Skip to content

Instantly share code, notes, and snippets.

@yohanesws

yohanesws/3scale-self-note.adoc

Last active October 3, 2018 08:30
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save yohanesws/082ce1514d688870b4f5be0c0aeef920 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save yohanesws/082ce1514d688870b4f5be0c0aeef920 to your computer and use it in GitHub Desktop.
Download ZIP
3scale Disconnected Install
Raw
3scale-self-note.adoc

Download 3scale template

This example using 3scale 2.1 GA

untar the rpm to get template

$tar -xvzf 3scale-amp-apicast-gateway-template-2.2.0-4.el7.x86_64.rpm

Download the template from github (alternative option to get template)

wget https://raw.githubusercontent.com/3scale/3scale-amp-openshift-templates/2.1.0.GA/amp/amp.yml

pull image

To Pull image need done on Machine that connected to Internet

Pull the image from image that listed in the template on machine that connectecd to internet * alias is for create shortcut in bash to avoid long command * pull the image * save all image in tar

$ alias get_rh_img_list="cat amp.yml | grep  -o 'registry.access[^ ]*' | sed -e 's/\"//'"
$ get_rh_img_list | xargs -n 1 docker pull
$ alias rh_img_list_one_liner="get_rh_img_list | awk '{print}' ORS=' '"
$ rh_img_list_one_liner | xargs docker save -o ~/3scaleamp-offline.tar

pull memcache

$ docker pull registry.access.redhat.com/3scale-amp20/memcached:1.4.15-8
$ docker save -o memcached.tar registry.access.redhat.com/3scale-amp20/memcached:1.4.15-8

push image

Push image will need machine that connected to docker registries internal of openshift like one master or worker.

If run outside node of openshift then change "docker-registry.default.svc:5000" became external route url of docker registry

$ oc get route docker-registry -n default

PLeace copy all artifact below to targeted machine:

  • Copy amp.yaml

  • Copy 3scaleamp-offline.tar

  • Copy memcached.tar

Load 3scale Image

$ docker load -i 3scaleamp-offline.tar
$ docker login -u $(oc whoami) -p $(oc whoami -t) docker-registry.default.svc:5000
$ alias get_rh_img_list="cat amp.yml | grep  -o 'registry.access[^ ]*' | sed -e 's/\"//'"
$ alias get_image_names="get_rh_img_list | sed 's/'"registry.access.redhat.com"'//' | sed 's/^\///g'"
$ oc new-project 3scale-amp21
$ oc new-project rhscl
$ get_image_names | xargs -I '{}' docker tag  registry.access.redhat.com/'{}' docker-registry.default.svc:5000/'{}'
$ get_image_names | xargs -I '{}' docker push docker-registry.default.svc:5000/'{}'

reimport base image for rhscl image (redis,mysql,postgresql):

$ oc tag rhscl/postgresql-95-rhel7:9.5 postgresql:9.5 -n openshift
$ oc tag rhscl/redis-32-rhel7:3.2 redis:3.2 -n openshift
$ oc tag rhscl/mysql-56-rhel7:5.6 mysql:5.6 -n openshift

push memcache

$docker login -u $(oc whoami) -p $(oc whoami -t) docker-registry.default.svc:5000
$docker load -i memcached.tar
$docker tag registry.access.redhat.com/3scale-amp20/memcached:1.4.15-8 docker-registry.default.svc:5000/openshift/3scale20-memcached:1.4.15-8
$docker push docker-registry.default.svc:5000/openshift/3scale20-memcached:1.4.15-8

deploy 3scale

Replace public registry to internal registry and process the template, sample wildcard:apps.ocp.com (w/o *)

$ oc new-project <PROJECT_NAME>
$ export wildcard_domain=<WILDCARD_NAME>
$ oc policy add-role-to-user system:image-puller system:serviceaccount:<PROJECT_NAME>:default -n rhscl
$ oc policy add-role-to-user system:image-puller system:serviceaccount:<PROJECT_NAME>:default -n 3scale-amp21
$ oc policy add-role-to-user system:image-puller system:serviceaccount:<PROJECT_NAME>:deployer -n rhscl
$ oc policy add-role-to-user system:image-puller system:serviceaccount:<PROJECT_NAME>:deployer -n 3scale-amp21
$ cat amp.yml| sed 's/registry.access.redhat.com/docker-registry.default.svc:5000/g' |  oc process -p WILDCARD_DOMAIN=$wildcard_domain -f - | oc apply -f -
$ oc patch dc system-memcache --patch='{"spec":{"template":{"spec":{"containers":[{"name": "memcache", "image":"docker-registry.default.svc:5000/openshift/3scale20-memcached:1.4.15-8"}]}}}}'
$ oc tag openshift/postgresql:9.5 postgresql:9.5
$ oc tag 3scale-amp21/wildcard-router:1.4-2 amp-wildcard-router:2.1.0-CR2-redhat-1
$ oc tag 3scale-amp21/apicast-gateway:1.4-2 amp-apicast:2.1.0-CR2-redhat-1
$ oc tag 3scale-amp21/backend:1.4-2 amp-backend:2.1.0-CR2-redhat-1
$ oc tag 3scale-amp21/zync:1.4-1 amp-zync:2.1.0-CR2-redhat-1
Raw
sso-self-note.adoc

This Example using SSO 71

Pull Image

To Pull image need done on Machine that connected to Internet

$ docker pull registry.access.redhat.com/redhat-sso-7/sso71-openshift:1.3
$ docker save -o sso71-openshift-1-3.tar registry.access.redhat.com/redhat-sso-7/sso71-openshift:1.3

Push Image

$ docker load -i sso71-openshift-1-3.tar
$ docker tag registry.access.redhat.com/redhat-sso-7/sso71-openshift:1.3 docker-registry.default.svc:5000/openshift/sso71-openshift:1.3
$ docker login -u $(oc whoami) -p $(oc whoami -t) docker-registry.default.svc:5000
$ docker push docker-registry.default.svc:5000/openshift/sso71-openshift:1.3

Rebase the image version to local

$ oc tag openshift/sso71-openshift:1.3 redhat-sso71-openshift:1.3 -n openshift

Create certificates for https and jgroupd

Using keystore create new self signed certificates with Subject Alternate Name same as sso route url (jks)

Using keystore create new jceks

Create secret

$ oc create secret generic sso-app-secret --from-file=keystore.jks --from-file=jgroups.jceks

Deploy SSO

Deploy using default template from OCP

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment