markdown 我的Openshift Cheatsheet

Posted

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了markdown 我的Openshift Cheatsheet相关的知识,希望对你有一定的参考价值。


* Change Default response timeout for a specific route:
```
oc annotate route <route_name> --overwrite haproxy.router.openshift.io/timeout=10s
```

* Add a nodeSelector on RC ou DC
```
oc patch dc|rc <dc_name> -p "spec:                                                                                         
  template:     
    spec:
      nodeSelector:
        region: infra"
```

* Binary Builds
```
oc new-build --binary=true --name=ola2 --image-stream=redhat-openjdk18-openshift
oc start-build ola2 --from-file=./target/ola.jar --follow
oc new-app 
```

* Turn off/on DC triggers to do a batch of changes without spam many deployments
```
oc rollout pause dc <dc name>
oc rollout resume dc <dc name> 
```
* get a route URL using OC
```
http://$(oc get route nexus3 --template='{{ .spec.host }}')
```

* Using Nexus repo manager to store deployment artifacts
Maven uses settings.xml in $HOME/.m2 for configuration outside of pom.xml:

```
<?xml version="1.0"?>
<settings>
  <mirrors>
    <mirror>
      <id>Nexus</id>
      <name>Nexus Public Mirror</name>
      <url>http://nexus-opentlc-shared.cloudapps.na.openshift.opentlc.com/content/groups/public/</url>
      <mirrorOf>*</mirrorOf>
    </mirror>
  </mirrors>
  <servers>
  <server>
    <id>nexus</id>
    <username>admin</username>
    <password>admin123</password>
  </server>
</servers>
</settings>
```

Maven can automatically store artifacts using -DaltDeploymentRepository parameter for deploy task:

```

mvn deploy -DskipTests=true \
-DaltDeploymentRepository= nexus::default::http://nexus3.nexus.svc.cluster.local:8081/repository/releases
```

* to update a DeploymentConfig in order to change the Docker Image used bythe POD's container
```
oc project <project>
oc get is

oc import-image <image name> --from=docker.io/<imagerepo>/<imagename> --all --confirm

oc get istag

OC_EDITOR="vim" oc edit dc/<your_dc>

    spec:
      containers:
      - image: docker.io/openshiftdemos/gogs@sha256:<the new image digest from Image Stream>
        imagePullPolicy: Always

```

* BuildConfig with Source pull secrets
```
oc secrets new-basicauth gogs-basicauth --username=<your gogs login> --password=<gogs pwd>
oc set build-secret --source bc/tasks gogs-basicauth
```

* Create a configmap file and mount as a volume on DC
```
oc create configmap myconfigfile --from-file=./configfile.txt
oc set volumes dc/printenv --add --overwrite=true --name=config-volume --mount-path=/data -t configmap --configmap-name=myconfigfile
```

* create a secret via CLI
```
oc create secret generic mysec --from-literal=app_user=superuser --from-literal=app_password=topsecret
oc env dc/printenv --from=secret/mysec
oc set volume dc/printenv --add --name=db-config-volume --mount-path=/dbconfig --secret-name=printenv-db-secret
```

* Configure Liveness/Readiness probes on DCs
```
oc set probe dc cotd1 --liveness -- echo ok
oc set probe dc/cotd1 --readiness --get-url=http://:8080/index.php --initial-delay-seconds=2 
```
* Create a new JOB
```
oc run pi --image=perl --replicas=1  --restart=OnFailure \
    --command -- perl -Mbignum=bpi -wle 'print bpi(2000)'
```

* CRON JOB
```
oc run pi --image=perl --schedule='*/1 * * * *' \
    --restart=OnFailure --labels parent="cronjobpi" \
    --command -- perl -Mbignum=bpi -wle 'print bpi(2000)'
```

* A/B Deployments - Split route trafic between services

```
oc expose service cotd1 --name='abcotd' -l name='cotd'
oc set route-backends abcotd --adjust cotd2=+20%
oc set route-backends abcotd cotd1=50 cotd2=50
```

