OpenShift offers the capability to leverage a Directory Service as an authentication source for user lookup. However, it lacks native functionality for automatic group synchronization into its Identity Management system. To achieve group syncing, we will implement a workaround solution. This involves deploying a cronjob that synchronizes groups from the source LDAP (FreeIPA in this instance) to OpenShift's OAuth service. Start by creating a dedicated namespace to encapsulate all the resources required for the automated synchronization of LDAP groups with OpenShift. $ cat << EOF > 0-namespace.yml --- apiVersion: v1 kind: Namespace metadata: name: ldap-group-sync ... EOF $ oc apply -f 0-namespace.yml Given the use of LDAPS with certificates signed by a custom Certificate Authority (CA), it is necessary to create: A ConfigMap to store the CA certificate. A Secret to securely store the password for the service account used for LDAP lookups." $ o...
NOTE: this guide exists for Upgrading from v3.11 to v3.12 as well --> here Additionally, ensure the successful completion of the upgrade/migration to an EL9 host. Refer to this post for guidance on upgrading from EL8 to EL9 using Leapp: Foreman - upgrade from el8 to el9 using leapp . With the current version, the official documentation is quite good and can be referenced. I would recommend executing all of these commands in a tmux session so that your session will remain on the server in case anything happens to your workstation. Start by checking for running tasks that would prohibit an update: [root@katello01 ~]# foreman-rake katello:upgrade_check Next, update the katello host and reboot if yum tells you to: [root@katello01 ~]# dnf -4 --refresh upgrade [root@katello01 ~]# dnf needs-restarting -r If there were any updates to foreman-related packages, make sure foreman is in a consistent state: [root@katello01 ~]# foreman-maintai...