OpenShift 3.6 - Release Candidate (A Hands-On)

Hi, Everybody!

Today I want to introduce you to some features of OpenShift 3.6 while giving you the chance to have a hands-on experience with the Release Candidate.

First of all:

1. It's a Release Candidate and the features I'll show you are marked as Tech Preview, so use them for testing purpose ONLY!
2. We cannot use Minishift just because there is no Minishift updated yet. Anyway, I'll show how could use its base iso-image.
3. I don't want to use 'oc cluster up' in a virtual machine just because setting up a virtual machine, to run it, would be a waste of time.

Prerequisites

This is our grocery list, you'll find below all the software needed for accomplishing our goal: test OpenShift 3.6 RC.

1. Latest oc binary available on Github at https://github.com/openshift/origin/releases/tag/v3.6.0-rc.0.
2. Docker-Machine: A Virtual Machine with docker installed! - "Docker Machine is a tool that lets you install Docker Engine on virtual hosts, and manage the hosts with docker-machine commands. You can use Machine to create Docker hosts on your local Mac or Windows box, on your company network, in your data center, or on cloud providers" -  https://docs.docker.com/machine/install-machine/.
3. Virtualization software (VirtualBox/Libvirt/KVM/Xhyve).
4. Enough RAM for running a 4GB (or any other Minishift-like) virtual machine.

Please Note:

• If you didn't use OpenShift Clients (oc) binary before, it's not so hard: just unpack it, place it somewhere and run it.
• If you didn't install docker-machine before, just follow the how-to provided in the link before: it will be easy!
• Depending on the Virtualization layer you'll use, you may need configuring/installing an appropriate driver to let docker-machine works with it, these are some examples:
  • Virtualbox: https://docs.docker.com/machine/drivers/virtualbox/
  • Libvirt/KVM: https://github.com/dhiltgen/docker-machine-kvm
  • Xhyve: https://github.com/zchee/docker-machine-driver-xhyve
• In the following steps, I'll use commands for my Libvirt/KVM driver: sorry mac/win-users! But you will easily adapt commands to your driver, don't worry! So, be aware of editing commands when you see "-kvm-" options!
• All the commands can run as a standard user: we don't need super powers!

Let's start: the brand new Service Catalog

If you're here, I suppose you've already configured your docker-machine, didn't you? Read the previous paragraph!

As I mentioned earlier we cannot use the Minishift binary to build our Openshift VM, anyway, we can use its iso image as a source for creating our docker-machine:

$ docker-machine create -d "kvm" --kvm-boot2docker-url https://github.com/minishift/minishift-b2d-iso/releases/download/v1.0.2/minishift-b2d.iso --kvm-cpu-count 4 --kvm-memory 4096 --engine-insecure-registry 172.30.0.0/16 openshift

In the previous command, we're creating an "Openshift" named virtual machine, starting from Minishift boot2docker image, with some infrastructural configuration (CPU/RAM) and most importantly with the Openshift's insecure registry subnet configuration (172.30.0.0/16).

You can check the result of the previous command also by running:

$  docker-machine ls
    NAME ACTIVE DRIVER STATE URL SWARM DOCKER ERRORS
    openshift - kvm Running tcp://192.168.42.53:2376 v1.12.3

Now we're ready to launch our very useful "oc cluster up" command full of options for better interacting with the docker-machine we've just prepared:

$ oc cluster up --docker-machine=openshift --service-catalog=true --public-hostname="$(docker-machine ip openshift).nip.io" --routing-suffix="apps.$(docker-machine ip openshift).nip.io" --use-existing-config=true --host-data-dir='/var/lib/origin/openshift.local.data'

In the previous command, we just set the public-hostname for our Openshift's platform, its wildcard DNS for routing apps, some options for letting it being persistent and finally the option for setting up the new brand new Service Catalog.

Once  the OpenShift platform starts we need to log in as system:admin and then grant unauthenticated access to the template service broker API for using it with the Service Catalog:

$ oc login -u system:admin
    $ oc adm policy add-cluster-role-to-group system:openshift:templateservicebroker-client system:unauthenticated system:authenticated

Now we can test the new Service Catalog interface by going to the Openshift main page! (You should find it at the end of the previous "oc cluster up" command).

One step forward: Ansible Service Broker

At this point, we're ready to deploy one of the latest features: Ansible Service Broker.

First, we have to clone its Github's repository:

$ git clone https://github.com/openshift/ansible-service-broker

Then we have to create a brand new a project for deploying Ansible Service Broker's template:

$ oc new-project ansible-service-broke
    $ oc process -f ansible-service-broker/templates/deploy-ansible-service-broker.template.yaml -p BROKER_IMAGE=ansibleplaybookbundle/ansible-service-broker:latest | oc create -f -

Then we should see some new pods running in our project!

$ oc get pods
    NAME READY STATUS RESTARTS AGE
    asb-2357364550-4jmcj 1/1 Running 0 1m
    etcd-2338997634-05nz5 1/1 Running 0 1m

Here we are: Ansible Service Broker and its etcd database are running!

We're really close to the goal; we need to create the missing connection between ASB (Ansible Service Broker) and Openshift:

$ cat << EOF > broker.yaml
    apiVersion: servicecatalog.k8s.io/v1alpha1
    kind: Broker
    metadata:
      name: ansible-service-broker
    spec:
      url: https://asb.ansible-service-broker.svc:1338
    EOF
    $ oc create -f broker.yaml

If you now log into the interface, you should see a bunch of brand new templates available!

The ones ending with "(APB)" are the Ansible Playbook Bundle's template!

PLEASE READ: One more step is required, just because some of the containers used by APB templates requires "root" permissions, we need to enable the ANYUID Security Context for every authenticated user (eventually you may restrict it to the user 'developer'):

$ oc adm policy add-scc-to-group anyuid system:authenticated

That's all folks! Enjoy you're OpenShift 3.6 RC and don't forget about using it  ONLY for testing purposes!

Ciao,

About Alessandro

Alessandro Arrichiello is a Solution Architect for Red Hat Inc. He has a passion for GNU/Linux systems, which began at age 14 and continues today. He worked with tools for automating Enterprise IT: configuration management and continuous integration through virtual platforms. He’s now working on distributed cloud environment involving PaaS (OpenShift), IaaS (OpenStack) and Processes Management (CloudForms), Containers building, instances creation, HA services management, workflows build.

If you know the basic commands of Linux then download the Advanced Linux Commands Cheat Sheet, this cheat sheet can help you take your skills to the next level.