oc-adm-groups-sync(1)

1OC ADM GROUPS(1)                   June 2016                  OC ADM GROUPS(1)
2
3
4

NAME

6       oc  adm groups sync - Sync OpenShift groups with records from an exter‐
7       nal provider.
8
9
10

SYNOPSIS

12       oc adm groups sync [OPTIONS]
13
14
15

DESCRIPTION

17       Sync OpenShift Groups with records from an external provider.
18
19
20       In order to sync OpenShift Group records with those  from  an  external
21       provider,  determine  which  Groups  you  wish  to sync and where their
22       records live. For instance, all or some groups may be selected from the
23       current Groups stored in OpenShift that have been synced previously, or
24       similarly all or some groups may be selected from those  stored  on  an
25       LDAP server. The path to a sync configuration file is required in order
26       to describe how data is requested from the external  record  store  and
27       migrated  to  OpenShift  records.  Default  behavior is to do a dry-run
28       without changing OpenShift records. Passing '--confirm' will  sync  all
29       groups from the LDAP server returned by the LDAP query templates.
30
31
32

OPTIONS

34       --allow-missing-template-keys=true
35           If  true, ignore any errors in templates when a field or map key is
36       missing in the template. Only applies to  golang  and  jsonpath  output
37       formats.
38
39
40       --blacklist=""
41           path to the group blacklist file
42
43
44       --confirm=false
45           if  true,  modify  OpenShift groups; if false, display results of a
46       dry-run
47
48
49       --no-headers=false
50           When using the default or custom-column output format, don't  print
51       headers (default print headers).
52
53
54       -o, --output="yaml"
55           Output  format. One of: json|yaml|wide|name|custom-columns=...|cus‐
56       tom-columns-file=...|go-template=...|go-template-file=...|json‐
57       path=...|jsonpath-file=...   See   custom   columns   [  ⟨http://kuber‐
58       netes.io/docs/user-guide/kubectl-overview/#custom-columns⟩],     golang
59       template   [  ⟨http://golang.org/pkg/text/template/#pkg-overview⟩]  and
60       jsonpath template [ ⟨http://kubernetes.io/docs/user-guide/jsonpath⟩].
61
62
63       --show-labels=false
64           When printing, show all labels as the  last  column  (default  hide
65       labels column)
66
67
68       --sort-by=""
69           If  non-empty, sort list types using this field specification.  The
70       field  specification  is  expressed  as  a  JSONPath  expression  (e.g.
71       '{.metadata.name}').  The  field  in the API resource specified by this
72       JSONPath expression must be an integer or a string.
73
74
75       --sync-config=""
76           path to the sync config
77
78
79       --template=""
80           Template string or path to template file  to  use  when  -o=go-tem‐
81       plate,  -o=go-template-file.  The template format is golang templates [
82       ⟨http://golang.org/pkg/text/template/#pkg-overview⟩].
83
84
85       --type="ldap"
86           which groups white- and blacklist entries refer to: ldap,openshift
87
88
89       --whitelist=""
90           path to the group whitelist file
91
92
93

