Skip to content

OpenShift WildFly Operator :: Step by Step

Jump to bottom
Marco Sappé Griot edited this page Nov 16, 2023 · 11 revisions

How to get running WildFly Operator on OpenShift CRC on localhost and how to build the WildFly operator from sources

Running CodeReady Containers (OpenShift on localhost)

Running quickstart of WildFly Operator

  • ./wildfly-operator/build/run-openshift.sh

    • check oc get deploy; expected output

      NAME                                READY   STATUS    RESTARTS   AGE
wildfly-operator-6cb6b67b4f-jsd6n   1/1     Running   7          46m

  • With the deployed operator we can do a quick check if it works fine: oc apply -f deploy/crds/quickstart-cr.yaml

    • we deployed the quickstart defined in the -cr.yaml file, desired output (plus take a look at the logs oc logs quickstart-0)

      NAME                                READY   STATUS    RESTARTS   AGE
quickstart-0                        1/1     Running   0          60s
quickstart-1                        1/1     Running   0          60s
wildfly-operator-6cb6b67b4f-jsd6n   1/1     Running   7          97m

  • Deleting the testing app oc delete WildflyServer quickstart and deleting the operator `oc delete ` and going to work with bootable jar

    • oc get all should be showing no k8c objects

Building the operator from sources

Note

This section talks about specific branch which provides feature of WildFly bootable jar to Operator. The same is valid for any other branch or main branch of WildFly Operator.

  • Install golang + setup env variables (probably needed, not fully sure what is changing in the space of golang) + build WFLY operator + tag the result image

    dnf install -y go dep make
# dnf install podman-docker
export GO111MODULE=on # needed for wildfly-operator
export GOPATH="$HOME/go"
export PATH="$PATH:$HOME/go/bin"
git clone https://github.com/wildfly/wildfly-operator "$GOPATH/src/github.com/wildfly/wildfly-operator"
cd "$GOPATH/src/github.com/wildfly/wildfly-operator"
# expecting the bootable-jar functionality is still not merged to main
git remote add yersan https://github.com/yersan/wildfly-operator
git fetch yersan bootable-jar
# start building the operator go code
make build
make image

# verify the image was built and is in docker/podman localhost storage
docker images
# tag the image
docker tag quay.io/wildfly/wildfly-operator:latest default-route-openshift-image-registry.apps-crc.testing/$(oc project -q)/wildfly-operator:latest

  • Configure CRC registry to allow insecure pushes and push it to CRC internal registry

    # allow s2i to access the insecure registries
CLUSTER_ADDRESS=https://api.crc.testing:6443
oc login -u kubeadmin -p ${KUBEADMIN_PASSWORD} ${CLUSTER_ADDRESS}
oc patch --type=merge --patch='{
                "spec": {
                  "registrySources": {
                    "insecureRegistries": [
                      "docker-registry.upshift.redhat.com", "brew-pulp-docker01.web.prod.ext.phx2.redhat.com:8888", "docker-registry.engineering.redhat.com", "registry-proxy.engineering.redhat.com", "registry.stage.redhat.io"
                    ]
                  }
                }
              }' \
        image.config.openshift.io/cluster
# restart after patching the config
crc stop; crc start

# push the image to CRC registry
oc login -u developer -p developer https://api.crc.testing:6443
docker login -u developer -p $(oc whoami -t) default-route-openshift-image-registry.apps-crc.testing --tls-verify=false
# NOTE: I'm using podman as the docker alias here, docker command has no option --tls-verify=false
docker push default-route-openshift-image-registry.apps-crc.testing/$(oc project -q)/wildfly-operator:latest --tls-verify=false

  • Deploy the new Operator code to CRC

    sed -i "s|quay.io/wildfly/wildfly-operator:latest|image-registry.openshift-image-registry.svc:5000/$(oc project -q)/wildfly-operator:latest|" $GOPATH/src/github.com/wildfly/wildfly-operator/deploy/operator.yaml
# optionally it's necessary to run this as kube admin, if it was done once before then it could be run as 'developer' next times
# oc login -u kubeadmin -p ${KUBEADMIN_PASSWORD}  https://api.crc.testing:6443
./build/run-openshift.sh
# oc login -u developer -p developer https://api.crc.testing:6443

# Bootable JAR
oc create -f $GOPATH/src/github.com/wildfly/wildfly-operator/deploy/crds/quickstart-bootable-jar-cr.yaml

# WildFly Operator Quickstart
oc create -f $GOPATH/src/github.com/wildfly/wildfly-operator/deploy/crds/quickstart-cr.yaml

  • When running it could be time to verify what we have configured for the bootable WildFly jar

    oc rsh quickstart-bootable-jar-0 /opt/jboss/container/wildfly-bootable-jar-server/bin/jboss-cli.sh -c '/core-service=platform-mbean/type=runtime:read-attribute(name=system-properties)'

  • Try to scale down

    # verify what's the name of the WildFly server deployment (expecting it's quickstart-bootable-jar)
oc get WildFlyServer
# or shortly 'oc get wfly'
# you can edit spec of replica count via text editor
oc edit wfly quickstart-bootable-jar
# or use patch command to set replica count as
oc patch wildflyserver quickstart-bootable-jar -p '[{"op":"replace", "path":"/spec/replicas", "value":3}]' --type json

Troubleshooting

1)

  • error Unable to set ownership of ~/.crc/bin/goodhosts to root: exit status 1: Sorry, user <username> is not allowed to execute '/usr/bin/chown root ~/.crc/bin/goodhosts' as root on <username>.

    • No permission to execute the command. Change the /etc/sudoers or make the user permission to run with root-like permissions

      su -
visudo
<username> ALL=(ALL)      ALL

2)

  • cannot start the wildfly-operator - the restart column is increasing and not pod is started

  • maybe some permissions or image can’t be downloaded

  • check the oc get replicaset, oc describe rs …​; oc get pod; oc logs <podname>; oc logs <podname> --previous

3)

  • podman used instead of docker

  • it’s fine to use alias docker=podman but it does not help for Makefile when using docker. Try to install dnf install podman-docker.

4)

  • Configure docker registries for not being checked for TLS (when using podman there is option --tls-verify=false which can help here) You have to permit push and pull for such registries. When you are in Fedora change /etc/sysconfig/docker

    example of such configuration
    # /etc/sysconfig/docker
OPTIONS='--selinux-enabled --log-driver=journald --live-restore'
if [ -z "${DOCKER_CERT_PATH}" ]; then
   DOCKER_CERT_PATH=/etc/docker
fi

ADD_REGISTRY='--add-registry quay.io --add-registry registry.access.redhat.com --add-registry docker-registry-default.192.168.42.105.nip.io'
INSECURE_REGISTRY='--insecure-registry brew-pulp-docker01.web.prod.ext.phx2.redhat.com:8888 --insecure-registry docker-registry-default.192.168.42.105.nip.io --insecure-registry registry-console.engineering.redhat.com --insecure-registry image-registry-openshift-image-registry.apps.eap-qe-cluster25.eap-qe-cluster25.fw.rhcloud.com:443 --insecure-registry docker-registry.engineering.redhat.com'

5)

When using podman then registries (e.g. where images can be downloaded from) is configurable at /etc/containers/registries.conf

example of registry configuration to use Red Hat registries
[registries.search]
registries = ['registry.access.redhat.com', 'docker.io', 'brew-pulp-docker01.web.prod.ext.phx2.redhat.com:8888', 'quay.io']

[registries.insecure]
registries = ['brew-pulp-docker01.web.prod.ext.phx2.redhat.com:8888', 'docker-registry.upshift.redhat.com', 'registry.access.redhat.com', 'docker.io', 'docker.registry.upshift.redhat.com', 'registry-proxy.engineering.redhat.com', 'registry.stage.redhat.io']

HOME

Installation guides

Misc

Clone this wiki locally