This chapter documents the OpenShift setup in Phoenix.
Currently, two instances are deployed: Staging and Production. Both have a matching configuration with 3 masters, 3 nodes and a load balancer handling both API/UI and application traffic.
|Instance||API endpoint||First master||Note|
|Staging||https://staging-shift.phx.ovirt.org:8443||staging-shift-master01.phx.ovirt.org||API reachable via OpenVPN only|
Remote access using oc
External authentication is used, so to log in remotely using the 'oc' console tool please first authenticate in the UI, click on the username in the top right corner and select "Copy Login Command" - this will generate an authentication token and copy the complete login command into the clipboard.
To perform administrative tasks on the cluster, such as upgrades and permission modification, please log in as root to the first master node indicated in the table above. All changes should be tested on Staging first.
Adding a new user
Authentication happens using Google Auth so anyone can log in. For this reason, a new user cannot do anything and permissions must be granted to create projects. To do that, first ask the new user to log into the UI so that a user mapping is created. Then list users to confirm the new user's email is visible:
oc get users
Single project access
To provide access to an existing project, run the following command:
oadm policy add-role-to-user admin email@example.com -n NAME_OF_EXISTING_PROJECT
Project creation permission
To allow the new user to create projects, add the self-provisioner role:
oadm policy add-cluster-role-to-user self-provisioner firstname.lastname@example.org
Cluster admin role
In rare cases when a user needs to have instance-wide admin access, add the cluster-admin role:
oadm policy add-cluster-role-to-user cluster-admin email@example.com
Managing persistent storage
Persistent volumes are used to save data across pod restarts and are provisioned manually. To view existing volumes and their states, run:
oc get pv
The "STATUS" column equals to "Bound" for volumes used by pods.
To add a new volume - create a new YAML listing the name, size and NFS path to use. More info is provided in official docs.
A sample persistent volume definition is presented below:
apiVersion: v1 kind: PersistentVolume metadata: name: new-pv-name spec: capacity: storage: 4Gi accessModes: - ReadWriteOnce nfs: path: /nfs/export/path server: NFS_SERVER_IP persistentVolumeReclaimPolicy: Recycle
Upgrading an instance
At the moment of this writing, the ansible hosts file and playbooks are stored on the first Master. The playbooks are stored in /root/openshift-ansible and to update them run a "git pull" in this dir.
To perform maintenance tasks please follow the official docs, testing them on Staging first.