A Hands-On With OpenShift 3.6 RC

Today I want to introduce you to some features of OpenShift 3.6 while giving you the chance to have a hands-on experience with the Release Candidate.

First of all:

1. It’s a Release Candidate and the features I’ll show you are marked as Tech Preview, so use them for testing purposes ONLY!
2. We cannot use Minishift because there is no Minishift updated yet. Anyway, I’ll show how you could use its base ISO image.
3. I don’t want to use ‘oc cluster up’ in a virtual machine just because setting up a virtual machine, to run it, would be a waste of time.

Prerequisites

This is our grocery list. You’ll find below all the software needed for accomplishing our goal: test OpenShift 3.6 RC.

1. Latest oc binary available on GitHub.
2. Docker-Machine: A virtual machine with Docker installed! – “Docker Machine is a tool that lets you install Docker Engine on virtual hosts, and manage the hosts with docker-machine commands. You can use Machine to create Docker hosts on your local Mac or Windows box, on your company network, in your data center, or on cloud providers” –  https://docs.docker.com/machine/install-machine/.
3. Virtualization software (VirtualBox/Libvirt/KVM/Xhyve).
4. Enough RAM for running a 4GB (or any other Minishift-like) virtual machine.

Please Note:

• If you didn’t use OpenShift Clients (oc) binary before, it’s not so hard: just unpack it, place it somewhere, and run it.
• If you didn’t install Docker-Machine before, just follow the how-to provided in the link before: It will be easy!
• Depending on the virtualization layer you’ll use, you may need to configure/install an appropriate driver to let Docker-Machine work with it. These are some examples:
  • VirtualBox: https://docs.docker.com/machine/drivers/virtualbox/
  • Libvirt/KVM: https://github.com/dhiltgen/docker-machine-kvm
  • Xhyve: https://github.com/zchee/docker-machine-driver-xhyve
• In the following steps, I’ll use commands for my Libvirt/KVM driver: Sorry Mac/Win users! But you will easily adapt commands to your driver, so don’t worry! Just be aware of editing commands when you see “-kvm-” options!
• All the commands can run as a standard user: we don’t need super powers!

Let’s Start: The Brand New Service Catalog

If you’re here, I suppose you’ve already configured your Docker-Machine, didn’t you? Read the previous paragraph!

As I mentioned earlier, we cannot use the Minishift binary to build our Openshift VM, but we can ISO image as a source for creating our docker-machine:

$ docker-machine create -d "kvm" --kvm-boot2docker-url https://github.com/minishift/minishift-b2d-iso/releases/download/v1.0.2/minishift-b2d.iso --kvm-cpu-count 4 --kvm-memory 4096 --engine-insecure-registry 172.30.0.0/16 openshift

In the previous command, we’re creating an “OpenShift” named virtual machine, starting from the Minishift boot2docker image, with some infrastructural configuration (CPU/RAM), and, most importantly, with the OpenShift’s insecure registry subnet configuration (172.30.0.0/16).

You can check the result of the previous command also by running:

$ docker-machine ls
NAME ACTIVE DRIVER STATE URL SWARM DOCKER ERRORS
openshift - kvm Running tcp://192.168.42.53:2376 v1.12.3

Now we’re ready to launch our very useful “oc cluster up” command full of options for better interacting with the Docker-Machine we’ve just prepared:

$ oc cluster up --docker-machine=openshift --service-catalog=true --public-hostname="$(docker-machine ip openshift).nip.io" --routing-suffix="apps.$(docker-machine ip openshift).nip.io" --use-existing-config=true --host-data-dir='/var/lib/origin/openshift.local.data'

In the previous command, we just set the public-hostname for our OpenShift’s platform, its wildcard DNS for routing apps, some options for letting it being persistent, and the option for setting up the new brand new Service Catalog.

Once the OpenShift platform starts, we need to log in as system:admin and then grant unauthenticated access to the template service broker API for using it with the Service Catalog:

$ oc login -u system:admin
$ oc adm policy add-cluster-role-to-group system:openshift:templateservicebroker-client system:unauthenticated system:authenticated

Now we can test the new Service Catalog interface by going to the OpenShift main page! (You should find it at the end of the previous “oc cluster up”command).

One Step Forward: Ansible Service Broker

At this point, we’re ready to deploy one of the latest features: Ansible Service Broker.

First, we have to clone its GitHub’s repository:

$ git clone https://github.com/openshift/ansible-service-broker

Then we have to create a brand new a project for deploying Ansible Service Broker’s template:

$ oc new-project ansible-service-broke
$ oc process -f ansible-service-broker/templates/deploy-ansible-service-broker.template.yaml -p BROKER_IMAGE=ansibleplaybookbundle/ansible-service-broker:latest | oc create -f -

Then we should see some new pods running in our project!

$ oc get pods
NAME READY STATUS RESTARTS AGE
asb-2357364550-4jmcj 1/1 Running 0 1m
etcd-2338997634-05nz5 1/1 Running 0 1m

Here we are: Ansible Service Broker and its etcd database are running!

We’re really close to the goal; we need to create the missing connection between ASB (Ansible Service Broker) and OpenShift:

$ cat << EOF > broker.yaml
apiVersion: servicecatalog.k8s.io/v1alpha1
kind: Broker
metadata:
  name: ansible-service-broker
spec:
  url: https://asb.ansible-service-broker.svc:1338
EOF
$ oc create -f broker.yaml

If you now log into the interface, you should see a bunch of brand new templates available!

The ones ending with “(APB)” are the Ansible Playbook Bundle'‘s template!

PLEASE READ: One more step is required, just because some of the containers used by APB templates require “root” permissions. We need to enable the ANYUID Security Context for every authenticated user (eventually you may restrict it to the user ‘developer’):

$ oc adm policy add-scc-to-group anyuid system:authenticated

That’s all folks! Enjoy your OpenShift 3.6 RC and don’t forget about using it  ONLY for testing purposes!

Ciao.