in scripts/cpd_install.py [0:0]
def installOCP(self, icpdInstallLogFile):
methodName = "installOCP"
TR.info(methodName," Start installation of Openshift Container Platform")
installConfigFile = "/ibm/installDir/install-config.yaml"
autoScalerFile = "/ibm/templates/cpd/machine-autoscaler.yaml"
healthcheckFile = "/ibm/templates/cpd/health-check.yaml"
icf_1az = "/ibm/installDir/install-config-1AZ.yaml"
icf_3az = "/ibm/installDir/install-config-3AZ.yaml"
asf_1az = "/ibm/templates/cpd/machine-autoscaler-1AZ.yaml"
asf_3az = "/ibm/templates/cpd/machine-autoscaler-3AZ.yaml"
hc_1az = "/ibm/templates/cpd/health-check-1AZ.yaml"
hc_3az = "/ibm/templates/cpd/health-check-3AZ.yaml"
if(len(self.zones)==1):
shutil.copyfile(icf_1az,installConfigFile)
shutil.copyfile(asf_1az,autoScalerFile)
shutil.copyfile(hc_1az, healthcheckFile)
else:
shutil.copyfile(icf_3az,installConfigFile)
shutil.copyfile(asf_3az,autoScalerFile)
shutil.copyfile(hc_3az, healthcheckFile)
self.updateTemplateFile(installConfigFile,'${az1}',self.zones[0])
self.updateTemplateFile(installConfigFile,'${baseDomain}',self.DomainName)
self.updateTemplateFile(installConfigFile,'${master-instance-type}',self.MasterInstanceType)
self.updateTemplateFile(installConfigFile,'${worker-instance-type}',self.ComputeInstanceType)
self.updateTemplateFile(installConfigFile,'${worker-instance-count}',self.NumberOfCompute)
self.updateTemplateFile(installConfigFile,'${master-instance-count}',self.NumberOfMaster)
self.updateTemplateFile(installConfigFile,'${region}',self.region)
self.updateTemplateFile(installConfigFile,'${subnet-1}',self.PrivateSubnet1ID)
self.updateTemplateFile(installConfigFile,'${subnet-2}',self.PublicSubnet1ID)
self.updateTemplateFile(installConfigFile,'${pullSecret}',self.readFileContent(self.pullSecret))
self.updateTemplateFile(installConfigFile,'${sshKey}',self.readFileContent("/root/.ssh/id_rsa.pub"))
self.updateTemplateFile(installConfigFile,'${clustername}',self.ClusterName)
self.updateTemplateFile(installConfigFile, '${FIPS}',self.EnableFips)
self.updateTemplateFile(installConfigFile, '${PrivateCluster}',self.PrivateCluster)
self.updateTemplateFile(installConfigFile, '${cluster-cidr}',self.ClusterNetworkCIDR)
self.updateTemplateFile(installConfigFile, '${machine-cidr}', self.VPCCIDR)
self.updateTemplateFile(autoScalerFile, '${az1}', self.zones[0])
self.updateTemplateFile(healthcheckFile, '${az1}', self.zones[0])
if(len(self.zones)>1):
self.updateTemplateFile(installConfigFile,'${az2}',self.zones[1])
self.updateTemplateFile(installConfigFile,'${az3}',self.zones[2])
self.updateTemplateFile(installConfigFile,'${subnet-3}',self.PrivateSubnet2ID)
self.updateTemplateFile(installConfigFile,'${subnet-4}',self.PrivateSubnet3ID)
self.updateTemplateFile(installConfigFile,'${subnet-5}',self.PublicSubnet2ID)
self.updateTemplateFile(installConfigFile,'${subnet-6}',self.PublicSubnet3ID)
self.updateTemplateFile(autoScalerFile, '${az2}', self.zones[1])
self.updateTemplateFile(autoScalerFile, '${az3}', self.zones[2])
self.updateTemplateFile(healthcheckFile, '${az2}', self.zones[1])
self.updateTemplateFile(healthcheckFile, '${az3}', self.zones[2])
TR.info(methodName,"Download Openshift Container Platform")
self.getS3Object(bucket=self.cpdbucketName, s3Path="3.5.2/openshift-install", destPath="/ibm/openshift-install")
self.getS3Object(bucket=self.cpdbucketName, s3Path="3.5.2/oc", destPath="/usr/bin/oc")
self.getS3Object(bucket=self.cpdbucketName, s3Path="3.5.2/kubectl", destPath="/usr/bin/kubectl")
os.chmod("/usr/bin/oc", stat.S_IEXEC)
os.chmod("/usr/bin/kubectl", stat.S_IEXEC)
TR.info(methodName,"Initiating installation of Openshift Container Platform")
os.chmod("/ibm/openshift-install", stat.S_IEXEC)
install_ocp = "sudo ./openshift-install create cluster --dir=/ibm/installDir --log-level=debug"
TR.info(methodName,"Output File name: %s"%icpdInstallLogFile)
try:
process = Popen(install_ocp,shell=True,stdout=icpdInstallLogFile,stderr=icpdInstallLogFile,close_fds=True)
stdoutdata,stderrdata=process.communicate()
except CalledProcessError as e:
TR.error(methodName, "ERROR return code: %s, Exception: %s" % (e.returncode, e), e)
raise e
TR.info(methodName,"Installation of Openshift Container Platform %s %s" %(stdoutdata,stderrdata))
time.sleep(30)
destDir = "/root/.kube"
if (not os.path.exists(destDir)):
os.makedirs(destDir)
shutil.copyfile("/ibm/installDir/auth/kubeconfig","/root/.kube/config")
self.ocpassword = self.readFileContent("/ibm/installDir/auth/kubeadmin-password").rstrip("\n\r")
self.logincmd = "oc login -u kubeadmin -p "+self.ocpassword
try:
call(self.logincmd, shell=True,stdout=icpdInstallLogFile)
except CalledProcessError as e:
TR.error(methodName,"command '{}' return with error (code {}): {}".format(e.cmd, e.returncode, e.output))
get_clusterId = r"oc get machineset -n openshift-machine-api -o jsonpath='{.items[0].metadata.labels.machine\.openshift\.io/cluster-api-cluster}'"
TR.info(methodName,"get_clusterId %s"%get_clusterId)
try:
self.clusterID = check_output(['bash','-c',get_clusterId])
TR.info(methodName,"self.clusterID %s"%self.clusterID)
except CalledProcessError as e:
TR.error(methodName,"command '{}' return with error (code {}): {}".format(e.cmd, e.returncode, e.output))
self.updateTemplateFile(autoScalerFile, 'CLUSTERID', self.clusterID)
create_machine_as_cmd = "oc create -f "+autoScalerFile
TR.info(methodName,"Create of Machine auto scaler")
try:
retcode = check_output(['bash','-c', create_machine_as_cmd])
TR.info(methodName,"Created Machine auto scaler %s" %retcode)
except CalledProcessError as e:
TR.error(methodName,"command '{}' return with error (code {}): {}".format(e.cmd, e.returncode, e.output))
self.updateTemplateFile(healthcheckFile, 'CLUSTERID', self.clusterID)
create_healthcheck_cmd = "oc create -f "+healthcheckFile
TR.info(methodName,"Create of Health check")
try:
retcode = check_output(['bash','-c', create_healthcheck_cmd])
TR.info(methodName,"Created Health check %s" %retcode)
except CalledProcessError as e:
TR.error(methodName,"command '{}' return with error (code {}): {}".format(e.cmd, e.returncode, e.output))
TR.info(methodName,"Create OCP registry")
registry_mc = "/ibm/templates/cpd/insecure-registry.yaml"
registries = "/ibm/templates/cpd/registries.conf"
crio_conf = "/ibm/templates/cpd/crio.conf"
crio_mc = "/ibm/templates/cpd/crio-mc.yaml"
route = "default-route-openshift-image-registry.apps."+self.ClusterName+"."+self.DomainName
self.updateTemplateFile(registries, '${registry-route}', route)
config_data = base64.b64encode(self.readFileContent(registries))
self.updateTemplateFile(registry_mc, '${config-data}', config_data)
crio_config_data = base64.b64encode(self.readFileContent(crio_conf))
self.updateTemplateFile(crio_mc, '${crio-config-data}', crio_config_data)
route_cmd = "oc patch configs.imageregistry.operator.openshift.io/cluster --type merge -p '{\"spec\":{\"defaultRoute\":true,\"replicas\":"+self.NumberOfAZs+"}}'"
TR.info(methodName,"Creating route with command %s"%route_cmd)
annotate_cmd = "oc annotate route default-route haproxy.router.openshift.io/timeout=600s -n openshift-image-registry"
sessionAffinity_cmd = "oc patch svc/image-registry -p '{\"spec\":{\"sessionAffinity\": \"ClientIP\"}}' -n openshift-image-registry"
update_mgmt_state_cmd = "oc patch configs.imageregistry.operator.openshift.io/cluster --type merge -p '{\"spec\":{\"managementState\":\"Unmanaged\"}}'"
set_s3_storage_limit = "oc set env deployment/image-registry -n openshift-image-registry REGISTRY_STORAGE_S3_CHUNKSIZE=104857600"
try:
retcode = check_output(['bash','-c', route_cmd])
TR.info(methodName,"Created route with command %s returned %s"%(route_cmd,retcode))
time.sleep(30)
except CalledProcessError as e:
TR.error(methodName,"command '{}' return with error (code {}): {}".format(e.cmd, e.returncode, e.output))
try:
retcode = call(annotate_cmd,shell=True, stdout=icpdInstallLogFile)
TR.info(methodName,"annotate_cmd %s retcode=%s" %(annotate_cmd,retcode))
time.sleep(30)
retcode = call(sessionAffinity_cmd,shell=True, stdout=icpdInstallLogFile)
TR.info(methodName,"sessionAffinity_cmd %s retcode=%s" %(sessionAffinity_cmd,retcode))
time.sleep(30)
retcode = call(update_mgmt_state_cmd,shell=True, stdout=icpdInstallLogFile)
TR.info(methodName,"update_mgmt_state_cmd %s retcode=%s" %(update_mgmt_state_cmd,retcode))
time.sleep(30)
retcode = call(set_s3_storage_limit,shell=True, stdout=icpdInstallLogFile)
TR.info(methodName,"set_s3_storage_limit %s retcode=%s" %(set_s3_storage_limit,retcode))
time.sleep(30)
except CalledProcessError as e:
TR.error(methodName,"command '{}' return with error (code {}): {}".format(e.cmd, e.returncode, e.output))
destDir = "/etc/containers/"
if (not os.path.exists(destDir)):
os.makedirs(destDir)
shutil.copyfile(registries,"/etc/containers/registries.conf")
create_registry = "oc create -f "+registry_mc
create_crio_mc = "oc create -f "+crio_mc
"""
Addd logic to create openshift httpdpasswd and use it instead of default kubeadmin credentials
"""
TR.info(methodName,"Creating htpasswd for openshift")
htpasswd_cmd = "htpasswd -c -B -b /tmp/.htpasswd admin "+self.password
htpass_secret_cmd = "oc create secret generic htpass-secret --from-file=htpasswd=/tmp/.htpasswd -n openshift-config"
create_OAuth_cmd = "oc apply -f /ibm/installDir/auth-htpasswd.yaml"
create_oc_policy_cmd = "oc adm policy add-cluster-role-to-user cluster-admin admin"
TR.info(methodName,"Creating htpasswd for openshift with command")
try:
time.sleep(30)
htpasswd_retcode = check_output(['bash','-c', htpasswd_cmd])
TR.info(methodName,"Creating OC secret generic with command %s"%htpass_secret_cmd)
time.sleep(30)
secret_retcode = check_output(['bash','-c', htpass_secret_cmd])
TR.info(methodName,"Creating OAuth with command %s"%create_OAuth_cmd)
