This procedure can be used to access the interface to manage Keycloak users. Users can be added with this interface. See Create Internal User Accounts in the Keycloak Shasta Realm.
- This procedure uses
SYSTEM_DOMAIN_NAME
as an example for the DNS name of the non-compute node (NCN). Replace this name with the actual NCN's DNS name while executing this procedure. - This procedure assumes that the password for the Keycloak
admin
account is known. The Keycloak password is set during the software installation process.-
(
ncn-mw#
) The password can be obtained with the following command:kubectl get secret -n services keycloak-master-admin-auth --template={{.data.password}} | base64 --decode
-
-
Point a browser at
https://auth.cmn.SYSTEM_DOMAIN_NAME/keycloak/
, replacingSYSTEM_DOMAIN_NAME
with the actual NCN's DNS name.The following is an example URL for a system:
https://auth.cmn.system1.us.cray.com/keycloak/
The browser may return an error message similar to the following when
auth.cmn.SYSTEM_DOMAIN_NAME/keycloak
is launched for the first time:This Connection Is Not Private This website may be impersonating "hostname" to steal your personal or financial information. You should go back to the previous page.
See Make HTTPS Requests from Sources Outside the Management Kubernetes Cluster for more information on getting the Certificate Authority (CA) certificate on the system.
-
Click the
Administration Console
link. -
Log in as the
admin
user for theMaster
realm. -
Ensure that the selected
Realm
isShasta
. -
Click the
Users
link under theManage
menu on the left side of the screen.New users can be added with this interface. See Create Internal User Accounts in the Keycloak Shasta Realm.