Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- [root@domdev01 ~]$ oc get nodes
- NAME STATUS ROLES AGE VERSION
- doadev01.sg.gbs.pro Ready compute 3d v1.11.0+d4cacc0
- doidev01.sg.gbs.pro Ready infra 3d v1.11.0+d4cacc0
- doidev02.sg.gbs.pro Ready infra 3d v1.11.0+d4cacc0
- domdev01.sg.gbs.pro Ready master 3d v1.11.0+d4cacc0
- domdev02.sg.gbs.pro Ready master 3d v1.11.0+d4cacc0
- domdev03.sg.gbs.pro Ready master 3d v1.11.0+d4cacc0
- [root@domdev01 ~]$ oc get pods | egrep "Error|CrashLoopBack"
- [root@domdev01 ~]$
- https://docker-registry-default.internalservices-dev.devops.tst
- ### Namespace "webconsole-config" ConfigMap
- ### per modificare il puntamento delle metriche su tutte le app
- apiVersion: webconsole.config.openshift.io/v1
- clusterInfo:
- adminConsolePublicURL: https://console.apps-dev.devops.tst/
- consolePublicURL: https://doconsole-dev.sg.gbs.tst/console/
- loggingPublicURL: https://kibana.apps-dev.devops.tst
- logoutPublicURL: ''
- masterPublicURL: https://doconsole-dev.sg.gbs.tst:443
- metricsPublicURL: https://hawkular-metrics.apps-dev.devops.tst/hawkular/metrics
- extensions:
- properties: {}
- scriptURLs: []
- stylesheetURLs: []
- features:
- clusterResourceOverridesEnabled: false
- inactivityTimeoutMinutes: 0
- kind: WebConsoleConfiguration
- servingInfo:
- bindAddress: 0.0.0.0:8443
- bindNetwork: tcp4
- certFile: /var/serving-cert/tls.crt
- clientCA: ''
- keyFile: /var/serving-cert/tls.key
- maxRequestsInFlight: 0
- namedCertificates: null
- requestTimeoutSeconds: 0
- [root@domdev01 ~]$
- [root@domdev01 ~]$ oc new-app bsella https://git.sg.gbs.pro/projects/ARCH/repos/openshift --source-secret=bancasella-bitbucket
- W1204 11:31:44.435411 14761 dockerimagelookup.go:233] Docker registry lookup failed: Get https://registry-1.docker.io/v2/: x509: certifi cate is valid for *.NET.GBS.PRE, not registry-1.docker.io
- error: local file access failed with: stat bsella: no such file or directory
- error: unable to locate any images in image streams, templates loaded in accessible projects, template files, local docker images with nam e "bsella"
- error: git ls-remote failed with: execution of git ls-remote https://git.sg.gbs.pro/projects/ARCH/repos/openshift timed out after 30s; lo cal file access failed with: stat https://git.sg.gbs.pro/projects/ARCH/repos/openshift: no such file or directory
- error: unable to locate any images in image streams, templates loaded in accessible projects, template files, local docker images with nam e "https://git.sg.gbs.pro/projects/ARCH/repos/openshift"
- Argument 'https://git.sg.gbs.pro/projects/ARCH/repos/openshift' was classified as an image, image~source, or loaded template reference.
- The 'oc new-app' command will match arguments to the following types:
- 1. Images tagged into image streams in the current project or the 'openshift' project
- - if you don't specify a tag, we'll add ':latest'
- 2. Images in the Docker Hub, on remote registries, or on the local Docker engine
- 3. Templates in the current project or the 'openshift' project
- 4. Git repository URLs or local paths that point to Git repositories
- --allow-missing-images can be used to point to an image that does not exist yet.
- See 'oc new-app -h' for examples.
