jeromatron · November 18, 2019 04:17
diff --git a/openshift-setup.sh b/openshift-setup.sh
 # Install Openshift Packages on Master,Compute,Infra
 sudo yum install -y NetworkManager wget vim git zile net-tools bind-utils iptables-services bridge-utils bash-completion kexec-tools sos psacct openssl-devel httpd-tools  python-cryptography python2-pip python-devel python-passlib java-1.8.0-openjdk-headless "@Development Tools"
 sudo yum update -y
 # -----------------------------------------------------------------------
 # Modify '/etc/NetworkManager/NetworkManager.conf' file on Master,Compute
 # -----------------------------------------------------------------------
 sudo sed -i '/^#plugins=ifcfg-rh,ibft/a dns=none' /etc/NetworkManager/NetworkManager.conf
 # -------------------------------------------------------------------------
 # Modify '/etc/sysconfig/network-scripts/ifcfg-eth0' file on Master,Compute
 # -------------------------------------------------------------------------
 echo 'PEERDNS="yes"' | sudo tee -a /etc/sysconfig/network-scripts/ifcfg-eth0
 echo 'DNS1="8.8.8.8"' | sudo tee -a /etc/sysconfig/network-scripts/ifcfg-eth0
 # -------------------------------------------------------------------------
 # Restart NetworkManager service on Master,Compute
 sudo service NetworkManager restart
 # ------------------------------------------------------
 # Install docker on Master,Compute
 sudo yum install -y docker-1.13.1
 # ------------------------------------------------------
 # Enable docker & start service on Master,Compute
 sudo systemctl enable docker.service --now
 sudo systemctl status docker.service
 # ------------------------------------------------------------
 # Install ansible 2.7 on Master machine
 # The default/latest is 2.8, but we require 2.7
 # We install temporarily only for the dependencies, and then we can install the 2.7 rpm directly
 sudo yum install -y ansible
 sudo yum remove -y ansible
 sudo rpm -Uvh https://releases.ansible.com/ansible/rpm/release/epel-7-x86_64/ansible-2.7.10-1.el7.ans.noarch.rpm
 sudo ansible --version

 # confirm selinux setting on Master,Compute
 sudo sed -i "s/^SELINUX=disabled/SELINUX=permissive/" /etc/selinux/config
 # then reboot

 ----------------------------------------------------------------------------------------------
 # On the master, create an admin password
 sudo mkdir -p /etc/origin/master
 sudo htpasswd -c /etc/origin/master/htpasswd admin

 # Create inventory.ini on master machine.
 sudo tee -a inventory.ini > /dev/null <<EOT
 # Create an OSEv3 group that contains the masters and nodes groups
 [OSEv3:children]
 masters
 nodes
 etcd

 # Set variables common for all OSEv3 hosts
 [OSEv3:vars]
 ansible_ssh_user=automaton
 ansible_become=yes

 # Debug level for all OpenShift components (Defaults to 2)
 debug_level=2
 openshift_deployment_type=origin

 [nodes:vars]
 openshift_disable_check=disk_availability,memory_availability,docker_storage

 [masters:vars]
 openshift_disable_check=disk_availability,memory_availability,docker_storage
 openshift_master_identity_providers=[{'name': 'htpasswd_auth','login': 'true', 'challenge': 'true', 'kind': 'HTPasswdPasswordIdentityProvider'}]
 openshift_master_htpasswd_file='/etc/origin/master/htpasswd'
 openshift_master_api_port=8443
 openshift_master_console_port=8443

 [masters]
 node0

 [etcd]
 node0

 # note dedicated machine for both master and infra (these will both be compute as well)
 [nodes]
 node0 openshift_node_group_name="node-config-master"
 node1 openshift_node_group_name="node-config-infra"
 node2 openshift_node_group_name="node-config-compute"
 node3 openshift_node_group_name="node-config-compute"
 node4 openshift_node_group_name="node-config-compute"
 EOT

 # Clone Openshift Origin source code
 git clone https://github.com/openshift/openshift-ansible.git
 # Checkout Origin 3.11 release 
 cd openshift-ansible && git fetch && git checkout release-3.11 && cd ..
 -----------------------------------------------------------------------

 -------------------------------------------------------------------------------------
 # Excute playbook on master machine
 # Probably not the best for production, but avoids problems with key checking
 sudo sed -i 's/^#host_key_checking = False/host_key_checking = False/' /etc/ansible/ansible.cfg
 # Do a sanity check before the full install
 sudo ansible-playbook -i inventory.ini openshift-ansible/playbooks/prerequisites.yml
 sudo ansible-playbook -i inventory.ini openshift-ansible/playbooks/deploy_cluster.yml
 # -----------------------------------------------------------------------------------

