The Qubinode Project

Logo

An easy to set up OpenShift development kit powered by Red Hat Ansible.

View the Project on GitHub Qubinode/qubinode-installer

LDAP OpenShift configuration

install ldapsearch

sudo dnf install openldap-clients -y

Create users in IDM

run playbook

$ ansible-playbook  -v  playbooks/populate_idm.yml

Test

$ ssh administrator@server.idm.example.com
$ ipa user-show student00

Configure OpenShift

run the playbook

ansible-playbook -v playbooks/openshift_ldap.yml

Configure clusteradmin you may optionally change the password

  1. Login to idm server via web browser
  2. Click on actions then Reset Password
  3. default clusteradmin password is clusteradmin
  4. Click on ldapidp
  5. Login to OpenShift with new Password
  6. Give clusteradmin admin rights from oc cli on qubinode
    oc adm policy add-cluster-role-to-user cluster-admin clusteradmin
    
  7. Remove kubeadmin
    oc delete secrets kubeadmin -n kube-system
    

IDM LDAP TESTING

EXAMPLES OF COMMON LDAPSEARCHES

$ curl https://qbn-dns01.qubinode-lab.com/ipa/config/ca.crt -k -o /home/admin/ipa-ca.crt

Export ipa cert

$ export LDAPTLS_CACERT=$HOME/ipa-ca.crt

Test ldap search

Export Variables
$ DOMAIN1=qubinode-lab
$ DOMAIN2=com

Print all objects in ldap

$ ldapsearch -x -H ldaps://qbn-dns01.qubinode-lab.com  -b "dc=${DOMAIN1},dc=${DOMAIN2}"

Get student info

$ export  STUDENT_NUM=student00
$ ldapsearch -x -H ldaps://qbn-dns01.qubinode-lab.com  -b "uid=${STUDENT_NUM},cn=users,cn=accounts,dc=${DOMAIN1},dc=${DOMAIN2}"

Get Cluster admin info

$ ldapsearch -x -H ldaps://qbn-dns01.qubinode-lab.com  -b "uid=clusteradmin,cn=users,cn=accounts,dc=${DOMAIN1},dc=${DOMAIN2}"

OpenShift Group sync

curl -OL https://raw.githubusercontent.com/Qubinode/qubinode-installer/dev/playbooks/templates/ldap-groups-sync.yaml

Edit the following line numbers

Create Deployment

oc create -f ldap-groups-sync.yaml

Check openshift-authentication for cron job status