Skip to content

Instantly share code, notes, and snippets.

@kevprice83

kevprice83/README.md

Forked from mayorova/README.md
Created November 17, 2017 09:30
Show Gist options
  • Save kevprice83/b80d7672ef866c4b626b7376381d529a to your computer and use it in GitHub Desktop.
Save kevprice83/b80d7672ef866c4b626b7376381d529a to your computer and use it in GitHub Desktop.
Download ZIP
Deploy 3scale AMP on OpenShift
Raw
README.md

Installing 3scale AMP2.1 on EC2

You will need:

  • a running instance with 8GB RAM minimum (recommended 16GB) and RHEL

  • <PUBLIC_DNS>: (e.g. ec2-54-123-456-78.compute-1.amazonaws.com)

  • <PUBLIC_IP>: (e.g. 54.123.456.78)

Set up OpenShift cluster

References

(thanks to Toni Syvänen)

Install and run Docker

sudo yum-config-manager --enable rhui-REGION-rhel-server-extras
sudo yum install docker docker-registry -y

/etc/containers/registries.conf:

insecure_registries:
  - 172.30.0.0/16

sudo systemctl daemon-reload
sudo systemctl restart docker

 docker network inspect -f "{{range .IPAM.Config }}{{ .Subnet }}{{end}}" bridge

This should return 172.170.0/16

Install OC tools

Origin: https://github.com/openshift/origin/releases/latest

or

OCP: https://access.redhat.com/downloads/content/290/ver=3.4/rhel---7/3.4.1.10/x86_64/product-software

Example:

sudo yum install wget -y
wget https://github.com/openshift/origin/releases/download/v1.4.1/openshift-origin-client-tools-v1.4.1-3f9807a-linux-64bit.tar.gz
tar -xzvf openshift-origin-client-tools-v1.4.1-3f9807a-linux-64bit.tar.gz
sudo mv openshift-origin-client-tools-v1.4.1+3f9807a-linux-64bit/oc /usr/bin/
rm -rf openshift-origin-client-tools-v1.4.1*

Start the cluster

oc cluster up --public-hostname=<PUBLIC_DNS> --routing-suffix=<PUBLIC_IP>.xip.io

Check out the console: https://<PUBLIC_DNS>:8443

Deploy 3scale AMP

Create persistent volumes

sudo su

mkdir -p  /var/lib/docker/pv/{01..04}
chmod g+w /var/lib/docker/pv/{01..04}
chcon -Rt svirt_sandbox_file_t /var/lib/docker/pv/

(pv.yml attached as a separate file)

oc login -u system:admin

oc new-app --param PV=01 -f pv.yml
oc new-app --param PV=02 -f pv.yml
oc new-app --param PV=03 -f pv.yml
oc new-app --param PV=04 -f pv.yml

oc get pv

Login as developer and start AMP with template

oc login https://<PUBLIC_DNS>:8443 --insecure-skip-tls-verify

oc new-project 3scale-amp

oc new-app --file https://raw.githubusercontent.com/3scale/3scale-amp-openshift-templates/master/amp/amp.yml --param WILDCARD_DOMAIN=<PUBLIC_IP>.xip.io --param TENANT_NAME=<your_name>

--> Deploying template "3scale-amp/system" for "amp.yml" to project 3scale-amp

     system
     ---------
     Login on https://3scale-admin.<PUBLIC_IP>.xip.io as admin/gu8edykg    <===== LOGIN with these credentials

     * With parameters:
        * AMP_RELEASE=er3
        * ADMIN_PASSWORD=gu8edykg # generated
        * ADMIN_USERNAME=admin
        * APICAST_ACCESS_TOKEN=rthdeuql # generated
        * ADMIN_ACCESS_TOKEN=4o2txf0v4e3wgvtw # generated
        * WILDCARD_DOMAIN=<PUBLIC_IP>.xip.io
        * SUBDOMAIN=3scale
        * MySQL User=mysql
        * MySQL Password=qfnt75jf # generated
        * MySQL Database Name=system
        * MySQL Root password.=7dhquse7 # generated
        * SYSTEM_BACKEND_USERNAME=3scale_api_user
        * SYSTEM_BACKEND_PASSWORD=a3i3n7by # generated
        * REDIS_IMAGE=rhscl/redis-32-rhel7:3.2-5.3
        * SYSTEM_BACKEND_SHARED_SECRET=s4wpndxj # generated

Test

Log in to the portal using the credentials above, configure the API, deploy APIcast staging adn production.

Configure emails (optional)

oc env dc/system-app --overwrite SMTP_ADDRESS=smtp.gmail.com SMTP_USER_NAME=<SMTP_USERNAME> SMTP_PASSWORD=<SMTP_PASSWORD>
oc env dc/system-redis --overwrite SMTP_ADDRESS=smtp.gmail.com SMTP_USER_NAME=<SMTP_USERNAME> SMTP_PASSWORD=<SMTP_PASSWORD>
oc env dc/system-sidekiq --overwrite SMTP_ADDRESS=smtp.gmail.com SMTP_USER_NAME=<SMTP_USERNAME> SMTP_PASSWORD=<SMTP_PASSWORD>

Note: the emails will be sent from the user specified in <SMTP_USERNAME>

Set up additional APIcast on OpenShift cluster

Create Access Token

Create an access token for Account Management API (Read permission is enough) (<ACCESS_TOKEN>)

Deploy APIcast pointing to the AMP backend

oc login https://<PUBLIC_DNS>:8443 --insecure-skip-tls-verify

oc new-project "apicast" --display-name="new-apicast-gateway" --description="3scale apicast gateway"

oc secret new-basicauth apicast-configuration-url-secret --password=https://<ACCESS_TOKEN>@<TENANT_NAME>-admin.<PUBLIC_IP>.xip.io

oc new-app -f https://raw.githubusercontent.com/3scale/3scale-amp-openshift-templates/master/apicast-gateway/apicast.yml

Create a route in OpenShift for the new APIcast

  • Create a new Public Base URL in the Integration page
  • Add the corresponding route to the apicast service
Raw
pv.yml
apiVersion: v1
kind: Template
metadata:
creationTimestamp: null
name: "system"
objects:
- apiVersion: v1
kind: PersistentVolume
metadata:
name: pv${PV}
spec:
accessModes:
- ReadWriteOnce
- ReadWriteMany
capacity:
storage: 1Gi
persistentVolumeReclaimPolicy: Recycle
hostPath:
path: ${PATH}/${PV}
parameters:
- name: PV
required: true
- name: PATH
value: /var/lib/docker/pv
required: true
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment