-
Notifications
You must be signed in to change notification settings - Fork 24
/
helpful-commands.txt
325 lines (161 loc) · 7.6 KB
/
helpful-commands.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
# bootstrap from satellite
cd && rm -rf bootstrap.py; wget http://satellite.home.nicknach.net/pub/bootstrap.py && chmod +x bootstrap.py && ./bootstrap.py -l admin -o nicknach -a ocp-metal-key -s satellite.home.nicknach.net -L home -g home/openshift --force
# get crt from IPA server
curl http://gw.home.nicknach.net/ipa/config/ca.crt >> /etc/origin/master/my-ldap-ca-bundle.crt
# check out a specific branch
git clone --single-branch -b release-3.10 https://github.com/openshift/openshift-ansible.git
# get recent SELinux denials
ausearch -m avc -ts recent
## patch an IS to be pulled from http (vs https) registry
oc patch is mysql -p '{"spec":{"tags":[{"importPolicy":{"insecure":true},"name":"latest"}]}}'
# fix ssh to allow remote root
sed -i 's/^#PermitRootLogin/PermitRootLogin/' /etc/ssh/sshd_config
sed -i 's/^#PermitRootLogin no/PermitRootLogin yes/' /etc/ssh/sshd_config; sed -i 's/^#PasswordAuthentication/PasswordAuthentication/' /etc/ssh/sshd_config
# set root passwd (use something strong, this is exposed to the inet)
passwd
## clean up journal
journalctl --vacuum-size=100M
## iftop for my gateway (filter ether traffic and broadcasts).
iftop -i enp0s20u3 -f 'not port 30303 and not broadcast and not arp and not port 53' -P -B
## add features gate to node-config.yml for GPU nodes
feature-gates:
- Accelerators=true
##### # refresh env vars in current shell
```
for i in `cat /etc/environment`; do `echo export $i`; done
```
# disable router sticky
oc annotate route pydemo --overwrite haproxy.router.openshift.io/balance=roundrobin
## In default project (that contains router):
oc env dc/router ROUTER_TCP_BALANCE_SCHEME=leastconn
oc set env dc/router ROUTER_TCP_BALANCE_SCHEME=leastconn
oc get node `hostname` -o yaml
oadm manage-node master03.ocp.nicknach.net infra03.ocp.nicknach.net node03.ocp.nicknach.net --schedulable=false; oadm manage-node master03.ocp.nicknach.net infra03.ocp.nicknach.net node03.ocp.nicknach.net --evacuate
#re-populate image streams
for i in `oc get is -n openshift |awk '{print $1}' |grep -v NAME`; do oc delete is -n openshift $i && oc import-image repo.home.nicknach.net:5000/rhscl/$i -n openshift --insecure --confirm; done
#check registry health
curl -v $(oc get service docker-registry --template '{{.spec.portalIP}}:{{index .spec.ports 0 "port"}}/healthz')
#list available image streams
oc get is -n openshift # (openshift is the “global” project. Resources put in the project are global)
#delete stuff
oc delete all --all (nuke)
oc delete all -l key=value
#edit a route
oc edit route/<name>
#show docker service reg details
oc describe svc/docker-registry
#import some external images
oc import-image
# manage by label
oadm manage-node node01.ose.nicknach.net node02.ose.nicknach.net --selector="region=infra"
#set master to sched
oadm manage-node master01.ose.nicknach.net --schedulable=true
#create the reg
oadm registry --create --service-account=registry --credentials=/etc/openshift/master/openshift-registry.kubeconfig --images='openshift3/ose-${component}:${version}'
--selector="region=infra"
--mount-host=/registry
#add persistent vol to reg
oc volume deploymentconfigs/docker-registry \
--add --overwrite --name=registry-storage --mount-path=/registry \
--source='{"nfs": { "server": "storage.home.nicknach.net", "path": "/home/docker-registry"}}'
#expose docker reg as svc
oc expose svc/docker-registry --hostname=docker-registry.apps.ose.nicknach.net
#troubleshoot ephemeral docker container on host
docker run -it centos /bin/sh
# change node label
oc label node master01.ose.nicknach.net region=infra zone=default --overwrite
# curl the registry for status
ansible nodes -m command -a "curl <MASTER_IP>:5000/healthz"
# create user accounts
htpasswd -b /etc/openshift/openshift-passwd demo demo
As admin:
#list pods on a given node(s)
oadm manage-node master01.ose.nicknach.net --list-pods
# copy the token
cp /etc/openshift/master/admin.kubeconfig ~/.kube/config
#get registry service info
oc get service docker-registry
#log back in as admin user (in case you logged admin out on master)
oc login -u system:admin -n default
#add role to user
oadm policy add-role-to-user admin alice (-n project)
# list pods running on a given node(s)
oadm manage-node node01.example.com --list-pods
#show available image streams
oc get is -n openshift
oadm prune images --keep-younger-than=0m --keep-tag-revisions=0 --confirm=true --registry-url='172.30.153.46:5000'
On Nodes:
#create a persistent volume (for users/apps to claim a piece of)
cat <<EOF > persist-create.json
{
"apiVersion": "v1",
"kind": "PersistentVolume",
"metadata": {
"name": "pv0001"
},
"spec": {
"capacity": {
"storage": "5Gi"
},
"accessModes": [ "ReadWriteOnce" ],
"nfs": {
"path": "/home/apps",
"server": "storage.home.nicknach.net"
},
"persistentVolumeReclaimPolicy": "Recycle"
}
}
EOF
oc create pv -f persist-create.json
# list available pvs on node
oc get pv
As client:
# user commands
oc login
demo
oc whoami -t
docker login -u demo -p
oc logs <DEPLOYMENT>
oc build-logs <APP NAME>
#export an app as a template (getting only the necessary objects)
oc export --as-template=pydemo bc,is,svc,dc > pydemo.yaml
# delete app by label
oc delete all -l app=foobar
# more options for creating new app
oc new-app (--insecure-registry=true) --docker-image=docker.io/foobar:latest --name=foobar --loglevel=8
# expose a service to a hostname (route)
oc expose svc/foobar --hostname=foobar.example.com --name=foobar
# get available PersistentVolumeClaims
oc get pvc
Raw Docker:
docker export test > test.tar
docker push foobar/testapp
docker import -i test.tar
curl --cacert /etc/origin/master/ca-bundle.crt https://openshift-cluster.nicknach.net:8443/healthz/ready
curl -D - -u username:secret -k "https://ose3-master.sandbox.osecloud.com:8443/oauth/authorize?response_type=token&client_id=openshift-challenging-client" 2>&1 | grep -oP "access_token=\K[^&]*"
docker rm $(docker ps -a -q)
grubby --update-kernel=ALL --args="video=hyperv_fb:1920x1080"
system-config-display --reconfig --set-resolution=1920x1080
________________
Create App
This is an example PHP-application you can use to test your OSEv3 environment.
Here is an example:
user@host$ oc new-app openshift/php~https://github.com/christianh814/php-example-ose3
Things to keep in mind:
* ose new-app Creates a new application on OSE3
* openshift/php This tells OSEv3 to use the PHP image stream provided by OSE
* Provide the git URL for the project
* Syntax is ”imagestream~source”
Once you created the app, start your build
user@host$ oc start-build php-example-ose3
View the build logs if you wish. Note the -1 …this is the build number. Find the build number with oc get builds
user@host$ oc build-logs php-example-ose3-1
Once the build completes; create and add your route:
user@host$ oc expose service php-example-ose3 \
--hostname=php-example.cloudapps.example.com
Scale up as you wish
user@host$ oc scale --replicas=3 dc/php-example-ose3
If you'd like to add another route (aka “alias”); then you need to specify a new name for it
user@host$ oc expose service php-example-ose3 --name=hello-openshift \
--hostname=hello-openshift.cloudapps.example.com
oadm policy add-role-to-user cluster-admin <username>