dmsimard · October 24, 2018 21:21
diff --git a/tower-on-openshift.sh b/tower-on-openshift.sh
 #!/bin/bash
 yum -y install centos-release-openshift-origin epel-release
 yum -y install wget git net-tools bind-utils iptables-services bridge-utils bash-completion origin-clients docker ansible htop
 sed -i '/OPTIONS=.*/c\OPTIONS="--selinux-enabled --insecure-registry 172.30.0.0/16"' /etc/sysconfig/docker

 # Fix shenanigans between subscription-manager-rhsm-certificates and python-rhsm-certificates:
 # - https://github.com/openshift/openshift-ansible/issues/6222
 # - https://github.com/minishift/minishift/issues/2194
 # - https://github.com/minishift/minishift-centos-iso/issues/251
 # - https://github.com/openshift/os/issues/179
 # etc
 # Manually set up certificate from https://github.com/candlepin/python-rhsm/blob/master/etc-conf/ca/redhat-uep.pem
 wget -P /etc/rhsm/ca https://raw.githubusercontent.com/candlepin/python-rhsm/master/etc-conf/ca/redhat-uep.pem

 systemctl enable docker
 systemctl start docker
 # Stand up a test OpenShift cluster with the "public" IP of my test node
 # This is important because you'll be reaching Tower through a route
 oc cluster up --public-hostname=192.168.0.108

 # TODO: Figure out exactly which privileges Tower needs...
 # - Error from server (Forbidden): securitycontextconstraints.security.openshift.io "privileged" is forbidden: User "developer" cannot get securitycontextconstraints.security.openshift.io at the cluster scope: User "developer" cannot get securitycontextconstraints.security.openshift.io at the cluster scope
 oc login -u system:admin
 oadm policy add-cluster-role-to-user cluster-admin developer

 cat <<EOF > /tmp/extra-vars.yaml
 create_preload_data: false
 admin_username: admin
 admin_password: password
 nginx_http_port: "80"
 nginx_https_port: "443"
 # pg_host: "127.0.0.1"
 pg_port: "5432"
 pg_database: tower
 pg_username: tower
 pg_password: password
 rabbitmq_port: "5672"
 rabbitmq_vhost: tower
 rabbitmq_username: tower
 rabbitmq_password: password
 rabbitmq_erlang_cookie: cookie
 # Needs to be true for fqdns and ip addresses
 rabbitmq_use_long_name: false
 openshift_pg_emptydir: true
 openshift_host: "192.168.0.108:8443"
 openshift_project: tower
 openshift_user: developer
 openshift_password: developer
 openshift_skip_tls_verify: true
 secret_key: secret_key
 EOF

 wget https://releases.ansible.com/ansible-tower/setup_openshift/ansible-tower-openshift-setup-3.3.0.tar.gz
 tar -xzvf ansible-tower-openshift-setup-3.3.0.tar.gz
 pushd ansible-tower-openshift-setup-3.3.0
 ./setup_openshift.sh -e "@/tmp/extra-vars.yaml"
 popd
	#!/bin/bash
	yum -y install centos-release-openshift-origin epel-release
	yum -y install wget git net-tools bind-utils iptables-services bridge-utils bash-completion origin-clients docker ansible htop
	sed -i '/OPTIONS=.*/c\OPTIONS="--selinux-enabled --insecure-registry 172.30.0.0/16"' /etc/sysconfig/docker

	# Fix shenanigans between subscription-manager-rhsm-certificates and python-rhsm-certificates:
	# - https://github.com/openshift/openshift-ansible/issues/6222
	# - https://github.com/minishift/minishift/issues/2194
	# - https://github.com/minishift/minishift-centos-iso/issues/251
	# - https://github.com/openshift/os/issues/179
	# etc
	# Manually set up certificate from https://github.com/candlepin/python-rhsm/blob/master/etc-conf/ca/redhat-uep.pem
	wget -P /etc/rhsm/ca https://raw.githubusercontent.com/candlepin/python-rhsm/master/etc-conf/ca/redhat-uep.pem

	systemctl enable docker
	systemctl start docker
	# Stand up a test OpenShift cluster with the "public" IP of my test node
	# This is important because you'll be reaching Tower through a route
	oc cluster up --public-hostname=192.168.0.108

	# TODO: Figure out exactly which privileges Tower needs...
	# - Error from server (Forbidden): securitycontextconstraints.security.openshift.io "privileged" is forbidden: User "developer" cannot get securitycontextconstraints.security.openshift.io at the cluster scope: User "developer" cannot get securitycontextconstraints.security.openshift.io at the cluster scope
	oc login -u system:admin
	oadm policy add-cluster-role-to-user cluster-admin developer

	cat <<EOF > /tmp/extra-vars.yaml
	create_preload_data: false
	admin_username: admin
	admin_password: password
	nginx_http_port: "80"
	nginx_https_port: "443"
	# pg_host: "127.0.0.1"
	pg_port: "5432"
	pg_database: tower
	pg_username: tower
	pg_password: password
	rabbitmq_port: "5672"
	rabbitmq_vhost: tower
	rabbitmq_username: tower
	rabbitmq_password: password
	rabbitmq_erlang_cookie: cookie
	# Needs to be true for fqdns and ip addresses
	rabbitmq_use_long_name: false
	openshift_pg_emptydir: true
	openshift_host: "192.168.0.108:8443"
	openshift_project: tower
	openshift_user: developer
	openshift_password: developer
	openshift_skip_tls_verify: true
	secret_key: secret_key
	EOF

	wget https://releases.ansible.com/ansible-tower/setup_openshift/ansible-tower-openshift-setup-3.3.0.tar.gz
	tar -xzvf ansible-tower-openshift-setup-3.3.0.tar.gz
	pushd ansible-tower-openshift-setup-3.3.0
	./setup_openshift.sh -e "@/tmp/extra-vars.yaml"
	popd