Last active
May 7, 2020 01:31
-
-
Save alaypatel07/259c794320585fe8d6e029906b706928 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
oc create namespace openshift-migration | |
#create service for mongo-db | |
cat <<EOF | oc create -f - | |
kind: Service | |
apiVersion: v1 | |
metadata: | |
name: mig-operator-noobaa-db | |
namespace: openshift-migration | |
labels: | |
app: mig-operator-noobaa | |
# ownerReferences: | |
# TODO: same as L8 | |
spec: | |
ports: | |
- name: mongodb | |
protocol: TCP | |
port: 27017 | |
targetPort: 27017 | |
selector: | |
noobaa-db: mig-operator-nooba-db | |
type: ClusterIP | |
sessionAffinity: None | |
EOF | |
#create secret for noobaa server | |
cat <<EOF | oc create -f - | |
apiVersion: v1 | |
data: | |
jwt: UlRBYkZxZGsyeEVjcEZ0OHQwQ3Fkdz09 | |
server_secret: ZjBlMjA4ZTc= | |
kind: Secret | |
metadata: | |
labels: | |
app: mig-operator-noobaa | |
name: mig-operator-noobaa-server | |
namespace: openshift-migration | |
# ownerReferences: | |
# TODO: same as L8 | |
type: Opaque | |
EOF | |
#create service for noobaa management | |
cat <<EOF | oc create -f - | |
kind: Service | |
apiVersion: v1 | |
metadata: | |
annotations: | |
prometheus.io/port: '8080' | |
prometheus.io/scheme: http | |
prometheus.io/scrape: 'true' | |
service.beta.openshift.io/serving-cert-secret-name: noobaa-mgmt-serving-cert | |
name: noobaa-mgmt | |
namespace: openshift-migration | |
# ownerReferences: | |
# TODO: | |
finalizers: | |
- service.kubernetes.io/load-balancer-cleanup | |
labels: | |
app: mig-operator-noobaa | |
spec: | |
ports: | |
- name: mgmt | |
protocol: TCP | |
port: 80 | |
targetPort: 8080 | |
- name: mgmt-https | |
protocol: TCP | |
port: 443 | |
targetPort: 8443 | |
- name: bg-https | |
protocol: TCP | |
port: 8445 | |
targetPort: 8445 | |
- name: hosted-agents-https | |
protocol: TCP | |
port: 8446 | |
targetPort: 8446 | |
selector: | |
noobaa-mgmt: mig-operator-noobaa | |
type: LoadBalancer | |
sessionAffinity: None | |
externalTrafficPolicy: Cluster | |
EOF | |
#deploy mongodb as stateful set | |
cat <<EOF | oc create -f - | |
kind: StatefulSet | |
apiVersion: apps/v1 | |
metadata: | |
name: mig-operator-noobaa-db | |
namespace: openshift-migration | |
# ownerReferences: | |
# TODO: add reference for mig-operator to garbage collecte | |
labels: | |
app: mig-operator-noobaa | |
# TODO: add appropriate labels | |
spec: | |
replicas: 1 | |
selector: | |
matchLabels: | |
noobaa-db: mig-operator-nooba-db | |
template: | |
metadata: | |
creationTimestamp: null | |
labels: | |
app: mig-operator-noobaa | |
noobaa-db: mig-operator-nooba-db | |
spec: | |
restartPolicy: Always | |
initContainers: | |
- name: init | |
image: >- | |
registry.redhat.io/ocs4/mcg-core-rhel8@sha256:74d03cc253774bd817750ba0fe3cfec125282f8549343067610799f2eee5ea80 | |
command: | |
- /noobaa_init_files/noobaa_init.sh | |
- init_mongo | |
resources: | |
limits: | |
cpu: 100m | |
memory: 256Mi | |
requests: | |
cpu: 100m | |
memory: 256Mi | |
volumeMounts: | |
- name: db | |
mountPath: /mongo_data | |
terminationMessagePath: /dev/termination-log | |
terminationMessagePolicy: File | |
imagePullPolicy: IfNotPresent | |
schedulerName: default-scheduler | |
terminationGracePeriodSeconds: 30 | |
securityContext: {} | |
containers: | |
- name: db | |
image: >- | |
registry.redhat.io/rhscl/mongodb-36-rhel7@sha256:254c9046eaf61c451b40bac3f897c40bc59f187e5313b9799fbcacf17398a191 | |
command: | |
- bash | |
- '-c' | |
- >- | |
/opt/rh/rh-mongodb36/root/usr/bin/mongod --port 27017 | |
--bind_ip_all --dbpath /data/mongo/cluster/shard1 | |
resources: | |
requests: | |
cpu: 100m | |
memory: 256Mi | |
volumeMounts: | |
- name: db | |
mountPath: /data | |
terminationMessagePath: /dev/termination-log | |
terminationMessagePolicy: File | |
imagePullPolicy: IfNotPresent | |
dnsPolicy: ClusterFirst | |
volumeClaimTemplates: | |
- metadata: | |
name: db | |
creationTimestamp: null | |
labels: | |
app: mig-operator-noobaa | |
# ownerReferences: | |
# TODO: same as L8 | |
spec: | |
accessModes: | |
- ReadWriteOnce | |
resources: | |
requests: | |
storage: 1Gi | |
volumeMode: Filesystem | |
serviceName: mig-operator-noobaa-db | |
podManagementPolicy: OrderedReady | |
updateStrategy: | |
type: RollingUpdate | |
revisionHistoryLimit: 10 | |
EOF | |
#deploy noobaa-core statefulset | |
cat <<EOF | oc create -f - | |
--- | |
kind: StatefulSet | |
apiVersion: apps/v1 | |
metadata: | |
name: mig-operator-noobaa-core | |
generation: 1 | |
namespace: openshift-migration | |
# ownerReferences: | |
# TODO: same as L8 | |
labels: | |
app: mig-operator-noobaa | |
spec: | |
replicas: 1 | |
selector: | |
matchLabels: | |
noobaa-core: mig-operator-noobaa | |
template: | |
metadata: | |
creationTimestamp: null | |
labels: | |
app: mig-operator-noobaa | |
noobaa-core: mig-operator-noobaa | |
noobaa-mgmt: mig-operator-noobaa | |
spec: | |
restartPolicy: Always | |
schedulerName: default-scheduler | |
terminationGracePeriodSeconds: 30 | |
securityContext: {} | |
containers: | |
- resources: | |
requests: | |
cpu: 100m | |
memory: 256M | |
terminationMessagePath: /dev/termination-log | |
name: core | |
env: | |
- name: MONGODB_URL | |
value: 'mongodb://mig-operator-noobaa-db.openshift-migration.svc/nbcore' | |
- name: CONTAINER_PLATFORM | |
value: KUBERNETES | |
- name: NOOBAA_DISABLE_COMPRESSION | |
value: 'false' | |
- name: JWT_SECRET | |
valueFrom: | |
secretKeyRef: | |
name: mig-operator-noobaa-server | |
key: jwt | |
- name: SERVER_SECRET | |
valueFrom: | |
secretKeyRef: | |
name: mig-operator-noobaa-server | |
key: server_secret | |
- name: AGENT_PROFILE | |
value: >- | |
{"image":"registry.redhat.io/ocs4/mcg-core-rhel8@sha256:74d03cc253774bd817750ba0fe3cfec125282f8549343067610799f2eee5ea80"} | |
- name: NOOBAA_SERVICE_ACCOUNT | |
value: "migration" | |
- name: container_dbg | |
- name: CONTAINER_CPU_REQUEST | |
valueFrom: | |
resourceFieldRef: | |
resource: requests.cpu | |
divisor: '0' | |
- name: CONTAINER_MEM_REQUEST | |
valueFrom: | |
resourceFieldRef: | |
resource: requests.memory | |
divisor: '0' | |
- name: CONTAINER_CPU_LIMIT | |
valueFrom: | |
resourceFieldRef: | |
resource: limits.cpu | |
divisor: '0' | |
- name: CONTAINER_MEM_LIMIT | |
valueFrom: | |
resourceFieldRef: | |
resource: limits.memory | |
divisor: '0' | |
ports: | |
- containerPort: 8080 | |
protocol: TCP | |
- containerPort: 8443 | |
protocol: TCP | |
- containerPort: 8444 | |
protocol: TCP | |
- containerPort: 8445 | |
protocol: TCP | |
- containerPort: 8446 | |
protocol: TCP | |
- containerPort: 60100 | |
protocol: TCP | |
imagePullPolicy: IfNotPresent | |
volumeMounts: | |
- name: logs | |
mountPath: /log | |
- name: mgmt-secret | |
readOnly: true | |
mountPath: /etc/mgmt-secret | |
- name: s3-secret | |
readOnly: true | |
mountPath: /etc/s3-secret | |
terminationMessagePolicy: File | |
image: >- | |
registry.redhat.io/ocs4/mcg-core-rhel8@sha256:74d03cc253774bd817750ba0fe3cfec125282f8549343067610799f2eee5ea80 | |
volumes: | |
- name: logs | |
emptyDir: {} | |
- name: mgmt-secret | |
secret: | |
secretName: noobaa-mgmt-serving-cert | |
defaultMode: 420 | |
optional: true | |
- name: s3-secret | |
secret: | |
secretName: noobaa-s3-serving-cert | |
defaultMode: 420 | |
optional: true | |
dnsPolicy: ClusterFirst | |
serviceName: noobaa-mgmt | |
podManagementPolicy: OrderedReady | |
updateStrategy: | |
type: RollingUpdate | |
revisionHistoryLimit: 10 | |
EOF | |
until oc get -n openshift-migration svc noobaa-mgmt -o=jsonpath='{.status.loadBalancer.ingress[0].hostname}{"\n"}'; do | |
echo "waiting for management load balancer url" | |
sleep 1; | |
done | |
export NOOBAA_MGMT_URL="https://$(oc get -n openshift-migration svc noobaa-mgmt -o=jsonpath='{.status.loadBalancer.ingress[0].hostname}{"\n"}')/rpc" | |
echo "NooBaa core deployed with URL=$NOOBAA_MGMT_URL" | |
#create s3 service | |
cat <<EOF | oc create -f - | |
kind: Service | |
apiVersion: v1 | |
metadata: | |
annotations: | |
service.beta.openshift.io/serving-cert-secret-name: noobaa-s3-serving-cert | |
name: s3 | |
namespace: openshift-migration | |
# ownerReferences: | |
# TODO | |
finalizers: | |
- service.kubernetes.io/load-balancer-cleanup | |
labels: | |
app: mig-operator-noobaa | |
spec: | |
ports: | |
- name: s3 | |
protocol: TCP | |
port: 80 | |
targetPort: 6001 | |
- name: s3-https | |
protocol: TCP | |
port: 443 | |
targetPort: 6443 | |
- name: md-https | |
protocol: TCP | |
port: 8444 | |
targetPort: 8444 | |
selector: | |
noobaa-s3: mig-operator-noobaa | |
type: LoadBalancer | |
sessionAffinity: None | |
externalTrafficPolicy: Cluster | |
EOF | |
until oc get -n openshift-migration svc s3 -o=jsonpath='{.status.loadBalancer.ingress[0].hostname}{"\n"}'; do | |
echo "waiting for s3 endpoint load balancer url" | |
sleep 1; | |
done | |
#get S3 load balancer URL | |
export LOAD_BALANCER_URL=$(oc get -n openshift-migration svc s3 -o=jsonpath='{.status.loadBalancer.ingress[0].hostname}{"\n"}') | |
echo "s3 url = $LOAD_BALANCER_URL" | |
#deploy noobaa endpoint | |
cat <<EOF | oc create -f - | |
--- | |
kind: Deployment | |
apiVersion: apps/v1 | |
metadata: | |
name: mig-operatornoobaa-endpoint | |
namespace: openshift-migration | |
# ownerReferences: | |
# TODO: | |
labels: | |
app: mig-operator-noobaa | |
spec: | |
replicas: 1 | |
selector: | |
matchLabels: | |
noobaa-s3: mig-operator-noobaa | |
template: | |
metadata: | |
creationTimestamp: null | |
labels: | |
noobaa-s3: mig-operator-noobaa | |
spec: | |
restartPolicy: Always | |
schedulerName: default-scheduler | |
terminationGracePeriodSeconds: 30 | |
securityContext: {} | |
containers: | |
- resources: | |
limits: | |
cpu: 100m | |
memory: 256M | |
requests: | |
cpu: 100m | |
memory: 256M | |
readinessProbe: | |
tcpSocket: | |
port: 6001 | |
timeoutSeconds: 5 | |
periodSeconds: 10 | |
successThreshold: 1 | |
failureThreshold: 3 | |
terminationMessagePath: /dev/termination-log | |
name: endpoint | |
command: | |
- /noobaa_init_files/noobaa_init.sh | |
- init_endpoint | |
env: | |
- name: MGMT_ADDR | |
value: 'wss://noobaa-mgmt.openshift-migration.svc:443' | |
- name: BG_ADDR | |
value: 'wss://noobaa-mgmt.openshift-migration.svc:8445' | |
- name: MD_ADDR | |
value: 'wss://s3.openshift-migration.svc:8444' | |
- name: HOSTED_AGENTS_ADDR | |
value: 'wss://noobaa-mgmt.openshift-migration.svc:8446' | |
- name: MONGODB_URL | |
value: 'mongodb://mig-operator-noobaa-db.openshift-migration.svc/nbcore' | |
- name: VIRTUAL_HOSTS | |
value: >- | |
s3.openshift-migration.svc | |
${LOAD_BALANCER_URL} | |
- name: REGION | |
- name: ENDPOINT_GROUP_ID | |
value: 69d1ad5d-1b4b-4059-b3e5-fb7a8f628f53 | |
- name: LOCAL_MD_SERVER | |
value: 'true' | |
- name: LOCAL_N2N_AGENT | |
value: 'true' | |
- name: JWT_SECRET | |
valueFrom: | |
secretKeyRef: | |
name: mig-operator-noobaa-server | |
key: jwt | |
- name: NOOBAA_DISABLE_COMPRESSION | |
value: 'false' | |
- name: NOOBAA_AUTH_TOKEN | |
valueFrom: | |
secretKeyRef: | |
name: noobaa-endpoints | |
key: auth_token | |
- name: CONTAINER_CPU_REQUEST | |
valueFrom: | |
resourceFieldRef: | |
resource: requests.cpu | |
divisor: '0' | |
- name: CONTAINER_MEM_REQUEST | |
valueFrom: | |
resourceFieldRef: | |
resource: requests.memory | |
divisor: '0' | |
- name: CONTAINER_CPU_LIMIT | |
valueFrom: | |
resourceFieldRef: | |
resource: limits.cpu | |
divisor: '0' | |
- name: CONTAINER_MEM_LIMIT | |
valueFrom: | |
resourceFieldRef: | |
resource: limits.memory | |
divisor: '0' | |
ports: | |
- containerPort: 6001 | |
protocol: TCP | |
- containerPort: 6443 | |
protocol: TCP | |
imagePullPolicy: IfNotPresent | |
volumeMounts: | |
- name: mgmt-secret | |
readOnly: true | |
mountPath: /etc/mgmt-secret | |
- name: s3-secret | |
readOnly: true | |
mountPath: /etc/s3-secret | |
terminationMessagePolicy: File | |
image: >- | |
registry.redhat.io/ocs4/mcg-core-rhel8@sha256:74d03cc253774bd817750ba0fe3cfec125282f8549343067610799f2eee5ea80 | |
volumes: | |
- name: mgmt-secret | |
secret: | |
secretName: noobaa-mgmt-serving-cert | |
defaultMode: 420 | |
optional: true | |
- name: s3-secret | |
secret: | |
secretName: noobaa-s3-serving-cert | |
defaultMode: 420 | |
optional: true | |
dnsPolicy: ClusterFirst | |
strategy: | |
type: RollingUpdate | |
rollingUpdate: | |
maxUnavailable: 25% | |
maxSurge: 1 | |
revisionHistoryLimit: 10 | |
progressDeadlineSeconds: 600 | |
EOF | |
# grant admin to noobaa for creating pv pool statefulset | |
# TODO: restrict the permissions just for the needed resources instead of admin | |
cat <<EOF | oc create -f - | |
apiVersion: rbac.authorization.k8s.io/v1 | |
kind: ClusterRoleBinding | |
metadata: | |
name: openshift-migration:default | |
roleRef: | |
apiGroup: rbac.authorization.k8s.io | |
kind: ClusterRole | |
name: cluster-admin | |
subjects: | |
- kind: ServiceAccount | |
name: default | |
namespace: openshift-migration | |
EOF | |
export url=$NOOBAA_MGMT_URL | |
# create system | |
curl $NOOBAA_MGMT_URL -sd '{ | |
"api": "system_api", | |
"method": "create_system", | |
"params": { | |
"name": "migration", | |
"email": "migration@noobaa.com", | |
"password": "changeme" | |
}}'| jq -r '.reply.operator_token' > .operatortoken | |
oc create secret generic noobaa-endpoints --from-literal=auth_token=$(cat ./.operatortoken) | |
#create set up s3 access | |
curl $NOOBAA_MGMT_URL -sd '{ | |
"api": "account_api", | |
"method": "update_account_s3_access", | |
"params": { | |
"email": "migration@noobaa.com", | |
"s3_access": true, | |
"allowed_buckets": {"full_permission": true, "permission_list":[]} | |
}, | |
"auth_token": "'$(cat .operatortoken)'" | |
}' | jq | |
# save the aws credentials | |
# TODO: need to save it in a secret | |
curl $NOOBAA_MGMT_URL -sd '{ | |
"api": "account_api", | |
"method": "read_account", | |
"params": { | |
"email": "migration@noobaa.com" | |
}, | |
"auth_token": "'$(cat .operatortoken)'" | |
}' | jq -r '.reply.access_keys[0].access_key' > .aws_secret_id | |
curl $NOOBAA_MGMT_URL -sd '{ | |
"api": "account_api", | |
"method": "read_account", | |
"params": { | |
"email": "migration@noobaa.com" | |
}, | |
"auth_token": "'$(cat .operatortoken)'" | |
}' | jq -r '.reply.access_keys[0].secret_key' > .aws_secret_key | |
# create noobaa pool | |
curl $NOOBAA_MGMT_URL -sd '{ | |
"api": "pool_api", | |
"method": "create_hosts_pool", | |
"params": { | |
"name": "migration-pvc-pool", | |
"is_managed": true, | |
"host_count": 1, | |
"host_config": { | |
"volume_size": 32212254720 | |
}, | |
"backingstore": { | |
"name": "migration-pvc-pool-backing-store", | |
"namespace": "openshift-migration" | |
} | |
}, | |
"auth_token": "'$(cat .operatortoken)'" | |
}' | |
# create noobaa pool | |
until curl $NOOBAA_MGMT_URL -sd '{"api": "pool_api","method": "read_pool","params": { "name": "migration-pvc-pool"},"auth_token": "'$(cat .operatortoken)'"}' | jq -r '.reply.mode' | grep "OPTIMAL"; do | |
echo "waiting for pool to be ready" | |
sleep 1; | |
done | |
# | |
#curl $NOOBAA_MGMT_URL -sd '{ | |
# "api": "tiering_policy_api", | |
# "method": "update_bucket_class", | |
# "params": { | |
# "name": "migration-pvc-pool-bucket-class", | |
# "policy": { | |
# "name": "TEMP", | |
# "tiers": [{ | |
# "order": 0, | |
# "tier": "TEMP" | |
# }] | |
# }, | |
# "tiers": [ | |
# { | |
# "name": "TEMP", | |
# "attached_pools": ["migration-pvc-pool"], | |
# "data_placement": "SPREAD" | |
# } | |
# ] | |
# }, | |
# "auth_token": "'$(cat .operatortoken)'" | |
#}' | |
curl $NOOBAA_MGMT_URL -sd '{ | |
"api": "tier_api", | |
"method": "create_tier", | |
"params": { | |
"name": "migration-pvc-pool-tier", | |
"data_placement": "SPREAD", | |
"attached_pools": ["migration-pvc-pool"] | |
}, | |
"auth_token": "'$(cat .operatortoken)'" | |
}' | |
curl $NOOBAA_MGMT_URL -sd '{ | |
"api": "tiering_policy_api", | |
"method": "create_policy", | |
"params": { | |
"name": "migration-pvc-pool-tiering-policy", | |
"tiers": [{ | |
"order": 0, | |
"tier": "migration-pvc-pool-tier" | |
}] | |
}, | |
"auth_token": "'$(cat .operatortoken)'" | |
}' | |
curl $NOOBAA_MGMT_URL -sd '{ | |
"api": "bucket_api", | |
"method": "create_bucket", | |
"params": { | |
"name": "migration", | |
"tiering": "migration-pvc-pool-tiering-policy", | |
"bucket_claim": { | |
"bucket_class": "migration-pvc-pool-bucket-class", | |
"namespace": "openshift-migration" | |
} | |
}, | |
"auth_token": "'$(cat .operatortoken)'" | |
}' | jq | |
# TODO: need to create oauth clients and routes for UI | |
#cat <<EOF | oc create -f - | |
#apiVersion: oauth.openshift.io/v1 | |
#kind: OAuthClient | |
#grantMethod: auto | |
#metadata: | |
# name: openshift-migration-noobaa-oauth | |
# namespace: openshift-migration | |
#EOF | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment