Standing up Openshift Origin in/as a Docker container on Linux platforms

Vijay Chintalapati bio photo By Vijay Chintalapati Comment
Quick Index
Prerequisites
Setting up environment for Openshift Origin
Setting up DNS resolution for routes exposed in Openshift
References

Using Origin Docker image as CDK alternative on Linux

In this article we will see how to work with Openshift Origin by just using it docker image. For reasons I cannot explain (perhaps ocd) really well, I like the feeling of running docker containers natively on the underlying platform and with Fedora as my primary partition on my MacBook Pro, I can get just that.

All the files you need to get this done have already been created for you and once downloaded and customized it takes less than 2 mins to get up and running.

Prerequisites

If you were to follow this article please make sure to have the following prerequisites met before continuing.

Important Note: Though this article has nothing that could adversely impact your platform, please backup any configuration file you plan on changing!

  • Docker

    sudo dnf -y install docker docker-client docker-devel python-docker-py python3-docker-py
    
  • Ansible

    sudo dnf -y install ansible 
    
  • Bind (Optional)

    sudo dnf -y install bind bind-utils  
    

Setting up environment for Openshift Origin

For setting up Openshift Origin, we need two files:

  1. origin.yml (ansible playbook)
  2. setup.sh (script to run commands within the origin docker container)

Most current and up-to-date version of these files can be found at here:

https://github.com/vchintal/openshift-origin-as-docker-container.

Step 1 : Create a setup.sh file

Once you know what the script is doing, you can choose to modify it as you please.

Note: On my machine the registry is pointed at /mnt/registry as reflected in the script

 # This is needed to access github
 iptables -F

 # Registry settings
 oc create serviceaccount registry -n default
 oadm policy add-scc-to-user privileged system:serviceaccount:default:registry
 oadm registry --credentials=./openshift.local.config/master/openshift-registry.kubeconfig --service-account=registry --mount-host="/mnt/registry"

 # For JBoss Middleware Imagestreams
 oc create -f https://raw.githubusercontent.com/jboss-openshift/application-templates/master/jboss-image-streams.json -n openshift
 oc create -f https://raw.githubusercontent.com/jboss-openshift/application-templates/master/datagrid/datagrid65-basic.json -n openshift
 oc create -f https://raw.githubusercontent.com/jboss-openshift/application-templates/master/eap/eap64-basic-s2i.json -n openshift
 oc create -f https://raw.githubusercontent.com/jboss-openshift/application-templates/master/eap/eap70-basic-s2i.json -n openshift

 # For routing
 oc create sa router
 oadm policy add-scc-to-user hostnetwork -z router
 oadm router --credentials='/var/lib/origin/openshift.local.config/master/openshift-router.kubeconfig' --service-account=router

Step 2 : Create a origin.yml file

- hosts: localhost
  tasks:
    - name: Create Openshift Origin docker container 
      become: true
      docker_container:
        name: origin
        image: openshift/origin
        privileged: true
        network_mode: host
        pid_mode: host
        command: "start"
        volumes:
          - /:/rootfs:ro
          - /var/run:/var/run:rw
          - /sys:/sys
          - /var/lib/docker:/var/lib/docker:rw
          - /var/lib/origin/openshift.local.volumes:/var/lib/origin/openshift.local.volumes
    - pause: seconds=10
    - name: Copy the setup script into the origin container
      become: true  
      shell: docker cp setup.sh origin:/var/lib/origin/setup.sh 
    - name: Execute the script in the docker container
      become: true
      shell: docker exec origin bash -l -c "/var/lib/origin/setup.sh > /var/lib/origin/setup.log"

Step 3 : Run the ansible playbook by providing your password for sudo access

Ensure that you placed both of the above files in the same folder and run the following command at the prompt. You will have to provide your password when prompted as the script will run with elevated privileges to create and start the docker containers.

 $ ansible-playbook -K origin.yml
 SUDO password:

Step 4 : Test the Origin setup by opening up a browser and hitting the URL https://127.0.0.1:8443.

For all the alerts about the certification just add to the exception list and continue. When the console comes up, login with username and password admin/admin

Setting up DNS resolution for routes exposed in Openshift

Once you start creating a new project, add one or more apps that might require routes to be created either on-demand or implicitly, you will notice that the routes do not resolve and you cannot get to the application’s web interface.

One good thing however is that when the HAProxy router was created as part of the earlier setup, it bound itself to the localhost at 127.0.0.1. So all we need to do now is to map all the *.cluster.local URLs to the IP address 127.0.0.1. Since the Openshift Origin is running on a local machine, we cannot leverage external DNS services to do the wildcard DNS mapping to our machine. The only alternative is to use bind on Linux, that compensates for external DNS.

To get started, create two files (also available in the same github project refrenced above):

File #1 : named.conf (Use bind documentation as reference)

options {
    listen-on port 53 { 127.0.0.1; };
    directory   "/var/named";
    dump-file   "/var/named/data/cache_dump.db";
    statistics-file "/var/named/data/named_stats.txt";
    memstatistics-file "/var/named/data/named_mem_stats.txt";

    recursion yes;

    dnssec-enable yes;
    dnssec-validation yes;

    managed-keys-directory "/var/named/dynamic";

    pid-file "/run/named/named.pid";
    session-keyfile "/run/named/session.key";

    include "/etc/crypto-policies/back-ends/bind.config";
    forwarders { 8.8.8.8; 8.8.4.4; 10.192.206.245; 10.192.20.245; 10.11.5.19; 10.5.30.160; 208.67.222.222; 208.67.220.220; };
};

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

zone "cluster.local" in {
  type master;
  file "cluster.local";
  allow-update { none; };
};

Understand what named.conf is and has before proceeding further. You can customize it however you want. The idea here is to resolve *.cluster.local to 127.0.0.1 as that is where the Openshift Origin’s HAProxy router is bound to and will process the necessary forwarding to the right POD running the service.

Pay extra attention to the forwarders section and its list of ip addresses in named.conf. Here is where you will place all the regular/usual DNS servers thru who all the other name resolutions would be done for non-Openshift router URLs.

File #2 : cluster.local

$TTL    1d
cluster.local.  IN    SOA   ns.cluster.local. support.cluster.local.com. (
    2010031500 ; se = serial number
    3h         ; ref = refresh
    15m        ; ret = update retry
    3w         ; ex = expiry
    3h         ; min = minimum
    )

    IN    NS    ns.cluster.local.

; private hosts
ns         IN    A    127.0.0.1 
*          IN    A    127.0.0.1 

And now do the following:

  1. Copy cluster.local as /var/named/cluster.local. You might need sudo rights for this.
  2. Backup /etc/named.conf as /etc/named.conf.orig and copy named.conf file into /etc folder
  3. Run the command sudo systemctl start named. Optionally you can enable service by running sudo systemctl enable named
  4. Now ensure that the /etc/resolv.conf has just one line: nameserver 127.0.0.1
  5. To prevent NetworkManager service from constantly overriding your single line entry in /etc/resolv.conf, place dns=none in /etc/NetworkManager/NetworkManager.conf and restart the service with command sudo systemctl restart NetworkManager

Now all the routes should be resolved and their links are now clickable in Openshift console.

References

  1. Openshift Origin Documentation
  2. BIND documentation
  3. Github Project: openshift-origin-as-docker-container
comments powered by Disqus