Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/bin/bash
- CLUSTER_NAME=$1
- PASSWORD=$2
- IDENTITY_ID=aos-sre
- IDENTITY_NAME="Red Hat SRE Test Auth"
- if [ "$CLUSTER_NAME" == "" ] || [ "$PASSWORD" == "" ];
- then
- echo "Usage: make-osd <Cluster Name> <password used for all users>"
- exit 1
- fi
- KUBECONFIG=~/.kube/$CLUSTER_NAME
- pushd `mktemp -d` >> make-osd.log 2>&1
- echo "Temp working directory: `pwd`"
- echo -n "Applying OAuth confg..."
- # secret for htpasswd
- touch htpasswd
- htpasswd -b htpasswd $USER-sre $PASSWORD >> make-osd.log 2>&1
- htpasswd -b htpasswd $USER-customer $PASSWORD >> make-osd.log 2>&1
- htpasswd -b htpasswd $USER $PASSWORD >> make-osd.log 2>&1
- oc delete secret $IDENTITY_ID-secret -n openshift-config >> make-osd.log 2>&1
- oc create secret generic $IDENTITY_ID-secret --from-file=htpasswd=htpasswd -n openshift-config >> make-osd.log 2>&1
- # oauth: htpasswd with branding
- git clone git@github.com:openshift/online.git --depth=1 -b prod >> make-osd.log 2>&1
- oc delete secret -n openshift-config oauth-templates >> make-osd.log 2>&1
- oc create secret generic oauth-templates -n openshift-config \
- --from-file=login.html=online/ansible/roles/oso_custom_templates/files/dedicated/login.html \
- --from-file=providers.html=online/ansible/roles/oso_custom_templates/files/dedicated/provider-selection.html \
- --from-file=errors.html=online/ansible/roles/oso_custom_templates/files/dedicated/oauth-error.html >> make-osd.log 2>&1
- echo "apiVersion: config.openshift.io/v1
- kind: OAuth
- metadata:
- name: cluster
- spec:
- identityProviders:
- - name: $IDENTITY_NAME
- challenge: true
- login: true
- mappingMethod: claim
- type: HTPasswd
- htpasswd:
- fileData:
- name: $IDENTITY_ID-secret
- templates:
- login:
- name: oauth-templates
- providerSelection:
- name: oauth-templates
- error:
- name: oauth-templates" > oauth.yaml
- oc apply -f oauth.yaml >> make-osd.log 2>&1
- rm -rf online >> make-osd.log 2>&1
- echo "done"
- echo -n "Applying static configuration..."
- # OSD static config
- git clone git@github.com:openshift/managed-cluster-config.git --depth=1 >> make-osd.log 2>&1
- oc apply -R -f managed-cluster-config/deploy/ >> make-osd.log 2>&1
- rm -rf managed-cluster-config >> make-osd.log 2>&1
- echo "done"
- echo -n "Applying OSD operators..."
- # dedicated-admin operator
- git clone git@github.com:openshift/dedicated-admin-operator.git --depth=1 >> make-osd.log 2>&1
- oc apply -R -f dedicated-admin-opeator/manifests/ >> make-osd.log 2>&1
- rm -rf dedicated-admin-opeator >> make-osd.log 2>&1
- echo "done"
- echo -n "Adding users to groups..."
- # osd-sre-admins Group
- echo "apiVersion: user.openshift.io/v1
- kind: Group
- metadata:
- name: osd-sre-admins
- users:
- - $USER-sre" > osd-sre-admins.Group.yaml
- oc apply -f osd-sre-admins.Group.yaml >> make-osd.log 2>&1
- # dedicated-admins Group
- echo "apiVersion: user.openshift.io/v1
- kind: Group
- metadata:
- name: dedicated-admins
- users:
- - $USER-customer" > dedicated-admins.Group.yaml
- oc apply -f dedicated-admins.Group.yaml >> make-osd.log 2>&1
- echo "done"
- API_URL=`oc get infrastructures cluster -o json | jq -r .status.apiServerURL`
- echo ""
- echo "Cluster '$CLUSTER_NAME' is setup with:
- * OAuth: $IDENTITY_NAME
- * Users: $USER-sre, $USER-customer, $USER
- * Passwords: $PASSWORD
- * Group membership:
- * aos-sre-admins: $USER-sre
- * dedicated-admins: $USER-customer
- Console URL: `oc get console cluster -o json | jq -r .status.consoleURL`
- Get Token: $(oc get --raw '/.well-known/oauth-authorization-server' | jq -r .token_endpoint)/request
- Login as SRE admin:
- export KUBECONFIG=~/.kube/$CLUSTER_NAME-$USER-sre; oc login $API_URL -u $USER-sre -p $PASSWORD --insecure-skip-tls-verify=true
- Login as dedicated-admin:
- export KUBECONFIG=~/.kube/$CLUSTER_NAME-$USER-customer; oc login $API_URL -u $USER-customer -p $PASSWORD --insecure-skip-tls-verify=true
- Login as regular user:
- export KUBECONFIG=~/.kube/$CLUSTER_NAME-$USER; oc login $API_URL -u $USER -p $PASSWORD --insecure-skip-tls-verify=true
- Logs for this are found here: `pwd`/make-osd.log"
- popd >> make-osd.log 2>&1
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement