-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathpost-ose-setup.sh
83 lines (62 loc) · 3.07 KB
/
post-ose-setup.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
#!/bin/bash
# Post installation
# Change password as per your requirement
admpas=admin2675
userpas=pkar2675
# Backup config file
cp /etc/origin/master/master-config.yaml /etc/origin/master/master-config.yaml.original
# Get all nodes details
oc get nodes
oc get nodes --show-labels
# Set hosts proper levels
oc label node ose-hub.cloud-cafe.in region="infra" zone="infranodes" --overwrite
oc label node ose-node1.cloud-cafe.in region="primary" zone="east" --overwrite
oc label node ose-node2.cloud-cafe.in region="primary" zone="west"
# Check all nodes details are updated
oc get nodes
oc get nodes --show-labels
# Edit /etc/origin/master/master-config.yaml and Set defaultNodeSelector like defaultNodeSelector: "region=primary"
sed -i 's/ defaultNodeSelector: ""/ defaultNodeSelector: "region=primary"/' /etc/origin/master/master-config.yaml
# Set NodeSelector like node-selector: "region=infra" for pod (registry & route) deplyment
oc patch namespace default -p '{"metadata":{"annotations":{"openshift.io/node-selector":"region=infra"}}}'
# Check it updated properly or not
oc get namespace default -o yaml
# Restart openshift services master
systemctl restart atomic-openshift-master
systemctl status atomic-openshift-master
# Setting Authentication openshift
yum install -y httpd-tools
htpasswd -b -c /etc/origin/master/users.htpasswd admin $admpas
htpasswd -b /etc/origin/master/users.htpasswd pkar $userpas
# Then edit /etc/origin/master/master-config.yaml as follows
# -------
#identityProviders:
# - name: my_htpasswd_provider
# challenge: true
# login: true
# mappingMethod: claim
# provider:
# apiVersion: v1
# kind: HTPasswdPasswordIdentityProvider
# file: /etc/origin/master/users.htpasswd
# -------
# Please execute below command and In annotations section,
# add the this line "openshift.io/node-selector: region=infra" in the default namespace object:
## oc edit namespace default
# Check it updated properly or not
## oc get namespace default -o yaml
# There are some security problem with router,
# so need to delete router deployment then
# Setup Router separately
# Then execute below command
oc delete dc/router rc/router-1 svc/router po/router-1-deploy dc/docker-registry rc/docker-registry-1 rc/docker-registry-2 svc/docker-registry sa/registry sa/router
echo '{"kind":"ServiceAccount","apiVersion":"v1","metadata":{"name":"registry"}}' | oc create -n default -f -
echo '{"kind":"ServiceAccount","apiVersion":"v1","metadata":{"name":"router"}}' | oc create -n default -f -
oadm policy add-cluster-role-to-user cluster-admin admin
oadm policy add-scc-to-user privileged system:serviceaccount:default:registry
oadm policy add-scc-to-user privileged system:serviceaccount:default:router
systemctl restart atomic-openshift-master
systemctl status atomic-openshift-master
oadm registry --service-account=registry --selector='region=infra'
#oadm router router --replicas=1 --selector='region=infra' --service-account=router --stats-password=admin2675
oadm router router --replicas=1 --selector='region=infra' --service-account=router --latest-images --expose-metrics --stats-password=admin2675