[Container-tools] Atomic Developer Bundle and OpenShift

Praveen Kumar kumarpraveen.nitdgp at gmail.com
Tue Nov 3 04:09:02 UTC 2015 

On Mon, Nov 2, 2015 at 11:04 PM, Langdon White <langdon at redhat.com> wrote:
> Hi list,
>
> I think we have a number of moving parts for getting OpenShift integrated in
> to the ADB vagrant box and I am nervous we don't have all the aspects
> assigned to anyone (on either the c-t team or the OpenShift team). I am also
> concerned that I might be missing some aspects. Please weigh in if you own
> one of these pieces and/or if you think we are missing any.
>
> * a method for docker images to be pre-loaded on to the vagrant boxes: As
> you probably agree, we would really like the v-up experience of the ADB to
> be as quick and painless as possible. One of things that will make that
> possible is to "pre-install" the docker images for OpenShift, AtomicApp,
> v2c, etc. However, the build tooling (koji) does not allow a build to access
> the general internet. As a result, "docker pull" is not an option (at least
> from docker-hub). We have a couple options here:
>   * stand up a docker registry in the build environment that the builds can
> access: While this seems like a good idea, the timeline to make this happen
> is probably on the order of months not days
>   * auto-rpm-ify the docker images: Build the images in koji, use koji to
> rpm-ify the binary images, pull the rpms as per normal, extract the rpm and
> inject them in to the docker-images storage. Likely, this is the most viable
> solution. However, it may run in to problems with docker-registry-v2
> (doesn't support import at this time).
> Is anyone owning testing and resolving this issue?
>
> * OpenShift needs dns to allow a user to access their applications: For
> OpenShift to give a good user experience, it needs to manage some wildcard
> domain. In other words, when a user sets up an application, they need to
> give it a name and they access the application from their host web browser
> at something like "myCoolApp.myADB.lcl". OpenShift uses host-headers to
> route the browser to the correct app. However, this means, if OpenShift is
> running in a VM, the host machine needs to know to route *.myADB.lcl to the
> VM and then to OpenShift. As the VM will come up on an (likely) unknowable
> IP, we planned to use vagrant-landrush, a plugin for vagrant that manages a
> DNS server for this type of use case. Currently, this plugin still has some
> problems on windows and has never been tested in this exact use case. Is
> someone working on:
>   1) testing that this setup will actually work with OpenShift (even on mac
> or linux where, i believe, v-landrush is known to work)
>   2) looking in to the issues on windows?
>
> What landrush, loosely, does:
> on start of the vagrant vm; vagrant launches the box; vagrant calls
> landrush; landrush looks at the ip of the vagrant-vm; inserts *.myADB.lcl ->
> vagrant-vm-ip;
>
> full example:
> web browser gets user request for mycoolnewwebsite.myADB.lcl; browser goes
> to host resolution (where that is depends on OS), in there it finds
> *.myADB.lcl-> vagrant-vm-ip; browser then navigates to that ip; OpenShift in
> the VM listens on that address:80, OpenShift looks at host-header
> (mycoolnewwebsite.myADB.lcl) and maps it to the correct running website in
> OpenShift
>
> * allow for k8s + docker to work independently of OpenShift: In the plans
> for ADB we wanted to allow a developer to use k8s+docker directly as well as
> OpenShift. However, this is not quite as easy as it seems as the k8s version
> on CentOS and the k8s version in OpenShift are not the same. As a result,
> even if they are installed separately (see installation bullets elsewhere),
> they need to be listening on different IP bindings to allow them to listen
> on the same port. Does someone own testing and ensuring the setup of these
> conflicting services?

I was working with k8s + openshift work independently part and tried
different method [0], [1] to isolate those services to avoid conflicts
and did discuss it with our technical meeting. The issue is still not
resolved and I had a discussion with openshift dev member (Maciej
Szulik) who said that is not a good idea and in ideal situation one
service should be running at any given point (k8s or openshift) [2]. I
would love to look it again if we have some way/suggestion to go
about. I will also check if bind will work as per our requirement.


[0] http://post-office.corp.redhat.com/archives/aos-devel/2015-October/msg00936.html
[1] http://blog.scottlowe.org/2013/09/04/introducing-linux-network-namespaces/
[2] http://fpaste.org/286287/23068144/

>
>
> Is that it?
>
> langdon



-- 
Praveen Kumar
http://fedoraproject.org/wiki/User:Kumarpraveen
http://fedoraproject.org/
http://kumar-pravin.blogspot.com

More information about the Container-tools mailing list