SHARE
TWEET

Untitled

a guest Apr 1st, 2019 200 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. #!/bin/bash
  2.  
  3. CLUSTER_NAME=$1
  4. PASSWORD=$2
  5.  
  6. IDENTITY_ID=aos-sre
  7. IDENTITY_NAME="Red Hat SRE Test Auth"
  8.  
  9. if [ "$CLUSTER_NAME" == "" ] || [ "$PASSWORD" == "" ];
  10. then
  11.     echo "Usage: make-osd <Cluster Name> <password used for all users>"
  12.     exit 1
  13. fi
  14.  
  15. KUBECONFIG=~/.kube/$CLUSTER_NAME
  16.  
  17. pushd `mktemp -d` >> make-osd.log 2>&1
  18. echo "Temp working directory: `pwd`"
  19.  
  20. echo -n "Applying OAuth confg..."
  21.  
  22. # secret for htpasswd
  23. touch htpasswd
  24. htpasswd -b htpasswd $USER-sre $PASSWORD >> make-osd.log 2>&1
  25. htpasswd -b htpasswd $USER-customer $PASSWORD >> make-osd.log 2>&1
  26. htpasswd -b htpasswd $USER $PASSWORD >> make-osd.log 2>&1
  27. oc delete secret $IDENTITY_ID-secret -n openshift-config >> make-osd.log 2>&1
  28. oc create secret generic $IDENTITY_ID-secret --from-file=htpasswd=htpasswd -n openshift-config >> make-osd.log 2>&1
  29.  
  30. # oauth: htpasswd with branding
  31. git clone git@github.com:openshift/online.git --depth=1 -b prod >> make-osd.log 2>&1
  32. oc delete secret -n openshift-config oauth-templates >> make-osd.log 2>&1
  33.  
  34. oc create secret generic oauth-templates -n openshift-config \
  35.     --from-file=login.html=online/ansible/roles/oso_custom_templates/files/dedicated/login.html \
  36.     --from-file=providers.html=online/ansible/roles/oso_custom_templates/files/dedicated/provider-selection.html \
  37.     --from-file=errors.html=online/ansible/roles/oso_custom_templates/files/dedicated/oauth-error.html >> make-osd.log 2>&1
  38.  
  39. echo "apiVersion: config.openshift.io/v1
  40. kind: OAuth
  41. metadata:
  42.   name: cluster
  43. spec:
  44.   identityProviders:
  45.   - name: $IDENTITY_NAME
  46.     challenge: true
  47.     login: true
  48.     mappingMethod: claim
  49.     type: HTPasswd
  50.     htpasswd:
  51.       fileData:
  52.         name: $IDENTITY_ID-secret
  53.   templates:
  54.     login:
  55.       name: oauth-templates
  56.     providerSelection:
  57.       name: oauth-templates
  58.     error:
  59.       name: oauth-templates" > oauth.yaml
  60. oc apply -f oauth.yaml >> make-osd.log 2>&1
  61.  
  62. rm -rf online >> make-osd.log 2>&1
  63.  
  64. echo "done"
  65.  
  66. echo -n "Applying static configuration..."
  67.  
  68. # OSD static config
  69. git clone git@github.com:openshift/managed-cluster-config.git --depth=1 >> make-osd.log 2>&1
  70. oc apply -R -f managed-cluster-config/deploy/ >> make-osd.log 2>&1
  71. rm -rf managed-cluster-config >> make-osd.log 2>&1
  72.  
  73. echo "done"
  74.  
  75. echo -n "Applying OSD operators..."
  76.  
  77. # dedicated-admin operator
  78. git clone git@github.com:openshift/dedicated-admin-operator.git --depth=1 >> make-osd.log 2>&1
  79. oc apply -R -f dedicated-admin-opeator/manifests/ >> make-osd.log 2>&1
  80. rm -rf dedicated-admin-opeator >> make-osd.log 2>&1
  81.  
  82. echo "done"
  83.  
  84. echo -n "Adding users to groups..."
  85.  
  86. # osd-sre-admins Group
  87. echo "apiVersion: user.openshift.io/v1
  88. kind: Group
  89. metadata:
  90.   name: osd-sre-admins
  91. users:
  92. - $USER-sre" > osd-sre-admins.Group.yaml
  93. oc apply -f osd-sre-admins.Group.yaml >> make-osd.log 2>&1
  94.  
  95. # dedicated-admins Group
  96. echo "apiVersion: user.openshift.io/v1
  97. kind: Group
  98. metadata:
  99.   name: dedicated-admins
  100. users:
  101. - $USER-customer" > dedicated-admins.Group.yaml
  102. oc apply -f dedicated-admins.Group.yaml >> make-osd.log 2>&1
  103.  
  104. echo "done"
  105.  
  106. API_URL=`oc get infrastructures cluster -o json | jq -r .status.apiServerURL`
  107.  
  108. echo ""
  109.  
  110. echo "Cluster '$CLUSTER_NAME' is setup with:
  111. * OAuth: $IDENTITY_NAME
  112. * Users: $USER-sre, $USER-customer, $USER
  113. * Passwords: $PASSWORD
  114. * Group membership:
  115.     * aos-sre-admins: $USER-sre
  116.     * dedicated-admins: $USER-customer
  117.  
  118. Console URL: `oc get console cluster -o json | jq -r .status.consoleURL`
  119. Get Token: $(oc get --raw '/.well-known/oauth-authorization-server' | jq -r .token_endpoint)/request
  120.  
  121. Login as SRE admin:
  122. export KUBECONFIG=~/.kube/$CLUSTER_NAME-$USER-sre; oc login $API_URL -u $USER-sre -p $PASSWORD --insecure-skip-tls-verify=true
  123.  
  124. Login as dedicated-admin:
  125. export KUBECONFIG=~/.kube/$CLUSTER_NAME-$USER-customer; oc login $API_URL -u $USER-customer -p $PASSWORD --insecure-skip-tls-verify=true
  126.  
  127. Login as regular user:
  128. export KUBECONFIG=~/.kube/$CLUSTER_NAME-$USER; oc login $API_URL -u $USER -p $PASSWORD --insecure-skip-tls-verify=true
  129.  
  130. Logs for this are found here: `pwd`/make-osd.log"
  131.  
  132. popd >> make-osd.log 2>&1
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top