Jamie Duncan (38) [Avatar] Offline
#1
Hi, everyone.

Appendix A, where we walk through installing OpenShift Origin on top of CentOS, was based on OpenShift Origin version 3.5.

The installer for version 3.6 has some pretty big changes, and it won't work as the appendix is currently written. We're working now on updating this to work for 3.6 and will update it here as soon as we can verify we have it bullet-proof.

Thanks,

Jamie & John
436511 (4) [Avatar] Offline
#2
Could you specify in which way the installation process changed on Openshift Origin 3.6? I'm planning to install Openshift Origin 3.6 and I'd like to know how to face that goal. Thanks
Jamie Duncan (38) [Avatar] Offline
#3
Sure!

The primary change is that the interactive installer doesn't have an 'Origin' installation option. The interactive installer will be phased out, eventually, I'm told. That means you have to go with an advanced install (https://docs.openshift.org/latest/install_config/install/advanced_install.html#configuring-ansible).

Going through those docs, I came across an issue with how to specify an Origin install and filed a bug, https://bugzilla.redhat.com/show_bug.cgi?id=1486981. The bug references the mailing list thread with all of the details.

Let us know if you run into any issues, and we'll help as best we can!

-OiA
477385 (1) [Avatar] Offline
#4
Hello,

I'm curious if this is going to be updated soon by chance? I'd like to run through the installation in the recommended manner in order to start tackling the current chapters.

Not knowing specifically what you're looking for in the Ansible configuration leaves much to the imagination smilie.

Thanks,
-Dan S
Jamie Duncan (38) [Avatar] Offline
#5
Yes!

The updated installation appendix should be in the next MEAP update, which we submitted early last week. It will also include chapter 4, and several additional updates as we've continued to work on the content.

-jamie
48881 (3) [Avatar] Offline
#6
Hi,

Installation won't work with 0.0.0.0 as a DNS server (figure A.7)
In my installation (vmware), I used a personalized NAT network so the DNS IP is the same as the Gateway IP (192.168.122.2).

Regards
48881 (3) [Avatar] Offline
#7
48881 wrote:
Installation won't work with 0.0.0.0 as a DNS server (figure A.7)


Oups. I didn't see the Note in A.1 section about 8.8.8.8 (and not 0.0.0.0). Sorry.
Jamie Duncan (38) [Avatar] Offline
#8
no worries!

DNS is consistently a huge challenge for any container platform. OpenShift actually runs dnsmasquerade on each node, and the configuration is set when you deploy your cluster. There are advanced configurations to handle HTTPS proxies, and a lot of other conditions.

-jamie
48881 (3) [Avatar] Offline
#9
Hello,

Right now I'm blocked it the atomic-openshift-installer. In play 17/34 (see below)
Maybe a DNS issue because I see this line in journalctl -xe :
Oct 08 16:59:04 ocp-1.192.168.122.100.nip.io openshift[55081]: grpc: addrConn.resetTransport failed to create client transport: connection error: desc = "transport: dial tcp: lookup ocp-1.192.168.122.100.nip.io on 192.168.122.2:53:....

I will investigate...

By the way the options "-u -c ..." have to be first so the command ligne should be :
atomic-openshift-installer -u -c /root/installer.cfg.yml install --force

Regards,
Come.

NB : the error I got
Play 17/34 (Configure masters)
...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................fatal: [192.168.122.100]: FAILED! => {"attempts": 1, "changed": false, "failed": true, "msg": "Unable to start service origin-master: Job for origin-master.service failed because the control process exited with error code. See \"systemctl status origin-master.service\" and \"journalctl -xe\" for details.\n"}

192.168.122.100 : ok=359 changed=23 unreachable=0 failed=1
192.168.122.101 : ok=112 changed=7 unreachable=0 failed=0
localhost : ok=12 changed=0 unreachable=0 failed=0


Installation Complete: Note: Play count is only an estimate, some plays may have been skipped or dynamically added


Failure summary:

1. Host: 192.168.122.100
Play: Configure masters
Task: openshift_master : Start and enable master
Message: Unable to start service origin-master: Job for origin-master.service failed because the control process exited with error code. See "systemctl status origin-master.service" and "journalctl -xe" for details.


