From c21b2662b7810deb0cd2d9a35011fe34c188fab5 Mon Sep 17 00:00:00 2001 From: ryanj Date: Thu, 16 Jun 2022 11:44:21 -0700 Subject: [PATCH 1/2] Include a "user1" account --- .../assignment.md | 2 +- .../assignment.md | 2 +- .../assignment.md | 2 +- .../assignment.md | 2 +- using-the-cluster/cluster-access/track.yml | 5 +-- .../cluster-access/track_scripts/setup-crc | 31 +++++++++++++++++-- 6 files changed, 36 insertions(+), 8 deletions(-) diff --git a/using-the-cluster/cluster-access/01-01-logging-in-via-the-web-console/assignment.md b/using-the-cluster/cluster-access/01-01-logging-in-via-the-web-console/assignment.md index 60b6bbae..68dea563 100755 --- a/using-the-cluster/cluster-access/01-01-logging-in-via-the-web-console/assignment.md +++ b/using-the-cluster/cluster-access/01-01-logging-in-via-the-web-console/assignment.md @@ -1,6 +1,6 @@ --- slug: 01-logging-in-via-the-web-console -id: vvndcjg6jy2x +id: eow4omjjrxub type: challenge title: Topic 1 - Logging in Via the Web Console notes: diff --git a/using-the-cluster/cluster-access/02-02-logging-in-via-the-command-line/assignment.md b/using-the-cluster/cluster-access/02-02-logging-in-via-the-command-line/assignment.md index 93d33995..f1c42cb8 100755 --- a/using-the-cluster/cluster-access/02-02-logging-in-via-the-command-line/assignment.md +++ b/using-the-cluster/cluster-access/02-02-logging-in-via-the-command-line/assignment.md @@ -1,6 +1,6 @@ --- slug: 02-logging-in-via-the-command-line -id: jhfhyx567dbp +id: 897yiqcgfb5j type: challenge title: Topic 2 - Logging in via the Command Line notes: diff --git a/using-the-cluster/cluster-access/03-03-collaborating-with-other-users/assignment.md b/using-the-cluster/cluster-access/03-03-collaborating-with-other-users/assignment.md index aa5243d7..9d7afcaf 100755 --- a/using-the-cluster/cluster-access/03-03-collaborating-with-other-users/assignment.md +++ b/using-the-cluster/cluster-access/03-03-collaborating-with-other-users/assignment.md @@ -1,6 +1,6 @@ --- slug: 03-collaborating-with-other-users -id: pw2tvtuhguco +id: 9ev1ansjytjy type: challenge title: Topic 3 - Collaborating with Other Users notes: diff --git a/using-the-cluster/cluster-access/04-04-switching-between-accounts/assignment.md b/using-the-cluster/cluster-access/04-04-switching-between-accounts/assignment.md index 174fb192..e02d5fd8 100755 --- a/using-the-cluster/cluster-access/04-04-switching-between-accounts/assignment.md +++ b/using-the-cluster/cluster-access/04-04-switching-between-accounts/assignment.md @@ -1,6 +1,6 @@ --- slug: 04-switching-between-accounts -id: lvk1hzl0nvz3 +id: lwj7kidt0q8c type: challenge title: Topic 4 - Switching Users Between Accounts notes: diff --git a/using-the-cluster/cluster-access/track.yml b/using-the-cluster/cluster-access/track.yml index 992a4275..cb789947 100755 --- a/using-the-cluster/cluster-access/track.yml +++ b/using-the-cluster/cluster-access/track.yml @@ -1,5 +1,5 @@ slug: using-the-cluster-cluster-access -id: ivjwdhbf3xhl +id: tyrhthzthmld type: track title: Logging in to an OpenShift Cluster description: | @@ -30,6 +30,7 @@ developers: - bob@cogarttech.com - dschenck@redhat.com - nvinto@redhat.com +- ryanj@redhat.com private: true published: false -checksum: "15913648057833144714" +checksum: "1367357203657365830" diff --git a/using-the-cluster/cluster-access/track_scripts/setup-crc b/using-the-cluster/cluster-access/track_scripts/setup-crc index fee3ed7b..644cc5bf 100755 --- a/using-the-cluster/cluster-access/track_scripts/setup-crc +++ b/using-the-cluster/cluster-access/track_scripts/setup-crc @@ -36,6 +36,35 @@ sed -i '/^search.