Paul Bastide

Category: Application Development

  • Setting up an IBM PowerVS Workspace to a IBM Cloud VPC

    As part of the Red Hat OpenShift Multi-Arch Compute effort, I’ve been working on Power and Intel Compute architecture pairs:

    1. Intel Control Plane with Power and Intel Compute
    2. Power Control Plane with Power and Intel Compute

    This article helps setup an IBM Cloud VPC with IBM Power Virtual Server, you can follow this recipe:

    1. Install ibmcloud cli curl -fsSL https://clis.cloud.ibm.com/install/linux | sh
    2. Install the Power IAAS, Transit Gateway, Cloud Internet Services, and Infrastructure Service plugins ibmcloud plugin install power-iaas tg-cli vpc-infrastructure cis
    3. Login to ibmcloud cli ibmcloud login --apikey API_KEY -r us-east
    4. List the datacenters ibmcloud pi datacenters in our case we want wdc06
    5. List the resource group id ❯ ibmcloud resource group dev-resource-group
    ❯ ibmcloud resource group dev-resource-group
Retrieving resource group dev-resource-group under account 555555555555555 as email@id.xyz...
OK

                          
Name:                     dev-resource-group
Account ID:               555555555555555
ID:                       44444444444444444
Default Resource Group:   false
State:                    ACTIVE
    1. Create a Workspace on a Power Edge Router enabled PowerVS zone. ibmcloud pi workspace-create rdr-mac-p2-wdc06 --datacenter wdc06 --group 44444444444444444 --plan public
    ❯ ibmcloud pi workspace-create rdr-mac-p2-wdc06 --datacenter wdc06 --group 44444444444444444 --plan public
Creating workspace rdr-mac-p2-wdc06...

Name       rdr-mac-p2-wdc06
Plan ID    f165dd34-3a40-423b-9d95-e90a23f724dd
    1. Get the ID (2nd in response)
    ❯ ibmcloud pi workspaces 2>&1 | grep rdr-mac-p2-wdc06
crn:v1:bluemix:public:power-iaas:wdc06:a/555555555555555:7777777-6666-5555-44444-1111111::     7777777-6666-5555-44444-1111111   rdr-mac-p2-wdc06
    1. Get the workspace, and check if it’s status is active
    ❯ ibmcloud pi workspace 7777777-6666-5555-44444-1111111 --json
{
    "capabilities": {
        "cloud-connections": false,
        "power-edge-router": true,
        "power-vpn-connections": false,
        "transit-gateway-connection": false
    },
    "details": {
        "creationDate": "2024-01-24T20:52:59.178Z",
        "crn": "crn:v1:bluemix:public:power-iaas:wdc06:a/555555555555555:7777777-6666-5555-44444-1111111::",
        "powerEdgeRouter": {
            "state": "active",
            "type": "automated"
        }
    },
    "id": "7777777-6666-5555-44444-1111111",
    "location": {
        "region": "wdc06",
        "type": "data-center",
        "url": "https://us-east.power-iaas.cloud.ibm.com"
    },
    "name": "rdr-mac-p2-wdc06",
    "status": "active",
    "type": "off-premises"
}
    1. Target the workspace
    ❯ ibmcloud pi service-target crn:v1:bluemix:public:power-iaas:wdc06:a/555555555555555:7777777-6666-5555-44444-1111111::
Targeting service crn:v1:bluemix:public:power-iaas:wdc06:a/555555555555555:7777777-6666-5555-44444-1111111::...
    1. Create a Power Network using the CRN so there is an IP Range for the Power workers.
    ❯ ibmcloud pi network-create-private ocp-net --dns-servers 9.9.9.9 --jumbo --cidr-block 192.168.200.0/24 --gateway 192.168.200.1 --ip-range 192.168.200.10-192.168.200.250
Creating network ocp-net under account Power Cloud - pcloudci as user email@id.xyz...
Network ocp-net created.
             
ID           3e1add7e-1a12-4a50-9325-87f957b0cd63
Name         ocp-net
Type         vlan
VLAN         797
CIDR Block   192.168.200.0/24
IP Range     [192.168.200.10 192.168.200.250]
Gateway      192.168.200.1
DNS          9.9.9.9, 161.26.0.10, 161.26.0.11
    1. Import the Centos8 stock image
    ❯ ibmcloud pi image-create CentOS-Stream-8       
Creating new image from CentOS-Stream-8 under account Power Cloud - pcloudci as user email@id.xyz...
Image created from CentOS-Stream-8.
                   
