I have Openshift deployed and working fine, but now am putting a DNS record and a valid certificate in front of it. I haven't had any luck and haven't found any documentation on doing this.
My strategy just to update the hostname was to sed the existing public hostname with the new one in all files in the master/node configurations, but that didn't seem to work.
Is there a specific playbook/inventory fields I need to use/update in order to update this easily from the Ansible master?
UPDATE: I ran the 'openshift-master/redeploy-certificates.yaml' after I updated the inventory file with the following:
openshift_master_overwrite_named_certificates=true
openshift_master_cluster_public_hostname=new-public-hostname.com
Afterwards I checked the certs on the master node and they seemed to have added a new SAN to the master.server.crt and etcd.server.crt. However, when I go to the new hostname, it still redirects me to the old hostname. Is there another playbook I'm missing to update that in the system?
The redirection might be caused by the web console service that probably is not configured and uses the old masterURL.
Check this previous thread https://stackoverflow.com/a/54399071/2802150 as it addresses the same problem.
Related
I am setting up greenplum 3 node cluster for POC while checking installation steps I found that hostfile_exkeys file have to be in master node.
Can anyone tell me where I should create this file location, node etc?
And most important what to put in this?
You create hostfile_exkeys on the Master. It isn't needed on the other hosts. You can put it in /home/gpadmin or anywhere that is convenient for you.
You put the three hostnames for your POC in this file. Example:
mdw
sdw1
sdw2
This is documented pretty well here: https://gpdb.docs.pivotal.io/5120/install_guide/prep_os_install_gpdb.html
You can also run a POC in the cloud. Greenplum is available in AWS, Azure, and GCP. It does all of the configuration for you. You can even use the BYOL product listings for 90 days for free to evaluate the product or you can use the Hourly billed products to get support while you evaluate the product.
There are examples in the utililty reference for gpssh-exkeys documentation but, in general, you should put in all the hostnames in your cluster. If there a multiple network-interfaces, those can go in instead.
I generally put this file either in /home/gpadmin or /home/gpadmin/gpconfigs (good place to keep all files for initial setup and initialization).
Your file will look something like (one name per line):
mdw
sdw1
sdw2
If there are 2 network interfaces, it might look something like:
mdw
mdw-1
mdw-2
sdw1
sdw1-1
sdw1-2
sdw2
sdw2-1
sdw2-2
Your /etc/hosts file (on all server) should include the IP addresses for all the interfaces and their names, so this file should match those names listed in /etc/hosts.
This is primarily to allow the master to exchange ssh keys with all hosts so it is always password-less login to the hosts. After you have this file set up, you will run (example):
gpssh-exkeys -f /home/gpadmin/gpconfigs/yourhostfilename
I hope this helps.
I don't know if this is possible I have only been using chef for about a week and a half now, I can't seem to find anything on the internet about doing this. But basically we have the chef client installed on a image. Each image has a configuration script that is run when the image is setup for the first time to set up the computer name and other settings specific to its setup.
So what I need to have happen once the config script finishes is to have a node created with the node name as the name of the computer that was entered automatically, along with aslo adding it to a role so that these nodes can later be sorted and have the correct roles added. So that going forward each new node will be created as soon as the server is setup without human interaction.
The way you do this is with the validator key system. Basically in the image have Chef installed, and have the /etc/chef/client.rb configuration created and pointed at your Chef Server, but don't create the client.pem key. If that key doesn't exist, chef-client will look for a validation key and use that to self-register with the Chef Server (by default it uses the FQDN of the server as the node name, but you can have your last-mile script append node_name "whatever" to the client.rb if you want to use something else). The difficult bit of validator-based bootstraps is how to store, access, and manage that validator key. The lazy way would be to just include it in the image, but this raises some troubling security issues. Unfortunately the best approach will depend entirely on what kind of systems you are running on and what security infrastructure is available. Also don't forget to remove the validator key after the initial bootstrap, there is a recipe in the chef-client cookbook for this.
Situation:
As a developer I'd like to "clone" our development environment (on an office server) so we can use it locally (for example when no/limited internet access is available). We've decided to give Vagrant a try.
What did I do?
First I used PuPHPet to create a basic config including nginx, php (incl modules), composer, git, memcached etc. You can find my config here. I also added a nginx vhost for our website.dev. This is where I run into the first problem.
We use a few additional config settings to the location block. A rewrite, a fastcgi_pass and a include. This is not available so I searched a lot online and I found out I could use the following statement (was more a try/fail/retry).
location_cfg_append:
{ rewrite: ".* /dispatch.php break", include: "fastcgi-params.conf", fastcgi_pass: "127.0.0.1:9000" }
First question:
This does work, however is this the way to do this? I'm not sure if I should be editing this config file (the file generated by PuPHPet) directly.
Second question:
How should I 'upload' the fastcgi-params.conf file I want to include? I did not find a way to do this in the config.yaml but there is a way to run some scripts. For now I've added a echo [contents] > /etc/nginx/fastcgi-params.conf that does work. However...
Third question:
When the VM is provisioned the nginx config is created. When that is done nginx is restarted. However at that moment the fastcgi-params.conf file does not exist yet (this is created AFTER the provisioning).
When nginx reloads this will fail, trigger an error and the machine can not finish the provision sequence (so it will never create the config file).
I can create this file on the next boot (and then nginx will work) but this cannot be the correct way to do this. So: how can I (before nginx 'installation') create / deploy a file to the VM? Or more generic (question 2): How can I upload a file to the VM?
If this is totally not the way to go please let me know! This are our first steps into creating a locally development machine so other/better methods are welcome.
First question: This does work, however is this the way to do this? I'm not sure if I should be editing this config file (the file generated by PuPHPet) directly.
Yes, I encourage this.
Second question: How should I 'upload' the fastcgi-params.conf file I want to include?
Place it inside one of your shared folders. It'll be available within the VM and you can reference it that way.
Third question
The above answer fixes this issue.
I am new to Bluemix as part creating an app following the steps below:
Log in to Bluemix with your Bluemix account.
Open the Catalog menu.
From the Runtimes section, click Liberty for Java.
In the App field, specify the name of your app [entered name]
Click the Create button
I am getting the error below:
BXNUI2032E: An error occurred when contacting Cloud Foundry to create a resource. Resource: routes. Cloud Foundry message: "The host is taken: vTest." See the Troubleshooting topics in the IBM Bluemix Documentation to check service status, review troubleshooting information, or for information about getting help.
Thanks in Advance
Bluemix will auto create the hostname for your app based on what you type into the name of the app. The above error means someone else has that hostname for their app.
The error message will probably look like the following.
cf push watson-um-demo
Creating app watson-um-demo in org jbsloyer#us.ibm.com / space demos as jbsloyer#us.ibm.com...
OK
Creating route watson-um-demo.mybluemix.net...
FAILED
Server error, status code: 400, error code: 210003, message: The host is taken: watson-um-demo
To resolve the issue you can modify the hostname field.
Bluemix assigns your app with a domain of mybluemix.net if you are running in the US-South region. If you are running in the EU-GB region Bluemix will assign your app with a domain of eu-gb.mybluemix.net You can map your own domains to your app as well. See https://www.ng.bluemix.net/docs/#manageapps/index-gentopic3.html#domain.
The guys before me already gave you the answer you were looking for, I just want share some good practices, if you don't mind. While it might not work for you, it has worked like a charm for me over past months
What has worked best for me is to start every App Name with my initials and than the app name. Colleagues of mine are doing the same just adding their name at the end.
So whenever I create a new app I follow my little schema in head:
Initials in front
no spaces just underscores
Descriptive and easy to remember so that I can quickly type it in the command line
The host you input will be the part of your url before mybluemix.net (yours would be vTest.mybluemix.net), so it needs to be globally unique across all of Bluemix. Try adding some random characters to the end of your host.
Don't stress out :) The reality is you likely will not want to use mybluemix.net for a customer facing URL/Route. Simply replace the name that you initially used that is already used by someone else with a compliant one see Restrictions on Valid Hostnames. It really doesn't matter which one.
Then get yourself a DNS provider like Domainmaster.com register your own custom domain. Like: www.mygreatsite.com
Then modify Bluemix to use your own custom domain you created. Read the documentation on Creating and using a custom domain with Bluemix.
You may want to setup other settings in your DNS like Cname, AAAA records and A records. Work with the DNS provider to figure out which ones you want to change.
I've an application running on a dev server and connecting to a dev-db hosting an oracle instance.
Now i'm deploying the on a prod/prod-db machine
Since the dev-db url is hardcoded inside the java code, the just-copied binaries still points to dev-db. As a quick warkaround i added a line in Windows Host file on prod so that dev-db now points to prod-db IP address. It's work, but i'm not very satisfied of this global-scope solution.
I was wondering if exits a way to make a hosts file "private" for a certain environments ie. only valid in the scope of my running application
No, there's no way to do this, and it's a bad approach anyway.
You should instead fix the real problem, which is the hard-coding of the address inside your java code. Put such things in a properties file, and use a different properties file for production.