This section explains how to configure management protocols for each tenant on a Qumulo cluster.
After you create tenants on your Qumulo cluster, you can manage access for clients that connect to the cluster from the tenant’s network by enabling or disabling the management protocols for each tenant.
- Access to a management protocol lets a client use the protocol to view and modify resources across the entire cluster, not only within the client's tenant.
- If you disable a management protocol, you can still access your cluster by using a physical or remote console.
Prerequisites
To configure management protocols, your user must have membership in a Qumulo role with the following privileges.
-
PRIVILEGE_TENANT_READ
: Viewing tenants -
PRIVILEGE_TENANT_WRITE
: Modifying tenants
Enabling and Disabling REST API Access
The Qumulo REST API lets you manage clusters by using the qq
CLI, Python bindings, and REST API calls.
-
To enable REST API access, run the
qq multitenancy_modify_tenant
command, specify the tenant ID, and use the--enable-rest-api
flag. -
To disable access, use the
--disable-rest-api
flag.
In the following example, the cluster begins to accept REST API traffic on TCP port 8000 on all networks assigned to the tenant.
$ qq multitenancy_modify_tenant \
--id 2
--enable-rest-api
Enabling and Disabling Web UI Access
The Qumulo Core Web UI lets you manage clusters from a browser.
Enabling Web UI access doesn’t require enabling REST API access.
-
To enable Web UI access, run the
qq multitenancy_modify_tenant
command, specify the tenant ID, and use the--enable-web-ui
flag. -
To disable access, use the
--disable-web-ui
flag.
In the following example, the cluster begins to serve the Qumulo Core Web UI on TCP ports 80 and 433 on all networks assigned to the tenant.
$ qq multitenancy_modify_tenant \
--id 2
--enable-web-ui
Enabling and Disabling SSH Access
SSH lets you view logs and use the qq
CLI by using a client to connect to nodes in a cluster remotely.
Enabling SSH access doesn’t require enabling REST API access.
-
To enable SSH access, run the
qq multitenancy_modify_tenant
command, specify the tenant ID, and use the--enable-ssh
flag. -
To disable access, use the
--disable-ssh
flag.
In the following example, the cluster begins to accept SSH traffic on TCP port 22 on all networks assigned to the tenant.
$ qq multitenancy_modify_tenant \
--id 2
--enable-ssh
Enabling and Disabling Replication Access
Replication lets a cluster transfer data from a directory on one cluster to a directory on another cluster.
-
To enable replication access, run the
qq multitenancy_modify_tenant
command, specify the tenant ID, and use the--enable-replication
flag. -
To disable access, use the
--disable-replication
flag.
In the following example, the cluster begins to accept replication traffic on TCP port 3712 on all networks assigned to the tenant.
$ qq multitenancy_modify_tenant \
--id 2 \
--enable-replication