Thursday, 12 April 2018

IBM Cloud Private and IBM Cloud Automation Manager - Some videos

On IBM developerWorks here: -


Use CAM to deploy Websphere Liberty into AWS

Deploy MQ topologies into IBM Cloud Private using Cloud Automation Manager

Add UCD application components to an existing CAM library template

Service composition in IBM's Cloud Automation Manager

Edit, publish, and deploy a template using Template Designer

Edit existing templates using Template Designer

Create and publish a new template using IBM CAM Template Designer

Installing IBM Cloud Automation Manager Community Edition


IBM Cloud Private - More on using Helm and Kubectl to create, upload, install and use applications

Following my earlier post: -


here's some more about using Helm and Kubectl to drive IBM Cloud Private 2.1.0.2.

Enjoy :-)

Install and Use IBM Cloud CLI / Helm / Kube on iceboat Ubuntu box ( as root )

Download the required ICP Plugin for the IBM Cloud CLI


Resolving icpboot.uk.ibm.com (icpboot.uk.ibm.com)... 192.168.1.100
Connecting to icpboot.uk.ibm.com (icpboot.uk.ibm.com)|192.168.1.100|:8443... connected.
WARNING: cannot verify icpboot.uk.ibm.com's certificate, issued by 'CN=mycluster.icp':
  Self-signed certificate encountered.
    WARNING: certificate common name 'mycluster.icp' doesn't match requested host name 'icpboot.uk.ibm.com'.
HTTP request sent, awaiting response... 200 OK
Length: 20746952 (20M) [application/octet-stream]
Saving to: 'icp-linux-amd64'

icp-linux-amd64                                                     100%[===================================================================================================================================================================>]  19.79M  43.1MB/s    in 0.5s

2018-04-12 02:20:55 (43.1 MB/s) - 'icp-linux-amd64' saved [20746952/20746952]

Install the Plugin

bx plugin install icp-linux-amd64

Installing binary...
OK
Plug-in 'icp 2.1.182' was successfully installed into /root/.bluemix/plugins/icp. Use 'bx plugin show icp' to show its details.

Validate plugins

bx plugin list

Listing installed plug-ins...

Plugin Name   Version
icp           2.1.182

Download the required version of Helm from ICP


Resolving icpboot.uk.ibm.com (icpboot.uk.ibm.com)... 192.168.1.100
Connecting to icpboot.uk.ibm.com (icpboot.uk.ibm.com)|192.168.1.100|:8443... connected.
WARNING: cannot verify icpboot.uk.ibm.com's certificate, issued by 'CN=mycluster.icp':
  Self-signed certificate encountered.
    WARNING: certificate common name 'mycluster.icp' doesn't match requested host name 'icpboot.uk.ibm.com'.
HTTP request sent, awaiting response... 200 OK
Length: 68393980 (65M) [application/octet-stream]
Saving to: 'helm'

helm                                                                100%[=================================================================================================================================================================>]  65.22M  11.8MB/s    in 5.3s

2018-04-10 02:10:08 (12.2 MB/s) - 'helm' saved [68393980/68393980]

Validate the download

ls -al helm

-rw-r--r-- 1 root root 68393980 Mar  5 15:01 helm

Set exec permission

chmod a+x helm

Move into local path

mv ./helm /usr/local/bin/

Log into ICP via the IBM Cloud CLI

bx pr login -a https://mycluster.icp:8443 --skip-ssl-validation -c id-mycluster-account -u admin -p admin

Authenticating...
OK

Targeted account: mycluster Account (id-mycluster-account)

List Clusters

bx pr clusters

Name        ID                                 State      Created                    Masters   Workers   Datacenter
mycluster   00000000000000000000000000000001   deployed   2018-04-10T15:18:16+0000   1         2         default

Configure Cluster ( this creates necessary TLS configuration for Helm )

bx pr cluster-config mycluster

Configuring kubectl: /root/.bluemix/plugins/icp/clusters/mycluster/kube-config
Cluster "mycluster" set.
Cluster "mycluster" set.
User "mycluster-user" set.
Context "mycluster-context" created.
Context "mycluster-context" modified.
Switched to context "mycluster-context".

OK
Cluster mycluster configured successfully.

Check Helm version ( with TLS )

helm version --tls

Client: &version.Version{SemVer:"v2.7.2+icp", GitCommit:"d41a5c2da480efc555ddca57d3972bcad3351801", GitTreeState:"dirty"}
Server: &version.Version{SemVer:"v2.7.2+icp", GitCommit:"d41a5c2da480efc555ddca57d3972bcad3351801", GitTreeState:"dirty"}

Create a Sample Helm Chart

helm create demoapp

- Creates demoapp in home directory e.g. ~/demoapp

Add required values to values.yaml

vi ~/demoapp/values.yaml 

Append: -

fullnameOverride: ""
nameOverride: ""


Validate the new Helm Chart's format

helm lint --strict demoapp

==> Linting demoapp
[INFO] Chart.yaml: icon is recommended

1 chart(s) linted, no failures

Package the Chart

helm package demoapp ; ls -l d*.tgz

Successfully packaged chart and saved it to: /home/hayd/demoapp-0.1.0.tgz
-rw-r--r-- 1 root root 2581 Apr 10 09:14 demoapp-0.1.0.tgz

Log into ICP via the IBM Cloud CLI

bx pr login -a https://mycluster.icp:8443 --skip-ssl-validation -c id-mycluster-account -u admin -p admin

Upload the new Chart

bx pr load-helm-chart --archive demoapp-0.1.0.tgz --clustername mycluster.icp

Loading helm chart
OK

Synch charts
  {"message":"synch started"}
OK

Check Helm Repo


Resolving icpboot.uk.ibm.com (icpboot.uk.ibm.com)... 192.168.1.100
Connecting to icpboot.uk.ibm.com (icpboot.uk.ibm.com)|192.168.1.100|:8443... connected.
WARNING: cannot verify icpboot.uk.ibm.com's certificate, issued by 'CN=mycluster.icp':
  Self-signed certificate encountered.
    WARNING: certificate common name 'mycluster.icp' doesn't match requested host name 'icpboot.uk.ibm.com'.
HTTP request sent, awaiting response... 200 OK
Length: 354 [application/x-yaml]
Saving to: 'index.yaml'

index.yaml                                         100%[================================================================================================================>]     354  --.-KB/s    in 0s

2018-04-10 09:29:52 (72.6 MB/s) - 'index.yaml' saved [354/354]

cat index.yaml

apiVersion: v1
entries:
  demoapp:
    -
      apiVersion: v1
      created: '2018-04-10T16:24:55.459Z'
      description: 'A Helm chart for Kubernetes'
      digest: '-1'
      name: demoapp
      urls:
      version: 0.1.0
generated: '2018-04-10T16:24:55.459Z'

Search Repo

helm search -l|grep -i demo

local/demoapp                        0.1.0        1.0                         A Helm chart for Kubernetes

Install Helm Chart

helm install --name mydemoapp demoapp --tls

NAME:   mydemoapp
LAST DEPLOYED: Thu Apr 12 02:41:09 2018
NAMESPACE: default
STATUS: DEPLOYED

RESOURCES:
==> v1/Service
NAME       TYPE       CLUSTER-IP  EXTERNAL-IP  PORT(S)  AGE
mydemoapp  ClusterIP  10.0.0.17   <none>       80/TCP   0s

==> v1beta2/Deployment
NAME       DESIRED  CURRENT  UP-TO-DATE  AVAILABLE  AGE
mydemoapp  1        1        1           0          0s


