OpenShift Worker and Master Nodes as of OpenShift Container Platform 4.0 users Red Hat CoreOS(RHCOS) as the base operating system. For OKD, this will be Fedora CoreOS(FCOS). It is not recommended to ssh directly to the OpenShift nodes, not forgetting only ssh keys can be used for access by default. This SSH key is the one provided when deploying an OpenShift / OKD Container platform. So how then can you access a Shell Prompt of an OpenShift Node.

<img alt="" data-ezsrc="https://kirelos.com/wp-content/uploads/2020/03/echo/openshift-cluster-status-1024×335.png" data-ez ezimgfmt="rs rscb8 src ng ngcb8 srcset" src="data:image/svg xml,”>

Open a Shell Prompt on an OpenShift Node

OpenShift provides an oc client which can be used to access the Shell prompt of an OpenShift Node.

Once you have an OpenShift Cluster up and running, you can install oc client with below commands:

--- Linux ---
wget https://mirror.openshift.com/pub/openshift-v4/clients/oc/latest/linux/oc.tar.gz
tar xvf oc.tar.gz
chmod  x oc
sudo mv oc /usr/local/bin

--- macOS ---
wget https://mirror.openshift.com/pub/openshift-v4/clients/oc/latest/macosx/oc.tar.gz
tar xvf oc.tar.gz
chmod  x oc
sudo mv oc /usr/local/bin

Confirm installation by checking the version:

$ oc version
Client Version: 4.5.0-202003270516-ad76834
Kubernetes Version: v1.17.4

Access OpenShift Node Shell

You’ll use the oc debug node command to open a shell prompt in any node of your cluster. The syntax is:

$ oc debug node/

But first list your cluster nodes:

$ oc get nodes
NAME                                STATUS   ROLES          AGE   VERSION
mas01.ocp.computingforgeeks.com     Ready    master         10d   v1.16.2
mas02.ocp.computingforgeeks.com     Ready    master         10d   v1.16.2
mas03.ocp.computingforgeeks.com     Ready    master         10d   v1.16.2
infra03.ocp.computingforgeeks.com   Ready    infra,worker   10d   v1.16.2
infra03.ocp.computingforgeeks.com   Ready    infra,worker   10d   v1.16.2
node01.ocp.computingforgeeks.com    Ready    worker         10d   v1.16.2
node02.ocp.computingforgeeks.com    Ready    worker         10d   v1.16.2
node03.ocp.computingforgeeks.com    Ready    worker         10d   v1.16.2
ocs01.ocp.computingforgeeks.com     Ready    worker         10d   v1.16.2
ocs02.ocp.computingforgeeks.com     Ready    worker         10d   v1.16.2
ocs03.ocp.computingforgeeks.com     Ready    worker         10d   v1.16.2


Let’s say you want to start a shell session to ocs01.ocp.computingforgeeks.com node, you’ll run:

$ oc debug node/node01.ocp.computingforgeeks.com
Starting pod/node01ocpcomputingforgeekscom-debug ...
To use host binaries, run `chroot /host`

The prompt comes from a special-purpose tools container that mounts the node root file system

at the /host folder, and allows you to inspect any files from the node.

You need to start a chroot shell in the /host folder as shown in the command output. This will enable you to use host binaries in the shell.

chroot /host

You’ll see output like below:

chroot /host
Pod IP: 10.184.48.235
If you don't see a command prompt, try pressing enter.
sh-4.2# chroot /host
sh-4.4#

Try running command e.g. checking OS version:

sh-4.4# cat /etc/redhat-release 
Red Hat Enterprise Linux CoreOS release 4.3

sh-4.4# nmcli con show
NAME                UUID                                  TYPE      DEVICE 
Wired connection 1  dcd75b54-c1d9-39b7-b7e9-6996a182b53a  ethernet  ens192

The oc debug shell session uses the same tunneling technology that allows opening a shell prompt inside a running pod – oc rsh.

More on OpenShift.

How To Install Operator SDK CLI on Linux / macOS

Prevent Users from Creating Projects in OpenShift / OKD Cluster

Setup Local OpenShift 4.2 Cluster with CodeReady Containers

How To Install and Use Source-To-Image (S2I) Toolkit on Linux

, , , ,
Show Comments