“Small deeds done are better than great deed planned”

-Peter Marshall

If you are looking for DevOps deployment and automation then this was a great foundation to make it happen. Docker integration whether your private hub, GIT repo or Jenkins all can be used then easily deployed with OpenShift. I just started with GCP and the deployment of Operating Systems has been the fastest of any other cloud provider thus far and I’m liking the straight forward interface.

Lets get going –Free is my favorite so sign up Here and get $300 in free Google credits. Then jump right into the Compute console – Create an instance -> Then fill out your info (No caps for some reason) and on Machine type pick what you want but for this project I wanted something a little more beefy to handle essentially 4 Platforms (CentOS, Docker, Kubernetes, OpenShift). Bookdisk is your OS hit Change to select CentOS 7 which is what this article is built on. Allow API access and open up the firewall, you will need to add other ports later as well.



It creates the OS in about 30 seconds and gives you the info needed to connect.

Now it’s a little more difficult then to just ssh into the box no matter the OS but you can download the SDK pack for your distribution it saves a ton of headaches https://cloud.google.com/sdk/ . The same site has a ton of info on setting up and issuing different commands handling keys changing regions…. Anyway run the gcloud compute ssh servername and putty will launch if using Windows

Ok you’re in the machine get root access with sudo su and then update the image

Get your docker reqs ready

yum install -y yum utils \

device mapper-persistent-data \ lvm2

yum -y install wget git net-tools bind-utils iptables-services bridge-utils bash-completion pyOpenSSL

Download Docker latest version for CentOS using wget https://download.docker.com/linux/centos/7/x86_64/stable/Packages/docker-ce-17.06.2.ce-1.el7.centos.x86_64.rpm

Next install it using yum – Its better this way then using rpm -… because you can load the dependencies

The next part took me multiple hours to get right and that was setting the “INSECURE REGISTRY” option as the CentOS prior to 7.2 used chkconfig and not systmctl and Docker prior also used different arguments as well plus trying to amend the file to another file with .conf etc weren’t allowed due to permissions which I believe were tied to SELinux which HAS to be installed for Docker to work on this setup… Anyway, mkdir -p /etc/systemd/system/docker.service.d which is a directory after the service where amended files should be able to pass back into the service all failed miserably.

Onto the Good, issue a cat command to the above file path and we see the current insecure registry commented out and not on the OpenShift subnet of 172.30.0.0/16

vim /etc/systemd/system/docker.service.d uncomment the INSECURE REGISTRY and add in the correct subnet then save and close

systemctl daemon-reload

systemctl enable docker

systemctl restart docker

OK now time to test Docker is functioning properly check out my previous Docker setup article as well for more info on commands etc. Next test that its running OK

docker run hello-world

docker pull registry

Test it out a little more docker run –dit –p 5000:5000 –name registry registry

Pull open local firewall ports for docker and subnet of the insecure registry

firewall-cmd –permanent –zone=public –add-port=80/tcp

firewall-cmd –permanent –new-zone dockerc

firewall-cmd –permanent –zone=dockerc –add-source 172.17.0.0/16

firewall-cmd –permanent –zone=dockerc –add-port=8443/tcp

firewall-cmd –permanent –zone=dockerc –add-port=53/udp

firewall-cmd –permanent –zone=dockerc –add-port=8053/tcp

firewall-cmd –reload

On to OpenShift mkdir /opt/openshift-origin-v1.4.1

chmod 755 /opt /opt/openshift-origin-v1.4.1

cd /opt/openshift-origin-v1.4.1

wget https://github.com/openshift/origin/releases/download/v1.4.1/openshift-origin-server-v1.4.1-3f9807a-linux-64bit.tar.gz

