-
Language:
English
-
Language:
English
Chapter 3. Getting Started
3.1. Using the RH-SSO for OpenShift Image Streams and Application Templates
Red Hat JBoss Middleware for OpenShift images are pulled on demand from the Red Hat Registry: registry.access.redhat.com. To update to the latest RH-SSO for OpenShift images, run the following commands:
On your master host(s), ensure that you are logged in as a cluster administrator or a user with project administrator access to the global
openshift
project.$ oc login -u system:admin
Run the following commands to update the core set of RH-SSO 7.2 resources for OpenShift in the
openshift
project:$ for resource in sso72-image-stream.json \ sso72-https.json \ sso72-mysql.json \ sso72-mysql-persistent.json \ sso72-postgresql.json \ sso72-postgresql-persistent.json \ sso72-x509-https.json \ sso72-x509-mysql-persistent.json \ sso72-x509-postgresql-persistent.json do oc replace -n openshift --force -f \ https://raw.githubusercontent.com/jboss-openshift/application-templates/ose-v1.4.11/sso/${resource} done
Run the following command to install the RH-SSO 7.2 OpenShift image streams in the
openshift
project:$ oc -n openshift import-image redhat-sso72-openshift:1.1
3.2. Deploying the RH-SSO for OpenShift Image
3.2.1. Preparing the Deployment
Log in to the OpenShift CLI with a user that holds the cluster:admin role.
Create a new project:
$ oc new-project sso-app-demo
Add the
view
role to thedefault
service account. This enables the service account to view all the resources in the sso-app-demo namespace, which is necessary for managing the cluster.$ oc policy add-role-to-user view system:serviceaccount:$(oc project -q):default
3.2.2. Deploying the RH-SSO for OpenShift Image using Application Template
3.2.2.1. Deploying the Template via OpenShift CLI
List the available RH-SSO application templates:
$ oc get templates -n openshift -o name | grep -o 'sso72.\+' sso72-https sso72-mysql sso72-mysql-persistent sso72-postgresql sso72-postgresql-persistent sso72-x509-https sso72-x509-mysql-persistent sso72-x509-postgresql-persistent
Deploy the selected one:
$ oc new-app --template=sso72-x509-https --> Deploying template "openshift/sso72-x509-https" to project sso-app-demo Red Hat Single Sign-On 7.2 (Ephemeral) --------- An example RH-SSO 7 application. For more information about using this template, see https://github.com/jboss-openshift/application-templates. A new RH-SSO service has been created in your project. The admin username/password for accessing the master realm via the RH-SSO console is IACfQO8v/nR7llVSVb4Dye3TNRbXoXhRpAKTmiCRc. The HTTPS keystore used for serving secure content, the JGroups keystore used for securing JGroups communications, and server truststore used for securing RH-SSO requests were automatically created via OpenShift's service serving x509 certificate secrets. * With parameters: * Application Name=sso * JGroups Cluster Password=jg0Rssom0gmHBnooDF3Ww7V4Mu5RymmB # generated * Datasource Minimum Pool Size= * Datasource Maximum Pool Size= * Datasource Transaction Isolation= * ImageStream Namespace=openshift * RH-SSO Administrator Username=IACfQO8v # generated * RH-SSO Administrator Password=nR7llVSVb4Dye3TNRbXoXhRpAKTmiCRc # generated * RH-SSO Realm= * RH-SSO Service Username= * RH-SSO Service Password= * Container Memory Limit=1Gi --> Creating resources ... service "sso" created service "secure-sso" created service "sso-ping" created route "sso" created route "secure-sso" created deploymentconfig "sso" created --> Success Run 'oc status' to view your app.
3.2.2.2. Deploying the Template via OpenShift Web Console
Alternatively, perform the following steps to deploy the RH-SSO template via OpenShift web console:
- Log in to the OpenShift web console and select the sso-app-demo project space.
- Click Add to Project, then Browse Catalog to list the default image streams and templates.
- Use the Filter by Keyword search bar to limit the list to those that match sso. You may need to click Middleware, then Integration to show the desired application template.
- Select an RH-SSO application template. This example uses Red Hat Single Sign-On 7.2 (Ephemeral).
- Click Next in the Information step.
- From the Add to Project drop-down menu, select the sso-app-demo project space. Then click Next.
- Select Do not bind at this time radio button in the Binding step. Click Create to continue.
- In the Results step, click the Continue to the project overview link to verify the status of the deployment.
3.2.3. Accessing the Administrator Console of the RH-SSO Pod
After the template got deployed, identify the available routes:
$ oc get routes
NAME | HOST/PORT | PATH | SERVICES | PORT | TERMINATION | WILDCARD |
---|---|---|---|---|---|---|
secure-sso | secure-sso-sso-app-demo.openshift.example.com | secure-sso | <all> | reencrypt | None | |
sso | sso-sso-app-demo.openshift.example.com | sso | <all> | None |
and access the RH-SSO administrator console at:
- https://secure-sso-sso-app-demo.openshift.example.com/auth/admin
- http://sso-sso-app-demo.openshift.example.com/auth/admin
using the administrator account.