OpenShift Origin 3.7 : Keystone Authentication
2018/02/08 |
The OpenShift installation example on this tutorial showed to configure HTPasswd
for Authentication provider, however it's possible to select some Authentication provider except HTPasswd.
On here, Configure Openstack Keystone for Authentication provider.
This example is based on the environment like follows.
-----------+--------------+------------------------------------------+------------ |10.0.0.30 | |10.0.0.51 |10.0.0.52 +----------+-----------+ | +----------+-----------+ +----------+-----------+ | [ dlp.srv.world ] | | | [ node01.srv.world ] | | [ node02.srv.world ] | | (Master Node) | | | (Compute Node) | | (Compute Node) | | (Compute Node) | | | | | | +----------------------+ | +----------------------+ +----------------------+ | +----------------------+ | | [keystone.srv.world] | | | Openstack Keystone +--+ | |10.0.0.50 +----------------------+ |
[1] | |
[2] | Login as root or Cluster admin user and change authentication settings. |
# line 159: change like follows identityProviders: - challenge: true login: true mappingMethod: claim # any name you like name: keystone_auth provider: apiVersion: v1 kind: KeystonePasswordIdentityProvider # keystone domain name (Openstack's default is just the [default]) domainName: default # keystone auth URL url: http://10.0.0.50:5000 ..... .....[origin@dlp ~]$ |
[3] | Add any user for Openshift Cluster on Keystone Server. |
[root@keystone ~(keystone)]# openstack user create --domain default --password mypassword redhat +---------------------+----------------------------------+ | Field | Value | +---------------------+----------------------------------+ | domain_id | default | | enabled | True | | id | c81f839e6460492f8d111012c75395fc | | name | redhat | | options | {} | | password_expires_at | None | +---------------------+----------------------------------+ |
[4] | Make sure it's possible to login to Openshift Cluster with the user above. |
[cent@dlp ~]$ oc login
Authentication required for https://dlp.srv.world:8443 (openshift)
Username: redhat
Password:
Login successful.
You don't have any projects. You can try to create a new project, by running
oc new-project <projectname>
[cent@dlp ~]$
[cent@dlp ~]$ oc whoami redhat oc new-project myproject Now using project "myproject" on server "https://dlp.srv.world:8443". You can add applications to this project with the 'new-app' command. For example, try: oc new-app centos/ruby-22-centos7~https://github.com/openshift/ruby-ex.git to build a new example application in Ruby. ..... ..... |