OpenShift Worker and Master Nodes as of OpenShift Container Platform 4.0 users Red Hat CoreOS(RHCOS) as the base operating system. For OKD, this will be Fedora CoreOS(FCOS). It is not recommended to ssh directly to the OpenShift nodes, not forgetting only ssh keys can be used for access by default. This SSH key is the one provided when deploying an OpenShift / OKD Container platform. So how then can you access a Shell Prompt of an OpenShift Node.
Open a Shell Prompt on an OpenShift Node
OpenShift provides an oc client which can be used to access the Shell prompt of an OpenShift Node.
Once you have an OpenShift Cluster up and running, you can install oc client with below commands:
--- Linux ---
wget https://mirror.openshift.com/pub/openshift-v4/clients/oc/latest/linux/oc.tar.gz
tar xvf oc.tar.gz
chmod +x oc
sudo mv oc /usr/local/bin
--- macOS ---
wget https://mirror.openshift.com/pub/openshift-v4/clients/oc/latest/macosx/oc.tar.gz
tar xvf oc.tar.gz
chmod +x oc
sudo mv oc /usr/local/bin
Confirm installation by checking the version:
$ oc version Client Version: 4.5.0-202003270516-ad76834 Kubernetes Version: v1.17.4
Access OpenShift Node Shell
You’ll use the oc debug node
command to open a shell prompt in any node of your cluster. The syntax is:
$ oc debug node/<node-name>
But first list your cluster nodes:
$ oc get nodes
NAME STATUS ROLES AGE VERSION
mas01.ocp.geeksforgeeks.org Ready master 10d v1.16.2
mas02.ocp.geeksforgeeks.org Ready master 10d v1.16.2
mas03.ocp.geeksforgeeks.org Ready master 10d v1.16.2
infra03.ocp.geeksforgeeks.org Ready infra,worker 10d v1.16.2
infra03.ocp.geeksforgeeks.org Ready infra,worker 10d v1.16.2
node01.ocp.geeksforgeeks.org Ready worker 10d v1.16.2
node02.ocp.geeksforgeeks.org Ready worker 10d v1.16.2
node03.ocp.geeksforgeeks.org Ready worker 10d v1.16.2
ocs01.ocp.geeksforgeeks.org Ready worker 10d v1.16.2
ocs02.ocp.geeksforgeeks.org Ready worker 10d v1.16.2
ocs03.ocp.geeksforgeeks.org Ready worker 10d v1.16.2
Let’s say you want to start a shell session to ocs01.ocp.geeksforgeeks.org node, you’ll run:
$ oc debug node/node01.ocp.geeksforgeeks.org
Starting pod/node01ocpneveropencom-debug ...
To use host binaries, run `chroot /host`
The prompt comes from a special-purpose tools container that mounts the node root file system
at the /host folder, and allows you to inspect any files from the node.
You need to start a chroot shell in the /host folder as shown in the command output. This will enable you to use host binaries in the shell.
chroot /host
You’ll see output like below:
chroot /host
Pod IP: 10.184.48.235
If you don't see a command prompt, try pressing enter.
sh-4.2# chroot /host
sh-4.4#
Try running command e.g. checking OS version:
sh-4.4# cat /etc/redhat-release Red Hat Enterprise Linux CoreOS release 4.3 sh-4.4# nmcli con show NAME UUID TYPE DEVICE Wired connection 1 dcd75b54-c1d9-39b7-b7e9-6996a182b53a ethernet ens192
The oc debug shell session uses the same tunneling technology that allows opening a shell prompt inside a running pod – oc rsh.
OpenShift Courses:
Practical OpenShift for Developers – New Course 2021
Ultimate Openshift (2021) Bootcamp by School of Devops
More on OpenShift.
How To Install Operator SDK CLI on Linux / macOS
Prevent Users from Creating Projects in OpenShift / OKD Cluster
Setup Local OpenShift 4.2 Cluster with CodeReady Containers
How To Install and Use Source-To-Image (S2I) Toolkit on Linux