Category: Uncategorised

Categories
Uncategorised

Fresh Openshift Cluster install (4.6) on vSphere doesn’t complete – Cluster Monitoring Operator stuck

It’s a simple issue to resolve, but just a little annoying.

The CVO doesn’t complete because the Cluster-monitoring-operator pod rollout stuck with error message CreateContainerConfigError.

The actual error shows that :

Error: container has runAsNonRoot and image has non-numeric user (nobody), cannot verify user is non-root

This is still an open issue with Red Hat and it’s being tracked via this BZ. It is however easily corrected by deleting the offending pod and letting it get re-created

Categories
ESXi Red Hat Uncategorised vRealize

Powercli via RHEL7 UBI container images

So yes, that is quite a specific title for a blog post. The path leading to it wasn’t as succinct, but it was an enjoyable journey.

Firstly, VMware provides a fine Powercli container built on top of Photon OS , but being me I thought Hey I wonder if I can get the same thing with a Red Hat Universal Base Image (UBI)? And so, my journey began.

I decided i’d use the VMware Dockerfile as the starting point, but I want to build it using buildah and run it using podman – because I’d like to know (you can see a pattern here) .

The original Dockerfile is accessible here, or here’s a local copy.

FROM photon:3.0
  
LABEL authors="renoufa@vmware.com,jaker@vmware.com"

ENV TERM linux

WORKDIR /root

# Set terminal. If we don't do this, weird readline things happen.
RUN echo "/usr/bin/pwsh" >> /etc/shells && \
    echo "/bin/pwsh" >> /etc/shells && \
    tdnf install -y powershell-6.2.3-1.ph3 unzip && \
    pwsh -c "Set-PSRepository -Name PSGallery -InstallationPolicy Trusted" && \
    pwsh -c "$ProgressPreference = \"SilentlyContinue\"; Install-Module VMware.PowerCLI -RequiredVersion 11.5.0.14912921" && \
    pwsh -c "$ProgressPreference = \"SilentlyContinue\"; Install-Module PowerNSX -RequiredVersion 3.0.1174" && \
    pwsh -c "$ProgressPreference = \"SilentlyContinue\"; Install-Module PowervRA -RequiredVersion 3.6.0" && \
    curl -o ./PowerCLI-Example-Scripts.zip -J -L https://github.com/vmware/PowerCLI-Example-Scripts/archive/03272c1d2db26a525b31c930e3bf3d20d34468e0.zip && \
    unzip PowerCLI-Example-Scripts.zip && \
    rm -f PowerCLI-Example-Scripts.zip && \
    mv ./PowerCLI-Example-Scripts-* ./PowerCLI-Example-Scripts && \
    mv ./PowerCLI-Example-Scripts/Modules/* /usr/lib/powershell/Modules/ && \
    find / -name "net45" | xargs rm -rf && \
    tdnf erase -y unzip && \
    tdnf clean all


CMD ["/bin/pwsh"]

I’ve made a few changes, some cosmetic due to the way I like to layout my docker file, but the outcome is similar. My Dockerfile is below or you can find it over at my github account. Using the default RHEL7 UBI (sadly Microsoft don’t have powershell for RHEL8 as yet) I was able to build the image at around 567 Mb, whereas the Photon OS image is around 362 Mb. Not a bad result given how little effort (none) i’ve put into making it as small as possible.

FROM registry.access.redhat.com/ubi7/ubi:latest

LABEL authors="geoffocallaghan@gmail.com"

WORKDIR /root

RUN curl https://packages.microsoft.com/config/rhel/7/prod.repo -o /etc/yum.repos.d/microsoft.repo && yum install -y powershell  unzip
RUN pwsh -c 'Set-PSRepository -Name PSGallery -InstallationPolicy Trusted; \
             $ProgressPreference = "SilentlyContinue"; \
             Install-Module VMware.PowerCLI -RequiredVersion 11.5.0.14912921; \
             Install-Module PowerNSX -RequiredVersion 3.0.1174; \
             Install-Module PowervRA -RequiredVersion 3.6.0'
RUN curl -o ./PowerCLI-Example-Scripts.zip -J -L https://github.com/vmware/PowerCLI-Example-Scripts/archive/03272c1d2db26a525b31c930e3bf3d20d34468e0.zip \
    && unzip PowerCLI-Example-Scripts.zip \
    && rm -f PowerCLI-Example-Scripts.zip \
    && mv ./PowerCLI-Example-Scripts-* ./PowerCLI-Example-Scripts \
    && mv ./PowerCLI-Example-Scripts/Modules/* /opt/microsoft/powershell/6/Modules/ \
    && find / -name "net45" | xargs rm -rf


CMD ["/bin/pwsh"]

As you can see in the Dockerfile, i’m simply installing powershell from the microsoft repository on top of the RHEL7 UBI image and then (via powershell) installed the PowerCLI, PowerNSX and PowervRA modules from the upstream powershell gallery.

Building it with buildah is trivial.

buildah build-using-dockerfile -t rcli  .

And to run it via podman (trivial example)

[gocallag@orac8 rhel7]$ podman run -it rcli pwsh
PowerShell 6.2.3
Copyright (c) Microsoft Corporation. All rights reserved.

https://aka.ms/pscore6-docs
Type 'help' to get help.

PS /root> Get-VM   # plus a couple of tabs to force auto-completion of the command 
Get-VM                                       Get-VmfsDatastoreInfo                        Get-VMHostPatch
Get-VMByToolsInfo                            Get-VMGuest                                  Get-VMHostPciDevice
Get-VMCCommand                               Get-VMHost                                   Get-VMHostProfile
Get-VMCEdge                                  Get-VMHostAccount                            Get-VMHostProfileImageCacheConfiguration
Get-VMCEdgeNic                               Get-VMHostAdvancedConfiguration              Get-VMHostProfileRequiredInput
Get-VMCEdgeNicStat                           Get-VMHostAttributes                         Get-VMHostProfileStorageDeviceConfiguration
Get-VMCEdgeStatus                            Get-VMHostAuthentication                     Get-VMHostProfileUserConfiguration
Get-VMCEdgeUplinkStat                        Get-VMHostAvailableTimeZone                  Get-VMHostProfileVmPortGroupConfiguration
Get-VMCFirewallRule                          Get-VMHostBirthday                           Get-VMHostRoute
Get-VMCLogicalNetwork                        Get-VMHostDiagnosticPartition                Get-VMHostService
Get-VMCOrg                                   Get-VMHostDisk                               Get-VMHostSnmp
Get-VMCPSettings                             Get-VMHostDiskPartition                      Get-VMHostStartPolicy
Get-VMCSDDC                                  Get-VMHostFirewallDefaultPolicy              Get-VMHostStorage
Get-VMCSDDCCluster                           Get-VMHostFirewallException                  Get-VMHostSysLogServer
Get-VMCSDDCDefaultCredential                 Get-VMHostFirmware                           Get-VMmaxIOPS
Get-VmcSddcNetworkService                    Get-VMHostFirmwareVersion                    Get-VMQuestion
Get-VMCSDDCPublicIP                          Get-VMHostHardware                           Get-VMResourceConfiguration
Get-VMCSDDCVersion                           Get-VMHostHba                                Get-VMStartPolicy
Get-VmcService                               Get-VMHostImageProfile                       Get-VMToolsGuestInfo
Get-VMCTask                                  Get-VMHostMatchingRules                      Get-VMToolsInfo
Get-VMCVMHost                                Get-VMHostModule                             Get-VMToolsInstallLastError
Get-VMEncryptionInfo                         Get-VMHostNetwork                            Get-VMToolsUpgradePolicy
Get-VMEvcMode                                Get-VMHostNetworkAdapter
Get-VmfsDatastoreIncrease                    Get-VMHostNtpServer

You’re likely, possibly, most likely not wondering if I have anything planned for this container. The answer is yes, but it will be the subject of later posts. I’m a big fan of the ability to run Powercli via powershell on linux, and doing it via a container is a very neat packaging solution. Sure, i’ve could’ve used the VMware container (kudos to them for creating it), but I now know more than I did this morning and that’s the result I was aiming for.