Last active
April 16, 2019 19:29
-
-
Save jewzaam/eba1b8a8fa1b9e76d36871653895932b to your computer and use it in GitHub Desktop.
Script to make an OCP4 cluster "OSD" (as close as can be today)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| CLUSTER_NAME=$1 | |
| PASSWORD=$2 | |
| IDENTITY_ID=aos-sre | |
| IDENTITY_NAME="Red Hat SRE Test Auth" | |
| if [ "$CLUSTER_NAME" == "" ]; | |
| then | |
| echo "Usage: make-osd <Cluster Name> <password used for all users>" | |
| exit 1 | |
| fi | |
| if [ "$PASSWORD" == "" ]; | |
| then | |
| echo "Usage: make-osd <Cluster Name> <password used for all users>" | |
| echo "WARNING: No password supplied, will not configure OAuth" | |
| echo "" | |
| fi | |
| KUBECONFIG=~/.kube/$CLUSTER_NAME | |
| pushd `mktemp -d` >> /dev/null 2>&1 | |
| LOGFILE=`pwd`/make-osd.log | |
| echo "Temp working directory: `pwd`" | |
| if [ "$PASSWORD" != "" ]; | |
| then | |
| echo -n "Applying OAuth confg..." | |
| # secret for htpasswd | |
| touch htpasswd | |
| htpasswd -b htpasswd $USER-sre $PASSWORD >> $LOGFILE 2>&1 | |
| htpasswd -b htpasswd $USER-customer $PASSWORD >> $LOGFILE 2>&1 | |
| htpasswd -b htpasswd $USER $PASSWORD >> $LOGFILE 2>&1 | |
| oc delete secret $IDENTITY_ID-secret -n openshift-config >> $LOGFILE 2>&1 | |
| oc create secret generic $IDENTITY_ID-secret --from-file=htpasswd=htpasswd -n openshift-config >> $LOGFILE 2>&1 | |
| # oauth: htpasswd with branding | |
| git clone [email protected]:openshift/online.git --depth=1 -b prod >> $LOGFILE 2>&1 | |
| oc delete secret -n openshift-config oauth-templates >> $LOGFILE 2>&1 | |
| oc create secret generic oauth-templates -n openshift-config \ | |
| --from-file=login.html=online/ansible/roles/oso_custom_templates/files/dedicated/login.html \ | |
| --from-file=providers.html=online/ansible/roles/oso_custom_templates/files/dedicated/provider-selection.html \ | |
| --from-file=errors.html=online/ansible/roles/oso_custom_templates/files/dedicated/oauth-error.html >> $LOGFILE 2>&1 | |
| oc patch oauth cluster --type=merge -p '{"spec":{"templates": {"login": {"name": "oauth-templates"},"providerSelection": {"name": "oauth-templates"},"error": {"name": "oauth-templates"}}}}' >> $LOGFILE 2>&1 | |
| rm -rf online >> $LOGFILE 2>&1 | |
| echo "done" | |
| echo -n "Adding users to groups..." | |
| # osd-sre-admins Group | |
| echo "apiVersion: user.openshift.io/v1 | |
| kind: Group | |
| metadata: | |
| name: osd-sre-admins | |
| users: | |
| - $USER-sre" > osd-sre-admins.Group.yaml | |
| oc apply -f osd-sre-admins.Group.yaml >> $LOGFILE 2>&1 | |
| # dedicated-admins Group | |
| echo "apiVersion: user.openshift.io/v1 | |
| kind: Group | |
| metadata: | |
| name: dedicated-admins | |
| users: | |
| - $USER-customer" > dedicated-admins.Group.yaml | |
| oc apply -f dedicated-admins.Group.yaml >> $LOGFILE 2>&1 | |
| echo "done" | |
| fi | |
| echo -n "Applying static configuration..." | |
| # OSD static config | |
| git clone [email protected]:openshift/managed-cluster-config.git --depth=1 >> $LOGFILE 2>&1 | |
| oc apply -R -f managed-cluster-config/deploy/ >> $LOGFILE 2>&1 | |
| rm -rf managed-cluster-config >> $LOGFILE 2>&1 | |
| echo "done" | |
| echo -n "Applying OSD prometheus exporters..." | |
| for R in managed-prometheus-exporter-dns \ | |
| managed-prometheus-exporter-stuck-ebs-vols \ | |
| managed-prometheus-exporter-ebs-iops-reporter; | |
| do | |
| git clone [email protected]:openshift/${R}.git --depth=1 >> $LOGFILE 2>&1 | |
| pushd ${R} >> $LOGFILE 2>&1 | |
| make >> $LOGFILE 2>&1 | |
| oc apply -R -f deploy/ >> $LOGFILE 2>&1 | |
| popd >> $LOGFILE 2>&1 | |
| rm -rf ${R} >> $LOGFILE 2>&1 | |
| done | |
| echo "done" | |
| echo -n "Applying OSD operators..." | |
| oc delete project openshift-dedicated-admin >> $LOGFILE 2>&1 | |
| oc delete catalogsource osd-operators-registry -n openshift-operator-lifecycle-manager >> $LOGFILE 2>&1 | |
| oc apply -f https://raw.githubusercontent.com/openshift/osd-operators-registry/master/manifests/00-catalog.yaml >> $LOGFILE 2>&1 | |
| oc apply -f https://raw.githubusercontent.com/openshift/osd-operators-registry/master/manifests/10-dedicated-admin-operator.yaml >> $LOGFILE 2>&1 | |
| echo "done" | |
| API_URL=`oc get infrastructures cluster -o json | jq -r .status.apiServerURL` | |
| echo "" | |
| echo "Cluster '$CLUSTER_NAME' is setup with: | |
| * OAuth: $IDENTITY_NAME | |
| * Users: $USER-sre, $USER-customer, $USER | |
| * Passwords: $PASSWORD | |
| * Group membership: | |
| * aos-sre-admins: $USER-sre | |
| * dedicated-admins: $USER-customer | |
| Console URL: `oc get console cluster -o json | jq -r .status.consoleURL` | |
| Get Token: $(oc get --raw '/.well-known/oauth-authorization-server' | jq -r .token_endpoint)/request | |
| Login as SRE admin: | |
| export KUBECONFIG=~/.kube/$CLUSTER_NAME-$USER-sre; oc login $API_URL -u $USER-sre -p $PASSWORD --insecure-skip-tls-verify=true | |
| Login as dedicated-admin: | |
| export KUBECONFIG=~/.kube/$CLUSTER_NAME-$USER-customer; oc login $API_URL -u $USER-customer -p $PASSWORD --insecure-skip-tls-verify=true | |
| Login as regular user: | |
| export KUBECONFIG=~/.kube/$CLUSTER_NAME-$USER; oc login $API_URL -u $USER -p $PASSWORD --insecure-skip-tls-verify=true | |
| Logs for this are found here: `pwd`/make-osd.log" | |
| popd >> $LOGFILE 2>&1 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment