Changing the SSL Certificate for OpenShift Console

OpenShift has an internal CA for generating certificates to authenticate intra-cluster communication, but your browser doesn’t trust this CA. Perhaps you want to fix that without mucking with the internal SSL communication? I did. Here is how.

This OpenShift doc explains how to do this, but it isn’t very clear, to me at least.

Overview

An outline of the steps:

• Only make changes to the public URLs and not any internal URLs.
• Create a namedCertificates section in both /servingInfo and /assetConfig/servingInfo sections of /etc/origin/master/master-config.yaml.
• In those repeated sections:
  • identify a certificate and key
  • identify the hostname(s) to match with that cert/key pair

Your installation may include the following hosts:

Continue reading

OpenShift High Availability - Routing

Highly availabile containers in OpenShift are baked into the cake thanks to replication controllers and service load balancing, but there are plenty of other single points of failure. Here is how to eliminate many of those.

Single Points of Failure

The components of OpenShift include:

• Master controller manager server and API endpoint
• Etcd configuration and state storage
• Docker Registry
• Router haproxy

This post is mostly about adding high availability to the routing layer.

Continue reading

Ansible Playbook to Prepare for OpenShift Enterprise 3.1

This playbook is written for RHEL 7.2 and OSE v3.1. It will perform the following steps which should take place before running the openshift-ansible byo playbook.

• Install prerequisite RPMs like docker, python, etc.
• Persist the systemd journal for easier debugging
• Setup docker ephemeral storage on 2nd disk
• Turn off swap
• Enable use of NFS in selinux

Prerequisites

See my Testing OpenShift Enterprise V3 post for the prereqs.

The Playbook

The lastest version is available here.

Continue reading

Ansible CMDB Inventory and Facts Reporting

You just deployed a complex multi-host app using Ansible. Wouldn’t it be helpful to see a overview of the deployment including hardware details?

I just found ansible-cmdb which combines info from the Ansible inventory and discovered facts to create a detailed HTML report akin to a Configuration Management Database.

To use it in your playbook dir, just create a directory to hold facts discovered by the setup module then generate the report.

Continue reading

Notes on SNMP MIBs OIDs and Grey Whiskers

With as many grey whiskers as I have, you would think I could grok SNMP in my sleep by now. Unfortunately, everytime I have to deal with it I get frustrated, wonder where the hell my notes from last time are, and start cursing. From now on, here are my notes!

I’m typically using Zabbix to poll SNMP OIDs and place the MIBs on the Zabbix server or the Zabbix proxy responsible for SNMP in /usr/share/snmp/mibs.

Continue reading

Testing OpenShift Enterprise V3

So much for testing OpenShift Origin with Vagrant on OS X, because it does not work yet. Let’s evaluate OpenShift Enterprise v3 on RHEL! First go get yourself an eval license. The OpenShift VMs will run RHEL7.1 and ride on top of RHEV.

Documentation

First off, here are some starting points to get oriented and acquainted with OpenShift.

Docs

• Getting Started
• Docs
• Overview
• Training
• Download
• Prerequisites
• OpenShift Enterprise 3 Architecture Guide - planning, deployment and operation of an Open Source Platform as a Service
• Load Balancing

Videos

Continue reading

Testing Openshift Origin V3 with Ansible and Vagrant on OS X

The OpenShift Origin project provides Ansible playbooks and roles for installing OpenShift on various infratructure. I’m going to try out the example using Vagrant and VirtualBox on my Mac. I’m not very familiar with Vagrant or OpenShift v3 yet, so I’m just going to think out loud and see how it goes. I’ve also recently started testing OpenShift Enterprise.

Some Background

OpenShift Origin is an opensource PaaS (platform as a service). It is the upstream project for Red Hat’s OpenShift Online and OpenShift Enterprise. Version 3 of the OpenShift platform is a complete rewrite just launched in June 2015. It now utilizes Docker as the container engine and Kubernetes as the orchestrator. The Enterprise edition uses Red Hat Atomic Enterprise Platform as the underlying OS. The example used in this post will create Vagrant CentOS boxes.

Continue reading

How To Scale Up Ansible Playbooks and Roles in a Managable Way

Ansible is Awesome! Ansible is a Mess!

So you found Ansible, and you were all Woah! Ansible is awesome! Ansibilize all the things! Then you created a git repo and started hacking.

Playbooks look in the current directory to find roles, libraries, and inventories, so naturally you put everything in one big git repo, right?

You tried to follow the best practices for writing playbooks, you created roles, and maybe you wrote a filter plugin or a custom module for configuring an application unique to your environment. Eventually you wound up with a big repo of playbooks and inventory files and buried roles and realized there must be a better way to do this.

Continue reading

Resources for Learning About Docker

Tutorials

• Docker’s 10min Tutorial

• Andrew Baker’s Introduction to Docker

• Red Hat Workhops

  Docker and Kubernetes Training - Christian Posta Blog

  • Intro
  • Day 1
  • Day 2
  • Day 3
  • Day 4

Books

As of April 2015, O’Reilly has at least 3 books on Docker pending publication. The first two are available in pre-release form now.

• Using Docker My exercises from the book: identidock
• Docker Cookbook
• Docker: Up and Running

Blogs

• Docker Blog
• Docker Weekly Newsletter
• Rancher Blog posts some great overviews like this one and this one on monitoring
• ClusterHQ Blog from makers of Flocker container live migration

Videos

• O’Reilly Introduction to Docker

Continue reading

Split an Ansible Git Repo and Retain the Commit History

Starting with a jumbled git repo of various Ansible roles, playbooks, inventories, group_vars, etc. I want to create a new repo out of a selection of the subdirectories and retain the commit history.

I have an ansible-test repo with a tree that looks roughly like this:

.
├── adhoc/
│   ├── rolling-reboot.yml
│   └── scripts/
├── README.md
└── runtime/
    ├── roles/
    │   ├── foo-role/
    │   └── zimbra/
    │       ├── ansible.cfg
    │       ├── hosts
    │       ├── tasks/
    │       └── ...
    ├── group_vars/
    │   ├── foo-group
    │   └── zimbra-prod
    ├── hosts
    ├── host_vars/
    ├── library/
    │   ├── foo-lib
    │   ├── zmlocalconfig
    │   └── zmprov
    ├── foo.yml
    └── zimbra-playbook.yml

I want to split that so that the Zimbra role, it’s playbook, and any ‘runtime’ context like group_vars, and libraries are managed together in a new repo called playbook-zimbra.

Continue reading