User Management

User Management

Odin supports per-user accounts managed through the users.yaml configuration file. Each user has their own account with their SSH public key configured for authentication.

How User Accounts Work

  1. User Configuration: Users are defined in odin/terraform/users.yaml with their username and SSH public key
  2. Automatic Provisioning: User accounts are automatically created on cluster instances during startup via cloud-init
  3. SSH Key Authentication: Each user authenticates using their own private SSH key

Adding a New User

Step 1: Update users.yaml

  1. Obtain the user’s SSH public key (they should generate a key pair if they don’t have one)

  2. Create a new branch in the repository: 
    git checkout -b add-user-<username>
  3. Add the user to odin/terraform/users.yaml: 
    users:
  johndoe:
    unix_id: 2010
    group_ids: [2010, 100]
    home_dir: "/home/johndoe"
    ssh_public_key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAB... johndoe@example.com"
    shell: "/bin/bash"
    groups: ["users", "docker"]

    Important: Ensure the unix_id is unique and doesn’t conflict with existing users.

  4. Commit and push your changes: 
    git add odin/terraform/users.yaml
git commit -m "Add user johndoe to Odin cluster"
git push origin add-user-<username>

Step 2: Create and Merge Pull Request

  1. Open a Pull Request on GitHub from your branch to the main branch
  2. Request review from a team member
  3. Once approved, merge the Pull Request

Step 3: Run the GitHub Actions Workflow

After merging the PR, trigger the update-users GitHub Actions workflow:

  1. Go to the GitHub repository → Actions tab
  2. Select the Update Users workflow
  3. Click Run workflow → Select the branch (usually main) → Click Run workflow

The workflow automatically:

  • Reads odin/terraform/users.yaml
  • Creates user accounts on all instances
  • Deploys SSH keys
  • Configures user permissions and groups

Targets synced:

  • Jump host
  • ParallelCluster head node
  • Data Manager Linux
  • Data Manager Windows (if configured)

Step 4: Verify User Creation

Test that the user was created successfully:

# Jump Host
ssh jump-host "id johndoe"
ssh jump-host "ls -la /home/johndoe/.ssh/authorized_keys"

# Login Nodes
ssh login1 "id johndoe"
ssh login1 "groups johndoe"

# Data Manager Linux
ssh data-manager-linux "id johndoe"
ssh data-manager-linux "groups johndoe"

Step 5: Inform the User

Provide the new user with:

  • Jump host DNS: jump.odin.navify.com
  • SSH configuration instructions (see SSH Setup)
  • Access to this documentation
  • Confirmation that their SSH key was deployed

Manual Deployment (Alternative)

If you need to deploy user changes without GitHub Actions:

cd /path/to/odin-infra/odin/terraform
terraform apply -target=null_resource.user_sync

This will update users on jump host and headnode. For data manager instances, you may need to run user sync scripts manually.

User Configuration Fields

Field Description Example
unix_id Unique UNIX user ID 2010
group_ids List of group IDs [2010, 100]
home_dir Home directory path /home/johndoe
ssh_public_key User’s SSH public key ssh-rsa AAAA...
shell Default shell /bin/bash
groups Group names ["users", "docker"]