Verify that it’s there -> ls –l

tar –xvzf openshift-origin-server-v1.4.1-3f9807a-linux-64bit.tar.gz –strip-components 1

rm -f openshift-origin-server-*.tar.gz

Now we’ll setup and Load the environment:

cat > /etc/profile.d/openshift.sh << ‘__EOF__’

export OPENSHIFT=/opt/openshift-origin-v1.4.1

export OPENSHIFT_VERSION=v1.4.1

export PATH=$OPENSHIFT:$PATH

export KUBECONFIG=$OPENSHIFT/openshift.local.config/master/admin.kubeconfig

export CURL_CA_BUNDLE=$OPENSHIFT/openshift.local.config/master/ca.crt

__EOF__

Set the permissions and use docker to pull the images down:

chmod 755 /etc/profile.d/openshift.sh

. /etc/profile.d/openshift.sh

docker pull openshift/origin-pod:$OPENSHIFT_VERSION

docker pull openshift/origin-sti-builder:$OPENSHIFT_VERSION

docker pull openshift/origin-docker-builder:$OPENSHIFT_VERSION

docker pull openshift/origin-deployer:$OPENSHIFT_VERSION

docker pull openshift/origin-docker-registry:$OPENSHIFT_VERSION

docker pull openshift/origin-haproxy-router:$OPENSHIFT_VERSION

OpenShift config files

./openshift start –write-config=openshift.local.config

chmod +r $OPENSHIFT/openshift.local.config/master/admin.kubeconfig

chmod +r $OPENSHIFT/openshift.local.config/master/openshift-registry.kubeconfig

chmod +r $OPENSHIFT/openshift.local.config/master/openshift-router.kubeconfi

More Firewall Commands

firewall-cmd –permanent –zone=public –add-port=80/tcp

firewall-cmd –permanent –zone=public –add-port=443/tcp

firewall-cmd –permanent –zone=public –add-port=8443/tcp

firewall-cmd –reload

Install as a daemon and run

cat > /etc/systemd/system/openshift-origin.service << ‘__EOF__’

[Unit]

Description=Origin Master Service

After=docker.service

Requires=docker.service

[Service]

Restart=always

RestartSec=10s

ExecStart=/opt/openshift-origin-v1.2/openshift start

WorkingDirectory=/opt/openshift-origin-v1.2

[Install]

WantedBy=multi-user.target

__EOF__

systemctl daemon-reload

systemctl enable openshift-origin

systemctl start openshift-origin

oc login -u system:admin -n default

oadm policy add-cluster-role-to-user cluster-admin admin

mkdir /opt/openshift-registry

chcon -Rt svirt_sandbox_file_t /opt/openshift-registry

chown 1001.root /opt/openshift-registry

oadm policy add-scc-to-user privileged -z registry

oadm registry –service-account=registry –mount-host=/opt/openshift-registry

oc get svc docker-registry

oadm policy add-scc-to-user hostnetwork -z router

oadm router router –replicas=1 –service-account=router

Check on things -> oc status

cd ~

git clone https://github.com/openshift/openshift-ansible.git

cd openshift-ansible/roles/openshift_examples/files/examples/latest/

for f in image-streams/image-streams-centos7.json; do cat $f | oc create -n openshift -f -; done

for f in db-templates/*.json; do cat $f | oc create -n openshift -f -; done

for f in quickstart-templates/*.json; do cat $f | oc create -n openshift -f -; done

Now for the final steps and getting started Go to your public IP or internal address in a browser and use port :8443

Login admin admin if you used the setup described here

Click on default as talked about earlier

You should now see some docker images -> go to build

Go to your catalog and check on python

Lets start a custom build.. Back over to your command line

oc new-app –name sample-notebooks \

getwarped/s2i-minimal-notebook:latest~https://github.com/getwarped/sample-notebooks.git

oc import-image getwarped/s2i-minimal-notebook:latest –confirm

oc get is/s2i-minimal-notebook -o json.

Take note of the items circled in red: These will appear in the browser later

Now go back to your browser and look in your catalog: You should now see an Uncategorized icon

Everything you saw circled in red should now appear here inside the deployment page. This is something that can obviously be modified in the parameters we just saw so make note of that if you want to deploy multiple apps from the same source you can customize them there.

Next put in the name of your app and the git repo from which you are pulling from: For this project its:

https://github.com/getwarped/sample-notebooks.git

You should have a confirmation after its run as well addresses on how to manage your app

Lastly always go through your logs to check that everything went smoothly

See you after the RedHat conference in VA…

-EK