NOTES:
1. Get the application URL by running these commands:
  export POD_NAME=$(kubectl get pods --namespace default -l "app=demoapp,release=mydemoapp" -o jsonpath="{.items[0].metadata.name}")
  echo "Visit http://127.0.0.1:8080 to use your application"
  kubectl port-forward $POD_NAME 8080:80

List Deployed Charts

helm list --tls

 NAME     REVISION UPDATED                 STATUS  CHART        NAMESPACE
 mydemoapp 1       Thu Apr 12 02:41:09 2018 DEPLOYED demoapp-0.1.0 default

Get the Deployment Details

kubectl get deployments mydemoapp

NAME        DESIRED   CURRENT   UP-TO-DATE   AVAILABLE   AGE
mydemoapp   1         1         1            1           47m

kubectl describe deployment mydemoapp

Name:                   mydemoapp
Namespace:              default
CreationTimestamp:      Thu, 12 Apr 2018 02:41:09 -0700
Labels:                 app=demoapp
                        chart=demoapp-0.1.0
                        heritage=Tiller
                        release=mydemoapp
Annotations:            deployment.kubernetes.io/revision=1
Selector:               app=demoapp,release=mydemoapp
Replicas:               1 desired | 1 updated | 1 total | 1 available | 0 unavailable
StrategyType:           RollingUpdate
MinReadySeconds:        0
RollingUpdateStrategy:  25% max unavailable, 25% max surge
Pod Template:
  Labels:  app=demoapp
           release=mydemoapp
  Containers:
   demoapp:
    Image:        nginx:stable
    Port:         80/TCP
    Host Port:    0/TCP
    Liveness:     http-get http://:http/ delay=0s timeout=1s period=10s #success=1 #failure=3
    Readiness:    http-get http://:http/ delay=0s timeout=1s period=10s #success=1 #failure=3
    Environment:  <none>
    Mounts:       <none>
  Volumes:        <none>
Conditions:
  Type           Status  Reason
  ----           ------  ------
  Available      True    MinimumReplicasAvailable
  Progressing    True    NewReplicaSetAvailable
OldReplicaSets:  <none>
NewReplicaSet:   mydemoapp-84dcbdfbf4 (1/1 replicas created)
Events:
  Type    Reason             Age   From                   Message
  ----    ------             ----  ----                   -------
  Normal  ScalingReplicaSet  48m   deployment-controller  Scaled up replica set mydemoapp-84dcbdfbf4 to 1

Expose the Demo App via a NodePort service

kubectl expose deployment mydemoapp --type=NodePort --name=mydemoapp-service

service "mydemoapp-service" exposed

Describe the new NodePort Service

kubectl describe service mydemoapp-service

Name:                     mydemoapp-service
Namespace:                default
Labels:                   app=demoapp
                          chart=demoapp-0.1.0
                          heritage=Tiller
                          release=mydemoapp
Annotations:              <none>
Selector:                 app=demoapp,release=mydemoapp
Type:                     NodePort
IP:                       10.0.0.74
Port:                     <unset>  80/TCP
TargetPort:               80/TCP
NodePort:                 <unset>  30129/TCP
Endpoints:                10.1.28.131:80
Session Affinity:         None
External Traffic Policy:  Cluster
Events:                   <none>

Note the NodePort

Test the Service using curl ( using the ICPProxy and the exposed NodePort )


<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
    body {
        width: 35em;
        margin: 0 auto;
        font-family: Tahoma, Verdana, Arial, sans-serif;
    }
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>

<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>

<p><em>Thank you for using nginx.</em></p>
</body>
</html>

Test the Service using a browser


If needed, validate upon what node(s) the application is running

kubectl get pods --selector="app=demoapp" --output=wide

NAME                         READY     STATUS    RESTARTS   AGE       IP            NODE
mydemoapp-84dcbdfbf4-gvnvp   1/1       Running   0          50m       10.1.28.131   192.168.1.101

Next to use a "real" Docker example ( Hello World ) from here …


Monday, 9 April 2018

More on the IBM Cloud Command Line - This time on macOS

So, when I tried to log in to my ICP 2.1.0.2 cluster from my Mac: -

bx pr login -a https://mycluster.icp:8443 --skip-ssl-validation -c id-mycluster-account -u admin -p admin

FAILED
'pr' is not a registered command. See 'bx help'.

bx help

NAME:
   bx - A command line tool to interact with IBM Cloud

USAGE:
   [environment variables] bx [global options] command [arguments...] [command options]

VERSION:
   0.6.6+d4d59ab5-2018-03-20T07:49:59+00:00

COMMANDS:
   api        Set or view target API endpoint
   login      Log user in
   logout     Log user out
   target     Set or view the targeted region, account, resource group, org or space
   info       View cloud information
   config     Write default values to the config
   update     Update CLI to the latest version
   regions    List all the regions
   account    Manage accounts, users, orgs and spaces
   catalog    Manage catalog
   resource   Manage resource groups and resources
   iam        Manage identities and access to resources
   app        Manage Cloud Foundry applications and application related domains, routes and certificates
   service    Manage Cloud Foundry services
   billing    Retrieve usage and billing information
   plugin     Manage plug-ins and plug-in repositories
   cf         Run Cloud Foundry CLI with IBM Cloud CLI context
   sl         Gen1 infrastructure Infrastructure services
   cr         Commands for interacting with IBM Bluemix Container Registry.
   cs         Plug-in for the IBM Bluemix Container Service.
   dev        A CLI plugin to create, manage, and run projects on Bluemix
   help       
   
Enter 'bx help [command]' for more information about a command.

ENVIRONMENT VARIABLES:
   BLUEMIX_COLOR=false                     Do not colorize output
   BLUEMIX_TRACE=true                      Print API request diagnostics to stdout
   BLUEMIX_TRACE=path/to/trace.log         Append API request diagnostics to a log file
   BLUEMIX_API_KEY=api_key_value           API key to use during login

GLOBAL OPTIONS:
   --version, -v                      Print the version
   --help, -h                         Show help

So I'd correctly downloaded / installed the IBM Cloud CLI: -



which gave me this: -

bx -version

bx version 0.6.6+d4d59ab5-2018-03-20T07:49:59+00:00

but I had neglected to download/install the relevant IBM Cloud Private (ICP) Plugin.

This helped: -


which directed me to the ICP admin UI itself: -



curl --insecure https://192.168.1.100:8443/api/cli/icp-darwin-amd64 > /tmp/icp-darwin-amd64

  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100 19.5M  100 19.5M    0     0  10.4M      0  0:00:01  0:00:01 --:--:-- 10.4M


ls -al /tmp/icp*

-rw-r--r--  1 davidhay  wheel  20524704  9 Apr 19:42 /tmp/icp-darwin-amd64

bx plugin list

Listing installed plug-ins...

Plugin Name          Version   
dev                  0.1.13   
container-registry   0.1.171   
container-service    0.1.328   


bx plugin install /tmp/icp-darwin-amd64

Installing binary...
OK
Plug-in 'icp 2.1.182' was successfully installed into /Users/davidhay/.bluemix/plugins/icp. Use 'bx plugin show icp' to show its details.


bx plugin list

Listing installed plug-ins...

Plugin Name          Version   
container-registry   0.1.171   
container-service    0.1.328   
dev                  0.1.13   
icp                  2.1.182   

API endpoint: https://mycluster.icp:8443
Authenticating...
OK

Targeted account: mycluster Account (id-mycluster-account)


Nice :-)

IBM Cloud Private - Tinkering with Helm Charts

As is probably apparent, I'm on a learning-curve with IBM Cloud Private (ICP), having installed it a number of times over the past six months.

So, whilst I'm fairly happy with the installation, whether standalone using Vagrant or multi-node using VMware, I'm still learning the actual use cases to which ICP can be put.

