After all the applications are installed, the first thing to do is log into
https://admin.oas.example.org. Here you can find the “user panel”, a place where
you can create, edit and delete users. You can log in with the user “admin”. The
password can be found in
clusters/my-cluster/secrets/userbackend_admin_password. After logging in, you
will see an overview of all the applications your user has access to. For more
information on how to create users and give them access to applications, take a
look at the user panel
NOTE: at the moment none of the applications are available at
oas.example.org, we only provide applications in subdomains. In the future this might change.
These applications are available after the installation is completed successfully:
OAS User panel¶
The OAS user panel
can be used to create and edit users. These users can be used to log into the
applications listed below.
The user panel is available at https://admin.oas.example.org. You can login
admin using the
userbackend_admin_password password from your secrets
After logging in to the user panel follow the user panel documentation to create a new user.
Note: The email address is important because some applications need a valid email address for notification mails. Single sign-on with Grafana will fail for users lacking an email address.
You can now use the new user to log in to all apps which were granted access to in the last step using single sign-on.
Nextcloud is a file sharing and communication platform and is available at https://files.oas.example.org.
Nextcloud needs to be configured to properly send out emails.
You can do so by logging in as
admin using signle sign-on and then going to
Settings -> Basic settings -> Email server and entering your SMTP email
config and credentials.
Please complete this configuration before you login as non-admin user using
single sign-on, otherwise the first login will not succeed.
Onlyoffice is an online document editing suite. Your can open documents in Onlyoffice by clicking them in Nextcloud. You can open new documents by clicking the “Plus” button in Nextcloud and selecting Document, Spreadsheet or Presentation.
Rocketchat is a team chat application and available at https://chat.oas.example.org.
Until we fully automate SSO integration for Rocketchat manual intervention is neccessary to activate it. You need to follow these steps once:
- Log in as
rocketchat_admin_passwordfrom your secrets folder.
- On the top left side click on the
Optionsbutton (three dots) and then click on
- In the left menu scroll down and click on
- Click on
add custom oauthand enter
- Click on the newly added
Custom OAuth: Openappstackprovider
- Change the following settings (leave all others like they are):
oas.example.orgto your domain)
- Token Path:
- Identity Path:
- Authorize Path:
openid profile openappstack_roles email
- Secret: Paste the
rocketchat_oauth_client_secretfrom your secrets folder
- Login Style:
- Button Text:
Login with OpenAppStack
- Username field:
- Name field:
- Roles/Groups field name:
- Merge roles from SSO:
- Merge users:
Save changes, log out and you are done.
Next time you log in to Rocketchat you will be able to use single sign-on using
Wordpress is a website content management system and
available at https://www.oas.example.org.
Log in button and then click
Login with OpenID Connect to use
- If you log in as
adminusing single sign-on, you will not have admin rights within Wordpress. In order to use admin rights you need to log in without single sign-on using the
wordpress_admin_passwordpassword in the
- If you log in as
adminusing single sign-on, you will not have admin rights within Grafana. In order to use admin rights you need to log in without signgle sign-on using the
grafana_admin_passwordpassword in the
Other applications installed into the cluster¶
Besides these applications, some other components are installed. These are part of the OpenAppStack back end and they dont’t have a user facing web interfaces, but we like to list them here for reference:
- rancher’s local-path-provisioner provides an easy way for the cluster to use a directory on
the node (by default
/var/lib/OpenAppStack/local-storage) for storage;
- NGINX is a webserver that functions as a so-called ingress controller, routing web traffic that enters the cluster to the various applications;
- cert-manager acquires and stores Let’s Encrypt certificates, enabling encrypted web traffic to all applications running in the cluster;
- Flux checks for application updates approved by the OpenAppStack team and installs them automatically.