Skip to content

Instantly share code, notes, and snippets.

View kmurudi's full-sized avatar

Kshitija Murudi kmurudi

4 followers · 9 following
View GitHub Profile
@kmurudi
kmurudi / node_check.yml
Last active July 14, 2017 15:12
---
- hosts: master.unset.ocp-admin.aws.openshifttestdrive.com
tasks:
- name: Checking status of all the nodes
@kmurudi
kmurudi / diagnostics.yml
Created July 14, 2017 16:24
---
- hosts:
tasks:
- name: Running diagnostics test and display errors
command: oc adm diagnostics
become: root
...
@kmurudi
kmurudi / better-lab1-test.yml
Last active July 25, 2017 14:44
---
- name: Verifying the OpenShift installation lab module - Verifying lab module-1
hosts: masters
tasks:
- name: Checking if the 'oc version' is correct
command: oc version
@kmurudi
kmurudi / ldap-groupsync.adoc
Last active July 28, 2017 15:58

4.3 - Using external authentication providers

This lab module is about using external authentication providers and LDAP is one of them. Access to resources like a project in OCP can be controlled by using authentication methods like LDAP and only the allowed privileges can be mapped to a user or a certain group.

LDAP stands for Lightweight Directory Access Protocol. LDAP provides different levels of access to users based on their groups and privileges.

We have defined 4 groups for this lab :-

  1. ose-user "Users with OpenShift access"

  2. ose-normal-dev "Normal OpenShift users"

@kmurudi
kmurudi / groupsync.yaml
Last active July 18, 2017 23:19
---
kind: LDAPSyncConfig
apiVersion: v1
url: ldap://idm.unset.ocp-admin.aws.openshifttestdrive.com
ca: /etc/origin/master/ipa-ca.crt
bindDN: uid=admin,cn=users,cn=accounts,dc=unset,dc=ocp-admin,dc=aws,dc=openshifttestdrive,dc=com
bindPassword: ldapadmin
rfc2307:
groupsQuery:
baseDN: cn=groups,cn=accounts,dc=unset,dc=ocp-admin,dc=aws,dc=openshifttestdrive,dc=com
@kmurudi
kmurudi / ldap-groupsync_verification-rough.yml
Last active July 24, 2017 19:18
---
- hosts: masters
tasks:
- name: ssh into idm and echo tp
command: ldapsearch -h idm -D uid=admin,cn=users,cn=accounts,dc=unset,dc=ocp-admin,dc=aws,dc=openshifttestdrive,dc=com -w ldapadmin
register: result
delegate_to: idm.unset.ocp-admin.aws.openshifttestdrive.com
@kmurudi
kmurudi / ldap-groupsync_automation.yml
Last active July 21, 2017 18:07
---
- name: Automation of module 3.3 (if user wants to skip)
hosts: masters
become_user: root
tasks:
- name: syncing all the groups using 'oc adm' CLI tool and applying changes to the system
command: oc adm groups sync --sync-config=/home/ec2-user/groupsync.yaml --confirm
@kmurudi
kmurudi / ldap-groupsync_verification.yml
Last active August 2, 2017 14:13
---
- hosts: masters
tasks:
- name: Login as cluster:admin so as to list all groups and projects
command: oc login -u teamuser1 -p openshift
become_user : root
@kmurudi
kmurudi / template.yaml
Last active July 27, 2017 14:40
apiVersion: v1
kind: Template
metadata:
creationTimestamp: null
name: project-request
objects:
- apiVersion: v1
kind: Project
metadata:
annotations:
@kmurudi
kmurudi / defaultproj_template_verification.yml
Last active July 27, 2017 14:52
---
- name: Verifying the creation of project and quota and limitranges applied to it
hosts: masters
tasks:
- name: Login as system:admin to create projects
command: oc login -u system:admin
- name: Checking the creation of a new project
command: oc new-project my-project