Tim Bielawa tbielawa

## NamedCertificates.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                tbielawa
                / NamedCertificates.md
            
            
              Created
              February 27, 2017 20:42
                — forked from abutcher/NamedCertificates.md
            
          
    OpenShift Named Certificates

This is a short guide explaining how to deploy and manage custom certificates via openshift-ansible. These custom certificates will be served for public facing UI/API.
1. Set up
NOTE: I'm running ansible from the first master so I'm creating the certificates in /root/ on my first master. The certificates will be copied to the masters (within /etc/origin/master/named_certificates/) by ansible. I could create them on my local system and run ansible from my local system instead.
1.1 Create CA Certificate

  
## how2duggie.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                tbielawa
                / how2duggie.md
            
            
              Created
              February 23, 2017 18:24
                — forked from abutcher/how2duggie.md
            
          
    Teach me


## 0001-Hacky-work-around-for-rhel-subscribe.patch
From 656a25ed8a290b6634927de000455aab0956198e Mon Sep 17 00:00:00 2001
From: Tim Bielawa <tbielawa@redhat.com>
Date: Tue, 7 Feb 2017 08:28:13 -0800
Subject: [PATCH] Hacky work-around for rhel-subscribe

---
 playbooks/byo/rhel_subscribe.yml    | 28 +++++++++++++++++++++++++++-
 roles/rhel_subscribe/meta/main.yml  |  2 +-
 roles/rhel_subscribe/tasks/main.yml |  4 ++--
 3 files changed, 30 insertions(+), 4 deletions(-)

## test_yedit.yaml-results.log
Using /home/tbielawa/rhat/os/openshift-ansible/ansible.cfg as config file

PLAY [masters] *****************************************************************

...


TASK [Do a 'yedit' for YAML files with 'servingInfo' in them] ******************
Friday 10 February 2017  10:43:35 -0800 (0:00:01.617)       0:00:02.383 *******
ok: [m01.example.com] => {

## hosts-local.ini
[OSEv3:children]
masters


[OSEv3:vars]
ansible_ssh_user=root
deployment_type=openshift-enterprise
openshift_release=v3.4
openshift_uninstall_images=False
rhsub_pool="Employee SKU*"

## lint-with-excludes
. oo-installenv/bin/activate && tox
py27-flake8 develop-inst-noop: /home/tbielawa/rhat/os/openshift-ansible/utils
py27-flake8 runtests: commands[0] | flake8 --config=setup.cfg ../ --exclude=../utils,.tox,../inventory,../roles/lib_utils/src/class,../roles/lib_utils/src/test/
../roles/lib_utils/library/yedit.py:155:1: E402 module level import not at top of file
../roles/lib_utils/library/yedit.py:156:1: E402 module level import not at top of file
../roles/lib_utils/library/yedit.py:157:1: E402 module level import not at top of file
../roles/lib_utils/library/yedit.py:158:1: E402 module level import not at top of file
../roles/lib_utils/library/yedit.py:162:1: E265 block comment should start with '# '
../roles/lib_utils/library/yedit.py:165:1: E265 block comment should start with '# '
../roles/lib_utils/library/yedit.py:169:1: E303 too many blank lines (3)

## check-certs.yaml
---
- name: Check cert expirys
  hosts: nodes:masters:etcd
  become: yes
  gather_facts: no
  vars:
    openshift_certificate_expiry_show_all: yes
    openshift_certificate_expiry_generate_html_report: yes
    openshift_certificate_expiry_warning_days: 1500
    openshift_certificate_expiry_save_json_results: yes

## easy-mode-generator.yaml
---
yedit.py: []
megafrobber.py: []
specialmodule.py:
  - doc/license
  - doc/specialmodule
  - src/base.py
  - src/extra_sauce.py
  - src/specialmodule.py
  - ansible/specialmodule.py

## echo.py.diff
diff --git a/utils/src/ooinstall/openshift_ansible.py b/utils/src/ooinstall/openshift_ansible.py
index 113aca0..ce6e546 100644
--- a/utils/src/ooinstall/openshift_ansible.py
+++ b/utils/src/ooinstall/openshift_ansible.py
@@ -212,7 +212,7 @@ def write_host(host, role, inventory, schedulable=None):
     if installer_host in [host.connect_to, host.hostname, host.public_hostname]:
         facts += ' ansible_connection=local'
         if os.geteuid() != 0:
-            no_pwd_sudo = subprocess.call(['sudo', '-n', 'echo', 'openshift'])
+            no_pwd_sudo = subprocess.call(['sudo', '-n', 'echo', '-n'])

## gist:f74b34103dec4195c8c484c735c0ab6f
[root@m01 ~]# rpm -U -vv atomic-openshift-docker-excluder-3.4.0.36-1.git.0.ca20a16.el7.noarch.rpm
D: ============== atomic-openshift-docker-excluder-3.4.0.36-1.git.0.ca20a16.el7.noarch.rpm
D: loading keyring from pubkeys in /var/lib/rpm/pubkeys/*.key
D: couldn't find any keys in /var/lib/rpm/pubkeys/*.key
D: loading keyring from rpmdb
D: opening  db environment /var/lib/rpm cdb:0x401
D: opening  db index       /var/lib/rpm/Packages 0x400 mode=0x0
D: locked   db index       /var/lib/rpm/Packages
D: opening  db index       /var/lib/rpm/Name 0x400 mode=0x0
...
	Using /home/tbielawa/rhat/os/openshift-ansible/ansible.cfg as config file

	PLAY [masters] *****************************************************************

	...


	TASK [Do a 'yedit' for YAML files with 'servingInfo' in them] ******************
	Friday 10 February 2017 10:43:35 -0800 (0:00:01.617) 0:00:02.383 *******
	ok: [m01.example.com] => {
	[OSEv3:children]
	masters


	[OSEv3:vars]
	ansible_ssh_user=root
	deployment_type=openshift-enterprise
	openshift_release=v3.4
	openshift_uninstall_images=False
	rhsub_pool="Employee SKU*"
	. oo-installenv/bin/activate && tox
	py27-flake8 develop-inst-noop: /home/tbielawa/rhat/os/openshift-ansible/utils
	py27-flake8 runtests: commands[0] \| flake8 --config=setup.cfg ../ --exclude=../utils,.tox,../inventory,../roles/lib_utils/src/class,../roles/lib_utils/src/test/
	../roles/lib_utils/library/yedit.py:155:1: E402 module level import not at top of file
	../roles/lib_utils/library/yedit.py:156:1: E402 module level import not at top of file
	../roles/lib_utils/library/yedit.py:157:1: E402 module level import not at top of file
	../roles/lib_utils/library/yedit.py:158:1: E402 module level import not at top of file
	../roles/lib_utils/library/yedit.py:162:1: E265 block comment should start with '# '
	../roles/lib_utils/library/yedit.py:165:1: E265 block comment should start with '# '
	../roles/lib_utils/library/yedit.py:169:1: E303 too many blank lines (3)
	---
	- name: Check cert expirys
	hosts: nodes:masters:etcd
	become: yes
	gather_facts: no
	vars:
	openshift_certificate_expiry_show_all: yes
	openshift_certificate_expiry_generate_html_report: yes
	openshift_certificate_expiry_warning_days: 1500
	openshift_certificate_expiry_save_json_results: yes
	---
	yedit.py: []
	megafrobber.py: []
	specialmodule.py:
	- doc/license
	- doc/specialmodule
	- src/base.py
	- src/extra_sauce.py
	- src/specialmodule.py
	- ansible/specialmodule.py
	diff --git a/utils/src/ooinstall/openshift_ansible.py b/utils/src/ooinstall/openshift_ansible.py
	index 113aca0..ce6e546 100644
	--- a/utils/src/ooinstall/openshift_ansible.py
	+++ b/utils/src/ooinstall/openshift_ansible.py
	@@ -212,7 +212,7 @@ def write_host(host, role, inventory, schedulable=None):
	if installer_host in [host.connect_to, host.hostname, host.public_hostname]:
	facts += ' ansible_connection=local'
	if os.geteuid() != 0:
	- no_pwd_sudo = subprocess.call(['sudo', '-n', 'echo', 'openshift'])
	+ no_pwd_sudo = subprocess.call(['sudo', '-n', 'echo', '-n'])
	[root@m01 ~]# rpm -U -vv atomic-openshift-docker-excluder-3.4.0.36-1.git.0.ca20a16.el7.noarch.rpm
	D: ============== atomic-openshift-docker-excluder-3.4.0.36-1.git.0.ca20a16.el7.noarch.rpm
	D: loading keyring from pubkeys in /var/lib/rpm/pubkeys/*.key
	D: couldn't find any keys in /var/lib/rpm/pubkeys/*.key
	D: loading keyring from rpmdb
	D: opening db environment /var/lib/rpm cdb:0x401
	D: opening db index /var/lib/rpm/Packages 0x400 mode=0x0
	D: locked db index /var/lib/rpm/Packages
	D: opening db index /var/lib/rpm/Name 0x400 mode=0x0
	...