Skip to main content

Configuring Authentication in OpenShift

Hands-On Lab

 

Length

01:00:00

Difficulty

Intermediate

In this scenario, we have been asked to switch authentication methods in an OpenShift cluster from AllowAll to HTPasswd, then create a new user named duck with the password stacker. Use the httpd-utils package to create an auth file under /etc/origin/ named htpasswd-users to create duck.

What are Hands-On Labs?

Hands-On Labs are scenario-based learning environments where learners can practice without consequences. Don't compromise a system or waste money on expensive downloads. Practice real-world skills without the real-world risk, no assembly required.

Configuring Authentication in OpenShift

Introduction

In this scenario, we have been asked to switch authentication methods in an OpenShift cluster from AllowAll to HTPasswd, then create a new user named duck with the password stacker. Use the httpd-utils package to create an auth file under /etc/origin/ named htpasswd-users to create duck.

Solution

Open a terminal session and log in using the OpenShift master public IP credentials provided on the lab page. Then, drop down to root:

sudo -i

Enable HTPasswd Authentication

  1. Using the text editor of your choice, open /etc/origin/master/master-config.yaml. Here, we'll use Vim:

    vim /etc/origin/master/master-config.yaml
  2. If using Vim (or vi), set automatic indentation:

    :set ai
  3. In the oauthConfig section, under identityProviders, change name to

    htpasswd_auth
  4. Change kind to:

    HTPasswdPasswordIdentityProvider
  5. Insert a line directly under kind and enter the following:

    file: /etc/origin/htpasswd-users
  6. Save and close the file.

Create a User

  1. Create an empty htpasswd-users file under /etc/origin/:

    touch /etc/origin/htpasswd-users
  2. Ensure htpasswd is installed on the server:

    which htpasswd
  3. Create the duck user with the password stacker:

    htpasswd -b /etc/origin/htpasswd-users duck stacker
  4. Verify it was created:

    cat /etc/origin/htpasswd-users
  5. Restart the origin-master-controllers and origin-master-api services to propagate changes:

    systemctl restart origin-master-controllers origin-master-api
  6. Test user login:

    oc login -u duck -p stacker
  7. Log out as duck:

    oc logout
  8. Log in as the system admin:

    !export
    
    oc login -u system:admin -n default
  9. Verify the new user was created:

    oc get users

Conclusion

Congratulations on successfully completing this hands-on lab!