Operations
Rafay Partners are provided with access to a Multi-tenant "Operations Console" providing them with critical capabilities to manage multiple customers and their tenants (i.e. Orgs).
Note
Providers can also integrate their existing mgmt systems with their Partner Operations Console using Rafay's Swagger based APIs.
Organizations¶
An Organization is an isolated tenant on the controller managed by a partner. An Org typically maps to a customer. After logging into the Operations Console, click on Organizations to view the list of organizations. A partner/provider can manage as many organizations as they require.
Create Org¶
Sign up for Organization is available in three (3) ways:
1. Using the Swagger based REST APIs
- Login to the console and click API DOCS from the Home page menubar
Platform API screen appears
- Under Organization, use the available REST APIs to signup for new organization(s)
2. Self-service Sign up
A self-service signup page is available for the end users to sign up for a new organization
- Click SIGN UP and provide the required details
- Click Register
On successful registration, the user will receive a verification email on the given email id. A non-existing user will receive an email with a random password, whereas the existing users will receive successful org creation email
These Organizations need to be reviewed and approved by a Partner Admin before they are considered active
Important
Super Admin can enable or disable the Self Signup option via Ops Console
3. Register to Add Organization
Add Organization button is available in the Ops Console for Super Admins
- Login to the Operations Console and click Add Organization
- Provide the required details and click Register
On successful registration, user will receive a verification email.
View Org¶
Click on Organizations to view the list of Organizations under management by the Partner/Provider.
Search Options¶
There are multiple search options provided allowing the user to quickly search and list the organizations that match the specified criteria.
- Search by Name: Provide the Organization name to get a specific Organization details
- Filter by Status: Select the status, Approved (or) Approval Pending from the drop-down and retrieve the required organization status
- Filter by Partner: Select a partner from the drop-down to view all the organizations available with a specific partner
Update Org¶
Partner Admins can update an Org using the Operations Console.
- Click on an Org and use the Edit icon to perform any changes in the existing organization. The following changes can be made to an existing Org.
Settings¶
- Tier Type: Select Free (or) POC (or) Paid. Type Free is the default selection
- MFA: Enable or disable the Multi-Factor Authentication (MFA) option
- ABAC: Enable or disable the Attribute-Based Access Control (ABAC) option
- IPv6 Enabled: Enable or disable the IPv6 Enabled option to facilitate seamless connectivity, scalability, and improved network performance
- Registry FQDN: Registry FQDN is a custom registry FQDN for an organization from where the cluster pulls Rafay images. To enable users to pull images from their own repositories/registries, a new configuration option is being introduced in the Ops Console on a per-organization basis. Users are required to create a folder named 'rafay' within their registry and place the necessary images there. The registry domain name should then be shared with Rafay for configuration. This ensures that when creating cluster, blueprint sync or any clusters operations occurs within the organization, all required images are fetched from the specified registry's 'rafay' folder instead of the Rafay registry. It's crucial to maintain synchronization between the user's registry and Rafay's registry, ensuring consistency in directory paths and other configurations. By providing this flexibility at the organization level and adhering to the 'rafay' folder structure, users can seamlessly utilize their own resources.
- Click Save Changes
Users can verify the custom registry configuration and workload images, as demonstrated in the examples below.
Verify Custom Registry Configuration
Below is an example where Custom Org is configured to use the custom registry FQDN demouser1.registry.net. This will check the bootstrap YAML file to ensure that all specified Rafay service images are correctly listed and sourced from the appropriate user registry, verifying that the deployment configuration is accurate and ready for execution.
cat ~/Downloads/customorg-cluster-1-bootstrap.yaml | grep 'image:'
image: demouser1.registry.net/rafay/rafay-relay-agent-redhat:master-84
image: demouser1.registry.net/rafay/busybox:1.33
image: demouser1.registry.net/rafay/cluster-controller:master-32
image: demouser1.registry.net/rafay/rafay-connector:master-89
Verify Rafay Workloads from Custom Registry
For example, as part of the initial cluster provisioning with a minimal blueprint, the provisioning and blueprint synchronization are successful.
In this example, the organization has a custom registry configured as demouser1.registry.net. All Rafay addons are pulled from this configured custom registry.
To verify the images, run the following command:
kubectl get pods -n rafay-system -o jsonpath="{..image}" | tr -s '[[:space:]]' '\n' | sort | uniq -c
demouser1.registry.net/rafay/busybox:1.33
demouser1.registry.net/rafay/cluster-controller:master-32
demouser1.registry.net/rafay/edge-client:main-34
demouser1.registry.net/rafay/rafay-connector:master-89
demouser1.registry.net/rafay/rafay-relay-agent:master-83
__
Users¶
Add Users to an organization or view the existing user details of a specific organization
Feature Capabilities¶
At the org level, default capability options (enable/disable) can be set. Enable/disable Overrides are available and these override the default capability option
Deactivate Org¶
Click Deactivate button to deactivate the organization. This blocks all the users within this organization from accessing it. A good example for this action is when an end customer is delinquent on their payments.
Note: Only the Approved organization can be deactivated
- Click Save Changes
Delete Org¶
Existing Organizations can be deleted permanently if required. Note that this is a destructive, non-reversible action.
Users¶
As a best practice, we recommend that partners and providers have at least two "partner admins" configured for their Ops Console. This will ensure that they minimize the chance of getting locked out of their console in situations where one of the partners is no longer available or has misplaced their credentials.
Add User¶
An existing partner admin can add/invite another user as a partner admin.
- Click on Users
- Click on New User
- Enter the email address, first and last name, select partner admin from the dropdown.
The new user will receive an activation email. Once they verify their email address, they will be asked to set a password and will have access to the Operations Console.
When adding an existing users to an org, email verification happens. For non-verified emails, users must verify the email id to access the console.
View User¶
To view all users configured to access the Operations Console, click on "Users". This will present you with list of users, their status etc.
Deactivate User¶
User access to the Operations Console can be temporarily suspended by deactivating the user.
- Click on Actions for the specific user
- Select "Deactivate" from the action dropdown
Follow the same steps to reactivate the deactivated user.
Delete User¶
Users can be permanently deleted from the Operations Console. Once performed, they will no longer be able to access the console.
- Click on Actions for the specific user
- Select "Delete" from the dropdown actions
Audit Logs¶
An audit trail is available for activity performed by users on the Operations Console. Click on Audit Logs to view the logs in a reverse chronological format.
