diff --git a/.gitignore b/.gitignore index 1fcb152..6cf7a2a 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,2 @@ out +pull-secret.txt diff --git a/README.md b/README.md index aefec95..7f68e09 100644 --- a/README.md +++ b/README.md @@ -1,9 +1,11 @@ # k8s yaml generator/installer for Cloud Native OpenStack -Scripts to automate Installing OpenStack in your *pre-installed* OpenShift environment. +The main purpose is to provide scripts to automate installing OpenStack in your *pre-installed* OpenShift environment. Aside from generating Yaml and running *oc* commands to apply them to your cluster nothing in this repo should modify the local machine, require sudo, or make any changes to the local machine. +Helper scripts to automate installing CRC and required tools with versions used in openstack-k8s-operators can be found in [CRC/tools deployment](devsetup/README.md). These scripts/playbook required sudo permissions. + ## Goals 1) WIP: Support installing individual operators for fast testing iteration @@ -26,4 +28,3 @@ make mariadb MARIADB_IMG=quay.io/openstack-k8s-operators/mariadb-operator-index: make keystone KEYSTONE_IMG=quay.io/openstack-k8s-operators/keystone-operator-index:latest ``` - diff --git a/devsetup/Makefile b/devsetup/Makefile new file mode 100644 index 0000000..7bf4a6f --- /dev/null +++ b/devsetup/Makefile @@ -0,0 +1,39 @@ +CRC_URL ?= 'https://developers.redhat.com/content-gateway/rest/mirror/pub/openshift-v4/clients/crc/latest/crc-linux-amd64.tar.xz' +KUBEADMIN_PWD ?= 12345678 +PULL_SECRET ?= ${PWD}/pull-secret.txt + +##@ General + +# The help target prints out all targets with their descriptions organized +# beneath their categories. The categories are represented by '##@' and the +# target descriptions by '##'. The awk commands is responsible for reading the +# entire set of makefiles included in this invocation, looking for lines of the +# file as xyz: ## something, and then pretty-format the target and help. Then, +# if there's a line with ##@ something, that gets pretty-printed as a category. +# More info on the usage of ANSI control characters for terminal formatting: +# https://en.wikipedia.org/wiki/ANSI_escape_code#SGR_parameters +# More info on the awk command: +# http://linuxcommand.org/lc3_adv_awk.php + +.PHONY: help +help: ## Display this help. + @awk 'BEGIN {FS = ":.*##"; printf "\nUsage:\n make \033[36m\033[0m\n"} /^[a-zA-Z_0-9-]+:.*?##/ { printf " \033[36m%-15s\033[0m %s\n", $$1, $$2 } /^##@/ { printf "\n\033[1m%s\033[0m\n", substr($$0, 5) } ' $(MAKEFILE_LIST) + +##@ CRC +.PHONY: crc +crc: ## Deploys CRC using CRC_URL to download and install CRC, KUBEADMIN_PWD as the password which defaults to 12345678 and PULL_SECRET to specify the file containing the pull secret, defaults to ${PWD}/pull-secret.txt. + bash scripts/crc-setup.sh ${CRC_URL} ${KUBEADMIN_PWD} ${PULL_SECRET} + +.PHONY: crc_cleanup +crc_cleanup: ## Destroys the CRC env, but does NOT clear ( --clear-cache ) the cache to save time on next setup. + crc delete --force + crc cleanup + sudo rm -f /etc/pki/ca-trust/source/anchors/crc-router-ca.pem + sudo update-ca-trust + +##@ Download required tools and versions +.PHONY: download_tools +download_tools: ## Runs an ansible playbook to install required tools with the versions to develop the service operators. The tools get installed in ~/bin and go in /usr/local/go (alternatives get used to set it as the system wide go version) + ANSIBLE_FORCE_COLOR=true ansible-playbook \ + -v -i hosts \ + download_tools.yaml diff --git a/devsetup/README.md b/devsetup/README.md new file mode 100644 index 0000000..c93eccb --- /dev/null +++ b/devsetup/README.md @@ -0,0 +1,53 @@ +# CRC automation + tool deployment +### CRC +CRC installation requires sudo to create a NetworkManager dispatcher file in /etc/NetworkManager/dispatcher.d/99-crc.sh, also the post step to add the CRC cert to the system store to be able to access the image registry from the host system. + +* Get the pull secret