 # Set up the Docker registry (see https://docs.docker.com/registry/deploying/#run-an-externally-accessible-registry)
 # On the master node:
 mkdir certs
 # Create a cert for the CN myregistry.domain.com
 openssl req -newkey rsa:4096 -nodes -sha256 -keyout certs/domain.key -x509 -days 365 -out certs/domain.crt
 # Start the registry with the cert
 docker run -d \
  --restart=always \
  --name registry \
  -v "$(pwd)"/certs:/certs \
  -e REGISTRY_HTTP_ADDR=0.0.0.0:443 \
  -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt \
  -e REGISTRY_HTTP_TLS_KEY=/certs/domain.key \
  -p 443:443 \
  registry:2
 # Add the master's IP address to /etc/hosts as myregistry.domain.com
 # Add the cert to the docker certs.d
 sudo mkdir /etc/docker/certs.d/myregistry.domain.com
 sudo cp certs/domain.crt /etc/docker/certs.d/myregistry.domain.com/
 # Test to make sure you can push to the registry
 sudo docker pull ubuntu:16.04
 sudo docker tag ubuntu:16.04 myregistry.domain.com/my-ubuntu
 sudo docker push myregistry.domain.com/my-ubuntu
 docker pull myregistry.domain.com/my-ubuntu

 # Add the certificate and hosts file entry to any server that needs to interact with the registry

 # On your local machine, clone and build DSE with the version needed
 git clone https://github.com/yukim/docker-images.git
 cd docker-images
 # Make local gradle.properties with our private docker registry
 sudo tee -a gradle.properties > /dev/null <<EOT
 dockerRegistry=https://myregistry.domain.com
 registryUsername=admin
 registryPassword=********
 EOT

 ./gradlew buildServer6.7.6Image
 docker tag datastax/dse-server:6.7.6 myregistry.domain.com/dse-server:6.7.6-scb
 docker push myregistry.domain.com/dse-server:6.7.6-scb

 ./gradlew buildserver6.7.5Image
 docker tag datastax/dse-server:6.7.5 myregistry.domain.com/dse-server:6.7.5-scb
	# Install Openshift Packages on Master,Compute,Infra
	sudo yum install -y NetworkManager wget vim git zile net-tools bind-utils iptables-services bridge-utils bash-completion kexec-tools sos psacct openssl-devel httpd-tools python-cryptography python2-pip python-devel python-passlib java-1.8.0-openjdk-headless "@Development Tools"
	sudo yum update -y
	# -----------------------------------------------------------------------
	# Modify '/etc/NetworkManager/NetworkManager.conf' file on Master,Compute
	# -----------------------------------------------------------------------
	sudo sed -i '/^#plugins=ifcfg-rh,ibft/a dns=none' /etc/NetworkManager/NetworkManager.conf
	# -------------------------------------------------------------------------
	# Modify '/etc/sysconfig/network-scripts/ifcfg-eth0' file on Master,Compute
	# -------------------------------------------------------------------------
	echo 'PEERDNS="yes"' \| sudo tee -a /etc/sysconfig/network-scripts/ifcfg-eth0
	echo 'DNS1="8.8.8.8"' \| sudo tee -a /etc/sysconfig/network-scripts/ifcfg-eth0
	# -------------------------------------------------------------------------
	# Restart NetworkManager service on Master,Compute
	sudo service NetworkManager restart
	# ------------------------------------------------------
	# Install docker on Master,Compute
	sudo yum install -y docker-1.13.1
	# ------------------------------------------------------
	# Enable docker & start service on Master,Compute
	sudo systemctl enable docker.service --now
	sudo systemctl status docker.service
	# ------------------------------------------------------------
	# Install ansible 2.7 on Master machine
	# The default/latest is 2.8, but we require 2.7
	# We install temporarily only for the dependencies, and then we can install the 2.7 rpm directly
	sudo yum install -y ansible
	sudo yum remove -y ansible
	sudo rpm -Uvh https://releases.ansible.com/ansible/rpm/release/epel-7-x86_64/ansible-2.7.10-1.el7.ans.noarch.rpm
	sudo ansible --version

	# confirm selinux setting on Master,Compute
	sudo sed -i "s/^SELINUX=disabled/SELINUX=permissive/" /etc/selinux/config
	# then reboot

