Install Red Hat OpenShift from scratch on your Laptop using VirtualBox and openshift-ansible

Despite the minimum infrastructure requirement for an OpenShift cluster is 4 CPUs, 16 GB RAM for master, 8 GB RAM for nodes, and a lot more, I decided to give it a go on my poor little Mac, using VirtualBox.

Here is how the cluster will look like:

OpenShift 3.9 on a Mac with VirtualBox

Prepare the VMs

In this experiment, I’m using VirtualBox 6.0 for Mac, and CentOS 7 Minimal base image for all nodes in the cluster. First we need to make sure all the nodes can communicate to each other and to the internet. I use NAT adapter to to enable internet connectivity from the VMs through the shared internet connection on my Mac, and attach all VMs to a Host-only adapter for them to communicate to each other as well as enabling connection (eg: SSH, etc) from my Mac to the VMs. For more details how to do that, refer to my previous post which I setup a similar topology for my IBM Cloud Private experiment here

Launch the OS installation by following the instruction as if you’re installing a normal CentOS machine. In this case, I manually created the partition as following

Partitioning for master VM

And here is the network configuration for the interface associated to the Host-only adapter for the master VM which you can replicate to the remaining 2 nodes (compute: 192.168.56.8 and infra: 192.168.56.9) accordingly ($ nmtui)

Master’s Host-only subnet configuration

Setup the base tools

Once you have the 3 VMs prepared with CentOS 7 installed and configured, we can install the base tools necessary for the installation process on all nodes.

Put this script into a bash file:

$ vi base_bash.sh
#!/bin/bash
# simple bash script to install base packages for OKD v3.9

sudo yum -y update
# Install the CentOS OpenShift Origin v3.9 repo & all base packages
sudo yum -y install centos-release-openshift-origin39 wget git net-tools \
    bind-utils yum-utils iptables-services bridge-utils bash-completion \
    kexec-tools sos psacct vim git mlocate
# create .ssh folder in /root. Update the path if you plan to use a non-root
# user with Ansible.
mkdir -p /root/.ssh
# create passwordless ssh key for root.
ssh-keygen -t rsa \
    -f /root/.ssh/id_rsa -N ''
sudo yum -y update
# Install the Extra Packages for Enterprise Linux (EPEL) repository
sudo yum -y install \
    https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
# disable EPEL repo to prevent package conflicts
sudo sed -i -e "s/^enabled=1/enabled=0/" /etc/yum.repos.d/epel.repo
# Install PyOpenSSL from EpEL repo
sudo yum -y --enablerepo=epel install pyOpenSSL
# install ansible-2.4.3.0 from CentOS archives
sudo yum -y install \
    https://cbs.centos.org/kojifiles/packages/ansible/2.4.3.0/1.el7/noarch/ansible-2.4.3.0-1.el7.noarch.rpm
sudo yum -y install \
    https://cbs.centos.org/kojifiles/packages/ansible/2.4.3.0/1.el7/noarch/ansible-doc-2.4.3.0-1.el7.noarch.rpm
# Reboot system to apply any kernel updates
sudo reboot

Execute the script:

$ bash base_bash.sh

OpenShift requires wildcard DNS resolution in order to resolve OpenShift routes. This can be configured either with an internal DNS resolver (eg: DNSMasq), or by using a public wildcard DNS resolver like xip.io or nip.io.
To make it simple, I use the xip.io option. With xip.io, a DNS entry like this: something.cool.<IP_ADDRESS>.xip.io will be resolved to IP_ADDRESS ip (the node needs to be connected to the internet). For example:

[root@master ~]# ping -c3  duyhard.master.192.168.56.7.xip.io
PING duyhard.master.192.168.56.7.xip.io (192.168.56.7) 56(84) bytes of data.
64 bytes from master (192.168.56.7): icmp_seq=1 ttl=64 time=0.041 ms
64 bytes from master (192.168.56.7): icmp_seq=2 ttl=64 time=0.051 ms
64 bytes from master (192.168.56.7): icmp_seq=3 ttl=64 time=0.050 ms

Now, run these commands on each node accordingly to set up proper host names

On master: $ hostctl set-hostname master.192.168.56.7.xip.io
On infra: $ hostctl set-hostname infra.192.168.56.9.xip.io
On compute: $ hostctl set-hostname compute.192.168.56.8.xip.io 

And then edit the /etc/hosts file in all nodes to be like this:

$ vi /etc/hosts 

192.168.56.7 master master.192.168.56.7.xip.io
192.168.56.9 infra infra.192.168.56.9.xip.io
192.168.56.8 compute compute.192.168.56.8.xip.io

Now enable the ssh access among all nodes by copying the public keys for each nodes to the remaining ones, run this command on all nodes:

$ ssh-copy-id master.192.168.56.7.xip.io && ssh-copy-id infra.192.168.56.9.xip.io && ssh-copy-id compute.192.168.56.8.xip.io

You need to enter the password for the user being used

Once done, install Docker 1.13.1 on all nodes:

$ yum install -y docker-1.13.1 && systemctl enable --now docker

Now, lets install OpenShift using openshift-ansible. The OpenShift (v3.9) distribution we’re about to install is OKD, the upstream version of OpenShift which’s
fully opensourced and is used as a basis for OpenShift dedicated, OpenShift online and OpenShift enterprise.

$ yum install -y openshift-ansible

Configure inventory file for OpenShift installation

$ cd /etc/ansible
$ mv hosts hosts.bk && vi ./hosts

[OSEv3:children]
masters
nodes
etcd

[OSEv3:vars]
openshift_deployment_type=origin
os_firewall_use_firewalld=True
ansible_ssh_user=root
openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', 'challenge': 'true', 'kind': 'HTPasswdPasswordIdentityProvider', 'filename': '/etc/origin/master/htpasswd'}]
openshift_pkg_version='-3.9.0'
openshift_master_default_subdomain=apps.okd.192.168.56.9.xip.io
openshift_disable_check=disk_availability,memory_availability
openshift_ip=192.168.56.7
openshift_ip_check=false

[masters]
master.192.168.56.7.xip.io

[nodes]
master.192.168.56.7.xip.io
infra.192.168.56.9.xip.io openshift_node_labels="{'region':'infra','zone':'default'}"
compute.192.168.56.8.xip.io openshift_node_labels="{'region':'primary','zone':'east'}"

[etcd]
master.192.168.56.7.xip.io

We’re using HTPasswd as Identity Provider for authenticating the access to the cluster, so lets create a user and store the information in /etc/origin/master/htpasswd
as configured in the inventory file:

$ mkdir -p /etc/origin/master
$ htpasswd -c /etc/origin/master/htpasswd root

Test to make sure all nodes are ready for the installation:

$ ansible all -m ping

[root@master ansible]# ansible all -m ping
infra.192.168.56.9.xip.io | SUCCESS => {
    "changed": false, 
    "ping": "pong"
}
compute.192.168.56.8.xip.io | SUCCESS => {
    "changed": false, 
    "ping": "pong"
}
master.192.168.56.7.xip.io | SUCCESS => {
    "changed": false, 
    "ping": "pong"
}

Run the prerequisites playbook to setup required resources and configuration, then execute the cluster installation playbook

$ cd /usr/share/ansible/openshift-ansible/playbooks/
$ ansible-playbook prerequisites.yml && ansible-playbook deploy_cluster.yml

The installation takes around 20 minutes or so, and you would see this message in the console as indicator of success:

PLAY RECAP **********************************************************************************
compute.192.168.56.8.xip.io : ok=130  changed=36   unreachable=0    failed=0   
infra.192.168.56.9.xip.io  : ok=130  changed=36   unreachable=0    failed=0   
localhost                  : ok=12   changed=0    unreachable=0    failed=0   
master.192.168.56.7.xip.io : ok=579  changed=108  unreachable=0    failed=0   


INSTALLER STATUS ***************************************************************************
Initialization             : Complete (0:00:25)
Health Check               : Complete (0:00:24)
etcd Install               : Complete (0:00:30)
Master Install             : Complete (0:01:50)
Master Additional Install  : Complete (0:01:34)
Node Install               : Complete (0:04:52)
Hosted Install             : Complete (0:01:11)
Web Console Install        : Complete (0:00:53)
Service Catalog Install    : Complete (0:03:07)

Use oc cli command to quickly check the cluster:

root@master playbooks]# oc get nodes
NAME                          STATUS    ROLES     AGE       VERSION
compute.192.168.56.8.xip.io   Ready     compute   8m        v1.9.1+a0ce1bc657
infra.192.168.56.9.xip.io     Ready     <none>    8m        v1.9.1+a0ce1bc657
master.192.168.56.7.xip.io    Ready     master    2h        v1.9.1+a0ce1bc657

Create a new user to access your cluster

[root@master playbooks]# htpasswd -b /etc/origin/master/htpasswd \
> duynguyen spiritedengineering.net
Adding password for user duynguyen

Now you can access the console GUI via your browser: https://master.192.168.56.7.xip.io:8443

Login screen

After providing the uesr name / password that you created using HTPasswd, you will see the beautiful OpenShift catalog

Catalog view

In the next posts, I will discuss how to develop and deploy applications on the OpenShift cluster. Stay turned!

Is Your Organization Mobile Ready?

Mobile nowadays has become more front and center in the enterprise landscape. It is both directly and indirectly creating new revenue or strengthening the existing revenue streams. Companies that listen and respond properly to mobile trends can win competitive advantages. Is your organization mobile ready

Here are five key questions to ask as you prepare for your company to go mobile.

1. Is your business model mobile ready?

It’s apparent that mobile is now everywhere and significantly changing the way businesses operate. It is considered to postdate the days of personal computers and is becoming the main tool of the business workforce. All stakeholders who are influencing your business, including customers, business partners and employees, are also profoundly being influenced by mobile technologies. They are going mobile. New work flows and connection patterns are being created among your business influencers. Customer demands are getting more sophisticated with all the mobile options, which may force your company to reexamine a lot of things, including its business model, to reposition where it is in the value chain. Revenue streams are shifting to where the mobile involvement is, and you have to refine your business model accordingly to keep your customer happy as well as catch new opportunities. Mobile is where the customers are, so that’s where you need to be.

2. Is your infrastructure mobile ready?

A research study from IBM states that 91 percent of mobile users always keep their mobile devices within a reachable distance. It implies that users want the ability to access applications and services everywhere, whenever they are needed and of course as quickly as possible. This challenges your infrastructure in terms of availability, performance and responsiveness to the explosive number of requests.

The wide adoption of mobile devices also challenges your current system’s architecture. Technically, services that have been exposed outside of the enterprise might not be suitable for mobile requests because in responding to the requests from a mobile environment, which is typically limited in computing resources, the data being transferred back should be lightweight enough that it can be effectively consumed by mobile applications to provide the expected user experience.

Additionally, the diversity of mobile platforms that involve platform owners in operating some useful services (for example C2DM or APNS, the users’ service providers and so forth) would require your enterprise system to be adapted to interact with those external systems effectively and securely.

3. Have you considered security?

Security has always been a big concern when enabling an enterprise to go mobile. Controlling security for mobile is getting more and more challenging due to the natural portability of the mobile environment as well as the constantly growing diversity of mobile platforms and mobile applications. It consequently requires an efficient approach from the strategic level with clearly defined mobile use cases in the business context. This in turn helps the enterprise to build up a comprehensive mobile security policy to more detailed levels, like how to use technologies for implementing the policy and how to make mobile users aware of security threats and regularly educate them to follow security practices to protect themselves and the corporation. That circle from strategy to policy to technology and education should incrementally, iteratively evolve to keep your security strategy up to date and ensure that it reflects your business needs.

4. Is your design approach and concept mobile adequate?

Mobile devices are typically made with smaller screens and are several times less powerful than desktop computers in terms of computing resources, yet the activities performed on mobile require a sense of immediacy. They tend to be tactical in nature. As a result, the interaction flow between the user and the mobile application requires a completely new user experience design mindset. Data presented on mobile needs to be somehow contextualized and condensed to convey as much information as possible and to best utilize less network bandwidth and hardware resources. There is no room for redundancy. Information and an application’s features need to be progressively, selectively displayed.

Design approaches applied for desktop are consequently inadequate for the mobile environment, not only from the user interface perspective but also from code design since the same code would not run on mobile as effectively as on desktop. It needs to be leaner.

Mobile is becoming mainstream in the workforce, and a mobile application is no longer simply a smaller, zoomed-in version of your desktop application. Applying an appropriate design mindset will make your mobile application, the heart of your mobile business model, more attractive to help you meet user expectations and gain a competitive advantage.

5. Is your application development process mobile suitable?

Mobile devices and platforms evolve rapidly, and your app consequently needs to adapt quickly to those changes in order to continuously gain user satisfaction. In other words, mobile apps are written, used and replaced at a much higher rate than traditional enterprise apps. That requires your development process to be refined so that your app will be iteratively delivered more quickly without sacrificing quality.

Additionally, mobile user expectations are very high, yet loyalty is low. They will easily forget your app if they cannot find what they need on the very first try on their tiny mobile devices. In order to continuously make sure your app satisfies its users and keeps them using the apps, you need to get them involved in the development of the apps earlier, interact with them more frequently to get feedback and then meet their expectations promptly—period.