Merge "OIDC script updates"
This commit is contained in:
Zuul
Gerrit Code Review
commit
9e8eefbdec
@ -95,11 +95,11 @@ Use a Linux workstation as the |PXE| Boot server.
|
||||
|
||||
.. _configuring-a-pxe-boot-server-steps-qfb-kyh-2cb:
|
||||
|
||||
#. Copy the ISO image from the source \(product DVD, USB device, or WindShare
|
||||
`http://windshare.windriver.com <http://windshare.windriver.com>`__\) to a
|
||||
temporary location on the PXE boot server.
|
||||
#. Copy the ISO image from the source \(product DVD, USB device, or
|
||||
|dnload-loc| to a temporary location on the |PXE| boot server.
|
||||
|
||||
This example assumes that the copied image file is tmp/TS-host-installer-1.0.iso.
|
||||
This example assumes that the copied image file is
|
||||
``tmp/TS-host-installer-1.0.iso``.
|
||||
|
||||
#. Mount the ISO image and make it executable.
|
||||
|
||||
|
||||
@ -95,11 +95,11 @@ Use a Linux workstation as the |PXE| Boot server.
|
||||
|
||||
.. _configuring-a-pxe-boot-server-steps-qfb-kyh-2cb-r6:
|
||||
|
||||
#. Copy the ISO image from the source \(product DVD, USB device, or WindShare
|
||||
`http://windshare.windriver.com <http://windshare.windriver.com>`__\) to a
|
||||
temporary location on the PXE boot server.
|
||||
#. Copy the ISO image from the source \(product DVD, USB device, or
|
||||
|dnload-loc| to a temporary location on the |PXE| boot server.
|
||||
|
||||
This example assumes that the copied image file is tmp/TS-host-installer-1.0.iso.
|
||||
This example assumes that the copied image file is
|
||||
``tmp/TS-host-installer-1.0.iso``.
|
||||
|
||||
#. Mount the ISO image and make it executable.
|
||||
|
||||
|
||||
@ -24,6 +24,8 @@ credential for the user in the **kubectl** config file.
|
||||
- On controller-0, **oidc-auth** is installed as part of the base |prod|
|
||||
installation, and ready to use.
|
||||
|
||||
- On remote hosts, **oidc-auth** must be installed from |dnload-loc|.
|
||||
|
||||
.. xbooklink
|
||||
|
||||
- On a remote workstation using remote-cli container, **oidc-auth** is
|
||||
@ -31,17 +33,15 @@ credential for the user in the **kubectl** config file.
|
||||
information on configuring remote CLI access, see |sysconf-doc|:
|
||||
:ref:`Configure Remote CLI Access <configure-remote-cli-access>`.
|
||||
|
||||
- On a remote host, when using directly installed **kubectl** and **helm**, the following setup is required:
|
||||
- On a remote host, when using directly installed **kubectl** and **helm**,
|
||||
the following setup is required:
|
||||
|
||||
|
||||
- Install "Python Mechanize" module using the following command:
|
||||
|
||||
.. code-block:: none
|
||||
|
||||
# sudo pip2 install mechanize
|
||||
|
||||
- Get the **oidc-auth** script from WindShare.
|
||||
|
||||
sudo pip2 install mechanize
|
||||
|
||||
|
||||
.. note::
|
||||
@ -55,7 +55,8 @@ credential for the user in the **kubectl** config file.
|
||||
credentials in **kubectl** config file with the retrieved token.
|
||||
|
||||
|
||||
- If **oidc-auth-apps** is deployed with a single backend **ldap** connector, run the following command:
|
||||
- If **oidc-auth-apps** is deployed with a single backend **ldap**
|
||||
connector, run the following command:
|
||||
|
||||
.. code-block:: none
|
||||
|
||||
@ -71,17 +72,16 @@ credential for the user in the **kubectl** config file.
|
||||
Updating kubectl config ...
|
||||
User testuser set.
|
||||
|
||||
- If **oidc-auth-apps** is deployed with multiple backend **ldap** connectors, run the following command:
|
||||
- If **oidc-auth-apps** is deployed with multiple backend **ldap**
|
||||
connectors, run the following command:
|
||||
|
||||
.. code-block:: none
|
||||
|
||||
~(keystone_admin)]$ oidc-auth -b <connector-id> -c <ip> -u <username>
|
||||
|
||||
|
||||
|
||||
.. note::
|
||||
If you are running **oidc-auth** within the |prod| containerized
|
||||
remote CLI, you must use the -p <password> option to run the command
|
||||
If you are running **oidc-auth** within the |prod| containerized remote
|
||||
CLI, you must use the ``-p <password>`` option to run the command
|
||||
non-interactively.
|
||||
|
||||
|
||||
|
||||
@ -11,14 +11,13 @@ to authenticate users of the Kubernetes API, using the **oidc-auth-apps**
|
||||
application.
|
||||
|
||||
The **oidc-auth-apps** application installs a proxy |OIDC| identity provider
|
||||
that can be configured to proxy authentication requests to an LDAP \(s\)
|
||||
identity provider, such as Windows Active Directory. For more information,
|
||||
see, `https://github.com/dexidp/dex <https://github.com/dexidp/dex>`__. The
|
||||
**oidc-auth-apps** application also provides an |OIDC| client for accessing
|
||||
the username and password |OIDC| login page for user authentication and
|
||||
retrieval of tokens. An **oidc-auth** CLI script, available on Wind Share, at
|
||||
`https://windshare.windriver.com/ <https://windshare.windriver.com/>`__, can
|
||||
also be used for |OIDC| user authentication and retrieval of tokens.
|
||||
that can be configured to proxy authentication requests to an |LDAP| \(s\)
|
||||
identity provider, such as Windows Active Directory. For more information, see,
|
||||
`https://github.com/dexidp/dex <https://github.com/dexidp/dex>`__. The
|
||||
**oidc-auth-apps** application also provides an |OIDC| client for accessing the
|
||||
username and password |OIDC| login page for user authentication and retrieval
|
||||
of tokens. An **oidc-auth** CLI script can also be used for |OIDC| user
|
||||
authentication and retrieval of tokens.
|
||||
|
||||
In addition to installing and configuring the **oidc-auth-apps**
|
||||
application, the admin must also configure Kubernetes cluster's
|
||||
|
||||
Loading…
Reference in New Issue
Block a user