flaper87/install_roles.sh

## install_roles.sh
#~/bin/sh

set -x

sudo yum -y install git curl vim-enhanced telnet epel-release ruby rubygems yum-plugins-priorities deltarpm
sudo yum -y install python-setuptools python-requests

# Install openshift repos and ansible.modules-kubernetes
sudo yum install -y centos-release-openshift-origin
sudo curl https://copr.fedorainfracloud.org/coprs/g/ansible-service-broker/ansible-service-broker-latest/repo/epel-7/group_ansible-service-broker-ansible-service-broker-latest-epel-7.repo -o /etc/yum.repos.d/asb.repo

cd
git clone https://git.openstack.org/openstack/tripleo-repos
cd tripleo-repos
sudo python setup.py install
cd
sudo tripleo-repos current

sudo yum -y update

sudo yum install -y \
  ansible \
  python-netaddr \
  python-openstackclient \
  ansible-kubernetes-modules

# these avoid warning for the cherry-picks below ATM
if [ ! -f $HOME/.gitconfig ]; then
  git config --global user.email "theboss@foo.bar"
  git config --global user.name "TheBoss"
fi

cd
git clone https://github.com/openstack/ansible-role-k8s-tripleo
git clone https://github.com/openstack/ansible-role-k8s-mariadb
git clone https://github.com/openstack/ansible-role-k8s-keystone
git clone https://github.com/openstack/ansible-role-k8s-glance

cd /etc/ansible/roles/
sudo ln -sf /home/centos/ansible-role-k8s-* .
cd

sudo mkdir /tmp/test-volume
sudo chmod 777 /tmp/test-volume

kubectl create namespace openstack
cat <<EOF | kubectl create -f -
      apiVersion: v1
      kind: PersistentVolume
      metadata:
        name: openstack-test-volume
      spec:
        capacity:
          storage: 5Gi
        accessModes:
          - ReadWriteMany
        persistentVolumeReclaimPolicy: Recycle
        storageClassName: slow
        hostPath:
          path: /tmp/test-volume
EOF

cat <<EOF | kubectl create -f -
      kind: Role
      apiVersion: rbac.authorization.k8s.io/v1
      metadata:
        namespace: openstack
        name: pod-reader
      rules:
        - apiGroups: [""] # "" indicates the core API group
          resources: ["secrets"]
          verbs: ["get", "watch", "update", "delete", "list"]
EOF

cat <<EOF | kubectl create -f -
      kind: RoleBinding
      apiVersion: rbac.authorization.k8s.io/v1
      metadata:
        name: read-pods
        namespace: openstack
      subjects:
      - kind: ServiceAccount
        name: default
      roleRef:
        kind: Role
        name: pod-reader
        apiGroup: rbac.authorization.k8s.io
EOF


cat > $HOME/playbook.yaml <<-EOF_CAT
- name: Provision ansible-role-k8s-keystone
  hosts: localhost
  gather_facts: false
  connection: local

  vars:
    namespace: openstack
    coe_host: "http://localhost:8080"

  roles:
    - role: ansible-role-k8s-mariadb
      playbook_debug: false
    - role: ansible-role-k8s-keystone
      playbook_debug: false
EOF_CAT

ansible-playbook -vvv playbook.yaml

cat > $HOME/cleanup.sh <<-EOF_CAT
#!/bin/bash

set -x

kubectl delete deployment keystone-api glance-api
kubectl delete job keystone-bootstrap keystone-createdb keystone-db-sync keystone-fernet
kubectl delete job glance-createdb glance-db-sync glance-keystone
kubectl delete statefulset mariadb
kubectl delete secret clouds-secret mariadb-root
kubectl delete configmap mariadb keystone glance
kubectl delete service mariadb keystone glance
kubectl delete pvc keystone-fernet
kubectl delete pv openstack-test-volume
EOF_CAT

chmod a+x cleanup.sh


cat > $HOME/stackrc <<-EOF_CAT
export OS_IDENTITY_API_VERSION=3
KEYSTONE_AUTH_IP=\`kubectl get service keystone -o=jsonpath='{.spec.clusterIP}'\`
echo "Keystone service IP: \$KEYSTONE_AUTH_IP"
export OS_AUTH_URL=http://\$KEYSTONE_AUTH_IP:5000/v3
export OS_DEFAULT_DOMAIN=default
export OS_USERNAME=admin
export OS_PASSWORD=weakpassword
export OS_PROJECT_NAME=admin
EOF_CAT

sert +x

echo "This script just ran the following ansible command, which you shall use to re-run the install steps"
echo "ansible-playbook playbook.yaml"
echo "Note that a cleanup might be necessary. To cleanup run cleanup.sh"
echo "There is a stackrc file with the credentials to query keystone"
	#~/bin/sh

	set -x

	sudo yum -y install git curl vim-enhanced telnet epel-release ruby rubygems yum-plugins-priorities deltarpm
	sudo yum -y install python-setuptools python-requests

	# Install openshift repos and ansible.modules-kubernetes
	sudo yum install -y centos-release-openshift-origin
	sudo curl https://copr.fedorainfracloud.org/coprs/g/ansible-service-broker/ansible-service-broker-latest/repo/epel-7/group_ansible-service-broker-ansible-service-broker-latest-epel-7.repo -o /etc/yum.repos.d/asb.repo

	cd
	git clone https://git.openstack.org/openstack/tripleo-repos
	cd tripleo-repos
	sudo python setup.py install
	cd
	sudo tripleo-repos current

	sudo yum -y update

	sudo yum install -y \
	ansible \
	python-netaddr \
	python-openstackclient \
	ansible-kubernetes-modules

	# these avoid warning for the cherry-picks below ATM
	if [ ! -f $HOME/.gitconfig ]; then
	git config --global user.email "theboss@foo.bar"
	git config --global user.name "TheBoss"
	fi

	cd
	git clone https://github.com/openstack/ansible-role-k8s-tripleo
	git clone https://github.com/openstack/ansible-role-k8s-mariadb
	git clone https://github.com/openstack/ansible-role-k8s-keystone
	git clone https://github.com/openstack/ansible-role-k8s-glance

	cd /etc/ansible/roles/
	sudo ln -sf /home/centos/ansible-role-k8s-* .
	cd

	sudo mkdir /tmp/test-volume
	sudo chmod 777 /tmp/test-volume

	kubectl create namespace openstack
	cat <<EOF \| kubectl create -f -
	apiVersion: v1
	kind: PersistentVolume
	metadata:
	name: openstack-test-volume
	spec:
	capacity:
	storage: 5Gi
	accessModes:
	- ReadWriteMany
	persistentVolumeReclaimPolicy: Recycle
	storageClassName: slow
	hostPath:
	path: /tmp/test-volume
	EOF

	cat <<EOF \| kubectl create -f -
	kind: Role
	apiVersion: rbac.authorization.k8s.io/v1
	metadata:
	namespace: openstack
	name: pod-reader
	rules:
	- apiGroups: [""] # "" indicates the core API group
	resources: ["secrets"]
	verbs: ["get", "watch", "update", "delete", "list"]
	EOF

	cat <<EOF \| kubectl create -f -
	kind: RoleBinding
	apiVersion: rbac.authorization.k8s.io/v1
	metadata:
	name: read-pods
	namespace: openstack
	subjects:
	- kind: ServiceAccount
	name: default
	roleRef:
	kind: Role
	name: pod-reader
	apiGroup: rbac.authorization.k8s.io
	EOF


	cat > $HOME/playbook.yaml <<-EOF_CAT
	- name: Provision ansible-role-k8s-keystone
	hosts: localhost
	gather_facts: false
	connection: local

	vars:
	namespace: openstack
	coe_host: "http://localhost:8080"

	roles:
	- role: ansible-role-k8s-mariadb
	playbook_debug: false
	- role: ansible-role-k8s-keystone
	playbook_debug: false
	EOF_CAT

	ansible-playbook -vvv playbook.yaml

	cat > $HOME/cleanup.sh <<-EOF_CAT
	#!/bin/bash

	set -x

	kubectl delete deployment keystone-api glance-api
	kubectl delete job keystone-bootstrap keystone-createdb keystone-db-sync keystone-fernet
	kubectl delete job glance-createdb glance-db-sync glance-keystone
	kubectl delete statefulset mariadb
	kubectl delete secret clouds-secret mariadb-root
	kubectl delete configmap mariadb keystone glance
	kubectl delete service mariadb keystone glance
	kubectl delete pvc keystone-fernet
	kubectl delete pv openstack-test-volume
	EOF_CAT

	chmod a+x cleanup.sh


	cat > $HOME/stackrc <<-EOF_CAT
	export OS_IDENTITY_API_VERSION=3
	KEYSTONE_AUTH_IP=\`kubectl get service keystone -o=jsonpath='{.spec.clusterIP}'\`
	echo "Keystone service IP: \$KEYSTONE_AUTH_IP"
	export OS_AUTH_URL=http://\$KEYSTONE_AUTH_IP:5000/v3
	export OS_DEFAULT_DOMAIN=default
	export OS_USERNAME=admin
	export OS_PASSWORD=weakpassword
	export OS_PROJECT_NAME=admin
	EOF_CAT

	sert +x

	echo "This script just ran the following ansible command, which you shall use to re-run the install steps"
	echo "ansible-playbook playbook.yaml"
	echo "Note that a cleanup might be necessary. To cleanup run cleanup.sh"
	echo "There is a stackrc file with the credentials to query keystone"