* to pull an image directly from red hat offcial docker registry
```
docker pull registry.access.redhat.com/jboss-eap-6/eap64-openshift
```

* to validate a openshift/kubernates resource definition (json/yaml file)  in order to find malformed/sintax problems
```
oc create --dry-run --validate -f openshift/template/tomcat6-docker-buildconfig.yaml
```

* to prune old objects
 * https://docs.openshift.com/container-platform/3.3/admin_guide/pruning_resources.html

* to enable cluster GC
 * https://docs.openshift.com/container-platform/3.3/admin_guide/garbage_collection.html

* to get ther current user Barear Auth Token

```
oc whoami -t
```

* to test the OSE Master API 

```
curl -k -H "Authorization: Bearer <api_token>" https://<master_host>:8443/api/v1/namespaces/<projcet_name>/pods/https:<pod_name>:8778/proxy/jolokia/

# get pod memory via jmx
curl -k -H "Authorization: Bearer <api_token>" https://<master_host>:8443/api/v1/namespaces/<projcet_name>/pods/https:<pod_name>:8778/proxy/jolokia//read/java.lang:type\=Memory/HeapMemoryUsage | jq .
```

* to login via CLI `oc`
```
oc login --username=tuelho --insecure-skip-tls-verify --server=https://master00-${guid}.oslab.opentlc.com:8443

# to login as Cluster Admin through master host
oc login -u system:admin -n openshift
```

* to view the cluster roles and their associated rule sets in the cluster policy
```
oc describe clusterPolicy default
```

* add a role to user
```
#local binding
oadm policy add-role-to-user <role> <username>

#cluster biding
oadm policy add-cluster-role-to-user <role> <username>
```

* add privileged role to ruan a docker image with root user inside openshift
```
oadm policy add-scc-to-user anyuid -z default
```

> for more details consult: https://docs.openshift.com/enterprise/3.1/admin_guide/manage_authorization_policy.html

* to test a POD service locally
```
ip=`oc describe pod hello-openshift|grep IP:|awk '{print $2}'`
curl http://${ip}:8080
```

 * to access a POD container shell
```
oc exec -ti  `oc get pods |  awk '/registry/ { print $1; }'` /bin/bash

#new way to do the same:
oc rsh <container-name>
```

 * to edit an object/resource
```
oc edit <object_type>/<object_name>

#eg

oc edit dc/myDeploymentConfig
```

 * Ataching a new `PersistentVolumeClaim` to a `DeploymentConfig`

```
oc volume dc/docker-registry \
   --add --overwrite \
   -t persistentVolumeClaim \
   --claim-name=registry-claim \
   --name=registry-storage
```
 * Docker builder app creation
 
 ```
 oc new-app --docker-image=openshift/hello-openshift:v1.0.6 -l "todelete=yes"
 ```
* To create an app using a template (`eap64-basic-s2i`): Ticketmonster demo

```
oc new-app javaee6-demo
oc new-app --template=eap64-basic-s2i -p=APPLICATION_NAME=ticketmonster,SOURCE_REPOSITORY_URL=https://github.com/jboss-developer/ticket-monster,SOURCE_REPOSITORY_REF=2.7.0.Final,CONTEXT_DIR=demo
```

* STI app creation

```
oc new-app https://github.com/openshift/sinatra-example -l "todelete=yes"
oc new-app openshift/php~https://github.com/openshift/sti-php -l "todelete=yes"
```

 * To watch a build process log

```
oc get builds
oc logs -f builds/sti-php-1
```

* To create application using Git repository at current directory:

```
$ oc new-app
```

* To create application using remote Git repository and context subdirectory:

```
$ oc new-app https://github.com/openshift/sti-ruby.git \
    --context-dir=2.0/test/puma-test-app
```

