Last September, Red Hat released OpenShift 3.3 Container Platform stepping up the game in the Platform as a Service (PaaS) solutions world. The OpenShift Container Platform is a PaaS built on Red Hat Enterprise Linux and Kubernetes that provides a cloud application platform for deploying new applications on secure, scalable resources with minimal configuration and management overhead. It comes with many cool features, such as an integrated Docker registry, pipelines, one click image deploy, a better UI, and more, which aim at making it the industry’s leading enterprise Kubernetes platform for running existing and cloud-native applications in any cloud. We are starting to see our customers and prospects who are interested in a PaaS approach for deploying their applications use OpenShift. So, we decided to take advantage of the OpenShift Platform as well and give it a try!
You can read more about Nuxeo on AWS in this whitepaper.
In order to test it you have quite a few options available, but the simplest one is to just download the All-In-One VM for OpenShift Origin, which is the free version of the OpenShift Container Platform or OpenShift Enterprise, or to start a new cluster by running the public docker image (but pay attention as you must run an older Docker version like 1.10). If you move beyond testing to a production setup, you have very detailed documentation available from Red Hat on how to deploy OpenShift on AWS as a HA cluster. It’s important to note that you need at least an OpenShift Business Partner Supported NFR subscription and trying with a 30 Day Red Hat Enterprise Linux Server Self-Supported Evaluation subscription won’t work! (Take my word for it or spend 2 days trying!)
This exercise is a really simple one. I just want to have the Nuxeo Content Services Platform configured to run with MongoDB as fast as possible for development purposes. I will also show you how to install some marketplace packages in the process and configure an AWS EBS volume to be used by MongoDB as persistent storage to spice things up a little (Of course, for this one I will assume that you have OpenShift cluster running on AWS).
You have 2 options: You can download and use the OpenShift CLI client or just do (almost) everything from the UI. I will show you both options, but note that the UI is very limited in comparison to the client. Let’s take a look at the steps now.
1. Have OpenShift up and running Let’s move a little into the future (or 10 mins depending on which option you chose from the above) and assume that you have an OpenShift cluster up and running.
To run the All-In-One VM, you have to use:
$ vagrant init openshift/origin-all-in-one $ vagrant up --provider=virtualbox
The console is running at
If you choose to install the HA cluster follow the documentation here and you will end up with this architecture on AWS:
2. Login into OpenShift and create a project
If you chose to test this with the All-In-One image you can just login using the username/password “admin/admin”:
$ oc login https://10.2.2.2:8443 $ oc new-project test-nuxeo
Now use the project “test-nuxeo” on the server
If you have the AWS cluster installation you can generate a token from the web console. Assuming that the cluster is deployed at
openshift-master.io.nuxeo.com/ go to
https://openshift-master.io.nuxeo.com/console/command-line and copy the generated token to login:
$ oc login https://openshift-master.io.nuxeo.com --token=XXX
Now create a new project:
3. Set up an EBS volume (AWS Cluster) and deploy MongoDB
If you are running an OpenShift cluster on AWS only a cluster administrator can configure persistent volumes to be available for all projects. Then any application that needs external storage can automatically attach and use them.
- EBS Volume in AWS:
$ cat aws-pv.yaml apiVersion: "v1" kind: "PersistentVolume" metadata: name: "pv00001" spec: capacity: storage: "1Gi" accessModes: - "ReadWriteOnce" awsElasticBlockStore: fsType: "ext4" volumeID: "vol-026b24515ee34265c" $ oc create -f aws-pv.yaml persistentvolume "pv00001" created
Now you can just deploy a new MongoDB by clicking Add to project/ Browse Catalog and selecting the existing “mongodb-persistent” template as shown below (set all parameters to the value ”nuxeo” for convenience). Note that scaling to more than one replica is not supported with this template:
That’s it! MongoDB container is now up and running:
Let’s start Nuxeo too!
4. Build and run Nuxeo Docker image
By default, all containers that we launch within OpenShift are not allowed to use a root user within the container. We cannot simply run
nuxeo:latest as this will fail because OpenShift will prevent the container from running as root. We can edit the security context to relax this constraint (follow the solution described here) or you can build a new Nuxeo image from my slightly modified Dockerfile that runs as the user ‘nuxeo’ instead of root.
You can directly pass the github repository and the environment variables and wait for the magic to happen, where OpenShift builds the docker image, pushes it to the internal registry, and starts the Nuxeo container.
As I want to start Nuxeo using the MongoDB template and also install the ‘nuxeo-web-ui’ marketplace package, I will create a new application and pass these as environment variables:
$oc new-app https://github.com/mcedica/nuxeo-openshift-image.git -e NUXEO_TEMPLATES=default,mongodb -e NUXEO_CUSTOM_PARAM=nuxeo.mongodb.server=mongodb://admin:[email protected]:27017 -e NUXEO_PACKAGES=nuxeo-web-ui --> Found Docker image ad7074a (12 days old) from Docker Hub for "nuxeo:8.10" --> Creating resources ... imagestream "nuxeo" created imagestream "nuxeo-openshift-image" created buildconfig "nuxeo-openshift-image" created deploymentconfig "nuxeo-openshift-image" created service "nuxeo-openshift-image" created --> Success Build scheduled, use 'oc logs -f bc/nuxeo-openshift-image' to track its progress. Run 'oc status' to view your app.
Or in the web console just click on Add to project, go to Deploy Image and put
nuxeo:latest assuming that you have modified the security constraints if needed* and set the above environment variables.
Security constraints: If you are testing with the All-In-One OpenShift Origin VM, no need to do anything. You can already run any container as root. If you are on the AWS OpenShift HA Cluster installation and want to install the default nuxeo:latest Docker image, then execute the following:
$oc edit scc anyuid
And add to users: system:serviceaccount:$PROJECT:default #where $PROJECT is the name of your OS project
You can check the build of your new Docker image (that is now pushed into the internal registry):
Here’s the deployment:
Finally, here’s the running pod:
At this point we have both MongoDB and the Nuxeo Platform running:
The only thing left is to configure a route to access the Nuxeo Platform:
Voila! The Nuxeo Platform configured with a persistent MongoDB is running at:
http://nuxeo-route-test-nuxeo.apps.io.nuxeo.com/ (This was the link to my test application and is just an example for you. If you can’t access this link now that means my test application has been removed and so you have to try it for yourself to see the result!)