AKAI TSUKI

System development or Technical something

login web console (OpenShift)

ref. Install OpenShift - AKAI TSUKI

install httpd-tools

ref. Configuring Authentication and User Agent | Installation and Configuration | OpenShift Origin Latest
at master node.

# yum install -y httpd-tools
*snip*
Installed:
  httpd-tools.x86_64 0:2.4.6-45.el7.centos.4

Dependency Installed:
  apr.x86_64 0:1.4.8-3.el7                       apr-util.x86_64 0:1.5.2-6.el7

Complete!
#

create user with password by htpasswd

at master node.

# htpasswd -c /etc/origin/master/htpasswd user01
New password:
Re-type new password:
Adding password for user user01
#

setting (HTPasswdPasswordIdentityProvider)

at master node.

# grep -A8 identityProviders /etc/origin/master/master-config.yaml
  identityProviders:
  - challenge: true
    login: true
    mappingMethod: claim
    name: htpasswd_auth
    provider:
      apiVersion: v1
      file: /etc/origin/master/htpasswd
      kind: HTPasswdPasswordIdentityProvider
#

access web console

from my client to https://opshift01:8443/ as below
f:id:akai_tsuki:20170813034025p:plain

After I created project in web console

f:id:akai_tsuki:20170813205345p:plain

use user01

login

# oc login -u user01
Authentication required for https://opshift01:8443 (openshift)
Username: user01
Password:
Login successful.

You have one project on this server: "testpj01"

Using project "testpj01".
# 

I can not get node infomation by user01.

# oc get node
Error from server (Forbidden): User "user01" cannot list all nodes in the cluster
#

logout

# oc logout
Logged "user01" out on "https://opshift01:8443"
#

Install OpenShift

ref. Try to prepare host for installation of OpenShift. - AKAI TSUKI

hosts file

at all node.

# cat /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
172.16.10.111 opshift01 opshift01.example.com
172.16.10.112 opshift02 opshift02.example.com
172.16.10.113 opshift03 opshift03.example.com
#

inventory file

at master node.

# cat inventory_file/hosts
[OSEv3:children]
masters
nodes

[OSEv3:vars]
ansible_ssh_user=root
openshift_deployment_type=origin

openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', 'challenge': 'true', 'kind': 'HTPasswdPasswordIdentityProvider', 'filename': '/etc/origin/master/htpasswd'}]

openshift_disable_check=memory_availability

openshift_master_default_subdomain=apps.example.com

[masters]
opshift01.example.com

[nodes]
opshift01.example.com openshift_node_labels="{'region': 'infra', 'zone': 'default'}" openshift_schedulable=true
opshift02.example.com openshift_node_labels="{'region': 'primary', 'zone': 'west'}"
opshift03.example.com openshift_node_labels="{'region': 'primary', 'zone': 'east'}"

#

run ansible-playbook

# ansible-playbook -i inventory_file/hosts \
> ~/openshift-ansible/playbooks/byo/config.yml

*snip*

PLAY RECAP *****************************************************************************************
localhost                  : ok=9    changed=0    unreachable=0    failed=0
opshift01.example.com      : ok=561  changed=136  unreachable=0    failed=0
opshift02.example.com      : ok=232  changed=63   unreachable=0    failed=0
opshift03.example.com      : ok=232  changed=63   unreachable=0    failed=0

#

after install

# oc login -u system:admin
Logged into "https://opshift01:8443" as "system:admin" using existing credentials.

You have access to the following projects and can switch between them with 'oc project <projectname>':

  * default
    kube-public
    kube-system
    logging
    management-infra
    openshift
    openshift-infra

Using project "default".
#

# oc get node
NAME        STATUS    AGE       VERSION
opshift01   Ready     12m       v1.6.1+5115d708d7
opshift02   Ready     12m       v1.6.1+5115d708d7
opshift03   Ready     12m       v1.6.1+5115d708d7
#

# oc get pods -o wide
NAME                       READY     STATUS    RESTARTS   AGE       IP              NODE
docker-registry-1-g8b13    1/1       Running   0          13m       10.128.0.4      opshift01
registry-console-1-dznp7   1/1       Running   0          10m       10.128.0.5      opshift01
router-1-jqj4n             1/1       Running   0          14m       172.16.10.111   opshift01
# 

# oc get svc -o wide
NAME               CLUSTER-IP       EXTERNAL-IP   PORT(S)                   AGE       SELECTOR
docker-registry    172.30.255.65    <none>        5000/TCP                  14m       docker-registry=default
kubernetes         172.30.0.1       <none>        443/TCP,53/UDP,53/TCP     27m       <none>
registry-console   172.30.181.217   <none>        9000/TCP                  12m       name=registry-console
router             172.30.122.197   <none>        80/TCP,443/TCP,1936/TCP   16m       router=router
#

# oc get routes
NAME               HOST/PORT                                   PATH      SERVICES           PORT      TERMINATION   WILDCARD
docker-registry    docker-registry-default.apps.example.com              docker-registry    <all>     passthrough   None
registry-console   registry-console-default.apps.example.com             registry-console   <all>     passthrough   None
#

check config file.

# grep -C1 subdomain /etc/origin/master/master-config.yaml
routingConfig:
  subdomain:  "apps.example.com"
serviceAccountConfig:
#

# grep -A8 identityProviders /etc/origin/master/master-config.yaml
  identityProviders:
  - challenge: true
    login: true
    mappingMethod: claim
    name: htpasswd_auth
    provider:
      apiVersion: v1
      file: /etc/origin/master/htpasswd
      kind: HTPasswdPasswordIdentityProvider
#

Try to prepare host for installation of OpenShift.

ref:
https://docs.openshift.org/latest/install_config/install/host_preparation.html

Host list

Host Role
opshift01 master/node(infra)
opshift02 node(west)
opshift03 node(east)

Stop firewalld

at all node

[root@opshift01 ~]# systemctl stop firewalld
[root@opshift01 ~]# systemctl disable firewalld
Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
Removed symlink /etc/systemd/system/basic.target.wants/firewalld.service.
[root@opshift01 ~]#

Install the following base packages:

at all node

# yum install wget git net-tools bind-utils iptables-services \
bridge-utils bash-completion kexec-tools sos psacct

Install Ansible

install at master node.

# yum -y install \
    https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
# sed -i -e "s/^enabled=1/enabled=0/" /etc/yum.repos.d/epel.repo
# yum -y --enablerepo=epel install ansible pyOpenSSL

try to confirm version

# ansible --version
ansible 2.3.1.0
  config file = /etc/ansible/ansible.cfg
  configured module search path = Default w/o overrides
  python version = 2.7.5 (default, Nov  6 2016, 00:28:07) [GCC 4.8.5 20150623 (Red Hat 4.8.5-11)]
#

Get openshift-ansible

at master node.

# cd ~
# git clone https://github.com/openshift/openshift-ansible
Cloning into 'openshift-ansible'...
remote: Counting objects: 61775, done.
remote: Compressing objects: 100% (16/16), done.
remote: Total 61775 (delta 6), reused 15 (delta 4), pack-reused 61754
Receiving objects: 100% (61775/61775), 16.03 MiB | 1.66 MiB/s, done.
Resolving deltas: 100% (37890/37890), done.
# cd openshift-ansible

Install docker

at all node.

# yum install docker

check version

# docker -v
Docker version 1.12.6, build 88a4867/1.12.6
# 

configure /etc/sysconfig/docker file.

# cp -p /etc/sysconfig/docker{,.org}
# vi /etc/sysconfig/docker
# diff /etc/sysconfig/docker{,.org}
4c4
< OPTIONS='--selinux-enabled --insecure-registry 172.30.0.0/16 --log-driver=journald --signature-verification=false'
---
> OPTIONS='--selinux-enabled --log-driver=journald --signature-verification=false'
#

check physical volume and volume group for docker.
and ref. Create Physical volume in Linux CentOS - AKAI TSUKI

# pvs
  PV         VG          Fmt  Attr PSize  PFree
  /dev/sda2  cl          lvm2 a--  37.00g     0
  /dev/sda3  cl          lvm2 a--  15.00g     0
  /dev/sda4  docker-data lvm2 a--  27.00g 27.00g
# vgs
  VG          #PV #LV #SN Attr   VSize  VFree
  cl            2   2   0 wz--n- 51.99g     0
  docker-data   1   0   0 wz--n- 27.00g 27.00g
#

setting up docker storage

# cat <<EOF > /etc/sysconfig/docker-storage-setup
> VG=docker-data
> EOF
#

check this file.

# cat /etc/sysconfig/docker-storage-setup
VG=docker-data
#

run script

# docker-storage-setup
  Using default stripesize 64.00 KiB.
  Rounding up size to full physical extent 28.00 MiB
  Logical volume "docker-pool" created.
  Logical volume docker-data/docker-pool changed.
#

and check

# cat /etc/sysconfig/docker-storage
DOCKER_STORAGE_OPTIONS="--storage-driver devicemapper --storage-opt dm.fs=xfs --storage-opt dm.thinpooldev=/dev/mapper/docker--data-docker--pool --storage-opt dm.use_deferred_removal=true "
# lvs
  LV          VG          Attr       LSize  Pool Origin Data%  Meta%  Move Log Cpy%Sync Convert
  root        cl          -wi-ao---- 49.99g
  swap        cl          -wi-ao----  2.00g
  docker-pool docker-data twi-a-t--- 10.74g             0.00   0.14
#

start docker

# systemctl is-active docker
unknown
# systemctl enable docker
Created symlink from /etc/systemd/system/multi-user.target.wants/docker.service to /usr/lib/systemd/system/docker.service.
# systemctl start docker
#

Install docker-compose 1.14.0 on CentOS 7.3

install

$ sudo curl -L https://github.com/docker/compose/releases/download/1.14.0/docker-compose-`uname -s`-`uname -m` > ./docker-compose
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   617    0   617    0     0   2666      0 --:--:-- --:--:-- --:--:--  2670
100 8084k  100 8084k    0     0  3789k      0  0:00:02  0:00:02 --:--:-- 6580k
$ sudo mv ./docker-compose /usr/local/bin/docker-compose
$ sudo chmod +x /usr/local/bin/docker-compose
$ ls -l /usr/local/bin/docker-compose
-rwxrwxr-x 1 suzu suzu 8278112 Jul  8 05:35 /usr/local/bin/docker-compose
$

$ docker-compose -v
docker-compose version 1.14.0, build c7bdf9e
$

Install Node.ja 6.11 on CentOS 7

install Node.js

# curl -sL https://rpm.nodesource.com/setup_6.x | bash -
*snip*

# yum install -y nodejs
*snip*
Installed:
  nodejs.x86_64 2:6.11.0-1nodesource.el7.centos

Complete!
# 

check Node.js Version

# node -v
v6.11.0
# npm -v
3.10.10
#

Use Google Chrome v59 Headless mode on CentOS 7.

Create a file chrome.repo

# vi /etc/yum.repos.d/chrome.repo
# cat /etc/yum.repos.d/chrome.repo
[google-chrome]
name=google-chrome
baseurl=http://dl.google.com/linux/chrome/rpm/stable/$basearch
enabled=1
gpgcheck=1
gpgkey=https://dl-ssl.google.com/linux/linux_signing_key.pub
#

Install google chrome

# yum info google-chrome-stable
*snip*
Available Packages
Name        : google-chrome-stable
Arch        : x86_64
Version     : 59.0.3071.104
Release     : 1
Size        : 58 M
Repo        : google-chrome/x86_64
Summary     : Google Chrome
*snip*
# yum install -y google-chrome-stable

Install mesa-libOSMesa and fonts

# yum install -y mesa-libOSMesa mesa-libOSMesa-devel gnu-free-sans-fonts
# yum install -y ipa-gothic-fonts ipa-pgothic-fonts
# find / -name "libOSMesa*" -type f
/usr/lib64/libOSMesa.so.8.0.0
# ln -s /usr/lib64/libOSMesa.so.8.0.0 /opt/google/chrome/libosmesa.so

use headless mode

# google-chrome --headless --print-to-pdf http://akai-tsuki.hatenablog.com/
# ls -1 output.pdf
output.pdf
#
# google-chrome --headless --screenshot --window-size=1024,2000 --hide-scrollbars http://akai-tsuki.hatenablog.com/
# ls -1 screenshot.png
screenshot.png
#