noelyahan/openshift_docker_kub.sh

## openshift_docker_kub.sh
#!/bin/bash

# Preconditions
REQUIRED_DOCKER_VERSION=1.6
DOCKER_VERSION=`docker version | grep 'Server version' | cut -d ' ' -f 3`
if [[ "$DOCKER_VERSION" < "$REQUIRED_DOCKER_VERSION" ]]; then
  echo "Docker ${REQUIRED_DOCKER_VERSION} is required to run Fabric8."
  exit -1
fi

#
# Discover the APP_BASE from the location of this script.
#
if [ -z "$APP_BASE" ] ; then
  DIRNAME=`dirname "$0"`
  APP_BASE=`cd "$DIRNAME"; pwd`
  export APP_BASE
fi

OPENSHIFT_VERSION=latest

OPENSHIFT_IMAGE=openshift/origin:${OPENSHIFT_VERSION}
OPENSHIFT_ROUTER_IMAGE=openshift/origin-haproxy-router:${OPENSHIFT_VERSION}
REGISTRY_IMAGE=openshift/origin-docker-registry:${OPENSHIFT_VERSION}

DEPLOY_IMAGES="${OPENSHIFT_IMAGE} ${OPENSHIFT_ROUTER_IMAGE} ${REGISTRY_IMAGE}"
#UPDATE_IMAGES=0
DEPLOY_ALL=0
CLEANUP=0
DONT_RUN=0

OPENSHIFT_ADMIN_PASSWORD=admin
OPENSHIFT_MASTER_URL=localhost


for image in ${DEPLOY_IMAGES}; do
  (
    IFS=':' read -a splitimage <<< "$image"
    docker images | grep -qEo "${splitimage[0]}\W+${splitimage[1]}" || (echo "Missing necessary Docker image: $image" && docker pull $image && echo)
  )
done


echo "Validating firewall rules"
RULE="INPUT -d 172.17.42.1 -s 172.17.0.0/16 -j ACCEPT"
RULE_OUTPUT=$( { docker run --rm --privileged --net=host --entrypoint=iptables ${OPENSHIFT_IMAGE} -C $RULE; } 2>&1 )
test -n "$RULE_OUTPUT" && docker run --rm --privileged --net=host --entrypoint=iptables ${OPENSHIFT_IMAGE} -I $RULE
RULE="INPUT -d 172.17.0.0/16 -s 172.121.0.0/16 -j ACCEPT"
RULE_OUTPUT=$( { docker run --rm --privileged --net=host --entrypoint=iptables ${OPENSHIFT_IMAGE} -C $RULE; } 2>&1 )
test -n "$RULE_OUTPUT" && docker run --rm --privileged --net=host --entrypoint=iptables ${OPENSHIFT_IMAGE} -I $RULE
RULE="INPUT -d 172.121.0.0/16 -s 172.17.0.0/16 -j ACCEPT"
RULE_OUTPUT=$( { docker run --rm --privileged --net=host --entrypoint=iptables ${OPENSHIFT_IMAGE} -C $RULE; } 2>&1 )
test -n "$RULE_OUTPUT" && docker run --rm --privileged --net=host --entrypoint=iptables ${OPENSHIFT_IMAGE} -I $RULE
RULE="INPUT -d 172.30.17.0/24 -s 172.17.0.0/16 -j ACCEPT"
RULE_OUTPUT=$( { docker run --rm --privileged --net=host --entrypoint=iptables ${OPENSHIFT_IMAGE} -C $RULE; } 2>&1 )
test -n "$RULE_OUTPUT" && docker run --rm --privileged --net=host --entrypoint=iptables ${OPENSHIFT_IMAGE} -I $RULE
RULE="INPUT -d 172.17.0.0/16 -s 172.30.17.0/24 -j ACCEPT"
RULE_OUTPUT=$( { docker run --rm --privileged --net=host --entrypoint=iptables ${OPENSHIFT_IMAGE} -C $RULE; } 2>&1 )
test -n "$RULE_OUTPUT" && docker run --rm --privileged --net=host --entrypoint=iptables ${OPENSHIFT_IMAGE} -I $RULE
echo

# TODO it would be nice if we could tell easily if these routes have already been applied so we don't have to do this each time
if [[ $OSTYPE == darwin* ]]; then
    if [ -z "$DOCKER_IP" ] ; then
      export DOCKER_IP=`boot2docker ip 2> /dev/null`
    fi

    echo "Adding network routes to 172.17.0.0/24, 172.30.17.0/24 & 172.121.17.0/24 via $DOCKER_IP so that the host operating system can see pods and services inside OpenShift"
    sudo route delete 172.17.0.0
    sudo route -n add 172.17.0.0/24 $DOCKER_IP
    sudo route delete 172.30.17.0
    sudo route -n add 172.30.17.0/24 $DOCKER_IP
    sudo route delete 172.121.17.0
    sudo route -n add 172.121.17.0/24 $DOCKER_IP
fi

export DOCKER_IP=${DOCKER_IP:-127.0.0.1}
export KUBERNETES=https://$DOCKER_IP:8443

# using an env var but ideally we'd use an alias ;)
KUBE="docker exec openshift oc"

if [ -n "${OPENSHIFT_MASTER_URL}" ]; then
  PUBLIC_MASTER_ARG="--public-master=${OPENSHIFT_MASTER_URL}"
fi

OPENSHIFT_CONTAINER=$(docker run -d --name=openshift ${OPENSHIFT_VOLUME_MOUNT} -v /var/run/docker.sock:/var/run/docker.sock -v /var/lib/openshift:/var/lib/openshift -v /var/log/containers:/var/log/containers --privileged --net=host ${OPENSHIFT_IMAGE} start --portal-net='172.30.17.0/24' --cors-allowed-origins='.*' ${PUBLIC_MASTER_ARG})

validateService()
{
  echo "Waiting for $1"
  while true; do
    curl -k -s -o /dev/null --connect-timeout 1 $2 && break || sleep 1
  done
}

validateService "Kubernetes master" $KUBERNETES

while true; do
  (docker exec openshift oc get namespaces default | grep default) && break || sleep 1
done

sleep 30

docker exec openshift sh -c "oadm router --credentials=openshift.local.config/master/openshift-router.kubeconfig --create"
docker exec openshift sh -c "oadm registry --credentials=openshift.local.config/master/openshift-registry.kubeconfig --create"
docker exec openshift sh -c "oadm policy add-cluster-role-to-user cluster-admin admin"

cat <<EOF | docker exec -i openshift oc create -f -
---
  apiVersion: "v1beta3"
  kind: "Secret"
  metadata:
    name: "openshift-cert-secrets"
  data:
    root-cert: "$(docker exec openshift base64 -w 0 /var/lib/openshift/openshift.local.config/master/ca.crt)"
    admin-cert: "$(docker exec openshift base64 -w 0 /var/lib/openshift/openshift.local.config/master/admin.crt)"
    admin-key: "$(docker exec openshift base64 -w 0 /var/lib/openshift/openshift.local.config/master/admin.key)"
EOF


#for app in app-library fabric8-forge; do
#  $KUBE create -f http://central.maven.org/maven2/io/fabric8/jube/images/fabric8/${app}/${FABRIC8_VERSION}/${app}-${FABRIC8_VERSION}-kubernetes.json
#done


echo
echo "Waiting for services to fully come up - shouldn't be too long for you to wait"
echo

getServiceIpAndPort()
{
  echo `echo "$1"|grep "$2"| sed -e 's/\s\+/ /g' -e 's/\/[tT][cC][pP]//gI' -e 's/\/[uU][dD][pP]//gI' | awk '{ print $4 ":" $5 }'`
}

getServiceIp()
{
  echo `echo "$1"|grep $2| sed 's/\s\+/ /g' | awk '{ print $4 }'`
}

DOCKER_REGISTRY=$(getServiceIpAndPort "$K8S_SERVICES" docker-registry)
#INFLUXDB=http://$(getServiceIpAndPort "$K8S_SERVICES" influxdb-service)
#ELASTICSEARCH=http://$(getServiceIpAndPort "$K8S_SERVICES" 'elasticsearch ')
#KIBANA_CONSOLE=http://$(getServiceIpAndPort "$K8S_SERVICES" kibana-service)
#GRAFANA_CONSOLE=http://$(getServiceIpAndPort "$K8S_SERVICES" grafana-service)


echo "Configuring OpenShift oauth"

cat <<EOF | docker exec -i openshift oc create -f -
{
  "kind": "OAuthClient",
  "apiVersion": "v1beta1",
  "metadata": {
    "name": "fabric8"
  },
  "redirectURIs": [
    "http://localhost:9090",
    "http://localhost:2772",
    "http://localhost:9000",
    "http://localhost:3000"
  ]
}
EOF

echo

validateService "Docker registry" $DOCKER_REGISTRY

echo
echo "You're all up & running! Here are the available services:"
echo
header="%-20s | %-60s\n"
format="%-20s | %-60s\n"
printf "${header}" Service URL
printf "${header}" "-------" "---"
printf "${format}" "Kubernetes master" $KUBERNETES
printf "${format}" "Docker Registry" $DOCKER_REGISTRY

printf "$SERVICE_TABLE" | column -t -s '|'

printf "\n"
printf "%s\n" "Set these environment variables on your development machine:"
printf "\n"
printf "%s\n" "export DOCKER_REGISTRY=$DOCKER_REGISTRY"
	#!/bin/bash

	# Preconditions
	REQUIRED_DOCKER_VERSION=1.6
	DOCKER_VERSION=`docker version \| grep 'Server version' \| cut -d ' ' -f 3`
	if [[ "$DOCKER_VERSION" < "$REQUIRED_DOCKER_VERSION" ]]; then
	echo "Docker ${REQUIRED_DOCKER_VERSION} is required to run Fabric8."
	exit -1
	fi

	#
	# Discover the APP_BASE from the location of this script.
	#
	if [ -z "$APP_BASE" ] ; then
	DIRNAME=`dirname "$0"`
	APP_BASE=`cd "$DIRNAME"; pwd`
	export APP_BASE
	fi

	OPENSHIFT_VERSION=latest

	OPENSHIFT_IMAGE=openshift/origin:${OPENSHIFT_VERSION}
	OPENSHIFT_ROUTER_IMAGE=openshift/origin-haproxy-router:${OPENSHIFT_VERSION}
	REGISTRY_IMAGE=openshift/origin-docker-registry:${OPENSHIFT_VERSION}

	DEPLOY_IMAGES="${OPENSHIFT_IMAGE} ${OPENSHIFT_ROUTER_IMAGE} ${REGISTRY_IMAGE}"
	#UPDATE_IMAGES=0
	DEPLOY_ALL=0
	CLEANUP=0
	DONT_RUN=0

	OPENSHIFT_ADMIN_PASSWORD=admin
	OPENSHIFT_MASTER_URL=localhost


	for image in ${DEPLOY_IMAGES}; do
	(
	IFS=':' read -a splitimage <<< "$image"
	docker images \| grep -qEo "${splitimage[0]}\W+${splitimage[1]}" \|\| (echo "Missing necessary Docker image: $image" && docker pull $image && echo)
	)
	done


	echo "Validating firewall rules"
	RULE="INPUT -d 172.17.42.1 -s 172.17.0.0/16 -j ACCEPT"
	RULE_OUTPUT=$( { docker run --rm --privileged --net=host --entrypoint=iptables ${OPENSHIFT_IMAGE} -C $RULE; } 2>&1 )
	test -n "$RULE_OUTPUT" && docker run --rm --privileged --net=host --entrypoint=iptables ${OPENSHIFT_IMAGE} -I $RULE
	RULE="INPUT -d 172.17.0.0/16 -s 172.121.0.0/16 -j ACCEPT"
	RULE_OUTPUT=$( { docker run --rm --privileged --net=host --entrypoint=iptables ${OPENSHIFT_IMAGE} -C $RULE; } 2>&1 )
	test -n "$RULE_OUTPUT" && docker run --rm --privileged --net=host --entrypoint=iptables ${OPENSHIFT_IMAGE} -I $RULE
	RULE="INPUT -d 172.121.0.0/16 -s 172.17.0.0/16 -j ACCEPT"
	RULE_OUTPUT=$( { docker run --rm --privileged --net=host --entrypoint=iptables ${OPENSHIFT_IMAGE} -C $RULE; } 2>&1 )
	test -n "$RULE_OUTPUT" && docker run --rm --privileged --net=host --entrypoint=iptables ${OPENSHIFT_IMAGE} -I $RULE
	RULE="INPUT -d 172.30.17.0/24 -s 172.17.0.0/16 -j ACCEPT"
	RULE_OUTPUT=$( { docker run --rm --privileged --net=host --entrypoint=iptables ${OPENSHIFT_IMAGE} -C $RULE; } 2>&1 )
	test -n "$RULE_OUTPUT" && docker run --rm --privileged --net=host --entrypoint=iptables ${OPENSHIFT_IMAGE} -I $RULE
	RULE="INPUT -d 172.17.0.0/16 -s 172.30.17.0/24 -j ACCEPT"
	RULE_OUTPUT=$( { docker run --rm --privileged --net=host --entrypoint=iptables ${OPENSHIFT_IMAGE} -C $RULE; } 2>&1 )
	test -n "$RULE_OUTPUT" && docker run --rm --privileged --net=host --entrypoint=iptables ${OPENSHIFT_IMAGE} -I $RULE
	echo

	# TODO it would be nice if we could tell easily if these routes have already been applied so we don't have to do this each time
	if [[ $OSTYPE == darwin* ]]; then
	if [ -z "$DOCKER_IP" ] ; then
	export DOCKER_IP=`boot2docker ip 2> /dev/null`
	fi

	echo "Adding network routes to 172.17.0.0/24, 172.30.17.0/24 & 172.121.17.0/24 via $DOCKER_IP so that the host operating system can see pods and services inside OpenShift"
	sudo route delete 172.17.0.0
	sudo route -n add 172.17.0.0/24 $DOCKER_IP
	sudo route delete 172.30.17.0
	sudo route -n add 172.30.17.0/24 $DOCKER_IP
	sudo route delete 172.121.17.0
	sudo route -n add 172.121.17.0/24 $DOCKER_IP
	fi

	export DOCKER_IP=${DOCKER_IP:-127.0.0.1}
	export KUBERNETES=https://$DOCKER_IP:8443

	# using an env var but ideally we'd use an alias ;)
	KUBE="docker exec openshift oc"

	if [ -n "${OPENSHIFT_MASTER_URL}" ]; then
	PUBLIC_MASTER_ARG="--public-master=${OPENSHIFT_MASTER_URL}"
	fi

	OPENSHIFT_CONTAINER=$(docker run -d --name=openshift ${OPENSHIFT_VOLUME_MOUNT} -v /var/run/docker.sock:/var/run/docker.sock -v /var/lib/openshift:/var/lib/openshift -v /var/log/containers:/var/log/containers --privileged --net=host ${OPENSHIFT_IMAGE} start --portal-net='172.30.17.0/24' --cors-allowed-origins='.*' ${PUBLIC_MASTER_ARG})

	validateService()
	{
	echo "Waiting for $1"
	while true; do
	curl -k -s -o /dev/null --connect-timeout 1 $2 && break \|\| sleep 1
	done
	}

	validateService "Kubernetes master" $KUBERNETES

	while true; do
	(docker exec openshift oc get namespaces default \| grep default) && break \|\| sleep 1
	done

	sleep 30

	docker exec openshift sh -c "oadm router --credentials=openshift.local.config/master/openshift-router.kubeconfig --create"
	docker exec openshift sh -c "oadm registry --credentials=openshift.local.config/master/openshift-registry.kubeconfig --create"
	docker exec openshift sh -c "oadm policy add-cluster-role-to-user cluster-admin admin"

	cat <<EOF \| docker exec -i openshift oc create -f -
	---
	apiVersion: "v1beta3"
	kind: "Secret"
	metadata:
	name: "openshift-cert-secrets"
	data:
	root-cert: "$(docker exec openshift base64 -w 0 /var/lib/openshift/openshift.local.config/master/ca.crt)"
	admin-cert: "$(docker exec openshift base64 -w 0 /var/lib/openshift/openshift.local.config/master/admin.crt)"
	admin-key: "$(docker exec openshift base64 -w 0 /var/lib/openshift/openshift.local.config/master/admin.key)"
	EOF



	#for app in app-library fabric8-forge; do
	# $KUBE create -f http://central.maven.org/maven2/io/fabric8/jube/images/fabric8/${app}/${FABRIC8_VERSION}/${app}-${FABRIC8_VERSION}-kubernetes.json
	#done


	echo
	echo "Waiting for services to fully come up - shouldn't be too long for you to wait"
	echo

	getServiceIpAndPort()
	{
	echo `echo "$1"\|grep "$2"\| sed -e 's/\s\+/ /g' -e 's/\/[tT][cC][pP]//gI' -e 's/\/[uU][dD][pP]//gI' \| awk '{ print $4 ":" $5 }'`
	}

	getServiceIp()
	{
	echo `echo "$1"\|grep $2\| sed 's/\s\+/ /g' \| awk '{ print $4 }'`
	}

	DOCKER_REGISTRY=$(getServiceIpAndPort "$K8S_SERVICES" docker-registry)
	#INFLUXDB=http://$(getServiceIpAndPort "$K8S_SERVICES" influxdb-service)
	#ELASTICSEARCH=http://$(getServiceIpAndPort "$K8S_SERVICES" 'elasticsearch ')
	#KIBANA_CONSOLE=http://$(getServiceIpAndPort "$K8S_SERVICES" kibana-service)
	#GRAFANA_CONSOLE=http://$(getServiceIpAndPort "$K8S_SERVICES" grafana-service)



	echo "Configuring OpenShift oauth"

	cat <<EOF \| docker exec -i openshift oc create -f -
	{
	"kind": "OAuthClient",
	"apiVersion": "v1beta1",
	"metadata": {
	"name": "fabric8"
	},
	"redirectURIs": [
	"http://localhost:9090",
	"http://localhost:2772",
	"http://localhost:9000",
	"http://localhost:3000"
	]
	}
	EOF

	echo

	validateService "Docker registry" $DOCKER_REGISTRY

	echo
	echo "You're all up & running! Here are the available services:"
	echo
	header="%-20s \| %-60s\n"
	format="%-20s \| %-60s\n"
	printf "${header}" Service URL
	printf "${header}" "-------" "---"
	printf "${format}" "Kubernetes master" $KUBERNETES
	printf "${format}" "Docker Registry" $DOCKER_REGISTRY

	printf "$SERVICE_TABLE" \| column -t -s '\|'

	printf "\n"
	printf "%s\n" "Set these environment variables on your development machine:"
	printf "\n"
	printf "%s\n" "export DOCKER_REGISTRY=$DOCKER_REGISTRY"