Skip to content

Commit b7c2eb3

Browse files
JAC0BSMITHJAC0BSMITH
committed
Managing Method C for BMM and BMC
1 parent 7da115d commit b7c2eb3

File tree

2 files changed

+27
-26
lines changed

2 files changed

+27
-26
lines changed

articles/operator-nexus/howto-baremetal-bmc-ssh.md

Lines changed: 12 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -16,15 +16,16 @@ Please note this process is used in emergency situations when all other troubles
1616

1717
There are rare situations where a user needs to investigate & resolve issues with a BMM and all other ways have been exhausted via Azure. Operator Nexus provides the `az networkcloud cluster bmckeyset` command so users can manage SSH access to the baseboard management controller (BMC) on these BMMs.
1818

19-
When the command runs, it executes on each of BMM in the Cluster. If a BMM is unavailable or powered off at the time of command execution, the status of the command will reflect which BMMs couldn't have the command executed. There's a reconciliation process that runs periodically that will retry the command on any BMM that wasn't available at the time of the original command. Multiple commands execute in the order received.
19+
When the command runs, it executes on each of BMM in the Cluster. If a BMM is unavailable or powered off at the time of command execution, the status of the command reflects which BMMs couldn't have the command executed. There's a reconciliation process that runs periodically that retries the command on any BMM that wasn't available at the time of the original command. Multiple commands execute in the order received.
2020

21-
There's a maximum number of 12 users defined per Cluster. Attempts to add more than 12 users will result in an error. Delete a user before adding another one when 12 already exists.
21+
There's a maximum number of 12 users defined per Cluster. Attempts to add more than 12 users results in an error. Delete a user before adding another one when 12 already exists.
2222

2323
## Prerequisites
2424

2525
- Install the latest version of the
2626
[appropriate CLI extensions](./howto-install-cli-extensions.md)
27-
- The on-premise Cluster must have connectivity to Azure.
27+
- The on-premises Cluster must have connectivity to Azure.
28+
- Get the Resource group name that you created for `Cluster` resource
2829
- The process applies keysets to all running BMMs.
2930
- The users added must be part of an Azure Active Directory (Azure AD) group. For more information, see [How to Manage Groups](../active-directory/fundamentals/how-to-manage-groups.md).
3031
- To restrict access for managing keysets, create a custom role. For more information, see [Azure Custom Roles](../role-based-access-control/custom-roles.md). In this instance, add or exclude permissions for `Microsoft.NetworkCloud/clusters/bmcKeySets`. The options are `/read`, `/write` and `/delete`.
@@ -58,18 +59,18 @@ az networkcloud cluster bmckeyset create \
5859
--azure-group-id [Required] : The object ID of Azure Active Directory
5960
group that all users in the list must
6061
be in for access to be granted. Users
61-
that are not in the group will not have
62+
that are not in the group do not have
6263
access.
6364
--bmc-key-set-name --name -n [Required] : The name of the BMC key set.
6465
--cluster-name [Required] : The name of the cluster.
6566
--expiration [Required] : The date and time after which the users
66-
in this key set will be removed from
67+
in this key set are removed from
6768
the BMCs. The limit is up to 1 year from creation.
6869
Format is "YYYY-MM-DDTHH:MM:SS.000Z"
6970
--extended-location [Required] : The extended location of the cluster
7071
associated with the resource.
7172
Usage: --extended-location name=XX type=XX
72-
name: Required. The resource ID of the extended location on which the resource will be created.
73+
name: Required. The resource ID of the extended location on which the resource is created.
7374
type: Required. The extended location type: "CustomLocation".
7475
--privilege-level [Required] : The access level allowed for the users
7576
in this key set. Allowed values:
@@ -115,7 +116,7 @@ az networkcloud cluster bmckeyset create \
115116
for full debug logs.
116117
```
117118

118-
This example will create a new keyset with two users that have standard access from two jump hosts.
119+
This example creates a new keyset with two users that have standard access from two jump hosts.
119120

120121
```azurecli
121122
az networkcloud cluster bmckeyset create \
@@ -162,7 +163,7 @@ az networkcloud cluster bmckeyset delete \
162163
--yes -y : Do not prompt for confirmation.
163164
```
164165

165-
This example will remove the "bmcKeysetName" keyset group in the "clusterName" Cluster.
166+
This example removes the "bmcKeysetName" keyset group in the "clusterName" Cluster.
166167

167168
```azurecli
168169
az networkcloud cluster bmckeyset delete \
@@ -196,12 +197,12 @@ az networkcloud cluster bmckeyset update \
196197
--bmc-key-set-name --name -n [Required] : The name of the BMC key set.
197198
--cluster-name [Required] : The name of the cluster.
198199
--expiration : The date and time after which the users
199-
in this key set will be removed from
200+
in this key set are removed from
200201
the BMCs. Format is:
201202
"YYYY-MM-DDTHH:MM:SS.000Z"
202203
--jump-hosts-allowed : The list of IP addresses of jump hosts
203204
with management network access from
204-
which a login will be allowed for the
205+
which a login is allowed for the
205206
users. Supports IPv4 or IPv6 addresses.
206207
--privilege-level : The access level allowed for the users
207208
in this key set. Allowed values:
@@ -223,7 +224,7 @@ az networkcloud cluster bmckeyset update \
223224
operation to finish.
224225
```
225226

226-
This example will add two new users to the "bmcKeySetName" group and will change the expiry time for the group.
227+
This example adds two new users to the "bmcKeySetName" group and changes the expiry time for the group.
227228

228229
```azurecli
229230
az networkcloud cluster bmckeyset update \

articles/operator-nexus/howto-baremetal-bmm-ssh.md

Lines changed: 15 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -16,7 +16,7 @@ Please note this process is used in emergency situations when all other troubles
1616

1717
There are rare situations where a user needs to investigate & resolve issues with a BMM and all other ways have been exhausted via Azure. Azure Operator Nexus provides the `az networkcloud cluster baremetalmachinekeyset` command so users can manage SSH access to these BMM.
1818

19-
When the command runs, it executes on each BMM in the Cluster. If a BMM is unavailable or powered off at the time of command execution, the status of the command will reflect which BMMs couldn't have the command executed. There is a reconciliation process that runs periodically that will retry the command on any BMM that wasn't available at the time of the original command. Multiple commands execute in the order received.
19+
When the command runs, it executes on each BMM in the Cluster. If a BMM is unavailable or powered off at the time of command execution, the status of the command reflects which BMMs couldn't have the command executed. There is a reconciliation process that runs periodically that retries the command on any BMM that wasn't available at the time of the original command. Multiple commands execute in the order received.
2020

2121
There's no limit to the number of users in a group.
2222

@@ -25,13 +25,14 @@ Notes for jump host IP addresses
2525

2626
- The keyset create/update process adds the jump host IP addresses to the IP tables for the Cluster. The process adds these addresses to IP tables and restricts SSH access to only those IPs.
2727
- It's important to specify the Cluster facing IP addresses for the jump hosts. These IP addresses may be different than the public facing IP address used to access the jump host.
28-
- Once added, users will be able to access BMMs from any specified jump host IP including a jump host IP defined in another BMM keyset group.
28+
- Once added, users are able to access BMMs from any specified jump host IP including a jump host IP defined in another BMM keyset group.
2929
- Existing SSH access remains when adding first BMM keyset. However, the keyset command limits an existing user's SSH access to the specified jump host IPs in the keyset commands.
3030

