Differences

This shows you the differences between two versions of the page.

--- docker:okd1 [2026/03/20 13:33] – jonathan
+++ docker:okd1 [2026/03/20 19:04] (current) – jonathan
@@ Line 1: / Line 1: @@
 ===== OKD1 =====
+==== VM spin-up ====
+<code - okd-spin_up-cp.sh>
+#!/bin/bash
+virsh destroy okd-bootstrap
+virsh undefine okd-bootstrap
+virsh destroy okd-cp1
+virsh undefine okd-cp1
+virsh destroy okd-cp2
+virsh undefine okd-cp2
+virsh destroy okd-cp3
+virsh undefine okd-cp3
+rm -rf /var/lib/libvirt/images/*.ign
+########################################################################
+# 1. Nettoyage et Copie de l'image
+wipefs -a /dev/disk/by-path/ip-172.16.100.14:3260-iscsi-iqn.2005-10.org.freenas.ctl:vms-storage-lun-35
+qemu-img convert -O raw /mnt/images/linux/fcos.qcow2 /dev/disk/by-path/ip-172.16.100.14:3260-iscsi-iqn.2005-10.org.freenas.ctl:vms-storage-lun-35
+# 3. Préparation Ignition
+cp bootstrap.ign /var/lib/libvirt/images/bootstrap.ign
+chmod 777 /var/lib/libvirt/images/bootstrap.ign
+IGNITION_DEVICE_ARG="--qemu-commandline=-fw_cfg name=opt/com.coreos/config,file=/var/lib/libvirt/images/bootstrap.ign"
+# 4. Installation
+virt-install \
+  --name okd-bootstrap \
+  --memory 16384 --vcpus 4 --cpu host-passthrough \
+  --machine q35 --os-variant=fedora-coreos-stable \
+  --disk path=/dev/disk/by-path/ip-172.16.100.14:3260-iscsi-iqn.2005-10.org.freenas.ctl:vms-storage-lun-35 \
+  --network network=vlan219,model=virtio,mac=52:54:00:aa:bb:07 \
+  --graphics none \
+  --import \
+  --noautoconsole \
+  "${IGNITION_DEVICE_ARG}"
+########################################################################
+# 1. Nettoyage et Copie de l'image
+wipefs -a /dev/disk/by-path/ip-172.16.100.14:3260-iscsi-iqn.2005-10.org.freenas.ctl:vms-storage-lun-36
+qemu-img convert -O raw /mnt/images/linux/fcos.qcow2 /dev/disk/by-path/ip-172.16.100.14:3260-iscsi-iqn.2005-10.org.freenas.ctl:vms-storage-lun-36
+# 3. Préparation Ignition
+cp master.ign /var/lib/libvirt/images/master.ign
+chmod 777 /var/lib/libvirt/images/master.ign
+IGNITION_DEVICE_ARG="--qemu-commandline=-fw_cfg name=opt/com.coreos/config,file=/var/lib/libvirt/images/master.ign"
+# 4. Installation
+virt-install \
+  --name okd-cp1 \
+  --memory 16384 --vcpus 4 --cpu host-passthrough \
+  --machine q35 --os-variant=fedora-coreos-stable \
+  --disk path=/dev/disk/by-path/ip-172.16.100.14:3260-iscsi-iqn.2005-10.org.freenas.ctl:vms-storage-lun-36 \
+  --network network=vlan219,model=virtio,mac=52:54:00:aa:bb:01 \
+  --graphics none \
+  --import \
+  --noautoconsole \
+  "${IGNITION_DEVICE_ARG}"
+########################################################################
+# 1. Nettoyage et Copie de l'image
+wipefs -a /dev/disk/by-path/ip-172.16.100.14:3260-iscsi-iqn.2005-10.org.freenas.ctl:vms-storage-lun-37
+qemu-img convert -O raw /mnt/images/linux/fcos.qcow2 /dev/disk/by-path/ip-172.16.100.14:3260-iscsi-iqn.2005-10.org.freenas.ctl:vms-storage-lun-37
+# 3. Préparation Ignition
+cp master.ign /var/lib/libvirt/images/master.ign
