diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..9f901d9 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +my_vars.yml diff --git a/README.md b/README.md index 608c8d9..dbff234 100644 --- a/README.md +++ b/README.md @@ -13,6 +13,7 @@ These playbooks will: ### Local and EC-2 deployment options - * To view individual Readme documents for these two options click below - * [Local deployment](local/README.md) + * To view individual Readme documents for these options click below + * [Local Linux deployment](local/linux/README.md) + * [Local macOS deployment](local/mac/README.md) * [EC-2 deployment](ec2/README.md) diff --git a/ansible/display_ec2_instance_information.yml b/ansible/display_ec2_instance_information.yml index b8557a5..ccb1f42 100644 --- a/ansible/display_ec2_instance_information.yml +++ b/ansible/display_ec2_instance_information.yml @@ -17,7 +17,7 @@ SSH Key Name: {{ ssh_key_name }} Region: {{ aws_region }} Next steps: - 1) Visit https://apiserver-service-catalog.{{ openshift_hostname }} + 1) Visit https://apiserver-service-catalog.{{ openshift_routing_suffix }} 2) Accept the certificate 3) Visit https://{{ openshift_hostname }}:8443 for the console 4) Provision a RDS APB into awsdemo project diff --git a/ansible/group_vars/all.yml b/ansible/group_vars/all.yml index c9b7461..a2113fc 100644 --- a/ansible/group_vars/all.yml +++ b/ansible/group_vars/all.yml @@ -42,7 +42,17 @@ aws_ami_id: ami-b63769a1 instance_type: c4.4xlarge +# For local setup, especially on Mac the openshift_hostname will be +# different from the routing_suffix. +# We expect the openshift_hostname for Mac to be the public IP +# This is needed so oc cluster up and can ensure it's listening +# on the correct interface. +# +# For ec2 runs this is less important to differentiate and we expect +# openshift_hostname and openshift_routing_suffix to be the same +# openshift_hostname: "{{target_subdomain}}.{{target_dns_zone}}" +openshift_routing_suffix: "{{target_subdomain}}.{{target_dns_zone}}" openshift_url: "{{ openshift_hostname }}:8443" use_ssl: True @@ -75,6 +85,7 @@ oc_cmd: "{{ oc_client_install_path }}/oc" oadm_cmd: "{{ oc_client_install_path }}/oadm" kubectl_cmd: "{{ oc_client_install_path }}/kubectl" +oc_host_config_dir: /var/lib/origin/openshift.local.config deploy_rds_demo_instance: true diff --git a/ansible/reset_environment.yml b/ansible/reset_environment.yml index 4b259e7..592ec05 100644 --- a/ansible/reset_environment.yml +++ b/ansible/reset_environment.yml @@ -20,6 +20,16 @@ - name: Setting fact of security group id set_fact: my_security_group_id: "{{ hostvars.localhost.my_ec2_facts.instances[0].groups[0].id }}" + vars_prompt: + - name: dockerhub_user_name + prompt: "Enter your dockerhub username: " + private: no + - name: dockerhub_user_password + prompt: "Enter your dockerhub password: " + private: yes + - name: dockerhub_org_name + prompt: "Enter the dockerhub organization you'd like to pull images from: " + private: no roles: - { role: ssl_setup, when: use_ssl == True } - { role: openshift_setup, reset_cluster: True } @@ -35,7 +45,7 @@ SSH Key Name: {{ ssh_key_name }} Region: {{ aws_region }} Next steps: - 1) Visit https://apiserver-service-catalog.{{ openshift_hostname }} + 1) Visit https://apiserver-service-catalog.{{ openshift_routing_suffix }} 2) Accept the certificate 3) Visit https://{{ openshift_hostname }}:8443 for the console 4) Provision a RDS APB into awsdemo project diff --git a/ansible/reset_local_environment.yml b/ansible/reset_local_environment.yml index 8289555..2cfa4b3 100644 --- a/ansible/reset_local_environment.yml +++ b/ansible/reset_local_environment.yml @@ -20,7 +20,7 @@ msg: | Hostname: {{ openshift_hostname }} Next steps: - 1) Visit https://apiserver-service-catalog.{{ openshift_hostname }} + 1) Visit https://apiserver-service-catalog.{{ openshift_routing_suffix }} 2) Accept the certificate 3) Visit https://{{ openshift_hostname }}:8443 for the console OR diff --git a/ansible/reset_mac_environment.yml b/ansible/reset_mac_environment.yml new file mode 100644 index 0000000..29a625d --- /dev/null +++ b/ansible/reset_mac_environment.yml @@ -0,0 +1,31 @@ +- hosts: localhost + gather_facts: True + vars_prompt: + - name: dockerhub_user_name + prompt: "Enter your dockerhub username: " + private: no + - name: dockerhub_user_password + prompt: "Enter your dockerhub password: " + private: yes + - name: dockerhub_org_name + prompt: "Enter the dockerhub organization you'd like to pull images from: " + private: no + roles: + - { role: openshift_setup, reset_cluster: True } + - service_catalog_setup + - ansible_service_broker_setup + - local_demo_prep + - env_hacks + post_tasks: + - set_fact: + msg: | + Hostname: {{ openshift_hostname }} + Next steps: + 1) Visit https://apiserver-service-catalog.{{ openshift_routing_suffix }} + 2) Accept the certificate + 3) Visit https://{{ openshift_hostname }}:8443 for the console + OR + For CLI access: + oc login --insecure-skip-tls-verify {{ openshift_hostname }}:8443 -u {{ cluster_user }} -p {{ cluster_user_password }} + - debug: + msg: "{{ msg.split('\n') }}" diff --git a/ansible/roles/ansible_service_broker_setup/defaults/main.yml b/ansible/roles/ansible_service_broker_setup/defaults/main.yml index 1fb745c..27e59d4 100644 --- a/ansible/roles/ansible_service_broker_setup/defaults/main.yml +++ b/ansible/roles/ansible_service_broker_setup/defaults/main.yml @@ -1 +1,3 @@ asb_src_dir: /tmp/ansible-service-broker +dockerhub_user_name: changeme +dockerhub_user_password: changeme diff --git a/ansible/roles/ansible_service_broker_setup/tasks/main.yml b/ansible/roles/ansible_service_broker_setup/tasks/main.yml index d738b1d..8cd50a6 100644 --- a/ansible/roles/ansible_service_broker_setup/tasks/main.yml +++ b/ansible/roles/ansible_service_broker_setup/tasks/main.yml @@ -11,7 +11,7 @@ pip: requirements: "{{ asb_src_dir }}/scripts/asbcli/requirements.txt" when: git_clone_asb.changed - become: 'true' + become: true - name: Docker pull ansibleplaybookbundle/ansible-service-broker-apb:latest docker_image: @@ -75,7 +75,6 @@ src: ansible_service_broker.yaml.j2 dest: /tmp/ansible_service_broker.yaml owner: "{{ ansible_env.USER }}" - group: "{{ ansible_env.USER }}" mode: 0644 register: ansible_service_broker_template diff --git a/ansible/roles/openshift_setup/tasks/main.yml b/ansible/roles/openshift_setup/tasks/main.yml index fd4b784..6779b58 100644 --- a/ansible/roles/openshift_setup/tasks/main.yml +++ b/ansible/roles/openshift_setup/tasks/main.yml @@ -94,10 +94,10 @@ shell: "{{ oc_cmd }} cluster down" when: reset_cluster - - name: Install docker-py through pip as it's a requirement of ansible docker module + - name: Install docker through pip as it's a requirement of ansible docker module pip: - name: docker-py - version: 1.10.6 + name: docker + version: 2.3.0 become: 'true' - name: Removing certain docker images if they exist so we are sure we are pulling latest @@ -119,9 +119,9 @@ - "{{ docker_images_group1 }}" - "{{ docker_images_group2 }}" - - name: Remove /var/lib/origin/openshift.local.config/master/master-config.yaml when resetting cluster + - name: Remove {{ oc_host_config_dir }}/master/master-config.yaml when resetting cluster file: - path: /var/lib/origin/openshift.local.config/master/master-config.yaml + path: "{{ oc_host_config_dir }}/master/master-config.yaml" state: absent become: true when: reset_cluster @@ -129,11 +129,11 @@ # When reset_cluster is True we do not want to have to wait for the extra oc cluster up/down if it's not required # so we are checking to see if the master-config.yaml exists, if it's there we will skip the extra oc cluster up/down - stat: - path: /var/lib/origin/openshift.local.config/master/master-config.yaml + path: "{{ oc_host_config_dir }}/master/master-config.yaml" register: master_config_stat - stat: - path: /var/lib/origin/openshift.local.config/console-fullchain.pem + path: "{{ oc_host_config_dir }}/console-fullchain.pem" register: console_ssl_stat - name: Set a fact to tell if SSL was previously configured and now disabled @@ -154,8 +154,16 @@ oc_cluster_up_first_run: True when: "not 'cluster was started' in oc_cluster_status.stdout" + - name: Create command line for oc cluster up execution + set_fact: + oc_cluster_up_cmd: "{{ oc_cmd }} cluster up --routing-suffix={{ openshift_routing_suffix }} --public-hostname={{ openshift_hostname }} --host-pv-dir={{ persistedvol_mount_point }} --version=latest --image=docker.io/ansibleplaybookbundle/origin --host-config-dir={{ oc_host_config_dir }}" + + - debug: + msg: "Looking at oc cluster up command: '{{ oc_cluster_up_cmd }}'" + + # Intent of this oc cluster up is generate the master-config.yaml so we can make edits to it - name: Run oc cluster up - shell: "{{ oc_cmd }} cluster up --routing-suffix={{ openshift_hostname }} --public-hostname={{ openshift_hostname }} --host-pv-dir={{ persistedvol_mount_point }} --version=latest --image=docker.io/ansibleplaybookbundle/origin" + shell: "{{ oc_cluster_up_cmd }}" when: (oc_cluster_up_first_run and not master_config_stat.stat.exists) or ssl_changed is defined - debug: @@ -171,17 +179,6 @@ when: not ec2_install # Intent of this oc cluster up is generate the master-config.yaml so we can make edits to it - - set_fact: - base_oc_cluster_cmd_line: "--routing-suffix={{ openshift_hostname }} --public-hostname={{ openshift_hostname }} --host-pv-dir={{ persistedvol_mount_point }} --version=latest --image=docker.io/ansibleplaybookbundle/origin" - - - set_fact: - oc_cluster_cmd_line: "{{ base_oc_cluster_cmd_line }} --create-machine" - when: ansible_os_family == "Darwin" - - - set_fact: - oc_cluster_cmd_line: "{{ base_oc_cluster_cmd_line }}" - when: ansible_os_family == "RedHat" - - name: Run oc cluster down shell: "{{ oc_cmd }} cluster down" when: (oc_cluster_up_first_run and not master_config_stat.stat.exists) or ssl_changed is defined @@ -190,7 +187,7 @@ copy: remote_src: True src: /tmp/console-fullchain.pem - dest: /var/lib/origin/openshift.local.config/console-fullchain.pem + dest: "{{ oc_host_config_dir }}/console-fullchain.pem" owner: root group: root mode: 0644 @@ -200,7 +197,7 @@ copy: remote_src: True src: /tmp/console-privkey.pem - dest: /var/lib/origin/openshift.local.config/console-privkey.pem + dest: "{{ oc_host_config_dir }}/console-privkey.pem" owner: root group: root mode: 0644 @@ -210,7 +207,7 @@ copy: remote_src: True src: /tmp/apiserver-fullchain.pem - dest: /var/lib/origin/openshift.local.config/apiserver-fullchain.pem + dest: "{{ oc_host_config_dir }}/apiserver-fullchain.pem" owner: root group: root mode: 0644 @@ -220,7 +217,7 @@ copy: remote_src: True src: /tmp/apiserver-privkey.pem - dest: /var/lib/origin/openshift.local.config/apiserver-privkey.pem + dest: "{{ oc_host_config_dir }}/apiserver-privkey.pem" owner: root group: root mode: 0644 @@ -229,69 +226,67 @@ - name: Add extension script to oc config to talk to svc catalog template: src: extension.j2 - dest: /var/lib/origin/openshift.local.config/extension.js - owner: root - group: root + dest: "{{ oc_host_config_dir }}/extension.js" mode: 0644 register: extension_script_result become: 'true' - name: Edit master-config to allow extension scripts lineinfile: - dest: /var/lib/origin/openshift.local.config/master/master-config.yaml + dest: "{{ oc_host_config_dir }}/master/master-config.yaml" regexp: "extensionDevelopment:" line: " extensionDevelopment: true" become: 'true' - name: Add extension script to assetConfig lineinfile: - dest: /var/lib/origin/openshift.local.config/master/master-config.yaml + dest: "{{ oc_host_config_dir }}/master/master-config.yaml" insertafter: "extensionScripts: null" line: " - /var/lib/origin/openshift.local.config/extension.js" become: 'true' - name: Edit master-config to add extension script lineinfile: - dest: /var/lib/origin/openshift.local.config/master/master-config.yaml + dest: "{{ oc_host_config_dir }}/master/master-config.yaml" regexp: "extensionScripts: null" line: " extensionScripts:" become: 'true' - name: Add SSL cert to namedCertificates lineinfile: - dest: /var/lib/origin/openshift.local.config/master/master-config.yaml + dest: "{{ oc_host_config_dir }}/master/master-config.yaml" insertafter: "namedCertificates: null" - line: " - certFile: /var/lib/origin/openshift.local.config/console-fullchain.pem" + line: " - certFile: {{ oc_host_config_dir }}/console-fullchain.pem" when: use_ssl == True become: 'true' - name: Add SSL cert to namedCertificates lineinfile: - dest: /var/lib/origin/openshift.local.config/master/master-config.yaml - insertafter: "certFile: /var/lib/origin/openshift.local.config/console-fullchain.pem" - line: " keyFile: /var/lib/origin/openshift.local.config/console-privkey.pem" + dest: "{{ oc_host_config_dir }}/master/master-config.yaml" + insertafter: "certFile: {{ oc_host_config_dir }}/console-fullchain.pem" + line: " keyFile: {{ oc_host_config_dir }}/console-privkey.pem" when: use_ssl == True become: 'true' - name: Add SSL cert to namedCertificates lineinfile: - dest: /var/lib/origin/openshift.local.config/master/master-config.yaml - insertafter: "keyFile: /var/lib/origin/openshift.local.config/console-privkey.pem" + dest: "{{ oc_host_config_dir }}/master/master-config.yaml" + insertafter: "keyFile: {{ oc_host_config_dir }}/console-privkey.pem" line: " names:" when: use_ssl == True become: 'true' - name: Add SSL cert to namedCertificates lineinfile: - dest: /var/lib/origin/openshift.local.config/master/master-config.yaml + dest: "{{ oc_host_config_dir }}/master/master-config.yaml" insertafter: "names:" - line: " - \"apiserver-service-catalog.{{ openshift_hostname }}\"" + line: " - \"apiserver-service-catalog.{{ openshift_routing_suffix }}\"" when: use_ssl == True become: 'true' - name: Add SSL cert to namedCertificates lineinfile: - dest: /var/lib/origin/openshift.local.config/master/master-config.yaml + dest: "{{ oc_host_config_dir }}/master/master-config.yaml" insertafter: "names:" line: " - \"{{ openshift_hostname }}\"" when: use_ssl == True @@ -299,45 +294,21 @@ - name: Edit master-config to allow SSL cert lineinfile: - dest: /var/lib/origin/openshift.local.config/master/master-config.yaml + dest: "{{ oc_host_config_dir }}/master/master-config.yaml" regexp: "namedCertificates: null" line: " namedCertificates:" when: use_ssl == True become: 'true' - - name: Add extension script to oc config to talk to svc catalog - template: - src: extension.j2 - dest: /var/lib/origin/openshift.local.config/extension.js - owner: root - group: root - mode: 0644 - become: 'true' - register: extension_script_result - - - name: Edit master-config to allow extension scripts - lineinfile: - dest: /var/lib/origin/openshift.local.config/master/master-config.yaml - regexp: "extensionDevelopment:" - line: " extensionDevelopment: true" - become: 'true' - - - name: Add extension script to assetConfig - lineinfile: - dest: /var/lib/origin/openshift.local.config/master/master-config.yaml - insertafter: "extensionScripts: null" - line: " - /var/lib/origin/openshift.local.config/extension.js" - become: 'true' + - name: Update oc cluster up command to use --use-existing-config + set_fact: + oc_cluster_up_cmd: "{{ oc_cluster_up_cmd }} --use-existing-config" - - name: Edit master-config to add extension script - lineinfile: - dest: /var/lib/origin/openshift.local.config/master/master-config.yaml - regexp: "extensionScripts: null" - line: " extensionScripts:" - become: 'true' + - debug: + msg: "Looking at oc cluster up command: '{{ oc_cluster_up_cmd }}'" - name: Run oc cluster up - shell: "{{ oc_cmd }} cluster up --routing-suffix={{ openshift_hostname }} --public-hostname={{ openshift_hostname }} --host-pv-dir={{ persistedvol_mount_point }} --version=latest --image=docker.io/ansibleplaybookbundle/origin --host-config-dir=/var/lib/origin/openshift.local.config --use-existing-config" + shell: "{{ oc_cluster_up_cmd }}" when: oc_cluster_up_first_run register: oc_cluster_up # diff --git a/ansible/roles/openshift_setup/templates/extension.j2 b/ansible/roles/openshift_setup/templates/extension.j2 index c5522bc..cce9ac5 100644 --- a/ansible/roles/openshift_setup/templates/extension.j2 +++ b/ansible/roles/openshift_setup/templates/extension.j2 @@ -1,4 +1,4 @@ window.OPENSHIFT_CONFIG.additionalServers = [{ - hostPort: "apiserver-service-catalog.{{ openshift_hostname }}", + hostPort: "apiserver-service-catalog.{{ openshift_routing_suffix }}", prefix: "/apis" }]; diff --git a/ansible/roles/service_catalog_setup/tasks/main.yml b/ansible/roles/service_catalog_setup/tasks/main.yml index 31873eb..ff3fda6 100644 --- a/ansible/roles/service_catalog_setup/tasks/main.yml +++ b/ansible/roles/service_catalog_setup/tasks/main.yml @@ -29,20 +29,17 @@ register: new_svc_cat_project when: project.stdout.find( "service-catalog" ) == -1 - #- name: Ensuring service-catalog project is selected for those cases of being re-run and skipping the new-project creation - # shell: "{{ oc_cmd }} project service-catalog" - - name: check if the apiserver deployment exists shell: "{{ oc_cmd }} get deployment -n service-catalog --no-headers=true | awk '{ print $1}' | grep -E '^apiserver( |$)' | cat" register: deployment - name: Get SSL credentials - shell: "cat /var/lib/origin/openshift.local.config/apiserver-fullchain.pem" + shell: "cat {{ oc_host_config_dir }}/apiserver-fullchain.pem" register: apiserver_crt_plain when: use_ssl == True - name: Get SSL credentials - shell: "cat /var/lib/origin/openshift.local.config/apiserver-privkey.pem" + shell: "cat {{ oc_host_config_dir }}/apiserver-privkey.pem" register: apiserver_key_plain when: use_ssl == True @@ -86,40 +83,41 @@ retries: 60 delay: 10 - # We would like to use the route, but had problems with integration - # Keeping the route information here so we can revisit - # Issues: - # - We need to login, unsure what user/project to authenticate as - # - SSL certs complained they didn't match the route name - # - - - name: Get route for apiserver + - name: Wait for route for apiserver to be available shell: "'{{ oc_cmd }}' get route -n service-catalog --no-headers=true | grep -E '^apiserver( |$)' | cat" register: result_get_route_apiserver retries: 6 delay: 10 - - set_fact: - service_catalog_endpoint: "{{ result_get_route_apiserver.stdout }}" + - name: Save route of apiserver + shell: "{{ oc_cmd}} get route -n service-catalog --no-headers=true | awk '{print $2}'" + register: result_service_catalog_endpoint - # Falling back to using the unauthenticated IP of the Pod/Port for now - - name: Get IP of APIServer - shell: "{{ oc_cmd }} -n service-catalog describe pod `{{ oc_cmd }} get pods -n service-catalog | grep apiserver | awk '{print $1}'` | grep IP | awk '{print $2}'" - register: result_apiserver_ip - retries: 6 - delay: 10 + - set_fact: + service_catalog_endpoint: "{{ result_service_catalog_endpoint.stdout }}" - set_fact: - service_catalog_api_server_ip: "{{ result_apiserver_ip.stdout }}" + svc_cat_kube_config: "{{ ansible_env.HOME }}/.kube/service-catalog.config" - - name: Creating .kube/service-catalog.config from kubeconfig.templ.yaml.j2 - template: - src: kubeconfig.templ.yaml.j2 - dest: "{{ ansible_env.HOME }}/.kube/service-catalog.config" - owner: "{{ ansible_env.USER }}" - group: "{{ ansible_env.USER }}" - mode: 0644 + - name: Remove {{ svc_cat_kube_config }} if present + file: + path: "{{ svc_cat_kube_config }}" + state: absent + become: true + + # Below setups a kube config using the authenticated route for the apiserver from service catalog + - name: Create cluster entry in kube config for apiserver of service catalog + shell: "{{ kubectl_cmd }} config set-cluster service-catalog-cluster --insecure-skip-tls-verify=true --server=https://{{ service_catalog_endpoint }} --kubeconfig={{ svc_cat_kube_config }}" + + - name: Create user credentials entry in kube config for apiserver of service catalog + shell: "{{ kubectl_cmd }} config set-credentials admin/service-catalog-cluster --username=admin --password=admin --kubeconfig={{ svc_cat_kube_config }}" + + - name: Create context entry in kube config for apiserver of service catalog + shell: "{{ kubectl_cmd }} config set-context default/service-catalog-cluster/admin --cluster service-catalog-cluster --user=admin/service-catalog-cluster --kubeconfig={{ svc_cat_kube_config }}" + + - name: Create context entry in kube config for apiserver of service catalog + shell: "{{ kubectl_cmd }} config use-context default/service-catalog-cluster/admin --kubeconfig={{ svc_cat_kube_config }}" - lineinfile: dest={{ ansible_env.HOME }}/.bashrc line="{{ item }}" create=yes with_items: - - alias catctl="kubectl --kubeconfig={{ ansible_env.HOME }}/.kube/service-catalog.config" + - alias catctl="kubectl --kubeconfig={{ svc_cat_kube_config }}" diff --git a/ansible/setup_environment.yml b/ansible/setup_environment.yml index 23607f7..e868982 100644 --- a/ansible/setup_environment.yml +++ b/ansible/setup_environment.yml @@ -20,6 +20,16 @@ - name: Setting fact of security group id set_fact: my_security_group_id: "{{ hostvars.localhost.my_ec2_facts.instances[0].groups[0].id }}" + vars_prompt: + - name: dockerhub_user_name + prompt: "Enter your dockerhub username: " + private: no + - name: dockerhub_user_password + prompt: "Enter your dockerhub password: " + private: yes + - name: dockerhub_org_name + prompt: "Enter the dockerhub organization you'd like to pull images from: " + private: no roles: - ebs_volumes - aws_repo_setup @@ -39,7 +49,7 @@ SSH Key Name: {{ ssh_key_name }} Region: {{ aws_region }} Next steps: - 1) Visit https://apiserver-service-catalog.{{ openshift_hostname }} + 1) Visit https://apiserver-service-catalog.{{ openshift_routing_suffix }} 2) Accept the certificate 3) Visit https://{{ openshift_hostname }}:8443 for the console 4) Provision a RDS APB into awsdemo project diff --git a/ansible/setup_local_environment.yml b/ansible/setup_local_environment.yml index 04c1e9d..a619f98 100644 --- a/ansible/setup_local_environment.yml +++ b/ansible/setup_local_environment.yml @@ -20,7 +20,7 @@ msg: | Hostname: {{ openshift_hostname }} Next steps: - 1) Visit https://apiserver-service-catalog.{{ openshift_hostname }} + 1) Visit https://apiserver-service-catalog.{{ openshift_routing_suffix }} 2) Accept the certificate 3) Visit https://{{ openshift_hostname }}:8443 for the console OR diff --git a/ansible/setup_mac_environment.yml b/ansible/setup_mac_environment.yml new file mode 100644 index 0000000..f88c346 --- /dev/null +++ b/ansible/setup_mac_environment.yml @@ -0,0 +1,31 @@ +- hosts: localhost + gather_facts: True + vars_prompt: + - name: dockerhub_user_name + prompt: "Enter your dockerhub username: " + private: no + - name: dockerhub_user_password + prompt: "Enter your dockerhub password: " + private: yes + - name: dockerhub_org_name + prompt: "Enter the dockerhub organization you'd like to pull images from: " + private: no + roles: + - openshift_setup + - service_catalog_setup + - ansible_service_broker_setup + - local_demo_prep + - env_hacks + post_tasks: + - set_fact: + msg: | + Hostname: {{ openshift_hostname }} + Next steps: + 1) Visit https://apiserver-service-catalog.{{ openshift_routing_suffix }} + 2) Accept the certificate + 3) Visit https://{{ openshift_hostname }}:8443 for the console + OR + For CLI access: + oc login --insecure-skip-tls-verify {{ openshift_hostname }}:8443 -u {{ cluster_user }} -p {{ cluster_user_password }} + - debug: + msg: "{{ msg.split('\n') }}" diff --git a/ec2/my_vars.yml.example b/ec2/my_vars.yml.example new file mode 100644 index 0000000..1e184e3 --- /dev/null +++ b/ec2/my_vars.yml.example @@ -0,0 +1,5 @@ +--- + +dockerhub_user_name: example_user +dockerhub_user_password: example_password +dockerhub_org_name: example_org diff --git a/ec2/run_setup_environment.sh b/ec2/run_setup_environment.sh index 2120376..eb0a67f 100755 --- a/ec2/run_setup_environment.sh +++ b/ec2/run_setup_environment.sh @@ -3,6 +3,8 @@ [ -z "$AWS_SECRET_ACCESS_KEY" ] && echo "Missing environment variable: AWS_SECERT_ACCESS_KEY" && exit 1; [ -z "$AWS_SSH_PRIV_KEY_PATH" ] && echo "Missing environment variable: AWS_SSH_PRIV_KEY_PATH\nPlease set this to the path for your SSH private key\n" && exit 1; +extra_args='' ANS_CODE="../ansible" source ./common_vars -ansible-playbook -u ${EC2_USER} --private-key ${AWS_SSH_PRIV_KEY_PATH} -i ${ANS_CODE}/library/inventory/ec2.py ${ANS_CODE}/setup_environment.yml --extra-vars "${EXTRA_VARS}" +[[ ! -e my_vars.yml ]] || extra_args='-e @my_vars.yml' +ansible-playbook -u ${EC2_USER} --private-key ${AWS_SSH_PRIV_KEY_PATH} -i ${ANS_CODE}/library/inventory/ec2.py ${ANS_CODE}/setup_environment.yml --extra-vars "${EXTRA_VARS}" $extra_args $@ diff --git a/local/.gitignore b/local/.gitignore deleted file mode 100644 index 90de3d7..0000000 --- a/local/.gitignore +++ /dev/null @@ -1 +0,0 @@ -my_vars diff --git a/local/common_vars b/local/common_vars deleted file mode 100644 index 03473f2..0000000 --- a/local/common_vars +++ /dev/null @@ -1,5 +0,0 @@ -export CLUSTER_IP="$(ifconfig docker0 | grep inet | awk '{print $2}' | head -1)" - -export OPENSHIFT_HOSTNAME="${CLUSTER_IP}.nip.io" - -export EXTRA_VARS="{\"remove_docker_images\":${RESET_ENV}, \"ec2_install\":False, \"use_ssl\":False, \"openshift_hostname\":\"${OPENSHIFT_HOSTNAME}\"}" diff --git a/local/README.md b/local/linux/README.md similarity index 100% rename from local/README.md rename to local/linux/README.md diff --git a/local/linux/common_vars b/local/linux/common_vars new file mode 100644 index 0000000..55b1f2c --- /dev/null +++ b/local/linux/common_vars @@ -0,0 +1,6 @@ +export PUBLIC_IP="$(ifconfig docker0 | grep inet | awk '{print $2}' | head -1)" + +export OPENSHIFT_HOSTNAME="${PUBLIC_IP}" +export OPENSHIFT_ROUTING_SUFFIX="${PUBLIC_IP}.nip.io" + +export EXTRA_VARS="{\"remove_docker_images\":${RESET_ENV}, \"ec2_install\":False, \"use_ssl\":False, \"openshift_hostname\":\"${OPENSHIFT_HOSTNAME}\", \"openshift_routing_suffix\":\"${OPENSHIFT_ROUTING_SUFFIX}\" }" diff --git a/local/linux/my_vars.yml.example b/local/linux/my_vars.yml.example new file mode 100644 index 0000000..1e184e3 --- /dev/null +++ b/local/linux/my_vars.yml.example @@ -0,0 +1,5 @@ +--- + +dockerhub_user_name: example_user +dockerhub_user_password: example_password +dockerhub_org_name: example_org diff --git a/local/reset_environment.sh b/local/linux/reset_environment.sh similarity index 90% rename from local/reset_environment.sh rename to local/linux/reset_environment.sh index 7caf095..4d39f60 100755 --- a/local/reset_environment.sh +++ b/local/linux/reset_environment.sh @@ -2,7 +2,7 @@ export RESET_ENV="True" extra_args='' -ANS_CODE="../ansible" +ANS_CODE="../../ansible" source ./common_vars [[ ! -e my_vars.yml ]] || extra_args='-e @my_vars.yml' ansible-playbook ${ANS_CODE}/reset_local_environment.yml --extra-vars "${EXTRA_VARS}" $extra_args $@ diff --git a/local/run_setup_local.sh b/local/linux/run_setup_local.sh similarity index 89% rename from local/run_setup_local.sh rename to local/linux/run_setup_local.sh index c448870..89f6dec 100755 --- a/local/run_setup_local.sh +++ b/local/linux/run_setup_local.sh @@ -2,7 +2,7 @@ export RESET_ENV="False" extra_args='' -ANS_CODE="../ansible" +ANS_CODE="../../ansible" source ./common_vars [[ ! -e my_vars.yml ]] || extra_args='-e @my_vars.yml' ansible-playbook $ANS_CODE/setup_local_environment.yml --extra-vars "$EXTRA_VARS" $extra_args $@ diff --git a/local/mac/README.md b/local/mac/README.md new file mode 100644 index 0000000..912025b --- /dev/null +++ b/local/mac/README.md @@ -0,0 +1,93 @@ +# CATalogASB Local Deployment + +catasb is a collection of playbooks to create an OpenShift environment with a Service Catalog & Ansible Service Broker in a local environment. + +### Overview +These playbooks will: + * Setup Origin through `oc cluster up` + * Install Service Catalog on Origin + * Install Ansible Service Broker on Origin + +### Pre-Reqs + * ```socat``` needs to be installed + + brew install socat + + * We can NOT work with latest Docker for Mac. + * Older version of Docker for Mac needs to be installed + * https://download.docker.com/mac/stable/1.12.6.14937/Docker.dmg + * Info on issues seen: + * Error syncing pod, skipping: failed to "StartContainer" for "POD" with RunContainerError: "runContainer: docker: failed to parse docker version \"17.03.1-ce\": illegal zero-prefixed version component \"03\" in \"17.03.1-ce\"" + * https://github.com/openshift/origin/pull/13201 + * https://github.com/docker/for-mac/issues/1491 + * Docker setup: + * de-select check for updates + * Insecure Registry setting needed 172.30.0.0/16 + * Shared Folders (create these folders on your mac owned by your user) + * /docker_shared/origin + * /persistedvolumes + * Networking Setup + * We will create a static IP aliased to lo0 automatically. We are using the static IP address to ensure that we can always resolve openshift from the host as well as inside of containers. + * The local/mac/common_vars script will create a local alias automatically by running the below. + + sudo ifconfig lo0 alias 192.168.37.1 + + * Recommended way to install Ansible + * We recommend you install Ansible from pip instead of homebrew + * This will ensure Ansible is in the python path + * MacOS example Ansible to be installed from `pip` and not `brew` + * From homebrew we see: + + $ python -c "import ansible;print(ansible.__version__)" + Traceback (most recent call last): + File "", line 1, in + ImportError: No module named ansible + + brew uninstall ansible + pip install ansible + + $ python -c "import ansible;print(ansible.__version__)" + 2.3.0.0 + +### Notes + * Accessing the VM on OSX running docker: + * screen ~/Library/Containers/com.docker.docker/Data/com.docker.driver.amd64-linux/tty + * Performance Issues: + * Shared Volume issues + * https://github.com/docker/for-mac/issues/668 + * After mac host has been resumed (closed lid or went to sleep) the performance seems worse with oc commands + * Doing a reset_environment.sh brings things back to be better. + +### Execute + * `cd local/mac` + * Edit the variables file `local/mac/common_vars` + * Update: + * CLUSTER_IP if you want to use a different static IP. + * `./run_mac_local.sh` + * Sets up OpenShift + * In Web Browser + * Visit: `https://apiserver-service-catalog.CLUSTERIP.nip.io` + * Accept the certificate + * You will see some text on the screen, ignore this and proceed to the main openshift URL next + * Point of this step is just to accept the SSL cert for the apiserver-service-catalog endpoint + * Visit: `https://CLUSTERIP.nip.io:8443` + +### Bind Example + * Sample workflow showing how to create python webapp binding to a local postgres database + * Sample python web app to use: + * https://github.com/fusor/awsdemo.git + * Youtube Video showing workflow: + * https://www.youtube.com/watch?v=xmd52NhEjCk + +### Cleanup + +To terminate the local instance run the below + * `oc cluster down` + +To reset the environment to a clean instance of origin with ASB and Service Catalog run the below + * `cd local/mac` + * `./reset_environment.sh` + +### Tested with + * ansible 2.2.2.0 & 2.3.0.0 + * Problems were seen using ansible 2.0 diff --git a/local/mac/common_vars b/local/mac/common_vars new file mode 100644 index 0000000..713966b --- /dev/null +++ b/local/mac/common_vars @@ -0,0 +1,8 @@ +export PUBLIC_IP="192.168.37.1" +echo "We will create a lo0 alias for ${PUBLIC_IP}" +sudo ifconfig lo0 alias ${PUBLIC_IP} + +export OPENSHIFT_HOSTNAME="${PUBLIC_IP}" +export OPENSHIFT_ROUTING_SUFFIX="${PUBLIC_IP}.nip.io" + +export EXTRA_VARS="{\"ec2_install\":False, \"use_ssl\":False, \"oc_host_config_dir\":\"/docker_shared/origin\", \"openshift_hostname\":\"${OPENSHIFT_HOSTNAME}\", \"openshift_routing_suffix\":\"${OPENSHIFT_ROUTING_SUFFIX}\" }" diff --git a/local/mac/my_vars.yml.example b/local/mac/my_vars.yml.example new file mode 100644 index 0000000..1e184e3 --- /dev/null +++ b/local/mac/my_vars.yml.example @@ -0,0 +1,5 @@ +--- + +dockerhub_user_name: example_user +dockerhub_user_password: example_password +dockerhub_org_name: example_org diff --git a/local/mac/reset_environment.sh b/local/mac/reset_environment.sh new file mode 100755 index 0000000..529e486 --- /dev/null +++ b/local/mac/reset_environment.sh @@ -0,0 +1,8 @@ +#!/bin/sh +export RESET_ENV="True" + +extra_args='' +ANS_CODE="../../ansible" +source ./common_vars +[[ ! -e my_vars.yml ]] || extra_args='-e @my_vars.yml' +ansible-playbook ${ANS_CODE}/reset_mac_environment.yml --extra-vars "${EXTRA_VARS}" $extra_args $@ diff --git a/local/mac/run_mac_local.sh b/local/mac/run_mac_local.sh new file mode 100755 index 0000000..7cf3b86 --- /dev/null +++ b/local/mac/run_mac_local.sh @@ -0,0 +1,5 @@ +#!/bin/sh + +ANS_CODE="../../ansible" +source ./common_vars +ansible-playbook ${ANS_CODE}/setup_mac_environment.yml --extra-vars "${EXTRA_VARS}"