If you use the Nectar Research Cloud through the Dashboard, then the AAF authentication tells the Cloud who you are. This is the basic authentication mechanism for the Nectar Cloud Dashboard, described in our article “Getting an Account”.
There are other ways of using your cloud resources! You may be using the OpenStack Command Line Interface (CLI) or the OpenStack Application Programming Interface (API). Or perhaps you use an intermediary service provider (e.g. this Intersect Launchpod). If you use your cloud resources in any of those other ways, then the AAF authentication is not applicable. You will need to use your Nectar OpenStack username and your Nectar OpenStack password.
NOTE that these are not the same as your institutional username and password that you use in the AAF login to the Nectar Dashboard.
SIDE NOTE Behind the scenes even the Dashboard uses the APIs (on your behalf).
Your Nectar OpenStack username was generated automatically when you first logged into the Dashboard; it is displayed in the top right hand corner of your Dashboard and in most cases it will be your email address. You can generate a Nectar OpenStack password using the Dashboard as described below.
How does it work
The easiest way to get your Nectar OpenStack Password is to have the NeCTAR Dashboard generate it for you. You can follow the instructions below to obtain yours. But you should take note of the following important remarks.
You cannot view your existing password. It will only be shown to you when you first generate it. It is up to you to remember or manage your password well.
Resetting your password generates a new password for you to use and manage. Any API applications or CLI scripts or service provider accounts you may have created in the past, that are set up with the old password will be denied API/CLI/service access until you configure them to use your new password.
If you are already using your password for one service (say CLI access), then you don’t need to generate a new password for another service (say API access). Just use the password you already have.
NOTE You can also change your Nectar OpenStack password using the CLI or API, which allows you to choose your own password. This is beyond the scope of this article. There are some OpenStack documentation references below.
Your password will apply to any project that you’re a member of. If you are a member of multiple projects, then you will need to configure your CLI/API/Service account separately to use your intended project allocation using settings like Project ID or Project Name.
Getting or resetting your Nectar OpenStack password
To obtain or reset-and-obtain your Nectar OpenStack password using the Nectar Dashboard:
- navigate to and sign in to your Nectar Dashboard
- click on your user name in the top right of the screen
- select “Settings” from the drop down menu
- navigate on to the Password Reset Form by clicking the Reset Password tab on the left hand side of the screen
- on the Password Reset Form click the Reset Password button. There will be NO confirmation asked.
The Password Reset Form will now display your new generated password to you.
You can also use the CLI or the API to set your Nectar OpenStack password. Refer to the OpenStack CLI documentation or the OpenStack API documentation
More information about setting up CLI and API access can be found in our API Article in the Cloud Expert: Authentication section.
OpenStack password security
You should keep your password private and secure. In particular, you should not share your password with another user, a website, or a service.
There are ways (using Keystone Trusts - beyond the scope of this article) for services to act on your behalf without requiring your password, service operators and developers can be referred to Nectar Support for assistance with this. Additionally, if you need to use a service which cannot be changed, or you find yourself needing to embed your OpenStack password inside an unattended machine (e.g. for a service/bot running in an instance) then you can contact Nectar Support and ask for a robot account to be created specifically for the project in question.