Lab 6 : Configuring Authentication

Introduction

In this lab, you will configure the OpenShift Container Platform authentication mechanism

1. Create an administrative user

1.1 Login into the pod0-master.origin.com host:

ssh root@pod0-master.origin.com

1.2 Install httpd package

Username and passwords for the authentication mechanism are configured using the htpasswd binary. This utility is available by installing the httpd-tools packages.

yum -y install httpd-tools

1.3 Installer by default configures the OCP master to authenticate using an Apache web server htpasswd file.

List the entries in “/etc/origin/master/master-config.yaml” configuration file to configure the “htpasswd” authentication mechanism

grep -e file -e HTPasswd /etc/origin/master/master-config.yaml

Output:

file: /etc/origin/master/htpasswd
kind: HTPasswdPasswordIdentityProvider

1.4 Create the “/etc/origin/master/htpasswd” file.

touch /etc/origin/master/htpasswd

1.5 Create a new user account in the authentication system, username as ocadmin and password openshift

htpasswd -b /etc/origin/master/htpasswd ocadmin openshift

Output:

Adding password for user ocadmin

1.6 Make ocadmin as cluster-admin, to be able to manage oc cluster:

oadm policy add-cluster-role-to-user cluster-admin ocadmin

Output:

cluster role "cluster-admin" added: "ocadmin"

1.6 Run the below command to avoid domain name resolution overhead

sed -i ' s/pod0-master.origin.com:8443/172.16.120.15:8443/g' /etc/origin/master/master-config.yaml
sed -i ' s/pod0-master.origin.com:2379/172.16.120.15:2379/g' /etc/origin/master/master-config.yaml

1.7 Restart the atomic-openshift-master service

systemctl restart atomic-openshift-master.service

2. Verify the authentication on GUI

2.1 Open a web browser on the local system and navigate to the following url:

https://localhost:8443

or

https://172.16.120.10:8443

2.2 Login to the OCP master web console as ocadmin with the password openshift.

a. A welcome page should be presented

b. View the dashboard page to create the project