Deploy Oracle Blockchain Platform Enterprise Edition on Red Hat OpenShift Local

You can install Oracle Blockchain Platform Enterprise Edition on Red Hat OpenShift Local for testing and internal development purposes. It is not supported for production environments.

Red Hat OpenShift Local is designed to run on a local computer to simplify setup and testing, and to emulate the cloud development environment locally with all of the tools needed to develop container-based applications. It was previously known as Red Hat CodeReady Containers.

For detailed information about Red Hat OpenShift Local, see Red Hat OpenShift Local.

Prerequisites:

• CPUs: 12 or more
• Memory: 30GB or higher
• Disk size: 150GB or higher
• RedHat OpenShift Local - Embedded OpenShift version 4.15.3, CRC (Code Ready Container) version 2.34.1
• Operating system: CentOS 8

This section provides an example walkthrough of installing the tested versions of the prerequisites. Refer to each product's documentation for additional information and any required modifications to the installation instructions. The following walkthrough was tested using CentOS 8 as the operating system. Other distributions of Linux, such as Oracle Linux or Red Hat Enterprise Linux, can also be used.

Note:

When you install Istio as part of the Install Prerequisite Software tasks, install version 1.22.1, not the latest version.

Install Red Hat OpenShift Local

Complete the following steps to download and install Red Hat OpenShift Local. For additional information, see Installing CodeReady Containers.

1. Navigate to Red Hat OpenShift Local and click Install OpenShift on your laptop. You are redirected to a login page where you can enter your Red Hat credentials or create an account if you do not already have one.
2. After you log in, click Clusters and then click the Local tab.
3. On the Local page, click Download OpenShift Local and then Download pull secret.
4. Copy the crc package and the pull secret that you downloaded in the previous step to your VM. For example:

   scp -r -i ~/.ssh/id_rsa ~/Downloads/crc-linux-amd64.tar.xz <username>@<ip-address>:/tmp
   scp -r -i ~/.ssh/id_rsa ~/Downloads/pull-secret.txt <username>@<ip-address>:/tmp
   cd

5. On your VM, create a directory called crc and copy the crc package and the pull secret to that directory.
6. Install OpenShift by running the following command:

   sudo dnf install NetworkManager

   If an error starting with Failed loading plugin "osmsplugin": No module named 'librepo' is displayed, run the following commands and then run the installation command again.

   sudo sed -i 's/mirrorlist/#mirrorlist/g' /etc/yum.repos.d/CentOS-*
   sudo sed -i 's|#baseurl=http://mirror.centos.org|baseurl=http://vault.centos.org|g' /etc/yum.repos.d/CentOS-*
   

7. Run the following commands to extract the archive file:

   cd ~/crc
   tar xvf crc-linux-amd64.tar.xz

8. Run the following commands to move the binary file to the /bin directory and to update the path:

   mkdir -p ~/bin
   cp ~/crc/crc-linux-*-amd64/crc ~/bin
   export PATH=$PATH:$HOME/bin
   echo 'export PATH=$PATH:$HOME/bin' >> ~/.bashrc

Increase Disk Space in the Root Partition

If the VM root partition space is less than 150 GB, complete the following steps.

1. Ensure that the boot disk, root file system, or logical volume manager (LVM) has at least 150 GB free space.
2. Use fdisk to create a Linux file system partition of at least 100GB (in this example, the new partition is /dev/sda4) .

   sudo fdisk /dev/sda

3. Use the following command to add the physical volume to a volume group.

   sudo vgextend centosvolume /dev/sda4

4. Use the following command to increase the size of the logical volume.

   sudo lvextend -L+99G /dev/mapper/centosvolume-root

5. Use the following command to increase the size of the filesystem.

   sudo xfs_growfs /dev/centosvolume/root

   The equivalent command on Oracle Enterprise Linux is oci_growfs.

Configure OpenShift Local Parameters

Run the following commands to configure OpenShift Local to use 12 CPU cores, 30 GB memory, and 100 GB disk space.

crc config set cpus 12 
crc config set memory 30720 
crc config set disk-size 100

Download and Install the OpenShift Client

Run the following commands to download and install oc, the OpenShift client software.

wget -O ~/crc/openshift-client-linux.tar.gz https://mirror.openshift.com/pub/openshift-v4/x86_64/clients/ocp/4.15.3/openshift-client-linux-4.15.3.tar.gz 
tar xvzf openshift-client-linux.tar.gz
sudo mv oc /usr/local/bin

Start the Cluster

Run the following commands to set up, start, and check the status of the cluster. Use the pull secret that you downloaded when you downloaded Red Hat OpenShift Local.

crc setup 
crc start -p ~/crc/pull-secret.txt
crc status

Once the installation is complete, information similar to the following will display:

INFO Adding crc-admin and crc-developer contexts to kubeconfig... 
Started the OpenShift cluster.

