dmsimard/tower-on-openshift.sh

## tower-on-openshift.sh
#!/bin/bash
yum -y install centos-release-openshift-origin epel-release
yum -y install wget git net-tools bind-utils iptables-services bridge-utils bash-completion origin-clients docker ansible htop
sed -i '/OPTIONS=.*/c\OPTIONS="--selinux-enabled --insecure-registry 172.30.0.0/16"' /etc/sysconfig/docker

# Fix shenanigans between subscription-manager-rhsm-certificates and python-rhsm-certificates:
# - https://github.com/openshift/openshift-ansible/issues/6222
# - https://github.com/minishift/minishift/issues/2194
# - https://github.com/minishift/minishift-centos-iso/issues/251
# - https://github.com/openshift/os/issues/179
# etc
# Manually set up certificate from https://github.com/candlepin/python-rhsm/blob/master/etc-conf/ca/redhat-uep.pem
wget -P /etc/rhsm/ca https://raw.githubusercontent.com/candlepin/python-rhsm/master/etc-conf/ca/redhat-uep.pem

systemctl enable docker
systemctl start docker
# Stand up a test OpenShift cluster with the "public" IP of my test node
# This is important because you'll be reaching Tower through a route
oc cluster up --public-hostname=192.168.0.108

# TODO: Figure out exactly which privileges Tower needs...
# - Error from server (Forbidden): securitycontextconstraints.security.openshift.io "privileged" is forbidden: User "developer" cannot get securitycontextconstraints.security.openshift.io at the cluster scope: User "developer" cannot get securitycontextconstraints.security.openshift.io at the cluster scope
oc login -u system:admin
oadm policy add-cluster-role-to-user cluster-admin developer

cat <<EOF > /tmp/extra-vars.yaml
create_preload_data: false
admin_username: admin
admin_password: password
nginx_http_port: "80"
nginx_https_port: "443"
# pg_host: "127.0.0.1"
pg_port: "5432"
pg_database: tower
pg_username: tower
pg_password: password
rabbitmq_port: "5672"
rabbitmq_vhost: tower
rabbitmq_username: tower
rabbitmq_password: password
rabbitmq_erlang_cookie: cookie
# Needs to be true for fqdns and ip addresses
rabbitmq_use_long_name: false
openshift_pg_emptydir: true
openshift_host: "192.168.0.108:8443"
openshift_project: tower
openshift_user: developer
openshift_password: developer
openshift_skip_tls_verify: true
secret_key: secret_key
EOF

wget https://releases.ansible.com/ansible-tower/setup_openshift/ansible-tower-openshift-setup-3.3.0.tar.gz
tar -xzvf ansible-tower-openshift-setup-3.3.0.tar.gz
pushd ansible-tower-openshift-setup-3.3.0
./setup_openshift.sh -e "@/tmp/extra-vars.yaml"
popd
	#!/bin/bash
	yum -y install centos-release-openshift-origin epel-release
	yum -y install wget git net-tools bind-utils iptables-services bridge-utils bash-completion origin-clients docker ansible htop
	sed -i '/OPTIONS=.*/c\OPTIONS="--selinux-enabled --insecure-registry 172.30.0.0/16"' /etc/sysconfig/docker

	# Fix shenanigans between subscription-manager-rhsm-certificates and python-rhsm-certificates:
	# - https://github.com/openshift/openshift-ansible/issues/6222
	# - https://github.com/minishift/minishift/issues/2194
	# - https://github.com/minishift/minishift-centos-iso/issues/251
	# - https://github.com/openshift/os/issues/179
	# etc
	# Manually set up certificate from https://github.com/candlepin/python-rhsm/blob/master/etc-conf/ca/redhat-uep.pem
	wget -P /etc/rhsm/ca https://raw.githubusercontent.com/candlepin/python-rhsm/master/etc-conf/ca/redhat-uep.pem

	systemctl enable docker
	systemctl start docker
	# Stand up a test OpenShift cluster with the "public" IP of my test node
	# This is important because you'll be reaching Tower through a route
	oc cluster up --public-hostname=192.168.0.108

	# TODO: Figure out exactly which privileges Tower needs...
	# - Error from server (Forbidden): securitycontextconstraints.security.openshift.io "privileged" is forbidden: User "developer" cannot get securitycontextconstraints.security.openshift.io at the cluster scope: User "developer" cannot get securitycontextconstraints.security.openshift.io at the cluster scope
	oc login -u system:admin
	oadm policy add-cluster-role-to-user cluster-admin developer

	cat <<EOF > /tmp/extra-vars.yaml
	create_preload_data: false
	admin_username: admin
	admin_password: password
	nginx_http_port: "80"
	nginx_https_port: "443"
	# pg_host: "127.0.0.1"
	pg_port: "5432"
	pg_database: tower
	pg_username: tower
	pg_password: password
	rabbitmq_port: "5672"
	rabbitmq_vhost: tower
	rabbitmq_username: tower
	rabbitmq_password: password
	rabbitmq_erlang_cookie: cookie
	# Needs to be true for fqdns and ip addresses
	rabbitmq_use_long_name: false
	openshift_pg_emptydir: true
	openshift_host: "192.168.0.108:8443"
	openshift_project: tower
	openshift_user: developer
	openshift_password: developer
	openshift_skip_tls_verify: true
	secret_key: secret_key
	EOF

	wget https://releases.ansible.com/ansible-tower/setup_openshift/ansible-tower-openshift-setup-3.3.0.tar.gz
	tar -xzvf ansible-tower-openshift-setup-3.3.0.tar.gz
	pushd ansible-tower-openshift-setup-3.3.0
	./setup_openshift.sh -e "@/tmp/extra-vars.yaml"
	popd