コマンド
# Copy /tmp/foo local file to /tmp/bar in a remote pod in namespace <some-namespace> oc cp /tmp/foo <some-namespace>/<some-pod>:/tmp/bar # Copy /tmp/foo from a remote pod to /tmp/bar locally oc cp <some-namespace>/<some-pod>:/tmp/foo /tmp/bar
deploymentとかがおかしいとき
oc get event
template.json から作る
oc new-app my_template.json -p APPLICATION_NAME=aaaa
どのユーザが cluster-admin を持っているか確認する
oc get clusterrolebinding | head -n1 ;oc get clusterrolebinding | grep cluster-admin
ログをがっちゃんこして表示
$ stern myapp
https://github.com/wercker/stern/releases
PV
create したら、storageClassName: slow 削る (でもslowだからtimeoutするか)
RHDM/RHPAM on OpenShift (QuickLab)
1979710_tkobayas-secret.yaml, rhpam73-image-streams.yaml, keystore.jks (password), storage_config.yaml が手元にあるとして
oc create new-project <project_name> oc create -f 1979710_tkobayas-secret.yaml oc secrets link default 1979710-tkobayas-pull-secret --for=pull oc secrets link builder 1979710-tkobayas-pull-secret --for=pull oc create -f rhpam73-image-streams.yaml oc create secret generic kieserver-app-secret --from-file=keystore.jks oc create secret generic businesscentral-app-secret --from-file=keystore.jks oc delete storageclass glusterfs-storage oc create -f storage_config.yaml oc new-app -f rhpam73-authoring.yaml -p BUSINESS_CENTRAL_HTTPS_SECRET=businesscentral-app-secret -p KIE_SERVER_HTTPS_SECRET=kieserver-app-secret -p BUSINESS_CENTRAL_HTTPS_PASSWORD=password -p KIE_SERVER_HTTPS_PASSWORD=password -p KIE_ADMIN_PWD=password1! -p KIE_SERVER_CONTROLLER_PWD=password1! -p KIE_SERVER_PWD=password1! -p IMAGE_STREAM_NAMESPACE=<project_name>
git-ssh
$ oc port-forward myapp-rhpamcentr-1-mqb57 8001:8001 ... <another terminal> $ git clone ssh://adminUser@localhost:8001/MySpace/example-Evaluation_Process
template から作る時
A)
oc new-app -f <template-path> -p AAA=XXX -p BBB=YYY
B)
oc process -f <template-path> -p AAA=XXX -p BBB=YYY > xxx.json oc create -f xxx.json
EAP on OpenShift
DB付きのイメージとか (e.g. eap64-mysql-persistent-s2i)
プロジェクト作ったら、イメージ作成の前にこれらを実行
oc login https://shift.usersys.redhat.com:8443 --token=XXXXXXXXXXXXXXX oc project <project_name> oc create serviceaccount eap-service-account -n <project_name> oc policy add-role-to-user view system:serviceaccount:<project_name>:eap-service-account -n <project_name> keytool -genkey -keyalg RSA -alias selfsigned -keystore keystore.jks -storepass password -validity 360 -keysize 2048 oc secrets new eap-app-secret keystore.jks
EAPのログレベルは oc rsh で入って、jboss-cli.sh で変更する。 oc logs
standalone.xml のカスタマイズ
No longer useful for standalone.xml
https://access.redhat.com/documentation/en-us/openshift_dedicated/3/html/developer_guide/dev-guide-configmaps
WAR の configuration/ に自分の standalone.xml をぶっこむ
https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.1/html-single/red_hat_jboss_enterprise_application_platform_for_openshift/#eap_s2i_process
外部のデータベースにつなぐ
https://docs.openshift.com/container-platform/3.9/dev_guide/integrating_external_services.html
https://docs.openshift.com/container-platform/3.9/dev_guide/expose_service/expose_internal_ip_service.html
トラブルシューティング
dump full
https://access.redhat.com/solutions/3340581
$ oc get dc -o yaml > dc.yaml $ oc get limits -o yaml > limits.yaml
環境構築
oc cluster up
iptables で tcp/8443 と udp/53 開ける
-- Server Information ... OpenShift server started. The server is accessible via web console at: https://10.64.217.99:8443 You are logged in as: User: developer Password: developer To login as administrator: oc login -u system:admin
oc login -u system:admin
が最強。トークンじゃだめ。ていうかこいつは別物
Decision Server on OpenShift
https://access.redhat.com/containers/?tab=overview&platform=openshift#/registry.access.redhat.com/jboss-decisionserver-6/decisionserver64-openshift
https://access.redhat.com/documentation/en/red-hat-xpaas/0/paged/red-hat-xpaas-decision-server-image
ImageStream をダウンロード
oc import-image my-jboss-decisionserver-6/decisionserver64-openshift --from=registry.access.redhat.com/jboss-decisionserver-6/decisionserver64-openshift --confirm
- Add to Project -> Deploy Image
- "Image Stream Tag" から選択、 "create new secret" してビルド
- pod できる
- Applications -> Services -> "Create route"
- name: ds64-01
http://www.ds64-1-8qc9h.com:8080/kie-server/services/rest/server
http://172.30.163.64:8080/kie-server/services/rest/server
DNSがちゃんと動いていない。。。ので route もまだ
Environment 設定しないとこんな感じ
Warning: EnvVar KIE_CONTAINER_DEPLOYMENT is missing. Example: export KIE_CONTAINER_DEPLOYMENT='containerId=groupId:artifactId:version|c2=g2:a2:v2' KIE_CONTAINER_DEPLOYMENT: KIE_CONTAINER_DEPLOYMENT_ORIGINAL: KIE_CONTAINER_DEPLOYMENT_OVERRIDE: KIE_CONTAINER_DEPLOYMENT_COUNT: 0 KIE_CONTAINER_REDIRECT_ENABLED: true KIE_SERVER_BPM_DISABLED: true KIE_SERVER_BPM_UI_DISABLED: true KIE_SERVER_BRM_DISABLED: false KIE_SERVER_BRP_DISABLED: true KIE_SERVER_BYPASS_AUTH_USER: false KIE_SERVER_CONTEXT: kie-server KIE_SERVER_DOMAIN: other KIE_SERVER_FILTER_CLASSES: true KIE_SERVER_HOST: ds64-1-8qc9h KIE_SERVER_ID: kieserver-ds64-1-8qc9h KIE_SERVER_JMS_QUEUES_REQUEST: queue/KIE.SERVER.REQUEST KIE_SERVER_JMS_QUEUES_RESPONSE: queue/KIE.SERVER.RESPONSE KIE_SERVER_LOCATION: http://ds64-1-8qc9h:8080/kie-server/services/rest/server KIE_SERVER_MBEANS_ENABLED: enabled KIE_SERVER_OPTS: -Dkie.maven.settings.custom=/home/jboss/.m2/settings.xml -Dkie.mbeans=enabled -Dkie.scanner.mbeans=enabled -Dkie.server.jms.queues.response=queue/KIE.SERVER.RESPONSE -Dorg.drools.server.ext.disabled=false -Dorg.drools.server.filter.classes=true -Dorg.jbpm.server.ext.disabled=true -Dorg.jbpm.ui.server.ext.disabled=true -Dorg.kie.server.bypass.auth.user=false -Dorg.kie.server.domain=other -Dorg.kie.server.id=kieserver-ds64-1-8qc9h -Dorg.kie.server.location=http://ds64-1-8qc9h:8080/kie-server/services/rest/server -Dorg.kie.server.repo=/opt/eap -Dorg.optaplanner.server.ext.disabled=true KIE_SERVER_PASSWORD: kieserver1! KIE_SERVER_PORT: 8080 KIE_SERVER_PROTOCOL: http KIE_SERVER_REPO: /opt/eap KIE_SERVER_STATE_FILE: /opt/eap/kieserver-ds64-1-8qc9h.xml KIE_SERVER_USER: kieserver M2_HOME: /opt/rh/rh-maven33/root/usr/share/maven Added user 'kieserver' to file '/opt/eap/standalone/configuration/application-users.properties' Added user 'kieserver' to file '/opt/eap/domain/configuration/application-users.properties' Added user 'kieserver' with groups kie-server,guest to file '/opt/eap/standalone/configuration/application-roles.properties' Added user 'kieserver' with groups kie-server,guest to file '/opt/eap/domain/configuration/application-roles.properties' Missing SSO_URL. Unable to properly configure SSO-enabled applications Access log is disabled, ignoring configuration. Running jboss-decisionserver-6/decisionserver64-openshift image, version 1.1 -XX:+UseParallelGC -XX:MinHeapFreeRatio=20 -XX:MaxHeapFreeRatio=40 -XX:GCTimeRatio=4 -XX:AdaptiveSizePolicyWeight=90 -XX:MaxMetaspaceSize=100m -XX:+ExitOnOutOfMemoryError
- ソース更新してから再ビルド
[tkobayas BxMS64examples]$ oc login https://shift.usersys.redhat.com:8443 --token=XXXXXXXXXXXXXXX Logged into "https://shift.usersys.redhat.com:8443" as "tkobayas" using the token provided. You have access to the following projects and can switch between them with 'oc project <projectname>': * tkobayas-ds-project tkobayas-ips-project Using project "tkobayas-ds-project". [tkobayas BxMS64examples]$ oc get build NAME KIND kie-tk1-1 Build.v1.build.openshift.io kie-tk2-1 Build.v1.build.openshift.io [tkobayas BxMS64examples]$ oc start-build kie-tk2 build "kie-tk2-2" started
Cool Store Demo
https://dzone.com/articles/micro-rules-on-openshift
developer でプロジェクトを作っておいて、あとは
oc login -u system:admin
でやる
変更点
decisionserver64-basic-s2i -> decisionserver64-basic-s2i
oc new-app --template=decisionserver64-basic-s2i -p APPLICATION_NAME="coolstore-rules",KIE_SERVER_USER="brmsAdmin",KIE_SERVER_PASSWORD="jbossbrms@01",SOURCE_REPOSITORY_URL="https://github.com/jbossdemocentral/brms-coolstore-repo.git",SOURCE_REPOSITORY_REF=master,KIE_CONTAINER_DEPLOYMENT="CoolStoreRulesContainer=com.redhat:coolstore:2.0.0",CONTEXT_DIR="coolstore"
から
oc new-app --template=decisionserver64-basic-s2i -p APPLICATION_NAME="coolstore-rules" -p KIE_SERVER_USER="brmsAdmin" -p KIE_SERVER_PASSWORD="jbossbrms@01" -p SOURCE_REPOSITORY_URL="https://github.com/jbossdemocentral/brms-coolstore-repo.git" -p SOURCE_REPOSITORY_REF=master -p KIE_CONTAINER_DEPLOYMENT="CoolStoreRulesContainer=com.redhat:coolstore:2.0.0" -p CONTEXT_DIR="coolstore"
pod が起動したら
http://coolstore-rules-my-coolstore.10.64.217.99.xip.io/kie-server/services/rest/server/containers
curl -u brmsAdmin:jbossbrms@01 -X POST -H "Accept: application/xml" -H "Content-Type: application/xml" -H "X-KIE-ContentType: XSTREAM" -d '<batch-execution lookup="coolstore-kie-session"><insert out-identifier="outPromo" return-object="false" entry-point="Promo Stream"><com.redhat.coolstore.PromoEvent><itemId>329299</itemId><percentOff>0.25</percentOff></com.redhat.coolstore.PromoEvent></insert><insert out-identifier="shoppingcart" return-object="true" entry-point="DEFAULT"><com.redhat.coolstore.ShoppingCart><cartItemPromoSavings>0.0</cartItemPromoSavings><cartItemTotal>0.0</cartItemTotal><cartTotal>0.0</cartTotal><shippingPromoSavings>0.0</shippingPromoSavings><shippingTotal>0.0</shippingTotal></com.redhat.coolstore.ShoppingCart></insert><insert><com.redhat.coolstore.ShoppingCartItem><itemId>329299</itemId><name>Red Fedora</name><price>34.99</price><promoSavings>0.0</promoSavings><quantity>1</quantity><shoppingCart reference="../../../insert[2]/com.redhat.coolstore.ShoppingCart"/></com.redhat.coolstore.ShoppingCartItem></insert><start-process processId="com.redhat.coolstore.PriceProcess"/><fire-all-rules/></batch-execution>' http://coolstore-rules-my-coolstore.10.64.217.99.xip.io/kie-server/services/rest/server/containers/instances/CoolStoreRulesContainer