For some time I'm running publicly available web application Brno People team uses to determine technical interests of employee candidates. The app was running on the OpenShift v.2, but that was discontinued and I had to port it to OpenShift v.3. I was postponing the task for multiple moths and got to the state when v.2 instances were finally discontinued. It turned out that porting is not that hard. This is what I have done.
Note that I'm using Red Hat's Employee account, so some paths might be different when OpenShift is being used "normally" (you will see something like
....starter-us-east-1.openshift.com instead of mine
Because I need to put some private data into the image, I want the image to be accessible only from mine OpenShift Online account. Anyway, I have created Dockerfile based on Fedora Dockerfile template for Python (is it official?) like this:
FROM fedora MAINTAINER Jan Hutar <email@example.com> RUN dnf -y update && dnf clean all RUN dnf -y install subversion python mod_wsgi && dnf clean all RUN ... VOLUME ["/xyz/data/"] WORKDIR /xyz EXPOSE 8080 USER root CMD ["python", "/xyz/application"]
TODO for the container is: move to Python 3 (so I do not need to install python2 and dependencies, figure out how to have the private data available to the container but not being part of it (it is quite big directory structure), go through these nice General Container Image Guidelines and explore this Image Metadata thingy.
Once I had that, I needed to login to the OpenShift's registry, build my image locally, test it and push it:
sudo docker build --tag selftest . sudo docker run -ti --publish 8080:8080 --volume $( pwd )/data/:/xyz/data/ xyz # now I can check if all looks sane with `firefox http://localhost:8080` oc whoami -t # this shows token I can use below sudo docker login -u <username> -p <token> registry.rh-us-east-1.openshift.com sudo docker tag xyz registry.rh-us-east-1.openshift.com/xyz/xyz sudo docker push registry.rh-us-east-1.openshift.com/xyz/xyz
Now I have used Console on https://console.rh-us-east-1.openshift.com/ to create new application, then added a deployment to that application with Add to Project -> Deploy Image and selected (well, I could use cli tool oc for that):
- surprisingly you do not choose "Image Name" here
- but you choose "Image Stream Tag" with:
- Namespace: selftest
- Image Stream: selftest
- Tag: latest
So, because I wanted persistent storage and because my account uses Amazon EC2, I can not use "Shared Access (RWX)" storage type (useful when new pod is starting while old pod is still running), I had to change process of new pods start to first stop old and the start new: Applications -> Deployments -> my deployment -> Actions -> Edit -> Strategy Type: Recreate. I have created a storage with "RWO (Read-Write-Once)" access mode, added it to the deployment (... -> Actions -> Add Storage) and made sure that that storage is the only one attached to the deployment (... -> Actions -> Edit YAML and check that keys
spec.template.spec.volumes only contain one volume you have just attached). In my case, there is this in the YAML definition:
[...] spec: containers: - env: [...] volumeMounts: - mountPath: /xyz/data name: volume-jt8t6 [...] volumes: - name: volume-jt8t6 persistentVolumeClaim: claimName: xyz-storage-claim [...]
When working with this, I have also used ... -> Actions -> Pause Rollouts. It is also possible to configure environment variable for a deployment in ... -> Actions -> Edit -> Environment Variables which is useful to pass passwords and stuff into your app (so I do not need to store them in the image). In the app I use something like
import os; SMTP_SERVER_PASSWORD = os.getenv('XYZ_SMTP_SERVER_PASSWORD', default='') to read that.
To make the app available from outside world, I have created a route in Applications -> Routes -> Create Route. It created domain like
http://xyz-route-xyz.6923.rh-us-east-1.openshiftapps.com for me.
Now, looks like everything works for me and I'm kinda surprised how easy it was. I plan to get nicer domain and configure its CNAME DNS record and to explore monitoring possibilities OpenShift have. I'll see how it goes.