OpenShift Origin All-In-One#
Resources#
Get started#
Create directory ~/openshift and cd into that.
vagrant init openshift/origin-all-in-one and wait....
Then you get a VirtualBox machine running.
Then there is an admin console
SSH into this box with vagrant ssh.
oc cmdline#
We need the oc command first. The admin console provides the download link (question mark top right).
We unpack this oc to /usr/local/bin/oc.
➜ openshift oc version oc v3.1.1.6-33-g81eabcc kubernetes v1.1.0-origin-1107-g4c8e6f4
Docker registry#
Next we first want a docker registry that we can use, either the internal one or an external one that is accessible to openshift.The All-In-One already runs an internal registry, vagrant ssh into the machine and issue a docker ps and you will see it.
Now we want to access it and be able to push images to it:
➜ openshift vagrant ssh
Last login: Sun Jan 1 12:45:04 2017 from 10.0.2.2
[vagrant@localhost ~]$ docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
docker.io/cockpit/kubernetes latest 238b38aa0113 5 weeks ago 252.3 MB
docker.io/openshift/origin-deployer v1.3.0 5bf464732ca8 3 months ago 487.1 MB
docker.io/openshift/origin-docker-registry v1.3.0 59d447094a3c 3 months ago 345.5 MB
docker.io/openshift/origin-haproxy-router v1.3.0 e33d4e33dffb 3 months ago 506.2 MB
docker.io/openshift/origin-pod v1.3.0 35873f68181d 3 months ago 1.591 MB
docker.io/openshift/origin-metrics-heapster v1.3.0 3f80c00bdd32 3 months ago 994.8 MB
docker.io/openshift/origin-metrics-deployer v1.3.0 e261ae18fca5 3 months ago 647.2 MB
docker.io/openshift/origin-metrics-cassandra v1.3.0 2a389f0b9ea8 3 months ago 665.6 MB
docker.io/openshift/origin-metrics-hawkular-metrics v1.3.0 cc940d946002 3 months ago 961.7 MB
<none> <none> a0393477373e 4 months ago 245.9 MB
[vagrant@localhost ~]$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
bfcf0bef4c67 cockpit/kubernetes "/usr/libexec/cockpit" 24 minutes ago Up 24 minutes k8s_openshift-cockpit.14908408_openshift-cockpit-1-0jub2_cockpit_052ea662-81bc-11e6-bb35-525400c583ad_72ac8656
b639a2bcd3f5 openshift/origin-metrics-heapster:v1.3.0 "heapster-wrapper.sh " 24 minutes ago Up 24 minutes k8s_heapster.4551c889_heapster-sdr3v_openshift-infra_11c54b5b-81bc-11e6-bb35-525400c583ad_529ef3ce
825c8658af83 openshift/origin-haproxy-router:v1.3.0 "/usr/bin/openshift-r" 24 minutes ago Up 24 minutes k8s_router.fdb6f3d1_router-1-fn5kw_default_04dc941b-81bc-11e6-bb35-525400c583ad_c90727d5
fe95db5ffe97 openshift/origin-metrics-cassandra:v1.3.0 "/opt/apache-cassandr" 24 minutes ago Up 24 minutes k8s_hawkular-cassandra-1.3c76d82f_hawkular-cassandra-1-ihpvd_openshift-infra_11208439-81bc-11e6-bb35-525400c583ad_94b43ae7
07d3104072f9 openshift/origin-metrics-hawkular-metrics:v1.3.0 "/opt/hawkular/script" 24 minutes ago Up 24 minutes k8s_hawkular-metrics.37f0cb47_hawkular-metrics-ns2ij_openshift-infra_10c3a998-81bc-11e6-bb35-525400c583ad_db47212e
4ff80e0978fb openshift/origin-docker-registry:v1.3.0 "/bin/sh -c 'DOCKER_R" 24 minutes ago Up 24 minutes k8s_registry.59b7d2b8_docker-registry-1-i37wn_default_0515ec11-81bc-11e6-bb35-525400c583ad_14a070dd
a1252c73eb4f openshift/origin-pod:v1.3.0 "/pod" 24 minutes ago Up 24 minutes k8s_POD.4a82dc9f_router-1-fn5kw_default_04dc941b-81bc-11e6-bb35-525400c583ad_1ee402d0
3c5f2061c114 openshift/origin-pod:v1.3.0 "/pod" 24 minutes ago Up 24 minutes k8s_POD.182903ec_heapster-sdr3v_openshift-infra_11c54b5b-81bc-11e6-bb35-525400c583ad_d3d71030
4b9ad3d72d7f openshift/origin-pod:v1.3.0 "/pod" 24 minutes ago Up 24 minutes k8s_POD.75ca2cc1_hawkular-metrics-ns2ij_openshift-infra_10c3a998-81bc-11e6-bb35-525400c583ad_9428faa5
e9c504566694 openshift/origin-pod:v1.3.0 "/pod" 24 minutes ago Up 24 minutes k8s_POD.62547583_hawkular-cassandra-1-ihpvd_openshift-infra_11208439-81bc-11e6-bb35-525400c583ad_1042a81d
ec488da6e7d8 openshift/origin-pod:v1.3.0 "/pod" 24 minutes ago Up 24 minutes k8s_POD.b858fe8f_openshift-cockpit-1-0jub2_cockpit_052ea662-81bc-11e6-bb35-525400c583ad_c45cd598
d0d7a7ba14ce openshift/origin-pod:v1.3.0 "/pod" 24 minutes ago Up 24 minutes k8s_POD.9fa2fe82_docker-registry-1-i37wn_default_0515ec11-81bc-11e6-bb35-525400c583ad_527d9706
[vagrant@localhost ~]$ docker inspect 4ff80e0978fb|grep DOCKER_REGISTRY
"DOCKER_REGISTRY_URL=${DOCKER_REGISTRY_SERVICE_HOST}:${DOCKER_REGISTRY_SERVICE_PORT} /dockerregistry ${REGISTRY_CONFIGURATION_PATH}"
"DOCKER_REGISTRY_PORT_5000_TCP_PROTO=tcp",
"DOCKER_REGISTRY_PORT_5000_TCP=tcp://172.30.53.244:5000",
"DOCKER_REGISTRY_SERVICE_HOST=172.30.53.244",
"DOCKER_REGISTRY_PORT=tcp://172.30.53.244:5000",
"DOCKER_REGISTRY_SERVICE_PORT=5000",
"DOCKER_REGISTRY_PORT_5000_TCP_ADDR=172.30.53.244",
"DOCKER_REGISTRY_SERVICE_PORT_5000_TCP=5000",
"DOCKER_REGISTRY_PORT_5000_TCP_PORT=5000",
"DOCKER_REGISTRY_URL=${DOCKER_REGISTRY_SERVICE_HOST}:${DOCKER_REGISTRY_SERVICE_PORT} /dockerregistry ${REGISTRY_CONFIGURATION_PATH}"
[vagrant@localhost ~]$ telnet 172.30.53.244 5000
Trying 172.30.53.244...
Connected to 172.30.53.244.
Escape character is '^]'.
^]
telnet> quit
Connection closed.
[vagrant@localhost ~]$
Testapp1#
We first need a (mysql) database. This can be created in openshift. First we user the admin console to create a "deployment" of a mysql db, there we can set the dbname, user and password. It takes about 2 minutes for the db to be available, and we have 2 additional docker containers running in the VirtualBox.
Create docker image for your runnable jar#
We user the following Dockerfile and built an image with it:
FROM alpine:3.3 MAINTAINER Harry Metske <metskem@apache.org> RUN apk --update add openjdk8-jre ADD testapp1-0.1.1.jar / ENV LANG en_US.UTF-8 ENV CATALINA_OPTS -Djava.security.egd=file:/dev/./urandom EXPOSE 8080 CMD ["java","-jar", "/testapp1-0.1.1.jar"]
Registry#
Next we need a registry where we can push/pull our images: docker run -d -p 5000:5000 -v /home/metskem/registry:/tmp/registry-dev --name=registry registryNext we tag and push our image:
➜ testapp1 git:(master) ✗ docker tag testapp1:latest athena:5000/testapp1:0.1.1
➜ testapp1 git:(master) ✗ docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
athena:5000/testapp1 0.1.1 66ece7b26ab2 10 minutes ago 165.7 MB
testapp1 latest 66ece7b26ab2 10 minutes ago 165.7 MB
registry latest 182810e6ba8c 4 days ago 37.62 MB
monitoringartist/zabbix-xxl 3.2.3 b7ae522f5534 10 days ago 659.8 MB
----- snip -----
➜ testapp1 git:(master) ✗ docker push athena:5000/testapp1:0.1.1
The push refers to a repository [athena:5000/testapp1]
a634f2e80801: Pushed
f43d53ce4f92: Pushed
501307b47dda: Pushed
0.1.1: digest: sha256:27508c97430484cab6cfe56b4562437d24b4f50d17d9387a39957a6278f57045 size: 952
➜ testapp1 git:(master) ✗
__However__ we need SSL if we want to access this registry remotely. Therefore create keypair first:
{{{
keyfile=/tmp/keyfile.key
certfile=/tmp/certfile.crt
export subj="
C=NL
ST=Overijssel
O=computerhok
localityName=Rijssen
commonName=athena
"
/usr/bin/openssl req -x509 -nodes -newkey rsa:2048 -sha256 -keyout ${keyfile} -days 3650 -out ${certfile} -batch -subj "$(echo -n "$subj" | tr "\n" "/")"
And then (remove and) restart the registry container with:
docker run -d -p 5000:5000 -v /home/metskem/registry:/tmp/registry-dev -v /home/metskem/registry-certs:/certs -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/certfile.crt -e REGISTRY_HTTP_TLS_KEY=/certs/keyfile.key --name=registry registry
Next also edit /etc/sysconfig/docker on the VirtualBox and add/change --insecureegistry=athena:5000 , after also adding 10.0.0.164 athena to etc/hosts in the VirtualBox. After that: systemctl restart docker
Also add the self-signed cert to the VirtualBox (and again restart docker) : scp metskem@athena:registry-certs/certfile.crt /etc/docker/certs.d/athena\:5000/ca.crt
The above does not help, the admin console keeps saying Internal error occurred: Get https://athena:5000/v2/: x509: certificate signed by unknown authority.
But the oc command says it's fine:
➜ ~ oc new-app athena:5000/testapp1:0.1.1
--> Found Docker image 66ece7b (50 minutes old) from athena:5000 for "athena:5000/testapp1:0.1.1"
* This image will be deployed in deployment config "testapp1"
* [WARNING] Image "testapp1" runs as the 'root' user which may not be permitted by your cluster administrator
* Port 8080/tcp will be load balanced by service "testapp1"
--> Creating resources with label app=testapp1 ...
DeploymentConfig "testapp1" created
Service "testapp1" created
--> Success
Run 'oc status' to view your app.
But no, looking at the admin console, we do see our testapp1, but it can't pull the image: Failed to pull image "athena:5000/library/testapp1:0.1.1": image pull failed for athena:5000/library/testapp1:0.1.1, this may be because there are no credentials on this request. details: (Error: image library/testapp1 not found)