An error was detected. After resolving the problem please relaunch the
installation process.
Jamie Duncan (38) [Avatar] Offline
#10
"transport: dial tcp: lookup ocp-1.192.168.122.100.nip.io on 192.168.122.2:53:.."

It looks like you need to set an upstream DNS server for your host's dnsmasquerade. Right now 192.168.122.2 isn't able to resolve the nip.io domain, which requires a public DNS server to function.

Assuming you have internet connectivity, I think I know what's going on.

One of the things we're working on for OpenShift in Action is an ansible playbook that helps to automate the installation and tasks for each chapter.

It's still _VERY_ early in its development, but I ran into something similar using the CentOS cloud image, but not with the full ISO install. The actual code is at https://github.com/OpenShiftInAction/autoinstaller/blob/master/openshift-common/tasks/CentOS.yaml . If you're not familiar with Ansible, let me know and I can translate. smilie

-jamie
436511 (4) [Avatar] Offline
#11
Hi. I know that maybe this question is not related to the topic but I'd really like to know the answer of this question:

Currently I have an Openshift Origin server installed on my own infrastructure. The configured domain of Openshift Origin is something like https://mydomain.com:8443, and I really need to change the domain of the server and all applications to something like https://myotherdomain.com:8443.

What steps should I do to change the domain of the entire Openshift Origin?. Please help me.
Jamie Duncan (38) [Avatar] Offline
#12
Certificate rotation / re-issue has been around since version 3.3 or so. It's documented at https://docs.openshift.com/container-platform/3.6/install_config/redeploying_certificates.html .

*** NOTE ***

Backup everything before you do this. It should be pretty straight-forward, but this is part of the mainline codepath, so better safe than sorry.

Is that what you're looking for?

-Jamie
436511 (4) [Avatar] Offline
#13
Thanks for your answer.

What I meant is that when I installed Openshift Origin I used the advanced mode with a file configuration like this:

[OSEv3:vars]
openshift_public_hostname=console.mydomain.com
openshift_master_default_subdomain=apps.console.mydomain.com

I used to access to my Openshift Cluster using this command:

oc login https://console.mydomain.com:8443

-------------------------------------------------------------------------------

But because I'm not longer the owner of the domain mydomain.com, I need to change the way I access to the cluster. I'd like to change the dns domain of the entire cluster to something like this:

[OSEv3:vars]
openshift_public_hostname=console.otherdomain.com
openshift_master_default_subdomain=apps.console.otherdomain.com

As a result I will access to my Openshift origin using:

oc login https://console.otherdomain.com:8443

Finally, I'd like to change the dns domain of all routes that currently exists on my applications in order to use the new dns domain.

Jamie Duncan (38) [Avatar] Offline
#14
All of the configurations are going to live in `/etc/origin/[master|node]` on your cluster.

Looking at a 3 node cluster, I get ~35 references to the domain I used (filtering out a few false positives).

[root@ocp1 ~]# grep -RH 'nip.io' /etc/origin | grep -v generated | grep -v 18887 | wc -l
35


The master node's config is at `/etc/origin/master/master-config.yaml`, the nodes are in `node-config.yaml` in the same directory.

In addition to having to change these configurations, you need to regenerate the SSL certificates that the nodes use for communication. That's what the link I posted yesterday talks about.

The Red Hat supported way to handle that is to add a new node with your new hostnames and then remove the old ones. Essentially a rolling upgrade. Doing it 'by hand' is experimental.

Does that help at all?

-jduncan
436511 (4) [Avatar] Offline
#15
Thank you very much. I'll try do follow your instructions, it is what I was looking for!. You helped me a lot!!!!
531644 (3) [Avatar] Offline
#16
HI
I follow the instructions of Appendix A and get this error:

[root@ocp-1 ~]# atomic-openshift-installer -u -c /root/installer.cfg.yml install --force
origin 3.6 is not an installable variant.

I use vagrant and Centos 7.
Any idead ?
531644 (3) [Avatar] Offline
#17
531644 wrote:HI
I follow the instructions of Appendix A and get this error:

[root@ocp-1 ~]# atomic-openshift-installer -u -c /root/installer.cfg.yml install --force
origin 3.6 is not an installable variant.

I use vagrant and Centos 7.
Any idea ?
Jamie Duncan (38) [Avatar] Offline
#18
Hi, and thanks for the catch!

