ETECK

https://aws.amazon.com/blogs/security/how-to-establish-federated-access-to-your-aws-resources-by-using-active-directory-user-attributes/ In the preceding diagram: An AD user (let’s call him  Bob ) browses to the AD FS sample site ( https:// Fully.Qualified.Domain.Name.Here /adfs/ls/IdpInitiatedSignOn.aspx ) inside this domain. The sign-in page authenticates  Bob  against AD. If  Bob  is already authenticated or using a domain joined workstation, he also might be prompted for his AD user name and password. Bob ’s browser receives a  SAML  assertion in the form of an authentication response from AD FS.  Bob ’s access is authorized based on his AD group membership or on AD user attributes configured on his account. Bob ’s browser automatically posts the SAML assertion to the AWS sign-in endpoint for SAML ( https://signin.aws.amazon.com/saml ). The endpoint uses the  AssumeRoleWithSAML API  to request temporary security credentials and then constructs a sign-in URL for the

root@comglv1:~# ldm add-memory 16G htcsun1 root@comglv1: # zfs destroy zones cannot destroy 'zones': operation does not apply to pools use 'zfs destroy -r zones' to destroy all datasets in the pool use 'zpool destroy zones' to destroy the pool itself root@comglv1: # zfs destroy -r zones root@comglv1: # zpool create LDOM mirror c0t5000CCA03C0E89D8d0s0 c0t5000CCA03C2F3BB4d0s0 root@comglv1: # zfs create LDOM/htcsun1 root@comglv1: # zfs create -V 150g LDOM/htcsun1/disk0 root@comglv1: # ldm rm-vdisk vdisk0 htcsun1 root@comglv1: # ldm rm-vdsdev htcsun1-vd0@primary-vds0 root@comglv1: # ldm rm-vdsdev  vol0@primary-vds0 root@comglv1: # ldm rm-vdsdev iso@primary-vds0 root@comglv1: # add-vdsdev options=ro sol-10-u11-ga-sparc-dvd.iso htcsun1-iso@primary-vds0 root@comglv1: # ldm add-vdsdev /dev/zvol/dsk/LDOM/htcsun1/disk0 htcsun1-vd0@primary-vds0 root@comglv1: # ldm add-vdisk vdisk0 htcsun1-vd0@primary-vds0 htcsun1

In my demo environment, I am going to build a openshift cluster -- one master node (master/Infra/computer node) and two computer nodes. Any comments are welcome! System requirements to configure the environment: Master node: 4 vcpu/32GB mem Compuer node: 2 vcpu/ 16GB mem The following steps (1-4) will be done on all nodes as root 1> Create a user on all NODES (any user account you prefer) useradd origin passwd origin 2> Grant the sudo access without password for this user on all NODES echo  -e 'Defaults:origin !requiretty\norigin ALL = (root) NOPASSWD:ALL' | tee /etc/sudoers.d/openshift chmod  440 /etc/sudoers.d/openshift  3> Open firewall on all NODES firewall-cmd --add-service=ssh --permanent firewall-cmd --reload 4> Install Openshift, EPEL, Docker, Git abd Py on all NODES yum  -y install centos-release-openshift-origin311 epel-release docker git pyOpenSSL systemctl  start docker  systemctl  enable docker Please make a note: The follow

1> Default Port The default port is 22, you might change to other port, such as 2222 Edit the configuration file /etc/ssh/sshd.conf. and change the following: #Port 22 to Port 2222 2> Configure ssh private/public key with private passphrase enable (As the amazon way) ssh-keygen -t rsa -b 2048 Generating public/private rsa key pair. Enter file in which to save the key (/home/johndoe/.ssh/id_rsa): /home/johndoe/.ssh/id_rsa already exists. Overwrite (y/n)? y Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/johndoe/.ssh/id_rsa. Your public key has been saved in /home/johndoe/.ssh/id_rsa.pub. The key fingerprint is: SHA256:fMKdGYWBTW0R4V4EUFN6X39Xcg2xLZKJ/ffGyE0QdMc johndoe@xxx.xxx The key's randomart image is: +---[RSA 2048]----+ |         ++*OBBoo| |        . o=o* *E| |          o.B B *| |       o . = = *+| |        S = . . B| |         o   . *+| |              o =| |           

root# pkg install consolidation/java-8/java-8-incorporation@1.8.0.201.9,5.11 Creating Plan (Solver setup): \ pkg install: No matching version of consolidation/java-8/java-8-incorporation can be installed: can be installed:   Reject:  pkg://solaris/consolidation/java-8/java-8-incorporation@1.8.0.201.9-0 pkg://solaris/consolidation/java-8/java-8-incorporation@1.8.0.201.9-0   Reason:  This version is excluded by installed incorporation entire@0.5.11-0.175.3.36.0.7.0 incorporation entire@0.5.11-0.175.3.36.0.7.0 root# pfexec pkg change-facet facet.version-lock.consolidation/java-8/java-8-incorporation=false false             Packages to change:   1 change:   1      Variants/Facets to change:   1       Create boot environment:  No Create backup boot environment: Yes PHASE                                         ITEMS                         ITEMS Removing old actions                             1/1                    1/1 Updating package state database