OpenShiftのデプロイに必要なAnsible関連のファイルの取得方法と、コンテナレジストリをNFSのpvで利用する設定とデプロイについて。
ここではHawkularはまだ入れてないです。
deploy_clusterで初期デプロイ時にpvを有効にすると、ちょっとしたハマりポイント(手順通りのバージョンだとうまくいかない)があったので備忘録的に。
事前に準備するDNSやら必要なパッケージやら、まとめてないので近いうちに…
インストール時の手順は主にこちら
- Preparing your hosts | Installing Clusters | OKD 3.11
- Installing OpenShift | Installing Clusters | OKD 3.11
openshift-ansibleをGitHubからcloneする
$ git clone https://github.com/openshift/openshift-ansible $ cd openshift-ansible/ $ git checkout release-3.11 $ cp inventory/hosts.example ~/openshift-install.ini
あと、ansible.cfgも少し設定追加すると出力が見やすい
[defaults] # Set the log_path log_path = ~/openshift-ansible.log stdout_callback = yaml # ←これ追加
[zaki@okd-manager ~]$ git clone https://github.com/openshift/openshift-ansible Cloning into 'openshift-ansible'... remote: Enumerating objects: 144773, done. remote: Total 144773 (delta 0), reused 0 (delta 0), pack-reused 144773 Receiving objects: 100% (144773/144773), 39.59 MiB | 8.79 MiB/s, done. Resolving deltas: 100% (90948/90948), done. [zaki@okd-manager ~]$ cd openshift-ansible/ [zaki@okd-manager openshift-ansible]$ ls BUILD.md ansible.cfg requirements.txt CONTRIBUTING.md docs roles HOOKS.md hack setup.cfg LICENSE images setup.py OWNERS inventory test README.md openshift-ansible.spec test-requirements.txt README_CONTAINER_IMAGE.md playbooks tox.ini [zaki@okd-manager openshift-ansible]$ git checkout release-3.11 Branch release-3.11 set up to track remote branch release-3.11 from origin. Switched to a new branch 'release-3.11' [zaki@okd-manager openshift-ansible]$ ls BUILD.md images CONTRIBUTING.md inventory DEPLOYMENT_TYPES.md meta HOOKS.md openshift-ansible.spec LICENSE playbooks OWNERS pytest.ini README.md requirements.txt README_CONTAINERIZED_INSTALLATION.md roles README_CONTAINER_IMAGE.md setup.cfg ansible.cfg setup.py conftest.py test docs test-requirements.txt examples tox.ini hack [zaki@okd-manager openshift-ansible]$ ls inventory/ README.md hosts.glusterfs.registry-only.example dynamic hosts.glusterfs.storage-and-registry.example hosts.example hosts.grafana.example hosts.glusterfs.external.example hosts.localhost hosts.glusterfs.mixed.example hosts.openstack hosts.glusterfs.native.example [zaki@okd-manager openshift-ansible]$ cp inventory/hosts.example ~/openshift-install.ini [zaki@okd-manager openshift-ansible]$ vi ansible.cfg
インベントリファイル変更点
- ノードのホスト名
- ちなみにここではmaster 1台(infra込み)、node 2台の計3台構成
- masterにinfraロールも与えるため、
openshift_node_group_name="node-config-master-infra"を設定
- NFS/LBを使わないのでコメントアウト
- NFSは既にあるものを使用するのでopenshift-ansibleを使った構築は行わない
- Ansibleの実行は通常ユーザで行ってbecomeでrootになる設定
- あと、イメージレジストリのストレージを外部NFSに設定
[zaki@okd-manager openshift-ansible]$ diff -u inventory/hosts.example ~/openshift-install.ini --- inventory/hosts.example 2019-11-23 13:29:43.352017946 +0900 +++ /home/zaki/openshift-install.ini 2019-11-23 13:45:02.526109483 +0900 @@ -5,31 +5,30 @@ # should use an external load balancing solution that itself is highly available. [masters] -ose3-master[1:3].test.example.com +okd-master.esxi.jp-z.jp [etcd] -ose3-master[1:3].test.example.com +okd-master.esxi.jp-z.jp [nodes] # openshift_node_group_name must be provided for each node # See 'Node Group Definition and Mapping' in the project README for more details -ose3-master[1:3].test.example.com openshift_node_group_name="node-config-master" -ose3-infra[1:2].test.example.com openshift_node_group_name="node-config-infra" -ose3-node[1:2].test.example.com