0.实验环境的简单介绍。lab install-post setup主要是配置好文件(HOSTS配置和执行ANSIBLE的脚本)。ansible-playbook -i inventory full_classroom_install.yml | grep TASK执行ANSIBLE脚本,这里筛选列出其过程。
模拟git仓库地址:http://workstation.lab.example.com
网络资源下载地址:http://172.25.254.254/materials
私有仓库地址:workstation.lab.example.com:5000
NFS:master.lab.example.com
[student@workstation ~]$ lab install-post setup
Setting up workstation for lab exercise work:
Downloading files for
Exercise has already been downloaded. Use cleanup if you want to start over.
· Setting up lab files:....................................... SUCCESS
[student@workstation ~]$ ansible-playbook -i inventory full_classroom_install.yml | grep TASK
TASK [setup] *******************************************************************
TASK [Create /root/.ssh] *******************************************************
TASK [Copy lab_rsa to /root/.ssh/id_rsa] ***************************************
TASK [Copy lab_rsa.pub to /root/.ssh/id_rsa.pub] *******************************
TASK [Deploy ssh key to root at all nodes] *************************************
TASK [Install docker] **********************************************************
TASK [Customize /etc/sysconfig/docker-storage-setup] ***************************
TASK [Verify existence of /dev/docker-vg/docker-pool] **************************
TASK [Run docker-storage-setup] ************************************************
TASK [Start and enable docker] *************************************************
TASK [Install required packages] ***********************************************
TASK [Install OpenShift tools] *************************************************
TASK [setup] *******************************************************************
TASK [Create /root/installer.cfg.yml] ******************************************
TASK [Remove OpenShift package exclusions] *************************************
TASK [Check for existing OCP install] ******************************************
TASK [Run atomic-openshift-installer] ******************************************
TASK [setup] *******************************************************************
TASK [Check for OCP Service] ***************************************************
TASK [Re-add OpenShift package exclusions] *************************************
TASK [Fix registry console] ****************************************************
TASK [Wait for registry-console to re-deploy] **********************************
TASK [Edit RHEL7 Image Streams] ************************************************
TASK [delete_openshift_is] *****************************************************
TASK [create_rhel7_is] *********************************************************
TASK [Install httpd-tools] *****************************************************
TASK [Add the path to the password file for the HTPasswdPasswordIdentityProvider] ***
TASK [Change master-config.yaml to use HTPasswdPasswordIdentityProvider] *******
TASK [Allow oc and web access for users] ***************************************
TASK [Restart OpenShift Master service to apply authentication changes] ********
TASK [Waiting for the master to restart] ***************************************
TASK [Give admin user proper permissions] **************************************
TASK [setup] *******************************************************************
TASK [Install atomic-openshift-clients] ****************************************
1.cat /etc/origin/openshift-passwd查看已有的用户信息。htpasswd -b /etc/origin/openshift-passwd henry flactrag添加用户和密码。 cat /etc/origin/openshift-passwd 再次查看进行确认。
[root@master ~]# cat /etc/origin/openshift-passwd
developer:$apr1$Vmq5KWAd$D5VGjaPrfSiG84DqlXu760
admin:$apr1$fpJCH2a7$ElfDkv2Z.zKToJzsiDU8L.
[root@master ~]# htpasswd -b /etc/origin/openshift-passwd henry flactrag
Adding password for user henry
[root@master ~]# htpasswd -b /etc/origin/openshift-passwd saagar flactrag
Adding password for user saagar
[root@master ~]# cat /etc/origin/openshift-passwd
developer:$apr1$Vmq5KWAd$D5VGjaPrfSiG84DqlXu760
admin:$apr1$fpJCH2a7$ElfDkv2Z.zKToJzsiDU8L.
henry:$apr1$zyEJBVsm$ObXrKFDS27Y/QZo/lmVwA1
saagar:$apr1$qujwDswJ$g.w9xgJUEJRSzwkrQnB2S1
2. oc login -u admin -p redhat https://master.lab.example.com:8443使用管理员账号进行登陆。oc adm policy remove-cluster-role-from-group self-provisioner system:authenticated system:authenticated:oauth将普通用户创建项目的授权角色移除。
[root@master ~]# oc login -u admin -p redhat https://master.lab.example.com:8443
Login successful.
You have access to the following projects and can switch between them with 'oc project <projectname>':
* default
kube-system
logging
management-infra
openshift
openshift-infra
Using project "default".
[root@master ~]# oc adm policy remove-cluster-role-from-group self-provisioner system:authenticated system:authenticated:oauth
cluster role "self-provisioner" removed: ["system:authenticated" "system:authenticated:oauth"]
3.oc login -u saagar -p flactrag https://master.lab.example.com:8443使用刚创建的普通用户进行登陆。oc new-project test尝试创建项目,发现无法创建。
[root@master ~]# oc login -u saagar -p flactrag https://master.lab.example.com:8443
Login successful.
You don't have any projects. Contact your system administrator to request a project.
[root@master ~]# oc new-project test
Error from server (Forbidden): You may not request a new project via this API.