oc-ex-sync-groups(1)

1OC EX(1)                           June 2016                          OC EX(1)
2
3
4

NAME

6       oc ex sync-groups - Sync OpenShift groups with records from an external
7       provider.
8
9
10

SYNOPSIS

12       oc ex sync-groups [OPTIONS]
13
14
15

DESCRIPTION

17       Sync OpenShift Groups with records from an external provider.
18
19
20       In order to sync OpenShift Group records with those  from  an  external
21       provider,  determine  which  Groups  you  wish  to sync and where their
22       records live. For instance, all or some groups may be selected from the
23       current Groups stored in OpenShift that have been synced previously, or
24       similarly all or some groups may be selected from those  stored  on  an
25       LDAP server. The path to a sync configuration file is required in order
26       to describe how data is requested from the external  record  store  and
27       migrated  to  OpenShift  records.  Default  behavior is to do a dry-run
28       without changing OpenShift records. Passing '--confirm' will  sync  all
29       groups from the LDAP server returned by the LDAP query templates.
30
31
32

OPTIONS

34       --allow-missing-template-keys=true
35           If  true, ignore any errors in templates when a field or map key is
36       missing in the template. Only applies to  golang  and  jsonpath  output
37       formats.
38
39
40       --blacklist=""
41           path to the group blacklist file
42
43
44       --confirm=false
45           if  true,  modify  OpenShift groups; if false, display results of a
46       dry-run
47
48
49       --no-headers=false
50           When using the default or custom-column output format, don't  print
51       headers (default print headers).
52
53
54       -o, --output="yaml"
55           Output  format. One of: json|yaml|wide|name|custom-columns=...|cus‐
56       tom-columns-file=...|go-template=...|go-template-file=...|json‐
57       path=...|jsonpath-file=...   See   custom   columns   [  ⟨http://kuber‐
58       netes.io/docs/user-guide/kubectl-overview/#custom-columns⟩],     golang
59       template   [  ⟨http://golang.org/pkg/text/template/#pkg-overview⟩]  and
60       jsonpath template [ ⟨http://kubernetes.io/docs/user-guide/jsonpath⟩].
61
62
63       --show-labels=false
64           When printing, show all labels as the  last  column  (default  hide
65       labels column)
66
67
68       --sort-by=""
69           If  non-empty, sort list types using this field specification.  The
70       field  specification  is  expressed  as  a  JSONPath  expression  (e.g.
71       '{.metadata.name}').  The  field  in the API resource specified by this
72       JSONPath expression must be an integer or a string.
73
74
75       --sync-config=""
76           path to the sync config
77
78
79       --template=""
80           Template string or path to template file  to  use  when  -o=go-tem‐
81       plate,  -o=go-template-file.  The template format is golang templates [
82       ⟨http://golang.org/pkg/text/template/#pkg-overview⟩].
83
84
85       --type="ldap"
86           which groups white- and blacklist entries refer to: ldap,openshift
87
88
89       --whitelist=""
90           path to the group whitelist file
91
92
93

