Install ASB on OpenShift

install_asb.sh

#!/bin/bash
# This script will delete remains of previous instance of Ansible Service Broker
# and installs a new one into project ansible-service-broker
#
# INSTRUCTIONS
# Login as admin via oc
# Delete projects containing previous instance of ASB if any
# Replace variables' values containing <REPLACE_ME>, also consider changing the version of ASB template (change value of TEMPLATE_VERSION variable)
# or ASB image (BROKER_IMAGE variable)
# Run this with 'bash install_asb.sh'

set -e

# Deprovision previous ASB
oc delete clusterrolebinding asb || true
oc delete clusterrolebinding asb-auth-bind || true
oc delete clusterrolebinding ansibleservicebroker-client || true
oc delete clusterrole asb-auth || true
oc delete clusterrole access-asb-role || true
oc delete clusterservicebroker ansible-service-broker || true

readonly DOCKERHUB_USER="<REPLACE_ME>"
readonly DOCKERHUB_PASS="<REPLACE_ME>"
readonly DOCKERHUB_ORG="aerogearcatalog"
readonly LAUNCH_APB_ON_BIND="true"
readonly ANSIBLE_SERVICE_BROKER_NAMESPACE="ansible-service-broker"

echo "starting install of OpenShift Ansible Broker (OAB)"

function finish {
  echo "unexpected exit of OpenShift Ansible Broker (OAB) installation script"
}

trap 'finish' EXIT

readonly TEMPLATE_VERSION="release-1.1"
readonly TEMPLATE_URL="https://raw.githubusercontent.com/openshift/ansible-service-broker/${TEMPLATE_VERSION}/templates/deploy-ansible-service-broker.template.yaml"
readonly TEMPLATE_LOCAL="/tmp/deploy-ansible-service-broker.template.yaml"
readonly TEMPLATE_VARS="-p BROKER_CA_CERT=$(oc get secret -n kube-service-catalog -o go-template='{{ range .items }}{{ if eq .type "kubernetes.io/service-account-token" }}{{ index .data "service-ca.crt" }}{{end}}{{"\n"}}{{end}}' | tail -n 2)"

oc login -u system:admin
oc new-project ansible-service-broker

# Creating openssl certs to use.
mkdir -p /tmp/etcd-cert
openssl req -nodes -x509 -newkey rsa:4096 -keyout /tmp/etcd-cert/key.pem -out /tmp/etcd-cert/cert.pem -days 365 -subj "/CN=asb-etcd.ansible-service-broker.svc"
openssl genrsa -out /tmp/etcd-cert/MyClient1.key 2048 \
&& openssl req -new -key /tmp/etcd-cert/MyClient1.key -out /tmp/etcd-cert/MyClient1.csr -subj "/CN=client" \
&& openssl x509 -req -in /tmp/etcd-cert/MyClient1.csr -CA /tmp/etcd-cert/cert.pem -CAkey /tmp/etcd-cert/key.pem -CAcreateserial -out /tmp/etcd-cert/MyClient1.pem -days 1024

ETCD_CA_CERT=$(cat /tmp/etcd-cert/cert.pem | base64)
BROKER_CLIENT_CERT=$(cat /tmp/etcd-cert/MyClient1.pem | base64)
BROKER_CLIENT_KEY=$(cat /tmp/etcd-cert/MyClient1.key | base64)

curl -s ${TEMPLATE_URL} > "${TEMPLATE_LOCAL}"

echo 'Waiting 30 seconds for all objects from previous ASB to be deleted'
sleep 30

oc process -f "${TEMPLATE_LOCAL}" \
-n ${ANSIBLE_SERVICE_BROKER_NAMESPACE} \
-p DOCKERHUB_USER="$( echo ${DOCKERHUB_USER} | base64 )" \
-p DOCKERHUB_PASS="$( echo ${DOCKERHUB_PASS} | base64 )" \
-p DOCKERHUB_ORG="${DOCKERHUB_ORG}" \
-p BROKER_IMAGE="ansibleplaybookbundle/origin-ansible-service-broker:sprint147.2" \
-p ENABLE_BASIC_AUTH="false" \
-p SANDBOX_ROLE="admin" \
-p TAG="${TAG:-latest}" \
-p ETCD_TRUSTED_CA_FILE=/var/run/etcd-auth-secret/ca.crt \
-p BROKER_CLIENT_CERT_PATH=/var/run/asb-etcd-auth/client.crt \
-p BROKER_CLIENT_KEY_PATH=/var/run/asb-etcd-auth/client.key \
-p ETCD_TRUSTED_CA="$ETCD_CA_CERT" \
-p BROKER_CLIENT_CERT="$BROKER_CLIENT_CERT" \
-p BROKER_CLIENT_KEY="$BROKER_CLIENT_KEY" \
-p NAMESPACE=${ANSIBLE_SERVICE_BROKER_NAMESPACE} \
-p AUTO_ESCALATE="true" \
${TEMPLATE_VARS} | oc create -f -

if [ "${?}" -ne 0 ]; then
	echo "Error processing template and creating deployment"
	exit
fi