	----------------------------------------------------------------------------------------------
	# On the master, create an admin password
	sudo mkdir -p /etc/origin/master
	sudo htpasswd -c /etc/origin/master/htpasswd admin

	# Create inventory.ini on master machine.
	sudo tee -a inventory.ini > /dev/null <<EOT
	# Create an OSEv3 group that contains the masters and nodes groups
	[OSEv3:children]
	masters
	nodes
	etcd

	# Set variables common for all OSEv3 hosts
	[OSEv3:vars]
	ansible_ssh_user=automaton
	ansible_become=yes

	# Debug level for all OpenShift components (Defaults to 2)
	debug_level=2
	openshift_deployment_type=origin

	[nodes:vars]
	openshift_disable_check=disk_availability,memory_availability,docker_storage

	[masters:vars]
	openshift_disable_check=disk_availability,memory_availability,docker_storage
	openshift_master_identity_providers=[{'name': 'htpasswd_auth','login': 'true', 'challenge': 'true', 'kind': 'HTPasswdPasswordIdentityProvider'}]
	openshift_master_htpasswd_file='/etc/origin/master/htpasswd'
	openshift_master_api_port=8443
	openshift_master_console_port=8443

	[masters]
	node0

	[etcd]
	node0

	# note dedicated machine for both master and infra (these will both be compute as well)
	[nodes]
	node0 openshift_node_group_name="node-config-master"
	node1 openshift_node_group_name="node-config-infra"
	node2 openshift_node_group_name="node-config-compute"
	node3 openshift_node_group_name="node-config-compute"
	node4 openshift_node_group_name="node-config-compute"
	EOT

	# Clone Openshift Origin source code
	git clone https://github.com/openshift/openshift-ansible.git
	# Checkout Origin 3.11 release
	cd openshift-ansible && git fetch && git checkout release-3.11 && cd ..
	-----------------------------------------------------------------------

	-------------------------------------------------------------------------------------
	# Excute playbook on master machine
	# Probably not the best for production, but avoids problems with key checking
	sudo sed -i 's/^#host_key_checking = False/host_key_checking = False/' /etc/ansible/ansible.cfg
	# Do a sanity check before the full install
	sudo ansible-playbook -i inventory.ini openshift-ansible/playbooks/prerequisites.yml
	sudo ansible-playbook -i inventory.ini openshift-ansible/playbooks/deploy_cluster.yml
	# -----------------------------------------------------------------------------------

	# Set up the Docker registry (see https://docs.docker.com/registry/deploying/#run-an-externally-accessible-registry)
	# On the master node:
	mkdir certs
	# Create a cert for the CN myregistry.domain.com
	openssl req -newkey rsa:4096 -nodes -sha256 -keyout certs/domain.key -x509 -days 365 -out certs/domain.crt
	# Start the registry with the cert
	docker run -d \
	--restart=always \
	--name registry \
	-v "$(pwd)"/certs:/certs \
	-e REGISTRY_HTTP_ADDR=0.0.0.0:443 \
	-e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt \
	-e REGISTRY_HTTP_TLS_KEY=/certs/domain.key \
	-p 443:443 \
	registry:2
	# Add the master's IP address to /etc/hosts as myregistry.domain.com
	# Add the cert to the docker certs.d
	sudo mkdir /etc/docker/certs.d/myregistry.domain.com
	sudo cp certs/domain.crt /etc/docker/certs.d/myregistry.domain.com/
	# Test to make sure you can push to the registry
	sudo docker pull ubuntu:16.04
	sudo docker tag ubuntu:16.04 myregistry.domain.com/my-ubuntu
	sudo docker push myregistry.domain.com/my-ubuntu
	docker pull myregistry.domain.com/my-ubuntu

	# Add the certificate and hosts file entry to any server that needs to interact with the registry

	# On your local machine, clone and build DSE with the version needed
	git clone https://github.com/yukim/docker-images.git
	cd docker-images
	# Make local gradle.properties with our private docker registry
	sudo tee -a gradle.properties > /dev/null <<EOT
	dockerRegistry=https://myregistry.domain.com
	registryUsername=admin
	registryPassword=********
	EOT

	./gradlew buildServer6.7.6Image
	docker tag datastax/dse-server:6.7.6 myregistry.domain.com/dse-server:6.7.6-scb
	docker push myregistry.domain.com/dse-server:6.7.6-scb

	./gradlew buildserver6.7.5Image
	docker tag datastax/dse-server:6.7.5 myregistry.domain.com/dse-server:6.7.5-scb