+chmod 777 /var/lib/libvirt/images/master.ign
+IGNITION_DEVICE_ARG="--qemu-commandline=-fw_cfg name=opt/com.coreos/config,file=/var/lib/libvirt/images/master.ign"
+# 4. Installation
+virt-install \
+  --name okd-cp2 \
+  --memory 16384 --vcpus 4 --cpu host-passthrough \
+  --machine q35 --os-variant=fedora-coreos-stable \
+  --disk path=/dev/disk/by-path/ip-172.16.100.14:3260-iscsi-iqn.2005-10.org.freenas.ctl:vms-storage-lun-37 \
+  --network network=vlan219,model=virtio,mac=52:54:00:aa:bb:02 \
+  --graphics none \
+  --import \
+  --noautoconsole \
+  "${IGNITION_DEVICE_ARG}"
+########################################################################
+# 1. Nettoyage et Copie de l'image
+wipefs -a /dev/disk/by-path/ip-172.16.100.14:3260-iscsi-iqn.2005-10.org.freenas.ctl:vms-storage-lun-38
+qemu-img convert -O raw /mnt/images/linux/fcos.qcow2 /dev/disk/by-path/ip-172.16.100.14:3260-iscsi-iqn.2005-10.org.freenas.ctl:vms-storage-lun-38
+# 3. Préparation Ignition
+cp master.ign /var/lib/libvirt/images/master.ign
+chmod 777 /var/lib/libvirt/images/master.ign
+IGNITION_DEVICE_ARG="--qemu-commandline=-fw_cfg name=opt/com.coreos/config,file=/var/lib/libvirt/images/master.ign"
+# 4. Installation
+virt-install \
+  --name okd-cp3 \
+  --memory 16384 --vcpus 4 --cpu host-passthrough \
+  --machine q35 --os-variant=fedora-coreos-stable \
+  --disk path=/dev/disk/by-path/ip-172.16.100.14:3260-iscsi-iqn.2005-10.org.freenas.ctl:vms-storage-lun-38 \
+  --network network=vlan219,model=virtio,mac=52:54:00:aa:bb:03 \
+  --graphics none \
+  --import \
+  --noautoconsole \
+  "${IGNITION_DEVICE_ARG}"
+########################################################################
+</code>
+<code - okd-spin_up-workers.sh>
+#!/bin/bash
+virsh destroy okd-worker1
+virsh undefine okd-worker1
+virsh destroy okd-worker2
+virsh undefine okd-worker2
+virsh destroy okd-worker3
+virsh undefine okd-worker3
+virsh destroy okd-worker4
+virsh undefine okd-worker4
+########################################################################
+# 1. Nettoyage et Copie de l'image
+wipefs -a /dev/disk/by-path/ip-172.16.100.14:3260-iscsi-iqn.2005-10.org.freenas.ctl:vms-storage-lun-39
+wipefs -a /dev/disk/by-path/ip-172.16.100.14:3260-iscsi-iqn.2005-10.org.freenas.ctl:vms-storage-lun-43
+qemu-img convert -O raw /mnt/images/linux/fcos.qcow2 /dev/disk/by-path/ip-172.16.100.14:3260-iscsi-iqn.2005-10.org.freenas.ctl:vms-storage-lun-39
+# 3. Préparation Ignition
+cp worker.ign /var/lib/libvirt/images/worker.ign
+chmod 777 /var/lib/libvirt/images/worker.ign
+IGNITION_DEVICE_ARG="--qemu-commandline=-fw_cfg name=opt/com.coreos/config,file=/var/lib/libvirt/images/worker.ign"
+# 4. Installation
+virt-install \
+  --name okd-worker1 \
+  --memory 16384 --vcpus 4 --cpu host-passthrough \
+  --machine q35 --os-variant=fedora-coreos-stable \
+  --disk path=/dev/disk/by-path/ip-172.16.100.14:3260-iscsi-iqn.2005-10.org.freenas.ctl:vms-storage-lun-39 \
+  --disk path=/dev/disk/by-path/ip-172.16.100.14:3260-iscsi-iqn.2005-10.org.freenas.ctl:vms-storage-lun-43 \
