Cloudera Docs

Performing user sync

When making any kind of user or group-related changes, you need to perform user sync in order for the changes to be synced to FreeIPA.

All user and group related changes with one exception of generating API access keys require user sync. For example all of the following require user sync:

  • Creating machine users
  • Deleting users and machine users
  • Assigning CDP roles or environment-level resource roles to users
  • Creating a group, assigning group membership, and deleting a group
  • Setting workload password
  • Managing user SSH keys
During user sync:
  • All control plane actors (users and machine users) with the environments/accessEnvironment right are synced to the FreeIPA.
  • All groups are synced to the FreeIPA.
  • All users with PowerUser role are synchronized to all environments.

Syncing users to all environments

Required role: PowerUser

Steps

  1. From the CDP web interface, you can perform user sync from the Management Console > User Management.
  2. Click Actions > Synchronize Users.
  3. Click Synchronize Users.
  4. Status shown will be Running, then Completed.
From the CDP CLI, you can use the following commands:
cdp environments sync-all-users

This command synchronizes all users and groups with all CDP environments.

cdp environments sync-user
This commands only syncs the current user with all their CDP environments. You can use it if you are making changes to your own user, but you can't use it for syncing other users.

What to do next

Depending on how many users you have in CDP, it may take a few minutes for the user sync to complete. The sync operation times out after 30 minutes.

Syncing users to a selected environment

Required role: EnvironmentAdmin and DataSteward can perform user sync for a single environment. PowerUser can perform user sync for all environments.

Steps

  1. From the CDP web interface, you can perform user sync from the Management Console > Environments.
  2. Navigate to a specific environment.
  3. Do one of the following:
    • Click on Actions > Synchronize Users to FreeIPA
    • Navigate to Summary > FreeIPA > Actions > Synchronize Users to FreeIPA
    • Click on Actions > Manage Access and then click the Synchronize Users button in the top right corner.
  4. Click Synchronize Users.
  5. Status shown will be Running, then Completed.
From the CDP CLI, you can use the following command: 
cdp environments sync-all-users --environment-names <value>

This command synchronizes all users and groups with one or more CDP environments specified in --environment-names <value>.

What to do next

Depending on how many users you have in CDP, it may take a few minutes for the user sync to complete. The sync operation times out after 30 minutes.