|
| 1 | +--- |
| 2 | +layout: post |
| 3 | +title: How to Obtain a New OpenShift Token and relogin |
| 4 | +date: 2025-02-14 09:15:16 |
| 5 | +description: An OpenShift login token expired because tokens are, by default, valid for a limited time. Follow these steps to obtain a new token and continue working with the cluster. |
| 6 | +tags: OpenShift token xterm CLI text-web-browser lynx web-browser |
| 7 | +categories: OpenShift |
| 8 | +--- |
| 9 | + |
| 10 | +# General |
| 11 | +OpenShift login tokens expire because they are, by default, valid for a limited time (e.g., 24 hours). There are several ways to re-login. |
| 12 | + |
| 13 | + |
| 14 | +## Obtain a token from a web console |
| 15 | +If you have access to the web console and re-login from there: |
| 16 | +```bash |
| 17 | +oc whoami --show-console |
| 18 | +``` |
| 19 | + |
| 20 | + |
| 21 | +## Run a re-login script |
| 22 | + |
| 23 | +If connecting via the web console is not an option, ssh into the controller machine and run the |
| 24 | +[relogin.sh script](https://github.com/dsariel/scripts/blob/master/OpenShift/relogin.sh): |
| 25 | + |
| 26 | +<script> |
| 27 | +fetch("https://raw.githubusercontent.com/dsariel/scripts/master/OpenShift/relogin.sh") |
| 28 | + .then(response => response.text()) |
| 29 | + .then(data => { |
| 30 | + document.getElementById("script-content").textContent = data; |
| 31 | + }); |
| 32 | +</script> |
| 33 | + |
| 34 | +<pre id="script-content">Loading...</pre> |
| 35 | + |
| 36 | + |
| 37 | + |
| 38 | +## Steps to Obtain a New Token using command line browser |
| 39 | +Another (more laborious) way is using a text-based web browser on the remote server (again, if the web console is not an option). |
| 40 | +Follow these steps to obtain a new token and continue working with the cluster: |
| 41 | + |
| 42 | +1. **Install a Text-Based Browser**\ |
| 43 | + Install `lynx`, a command-line browser, to access the token request page: |
| 44 | + |
| 45 | + ```bash |
| 46 | + sudo yum install lynx -y |
| 47 | + ``` |
| 48 | + |
| 49 | +2. **Retrieve a password for the `kubeadmin` user**\ |
| 50 | + If you are using the default `kubeadmin` user, retrieve the password from the installation directory: |
| 51 | + |
| 52 | + ```bash |
| 53 | + cat ~/.kube/kubeadmin-password |
| 54 | + ``` |
| 55 | + |
| 56 | + Use this password to log in as `kubeadmin` in the browser interface during the next stage. |
| 57 | + |
| 58 | +3. **Access the Token Request Page**\ |
| 59 | + Use `lynx` to navigate to the token request page: |
| 60 | + |
| 61 | + ```bash |
| 62 | + lynx https://oauth-openshift.apps.ocp.openstack.lab/oauth/token/request |
| 63 | + ``` |
| 64 | + |
| 65 | +4. **Obtain a New Token**\ |
| 66 | + Once logged in, obtain a new token. The login command will look like this: |
| 67 | + |
| 68 | + ```bash |
| 69 | + oc login --token=sha256~<...> --server=https://api.ocp.openstack.lab:6443 |
| 70 | + ``` |
0 commit comments