Grant, this video plus the companion on creating an SSL certificate with letsencrypt are totally fabulous. This kind of great tech and excellent people is why IBM spend $34 billion dollars to invest in being the best Hybrid Cloud vendor on the planet with Red Hat!
Excellent & fast-paced understanding of OKD Installation. Now, I'm a typical linux system admin & would like to know where should I see myself to learn RedHat Openshift, Docker & Kubernetes Services. Specifically, I'd like to know what is the typical role of a typical system administrator working on RHEL/CentOS. Please Guide. The installation is very straightforward & can be implemented within 30 minutes. Here, I'd like to know how the openshift can be accessible under a private subnet with a private GIT Repository.
Thanks very much for this, it's really helpful. My installs also experience the FAILED - RETRYING delay during the console verification. I assumed that was normal because I've always seen it, no matter how I've installed OpenShift - using your scripts, using Ansible directly, in my home VMWare VM, in a GCP VM ( all with CentOS 7). You're not the only one.
Thank you so much for the wonderful video and installer script. one quick questions here, How do we change the hostname? I'm using AWS EC2 instance. I'm not attaching elastic IP since I'm doing it for POC.
thanks, @gshipley, I was able to set up the openshit but metrics are still not working. getting "Image Pull Back-off" status can please help with this issue.
Hello. I got the same issue that you showed in minute 14.50 in this video. I did exactly what you show, with the only difference that the CentOS server is on AWS and the username I used for OpenShift was also root
Hi Grant, How do we do this install for internal only purposes ( i.e. for a home server/lab ). What steps do/don't we need when there is no need to access via external internet?
I tried many times but at the end I always get "FAILED - RETRYING: Wait for all control plane pods to become ready", searching in /var/log/messages I found errors related to Docker and firewall, many messages similar to "WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -t nat -D OUTPUT -m addrtype --dst-type LOCAL..." It appears to be a problem between Docker Network manager and the FirewallD Service. When the installation finish also I get messages like these: "Unable to update cni config: No networks found in /etc/cni/net.d" and "Container runtime network not ready: NetworkReady=false". Finally when I try to log into the console I get 503 HTTP Status. I tried the installation several times, doing the same steps that are in your shell but I've not have success. Thanks for share your knowledge, your work is great!!
To configure your certificate put the following inside your inventory files under [OSEv3:vars] # Cert openshift_master_overwrite_named_certificates=true openshift_master_named_certificates=[{"certfile": "/etc/path-to/cert.pem", "keyfile": "/etc/path-to/key.pem", "names": ["console.okd.domain.io"], "cafile": "/etc/path-to/ca.cer"}] openshift_hosted_router_certificate={"certfile": "/etc/path-to/cert.pem", "keyfile": "/etc/path-to/key.pem", "cafile": "/etc/path-to/ca.cer"} If you setup your cert the first time, you must run the following playbook: /usr/share/ansible/openshift-ansible/playbooks/deploy_cluster.yml For renewal, the following is enough, but only if the domain name don't change: /usr/share/ansible/openshift-ansible/playbooks/redeploy-certificates.yml
@@vivahernando1 Well, openstack and openshift was deployed on Linux, so it's better work in kvm in order to follow the native hypervisor that will help to increase a better performance, less cost, etc... www.rippleweb.com/vmware-vs-kvm/
I disagree. VirtualBox is much more pervasive and this is to demo how to install OKD as simply as possible so that people can become familiar with it. Once ppl get comfortable with this they can more easily migrate to whatever other options they would like to use going forward.
Very cool Grant thank you! BTW.. I noticed your script ask for domain, and seems to apply a prefix of console automatically. I'm deploying to an actual host in a VM farm so I'm expecting to have to reconfigure that in /etc/hosts.. not sure what else you use it fer so I updated the /etc/hosts and master_config.yaml with the correct URL but it's still directing me to console.host.domain. EOD here so I'll check it more tomorrow but if you know where else to update that please let me know. Thanks!
Thanks for video, i am trying to deploy openshift as per this video, but unable to get metrics to work. Does this support for metrics configuratiuon? could you please help out on this.
It does, the metrics and logging are disabled unless you have 4G (metrics) and 8G (logging). Look at the install script, there's if statements checking and then enabling/disabling based on the criteria.
I have all the RAM available. Although I solved the problem by changing the Image version for Hawkular, Heapster and cassandra from v3.10 to v3.9. Sorry for not posting the comment about it earlier.
Same problem here, this is your solution in the inventory file? openshift_metrics_cassandra_image=v3.10 openshift_metrics_hawkular_metrics_image=v3.10 openshift_metrics_heapster_image=v3.10 I dont know if is possible change version in other way.
Why it is so hard to find proper setup instructions for RAID and partitioning schemes for CentOS OpenShift host? What RAID to use, what settings, what partitions with what file systems to create. Everybody starts only on VMs with no underlying configuration. Even in official OpenShift documentation i can't find this information. There also are bunch of underlying OS configurations to tweak with for network latency, IO performance, CPU cycles optimization, and so on. Where are those instructions in context for OpenShift environment. Basically, good/best practices to prepare bare hardware and CentOS before installing OpenShift.
Sorry for the late reply as i hardly ever check youtube comments. We have several ref archs for installing openshift. If not of those fit your needs as per your comment, please email me and I can get that fixed.
I keep getting the below error error: dial tcp My IP:8443: connect: connection refused - verify you have provided the correct host and port and that the server is currently running. And I did provide ethe correct IP and hostname
hi , i have test the same install , but problem with the console : console.marc.XX.XX:8443 never launch white page , don't really understand , install with centos 7 { "kind": "Status", "apiVersion": "v1", "metadata": {}, "status": "Failure", "message": "forbidden: User \"system:anonymous\" cannot get path \"/v1/\": User \"system:anonymous\" cannot \"get\" on \"/v1/\"", "reason": "Forbidden", "details": {}, "code": 403 }
version 3.11 have error error: Missing or incomplete configuration info. Please login or point to an existing, complete config file: 1. Via the command-line flag --config 2. Via the KUBECONFIG environment variable 3. In your home directory as ~/.kube/config
Thanks for the video, everything works with the exception of accessing the demoproject - phptest-demoproject.apps..com returns "server IP address could not be found" - I have a GoDaddy CNAME record * pointing to apps.console and accessing the default web interface works great. I have read that I might need the PRO edition of OpenShift - is this correct or am I missing a configuration step? My Centos VM is hosted in Azure if that makes a difference. Thanks
Hello, thank you for video according the openshift github the latest release of ansible for centos is 2.7 and openshift-origin does not support 2.7 they wrote that errors "waiting for console" will not appears with ansible 2.6.5
Wow thanks for the great great great Tutorial! - Actually i try to install it on a internal Network with no connection from outside into my network (outgoing is thru Proxy). how can i configure it to run just internally with no port forwarding from the Internet to my VM. PS. i have an internal DNS and just want to use my local hostname for accessing the console.
@@gshipley21 Thanks for your Input. Helped me one step further. unfortunately i run always in to a certificate error: "x509: certificate signed by unknown authority" actually on step ( error when creating "oc_vol.yaml":Post xwhatever ) . will look forward if i can fix this. thank you! :)
fatal: [172.31.1.70]: FAILED! => { "assertion": "openshift_release in openshift_image_tag", "changed": false, "evaluated_to": false, "msg": "openshift_image_tag must match same major version as openshift_release. You provided: 3.11 and v4.0.0 "
Thanks for video. Great job. I have a problem: At th-cam.com/video/ZkFIozGY0IA/w-d-xo.html (time 18:49) I get "error: fatal: unable to access 'github.com/gshipley/simplephp.git/': Peer's certificate issuer has been marked as not trusted by the user". How I can fix this error, please?
Hello Grant, thanks for the video and all the scripts and Ansible playbooks put together. I keep on having a problem when the process gets to the part of verifying that the Catalog API Server is running. It retries for 60 times and fails with a message "fatal: [172.16.1.218]: FAILED! => {"attempts": 60, "changed": false, "cmd": ["curl", "-k", "apiserver.kube-service-catalog.svc/healthz"], "delta": "0:02:07.410957", "end": "2019-03-27 02:01:45.790152", "msg": "non-zero return code", "rc": 7, "start": "2019-03-27 01:59:38.379195", "stderr": " % Total % Received % Xferd Average Speed Time Time Time Current ..." Not sure what the problem is, I have retried several times without getting rid of this error. Any advise?
thanks, @gshipley, I was able to set up the openshit but metrics are still not working. getting "Image Pull Back-off" status can please help with this issue.
Grant, this video plus the companion on creating an SSL certificate with letsencrypt are totally fabulous. This kind of great tech and excellent people is why IBM spend $34 billion dollars to invest in being the best Hybrid Cloud vendor on the planet with Red Hat!
Thanks Tony, I appreciate it.
Excellent & fast-paced understanding of OKD Installation. Now, I'm a typical linux system admin & would like to know where should I see myself to learn RedHat Openshift, Docker & Kubernetes Services. Specifically, I'd like to know what is the typical role of a typical system administrator working on RHEL/CentOS.
Please Guide.
The installation is very straightforward & can be implemented within 30 minutes. Here, I'd like to know how the openshift can be accessible under a private subnet with a private GIT Repository.
so how to add additional nodes?
Almost a week trying to find a way to install okd 3.11 for lab porposes, thanks a lot.
Thanks very much for this, it's really helpful. My installs also experience the FAILED - RETRYING delay during the console verification. I assumed that was normal because I've always seen it, no matter how I've installed OpenShift - using your scripts, using Ansible directly, in my home VMWare VM, in a GCP VM ( all with CentOS 7). You're not the only one.
Great! Looking for same installation guide but for OKD 4.5
Gracias Al Sr. Gaston que me paso este video! Genio. por cierto, excelente Video!
Please do a SSL cert tutorial with Lets Encrypt - Thank you, Great Tutorial
Under servingInfo in master-config.yaml, you can add:
servingInfo:
bindAddress: 0.0.0.0:8443
bindNetwork: tcp4
certFile: master.server.crt
clientCA: ca.crt
keyFile: master.server.key
maxRequestsInFlight: 500
requestTimeoutSeconds: 3600
namedCertificates:
- certFile: yourcert.cer
keyFile: your_cert.key
names:
- "webui.yourdomain.net"
Your wish is my command: th-cam.com/video/S7HoJ09oYn0/w-d-xo.html
It was very useful. Appreciate your efforts.
thanks!
Hi dude, we can configure OKD 3.11 with SSL on AWS Load Balancer with 1 master + 1 node.
Thank you so much for the wonderful video and installer script. one quick questions here, How do we change the hostname? I'm using AWS EC2 instance. I'm not attaching elastic IP since I'm doing it for POC.
thanks, @gshipley, I was able to set up the openshit but metrics are still not working. getting "Image Pull Back-off" status can please help with this issue.
What differences would we see if we try this on rhel, if any?
How are you configuring your domain, so that you can access it also from your intranet?
Thanks, Grant. Good and clear.
Hi minimal memory that works?
Hello. I got the same issue that you showed in minute 14.50 in this video. I did exactly what you show, with the only difference that the CentOS server is on AWS and the username I used for OpenShift was also root
Grant, tried the script a few times now - terminated and created a new VM every time .. but still getting that error. No luck today I guess
Thank you for that video. it seems like there are no metrics after the installation. please how to solve that issue?
HI! Thx for script. When i try using it i have lot of more errors about creating volumes and etc. I try install 3.11 . Can you help correct it?
Hi Grant, How do we do this install for internal only purposes ( i.e. for a home server/lab ). What steps do/don't we need when there is no need to access via external internet?
To install for a home server lab, use th xip.io defaults
Great video! Is there a way to configure a multiple node install using your installcentos procedure?
I will start working on that this weekend.
@@gshipley21 +1 for multi node setup
+1, Grant Shipley Is there anything new on this ?
I tried many times but at the end I always get "FAILED - RETRYING: Wait for all control plane pods to become ready", searching in /var/log/messages I found errors related to Docker and firewall, many messages similar to "WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -t nat -D OUTPUT -m addrtype --dst-type LOCAL..." It appears to be a problem between Docker Network manager and the FirewallD Service. When the installation finish also I get messages like these: "Unable to update cni config: No networks found in /etc/cni/net.d" and "Container runtime network not ready: NetworkReady=false". Finally when I try to log into the console I get 503 HTTP Status. I tried the installation several times, doing the same steps that are in your shell but I've not have success. Thanks for share your knowledge, your work is great!!
To configure your certificate put the following inside your inventory files under [OSEv3:vars]
# Cert
openshift_master_overwrite_named_certificates=true
openshift_master_named_certificates=[{"certfile": "/etc/path-to/cert.pem", "keyfile": "/etc/path-to/key.pem", "names": ["console.okd.domain.io"], "cafile": "/etc/path-to/ca.cer"}]
openshift_hosted_router_certificate={"certfile": "/etc/path-to/cert.pem", "keyfile": "/etc/path-to/key.pem", "cafile": "/etc/path-to/ca.cer"}
If you setup your cert the first time, you must run the following playbook:
/usr/share/ansible/openshift-ansible/playbooks/deploy_cluster.yml
For renewal, the following is enough, but only if the domain name don't change:
/usr/share/ansible/openshift-ansible/playbooks/redeploy-certificates.yml
Please do tutorial about ssl certs.
Your wish is my command: th-cam.com/video/S7HoJ09oYn0/w-d-xo.html
is it possible install okd 3.10 offline?
Amazing video and great job, but I recommend for the next time use KVM and not VirtualBox :)
Tok Tokugawa why? many more people run vbox
@@vivahernando1 Well, openstack and openshift was deployed on Linux, so it's better work in kvm in order to follow the native hypervisor that will help to increase a better performance, less cost, etc... www.rippleweb.com/vmware-vs-kvm/
I disagree. VirtualBox is much more pervasive and this is to demo how to install OKD as simply as possible so that people can become familiar with it. Once ppl get comfortable with this they can more easily migrate to whatever other options they would like to use going forward.
Great tutorial. Thanks a lot :)
Very cool Grant thank you! BTW.. I noticed your script ask for domain, and seems to apply a prefix of console automatically. I'm deploying to an actual host in a VM farm so I'm expecting to have to reconfigure that in /etc/hosts.. not sure what else you use it fer so I updated the /etc/hosts and master_config.yaml with the correct URL but it's still directing me to console.host.domain. EOD here so I'll check it more tomorrow but if you know where else to update that please let me know. Thanks!
Thanks for video, i am trying to deploy openshift as per this video, but unable to get metrics to work. Does this support for metrics configuratiuon? could you please help out on this.
Hii, I have the same error with metrics. Did you manage to get it to work?
It does, the metrics and logging are disabled unless you have 4G (metrics) and 8G (logging). Look at the install script, there's if statements checking and then enabling/disabling based on the criteria.
I have all the RAM available. Although I solved the problem by changing the Image version for Hawkular, Heapster and cassandra from v3.10 to v3.9. Sorry for not posting the comment about it earlier.
Same problem here, this is your solution in the inventory file?
openshift_metrics_cassandra_image=v3.10
openshift_metrics_hawkular_metrics_image=v3.10
openshift_metrics_heapster_image=v3.10
I dont know if is possible change version in other way.
No, I changed the yaml file of the metric pod...
Why it is so hard to find proper setup instructions for RAID and partitioning schemes for CentOS OpenShift host? What RAID to use, what settings, what partitions with what file systems to create. Everybody starts only on VMs with no underlying configuration. Even in official OpenShift documentation i can't find this information. There also are bunch of underlying OS configurations to tweak with for network latency, IO performance, CPU cycles optimization, and so on. Where are those instructions in context for OpenShift environment. Basically, good/best practices to prepare bare hardware and CentOS before installing OpenShift.
Sorry for the late reply as i hardly ever check youtube comments. We have several ref archs for installing openshift. If not of those fit your needs as per your comment, please email me and I can get that fixed.
getting an error OC command not found what would be the issue ??
You need to download and install the oc command line tools
I keep getting the below error
error: dial tcp My IP:8443: connect: connection refused - verify you have provided the correct host and port and that the server is currently running. And I did provide ethe correct IP and hostname
Dont use Cloud Flare, dont use subdomain, use only FQDN and also make A record for console sub domain to the same ip
After the virtual machine restarts, the OKD does not start. How to start OKD manually?
There is an init script that you can run.
Thank you
hi , i have test the same install , but problem with the console : console.marc.XX.XX:8443 never launch white page , don't really understand , install with centos 7
{
"kind": "Status",
"apiVersion": "v1",
"metadata": {},
"status": "Failure",
"message": "forbidden: User \"system:anonymous\" cannot get path \"/v1/\": User \"system:anonymous\" cannot \"get\" on \"/v1/\"",
"reason": "Forbidden",
"details": {},
"code": 403
}
Sorry for the late reply but did you figure this out. I rarely check comments.
version 3.11 have error
error: Missing or incomplete configuration info. Please login or point to an existing, complete config file:
1. Via the command-line flag --config
2. Via the KUBECONFIG environment variable
3. In your home directory as ~/.kube/config
I am facing same issue.
Did you find any solution?
@@abhishek4787 The same here. Any solution?
Thanks for the video, everything works with the exception of accessing the demoproject - phptest-demoproject.apps..com returns "server IP address could not be found" - I have a GoDaddy CNAME record * pointing to apps.console and accessing the default web interface works great. I have read that I might need the PRO edition of OpenShift - is this correct or am I missing a configuration step? My Centos VM is hosted in Azure if that makes a difference. Thanks
Hello, thank you for video
according the openshift github the latest release of ansible for centos is 2.7 and openshift-origin does not support 2.7 they wrote that errors "waiting for console" will not appears with ansible 2.6.5
Wow thanks for the great great great Tutorial! - Actually i try to install it on a internal Network with no connection from outside into my network (outgoing is thru Proxy). how can i configure it to run just internally with no port forwarding from the Internet to my VM. PS. i have an internal DNS and just want to use my local hostname for accessing the console.
For this scenario, use the default xip.io domain name.
@@gshipley21 Thanks for your Input. Helped me one step further. unfortunately i run always in to a certificate error: "x509: certificate signed by unknown authority" actually on step ( error when creating "oc_vol.yaml":Post xwhatever ) . will look forward if i can fix this. thank you! :)
fatal: [172.31.1.70]: FAILED! => {
"assertion": "openshift_release in openshift_image_tag",
"changed": false,
"evaluated_to": false,
"msg": "openshift_image_tag must match same major version as openshift_release. You provided: 3.11 and v4.0.0
"
Thanks for video. Great job. I have a problem: At th-cam.com/video/ZkFIozGY0IA/w-d-xo.html (time 18:49) I get "error: fatal: unable to access 'github.com/gshipley/simplephp.git/': Peer's certificate issuer has been marked as not trusted by the user". How I can fix this error, please?
Hello Grant, thanks for the video and all the scripts and Ansible playbooks put together. I keep on having a problem when the process gets to the part of verifying that the Catalog API Server is running. It retries for 60 times and fails with a message
"fatal: [172.16.1.218]: FAILED! => {"attempts": 60, "changed": false, "cmd": ["curl", "-k", "apiserver.kube-service-catalog.svc/healthz"], "delta": "0:02:07.410957", "end": "2019-03-27 02:01:45.790152", "msg": "non-zero return code", "rc": 7, "start": "2019-03-27 01:59:38.379195", "stderr": " % Total % Received % Xferd Average Speed Time Time Time Current
..."
Not sure what the problem is, I have retried several times without getting rid of this error. Any advise?
BTW, I am using a VM on Virtualbox, running CentOS7, and follow pretty much your instructions.
The source files for this video no longer exist. This video is completely useless.
thanks, @gshipley, I was able to set up the openshit but metrics are still not working. getting "Image Pull Back-off" status can please help with this issue.