[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: OpenShift Auth Mechanism, Version, and SSH Permission



+++ Jimmy Chu [12/01/15 10:47 +0800]:
Hi,

I have three questions, and will be great if you could shed me some light on.

*1. Authentication**Mechanism
*On Openshift Origin, by default it uses http basic authentication for broker and console access. I see it is possible to use the running mongoDB as auth src.

Is there a guide on how to config Origin to do this?

http://www.openshift.org/documentation/oo_deployment_guide_comprehensive.html#configure-an-authentication-plugin

There was a question related to mongo auth that came up on the dev
list last month.  Take a look Jason's response at
http://lists.openshift.redhat.com/openshift-archives/dev/2014-December/msg00039.html


*2. Version**
*I realized the Origin installed from VM image and oo-install have some slight difference. How may I check the exact version of my Openshift installation, say with minor and patch number?

I don't think we have a single file in Origin that describes the
version level.  However if you are comparing two different
installations of OpenShift you could query the Broker to see the
support api versions:

curl -k https://localhost/broker/rest/api
curl -k https://openshift.redhat.com/broker/rest/api

Major versions of Origin and Enterprise will have different supported
API versions.

That might not be your question though though.  If you're debugging a
problem that is only happening on one Node or Broker in a single OSE
environment you probably want to know if their installed version is
slightly different.  The quick and dirty way to get an idea what is
different is to compare the output of 'rpm -qa | grep openshift |
sort' on two different systems.  That said, it's always possible that
a different version of a dependency (most likely some rubygem) could
cause a problem that could make two otherwise identical hosts behave
slightly differently so you might eventually need to compare all the
packages on two systems to know the whole picture if you're debugging
something really strange.

Thankfully this will simplify with the next major version of
OpenShift.  There will be far few depedencies and you'll likely be
able to compare installations of OpenShift by describing a single
OpenShift Origin version plus the version of RHEL and version of
Docker.


*3. SSH Access Permission**
*When the user ssh into his application gear, the user could access the root directory '/' and pretty much see (surely not writable) all files in the host machine. Is there a way to disable this behavior and how to do it?

This is an implementation detail of our containers work in the 2nd
generation of OpenShift.  It's secure enough for OpenShift Online but
if something needs to be locked down the admin can always do so using
the typical Linux tools like ownership, mode, selinux, etc.  This is
another case where the next major version of OpenShift will be quite
different.  There will be much more namespace isolation (filesystem,
process, network, etc).

--Brenton


Thanks.

- Jimmy Chu

_______________________________________________
users mailing list
users lists openshift redhat com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]