Labs are designed for learning. I learn by doing. While I can read, as they say in the local vernacular in my propinquity “Wicked Fast,” I don’t process read information to the depth that I need in order to retain it. I need to type in the code in order to learn. Here’s a technique I use to do that.
Continue readingThe same container image that can run HTTPD using Kerberos to authenticate in Podman can be used to do the same thing in OpenShift. Here’s the changes
Continue readingThe OpenShift installer is fairly specific in what it requires, and will not install into a virtual machine that does not have sufficient resources. These limits are:
My recent forays into running containerized Keystone images have been based on a Centos base image with RPMs installed on top of it. But TripleO does not run this way; it runs via containers. Some notes as I look into them.
Continue readingIn order to run the various Keystone containers as the Keystone user, we can use the modification specified here.
The tools you use should help you grow from newbie to power user. OpenShift’s command line is one such tool. When getting started with Kubernetes development, the new-app option to the oc command line can help movbe you along the spectrum.
Continue readingStep 3 of the 12 Factor app is to store config in the environment. For Keystone, the set of configuration options is controlled by the keystone.conf file. In an earlier attempt at containerizing the scripts used to configure Keystone, I had passed an environment variable in to the script that would then be written to the configuration file. I realize now that I want the whole keystone.conf external to the application. This allow me to set any of the configuration options without changing the code in the container. More importantly, it allows me to make the configuration information immutable inside the container, so that the applications cannot be hacked to change their own configuration options.
Continue readingIf you want to use LDAP authentication with OpenShift, you need to build an LDAP URL from the information you do have. Here are the steps.
Continue readingKolla has become the primary source of Containers for running OpenStack services. Since if has been a while since I tried deliberately running just the Keystone container, I decided to build the Kolla version from scratch and run it.
Continue readingThis OpenStack summit marks the third that I have attended where we’ve discussed the algorithms to try and record quota in Keystone but not update it on each resource allocation and free.
We were stumped, again. The process we had planned on using was game-able and thus broken. I was kinda bummed.
Fortunately, I had a long car ride from Vancouver to Seattle and talked it over with Morgan Fainberg.
We also discussed the Pig War. Great piece of history from the region.
By the time we got to the airport the next day, I think we had it solved. Morgan came to the solution first, and I followed, slowly. Here’s what we think will work.
Continue reading