Onboarding a new admin for Cloud Pak for Integration
Use the API Connect toolkit CLI to create a new admin account for use with Cloud Pak for Integration.
About this task
If you changed the local admin account for Cloud Pak for Integration, you must create a new admin user in API Connect to ensure that the new Cloud Pak for Integration admin can log in to API Connect with the Common Services User Registry.
Procedure
- Download and install the API Connect toolkit CLI and credentials file as explained in Installing the toolkit.
-
Log in to the toolkit CLI.
Logging in to the toolkit CLI requires the endpoint URL for your API Connect management server. In Cloud Pak for Integration, the URL indicates the location of the management server within the Cloud Pak for Integration deployment.
-
Determine the URL to the API Connect management server by running the following command:
oc -n APIC_namespace get mgmt APIC_instance -o jsonpath="{.status.zenRoute}" && echo ""
The response looks like the following example URL:apic-mgmt-admin-apic.deve-cip-hlag-8e86d3798137c73f524cf9-0000.eu-de.containers.appdomain.cloud
-
Log in to the API Connect toolkit CLI by running the following command:
apic -s API_Connect_URL login -u admin -p <password> -r admin/default-idp-1
where
API_Connect_URL
is the URL of the management server in your API Connect instance.
-
Determine the URL to the API Connect management server by running the following command:
-
Create a new admin account by completing the following steps.
Use the toolkit CLI to create an admin account in the Common Services User Registry and then add the new admin to the API Connect
administrator
role.-
Create a YAML file called newCp4iAdmin.yaml with the following information
for the new admin account.
username: <new_cp4i_admin_username> first_name: CP4I last_name: Administrator
-
Create the CP4i admin account by running the following command:
apic -s API_Connect_URL users:create -o admin --user-registry common-services newCp4iAdmin.yaml
-
Verify that the account was created by running the following command:
apic -s API_Connect_URL users:get -o admin --user-registry common-services <new_cp4i_admin_username> --output -
-
Get the new admin account's URL by running the following command:
apic -s API_Connect_URL users:list -o admin --user-registry common-services | grep <new_cp4i_admin_username> | awk '{print $4}'
-
Get the URL of the API Connect
administrator
role by running the following command:apic -s API_Connect_URL roles:list --scope org -o admin | grep -w administrator | grep -v topology | awk '{print $2}'
-
Create a YAML file called newcp4iadminmember.yaml with the following
content:
name: <new_cp4i_admin_username> user: url: <user_URL> role_urls: - <role_URL>
-
Use the newcp4iadminmember.yaml file to add the new admin as a member of
the API Connect instance's admin organization.
Create the new member by running the following command:
apic -s API_Connect_URL members:create --scope org -o admin newcp4iadminmember.yaml
- Verify that the new admin account works by using it to log in to the Cloud Manager interface in your API Connect instance.
-
Create a YAML file called newCp4iAdmin.yaml with the following information
for the new admin account.
-
Remove the old Cloud Pak for Integration admin user from API Connect.
After you verify that the new Cloud Pak for Integration admin can log into the API Connect Cloud Manager interface, delete the previous Cloud Pak for Integration admin account.
-
Remove the previous admin from the membership of the API Connect admin organization by running
the following command:
apic -s API_Connect_URL members:delete --scope org -o admin cs-admin
When you initially deployed API Connect as a component of Cloud Pak for Integration, the admin username was
admin
and the member in the API Connect admin organization wascs-admin
. If thecs-admin
member does not exist in the admin organization, then the Cloud Pak for Integration admin user was changed after deployment. In this case, the member uses the same name as admin account's user name. Delete the member with that name:apic -s API_Connect_URL members:delete --scope org -o admin <old_cp4i_admin_username>
-
Delete the previous Cloud Pack for Integration admin user account from the Common Services User
Registry by running the following command:
apic -s API_Connect_URL users:delete -o admin --user-registry common-services <old_cp4i_admin_username>
-
Remove the previous admin from the membership of the API Connect admin organization by running
the following command: