[Container-tools] Atomic Developer Bundle and OpenShift

Praveen Kumar kumarpraveen.nitdgp at gmail.com
Tue Nov 3 04:57:49 UTC 2015 

On Tue, Nov 3, 2015 at 9:39 AM, Praveen Kumar
<kumarpraveen.nitdgp at gmail.com> wrote:
> On Mon, Nov 2, 2015 at 11:04 PM, Langdon White <langdon at redhat.com> wrote:
>> Hi list,
>>
>> I think we have a number of moving parts for getting OpenShift integrated in
>> to the ADB vagrant box and I am nervous we don't have all the aspects
>> assigned to anyone (on either the c-t team or the OpenShift team). I am also
>> concerned that I might be missing some aspects. Please weigh in if you own
>> one of these pieces and/or if you think we are missing any.
>>
>> * a method for docker images to be pre-loaded on to the vagrant boxes: As
>> you probably agree, we would really like the v-up experience of the ADB to
>> be as quick and painless as possible. One of things that will make that
>> possible is to "pre-install" the docker images for OpenShift, AtomicApp,
>> v2c, etc. However, the build tooling (koji) does not allow a build to access
>> the general internet. As a result, "docker pull" is not an option (at least
>> from docker-hub). We have a couple options here:
>>   * stand up a docker registry in the build environment that the builds can
>> access: While this seems like a good idea, the timeline to make this happen
>> is probably on the order of months not days
>>   * auto-rpm-ify the docker images: Build the images in koji, use koji to
>> rpm-ify the binary images, pull the rpms as per normal, extract the rpm and
>> inject them in to the docker-images storage. Likely, this is the most viable
>> solution. However, it may run in to problems with docker-registry-v2
>> (doesn't support import at this time).
>> Is anyone owning testing and resolving this issue?
>>
>> * OpenShift needs dns to allow a user to access their applications: For
>> OpenShift to give a good user experience, it needs to manage some wildcard
>> domain. In other words, when a user sets up an application, they need to
>> give it a name and they access the application from their host web browser
>> at something like "myCoolApp.myADB.lcl". OpenShift uses host-headers to
>> route the browser to the correct app. However, this means, if OpenShift is
>> running in a VM, the host machine needs to know to route *.myADB.lcl to the
>> VM and then to OpenShift. As the VM will come up on an (likely) unknowable
>> IP, we planned to use vagrant-landrush, a plugin for vagrant that manages a
>> DNS server for this type of use case. Currently, this plugin still has some
>> problems on windows and has never been tested in this exact use case. Is
>> someone working on:
>>   1) testing that this setup will actually work with OpenShift (even on mac
>> or linux where, i believe, v-landrush is known to work)
>>   2) looking in to the issues on windows?
>>
>> What landrush, loosely, does:
>> on start of the vagrant vm; vagrant launches the box; vagrant calls
>> landrush; landrush looks at the ip of the vagrant-vm; inserts *.myADB.lcl ->
>> vagrant-vm-ip;
>>
>> full example:
>> web browser gets user request for mycoolnewwebsite.myADB.lcl; browser goes
>> to host resolution (where that is depends on OS), in there it finds
>> *.myADB.lcl-> vagrant-vm-ip; browser then navigates to that ip; OpenShift in
>> the VM listens on that address:80, OpenShift looks at host-header
>> (mycoolnewwebsite.myADB.lcl) and maps it to the correct running website in
>> OpenShift
>>
>> * allow for k8s + docker to work independently of OpenShift: In the plans
>> for ADB we wanted to allow a developer to use k8s+docker directly as well as
>> OpenShift. However, this is not quite as easy as it seems as the k8s version
>> on CentOS and the k8s version in OpenShift are not the same. As a result,
>> even if they are installed separately (see installation bullets elsewhere),
>> they need to be listening on different IP bindings to allow them to listen
>> on the same port. Does someone own testing and ensuring the setup of these
>> conflicting services?
>
> I was working with k8s + openshift work independently part and tried
> different method [0], [1] to isolate those services to avoid conflicts
> and did discuss it with our technical meeting. The issue is still not
> resolved and I had a discussion with openshift dev member (Maciej
> Szulik) who said that is not a good idea and in ideal situation one
> service should be running at any given point (k8s or openshift) [2]. I
> would love to look it again if we have some way/suggestion to go
> about. I will also check if bind will work as per our requirement.
>
>
> [0] http://post-office.corp.redhat.com/archives/aos-devel/2015-October/msg00936.html

http://fpaste.org/286292/46526472/ (Query mail because aos-devel is
internal and everyone may not have access to it.)

> [1] http://blog.scottlowe.org/2013/09/04/introducing-linux-network-namespaces/
> [2] http://fpaste.org/286287/23068144/




-- 
Praveen Kumar
http://fedoraproject.org/wiki/User:Kumarpraveen
http://fedoraproject.org/
http://kumar-pravin.blogspot.com

More information about the Container-tools mailing list