POD parameters : | OpenShift Group | user0 |
pod0-master.origin.com
|
pod0-node1.origin.com
|
pod0-spare.origin.com
|
cloudapps0.origin.com
|
User | master | node1 | spare |
user0
cloudapps0.origin.com
|
pod0-master.origin.com
eth0 : 10.1.64.110
Netmask : 255.255.0.0
Gateway : 172.16.0.1
|
pod0-node1.origin.com
eth0 : 10.1.64.110
Netmask : 255.255.0.0
Gateway : 172.16.0.1
|
pod0-spare.origin.com
eth0 : 10.1.64.110
Netmask : 255.255.0.0
Gateway : 172.16.0.1
|
Introduction
In this lab, you will configure the OpenShift Container Platform authentication mechanism
1. Create an administrative user
1.1 Login into the pod0-master.origin.com host:
ssh root@pod0-master.origin.com
1.2 Install httpd package
Username and passwords for the authentication mechanism are configured using the htpasswd binary. This utility is available by installing the httpd-tools packages.
yum -y install httpd-tools
1.3 Installer by default configures the OCP master to authenticate using an Apache web server htpasswd file.
List the entries in “/etc/origin/master/master-config.yaml” configuration file to configure the “htpasswd” authentication mechanism
grep -e file -e HTPasswd /etc/origin/master/master-config.yaml
Output:
file: /etc/origin/master/htpasswd
kind: HTPasswdPasswordIdentityProvider
1.4 Create the “/etc/origin/master/htpasswd” file.
touch /etc/origin/master/htpasswd
1.5 Create a new user account in the authentication system, username as ocadmin and password openshift
htpasswd -b /etc/origin/master/htpasswd ocadmin openshift
Output:
Adding password for user ocadmin
1.6 Make ocadmin as cluster-admin, to be able to manage oc cluster:
oadm policy add-cluster-role-to-user cluster-admin ocadmin
Output:
cluster role "cluster-admin" added: "ocadmin"
1.6 Run the below command to avoid domain name resolution overhead
sed -i ' s/pod0-master.origin.com:8443/172.16.120.15:8443/g' /etc/origin/master/master-config.yaml
sed -i ' s/pod0-master.origin.com:2379/172.16.120.15:2379/g' /etc/origin/master/master-config.yaml
1.7 Restart the atomic-openshift-master service
systemctl restart atomic-openshift-master.service
2. Verify the authentication on GUI
2.1 Open a web browser on the local system and navigate to the following url:
https://localhost:8443
or
https://172.16.120.10:8443
2.2 Login to the OCP master web console as ocadmin with the password openshift.
a. A welcome page should be presented
b. View the dashboard page to create the project