Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
#~/bin/sh
set -x
sudo yum -y install git curl vim-enhanced telnet epel-release ruby rubygems yum-plugins-priorities deltarpm
sudo yum -y install python-setuptools python-requests
# Install openshift repos and ansible.modules-kubernetes
sudo yum install -y centos-release-openshift-origin
sudo curl https://copr.fedorainfracloud.org/coprs/g/ansible-service-broker/ansible-service-broker-latest/repo/epel-7/group_ansible-service-broker-ansible-service-broker-latest-epel-7.repo -o /etc/yum.repos.d/asb.repo
cd
git clone https://git.openstack.org/openstack/tripleo-repos
cd tripleo-repos
sudo python setup.py install
cd
sudo tripleo-repos current
sudo yum -y update
sudo yum install -y \
ansible \
python-netaddr \
python-openstackclient \
ansible-kubernetes-modules
# these avoid warning for the cherry-picks below ATM
if [ ! -f $HOME/.gitconfig ]; then
git config --global user.email "theboss@foo.bar"
git config --global user.name "TheBoss"
fi
cd
git clone https://github.com/openstack/ansible-role-k8s-tripleo
git clone https://github.com/openstack/ansible-role-k8s-mariadb
git clone https://github.com/openstack/ansible-role-k8s-keystone
git clone https://github.com/openstack/ansible-role-k8s-glance
cd /etc/ansible/roles/
sudo ln -sf /home/centos/ansible-role-k8s-* .
cd
sudo mkdir /tmp/test-volume
sudo chmod 777 /tmp/test-volume
kubectl create namespace openstack
cat <<EOF | kubectl create -f -
apiVersion: v1
kind: PersistentVolume
metadata:
name: openstack-test-volume
spec:
capacity:
storage: 5Gi
accessModes:
- ReadWriteMany
persistentVolumeReclaimPolicy: Recycle
storageClassName: slow
hostPath:
path: /tmp/test-volume
EOF
cat <<EOF | kubectl create -f -
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
namespace: openstack
name: pod-reader
rules:
- apiGroups: [""] # "" indicates the core API group
resources: ["secrets"]
verbs: ["get", "watch", "update", "delete", "list"]
EOF
cat <<EOF | kubectl create -f -
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: read-pods
namespace: openstack
subjects:
- kind: ServiceAccount
name: default
roleRef:
kind: Role
name: pod-reader
apiGroup: rbac.authorization.k8s.io
EOF
cat > $HOME/playbook.yaml <<-EOF_CAT
- name: Provision ansible-role-k8s-keystone
hosts: localhost
gather_facts: false
connection: local
vars:
namespace: openstack
coe_host: "http://localhost:8080"
roles:
- role: ansible-role-k8s-mariadb
playbook_debug: false
- role: ansible-role-k8s-keystone
playbook_debug: false
EOF_CAT
ansible-playbook -vvv playbook.yaml
cat > $HOME/cleanup.sh <<-EOF_CAT
#!/bin/bash
set -x
kubectl delete deployment keystone-api glance-api
kubectl delete job keystone-bootstrap keystone-createdb keystone-db-sync keystone-fernet
kubectl delete job glance-createdb glance-db-sync glance-keystone
kubectl delete statefulset mariadb
kubectl delete secret clouds-secret mariadb-root
kubectl delete configmap mariadb keystone glance
kubectl delete service mariadb keystone glance
kubectl delete pvc keystone-fernet
kubectl delete pv openstack-test-volume
EOF_CAT
chmod a+x cleanup.sh
cat > $HOME/stackrc <<-EOF_CAT
export OS_IDENTITY_API_VERSION=3
KEYSTONE_AUTH_IP=\`kubectl get service keystone -o=jsonpath='{.spec.clusterIP}'\`
echo "Keystone service IP: \$KEYSTONE_AUTH_IP"
export OS_AUTH_URL=http://\$KEYSTONE_AUTH_IP:5000/v3
export OS_DEFAULT_DOMAIN=default
export OS_USERNAME=admin
export OS_PASSWORD=weakpassword
export OS_PROJECT_NAME=admin
EOF_CAT
sert +x
echo "This script just ran the following ansible command, which you shall use to re-run the install steps"
echo "ansible-playbook playbook.yaml"
echo "Note that a cleanup might be necessary. To cleanup run cleanup.sh"
echo "There is a stackrc file with the credentials to query keystone"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.