Image              4904b3db-1dde-4f3c-a696-92f068816f6f
Name               CentOS-Stream-8
Arch               ppc64
Container Format   bare
Disk Format        raw
Hypervisor         phyp
Type               stock
OS                 rhel
Size               120
Created            2024-01-24T21:00:29.000Z
Last Updated       2024-01-24T21:00:29.000Z
Description        
Storage Type       
Storage Pool
    1. Find the closest location.
    ❯ ibmcloud tg locations
Listing Transit Service locations under account Power Cloud - pcloudci as user email@id.xyz...
OK
Location   Location Type   Billing Location   
eu-es      region          eu   
eu-de      region          eu   
au-syd     region          ap   
eu-gb      region          eu   
br-sao     region          br   
jp-osa     region          ap   
jp-tok     region          ap   
ca-tor     region          ca   
us-south   region          us   
us-east    region          us
    1. Create the Transit Gateway
    # ibmcloud tg gateway-create --name rdr-mac-p2-wdc06-tg --location us-east --routing global \
    --resource-group-id 44444444444444444 --output json
{
    "created_at": "2024-01-24T21:09:23.184Z",
    "crn": "crn:v1:bluemix:public:transit:us-east:a/555555555555555::gateway:3333333-22222-1111-0000-dad4b38f5063",
    "global": true,
    "id": "3333333-22222-1111-0000-dad4b38f5063",
    "location": "us-east",
    "name": "rdr-mac-p2-wdc06-tg",
    "resource_group": {
        "id": "44444444444444444"
    },
    "status": "pending"
}%
    1. Wait until the transit gateway is available.
    ❯ ibmcloud tg gw 3333333-22222-1111-0000-dad4b38f5063 --output json
{
    "created_at": "2024-01-24T21:09:23.184Z",
    "crn": "crn:v1:bluemix:public:transit:us-east:a/555555555555555::gateway:3333333-22222-1111-0000-dad4b38f5063",
    "global": true,
    "id": "3333333-22222-1111-0000-dad4b38f5063",
    "location": "us-east",
    "name": "rdr-mac-p2-wdc06-tg",
    "resource_group": {
        "id": "44444444444444444"
    },
    "status": "available"
}
    1. Create a VPC with at least one subnet with a Public Gateway
    ibmcloud is vpc-create rdr-mac-p2-wdc06-vpc --resource-group-id 44444444444444444 --output JSON
{
    "classic_access": false,
    "created_at": "2024-01-24T21:12:46.000Z",
    "crn": "crn:v1:bluemix:public:is:us-east:a/555555555555555::vpc:r001-372372bb-5f18-4e36-8b39-4444444333",
    "cse_source_ips": [
        {
            "ip": {
                "address": "10.12.98.66"
            },
            "zone": {
                "href": "https://us-east.iaas.cloud.ibm.com/v1/regions/us-east/zones/us-east-1",
                "name": "us-east-1"
            }
        },
        {
            "ip": {
                "address": "10.12.108.205"
            },
            "zone": {
                "href": "https://us-east.iaas.cloud.ibm.com/v1/regions/us-east/zones/us-east-2",
                "name": "us-east-2"
            }
        },
        {
            "ip": {
                "address": "10.22.56.222"
            },
            "zone": {
                "href": "https://us-east.iaas.cloud.ibm.com/v1/regions/us-east/zones/us-east-3",
                "name": "us-east-3"
            }
        }
    ],
    "default_network_acl": {
        "crn": "crn:v1:bluemix:public:is:us-east:a/555555555555555::network-acl:r001-0a0afc6c-0943-4a0f-b998-e5e87ec93668",
        "href": "https://us-east.iaas.cloud.ibm.com/v1/network_acls/r001-0a0afc6c-0943-4a0f-b998-e5e87ec93668",
        "id": "r001-0a0afc6c-0943-4a0f-b998-e5e87ec93668",
        "name": "causation-browse-capture-behind"
    },
    "default_routing_table": {
        "href": "https://us-east.iaas.cloud.ibm.com/v1/vpcs/r001-372372bb-5f18-4e36-8b39-4444444333/routing_tables/r001-216fb1f5-da8f-447e-8515-649bc76b83aa",
        "id": "r001-216fb1f5-da8f-447e-8515-649bc76b83aa",
        "name": "retaining-acquaint-retiring-curry",
        "resource_type": "routing_table"
    },
    "default_security_group": {
        "crn": "crn:v1:bluemix:public:is:us-east:a/555555555555555::security-group:r001-ffa5c27a-6073-4e2e-b679-64560cff8b5b",
        "href": "https://us-east.iaas.cloud.ibm.com/v1/security_groups/r001-ffa5c27a-5f18-5f18-b679-4444444333",
        "id": "r001-ffa5c27a-6073-4e2e-b679-64560cff8b5b",
        "name": "jailer-lurch-treasure-glacial"
    },
    "dns": {
        "enable_hub": false,
        "resolution_binding_count": 0,
        "resolver": {
            "servers": [
                {
                    "address": "161.26.0.10"
                },
                {
                    "address": "161.26.0.11"
                }
            ],
            "type": "system",
            "configuration": "default"
        }
    },
    "health_reasons": null,
    "health_state": "inapplicable",
    "href": "https://us-east.iaas.cloud.ibm.com/v1/vpcs/r001-372372bb-5f18-4e36-8b39-4444444333",
    "id": "r001-372372bb-5f18-4e36-8b39-4444444333",
    "name": "rdr-mac-p2-wdc06-vpc",
    "resource_group": {
        "href": "https://resource-controller.cloud.ibm.com/v2/resource_groups/44444444444444444",
        "id": "44444444444444444",
        "name": "dev-resource-group"
    },
    "resource_type": "vpc",
    "status": "pending"
}
    1. Check the status is available
    ❯ ibmcloud is vpc rdr-mac-p2-wdc06-vpc --output json | jq -r '.status'
available
    1. Add a subnet
    ❯ ibmcloud is subnet-create sn01 rdr-mac-p2-wdc06-vpc \
        --resource-group-id 44444444444444444 \
        --ipv4-address-count 256 --zone us-east-1   
Creating subnet sn01 in resource group 44444444444444444 under account Power Cloud - pcloudci as user email@id.xyz...
                       
ID                  0757-46e9ca2e-4c63-4bce-8793-f04251d9bdb3   
Name                sn01   
CRN                 crn:v1:bluemix:public:is:us-east-1:a/555555555555555::subnet:0757-46e9ca2e-4c63-4bce-8793-f04251d9bdb3   
Status              pending   
IPv4 CIDR           10.241.0.0/24   
Address available   251   
Address total       256   
Zone                us-east-1   
Created             2024-01-24T16:18:10-05:00   
ACL                 ID                                          Name      
                    r001-0a0afc6c-0943-4a0f-b998-e5e87ec93668   causation-browse-capture-behind      
                       
Routing table       ID                                          Name      
                    r001-216fb1f5-da8f-447e-8515-649bc76b83aa   retaining-acquaint-retiring-curry      
                       
Public Gateway      -   
VPC                 ID                                          Name      
                    r001-372372bb-5f18-4e36-8b39-4444444333   rdr-mac-p2-wdc06-vpc      
                       
Resource group      ID                                 Name      
                    44444444444444444   dev-resource-group
    1. Attach a public gateway to the subnet
    ❯ ibmcloud is public-gateway-create gw01 rdr-mac-p2-wdc06-vpc us-east-1 \
        --resource-group-id 44444444444444444 \
        --output JSON
{
    "created_at": "2024-01-24T21:21:18.000Z",
    "crn": "crn:v1:bluemix:public:is:us-east-1:a/555555555555555::public-gateway:r001-f5f27e42-aed6-4b1a-b121-f234e5149416",
    "floating_ip": {
        "address": "150.239.80.219",
        "crn": "crn:v1:bluemix:public:is:us-east-1:a/555555555555555::floating-ip:r001-022b865a-4674-4791-94f7-ee4fac646287",
        "href": "https://us-east.iaas.cloud.ibm.com/v1/floating_ips/r001-022b865a-4674-4791-94f7-ee4fac646287",
        "id": "r001-022b865a-4674-4791-94f7-ee4fac646287",
        "name": "gw01"
    },
    "href": "https://us-east.iaas.cloud.ibm.com/v1/public_gateways/r001-f5f27e42-aed6-4b1a-b121-f234e5149416",
    "id": "r001-f5f27e42-aed6-4b1a-b121-f234e5149416",
    "name": "gw01",
    "resource_group": {
        "href": "https://resource-controller.cloud.ibm.com/v2/resource_groups/44444444444444444",
        "id": "44444444444444444",
        "name": "dev-resource-group"
    },
    "resource_type": "public_gateway",
    "status": "available",
    "vpc": {
        "crn": "crn:v1:bluemix:public:is:us-east:a/555555555555555::vpc:r001-372372bb-5f18-4e36-8b39-4444444333",
        "href": "https://us-east.iaas.cloud.ibm.com/v1/vpcs/r001-372372bb-5f18-4e36-8b39-4444444333",
        "id": "r001-372372bb-5f18-4e36-8b39-4444444333",
        "name": "rdr-mac-p2-wdc06-vpc",
        "resource_type": "vpc"
    },
    "zone": {
        "href": "https://us-east.iaas.cloud.ibm.com/v1/regions/us-east/zones/us-east-1",
        "name": "us-east-1"
    }
}%
    1. Attach the Public Gateway to the Subnet
    ❯ ibmcloud is subnet-update sn01 --vpc rdr-mac-p2-wdc06-vpc \
        --pgw gw01
Updating subnet sn01 under account Power Cloud - pcloudci as user email@id.xyz...
                       
ID                  0757-46e9ca2e-4c63-4bce-8793-f04251d9bdb3   
Name                sn01   
CRN                 crn:v1:bluemix:public:is:us-east-1:a/555555555555555::subnet:0757-46e9ca2e-4c63-4bce-8793-f04251d9bdb3   
Status              pending   
IPv4 CIDR           10.241.0.0/24   
Address available   251   
Address total       256   
Zone                us-east-1   
Created             2024-01-24T16:18:10-05:00   
ACL                 ID                                          Name      
                    r001-0a0afc6c-0943-4a0f-b998-e5e87ec93668   causation-browse-capture-behind      
                       
Routing table       ID                                          Name      
                    r001-216fb1f5-da8f-447e-8515-649bc76b83aa   retaining-acquaint-retiring-curry      
                       
Public Gateway      ID                                          Name      
                    r001-f5f27e42-aed6-4b1a-b121-f234e5149416   gw01      
                       
VPC                 ID                                          Name      
                    r001-372372bb-5f18-4e36-8b39-4444444333   rdr-mac-p2-wdc06-vpc      
                       
Resource group      ID                                 Name      
                    44444444444444444   dev-resource-group
    1. Attach the PER network to the TG
    ❯ ibmcloud tg connection-create 3333333-22222-1111-0000-dad4b38f5063 --name powervs-conn --network-id crn:v1:bluemix:public:power-iaas:wdc06:a/555555555555555:7777777-6666-5555-44444-1111111:: --network-type power_virtual_server --output json

{
    "created_at": "2024-01-25T00:37:37.364Z",
    "id": "75646025-3ea2-45e2-a5b3-36870a9de141",
    "name": "powervs-conn",
    "network_id": "crn:v1:bluemix:public:power-iaas:wdc06:a/555555555555555:7777777-6666-5555-44444-1111111::",
    "network_type": "power_virtual_server",
    "prefix_filters": null,
    "prefix_filters_default": "permit",
    "status": "pending"
}
    1. You should see the status attached
    ❯ ibmcloud tg connection 3333333-22222-1111-0000-dad4b38f5063 75646025-3ea2-45e2-a5b3-36870a9de141 --output json | jq -r '.status'
attached
    1. Attach the VPC to the TG
    ❯ ibmcloud tg connection-create 3333333-22222-1111-0000-dad4b38f5063 --name vpc-conn --network-id crn:v1:bluemix:public:is:us-east:a/555555555555555::vpc:r001-372372bb-5f18-4e36-8b39-4444444333 --network-type vpc --output json
{
    "created_at": "2024-01-25T00:40:26.629Z",
    "id": "777777777-eef2-4a27-832d-6c80d2ac599f",
    "name": "vpc-conn",
    "network_id": "crn:v1:bluemix:public:is:us-east:a/555555555555555::vpc:r001-372372bb-5f18-4e36-8b39-4444444333",
    "network_type": "vpc",
    "prefix_filters": null,
    "prefix_filters_default": "permit",
    "status": "pending"
}
    1. Check the status it should be attached
    ❯ ibmcloud tg connection 3333333-22222-1111-0000-dad4b38f5063 777777777-eef2-4a27-832d-6c80d2ac599f --output json | jq -r '.status'
attached

    You now have a VPC and a Power Workspace connected. The next step is to setup the Security Groups to enable communication between subnets.

    More details to come and help your adoption of Multi-Arch Compute.

  • Notes

    Here are my notes from the week:

    Announcement of OpenShift 4.14 on Power

    Power Developer Exchange: Red Hat OpenShift 4.14 Now Available on IBM Power

    IBM® is very excited to announce that Red Hat OpenShift 4.14 has been released and is available to run natively on IBM Power.

    Multi-Architecture Compute

    With Red Hat OpenShift 4.14, Multi-Architecture Compute comes to IBM Power and IBM Z platforms. Multi-Architecture Compute provides a single heterogeneous cluster, enabling fit-for-purpose computing, so that customers can align tasks and applications to CPU strengths and software availability rather than to one architecture. This also helps reduce the cost and complexity of solutions that require multiple architectures. 

    https://community.ibm.com/community/user/powerdeveloper/blogs/brandon-pederson1/2023/11/08/red-hat-openshift-414-now-available-on-ibm-power

    Brunch and Learn with MAC

    Paul Chapman is hosting a lunch and learn on Multi-architecture Compute. It’s a good session to join.

    Hey, would you like to join me for this short brunch and learn? I will discuss and demonstrate Red Hat OpenShift Multi-Architecture Computing (MAC).

MAC now supports x86, ARM, and Power Worker Nodes, all within the same Red Hat OpenShift Cluster. It should be an exciting and informative event. I'd love to have your company and hear your feedback.

–10:30 GMT/UTC 17th November 2023
–Register here https://ibm.biz/BdPYQH

#powermod
#power10 #ibmpowersystems #ibmpowersystemsvirtualservers
#redhatopenshiftcontainerplatform #redhatopenshift
#containersolutions #containers
    https://ibm.biz/BdPYQH

    Butane with Key File

    On a linux intel or arm machine, y ou can run the following:

    1. Create the butane alias
    alias butane='podman run --rm --interactive         \
              --security-opt label=disable          \
              --volume "$(pwd)":/pwd --workdir /pwd \
              quay.io/coreos/butane:latest'
    1. Generate the key_file contents
    openssl genrsa -out out.rsa 4096
    1. Use this file
    cat <<EOF > 99-worker-luks.bu
variant: openshift
version: 4.14.0
metadata:
  name: 99-worker-luks
  labels:
    machineconfiguration.openshift.io/role: worker
storage:
    luks:
    - name: luks-encrypt-worker
      device: /dev/disk/by-partlabel/root
      key_file:
        source: data:;base64,$(cat out.rsa | gzip - | base64 --wrap=0)
        compression: gzip
EOF
    1. Run the Butane command
    butane 99-worker-luks.bu -o 99-worker-luks.yaml

    It generates:

    # Generated by Butane; do not edit
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
metadata:
  labels:
    machineconfiguration.openshift.io/role: worker
  name: 99-worker-luks
spec:
  config:
    ignition:
      version: 3.4.0
    storage:
      luks:
        - device: /dev/disk/by-partlabel/root
          keyFile:
            compression: gzip
            source: data:;base64,<EXCLUDED>
          name: luks-encrypt-worker

    You probably need to consider:

    luks:
   enabled: false
   filesystem_device: /dev/mapper/root
   format: xfs
   wipeFileSystem: true
   device: /dev/disk/by-partlabel/root
   label: luks-root
   options:
      - --cipher
      - aes-cbc-essiv:sha256
   wipeVolume: true
   name: root

    The cipher options probably needs some work.

    Ref: https://github.com/ocp-power-automation/ocp4-playbooks/blob/efb74c59edfc8de2f2579f7b754463a718028c56/playbooks/roles/ocp-config/templates/99-node-machineconfig.yaml.j2#L14 

    Ref: https://github.com/ocp-power-automation/ocp4-playbooks/blob/efb74c59edfc8de2f2579f7b754463a718028c56/playbooks/roles/ocp-config/defaults/main/main.yaml#L23 

    Ref: https://coreos.github.io/butane/upgrading-openshift/ 

    Ref: https://coreos.github.io/butane/config-openshift-v4_14/ 

    Ref: https://coreos.github.io/butane/examples/

    List of Red Hat Products released in October 2023

    In the month of October, the following Red Hat products were released on IBM Power. 

    https://community.ibm.com/community/user/powerdeveloper/blogs/ashwini-sule/2023/11/09/red-hat-products-oct-2023

  • Notes from the Week

    A few updates this week are:

    Red Hat OpenShift Container Platform 4.14.0 for Power Systems

    The Red Hat team released OpenShift Container Platform with new support for Power Systems.

    The features I worked on with my team are:

    The installer and client are available at link

    Hack to List Interfaces

    # ip -j -4 -o address  | jq -r '.[].addr_info[] | select(.dev == "env2").local'
192.168.166.70

    systemd Commands Cheat Sheet

    Users and administrators query and control systemd behavior through the systemctl command. This systemd Cheat Sheet presents the most common uses of systemctl, along with journalctl for displaying information about systemd activities from its logs.

    https://developers.redhat.com/cheat-sheets/systemd-commands-cheat-sheet?sc_cid=7013a000003SyUMAA0

    The systemd cheat sheet is a good reference. Very comprehensive.

    Posts on OCP 4.14

    Paul Chapman updated the community on the new features in 4.14.

    https://www.linkedin.com/posts/chapmanp_openshift-container-platform-414-release-activity-7125400057436073984-68Ju?utm_source=share&utm_medium=member_desktop

  • Notes of the Week

    1. Updated Open Source Container images for Power now available in IBM Container Registry

    The IBM Linux on Power team posted an updated container list including new versions of MongoDB

    https://community.ibm.com/community/user/powerdeveloper/blogs/priya-seth/2023/04/05/open-source-containers-for-power-in-icr

    2. The Acme Air application that uses multiarchitecture compute is moved on quay and github.

    The source code is at https://github.com/ocp-power-demos/acmeair-multiarchitecture-compute

    The images are at https://quay.io/repository/powercloud/acme-airlines-mac?tab=tags

    These images are helpful when exploring multiarch compute.

    3. YouTube: What’s new in OpenShift 4.14

    This video outlines what’s new in OpenShift Container Platform 4.14.
    https://www.youtube.com/watch?v=T0Je1UMqRNc

    4. Paul Chapman’s Invitation to IBM Power’s Multi-Architecture Cluster Early Adoption & Feedback Program

    This site has a short introduction and call to action. It’s great to see videos on Multiarchitecture Compute.

    https://www.linkedin.com/posts/chapmanp_invitation-to-ibm-powers-multi-architecture-activity-7119940146019328002-5tjH

  • Weekly Notes

    Here are my weekly notes:

    Flow Connector

    If you are using the VPC, you can track connections between your subnets and your VPC using Flow Connector.

    ❯ find . -name “*.gz” -exec gunzip {} \;

    ❯ grep -Rh 192.168.200.10 | jq -r ‘.flow_logs[] | select(.action == “rejected”) | “\(.initiator_ip),\(.target_ip),\(.target_port)”‘ | sort -u | grep 192.168.200.10

    10.245.0.5,192.168.200.10,36416,2023-08-08T14:31:32Z

    10.245.0.5,192.168.200.10,36430,2023-08-08T14:31:32Z

    10.245.0.5,192.168.200.10,58894,2023-08-08T14:31:32Z

    10.245.1.5,192.168.200.10,10250,2023-08-08T14:31:41Z

    10.245.1.5,192.168.200.10,10250,2023-08-08T14:31:42Z

    10.245.1.5,192.168.200.10,9100,2023-08-08T14:31:32Z

    10.245.129.4,192.168.200.10,43524,2023-08-08T14:31:32Z

    10.245.64.4,192.168.200.10,10250,2023-08-08T14:31:32Z

    10.245.64.4,192.168.200.10,10250,2023-08-08T14:31:42Z

    10.245.64.4,192.168.200.10,9100,2023-08-08T14:31:42Z

    10.245.64.4,192.168.200.10,9537,2023-08-08T14:50:36Z

    Image Pruner Reports Error….

    You can check the image-registry status on the cluster operator.

    ❯ oc get co image-registry
image-registry                             4.14.0-ec.4   True        False         True       3d14h   ImagePrunerDegraded: Job has reached the specified backoff limit

    The cronjob probably failed, so we can check that it exists.

    ❯ oc get cronjob -n openshift-image-registry
NAME           SCHEDULE    SUSPEND   ACTIVE   LAST SCHEDULE   AGE
image-pruner   0 0 * * *   False     0        16h             3d15h

    We can run a one-off to clear the status above.

    ❯ oc create job --from=cronjob/image-pruner one-off-image-pruner -n openshift-image-registry
job.batch/one-off-image-pruner created

    Then your image-registry should be a-ok.

    Ref: https://gist.github.com/ryderdamen/73ff9f93cd61d5dd45a0c50032e3ae03

  • Weekly Notes

    Here are the very cool things I learned this week:

    CRI-O Graduated

    CRI-O has graduated at the CNCF – see the announcement Cloud Native Computing Foundation Announces Graduation of CRI-O. This points to the maturity of Cloud Native runtimes.

    Checking an Ignition on a Failed Instance

    I use PowerVS and had a bad ignition file, so I logged in via the Console in PowerVS. Then run journalctl -xe, and then mount the ignition file and cat it out.

  • Two ways to grab the Ignition for RHCOS/OCP4

    There are two ways to grab the ignition files for the workers in the cluster:

    1. A downloaded ignition file stored (in data folder) using curl:
    • curl -k http://api.demo.ocp-multiarch.xyz:22623/config/worker -o worker.ign -H "Accept: application/vnd.coreos.ignition+json;version=3.2.0"

    2. Download the ignition file using the oc commandline

    • oc extract -n openshift-machine-api secret/worker-user-data --keys=userData --to=-

    I’m adding this because I use it every day, and others might find it helpful.

  • Krew plugin on ppc64le

    Posted to https://community.ibm.com/community/user/powerdeveloper/blogs/paul-bastide/2023/07/19/kubernetes-krew-plugin-support-for-power?CommunityKey=daf9dca2-95e4-4b2c-8722-03cd2275ab63

    Hey everyone,

    Krew, the kubectl plugin package manager, is now available on Power. The release v0.4.4 has a ppc64le download. You can download and start taking advantage of the krew plugin list. ppc64le download It also works with OpenShift.

    The Krew website has a list of plugins](https://krew.sigs.k8s.io/plugins/). Not all of the plugins support ppc64le, however may are cross-arch scripts and are cross compiled such as view-utilization.

    To take advantage of Krew with OpenShift, here are a few steps

    1. Download the krew-linux plugin
    # curl -L -O https://github.com/kubernetes-sigs/krew/releases/download/v0.4.4/krew-linux_ppc64le.tar.gz
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
100 3977k  100 3977k    0     0  6333k      0 --:--:-- --:--:-- --:--:-- 30.5M
    1. Extract the krew plugin
    tar xvf krew-linux_ppc64le.tar.gz 
./LICENSE
./krew-linux_ppc64le
    1. Move to the /usr/bin so it’s picked up by oc.
    mv krew-linux_ppc64le /usr/bin/kubectl-krew
    1. Update the krew plugin
    # kubectl krew update
WARNING: To be able to run kubectl plugins, you need to add
the following to your ~/.bash_profile or ~/.bashrc:

    export PATH="${KREW_ROOT:-$HOME/.krew}/bin:$PATH"

and restart your shell.

Adding "default" plugin index from https://github.com/kubernetes-sigs/krew-index.git.
Updated the local copy of plugin index.
    1. Update your shell:
    # echo 'export PATH="${KREW_ROOT:-$HOME/.krew}/bin:$PATH"' >> ~/.bashrc
    1. Restart your session (exit and come back to the shell so the variables are loaded)
    2. Try oc krew list
    # oc krew list
PLUGIN  VERSION
    1. List all the plugins that support ppc64le.
    # oc krew search  | grep -v 'unavailable on linux/ppc64le'
NAME                            DESCRIPTION                                         INSTALLED
allctx                          Run commands on contexts in your kubeconfig         no
assert                          Assert Kubernetes resources                         no
bulk-action                     Do bulk actions on Kubernetes resources.            no
...
tmux-exec                       An exec multiplexer using Tmux                      no
view-utilization                Shows cluster cpu and memory utilization            no
    1. Install a plugin
    # oc krew install view-utilization
Updated the local copy of plugin index.
Installing plugin: view-utilization
Installed plugin: view-utilization
\
 | Use this plugin:
 |      kubectl view-utilization
 | Documentation:
 |      https://github.com/etopeter/kubectl-view-utilization
 | Caveats:
 | \
 |  | This plugin needs the following programs:
 |  | * bash
 |  | * awk (gawk,mawk,awk)
 | /
/
WARNING: You installed plugin "view-utilization" from the krew-index plugin repository.
   These plugins are not audited for security by the Krew maintainers.
   Run them at your own risk.
    1. Use the plugin.
    # oc view-utilization
Resource     Requests  %Requests      Limits  %Limits  Allocatable  Schedulable         Free
CPU              7521         16        2400        5        45000        37479        37479
Memory    33477885952         36  3774873600        4  92931489792  59453603840  59453603840

    Tip: There are many more plugins with ppc64le support and do not have the krew manifest updated.

    Thanks to PR 755 we have support for ppc64le.

    References

    https://github.com/kubernetes-sigs/krew/blob/v0.4.4/README.md

    https://github.com/kubernetes-sigs/krew/releases/download/v0.4.4/krew-linux_ppc64le.tar.gz

  • Lessons and Notes for the Week

    Here are some lessons learned from the week (and shared with other):

    TIP: How to create a Power Workspace from the CLI

    This document outlines the steps necessary to create a PowerVS workspace.

    1. Login to IBM Cloud

    ibmcloud login --sso -r jp-osa -c 65b64c111111114bbfbd893c2c
    • -r jp-osa targets the region
    • -c 65b64c111111114bbfbd893c2c is the account that is being targetted.

    2. Install the Plugins for PowerVS and VPC.

    As a good practice install, the powervs and vpc plugins.

    ❯ ibmcloud plugin install power-iaas -f
❯ ibmcloud plugin install 'vpc-infrastructure' -f

    3. Create a Power Systems workspace

    1. The two elements you should configure below are the PVS_REGION and the WORKSPACE_NAME. The rest will create a new Workspace.
    WORKSPACE_NAME=rdr-mac-osa-n1
SERVICE_NAME=power-iaas
RESOURCE_GROUP_NAME=my-resource-group
SERVICE_PLAN_NAME=power-virtual-server-group
PVS_REGION=osa21
❯ ibmcloud resource service-instance-create \
    "${WORKSPACE_NAME}" \
    "${SERVICE_NAME}" \
    "${SERVICE_PLAN_NAME}" \
    "${PVS_REGION}" \
    -g "${RESOURCE_GROUP_NAME}"
Creating service instance rdr-mac-osa-n1 in resource group my-resource-group of account Power Account as pb@ibm.xyz...
OK
Service instance rdr-mac-osa-n1 was created.
                  
Name:             rdr-mac-osa-n1
ID:               crn:v1:bluemix:public:power-iaas:osa21:a/65b64c1f1c29460e8c2e4bbfbd893c2c:e3772ff7-48eb-4c81-9ee0-07cf0b5547a5::
GUID:             e3772ff7-48eb-4c81-9ee0-07cf0b5547a5
Location:         osa21
State:            provisioning
Type:             service_instance
Sub Type:         
Allow Cleanup:    false
Locked:           false
Created at:       2023-07-11T14:12:07Z
Updated at:       2023-07-11T14:12:10Z
Last Operation:             
                  Status    create in progress
                  Message   Started create instance operation

    Thus you are able to create a PowerVS Workspace from the CLI.

    Note: Flatcar Linux

    Flatcar Container Linux A community Linux distribution designed for container workloads, with high security and low maintenance

    https://www.flatcar.org/

    I learned about flatcar linux this week… exciting stuff.

    Demonstration: Tang Server Automation on PowerVM

    I work on the OpenShift Container Platform on Power Team which created a few video to discuss The powervm-tang-server-automation project provides Terraform based automation code to help with the deployment of Network Bound Disk Encryption (NBDE) on IBM® Power Systems™ virtualization and cloud management. Thanks to Aditi Jadhav for presenting.

    The Overview

    The Demonstration

    https://community.ibm.com/community/user/powerdeveloper/blogs/paul-bastide/2023/07/12/tang-server-automation-on-powervm

    New Blog: Installing OpenShift on IBM Power Virtual Servers with IPI

    My colleague Ashwin posted a new blog using IPI – This blog covers creating and destroying a “public” OpenShift cluster i.e., one which is accessible through the internet and the nodes of the cluster can access the internet. 

    https://community.ibm.com/community/user/powerdeveloper/blogs/ashwin-hendre/2023/07/10/powervs-ipi

  • Notes for the Week

    Here are some notes from the week:

    The Network Observability Operator is now released on IBM Power Systems.

    Network observability operator now available on Power.

    Network Observability (NETOBSERV) for IBM Power, little endian 1 for RHEL 9 ppc64le

    https://access.redhat.com/errata/RHSA-2023:3905?sc_cid=701600000006NHXAA2 https://community.ibm.com/community/user/powerdeveloper/discussion/network-observability-operator-now-available-on-power