API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Apr 1st, 2019
263
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 3.94 KB | None | 0 0
raw download clone embed print report
  1. #!/bin/bash
  2.  
  3. CLUSTER_NAME=$1
  4. PASSWORD=$2
  5.  
  6. IDENTITY_ID=aos-sre
  7. IDENTITY_NAME="Red Hat SRE Test Auth"
  8.  
  9. if [ "$CLUSTER_NAME" == "" ] || [ "$PASSWORD" == "" ];
  10. then
  11. echo "Usage: make-osd <Cluster Name> <password used for all users>"
  12. exit 1
  13. fi
  14.  
  15. KUBECONFIG=~/.kube/$CLUSTER_NAME
  16.  
  17. pushd `mktemp -d` >> make-osd.log 2>&1
  18. echo "Temp working directory: `pwd`"
  19.  
  20. echo -n "Applying OAuth confg..."
  21.  
  22. # secret for htpasswd
  23. touch htpasswd
  24. htpasswd -b htpasswd $USER-sre $PASSWORD >> make-osd.log 2>&1
  25. htpasswd -b htpasswd $USER-customer $PASSWORD >> make-osd.log 2>&1
  26. htpasswd -b htpasswd $USER $PASSWORD >> make-osd.log 2>&1
  27. oc delete secret $IDENTITY_ID-secret -n openshift-config >> make-osd.log 2>&1
  28. oc create secret generic $IDENTITY_ID-secret --from-file=htpasswd=htpasswd -n openshift-config >> make-osd.log 2>&1
  29.  
  30. # oauth: htpasswd with branding
  31. git clone git@github.com:openshift/online.git --depth=1 -b prod >> make-osd.log 2>&1
  32. oc delete secret -n openshift-config oauth-templates >> make-osd.log 2>&1
  33.  
  34. oc create secret generic oauth-templates -n openshift-config \
  35. --from-file=login.html=online/ansible/roles/oso_custom_templates/files/dedicated/login.html \
  36. --from-file=providers.html=online/ansible/roles/oso_custom_templates/files/dedicated/provider-selection.html \
  37. --from-file=errors.html=online/ansible/roles/oso_custom_templates/files/dedicated/oauth-error.html >> make-osd.log 2>&1
  38.  
  39. echo "apiVersion: config.openshift.io/v1
  40. kind: OAuth
  41. metadata:
  42. name: cluster
  43. spec:
  44. identityProviders:
  45. - name: $IDENTITY_NAME
  46. challenge: true
  47. login: true
  48. mappingMethod: claim
  49. type: HTPasswd
  50. htpasswd:
  51. fileData:
  52. name: $IDENTITY_ID-secret
  53. templates:
  54. login:
  55. name: oauth-templates
  56. providerSelection:
  57. name: oauth-templates
  58. error:
  59. name: oauth-templates" > oauth.yaml
  60. oc apply -f oauth.yaml >> make-osd.log 2>&1
  61.  
  62. rm -rf online >> make-osd.log 2>&1
  63.  
  64. echo "done"
  65.  
  66. echo -n "Applying static configuration..."
  67.  
  68. # OSD static config
  69. git clone git@github.com:openshift/managed-cluster-config.git --depth=1 >> make-osd.log 2>&1
  70. oc apply -R -f managed-cluster-config/deploy/ >> make-osd.log 2>&1
  71. rm -rf managed-cluster-config >> make-osd.log 2>&1
  72.  
  73. echo "done"
  74.  
  75. echo -n "Applying OSD operators..."
  76.  
  77. # dedicated-admin operator
  78. git clone git@github.com:openshift/dedicated-admin-operator.git --depth=1 >> make-osd.log 2>&1
  79. oc apply -R -f dedicated-admin-opeator/manifests/ >> make-osd.log 2>&1
  80. rm -rf dedicated-admin-opeator >> make-osd.log 2>&1
  81.  
  82. echo "done"
  83.  
  84. echo -n "Adding users to groups..."
  85.  
  86. # osd-sre-admins Group
  87. echo "apiVersion: user.openshift.io/v1
  88. kind: Group
  89. metadata:
  90. name: osd-sre-admins
  91. users:
  92. - $USER-sre" > osd-sre-admins.Group.yaml
  93. oc apply -f osd-sre-admins.Group.yaml >> make-osd.log 2>&1
  94.  
  95. # dedicated-admins Group
  96. echo "apiVersion: user.openshift.io/v1
  97. kind: Group
  98. metadata:
  99. name: dedicated-admins
  100. users:
  101. - $USER-customer" > dedicated-admins.Group.yaml
  102. oc apply -f dedicated-admins.Group.yaml >> make-osd.log 2>&1
  103.  
  104. echo "done"
  105.  
  106. API_URL=`oc get infrastructures cluster -o json | jq -r .status.apiServerURL`
  107.  
  108. echo ""
  109.  
  110. echo "Cluster '$CLUSTER_NAME' is setup with:
  111. * OAuth: $IDENTITY_NAME
  112. * Users: $USER-sre, $USER-customer, $USER
  113. * Passwords: $PASSWORD
  114. * Group membership:
  115. * aos-sre-admins: $USER-sre
  116. * dedicated-admins: $USER-customer
  117.  
  118. Console URL: `oc get console cluster -o json | jq -r .status.consoleURL`
  119. Get Token: $(oc get --raw '/.well-known/oauth-authorization-server' | jq -r .token_endpoint)/request
  120.  
  121. Login as SRE admin:
  122. export KUBECONFIG=~/.kube/$CLUSTER_NAME-$USER-sre; oc login $API_URL -u $USER-sre -p $PASSWORD --insecure-skip-tls-verify=true
  123.  
  124. Login as dedicated-admin:
  125. export KUBECONFIG=~/.kube/$CLUSTER_NAME-$USER-customer; oc login $API_URL -u $USER-customer -p $PASSWORD --insecure-skip-tls-verify=true
  126.  
  127. Login as regular user:
  128. export KUBECONFIG=~/.kube/$CLUSTER_NAME-$USER; oc login $API_URL -u $USER -p $PASSWORD --insecure-skip-tls-verify=true
  129.  
  130. Logs for this are found here: `pwd`/make-osd.log"
  131.  
  132. popd >> make-osd.log 2>&1
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!