Enable service-catalog using oc cluster up option (#83)

* Use oc cluster up --service-catalog=true instead of separate service catalog setup. * Fix to use oc and not the older service catalog config * Update openshift config to use openshift_hostname also removed some unused pieces from the service catalog apiserver now being behind the api aggregator
fusor · Jul 7, 2017 · 12e3133 · 12e3133
1 parent f508dc6
commit 12e3133
Show file tree

Hide file tree

Showing 8 changed files with 46 additions and 221 deletions.
diff --git a/ansible/reset_environment.yml b/ansible/reset_environment.yml
@@ -34,7 +34,6 @@
     - { role: ssl_setup, when: use_ssl == True }
     - { role: openshift_setup, reset_cluster: True }
     - env_hacks
-    - service_catalog_setup
     - ansible_service_broker_setup
     - demo_prep
   post_tasks:
@@ -45,13 +44,11 @@
             SSH Key Name:              {{ ssh_key_name }}
             Region:                    {{ aws_region }}
             Next steps:
-            1) Visit https://apiserver-service-catalog.{{ openshift_routing_suffix }}
-            2) Accept the certificate
-            3) Visit https://{{ openshift_hostname }}:8443 for the console
-            4) Provision a RDS APB into awsdemo project
-            5) Add to the aws-demo project a Python 3.5 project based off of https://github.com/thesteve0/awsdemo.git
-            6) Click on the python project and select creating binding to the RDS APB
-            7) Redeploy the python project
+            1) Visit https://{{ openshift_hostname }}:8443 for the console
+            2) Provision a RDS APB into awsdemo project
+            3) Add to the aws-demo project a Python 3.5 project based off of https://github.com/thesteve0/awsdemo.git
+            4) Click on the python project and select creating binding to the RDS APB
+            5) Redeploy the python project
             OR
             For CLI access:
             oc login --insecure-skip-tls-verify {{ openshift_hostname }}:8443 -u {{ cluster_user }} -p {{ cluster_user_password }}

diff --git a/ansible/roles/ansible_service_broker_setup/tasks/main.yml b/ansible/roles/ansible_service_broker_setup/tasks/main.yml
@@ -92,4 +92,4 @@
     register: ansible_service_broker_template
 
   - name: Create Broker resource in Service Catalog
-    shell: "{{ kubectl_cmd }} --kubeconfig={{ ansible_env.HOME }}/.kube/service-catalog.config create -f /tmp/ansible_service_broker.yaml"
+    shell: "{{ oc_cmd }} create -f /tmp/ansible_service_broker.yaml"
diff --git a/ansible/roles/demo_prep/tasks/main.yml b/ansible/roles/demo_prep/tasks/main.yml
@@ -52,7 +52,7 @@
     shell: "{{ oc_cmd }} delete -n {{ demo_project_name }} is demoprep python-35-centos7"
 
   - name: check if the rds postgres demo instance exists
-    shell: "{{ kubectl_cmd }} --kubeconfig=/root/.kube/service-catalog.config get instance -n {{ demo_project_name }} --no-headers=true | awk '{ print $1}' | grep -E '^rds-postgres( |$)' | cat"
+    shell: "{{ oc_cmd }} get instance -n {{ demo_project_name }} --no-headers=true | awk '{ print $1}' | grep -E '^rds-postgres( |$)' | cat"
     register: rds_demo_deployment
 
   - name: create rds apb resource file
@@ -64,5 +64,5 @@
       mode: 0644
 
   - name: create rds postgres demo instance
-    shell: "{{ kubectl_cmd }} --kubeconfig=/root/.kube/service-catalog.config create -f /tmp/rds-instance.yml"
+    shell: "{{ oc_cmd }} create -f /tmp/rds-instance.yml"
     when: deploy_rds_demo_instance and rds_demo_deployment.stdout.find( "rds-postgres" ) == -1
diff --git a/ansible/roles/openshift_setup/tasks/main.yml b/ansible/roles/openshift_setup/tasks/main.yml
@@ -12,7 +12,7 @@
     when: ansible_os_family == "RedHat"
 
   - set_fact:
-      oc_tools_dir: /usr/local/bin
+      oc_tools_dir: /usr/bin
     when: ec2_install
 
   - set_fact:
@@ -99,10 +99,17 @@
       state: started
     when: ec2_install
 
-  - name: Resetting cluster, {{ reset_cluster }}
+  - name: Resetting cluster
     shell: "{{ oc_cmd }} cluster down"
     when: reset_cluster
 
+  - name: Remove {{ oc_host_config_dir }}/master/master-config.yaml when resetting cluster
+    file:
+      path: "{{ oc_host_config_dir }}/master/master-config.yaml"
+      state: absent
+    become: true
+    when: reset_cluster
+
   - name: Install docker through pip as it's a requirement of ansible docker module
     pip:
       name: docker
@@ -128,15 +135,6 @@
       - "{{ docker_images_group1 }}"
       - "{{ docker_images_group2 }}"
 
-  - name: Remove {{ oc_host_config_dir }}/master/master-config.yaml when resetting cluster
-    file:
-      path: "{{ oc_host_config_dir }}/master/master-config.yaml"
-      state: absent
-    become: true
-    when: reset_cluster
-
-  # When reset_cluster is True we do not want to have to wait for the extra oc cluster up/down if it's not required
-  # so we are checking to see if the master-config.yaml exists, if it's there we will skip the extra oc cluster up/down
   - stat:
       path: "{{ oc_host_config_dir }}/master/master-config.yaml"
     register: master_config_stat
@@ -145,23 +143,13 @@
       path: "{{ oc_host_config_dir }}/console-fullchain.pem"
     register: console_ssl_stat
 
-  - name: Set a fact to tell if SSL was previously configured and now disabled
-    set_fact:
-      ssl_changed: True
-    when: console_ssl_stat.stat.exists and use_ssl == False
-
-  - name: Running oc cluster status
-    shell: "{{ oc_cmd }} cluster status | cat"
-    register: oc_cluster_status
-
-  - name: Set a fact to track the first run of oc cluster up
+  - name: Check to see if we need to use a custom config
     set_fact:
-      oc_cluster_up_first_run: False
+      use_custom_config: "{{use_ssl}}"
 
-  - name: This is the first run so set to True
+  - name: Check to see if we need to regenerate the custom config because something is missing
     set_fact:
-      oc_cluster_up_first_run: True
-    when: "not 'cluster was started' in oc_cluster_status.stdout"
+      generate_config: "{{use_custom_config and (not master_config_stat.stat.exists or not console_ssl_stat.stat.exists)}}"
 
   - name: Create command line for oc cluster up execution
     set_fact:
@@ -172,18 +160,17 @@
         --host-pv-dir={{ persistedvol_mount_point }}
         --image={{ origin_image_name }}
         --version={{ origin_image_tag }}
-        --host-config-dir={{ oc_host_config_dir }}
+        {% if use_custom_config %}--host-config-dir={{ oc_host_config_dir }}{% endif %}
+        --service-catalog=true
 
   - debug:
-      msg: "Looking at oc cluster up command:  '{{ oc_cluster_up_cmd }}'"
+      var: use_custom_config
 
-  # Intent of this oc cluster up is generate the master-config.yaml so we can make edits to it
-  - name: Run oc cluster up
-    shell: "{{ oc_cluster_up_cmd }}"
-    when: (oc_cluster_up_first_run and not master_config_stat.stat.exists) or ssl_changed is defined
+  - debug:
+      var: generate_config
 
   - debug:
-      msg: "oc_cluster_up_first_run = {{ oc_cluster_up_first_run }}, oc_cluster_status.stdout = '{{ oc_cluster_status.stdout }}'"
+      msg: "Looking at oc cluster up command:  '{{ oc_cluster_up_cmd }}'"
 
   - name: Ensure {{ persistedvol_mount_point }} directory exists if running in local mode
     file:
@@ -212,9 +199,14 @@
     become: true
 
   # Intent of this oc cluster up is generate the master-config.yaml so we can make edits to it
+  - name: Run oc cluster up to generate master-config.yaml
+    shell: "{{ oc_cluster_up_cmd }}"
+    when: generate_config
+
+  # Shut down cluster and use the generated master-config.yaml so we can make edits to it
   - name: Run oc cluster down
     shell: "{{ oc_cmd }} cluster down"
-    when: (oc_cluster_up_first_run and not master_config_stat.stat.exists) or ssl_changed is defined
+    when: generate_config
 
   - name: Copy credentials into host dir
     copy:
@@ -224,7 +216,7 @@
       owner: root
       group: root
       mode: 0644
-    when: use_ssl == True
+    when: generate_config and use_ssl == True
 
   - name: Copy credentials into host dir
     copy:
@@ -234,122 +226,26 @@
       owner: root
       group: root
       mode: 0644
-    when: use_ssl == True
-
-  - name: Copy credentials into host dir
-    copy:
-      remote_src: True
-      src: /tmp/apiserver-fullchain.pem
-      dest: "{{ oc_host_config_dir }}/apiserver-fullchain.pem"
-      owner: root
-      group: root
-      mode: 0644
-    when: use_ssl == True
-
-  - name: Copy credentials into host dir
-    copy:
-      remote_src: True
-      src: /tmp/apiserver-privkey.pem
-      dest: "{{ oc_host_config_dir }}/apiserver-privkey.pem"
-      owner: root
-      group: root
-      mode: 0644
-    when: use_ssl == True
+    when: generate_config and use_ssl == True
 
-  - name: Add extension script to oc config to talk to svc catalog
-    template:
-      src: extension.j2
-      dest: "{{ oc_host_config_dir }}/extension.js"
-      mode: 0644
-    register: extension_script_result
-    become: 'true'
-
-  - name: Edit master-config to allow extension scripts
-    lineinfile:
-      dest: "{{ oc_host_config_dir }}/master/master-config.yaml"
-      regexp: "extensionDevelopment:"
-      line: "  extensionDevelopment: true"
-    become: 'true'
-
-  - name: Add extension script to assetConfig
-    lineinfile:
-      dest: "{{ oc_host_config_dir }}/master/master-config.yaml"
-      insertafter: "extensionScripts: null"
-      line: "    - /var/lib/origin/openshift.local.config/extension.js"
-    become: 'true'
-
-  - name: Edit master-config to add extension script
-    lineinfile:
-      dest: "{{ oc_host_config_dir }}/master/master-config.yaml"
-      regexp: "extensionScripts: null"
-      line: "  extensionScripts:"
-    become: 'true'
-
-  - name: Add SSL cert to namedCertificates
-    lineinfile:
-      dest: "{{ oc_host_config_dir }}/master/master-config.yaml"
-      insertafter: "namedCertificates: null"
-      line: "    - certFile: {{ oc_host_config_dir }}/console-fullchain.pem"
-    when: use_ssl == True
-    become: 'true'
-
-  - name: Add SSL cert to namedCertificates
-    lineinfile:
-      dest: "{{ oc_host_config_dir }}/master/master-config.yaml"
-      insertafter: "certFile: {{ oc_host_config_dir }}/console-fullchain.pem"
-      line: "      keyFile: {{ oc_host_config_dir }}/console-privkey.pem"
-    when: use_ssl == True
-    become: 'true'
-
-  - name: Add SSL cert to namedCertificates
-    lineinfile:
-      dest: "{{ oc_host_config_dir }}/master/master-config.yaml"
-      insertafter: "keyFile: {{ oc_host_config_dir }}/console-privkey.pem"
-      line: "      names:"
-    when: use_ssl == True
-    become: 'true'
-
-  - name: Add SSL cert to namedCertificates
-    lineinfile:
-      dest: "{{ oc_host_config_dir }}/master/master-config.yaml"
-      insertafter: "names:"
-      line: "      - \"apiserver-service-catalog.{{ openshift_routing_suffix }}\""
-    when: use_ssl == True
-    become: 'true'
-
-  - name: Add SSL cert to namedCertificates
-    lineinfile:
-      dest: "{{ oc_host_config_dir }}/master/master-config.yaml"
-      insertafter: "names:"
-      line: "      - \"{{ openshift_hostname }}\""
-    when: use_ssl == True
-    become: 'true'
-
-  - name: Edit master-config to allow SSL cert
+  - name: Edit master-config servingInfo.namedCertificates to use SSL
     lineinfile:
       dest: "{{ oc_host_config_dir }}/master/master-config.yaml"
       regexp: "namedCertificates: null"
-      line: "  namedCertificates:"
-    when: use_ssl == True
-    become: 'true'
-
-  - name: Edit master-config to turn on PodPreset
-    lineinfile:
-      dest: "{{ oc_host_config_dir }}/master/master-config.yaml"
-      insertbefore: "openshift.io/ImagePolicy:"
-      line: "    PodPreset:\n      configuration:\n        kind: DefaultAdmissionConfig\n        apiVersion: v1\n        disable: false"
+      line: "  namedCertificates:\n    - certFile: /var/lib/origin/openshift.local.config/console-fullchain.pem\n      keyFile: /var/lib/origin/openshift.local.config/console-privkey.pem\n      names:\n      - \"{{ openshift_hostname }}\"\n"
+    when: generate_config and use_ssl == True
     become: 'true'
 
   - name: Update oc cluster up command to use --use-existing-config
     set_fact:
       oc_cluster_up_cmd: "{{ oc_cluster_up_cmd }} --use-existing-config"
+    when: use_custom_config
 
   - debug:
       msg: "Looking at oc cluster up command:  '{{ oc_cluster_up_cmd }}'"
 
-  - name: Run oc cluster up
+  - name: Run oc cluster up to start the cluster
     shell: "{{ oc_cluster_up_cmd }}"
-    when: oc_cluster_up_first_run
     register: oc_cluster_up
   #
   # Add permissions to desired openshift user
@@ -368,10 +264,6 @@
     shell: "{{ oc_cmd }} adm policy add-cluster-role-to-user cluster-admin {{ cluster_user }}"
     when: oc_cluster_up.changed
 
-  - name: Add cluster-admin role to {{ service_catalog_user }}
-    shell: "{{ oc_cmd }} adm policy add-cluster-role-to-user cluster-admin {{ service_catalog_user }}"
-    when: oc_cluster_up.changed
-
   - name: Add privileged scc to {{ cluster_user }}
     shell: "{{ oc_cmd }} adm policy add-scc-to-user privileged {{ cluster_user }}"
     when: oc_cluster_up.changed

diff --git a/ansible/roles/openshift_setup/templates/extension.j2 b/ansible/roles/openshift_setup/templates/extension.j2
diff --git a/ansible/roles/ssl_setup/tasks/main.yml b/ansible/roles/ssl_setup/tasks/main.yml
@@ -40,22 +40,6 @@
       auth
     when: certsLocal.stat.exists == False and certsRemote.stat.isdir is not defined
 
-  - name: Run letsencrypt script for apiserver
-    shell: >
-      {{ go_path }}/src/github.com/letsencrypt/letsencrypt/letsencrypt-auto
-      --renew-by-default
-      -a standalone
-      --webroot-path
-      /tmp/letsencrypt/
-      --server https://acme-v01.api.letsencrypt.org/directory
-      --email {{ email_address }}
-      --text
-      {{ "--test-cert" if use_test_cert else "" }}
-      --agree-tos
-      -d apiserver-service-catalog.{{ openshift_hostname }}
-      auth
-    when: certsLocal.stat.exists == False and certsRemote.stat.isdir is not defined
-
   - name: Store SSL certs locally for future instances
     fetch:
       src: /etc/letsencrypt/archive/{{ openshift_hostname }}/fullchain1.pem
@@ -70,20 +54,6 @@
       flat: yes
     when: certsLocal.stat.exists == False
 
-  - name: Store SSL certs locally for future instances
-    fetch:
-      src: /etc/letsencrypt/archive/apiserver-service-catalog.{{ openshift_hostname }}/fullchain1.pem
-      dest: certs/{{ openshift_hostname }}-apiserver-cert.pem
-      flat: yes
-    when: certsLocal.stat.exists == False
-
-  - name: Store SSL certs locally for future instances
-    fetch:
-      src: /etc/letsencrypt/archive/apiserver-service-catalog.{{ openshift_hostname }}/privkey1.pem
-      dest: certs/{{ openshift_hostname }}-apiserver-key.pem
-      flat: yes
-    when: certsLocal.stat.exists == False
-
   - name: Copy credentials into /tmp
     copy:
       src: certs/{{ openshift_hostname }}-console-cert.pem
@@ -99,19 +69,3 @@
       owner: root
       group: root
       mode: 0644
-
-  - name: Copy credentials into /tmp
-    copy:
-      src: certs/{{ openshift_hostname }}-apiserver-cert.pem
-      dest: /tmp/apiserver-fullchain.pem
-      owner: root
-      group: root
-      mode: 0644
-
-  - name: Copy credentials into /tmp
-    copy:
-      src: certs/{{ openshift_hostname }}-apiserver-key.pem
-      dest: /tmp/apiserver-privkey.pem
-      owner: root
-      group: root
-      mode: 0644