Getting Started
Once the initial baremetal OpenShift 4.6 IPI install is complete, you will see output similar to what is shown below.
This output contains the URL for the OpenShift WebUI along with the “kubeadmin” password. You will be able to log into the WebUI using these credentials.
If you forget your kubeadmin login (which you will,. because it’s ugly) you will be able to find in the auth directory.
{ocptest}[kni@bastion ~]$ cat clusterconfigs/auth/kubeadmin-password
WMAWX-QkGc3-IQKy2-XJDI6Upon initial login to the WebUI you will see a blue bar at the near the top of the page – as shown below.
Adding a New User with Admin Rights
Bottom line, the Openshift “kubeadmin” password is not user friendly. In my lab I do not want to have to look it up each time I attempt to access the webui. I need simple and easy to remember credentials.
So I am going to create a new admin user. In the example below I am creating a user named ‘admin‘ with the password of ‘admin‘.
I am working in a homelab, so security is not exactly a priority.
{ocp}[kni@bastion ~]$ htpasswd -c -B -b users.htpasswd admin admin
Adding password for user admin
Now I define a secret which uses the HTPasswd user file as shown below.
{ocp}[kni@bastion ~]$ oc create secret generic htpass-secret --from-file=htpasswd=/home/kni/users.htpasswd -n openshift-config
secret/htpass-secret created
Next, I create a custom resource (htpasswd.cr) that defines the use of the HTPasswd identity provider. This file is straight out of the user doc and is unmodified.
apiVersion: config.openshift.io/v1
kind: OAuth
metadata:
name: cluster
spec:
identityProviders:
- name: my_htpasswd_provider
mappingMethod: claim
type: HTPasswd
htpasswd:
fileData:
name: htpass-secret Now we apply the Custom Resource (CR) via oc apply.
{ocp}[kni@bastion ~]$ oc apply -f /home/kni/htpasswd.cr
oauth.config.openshift.io/cluster configured
Now let’s test your new id and password on the CLI. If the step below fails, you will need to start all over again.
{ocp}[kni@bastion ~]$ oc login -u admin
Authentication required for https://api.ocp.lab.localdomain:6443 (openshift)
Username: admin
Password:
Login successful.
You have access to 59 projects, the list has been suppressed. You can list all projects with ' projects'
Using project "default".
Confirm URL for WebUI.
{ocp}[kni@bastion ~]$ oc whoami --show-console
https://console-openshift-console.apps.ocp.lab.localdomain
Navigate to the URL above and select my_htpasswd_provider. Enter your new credentials. At this point you should be able to login without issue. If not, please work through the process again.
Troubleshooting
If you do run into errors, the files that you created and run the command below to delete the secret.
oc delete secret htpass-secret -n openshift-configAt this point you should be able to repeat the procedure and check for errors.
Reference