This repo provides an kerberized flask app and ansible playbooks to deploy the app on an OpenShift v3 cluster.
- OpenShift v3 Cluster
- ActiveDirectory admin user (configured in hosts ... bind_dn)
- ActiveDirectory service user. (configured in hosts ... mapped_user). The servicePrincipal get mapped on that user via the ansibe ldap_attr module.
- clone repository
git clone https://github.com/st0ne-dot-at/openshift-flask-kerberos-example.git
- create and configure python_ansbile27 virtualenv
virtualenv -p /usr/bin/python2 python_ansible27
. python_ansible27/bin/activate
pip install -r ansible_requirements.txt
-
adapt hosts to your needs
-
depoy application
ansible-playbook -i hosts ansible/playbooks/deploy_app.yml \
--extra-vars="ansible_python_interpreter=$(which python)"
- kinit
kinit myuser@MYDOMAIN.ORG
- test kerberos with curl
curl -u : --negotiate https://myservice.osc.mydomain.org -v
- remove app
oc delete all --selector template=flask-krb5-auth-sample
oc start-build flask-krb5-app