OPTIONS INHERITED FROM PARENT COMMANDS

95       --allow_verification_with_non_compliant_keys=false
96           Allow  a  SignatureVerifier  to  use  keys  which  are  technically
97       non-compliant with RFC6962.
98
99
100       --alsologtostderr=false
101           log to standard error as well as files
102
103
104       --application_metrics_count_limit=100
105           Max number of application metrics to store (per container)
106
107
108       --as=""
109           Username to impersonate for the operation
110
111
112       --as-group=[]
113           Group  to  impersonate for the operation, this flag can be repeated
114       to specify multiple groups.
115
116
117       --azure-container-registry-config=""
118           Path to the file containing Azure container registry  configuration
119       information.
120
121
122       --boot_id_file="/proc/sys/kernel/random/boot_id"
123           Comma-separated  list  of files to check for boot-id. Use the first
124       one that exists.
125
126
127       --cache-dir="/builddir/.kube/http-cache"
128           Default HTTP cache directory
129
130
131       --certificate-authority=""
132           Path to a cert file for the certificate authority
133
134
135       --client-certificate=""
136           Path to a client certificate file for TLS
137
138
139       --client-key=""
140           Path to a client key file for TLS
141
142
143       --cloud-provider-gce-lb-src-cidrs=130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16
144           CIDRs opened in GCE firewall for LB traffic proxy  health checks
145
146
147       --cluster=""
148           The name of the kubeconfig cluster to use
149
150
151       --container_hints="/etc/cadvisor/container_hints.json"
152           location of the container hints file
153
154
155       --containerd="unix:///var/run/containerd.sock"
156           containerd endpoint
157
158
159       --context=""
160           The name of the kubeconfig context to use
161
162
163       --default-not-ready-toleration-seconds=300
164           Indicates    the    tolerationSeconds   of   the   toleration   for
165       notReady:NoExecute that is added by default to every pod that does  not
166       already have such a toleration.
167
168
169       --default-unreachable-toleration-seconds=300
170           Indicates  the  tolerationSeconds  of  the  toleration for unreach‐
171       able:NoExecute that is added by default to  every  pod  that  does  not
172       already have such a toleration.
173
174
175       --docker="unix:///var/run/docker.sock"
176           docker endpoint
177
178
179       --docker-tls=false
180           use TLS to connect to docker
181
182
183       --docker-tls-ca="ca.pem"
184           path to trusted CA
185
186
187       --docker-tls-cert="cert.pem"
188           path to client certificate
189
190
191       --docker-tls-key="key.pem"
192           path to private key
193
194
195       --docker_env_metadata_whitelist=""
196           a  comma-separated  list of environment variable keys that needs to
197       be collected for docker containers
198
199
200       --docker_only=false
201           Only report docker containers in addition to root stats
202
203
204       --docker_root="/var/lib/docker"
205           DEPRECATED: docker root is read from docker info (this is  a  fall‐
206       back, default: /var/lib/docker)
207
208
209       --enable_load_reader=false
210           Whether to enable cpu load reader
211
212
213       --event_storage_age_limit="default=24h"
214           Max length of time for which to store events (per type). Value is a
215       comma separated list of key values, where  the  keys  are  event  types
216       (e.g.: creation, oom) or "default" and the value is a duration. Default
217       is applied to all non-specified event types
218
219
220       --event_storage_event_limit="default=100000"
221           Max number of events to store (per type). Value is  a  comma  sepa‐
222       rated  list  of  key values, where the keys are event types (e.g.: cre‐
223       ation, oom) or "default" and  the  value  is  an  integer.  Default  is
224       applied to all non-specified event types
225
226
227       --global_housekeeping_interval=0
228           Interval between global housekeepings
229
230
231       --housekeeping_interval=0
232           Interval between container housekeepings
233
234
235       --insecure-skip-tls-verify=false
236           If true, the server's certificate will not be checked for validity.
237       This will make your HTTPS connections insecure
238
239
240       --kubeconfig=""
241           Path to the kubeconfig file to use for CLI requests.
242
243
244       --log-flush-frequency=0
245           Maximum number of seconds between log flushes
246
247
248       --log_backtrace_at=:0
249           when logging hits line file:N, emit a stack trace
250
251
252       --log_cadvisor_usage=false
253           Whether to log the usage of the cAdvisor container
254
255
256       --log_dir=""
257           If non-empty, write log files in this directory
258
259
260       --logtostderr=true
261           log to standard error instead of files
262
263
264       --machine_id_file="/etc/machine-id,/var/lib/dbus/machine-id"
265           Comma-separated list of files to  check  for  machine-id.  Use  the
266       first one that exists.
267
268
269       --match-server-version=false
270           Require server version to match client version
271
272
273       -n, --namespace=""
274           If present, the namespace scope for this CLI request
275
276
277       --request-timeout="0"
278           The  length  of  time  to  wait before giving up on a single server
279       request. Non-zero values should contain a corresponding time unit (e.g.
280       1s, 2m, 3h). A value of zero means don't timeout requests.
281
282
283       -s, --server=""
284           The address and port of the Kubernetes API server
285
286
287       --stderrthreshold=2
288           logs at or above this threshold go to stderr
289
290
291       --storage_driver_buffer_duration=0
292           Writes  in  the  storage driver will be buffered for this duration,
293       and committed to the non memory backends as a single transaction
294
295
296       --storage_driver_db="cadvisor"
297           database name
298
299
300       --storage_driver_host="localhost:8086"
301           database host:port
302
303
304       --storage_driver_password="root"
305           database password
306
307
308       --storage_driver_secure=false
309           use secure connection with database
310
311
312       --storage_driver_table="stats"
313           table name
314
315
316       --storage_driver_user="root"
317           database username
318
319
320       --token=""
321           Bearer token for authentication to the API server
322
323
324       --user=""
325           The name of the kubeconfig user to use
326
327
328       -v, --v=0
329           log level for V logs
330
331
332       --version=false
333           Print version information and quit
334
335
336       --vmodule=
337           comma-separated list of pattern=N settings for  file-filtered  log‐
338       ging
339
340
341

EXAMPLE

343                # Sync all groups from an LDAP server
344                oc ex sync-groups --sync-config=/path/to/ldap-sync-config.yaml --confirm
345
346                # Sync all groups except the ones from the blacklist file from an LDAP server
347                oc ex sync-groups --blacklist=/path/to/blacklist.txt --sync-config=/path/to/ldap-sync-config.yaml --confirm
348
349                # Sync specific groups specified in a whitelist file with an LDAP server
350                oc ex sync-groups --whitelist=/path/to/whitelist.txt --sync-config=/path/to/sync-config.yaml --confirm
351
352                # Sync all OpenShift Groups that have been synced previously with an LDAP server
353                oc ex sync-groups --type=openshift --sync-config=/path/to/ldap-sync-config.yaml --confirm
354
355                # Sync specific OpenShift Groups if they have been synced previously with an LDAP server
356                oc ex sync-groups groups/group1 groups/group2 groups/group3 --sync-config=/path/to/sync-config.yaml --confirm
357
358
359
360

HISTORY

367       June 2016, Ported from the Kubernetes man-doc generator
368
369
370
371Openshift                  Openshift CLI User Manuals                 OC EX(1)