[jsingh@localhost templates]$ oc get cm NAME DATA AGE jenkins-1-ca 1 28s jenkins-1-global-ca 1 28s jenkins-1-sys-config 0 28s jenkins-trusted-ca-bundle 1 9s -------------------------------------------- pipeline build working - verified =--------------------------------------------- VERIFIED
============================================================================================================================== all details about the creation of the full certificate chain: 0) Pre-steps to hold the entire custom CA structure: ~~~ [RootCA] $ cd /path/to/safe/storage/customCA $ mkdir -p example.net.ca/root-ca/{certreqs,certs,crl,newcerts,private} $ cd example.net.ca/root-ca $ chmod 700 private $ touch root-ca.index $ echo 00 > root-ca.crlnum $ openssl rand -hex 16 > root-ca.serial [IntermediateCA] $ cd /path/to/safe/storage/customCA $ mkdir -p example.net.ca/intermed-ca/{certreqs,certs,crl,newcerts,private} $ cd example.net.ca/intermed-ca $ chmod 700 private $ touch intermed-ca.index $ echo 00 > intermed-ca.crlnum $ openssl rand -hex 16 > intermed-ca.serial ~~~ 1) Create RootCA config file as follows: ~~~ $ cd example.net.ca/root-ca $ cat root-ca.cnf # # OpenSSL configuration for the Root Certification Authority. # # # This definition doesn't work if HOME isn't defined. CA_HOME = . RANDFILE = $ENV::CA_HOME/private/.rnd # # Default Certification Authority [ ca ] default_ca = root_ca # # Root Certification Authority [ root_ca ] dir = $ENV::CA_HOME certs = $dir/certs serial = $dir/root-ca.serial database = $dir/root-ca.index new_certs_dir = $dir/newcerts certificate = $dir/root-ca.cert.pem private_key = $dir/private/root-ca.key.pem default_days = 1826 # Five years crl = $dir/root-ca.crl crl_dir = $dir/crl crlnumber = $dir/root-ca.crlnum name_opt = multiline, align cert_opt = no_pubkey copy_extensions = copy crl_extensions = crl_ext default_crl_days = 180 default_md = sha256 preserve = no email_in_dn = no policy = policy unique_subject = no # # Distinguished Name Policy for CAs [ policy ] countryName = optional stateOrProvinceName = optional localityName = optional organizationName = supplied organizationalUnitName = optional commonName = supplied # # Root CA Request Options [ req ] default_bits = 4096 default_keyfile = private/root-ca.key.pem encrypt_key = yes default_md = sha256 string_mask = utf8only utf8 = yes prompt = no req_extensions = root-ca_req_ext distinguished_name = distinguished_name subjectAltName = @subject_alt_name # # Root CA Request Extensions [ root-ca_req_ext ] subjectKeyIdentifier = hash subjectAltName = @subject_alt_name # # Distinguished Name (DN) [ distinguished_name ] organizationName = example.net commonName = example.net Root Certification Authority # # Root CA Certificate Extensions [ root-ca_ext ] basicConstraints = critical, CA:true keyUsage = critical, keyCertSign, cRLSign nameConstraints = critical, @name_constraints subjectKeyIdentifier = hash subjectAltName = @subject_alt_name authorityKeyIdentifier = keyid:always issuerAltName = issuer:copy authorityInfoAccess = @auth_info_access crlDistributionPoints = crl_dist # # Intermediate CA Certificate Extensions [ intermed-ca_ext ] basicConstraints = critical, CA:true, pathlen:0 keyUsage = critical, keyCertSign, cRLSign subjectKeyIdentifier = hash subjectAltName = @subject_alt_name authorityKeyIdentifier = keyid:always issuerAltName = issuer:copy authorityInfoAccess = @auth_info_access crlDistributionPoints = crl_dist # # CRL Certificate Extensions [ crl_ext ] authorityKeyIdentifier = keyid:always issuerAltName = issuer:copy # # Certificate Authorities Alternative Names [ subject_alt_name ] URI = http://ca.example.net/ email = certmaster # # Name Constraints [ name_constraints ] permitted;DNS.1 = example.net permitted;email.1 = example.net # # Certificate download addresses for the root CA [ auth_info_access ] caIssuers;URI = http://ca.example.net/certs/example.net_Root_Certification_Authority.cert.pem # # CRL Download address for the root CA [ crl_dist ] fullname = URI:http://ca.example.net/crl/example.net_Root_Certification_Authority.crl # EOF ~~~ 2) Make sure the config is active: ~~~ $ export OPENSSL_CONF=./root-ca.cnf ~~~ 3) Generate CSR & Key: ~~~ $ openssl req -new -out root-ca.req.pem $ chmod 400 private/root-ca.key.pem ~~~ 4) Self-sign the Root certificate: ~~~ $ openssl rand -hex 16 > root-ca.serial $ openssl ca -selfsign -in root-ca.req.pem -out root-ca.cert.pem -extensions root-ca_ext -startdate `date +%y%m%d000000Z -u -d -1day` -enddate `date +%y%m%d000000Z -u -d +10years+1day` ~~~ 5) (Optional) Verify the cert: ~~~ $ openssl x509 -in ./root-ca.cert.pem -noout -text -certopt no_version,no_pubkey,no_sigdump -nameopt multiline $ openssl verify -verbose -CAfile root-ca.cert.pem root-ca.cert.pem ~~~ 6) Create IntermediateCA config file as follows: ~~~ $ cd example.net.ca/intermed-ca $ cat intermed-ca.cnf # # OpenSSL configuration for the Intermediate Certification Authority. # # # This definition doesn't work if HOME isn't defined. CA_HOME = . RANDFILE = $ENV::CA_HOME/private/.rnd oid_section = new_oids # # XMPP address Support [ new_oids ] xmppAddr = 1.3.6.1.5.5.7.8.5 dnsSRV = 1.3.6.1.5.5.7.8.7 # # Default Certification Authority [ ca ] default_ca = intermed_ca # # Intermediate Certification Authority [ intermed_ca ] dir = $ENV::CA_HOME certs = $dir/certs serial = $dir/intermed-ca.serial database = $dir/intermed-ca.index new_certs_dir = $dir/newcerts certificate = $dir/intermed-ca.cert.pem private_key = $dir/private/intermed-ca.key.pem default_days = 730 # Two years crl = $dir/crl/intermed-ca.crl crl_dir = $dir/crl crlnumber = $dir/intermed-ca.crlnum name_opt = multiline, align cert_opt = no_pubkey copy_extensions = copy crl_extensions = crl_ext default_crl_days = 30 default_md = sha256 preserve = no email_in_dn = no policy = policy unique_subject = no # # Distinguished Name Policy [ policy ] countryName = optional stateOrProvinceName = optional localityName = optional organizationName = optional organizationalUnitName = optional commonName = supplied # # Distinguished Name Policy for Personal Certificates [ user_policy ] countryName = supplied stateOrProvinceName = optional localityName = supplied organizationName = optional organizationalUnitName = optional commonName = supplied emailAddress = supplied #xmppAddr = optional # Added to SubjAltName by req # # Intermediate CA request options [ req ] default_bits = 3072 default_keyfile = private/intermed-ca.key.pem encrypt_key = yes default_md = sha256 string_mask = utf8only utf8 = yes prompt = no req_extensions = req_ext distinguished_name = distinguished_name subjectAltName = subject_alt_name # # Intermediate CA Request Extensions [ req_ext ] subjectKeyIdentifier = hash subjectAltName = @subject_alt_name # # Distinguished Name (DN) [ distinguished_name ] organizationName = example.net commonName = example.net Intermediate Certification Authority # # Server Certificate Extensions [ server_ext ] basicConstraints = CA:FALSE keyUsage = critical, digitalSignature, keyEncipherment extendedKeyUsage = critical, serverAuth, clientAuth subjectKeyIdentifier = hash authorityKeyIdentifier = keyid:always issuerAltName = issuer:copy authorityInfoAccess = @auth_info_access crlDistributionPoints = crl_dist # # Client Certificate Extensions [ client_ext ] basicConstraints = CA:FALSE keyUsage = critical, digitalSignature extendedKeyUsage = critical, clientAuth subjectKeyIdentifier = hash authorityKeyIdentifier = keyid:always issuerAltName = issuer:copy authorityInfoAccess = @auth_info_access crlDistributionPoints = crl_dist # # User Certificate Extensions [ user_ext ] basicConstraints = CA:FALSE keyUsage = critical, digitalSignature extendedKeyUsage = critical, clientAuth, emailProtection subjectKeyIdentifier = hash authorityKeyIdentifier = keyid:always issuerAltName = issuer:copy authorityInfoAccess = @auth_info_access crlDistributionPoints = crl_dist # # CRL Certificate Extensions [ crl_ext ] authorityKeyIdentifier = keyid:always issuerAltName = issuer:copy # # Certificate Authorities Alternative Names [ subject_alt_name ] URI = http://ca.example.net/ email = certmaster # # Certificate download addresses for the intermediate CA [ auth_info_access ] caIssuers;URI = http://ca.example.net/certs/example.net_Intermediate_Certification_Authority.cert.pem # # CRL Download address for the intermediate CA [ crl_dist ] fullname = URI:http://ca.example.net/crl/example.net_Intermediate_Certification_Authority.crl # EOF ~~~ 7) Switch to the proper config: ~~~ $ export OPENSSL_CONF=./intermed-ca.cnf ~~~ 8) Generate CSR & Key: ~~~ $ openssl req -new -out intermed-ca.req.pem $ chmod 400 private/intermed-ca.key.pem ~~~ 9) Sign the IntermediateCA with the RootCA: ~~~ $ cp intermed-ca.req.pem /path/to/safe/storage/customCA/example.net.ca/root-ca/certreqs/ $ cd /path/to/safe/storage/customCA/example.net.ca/root-ca/ $ export OPENSSL_CONF=./root-ca.cnf $ openssl rand -hex 16 > root-ca.serial $ openssl ca -in certreqs/intermed-ca.req.pem -out certs/intermed-ca.cert.pem -extensions intermed-ca_ext -startdate `date +%y%m%d000000Z -u -d -1day` -enddate `date +%y%m%d000000Z -u -d +5years+1day` $ cp certs/intermed-ca.cert.pem /path/to/safe/storage/customCA/example.net.ca/intermed-ca/ ~~~ 10) (Optional) Verify the cert: ~~~ $ openssl x509 -in certs/intermed-ca.cert.pem -noout -text -certopt no_version,no_pubkey,no_sigdump -nameopt multiline $ openssl verify -verbose -CAfile root-ca.cert.pem certs/intermed-ca.cert.pem ~~~ 11) Create the custom Ingress wildcard certificate for our cluster: ~~~ $ cd /path/to/safe/storage/customCA/example.net.ca/intermed-ca $ export OPENSSL_CONF=./intermed-ca.cnf $ INGRESS_DOMAIN="$(oc get ingress.config/cluster -o 'jsonpath={.spec.domain}')" $ openssl genrsa -out example.key 2048 $ openssl req -new -key example.key -out example.csr -subj "/C=US/ST=NC/L=Raleigh/O=OCP4/OU=IT/CN=*.$INGRESS_DOMAIN" $ mv example.csr ./certreqs/ ~~~ 12) Sign the Server Cert with the IntermediateCA: ~~~ $ openssl rand -hex 16 > intermed-ca.serial $ openssl ca -in ./certreqs/example.csr -out ./certs/example.pem -extensions server_ext ~~~ ================================================================================================================================== jsingh@localhost ~/go/src/github.com/redhat-developer/jenkins/openshift/templates ➦ 1c19ede oc new-project jitsingh Now using project "jitsingh" on server "https://api.wxj181-5422.qe.devcluster.openshift.com:6443". You can add applications to this project with the 'new-app' command. For example, try: oc new-app django-psql-example to build a new example application in Python. Or use kubectl to deploy a simple Kubernetes application: kubectl create deployment hello-node --image=gcr.io/hello-minikube-zero-install/hello-node jsingh@localhost ~/go/src/github.com/redhat-developer/jenkins/openshift/templates ➦ 1c19ede oc create -f jenkins-ephemeral.json template.template.openshift.io/jenkins-ephemeral created jsingh@localhost ~/go/src/github.com/redhat-developer/jenkins/openshift/templates ➦ 1c19ede oc get is No resources found. jsingh@localhost ~/go/src/github.com/redhat-developer/jenkins/openshift/templates ➦ 1c19ede oc get pods No resources found. jsingh@localhost ~/go/src/github.com/redhat-developer/jenkins/openshift/templates ➦ 1c19ede oc new-build https://github.com/jitendar-singh/jenkins.git --context-dir=2/ --> Found container image 8b61dd8 (11 hours old) from quay.io for "quay.io/openshift/origin-cli" OpenShift Client ---------------- OpenShift is a platform for developing, building, and deploying containerized applications. Tags: openshift, cli * An image stream tag will be created as "origin-cli:latest" that will track the source image * A Docker build using source code from https://github.com/jitendar-singh/jenkins.git will be created * The resulting image will be pushed to image stream tag "jenkins:latest" * Every time "origin-cli:latest" changes a new build will be triggered --> Creating resources with label build=jenkins ... imagestream.image.openshift.io "origin-cli" created imagestream.image.openshift.io "jenkins" created buildconfig.build.openshift.io "jenkins" created --> Success jsingh@localhost ~/go/src/github.com/redhat-developer/jenkins/openshift/templates ➦ 1c19ede oc new-app jenkins-ephemeral -p NAMESPACE=$(oc project -q) -p JENKINS_IMAGE_STREAM_TAG=jenkins:latest --> Deploying template "jitsingh/jenkins-ephemeral" to project jitsingh Jenkins (Ephemeral) --------- Jenkins service, without persistent storage. WARNING: Any data stored will be lost upon pod destruction. Only use this template for testing. A Jenkins service has been created in your project. Log into Jenkins with your OpenShift account. The tutorial at https://github.com/openshift/origin/blob/master/examples/jenkins/README.md contains more information about using this template. * With parameters: * Jenkins Service Name=jenkins * Jenkins JNLP Service Name=jenkins-jnlp * Enable OAuth in Jenkins=true * Memory Limit=1Gi * Jenkins ImageStream Namespace=jitsingh * Disable memory intensive administrative monitors=false * Jenkins ImageStreamTag=jenkins:latest * Allows use of Jenkins Update Center repository with invalid SSL certificate=false --> Creating resources ... route.route.openshift.io "jenkins" created configmap "jenkins-trusted-ca-bundle" created deploymentconfig.apps.openshift.io "jenkins" created serviceaccount "jenkins" created rolebinding.authorization.openshift.io "jenkins_edit" created service "jenkins-jnlp" created service "jenkins" created --> Success Access your application via route 'jenkins-jitsingh.apps.wxj181-5422.qe.devcluster.openshift.com' Run 'oc status' to view your app. jsingh@localhost ~/go/src/github.com/redhat-developer/jenkins/openshift/templates ➦ 1c19ede oc get pods NAME READY STATUS RESTARTS AGE jenkins-1-build 1/1 Running 0 26s jsingh@localhost ~/go/src/github.com/redhat-developer/jenkins/openshift/templates ➦ 1c19ede oc describe pods/jenkins-1-build Name: jenkins-1-build Namespace: jitsingh Priority: 0 PriorityClassName: <none> Node: ip-10-0-50-255.us-east-2.compute.internal/10.0.50.255 Start Time: Thu, 18 Jun 2020 12:43:10 +0530 Labels: openshift.io/build.name=jenkins-1 Annotations: k8s.v1.cni.cncf.io/networks-status: [{ "name": "openshift-sdn", "interface": "eth0", "ips": [ "10.129.2.28" ], "dns": {}, "default-route": [ "10.129.2.1" ] }] openshift.io/build.name: jenkins-1 openshift.io/scc: privileged Status: Running IP: 10.129.2.28 Controlled By: Build/jenkins-1 Init Containers: git-clone: Container ID: cri-o://338ccd641b2c44747409b718d99b6d12c6035bd7d23a2585380ff9144bbffa57 Image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0c9afa4b0e8ed0a929d78f54e116aadebd6d7ceaf85dc551ddbbc48f85020b2d Image ID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0c9afa4b0e8ed0a929d78f54e116aadebd6d7ceaf85dc551ddbbc48f85020b2d Port: <none> Host Port: <none> Command: openshift-git-clone Args: --loglevel=0 State: Terminated Reason: Completed Exit Code: 0 Started: Thu, 18 Jun 2020 12:43:12 +0530 Finished: Thu, 18 Jun 2020 12:43:16 +0530 Ready: True Restart Count: 0 Environment: BUILD: {"kind":"Build","apiVersion":"build.openshift.io/v1","metadata":{"name":"jenkins-1","namespace":"jitsingh","selfLink":"/apis/build.openshift.io/v1/namespaces/jitsingh/builds/jenkins-1","uid":"4d90cf73-139a-4a10-8f7d-9f56c0938d00","resourceVersion":"158107","creationTimestamp":"2020-06-18T07:13:10Z","labels":{"build":"jenkins","buildconfig":"jenkins","openshift.io/build-config.name":"jenkins","openshift.io/build.start-policy":"Serial"},"annotations":{"openshift.io/build-config.name":"jenkins","openshift.io/build.number":"1"},"ownerReferences":[{"apiVersion":"build.openshift.io/v1","kind":"BuildConfig","name":"jenkins","uid":"ff03320f-161a-404f-93c7-9234c6db9fdd","controller":true}]},"spec":{"serviceAccount":"builder","source":{"type":"Git","git":{"uri":"https://github.com/jitendar-singh/jenkins.git"},"contextDir":"2"},"strategy":{"type":"Docker","dockerStrategy":{"from":{"kind":"DockerImage","name":"quay.io/openshift/origin-cli@sha256:e4e40d4fd585029f7287f7bcdb45067c696d126869a3d817891049cd5039f04d"},"pullSecret":{"name":"builder-dockercfg-mdg5d"}}},"output":{"to":{"kind":"DockerImage","name":"image-registry.openshift-image-registry.svc:5000/jitsingh/jenkins:latest"},"pushSecret":{"name":"builder-dockercfg-mdg5d"}},"resources":{},"postCommit":{},"nodeSelector":null,"triggeredBy":[{"message":"Build configuration change"}]},"status":{"phase":"New","outputDockerImageReference":"image-registry.openshift-image-registry.svc:5000/jitsingh/jenkins:latest","config":{"kind":"BuildConfig","namespace":"jitsingh","name":"jenkins"},"output":{}}} LANG: en_US.utf8 SOURCE_REPOSITORY: https://github.com/jitendar-singh/jenkins.git SOURCE_URI: https://github.com/jitendar-singh/jenkins.git SOURCE_CONTEXT_DIR: 2 BUILD_REGISTRIES_CONF_PATH: /var/run/configs/openshift.io/build-system/registries.conf BUILD_REGISTRIES_DIR_PATH: /var/run/configs/openshift.io/build-system/registries.d BUILD_SIGNATURE_POLICY_PATH: /var/run/configs/openshift.io/build-system/policy.json BUILD_STORAGE_CONF_PATH: /var/run/configs/openshift.io/build-system/storage.conf BUILD_BLOBCACHE_DIR: /var/cache/blobs HTTP_PROXY: HTTPS_PROXY: NO_PROXY: Mounts: /etc/pki/ca-trust/extracted/pem from build-proxy-ca-bundles (rw) /tmp/build from buildworkdir (rw) /var/cache/blobs from build-blob-cache (rw) /var/run/configs/openshift.io/build-system from build-system-configs (ro) /var/run/configs/openshift.io/certs from build-ca-bundles (rw) /var/run/secrets/kubernetes.io/serviceaccount from builder-token-zq27b (ro) manage-dockerfile: Container ID: cri-o://62019732ce24ec2cd0f592ffe2b36c8e551aeab8e188b96dadf7ea504033a026 Image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0c9afa4b0e8ed0a929d78f54e116aadebd6d7ceaf85dc551ddbbc48f85020b2d Image ID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0c9afa4b0e8ed0a929d78f54e116aadebd6d7ceaf85dc551ddbbc48f85020b2d Port: <none> Host Port: <none> Command: openshift-manage-dockerfile Args: --loglevel=0 State: Terminated Reason: Completed Exit Code: 0 Started: Thu, 18 Jun 2020 12:43:17 +0530 Finished: Thu, 18 Jun 2020 12:43:17 +0530 Ready: True Restart Count: 0 Environment: BUILD: {"kind":"Build","apiVersion":"build.openshift.io/v1","metadata":{"name":"jenkins-1","namespace":"jitsingh","selfLink":"/apis/build.openshift.io/v1/namespaces/jitsingh/builds/jenkins-1","uid":"4d90cf73-139a-4a10-8f7d-9f56c0938d00","resourceVersion":"158107","creationTimestamp":"2020-06-18T07:13:10Z","labels":{"build":"jenkins","buildconfig":"jenkins","openshift.io/build-config.name":"jenkins","openshift.io/build.start-policy":"Serial"},"annotations":{"openshift.io/build-config.name":"jenkins","openshift.io/build.number":"1"},"ownerReferences":[{"apiVersion":"build.openshift.io/v1","kind":"BuildConfig","name":"jenkins","uid":"ff03320f-161a-404f-93c7-9234c6db9fdd","controller":true}]},"spec":{"serviceAccount":"builder","source":{"type":"Git","git":{"uri":"https://github.com/jitendar-singh/jenkins.git"},"contextDir":"2"},"strategy":{"type":"Docker","dockerStrategy":{"from":{"kind":"DockerImage","name":"quay.io/openshift/origin-cli@sha256:e4e40d4fd585029f7287f7bcdb45067c696d126869a3d817891049cd5039f04d"},"pullSecret":{"name":"builder-dockercfg-mdg5d"}}},"output":{"to":{"kind":"DockerImage","name":"image-registry.openshift-image-registry.svc:5000/jitsingh/jenkins:latest"},"pushSecret":{"name":"builder-dockercfg-mdg5d"}},"resources":{},"postCommit":{},"nodeSelector":null,"triggeredBy":[{"message":"Build configuration change"}]},"status":{"phase":"New","outputDockerImageReference":"image-registry.openshift-image-registry.svc:5000/jitsingh/jenkins:latest","config":{"kind":"BuildConfig","namespace":"jitsingh","name":"jenkins"},"output":{}}} LANG: en_US.utf8 SOURCE_REPOSITORY: https://github.com/jitendar-singh/jenkins.git SOURCE_URI: https://github.com/jitendar-singh/jenkins.git SOURCE_CONTEXT_DIR: 2 BUILD_REGISTRIES_CONF_PATH: /var/run/configs/openshift.io/build-system/registries.conf BUILD_REGISTRIES_DIR_PATH: /var/run/configs/openshift.io/build-system/registries.d BUILD_SIGNATURE_POLICY_PATH: /var/run/configs/openshift.io/build-system/policy.json BUILD_STORAGE_CONF_PATH: /var/run/configs/openshift.io/build-system/storage.conf BUILD_BLOBCACHE_DIR: /var/cache/blobs HTTP_PROXY: HTTPS_PROXY: NO_PROXY: Mounts: /etc/pki/ca-trust/extracted/pem from build-proxy-ca-bundles (rw) /tmp/build from buildworkdir (rw) /var/cache/blobs from build-blob-cache (rw) /var/run/configs/openshift.io/build-system from build-system-configs (ro) /var/run/configs/openshift.io/certs from build-ca-bundles (rw) /var/run/secrets/kubernetes.io/serviceaccount from builder-token-zq27b (ro) Containers: docker-build: Container ID: cri-o://fe503fddaa194dd4c6b829dce61c03869543359d780f4daa5d23b0011d0aaac1 Image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0c9afa4b0e8ed0a929d78f54e116aadebd6d7ceaf85dc551ddbbc48f85020b2d Image ID: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0c9afa4b0e8ed0a929d78f54e116aadebd6d7ceaf85dc551ddbbc48f85020b2d Port: <none> Host Port: <none> Command: openshift-docker-build Args: --loglevel=0 State: Running Started: Thu, 18 Jun 2020 12:43:18 +0530 Ready: True Restart Count: 0 Environment: BUILD: {"kind":"Build","apiVersion":"build.openshift.io/v1","metadata":{"name":"jenkins-1","namespace":"jitsingh","selfLink":"/apis/build.openshift.io/v1/namespaces/jitsingh/builds/jenkins-1","uid":"4d90cf73-139a-4a10-8f7d-9f56c0938d00","resourceVersion":"158107","creationTimestamp":"2020-06-18T07:13:10Z","labels":{"build":"jenkins","buildconfig":"jenkins","openshift.io/build-config.name":"jenkins","openshift.io/build.start-policy":"Serial"},"annotations":{"openshift.io/build-config.name":"jenkins","openshift.io/build.number":"1"},"ownerReferences":[{"apiVersion":"build.openshift.io/v1","kind":"BuildConfig","name":"jenkins","uid":"ff03320f-161a-404f-93c7-9234c6db9fdd","controller":true}]},"spec":{"serviceAccount":"builder","source":{"type":"Git","git":{"uri":"https://github.com/jitendar-singh/jenkins.git"},"contextDir":"2"},"strategy":{"type":"Docker","dockerStrategy":{"from":{"kind":"DockerImage","name":"quay.io/openshift/origin-cli@sha256:e4e40d4fd585029f7287f7bcdb45067c696d126869a3d817891049cd5039f04d"},"pullSecret":{"name":"builder-dockercfg-mdg5d"}}},"output":{"to":{"kind":"DockerImage","name":"image-registry.openshift-image-registry.svc:5000/jitsingh/jenkins:latest"},"pushSecret":{"name":"builder-dockercfg-mdg5d"}},"resources":{},"postCommit":{},"nodeSelector":null,"triggeredBy":[{"message":"Build configuration change"}]},"status":{"phase":"New","outputDockerImageReference":"image-registry.openshift-image-registry.svc:5000/jitsingh/jenkins:latest","config":{"kind":"BuildConfig","namespace":"jitsingh","name":"jenkins"},"output":{}}} LANG: en_US.utf8 SOURCE_REPOSITORY: https://github.com/jitendar-singh/jenkins.git SOURCE_URI: https://github.com/jitendar-singh/jenkins.git SOURCE_CONTEXT_DIR: 2 PUSH_DOCKERCFG_PATH: /var/run/secrets/openshift.io/push PULL_DOCKERCFG_PATH: /var/run/secrets/openshift.io/pull BUILD_REGISTRIES_CONF_PATH: /var/run/configs/openshift.io/build-system/registries.conf BUILD_REGISTRIES_DIR_PATH: /var/run/configs/openshift.io/build-system/registries.d BUILD_SIGNATURE_POLICY_PATH: /var/run/configs/openshift.io/build-system/policy.json BUILD_STORAGE_CONF_PATH: /var/run/configs/openshift.io/build-system/storage.conf BUILD_STORAGE_DRIVER: overlay BUILD_ISOLATION: chroot BUILD_BLOBCACHE_DIR: /var/cache/blobs HTTP_PROXY: HTTPS_PROXY: NO_PROXY: Mounts: /etc/pki/ca-trust/extracted/pem from build-proxy-ca-bundles (rw) /tmp/build from buildworkdir (rw) /var/cache/blobs from build-blob-cache (rw) /var/lib/containers/cache from buildcachedir (rw) /var/lib/containers/storage from container-storage-root (rw) /var/run/configs/openshift.io/build-system from build-system-configs (ro) /var/run/configs/openshift.io/certs from build-ca-bundles (rw) /var/run/secrets/kubernetes.io/serviceaccount from builder-token-zq27b (ro) /var/run/secrets/openshift.io/pull from builder-dockercfg-mdg5d-pull (ro) /var/run/secrets/openshift.io/push from builder-dockercfg-mdg5d-push (ro) Conditions: Type Status Initialized True Ready True ContainersReady True PodScheduled True Volumes: buildcachedir: Type: HostPath (bare host directory volume) Path: /var/lib/containers/cache HostPathType: buildworkdir: Type: EmptyDir (a temporary directory that shares a pod's lifetime) Medium: SizeLimit: <unset> builder-dockercfg-mdg5d-push: Type: Secret (a volume populated by a Secret) SecretName: builder-dockercfg-mdg5d Optional: false builder-dockercfg-mdg5d-pull: Type: Secret (a volume populated by a Secret) SecretName: builder-dockercfg-mdg5d Optional: false build-system-configs: Type: ConfigMap (a volume populated by a ConfigMap) Name: jenkins-1-sys-config Optional: false build-ca-bundles: Type: ConfigMap (a volume populated by a ConfigMap) Name: jenkins-1-ca Optional: false build-proxy-ca-bundles: Type: ConfigMap (a volume populated by a ConfigMap) Name: jenkins-1-global-ca Optional: false container-storage-root: Type: EmptyDir (a temporary directory that shares a pod's lifetime) Medium: SizeLimit: <unset> build-blob-cache: Type: EmptyDir (a temporary directory that shares a pod's lifetime) Medium: SizeLimit: <unset> builder-token-zq27b: Type: Secret (a volume populated by a Secret) SecretName: builder-token-zq27b Optional: false QoS Class: BestEffort Node-Selectors: kubernetes.io/os=linux Tolerations: node.kubernetes.io/not-ready:NoExecute for 300s node.kubernetes.io/unreachable:NoExecute for 300s Events: Type Reason Age From Message ---- ------ ---- ---- ------- Normal Scheduled 52s default-scheduler Successfully assigned jitsingh/jenkins-1-build to ip-10-0-50-255.us-east-2.compute.internal Normal Pulled 50s kubelet, ip-10-0-50-255.us-east-2.compute.internal Container image "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0c9afa4b0e8ed0a929d78f54e116aadebd6d7ceaf85dc551ddbbc48f85020b2d" already present on machine Normal Created 50s kubelet, ip-10-0-50-255.us-east-2.compute.internal Created