diff options
| author | Vishal Patil <vishpat@gmail.com> | 2016-01-04 16:42:25 -0500 |
|---|---|---|
| committer | Vishal Patil <vishpat@gmail.com> | 2016-01-25 13:19:13 -0500 |
| commit | 93eb9ba8fc5d6d14b8ffff1b946c528233cbb1d5 (patch) | |
| tree | a4a06f52e08aebe8c55c21002f3f2956cd178e0a /roles/nuage_master/files | |
| parent | 530aaf841d38c036a2d08df075f85d63b8a52840 (diff) | |
| download | openshift-93eb9ba8fc5d6d14b8ffff1b946c528233cbb1d5.tar.gz openshift-93eb9ba8fc5d6d14b8ffff1b946c528233cbb1d5.tar.bz2 openshift-93eb9ba8fc5d6d14b8ffff1b946c528233cbb1d5.tar.xz openshift-93eb9ba8fc5d6d14b8ffff1b946c528233cbb1d5.zip | |
Add Nuage support to openshift ansible
Added variables
Made changes for node configuration
Add service restart logic to node
Fixed ansible syntax errors
Add cert and key info for nodes
Added active and standby controller ip configuration information
Uncommented the nuage sdn check
Changed ca_crt -> ca_cert
Added restarting of atomic openshift master
Removed service account dependencies
Fixes
Fixed the api server url
Removed redundant restart of atomic openshift master
Configure nuagekubemon on all of the master nodes
Restart master api and controllers as well on nuagekubemon installation
Converted plugin config into template
Add template for nuagekubemon
Removed uplink interface from vars
Able to copy cert keys
Uninstall default ovs
Add the kubemon template
Do not install rdo sdn rpms in case of nuage
Addressed latest review comments
Set the networkPluginName for nuage
Diffstat (limited to 'roles/nuage_master/files')
| -rw-r--r-- | roles/nuage_master/files/serviceaccount.sh | 63 |
1 files changed, 63 insertions, 0 deletions
diff --git a/roles/nuage_master/files/serviceaccount.sh b/roles/nuage_master/files/serviceaccount.sh new file mode 100644 index 000000000..f6fdb8a8d --- /dev/null +++ b/roles/nuage_master/files/serviceaccount.sh @@ -0,0 +1,63 @@ +#!/bin/bash +# Parse CLI options +for i in "$@"; do + case $i in + --master-cert-dir=*) + MASTER_DIR="${i#*=}" + CA_CERT=${MASTER_DIR}/ca.crt + CA_KEY=${MASTER_DIR}/ca.key + CA_SERIAL=${MASTER_DIR}/ca.serial.txt + ADMIN_FILE=${MASTER_DIR}/admin.kubeconfig + ;; + --server=*) + SERVER="${i#*=}" + ;; + --output-cert-dir=*) + OUTDIR="${i#*=}" + CONFIG_FILE=${OUTDIR}/nuage.kubeconfig + ;; + esac +done + +# If any are missing, print the usage and exit +if [ -z $SERVER ] || [ -z $OUTDIR ] || [ -z $MASTER_DIR ]; then + echo "Invalid syntax: $@" + echo "Usage:" + echo " $0 --server=<address>:<port> --output-cert-dir=/path/to/output/dir/ --master-cert-dir=/path/to/master/" + echo "--master-cert-dir: Directory where the master's configuration is held" + echo "--server: Address of Kubernetes API server (default port is 8443)" + echo "--output-cert-dir: Directory to put artifacts in" + echo "" + echo "All options are required" + exit 1 +fi + +# Login as admin so that we can create the service account +oc login -u system:admin --config=$ADMIN_FILE || exit 1 +oc project default --config=$ADMIN_FILE + +ACCOUNT_CONFIG=' +{ + "apiVersion": "v1", + "kind": "ServiceAccount", + "metadata": { + "name": "nuage" + } +} +' + +# Create the account with the included info +echo $ACCOUNT_CONFIG|oc create --config=$ADMIN_FILE -f - + +# Add the cluser-reader role, which allows this service account read access to +# everything in the cluster except secrets +oadm policy add-cluster-role-to-user cluster-reader system:serviceaccounts:default:nuage --config=$ADMIN_FILE + +# Generate certificates and a kubeconfig for the service account +oadm create-api-client-config --certificate-authority=${CA_CERT} --client-dir=${OUTDIR} --signer-cert=${CA_CERT} --signer-key=${CA_KEY} --signer-serial=${CA_SERIAL} --user=system:serviceaccounts:default:nuage --master=${SERVER} --public-master=${SERVER} --basename='nuage' + +# Verify the finalized kubeconfig +if ! [ $(oc whoami --config=$CONFIG_FILE) == 'system:serviceaccounts:default:nuage' ]; then + echo "Service account creation failed!" + exit 1 +fi |