In the context of helping someone with a Helm Chart deployment issue, I ran through a couple of sample scenarios: -

Scenario One - Creating and deploying and testing a Helm chart that does ABSOLUTELY NOTHING

Create a Sample Helm Chart

helm create demoapp

Creating demoapp

Validate the new Helm Chart's format

helm lint --strict demoapp

==> Linting demoapp
[INFO] Chart.yaml: icon is recommended

1 chart(s) linted, no failures


Package the Chart

helm package demoapp ; ls -l demo*.tgz

Successfully packaged chart and saved it to: /home/hayd/demoapp-0.1.0.tgz
-rw-r--r-- 1 root root 2394 Apr  9 07:51 demoapp-0.1.0.tgz


Log into ICP via the IBM Cloud CLI

bx pr login -a https://mycluster.icp:8443 --skip-ssl-validation -c id-mycluster-account -u admin -p admin

API endpoint: https://mycluster.icp:8443
Authenticating...
OK

Targeted account: mycluster Account (id-mycluster-account)


Upload the new Chart

bx pr load-helm-chart --archive demoapp-0.1.0.tgz --clustername mycluster.icp

Loading helm chart
  {"url":"https://icp-management-ingress:8443/helm-repo/charts/index.yaml"}
OK

Synch charts
  {"message":"synch started"}
OK


Sync Helm Repositories

Via UI, Manage -> Helm Repositories -> Sync Repositories -> OK

Install Helm Chart

Via UI, Catalog -> Helm Charts -> [demoapp] -> Configure

I used this as source: -


for this.

I then went one step further, using this: -


which uses a Docker image ( Busybox ) instead.

Create Helm Chart

helm create helloworld-chart

Creating helloworld-chart

Update values.yaml for the Hello World Busybox example

vi helloworld-chart/values.yaml

Replace existing image and service tags: -

image:
  repository: nginx
  tag: stable
  pullPolicy: IfNotPresent
service:
  name: nginx
  type: ClusterIP
  externalPort: 80
  internalPort: 80

with: -

image:
  repository: reyesoft/hello-world
  tag: latest
  pullPolicy: IfNotPresent
service:
  name: hello-world
  type: LoadBalancer
  externalPort: 80
  internalPort: 8005


Validate the Helm Chart

helm lint --strict helloworld-chart

==> Linting helloworld-chart
[INFO] Chart.yaml: icon is recommended

1 chart(s) linted, no failures


Package the Chart

helm package helloworld-chart ; ls -l *.tgz

Successfully packaged chart and saved it to: /Users/davidhay/helloworld-chart-0.1.0.tgz
-rw-r--r--  1 davidhay  staff  2418  9 Apr 19:20 helloworld-chart-0.1.0.tgz


Log into ICP via the IBM Cloud CLI

bx pr login -a https://mycluster.icp:8443 --skip-ssl-validation -c id-mycluster-account -u admin -p admin

Upload the new Chart

bx pr load-helm-chart --archive helloworld-chart-0.1.0.tgz --clustername mycluster.icp

Sync Helm Repositories ( via UI, Manage -> Helm Repositories -> Sync Repositories -> OK )

Install Helm Chart ( via UI, Catalog -> Helm Charts -> demoapp -> Configure )

- I need to work out how to achieve the same via the CLI

Test Helm Chart

curl http://192.168.1.102:32302/

<h1>Hello world!</h1>

curl http://icpproxy.uk.ibm.com:32302/

<h1>Hello world!</h1>


Explore the new features in Cloud Automation Manager version 2.1.0.2

This was just published today: -

We are very pleased to announce the availability of IBM Cloud Automation Manager (CAM) v2.1.0.2. New releases are published every quarter. These releases provide both regular maintenance for the product and new functional content. This release features:

• A simplified experience for installing Cloud Automation Manager from Docker Store
• Enhancements to Service Composer to speed delivery of curated application services in the IBM Cloud Private service catalog
• Template Designer, a graphical drag and drop tool for building Terraform automation
• New integrations that simplify operations of application services
• Support for Google Cloud Platform & z/VM Cloud Manager Appliance
• Enhanced CAM pre-built content
Expand the sections below to find out more!