- [root@domdev01 ~]$
- gbs02293
- sella112018
- [root@domdev01 ~]$ docker login git.sg.gbs.pro -u gbs02293
- Password:
- Error response from daemon: Get https://git.sg.gbs.pro/v1/users/: dial tcp 172.20.136.117:443: i/o timeout
- [root@domdev01 ~]$
- [root@domdev01 ~]$ docker images
- REPOSITORY TAG IMAGE ID CREATED SIZE
- registry.redhat.io/rhel7/etcd 3.2.22 635bb36d7fc7 13 days ago 259 MB
- registry.redhat.io/openshift3/ose-node v3.11 901c817d48cc 3 weeks ago 1.17 GB
- registry.redhat.io/openshift3/ose-control-plane v3.11 e043f4037c7f 3 weeks ago 807 MB
- registry.redhat.io/openshift3/ose-kube-rbac-proxy v3.11.43 346b8706ab75 3 weeks ago 487 MB
- registry.redhat.io/openshift3/ose-console v3.11 3d8540e8cdb8 3 weeks ago 254 MB
- registry.redhat.io/openshift3/ose-web-console v3.11 c9309fc930f5 3 weeks ago 322 MB
- registry.redhat.io/openshift3/ose-pod v3.11 47ea091bca33 3 weeks ago 238 MB
- registry.redhat.io/openshift3/ose-pod v3.11.43 47ea091bca33 3 weeks ago 238 MB
- registry.redhat.io/openshift3/ose-service-catalog v3.11.43 dc09eb43a18c 3 weeks ago 309 MB
- registry.redhat.io/openshift3/ose-template-service-broker v3.11.43 354b1216b490 3 weeks ago 313 MB
- registry.redhat.io/openshift3/prometheus-node-exporter v3.11.43 1ca7e0622370 3 weeks ago 225 MB
- registry.redhat.io/openshift3/ose-logging-fluentd v3.11.43 0fef36d87b56 3 weeks ago 289 MB
- registry.redhat.io/openshift3/registry-console v3.11 73938699cd8a 3 weeks ago 237 MB
- docker-registry-default.internalservices-dev.devops.tst:5000/bsella/apache-httpd latest ff2239568726 2 months ago 353 MB
- docker-registry-default.router.default.svc.cluster.local/sella/apache-httpd 1.0 ff2239568726 2 months ago 353 MB
- [root@domdev01 ~]$
- [root@domdev01 ~]$
- [root@domdev01 ~]$ docker push docker-registry-default.internalservices-dev.devops.tst:5000/bsella/apache-httpd
- The push refers to a repository [docker-registry-default.internalservices-dev.devops.tst:5000/bsella/apache-httpd]
- Get https://docker-registry-default.internalservices-dev.devops.tst:5000/v1/_ping: Gateway Timeout
- [root@domdev01 ~]$
- [root@domdev01 ~]$
- [root@domdev01 ~]$ telnet docker-registry-default.internalservices-dev.devops.tst 5000
- Trying 172.17.244.49...
- [root@domdev01 ~]$ docker push docker-registry-default.internalservices-dev.devops.tst/bsella/apache-httpd
- The push refers to a repository [docker-registry-default.internalservices-dev.devops.tst/bsella/apache-httpd]
- 74647f952e28: Retrying in 1 second
- 9cd8a8f6bf9d: Retrying in 1 second
- 22888f7bc143: Retrying in 1 second
- 170cdd8a9ac5: Retrying in 1 second
- 911cee7531eb: Retrying in 1 second
- f0897fc7c83e: Waiting
- cd97d0208235: Waiting
- f9bf6da67ad7: Waiting
- 1d31b5806ba4: Waiting
- ####### LOGGING
- # For each infra node run the following command:
- chown 1000:1000 /mnt/local-storage/elasticsearch-storage
- # From one master node run the following commands:
- oc project openshift-logging
- oc adm policy add-scc-to-user privileged system:serviceaccount:openshift-logging:aggregated-logging-elasticsearch
- oc scale dc logging-es-data-master-ak4ni4on --replicas=0
- oc patch dc logging-es-data-master-ak4ni4on -p '{"spec":{"template":{"spec":{"containers":[{"name":"elasticsearch","securityContext":{"privileged": true}}]}}}}'
- oc label node doipre01.sg.gbs.pro logging-es-node=1
- oc set volume dc logging-es-data-master-ak4ni4on --add --overwrite --name=elasticsearch-storage --type=hostPath --path=/mnt/local-storage/elasticsearch-storage
- oc rollout latest dc/logging-es-data-master-ak4ni4on
- oc scale dc logging-es-data-master-ak4ni4on --replicas=1
- #################
- ## REGISTRY ##
- - update route in:
- - Hostname: docker-registry.internalservices.devops.pre
- ## REGISTRY CONSOLE ##
- - Create a new secret with CRT+KEY+CA
- - Key: extensio -> .cert
- - Mount secret to container (edit DC)
- - update route in:
- - Hostname: registry-console.internalservices.devops.pre (example)
- - TLS Termination : reencrypt
- - Certificate: registry-console crt
- - Private Key: registry-console crt
- - CA Certificate: registry-console crt + CA
- - Destination CA Certificate: registry-console crt + CA
- ## PROMETHEUS ##
- - From openshift-monitoring project edit the following route:
- - alertmanager-main
- - Hostname: alertmanager-main-openshift-monitoring.internalservices-dev.devops.tst (example)
- - put into the fields Certificate, CA Certificate, Destination CA Certificate the value contained into the secret alertmanager-main-tls/tls.crt
- - put into the fields Private Key the value contained into the secret alertmanager-main-tls/tls.key
- - prometheus-k8s
- - Hostname: prometheus-k8s-openshift-monitoring.internalservices-dev.devops.tst (example)
- - put into the fields Certificate, CA Certificate, Destination CA Certificate the value contained into the secret prometheus-k8s-tls/tls.crt
- - put into the fields Private Key the value contained into the secret prometheus-k8s-tls/tls.key
- - grafana
- - Hostname: grafana-openshift-monitoring.internalservices-dev.devops.tst (example)
- - put into the fields Certificate, CA Certificate, Destination CA Certificate the value contained into the secret grafana-tls/tls.crt
- - put into the fields Private Key the value contained into the secret grafana-tls/tls.key
- ## ROUTE SHARDING ##
- https://docs.openshift.com/container-platform/3.11/install_config/router/default_haproxy_router.html#using-router-shards
- oc adm router router-pre --replicas=1 --force-subdomain='${name}-${namespace}.apps.devops.pre' --selector="region=pre,node-role.kubernetes.io/infra=true"
- oc set env dc/router-pre "DEFAULT_CERTIFICATE_PATH=/etc/pki/tls/private/tls.crt" "EXTENDED_VALIDATION=true"
- ## REMOVE - name: ROUTER_OVERRIDE_HOSTNAME value: "true"
- ### Datacenter produzione
- master tutti i sede
- infra01 -> ced
- infra02 -> sede
- infra03 -> ced
- infra04 -> sede
- node01 -> ced
- node02 -> sede
- node03 -> ced
- node04 -> sede
- [{'name': 'node-config-master', 'labels': ['node-role.kubernetes.io/master=true']},{'name': 'node-config-infra-sede', 'labels': ['node-role.kubernetes.io/infra=true','failure-domain.beta.kubernetes.io/zone=sede']},{'name': 'node-config-infra-ced', 'labels': ['node-role.kubernetes.io/infra=true','failure-domain.beta.kubernetes.io/zone=ced']},{'name': 'node-config-compute-sede', 'labels': ['node-role.kubernetes.io/compute=true','failure-domain.beta.kubernetes.io/zone=sede']},{'name': 'node-config-compute-ced', 'labels': ['node-role.kubernetes.io/compute=true','failure-domain.beta.kubernetes.io/zone=ced']}]
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement