DevOps Automation

 View Only
  • 1.  UrbanCode Deploy Openshift Plugin usage

    Posted Thu September 02, 2021 12:23 PM
    Hi all,

    I'm struggling with UCD and the Openshift Plugin.  I'm very experienced with UCD but just starting with Openshift - just so you know where my strengths lie.  I am using an UCD Server on a Linux VM communicating with an Agent deployed in Openshift by using the UrbanCode Deploy agent Operator.


    Here's where I am floundering.   I am trying to use the 'Start Build' step from the plugin in a component process.   

    The oc start-build (the command built by the plugin step) requires you to be logged in, so In my process I start by using the 'Login' step. when this step executes I was getting an error from my agent pod which I had to circumvent by create a post processing script to ignore the error, but the result says I am logged in.

    [Action] Logging into OpenShift server...
    command: oc login https://********************:6443 --username=Thomas '--password=****' --insecure-skip-tls-verify
    [Error] Could not log in.
    error: KUBECONFIG is set to a file that cannot be created or modified: /.kube/config; caused by: mkdir /.kube: permission denied
    Login successful.
    You have access to 68 projects, the list has been suppressed. You can list all projects with 'oc projects'
    Using project "default".



    The next step in the process is the 'Start Build.'  In this step, I only supplied my username and it replies that the user does not exist.  I know this is not true, because I just logged in with that user - not sure if this is an Openshift or UCD bug (is it a bug?).  Note that in the error message it says nothing about not being logged in - just that the user doesn't exist.

    [Action] Executing start-build Operation...
    command: oc start-build --namespace=node-web-app --user=Thomas --insecure-skip-tls-verify node-web-app-git --wait
    [Error] Start-build operation failed.
    error: auth info "Thomas" does not exist


    The only way I make this work is by passing an Auth Token, but then auth tokens expire after a set time period so that is impractical.

    How do get around this?

    ------------------------------
    Thomas Gould
    ------------------------------


  • 2.  RE: UrbanCode Deploy Openshift Plugin usage

    Posted Thu September 02, 2021 01:51 PM

    Hi Thomas, if I'm not mistaken, for each of the steps UCD starts a new shell, so the login you executed in one step is not valid in the next step.

    I think it is possible to include the OCP authentication info in a config file of the agent host, so that you do not need to login.

    Another solution would be to merge the login and build in a unique step.

    You can generate the login command from the web console: "If you are logged in to the web console, you can generate an oc login command that includes your token and server information. You can use the command to log in to the OpenShift Container Platform CLI without the interactive prompts. To generate the command, select Copy login command from the username drop-down menu at the top right of the web console."



    ------------------------------
    Cesar OSSAMU IDA
    ------------------------------



  • 3.  RE: UrbanCode Deploy Openshift Plugin usage

    Posted Thu September 02, 2021 02:00 PM
    I also remember that I did not use the OCP plugin steps, because when newer OCP versions were released, the plugin did not work very well, so I used the generic shell steps. It is easy to adjust the OCP plugin if needed, but it is faster to use the generic shell step.

    ------------------------------
    Cesar OSSAMU IDA
    ------------------------------



  • 4.  RE: UrbanCode Deploy Openshift Plugin usage

    Posted Thu September 02, 2021 02:06 PM
    Also, from the error you got, it is clear that there is a permission issue in the KUBECONFIG path, and probably that's why the plugin is unable to setup the user profile and fails the next step.

    ------------------------------
    Cesar OSSAMU IDA
    ------------------------------



  • 5.  RE: UrbanCode Deploy Openshift Plugin usage

    User Group Leader
    Posted Thu September 02, 2021 02:45 PM
      |   view attached
    it could also be a problem with using userid+password. I am using an auth token instead and the steps just work with the openshift plugin (also from the shell)...
    I have attached an export of a sample project (using kubetoy app to deploy to openshift). The component has several processes and they need the openshift plugin (i had used V17.11xomething, the latest will also work). I have also a deployment process using shell steps only (calling oc directly).
    for all i use the token (which you can get from your openshift console somewhere under login credentials i think...

    Older version of the plugin had a problem with the KUBECONFIG settings, but the 17.11.x should have fixed that (i have checked there is version 18.11.xx from last June available...)

    Cheers

    ------------------------------
    Osman Burucu
    DevOps Specialist
    IBM
    Vienna
    00431211454746
    ------------------------------

    Attachment(s)

    json
    KubeToy - Copy.json   71 KB 1 version


  • 6.  RE: UrbanCode Deploy Openshift Plugin usage

    Posted Fri September 03, 2021 11:30 AM
    Hi Thomas,

    It is good to hear from you and hope all is well.   I ran into a similar thing and to work around it, I added a step after my download artifacts step that performs this:

    #!/bin/bash
    export KUBECONFIG=./kubeconfig
    oc login --token=${p:component/oc-auth-token} --server=https://c107-e.us-south.containers.cloud.ibm.com:30085
    oc project rlange
    echo "I am user $(id)"
    echo "My Home directory is $HOME"
    echo "My current OpenShift project is $(oc project)"
    echo "Pods running in this namespace/project are"
    oc get pods

    My subsequent steps after this work fine to do an "oc apply" and to create a route for my sample application I was deploying.  If you need more details, feel free to email me at rlange@ibm.com.    Good to hear from you,

    -Randy Langehennig

    ------------------------------
    Randall Langehennig
    Hybrid Cloud DevOps Technical Sales Specialist
    IBM
    Austin TX
    ------------------------------



  • 7.  RE: UrbanCode Deploy Openshift Plugin usage

    Posted Fri September 03, 2021 01:15 PM
    You can add the following line to the Step Flags field of the Login step

    --kubeconfig=./kubeconfig

    You can name the file whatever you want.  It just needs to refer to a directory that the agent process has write permission in.  That will allow the creation of the kube config file to be successful in the login step.  Then in subsequent plugin steps you can add the same value to the Step Flags and it will use the same login session/kubeconfig file.

    ------------------------------
    Thomas P. Neal
    ------------------------------



  • 8.  RE: UrbanCode Deploy Openshift Plugin usage

    Posted Fri September 03, 2021 02:01 PM
    Resolved.

    Thanks to the suggestions from the group, i was able to get the Login step working with any special workaround.

    I did find (after I posted the question) that for the 'Start Build' step I really didn't need to use the 'Login' step.  Every Openshift Project (I am using 4.8) creates service accounts, on of which is deployer.  All I had to do is grant that service account permission to do what i wanted, copy it's non-expiring auth token and use that in the 'Start Build' step for authentication.  Bingo It worked!

    Thanks to everyone for reaching out, and i hope these answers, and my own service account discovery, helps someone else.

    ------------------------------
    Thomas Gould
    ------------------------------