IBM Cloud Private - Authentication using IBM Cloud CLI - Changed

As ever, continuing to tinker with IBM Cloud Private (ICP), this time the most recent build ( 2.1.02 ), but using notes from my first build with an older version, back in October.

Having downloaded and installed the IBM Cloud CLI ( formerly known as the IBM Bluemix CLI ), I attempted to log into ICP, using one of two approaches: -

bx pr login -a https://icpboot.uk.ibm.com:8443 --skip-ssl-validation -c id-icp-account

-OR-

bx pr login -a https://icpboot.uk.ibm.com:8443 --skip-ssl-validation -c id-icp-account -u admin -p admin

Alas both methods failed: -

bx pr login -a https://icpboot.uk.ibm.com:8443 --skip-ssl-validation -c id-icp-account

API endpoint: https://icpboot.uk.ibm.com:8443

Username> admin

Password> 
Authenticating...
OK

FAILED
Account ID or name does not match to the existing accounts.


bx pr login -a https://icpboot.uk.ibm.com:8443 --skip-ssl-validation -c id-icp-account -u admin -p admin

API endpoint: https://icpboot.uk.ibm.com:8443
Authenticating...
OK

FAILED
Account ID or name does not match to the existing accounts.

I looked at the help text for the bx pr login command: -

bx pr login -?

Incorrect Usage: flag provided but not defined: -?

NAME:
    login - Log user in.

    USAGE:
       bx pr login [-a CLUSTER_URL] [-u USERNAME] [-p PASSWORD] 

      WARNING:   Providing your password as a command line option is not recommended.
                 Your password might be visible to others and might be recorded in your shell history.

      EXAMPLE:
        bx pr login
            To interactively provide your user name and password, omit the user name and password options.
        bx pr login -u name@example.com -p pa55woRD
            Specify your username and password as arguments.
        bx pr login -u name@example.com -p "my password"
            Use quotation marks (") around passwords that have spaces.
        bx pr login -u name@example.com -p "\"password"\"
            If your password contains quotation mark characters ("), use backslash characters (\) to escape them.

    
    PARAMETERS:
       -a value               The URL that you use to access the management console, such as https://<ip_address>:8443.
       -u value               Username
       -p value               Password
       -c value               Account ID or name
       --skip-ssl-validation  Bypass SSL validation of HTTP requests. This option is not recommended.

specifically focusing upon the -c parameter.

In my notes, I had this set to id-icp-account and I wondered whether that was part of the problem.

Taking a punt, I tried this: -

bx pr login -a https://icpboot.uk.ibm.com:8443 --skip-ssl-validation -u admin -p admin

( i.e. NOT specifying the account name )

which prompted me thusly: -

API endpoint: https://icpboot.uk.ibm.com:8443
Authenticating...
OK

Select an account:
1. mycluster Account (id-mycluster-account)
Enter a number> 1
Targeted account: mycluster Account (id-mycluster-account)


In other words, for this installation, the account name has changed from id-icp-account to id-mycluster-account.

To prove this, I logged out: -

bx pr logout

Logging out…
OK


and then tried the all-in-one command: -

bx pr login -a https://icpboot.uk.ibm.com:8443 --skip-ssl-validation -c id-mycluster-account -u admin -p admin

API endpoint: https://icpboot.uk.ibm.com:8443
Authenticating...
OK

Targeted account: mycluster Account (id-mycluster-account)


bx pr clusters

OK
Name        ID                                 State      Created                    Masters   Workers   Datacenter   
mycluster   00000000000000000000000000000001   deployed   2018-04-09T12:57:13+0000   1         2         default   


Can you say "YAY!" ?? I bet you can ….