Issues With Deploying on OpenShift

Question

Issues With Deploying on OpenShift

joe-eklund opened this issue 2 years ago · comments

Greetings-

Issue 1:

I am attempting to deploy MarkLogic using Helm onto an OpenShift 4.10 instance and running into a couple problems. Firstly, due to the default SCC in OCP you cannot run a pod as root.

MarkLogic's own documentation seem to point that running as root is strongly recommended so that it can restart itself as necessary. But this seems very unnecessary in K8s and OCP deployments since those container orchestrators can handle any rebooting of pods that are needed.

My current work around is to temporarily turn off this SCC by running oc adm policy add-scc-to-user anyuid -z ml-test-marklogic -n <my_namespace>, which allows MarkLogic to boot up. I am unsure if I will be allowed to do this in production though.

Is there anyway to use this repo's deployment mechanism in a non-root way?

Issue 2:

My second issue is I am having trouble accessing the admin console (port 8001) through my OpenShift route. I believe this is actually an issue with our F5 load balancer and MarkLogic's Digest Auth. So I am looking into a fix from F5 if possible, but I am wondering if there is a way to configure MarkLogic to use Basic Auth for the Admin Console without going through the Admin Console itself after deploying it (i.e. configure at the time of deployment through the Helm Chart).

Thanks!

James Kerr · Answer 1 · Tue Sep 13 2022 18:48:38 GMT+0800 (China Standard Time)

Thanks for the feedback @joe-eklund We are aware of the root user limitation and working to address that as soon as we can.

As for changing the admin app server to basic auth, you cannot do that via the helm chart but, if you can run a curl command from within your k8s network, you can run the following to change it:

curl --anyauth -u <admin user>:<admin password> \
  -H "Content-type: application/json" -d '{"authentication":"basic"}' \
  http://<host>:8002/manage/v2/servers/Admin/properties?group-id=Default

replacing the admin username, password and hostname for your setup.

Joe Eklund · Answer 2 · Thu Sep 15 2022 01:14:27 GMT+0800 (China Standard Time)

Hey @jkerr5, thanks for the response.

I attempted to run that curl command in the MarkLogic pod and got a 404 error. See these logs:

{"errorResponse":{"statusCode":"404", "status":"Not Found", "messageCode":"", "message":"URI /manage/v2/servers/Admin/properties?group-id=Default does not exist."}}

Any ideas?

James Kerr · Answer 3 · Thu Sep 15 2022 02:56:13 GMT+0800 (China Standard Time)

My apologies, I left off the -X PUT. It should be this:

curl -X PUT --anyauth -u <admin user>:<admin password> \
  -H "Content-type: application/json" -d '{"authentication":"basic"}' \
  http://<host>:8002/manage/v2/servers/Admin/properties?group-id=Default

This is the API reference: https://docs.marklogic.com/REST/PUT/manage/v2/servers/[id-or-name]/properties

Joe Eklund · Answer 4 · Fri Sep 16 2022 00:24:45 GMT+0800 (China Standard Time)

Thanks for the updated curl command. That worked. I am still having issues, but I am fairly certain they are F5 related and not MarkLogic.

I'll be closing this for now and can provide an update if I require more assistance.