Table of Contents for
Getting Started with OpenShift

Version ebook / Retour

Cover image for bash Cookbook, 2nd Edition Getting Started with OpenShift by Katie Miller Published by O'Reilly Media, Inc., 2014
  1. Cover
  2. Getting Started With OpenShift
  3. Getting Started With OpenShift
  4. Preface
  5. 1. Introduction
  6. 2. Creating Applications
  7. 3. Making Code Modifications
  8. 4. Adding Application Components
  9. 5. Environment and Application Management
  10. 6. Library Dependencies
  11. 7. Networking
  12. 8. Disk Usage
  13. 9. Backup
  14. 10. Team Collaboration
  15. 11. Summary
  16. A. Basic Linux for Non-Linux Users
  17. Colophon
  18. Copyright

Chapter 10. Team Collaboration

In our discussion so far we have generally considered OpenShift and its features from the point of view of a single developer. However, whether you embrace Agile, post-Agile Programmer Anarchy, or some other newfangled way of working, most of us develop software in teams. In this chapter, we will broaden our scope beyond the lone wolf and look at OpenShift’s offerings for the whole wolf pack. We will show how to manage multiple SSH keys and how to use an OpenShift domain to collaborate, before concluding with some thoughts about possible platform workflows.

Managing Multiple SSH Keys

One way of enabling another person to make changes to your OpenShift application code is to add her machine’s public SSH key to your OpenShift account. This will enable your collaborator to access the Git repositories of any of your OpenShift applications using standard Git commands. It will not grant that person access to your OpenShift Online account, or enable her to log in to RHC.

This method for code sharing is best suited to situations where the person you wish to grant access to does not have an OpenShift account. If she’s willing to create an OpenShift account or has one already, a better way to give access is to add her to your application’s domain, as explained in the next section.

You can manage the SSH keys for your OpenShift account from the command line with the rhc sshkey command. You can list all your SSH keys with rhc sshkey list, add a key with rhc sshkey add, and remove a key with rhc sshkey remove. To add your collaborator, have her supply you with her public SSH key; typically, this would be her ~/.ssh/id_rsa.pub file (this is the public part of the key pair; the corresponding private key file, id_rsa, should never be shared). Here is an example of adding a new key to an OpenShift account:

[me@localhost ~]$ rhc sshkey add myfriend ~/Downloads/id_rsa.pub
RESULT:
SSH key id_rsa.pub has been added as 'myfriend'

Once the key has been added, give your collaborator the Git URL of the OpenShift application repository you want her to edit (you can view this with rhc apps). She can use this URL with the regular git clone command, and will also be able to access the application gear via ssh. If you want to add more collaborators, simply add more SSH keys.

Domain Access for Teams

Adding SSH keys to your OpenShift account is one way of enabling collaboration on application code, but it has limitations; it will not allow your team members to use RHC commands with the shared apps, and it gives everyone you add full access to make changes. A more flexible approach is to add members to your OpenShift domain.

All OpenShift applications must belong to a domain, sometimes referred to as a namespace. This becomes part of the OpenShift Online application URL, which has the form appname-domain.rhcloud.com—this should look familiar by now. Depending on your OpenShift account, you may be able to create multiple domains; users on the free tier of OpenShift Online are limited to one domain.

OpenShift domains can be managed from the command line with the rhc domain command. Use rhc domain list to see which domains you have access to and rhc domain show to display the details of applications in a domain. If you have access to do so, you can create new domains with rhc domain create name.

Domain membership can also be managed from the command line, using the rhc member command. When you add a member to a domain, you can give that member one of three possible roles:

view
Viewers can see information about the domain and its applications but cannot make any changes. They cannot use rhc env to view environment variables, access the application via SSH, or clone the Git repository (unless their SSH public keys have also been added to the domain OpenShift account).
edit
Editors can do everything viewers can do, plus create, update, and delete applications in the domain. They can view and edit environment variables and access application Git repositories and gears via SSH.
admin
Administrators can do everything editors can do, as well as update domain membership and change the domain name.

These member permissions apply to all applications within a domain. If you wish to give the same user a different level of access to different applications, you should place them in separate domains.

Here is an example of adding and then removing a member in Insult App’s domain, osbeginnerbook. OpenShift users are referenced by their username, which is usually their email address; rhc account will display the details of the logged-in user:

[me@localhost ~]$ rhc member add phb@redhat.com -n osbeginnerbook --role view
Adding 1 viewer to domain ... done
[me@localhost ~]$ rhc member list -n osbeginnerbook
Login                   Role
----------------------- -------------
TheSteve0@redhat.com    admin (owner)
codemiller@redhat.com   admin
phb@redhat.com          view
[me@localhost ~]$ rhc member remove phb@redhat.com -n osbeginnerbook
Removing 1 member from domain ... done

A domain member can use the command rhc domain leave -n domain if she wishes to remove herself from a domain.

Possible Workflows

If you have read to this point, you should now have a good idea of how the OpenShift platform works and what features it offers. However, you may still be wondering how to adapt your current team processes to use OpenShift. Every team is different, so we cannot offer a magic formula for this, but here are some points you may want to consider:

  • User access is restricted at the domain level on OpenShift, as discussed earlier. Given this, you will probably want to create a domain for each of your environments (development, integration, test, stage, production, etc.) and add those who should have access as members with the appropriate role (view, edit, admin).
  • No one likes accidental production deployments. Consider turning off auto-deploy for all apps in your production domain (see Manual Deployments).
  • Think about restricting pushes to the staging or production environments to your ops users.

Taking into account these items, here are the details of a possible team workflow utilizing OpenShift:

  1. Create a new Git repository for your project. This is the upstream for all development. This repository should not contain anything related to OpenShift, such as the .openshift directory.
  2. Create an integration domain for the team. Add all the team members and give them edit rights using the rhc member add command. This will be used as an integration environment. Create an OpenShift application for the app under development in the integration domain. This application should probably be scalable, to match the corresponding production application.
  3. Create a domain for each developer where developers can create their own versions of the application and try out changes before they push them to the integration domain.
  4. To push changes to the development or integration environments, the developers use Git remotes. This means when a developer issues the command git push dev master, his changes are deployed to the development environment. After testing, he can do a git push int master to push the changes to the integration environment.
  5. The integration environment has the Jenkins cartridge (or an alternative continuous integration cartridge) installed to build the project and run all the test cases. When team members push their code to this domain, it automatically builds and tests the application and will not deploy it if the tests do not pass. If there are other environments in the pipeline, such as a QA environment, they may also have continuous integration set up to do other levels of testing, such as functional or user acceptance testing.
  6. Create staging and production domains containing OpenShift applications with the same cartridges as the app under development; only grant rights to the operations team members, or whoever should have the right to push deployments to prod. After the testers have inspected the quality of the application in the integration domain, they push the latest version to staging using the command git push staging master. When it comes time to do a deployment, the ops people can then tag the release and push it to production with git push production master. Only the ops people should have admin rights for the production domain.
  7. The new version of the application is now in production, but it has not yet been deployed as it is configured with RHC for manual deployment. When deployment is scheduled, the ops person uses the rhc deploy command to manually deploy the application.

This workflow is not going to suit everyone and does not cover all aspects of the development process, but we hope it sparks some ideas of how OpenShift could become part of your team.