SOLVED Adding systems. API key?

dnilgreb

Contributor
Joined
Mar 29, 2016
Messages
168
Hi,

I´ve just installed the TrueCommand docker image in a Ubuntu VM running on my TrueNAS Core (12.0-U2).
I started/initiated with this command, from the docs:

Code:
docker run --detach -v “/home/truecommand/truecommand/data” -p 80:80 -p 443:443 ixsystems/truecommand:latest


It starts fine, and I can access the webGUI just fine. So now I want to add a system.
That, it seems, requires a TrueCommand account, and even with an account I can not find any API key without adding a paid license.

According to the website, it is free for managing a total of up to 50 drives, which more than enough in my case.
But how to add my systems, if I haven´t purchased a license?

If anyone knows a way and/or can point me in the right direction, that would be great!
 

sretalla

Powered by Neutrality
Moderator
Joined
Jan 1, 2016
Messages
9,702
On your TrueNAS server, in the top right, click the cogwheel and select API Keys... then Add one (if you use 2FA or just don't want to use the root password in TrueCommand).

Now in TrueCommand in the top right of the dashboard click + New System in the top right... enter the IP and a friendly name for the server, then either the root password for that server or the API key you generated.

No need to enter a license key anywhere.
 

dnilgreb

Contributor
Joined
Mar 29, 2016
Messages
168
Thank you, great answer.
Worked!
 

vishesh999

Cadet
Joined
Jan 7, 2024
Messages
6
1. Can anyone please let me know is using API keys same as using Root password?
2. Does TrueCommand allow to add users, add shares or access files on the storage servers?
3. I do not want TrueCommand to have administrative rights on all the storage servers, and be used for monitoring purposes only. Is this possible?
 

sretalla

Powered by Neutrality
Moderator
Joined
Jan 1, 2016
Messages
9,702
1. Can anyone please let me know is using API keys same as using Root password?
Yes, that's right. There's no granularity to the API access itself.

2. Does TrueCommand allow to add users, add shares or access files on the storage servers?
The TrueCommand "admin" can do all of that, or grant the access for it to itself or somebody else.

3. I do not want TrueCommand to have administrative rights on all the storage servers, and be used for monitoring purposes only. Is this possible?
The Role-Based Access Control (RBAC) model in TrueCommand means you can assign an account in TrueCommand that can do only those things you want, but the TrueCommand admin account can still control everything.
 

vishesh999

Cadet
Joined
Jan 7, 2024
Messages
6
Yes, that's right. There's no granularity to the API access itself.


The TrueCommand "admin" can do all of that, or grant the access for it to itself or somebody else.


The Role-Based Access Control (RBAC) model in TrueCommand means you can assign an account in TrueCommand that can do only those things you want, but the TrueCommand admin account can still control everything.

Is it possible to add a user in TrueCommand, which would then be replicated on all the servers we choose?
 

sretalla

Powered by Neutrality
Moderator
Joined
Jan 1, 2016
Messages
9,702
Is it possible to add a user in TrueCommand, which would then be replicated on all the servers we choose?
Not really... the TrueCommand users exist in TrueCommand, not in the managed systems... they then use the API credential to get the access allowed by RBAC for that user to the specified system.
 

vishesh999

Cadet
Joined
Jan 7, 2024
Messages
6
Not really... the TrueCommand users exist in TrueCommand, not in the managed systems... they then use the API credential to get the access allowed by RBAC for that user to the specified system.
I was going through the documentation of TrueCommand User Based roles https://www.truenas.com/docs/truecommand/adminguide/users/

Please correct me if I am wrong:-
1. Lets say I deploy 10 instances of TrueNAS Scale on VMs, Server1, Server2 and so on...
2. These servers are linked to TrueCommand via APIs
3. Now TrueCommand has full control over these servers.
4. If I create a new user in TrueCommand named 'trueCommandUserReadOnly', which has read only access to all these servers, will I be able to mount SMB Shares using this single user 'trueCommandUserReadOnly'? Or is mounting shares specific to each system user?

Sorry for the noob question, I hope I didn't complicate it...
 

vishesh999

Cadet
Joined
Jan 7, 2024
Messages
6
After going through the following documentation, I would like to refer you to my initial question, where I asked if I could create a single user, that would be replicated across all the systems, is this documentation talking about what I was initially asking?

 

sretalla

Powered by Neutrality
Moderator
Joined
Jan 1, 2016
Messages
9,702
After going through the following documentation, I would like to refer you to my initial question, where I asked if I could create a single user, that would be replicated across all the systems, is this documentation talking about what I was initially asking?
Maybe showing that the documentation is the best place to start, yes, it addresses your question. You can use the referenced process to create and manage users on multiple systems (I didn't think that was possible, but there you go).
 

Patrick M. Hausen

Hall of Famer
Joined
Nov 25, 2013
Messages
7,740
@vishesh999 You are possibly confusing administrative users and NAS users. A "TrueCommand user" is used to login to the TrueCommand UI and only to that. The user can then manage a fleet of NAS systems via TrueCommand. These users are not able to access any shares or other TrueNAS services.

You need to create TrueNAS users for that - who in turn are not able to logon to the admin UI by default. Two different things.

I admit I also just learned that you can manage NAS users and groups from TrueCommand across a fleet of NAS systems. So that seems to cover your requirements.

But if you really have a number of NAS in the order of 10 systems or more - wouldn't a central directory like AD be preferable?
 

vishesh999

Cadet
Joined
Jan 7, 2024
Messages
6
You are possibly confusing administrative users and NAS users. A "TrueCommand user" is used to login to the TrueCommand UI and only to that. The user can then manage a fleet of NAS systems via TrueCommand. These users are not able to access any shares or other TrueNAS services.

You need to create TrueNAS users for that - who in turn are not able to logon to the admin UI by default. Two different things.

Thanks for your input. Really appreciate it. This makes things much more clearer.
 

vishesh999

Cadet
Joined
Jan 7, 2024
Messages
6
But if you really have a number of NAS in the order of 10 systems or more - wouldn't a central directory like AD be preferable?

It's the first time I am hearing about AD / Active Directory, and not sure the scope and use case scenario. It is something I would definitely like to learn more.

Is it possible to have a single mount, that combines the shares across all the storage servers? For instance:-
Storage Server 1 > Share 1
Storage Server 2 > Share 2
.
.
Storage Server 10 > Share 10

Question: Instead of mounting 10 SMB shares individually, can I mount them all together in a single mount point? Is that what AD means?
 

Patrick M. Hausen

Hall of Famer
Joined
Nov 25, 2013
Messages
7,740
AD first and foremost means centralised or even federated management of users, groups, privileges, machines, policies, DNS, PKI, ...
Truly surprised you never heard of it. It's standard in every company running on Microsoft since Windows 2000.


IIRC it is possible to present a unified namespace to SMB clients across multiple TrueNAS servers. If that feature needs AD or not I don't know. Possibly @anodos can step in.
 

anodos

Sambassador
iXsystems
Joined
Mar 6, 2014
Messages
9,544
AD first and foremost means centralised or even federated management of users, groups, privileges, machines, policies, DNS, PKI, ...
Truly surprised you never heard of it. It's standard in every company running on Microsoft since Windows 2000.


IIRC it is possible to present a unified namespace to SMB clients across multiple TrueNAS servers. If that feature needs AD or not I don't know. Possibly @anodos can step in.
It doesn't need AD right now, but AD is definitely beneficial. Trying to sync-up _local_ users / groups in a fleet of servers is kind of a losing proposition.
 
Top