*/a nameserver 10.88.0.8' /etc/resolv.conf systemctl start crc-dnsmasq.service systemctl start kubelet + +# User Accounts + +cat << EOF > /tmp/pass.htpasswd +admin:\$2y\$05\$Sokv3so/TbycwilNeV6L6.lMIYT0ClbaW/RsPssFIBY.BWanJyMwe +developer:\$apr1\$PFGWfRKw\$DbBab3TIlvsZGmHjVbehv0 +user1:\$apr1\$AWRDy/5p\$FgzPPvIIqhe3ZbWCgk4Cc1 +EOF + +cat << EOF > /tmp/oauth-admin.yaml +apiVersion: config.openshift.io/v1 +kind: OAuth +metadata: + name: cluster +spec: + identityProviders: + - name: admin_htpasswd_provider + mappingMethod: claim + type: HTPasswd + htpasswd: + fileData: + name: htpass-secret-admin +EOF + +until oc create secret generic htpass-secret-admin --from-file=htpasswd=/tmp/pass.htpasswd -n openshift-config -o yaml --dry-run=client 2>/dev/null | oc replace -f - ; do echo "Add admin secret. This fails when the apiserver is not ready."; sleep 5; done +until oc apply -f /tmp/oauth-admin.yaml 2>/dev/null 1>&2; do echo "Adding admin user. This fails when the apiserver is not ready."; sleep 5; done + +rm /tmp/oauth-admin.yaml /tmp/pass.htpasswd + # INGRESS # Check for cert expiration @@ -107,8 +136,6 @@ do echo "AVAILABLE" done - - # INGRESS # check if ingresses.config.openshift.io cluster is present From ff264feea1a4d75cf57daed7494b6a805bf44e90 Mon Sep 17 00:00:00 2001 From: ryanj Date: Wed, 21 Sep 2022 10:33:12 -0700 Subject: [PATCH 2/2] adding sudoer cluster-role to developer account --- using-the-cluster/cluster-access/track_scripts/setup-crc | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/using-the-cluster/cluster-access/track_scripts/setup-crc b/using-the-cluster/cluster-access/track_scripts/setup-crc index 644cc5bf..1e0a777e 100755 --- a/using-the-cluster/cluster-access/track_scripts/setup-crc +++ b/using-the-cluster/cluster-access/track_scripts/setup-crc @@ -60,11 +60,14 @@ spec: name: htpass-secret-admin EOF -until oc create secret generic htpass-secret-admin --from-file=htpasswd=/tmp/pass.htpasswd -n openshift-config -o yaml --dry-run=client 2>/dev/null | oc replace -f - ; do echo "Add admin secret. This fails when the apiserver is not ready."; sleep 5; done +until oc create secret generic htpass-secret-admin --from-file=htpasswd=/tmp/pass.htpasswd -n openshift-config -o yaml --dry-run=client 2>/dev/null | oc create -f - ; do echo "Add admin secret. This fails when the apiserver is not ready."; sleep 5; done until oc apply -f /tmp/oauth-admin.yaml 2>/dev/null 1>&2; do echo "Adding admin user. This fails when the apiserver is not ready."; sleep 5; done +until oc create clusterrolebinding adminclusteradmin --clusterrole=cluster-admin --user=admin 2>/dev/null 1>&2; do echo "Config admin policy. This fails when the apiserver is not ready."; sleep 5; done +until oc create clusterrolebinding devsudoer --clusterrole=sudoer --user=developer 2>/dev/null 1>&2; do echo "adding sudoer role to the developer account"; sleep 5; done rm /tmp/oauth-admin.yaml /tmp/pass.htpasswd + # INGRESS # Check for cert expiration