Chapter 3. Containers Providers

A containers provider is a service that manages container resources.

The Containers area in the top menu bar has options to add and manage containers providers. The Containers area includes the Providers page, which displays all discovered or added containers providers.

The supported containers provider types that you can add in CloudForms Management Engine are:

To successfully add an OpenShift Enterprise or Atomic Enterprise Platform provider, you must first configure a service account in a provider’s cluster. For more information, see Configuring Service Accounts.

3.1. Configuring Service Accounts

To add an OpenShift Enterprise or Atomic Enterprise Platform provider, you must create, in a provider’s cluster, a specific management service account with the proper role, permissions, and authentication token.

For more information on these topics, see the relevant documentation for OpenShift Enterprise:

To add a management service account in an OpenShift cluster, follow these steps:

  1. Open a terminal and run the following commands:

    $ oadm new-project management-infra --description="Management Infrastructure"
    $ oc create -n management-infra -f - <<EOF
    apiVersion: v1
    kind: ServiceAccount
    metadata:
      name: management-admin
    EOF
    $ oc create -f - <<EOF
    apiVersion: v1
    kind: ClusterRole
    metadata:
      name: management-infra-admin
    rules:
    - resources:
      - pods/proxy
      verbs:
      - '*'
    EOF
    $ oadm policy add-role-to-user -n management-infra admin -z management-admin
    $ oadm policy add-role-to-user -n management-infra management-infra-admin -z management-admin
    $ oadm policy add-cluster-role-to-user cluster-reader system:serviceaccount:management-infra:management-admin
    $ oadm policy add-scc-to-user privileged system:serviceaccount:management-infra:management-admin
    Note

    At the moment, the management-infra-admin role is needed to address OpenShift issue #5973.

  2. To obtain the management service account token name, run:

    $ oc get -n management-infra sa/management-admin --template='{{range .secrets}}{{printf "%s\n" .name}}{{end}}'
    management-admin-token-32f97
    management-admin-dockercfg-fvkso

    Replace management-admin-token-32f97 with the name of your token.

  3. To retrieve the token, run:

    $ oc get -n management-infra secrets management-admin-token-32f97 --template='{{.data.token}}' | base64 -d
    eyJhbGciOiJSUzI1NiIsInR5cC...

    Replace management-admin-token-32f97 with the name of your token.

Now it is possible to use the token to add a containers provider in CloudForms Management Engine.

3.2. Configuring OpenShift Metrics

To collect the node, pod, and container metrics, it is required to run the OpenShift Metrics services inside your cluster. For more information, see Enabling Cluster Metrics in OpenShift Enterprise Installation and Configuration.

Note
  • Use the OpenShift master’s public host name as the HAWKULAR_METRICS_HOSTNAME, at the moment a limitation in CloudForms Management Engine is assuming that the provider Host Name is used also to collect the metrics.
  • For the metrics collection to work properly, you also need to configure the CloudForms Management Engine to allow for all three Capacity & Utilization server roles which are available under ConfigureConfigurationServerServer Control. For more information on capacity and utilization collection, see the Deployment Planning Guide.

Once Hawkular Metrics and Heapster have been successfully deployed by OpenShift Metrics, create a router for CloudForms Management Engine to access the metrics data. In order for the metrics to still be accessible within OpenShift, the router will need to be running and functional on the master, due to the way routing happens inside OpenShift.

# oadm router management-metrics \
-n default \
--credentials=/etc/origin/master/openshift-router.kubeconfig \
--service-account=router --ports='443:5000' \
--selector='kubernetes.io/hostname=<INSERT MASTER HOST NAME HERE>'
--stats-port=1937 \
--host-network=false

This router must, at the moment, run on the master nodes to expose the metrics on the port 5000 to CloudForms Management Engine, hence the need for a selector on the kubernetes.io/hostname of the master node.

The router or routers must also be accessible from the same public host name of the master in order to use different selectors and scale the number of replicas to achieve high availability.

Note

To successfully deploy the router to master, verify that the master is schedulable by checking its status in the output of the command: $ oc get nodes. To make a node/master schedulable, run the following command:

$ oadm manage-node <HOSTNAME_FOR_THE_NODE/MASTER> \
--schedulable=true

3.3. Adding an OpenShift Enterprise Provider

After initial installation and creation of a CloudForms Management Engine environment and configuration of an OpenShift cluster service account, add an OpenShift Enterprise provider by following the procedure below.

For information on how to configure an OpenShift cluster service account, see Configuring Service Accounts.

  1. Navigate to ContainersProviders.
  2. Click Configuration (Configuration), then click Add a New Containers Provider (Add a New Containers Provider).
  3. Enter a Name for the provider.
  4. From the Type drop-down menu select OpenShift Enterprise.
  5. Enter the Hostname or IP address of the provider.

    Important

    The Hostname must use a unique fully qualified domain name.

  6. Enter the Port of the provider. The default port is 8443.
  7. Under Credentials, enter the token in the Token field.

    • Click Validate to confirm that the CloudForms Management Engine can connect to the OpenShift Enterprise provider using the provided token.
  8. Click Add.

3.4. Adding an Atomic Enterprise Platform Provider

After initial installation and creation of a CloudForms Management Engine environment and configuration of an Atomic Enterprise Platform cluster service account, add an Atomic Enterprise Platform provider by following the procedure below.

For information on how to configure an Atomic Enterprise Platform cluster service account, see Configuring Service Accounts.

  1. Navigate to ContainersProviders.
  2. Click Configuration (Configuration), then click Add a New Containers Provider (Add a New Containers Provider).
  3. Enter a Name for the provider.
  4. From the Type drop-down menu, select Atomic Enterprise.
  5. Enter the Hostname or IP address of the provider.

    Important

    The Hostname must use a unique fully qualified domain name.

  6. Enter the Port of the provider. The default port is 8443.
  7. Under Credentials, enter the token in the Token field.

    • Click Validate to confirm that the CloudForms Management Engine can connect to the Atomic Enterprise provider using the provided token.
  8. Click Add.

3.5. Tagging Containers Providers

Apply tags to all containers providers to categorize them together at the same time. Before assigning tags, create them using instructions in the General Configuration guide.

  1. Navigate to ContainersProviders.
  2. Select the checkboxes for the containers providers to tag.
  3. Click Policy (Policy), and then Edit Tags (Edit Tags).
  4. Select a tag to assign from the drop-down menu.

    2219
  5. Select a value to assign.
  6. Click Save.

3.6. Removing Containers Providers

You may require to remove a containers provider from the VMDB if the provider is no longer in use.

  1. Navigate to ContainersProviders.
  2. Select the checkboxes for the containers providers to remove.
  3. Click Configuration (Configuration), and then Remove Containers Providers from the VMDB (Remove Containers Providers from the VMDB).
  4. Click OK.

3.7. Editing a Containers Provider

Edit information about a provider such as the name, hostname, IP address or port, and credentials.

  1. Navigate to ContainersProviders.
  2. Click the containers provider to edit.
  3. Click Configuration (Configuration), and then Edit Selected Containers Provider (Edit Selected Containers Provider).
  4. Edit the Basic Information. This varies depending on the Type of provider.

    Note

    The Type value is unchangeable.

    To use a different containers provider, create a new one.

  5. Edit the Credentials by typing in a new Token.
  6. Click Validate and wait for notification of successful validation.
  7. Click Save.

3.8. Viewing a Containers Provider’s Timeline

View the timeline of events for instances registered to a containers provider.

  1. Navigate to ContainersProviders.
  2. Click the desired containers provider for viewing the timeline.
  3. Click Monitoring (Monitoring), and then Timelines (Timelines).
  4. From Options, customize the period of time to display and the types of events to see.

    • Use Show to select regular Management Events or Policy Events.
    • Use the Interval dropdown to select hourly or daily data points.
    • Use Date to type the date for the timeline to display.
    • If you select to view a daily timeline, use Show to set how many days back to go. The maximum history is 31 days.
    • From the Level dropdown, select a Summary event, or a Detail list of events.
    • The three Event Groups dropdowns allow you to select different groups of events to display. Each has its own color.

To see more detail on an item in the timeline, click on it. A balloon appears with a link to the resource.