The content of this repo is under Openshift 3.x, now it is under the process to be updated to version 4.x.
This document describes the steps that are required to get ChRIS with pfcon and pman up and running on the MOC. The intended audience is ChRIS developers.
-
In order to create an account, you should submit a request to MOC. It usually takes 2-3 business days to get approved.
Follow this link → Request Account on MOC. The information provided in the previous link is ambiguous. Note that only OpenStack has been moved to NERC, OpenShift function is still on MOC and the registration should be working. -
Learn more about adding users to your OpenShift project. Follow this link → Add Users to OpenShift Projects
-
If your access is approved, Follow the link to login to the Openshift → Openshift
You should be able to login to these platforms by using your SSO credentials.
Note: If your account does not have administrative authority, you will not be able to create new projects but you can work on the project that you are invited in.
In order to create new projects on Openshift you can create a ticket here → Create a Ticket
If the projects are created, you should be able to login and view the projects.
Use your SSO credentials to login to https://console-openshift-console.apps.ocp-prod.massopen.cloud to view your project in Openshift. (See the image below)
You can create a project manually in the Openshift UI or by using a terminal command:
….You can create a project manually in the Openshift UI or by using a terminal comma
$ oc new-project ec528-fall2022-cloud-computing --display-name="EC528 Fall 2022 \ Cloud Computing -- Bring ChRIS to OpenShift and Kubernetes -- Using OpenShift"
Note: Make sure that you have OC libraries installed on your system. (See Installing Openshift CLI Tool )
With the OpenShift command-line interface (CLI), the oc command, you can create applications and manage OpenShift Container Platform projects from a terminal. It is recommended to install the Openshift CLI Tool on your system to ease the next steps working on MOC platform smoothly.
In order to download the Openshift CLI Tool, you will have to create/open a RedHat account. This method is reccomended in order to get the most up to date OC libraries.
Follow this link to get information on how to download and install the Openshift CLI Tool → Download Openshift CLI Tool
After unzipping the downloaded file, add the binary file oc to your path.
export PATH=$PATH:<your oc path>
After succesfully installing Openshift CLI Tool, you can login to Opeshift using CLI commands.
First go to Openshift and login using SSO credentials. After that click Copy Login Command as seen from the image below.
Open a terminal and paste the login command. (Your token will differ from the example)
oc login --token=sha256~_Cvg-z7mBjmT9d-a78Nar6ba-vPxPnZprXJYzB0_nVw --server=https://api.ocp-prod.massopen.cloud:6443
oc project myproject oc create secret generic kubecfg --from-file=$HOME/.kube/config -n myproject
-
Create a file
example-config.cfgand add the following:
[AUTH TOKENS] token = password
-
Convert the authorized token to base64 & copy the base64 encoded results with the following command:
cat example-config.cfg | base64
-
Create a file
example-secret.ymland add the encoded result:
apiVersion: v1 kind: Secret metadata: name: pman-config type: Opaque data: pman_config.cfg: <base64 encoded configuration>
-
Create the secret for
pman
oc create -f example-secret.yml
-
Create a file swift-credentials.cfg and add the following:
[AUTHORIZATION] osAuthUrl = https://kaizen.massopen.cloud:13000/v3 [SECRET] applicationId = <Follow the below steps to generate applicationId> applicationSecret = <Follow the below steps to generate applicationSecret>
Follow these steps to create and applicationId and applicationSecret for the Openstack project:
1) Visit the identity panel at https://onboarding.massopen.cloud/identity/
2) Click the "+ Create Application Credential" button
3) In the follow dialog, give your credential a name. You can leave the other fields blank.
4) Click "Create Application Credential"
5) This will present a window with an ID and secret. Record these values because you won't be able to retrieve them after closing the window.
-
Create the secret
swift-credentials
oc create secret generic swift-credentials --from-file=<path-to-file>/swift-credentials.cfg
If all the steps above went well, you should be able to see the secrets that were created succesfully
(chris_env) [cyoruk@localhost ChRISWORK]$ oc get secrets NAME TYPE DATA AGE builder-dockercfg-s4shq kubernetes.io/dockercfg 1 155d builder-token-5p9nl kubernetes.io/service-account-token 4 155d builder-token-xqpz2 kubernetes.io/service-account-token 4 155d default-dockercfg-nh5s5 kubernetes.io/dockercfg 1 155d default-token-n9lx8 kubernetes.io/service-account-token 4 155d default-token-xb6x7 kubernetes.io/service-account-token 4 155d deployer-dockercfg-hszz4 kubernetes.io/dockercfg 1 155d deployer-token-fqvc5 kubernetes.io/service-account-token 4 155d deployer-token-vcf2f kubernetes.io/service-account-token 4 155d kubecfg Opaque 1 4d pfioh-config Opaque 1 4d pman-config Opaque 1 4d swift-credentials Opaque 1 4d
Follow this link to download pman → https://github.com/Sandip117/pman-1
After downloading it, enter the subdirectory openshift:
cd pman/openshift
Note: The current version that supports flask is ghcr.io/sandip117/pman:flask. There is one place in the template where you need to change your project name. Look for a field saying OPENSHIFTMGR_PROJECT
Now edit the pman-openshift-template.json with your OPENSHIFT project name and updated pman docker image (See image below)
To deploy pman on Openshift we need a file that contains all the information about the service we’re going to deploy which is pman-openshift-template.json.
For deploying pman to Openshift:
oc new-app pman-openshift-template.json
Note: if you already have a deployed pman running on OpenShift, you will receive the following error message:
--> Creating resources ...
error: deploymentconfigs.apps.openshift.io "pman" already exists
error: services "pman" already exists
error: routes.route.openshift.io "pman" already exists
--> Failed
After deploying pman, you can see it deployed and running on Openshift. (See image below)
To delete pman
oc delete all -l app=pman oc delete route pman
Follow this link to download pfioh → https://github.com/Sandip117/pfcon
After downloading it, enter the subdirectory openshift:
cd pfcon/openshift
Note: The current version that supports flask is fnndsc/pfcon:pfiohless
To deploy pfcon on Openshift we need a file that contains all the information about the service we’re going to deploy which is pfcon-openshift-template.json.
Now update the COMPUTE_SERVICE_URL in pfcon-openshift-template.json with your pman route that you deployed in step 5. You can find your route with this command:
oc get route
For deploying pfcon to Openshift:
oc new-app pfcon-openshift-template.json
Note: if you already have a deployed pfcon running on OpenShift, you will receive the following error message:
--> Creating resources ...
error: deploymentconfigs.apps.openshift.io "pfcon" already exists
error: services "pfcon" already exists
error: routes.route.openshift.io "pfcon" already exists
--> Failed
After deploying pfcon, you can see it deployed and running on Openshift. (See image below)
To delete pfcon
oc delete all -l app=pfcon oc delete route pfcon
Note: This step is focused on bringing a minimal OpenShift 4.x cluster to your local laptop or desktop computer. If you are looking for a solution for running OpenShift 3.x , you will need tools such as OpenShift Origin, Minishift or CDK. The step below provides an example for running OpenShift 3.x.
This additional step is helpful for people who build ChRIS plugins/services to test/debug applications locally before testing it on the cloud environment.
There are couple steps involved to build a local Openshift 4.x cluster.
Select your OS and Download CodeReady Containers binaries with an embedded OpenShift disk image from CodeReady Containers (See Image Below)
After downloading CodeReady containers, extract it and place the executable in your $PATH (You can check your $PATH with $ echo $PATH)
$ tar -xf crc-linux-amd64.tar.xz (Extract CodeReady Containers) $ cp -r crc-linux-amd64 $PATH (Place the executable in one of your $PATH)
You need to Download or copy your pull secret. The install program will prompt you for your pull secret during installation.
Note: In order to download the CodeReady Containers, you will have to create/open a RedHat account.
CodeReady Containers requires the libvirt and NetworkManager packages to run on Linux. Consult the following code block to find the command used to install these packages for your Linux distribution:
-
Fedora →
sudo dnf install NetworkManager -
Red Hat Enterprise Linux/CentOS →
su -c 'yum install NetworkManager' -
Debian/Ubuntu →
sudo apt install qemu-kvm libvirt-daemon libvirt-daemon-system network-manager
Set up the CodeReady Containers. We’re going to use the Pull Secret that we copied from the CodeReady Container page.
Restart your system before trying the following steps. Store your Pull Secret in a file.
$ crc setup
Start the CodeReady Containers virtual machine:
$ crc start
Login to the Openshift Cluster as a developer:
$ oc login -u developer https://api.crc.testing:6443
Deploying pfcon and pman to local Openshift cluster is the same with deploying it on MOC. You can follow the referenced headers to deploy them.
-
Create a new project in the local Openshift cluster
oc new-project local-chris
This indicates that the server couldn’t understand the request due to invalid syntax. Check Openshift logs to find out the exact issue.
If you’re getting an HTTP 401 error, there are couple things you can do.
-
Double check your
swift-credentialssecret is to see if it’s missing anything.
-
Add
--authToken passwordat the of the script that your trying to run.
-
Double check if the
auidis correct in the script.
-
Recreate secret kubecfg (Every time you log in you need to recreate the kubecfg)