OPTIONS INHERITED FROM PARENT COMMANDS

95       --allow_verification_with_non_compliant_keys=false
96           Allow  a  SignatureVerifier  to  use  keys  which  are  technically
97       non-compliant with RFC6962.
98
99
100       --alsologtostderr=false
101           log to standard error as well as files
102
103
104       --application_metrics_count_limit=100
105           Max number of application metrics to store (per container)
106
107
108       --as=""
109           Username to impersonate for the operation
110
111
112       --as-group=[]
113           Group  to  impersonate for the operation, this flag can be repeated
114       to specify multiple groups.
115
116
117       --azure-container-registry-config=""
118           Path to the file containing Azure container registry  configuration
119       information.
120
121
122       --boot_id_file="/proc/sys/kernel/random/boot_id"
123           Comma-separated  list  of files to check for boot-id. Use the first
124       one that exists.
125
126
127       --cache-dir="/builddir/.kube/http-cache"
128           Default HTTP cache directory
129
130
131       --certificate-authority=""
132           Path to a cert file for the certificate authority
133
134
135       --client-certificate=""
136           Path to a client certificate file for TLS
137
138
139       --client-key=""
140           Path to a client key file for TLS
141
142
143       --cloud-provider-gce-lb-src-cidrs=130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16
144           CIDRs opened in GCE firewall for LB traffic proxy  health checks
145
146
147       --cluster=""
148           The name of the kubeconfig cluster to use
149
150
151       --container_hints="/etc/cadvisor/container_hints.json"
152           location of the container hints file
153
154
155       --containerd="unix:///var/run/containerd.sock"
156           containerd endpoint
157
158
159       --context=""
160           The name of the kubeconfig context to use
161
162
163       --default-not-ready-toleration-seconds=300
164           Indicates    the    tolerationSeconds   of   the   toleration   for
165       notReady:NoExecute that is added by default to every pod that does  not
166       already have such a toleration.
167
168
169       --default-unreachable-toleration-seconds=300
170           Indicates  the  tolerationSeconds  of  the  toleration for unreach‐
171       able:NoExecute that is added by default to  every  pod  that  does  not
172       already have such a toleration.
173
174
175       --docker="unix:///var/run/docker.sock"
176           docker endpoint
177
178
179       --docker-tls=false
180           use TLS to connect to docker
181
182
183       --docker-tls-ca="ca.pem"
184           path to trusted CA
185
186
187       --docker-tls-cert="cert.pem"
188           path to client certificate
189
190
191       --docker-tls-key="key.pem"
192           path to private key
193
194
195       --docker_env_metadata_whitelist=""
196           a  comma-separated  list of environment variable keys that needs to
197       be collected for docker containers
198
199
200       --docker_only=false
201           Only report docker containers in addition to root stats
202
203
204       --docker_root="/var/lib/docker"
205           DEPRECATED: docker root is read from docker info (this is  a  fall‐
206       back, default: /var/lib/docker)
207
208
209       --enable_load_reader=false
210           Whether to enable cpu load reader
211
212
213       --event_storage_age_limit="default=24h"
214           Max length of time for which to store events (per type). Value is a
215       comma separated list of key values, where  the  keys  are  event  types
216       (e.g.: creation, oom) or "default" and the value is a duration. Default
217       is applied to all non-specified event types
218
219
220       --event_storage_event_limit="default=100000"
221           Max number of events to store (per type). Value is  a  comma  sepa‐
222       rated  list  of  key values, where the keys are event types (e.g.: cre‐
223       ation, oom) or "default" and  the  value  is  an  integer.  Default  is
224       applied to all non-specified event types
225
226
227       --global_housekeeping_interval=0
228           Interval between global housekeepings
229
230
231       --housekeeping_interval=0
232           Interval between container housekeepings
233
234
235       --httptest.serve=""
236           if non-empty, httptest.NewServer serves on this address and blocks
237
238
239       --insecure-skip-tls-verify=false
240           If true, the server's certificate will not be checked for validity.
241       This will make your HTTPS connections insecure
242
243
244       --kubeconfig=""
245           Path to the kubeconfig file to use for CLI requests.
246
247
248       --log-flush-frequency=0
249           Maximum number of seconds between log flushes
250
251
252       --log_backtrace_at=:0
253           when logging hits line file:N, emit a stack trace
254
255
256       --log_cadvisor_usage=false
257           Whether to log the usage of the cAdvisor container
258
259
260       --log_dir=""
261           If non-empty, write log files in this directory
262
263
264       --logtostderr=true
265           log to standard error instead of files
266
267
268       --machine_id_file="/etc/machine-id,/var/lib/dbus/machine-id"
269           Comma-separated list of files to  check  for  machine-id.  Use  the
270       first one that exists.
271
272
273       --match-server-version=false
274           Require server version to match client version
275
276
277       -n, --namespace=""
278           If present, the namespace scope for this CLI request
279
280
281       --request-timeout="0"
282           The  length  of  time  to  wait before giving up on a single server
283       request. Non-zero values should contain a corresponding time unit (e.g.
284       1s, 2m, 3h). A value of zero means don't timeout requests.
285
286
287       -s, --server=""
288           The address and port of the Kubernetes API server
289
290
291       --stderrthreshold=2
292           logs at or above this threshold go to stderr
293
294
295       --storage_driver_buffer_duration=0
296           Writes  in  the  storage driver will be buffered for this duration,
297       and committed to the non memory backends as a single transaction
298
299
300       --storage_driver_db="cadvisor"
301           database name
302
303
304       --storage_driver_host="localhost:8086"
305           database host:port
306
307
308       --storage_driver_password="root"
309           database password
310
311
312       --storage_driver_secure=false
313           use secure connection with database
314
315
316       --storage_driver_table="stats"
317           table name
318
319
320       --storage_driver_user="root"
321           database username
322
323
324       --token=""
325           Bearer token for authentication to the API server
326
327
328       --user=""
329           The name of the kubeconfig user to use
330
331
332       -v, --v=0
333           log level for V logs
334
335
336       --version=false
337           Print version information and quit
338
339
340       --vmodule=
341           comma-separated list of pattern=N settings for  file-filtered  log‐
342       ging
343
344
345

EXAMPLE

347                # Sync all groups from an LDAP server
348                oc adm groups sync --sync-config=/path/to/ldap-sync-config.yaml --confirm
349
350                # Sync all groups except the ones from the blacklist file from an LDAP server
351                oc adm groups sync --blacklist=/path/to/blacklist.txt --sync-config=/path/to/ldap-sync-config.yaml --confirm
352
353                # Sync specific groups specified in a whitelist file with an LDAP server
354                oc adm groups sync --whitelist=/path/to/whitelist.txt --sync-config=/path/to/sync-config.yaml --confirm
355
356                # Sync all OpenShift Groups that have been synced previously with an LDAP server
357                oc adm groups sync --type=openshift --sync-config=/path/to/ldap-sync-config.yaml --confirm
358
359                # Sync specific OpenShift Groups if they have been synced previously with an LDAP server
360                oc adm groups sync groups/group1 groups/group2 groups/group3 --sync-config=/path/to/sync-config.yaml --confirm
361
362
363
364

HISTORY

371       June 2016, Ported from the Kubernetes man-doc generator
372
373
374
375Openshift                  Openshift CLI User Manuals         OC ADM GROUPS(1)