* To create application using remote Git repository with specific branch reference:
```
$ oc new-app https://github.com/openshift/ruby-hello-world.git#beta4
```
> New App From Source Code
> 
>  Build Strategy Detection
> 
>  If new-app finds a Dockerfile in the repository, it uses docker build strategy Otherwise, new-app uses source strategy
>   
>  To specify strategy, set `--strategy flag` to source or docker
>  Example: To force new-app to use docker strategy for local source repository:
  
  ```
  $ oc new-app /home/user/code/myapp --strategy=docker
  ```

* to create a definition generated by `oc new-app` command based on S2I support

```
$ oc new-app https://github.com/openshift/simple-openshift-sinatra-sti.git -o json | \
   tee ~/simple-sinatra.json
```

* To create application from MySQL image in Docker Hub:

```
$ oc new-app mysql
```

* To create application from local registry:

```
$ oc new-app myregistry:5000/example/myimage
```

> If the registry that the image comes from is not secured with SSL, cluster administrators must ensure that the Docker daemon on the OpenShift Enterprise nodes is run with the --insecure-registry flag pointing to that registry. You must also use the `--insecure-registry=true` flag to tell new-app that the image comes from an insecure registry.

* To create application from stored template:

```
$ oc create -f examples/sample-app/application-template-stibuild.json
$ oc new-app ruby-helloworld-sample
```

* To set environment variables when creating application for database image:

```
$ oc new-app openshift/postgresql-92-centos7 \
    -e POSTGRESQL_USER=user \
    -e POSTGRESQL_DATABASE=db \
    -e POSTGRESQL_PASSWORD=password
```

* To output new-app artifacts to file, edit them, then create them using oc create:

```
$ oc new-app https://github.com/openshift/ruby-hello-world -o json > myapp.json
$ vi myapp.json
$ oc create -f myapp.json
```

* To deploy two images in single pod:

```
$ oc new-app nginx+mysql
```

* To deploy together image built from source and external image:

```
$ oc new-app \
    ruby~https://github.com/openshift/ruby-hello-world \
    mysql \
    --group=ruby+mysql
```
* to export all the project's objects/resources as a single template:

```
$ oc export all --as-template=<template_name>
```

> You can also substitute a particular resource type or multiple resources instead of all. Run $ oc export -h for more examples

* to create a new project using `oadm` and defining an admin user
```
$ oadm new-project instant-app --display-name="instant app example project" \
    --description='A demonstration of an instant-app/template' \
    --node-selector='region=primary' --admin=andrew
```

* to create an app using `oc` CLI based on a `template`
```
$ oc new-app --template=mysql-ephemeral --param=MYSQL_USER=mysqluser,MYSQL_PASSWORD=redhat,MYSQL_DATABASE=mydb,DATABASE_SERVICE_NAME=database
```

* to see a list of `env` `vars` defined in a DeploymentConfig object
```
$ oc env dc database --list
# deploymentconfigs database, container mysql
MYSQL_USER=***
MYSQL_PASSWORD=***
MYSQL_DATABASE=***

```

* to manage enviorenmet variables in different ose objects types.

The first adds, with value /data. The second updates, with value /opt.

```
$ oc env dc/registry STORAGE=/data
$ oc env dc/registry --overwrite STORAGE=/opt
```

To unset environment variables in the pod templates:

```
$ oc env <object-selection> KEY_1- ... KEY_N- [<common-options>]
```

> The trailing hyphen (-, U+2D) is required.

This example removes environment variables ENV1 and ENV2 from deployment config d1:
```
$ oc env dc/d1 ENV1- ENV2-
```

This removes environment variable ENV from all replication controllers:
```
$ oc env rc --all ENV-
```

This removes environment variable ENV from container c1 for replication controller r1:

To list environment variables in pods or pod templates:
```
$ oc env rc r1 --containers='c1' ENV-
```

This example lists all environment variables for pod p1:
```
$ oc env <object-selection> --list [<common-options>]
```

```
$ oc env pod/p1 --list
```

* to apply some change (patch)

```
oc patch dc/<dc_name> \
   -p '{"spec":{"template":{"spec":{"nodeSelector":{"nodeLabel":"logging-es-node-1"}}}}}'
```

* to apply a vlome storage

```
oc volume dc/<dc_name> \
          --add --overwrite --name=<volume_name> \
          --type=persistentVolumeClaim --claim-name=<claim_name>
```

* to make a node unschedulable in a cluster

```
oadm manage node <nome do node > --schedulable=false
```
* to create a registry with storage-volume mounted on host
```
oadm registry --service-account=registry \
    --config=/etc/origin/master/admin.kubeconfig \
    --credentials=/etc/origin/master/openshift-registry.kubeconfig \
    --images='registry.access.redhat.com/openshift3/ose-${component}:${version}' \
    --mount-host=<path> --selector=meuselector
```

* to export all resources from a project/namespace as a template
```
oc export all --as-template=<template_name>
```

* to create a build from a Dockerfile

```
# create the build
cat ./path/to/your/Dockerfile | oc new-build --name=build-from-docker --binary --strategy=docker -l app=app-from-custom-docker-build  -D -

#if you need to give some input to your Docker Build process
oc start-build build-from-docker --from-dir=. --follow

# create an OSE app from the docker build image
oc new-app app-from-custom-docker-build -l app=app-from-custom-docker-build

oc expose service app-from-custom-docker-build
```

* to copy files to/from a POD

```
#Ref: https://docs.openshift.org/latest/dev_guide/copy_files_to_container.html

oc rsync /home/user/source devpod1234:/src

oc rsync devpod1234:/src /home/user/source
```

## Cluster nodes CleanUp

1. Desliga todos os containers que vc não tá usando no seu ambiente do openshift
2. Executa em todos os nodes e master o comando: docker rm $(docker ps -a -q)
3. Remove todas as imagens de todos os nodes e master. Para isso loga em cada uma delas via ssh e remove as imagens usando docker rmi <id da image>. Pega as imagens que começa com o ip do registry 172.30...
4. configurar GC: https://docs.openshift.com/enterprise/3.1/admin_guide/garbage_collection.html

##Tips

* internal DNS name of ose/kubernetes services
 * follows the pattern `<service-name>.<project>.svc.cluster.local`


 Object Type	 | Example 
--------------- | ----------------------------------------------
 Default        | <pod_namespace>.cluster.local 
 Services       | <service>.<pod_namespace>.svc.cluster.local
 Endpoints      | <name>.<namespace>.endpoints.cluster.local
 
 > "he only caveat to this, is that if we are using the multi-tenant OVS networking plugin, our cluster administrators will have to make visible our ci project to all other projects:" Ref: https://blog.openshift.com/improving-build-time-java-builds-openshift/
```
$ oadm pod-network make-projects-global ci
```

* Adjust Master Log Level
To adjust openshift-master log level, edit following line of `/etc/sysconfig/atomic-openshift-master` from master VM:

```
OPTIONS=--loglevel=4
```

To make changes valid, restart atomic-openshift-master service:

```
$ sudo -i systemctl restart atomic-openshift-master.service
```

In node machine, to provide filtered information:
```
# journalctl -f -u atomic-openshift-node
```

* Enable EAP clustering/replication

Make sure that your default service account has sufficient privileges to communicate with the Kubernetes REST API.
Add the view role to serviceaccount for the project:

```
$ oc policy add-role-to-user view system:serviceaccount:$(oc project -q):default
```
Examine the first entry in the log file:

```
Service account has sufficient permissions to view pods in kubernetes (HTTP 200). Clustering will be available.
```

## OCP Internal VIP failover for Routers running on Infra nodes

```
oc adm ipfailover ipf-ha-router 
    --replicas=2 --watch-port=80 \
    --selector="region=infra" \
    --virtual-ips="x.0.0.x" \
    --iptables-chain="INPUT" \
    --service-account=ipfailover --create
```

## Creating a new Template
 * Common strategy for building template definitions:
  * Use oc new-app and oc expose to manually create resources application needs
  * Test to make sure resources work as expected
  * Use oc export with -o json option to export existing resource definitions
  * Merge resource definitions into template definition file
  * Add parameters
  * Test resource definition in another project
  > JSON syntax errors are not easy to identify, and OpenShift is sensitive to them, refusing JSON files that most browsers would accept as valid. Use jsonlint -s from the python-demjson package, available from EPEL, to identify syntax issues in a JSON resource definition file.
 
