AKAI TSUKI

System development or Technical something

Try to create OpenSSL x509 certificate

Linux

Generate RSA private key

$ openssl genrsa -out server.key 4096
Generating RSA private key, 4096 bit long modulus
.......................................................++
..........++
e is 65537 (0x10001)
$

Generate a certificate signing request (CSR)

$ openssl req -new -key server.key -out server.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:
State or Province Name (full name) []:
Locality Name (eg, city) [Default City]:
Organization Name (eg, company) [Default Company Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:
Email Address []:

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
$

Generate self-signed server certificate (CRT)

$ openssl x509 -in server.csr -days 365000 -req -signkey server.key > server.crt
Signature ok
subject=/C=XX/L=Default City/O=Default Company Ltd/CN=<ip or host>
Getting Private key
$

output

$ ls -1
server.crt
server.csr
server.key
$

setup bridge device on CentOS 7, by use OVS

Linux

add bridge device by ovs-vsctl

[root@kvmtest ~]# ovs-vsctl add-br br0
[root@kvmtest ~]# ovs-vsctl add-port br0 enp0s3

ifcfgenp0s3 interface configuration file

[root@kvmtest ~]# cat /etc/sysconfig/network-scripts/ifcfg-enp0s3
DEVICE=enp0s3
NAME=enp0s3
BOOTPROTO=none
UUID=289182bb-48c3-40e7-b3cd-77423569fc7a
ONBOOT=yes
NM_CONTROLLED=no
DEVICETYPE=ovs
TYPE=OVSPort
OVS_BRIDGE=br0
[root@kvmtest ~]#

ifcfg-br0 interface configuration file

[root@kvmtest ~]# cat /etc/sysconfig/network-scripts/ifcfg-br0
DEVICE=br0
NAME=br0
BOOTPROTO=none
ONBOOT=yes
NM_CONTROLLD=NO
DEVICETYPE=ovs
TYPE=OVSBridge
IPADDR=192.168.0.240
PREFIX=24
GATEWAY=192.168.0.1
DNS1=8.8.8.8
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=no
[root@kvmtest ~]#

reboot

[root@kvmtest ~]# reboot
[root@kvmtest ~]# ovs-vsctl show
bbf32677-0b6c-46f4-8734-e8705c5cbe80
    Bridge "br0"
        Port "br0"
            Interface "br0"
                type: internal
        Port "enp0s3"
            Interface "enp0s3"
    ovs_version: "2.6.1"
[root@kvmtest ~]#
[root@kvmtest ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master ovs-system state UP qlen 1000
    link/ether 08:00:27:32:47:47 brd ff:ff:ff:ff:ff:ff
    inet6 fe80::a00:27ff:fe32:4747/64 scope link
       valid_lft forever preferred_lft forever
3: enp0s8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 08:00:27:15:48:81 brd ff:ff:ff:ff:ff:ff
4: ovs-system: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000
    link/ether ee:bf:5d:00:ba:06 brd ff:ff:ff:ff:ff:ff
5: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN qlen 1000
    link/ether 08:00:27:32:47:47 brd ff:ff:ff:ff:ff:ff
    inet 192.168.0.240/24 brd 192.168.0.255 scope global br0
       valid_lft forever preferred_lft forever
    inet6 fe80::c8ea:adff:fea9:7548/64 scope link
       valid_lft forever preferred_lft forever
[root@kvmtest ~]#

Let's check config.yml for installation using ansible.

OpenShift

when we install OpenShift, we will use config.yml file .

https://docs.openshift.org/latest/install_config/install/advanced_install.html#running-the-advanced-installation

~/openshift-ansible/playbooks/byo/config.yml

open openshift-ansible/playbooks/byo/config.yml

[root@centos01 ~]# cat openshift-ansible/playbooks/byo/config.yml
---
- include: openshift-cluster/config.yml
[root@centos01 ~]#

Next check “openshift-ansible/playbooks/byo/openshift-cluster/config.yml”.

open openshift-ansible/playbooks/byo/openshift-cluster/config.yml

github.com

  tasks:
  - include_vars: ../../byo/openshift-cluster/cluster_hosts.yml
  - add_host:
      name: "{{ item }}"
      groups: l_oo_all_hosts
    with_items: "{{ g_all_hosts | default([]) }}"
    changed_when: no

What is add_host task?

to be continued…

Let's check Advanced Installation of OpenShift origin.

OpenShift

check below page.

https://docs.openshift.org/latest/install_config/install/advanced_install.html#single-master

create hosts file

Host Name Infrastructure Component to Install
centos01 Master and node
centos01 etcd
centos02 Node
centos03 Node 
[root@centos01 ~]# cat hosts
[OSEv3:children]
masters
nodes

[OSEv3:vars]
ansible_ssh_user=root
deployment_type=origin

[masters]
centos01

[etcd]
centos01

[nodes]
centos01 openshift_node_labels="{'region': 'infra',   'zone': 'default'}"
centos02 openshift_node_labels="{'region': 'primary', 'zone': 'east'}"
centos03 openshift_node_labels="{'region': 'primary', 'zone': 'west'}"

[root@centos01 ~]#

install Open vSwitch on CentOS 7

Linux

Add rpm repository

I get rpm from below page to add rdo repository.

f:id:akai_tsuki:20170327001656p:plain

I perform this command

[root@kvmtest ~]# yum localinstall https://repos.fedorapeople.org/repos/openstack/openstack-ocata/rdo-release-ocata-2.noarch.rpm

Install OVS

[root@kvmtest ~]# yum install openvswitch
Loaded plugins: fastestmirror
openstack-ocata                                                             | 2.9 kB  00:00:00
rdo-qemu-ev                                                                 | 2.9 kB  00:00:00
(1/2): rdo-qemu-ev/x86_64/primary_db                                        |  55 kB  00:00:00
(2/2): openstack-ocata/x86_64/primary_db                                    | 620 kB  00:00:02
Loading mirror speeds from cached hostfile
 * base: ftp.riken.jp
 * extras: ftp.riken.jp
 * updates: ftp.riken.jp
Resolving Dependencies
--> Running transaction check
---> Package openvswitch.x86_64 1:2.6.1-4.1.git20161206.el7 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

===================================================================================================
 Package            Arch          Version                             Repository              Size
===================================================================================================
Installing:
 openvswitch        x86_64        1:2.6.1-4.1.git20161206.el7         openstack-ocata        4.9 M

Transaction Summary
===================================================================================================
Install  1 Package

Total download size: 4.9 M
Installed size: 20 M
Is this ok [y/d/N]: y
Downloading packages:
warning: /var/cache/yum/x86_64/7/openstack-ocata/packages/openvswitch-2.6.1-4.1.git20161206.el7.x86_64.rpm: Header V4 RSA/SHA1 Signature, key ID 764429e6: NOKEY
Public key for openvswitch-2.6.1-4.1.git20161206.el7.x86_64.rpm is not installed
openvswitch-2.6.1-4.1.git20161206.el7.x86_64.rpm                            | 4.9 MB  00:00:45
Retrieving key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-Cloud
Importing GPG key 0x764429E6:
 Userid     : "CentOS Cloud SIG (http://wiki.centos.org/SpecialInterestGroup/Cloud) <security@centos.org>"
 Fingerprint: 736a f511 6d9c 40e2 af6b 074b f9b9 fee7 7644 29e6
 Package    : rdo-release-ocata-2.noarch (installed)
 From       : /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-Cloud
Is this ok [y/N]: y
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Installing : 1:openvswitch-2.6.1-4.1.git20161206.el7.x86_64                                  1/1
  Verifying  : 1:openvswitch-2.6.1-4.1.git20161206.el7.x86_64                                  1/1

Installed:
  openvswitch.x86_64 1:2.6.1-4.1.git20161206.el7

Complete!
[root@kvmtest ~]#

Start OVS

[root@kvmtest ~]# systemctl start openvswitch
[root@kvmtest ~]# systemctl status openvswitch
● openvswitch.service - Open vSwitch
   Loaded: loaded (/usr/lib/systemd/system/openvswitch.service; disabled; vendor preset: disabled)
   Active: active (exited) since Mon 2017-03-27 00:29:45 JST; 6s ago
  Process: 21630 ExecStart=/bin/true (code=exited, status=0/SUCCESS)
 Main PID: 21630 (code=exited, status=0/SUCCESS)

Mar 27 00:29:45 kvmtest systemd[1]: Starting Open vSwitch...
Mar 27 00:29:45 kvmtest systemd[1]: Started Open vSwitch.
[root@kvmtest ~]# ovs-vsctl show
bbf32677-0b6c-46f4-8734-e8705c5cbe80
    ovs_version: "2.6.1"
[root@kvmtest ~]#

Upgrade Docker from 1.13.0 to 1.13.1 on CentOS 7

Docker

Command List

$ docker version
$ yum makecache fast
$ sudo yum -y upgrade docker-engine

$ docker version

Detail

upgrade docker

[vagrant@localhost ~]$ docker version
Client:
 Version:      1.13.0
 API version:  1.25
 Go version:   go1.7.3
 Git commit:   49bf474
 Built:        Tue Jan 17 09:55:28 2017
 OS/Arch:      linux/amd64

Server:
 Version:      1.13.0
 API version:  1.25 (minimum version 1.12)
 Go version:   go1.7.3
 Git commit:   49bf474
 Built:        Tue Jan 17 09:55:28 2017
 OS/Arch:      linux/amd64
 Experimental: false
[vagrant@localhost ~]$ yum makecache fast
Loaded plugins: fastestmirror
Repodata is over 2 weeks old. Install yum-cron? Or run: yum makecache fast
base                                                                        | 3.6 kB  00:00:00
docker-main                                                                 | 2.9 kB  00:00:00
epel/x86_64/metalink                                                        | 5.5 kB  00:00:00
epel                                                                        | 4.3 kB  00:00:00
extras                                                                      | 3.4 kB  00:00:00
puppetlabs-pc1                                                              | 2.5 kB  00:00:00
updates                                                                     | 3.4 kB  00:00:00
(1/5): epel/x86_64/updateinfo                                               | 738 kB  00:00:00
(2/5): docker-main/primary_db                                               |  29 kB  00:00:00
(3/5): updates/7/x86_64/primary_db                                          | 2.2 MB  00:00:00
(4/5): epel/x86_64/primary_db                                               | 4.5 MB  00:00:01
(5/5): puppetlabs-pc1/x86_64/primary_db                                     | 101 kB  00:00:01
Determining fastest mirrors
 * base: ftp.iij.ad.jp
 * epel: ftp.riken.jp
 * extras: ftp.iij.ad.jp
 * updates: ftp.iij.ad.jp
Metadata Cache Created
[vagrant@localhost ~]$ sudo yum -y upgrade docker-engine
Loaded plugins: fastestmirror
Repodata is over 2 weeks old. Install yum-cron? Or run: yum makecache fast
base                                                                        | 3.6 kB  00:00:00
docker-main                                                                 | 2.9 kB  00:00:00
epel/x86_64/metalink                                                        | 5.5 kB  00:00:00
epel                                                                        | 4.3 kB  00:00:00
extras                                                                      | 3.4 kB  00:00:00
puppetlabs-pc1                                                              | 2.5 kB  00:00:00
updates                                                                     | 3.4 kB  00:00:00
(1/5): epel/x86_64/updateinfo                                               | 738 kB  00:00:00
(2/5): docker-main/primary_db                                               |  29 kB  00:00:00
(3/5): updates/7/x86_64/primary_db                                          | 2.2 MB  00:00:00
(4/5): epel/x86_64/primary_db                                               | 4.5 MB  00:00:01
(5/5): puppetlabs-pc1/x86_64/primary_db                                     | 101 kB  00:00:05
Determining fastest mirrors
 * base: www.ftp.ne.jp
 * epel: ftp.riken.jp
 * extras: www.ftp.ne.jp
 * updates: www.ftp.ne.jp
Resolving Dependencies
--> Running transaction check
---> Package docker-engine.x86_64 0:1.13.0-1.el7.centos will be updated
---> Package docker-engine.x86_64 0:1.13.1-1.el7.centos will be an update
--> Processing Dependency: docker-engine-selinux >= 1.13.1-1.el7.centos for package: docker-engine-1.13.1-1.el7.centos.x86_64
--> Running transaction check
---> Package docker-engine-selinux.noarch 0:1.13.0-1.el7.centos will be updated
---> Package docker-engine-selinux.noarch 0:1.13.1-1.el7.centos will be an update
--> Finished Dependency Resolution

Dependencies Resolved

===================================================================================================
 Package                      Arch          Version                       Repository          Size
===================================================================================================
Updating:
 docker-engine                x86_64        1.13.1-1.el7.centos           docker-main         19 M
Updating for dependencies:
 docker-engine-selinux        noarch        1.13.1-1.el7.centos           docker-main         28 k

Transaction Summary
===================================================================================================
Upgrade  1 Package (+1 Dependent package)

Total download size: 19 M
Downloading packages:
Delta RPMs disabled because /usr/bin/applydeltarpm not installed.
(1/2): docker-engine-selinux-1.13.1-1.el7.centos.noarch.rpm                 |  28 kB  00:00:03
(2/2): docker-engine-1.13.1-1.el7.centos.x86_64.rpm                         |  19 MB  00:00:18
---------------------------------------------------------------------------------------------------
Total                                                              1.0 MB/s |  19 MB  00:00:18
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Updating   : docker-engine-selinux-1.13.1-1.el7.centos.noarch                                1/4
  Updating   : docker-engine-1.13.1-1.el7.centos.x86_64                                        2/4
  Cleanup    : docker-engine-1.13.0-1.el7.centos.x86_64                                        3/4
  Cleanup    : docker-engine-selinux-1.13.0-1.el7.centos.noarch                                4/4
  Verifying  : docker-engine-selinux-1.13.1-1.el7.centos.noarch                                1/4
  Verifying  : docker-engine-1.13.1-1.el7.centos.x86_64                                        2/4
  Verifying  : docker-engine-selinux-1.13.0-1.el7.centos.noarch                                3/4
  Verifying  : docker-engine-1.13.0-1.el7.centos.x86_64                                        4/4

Updated:
  docker-engine.x86_64 0:1.13.1-1.el7.centos

Dependency Updated:
  docker-engine-selinux.noarch 0:1.13.1-1.el7.centos

Complete!
[vagrant@localhost ~]$

after that, confirm version.

[vagrant@localhost ~]$ docker version
Client:
 Version:      1.13.1
 API version:  1.26
 Go version:   go1.7.5
 Git commit:   092cba3
 Built:        Wed Feb  8 06:38:28 2017
 OS/Arch:      linux/amd64

Server:
 Version:      1.13.1
 API version:  1.26 (minimum version 1.12)
 Go version:   go1.7.5
 Git commit:   092cba3
 Built:        Wed Feb  8 06:38:28 2017
 OS/Arch:      linux/amd64
 Experimental: false
[vagrant@localhost ~]$