Skip to content

Instantly share code, notes, and snippets.

Tim Bielawa tbielawa

Block or report user

Report or block tbielawa

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
View NamedCertificates.md

OpenShift Named Certificates

This is a short guide explaining how to deploy and manage custom certificates via openshift-ansible. These custom certificates will be served for public facing UI/API.

1. Set up

NOTE: I'm running ansible from the first master so I'm creating the certificates in /root/ on my first master. The certificates will be copied to the masters (within /etc/origin/master/named_certificates/) by ansible. I could create them on my local system and run ansible from my local system instead.

1.1 Create CA Certificate

View 0001-Hacky-work-around-for-rhel-subscribe.patch
From 656a25ed8a290b6634927de000455aab0956198e Mon Sep 17 00:00:00 2001
From: Tim Bielawa <tbielawa@redhat.com>
Date: Tue, 7 Feb 2017 08:28:13 -0800
Subject: [PATCH] Hacky work-around for rhel-subscribe
---
playbooks/byo/rhel_subscribe.yml | 28 +++++++++++++++++++++++++++-
roles/rhel_subscribe/meta/main.yml | 2 +-
roles/rhel_subscribe/tasks/main.yml | 4 ++--
3 files changed, 30 insertions(+), 4 deletions(-)
View test_yedit.yaml-results.log
Using /home/tbielawa/rhat/os/openshift-ansible/ansible.cfg as config file
PLAY [masters] *****************************************************************
...
TASK [Do a 'yedit' for YAML files with 'servingInfo' in them] ******************
Friday 10 February 2017 10:43:35 -0800 (0:00:01.617) 0:00:02.383 *******
ok: [m01.example.com] => {
View hosts-local.ini
[OSEv3:children]
masters
[OSEv3:vars]
ansible_ssh_user=root
deployment_type=openshift-enterprise
openshift_release=v3.4
openshift_uninstall_images=False
rhsub_pool="Employee SKU*"
View lint-with-excludes
. oo-installenv/bin/activate && tox
py27-flake8 develop-inst-noop: /home/tbielawa/rhat/os/openshift-ansible/utils
py27-flake8 runtests: commands[0] | flake8 --config=setup.cfg ../ --exclude=../utils,.tox,../inventory,../roles/lib_utils/src/class,../roles/lib_utils/src/test/
../roles/lib_utils/library/yedit.py:155:1: E402 module level import not at top of file
../roles/lib_utils/library/yedit.py:156:1: E402 module level import not at top of file
../roles/lib_utils/library/yedit.py:157:1: E402 module level import not at top of file
../roles/lib_utils/library/yedit.py:158:1: E402 module level import not at top of file
../roles/lib_utils/library/yedit.py:162:1: E265 block comment should start with '# '
../roles/lib_utils/library/yedit.py:165:1: E265 block comment should start with '# '
../roles/lib_utils/library/yedit.py:169:1: E303 too many blank lines (3)
@tbielawa
tbielawa / check-certs.yaml
Last active Jan 9, 2017
BZ1389264 - Check embedded
View check-certs.yaml
---
- name: Check cert expirys
hosts: nodes:masters:etcd
become: yes
gather_facts: no
vars:
openshift_certificate_expiry_show_all: yes
openshift_certificate_expiry_generate_html_report: yes
openshift_certificate_expiry_warning_days: 1500
openshift_certificate_expiry_save_json_results: yes
View easy-mode-generator.yaml
---
yedit.py: []
megafrobber.py: []
specialmodule.py:
- doc/license
- doc/specialmodule
- src/base.py
- src/extra_sauce.py
- src/specialmodule.py
- ansible/specialmodule.py
View echo.py.diff
diff --git a/utils/src/ooinstall/openshift_ansible.py b/utils/src/ooinstall/openshift_ansible.py
index 113aca0..ce6e546 100644
--- a/utils/src/ooinstall/openshift_ansible.py
+++ b/utils/src/ooinstall/openshift_ansible.py
@@ -212,7 +212,7 @@ def write_host(host, role, inventory, schedulable=None):
if installer_host in [host.connect_to, host.hostname, host.public_hostname]:
facts += ' ansible_connection=local'
if os.geteuid() != 0:
- no_pwd_sudo = subprocess.call(['sudo', '-n', 'echo', 'openshift'])
+ no_pwd_sudo = subprocess.call(['sudo', '-n', 'echo', '-n'])
View gist:f74b34103dec4195c8c484c735c0ab6f
[root@m01 ~]# rpm -U -vv atomic-openshift-docker-excluder-3.4.0.36-1.git.0.ca20a16.el7.noarch.rpm
D: ============== atomic-openshift-docker-excluder-3.4.0.36-1.git.0.ca20a16.el7.noarch.rpm
D: loading keyring from pubkeys in /var/lib/rpm/pubkeys/*.key
D: couldn't find any keys in /var/lib/rpm/pubkeys/*.key
D: loading keyring from rpmdb
D: opening db environment /var/lib/rpm cdb:0x401
D: opening db index /var/lib/rpm/Packages 0x400 mode=0x0
D: locked db index /var/lib/rpm/Packages
D: opening db index /var/lib/rpm/Name 0x400 mode=0x0
...
You can’t perform that action at this time.