Install Openshift 4 di GCP

Berikut cara install Openshift 4.4 di Google Cloud Platfrom

1. Initial setup untuk gcloud

$ gcloud init

$ gcloud config list
[compute]
region = us-central1
zone = us-central1-a
[core]
account = sample@example.com
disable_usage_reporting = True
project = [PROJECT_NAME]

2. Enable beberapa API yang dibutuhkan

$ gcloud services enable compute.googleapis.com --project [PROJECT_NAME]
$ gcloud services enable cloudapis.googleapis.com --project [PROJECT_NAME]
$ gcloud services enable cloudresourcemanager.googleapis.com --project [PROJECT_NAME]
$ gcloud services enable dns.googleapis.com --project [PROJECT_NAME]
$ gcloud services enable iamcredentials.googleapis.com --project [PROJECT_NAME]
$ gcloud services enable iam.googleapis.com --project [PROJECT_NAME]
$ gcloud services enable servicemanagement.googleapis.com --project [PROJECT_NAME]
$ gcloud services enable serviceusage.googleapis.com --project [PROJECT_NAME]
$ gcloud services enable storage-api.googleapis.com --project [PROJECT_NAME]
$ gcloud services enable storage-component.googleapis.com --project [PROJECT_NAME]

3. Buat service account dan assign rolenya

$ gcloud iam service-accounts create openshift-sa \
--description="sa-for-openshift" \
--display-name="openshift-sa"

$ gcloud iam service-accounts keys create ~/.gcp/osServiceAccount.json \
--iam-account openshift-sa@[PROJECT_NAME].iam.gserviceaccount.com

$ gcloud projects add-iam-policy-binding [PROJECT_NAME] \
--member "serviceAccount:openshift-sa@[PROJECT_NAME].iam.gserviceaccount.com" --role "roles/owner"

5. Download openshift-install dan pull-secret dari link berikut

https://cloud.redhat.com/openshift/install/gcp/installer-provisioned

6. Deploy

$ tar -xvf openshift-install-linux.tar.gz
$ mkdir ocp4
$ cp pull-secret.txt ocp4/
$ ./openshift-install create install-config --dir=./ocp4/
$ ./openshift-install create cluster --dir=./ocp4/ --log-level=info
INFO Credentials loaded from file "~/.gcp/osServiceAccount.json"
INFO Consuming Install Config from target directory
INFO Creating infrastructure resources...
INFO Waiting up to 20m0s for the Kubernetes API at https://api.[CLUSTER_NAME].[FQDN]:6443...
INFO API v1.17.1+912792b up
INFO Waiting up to 40m0s for bootstrapping to complete...
INFO Destroying the bootstrap resources...
INFO Waiting up to 30m0s for the cluster at https://api.[CLUSTER_NAME].[FQDN]:6443 to initialize...
INFO Waiting up to 10m0s for the openshift-console route to be created...
INFO Install complete!
INFO To access the cluster as the system:admin user when using 'oc', run 'export KUBECONFIG=~/ocp4/auth/kubeconfig'
INFO Access the OpenShift web-console here: https://console-openshift-console.apps.[CLUSTER_NAME].[FQDN] 
INFO Login to the console with user: kubeadmin, password: [PASSWORD]

Done

Harbor Installation & Configuration

Preparation

# mkdir /workspace
# cd /workspace
# wget https://github.com/goharbor/harbor/releases/download/v1.10.1/harbor-offline-installer-v1.10.1.tgz
# tar -xvf harbor-offline-installer-v1.10.1.tgz
# cd harbor

# vi harbor.yml

hostname: 192.168.65.141 <- Ubah sesuai dengan IP Harbor.
  http:
    port: 80
  https:
    port: 443
    certificate: /data/cert/example.com.crt
    private_key: /data/cert/example.com.key

Crete SSL self-sign certificates

# openssl genrsa -out ca.key 4096

# openssl req -x509 -new -nodes -sha512 -days 3650 \
   -subj "/C=CN/ST=Jakarta/L=Jakarta/O=example/OU=Personal/CN=example.com" \
   -key ca.key \
   -out ca.crt

# openssl genrsa -out example.com.key 4096

# openssl req -sha512 -new \
   -subj "/C=CN/ST=Jakarta/L=Jakarta/O=example/OU=Personal/CN=example.com" \
   -key example.com.key \
   -out example.com.csr

# cat > v3.ext <<-EOF
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names

[alt_names]
DNS.1=example.com
DNS.2=example
DNS.3=harbor
IP.1=192.168.65.141
EOF

# openssl x509 -req -sha512 -days 3650 \
   -extfile v3.ext \
   -CA ca.crt -CAkey ca.key -CAcreateserial \
   -in example.com.csr \
   -out example.com.crt

# mkdir /data/cert/
# cp example.com.crt /data/cert/
# cp example.com.key /data/cert/
# openssl x509 -inform PEM -in example.com.crt -out example.com.cert
# mkdir /etc/docker/certs.d/example.com/
# cp example.com.cert /etc/docker/certs.d/example.com/
# cp example.com.key /etc/docker/certs.d/example.com/
# cp ca.crt /etc/docker/certs.d/example.com/
# cp ca.crt /usr/local/share/ca-certificates/
# update-ca-certificates
# systemctl restart docker

Deploy Harbor

# ./prepare
# docker-compose down -v
# docker-compose up -d

Push Docker images

# docker login example.com
# docker tag mysql:latest example.com/nama_project/mysql:latest
# docker push example.com/nama_project/mysql:latest

Done

Monitoring Jenkins dengan Prometheus dan Grafana

1. Jalankan container jenkins, prometheus dan grafana, dalam tutorial ini semua container ada di dalam satu host.

# docker run -d --name invaleed/jenkins-custom -p 8080:8080 -p 50000:50000 jenkins
# docker run -d --name prometheus -p 9090:9090 prom/prometheus
# docker run -d --name grafana -p 3000:3000 grafana/grafana

2. Install “Prometheus metrics plugin” di Jenkins
3. Periksa hasil instalasi plugin dengan mengakses http://JENKINS_HOST:PORT/prometheus
4. Ubah konfigurasi prometheus dengan menambahakan konfigurasi berikut di bagian paling bawah pada berkas prometheus.yml

# docker exec -it prometheus /bin/sh
# vi /etc/prometheus/prometheus.yml

- job_name: 'jenkins'
  metrics_path: /prometheus
  static_configs:
    - targets: ['JENKINS_HOST:PORT']

# docker restart prometheus

5. Login ke grafana http://GRAFANA_HOST:PORT/ menggunakan username admin/admin
6. Dashboard — Add Datastore — pilih Prometheus, masukkan url “PROMETHEUS_HOST:PORT”, save & test.
7. Dashboard — Import Dashboard — Masukkan ID 9964
8. Done

Howto Create Scalabale Jenkins

Deploy jenkins deployment file, please refer to this link.

# kubectl create -f jenkins-deployment.yaml
# kubectl create -f jenkins-service.yaml
# kubectl create -f jenkins-ingress.yaml

Create a service account

# kubectl -n default create sa jenkins

Gives cluster-admin permissions to the new account

# kubectl create clusterrolebinding jenkins --clusterrole cluster-admin --serviceaccount=default:jenkins

Retrieves the secret

# kubectl get -n default sa/jenkins --template='{{range .secrets}}{{ .name }} {{end}}' | xargs -n 1 kubectl -n default get secret --template='{{ if .data.token }}{{ .data.token }}{{end}}' | head -n 1 | base64 -d -

Copy the whole content printed at the console and go to Jenkins > Credentials > System > Global credentials > Add Credentials, change the Kind drop-down options to Secret text and past into Secret, create with name “jenkins-sa”.

Configure Jenkins

# Kubernetes
Name : kubernetes
Kubernetes URL : ["kubectl cluster-info | grep master"]
Credentials : jenkins-sa
Jenkins URL : ["kubectl describe pod jenkins-xxx | grep IP:"]

# Pod Template
Name : jenkins-slave
Namespace : default
Labels : jenkins-slave

# Container Template
Name : jenkins-slave
Docker image : jenkins/jnlp-slave

Lets the others to be default

Create jenkins job and test!

Masalah-masalah phpVirtualBox

Meneruskan tulisan kemarin tentang instalasi phpvirtualbox di BlankOn Rote, hari ini ditemukan sedikit problem bahwa vm-vm yang dibuat sebelum menginstall phpVirtualBox dan extpack nya, ketika dijalankan maka akan muncul “access denied”.

Solusinya mudah, berikan hak akses secukupnya terhadap user “vbox” atas folder dimana vm-vm tersebut berada.

# chown -R vbox:vboxusers /path/lokasi_vms

Problem selanjutnya adalah ketika vm-vm tersebut dijalankan maka menu “console” nya  tidak berfungsi (grey area), dan berikut solusinya :

List dulu vm-vm yang ada di mesin kita :

# su - vbox
$ VBoxManage list -l vms | grep Name:
Name:         Windows Seven
Name:         Ubuntu 12.04
Name:         BlankOn Rote

Terlihat ada tiga vm yang kita punya, tapi disini saya contohkan satu mesin saja 🙂

$ VBoxManage modifyvm "BlankOn Rote" --vrdeport 9000-9010
$ VBoxManage modifyvm "BlankOn Rote" --vrde on
$ VBoxManage controlvm "BlankOn Rote" vrde on

Ternyata dan ternyata; ada cara yang lebih mudah, tinggal klik kanan pada Nama VM — Settings — Display — Remote Display, kemudian aktifkan dan sesuaikan.

setting_display

Bagaimanapun lewat console tetap lebih indah 🙂

Howto Install ManageEngine OpManager di BlankOn Rote

Berikut caranya :

Download ManageEngine OpManager

# wget http://www.manageengine.com/network-monitoring/29809517/ManageEngine_OpManager.bin

Berikan akses secukupnya, kemudian lakukan instalasi

# chmod +x ManageEngine_OpManager.bin
# ./ManageEngine_OpManager.bin

me1

Gunakan command berikut untuk instalasi melalui console

# ./ManageEngine_OpManager.bin -console

Tunggu hingga selesai, kemduian jalankan OpManager-nya

# cd /opt/ManageEngine/OpManager/bin
# ./StartOpManagerServer.sh

Tunggu hingga muncul pesan bahwa instalasi berhasil dan modul-module sudah berjalan dengan baik.

Dari browser akses http://ip_opmanager:80

Gunakan user: admin dan password: admin untuk login pertama kali.

login_opmanager1

Remove bootmenu Vista

Ceritanya mo keren-kerenan ma temen2 kantor, pake vista :p, saya buat dual boot dengan Windows XP, eh nggak taunya aplikasi-aplikasi kantor yang sehari-harinya dipake buat kerja nggak pada support vista, ya sudah terpaksa deh uninstall Vista nya, caranya, saya format drive dimana terdapat OS Vista tersebut 🙂

Masalah muncul setelah saya coba reboot, di menu boot nya masih muncul pilihan, XP atau Vista, ok… sampai disini saya masih pede, saya coba boot menggunakan cd installer windows XP, kemudian saya pilih menu repair, dan saya coba fixmbr, kemudian saya reboot kembali, ternyata… pilihan menu boot nya belum hilang juga, saya coba lagi jalankan fixmbr-nya lagi, ternyata masalah masih belum solve juga…

Ok… langkah selanjutnya, saya buka Google, kemudian mencoba memasukkan beberapa keyword, dan akhirnya menemukan tool yang saya cari, namanya “VistaBootPRO“, tanpa pikir panjang lagi, langsung saya download tool tersebut, saya install (tool ini membutuhkan NET Framework), saya jalankan kemudian setting sesuai kebutuhan (mendelete menu boot vista) dan Alhamdulillah, setelah saya reboot pilihan menu OS ketika waktu stratup telah hilang… 🙂

vistabootpro vistabootpro3.jpg vistabootpro4.jpg