API GW deploy into Openshift platform fail

Document ID : KB000094093
Last Modified Date : 02/05/2018
Show Technical Document Details
Issue:
The customer has attempted to deploy API Gateway into Openshift platform.
They started following our documentation and use as template the deploy.sh and .yml file as suggested.
During the "--Creating the secrets" step into the deploy.sh file, received the following error:
error: invalid parameter assignment in est/7tO//5d/++viwn//L/8/MSWGlCNRAAA="
and only the database steps are completed with success.
Environment:
9.3 on Openshift platform
Cause:
There seems that only the MySQL Server POD are up and running, Gateway are not active.
When the deploy.sh completes its execution, the command 
$)oc get pod

Return this:
ubuntu@UbuntuTest:~/temp/caapigw$ oc get pods
NAME READY STATUS RESTARTS AGE
mysql-server-1-bwpnr 1/1 Running 0 5h

and the command
$)oc status
Return this:
ubuntu@UbuntuTest:~/temp/caapigw$ oc status
In project CA API Gateway (caapigateway) on server https://masterdns6wsyo24enntvs.westus.cloudapp.azure.com:8443
https://pm.apigw.openshift.generic.com (passthrough) to pod port container-gateway-pm-port (svc/container-gateway-svc)
https://https.apigw.openshift.generic.com (passthrough) to pod port container-gateway-https-port
http://http.apigw.openshift.generic.com to pod port container-gateway-http-port
dc/container-gateway-dc deploys istag/container-gateway-is:latest
deployment #1 waiting on image or update

svc/mysql-server - 172.30.254.109:3306
dc/mysql-server deploys openshift/mysql:5.7
deployment #1 deployed 6 hours ago - 1 pod

Errors:
* hpa/container-gateway-hpa is attempting to scale DeploymentConfig/container-gateway-dc, which doesn't exist

View details with 'oc describe (resource)/(name)' or list everything with 'oc get all'.
 
Resolution:
The problem user were experiencing is around the secrets part of the deploy.sh.
You need to run each of the follow commands 1 by 1 to see if oc returns an error to isolate the area of problem -
oc process -f container-gateway-secrets.yml..
- oc secrets ...
- oc secrets link ...
- oc process -f container-gateway.yml
Make sure you change the "UNIQUE_PROJECT_NAME" between deployments as the deleted ID could still conflict with new project of the same name

1) This command failed for me,
oc secrets new-dockercfg docker-registry --docker-server=docker-registry-default.40.118.133.56.nip.io --docker-username=ocpadmin --docker-password='ocp!pass01_' --docker-email=xxx.xxx@spindox.it

Reason: "!" is a special char in bash so it has to be wrapped around by single quotes which I have added 

2) I have created the SSG deployment here https://masterdnshtzfrhfxiegg4.westus.cloudapp.azure.com:8443/console/project/caapigateway-gavin-test1/overview
Problem: Internal error occurred: Get https://docker-registry-default.40.118.133.56.nip.io/v2/: x509: certificate signed by unknown authority. Timestamp: 2018-03-23T18:54:34Z Error count: 2
I believe the problem is that docker-registry is not trusted by your Openshift env. 

It appears that the customer's docker registry's credentials are incorrect, causing the pull of the image from the registry to fail. 

How to get the correct credentials: 
There are normally 2 sets of credentials, 
1) openshift login credentials => this is used to run oc commands and create containers/services/routes. Basically the management account for managing the openshift server 

2) docker registry credentials => this is for adding images, delete images, and pull images from this location, think of this credential as the hub.docker.com account 

To get the right credentials for the docker registry, ask their docker registry server admin that manages "docker-registry-default.40.118.133.56.nip.io" what username/password did they use to add new images or remove images. 

Also, the container-gateway.env file's "DOCKER_REGISTRY_INSECURE=false" may need to be set to true (this depends on how they setup the registry, this option is telling openshift to only connect to this registry if it is secured. There are extra security setup that needs to be done on the docker registry server to establish itself as "Secured")