Cray System Management Documentation > Cray System Management (CSM) Administration Guide > security and authentication > Re-Sync Keycloak Users to Compute Nodes

Re-Sync Keycloak Users to Compute Nodes

Resubmit the keycloak-users-localize job and run keycloak-group-sync.sh and keycloak-passwd-sync.sh to synchronize the users and groups from Keycloak to the compute nodes. This procedure alters the /etc/passwd and /etc/group files used on compute nodes.

Use this procedure to quickly synchronize changes made in Keycloak to the compute nodes.

Prerequisites

The Slurm or PBS product must be installed.

Procedure

(ncn-mw#) Resubmit the keycloak-users-localize job.

The output might appear slightly different than in the example below.

kubectl get job -n services -l app.kubernetes.io/name=cray-keycloak-users-localize -ojson | jq '.items[0]' > keycloak-users-localize-job.json

cat keycloak-users-localize-job.json | jq 'del(.spec.selector)' | jq 'del(.spec.template.metadata.labels)' | kubectl replace --force -f -

Expected output looks similar to the following:

job.batch "keycloak-users-localize-1" deleted
job.batch/keycloak-users-localize-1 replaced

(ncn-mw#) Watch the pod to check the status of the job.

The pod will go through the normal Kubernetes states. It will stay in a Running state for a while, and then it will go to Completed.
```
kubectl get pods -n services | grep keycloak-users-localize
```
Expected output looks similar to the following:
```
keycloak-users-localize-1-sk2hn                                0/2     Completed   0          2m35s
```
(ncn-mw#) Check the pod’s logs.

Replace the KEYCLOAK_POD_NAME value with the pod name from the previous step.
```
kubectl logs -n services KEYCLOAK_POD_NAME keycloak-localize
```
Expected output should contain the following line:
```
2020-07-20 18:26:15,774 - INFO    - keycloak_localize - keycloak-localize complete
```
(ncn-mw#) Synchronize the users and groups from Keycloak to the compute nodes.

By default, the users and groups are synchronized to compute nodes daily at midnight.

To synchronize immediately, run these scripts from the compute nodes:
```
pdsh -w <computes> /usr/local/sbin/keycloak-group-sync.sh
pdsh -w <computes> /usr/local/sbin/keycloak-passwd-sync.sh
```
Or, reboot the compute nodes with the Boot Orchestration Service (BOS).
```
cray bos v2 sessions create --template-name BOS_TEMPLATE --operation reboot
```