 * Use `oc new-app` with `-o json` option to bootstrap your new template definition file
 ```
oc new-app -o json openshift/hello-openshift > hello.json 
 ```
 
 * Converting the Resource Definition to a Template
  * Change kind attribute from List to Template
  * Make two changes to metadata object:
  * Add name attribute and value so template has name users can refer to
  * Add annotations containing description attribute for template, so users know what template is supposed to do.
  * Rename items array attribute as objects 

## Working with Templates
 * to list all parameters from mysql-persistent template:
```
$ oc process --parameters=true -n openshift mysql-persistent
```
 * Customizing resources from a preexisting Template
 
Example:
```
$ oc export -o json
	-n openshift mysql-ephemeral > mysql-ephemeral.json
... change the mysql-ephemeral.json file ...
$ oc process -f mysql-ephemeral.json \
	-v MYSQL_DATABASE=testdb,MYSQL_USE=testuser,MYSQL_PASSWORD=
	> testdb.json
$ oc create -f testdb.json
```

> oc process uses the -v option to provide parameter values, while oc new-app command uses the -p option.

### Create Definition Files for Volumes

```
ssh master00-$guid
mkdir /root/pvs
```

```
export volsize="5Gi"
for volume in pv{1..25}; \
do \
cat << EOF > /root/pvs/${volume}.yaml
apiVersion: v1
kind: PersistentVolume
metadata:
  name: ${volume} 
spec:
  capacity:
    storage: ${volsize} 
  accessModes:
  - ReadWriteOnce 
  nfs: 
    path: /var/export/pvs/${volume} 
    server: 192.168.0.254 
  persistentVolumeReclaimPolicy: Recycle 
EOF
     echo "Created def file for ${volume}"; \
done
```

```
export volsize="10Gi"
for volume in pv{26..50}; \
do \
cat << EOF > /root/pvs/${volume}.yaml
apiVersion: v1
kind: PersistentVolume
metadata:
  name: ${volume} 
spec:
  capacity:
    storage: ${volsize} 
  accessModes:
  - ReadWriteOnce 
  nfs: 
    path: /var/export/pvs/${volume} 
    server: 192.168.0.254 
  persistentVolumeReclaimPolicy: Recycle 
EOF
     echo "Created def file for ${volume}"; \
done
```

```
export volsize="1Gi"
for volume in pv{51..100}; \
do \
cat << EOF > /root/pvs/${volume}.yaml
apiVersion: v1
kind: PersistentVolume
metadata:
  name: ${volume} 
spec:
  capacity:
    storage: ${volsize} 
  accessModes:
  - ReadWriteOnce 
  nfs: 
    path: /var/export/pvs/${volume} 
    server: 192.168.0.254 
  persistentVolumeReclaimPolicy: Recycle 
EOF
     echo "Created def file for ${volume}"; \
done
```

* Patch PVs definitions

```
for pv in $(oc get pv|awk '{print $1}' | grep pv | grep -v NAME); do oc patch pv $pv -p "spec:      
  accessModes:
  - ReadWriteMany
  - ReadWriteOnce
  - ReadOnlyMany
  persistentVolumeReclaimPolicy: Recycle"
```

以上是关于markdown 我的Openshift Cheatsheet的主要内容,如果未能解决你的问题,请参考以下文章

markdown OpenShift - 端口转发

markdown OpenShift.md

javascript Cheatsheet:CasperJS,PhantomJS&Spooky。更多:http://journal.gentlenode.com/casperjs-2-chea

OpenShift:503 服务不可用

Openshift 中 H2 数据库的 URL

使用 OpenShift 的公共客户端应用程序端口转发