openshift start build forbidden - openshift

I am trying to create a build and deployment pipeline in OpenShift via Jenkins. I have followed their official tutorial: https://github.com/OpenShiftDemos/openshift-cd-demo
and properly set all policies ( i am using different project names and application but the same strategy ) yet the Jenkins app deployed on cicd project cant start to build in dev project.
Error:
Error from server (Forbidden): buildconfigs.build.openshift.io buildconfig not found though the build is created and can be seen via the web console.
I am using the --from-file instead of --from-dir for binary input.
Please help if any other policies need to be set for the Jenkins service account in cicd project to "start-build" in dev project.

Yes, the Jenkins need to have access to dev project, you can use the following command to give access:
oc policy add-role-to-user edit system:serviceaccount:cicd-tools:jenkins -n example-openshift-dockerfile
cicd-tools: Project jenkins is installed in
example-openshift-dockerfile: Project that will be changed by Jenkins

Related

Open shift build config vs jenkinsfile

We are using OpenShift. I have a confusion between buildconfig file vs jenkinsfile. Do we need both of them or one is sufficient. I have seen examples where in jenkinsfile docker build is defined using buildconfig file. In some cases buildconfig file is using jenkinsfile as the build strategy. Can some one please clarify on this
BuildConfig is the base type for all builds, there are different build strategies that can be used in a build config, by running oc explain buildconfig.spec.strategy you can see them all. If you want to do a docker build you use the dockerStrategy, if you want to build from source code using source2image you specify the sourceStrategy.
Sometimes you have more complex needs than simply running a build with an output image, let's say you want to run the build, wait for that image to be deployed to some environment and then run some automated GUI tests. In this case you need a pipeline. If you want to trigger and configure this pipeline from the OpenShift Web Console you would use the jenkinsPipelineStrategy in your BuildConfig. In the OpenShift 3.x web console such BuildConfigs are presented as Pipelines and not Builds even though they are all really BuildConfigs.
Any BuildConfig with the jenkinsPipelineStrategy will be executed by the Jenkins Build Server running inside the project. That Jenkins instance could also have other pipelines that are not mapped or visible in the OpenShift Web Console, there does not need to be a BuildConfig for every Jenkinsfile if you don't see the benefit of them appearing in the OpenShift Web Console.
The difference of running builds inside a Jenkinsfile and a BuildConfig with some non-jenkinsfile-strategy is that the build is actually executed inside the jenkins build agent rather than a normal OpenShift build pod.
At our company we utilize a combination of jenkinsFile pipelines and BuildConfigs with the sourceStrategy. Instead of running builds in our Jenkinsfile pipelines directly inside the Jenkins build agent we let the pipeline call the OpenShift API and tell it to execute the BuildConfig with sourceStrategy. So basically we still use s2i for building the images but the Jenkinsfile as our CI/CD pipeline engine. You can find some examples of this at https://github.com/openshift/jenkins-client-plugin.

Run docker container on OpenShift from Nexus unsecure private registry

I'm trying to run a containerized app which is stored in Nexus docker hosted on url 12.23.34.55:8086
I'm trying to run it on my Openshift Cluster, but I'm getting error. Commands I'm using to run
oc create secret docker-registry mysecret --docker-server=http://12.23.34.55/ --docker-username=aditya --docker-password=aditya --docker-email=aditya#example.org
oc secrets link default mysecret --for=pull
My nexus is running on http://12.23.34.55:8081
Now I'm using command to launch in OpenShift using below command.
oc new-app 12.23.34.55:8085/mytestapp:11 --insecure-registry=true
as per $ oc new-app myregistry:5000/example/myimage
https://docs.openshift.com/container-platform/4.1/applications/application_life_cycle_management/creating-new-applications.html
But it does not work, it asks for password and not able to deploy from console too, can anyone help me with exact commmand.
Creating the secret is not enough for OpenShift to be able to pull from the registry. You still need to link that secret as well.
Take a look at the official documentation here:
https://docs.openshift.com/container-platform/4.1/openshift_images/managing_images/using-image-pull-secrets.html#images-allow-pods-to-reference-images-from-secure-registries_using-image-pull-secrets
Okay! I found an answer, so using private registry first we should import image using
oc import name url/imagename:tag
then we can create new app with the same
oc new app name

Deploying Code and Managing configuration with Terraform

Just to give context:
I am planning to use Terraform to bring up new separate environments with ec2 machines, elb etc. and then maintaining configuration as well.
Doing that with terraform and using AWS provider sounds fairly simple.
Problem 1:
While launching those instances I want to install few packages etc. so that when Terraform launches the instances (servers) things/ apps should be up and running.
Assuming the above is up and running:
Problem 2:
How do I deploy new code on the servers in this environment launched by Terraform?
Should I use for eg. ansible playbooks/chef recipes/puppet manifests for that? or Terraform gives some other options/ways?
Brief answers:
Problem 1: While launching those instances I want to install few packages etc. so that when Terraform launches the instances (servers) things/ apps should be up and running.
A couple of options:
Create an AMI of your instance with the installed packages and specify that in the resource.
Use the user data script to install the packages that you need when the instance starts.
Use ansible playbooks/chef recipes/puppet to install packages once the instance is running (e.g. creating an opsworks stack with terraform)
Problem 2: How do I deploy new code on the servers in this environment
launched by Terraform? Should I use for eg. ansible playbooks/chef
recipes/puppet manifests for that? or Terraform gives some other
options/ways?
Not the intended use case for terraform, use other tools like jenkins or aws services like codepipeline or codedeploy. Ansible/chef/puppet can also help (e.g. with opsworks)

How to add git repository, using Azure CLI to the app?

I am using Azure cli. I have created app by using azure cli command. azure site create $SITENAME --location $LOCATION --hostname $HOSTNAME -s $SUBSCRIPTIONID.
Now i want to connect it with my git account using Azure CLI.
If you use the new CLI 2.0 (https://github.com/Azure/azure-cli) you should be able to use the following command:
az appservice web source-control config-local-git -g {group} -n {webapp name}
git remote add azure https://<deploy_user_name>#MyApp.scm.azurewebsites.net/MyApp.git
If this doesn't work for your scenario, please post a feature request to our repo.
If you wish to customize continious deployment, I'm afraid there is no way to use Azure CLI in this case now.
Please use Azure web-portal to do it - details are here
You can also use Visual Studio Team Services and have the compile website, and then execute your ARM template, through release management to update environment.

${Env.CATALINA_HOME} does not exit in openshift

I have a question which is related to openshift online and I am using a Tomcat7 cartridge,Mysql5.5 and Ant Cartridge 0.1.And I am trying to deploy OpenGTS project to openshift but when I open a SSH session and I try to run this command "ant all" it shows that "BUILD FAILED
/var/lib/openshift/568e35812d52717d1f000122/app-root/runtime/repo/build.xml:66:
/var/lib/openshift/568e35812d52717d1f000122/app-root/runtime/repo/${Env.CATALINA_HOME} does not exit"
I am worry about that,I deleted the tomcat application and created again but it is showing same error.please help me.thanks.
Make sure <property environment="env"/> is present at the top of the script.
Also CATALINA_HOME environment variable is defined in the system.
Use ${env.CATALINA_HOME} instead of ${Env.CATALINA_HOME}.