0.實驗環境的簡單介紹。lab install-post setup主要是配置好檔案（HOSTS配置和執行ANSIBLE的指令碼）。ansible-playbook -i inventory full_classroom_install.yml | grep TASK執行ANSIBLE指令碼，這裡篩選列出其過程。

模擬git倉庫地址：http://workstation.lab.example.com

網路資源下載地址：http://172.25.254.254/materials

私有倉庫地址：workstation.lab.example.com:5000

NFS:master.lab.example.com

[[email protected] ~]$ lab install-post setup

Setting up workstation for lab exercise work:
Downloading files for 

Exercise has already been downloaded. Use cleanup if you want to start over.
 · Setting up lab files:.......................................  SUCCESS
[[email protected]

~]$ ansible-playbook -i inventory full_classroom_install.yml | grep TASK
TASK [setup] *******************************************************************
TASK [Create /root/.ssh] *******************************************************
TASK [Copy lab_rsa to /root/.ssh/id_rsa] ***************************************
TASK [Copy lab_rsa.pub to /root/.ssh/id_rsa.pub] *******************************
TASK [Deploy ssh key to root at all nodes] *************************************
TASK [Install docker] **********************************************************
TASK [Customize /etc/sysconfig/docker-storage-setup] ***************************
TASK [Verify existence of /dev/docker-vg/docker-pool] **************************
TASK [Run docker-storage-setup] ************************************************
TASK [Start and enable docker] *************************************************
TASK [Install required packages] ***********************************************
TASK [Install OpenShift tools] *************************************************
TASK [setup] *******************************************************************
TASK [Create /root/installer.cfg.yml] ******************************************
TASK [Remove OpenShift package exclusions] *************************************
TASK [Check for existing OCP install] ******************************************
TASK [Run atomic-openshift-installer] ******************************************
TASK [setup] *******************************************************************
TASK [Check for OCP Service] ***************************************************
TASK [Re-add OpenShift package exclusions] *************************************
TASK [Fix registry console] ****************************************************
TASK [Wait for registry-console to re-deploy] **********************************
TASK [Edit RHEL7 Image Streams] ************************************************
TASK [delete_openshift_is] *****************************************************
TASK [create_rhel7_is] *********************************************************
TASK [Install httpd-tools] *****************************************************
TASK [Add the path to the password file for the HTPasswdPasswordIdentityProvider] ***
TASK [Change master-config.yaml to use HTPasswdPasswordIdentityProvider] *******
TASK [Allow oc and web access for users] ***************************************
TASK [Restart OpenShift Master service to apply authentication changes] ********
TASK [Waiting for the master to restart] ***************************************
TASK [Give admin user proper permissions] **************************************
TASK [setup] *******************************************************************
TASK [Install atomic-openshift-clients] ****************************************

 

1.cat /etc/origin/openshift-passwd檢視已有的使用者資訊。htpasswd -b /etc/origin/openshift-passwd henry flactrag新增使用者和密碼。 cat /etc/origin/openshift-passwd 再次檢視進行確認。

[[email protected] ~]# cat /etc/origin/openshift-passwd 
developer:$apr1$Vmq5KWAd$D5VGjaPrfSiG84DqlXu760
admin:$apr1$fpJCH2a7$ElfDkv2Z.zKToJzsiDU8L.
[[email protected] ~]# htpasswd -b /etc/origin/openshift-passwd henry flactrag
Adding password for user henry
[[email protected] ~]# htpasswd -b /etc/origin/openshift-passwd saagar flactrag
Adding password for user saagar
[[email protected] ~]# cat /etc/origin/openshift-passwd 
developer:$apr1$Vmq5KWAd$D5VGjaPrfSiG84DqlXu760
admin:$apr1$fpJCH2a7$ElfDkv2Z.zKToJzsiDU8L.
henry:$apr1$zyEJBVsm$ObXrKFDS27Y/QZo/lmVwA1
saagar:$apr1$qujwDswJ$g.w9xgJUEJRSzwkrQnB2S1

 

2. oc login -u admin -p redhat https://master.lab.example.com:8443使用管理員賬號進行登陸。oc adm policy remove-cluster-role-from-group self-provisioner system:authenticated system:authenticated:oauth將普通使用者建立專案的授權角色移除。

[[email protected] ~]# oc login -u admin -p redhat https://master.lab.example.com:8443
Login successful.

You have access to the following projects and can switch between them with 'oc project <projectname>':

  * default
    kube-system
    logging
    management-infra
    openshift
    openshift-infra

Using project "default".
[[email protected] ~]# oc adm policy remove-cluster-role-from-group self-provisioner system:authenticated system:authenticated:oauth
cluster role "self-provisioner" removed: ["system:authenticated" "system:authenticated:oauth"]

 

3.oc login -u saagar -p flactrag https://master.lab.example.com:8443使用剛建立的普通使用者進行登陸。oc new-project test嘗試建立專案，發現無法建立。

[[email protected] ~]# oc login -u saagar -p flactrag https://master.lab.example.com:8443
Login successful.

You don't have any projects. Contact your system administrator to request a project.
[[email protected] ~]# oc new-project test
Error from server (Forbidden): You may not request a new project via this API.