summaryrefslogtreecommitdiffstats
path: root/roles/nuage_master/files
diff options
context:
space:
mode:
authorVishal Patil <vishpat@gmail.com>2016-01-04 16:42:25 -0500
committerVishal Patil <vishpat@gmail.com>2016-01-25 13:19:13 -0500
commit93eb9ba8fc5d6d14b8ffff1b946c528233cbb1d5 (patch)
treea4a06f52e08aebe8c55c21002f3f2956cd178e0a /roles/nuage_master/files
parent530aaf841d38c036a2d08df075f85d63b8a52840 (diff)
downloadopenshift-93eb9ba8fc5d6d14b8ffff1b946c528233cbb1d5.tar.gz
openshift-93eb9ba8fc5d6d14b8ffff1b946c528233cbb1d5.tar.bz2
openshift-93eb9ba8fc5d6d14b8ffff1b946c528233cbb1d5.tar.xz
openshift-93eb9ba8fc5d6d14b8ffff1b946c528233cbb1d5.zip
Add Nuage support to openshift ansible
Added variables Made changes for node configuration Add service restart logic to node Fixed ansible syntax errors Add cert and key info for nodes Added active and standby controller ip configuration information Uncommented the nuage sdn check Changed ca_crt -> ca_cert Added restarting of atomic openshift master Removed service account dependencies Fixes Fixed the api server url Removed redundant restart of atomic openshift master Configure nuagekubemon on all of the master nodes Restart master api and controllers as well on nuagekubemon installation Converted plugin config into template Add template for nuagekubemon Removed uplink interface from vars Able to copy cert keys Uninstall default ovs Add the kubemon template Do not install rdo sdn rpms in case of nuage Addressed latest review comments Set the networkPluginName for nuage
Diffstat (limited to 'roles/nuage_master/files')
-rw-r--r--roles/nuage_master/files/serviceaccount.sh63
1 files changed, 63 insertions, 0 deletions
diff --git a/roles/nuage_master/files/serviceaccount.sh b/roles/nuage_master/files/serviceaccount.sh
new file mode 100644
index 000000000..f6fdb8a8d
--- /dev/null
+++ b/roles/nuage_master/files/serviceaccount.sh
@@ -0,0 +1,63 @@
+#!/bin/bash
+# Parse CLI options
+for i in "$@"; do
+ case $i in
+ --master-cert-dir=*)
+ MASTER_DIR="${i#*=}"
+ CA_CERT=${MASTER_DIR}/ca.crt
+ CA_KEY=${MASTER_DIR}/ca.key
+ CA_SERIAL=${MASTER_DIR}/ca.serial.txt
+ ADMIN_FILE=${MASTER_DIR}/admin.kubeconfig
+ ;;
+ --server=*)
+ SERVER="${i#*=}"
+ ;;
+ --output-cert-dir=*)
+ OUTDIR="${i#*=}"
+ CONFIG_FILE=${OUTDIR}/nuage.kubeconfig
+ ;;
+ esac
+done
+
+# If any are missing, print the usage and exit
+if [ -z $SERVER ] || [ -z $OUTDIR ] || [ -z $MASTER_DIR ]; then
+ echo "Invalid syntax: $@"
+ echo "Usage:"
+ echo " $0 --server=<address>:<port> --output-cert-dir=/path/to/output/dir/ --master-cert-dir=/path/to/master/"
+ echo "--master-cert-dir: Directory where the master's configuration is held"
+ echo "--server: Address of Kubernetes API server (default port is 8443)"
+ echo "--output-cert-dir: Directory to put artifacts in"
+ echo ""
+ echo "All options are required"
+ exit 1
+fi
+
+# Login as admin so that we can create the service account
+oc login -u system:admin --config=$ADMIN_FILE || exit 1
+oc project default --config=$ADMIN_FILE
+
+ACCOUNT_CONFIG='
+{
+ "apiVersion": "v1",
+ "kind": "ServiceAccount",
+ "metadata": {
+ "name": "nuage"
+ }
+}
+'
+
+# Create the account with the included info
+echo $ACCOUNT_CONFIG|oc create --config=$ADMIN_FILE -f -
+
+# Add the cluser-reader role, which allows this service account read access to
+# everything in the cluster except secrets
+oadm policy add-cluster-role-to-user cluster-reader system:serviceaccounts:default:nuage --config=$ADMIN_FILE
+
+# Generate certificates and a kubeconfig for the service account
+oadm create-api-client-config --certificate-authority=${CA_CERT} --client-dir=${OUTDIR} --signer-cert=${CA_CERT} --signer-key=${CA_KEY} --signer-serial=${CA_SERIAL} --user=system:serviceaccounts:default:nuage --master=${SERVER} --public-master=${SERVER} --basename='nuage'
+
+# Verify the finalized kubeconfig
+if ! [ $(oc whoami --config=$CONFIG_FILE) == 'system:serviceaccounts:default:nuage' ]; then
+ echo "Service account creation failed!"
+ exit 1
+fi