Skip to main content

OpenShift Operations

Hands-On Lab

 

Photo of joel

joel

Training Architect

Length

02:00:00

Difficulty

Advanced

OpenShift Operations In this scenario, we have been tasked with reconfiguring an internal-only OpenShift cluster to be accessible on the public internet. Since the cluster will be open to the outside world, it's been asked that htpasswd authentication be enabled. The cluster owners have requested that a backup of the master be created before any changes are made... just in case.

What are Hands-On Labs?

Hands-On Labs are scenario-based learning environments where learners can practice without consequences. Don't compromise a system or waste money on expensive downloads. Practice real-world skills without the real-world risk, no assembly required.

  • Create a backup of master using backup_master_node.sh script
$ git clone https://github.com/openshift/openshift-ansible-contrib.git
$ cd openshift-ansible-contrib/reference-architecture/day2ops/scripts/
$ bash backup_master_node.sh -h
  • edit master-config.yml to set the MasterPublicURL to the public IP for the instance.
masterPublicURL: https://openshift.$PUBLIC_URL.xip.io:8443
  • Change the cluster identityprovider from AllowAll to DenyAll
DenyAllPasswordIdentityProvider
  • Update the "openshift_web_console" oauthconfig URL
oc get oauthclients
oc edit oauthclient openshift_web_console
  • Restart the origin-master-controllers & origin-master-api services to propagate changes.
systemctl restart origin-master-controllers origin-master-api