For the initial Dell Technologies Bare Metal Orchestrator installation and cluster configuration, a common Linux user account is required. We recommend creating an account called installer on all VMs that host the Bare Metal Orchestrator nodes in the cluster. However, any user-defined account that meets the requirements can be used. The required step to update the all.yml file with an Ansible user account is included in the Bare Metal Orchestrator installation procedure.
A common installer user
All servers hosting a Bare Metal Orchestrator node must have the same Linux user account configured. An account called installer is used as an example in this guide.
For single node deployments, create this common user account on the VMs hosting the Global Controller node and all remote worker nodes. Ensure the common user account complies with the following:
- Passwordless sudo privileges are enabled for the duration of the installation and Bare Metal Orchestrator node configuration, including worker nodes.
- All worker nodes must have the same password.
For high availability (HA) deployments, ensure all nodes in the HA cluster have the same Linux user account configured (for example, installer.) The same user account and privileges must be configured on each server hosting the following Bare Metal Orchestrator nodes:
- Global Controller (CP1) and the two redundant HA nodes (CP2 and CP3)
- The two Load Balancers
- All worker nodes
Common (installer) user requirements for HA deployments:
- Passwordless sudo privileges are enabled for the duration of the installation and Bare Metal Orchestrator node configuration, including worker nodes.
- CP1, CP2, and CP3 nodes must have the same password.
- All Load Balancer nodes must have the same password.
- All worker nodes must have the same password.
You can revoke passwordless sudo privileges when you're done installing the Bare Metal Orchestrator cluster. However, some Bare Metal Orchestrator features require elevated administrator privileges to run. Those are indicated where the feature is documented.
For more information about the required passwordless privileges, see Node access account requirements.
Initial admin user creation
An initial Identity and Access Management (IAM) admin user is created automatically when you run the installation. You are prompted to provide a password for this initial admin user, as well as provide other required passwords. The steps are documented in the procedures Deploy a single node cluster and Deploy an HA Bare Metal Orchestrator cluster.
After Bare Metal Orchestrator is deployed, you can use the CLI or the web user interface to continue the setup. The first-time you log in to Bare Metal Orchestrator using the CLI, API, or the web UI, you must enter the admin credentials.
The kubeconfig file that is created automatically for the initial admin user is saved in the following directory:
/etc/rancher/rke2/config_admin.yaml
For information about logging in to the web UI using your Bare Metal Orchestrator user account, see Log in to the web UI.
To learn how to add the Bare Metal Orchestrator hostname on the management console to log in to the web UI, see Updating the Bare Metal Orchestrator hostname and web UI access.