The CentOS PaaS SIG (https://wiki.centos.org/SpecialInterestGroup/PaaS) team has made Origin 3.7 their default installer. We've standardized the book on 3.6, but have tried to make it so it will work for several releases forward with minor (if any modifications).

I've made this fix in the book's source code, and it'll be updated in the next MEAP update. In the meantime, when you install the OpenShift Origin release RPM:

# yum -y install epel-release centos-release-openshift-origin


install the Origin 3.6 RPM instead:

# yum -y install epel-release centos-release-openshift-origin36


Please let us know if that works!

Thanks,

Jamie Duncan
531644 (3) [Avatar] Offline
#19
It worked, thanks very much !

Just a quick general note:
My Centos 7 vagrant box had '127.0.0.1 ocp-1.192.168.122.100' in /etc/hosts and the ansible installation was failing on step 17. I removed it and it all worked OK.
Jamie Duncan (38) [Avatar] Offline
#20
different VM platforms (Vagrant, VMWare, whatever's popular on Mac these days, EC2, KVM, etc.) all have slightly different defaults. Thanks for the Vagrant tip. We'll add it to the autoinstaller tool!

-jamie duncan
dennis labajo (6) [Avatar] Offline
#21
Hello,

Great book!

I started with appendix A to install OpenShift. I think I got it right however deployment fails with the error below where it mentions about the registry server? I apologize, I'm new to Linux/OpenShift and not exactly sure where I misstep the instruction from the appendix.


[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 17.732 s
[INFO] Finished at: 2018-02-16T05:34:13+00:00
[INFO] Final Memory: 12M/126M
[INFO] ------------------------------------------------------------------------
Moving built war files into /wildfly/standalone/deployments for later deployment...
Moving all war artifacts from /opt/app-root/src/target directory into /wildfly/standalone/deployments for later deployment...
'/opt/app-root/src/target/ROOT.war' -> '/wildfly/standalone/deployments/ROOT.war'
Moving all ear artifacts from /opt/app-root/src/target directory into /wildfly/standalone/deployments for later deployment...
Moving all rar artifacts from /opt/app-root/src/target directory into /wildfly/standalone/deployments for later deployment...
Moving all jar artifacts from /opt/app-root/src/target directory into /wildfly/standalone/deployments for later deployment...
...done
Pushing image docker-registry.default.svc:5000/my-helloworld-project/helloworld:latest ...
Warning: Push failed, retrying in 5s ...
Warning: Push failed, retrying in 5s ...
Warning: Push failed, retrying in 5s ...
Warning: Push failed, retrying in 5s ...
Warning: Push failed, retrying in 5s ...
Warning: Push failed, retrying in 5s ...
Warning: Push failed, retrying in 5s ...
Registry server Address:
Registry server User Name: serviceaccount
Registry server Email: serviceaccount@example.org
Registry server Password: <<non-empty>>
error: build error: Failed to push image: After retrying 6 times, Push image still failed
dennis labajo (6) [Avatar] Offline
#22
I've attached a screen capture of the error from the web console.

Should the
docker-registry.default.svc:5000
be configured to match my environment? If so, I'm not sure where to change this and I see no mention of it in the appendix.

Thanks.
Jamie Duncan (38) [Avatar] Offline
#23
Please take a look at the thread - https://forums.manning.com/posts/list/42662.page

I'm pretty sure you're hitting this typo. Sorry!

-jduncan
dennis labajo (6) [Avatar] Offline
#24
Jamie Duncan wrote:Please take a look at the thread - https://forums.manning.com/posts/list/42662.page

I'm pretty sure you're hitting this typo. Sorry!

-jduncan


Thanks for the reply Jamie.

I think my problem has something to do with the /etc/resolv.conf file. The value of the nameserver ( which I have modified to 8.8.8.8 ) keeps reverting back to the host ip address. NetworkManager seems to be doing this when I start/stop the service (or via machine reboot) even though I have already included the entry dns=none in the /etc/NetworkManager/NetworkManager.conf.
Jamie Duncan (38) [Avatar] Offline
#25
It's supposed to do that. smilie

On each OpenShift node, dnsmasq is running locally, using your original nameservers for standard requests and forwarding requests to the master server for internal requests for service discovery, etc.

Your nameserver should be the node's IP.

Most likely your search parameter is buggering up DNS resolution.