openshift_node_group_name="node-config-compute" +okd-master.esxi.jp-z.jp openshift_node_group_name="node-config-master-infra" +okd-node[1:2].esxi.jp-z.jp openshift_node_group_name="node-config-compute" -[nfs] -ose3-master1.test.example.com +#[nfs] +#ose3-master1.test.example.com -[lb] -ose3-lb.test.example.com +#[lb] +#ose3-lb.test.example.com # Create an OSEv3 group that contains the masters and nodes groups [OSEv3:children] masters nodes etcd -lb -nfs +#lb +#nfs [OSEv3:vars] ############################################################################### @@ -38,11 +37,11 @@ # SSH user, this user should allow ssh based auth without requiring a # password. If using ssh key based auth, then the key should be managed by an # ssh agent. -ansible_user=root +ansible_user=zaki # If ansible_user is not root, ansible_become must be set to true and the # user must be configured for passwordless sudo -#ansible_become=yes +ansible_become=yes # Specify the deployment type. Valid values are origin and openshift-enterprise. openshift_deployment_type=origin @@ -58,10 +57,10 @@ # default subdomain to use for exposed routes, you should have wildcard dns # for *.apps.test.example.com that points at your infra nodes which will run # your router -openshift_master_default_subdomain=apps.test.example.com +openshift_master_default_subdomain=app.esxi.jp-z.jp #Set cluster_hostname to point at your load balancer -openshift_master_cluster_hostname=ose3-lb.test.example.com +openshift_master_cluster_hostname=okd-master.esxi.jp-z.jp @@ -200,9 +199,9 @@ #osm_etcd_image=registry.example.com/rhel7/etcd # htpasswd auth -#openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', 'challenge': 'true', 'kind': 'HTPasswdPasswordIdentityProvider'}] +openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', 'challenge': 'true', 'kind': 'HTPasswdPasswordIdentityProvider'}] # Defining htpasswd users -#openshift_master_htpasswd_users={'user1': '<pre-hashed password>', 'user2': '<pre-hashed password>'} +openshift_master_htpasswd_users={'admin': '$apr1$chC7MdLw$RPR2ohaVdfiNs2YhB5lpc.', 'user': '$apr1$j5I5Uiak$BaBWERX0BW/6X49RPTvQa0'} # or #openshift_master_htpasswd_file=<path to local pre-generated htpasswd file> @@ -507,14 +506,14 @@ # options would be "nfs.example.com:/exports/registry". "exports" is # is the name of the export served by the nfs server. "registry" is # the name of a directory inside of "/exports". -#openshift_hosted_registry_storage_kind=nfs -#openshift_hosted_registry_storage_access_modes=['ReadWriteMany'] -#openshift_hosted_registry_storage_host=nfs.example.com +openshift_hosted_registry_storage_kind=nfs +openshift_hosted_registry_storage_access_modes=['ReadWriteMany'] +openshift_hosted_registry_storage_host=okd-manager.esxi.jp-z.jp # nfs_directory must conform to DNS-1123 subdomain must consist of lower case # alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character -#openshift_hosted_registry_storage_nfs_directory=/exports -#openshift_hosted_registry_storage_volume_name=registry -#openshift_hosted_registry_storage_volume_size=10Gi +openshift_hosted_registry_storage_nfs_directory=/exports/nfs +openshift_hosted_registry_storage_volume_name=registry +openshift_hosted_registry_storage_volume_size=10Gi # # Openstack # Volume must already exist. [zaki@okd-manager openshift-ansible]$
インストール
OpenShift 3.x のデプロイは、2つのプレイブックを実行する。
pre
環境が要件を満たしてるかのチェックAnsible(たぶん)
CPUやメモリをケチってるとここでこける(-e openshift_disable_check=memory_availability,disk_availabilityなどでスキップ可能)
[zaki@okd-manager openshift-ansible]$ time ansible-playbook -i ~/openshift-install.ini playbooks/prerequisites.yml PLAY [Fail openshift_kubelet_name_override for new hosts] ********************** TASK [Gathering Facts] ********************************************************* Saturday 23 November 2019 13:51:21 +0900 (0:00:00.084) 0:00:00.084 ***** ok: [okd-node2.esxi.jp-z.jp] ok: [okd-node1.esxi.jp-z.jp] ok: [okd-master.esxi.jp-z.jp] : : PLAY RECAP ********************************************************************* localhost : ok=11 changed=0 unreachable=0 failed=0 skipped=5 rescued=0 ignored=0 okd-master.esxi.jp-z.jp : ok=73 changed=23 unreachable=0 failed=0 skipped=124 rescued=0 ignored=0 okd-node1.esxi.jp-z.jp : ok=51 changed=22 unreachable=0 failed=0 skipped=108 rescued=0 ignored=0 okd-node2.esxi.jp-z.jp : ok=51 changed=22 unreachable=0 failed=0 skipped=108 rescued=0 ignored=0 INSTALLER STATUS *************************************************************** Initialization : Complete (0:00:18) Saturday 23 November 2019 13:52:48 +0900 (0:00:00.058) 0:01:27.643 ***** =============================================================================== container_runtime : Install Docker ------------------------------------- 30.83s os_firewall : need to pause here, otherwise the iptables service starting can sometimes cause ssh to fail -- 10.05s os_firewall : Wait 10 seconds after disabling firewalld ---------------- 10.04s Ensure openshift-ansible installer package deps are installed ----------- 9.44s openshift_excluder : Install docker excluder - yum ---------------------- 2.26s container_runtime : Start the Docker service ---------------------------- 1.68s os_firewall : Install iptables packages --------------------------------- 1.51s os_firewall : Ensure firewalld service is not enabled ------------------- 1.26s Gathering Facts --------------------------------------------------------- 1.14s os_firewall : Start and enable iptables service ------------------------- 0.87s openshift_repos : Configure origin gpg keys ----------------------------- 0.52s container_runtime : Fixup SELinux permissions for docker ---------------- 0.50s openshift_repos : Ensure libselinux-python is installed ----------------- 0.49s container_runtime : Update registries.conf ------------------------------ 0.47s openshift_repos : refresh cache ----------------------------------------- 0.45s openshift_repos : Configure correct origin release repository ----------- 0.42s container_runtime : Configure Docker service unit file ------------------ 0.41s Gather Cluster facts ---------------------------------------------------- 0.37s container_runtime : Get current installed Docker version ---------------- 0.34s container_runtime : Set various Docker options -------------------------- 0.30s real 1m28.965s user 0m18.342s sys 0m6.650s [zaki@okd-manager openshift-ansible]$
deploy
本番
[zaki@okd-manager openshift-ansible]$ time ansible-playbook -i ~/openshift-install.ini playbooks/deploy_cluster.yml PLAY [Initialization Checkpoint Start] ***************************************** TASK [Set install initialization 'In Progress'] ******************************** Saturday 23 November 2019 13:54:15 +0900 (0:00:00.049) 0:00:00.049 ***** ok: [okd-master.esxi.jp-z.jp] : :
失敗?
何度実行しても以下のエラーが発生
TASK [openshift_persistent_volumes : Create PersistentVolumes] *****************Saturday 23 November 2019 16:09:17 +0900 (0:00:00.371) 0:03:13.461 ***** fatal: [okd-master.esxi.jp-z.jp]: FAILED! => changed=false cmd: - oc - create - -f - /tmp/openshift-ansible-MStDDjU/persistent-volumes.yml - --config=/tmp/openshift-ansible-MStDDjU/admin.kubeconfig delta: '0:00:00.114350' end: '2019-11-23 16:09:17.383909' failed_when_result: true msg: non-zero return code rc: 1 start: '2019-11-23 16:09:17.269559' stderr: 'The PersistentVolume "registry-volume" is invalid: spec: Required value: must specify a volume type' stderr_lines: <omitted> stdout: '' stdout_lines: <omitted>
原因
これでした。
OKDのドキュメント通りに準備すると、Ansibleバージョンは2.8になるはず。
しかしdeploy_clusterでpvを作成しようとするときのテンプレート?生成で処理に失敗してるらしい?(どういう理屈だろ)
Ansibleを2.6にダウングレード
[zaki@okd-manager openshift-ansible]$ yum --showduplicate list ansible 読み込んだプラグイン:fastestmirror Determining fastest mirrors * base: ftp.riken.jp * extras: ftp.riken.jp * updates: ftp.riken.jp インストール済みパッケージ ansible.noarch 2.8.5-1.el7 @epel 利用可能なパッケージ ansible.noarch 2.4.2.0-2.el7 extras
2.4はさすがにちょっと。。。
$ sudo yum install centos-release-ansible26
これで2.6インストール用のリポジトリを追加する
[zaki@okd-manager openshift-ansible]$ yum --showduplicate list ansible 読み込んだプラグイン:fastestmirror Loading mirror speeds from cached hostfile * base: ftp.riken.jp * centos-ansible26: ftp.riken.jp * extras: ftp.riken.jp * updates: ftp.riken.jp centos-ansible26 | 2.9 kB 00:00 centos-ansible26/7/x86_64/primary_db | 7.3 kB 00:00 インストール済みパッケージ ansible.noarch 2.8.5-1.el7 @epel 利用可能なパッケージ ansible.noarch 2.4.2.0-2.el7 extras ansible.noarch 2.6.5-1.el7 centos-ansible26 ansible.noarch 2.6.14-1.el7 centos-ansible26 ansible.noarch 2.6.20-1.el7 centos-ansible26
これで2.6.20にダウングレードする
[zaki@okd-manager openshift-ansible]$ sudo yum downgrade ansible-2.6.20-1.el7 : : Running transaction インストール中 : ansible-2.6.20-1.el7.noarch 1/2 整理中 : ansible-2.8.5-1.el7.noarch 2/2 検証中 : ansible-2.6.20-1.el7.noarch 1/2 検証中 : ansible-2.8.5-1.el7.noarch 2/2 削除しました: ansible.noarch 0:2.8.5-1.el7 インストール: ansible.noarch 0:2.6.20-1.el7 完了しました! [zaki@okd-manager openshift-ansible]$
[zaki@okd-manager openshift-ansible]$ ansible --version ansible 2.6.20 config file = /home/zaki/openshift-ansible/ansible.cfg configured module search path = [u'/home/zaki/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python2.7/site-packages/ansible executable location = /usr/bin/ansible python version = 2.7.5 (default, Apr 11 2018, 07:36:10) [GCC 4.8.5 20150623 (Red Hat 4.8.5-28)] [zaki@okd-manager openshift-ansible]$
これで再実行
(失敗した環境で追加実行してる。ただし失敗の状況によってはやり直した方がよい)
[zaki@okd-manager openshift-ansible]$ time ansible-playbook -i ~/openshift-install.ini playbooks/deploy_cluster.yml
:
:
PLAY RECAP *********************************************************************
localhost : ok=11 changed=0 unreachable=0 failed=0
okd-master.esxi.jp-z.jp : ok=564 changed=163 unreachable=0 failed=0
okd-node1.esxi.jp-z.jp : ok=109 changed=20 unreachable=0 failed=0
okd-node2.esxi.jp-z.jp : ok=109 changed=20 unreachable=0 failed=0
INSTALLER STATUS ***************************************************************
Initialization : Complete (0:00:12)
Health Check : Complete (0:00:28)
Node Bootstrap Preparation : Complete (0:00:52)
etcd Install : Complete (0:00:17)
Master Install : Complete (0:01:08)
Master Additional Install : Complete (0:00:18)
Node Join : Complete (0:00:14)
Hosted Install : Complete (0:00:29)
The use of NFS for the core OpenShift Container Platform components is not recommended, as NFS (and the NFS Protocol) does not provide the proper consistency needed for the applications that make up the OpenShift Container Platform infrastructure.
