Skip to content

Instantly share code, notes, and snippets.

@flaper87
Last active December 7, 2017 12:03
  • Star 0 You must be signed in to star a gist
  • Fork 1 You must be signed in to fork a gist
Star You must be signed in to star a gist
Save flaper87/f69a5dcc7b6ab0fdc290fa01eb8e7bdb to your computer and use it in GitHub Desktop.
#~/bin/sh
set -x
sudo yum -y install git curl vim-enhanced telnet epel-release ruby rubygems yum-plugins-priorities deltarpm
sudo yum -y install python-setuptools python-requests
# Install openshift repos and ansible.modules-kubernetes
sudo yum install -y centos-release-openshift-origin
sudo curl https://copr.fedorainfracloud.org/coprs/g/ansible-service-broker/ansible-service-broker-latest/repo/epel-7/group_ansible-service-broker-ansible-service-broker-latest-epel-7.repo -o /etc/yum.repos.d/asb.repo
cd
git clone https://git.openstack.org/openstack/tripleo-repos
cd tripleo-repos
sudo python setup.py install
cd
sudo tripleo-repos current
sudo yum -y update
sudo yum install -y \
ansible \
python-netaddr \
python-openstackclient \
ansible-kubernetes-modules
# these avoid warning for the cherry-picks below ATM
if [ ! -f $HOME/.gitconfig ]; then
git config --global user.email "theboss@foo.bar"
git config --global user.name "TheBoss"
fi
cd
git clone https://github.com/openstack/ansible-role-k8s-tripleo
git clone https://github.com/openstack/ansible-role-k8s-mariadb
git clone https://github.com/openstack/ansible-role-k8s-keystone
git clone https://github.com/openstack/ansible-role-k8s-glance
cd /etc/ansible/roles/
sudo ln -sf /home/centos/ansible-role-k8s-* .
cd
sudo mkdir /tmp/test-volume
sudo chmod 777 /tmp/test-volume
kubectl create namespace openstack
cat <<EOF | kubectl create -f -
apiVersion: v1
kind: PersistentVolume
metadata:
name: openstack-test-volume
spec:
capacity:
storage: 5Gi
accessModes:
- ReadWriteMany
persistentVolumeReclaimPolicy: Recycle
storageClassName: slow
hostPath:
path: /tmp/test-volume
EOF
cat <<EOF | kubectl create -f -
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
namespace: openstack
name: pod-reader
rules:
- apiGroups: [""] # "" indicates the core API group
resources: ["secrets"]
verbs: ["get", "watch", "update", "delete", "list"]
EOF
cat <<EOF | kubectl create -f -
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: read-pods
namespace: openstack
subjects:
- kind: ServiceAccount
name: default
roleRef:
kind: Role
name: pod-reader
apiGroup: rbac.authorization.k8s.io
EOF
cat > $HOME/playbook.yaml <<-EOF_CAT
- name: Provision ansible-role-k8s-keystone
hosts: localhost
gather_facts: false
connection: local
vars:
namespace: openstack
coe_host: "http://localhost:8080"
roles:
- role: ansible-role-k8s-mariadb
playbook_debug: false
- role: ansible-role-k8s-keystone
playbook_debug: false
EOF_CAT
ansible-playbook -vvv playbook.yaml
cat > $HOME/cleanup.sh <<-EOF_CAT
#!/bin/bash
set -x
kubectl delete deployment keystone-api glance-api
kubectl delete job keystone-bootstrap keystone-createdb keystone-db-sync keystone-fernet
kubectl delete job glance-createdb glance-db-sync glance-keystone
kubectl delete statefulset mariadb
kubectl delete secret clouds-secret mariadb-root
kubectl delete configmap mariadb keystone glance
kubectl delete service mariadb keystone glance
kubectl delete pvc keystone-fernet
kubectl delete pv openstack-test-volume
EOF_CAT
chmod a+x cleanup.sh
cat > $HOME/stackrc <<-EOF_CAT
export OS_IDENTITY_API_VERSION=3
KEYSTONE_AUTH_IP=\`kubectl get service keystone -o=jsonpath='{.spec.clusterIP}'\`
echo "Keystone service IP: \$KEYSTONE_AUTH_IP"
export OS_AUTH_URL=http://\$KEYSTONE_AUTH_IP:5000/v3
export OS_DEFAULT_DOMAIN=default
export OS_USERNAME=admin
export OS_PASSWORD=weakpassword
export OS_PROJECT_NAME=admin
EOF_CAT
sert +x
echo "This script just ran the following ansible command, which you shall use to re-run the install steps"
echo "ansible-playbook playbook.yaml"
echo "Note that a cleanup might be necessary. To cleanup run cleanup.sh"
echo "There is a stackrc file with the credentials to query keystone"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment