolled back on the nodes on which commit succeeded.

  • Commit fails when multiple users make changes to the cluster configuration at the same time from different nodes. In such scenarios, we need to rollback all the committed changes on the other nodes and only commit changes from a single node to ensure that all the nodes in the cluster have the same configuration.

Modify User Information

System administrators and superuser can modify the access privileges of users and the authentication method used to authenticate the user.

To modify user details:

  1. SSH to a node in the Paragon Automation cluster.
  2. Log in to Paragon Shell.
    If you are a system administrator, log in as the root user. If you are a superuser, log in with your login credentials shared by the system administrator.
    You are placed in the operational mode.
  3. Enter the configuration mode.
  4. Modify the access privilege for the user and the authentication method used to authenticate the user, as needed.
  5. Commit the changes and exit the configuration mode.

    The user is successfully created.

  6. Deploy the configuration on all the nodes in the cluster.

    The username of the user whose user details are modified is displayed. The configuration is deployed on all the nodes in the Paragon Automation cluster.

Delete a User

To delete a user:
  1. SSH to a node in the Paragon Automation cluster.
  2. Log in to Paragon Shell.
    If you are a system administrator, log in as the root user. If you are a superuser, log in with your login credentials shared by the system administrator.
    You are placed in the operational mode.
  3. Enter the configuration mode.
  4. To delete the user.
  5. Commit the changes and exit the configuration mode.

    The user's access to Paragon Automation cluster is revoked.

  6. Deploy the configuration on all the nodes in the cluster.

    The user's access to Paragon Shell is removed. The configuration is deployed on all the nodes in the Paragon Automation cluster.

  7. (Optional) Confirm that the user is logged out of the Paragon Automation cluster.

Logging in to Paragon Shell as a New User

The system administrator manually shares the IP address and credentials (username and password) with the users to access Paragon Shell.

To log in to Paragon Shell as a new user:

  1. SSH to a node in the Paragon Automation cluster.
  2. Enter your username and password.
    Based on your login class you are either placed in Paragon Shell or the Linux user shell.

    The two login classes are:

    • super-user—You are placed in the Paragon Shell.

    • read-only—You are placed in the Linux user shell initially and prompted to re-enter your password. Re-enter your password to log in to Paragon Shell.

    You are logged in to Paragon Shell.
    Depending on your access privileges, you can view and manage Paragon Automation cluster configuration.

Retrieve User Information On a Recovered Node in the Paragon Automation Cluster

When a node is repaired and recovered in the Paragon Automation cluster the user configuration on the node is lost. Users will not be able to use their user credentials to log in to the node and access the Linux user shell and Paragon Shell.

Note:

Before you retrieve user configuration on the recovered node, ensure that there are no pending commits in any of the nodes in the Paragon Automation cluster, including in the recovered node.

To retrieve user configuration on the recovered node:

  1. SSH to a node with the latest user configuration in the Paragon Automation cluster.
    You are logged into Paragon Shell.
  2. Enter the configuration mode.
  3. Execute the commit command to retrieve the latest cluster configuration.
    The user configuration is updated on all the nodes.
  4. Deploy the user configuration file on all the nodes in the cluster.

    Users can now log in to the node using their existing Paragon Shell credentials. The access privileges and authentication method also remains the same.