[Platformone] [Non-DoD Source] Re: EXT :Re: OpenShift Questions

ABODUNRIN, ADEMOLA A GG-12 USAF AFMC AFLCMC/HNCP ademola.abodunrin at us.af.mil
Thu Dec 5 19:00:16 UTC 2019 

Looks like this is still hanging. We added comments to the ticket but yet to receive a response.

Please help as we are trying to make sure that all is ready for the demo on 12/10/2019. We have a dry run tomorrow at 0945 CST.

 

Most Sincerely,

 

Ade Abodunrin, GG-12, USAF

Product Owner (Cybertron & Ginyu Force), Unified Platform

 



LevelUP Code Works          

Commercial: (210) 890-2113

NIPR email: ademola.abodunrin at us.af.mil <mailto:ademola.abodunrin at us.af.mil> 

 

From: Khary Mendez <kmendez at redhat.com> 
Sent: Tuesday, December 3, 2019 1:06 PM
To: Mike Knoth <mike.knoth at g2-inc.com>
Cc: ABODUNRIN, ADEMOLA A GG-12 USAF AFMC AFLCMC/HNCP <ademola.abodunrin at us.af.mil>; platformONE at redhat.com; Blade, Eric D [US] (MS) <Eric.Blade at ngc.com>; McKay, Brent [US] (MS) (Contr) <Brent.McKay at ngc.com>; Marc Cooper <marc.cooper at g2-inc.com>; Walter Steins <walter.steins at bylight.com>
Subject: Re: [Platformone] [Non-DoD Source] Re: EXT :Re: OpenShift Questions

 

Thanks Mike - I just added a comment to your ticket with a preferred path forward along with a less preferred option.




Khary A. Mendez, RHCA (150-047-298)

Senior Principal Consultant

 <https://www.redhat.com/> Red Hat Public Sector

 <mailto:khary at redhat.com> khary at redhat.com    
M:  <tel:(240)888-9170> (240)888-9170    


 <https://www.redhat.com/> 

	

 

 

On Tue, Dec 3, 2019 at 1:52 PM Mike Knoth <mike.knoth at g2-inc.com <mailto:mike.knoth at g2-inc.com> > wrote:

yes here is the ticket - https://dccscr.dsop.io/dsop/dccscr/issues/195 

 

On Tue, Dec 3, 2019 at 1:43 PM ABODUNRIN, ADEMOLA A GG-12 USAF AFMC AFLCMC/HNCP <ademola.abodunrin at us.af.mil <mailto:ademola.abodunrin at us.af.mil> > wrote:

Good afternoon All,

 

Please assist us with the problem below. The team has logged a ticket in the GitLab as well.


   

Most Sincerely,

 

Ade Abodunrin, GG-12, USAF

Product Owner (Cybertron & Ginyu Force), Unified Platform

 



LevelUP Code Works

Commercial:  (210) 890-2113

NIPR email: ademola.abodunrin at us.af.mil <mailto:ademola.abodunrin at us.af.mil> 

 

 

 


  _____  


From: ABODUNRIN, ADEMOLA A GG-12 USAF AFMC AFLCMC/HNCP
Sent: Friday, November 22, 2019 1:50 PM
To: Mike Knoth <mike.knoth at g2-inc.com <mailto:mike.knoth at g2-inc.com> >; Kendall, Russell C <Russell.Kendall at mantech.com <mailto:Russell.Kendall at mantech.com> >; Walter Steins <walter.steins at bylight.com <mailto:walter.steins at bylight.com> >; Blade, Eric D [US] (MS) <Eric.Blade at ngc.com <mailto:Eric.Blade at ngc.com> >
Cc: McKay, Brent [US] (MS) (Contr) <Brent.McKay at ngc.com <mailto:Brent.McKay at ngc.com> >; Marc Cooper <marc.cooper at g2-inc.com <mailto:marc.cooper at g2-inc.com> >
Subject: RE: [Non-DoD Source] Re: EXT :Re: OpenShift Questions 

 

Good afternoon Walter/Eric,

 

Please who is able to assist us with Mike’s concern below?

 

Thanks for your help!

 

Most Sincerely,

 

Ade Abodunrin, GG-12, USAF

Acquisition Program Manager

 



LevelUP Code Works          

 

Commercial: (210) 890-2113

NIPR email: ademola.abodunrin at us.af.mil <mailto:ademola.abodunrin at us.af.mil> 

 

From: Mike Knoth <mike.knoth at g2-inc.com <mailto:mike.knoth at g2-inc.com> > 
Sent: Wednesday, November 20, 2019 10:22 AM
To: Kendall, Russell C <Russell.Kendall at mantech.com <mailto:Russell.Kendall at mantech.com> >
Cc: Walter Steins <walter.steins at bylight.com <mailto:walter.steins at bylight.com> >; Blade, Eric D [US] (MS) <Eric.Blade at ngc.com <mailto:Eric.Blade at ngc.com> >; McKay, Brent [US] (MS) (Contr) <Brent.McKay at ngc.com <mailto:Brent.McKay at ngc.com> >; ABODUNRIN, ADEMOLA A GG-12 USAF AFMC AFLCMC/HNCP <ademola.abodunrin at us.af.mil <mailto:ademola.abodunrin at us.af.mil> >; Marc Cooper <marc.cooper at g2-inc.com <mailto:marc.cooper at g2-inc.com> >
Subject: [Non-DoD Source] Re: EXT :Re: OpenShift Questions

 

Thanks I got a lot closer now, with some components being deployed. I'm getting some errors unique to this Openshift though. The below is something I have in my YAML file, for several of the components.

 

        securityContext:
          fsGroup: 11111
          runAsUser: 11111

 

With the "runAsUser", Openshift would say:

Error creating: pods "openam-1-" is forbidden: unable to validate against any security context constraint: [fsGroup: Invalid value: []int64{11111}: 11111 is not an allowed group spec.initContainers[0].securityContext.securityContext.runAsUser: Invalid value: 11111: must be in the ranges: [1000910000, 1000919999] 

 

I fixed that by making the "runAsUser" 1000911111 instead, though I'm not sure what affects that will have once everything is running.

 

And then for the group, it says:


Error creating: pods "openig-1-" is forbidden: unable to validate against any security context constraint: [fsGroup: Invalid value: []int64{11111}: 11111 is not an allowed group]

 

I tried changing this "fsGroup" to 1000911111 but that also fails. So I'm not sure what to put in this value. 

 

Do you know how you can make your policy less restrictive, or how I could make the policy less restrictive, to fix the above?

 

 

 

 

 

 

On Tue, Nov 19, 2019 at 2:35 PM Kendall, Russell C <Russell.Kendall at mantech.com <mailto:Russell.Kendall at mantech.com> > wrote:

Mike,

Here's the URL for the registry:

 <https://docker-registry-default.apps.cluster.unified-platform.io/>  https://docker-registry-default.apps.cluster.unified-platform.io  

 

I'm not sure how you deploy your pipeline and apps, but our Ansible scripts take care of creating the namespaces (projects) for us. For example, you may deploy your projects stored locally via oc new-app /path/to/project

 

There are a number of existing projects, you just don't have visibility. Mr. Steins is responsible for assigning roles and is figuring out group memberships that will allow you to control access to your projects by groups instead of by individual. In the meantime you'll need to add each user to each project.

 

V/R,

Russell C Kendall


  _____  


From: Mike Knoth <mike.knoth at g2-inc.com <mailto:mike.knoth at g2-inc.com> >
Sent: Tuesday, November 19, 2019 12:35 PM
To: Walter Steins
Cc: Blade, Eric D [US] (MS); McKay, Brent [US] (MS) (Contr); Kendall, Russell C
Subject: Re: EXT :Re: OpenShift Questions 

 

Yes I'm logged on openshift right now. And I'm logged on the OC console. But I'm a bit stuck until I can figure out how to docker login, as something like this does not work:

 

docker login -u $(oc whoami) -p $(oc whoami -t) docker-registry-default.unified-platform.io <http://docker-registry-default.unified-platform.io> 

 

 

And I'm also stuck until this can show my project which I can deploy to:

 

UrsaMajor:up mike.knoth$ oc projects
You have one project on this server: "dsop-images".

 

 

 

On Tue, Nov 19, 2019 at 1:33 PM Walter Steins <walter.steins at bylight.com <mailto:walter.steins at bylight.com> > wrote:

Eric,

 

All of the requested accounts were created.

 

 


Walter “Wally” Steins

Cloud Engineer

m: 210.383.9227 |  <mailto:walter.steins at bylight.com> walter.steins at bylight.com

By Light Professional IT Services LLC
8484 Westpark Drive Suite 600 McLean VA 22102
f: 703.778.7835 |  <http://www.bylight.com/> www.bylight.com

 

 

 

From: Blade, Eric D [US] (MS) <Eric.Blade at ngc.com <mailto:Eric.Blade at ngc.com> > 
Sent: Tuesday, November 19, 2019 12:32 PM
To: 'Mike Knoth' <mike.knoth at g2-inc.com <mailto:mike.knoth at g2-inc.com> >; McKay, Brent [US] (MS) (Contr) <Brent.McKay at ngc.com <mailto:Brent.McKay at ngc.com> >
Cc: Kendall, Russell C <Russell.Kendall at mantech.com <mailto:Russell.Kendall at mantech.com> >; Walter Steins <walter.steins at bylight.com <mailto:walter.steins at bylight.com> >
Subject: RE: EXT :Re: OpenShift Questions

 

[EXTERNAL EMAIL] 

Mike,

  This is deployed as a “production cluster”, so there is no development capabilities.  Just an OpenShift environment for running the apps.

 

You will need to get your Openshift account created if it was not done so already.  Wally Stein (CC’d) can do that for you.  After that my knowledge runs thin.   Russell was able to get their app deployed via the OpenShift console.

 

Thanks

 

Eric

 

 

From: Mike Knoth <mike.knoth at g2-inc.com <mailto:mike.knoth at g2-inc.com> > 
Sent: Tuesday, November 19, 2019 1:27 PM
To: McKay, Brent [US] (MS) (Contr) <Brent.McKay at ngc.com <mailto:Brent.McKay at ngc.com> >
Cc: Kendall, Russell C <Russell.Kendall at mantech.com <mailto:Russell.Kendall at mantech.com> >; Blade, Eric D [US] (MS) <Eric.Blade at ngc.com <mailto:Eric.Blade at ngc.com> >
Subject: EXT :Re: OpenShift Questions

 

Russell/Eric,

 

Hi - do either of you know how I can login to docker from my local macbook? (to the openshift on https://cluster.unified-platform.io/)

 

I was going to use the "bastion" box (52.222.26.122) to do development on, but that doesn't even have git on it. So I guess I have to use my macbook.

 

Also do you know who can create new openshift projects for me on https://cluster.unified-platform.io/?

 

On Tue, Nov 19, 2019 at 1:23 PM McKay, Brent [US] (MS) (Contr) <Brent.McKay at ngc.com <mailto:Brent.McKay at ngc.com> > wrote:

Russell/Eric,

 

Mike Knoth(cc’d) approached me regarding the OpenShift deployment I understand the two of you stood up last week while at SpaceCAMP. I believe he was instructed to deploy DAS on said cluster. I wanted to get him in contact with the two of you so he can get his questions to the individuals in the know. Thanks,

 

Brent




 

-- 

Mike Knoth

Software Engineer

HII Mission Driven Innovative Solutions (HII-MDIS) – formerly G2, Inc.

Technical Solutions Division

  <https://lh6.googleusercontent.com/JthxIRRs8H68c8eZoIPzuaQByK3jEdbuNj59yB9juKJ8PLnRr8ZDwXL4mzmYmA-IYpuwjak8UIeh6PR58XzU9TCCwHjQqGZC5-Lw2AN8OYXHyzxIlgfTNwDu-ADOz8wCza_qi2a5> 

302 Sentinel Drive | Annapolis Junction, MD 20701

Email: mike.knoth at g2-inc.com <mailto:mike.knoth at g2-inc.com> 

Mobile: (320) 305-6453

 

Confidentiality Statement:

HUNTINGTON INGALLS INDUSTRIES PROPRIETARY – This e-mail contains information proprietary or private to Huntington Ingalls Industries, Inc., and is not to be disclosed to, copied by, or used in any manner by others without the prior express, written permission. If you are not the intended recipient, please delete without copying and kindly advise the sender by e-mail of the mistake in delivery.


This communication (including any attachments) may contain information that is proprietary, confidential or exempt from disclosure. If you are not the intended recipient, please note that further dissemination, distribution, use or copying of this communication is strictly prohibited. Anyone who received this message in error should notify the sender immediately by telephone or by return email and delete it from his or her computer. 




 

-- 

Mike Knoth

Software Engineer

HII Mission Driven Innovative Solutions (HII-MDIS) – formerly G2, Inc.

Technical Solutions Division

  <https://lh6.googleusercontent.com/JthxIRRs8H68c8eZoIPzuaQByK3jEdbuNj59yB9juKJ8PLnRr8ZDwXL4mzmYmA-IYpuwjak8UIeh6PR58XzU9TCCwHjQqGZC5-Lw2AN8OYXHyzxIlgfTNwDu-ADOz8wCza_qi2a5> 

302 Sentinel Drive | Annapolis Junction, MD 20701

Email: mike.knoth at g2-inc.com <mailto:mike.knoth at g2-inc.com> 

Mobile: (320) 305-6453

 

Confidentiality Statement:

HUNTINGTON INGALLS INDUSTRIES PROPRIETARY – This e-mail contains information proprietary or private to Huntington Ingalls Industries, Inc., and is not to be disclosed to, copied by, or used in any manner by others without the prior express, written permission. If you are not the intended recipient, please delete without copying and kindly advise the sender by e-mail of the mistake in delivery.

 


  _____  



This e-mail and any attachments are intended only for the use of the addressee(s) named herein and may contain proprietary information. If you are not the intended recipient of this e-mail or believe that you received this email in error, please take immediate action to notify the sender of the apparent error by reply e-mail; permanently delete the e-mail and any attachments from your computer; and do not disseminate, distribute, use, or copy this message and any attachments.




 

-- 

Mike Knoth

Software Engineer

HII Mission Driven Innovative Solutions (HII-MDIS) – formerly G2, Inc.

Technical Solutions Division

  <https://lh6.googleusercontent.com/JthxIRRs8H68c8eZoIPzuaQByK3jEdbuNj59yB9juKJ8PLnRr8ZDwXL4mzmYmA-IYpuwjak8UIeh6PR58XzU9TCCwHjQqGZC5-Lw2AN8OYXHyzxIlgfTNwDu-ADOz8wCza_qi2a5> 

302 Sentinel Drive | Annapolis Junction, MD 20701

Email: mike.knoth at g2-inc.com <mailto:mike.knoth at g2-inc.com> 

Mobile: (320) 305-6453

 

Confidentiality Statement:

HUNTINGTON INGALLS INDUSTRIES PROPRIETARY – This e-mail contains information proprietary or private to Huntington Ingalls Industries, Inc., and is not to be disclosed to, copied by, or used in any manner by others without the prior express, written permission. If you are not the intended recipient, please delete without copying and kindly advise the sender by e-mail of the mistake in delivery.




 

-- 

Mike Knoth

Software Engineer

HII Mission Driven Innovative Solutions (HII-MDIS) – formerly G2, Inc.

Technical Solutions Division

  <https://lh6.googleusercontent.com/JthxIRRs8H68c8eZoIPzuaQByK3jEdbuNj59yB9juKJ8PLnRr8ZDwXL4mzmYmA-IYpuwjak8UIeh6PR58XzU9TCCwHjQqGZC5-Lw2AN8OYXHyzxIlgfTNwDu-ADOz8wCza_qi2a5> 

302 Sentinel Drive | Annapolis Junction, MD 20701

Email: mike.knoth at g2-inc.com <mailto:mike.knoth at g2-inc.com> 

Mobile: (320) 305-6453

 

Confidentiality Statement:

HUNTINGTON INGALLS INDUSTRIES PROPRIETARY – This e-mail contains information proprietary or private to Huntington Ingalls Industries, Inc., and is not to be disclosed to, copied by, or used in any manner by others without the prior express, written permission. If you are not the intended recipient, please delete without copying and kindly advise the sender by e-mail of the mistake in delivery.

_______________________________________________
platformONE mailing list
platformONE at redhat.com <mailto:platformONE at redhat.com> 
https://www.redhat.com/mailman/listinfo/platformone

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/platformone/attachments/20191205/d1d803bb/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 2127 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/platformone/attachments/20191205/d1d803bb/attachment.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5490 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/platformone/attachments/20191205/d1d803bb/attachment.p7s>

More information about the platformONE mailing list