Created
January 26, 2017 20:02
-
-
Save bdurrow/c6e5a2e1e4e92dc1940f29083d34508e to your computer and use it in GitHub Desktop.
openshift-ansible-contrib/reference-architecture/gce-cli/config.sh for origin deployment
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ### CONFIG ### | |
| # Path to a RHEL image on local machine, downloaded from Red Hat Customer Portal | |
| #RHEL_IMAGE_PATH="${HOME}/Downloads/rhel-guest-image-7.3-35.x86_64.qcow2" | |
| PARENT_IMAGE_SELECTOR='--image-project centos-cloud --image-family centos-7' | |
| REGISTERED_IMAGE="$(gcloud compute images list --filter "family:centos-7" --format 'value(name)')-registered" | |
| DELETE_IMAGE=true | |
| # Username and password for Red Hat Customer Portal | |
| RH_USERNAME='user@example.com' | |
| RH_PASSWORD='xxx' | |
| # Pool ID which shall be used to register the pre-registered image | |
| RH_POOL_ID='xxx' | |
| # Project ID and zone settings for Google Cloud | |
| GCLOUD_PROJECT='origin1.4-refarch' | |
| GCLOUD_ZONE='us-central1-f' | |
| # DNS domain which will be configured in Google Cloud DNS | |
| DNS_DOMAIN='osdev.gce.example.com' | |
| # Name of the DNS zone in the Google Cloud DNS. If empty, it will be created | |
| DNS_DOMAIN_NAME='osdev' | |
| # DNS name for the Master service | |
| fi | |
| MASTER_DNS_NAME="master.${DNS_DOMAIN}" | |
| # Internal DNS name for the Master service | |
| INTERNAL_MASTER_DNS_NAME="internal-master.${DNS_DOMAIN}" | |
| # Domain name for the OpenShift applications | |
| OS_APPS_DNS_NAME="apps.${DNS_DOMAIN}" | |
| # Paths on the local system for the certificate files. If empty, self-signed | |
| # certificate will be generated | |
| MASTER_HTTPS_CERT_FILE="${HOME}/master.${DNS_DOMAIN}.pem" | |
| MASTER_HTTPS_KEY_FILE="${HOME}/master.${DNS_DOMAIN}.key" | |
| # OpenShift Identity providers. This is Google oauth example (hosted_domain is optional and restricts login to users only from the specified domain) | |
| OS_IDENTITY_PROVIDERS='[ {"name": "google", "kind": "GoogleIdentityProvider", "login": "true", "challenge": "false", "mapping_method": "claim", "client_id": "xxx-yyy.apps.googleusercontent.com", "client_secret": "zzz", "hosted_domain": "example.com"} ]' | |
| ## DEFAULT VALUES ## | |
| OS_DEPLOYMENT_TYPE='origin' | |
| OS_VERSION='1.4.1' | |
| OS_CONTAINERIZED='true' | |
| CONSOLE_PORT='443' | |
| OS_NETWORK='os-network' | |
| MASTER_MACHINE_TYPE='n1-standard-2' | |
| NODE_MACHINE_TYPE='n1-standard-2' | |
| INFRA_NODE_MACHINE_TYPE='n1-standard-2' | |
| BASTION_MACHINE_TYPE='n1-standard-1' | |
| MASTER_INSTANCE_TEMPLATE='master-template' | |
| NODE_INSTANCE_TEMPLATE='node-template' | |
| INFRA_NODE_INSTANCE_TEMPLATE='infra-node-template' | |
| BASTION_INSTANCE='bastion4' | |
| MASTER_INSTANCE_GROUP='os-master' | |
| # How many instances should be created for this group | |
| MASTER_INSTANCE_GROUP_SIZE='3' | |
| MASTER_NAMED_PORT_NAME='web-console' | |
| INFRA_NODE_INSTANCE_GROUP='os-infra' | |
| INFRA_NODE_INSTANCE_GROUP_SIZE='2' | |
| NODE_INSTANCE_GROUP='os-node' | |
| NODE_INSTANCE_GROUP_SIZE='2' | |
| NODE_DOCKER_DISK_SIZE='25' | |
| NODE_DOCKER_DISK_POSTFIX='-docker' | |
| NODE_OPENSHIFT_DISK_SIZE='50' | |
| NODE_OPENSHIFT_DISK_POSTFIX='-openshift' | |
| MASTER_NETWORK_LB_HEALTH_CHECK='master-network-lb-health-check' | |
| MASTER_NETWORK_LB_POOL='master-network-lb-pool' | |
| MASTER_NETWORK_LB_IP='master-network-lb-ip' | |
| MASTER_NETWORK_LB_RULE='master-network-lb-rule' | |
| MASTER_SSL_LB_HEALTH_CHECK='master-ssl-lb-health-check' | |
| MASTER_SSL_LB_BACKEND='master-ssl-lb-backend' | |
| MASTER_SSL_LB_IP='master-ssl-lb-ip' | |
| MASTER_SSL_LB_CERT='master-ssl-lb-cert' | |
| MASTER_SSL_LB_TARGET='master-ssl-lb-target' | |
| MASTER_SSL_LB_RULE='master-ssl-lb-rule' | |
| ROUTER_NETWORK_LB_HEALTH_CHECK='router-network-lb-health-check' | |
| ROUTER_NETWORK_LB_POOL='router-network-lb-pool' | |
| ROUTER_NETWORK_LB_IP='router-network-lb-ip' | |
| ROUTER_NETWORK_LB_RULE='router-network-lb-rule' | |
| IMAGE_BUCKET="${GCLOUD_PROJECT}-rhel-guest-raw-image" | |
| REGISTRY_BUCKET="${GCLOUD_PROJECT}-openshift-docker-registry" | |
| TEMP_INSTANCE='os-rhel-temp' | |
| GOOGLE_CLOUD_SDK_VERSION='134.0.0' | |
| # Firewall rules in a form: | |
| # ['name']='parameters for "gcloud compute firewall-rules create"' | |
| # For all possible parameters see: gcloud compute firewall-rules create --help | |
| declare -A FW_RULES=( | |
| ['icmp']='--allow icmp' | |
| ['ssh-external']='--allow tcp:22 --target-tags ssh-external' | |
| ['ssh-internal']='--allow tcp:22 --source-tags bastion' | |
| ['master-internal']='--allow tcp:8053,udp:8053 --source-tags os --target-tags os-master' | |
| ['master-internal-etcd']='--allow tcp:2379,tcp:2380 --source-tags os-master --target-tags os-master' | |
| ['master-external']="--allow tcp:${CONSOLE_PORT} --target-tags os-master" | |
| ['node-internal-sdn']='--allow udp:4789 --source-tags os-node,os-infra-node --target-tags os-node,os-infra-node' | |
| ['node-internal-kubelet']='--allow tcp:10250 --source-tags os-master --target-tags os-node,os-infra-node' | |
| ['infra-node-internal']='--allow tcp:5000 --source-tags os-node,os-infra-node --target-tags os-infra-node' | |
| ['infra-node-external']='--allow tcp:80,tcp:443 --target-tags os-infra-node' | |
| ) | |
| BASTION_SSH_FW_RULE='bastion-ssh-to-external-ip' | |
| #Override Bastion Deployment Behavior | |
| #GCLOUD_INSTALL_COMMAND='true;' | |
| OS_ANSIBLE_CHECKOUT_COMMAND=' | |
| safe_relink() { | |
| local source=\${1?safe_relink requires two arguments}; | |
| local destination=\${2?safe_relink requires two arguments}; | |
| local destination_dir=`dirname \$destination`; | |
| if [ ! -e \$destination_dir ]; then | |
| sudo mkdir -p \$destination_dir; | |
| elif [ -L \$destination ]; then | |
| sudo rm \$destination; | |
| elif [ -e \$destination ]; then | |
| sudo mv \$destination \${destination}.`date +%Y-%m-%d_%H-%M-%S`; | |
| fi; | |
| sudo ln -s \$source \$destination; | |
| } | |
| if [ ! -d ~/openshift-ansible ]; then | |
| git clone -b release-1.4 https://github.com/bdurrow/openshift-ansible.git ~/openshift-ansible; | |
| safe_relink ~/openshift-ansible /usr/share/ansible/openshift-ansible; | |
| safe_relink ~/openshift-ansible/callback_plugins /usr/share/ansible_plugins/callback_plugins; | |
| safe_relink ~/openshift-ansible/filter_plugins /usr/share/ansible_plugins/filter_plugins; | |
| safe_relink ~/openshift-ansible/lookup_plugins /usr/share/ansible_plugins/lookup_plugins; | |
| fi; | |
| ' | |
| OS_ANSIBLE_CONTRIB_CHECKOUT_COMMAND=' | |
| if [ ! -d ~/openshift-ansible-contrib ]; then | |
| git clone -b gce-origin-rebase7d62eab2fe https://github.com/bdurrow/openshift-ansible-contrib.git ~/openshift-ansible-contrib; | |
| fi | |
| ' | |
| OS_DEPLOY_COMMAND=' | |
| sudo rm -rf /etc/yum.repos.d/abutcher* || true; | |
| sudo curl "https://copr.fedorainfracloud.org/coprs/abutcher/ansible/repo/epel-7/abutcher-ansible-epel-7.repo" -o /etc/yum.repos.d/abutcher-ansible-epel-7.repo; | |
| sudo restorecon /etc/yum.repos.d/abutcher-ansible-epel-7.repo; | |
| sudo yum -y upgrade ansible; | |
| pushd ~/openshift-ansible-contrib/reference-architecture/gce-ansible; | |
| ansible-playbook -vvv -e @~/ansible-config.yml playbooks/openshift-install.yaml; | |
| ' |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment