Authentication and Authorization Create local htpasswd file: htpasswd -c -B -b ./htpasswd admin redhat htpasswd -b ./htpasswd developer developer Then login as admin and create secret: oc create secret generic localusers \ --from-file htpasswd=./htpasswd \ -n openshift-config Can also use set to udpate secret: oc set data secret/localusers -n openshift-config --from-file htpasswd=./htpasswd Add cluster-admin role to new admin account, and it’s ok to ignore warnings since admin is not existed in the system yet:

Continue reading

Openshift comes with enforced security context design which aims to solve security issues that normal Kubernetes cluster ignores. In a non-prod environment, the default Kubernetes approach is capible to deploy simple application and providing access to the service, but such design often introduce challenges to enterprise companies like banks or teleco which cause them hasitate to migrate data to the cloud. Build A Openshift Compatible Image Normal docker image which uses root level action like following would cause trouble in Openshift:

Continue reading

All config and cmd in this blog has been verified and tested against Openshift 4.5 release Openshift 4.5 introduced new way to deploy kubernetes by using Coreos with Igition, this solution makes sure all nodes in a cluster share same image and end-users are not encouraged to modify anything on OS level, everything(nic changes, troubleshoot, ssl injection) should be done through Openshift itself by defining yaml(Machineconfig for OS files, nmstate can mod nic).

Continue reading

Redhat KVM

A simple memo about how to create proper PXE bootable KVM instances on RHEL8. Create Virtual Port Multiple different type of port can be used on KVM instances, you can choose physical interface such as eno1 or bond0, or you can use bridge as its overlayer. Create bond0 based on eno2: nmcli con add type team con-name bond0 ifname bond0 config '{"runner": {"name": "activebackup"}}' nmcli con add type team-slave con-name bond0-eno2 ifname eno2 master bond0 nmcli dev dis eno2 nmcli con up bond0 Create bridge:

Continue reading

Redhat Openstack has build-in pacemaker to manage few docker containers status, and it also affects how Mariadb works on Openstack. Usually when you see a Mariadb failure on Redhat Openstack, you would see some thing like this: [[email protected] etc]# pcs status Cluster name: tripleo_cluster Stack: corosync Current DC: controller1 (version 1.1.19-8.el7_6.2-c3c624ea3d) - partition with quorum Last updated: Thu May 7 21:55:43 2020 Last change: Thu May 7 21:51:15 2020 by hacluster via crmd on controller2 12 nodes configured 36 resources configured Online: [ controller1 controller2 controller3 ] GuestOnline: [ [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] ] Full list of resources: Docker container set: rabbitmq-bundle [10.

Continue reading

RedHat Certified System Engineer(EX300) is an advanced and extended exam from EX200. It tests what EX200 already covers and extend them in a more detailed and advanced level. Network Manager Besides what we already know about using nmcli to configure networks, RHCE would like to see if candidates would understand how nmcli and legacy script based config work. A table of Comparison of nm-settings and ifcfg-* Directives nmcli con mod ifcfg-* file Effect ipv4.

Continue reading

RedHat Certified System Administrator(EX200) is the 1st to acquire for most of Redhat advanced certificates(non-cloud, regular system admin path), Here are some hints and memo for learning and preparing for RHCSA. Link Files ln has hard link and soft link. ln newfile.txt /tmp/newfile-hlink2.txt will create a hard link of newfile.txt. hard link means full copy of the original file, the ln created hard link file will exist even if the original file got deleted.

Continue reading

All config and cmd in this blog has been verified and tested against Openshift 3.11 release Openshift is Redhat Container Platform, it mainly uses Kubernetes as its PaaS underlay and added more feature such as CICD, app store, etc. How to Install Similar as Kubespray, it uses a toolbox which has root access to all nodes and run ansible scripts to install and deploy everything. Few prerequisites before install:

Continue reading

Redhat Setup Hints

Redhat has many modification from regular popular linux distributions. Hostname To change hostname on redhat7, simple as issuing following commands, no needs to change hosts file one by one: hostnamectl set-hostname name Network Manager Redhat uses NM to manage all interface settings, including IP, DNS and Routes. It’s also supported to use traditional script under /etc/sysconfig/network-scripts/ifcfg-*. To show current interface: nmcli con show To add a new interface profile with static IP:

Continue reading

Author's picture

Charles

Love coding and new technologies

Cloud Solution Consultant

Canada