3131
## Prerequisites
3232

3333
- Install the latest version of the
3434
[appropriate CLI extensions](./howto-install-cli-extensions.md)
35+
- The on-premises Cluster must have connectivity to Azure.
3536
- Get the Resource group name that you created for `Cluster` resource
3637
- The process applies keysets to all running BMMs.
3738
- The added users must be part of an Azure Active Directory (Azure AD) group. For more information, see [How to Manage Groups](../active-directory/fundamentals/how-to-manage-groups.md).
@@ -68,23 +69,23 @@ az networkcloud cluster baremetalmachinekeyset create \
6869
--azure-group-id [Required] : The object ID of Azure Active Directory
6970
group that all users in the list must
7071
be in for access to be granted. Users
71-
that are not in the group will not have
72+
that are not in the group do not have
7273
access.
7374
--bare-metal-machine-key-set-name --name -n [Required] : The name of the bare metal machine key
7475
set.
7576
--cluster-name [Required] : The name of the cluster.
7677
--expiration [Required] : The date and time after which the users
77-
in this key set will be removed from
78+
in this key set are removed from
7879
the bare metal machines. Format is:
7980
"YYYY-MM-DDTHH:MM:SS.000Z"
8081
--extended-location [Required] : The extended location of the cluster
8182
associated with the resource.
8283
Usage: --extended-location name=XX type=XX
83-
name: Required. The resource ID of the extended location on which the resource will be created.
84+
name: Required. The resource ID of the extended location on which the resource is created.
8485
type: Required. The extended location type: "CustomLocation".
8586
--jump-hosts-allowed [Required] : The list of IP addresses of jump hosts
8687
with management network access from
87-
which a login will be allowed for the
88+
which a login is be allowed for the
8889
users. Supports IPv4 or IPv6 addresses.
8990
--privilege-level [Required] : The access level allowed for the users
9091
in this key set. Allowed values:
@@ -99,9 +100,8 @@ az networkcloud cluster baremetalmachinekeyset create \
99100
key-data: Required. The public ssh key of the user.
100101
101102
Multiple users can be specified by using more than one --user-list argument.
102-
--os-group-name : The name of the group that users will
103-
be assigned to on the operating system
104-
of the machines.
103+
--os-group-name : The name of the group that users are assigned
104+
to on the operating system of the machines.
105105
--tags : Space-separated tags: key[=value]
106106
[key[=value] ...]. Use '' to clear
107107
existing tags.
@@ -133,7 +133,7 @@ az networkcloud cluster baremetalmachinekeyset create \
133133
for full debug logs.
134134
```
135135

136-
This example will create a new keyset with two users that have standard access from two jump hosts.
136+
This example creates a new keyset with two users that have standard access from two jump hosts.
137137

138138
```azurecli
139139
az networkcloud cluster baremetalmachinekeyset create \
@@ -157,7 +157,7 @@ For assistance in creating the `--user-list` structure, see [Azure CLI Shorthand
157157

158158
## Deleting a bare metal machine keyset
159159

160-
The `baremetalmachinekeyset delete` command removes SSH access to the BMM for a group of users. All members of the group will no longer have SSH access to any of the BMM in the Cluster.
160+
The `baremetalmachinekeyset delete` command removes SSH access to the BMM for a group of users. All members of the group no longer have SSH access to any of the BMM in the Cluster.
161161

162162
The command syntax is:
163163

@@ -182,7 +182,7 @@ az networkcloud cluster baremetalmachinekeyset delete \
182182
--yes -y : Do not prompt for confirmation.
183183
```
184184

185-
This example will remove the "bareMetalMachineKeysetName" keyset group in the "clusterName" Cluster.
185+
This example removes the "bareMetalMachineKeysetName" keyset group in the "clusterName" Cluster.
186186

187187
```azurecli
188188
az networkcloud cluster baremetalmachinekeyset delete \
@@ -215,12 +215,12 @@ az networkcloud cluster baremetalmachinekeyset update \
215215
--bare-metal-machine-key-set-name --name -n [Required] : The name of the BMM key set.
216216
--cluster-name [Required] : The name of the cluster.
217217
--expiration : The date and time after which the users
218-
in this key set will be removed from
218+
in this key set are removed from
219219
the BMMs. Format is:
220220
"YYYY-MM-DDTHH:MM:SS.000Z"
221221
--jump-hosts-allowed : The list of IP addresses of jump hosts
222222
with management network access from
223-
which a login will be allowed for the
223+
which a login is allowed for the
224224
users. Supports IPv4 or IPv6 addresses.
225225
--privilege-level : The access level allowed for the users
226226
in this key set. Allowed values:
@@ -242,7 +242,7 @@ az networkcloud cluster baremetalmachinekeyset update \
242242
operation to finish.
243243
```
244244

245-
This example will add two new users to the "baremetalMachineKeySetName" group and will change the expiry time for the group.
245+
This example adds two new users to the "baremetalMachineKeySetName" group and changes the expiry time for the group.
246246

247247
```azurecli
248248
az networkcloud cluster baremetalmachinekeyset update \

0 commit comments

Comments
 (0)