OpenShift Origin on VPS like Scaleways

OpenShift Origin on Scaleways is relatively easy. There does need to be some configuration done to the routing and hostname due to how Scaleways sets up it’s network though.

Create a new x86_64 server based on CentOS image. OpenShift Origin does require a Red Hat based Linux OS such as CentOS to work.

Install Docker, add insecure registry required by openshift to Docker, and reload the Docker daemon.

yum install -y docker
echo "INSECURE_REGISTRY='--insecure-registry 172.30.0.0/16'" >> /etc/sysconfig/docker
echo '{' > /etc/docker/daemon.json
echo '"storage-driver": "overlay2"' >> /etc/docker/daemon.json
echo '}' >> /etc/docker/daemon.json
systemctl daemon-reload
systemctl restart docker

Run OpenShift Origin Natively:

Download the latest OpenShift Origin binaries from https://github.com/openshift/origin/releases currently v3.7.0-alpha.1 . Extract files and copy file to folder included in PATH environment variable such as /usr/bin directory.

wget https://github.com/openshift/origin/releases/download/v3.7.0-alpha.1/openshift-origin-server-v3.7.0-alpha.1-fdbd3dc-linux-64bit.tar.gz
tar -xzf openshift-origin-server-v3.7.0-alpha.1-fdbd3dc-linux-64bit.tar.gz
rm -f openshift-origin-server-v3.7.0-alpha.1-fdbd3dc-linux-64bit/LICENSE openshift-origin-server-v3.7.0-alpha.1-fdbd3dc-linux-64bit/README.md
cp openshift-origin-server-v3.7.0-alpha.1-fdbd3dc-linux-64bit/* /usr/bin/

Now the somewhat tricky part. Scaleways network device ip address is not the same as the external ip address.

export EXTERNAL_IP=$(curl -s https://4.ifcfg.me/)
openshift start master \
--master="https://${EXTERNAL_IP}:8443" \
--dns="https://${EXTERNAL_IP}:8053" \
--write-config="/var/lib/origin/openshift.local.config/master"
cd /var/lib/origin/
oadm create-node-config \
--node-dir=/var/lib/origin/openshift.local.config/node-localhost \
--node=localhost --hostnames=$HOSTNAME,$EXTERNAL_IP
#Should setup authentication before running the following 
#but for a quick demonstration you can. Shut it down quickly though.
oc cluster up --use-existing-config --public-hostname="${EXTERNAL_IP}"

Once the server is up and running you can test from your browser at https://EXTERNAL_IP:8443/console/ . Use username ‘developer’ and anyword password.

The default master configuration file should be revised to override the default non-secure login method which allows user ‘developer’ to use any password to login. This should be done ASAP as it exposes your server to anyone. I use htpasswd to do this.

yum install -y httpd-tools
htpasswd -c /var/lib/origin/openshift.local.config/master/users.htpasswd developer

Once the htpasswd has be generated, the master configuration file needs to be updated to use it instead of the default authentication. REPLACE the existing identityProviders section in master config file /var/lib/origin/openshift.local.config/master/master-config.yaml with the following.

identityProviders:
- name: my_htpasswd_provider
challenge: true
login: true
mappingMethod: add
provider:
apiVersion: v1
kind: HTPasswdPasswordIdentityProvider
file: /var/lib/origin/openshift.local.config/master/users.htpasswd

Restart the OpenShift Origin server.

export EXTERNAL_IP=$(curl -s https://4.ifcfg.me/)
oc cluster down
oc cluster up --use-existing-config --public-hostname="${EXTERNAL_IP}"

Make sure that you cannot login by entering a random password for user “developer” at https://EXTERNAL_IP:8443/console/ . You should be presented an error message.

Run OpenShift inside a Docker Container:

For anyone interested OpenShift Origins can be run inside a Docker container too. I have not confirmed this but I believe the native OS has to be Red Hat based like CentOS we are on. Using Docker to run OpenShift Origins is preferred for me as I like to contain all applications through docker.

Run the following to setup the configuration files at /opt/origin on the native/host OS file system. I picked a different folder than the default /var/lib/origin to keep native and container based separate since I used the same host/machine for this example and the native example above. However, you can use /var/lib/origin instead wherever I use /opt/origin below.

export EXTERNAL_IP=$(curl -s https://4.ifcfg.me/)
docker run -ti --rm --name "origin" \
--privileged --pid=host --net=host \
-v /:/rootfs:ro -v /var/run:/var/run:rw -v /sys:/sys \
-v /sys/fs/cgroup:/sys/fs/cgroup:rw \
-v /var/lib/docker:/var/lib/docker:rw \
-v /opt/origin/openshift.local.config:/var/lib/origin/openshift.local.config \
-v /opt/origin/openshift.local.volumes:/var/lib/origin/openshift.local.volumes:rslave \
openshift/origin start master \
--master="https://${EXTERNAL_IP}:8443" \
--dns="https://${EXTERNAL_IP}:8053" \
--write-config='/var/lib/origin/openshift.local.config/master'
docker run -ti --rm --name "origin" \
--entrypoint=/usr/bin/oadm \
-v /opt/origin/openshift.local.config:/var/lib/origin/openshift.local.config \
openshift/origin create-node-config \
--node-dir=openshift.local.config/node-localhost \
--node=localhost --hostnames=$HOSTNAME,$EXTERNAL_IP

Before starting our server lets add authentication as default is NOT secure. In true Docker fashion let’s install and run htpasswd in a container instead of natively to generate our password file.

docker run -ti --rm -v /opt/origin/openshift.local.config/master/:/opt/origin/openshift.local.config/master/ --entrypoint=/bin/bash --net=host openshift/origin
yum install -y httpd-tools
htpasswd -c /opt/origin/openshift.local.config/master/users.htpasswd developer
exit

REPLACE the existing identityProviders section in master config file /opt/origin/openshift.local.config/master/master-config.yaml with the following.

identityProviders:
- name: my_htpasswd_provider
challenge: true
login: true
mappingMethod: add
provider:
apiVersion: v1
kind: HTPasswdPasswordIdentityProvider
file: /var/lib/origin/openshift.local.config/master/users.htpasswd

Now start the server with our new configuration files.

docker run -d --name "origin" \
--privileged --pid=host --net=host \
-v /:/rootfs:ro -v /var/run:/var/run:rw -v /sys:/sys \
-v /sys/fs/cgroup:/sys/fs/cgroup:rw \
-v /var/lib/docker:/var/lib/docker:rw \
-v /opt/origin/openshift.local.config:/var/lib/origin/openshift.local.config \
-v /opt/origin/openshift.local.volumes:/var/lib/origin/openshift.local.volumes:rslave \
openshift/origin start \
--master-config='/var/lib/origin/openshift.local.config/master/master-config.yaml' \
--node-config='/var/lib/origin/openshift.local.config/node-localhost/node-config.yaml'

Make sure that you cannot login by entering a random password for user “developer” at https://EXTERNAL_IP:8443/console/ .

Openshift on VPS like Scaleways with Hostname (Added 9/20/17):

See my article on how to setup Openshift on VPS like Scaleways with Hostname at https://medium.com/@james_devcomb/openshift-on-vps-like-scaleways-with-hostname-4b3ef8942f83 .

Additional Resources/References:

https://docs.openshift.org/latest/getting_started/administrators.html#getting-started-administrators