OpenShift備忘録

コマンド

  # Copy /tmp/foo local file to /tmp/bar in a remote pod in namespace <some-namespace>
  oc cp /tmp/foo <some-namespace>/<some-pod>:/tmp/bar
  
  # Copy /tmp/foo from a remote pod to /tmp/bar locally
  oc cp <some-namespace>/<some-pod>:/tmp/foo /tmp/bar

deploymentとかがおかしいとき

oc get event

template.json から作る

oc new-app my_template.json -p APPLICATION_NAME=aaaa

どのユーザが cluster-admin を持っているか確認する

oc get clusterrolebinding | head -n1 ;oc get clusterrolebinding | grep cluster-admin

ログをがっちゃんこして表示

$ stern myapp
https://github.com/wercker/stern/releases

PV

create したら、storageClassName: slow 削る (でもslowだからtimeoutするか)

GUI

  • podを止める

- Deploymentの最新から、丸いやつの下矢印 scale down

RHDM/RHPAM on OpenShift (QuickLab)

1979710_tkobayas-secret.yaml, rhpam73-image-streams.yaml, keystore.jks (password), storage_config.yaml が手元にあるとして

oc create new-project <project_name>

oc create -f 1979710_tkobayas-secret.yaml
oc secrets link default 1979710-tkobayas-pull-secret --for=pull
oc secrets link builder 1979710-tkobayas-pull-secret --for=pull
oc create -f rhpam73-image-streams.yaml

oc create secret generic kieserver-app-secret --from-file=keystore.jks
oc create secret generic businesscentral-app-secret --from-file=keystore.jks

oc delete storageclass glusterfs-storage
oc create -f storage_config.yaml

oc new-app -f rhpam73-authoring.yaml -p BUSINESS_CENTRAL_HTTPS_SECRET=businesscentral-app-secret -p KIE_SERVER_HTTPS_SECRET=kieserver-app-secret -p BUSINESS_CENTRAL_HTTPS_PASSWORD=password -p KIE_SERVER_HTTPS_PASSWORD=password -p KIE_ADMIN_PWD=password1! -p KIE_SERVER_CONTROLLER_PWD=password1! -p KIE_SERVER_PWD=password1! -p IMAGE_STREAM_NAMESPACE=<project_name>


git-ssh

$ oc port-forward myapp-rhpamcentr-1-mqb57 8001:8001
...

<another terminal>
$ git clone ssh://adminUser@localhost:8001/MySpace/example-Evaluation_Process

template から作る時

A)

oc new-app -f <template-path> -p AAA=XXX -p BBB=YYY

B)

oc process -f <template-path> -p AAA=XXX -p BBB=YYY > xxx.json
oc create -f xxx.json

build の様子を watch

watch "oc get builds; oc get pods"
oc logs <build pod> -f

EAP on OpenShift

DB付きのイメージとか (e.g. eap64-mysql-persistent-s2i)

プロジェクト作ったら、イメージ作成の前にこれらを実行

oc login https://shift.usersys.redhat.com:8443 --token=XXXXXXXXXXXXXXX
oc project <project_name>
oc create serviceaccount eap-service-account -n <project_name>
oc policy add-role-to-user view system:serviceaccount:<project_name>:eap-service-account -n <project_name>
keytool -genkey -keyalg RSA -alias selfsigned -keystore keystore.jks -storepass password -validity 360 -keysize 2048
oc secrets new eap-app-secret keystore.jks

EAPのログレベルは oc rsh で入って、jboss-cli.sh で変更する。 oc logs で確認

s2i

https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.1/html-single/red_hat_jboss_enterprise_application_platform_for_openshift/#eap_s2i_process

システムプロパティ設定

JAVA_OPTS_APPEND を使う

standalone.xml のカスタマイズ

No longer useful for standalone.xml
https://access.redhat.com/documentation/en-us/openshift_dedicated/3/html/developer_guide/dev-guide-configmaps

WAR の configuration/ に自分の standalone.xml をぶっこむ
https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.1/html-single/red_hat_jboss_enterprise_application_platform_for_openshift/#eap_s2i_process

外部のデータベースにつなぐ

https://docs.openshift.com/container-platform/3.9/dev_guide/integrating_external_services.html
https://docs.openshift.com/container-platform/3.9/dev_guide/expose_service/expose_internal_ip_service.html

トラブルシューティング

dump full
https://access.redhat.com/solutions/3340581

$ oc get dc -o yaml > dc.yaml
$ oc get limits -o yaml > limits.yaml

環境構築

oc cluster up

iptablestcp/8443 と udp/53 開ける

-- Server Information ... 
   OpenShift server started.
   The server is accessible via web console at:
       https://10.64.217.99:8443

   You are logged in as:
       User:     developer
       Password: developer

   To login as administrator:
       oc login -u system:admin


oc login -u system:admin
が最強。トークンじゃだめ。ていうかこいつは別物

Decision Server on OpenShift

https://access.redhat.com/containers/?tab=overview&platform=openshift#/registry.access.redhat.com/jboss-decisionserver-6/decisionserver64-openshift
https://access.redhat.com/documentation/en/red-hat-xpaas/0/paged/red-hat-xpaas-decision-server-image


ImageStream をダウンロード

oc import-image my-jboss-decisionserver-6/decisionserver64-openshift --from=registry.access.redhat.com/jboss-decisionserver-6/decisionserver64-openshift --confirm

  • Add to Project -> Deploy Image
    • "Image Stream Tag" から選択、 "create new secret" してビルド
  • pod できる
  • Applications -> Services -> "Create route"
    • name: ds64-01

http://www.ds64-1-8qc9h.com:8080/kie-server/services/rest/server
http://172.30.163.64:8080/kie-server/services/rest/server

DNSがちゃんと動いていない。。。ので route もまだ

Environment 設定しないとこんな感じ

Warning: EnvVar KIE_CONTAINER_DEPLOYMENT is missing.
Example: export KIE_CONTAINER_DEPLOYMENT='containerId=groupId:artifactId:version|c2=g2:a2:v2'
KIE_CONTAINER_DEPLOYMENT: 
KIE_CONTAINER_DEPLOYMENT_ORIGINAL: 
KIE_CONTAINER_DEPLOYMENT_OVERRIDE: 
KIE_CONTAINER_DEPLOYMENT_COUNT: 0
KIE_CONTAINER_REDIRECT_ENABLED: true
KIE_SERVER_BPM_DISABLED: true
KIE_SERVER_BPM_UI_DISABLED: true
KIE_SERVER_BRM_DISABLED: false
KIE_SERVER_BRP_DISABLED: true
KIE_SERVER_BYPASS_AUTH_USER: false
KIE_SERVER_CONTEXT: kie-server
KIE_SERVER_DOMAIN: other
KIE_SERVER_FILTER_CLASSES: true
KIE_SERVER_HOST: ds64-1-8qc9h
KIE_SERVER_ID: kieserver-ds64-1-8qc9h
KIE_SERVER_JMS_QUEUES_REQUEST: queue/KIE.SERVER.REQUEST
KIE_SERVER_JMS_QUEUES_RESPONSE: queue/KIE.SERVER.RESPONSE
KIE_SERVER_LOCATION: http://ds64-1-8qc9h:8080/kie-server/services/rest/server
KIE_SERVER_MBEANS_ENABLED: enabled
KIE_SERVER_OPTS: -Dkie.maven.settings.custom=/home/jboss/.m2/settings.xml -Dkie.mbeans=enabled -Dkie.scanner.mbeans=enabled -Dkie.server.jms.queues.response=queue/KIE.SERVER.RESPONSE -Dorg.drools.server.ext.disabled=false -Dorg.drools.server.filter.classes=true -Dorg.jbpm.server.ext.disabled=true -Dorg.jbpm.ui.server.ext.disabled=true -Dorg.kie.server.bypass.auth.user=false -Dorg.kie.server.domain=other -Dorg.kie.server.id=kieserver-ds64-1-8qc9h -Dorg.kie.server.location=http://ds64-1-8qc9h:8080/kie-server/services/rest/server -Dorg.kie.server.repo=/opt/eap -Dorg.optaplanner.server.ext.disabled=true
KIE_SERVER_PASSWORD: kieserver1!
KIE_SERVER_PORT: 8080
KIE_SERVER_PROTOCOL: http
KIE_SERVER_REPO: /opt/eap
KIE_SERVER_STATE_FILE: /opt/eap/kieserver-ds64-1-8qc9h.xml
KIE_SERVER_USER: kieserver
M2_HOME: /opt/rh/rh-maven33/root/usr/share/maven
Added user 'kieserver' to file '/opt/eap/standalone/configuration/application-users.properties'
Added user 'kieserver' to file '/opt/eap/domain/configuration/application-users.properties'
Added user 'kieserver' with groups kie-server,guest to file '/opt/eap/standalone/configuration/application-roles.properties'
Added user 'kieserver' with groups kie-server,guest to file '/opt/eap/domain/configuration/application-roles.properties'
Missing SSO_URL. Unable to properly configure SSO-enabled applications
Access log is disabled, ignoring configuration.
Running jboss-decisionserver-6/decisionserver64-openshift image, version 1.1
-XX:+UseParallelGC -XX:MinHeapFreeRatio=20 -XX:MaxHeapFreeRatio=40 -XX:GCTimeRatio=4 -XX:AdaptiveSizePolicyWeight=90 -XX:MaxMetaspaceSize=100m -XX:+ExitOnOutOfMemoryError

パラメータの説明はここ
https://access.redhat.com/documentation/en/red-hat-xpaas/0/paged/red-hat-xpaas-decision-server-image/chapter-5-reference

  • ソース更新してから再ビルド
[tkobayas BxMS64examples]$ oc login https://shift.usersys.redhat.com:8443 --token=XXXXXXXXXXXXXXX
Logged into "https://shift.usersys.redhat.com:8443" as "tkobayas" using the token provided.

You have access to the following projects and can switch between them with 'oc project <projectname>':

  * tkobayas-ds-project
    tkobayas-ips-project

Using project "tkobayas-ds-project".
[tkobayas BxMS64examples]$ oc get build
NAME        KIND
kie-tk1-1   Build.v1.build.openshift.io
kie-tk2-1   Build.v1.build.openshift.io
[tkobayas BxMS64examples]$ oc start-build kie-tk2
build "kie-tk2-2" started

Cool Store Demo

https://dzone.com/articles/micro-rules-on-openshift

developer でプロジェクトを作っておいて、あとは

oc login -u system:admin

でやる

変更点
decisionserver64-basic-s2i -> decisionserver64-basic-s2i

oc new-app --template=decisionserver64-basic-s2i -p APPLICATION_NAME="coolstore-rules",KIE_SERVER_USER="brmsAdmin",KIE_SERVER_PASSWORD="jbossbrms@01",SOURCE_REPOSITORY_URL="https://github.com/jbossdemocentral/brms-coolstore-repo.git",SOURCE_REPOSITORY_REF=master,KIE_CONTAINER_DEPLOYMENT="CoolStoreRulesContainer=com.redhat:coolstore:2.0.0",CONTEXT_DIR="coolstore"

から

oc new-app --template=decisionserver64-basic-s2i -p APPLICATION_NAME="coolstore-rules" -p KIE_SERVER_USER="brmsAdmin" -p KIE_SERVER_PASSWORD="jbossbrms@01" -p SOURCE_REPOSITORY_URL="https://github.com/jbossdemocentral/brms-coolstore-repo.git" -p SOURCE_REPOSITORY_REF=master -p KIE_CONTAINER_DEPLOYMENT="CoolStoreRulesContainer=com.redhat:coolstore:2.0.0" -p CONTEXT_DIR="coolstore"

pod が起動したら

http://coolstore-rules-my-coolstore.10.64.217.99.xip.io/kie-server/services/rest/server/containers

curl -u brmsAdmin:jbossbrms@01 -X POST -H "Accept: application/xml" -H "Content-Type: application/xml" -H "X-KIE-ContentType: XSTREAM" -d '<batch-execution lookup="coolstore-kie-session"><insert out-identifier="outPromo" return-object="false" entry-point="Promo Stream"><com.redhat.coolstore.PromoEvent><itemId>329299</itemId><percentOff>0.25</percentOff></com.redhat.coolstore.PromoEvent></insert><insert out-identifier="shoppingcart" return-object="true" entry-point="DEFAULT"><com.redhat.coolstore.ShoppingCart><cartItemPromoSavings>0.0</cartItemPromoSavings><cartItemTotal>0.0</cartItemTotal><cartTotal>0.0</cartTotal><shippingPromoSavings>0.0</shippingPromoSavings><shippingTotal>0.0</shippingTotal></com.redhat.coolstore.ShoppingCart></insert><insert><com.redhat.coolstore.ShoppingCartItem><itemId>329299</itemId><name>Red Fedora</name><price>34.99</price><promoSavings>0.0</promoSavings><quantity>1</quantity><shoppingCart reference="../../../insert[2]/com.redhat.coolstore.ShoppingCart"/></com.redhat.coolstore.ShoppingCartItem></insert><start-process processId="com.redhat.coolstore.PriceProcess"/><fire-all-rules/></batch-execution>' http://coolstore-rules-my-coolstore.10.64.217.99.xip.io/kie-server/services/rest/server/containers/instances/CoolStoreRulesContainer

RHPAM on OpenShift

You can find rhpam70-image-streams.yaml and templates inside rhpam-7.0.0-openshift-templates.zip

rhpam70-image-streams.yaml

items:
- kind: ImageStream
  apiVersion: v1
  metadata:
    name: rhpam70-businesscentral-openshift
    annotations:
      openshift.io/display-name: Red Hat Process Automation Manager Business Central 7.0
      openshift.io/provider-display-name: Red Hat, Inc.
  spec:
    tags:
    - name: '1.0'
      annotations:
        description: Red Hat Process Automation Manager 7.0 - Business Central image.
        iconClass: icon-jboss
        tags: rhpam,xpaas
        supports: rhpam:7.0,xpaas:1.4
        version: '1.0'
      from:
        kind: DockerImage
        name: registry.access.redhat.com/rhpam-7/rhpam70-businesscentral-openshift:1.0

...

- kind: ImageStream
  apiVersion: v1
  metadata:
    name: rhpam70-kieserver-openshift
    annotations:
      openshift.io/display-name: Red Hat Process Automation Manager KIE Server 7.0
      openshift.io/provider-display-name: Red Hat, Inc.
  spec:
    tags:
    - name: '1.0'
      annotations:
        description: Red Hat Process Automation Manager 7.0 - KIE Server image.
        iconClass: icon-jboss
        tags: rhpam,xpaas
        supports: rhpam:7.0,xpaas:1.4
        version: '1.0'
      from:
        kind: DockerImage
        name: registry.access.redhat.com/rhpam-7/rhpam70-kieserver-openshift:1.0

$ docker pull registry.access.redhat.com/rhpam-7/rhpam70-kieserver-openshift:1.2-3

$ docker images

$ docker inspect

$ docker run -it --rm /bin/bash

$ cd /opt/eap/bin

Check scripts which modify standalone.xml : For example, DATASOURCES will be done by openshift-launch.sh -> bpmsuite-executionserver.sh -> datasource-common.sh