it actually requires a lot of programming since you have to first create the message digest for hashing on your own using 2x SHA256 hash(es)* and pass that to OpenSSL for signing and then you have to account for a couple of consensus related rules such as having low s, strict DER encoding,... and a bunch more which OpenSSL doesn't care about. then you also have to insert this inside your transaction's appropriate field with the correct encoding, length indicators,...

* for legacy transactions it will be one doubleSha256 hash of a special serialized tx. but for SegWit transactions it will be multiple doubleSha256 hash of different serialization of different parts explained in BIP143 then a final hash of the concatenated results.

you are correct.
since your transaction is a P2SH-P2WPKH after you sign it, you have to first put a special script inside the script sig (00142fcfe0ee792965d852f392c5fe53e2be71274ca8) then you have to place the signature + pubkey inside the witness part of the transaction.
inside witness, you insert "items" so instead of reporting the length of the script like you do in a scriptSig you instead report the number of items inside of the witness. since you have 2 items (signature and the public key) you start by 0x02 followed by signature followed by public key each having their length encoded using Compact Int (aka varint).