Redmine on Openshift

by (July 09, 2018)

Posted in DevOps  Tags:Openshift, Redmine, org-babel, Emacs


Openshift is Kubernetes based deployment system from RedHat which can be deployed in various environments - on your development computer, on AWS, over OpenStack or directly on a hardware servers/VM.

My task is to install Redmine on that environment.

I have tried to find and follow some guide on how to get Redmine installed, but found either very outdated or not enough correct guides. So, while installing it myself I’ve made a few notes, with hope that it could be useful for someone else.


  • Openshift Origin version 3.9
  • Access to system account to be able to change security context constraints (scc)

UI/UX - command line or Web UI console

Most of operations can be done from Openshift web console. Generally, it can be done either way, here are advantages and disadvantages of each approach:

  • Using web console UI is simple and easy;
  • Using command line tools is more powerful and scripts can be easily saved and re-used.

I will try to give you idea how to do that either way.


Login to Openshift

This is pretty straightforward using Web UI. You can login to console by either copying the token from Web UI form:

Login via token

oc login

Create new project

Web Console

Create project form Project created

Command line

oc new-project redmine --display-name="Redmine" --description="Redmine issue tracking system"

Now using project "redmine" on server "".

You can add applications to this project with the 'new-app' command. For example, try:

    oc new-app centos/ruby-22-centos7~

to build a new example application in Ruby.

Create database

  • When creating database pay attention to the fact that we should create database on persistent volume.
  • Database access parameters should be saved in secure vault and shared to redmine container

Web console

pg step1 pg step2 pg step3

Command line

For command line there are a few steps.

  • Start PostgreSQL 9.6 deployment

    oc new-app --image-stream=postgresql:9.6 \
      -e POSTGRESQL_USER=redmine \
      -e POSTGRESQL_PASSWORD=secret \
      -e POSTGRESQL_DATABASE=redmine
  • Create persistent volume & claim

    And now we need to replace the volume with persistent one:

    oc set volumes deploymentconfigs/postgresql --remove=true --name=postgresql-volume-1
    oc volume dc/postgresql --add \
      --name=postgresql \
      --type=persistentVolumeClaim \
      --mount-path=/var/lib/pgsql/data \
      --claim-name=postgresql \
      --claim-size=1G \
      --containers=postgresql \
    deploymentconfig "postgresql" updated
    warning: volume "postgresql" did not previously exist and was not overriden. A new volume with this name has been created instead.persistentvolumeclaims/postgresql
    deploymentconfig "postgresql" updated

Redmine application creation

Web console

It seems that deployment public containers is not available for Web console as it said in:

To deploy custom containers, you need to use the terminal as it’s not yet exposed in the web UI. You will use the oc client tool with the new-app command as you usually use for deploying stuff on OpenShift (oc new-app [image]~[source code]).

Command line

  • Create Redmine deployment config

    oc new-app --docker-image redmine:3.4 \
      -e REDMINE_DB_POSTGRES=postgresql \
      -e REDMINE_DB_DATABASE=redmine \
      -e REDMINE_DB_USERNAME=redmine \
      -e REDMINE_DB_PASSWORD=secret
    --> Found Docker image 1ca265f (9 days old) from Docker Hub for "redmine:3.4"
        * An image stream will be created as "redmine:3.4" that will track this image
        * This image will be deployed in deployment config "redmine"
        * Port 3000/tcp will be load balanced by service "redmine"
          * Other containers can access this service through the hostname "redmine"
        * This image declares volumes and will default to use non-persistent, host-local storage.
          You can add persistent volumes later by running 'volume dc/redmine --add ...'
        * WARNING: Image "redmine:3.4" runs as the 'root' user which may not be permitted by your cluster administrator
    --> Creating resources ...
        imagestream "redmine" created
        deploymentconfig "redmine" created
        service "redmine" created
    --> Success
        Application is not exposed. You can expose services to the outside world by executing one or more of the commands below:
         'oc expose svc/redmine' 
        Run 'oc status' to view your app.
  • Change security context constrains

    Redmine requires root privileges. System admin can grant them to this specific application by creating a special user for this:

    oc login -u system:admin
    oc create serviceaccount redmineroot
    oc adm policy add-scc-to-user anyuid -z redmineroot
    oc login -u alex.koval
    Logged into "" as "system:admin" using existing credentials.
    You have access to the following projects and can switch between them with 'oc project <projectname>':
    Using project "redmine".
    serviceaccount "redmineroot" created
    scc "anyuid" added to: ["system:serviceaccount:redmine:redmineroot"]
  • Give Redmine deployment user the root priveleges

    oc patch dc/redmine --patch '{"spec":{"template":{"spec":{"serviceAccountName": "redmineroot"}}}}'
    deploymentconfig "redmine" patched

    … and it makes sense to replace this duplication of DB_ connection data by redefining those variables to be read from postgresql secrets via Web console:

Persistent storage for Redmine ’files’ and ’plugins’

It makes great sense to store Redmine plugins and files folders on persistent storage. That is pretty easy to accomplish.

Create volumes (Web console)

  1. Go to Storage -> Create Storage and create:
    • 1 Gb RWO storage with name redmine-files
    • 1 Gb RWO storage with name redmine-plugins
  2. Go to Application → Deployment → Redmine → Configuration:

    At first, we need to remove default ephemeral storage:

    redmine remove storage

    Then Press “Add Storage” and “create storage” for each folder/persistent volume to mount:

    add storage1 add storage2 add storage3 add storage4

Create volumes (command line)

oc set volumes deploymentconfigs/redmine --remove=true --name=redmine-volume-1
oc volume deploymentconfigs/redmine --add \
  --name=redmine-files \
  --type=persistentVolumeClaim \
  --mount-path=/usr/src/redmine/files \
  --claim-name=redmine-files \
  --claim-size=1G \
  --containers=redmine \
oc volume deploymentconfigs/redmine --add \
  --name=redmine-plugins \
  --type=persistentVolumeClaim \
  --mount-path=/usr/src/redmine/plugins \
  --claim-name=redmine-plugins \
  --claim-size=1G \
  --containers=redmine \

deploymentconfig "redmine" updated
warning: volume "redmine-files" did not previously exist and was not overriden. A new volume with this name has been created instead.persistentvolumeclaims/redmine-files
deploymentconfig "redmine" updated
warning: volume "redmine-plugins" did not previously exist and was not overriden. A new volume with this name has been created instead.persistentvolumeclaims/redmine-plugins
deploymentconfig "redmine" updated


I would not go into details how to create route, it should be pretty straigforward task, and here is the result you should see after creating route:

add storage1


  • Copying data from your previous Redmine location could be made easy by using TCP tunneling on both Openshift and src-host sides, like this:
    1. tunnel to Openshift:

      oc port-forward postgresql-1-fpd5w 5432:5432
    2. tunnel to external host

      ssh -L 5433:localhost:5432 [email protected]
    3. scale redmine to zero so db can be recreated:

      oc scale --replicas=0 dc redmine
    4. copy db:

      export PGPASSWORD=secret
      pg_dump -U redmine redmine -h localhost -p 5433 | psql -U redmine redmine -h localhost
    5. scale it back:

      oc scale --replicas=1 dc redmine
  • Copy files using oc rsh and oc rsync commands
  • It makes sense to setup backups for your openshift project. The simple script can be found here.
  • You can find Literate DevOps source of this script here

Let us know!

Contact details:


Services you are interested in: