The document covers the initial steps that describe how to play with containers and OpenShift. The article was written together with Jiri Hornicek.
Prerequisites
$ tar -xzvf <origin_tarball> # like openshift-origin-server-v1.3.1-dad658de7465ba8a234a4fb40b5b446a45a4cee1-linux-64bit.tar.gz $ cd <origin_dir_name> $ sudo cp ~/<origin_dir_name>/{k,o}* /usr/bin/
Configuring a container for use with OpenShift
To start playing with OpenShift together with a container, modify the /etc/sysconfig/docker file. Allow the INSECURE_REGISTRY option and add the IP address used by OpenShift.
This tells the container to entirely disregard security for your registry. Although it is relatively easy to configure the daemon in this way, it is very insecure.
$ cat /etc/sysconfig/docker | grep INSECURE
# adding the registry to the INSECURE_REGISTRY line and uncommenting it.
INSECURE_REGISTRY='--insecure-registry 172.30.0.0/16';
To get more information see item 1.6 in document Modifying the container daemon options
Enabling the Container by systemd
To enable the container daemon, run the following three commands:
$ sudo systemctl enable docker
$ sudo systemctl daemon-reload
$ sudo systemctl restart docker
and the container should start running:
$ sudo systemctl status docker
â—Ź docker.service - Docker Application Container Engine
Loaded: loaded (/usr/lib/systemd/system/docker.service; enabled; vendor preset: disabled)
Active: active (running) since Mon 2016-11-07 15:11:41 CET; 20s ago
Docs: http://docs.docker.com
Main PID: 2769 (docker-current)
Tasks: 9
CGroup: /system.slice/docker.service
└─2769 /usr/bin/docker-current daemon --exec-opt native.cgroupdriver=systemd --selinux-enabled --log-driver=journald --insecure-registry 172.30.0.0
Nov 08 14:01:19 localhost.localdomain docker-current[2013]: time="2016-11-08T14:01:19.310721481+01:00" level=info msg="[graphdriver] using prior storage driver \"devicemapper\""
Nov 08 14:01:19 localhost.localdomain docker-current[2013]: time="2016-11-08T14:01:19.314271045+01:00" level=info msg="Graph migration to content-addressability took 0.00 seconds"
Nov 08 14:01:19 localhost.localdomain docker-current[2013]: time="2016-11-08T14:01:19.327088702+01:00" level=info msg="Firewalld running: true"
Nov 08 14:01:20 localhost.localdomain docker-current[2013]: time="2016-11-08T14:01:20.780845664+01:00" level=info msg="Default bridge (docker0) is assigned with an IP address 172.17.0.0/16.
Nov 08 14:01:21 localhost.localdomain docker-current[2013]: time="2016-11-08T14:01:21.937088251+01:00" level=info msg="Loading containers: start."
Nov 08 14:01:21 localhost.localdomain docker-current[2013]: time="2016-11-08T14:01:21.937291016+01:00" level=info msg="Loading containers: done."
Nov 08 14:01:21 localhost.localdomain docker-current[2013]: time="2016-11-08T14:01:21.937406091+01:00" level=info msg="Daemon has completed initialization"
Nov 08 14:01:21 localhost.localdomain docker-current[2013]: time="2016-11-08T14:01:21.937513606+01:00" level=info msg="Docker daemon" commit="e03ddb8/1.10.3" execdriver=native-0.2 graphdrive
Nov 08 14:01:21 localhost.localdomain systemd[1]: Started Docker Application Container Engine.
Nov 08 14:01:21 localhost.localdomain docker-current[2013]: time="2016-11-08T14:01:21.956150356+01:00" level=info msg="API listen on /var/run/docker.sock"
Starting with OpenShift
To start OpenShift, run a command:
$ sudo oc cluster up
-- Checking OpenShift client ... OK
-- Checking Docker client ... OK
-- Checking Docker version ... OK
-- Checking for existing OpenShift container ... OK
-- Checking for openshift/origin:v1.3.1 image ... OK
-- Checking Docker daemon configuration ... OK
-- Checking for available ports ...
WARNING: Binding DNS on port 8053 instead of 53, which may not be resolvable from all clients.
-- Checking type of volume mount ...
Using nsenter mounter for OpenShift volumes
-- Creating host directories ... OK
-- Finding server IP ...
Using 10.34.4.161 as the server IP
-- Starting OpenShift container ...
Creating initial OpenShift configuration
Starting OpenShift using container 'origin'
Waiting for API server to start listening
OpenShift server started
-- Installing registry ... OK
-- Installing router ... OK
-- Importing image streams ... OK
-- Importing templates ... OK
-- Login to server ... OK
-- Creating initial project "myproject" ... OK
-- Server Information ...
OpenShift server started.
You are logged in as:
User: developer
Password: developer
To log in as administrator:
oc login -u system:admin
Now, both the container and OpenShift are properly installed and running.
Creating a container image
Let's create a simple "hello-world" container. To create a directory called "docker-hello-world", type:
$ mkdir ~/docker-hello-world
$ cd ~/docker-hello-world/
and create a Dockerfile in the directory, which might look like the following one:
$ cat Dockerfile FROM fedora:24 MAINTAINER "Petr Hracek" phracek@redhat.com CMD [ "/bin/sh", "-c" , "while true; do echo Hello world; sleep 10; done" ]
Building an image
To build a helloworld docker container, run a command:
$ sudo docker build -t helloworld:0.1 .