Cluster Monitoring Operator : Complete (0:01:38)
Web Console Install : Complete (0:00:46)
Console Install : Complete (0:00:22)
Service Catalog Install : Complete (0:03:08)
Saturday 23 November 2019 16:33:07 +0900 (0:00:00.023) 0:10:10.317 ***** ===============================================================================
openshift_cluster_monitoring_operator : Wait for the ServiceMonitor CRD to be created -- 91.15s
openshift_service_catalog : Wait for Controller Manager rollout success -- 57.05s
template_service_broker : Verify that TSB is running ------------------- 45.12s
openshift_web_console : Verify that the console is running ------------- 41.53s
openshift_service_catalog : Wait for API Server rollout success -------- 40.19s
Run health checks (install) - EL --------------------------------------- 28.64s
openshift_console : Waiting for console rollout to complete ------------ 16.44s
openshift_service_catalog : oc_process ---------------------------------- 8.24s
openshift_hosted : Create OpenShift router ------------------------------ 6.74s
openshift_node : Install node, clients, and conntrack packages ---------- 3.35s
openshift_excluder : Install docker excluder - yum ---------------------- 2.85s
openshift_control_plane : Wait for APIs to become available ------------- 2.83s
openshift_manageiq : Configure role/user permissions -------------------- 2.78s
openshift_ca : Install the base package for admin tooling --------------- 2.22s
openshift_hosted : Create default projects ------------------------------ 2.06s
ansible_service_broker : Create custom resource definitions for asb ----- 1.76s
openshift_node : Update journald setup ---------------------------------- 1.64s
tuned : Restart tuned service ------------------------------------------- 1.63s
tuned : Ensure files are populated from templates ----------------------- 1.60s
openshift_sdn : Copy templates to temp directory ------------------------ 1.60s
real 10m13.010s
user 2m24.527s
sys 0m45.295s
[zaki@okd-manager openshift-ansible]$
うまくいった。
途中で警告でてるけど、NFSは推奨されてないのでそのつもりで。
The use of NFS for the core OpenShift Container Platform components is not recommended, as NFS (and the NFS Protocol) does not provide the proper consistency needed for the applications that make up the OpenShift Container Platform infrastructure.
podとpvの状態
[zaki@okd-master ~]$ oc get pod NAME READY STATUS RESTARTS AGE docker-registry-1-7vzqn 1/1 Running 0 11m registry-console-1-n7ctw 1/1 Running 0 11m router-1-ncdfz 1/1 Running 0 11m [zaki@okd-master ~]$ oc get pvc NAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE registry-claim Bound registry-volume 10Gi RWX 12m [zaki@okd-master ~]$ oc get pv NAME CAPACITY ACCESS MODES RECLAIM POLICY STATUS CLAIM STORAGECLASS REASON AGE registry-volume 10Gi RWX Retain Bound default/registry-claim 12m [zaki@okd-master ~]$
うごいてる。
レジストリにpushできるか確認
適当なpodをビルドしてpushできるか確認してみましょう。
以下、masterノードで作業
ファイル作成
Dockerfile
FROM httpd:2.4 COPY index.html /usr/local/apache2/htdocs/index.html
index.html
<h1>カレーは粉でできてるのでカロリーゼロ</h1>
ビルド
作業用プロジェクト作成
OpenShiftデプロイ直後のmasterノードは、system:adminでログインしてる状態なので、そのまま使う。
で、作業用のプロジェクト作成
[zaki@okd-master apache-pod]$ oc new-project sample-server
Now using project "sample-server" on server "https://okd-master.esxi.jp-z.jp:8443".
You can add applications to this project with the 'new-app' command. For example, try:
oc new-app centos/ruby-25-centos7~https://github.com/sclorg/ruby-ex.git
to build a new example application in Ruby.
[zaki@okd-master apache-pod]$
あ、そういえばS2Iもあとで試そう…
ビルド
さっきのDockerfileとindex.htmlがあるディレクトリで
[zaki@okd-master apache-pod]$ ls Dockerfile index.html [zaki@okd-master apache-pod]$
[zaki@okd-master apache-pod]$ oc new-build --strategy=docker --binary --name=webserver
warning: Cannot find git. Ensure that it is installed and in your path. Git is required to work with git repositories.
* A Docker build using binary input will be created
* The resulting image will be pushed to image stream tag "webserver:latest"
* A binary build was created, use 'start-build --from-dir' to trigger a new build
--> Creating resources with label build=webserver ...
imagestream.image.openshift.io "webserver" created
buildconfig.build.openshift.io "webserver" created
--> Success
[zaki@okd-master apache-pod]$
これでwebserverという名前のBuildConfigができる
[zaki@okd-master apache-pod]$ oc get bc NAME TYPE FROM LATEST webserver Docker Binary 0 [zaki@okd-master apache-pod]$
webserverのビルド
[zaki@okd-master apache-pod]$ oc start-build webserver --from-dir=. --follow Uploading directory "." as binary input for the build ... Uploading finished build.build.openshift.io/webserver-1 started Receiving source from STDIN as archive ... Step 1/4 : FROM httpd:2.4 ---> d4a061d58465 Step 2/4 : COPY index.html /usr/local/apache2/htdocs/index.html ---> Using cache ---> 94580c60bac8 Step 3/4 : ENV "OPENSHIFT_BUILD_NAME" "webserver-1" "OPENSHIFT_BUILD_NAMESPACE" "sample-server" ---> Running in ae98f70bc632 ---> 4ec30d30459e Removing intermediate container ae98f70bc632 Step 4/4 : LABEL "io.openshift.build.name" "webserver-1" "io.openshift.build.namespace" "sample-server" ---> Running in 80e429d4553a ---> f0a8de8fdbbf Removing intermediate container 80e429d4553a Successfully built f0a8de8fdbbf Pushing image docker-registry.default.svc:5000/sample-server/webserver:latest ... Pushed 0/6 layers, 8% complete Pushed 1/6 layers, 25% complete Pushed 2/6 layers, 39% complete Pushed 3/6 layers, 60% complete Pushed 4/6 layers, 79% complete Pushed 5/6 layers, 89% complete Pushed 6/6 layers, 100% complete Push successful [zaki@okd-master apache-pod]$
これでビルド用のpodがCompletedで終了する。
[zaki@okd-master apache-pod]$ oc get pod NAME READY STATUS RESTARTS AGE webserver-1-build 0/1 Completed 0 43s [zaki@okd-master apache-pod]$
ビルドして生成されたイメージはregistry podへpushされ、ImageStreamにそのアドレスが設定される。
[zaki@okd-master apache-pod]$ oc get is
NAME DOCKER REPO TAGS UPDATED
webserver docker-registry.default.svc:5000/sample-server/webserver latest 49 seconds ago
[zaki@okd-master apache-pod]$
[zaki@okd-master apache-pod]$ oc get is webserver -o jsonpath='{.status.tags[0].items[0].dockerImageReference}'
docker-registry.default.svc:5000/sample-server/webserver@sha256:fb1e5498de7eba7677e50b9e7642b1c28e5308ab282063dc849ecdc1777d8284
全体はoc get is webserver -o yamlとかで見てね。
この時点でregistryにイメージはpush済みなので、NFS側のファイルを確認してみる。
[zaki@okd-manager openshift-ansible]$ ls -al /exports/nfs/registry/ 合計 0 drwxrwxr-x. 3 root root 20 11月 23 16:52 . drwxrwxr-x. 3 root root 22 11月 23 13:44 .. drwxr-xr-x. 3 1000000000 root 22 11月 23 16:52 docker [zaki@okd-manager openshift-ansible]$ ls -al /exports/nfs/registry/docker/ 合計 0 drwxr-xr-x. 3 1000000000 root 22 11月 23 16:52 . drwxrwxr-x. 3 root root 20 11月 23 16:52 .. drwxr-xr-x. 3 1000000000 root 16 11月 23 16:52 registry [zaki@okd-manager openshift-ansible]$
registry podが使ってるpv(NFS)にイメージのデータが保存されてる。
(とりあえずこの時点で目的は果たした)
デプロイ(失敗)
ついでなのでビルドしたpodをデプロイしてみる。
[zaki@okd-master apache-pod]$ oc new-app webserver
warning: Cannot find git. Ensure that it is installed and in your path. Git is required to work with git repositories.
--> Found image f0a8de8 (About a minute old) in image stream "sample-server/webserver" under tag "latest" for "webserver"
* This image will be deployed in deployment config "webserver"
* Port 80/tcp will be load balanced by service "webserver"
* Other containers can access this service through the hostname "webserver"
* WARNING: Image "sample-server/webserver:latest" runs as the 'root' user which may not be permitted by your cluster administrator
--> Creating resources ...
deploymentconfig.apps.openshift.io "webserver" created
service "webserver" created
--> Success
Application is not exposed. You can expose services to the outside world by executing one or more of the commands below:
'oc expose svc/webserver'
Run 'oc status' to view your app.
[zaki@okd-master apache-pod]$
[zaki@okd-master apache-pod]$ oc get pod NAME READY STATUS RESTARTS AGE webserver-1-build 0/1 Completed 0 2m webserver-1-deploy 1/1 Running 0 12s webserver-1-vkj4m 0/1 CrashLoopBackOff 1 6s [zaki@okd-master apache-pod]$
あれ?なぜ…
そういうときはoc describeする。
[zaki@okd-master apache-pod]$ oc describe pod webserver-1-vkj4m Name: webserver-1-vkj4m Namespace: sample-server Priority: 0 PriorityClassName: <none> : : Events: Type Reason Age From Message ---- ------ ---- ---- ------- Normal Scheduled 1m default-scheduler Successfully assigned sample-server/webserver-1-vkj4m to okd-node2.esxi.jp-z.jp Normal Pulling 38s (x4 over 1m) kubelet, okd-node2.esxi.jp-z.jp pulling image "docker-registry.default.svc:5000/sample-server/webserver@sha256:fb1e5498de7eba7677e50b9e7642b1c28e5308ab282063dc849ecdc1777d8284" Normal Pulled 38s (x4 over 1m) kubelet, okd-node2.esxi.jp-z.jp Successfully pulled image "docker-registry.default.svc:5000/sample-server/webserver@sha256:fb1e5498de7eba7677e50b9e7642b1c28e5308ab282063dc849ecdc1777d8284" Normal Created 38s (x4 over 1m) kubelet, okd-node2.esxi.jp-z.jp Created container Normal Started 38s (x4 over 1m) kubelet, okd-node2.esxi.jp-z.jp Started container Warning BackOff 11s (x7 over 1m) kubelet, okd-node2.esxi.jp-z.jp Back-off restarting failed container [zaki@okd-master apache-pod]$
イメージのpullは問題なさそう。
じゃあpodのログを見てみよう。
[zaki@okd-master apache-pod]$ oc logs webserver-1-vkj4m AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 10.130.0.5. Set the 'ServerName' directive globally to suppress this message (13)Permission denied: AH00072: make_sock: could not bind to address [::]:80 (13)Permission denied: AH00072: make_sock: could not bind to address 0.0.0.0:80 no listening sockets available, shutting down AH00015: Unable to open logs [zaki@okd-master apache-pod]$
あー、、、、DockerHubの標準のhttpdコンテナイメージ使ったから、コンテナ内のhttpdサーバが80番ポートで起動しようとしてるけど、OpenShiftだと特権ユーザでコンテナのプロセスは動かないからListenできずに失敗してるのね。。(一般ユーザが動かすプロセスが1024以下のポートをListenできない状態)
まぁ確認したいこと(pvへイメージpush)とエラーの原因はわかったので今回はここまで…
