[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Default cluster administrator user in a multi-node cluster



Thanks Aleks. Maybe this is obvious, but somehow I missed this detail.

On Mon, Aug 14, 2017 at 3:28 PM, Aleksandar Lazic <aleks me2digital eu> wrote:
Hi Isuru.

when you on the master and root user you are by default system:admin, afaik.

You will need to add a user and give them the cluster-admin privileges to work from remote or as normal user.

https://docs.openshift.org/latest/admin_guide/manage_authorization_policy.html#managing-role-bindings

oadm policy add-role-to-user cluster-admin your-user

Maybe you will need to do the same on minishift.

Regards
Aleks

on Montag, 14. August 2017 at 10:55 was written:


Hi all,

Followed [1] to create a multi node setup with a single master and three nodes using the ansible installer. After the all nodes started successfully, tried to use the CLI tool against the Openshift cluster, similar to how I used it in the local minishift environment, to login as the default system admin (system:admin):

oc login -u system:admin

Then, I'm prompted for a password, which did not happen locally.

Checked the master configuration file master-config.yaml, and the section is similar to [4]. AFAIU from the docs, the AllowAllPasswordIdentityProvider configuration will allow any non empty username and password to login to the system, but not relevant to the cluster administrator. Please correct if I'm wrong.

Also went through the user management [2] and authorization documents [3] but I was unable to figure out how to configure/find the default admin credentials. Please do share your inputs on how to proceed from here.

[1].
https://docs.openshift.org/latest/install_config/install/advanced_install.html#configuring-host-port
[2]. https://docs.openshift.org/latest/admin_guide/manage_users.html
[3]. https://docs.openshift.org/latest/architecture/additional_concepts/authorization.html
[4].
 identityProviders:
 - challenge: true
   login: true
   mappingMethod: claim
   name: allow_all
   provider:
     apiVersion: v1
     kind: AllowAllPasswordIdentityProvider

--
Thanks and Regards,
Isuru



--
Thanks and Regards,
Isuru

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]