Openshift & API gateway for Centos7

Document ID : KB000123478
Last Modified Date : 21/12/2018
Show Technical Document Details
Have been following the steps mentioned in below link to setup a test gateway container in our Openshift environment - We have been successful in deploying the pods. They seem to be healthy and logging. But we are not able to hit the enpoints via the routes. We are also not able to start the policy manager following the steps as described in the above documentation script

Looking for how to deploy and access Gateway resources in Openshift environment 
OpenShift is a family of containerization software developed by Red Hat. Its flagship product is the OpenShift Container Platform—an on-premises platform as a service built around Docker containers orchestrated and managed by Kubernetes on a foundation of Red Hat Enterprise Linux

Broadcom sample creates two PODS MySQL and Gateway the issue with access through OpenShift Gateway listens on multiple ports for one hostname - this is based on the sample from documentation\

Gateway 9.4
OpenShift Master:v3.11.0+8de5c34-71
Kubernetes Master:v1.11.0+d4cacc0
OpenShift Web Console:V3.11.0+ea422
Steps based on youtube video:
  1. Setup image with Centos-7 with your favorite virtual tools set: 
Oracle VM VirtualBox
  1. For this TEST this setup used Oracle VM VirtualBox using CentOS-7-x86_64-Minimal-1810.iso
Operating system configuration:
  • 4 CPU
  • 16 GB memory 
  • Hard disk as Fix 120 GB 
  • Network Bridge 
  • Enable Network
  • Root password (7layer)
  • New user with admin privilege (Example{ mcqst02:7layer)
  1. Access system as root retrieve IP address for SSH access #ip addr
  2. SSH perform the following steps to prepare and setup OpenShift
Sets hostname and updates OS, then reboots
#hostnamectl set-hostname
#yum update
#shutdown -r now
  1. Install CentOS packages:
#yum install git docker net-tools mlocate
  1. Call clone of the repository from github (shared Openshift environment good for testing)
#git clone
#export DOMAIN=support.local
#export USERNAME=mcqst02
#export PASSWORD=7layer
  1. Run the install Openshift
#cd installcentos
NOTE: This could take over 30 minutes to complete
Expected output:
* Your console is
* Your username is mcqst02
* Your password is 7layer
* Login using:
$ oc login -u mcqst02 -p 7layer
OpenShift should now be up and running
Validate on the Openshift server:
#oc login -u mcqst02 -p 7layer
Validation using browser first update your local host file example:
Browser enter:
Enter credentials defined during setup (mcqst02:7layer) 
15 Projects should be displayed
OpenShift Master:v3.11.0+8de5c34-71
Kubernetes Master:v1.11.0+d4cacc0
OpenShift Web Console:V3.11.0+ea422

Next step deploy Gateway containers to Openshift 
  1. Sample deployment files (Assuming all files will deployed/unzipped to /root/gateway)
  2. Modify container-gateway.env ( for this setup)
# #(comment out using default)


EXTRA_JAVA_ARGS="-XX:ParallelGCThreads=4 -Dcom.l7tech.bootstrap.env.license.enable=true"
  1. Modify
 Last line modify Openshift hostname:
oc process -f container-gateway.yml --param-file=container-gateway.env | oc create -f -
  1. License files MUST be copied to the same location /root/gateway (home of root/gateway). How it is called form
echo "LICENSE=\"$(gzip -c ~/gateway/LICENSE.xml | base64 --wrap=0)\"" > LICENSE.gz.base64
echo "SSLKEY=\"$(cat ~/gateway/SSLKEY.p12 | base64 --wrap=0)\"" > SSLKEY.base64
  1. For Oracle VM VirtualBOX I needed to modify container.gateway.yml CPU (container not starting with error Insufficient CPU)
        Commented out the two lines from  container.gateway.yml
                 # cpu: 4000m
                  memory: 2Gi
                 # cpu: 4000m
  1. The container-gateway-secrets.yml contains user info for policy manager, ssp database
[root@mcqst02-centos7-6 gateway]# ./
--Creating the project
Already on project "ssg" on server "".

