How to configure HTPasswd identity provider in OpenShift 3.11

Configure HTPasswd identity provider in OpenShift 3.11.

All operations are performed on the management node.

There are three possibilities.

Keep users in the inventory file

Define users in the inventory file.

    # identity_providers
    openshift_master_identity_providers:
    - name: Local
      login: 'true'
      challenge: 'true'
      kind: HTPasswdPasswordIdentityProvider
    openshift_master_htpasswd_users:
      admin: '$apr1$aN8KerDS$9V665eteoxXI10AkZnGAW.'
      milosz: '$apr1$l8uIgejD$T/3rU826fKc.dp.KH5uD9.'

Keep users in dedicated file

Define users in the dedicated file on the management node.

    # identity_providers
    openshift_master_identity_providers:
    - name: Local
      login: 'true'
      challenge: 'true'
    openshift_master_htpasswd_file: ~/openshift-ansible/htpasswd

Do not manage users using inventory file

Use ansible or any othe configuration management utility to define users on each master node.

    # identity_providers
    openshift_master_identity_providers:
    - name: Local
      login: 'true'
      challenge: 'true'
      kind: HTPasswdPasswordIdentityProvider
    openshift_master_manage_htpasswd: false # use /etc/origin/master/htpasswd file on each master node

Reconfigure master node

Execute this phase by running playbooks/openshift-master/config.yml playbook.

$ ansible-playbook -i hosts playbooks/openshift-master/config.yml 
[...]

PLAY RECAP *************************************************************************************************************************************************************************************************************************************************************************
localhost                              : ok=12   changed=0    unreachable=0    failed=0    skipped=4    rescued=0    ignored=0   
openshift-example-infra-1.example.org  : ok=14   changed=0    unreachable=0    failed=0    skipped=26   rescued=0    ignored=0   
openshift-example-lb-1.example.org     : ok=13   changed=0    unreachable=0    failed=0    skipped=26   rescued=0    ignored=0   
openshift-example-master-1.example.org : ok=213  changed=48   unreachable=0    failed=0    skipped=345  rescued=0    ignored=0   
openshift-example-node-1.example.org   : ok=14   changed=0    unreachable=0    failed=0    skipped=26   rescued=0    ignored=0   
openshift-example-node-2.example.org   : ok=14   changed=0    unreachable=0    failed=0    skipped=26   rescued=0    ignored=0   


INSTALLER STATUS *******************************************************************************************************************************************************************************************************************************************************************
Initialization  : Complete (0:00:21)
Master Install  : Complete (0:02:05)
Thursday 16 April 2020  00:14:31 +0200 (0:00:00.039)       0:02:25.992 ******** 
=============================================================================== 
openshift_node_group : Wait for the sync daemonset to become ready and available ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 10.86s
openshift_excluder : Install docker excluder - yum -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 3.96s
openshift_control_plane : Wait for APIs to become available ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 3.89s
tuned : Ensure files are populated from templates --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 1.74s
openshift_control_plane : Wait for all control plane pods to come up and become ready --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 1.59s
openshift_master_certificates : Check status of master certificates --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 1.49s
openshift_excluder : Install openshift excluder - yum ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 1.45s
openshift_node_group : Copy templates to temp directory --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 1.38s
tuned : Restart tuned service ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 1.37s
openshift_master_certificates : Lookup default group for ansible_ssh_user --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 1.23s
openshift_control_plane : Start and enable self-hosting node ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 1.18s
openshift_control_plane : Prepare master static pods ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ 1.17s
openshift_control_plane : Copy static master scripts ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ 1.17s
openshift_ca : Generate the aggregator api-client config -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 0.94s
openshift_control_plane : Add iptables allow rules -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 0.90s
openshift_ca : Copy generated loopback master client config to master config dir -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 0.89s
openshift_named_certificates : Land named certificates ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 0.82s
openshift_node_group : fetch node configmap --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 0.78s
openshift_node_group : Ensure the service account can run privileged -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 0.78s
openshift_manage_node : Set node schedulability ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 0.76s