#NOTES:
- atomic-reactor and osbs from my COPR my COPR (latest from upstream git)
- openshift-ansible upstream for installation of OpenShift
- for "lab environment" DNS setup, use dnsmasq OpenShift docs
- The example here is a single-node deployment named lsobs.example.com with the *.cloudapps.example.com configured as in the doc
- Turns out you don't need a fully functional OpenShift environment to run OSBS
- Can work without openshift-router and openshift-docker-registry
- Probably not best
#STEPS:
For my installation the steps were the following (vary based on deployment environment)
$ git clone https://github.com/openshift/openshift-ansible.git
# Create inventory.txt based on openshift-ansible docs
$ ansible-playbook playbooks/byo/config.yml -i inventory.txt
$ oadm router --create=true \
--credentials=/etc/openshift/master/openshift-router.kubeconfig
# Create mountpoint for docker-registry persistant storage
$ mkdir /var/lib/openshift/docker-registry
# Setup service account for the registry
# https://docs.openshift.org/latest/admin_guide/install/docker_registry.html
$ echo \
'{"kind":"ServiceAccount","apiVersion":"v1","metadata":{"name":"registry"}}' \
| oc create -f -
# Add a line under users with the user name system:serviceaccount:default:registry.
$ oc edit scc privileged
$ oadm registry \
--service-account=registry \
--config=admin.kubeconfig \
--credentials=openshift-registry.kubeconfig \
--mount-host=/var/lib/openshift/docker-registry
# Will need this later
$ REGISTRY_IP=$(awk '{ print $4 }' < <(oc get svc docker-registry --no-headers))
Follow OpenShift Enterprise install guide
Setup COPR
$ cd /etc/yum.repos.d/
$ wget -c https://copr.fedoraproject.org/coprs/maxamillion/atomic-reactor/repo/epel-7/maxamillion-atomic-reactor-epel-7.repo
$ yum -y install atomic-reactor osbs
# Make sure to have the right version of python-requests (pkg_resources.DistributionNotFound: requests>=2.2.1,<2.5.0)
## https://github.com/projectatomic/atomic-reactor/issues/226
## https://github.com/projectatomic/atomic-reactor/issues/225
# python-requests-2.4.3-1.el7.centos.noarch.rpm is available in the COPR
$ atomic-reactor create-build-image --reactor-tarball-path /usr/share/atomic-reactor/atomic-reactor.tar.gz /usr/share/atomic-reactor/images/dockerhost-builder buildroot
## Login as the builder
$ oc login
Username: builder
Password:
$ oc new-project builder
# The default docker registry performs auth against the OpenShift login tokens
$ docker login -u builder -e builder@example.com -p $(oc whoami -t) ${REGISTRY_IP}:5000
# Note the OpenShift namespace
# -> ${REGISTR_IP}:${PORT}/${OPENSHIFT_NAMESPACE}/${DOCKER_IMAGE}:${TAG}
$ docker tag buildroot ${REGISTRY_IP}:5000/builder/buildroot
$ docker push ${REGISTRY_IP}:5000/builder/buildroot
$ docker pull fedora
$ docker tag fedora ${REGISTRY_IP}:5000/builder/fedora
$ docker push ${REGISTRY_IP}:5000/builder/fedora
NOTE: This is only if we want to use the auto-push to registry feature (I think)
Set authorization policies to allow builder (this might be wide open, need to investigate authorization more)
$ oadm policy add-role-to-group edit system:unauthenticated system:authenticated
$ oadm policy add-role-to-group edit system:authenticated
$ oadm policy add-role-to-group edit --namespace=builder system:unauthenticated system:authenticated
[general]
build_json_dir = /usr/share/osbs/
[default]
openshift_uri = https://losbs.example.com:8443/
# if you want to get packages from koji (koji plugin in dock)
# you need to setup koji hub and root
# this sample is for fedora
koji_root = http://koji.fedoraproject.org/
koji_hub = http://koji.fedoraproject.org/kojihub
# in case of using artifacts plugin, you should provide a command
# how to fetch artifacts
sources_command = fedpkg sources
# from where should be images pulled and where should be pushed?
registry_uri = ${REGISTRY_IP}:5000
verify_ssl = false
build_type = simple
$ osbs --namespace builder build -g https://github.com/maxamillion/atomic-reactor-dockerfile-test.git -c test-image -u builder
$ osbs --namespace builder list-builds