集群RBAC

  • 2021年5月5日
  • 0答复
  • 291视图
r
秩
UserLevel 2
徽章 +4

基于群集角色的访问控制(RBAC)或增强的Prism Central RBAC功能提供了“ Prism Admin”和“ Prism Viewer”角色访问Prism Central的访问,访问仅限于一个或多个注册给Prism Central的AOS群集。使用群集RBAC,Prism Central Admin或Viewer用户能够访问Prism Central,并从允许的AOS群集中查看和对诸如VM,主机和容器之类的实体进行操作。用户还将能够在允许的AOS群集上执行“启动Prism元素”操作,并通过各自的Prism Admin或Viewer访问来管理群集。

启用群集RBAC

预检查

  1. 验证支持Prism Center版本和AHV群集版本。

  2. 部署Prism Central的AOS群集必须注册到Prism Central。

  3. 必须启用CMSP。

  4. 身份和访问管理(IAM)将自动启用,作为CMSP启用的一部分。

  5. CMSP和IAM的先决条件也适用于群集RBAC

程序

  1. 使用SSH连接到棱镜中央VM。

  2. 编辑“/home/nutanix/config/prism/prism-properties.json”文件配置

  3. 重新启动棱镜服务“ Allssh Genesis停止Prism && cluster启动”

  4. 验证是否启用了群集RBAC功能“ zkls/atsperiance/逻辑/prism”

  5. 这种配置在Prism Central VM重新启动中保持持久。但是,升级后丢失了配置。

有关配置群集RBAC的更多详细信息,请参考配置群集RBAC



拉阿吉
The Cluster role based access Control (RBAC) or Enhanced Prism Central RBAC feature provides \u201cPrism Admin\u201d and \u201cPrism Viewer\u201d role based access to Prism Central with access restricted to one or more AOS clusters registered to Prism Central. With Cluster RBAC, the Prism Central admin or viewer user is able to access Prism Central and view and act on the entities like VM, host and container from the allowed AOS clusters. The users will also be able to perform the \u201cLaunch Prism Element\u201d action on the allowed AOS clusters and manage the cluster with respective Prism Admin or viewer access.<\/span><\/p>

\u00a0<\/p>

Enabling cluster RBAC<\/span><\/p>

\u00a0<\/p>

Pre-checks<\/span><\/p>

  1. \t

    Verify supported the Prism Center version and the AHV cluster version.<\/span><\/p>\t<\/li>\t

  2. \t

    The AOS cluster where Prism Central is deployed must be registered to the Prism Central.<\/span><\/p>\t<\/li>\t

  3. \t

    CMSP must be enabled.<\/span><\/p>\t<\/li>\t

  4. \t

    Identity and Access Management (IAM) is automatically enabled as part of CMSP enablement.<\/span><\/p>\t<\/li>\t

  5. \t

    The prerequisites for CMSP and IAM also apply to cluster RBAC<\/span><\/p>\t<\/li><\/ol>

    \u00a0<\/p>

    Procedure<\/span><\/p>

    \u00a0<\/p>

    1. \t

      Connect to the Prism Central VM using SSH.<\/span><\/p>\t<\/li>\t

    2. \t

      Edit the \u201c\/home\/nutanix\/config\/prism\/prism-properties.json\u201d file configuration<\/span><\/p>\t<\/li>\t

    3. \t

      Restart the Prism Service \u201callssh genesis stop prism && cluster start\u201d<\/span><\/p>\t<\/li>\t

    4. \t

      Verify if the cluster RBAC feature is enabled \u201czkls \/appliance\/logical\/prism\u201d<\/span><\/p>\t<\/li>\t

    5. \t

      This configuration remains persistent over Prism Central VM reboot; however, the configuration is lost after an upgrade.<\/span><\/p>\t<\/li><\/ol>

      \u00a0<\/p>

      For more details to configure Cluster RBAC, please refer to <\/span>Configure cluster RBAC<\/u><\/a><\/p>



      \u00a0<\/p>","quoteUsername":"raaji","translations":{"Common":{"like":"Like","unlike":"Unlike"},"Forum":{"Quote":"Quote","Share":"Share"}}}">

该主题已关闭以供评论
条款和条件
Learn more about our cookies.<\/a>","cookiepolicy.button":"Accept cookies","cookiepolicy.button.deny":"Deny all","cookiepolicy.link":"Cookie settings","cookiepolicy.modal.title":"Cookie settings","cookiepolicy.modal.content":"We use 3 different kinds of cookies. You can choose which cookies you want to accept. We need basic cookies to make this site work, therefore these are the minimum you can select. Learn more about our cookies.<\/a>","cookiepolicy.modal.level1":"Basic
Functional","cookiepolicy.modal.level2":"Normal
Functional + analytics","cookiepolicy.modal.level3":"Complete
Functional + analytics + social media + embedded videos"}}}">
Baidu