Red Hat SummitQuesto contenuto non è disponibile nella lingua selezionata.
Chapter 5. Configuring LDAP on RHOSO
To connect Red Hat OpenStack Services on OpenShift to LDAP so that your OpenStack users authenticate by using pre-established LDAP identities, do the following:
- Use the OpenStack CLI to create the domain.
- Use RHOSO to create a secret that contains the required configuration.
-
Mount the secret to the service by using the
OpenStackControlPlanecustom resource file.
5.1. Configuring LDAP by using Red Hat Identity
Copia collegamentoCollegamento copiato negli appunti!
Use the OpenStack CLI or the OpenStack Dashboard (horizon) to create OpenStack domains.
Prerequisites
- A pre-established Red Hat Identity server.
Procedure
Create an OpenStack domain:
$ openstack domain create <name>where:
<name>- Specifies the name of your OpenStack domain.
Create a
keystone-domainssecret calledkeystone-domains.yaml. This secret is mounted into the/etc/keystone/domainsconfiguration directory:apiVersion: v1 kind: Secret metadata: name: keystone-domains namespace: openstack type: Opaque stringData: keystone.<domain_name>.conf: | [identity] driver = ldap [ldap] url = ldaps://localhost user = =openstack,ou=Users,dc=director,dc=example,dc=com password = RedactedComplexPassword suffix = dc=domain,dc=example,dc=com user_tree_dn = ou=Users,dc=domain,dc=example,dc=com user_objectclass = person group_tree_dn = ou=Groups,dc=example,dc=org group_objectclass = groupOfNames use_tls = TrueCreate the secret:
$ oc apply -f keystone-domain-name.yamlOpen your
OpenStackCustomResourcecustom resource (CR) file and add the secret by using theextraMountsfield:apiVersion: core.openstack.org/v1beta1 kind: OpenStackControlPlane metadata: name: openstack spec: keystone: template: customServiceConfig: | [identity] domain_specific_drivers_enabled = True extraMounts: - name: v1 region: r1 extraVol: - propagation: - Keystone extraVolType: Conf volumes: - name: keystone-domains secret: secretName: keystone-domains mounts: - name: keystone-domains mountPath: "/etc/keystone/domains" readOnly: trueApply the changes to your OpenStack control plane CR:
$ oc apply -f openstack_control_plane.yaml
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}