+  --network network=vlan219,model=virtio,mac=52:54:00:aa:bb:04 \
+  --network network=ovsbr0,portgroup=vlan-all,model=virtio,mac=52:54:00:aa:bc:04 \
+  --graphics none \
+  --import \
+  --noautoconsole \
+  "${IGNITION_DEVICE_ARG}"
+########################################################################
+# 1. Nettoyage et Copie de l'image
+wipefs -a /dev/disk/by-path/ip-172.16.100.14:3260-iscsi-iqn.2005-10.org.freenas.ctl:vms-storage-lun-40
+wipefs -a /dev/disk/by-path/ip-172.16.100.14:3260-iscsi-iqn.2005-10.org.freenas.ctl:vms-storage-lun-44
+qemu-img convert -O raw /mnt/images/linux/fcos.qcow2 /dev/disk/by-path/ip-172.16.100.14:3260-iscsi-iqn.2005-10.org.freenas.ctl:vms-storage-lun-40
+# 3. Préparation Ignition
+cp worker.ign /var/lib/libvirt/images/worker.ign
+chmod 777 /var/lib/libvirt/images/worker.ign
+IGNITION_DEVICE_ARG="--qemu-commandline=-fw_cfg name=opt/com.coreos/config,file=/var/lib/libvirt/images/worker.ign"
+# 4. Installation
+virt-install \
+  --name okd-worker2 \
+  --memory 16384 --vcpus 4 --cpu host-passthrough \
+  --machine q35 --os-variant=fedora-coreos-stable \
+  --disk path=/dev/disk/by-path/ip-172.16.100.14:3260-iscsi-iqn.2005-10.org.freenas.ctl:vms-storage-lun-40 \
+  --disk path=/dev/disk/by-path/ip-172.16.100.14:3260-iscsi-iqn.2005-10.org.freenas.ctl:vms-storage-lun-44 \
+  --network network=vlan219,model=virtio,mac=52:54:00:aa:bb:05 \
+  --network network=ovsbr0,portgroup=vlan-all,model=virtio,mac=52:54:00:aa:bc:05 \
+  --graphics none \
+  --import \
+  --noautoconsole \
+  "${IGNITION_DEVICE_ARG}"
+########################################################################
+# 1. Nettoyage et Copie de l'image
+wipefs -a /dev/disk/by-path/ip-172.16.100.14:3260-iscsi-iqn.2005-10.org.freenas.ctl:vms-storage-lun-41
+wipefs -a /dev/disk/by-path/ip-172.16.100.14:3260-iscsi-iqn.2005-10.org.freenas.ctl:vms-storage-lun-45
+qemu-img convert -O raw /mnt/images/linux/fcos.qcow2 /dev/disk/by-path/ip-172.16.100.14:3260-iscsi-iqn.2005-10.org.freenas.ctl:vms-storage-lun-41
+# 3. Préparation Ignition
+cp worker.ign /var/lib/libvirt/images/worker.ign
+chmod 777 /var/lib/libvirt/images/worker.ign
+IGNITION_DEVICE_ARG="--qemu-commandline=-fw_cfg name=opt/com.coreos/config,file=/var/lib/libvirt/images/worker.ign"
+# 4. Installation
+virt-install \
+  --name okd-worker3 \
+  --memory 16384 --vcpus 4 --cpu host-passthrough \
+  --machine q35 --os-variant=fedora-coreos-stable \
+  --disk path=/dev/disk/by-path/ip-172.16.100.14:3260-iscsi-iqn.2005-10.org.freenas.ctl:vms-storage-lun-41 \
+  --disk path=/dev/disk/by-path/ip-172.16.100.14:3260-iscsi-iqn.2005-10.org.freenas.ctl:vms-storage-lun-45 \
+  --network network=vlan219,model=virtio,mac=52:54:00:aa:bb:06 \
+  --network network=ovsbr0,portgroup=vlan-all,model=virtio,mac=52:54:00:aa:bc:06 \
+  --graphics none \
+  --import \
+  --noautoconsole \
+  "${IGNITION_DEVICE_ARG}"
+########################################################################
+# 1. Nettoyage et Copie de l'image
+wipefs -a /dev/disk/by-path/ip-172.16.100.14:3260-iscsi-iqn.2005-10.org.freenas.ctl:vms-storage-lun-42
+wipefs -a /dev/disk/by-path/ip-172.16.100.14:3260-iscsi-iqn.2005-10.org.freenas.ctl:vms-storage-lun-46
+qemu-img convert -O raw /mnt/images/linux/fcos.qcow2 /dev/disk/by-path/ip-172.16.100.14:3260-iscsi-iqn.2005-10.org.freenas.ctl:vms-storage-lun-42
+# 3. Préparation Ignition
+cp worker.ign /var/lib/libvirt/images/worker.ign
+chmod 777 /var/lib/libvirt/images/worker.ign
+IGNITION_DEVICE_ARG="--qemu-commandline=-fw_cfg name=opt/com.coreos/config,file=/var/lib/libvirt/images/worker.ign"
+# 4. Installation
+virt-install \
+  --name okd-worker4 \
+  --memory 16384 --vcpus 4 --cpu host-passthrough \
+  --machine q35 --os-variant=fedora-coreos-stable \
+  --disk path=/dev/disk/by-path/ip-172.16.100.14:3260-iscsi-iqn.2005-10.org.freenas.ctl:vms-storage-lun-42 \
+  --disk path=/dev/disk/by-path/ip-172.16.100.14:3260-iscsi-iqn.2005-10.org.freenas.ctl:vms-storage-lun-46 \
+  --network network=vlan219,model=virtio,mac=52:54:00:aa:bb:09 \
+  --network network=ovsbr0,portgroup=vlan-all,model=virtio,mac=52:54:00:aa:bc:09 \
+  --graphics none \
+  --import \
+  --noautoconsole \
+  "${IGNITION_DEVICE_ARG}"
+</code>
 ==== Installation command ====
@@ Line 356: / Line 593: @@
 </code>
+\n
+\n
+===== Creating Local Users in OKD 4.21 Using HTPasswd =====
+A fresh OKD installation only provides the ``kubeadmin`` user.
+To allow local users to log in and deploy pods, configure an HTPasswd
+identity provider.
+----
+==== Step 1: Create the htpasswd file ====
+<code bash>
+docker run --rm \
+  -v $(pwd):/work \
+  docker.io/httpd:2 \
+  htpasswd -cbB /work/users.htpasswd user1 MyPassword123
+docker run --rm \
+  -v $(pwd):/work \
+  docker.io/httpd:2 \
+  htpasswd -bB /work/users.htpasswd user2 MyPassword123
+docker run --rm \
+  -v $(pwd):/work \
+  docker.io/httpd:2 \
+  htpasswd -bB /work/users.htpasswd user3 MyPassword123
+</code>
+----
+==== Step 2: Create the secret in the openshift-config namespace ====
+<code bash>
+oc create secret generic htpasswd-secret \
+  --from-file=htpasswd=users.htpasswd \
+  -n openshift-config
+</code>
+----
+==== Step 3: Configure OAuth to use HTPasswd ====
+Edit the OAuth configuration:
+<code bash>
+oc edit oauth cluster
+</code>
+Add:
+<code yaml>
+spec:
+  identityProviders:
+  - name: local-users
+    mappingMethod: claim
+    type: HTPasswd
+    htpasswd:
+      fileData:
+        name: htpasswd-secret
+</code>
+Wait for the OAuth operator to restart.
+----
+==== Step 4: Test login ====
+Log out of the Web Console and log in with:
+  * Username: ``myuser``
+  * Password: ``MyPassword123``
+----
+==== Step 5: Grant permissions to the new user ====
+Allow user to create their own Projects:
+<code bash>
+oc adm policy add-cluster-role-to-user self-provisioner myuser
+</code>
+Or give admin access to a specific namespace:
+<code bash>
+oc adm policy add-role-to-user admin myuser -n mynamespace
+</code>
+The user can now create and run pods.