container git-clone Normal Started 49s kubelet, ip-10-0-50-255.us-east-2.compute.internal Started container git-clone Normal Pulled 46s kubelet, ip-10-0-50-255.us-east-2.compute.internal Container image "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0c9afa4b0e8ed0a929d78f54e116aadebd6d7ceaf85dc551ddbbc48f85020b2d" already present on machine Normal Created 45s kubelet, ip-10-0-50-255.us-east-2.compute.internal Created container manage-dockerfile Normal Started 45s kubelet, ip-10-0-50-255.us-east-2.compute.internal Started container manage-dockerfile Normal Pulled 45s kubelet, ip-10-0-50-255.us-east-2.compute.internal Container image "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0c9afa4b0e8ed0a929d78f54e116aadebd6d7ceaf85dc551ddbbc48f85020b2d" already present on machine Normal Created 44s kubelet, ip-10-0-50-255.us-east-2.compute.internal Created container docker-build Normal Started 44s kubelet, ip-10-0-50-255.us-east-2.compute.internal Started container docker-build jsingh@localhost ~/go/src/github.com/redhat-developer/jenkins/openshift/templates ➦ 1c19ede oc status In project jitsingh on server https://api.wxj181-5422.qe.devcluster.openshift.com:6443 svc/jenkins-jnlp - 172.30.217.21:50000 https://jenkins-jitsingh.apps.wxj181-5422.qe.devcluster.openshift.com (redirects) (svc/jenkins) dc/jenkins deploys istag/jenkins:latest <- bc/jenkins docker builds https://github.com/jitendar-singh/jenkins.git on istag/origin-cli:latest build #1 running for about a minute - 51b5550: Fix the local build (Jitendar Singh <jsingh>) deployment #1 waiting on image or update View details with 'oc describe <resource>/<name>' or list everything with 'oc get all'. jsingh@localhost ~/go/src/github.com/redhat-developer/jenkins/openshift/templates ➦ 1c19ede oc get pods NAME READY STATUS RESTARTS AGE jenkins-1-build 1/1 Running 0 79s jsingh@localhost ~/go/src/github.com/redhat-developer/jenkins/openshift/templates ➦ 1c19ede oc status In project jitsingh on server https://api.wxj181-5422.qe.devcluster.openshift.com:6443 svc/jenkins-jnlp - 172.30.217.21:50000 https://jenkins-jitsingh.apps.wxj181-5422.qe.devcluster.openshift.com (redirects) (svc/jenkins) dc/jenkins deploys istag/jenkins:latest <- bc/jenkins docker builds https://github.com/jitendar-singh/jenkins.git on istag/origin-cli:latest build #1 running for about a minute - 51b5550: Fix the local build (Jitendar Singh <jsingh>) deployment #1 waiting on image or update View details with 'oc describe <resource>/<name>' or list everything with 'oc get all'. jsingh@localhost ~/go/src/github.com/redhat-developer/jenkins/openshift/templates ➦ 1c19ede oc get cm NAME DATA AGE jenkins-1-ca 1 94s jenkins-1-global-ca 1 94s jenkins-1-sys-config 0 94s jenkins-trusted-ca-bundle 1 76s jsingh@localhost ~/go/src/github.com/redhat-developer/jenkins/openshift/templates ➦ 1c19ede oc get pods -w NAME READY STATUS RESTARTS AGE jenkins-1-build 1/1 Running 0 102s jenkins-1-build 0/1 Completed 0 8m36s jenkins-1-build 0/1 Completed 0 8m36s jenkins-1-deploy 0/1 Pending 0 0s jenkins-1-deploy 0/1 Pending 0 0s jenkins-1-deploy 0/1 ContainerCreating 0 0s jenkins-1-deploy 0/1 ContainerCreating 0 2s jenkins-1-deploy 1/1 Running 0 3s jenkins-1-build 0/1 Completed 0 8m41s jenkins-1-sk7nc 0/1 Pending 0 0s jenkins-1-sk7nc 0/1 Pending 0 0s jenkins-1-sk7nc 0/1 ContainerCreating 0 0s jenkins-1-sk7nc 0/1 ContainerCreating 0 2s jenkins-1-sk7nc 0/1 ContainerCreating 0 6s jenkins-1-sk7nc 0/1 Running 0 41s jenkins-1-sk7nc 1/1 Running 0 2m19s jenkins-1-deploy 0/1 Completed 0 2m24s jenkins-1-deploy 0/1 Completed 0 2m24s ^C% ✘ jsingh@localhost ~/go/src/github.com/redhat-developer/jenkins/openshift/templates ➦ 1c19ede oc get routes NAME HOST/PORT PATH SERVICES PORT TERMINATION WILDCARD jenkins jenkins-jitsingh.apps.wxj181-5422.qe.devcluster.openshift.com jenkins <all> edge/Redirect None jsingh@localhost ~/go/src/github.com/redhat-developer/jenkins/openshift/templates ➦ 1c19ede oc get ca error: the server doesn't have a resource type "ca" ✘ jsingh@localhost ~/go/src/github.com/redhat-developer/jenkins/openshift/templates ➦ 1c19ede oc get cm NAME DATA AGE jenkins-1-ca 1 11m jenkins-1-global-ca 1 11m jenkins-1-sys-config 0 11m jenkins-trusted-ca-bundle 1 11m jsingh@localhost ~/go/src/github.com/redhat-developer/jenkins/openshift/templates ➦ 1c19ede oc new-app -f https://raw.githubusercontent.com/openshift/origin/master/examples/jenkins/pipeline/maven-pipeline.yaml --> Deploying template "jitsingh/maven-pipeline" for "https://raw.githubusercontent.com/openshift/origin/master/examples/jenkins/pipeline/maven-pipeline.yaml" to project jitsingh * With parameters: * Application Name=openshift-jee-sample * Source URL=https://github.com/openshift/openshift-jee-sample.git * Source Ref=master * GitHub Webhook Secret=KpxJ0R2R8WFn0uPeXowT6cwCOXM03dps3BG8aVg3 # generated * Generic Webhook Secret=USnq1J6aaeQaMmePWCcmOKUy6nYnnogxbmOmIdq1 # generated --> Creating resources ... imagestream.image.openshift.io "openshift-jee-sample" created imagestream.image.openshift.io "wildfly" created buildconfig.build.openshift.io "openshift-jee-sample" created buildconfig.build.openshift.io "openshift-jee-sample-docker" created deploymentconfig.apps.openshift.io "openshift-jee-sample" created service "openshift-jee-sample" created route.route.openshift.io "openshift-jee-sample" created --> Success Use 'oc start-build openshift-jee-sample' to start a build. Use 'oc start-build openshift-jee-sample-docker' to start a build. Access your application via route 'openshift-jee-sample-jitsingh.apps.wxj181-5422.qe.devcluster.openshift.com' Run 'oc status' to view your app. jsingh@localhost ~/go/src/github.com/redhat-developer/jenkins/openshift/templates ➦ 1c19ede oc get pods -w NAME READY STATUS RESTARTS AGE jenkins-1-build 0/1 Completed 0 13m jenkins-1-deploy 0/1 Completed 0 5m9s jenkins-1-sk7nc 1/1 Running 0 5m5s ^C% ✘ jsingh@localhost ~/go/src/github.com/redhat-developer/jenkins/openshift/templates ➦ 1c19ede oc start-build openshift-jee-sample build.build.openshift.io/openshift-jee-sample-1 started jsingh@localhost ~/go/src/github.com/redhat-developer/jenkins/openshift/templates ➦ 1c19ede oc get pods -w NAME READY STATUS RESTARTS AGE jenkins-1-build 0/1 Completed 0 14m jenkins-1-deploy 0/1 Completed 0 5m38s jenkins-1-sk7nc 1/1 Running 0 5m34s maven-hvd6d 0/1 Pending 0 0s maven-hvd6d 0/1 Pending 0 0s maven-hvd6d 0/1 ContainerCreating 0 0s maven-hvd6d 0/1 ContainerCreating 0 3s maven-hvd6d 1/1 Running 0 3s maven-hvd6d 1/1 Terminating 0 52s maven-hvd6d 1/1 Terminating 0 52s openshift-jee-sample-docker-1-build 0/1 Pending 0 0s openshift-jee-sample-docker-1-build 0/1 Pending 0 0s openshift-jee-sample-docker-1-build 0/1 Init:0/2 0 0s maven-hvd6d 0/1 Terminating 0 53s maven-hvd6d 0/1 Terminating 0 54s maven-hvd6d 0/1 Terminating 0 55s openshift-jee-sample-docker-1-build 0/1 Init:0/2 0 2s openshift-jee-sample-docker-1-build 0/1 Init:0/2 0 3s openshift-jee-sample-docker-1-build 0/1 Init:1/2 0 4s openshift-jee-sample-docker-1-build 0/1 PodInitializing 0 5s openshift-jee-sample-docker-1-build 1/1 Running 0 6s openshift-jee-sample-docker-1-build 0/1 Completed 0 94s openshift-jee-sample-docker-1-build 0/1 Completed 0 94s openshift-jee-sample-docker-1-build 0/1 Completed 0 101s openshift-jee-sample-1-deploy 0/1 Pending 0 0s openshift-jee-sample-1-deploy 0/1 Pending 0 0s openshift-jee-sample-1-deploy 0/1 ContainerCreating 0 0s openshift-jee-sample-1-deploy 0/1 ContainerCreating 0 2s openshift-jee-sample-1-jmxkw 0/1 Pending 0 0s openshift-jee-sample-1-jmxkw 0/1 Pending 0 0s openshift-jee-sample-1-jmxkw 0/1 ContainerCreating 0 0s openshift-jee-sample-1-deploy 1/1 Running 0 3s openshift-jee-sample-1-jmxkw 0/1 ContainerCreating 0 1s openshift-jee-sample-1-jmxkw 0/1 ContainerCreating 0 11s openshift-jee-sample-1-jmxkw 0/1 Running 0 49s openshift-jee-sample-1-jmxkw 1/1 Running 0 81s openshift-jee-sample-1-deploy 0/1 Completed 0 85s openshift-jee-sample-1-deploy 0/1 Completed 0 85s openshift-jee-sample-1-deploy 0/1 Completed 0 90s ^C% ==================================================================================== jsingh@localhost ~/go/src/github.com/redhat-developer/jenkins/openshift/templates ➦ 1c19ede oc get cm NAME DATA AGE jenkins-1-ca 1 24m jenkins-1-global-ca 1 24m jenkins-1-sys-config 0 24m jenkins-trusted-ca-bundle 1 23m openshift-jee-sample-docker-1-ca 1 8m53s openshift-jee-sample-docker-1-global-ca 1 8m53s openshift-jee-sample-docker-1-sys-config 0 8m53s ======================================================================== verified on 4.4.9
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2020:2580
The needinfo request[s] on this closed bug have been removed as they have been unresolved for 1000 days