Sending build context to Docker daemon 2.048 kB
Step 1 : FROM fedora:24
Trying to pull repository docker.io/library/fedora ...
24: Pulling from docker.io/library/fedora
2bf01635e2a0: Pull complete
Digest: sha256:64a02df6aac27d1200c2572fe4b9949f1970d05f74d367ce4af994ba5dc3669e
Status: Downloaded newer image for docker.io/fedora:24
---> 11a5107645d4
Step 2 : MAINTAINER "Petr Hracek" phracek@redhat.com
---> Running in 5eb304ac9b65
---> 7b1559495b5e
Removing intermediate container 5eb304ac9b65
Step 3 : CMD /bin/echo 'hello world'
---> Running in 9cafe8c3e6af
---> 92282096ce32
Removing intermediate container 9cafe8c3e6af
Successfully built 92282096ce32
At the end, you should see that the build was successful. In case of troubles, see a reference at [1].
Tagging an image to a local repository
To get IMAGE ID, run a docker images command in your local docker repository.
$ sudo docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
helloworld 0.1 92282096ce32 8 minutes ago 204.4 MB
docker.io/openshift/origin-deployer v1.3.0 5bf464732ca8 7 weeks ago 487.1 MB
docker.io/openshift/origin-docker-registry v1.3.0 59d447094a3c 7 weeks ago 345.5 MB
docker.io/openshift/origin-haproxy-router v1.3.0 e33d4e33dffb 7 weeks ago 506.2 MB
docker.io/openshift/origin v1.3.0 7b24611e640f 7 weeks ago 487.1 MB
docker.io/openshift/origin-pod v1.3.0 35873f68181d 7 weeks ago 1.591 MB
docker.io/fedora 24 11a5107645d4 12 weeks ago 204.4 MB
Now, tag the docker image and push it to the local repository:
$ sudo docker tag 92282096ce32 localhost.localdomain:5000/my-helloworld
Verify that the "hello-world" container is tagged in your local container repository. The tags must be the same.
$ sudo docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
helloworld 0.1 92282096ce32 12 minutes ago 204.4 MB
localhost.localdomain:5000/my-helloworld latest 92282096ce32 12 minutes ago 204.4 MB
docker.io/openshift/origin-deployer v1.3.0 5bf464732ca8 7 weeks ago 487.1 MB
docker.io/openshift/origin-docker-registry v1.3.0 59d447094a3c 7 weeks ago 345.5 MB
docker.io/openshift/origin-haproxy-router v1.3.0 e33d4e33dffb 7 weeks ago 506.2 MB
docker.io/openshift/origin v1.3.0 7b24611e640f 7 weeks ago 487.1 MB
docker.io/openshift/origin-pod v1.3.0 35873f68181d 7 weeks ago 1.591 MB
docker.io/fedora 24 11a5107645d4 12 weeks ago 204.4 MB
Two ways of adding a docker image to OpenShift
You can use two approaches, how to get a docker image into OpenShift.
Add a docker image to OpenShift as an image
First, log into your OpenShift repository as a developer and enter the password developer. You got the password from the oc cluster up command.
$ oc login -u developer
and run a command:
$ oc new-app helloworld:latest
Add a docker image to OpenShift docker-registry
You can access OpenShift Origin's internal registry directly to push or pull images. This is helpful in order to create an image stream by manually pushing an image, or just to docker pull an image directly.
Two steps are required before adding a docker image to OpenShift. The first one is to log in as system:admin and the second one is to get a registry IP, which is mandatory.
To log in as system:admin, run a command:
$ sudo oc login -u system:admin
To verify that you are logged in as, system:admin on an OpenShift instance, run a command:
$ sudo oc whoami
system:admin
To get a docker-registry IP, run a command:
$ sudo oc get svc -n default | grep docker-registry
and the output should be similar to this one:
$ sudo oc get svc -n default |grep docker-registry
docker-registry 172.30.210.244 <none> 5000/TCP 38m
Now, log in back as, developer:
$ sudo oc login -u developer
To push a local docker to the Origin docker-registry, run a command:
$ sudo docker login -u developer -p $(sudo oc whoami -t) -e <email> 172.30.210.244:5000
Now, let's tag your docker image:
$ sudo docker tag localhost.localdomain:5000/my-helloworld 172.30.210.244:5000/myproject/my-helloworld
To push the docker image to the OpenShift docker-registry, run a command:
$ sudo docker push 172.30.210.244:5000/myproject/my-helloworld
To verify that the previous task was successful, run a command
$ sudo oc get is
172.30.210.244:5000/myproject/my-helloworld
To deploy your docker image on OpenShift, run a command
$ sudo oc new-app my-helloworld:latest --name=my-helloworld
Deleting a container image from the OpenShift project
To delete an image from the Openshift project called "myproject", run a command:
$oc delete dc helloworld -n myproject
Storing a verified container image
If you verified a container image and you would like to share it, create a Pull Request in the to following GitHub repository:
https://github.com/container-images/container-image-template
References
[1] Container Best Practices
[2] GitHub - openshift/origin: Enterprise-Ready Kubernetes for Developers
As a developer, you can get a no-cost Red Hat Enterprise Linux Developer Suite subscription, which includes Red Hat Enterprise Linux 7 server, a collection of development tools, and much more.
Last updated: February 22, 2024