Last active
March 8, 2024 19:15
-
-
Save flaper87/f69a5dcc7b6ab0fdc290fa01eb8e7bdb to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#~/bin/sh | |
set -x | |
sudo yum -y install git curl vim-enhanced telnet epel-release ruby rubygems yum-plugins-priorities deltarpm | |
sudo yum -y install python-setuptools python-requests | |
# Install openshift repos and ansible.modules-kubernetes | |
sudo yum install -y centos-release-openshift-origin | |
sudo curl https://copr.fedorainfracloud.org/coprs/g/ansible-service-broker/ansible-service-broker-latest/repo/epel-7/group_ansible-service-broker-ansible-service-broker-latest-epel-7.repo -o /etc/yum.repos.d/asb.repo | |
cd | |
git clone https://git.openstack.org/openstack/tripleo-repos | |
cd tripleo-repos | |
sudo python setup.py install | |
cd | |
sudo tripleo-repos current | |
sudo yum -y update | |
sudo yum install -y \ | |
ansible \ | |
python-netaddr \ | |
python-openstackclient \ | |
ansible-kubernetes-modules | |
# these avoid warning for the cherry-picks below ATM | |
if [ ! -f $HOME/.gitconfig ]; then | |
git config --global user.email "theboss@foo.bar" | |
git config --global user.name "TheBoss" | |
fi | |
cd | |
git clone https://github.com/openstack/ansible-role-k8s-tripleo | |
git clone https://github.com/openstack/ansible-role-k8s-mariadb | |
git clone https://github.com/openstack/ansible-role-k8s-keystone | |
git clone https://github.com/openstack/ansible-role-k8s-glance | |
cd /etc/ansible/roles/ | |
sudo ln -sf /home/centos/ansible-role-k8s-* . | |
cd | |
sudo mkdir /tmp/test-volume | |
sudo chmod 777 /tmp/test-volume | |
kubectl create namespace openstack | |
cat <<EOF | kubectl create -f - | |
apiVersion: v1 | |
kind: PersistentVolume | |
metadata: | |
name: openstack-test-volume | |
spec: | |
capacity: | |
storage: 5Gi | |
accessModes: | |
- ReadWriteMany | |
persistentVolumeReclaimPolicy: Recycle | |
storageClassName: slow | |
hostPath: | |
path: /tmp/test-volume | |
EOF | |
cat <<EOF | kubectl create -f - | |
kind: Role | |
apiVersion: rbac.authorization.k8s.io/v1 | |
metadata: | |
namespace: openstack | |
name: pod-reader | |
rules: | |
- apiGroups: [""] # "" indicates the core API group | |
resources: ["secrets"] | |
verbs: ["get", "watch", "update", "delete", "list"] | |
EOF | |
cat <<EOF | kubectl create -f - | |
kind: RoleBinding | |
apiVersion: rbac.authorization.k8s.io/v1 | |
metadata: | |
name: read-pods | |
namespace: openstack | |
subjects: | |
- kind: ServiceAccount | |
name: default | |
roleRef: | |
kind: Role | |
name: pod-reader | |
apiGroup: rbac.authorization.k8s.io | |
EOF | |
cat > $HOME/playbook.yaml <<-EOF_CAT | |
- name: Provision ansible-role-k8s-keystone | |
hosts: localhost | |
gather_facts: false | |
connection: local | |
vars: | |
namespace: openstack | |
coe_host: "http://localhost:8080" | |
roles: | |
- role: ansible-role-k8s-mariadb | |
playbook_debug: false | |
- role: ansible-role-k8s-keystone | |
playbook_debug: false | |
EOF_CAT | |
ansible-playbook -vvv playbook.yaml | |
cat > $HOME/cleanup.sh <<-EOF_CAT | |
#!/bin/bash | |
set -x | |
kubectl delete deployment keystone-api glance-api | |
kubectl delete job keystone-bootstrap keystone-createdb keystone-db-sync keystone-fernet | |
kubectl delete job glance-createdb glance-db-sync glance-keystone | |
kubectl delete statefulset mariadb | |
kubectl delete secret clouds-secret mariadb-root | |
kubectl delete configmap mariadb keystone glance | |
kubectl delete service mariadb keystone glance | |
kubectl delete pvc keystone-fernet | |
kubectl delete pv openstack-test-volume | |
EOF_CAT | |
chmod a+x cleanup.sh | |
cat > $HOME/stackrc <<-EOF_CAT | |
export OS_IDENTITY_API_VERSION=3 | |
KEYSTONE_AUTH_IP=\`kubectl get service keystone -o=jsonpath='{.spec.clusterIP}'\` | |
echo "Keystone service IP: \$KEYSTONE_AUTH_IP" | |
export OS_AUTH_URL=http://\$KEYSTONE_AUTH_IP:5000/v3 | |
export OS_DEFAULT_DOMAIN=default | |
export OS_USERNAME=admin | |
export OS_PASSWORD=weakpassword | |
export OS_PROJECT_NAME=admin | |
EOF_CAT | |
sert +x | |
echo "This script just ran the following ansible command, which you shall use to re-run the install steps" | |
echo "ansible-playbook playbook.yaml" | |
echo "Note that a cleanup might be necessary. To cleanup run cleanup.sh" | |
echo "There is a stackrc file with the credentials to query keystone" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment