7

I am trying to find out how to create a new user in OpenShift enterprise.

According to the documentation (on https://docs.openshift.com/enterprise/3.0/architecture/core_concepts/projects_and_users.html):

Regular users are created automatically in the system upon first login...

This sounds illogical. How does a user login if they dont have a username and password?

Can someone please clarify this - I'm sure there must be some command for creating a new user, but it is not clear.

Thanks

Magick
  • 4,603
  • 22
  • 66
  • 103
  • 2
    I'm having the same issue with origin which i know is upstream and thus is likely to have issues with docs, but with a system this large, you'd have thought they would have given details as to how to login in the first place. If you need to log a bug, check this: https://bugzilla.redhat.com/enter_bug.cgi?product=OpenShift+Online – volvox Jul 07 '16 at 14:09

2 Answers2

10

The OpenShift master-config (/etc/openshift/master/master-config.yaml) describes the configuration about authentication. By default the master-config shows something like this for the authentication-part:

 identityProviders:
  - challenge: true
    login: true
    name: anypassword
    provider:
      apiVersion: v1
      kind: AllowAllPasswordIdentityProvider

This means that every user with every password can authenticate. By performing oc get users as system:admin you'll see all the users. This configuration is not recommended. You're able to configure another form of authentication (htpasswd, ldap, github, ...).

I'm using htpasswd. So than you have to create a file (with htpasswd) which will contain your username + encrypted password. After that you'll need to edit your master-config.yaml. You have to tell it to use HTPasswdPasswordIdentityProvider and link to your file.

You can find those steps here. Don't forget to restart your OpenShift master after performing those steps: sudo service openshift-master restart (origin-master for origin).

After creating users you can assign roles to users Log in with the default admin (system:admin) and assign roles.

lvthillo
  • 28,263
  • 13
  • 94
  • 127
  • 1
    UPDATE: when you're using the ansible playbook to install your environment, than the htpasswd file will be created during the installation. – lvthillo Jul 07 '16 at 16:40
  • Question: the users you create with htpasswd are simple users, right? How can you create an admin? – engineerX Feb 02 '18 at 12:20
  • It's a while ago but I think you had to login as system:admin with oc and then you can make a user admin by giving him the cluster role cluster-admin: oadm policy add-cluster-role-to-user cluster-admin – lvthillo Feb 02 '18 at 12:24
1

I am creating a script for simply adding a user if OpenShift using HTPasswdPasswordIdentityProvider

wget https://github.com/stedolan/jq/releases/download/jq-1.5/jq-linux64
mv jq-linux64 jq && chmod 755 jq

FILE=$(cat /etc/origin/master/master-config.yaml | python -c 'import sys, yaml, json; y=yaml.load(sys.stdin.read()); print json.dumps(y,indent=4, sort_keys=True)' | ./jq '.oauthConfig.identityProviders[0].provider.file')
FILE=$(sed -e 's/^"//' -e 's/"$//' <<<"$FILE")

htpasswd $FILE user1
ejlp12
  • 374
  • 2
  • 4