Tenant Provisioning Scripts
Context
The tenant provisioning scripts assign ownership of nodes, service templates, VMs, and services to a specified tenant.
In order to provision tenants using this method, you must meet the following prerequisites:
- MWS needs to be running /opt/mws/check/basic-mws-diagnostics. These are included in the RPM except for TORQUE.
- LDAP is configured.
- You have already configured your principals the way you want them.
The following tenant provisioning scripts are shipped with MWS:
The mprincipal Provisioning Script
You can create, modify, or view principals in MWS using the mprincipal script.
mprincipal (-<shortCommand> <principalName>)|(--<longCommand>=<principalName>) [options...] [arg]
You may use either the short or long version of each command and option as long as you use the correct syntax as illustrated above.
Optional flags ([options]) are specified with the following syntax:
...(-<shortOption> <value>)|(--<longOption>=<value>)...
Multiple options can be specified at the same time; they must be space-delimited.
An argument ([arg]) is name of the principal, and it is required to run the view and modify commands.
Commands for the mprincipal Script
The mprincipal commands are mutually exclusive and one is required.
| Command | Short option | Long option | Description |
|---|---|---|---|
| Create | -c | --create | Lets you create a new principal. |
| Modify | -m | --modify |
Lets you modify an existing principal. You must specify the name of the principal to modify in the form of an argument as demonstrated in the syntax sample above. 
When you modify a principal, you recreate a new principal with the same name. This means that, in addition to the desired modifications, you must re-specify the unchanging attributes that you wish to keep or else you will lose them. |
| View | -v | --view | Lets you view an existing principal. You must specify the name of the principal to view in the form of an argument as demonstrated in the syntax sample above. |
Options for the mprincipal Script
| Option | Short option | Long option | Value | Description |
|---|---|---|---|---|
| Group | -g | --group | <groupName> | *Lets you specify the LDAP group distinguished name. |
| Help | -h | --help | --- | Lets you view the usage. |
| Host | -H | --host | <hostName> | Lets you specify the MWS host to connect to while running this script. The default is http://localhost:8080. |
| LDAP user | -l | --ldapuser | <userName> | *Lets you specify the LDAP user name. |
| Organizational unit (OU) | -o | --ou | <ouName> | *Lets you specify the LDAP OU distinguished name. |
| Password | -P | --password | <password> | Lets you specify the MWS user's password with which to connect to MWS while running this script. |
| Roles | -r | --roles | <roleName> | Lets you specify the MWS role names (separate multiple roles with commas) |
| User name | -U | --user | <userName> | Lets you specify the MWS user with which to connect to MWS while running this script. The default user is 'moab-admin'. |
* The Group, LDAP user, and OU options are mutually exclusive. The LDAP user option takes precedence, then Group, and finally OU.
mprincipal Script Example
Both of the following examples will run the mprincipal script with user name "admin" and password "myPassword" to https://smartuniversity-mws:8080. The principal Biology will be modified to contain the BiologyDepartment LDAP group and the User role.
> mprincipal -m Biology -g "cn=BiologyDepartment,ou=departments,dc=com" -r User -U admin -P myPassword -H https://smartuniversity-mws:8080
> mprincipal --modify=Biology --group="cn=BiologyDepartment,ou=departments,dc=com" --roles=User --user=admin --password=myPassword --host=https://smartuniversity-mws:8080
The mtenant Provisioning Script
You can create, view, and attach nodes and principals to tenants using the mtenant provisioning script.
Usage: mtenant (-<shortCommand> <tenantName>)|(--<longCommand>=<tenantName>) [options] [args...]
You may use either the short or long version of each command and option as long as you use the correct syntax as illustrated above.
Optional flags ([options]) are specified with the following syntax:
...(-<shortOption> <value>)|(--<longOption>=<value>)...
Multiple options can be specified at the same time; they must be space-delimited.
An argument ([args]) is name of a principal or node by name or ID, which is required to attach a principal or node to the tenant, respectively. You can attach multiple principals or nodes to a tenant by delimiting them with a space.
Commands for the mtenant Script
The mtenant commands are mutually exclusive and one is required.
| Command | Short option | Long option | Description |
|---|---|---|---|
| Create | -c | --create | Lets you create a new tenant. |
| Nodes | -n | --nodes |
Lets you attach nodes to the tenant. You must specify the name of the node to be attached in the form of an argument as demonstrated in the syntax sample above.
When you modify a tenant, you recreate a new tenant with the same name. This means that, in addition to the desired modifications, you must re-specify the unchanging attributes that you wish to keep or else you will lose them. |
| Principals | -p | --principals |
Lets you attach principals to the tenant. Principal must have already been added in MWS. You must specify the name of the principal to be attached in the form of an argument as demonstrated in the syntax sample above.