The server is accessible via web console at:
  https://console-openshift-console.apps-crc.testing

Log in as administrator:
  Username: kubeadmin
  Password: password  (note this password)

Log in as user:
  Username: developer
  Password: developer

Use the 'oc' command line interface:
  $ eval $(crc oc-env)
  $ oc login -u developer https://api.crc.testing:6443

Install Oracle Blockchain Platform Enterprise Edition

1. Complete the following steps to ensure Red Hat OpenShift Local is up and running.
   1. Log in to the console.

      oc login -u kubeadmin -p <password> https://api.crc.testing:6443

   2. Verify that Red Hat OpenShift Local is reachable.

      oc get nodes

2. Run the following command to set the Istio profile. You must have completed the steps in Install Istio before running the following commands.

   istioctl install --set profile=openshift --set values.pilot.env.ENABLE_TLS_ON_SIDECAR_INGRESS=true --set components.cni.enabled=true --set values.cni.repair.deletePods="true"

3. On the Oracle Blockchain Platform Enterprise Edition page, click Download and then follow the steps to download the Oracle Blockchain Platform Enterprise Edition package, which is approximately 6.5 GB.
4. Extract the downloaded archive file.
   The extracted folder structure includes runme scripts for various platforms, including OpenShift.
5. Update the runme-input.yaml file with the required values. Also, make the runme-input.yaml and runme.sh files executable. Ensure that you can log in to the registry from the user account that you specify in the runme-input.yaml file. The following example runme-input.yaml file can be used as a reference:

   imageRegistryConfiguration:
     registry: <container_registry_name>
     imageTagPrefix: <container-image-repository-prefix>
     username: <container-registry-username>
    
   imageReleaseVersion: <obpee-release-version>
    
   # Set storageClassName to create a dynamic persistent volume. If empty, default storageClass is used.
    
   controlPlaneStorage:
     storageClassName: 
     # Example 500Mi, 5Gi
     size: 1Gi
   parentDomainName: example.com
   #imagePullTimeout: Use this field to customize the wait time (in seconds) for pulling the required container images from the repository. Default is 1800 seconds.
   imagePullTimeout: 1800

   The variables in the example have the following values:

   • imageRegistryConfiguration.registry is the container registry server to use. Example: iad.ocir.io
   • imageRegistryConfiguration.imageTagPrefix is the container base repository path with the registry, where the images will be pushed to or pulled from. Example: iad.ocir.io/obpee/bcs
   • imageRegistryConfiguration.username is the container registry login user name.
   • imageReleaseVersion is the Oracle Blockchain Platform Enterprise Edition release version.
   • controlPlaneStorage.storageClassName is the Kubernetes storage class to use for PVC (PersistentVolumeClaim). If empty, the default storageClass is used.
   • controlPlaneStorage.size is the PVC size for Blockchain Platform Manager (control plane) services.
   • parentDomainName is the domain name to use for Blockchain Platform Manager services. Example: example.com.
   • imagePullTimeout is the image pull wait timeout in seconds during Oracle Blockchain Platform Enterprise Edition installation. The default is 1800 seconds.
6. Open a new terminal window and go to the distribution package directory. Follow the steps as prompted by the script output.
   1. Run the following command to make the script executable.

      chmod +x runme_openshift.sh

   2. Run the following script to push the containers in the archive file to the specified repository and then install the product.

      ./runme_openshift.sh --publish-images

      If the container images are already uploaded to a repository, you can pull them from the repository and install by using the following command.

      ./runme_openshift.sh

   • Enter the default LDAP admin password (the password will not be displayed): this is used to set the admin user's password for the built-in LDAP authentication server.
   • Enter the default control plane admin user password (the password will not be displayed): this is used to set the Blockchain Platform Manager admin user's password.
   • Enter registry <registry name> password: This is used to connect to your container image registry (as specified in runme-input.yaml) for downloading images.

   The script installs the following services under the obp-cp namespace:

   • control-plane
   • openldap
   • obp-auth-server
   • obp-operator
   • hlf-operator
7. Add the following line to the /etc/hosts file on the crc VM.

   <CRC_IP_address> controlplane.<parentDomainName> openldap.<parentDomainName> auth.<parentDomainName>

   In the example, <CRC_IP_address> is the output of the crc ip command.
8. Add the following line to the /etc/hosts file on the computer that you use to connect to the Blockchain Platform Manager console.

   <public_vm_ip> controlplane.<parentDomainName> openldap.<parentDomainName> auth.<parentDomainName>

   In the example, <public_vm_ip> is the public IP address of the VM.
9. Complete the following steps to access Blockchain Platform Manager from a client computer. The following steps use firewalld to allow inbound traffic to the server and HAProxy to forward the traffic to the OpenShift Local instance.
   1. Ensure that the following entry is in the /etc/NetworkManager/conf.d/crc-nm-dnsmasq.conf configuration file.

      [main]
              dns=dnsmasq

      The dnsmasq instance configuration file, /etc/NetworkManager/dnsmasq.d/crc.conf, might look similar to the following:

      server=/crc.testing/198.x.x.x
      server=/apps-crc.testing/198.x.x.x

      198.x.x.x is the output of the crc ip command. The dnsmasq instance of NetworkManager forwards requests for crc.testing and apps-crc.testing to the 198.x.x.x DNS server.
   2. Enter the following command to install required dependencies.

      sudo dnf -y install haproxy policycoreutils-python-utils

   3. Enter the following commands to configure the firewall.

      sudo systemctl start firewalld
      sudo firewall-cmd --add-port=80/tcp --permanent
      sudo firewall-cmd --add-port=6443/tcp --permanent
      sudo firewall-cmd --add-port=443/tcp --permanent
      sudo systemctl restart firewalld
      sudo semanage port -a -t http_port_t -p tcp 6443
      sudo semanage port -a -t http_port_t -p tcp 6443

   4. Before you can configure HAProxy, you must know the IP address of the server and the IP address of the Red Hat OpenShift Local VM. Run the following commands.

      export SERVER_IP=$(hostname --ip-address)
      export CRC_IP=$(crc ip)
      cd /etc/haproxy;sudo cp haproxy.cfg haproxy.cfg.orig

   5. Replace the contents of the haproxy.cfg file with the following text.

      global
      debug
       
      defaults
      log global
      mode http
      timeout connect 0
      timeout client 0
      timeout server 0
       
      frontend apps
      bind SERVER_IP:80
      bind SERVER_IP:443
      option tcplog
      mode tcp
      default_backend apps
       
      backend apps
      mode tcp
      balance roundrobin
      option ssl-hello-chk
      server webserver1 CRC_IP:80 check
      server webserver2 CRC_IP:443 check
       
      frontend api
      bind SERVER_IP:6443
      option tcplog
      mode tcp
      default_backend api
       
      backend api
      mode tcp
      balance roundrobin
      option ssl-hello-chk
      server webserver1 CRC_IP:6443 check
      

   6. Run the following commands to replace the IP addresses in the HAproxy configuration, and then start HAproxy.

      export CRC_IP=$(crc ip)
      export SERVER_IP=$(hostname --ip-address)
      sudo sed -i "s/CRC_IP/$CRC_IP/g" haproxy.cfg
      sudo sed -i "s/SERVER_IP/$SERVER_IP/g" haproxy.cfg
      sudo systemctl start haproxy

Access Blockchain Platform Manager

After installation, configure the host name resolution for the generated Blockchain Platform Manager host names.

1. Run the following command to get the list of configured hostnames:

   kubectl get virtualservice -n obp-cp -o json | jq -r .items[].spec.hosts[0]

2. Configure host name resolution for these generated host names to the IP address of the running Red Hat OpenShift cluster by adding the following entry to the /etc/hosts file on the VM.

   <IP_Address> controlplane.<parentDomainName> openldap.<parentDomainName> auth.<parentDomainName>

   In the example, <IP_address> is the output of the crc ip command.
3. Ensure that the crc VM security list allows ports 443, 6443, and 80 from the client host computer.

You can now log on to Blockchain Platform Manager (the control plane management tool) to create an instance.

Once you've created your instance, you must configure DNS forwarding as described in: Provisioning Postrequisites.