From 0968e390a182e6a58e17cac540d9b47ff411481e Mon Sep 17 00:00:00 2001 From: Christian Huffman Date: Wed, 27 Feb 2019 20:53:41 -0500 Subject: [PATCH] BZ-1683014: Removing obsolete references to master-config. --- ...asic-authentication-identity-provider.adoc | 2 - .../configuring-github-identity-provider.adoc | 2 - ...onfiguring-keystone-identity-provider.adoc | 2 - ...ider-configuring-basic-authentication.adoc | 64 -------------- .../identity-provider-configuring-github.adoc | 84 ------------------- ...dentity-provider-configuring-keystone.adoc | 79 ----------------- 6 files changed, 233 deletions(-) delete mode 100644 modules/identity-provider-configuring-basic-authentication.adoc delete mode 100644 modules/identity-provider-configuring-github.adoc delete mode 100644 modules/identity-provider-configuring-keystone.adoc diff --git a/authentication/identity_providers/configuring-basic-authentication-identity-provider.adoc b/authentication/identity_providers/configuring-basic-authentication-identity-provider.adoc index 0f1879c2f4..07e3312c74 100644 --- a/authentication/identity_providers/configuring-basic-authentication-identity-provider.adoc +++ b/authentication/identity_providers/configuring-basic-authentication-identity-provider.adoc @@ -14,8 +14,6 @@ include::modules/identity-provider-overview.adoc[leveloffset=+1] include::modules/identity-provider-about-basic-authentication.adoc[leveloffset=+1] -include::modules/identity-provider-configuring-basic-authentication.adoc[leveloffset=+1] - include::modules/identity-provider-basic-authentication-CR.adoc[leveloffset=+1] include::modules/identity-provider-add.adoc[leveloffset=+1] diff --git a/authentication/identity_providers/configuring-github-identity-provider.adoc b/authentication/identity_providers/configuring-github-identity-provider.adoc index 65f21dd775..27185943c8 100644 --- a/authentication/identity_providers/configuring-github-identity-provider.adoc +++ b/authentication/identity_providers/configuring-github-identity-provider.adoc @@ -31,8 +31,6 @@ include::modules/identity-provider-overview.adoc[leveloffset=+1] include::modules/identity-provider-registering-github.adoc[leveloffset=+1] -include::modules/identity-provider-configuring-github.adoc[leveloffset=+1] - include::modules/identity-provider-secret.adoc[leveloffset=+1] include::modules/identity-provider-github-CR.adoc[leveloffset=+1] diff --git a/authentication/identity_providers/configuring-keystone-identity-provider.adoc b/authentication/identity_providers/configuring-keystone-identity-provider.adoc index f5fc052c95..1344a6b34d 100644 --- a/authentication/identity_providers/configuring-keystone-identity-provider.adoc +++ b/authentication/identity_providers/configuring-keystone-identity-provider.adoc @@ -24,8 +24,6 @@ user name, the new user might have access to the old user's resources. include::modules/identity-provider-overview.adoc[leveloffset=+1] -include::modules/identity-provider-configuring-keystone.adoc[leveloffset=+1] - include::modules/identity-provider-keystone-CR.adoc[leveloffset=+1] include::modules/identity-provider-add.adoc[leveloffset=+1] diff --git a/modules/identity-provider-configuring-basic-authentication.adoc b/modules/identity-provider-configuring-basic-authentication.adoc deleted file mode 100644 index dc1e53b162..0000000000 --- a/modules/identity-provider-configuring-basic-authentication.adoc +++ /dev/null @@ -1,64 +0,0 @@ -// Module included in the following assemblies: -// -// * authentication/identity_providers/configuring-basic-authentication-identity-provider.adoc - -[id='identity-provider-configuring-basic-authentication-{context}'] -= Configuring basic authentication - -You might need to take more steps to prepare your cluster for basic authentication. - -. If you have: -+ -- Already completed the installation of Openshift, then copy the -*_/etc/origin/master/master-config.yaml_* file into a new directory; for example: -+ ----- -$ mkdir basicauthconfig; cp master-config.yaml basicauthconfig ----- -+ -- Not yet installed {product-title}, then start the {product-title} API server, -specifying the hostname of the (future) {product-title} master and a directory -to store the configuration file created by the start command: -+ ----- -$ openshift start master --public-master= --write-config= ----- -+ -For example: -+ ----- -$ openshift start master --public-master=https://myapiserver.com:8443 --write-config=basicauthconfig ----- -+ -[NOTE] -==== -If you are installing with Ansible, then you must add the -`identityProvider` configuration to the Ansible playbook. -If you use the following steps to modify your configuration manually after installing with Ansible, then you will lose any modifications whenever you re-run the install tool or upgrade. -==== -+ -. Edit the new *_master-config.yaml_* file's `identityProviders` stanza, and -copy the -example `BasicAuthPasswordIdentityProvider` configuration and paste it to -replace the existing stanza: - -. Make the following modifications to the `identityProviders` stanza: -.. Set the provider `name` to something unique and relevant to your -deployment. This name is prefixed to the returned user ID to form an identity -name. -.. If required, set `mappingMethod` to control how mappings are established between the -provider's identities and user objects. -.. Specify the HTTPS `url` to use to connect to a server that accepts credentials in Basic authentication headers. -.. Optionally, set the `ca` to the certificate bundle to use in order to validate server certificates for the configured URL, or leave it empty to use the system-trusted roots. -.. Optionally, remove or set the `certFile` to the client certificate to present when making requests to the configured URL. -.. If `certFile` is specified, then you must set the `keyFile` to the key for the client certificate. -. Save your changes and close the file. -. Start the {product-title} API server, specifying the configuration file you just -modified: -+ ----- -$ openshift start master --config=/master-config.yaml ----- - -Once configured, any user logging in to the {product-title} web console will be -prompted to log in using their Basic authentication credentials. diff --git a/modules/identity-provider-configuring-github.adoc b/modules/identity-provider-configuring-github.adoc deleted file mode 100644 index 807b818e92..0000000000 --- a/modules/identity-provider-configuring-github.adoc +++ /dev/null @@ -1,84 +0,0 @@ -// Module included in the following assemblies: -// -// * authentication/identity_providers/configuring-github-identity-provider.adoc - -[id='identity-provider-configuring-github-{context}'] -= Configuring GitHub - -You might need to take more steps to register GitHub as your identity provider. - -.Prerequisites - -* Register an application on GitHub or GitHub Enterprise to obtain a -Client ID and Client Secret. - -.Procedure - -. If you have: -- Already installed {product-title}, then copy the -*_/etc/origin/master/master-config.yaml_* file into a new directory, for example: -+ ----- -$ cd /etc/origin/master -$ mkdir githubconfig; cp master-config.yaml githubconfig ----- -- Not yet installed {product-title}, then start the {product-title} API server, -specifying the hostname of the (future) {product-title} master and a directory -to store the configuration file created by the start command: -+ ----- -$ openshift start master --public-master= --write-config= ----- -+ -For example: -+ ----- -$ openshift start master --public-master=https://myapiserver.com:8443 --write-config=githubconfig ----- -+ -[NOTE] -==== -If you are installing with Ansible, then you must add the -`identityProvider` configuration to the Ansible playbook. -If you use the following steps to modify your configuration manually after installing with Ansible, then you will lose any modifications whenever you re-run the install tool or upgrade. -==== -+ -[NOTE] -==== -Using `openshift start master` on its own would auto-detect host names, but -GitHub must be able to redirect to the exact host name that you specified when -registering the application. For this reason, you cannot auto-detect the ID -because it might redirect to the wrong address. Instead, you must specify the -hostname that web browsers use to interact with your {product-title} cluster. -==== -. Edit the new *_master-config.yaml_* file's `identityProviders` stanza, and copy the example `GitHubIdentityProvider` configuration -and paste it to replace the existing stanza: - -. Make the following modifications to the `identityProviders` stanza: -.. Change the provider `name` to match the callback URL you configured on -GitHub. -+ -For example, if you defined the callback URL as -`https://myapiserver.com:8443/oauth2callback/github/` then the `name` must be -`github`. -.. Change `clientID` to the Client ID from GitHub that you registered previously. -.. Change `clientSecret` to the Client Secret from GitHub that you -registered previously. -.. Change `organizations` or `teams` to include a list of one or more GitHub -organizations or teams to which a user must have membership in order to authenticate. If -specified, only GitHub users that are members of at least one of the listed -organizations or teams will be allowed to log in. If this is not specified, then any -person with a valid GitHub account can log in. -. Save your changes and close the file. -. Start the {product-title} API server, specifying the configuration file you just -modified: -+ ----- -$ openshift start master --config=/master-config.yaml ----- - -Once configured, any user logging in to the {product-title} web console will be -prompted to log in using their GitHub credentials. On their first login, the -user must click *authorize application* to permit GitHub to use their user name, -password, and organization membership with {product-title}. The user is then -redirected back to the web console. diff --git a/modules/identity-provider-configuring-keystone.adoc b/modules/identity-provider-configuring-keystone.adoc deleted file mode 100644 index 5cb24bb6ea..0000000000 --- a/modules/identity-provider-configuring-keystone.adoc +++ /dev/null @@ -1,79 +0,0 @@ -// Module included in the following assemblies: -// -// * authentication/identity_providers/configuring-keystone-identity-provider.adoc - -[id='identity-provider-configuring-keystone-{context}'] -= Configuring your cluster for Keystone - -You might need to take more steps to prepare your cluster for Keystone. - -.Procedure - -. If you have: -- Already completed the installation of Openshift, then copy the -*_/etc/origin/master/master-config.yaml_* file into a new directory; for example: -+ ----- -$ cd /etc/origin/master -$ mkdir keystoneconfig; cp master-config.yaml keystoneconfig ----- -- Not yet installed {product-title}, then start the {product-title} API server, -specifying the hostname of the (future) {product-title} master and a directory -to store the configuration file created by the start command: -+ ----- -$ openshift start master --public-master= --write-config= ----- -+ -For example: -+ ----- -$ openshift start master --public-master=https://myapiserver.com:8443 --write-config=keystoneconfig ----- -+ -[NOTE] -==== -If you are installing with Ansible, then you must add the -`identityProvider` configuration to the Ansible playbook. -If you use the following steps to modify your configuration manually after installing with Ansible, then you will lose any modifications whenever you re-run the install tool or upgrade. -==== -+ -. Edit the new *_keystoneconfig/master-config.yaml_* file's `identityProviders` stanza, and copy the example `KeystonePasswordIdentityProvider` configuration -and paste it to replace the existing stanza: -+ - -. Make the following modifications to the `identityProviders` stanza: -.. Change the provider `name` ("my_keystone_provider") to match your Keystone server. -This name is prefixed to provider user names to form an identity name. -.. If required, -change `mappingMethod` to control how mappings are established between the -provider's identities and user objects. -.. Change the `domainName` to the domain name of your OpenStack Keystone server. In Keystone, user names are domain-specific. Only a single domain is supported. -.. Specify the `url` to use to connect to your OpenStack Keystone server. -.. Optionally, to authenticate users by Keystone ID instead of Keystone user -name, set `useKeystoneIdentity` to `true`. -.. Optionally, change the `ca` to the certificate bundle to use in order to validate server certificates for the configured URL. -.. Optionally, change the `certFile` to the client certificate to present when making requests to the configured URL. -.. If `certFile` is specified, then you must change the `keyFile` to the key for the client certificate. -. Save your changes and close the file. -. Start the {product-title} API server, specifying the configuration file you just -modified: -+ ----- -$ openshift start master --config=/master-config.yaml ----- - -Once configured, any user logging in to the {product-title} web console will be -prompted to log in using their Keystone credentials. - - -Once one or more users have logged in, you can run `oc get users` to view a -list of users and verify that users were created successfully: - -.Output of `oc get users` command ----- -$ oc get users -NAME UID FULL NAME IDENTITIES -bobsmith a0c1d95c-1cb5-11e6-a04a-002186a28631 Bob Smith keystone:bobsmith <1> ----- -<1> Identities in {product-title} are comprised of the identity provider name prefixed to the Keystone user name.