oauth_retcode = check_output(['bash','-c', create_OAuth_cmd])
TR.info(methodName,"Creating OC Adm policy add cluster role to user with command %s"%create_oc_policy_cmd)
oc_policy_retcode = check_output(['bash','-c', create_oc_policy_cmd])
except CalledProcessError as e:
TR.error(methodName,"command '{}' return with error (code {}): {}".format(e.cmd, e.returncode, e.output))
TR.info(methodName,"Created htpasswd returned %s"%(htpasswd_retcode))
TR.info(methodName,"Created OC secret with command %s returned %s"%(htpass_secret_cmd,secret_retcode))
TR.info(methodName,"Created OAuth with command %s returned %s"%(create_OAuth_cmd,oauth_retcode))
TR.info(methodName,"Created Cluster role to user with command %s returned %s"%(create_oc_policy_cmd,oc_policy_retcode))
TR.info(methodName,"Created htpasswd for openshift")
TR.info(methodName,"Creating registry mc with command %s"%create_registry)
try:
reg_retcode = check_output(['bash','-c', create_registry])
TR.info(methodName,"Creating crio mc with command %s"%create_crio_mc)
crio_retcode = check_output(['bash','-c', create_crio_mc])
except CalledProcessError as e:
TR.error(methodName,"command '{}' return with error (code {}): {}".format(e.cmd, e.returncode, e.output))
TR.info(methodName,"Created regsitry with command %s returned %s"%(create_registry,reg_retcode))
TR.info(methodName,"Created Crio mc with command %s returned %s"%(create_crio_mc,crio_retcode))
create_cluster_as_cmd = "oc create -f /ibm/templates/cpd/cluster-autoscaler.yaml"
TR.info(methodName,"Create of Cluster auto scaler")
try:
retcode = check_output(['bash','-c', create_cluster_as_cmd])
TR.info(methodName,"Created Cluster auto scaler %s" %retcode)
except CalledProcessError as e:
TR.error(methodName,"command '{}' return with error (code {}): {}".format(e.cmd, e.returncode, e.output))
"""
"oc create -f ${local.ocptemplates}/wkc-sysctl-mc.yaml",
"oc create -f ${local.ocptemplates}/security-limits-mc.yaml",
"""
sysctl_cmd = "oc create -f /ibm/templates/cpd/wkc-sysctl-mc.yaml"
TR.info(methodName,"Create SystemCtl Machine config")
try:
retcode = check_output(['bash','-c', sysctl_cmd])
TR.info(methodName,"Created SystemCtl Machine config %s" %retcode)
except CalledProcessError as e:
TR.error(methodName,"command '{}' return with error (code {}): {}".format(e.cmd, e.returncode, e.output))
secLimits_cmd = "oc create -f /ibm/templates/cpd/security-limits-mc.yaml"
TR.info(methodName,"Create Security Limits Machine config")
try:
retcode = check_output(['bash','-c', secLimits_cmd])
TR.info(methodName,"Created Security Limits Machine config %s" %retcode)
except CalledProcessError as e:
TR.error(methodName,"command '{}' return with error (code {}): {}".format(e.cmd, e.returncode, e.output))
time.sleep(600)
oc_route_cmd = "oc get route console -n openshift-console | grep 'console' | awk '{print $2}'"
TR.info(methodName, "Get OC URL")
try:
self.openshiftURL = check_output(['bash','-c', oc_route_cmd])
TR.info(methodName, "OC URL retrieved %s"%self.openshiftURL)
except CalledProcessError as e:
TR.error(methodName,"command '{}' return with error (code {}): {}".format(e.cmd, e.returncode, e.output))
TR.info(methodName," Completed installation of Openshift Container Platform")