forked from pivotal-cf/docs-pcf-install
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathconsole-env-variables.html.md.erb
57 lines (34 loc) · 4.16 KB
/
console-env-variables.html.md.erb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
---
title: Controlling Apps Manager User Activity with Environment Variables
owner: Apps Manager
---
<strong><%= modified_date %></strong>
This topic describes three environment variables that you can use to manage user interactions with Pivotal Cloud Foundry® Apps Manager, and how to set these variables using the cf CLI.
## <a id='understand-ev'></a>Understanding Apps Manager Environment Variables ##
The following environment variables control which users can create Orgs and perform user management actions on Apps Manager.
### <a id="ENABLE_INTERNAL_USER_STORE"></a> ENABLE\_INTERNAL\_USER\_STORE ###
This variable defaults to `false`, which disables the internal user store. This means that an admin must designate an external LDAP / AD user store as the source of user accounts.
Set this variable to `true` to let users register for new accounts, manage their account and password, and invite new members into their Orgs by clicking an “Invite New Members” link. This setting enables an internal user store within a Pivotal Cloud Foundry® (PCF) installation's own local User Account and Authentication (UAA) Server. With the internal store enabled, Cloud Foundry admins do not need to configure an external user store, such as an LDAP / AD server, to create user accounts.
### <a id="ENABLE_NON_ADMIN_ORG_CREATION"></a> ENABLE\_NON\_ADMIN\_ORG\_CREATION ###
This variable defaults to `false`, which prevents non-admin users from being able to create Orgs.
Set this variable to `true` to allow any user to create an Org.
This setting activates two links on the user's Org Dashboard:
* The **Create a New Org** link in the drop-down menu in the left navigation panel
* The **Create Org** link in the **MY ORGS** section of the My Account page, which you access from the user name drop-down menu
### <a id="ENABLE_NON_ADMIN_ROLE_MANAGEMENT"></a> ENABLE\_NON\_ADMIN\_ROLE\_MANAGEMENT ###
This variable defaults to `false`, which prevents users with the Org Manager or Space Manager role from managing existing users and roles within their Orgs or Spaces. This allows admins to centrally manage users and roles.
Set this variable to `true` to allow users with the Org Manager or Space Manager role to manage existing users and roles within their Orgs or Spaces.
<p class="note"><strong>Note</strong>: The previous <code>ENABLE_NON_ADMIN_USER_MANAGEMENT</code> environment variable that controlled many of the above features was deprecated in Pivotal Elastic Runtime 1.6.</p>
## <a id='change-ev'></a>Changing an Environment Variable Value ##
<p class="note"><strong>Note</strong>: To run the commands discussed in this section, you must log in to the cf CLI with your UAA Administrator user credentials. In Pivotal Operations Manager, refer to <strong>Elastic Runtime > Credentials</strong> for the UAA admin name and password.</p>
To change an environment variable value:
1. In a terminal window, set your target API to your Apps Manager URL by running `cf api API-URL`, where API-URL is <%=vars.api_endpoint%>.
<pre class="terminal">$ cf api api.YOUR-SYSTEM-DOMAIN</pre>
1. Run `cf login` to log in as an admin. When prompted, provide your UAA Administrator user credentials. When prompted further, choose `system` as your org and `apps-manager` as your space.
<p class="note"><strong>Note</strong>:
If you are already logged in with UAA Administrator user credentials, switch to the correct org and space by running `cf target -o system -s apps-manager`. You do not need to log in again.
</p>
1. Set an environment variable for either `apps-manager-blue` or `apps-manager-green`, depending on which is currently live. To learn more about how Apps Manager uses blue-green deployment to reduce downtime, review [Using Blue-Green Deployment to Reduce Downtime and Risk](../devguide/deploy-apps/blue-green.html). For example, to let users self-manage their org and space roles as described above, run the following command to set an environment variable for your live Apps Manager.
<pre class="terminal">$ cf set-env apps-manager-blue ENABLE\_NON\_ADMIN\_ROLE\_MANAGEMENT true</pre>
1. Reinitialize your live Apps Manager with the new environment variable value.
<pre class="terminal">$ cf restart apps-manager-blue</pre>