docs/doc/source/security/kubernetes/system-administrator-collect-system-information-for-user-8502c985343d.rst

System Administrator - Collect System Information for Remote User Access

This procedure collects up a variety of data requried for a user to remotely interface with system.

The following data needs to be collected:

• The public certificate of the Root that signed the certificates of the system.
  • the remote user needs to update the remote system to trust this certificate.
• Kubernetes environment data for the system.
• environment data for the system.

1. Login to the active controller as a Level1SystemAdmin system administrator, joefulladmin in this example.

   Use either a local console or .

2. Use local_starlingxrc to setup environment variables and to setup your keystone user's authentication credentials.

   $ source local_starlingxrc
   Enter the password to be used with Keystone user joefulladmin:
   Created file /home/joefulladmin/joefulladmin-openrc

3. Use kubeconfig-setup to setup KUBECONFIG for local environment and use oidc-auth to setup / authentication credentials.

   $ kubeconfig-setup
   $ source ~/.profile
   
   $ oidc-auth
   Using "joefulladmin" as username.
   Password:
   Successful authentication.
   Updated /home/joefulladmin/.kube/config .

4. Create a directory for storing information for remote users.

   $ mkdir ~/stx-remote-access-info

5. Get public certificate of the Root that signed the certificates of the system.

   $ kubectl get secret system-local-ca -n cert-manager -o=jsonpath='{.data.tls\.crt}' | base64 --decode > ~/stx-remote-access-info/stx.ca.crt

6. Get the kubernetes environment data for the system.

   $ OAMIP=$(system oam-show | egrep "(oam_ip|oam_floating_ip)" | awk '{print $4}')
   
   $ touch ~/stx-remote-access-info/kubeconfig
   $ kubectl config --kubeconfig ~/stx-remote-access-info/kubeconfig set-cluster stx-cluster --server=https://${OAMIP}:6443 --embed-certs --certificate-authority=/etc/kubernetes/pki/ca.crt
   $ kubectl config --kubeconfig ~/stx-remote-access-info/kubeconfig set-context YOURUSERNAMEHERE@stx-cluster --cluster=stx-cluster --user YOURUSERNAMEHERE
   $ kubectl config --kubeconfig ~/stx-remote-access-info/kubeconfig use-context YOURUSERNAMEHERE@stx-cluster

7. Get the environment data for the system.

   $ OAMIP=$(system oam-show | egrep "(oam_ip|oam_floating_ip)" | awk '{print $4}')
   $ PROJECTNAME="admin"
   $ PROJECTID=`openstack project list | grep ${PROJECTNAME} | awk '{print $2}'`
   
   $ cat <<EOF > ~/stx-remote-access-info/starlingxrc
   #!/usr/bin/env bash
   #
   export OS_AUTH_URL=https://${OAMIP}:5000/v3
   export OS_PROJECT_ID=${PROJECTID}
   export OS_PROJECT_NAME=${PROJECTNAME}
   export OS_USER_DOMAIN_NAME="Default"
   export OS_PROJECT_DOMAIN_ID="default"
   export OS_PROJECT_DOMAIN_NAME=""
   export OS_USERNAME=YOURUSERNAMEHERE
   echo "Please enter your OpenStack Password for project \$OS_PROJECT_NAME as user \$OS_USERNAME: "
   read -sr OS_PASSWORD_INPUT
   export OS_PASSWORD=\$OS_PASSWORD_INPUT
   export OS_REGION_NAME=${OS_REGION_NAME}
   export OS_INTERFACE=public
   export OS_IDENTITY_API_VERSION=3
   export OS_CACERT=./stx-remote-access-info/stx.ca.crt
   EOF

8. Package up the following files for a remote user to use when setting up his remote access on his system.

   $ cd ~
   $ tar cvf stx-remote-access-info.tar ./stx-remote-access-info

For any user requiring remote access:

• securely send them the stx-remote-access-info.tar file.
• have them follow the procedures for setting up remote access. See index-remote-access-2209661be417.