noelyahan · March 7, 2016 18:19
diff --git a/openshift_docker_kub.sh b/openshift_docker_kub.sh
 #!/bin/bash

 # Preconditions
 REQUIRED_DOCKER_VERSION=1.6
 DOCKER_VERSION=`docker version | grep 'Server version' | cut -d ' ' -f 3`
 if [[ "$DOCKER_VERSION" < "$REQUIRED_DOCKER_VERSION" ]]; then
  echo "Docker ${REQUIRED_DOCKER_VERSION} is required to run Fabric8."
  exit -1
 fi

 #
 # Discover the APP_BASE from the location of this script.
 #
 if [ -z "$APP_BASE" ] ; then
  DIRNAME=`dirname "$0"`
  APP_BASE=`cd "$DIRNAME"; pwd`
  export APP_BASE
 fi

 OPENSHIFT_VERSION=latest

 OPENSHIFT_IMAGE=openshift/origin:${OPENSHIFT_VERSION}
 OPENSHIFT_ROUTER_IMAGE=openshift/origin-haproxy-router:${OPENSHIFT_VERSION}
 REGISTRY_IMAGE=openshift/origin-docker-registry:${OPENSHIFT_VERSION}

 DEPLOY_IMAGES="${OPENSHIFT_IMAGE} ${OPENSHIFT_ROUTER_IMAGE} ${REGISTRY_IMAGE}"
 #UPDATE_IMAGES=0
 DEPLOY_ALL=0
 CLEANUP=0
 DONT_RUN=0

 OPENSHIFT_ADMIN_PASSWORD=admin
 OPENSHIFT_MASTER_URL=localhost


 for image in ${DEPLOY_IMAGES}; do
  (
    IFS=':' read -a splitimage <<< "$image"
    docker images | grep -qEo "${splitimage[0]}\W+${splitimage[1]}" || (echo "Missing necessary Docker image: $image" && docker pull $image && echo)
  )
 done


 echo "Validating firewall rules"
 RULE="INPUT -d 172.17.42.1 -s 172.17.0.0/16 -j ACCEPT"
 RULE_OUTPUT=$( { docker run --rm --privileged --net=host --entrypoint=iptables ${OPENSHIFT_IMAGE} -C $RULE; } 2>&1 )
 test -n "$RULE_OUTPUT" && docker run --rm --privileged --net=host --entrypoint=iptables ${OPENSHIFT_IMAGE} -I $RULE
 RULE="INPUT -d 172.17.0.0/16 -s 172.121.0.0/16 -j ACCEPT"
 RULE_OUTPUT=$( { docker run --rm --privileged --net=host --entrypoint=iptables ${OPENSHIFT_IMAGE} -C $RULE; } 2>&1 )
 test -n "$RULE_OUTPUT" && docker run --rm --privileged --net=host --entrypoint=iptables ${OPENSHIFT_IMAGE} -I $RULE
 RULE="INPUT -d 172.121.0.0/16 -s 172.17.0.0/16 -j ACCEPT"
 RULE_OUTPUT=$( { docker run --rm --privileged --net=host --entrypoint=iptables ${OPENSHIFT_IMAGE} -C $RULE; } 2>&1 )
 test -n "$RULE_OUTPUT" && docker run --rm --privileged --net=host --entrypoint=iptables ${OPENSHIFT_IMAGE} -I $RULE
 RULE="INPUT -d 172.30.17.0/24 -s 172.17.0.0/16 -j ACCEPT"
 RULE_OUTPUT=$( { docker run --rm --privileged --net=host --entrypoint=iptables ${OPENSHIFT_IMAGE} -C $RULE; } 2>&1 )
 test -n "$RULE_OUTPUT" && docker run --rm --privileged --net=host --entrypoint=iptables ${OPENSHIFT_IMAGE} -I $RULE
 RULE="INPUT -d 172.17.0.0/16 -s 172.30.17.0/24 -j ACCEPT"
 RULE_OUTPUT=$( { docker run --rm --privileged --net=host --entrypoint=iptables ${OPENSHIFT_IMAGE} -C $RULE; } 2>&1 )
 test -n "$RULE_OUTPUT" && docker run --rm --privileged --net=host --entrypoint=iptables ${OPENSHIFT_IMAGE} -I $RULE
 echo

 # TODO it would be nice if we could tell easily if these routes have already been applied so we don't have to do this each time
 if [[ $OSTYPE == darwin* ]]; then
    if [ -z "$DOCKER_IP" ] ; then
      export DOCKER_IP=`boot2docker ip 2> /dev/null`
    fi

    echo "Adding network routes to 172.17.0.0/24, 172.30.17.0/24 & 172.121.17.0/24 via $DOCKER_IP so that the host operating system can see pods and services inside OpenShift"
    sudo route delete 172.17.0.0
    sudo route -n add 172.17.0.0/24 $DOCKER_IP
    sudo route delete 172.30.17.0
    sudo route -n add 172.30.17.0/24 $DOCKER_IP
    sudo route delete 172.121.17.0
    sudo route -n add 172.121.17.0/24 $DOCKER_IP
 fi

 export DOCKER_IP=${DOCKER_IP:-127.0.0.1}
 export KUBERNETES=https://$DOCKER_IP:8443

 # using an env var but ideally we'd use an alias ;)
 KUBE="docker exec openshift oc"

 if [ -n "${OPENSHIFT_MASTER_URL}" ]; then
  PUBLIC_MASTER_ARG="--public-master=${OPENSHIFT_MASTER_URL}"
 fi

 OPENSHIFT_CONTAINER=$(docker run -d --name=openshift ${OPENSHIFT_VOLUME_MOUNT} -v /var/run/docker.sock:/var/run/docker.sock -v /var/lib/openshift:/var/lib/openshift -v /var/log/containers:/var/log/containers --privileged --net=host ${OPENSHIFT_IMAGE} start --portal-net='172.30.17.0/24' --cors-allowed-origins='.*' ${PUBLIC_MASTER_ARG})

 validateService()
 {
  echo "Waiting for $1"
  while true; do
    curl -k -s -o /dev/null --connect-timeout 1 $2 && break || sleep 1
  done
 }

 validateService "Kubernetes master" $KUBERNETES

 while true; do
  (docker exec openshift oc get namespaces default | grep default) && break || sleep 1
 done

 sleep 30

 docker exec openshift sh -c "oadm router --credentials=openshift.local.config/master/openshift-router.kubeconfig --create"
 docker exec openshift sh -c "oadm registry --credentials=openshift.local.config/master/openshift-registry.kubeconfig --create"
 docker exec openshift sh -c "oadm policy add-cluster-role-to-user cluster-admin admin"

 cat <<EOF | docker exec -i openshift oc create -f -
 ---
  apiVersion: "v1beta3"
  kind: "Secret"
  metadata:
    name: "openshift-cert-secrets"
  data:
    root-cert: "$(docker exec openshift base64 -w 0 /var/lib/openshift/openshift.local.config/master/ca.crt)"
    admin-cert: "$(docker exec openshift base64 -w 0 /var/lib/openshift/openshift.local.config/master/admin.crt)"
    admin-key: "$(docker exec openshift base64 -w 0 /var/lib/openshift/openshift.local.config/master/admin.key)"
 EOF



 #for app in app-library fabric8-forge; do
 #  $KUBE create -f http://central.maven.org/maven2/io/fabric8/jube/images/fabric8/${app}/${FABRIC8_VERSION}/${app}-${FABRIC8_VERSION}-kubernetes.json
 #done


 echo
 echo "Waiting for services to fully come up - shouldn't be too long for you to wait"
 echo

 getServiceIpAndPort()
 {
  echo `echo "$1"|grep "$2"| sed -e 's/\s\+/ /g' -e 's/\/[tT][cC][pP]//gI' -e 's/\/[uU][dD][pP]//gI' | awk '{ print $4 ":" $5 }'`
 }

 getServiceIp()
 {
  echo `echo "$1"|grep $2| sed 's/\s\+/ /g' | awk '{ print $4 }'`
 }

 DOCKER_REGISTRY=$(getServiceIpAndPort "$K8S_SERVICES" docker-registry)
 #INFLUXDB=http://$(getServiceIpAndPort "$K8S_SERVICES" influxdb-service)
 #ELASTICSEARCH=http://$(getServiceIpAndPort "$K8S_SERVICES" 'elasticsearch ')
 #KIBANA_CONSOLE=http://$(getServiceIpAndPort "$K8S_SERVICES" kibana-service)
 #GRAFANA_CONSOLE=http://$(getServiceIpAndPort "$K8S_SERVICES" grafana-service)



 echo "Configuring OpenShift oauth"

 cat <<EOF | docker exec -i openshift oc create -f -
 {
  "kind": "OAuthClient",
  "apiVersion": "v1beta1",
  "metadata": {
    "name": "fabric8"
  },
  "redirectURIs": [
    "http://localhost:9090",
    "http://localhost:2772",
    "http://localhost:9000",
    "http://localhost:3000"
  ]
 }
 EOF

 echo

 validateService "Docker registry" $DOCKER_REGISTRY

 echo
 echo "You're all up & running! Here are the available services:"
 echo
 header="%-20s | %-60s\n"
 format="%-20s | %-60s\n"
 printf "${header}" Service URL
 printf "${header}" "-------" "---"
 printf "${format}" "Kubernetes master" $KUBERNETES
 printf "${format}" "Docker Registry" $DOCKER_REGISTRY

 printf "$SERVICE_TABLE" | column -t -s '|'

 printf "\n"
 printf "%s\n" "Set these environment variables on your development machine:"
 printf "\n"
 printf "%s\n" "export DOCKER_REGISTRY=$DOCKER_REGISTRY"
	#!/bin/bash

	# Preconditions
	REQUIRED_DOCKER_VERSION=1.6
	DOCKER_VERSION=`docker version \| grep 'Server version' \| cut -d ' ' -f 3`
	if [[ "$DOCKER_VERSION" < "$REQUIRED_DOCKER_VERSION" ]]; then
	echo "Docker ${REQUIRED_DOCKER_VERSION} is required to run Fabric8."
	exit -1
	fi

	#
	# Discover the APP_BASE from the location of this script.
	#
	if [ -z "$APP_BASE" ] ; then
	DIRNAME=`dirname "$0"`
	APP_BASE=`cd "$DIRNAME"; pwd`
	export APP_BASE
	fi

	OPENSHIFT_VERSION=latest

	OPENSHIFT_IMAGE=openshift/origin:${OPENSHIFT_VERSION}
	OPENSHIFT_ROUTER_IMAGE=openshift/origin-haproxy-router:${OPENSHIFT_VERSION}
	REGISTRY_IMAGE=openshift/origin-docker-registry:${OPENSHIFT_VERSION}

	DEPLOY_IMAGES="${OPENSHIFT_IMAGE} ${OPENSHIFT_ROUTER_IMAGE} ${REGISTRY_IMAGE}"
	#UPDATE_IMAGES=0
	DEPLOY_ALL=0
	CLEANUP=0
	DONT_RUN=0

	OPENSHIFT_ADMIN_PASSWORD=admin
	OPENSHIFT_MASTER_URL=localhost


	for image in ${DEPLOY_IMAGES}; do
	(
	IFS=':' read -a splitimage <<< "$image"
	docker images \| grep -qEo "${splitimage[0]}\W+${splitimage[1]}" \|\| (echo "Missing necessary Docker image: $image" && docker pull $image && echo)
	)
	done


	echo "Validating firewall rules"
	RULE="INPUT -d 172.17.42.1 -s 172.17.0.0/16 -j ACCEPT"
	RULE_OUTPUT=$( { docker run --rm --privileged --net=host --entrypoint=iptables ${OPENSHIFT_IMAGE} -C $RULE; } 2>&1 )
	test -n "$RULE_OUTPUT" && docker run --rm --privileged --net=host --entrypoint=iptables ${OPENSHIFT_IMAGE} -I $RULE
	RULE="INPUT -d 172.17.0.0/16 -s 172.121.0.0/16 -j ACCEPT"
	RULE_OUTPUT=$( { docker run --rm --privileged --net=host --entrypoint=iptables ${OPENSHIFT_IMAGE} -C $RULE; } 2>&1 )
	test -n "$RULE_OUTPUT" && docker run --rm --privileged --net=host --entrypoint=iptables ${OPENSHIFT_IMAGE} -I $RULE
	RULE="INPUT -d 172.121.0.0/16 -s 172.17.0.0/16 -j ACCEPT"
	RULE_OUTPUT=$( { docker run --rm --privileged --net=host --entrypoint=iptables ${OPENSHIFT_IMAGE} -C $RULE; } 2>&1 )
	test -n "$RULE_OUTPUT" && docker run --rm --privileged --net=host --entrypoint=iptables ${OPENSHIFT_IMAGE} -I $RULE
	RULE="INPUT -d 172.30.17.0/24 -s 172.17.0.0/16 -j ACCEPT"
	RULE_OUTPUT=$( { docker run --rm --privileged --net=host --entrypoint=iptables ${OPENSHIFT_IMAGE} -C $RULE; } 2>&1 )
	test -n "$RULE_OUTPUT" && docker run --rm --privileged --net=host --entrypoint=iptables ${OPENSHIFT_IMAGE} -I $RULE
	RULE="INPUT -d 172.17.0.0/16 -s 172.30.17.0/24 -j ACCEPT"
	RULE_OUTPUT=$( { docker run --rm --privileged --net=host --entrypoint=iptables ${OPENSHIFT_IMAGE} -C $RULE; } 2>&1 )
	test -n "$RULE_OUTPUT" && docker run --rm --privileged --net=host --entrypoint=iptables ${OPENSHIFT_IMAGE} -I $RULE
	echo

	# TODO it would be nice if we could tell easily if these routes have already been applied so we don't have to do this each time
	if [[ $OSTYPE == darwin* ]]; then
	if [ -z "$DOCKER_IP" ] ; then
	export DOCKER_IP=`boot2docker ip 2> /dev/null`
	fi

	echo "Adding network routes to 172.17.0.0/24, 172.30.17.0/24 & 172.121.17.0/24 via $DOCKER_IP so that the host operating system can see pods and services inside OpenShift"
	sudo route delete 172.17.0.0
	sudo route -n add 172.17.0.0/24 $DOCKER_IP
	sudo route delete 172.30.17.0
	sudo route -n add 172.30.17.0/24 $DOCKER_IP
	sudo route delete 172.121.17.0
	sudo route -n add 172.121.17.0/24 $DOCKER_IP
	fi

	export DOCKER_IP=${DOCKER_IP:-127.0.0.1}
	export KUBERNETES=https://$DOCKER_IP:8443

	# using an env var but ideally we'd use an alias ;)
	KUBE="docker exec openshift oc"

	if [ -n "${OPENSHIFT_MASTER_URL}" ]; then
	PUBLIC_MASTER_ARG="--public-master=${OPENSHIFT_MASTER_URL}"
	fi

	OPENSHIFT_CONTAINER=$(docker run -d --name=openshift ${OPENSHIFT_VOLUME_MOUNT} -v /var/run/docker.sock:/var/run/docker.sock -v /var/lib/openshift:/var/lib/openshift -v /var/log/containers:/var/log/containers --privileged --net=host ${OPENSHIFT_IMAGE} start --portal-net='172.30.17.0/24' --cors-allowed-origins='.*' ${PUBLIC_MASTER_ARG})

	validateService()
	{
	echo "Waiting for $1"
	while true; do
	curl -k -s -o /dev/null --connect-timeout 1 $2 && break \|\| sleep 1
	done
	}

	validateService "Kubernetes master" $KUBERNETES

	while true; do
	(docker exec openshift oc get namespaces default \| grep default) && break \|\| sleep 1
	done

	sleep 30

	docker exec openshift sh -c "oadm router --credentials=openshift.local.config/master/openshift-router.kubeconfig --create"
	docker exec openshift sh -c "oadm registry --credentials=openshift.local.config/master/openshift-registry.kubeconfig --create"
	docker exec openshift sh -c "oadm policy add-cluster-role-to-user cluster-admin admin"

	cat <<EOF \| docker exec -i openshift oc create -f -
	---
	apiVersion: "v1beta3"
	kind: "Secret"
	metadata:
	name: "openshift-cert-secrets"
	data:
	root-cert: "$(docker exec openshift base64 -w 0 /var/lib/openshift/openshift.local.config/master/ca.crt)"
	admin-cert: "$(docker exec openshift base64 -w 0 /var/lib/openshift/openshift.local.config/master/admin.crt)"
	admin-key: "$(docker exec openshift base64 -w 0 /var/lib/openshift/openshift.local.config/master/admin.key)"
	EOF



	#for app in app-library fabric8-forge; do
	# $KUBE create -f http://central.maven.org/maven2/io/fabric8/jube/images/fabric8/${app}/${FABRIC8_VERSION}/${app}-${FABRIC8_VERSION}-kubernetes.json
	#done


	echo
	echo "Waiting for services to fully come up - shouldn't be too long for you to wait"
	echo

	getServiceIpAndPort()
	{
	echo `echo "$1"\|grep "$2"\| sed -e 's/\s\+/ /g' -e 's/\/[tT][cC][pP]//gI' -e 's/\/[uU][dD][pP]//gI' \| awk '{ print $4 ":" $5 }'`
	}

	getServiceIp()
	{
	echo `echo "$1"\|grep $2\| sed 's/\s\+/ /g' \| awk '{ print $4 }'`
	}

	DOCKER_REGISTRY=$(getServiceIpAndPort "$K8S_SERVICES" docker-registry)
	#INFLUXDB=http://$(getServiceIpAndPort "$K8S_SERVICES" influxdb-service)
	#ELASTICSEARCH=http://$(getServiceIpAndPort "$K8S_SERVICES" 'elasticsearch ')
	#KIBANA_CONSOLE=http://$(getServiceIpAndPort "$K8S_SERVICES" kibana-service)
	#GRAFANA_CONSOLE=http://$(getServiceIpAndPort "$K8S_SERVICES" grafana-service)



	echo "Configuring OpenShift oauth"

	cat <<EOF \| docker exec -i openshift oc create -f -
	{
	"kind": "OAuthClient",
	"apiVersion": "v1beta1",
	"metadata": {
	"name": "fabric8"
	},
	"redirectURIs": [
	"http://localhost:9090",
	"http://localhost:2772",
	"http://localhost:9000",
	"http://localhost:3000"
	]
	}
	EOF

	echo

	validateService "Docker registry" $DOCKER_REGISTRY

	echo
	echo "You're all up & running! Here are the available services:"
	echo
	header="%-20s \| %-60s\n"
	format="%-20s \| %-60s\n"
	printf "${header}" Service URL
	printf "${header}" "-------" "---"
	printf "${format}" "Kubernetes master" $KUBERNETES
	printf "${format}" "Docker Registry" $DOCKER_REGISTRY

	printf "$SERVICE_TABLE" \| column -t -s '\|'

	printf "\n"
	printf "%s\n" "Set these environment variables on your development machine:"
	printf "\n"
	printf "%s\n" "export DOCKER_REGISTRY=$DOCKER_REGISTRY"