I can deploy a new app following command from OpenShift Container Platform Command Line Interface (oc CLI)
//oc new-app --docker-image=<docker-registry-host>:<registry-port>/<image-name:version> --name=customer --insecure-registry=true
$ oc new-app --docker-image=174.24.100.52:8438/spring-customer:v1 --name=customer --insecure-registry=true
It is OK, but I want to deploy from OpenShift web console and then go through AddProject>>deploy image section.
When Firstly I select image name radio button and then typed in the box the following 174.24.100.52:8438/spring-customer:v1
I have an error like this:
Internal error occurred: Get https://172.24.100.50:8448/v2/: Tunnel or
SSL Forbidden
The image may not exist or it may be in a secure registry. Check that
you have entered the image name correctly or create an image pull
secret with your image registry credentials and try again.
Related
I am trying to deploy Gitlab source code OpenShift. But I am facing an issue. Though in Gitlab pipeline it is successful. It keeps talking about the unauthorized error.
My expected output is to have deployment on OpenShift [Error message] (https://i.stack.imgur.com/CBBzO.png)
The error indicates that the Deployment Pod is unable to pull the specified image.
It appears your Deployment is in the namespace roks-test-demo-project while the image your are trying to pull is in the oc-custom-dev namespace. In order for a Deployment in one namespace to pull an image from another, the Deployment's service account must be authorized to do so.
See the OpenShift documentation for how to achieve this.
In your case, assuming your Deployment is running as the default service account:
$ oc policy add-role-to-user \
system:image-puller system:serviceaccount:roks-test-demo-project:default \
--namespace=oc-custom-dev
If your Deployment is running as a non-default service account, replace default with that service account name in the above command.
I'm trying to build a new app by using a docker image from the book Devops With OpenShift
so as per the content from the book page 19
the command is
oc new-app devopswithopenshift/welcome:latest --name=myapp
so the devopswithopenshift/welcome:latest needs to be firstly built and pushed to the docker hub.
I pulled the GIT code from https://github.com/devops-with-openshift/welcome
and ran the command C:\Docker\welcome\foo>docker build -t welcome .
Here is the response
failed to solve with frontend dockerfile.v0: failed to create LLB definition: pull access denied, repository does not exist or may require authorization: server message: insufficient_scope: authorization failed
When i looked into the Dockerfile
It has FROM welcome/ops:latest
so it is trying to pull welcome/ops which is not there in the registry can the authors help resolve this
Thanks
K.ThulsiDoss
Thanks for the response .Here is what i did to get going so that users can benefit from the clarifications.
1.My env is windows (client ) and open shift is on RHEL cluster .In my win env i have Git ,OC client installed & docker (win10 ) installed
2.Downloaded the book code into my git dir
3.The important thing is that i logged onto docker with my credentials on the terminal
'''
e.g docker login -- --password on the terminal where i had extracted the code.
'''
4.I then logged onto the OC cluster e.g
'''
oc login --token= --server=https://xyzopenshift.os.fyre.ibm.com:6443
How can I create and use the imagestream of jboss webserver in openshift origin ?
Image yaml available in this link. I see that it is automatically built with openshift enterprise version (link) . but why not in origin ?
Thanks.
I expected it to pull itself the image during build but did not happen.
D:\docker\apps>oc new-build --image-stream=jboss-webserver31-tomcat7-openshift:1.1 --name=newapp --binary=true
warning: Cannot find git. Ensure that it is installed and in your path. Git is required to work with git repositories.
error: unable to locate any images in image streams with name "jboss-webserver31-tomcat7-openshift:1.1"
The 'oc new-build' command will match arguments to the following types:
1. Images tagged into image streams in the current project or the 'openshift' project
- if you don't specify a tag, we'll add ':latest'
2. Images in the Docker Hub, on remote registries, or on the local Docker engine
3. Git repository URLs or local paths that point to Git repositories
--allow-missing-images can be used to force the use of an image that was not matched
See 'oc new-build -h' for examples.
So I tried to create the import yaml in webconsole but got below error with yaml.
Failed to process the resource.
Resource is missing kind field.
Got it. Apparently one has to be logged in redhat
oc import-image my-jboss-webserver-3/webserver31-tomcat7-openshift --from=registry.access.redhat.com/jboss-webserver-3/webserver31-tomcat7-openshift --confirm
I try to learn about Open Shift, how it works, how to run apps, build images etc.
To start with something, which I thought will be rather simple, I decided to run a pod with pure centos7 OS, based on this image. I installed locally minishift v1.11.0+4459917, I created a new project, and performed command:
oc new-app openshift/base-centos7 in this project. As a result I received the following message:
--> Found Docker image bb81a09 (11 months old) from Docker Hub for "openshift/base-centos7"
* An image stream will be created as "pon3:latest" that will track this image
* This image will be deployed in deployment config "pon3"
* The image does not expose any ports - if you want to load balance or send traffic to this component
you will need to create a service with 'expose dc/pon3 --port=[port]' later
* WARNING: Image "openshift/base-centos7" runs as the 'root' user which may not be permitted by your cluster administrator
--> Creating resources ...
imagestream "pon3" created
deploymentconfig "pon3" created
--> Success
Run 'oc status' to view your app.
As I can see in the warning this image runs as root, which is clearly not a good practice, but it may be worked around, as described here and here. I tried both approaches - I have created a new service account with anyuid scc, and I assigned anyuid scc to default sa. Unfortunately I'm still not able to run a pod based on this image. The result looks like this:
oc get pods
mycentos-1-deploy 1/1 Running 0 32s
mycentos-1-p1vh5 0/1 CrashLoopBackOff 1 30s
I try to troubleshoot this way:
oc logs -p mycentos-1-p1vh5
This image serves as the base image for all OpenShift v3 S2I builder images.
It provides all essential libraries and development tools needed to
successfully build and run an application.
To use this image as a base image, you need to have 's2i/bin' directory in the
same directory as your S2I image Dockerfile. This directory should contain S2I
scripts.
This base image also provides the default user you should use to run your
application. Your Dockerfile should include this instruction after you finish
installing software:
USER default
The default directory for installing your application sources is
'/opt/app-root/src' and the WORKDIR and HOME for the 'default' user is set
to this directory as well. In your S2I scripts, you don't have to use absolute
path, but rather rely on the relative path.
To learn more about S2I visit: https://github.com/openshift/source-to-image
Additionally I tried to troubleshoot with oc adm diagnostics but to be honest I didn't see anything relevant to this issue.
I'm clearly missing something here. Can someone give me a hint how this should be handled or how can I try to troubleshoot this? Is there a different way to run pure centos OS?
Thank you for any help.
You need the image you want to deploy using oc new-app to have an actual application in it. The openshift/base-centos7 image is a base image only on which other images are built and doesn't have an application in it.
If you just want to spin up a container and be presented with a shell environment in which you can play in use the oc run command instead.
OpenShift isn't like a traditional VPS where you just spin up permanent shell environments which you then access to set up your application manually. The idea is that you build your application into an image and deploy the application.
I would suggest you go read:
https://www.openshift.com/promotions/for-developers.html
https://www.openshift.com/promotions/devops-with-openshift.html
and work through the exercises at:
https://learn.openshift.com
to learn more about what OpenShift is and how to use it.
What do I provide for the server URL in the oc login tool, when using the OpenShift PaaS?
I'm trying to migrate my OpenShift Online v2 app to v3, following the instructions for PHP apps linked to from OpenShift's Migration Center. That page says to run something following the pattern oc new-app https://github.com/<github-id>/<repo-name>.git --name=<app-name> -e <ENV_VAR_NAME>=<env_var_value>. After tracking down a download for oc (which wasn't easy), I tried running that command with my repo URL*; this results in:
$ oc new-app https://USERNAME#bitbucket.org/USERNAME/PROJECTNAME.git --name=PROJECTNAME
error: Missing or incomplete configuration info. Please login or point to an existing, complete config file:
1. Via the command-line flag --config
2. Via the KUBECONFIG environment variable
3. In your home directory as ~/.kube/config
To view or setup config directly use the 'config' command.
Not knowing what subcommand of oc config to use, I searched and found Get Started with the CLI, which says to use oc login to start the configuration process. But when I run that, I get:
Server [https://localhost:8443]:
What do I provide for the URL here, when using the OpenShift PaaS (i.e. not a local installation)? I've tried things like https://openshift.com/ and the URL of my web app, but both of them result in
error: The server was unable to respond - verify you have provided the correct host and port and that the server is currently running.
* I decided to use Bitbucket instead of GitHub; I'm not sure if this is unsupported, or (if it's supported) whether I should be providing USERNAME#bitbucket.org.
It is right over there in the web console.
Click on (?) help icon right beside your user name on top right corner. Select 'Command Line Tool' from the drop down menu.
Alternatively, it is there in the URL :
http://<openshift url>/console/command-line
e.g. it is mentioned on the below URL for me:
https://console.starter-ca-central-1.openshift.com/console/command-line
Hope it helps.
In the RedHat OpenShift Online web console, click on the (?) help icon right beside your user name in the top right corner. Select 'Command Line Tools' from the drop down menu.
A pop-up window appears with a section "oc - OpenShift Command Line Interface (CLI)", and there's a link for Copy Login Command. Click that and it takes you to a page like
https://oauth-openshift.apps.ca-central-1.starter.openshift-online.com/oauth/token/display?code=Ge.....
(You may be prompted at this point to log into the Redhat Portal, do that if necessary.)
The page will then show the text
Display Token
Click Display Token
It will show output similar to this:
Log in with this token
oc login --token=... --server=https://api.ca-central-1.starter.openshift-online.com:6443
On the web console, click in your profile and then you can see "copy Login command" like this:
Then you just click on it and do it again on the button "Display token" in the new browser tab. Here is what your token looks like:
I just tried actually signing up for an OpenShift v3 Starter plan (which I hadn't done before because I didn't want to get ahead of myself, and the migration guide hadn't said to do so yet). That course of action did give me access to the "Command Line Tools" menu item under the ? menu, which gives the command line as oc login https://api.starter-us-east-1.openshift.com --token=<hidden>. (The hidden token is copied to the clipboard if you click the clipboard icon to the right of that line.)
I created an account for OpenShift v3 Starter plan.
Then I installed OC Tool available here.
I created a project called spike1 on US west.
Finally when running oc login and set Server URL to https://console.starter-us-west-1.openshift.com/
Hope this helps.
Once you create a project in public OpenShift. It redirect to my console
starter-us-west-1.openshift.com/console/
If you wana login to openshift using CLI.
command is
oc login https://console.starter-us-west-1.openshift.com