RHCA之路—EX280(1)

0. 启动环境

由于第一题所以需要先启动环境

[kiosk@foundation0 ~]$ rht-vmctl start allStarting workstation.Starting services.Starting node1.Starting node2.Starting master.

准备nfs环境

[kiosk@foundation0 ~]$ ssh root@servicesWarning: Permanently added 'services,172.25.250.13' (ECDSA) to the list of known hosts.[root@services ~]# firewall-cmd --add-service=nfs --add-service=rpc-bind --add-service=mountdsuccess[root@services ~]# firewall-cmd --add-service=nfs --add-service=rpc-bind --add-service=mountd --permanentsuccess

1. 题目

Create OpenShift users
Create additional OpenShift users with the following characteristics:
The regular user salvo with password redhat
The regular user ayumi with password redhat
You must use the existing authentication file at /etc/origin/master/htpasswd while preserving its original content
Both users must be able to authenticate to the OpenShift instance via CLI and on the web console at https://master.lab.example.com
Regular users must NOT be able to create projects themselves

2. 解题

2.1 确认环境正常可用(可略)

[kiosk@foundation0 ~]$ ssh root@masterLast login: Thu Jul  6 08:37:13 2023 from 172.25.250.250[root@master ~]# oc get nodesNAME                     STATUS    ROLES     AGE       VERSIONmaster.lab.example.com   Ready     master    60d       v1.9.1 a0ce1bc657node1.lab.example.com    Ready     compute   60d       v1.9.1 a0ce1bc657node2.lab.example.com    Ready     compute   60d       v1.9.1 a0ce1bc657

2.2 创建用户

[root@master ~]# htpasswd -b /etc/origin/master/htpasswd salvo redhatAdding password for user salvo[root@master ~]# htpasswd -b /etc/origin/master/htpasswd ayumi redhatAdding password for user ayumi

2.3 删除self-provisioner角色

查看self-provisioner (可略)

[root@master ~]# oc get clusterrolebinding|grep selfself-access-reviewers                                                 /self-access-reviewer                                                                                   system:authenticated, system:unauthenticated                                                                                self-provisioner                                                      /self-provisioner                                                                                                                                      management-infra/management-admin                                            self-provisioners                                                     /self-provisioner                                                                                       system:authenticated:oauth  

删除默认self-provisioner角色

[root@master ~]# oc adm policy remove-cluster-role-from-group self-provisioner system:authenticated:oauthcluster role "self-provisioner" removed: "system:authenticated:oauth"

3. 确认

以student用户登录workstation
用户名密码相同

浏览器访问https://master.lab.example.com


只用之前创建的2个用户和密码尝试登录

如能正常登录,即确认本地基本正确.

此窗口不用关,第10题还会使用

---

编辑：广州明生医药有限公司

标签：在这里,插入图片,之路,环境,角色