forked from redhat-openstack/openshift-on-openstack
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathbastion-boot.sh
190 lines (158 loc) · 6.03 KB
/
bastion-boot.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
#!/bin/bash
#
# Prepare the bastion server for Docker and Ansible
#
# ENVVARS
# WC_NOTIFY - a curl URL fragment from an OpenStack WaitCondition
# used to signal OpenStack of completion status
# DNS_IP - The IP address of the nearest resolver host
#
# OPENSHIFT_ANSIBLE_GIT_URL - the URL of a git repository containing the
# openshift ansible playbooks and configs
# OPENSHIFT_ANSIBLE_GIT_REV - the release/revision of the playbooks to use
#
# ANSIBLE_VERSION - the version of of ansible to use for OCP installation
#
# Exit on first command failure or undefined var reference
set -eu
set -x
# Return the non-zero exit code of the last cmd of a pipe (or 0 for success)
set -o pipefail
source /usr/local/share/openshift-on-openstack/common_functions.sh
# CONSTANTS
#
# The device to mount to store Docker images and containers
VOLUME_ID=$DOCKER_VOLUME_ID
# The auxiliary service container images - for Atomic hosts
HEAT_AGENT_CONTAINER_IMAGE=jprovaznik/ooshift-heat-agent
# Select the EPEL release to make it easier to update
EPEL_RELEASE_VERSION=7-7
# --- DNS functions ----------------------------------------------------------
#
# Disable automatic updates of resolv.conf when an interface comes up
function disable_resolv_updates() {
# INTERFACE=$1
sed -i -e '/^PEERDNS=/s/=.*/="no"/' \
/etc/sysconfig/network-scripts/ifcfg-$1
}
# ----------------------------------------------------------------------------
# Functions for Atomic Host systems
# ----------------------------------------------------------------------------
# check if this is an Atomic host
function is_atomic_host() {
[ -e /run/ostree-booted ]
}
# remove the docker storage setup service link and re-load the systemd config
function systemd_docker_disable_storage_setup() {
mv /etc/systemd/system/multi-user.target.wants/docker-storage-setup.service /root
systemctl daemon-reload
}
#
# --- OpenShift Auxiliary Service Containers
#
function start_heat_agent_container() {
# HEAT_AGENT_CONTAINER_IMAGE=$1
docker pull $1 ||
notify_failure "failed to pull heat agent docker image: $1"
docker run \
--name heat-agent \
--detach \
--privileged \
--ipc=host \
--net=host \
--pid=host \
-e HOST=/host \
-e NAME=rhel-tools \
--volume /run:/run \
--volume /var/log:/var/log \
--volume /etc/localtime:/etc/localtime \
--volume ~/.ssh:/root/.ssh \
--volume /:/host \
--volume /etc/ansible:/etc/ansible \
--volume /var/lib/heat-cfntools:/var/lib/heat-cfntools \
--volume /var/lib/os-apply-config:/var/lib/os-apply-config \
$1 ||
notify_failure "failed to run heat-agent docker image: $1"
}
# ----------------------------------------------------------------------------
# Functions for RPM based systems
# ----------------------------------------------------------------------------
function verify_os_collect_config_is_installed() {
systemctl is-enabled os-collect-config ||
notify_failure "os-collect-config service is not installed or enabled"
}
function install_epel_repos_disabled() {
# EPEL_RELEASE=$1 - hyphen delimiter
# NOTE: install the right Ansible version on RHEL7.1 and Centos 7.1:
local EPEL_REPO_URL=http://dl.fedoraproject.org/pub/epel/7/x86_64
if ! rpm -q epel-release-$1
then
yum -y install \
${EPEL_REPO_URL}/e/epel-release-$1.noarch.rpm ||
echo "Failed to find epel-release-$1. Installing epel-release-latest-7."
fi
# If it fails, get the latest
if ! rpm -q epel-release-$1
then
yum -y install \
https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm ||
notify_failure "could not install EPEL release $1 NOR the latest."
fi
sed -i -e "s/^enabled=1/enabled=0/" /etc/yum.repos.d/epel.repo
}
#
# Check out the Ansible playbooks from a Git repository
#
function clone_openshift_ansible() {
# GIT_URL=$1
# GIT_REV=$2
git clone "$1" /usr/share/ansible/openshift-ansible \
|| notify_failure "could not clone openshift-ansible: $1"
cd /usr/share/ansible/openshift-ansible
git checkout "$2" ||
notify_failure "could not check out openshift-ansible rev $2"
}
# Do not update resolv.conf from eth0 when the system boots
disable_resolv_updates eth0
sudo_enable_from_ssh
if is_atomic_host
then
systemd_docker_disable_storage_setup
docker_set_storage_device $VOLUME_ID
systemctl enable lvm2-lvmetad
systemctl start lvm2-lvmetad
docker-storage-setup || notify_failure "docker storage setup failed"
systemctl start docker --ignore-dependencies ||
notify_failure "docker service failed to start"
start_heat_agent_container $HEAT_AGENT_CONTAINER_IMAGE
else
verify_os_collect_config_is_installed
retry yum -y install git httpd-tools ||
notify_failure "could not install httpd-tools"
# ensure openssl is installed on CentOS
retry yum -y install pyOpenSSL ||
notify_failure "could not install pyOpenSSL"
extra_opts=""
# Install the EPEL repository, but leave it disabled
# Used only to install Ansible
if [ -e /etc/centos-release ]; then
install_epel_repos_disabled $EPEL_RELEASE_VERSION
extra_opts="--enablerepo=epel"
fi
if [ -z "$ANSIBLE_VERSION" ] ; then
ANSIBLE_RPM="ansible"
else
ANSIBLE_RPM="ansible-$ANSIBLE_VERSION"
fi
retry yum -y $extra_opts install ${ANSIBLE_RPM} ||
notify_failure "could not install ansible"
if [ -n "$OPENSHIFT_ANSIBLE_GIT_URL" -a -n "$OPENSHIFT_ANSIBLE_GIT_REV" ]; then
clone_openshift_ansible \
$OPENSHIFT_ANSIBLE_GIT_URL \
$OPENSHIFT_ANSIBLE_GIT_REV
else
retry yum -y install openshift-ansible-roles openshift-ansible-playbooks \
|| notify_failure "could not install openshift-ansible"
fi
fi
notify_success "OpenShift node has been prepared for running ansible."