When you modify a tenant, you recreate a new tenant with the same name. This means that, in addition to the desired modifications, you must re-specify the unchanging attributes that you wish to keep or else you will lose them. |
| View | -v | --view | Lets you view a tenant. |
Options for the mtenant Script
| Option | Short option | Long option | Value format | Description |
|---|---|---|---|---|
| File | -f | --file | <fileName> | Lets you read data from file (instead of ARGS). |
| Help | -h | --help | --- | Lets you view the usage. |
| Host | -H | --host | <hostName> | Lets you specify the MWS host to connect to while running this script.. The default is http://localhost:8080. |
| Password | -P | --password | <password> | Lets you specify the MWS user password with which to connect to MWS while running this script. |
| User name | -U | --user | <userName> | Lets you specify the MWS username with which to connect to MWS while running this script. The default user is 'moab-admin'. |
mtenant Script Example
Both of the following examples will run the mtenant script with user name "admin" and password "myPassword" to https://smartuniversity-mws:8080. The tenant Biology will be modified to own nodes n01, n02, and n03.
> mtenant -n Biology -U admin -P myPassword -H https://smartuniversity-mws:8080 n01 n02 n03
> mtenant --nodes=Biology --user=admin --password=myPassword --host=https://smartuniversity-mws:8080 n01 n02 n03
The msvctempl Provisioning Script
You can copy service templates to a tenant and view templates currently owned by a tenant with the msvctempl provisioning script.
msvctempl (-<shortOption> <value>)|(--<longOption>=<value>)...[arg]
Multiple options can be specified at the same time; they must be space-delimited.
An argument ([arg]) is the name or ID of the service template if you are using the Copy option. You can attach multiple templates to a tenant by delimiting them with a space (for example, msvctempl -c ... container1 container2 container3).
Commands for the msvctempl Script
The msvctempl commands are mutually exclusive and one is required.
| Command | Short option | Long option | Description |
|---|---|---|---|
| Copy | -c | --copy | Lets you copy container service templates to the tenant specified in your argument as demonstrated in the syntax sample above. |
| View | -v | --view | <tenantName> |
Options for the msvctempl Script
| Option | Short option | Long option | Description | |
|---|---|---|---|---|
| File | -f | --file | <fileName> | Lets you specify the location of a file that contains additional template names or IDs. This is new line delimited. |
| Host | -H | --host | <hostName> | Lets you specify the name of the MWS host to connect while running this script. The default is http://localhost:8080. |
| Help | -h | --help | --- | Lets you view the usage. |
| Password | -P | --password | <password> | Lets you specify the MWS password with which to connect to MWS while running this script. By default, you will be prompted for it. |
| User name | -U | --user | <userName> | Lets you specify the MWS username with which to connect to MWS while running this script. The default user is 'moab-admin'. |
Both of the following examples will run the msvctempl script with user name "admin" and password "myPassword" to https://smartuniversity-mws:8080. The tenant Biology will be modified to own service templates st1, st2, and st3.
> msvctempl -c Biology -U admin -P myPassword -H https://smartuniversity-mws:8080 st1 st2 st3
> msvctempl --copy=Biology --user=admin --password=myPassword --host=https://smartuniversity-mws:8080 st1 st2 st3
You can move container services to a tenant and view top-level container services for the specified tenant with the msvc provisioning script.
The msvc provisioning script only works with services that run on a virtual machine, and there must be sufficient resources on the new tenant to accept the VMs or some services will not migrate to the new tenant. Also, any services with physical machine or storage components will not migrate and must be resolved outside of Moab. It is recommended that you copy the service template and launch the new service; that is, use the msvctempl provisioning script instead of the msvc provisioning script if possible.
msvc (-<shortOption> <value>)|(--<longOption>=<value>)...[arg]
Multiple options can be specified at the same time; they must be space-delimited.
An argument ([arg]) is the name or ID of the service if you are using the Move option. You can move multiple services to a tenant by delimiting them with a space (for example, msvc -m ... container1 container2 container3).
The msvc commands are mutually exclusive and one is required.
| Command | Short option | Long option | Description | |
|---|---|---|---|---|
| Move | -m | --move | Lets you move container services to the tenant specified in your argument as demonstrated in the syntax sample above. | |
| View | -v | --view | <tenantName> | Shows container services for the specified tenant. |
| Option | Short option | Long option | Description | |
|---|---|---|---|---|
| File | -f | --file | <fileName> | Lets you specify the location of a file that contains service names or IDs. This is new line delimited. |
| Host | -H | --host | <hostName> | Lets you specify the name of the MWS host to connect while running this script. The default is http://localhost:8080. |
| Help | -h | --help | --- | Lets you view the usage. |
| Password | -P | --password | <password> | Lets you specify the MWS password with which to connect to MWS while running this script. By default, you will be prompted for it. |
| User name | -U | --user | <userName> | Lets you specify the MWS username with which to connect to MWS while running this script. The default user is 'moab-admin'. |
Both of the following examples will run the msvc script with user name "admin" and password "myPassword" to https://smartuniversity-mws:8080. The tenant Biology will be modified to own services container1, container2, and container3.
> msvc -m Biology -U admin -P myPassword -H https://smartuniversity-mws:8080 container1 container2 container3
> msvc --move=Biology --user=admin --password=myPassword --host=https://smartuniversity-mws:8080 container1 container2 container3
Related Topics