ikurni

Openshift Day 2 guidance :
-----------------------------------------------------------------------------------------------
Configure Openshift ingress operator to use node label “infra: true” and run router pods only in infra node
Edit openshift-ingress config :
# oc edit ingresscontrollers.operator.openshift.io/default -n openshift-ingress-operator
In the spec: section add below comment :
---
 nodePlacement:
    nodeSelector:
      matchLabels:

ikurni

##Openshift OC Command using json type :
oc patch <object> <object> --type=json -p (sample)

##The original document :
{
  "baz": "qux",
  "foo": "bar"
}
The patch :
[

ikurni

### Run below command to enable rook-ceph-tools in OCS Cluster

oc patch OCSInitialization ocsinit -n openshift-storage --type json --patch  '[{ "op": "replace", "path": "/spec/enableCephTools", "value": true }]'

ikurni

https://access.redhat.com/solutions/2178611


### How to Force a pod to schedule to a specific node using nodeSelector in OCP

Pods get scheduled to nodes based on the node labels. NodeSelector will get set either for the cluster, project, or pod to determine which node or group of nodes the pod will be scheduled to.

The easiest way to test and ensure a pod is scheduled to a node is by setting it at the project level. This can only be done by cluster-admins or users with elevated privileges.

# oc adm project <NAME> --node-selector='foo=bar'

ikurni

# After 2 years deployment, suddenly Authentication and Console Operator is degraded, and after we check the operator status, it shows that
# the certificate is expired. To solve this, just delete the secret, and Operator will create new certificate. Assume we still use
# Openshift default certificate

### Delete Ingress CA Secret
oc project openshift-ingress-operator
oc get secret router-ca -oyaml > router-ca.yaml
oc delete secret router-ca
oc delete pod --all
oc get secret router-ca

ikurni

### Step 1
oc delete pod <podsname> -n myproject --grace-period=0 --force

### Step 2
oc edit pod <podsname>
#Remove deletionTimestamp
  #Before: deletionTimestamp: 2019-12-31T11:40:28Z
  #After: deletionTimestamp: null
#Remove Finalizers
  #Before

ikurni

### Create SSL file for HTTPS traffic
mkdir /etc/haproxy/ssl
cat /root/wildcard.example.com.crt /root/wildcard.example.com.key >> /root/wildcard.example.com.pem
mv /root/wildcard.example.com.pem /etc/haproxy/ssl/

### Configure HAProxy.cfg to accept HTTPS, redirect HTTPS to HTTP and replace header to targeted URL
vi /etc/haproxy/haproxy.cfg

#---
#---------------------------------------------------------------------

ikurni

### Performance check command from etcd pod

# oc rsh <etcd-pod> -n openshift-etcd
$ etcdctl check perf --load="m"
$ etcdctl check perf --load='l'
$ etcdctl --write-out=table endpoint status
$ etcdctl --write-out=table endpoint health
$ etcdctl --write-out=table member list

### Collect metrics from the cluster.

ikurni

https://access.redhat.com/solutions/396753 --> Remove Locked Entities Manually

##How to Clean up Task in RHV :
#List Tasks :
/usr/share/ovirt-engine/setup/dbutils/taskcleaner.sh 
#Kill Tasks :
/usr/share/ovirt-engine/setup/dbutils/taskcleaner.sh -t <taskID>

ikurni

### If nodes is stuck in pulling images, or connection are too slow, sometime process can't move. Below is how to re-trigger ###

/run/bin/machine-config-daemon firstboot-complete-machineconfig