You can add applications to this project with the 'new-app' command. For example, try:

    oc new-app centos/ruby-25-centos7~

to build a new example application in Ruby.
--Creating the MySQL database
secret/mysql-server created
service/mysql-server created created
--Waiting for the database to be ready
waiting for database to be ready...
waiting for database to be ready...
waiting for database to be ready...
--Setting the license and SSL key
--Creating the secrets
secret/containergateway created
Command "new-dockercfg" is deprecated, use oc create secret
secret/ created
--Creating the deployment created
service/container-gateway-svc created created created created
horizontalpodautoscaler.autoscaling/container-gateway-hpa created created

Openshift commands to verify:
[root@mcqst02-centos7-6 gateway]# oc get projects
NAME                                DISPLAY NAME    STATUS
default                                             Active
kube-public                                         Active
kube-service-catalog                                Active
kube-system                                         Active
management-infra                                    Active
openshift                                           Active
openshift-console                                   Active
openshift-infra                                     Active
openshift-logging                                   Active
openshift-metrics-server                            Active
openshift-monitoring                                Active
openshift-node                                      Active
openshift-sdn                                       Active
openshift-template-service-broker                   Active
openshift-web-console                               Active
ssg                                 SSG Container   Active
Pods: (one or more containers based on YML file)
[root@mcqst02-centos7-6 gateway]# oc get pods
NAME                           READY     STATUS    RESTARTS   AGE
container-gateway-dc-1-bvzr6   1/1       Running   0          4m
mysql-server-1-snk4v           1/1       Running   0          5m
Issues:Openshift host is NOT able to configure same hostname to different ports example SSL and non SSL with the same hostname name - Error from openshift console for port 8080 and 8443
OpenShift Error
Resolution: Uses a different hostname for each port (YML file) this includes Policy Manager access as shown in example:

Local host file to access each endpoint

Openshift console with configured and operating Gateway container:
Openshift Console
Openshift routes:
External access:
Route container-gateway-https-route, target port 8080
External access:
Route container-gateway-pm-route, target port 9443 (Policy Admin)
External access:
Route container-gateway-http-route, target port 8443
Policy Manager Access:
OpenShift access route to Policy Manager route 
Gateway need to include host that routes to port 9443 on gateway through port 443 of Openshift
From the YML file:
PM Login

Presented with a certificate message - Click OKAY
Certificate Error
Configure & Test Endpoint: Policy manager created endpoint for /basic1
None SSL access URL:
Routes to gateway Port 8080 

SSL access URL:
Routes to gateway Port 8443

Review logs for Gateway POD, first get POD name
[root@mcqst02-centos7-6 gateway]# oc get pods
NAME                           READY     STATUS    RESTARTS   AGE
container-gateway-dc-1-bvzr6   1/1       Running   0          14m
mysql-server-1-snk4v           1/1       Running   0          15m

[root@mcqst02-centos7-6 gateway]# oc logs container-gateway-dc-1-bvzr6

Using MySQL database
SSG_DATABASE_WAIT_TIMEOUT set to 300 seconds.
SSG_JVM_HEAP will be 2048m
Waiting for one of the databases to come up...
Liquibase 'status' Successful
Liquibase Update Successful
Starting gateway in foreground
2018-12-20T17:31:19.978+0000 CONFIG  1      com.l7tech.logging: Logging initialized from '/opt/SecureSpan/Gateway/node/default/etc/conf/', with defaults from 'jar:file:/opt/SecureSpan/Gateway/runtime/Gateway.jar!/com/l7tech/server/resources/'
2018-12-20T17:31:20.492+0000 INFO    1      com.l7tech.server.boot.GatewayBoot: Starting CA API Gateway 9.4.00 build 8872, built 20181012143850 by teamcity at apim-teamcityagent19
2018-12-20T17:31:20.528+0000 INFO    1      com.l7tech.server.boot.GatewayBoot: Database type: mysql
2018-12-20T17:31:20.531+0000 INFO    1      com.l7tech.server.boot.GatewayBoot: Starting gateway in TRADITIONAL mode