from `https://cloud.redhat.com/openshift/create/local` and save it in `pull-secret.txt` of the repo dir, or set the `PULL_SECRET` env var to point to a different location. +* `CRC_URL` and `KUBEADMIN_PWD` can be used to change requirements for CRC install + +```bash +make crc +``` + +After the installation is complete, proceed with the OpenStack service provisioning. + +The steps it runs are the following: +```bash +# Pre req +# verifies that the pull secret is located at $(pwd)/pull-secret.txt (get it from https://cloud.redhat.com/openshift/create/local) + +* install crc +mkdir -p ~/bin +curl -L https://developers.redhat.com/content-gateway/rest/mirror/pub/openshift-v4/clients/crc/latest/crc-linux-amd64.tar.xz | tar -U --strip-components=1 -C ~/bin -xJf - crc + +# config CRC +crc config set consent-telemetry no +crc config set kubeadmin-password ${KUBEADMIN_PWD} +crc config set pull-secret-file ${PULL_SECRET_FILE} +crc setup + +crc start + +# show kubeadmin and devel login detains +crc console --credentials + +# add crc provided oc client to PATH +eval $(${CRC_BIN} oc-env) + +# login to crc env +oc login -u kubeadmin -p ${KUBEADMIN_PWD} https://api.crc.testing:6443 + +# make sure you can push to the internal registry; without this step you'll get x509 errors +echo -n "Adding router-ca to system certs to allow accessing the crc image registry" +oc extract secret/router-ca --keys=tls.crt -n openshift-ingress-operator --confirm +sudo cp -f tls.crt /etc/pki/ca-trust/source/anchors/crc-router-ca.pem +sudo update-ca-trust +``` + + +### tool deployment +All tools and specific version to develop operators for this Cloud Native OpenStack approch can be deployed via the download_tools make target. All components which don't get installed via rpm get installed to $HOME/bin or /usr/local/bin (go/gofmt). + +```bash +make download_tools +``` diff --git a/devsetup/download_tools.yaml b/devsetup/download_tools.yaml new file mode 100644 index 0000000..19cd050 --- /dev/null +++ b/devsetup/download_tools.yaml @@ -0,0 +1,6 @@ +#!/usr/bin/env ansible-playbook +--- +- hosts: localhost + vars_files: "vars/default.yaml" + roles: + - download_tools diff --git a/devsetup/hosts b/devsetup/hosts new file mode 100644 index 0000000..2302eda --- /dev/null +++ b/devsetup/hosts @@ -0,0 +1 @@ +localhost ansible_connection=local diff --git a/devsetup/roles/download_tools/defaults/main.yaml b/devsetup/roles/download_tools/defaults/main.yaml new file mode 100644 index 0000000..1571c28 --- /dev/null +++ b/devsetup/roles/download_tools/defaults/main.yaml @@ -0,0 +1,17 @@ +--- +# kuttl version to use (must be specific version) +kuttl_version: 0.9.0 + +# Released version of the opm package (can be set to 'latest') +opm_version: latest + +# operator-sdk version to use (must be specific version) +#sdk_version: v0.19.2 - cnosp is right now based on that version +sdk_version: v1.14.0 + +# golang version +go_version: 1.16.9 + +# kustomize version to use (must be specific version) +kustomize_version: v4.0.1 + diff --git a/devsetup/roles/download_tools/tasks/main.yaml b/devsetup/roles/download_tools/tasks/main.yaml new file mode 100644 index 0000000..cf0b36d --- /dev/null +++ b/devsetup/roles/download_tools/tasks/main.yaml @@ -0,0 +1,110 @@ +- name: Install build dependencies + become: true + become_user: root + package: + name: + - jq + - skopeo + - sqlite + +- name: Set opm download url suffix + set_fact: opm_url_suffix="latest/download" + when: opm_version is undefined or opm_version == "latest" + +- name: Set opm download url suffix + set_fact: opm_url_suffix="download/{{ opm_version }}" + when: opm_version is defined and opm_version != "latest" + +- name: Create $HOME/bin dir + file: + path: "{{ lookup('env', 'HOME') }}/bin" + state: directory + mode: '0755' + +- name: Download opm + get_url: + url: https://github.com/operator-framework/operator-registry/releases/{{ opm_url_suffix }}/linux-amd64-opm + dest: "{{ lookup('env', 'HOME') }}/bin/opm" + mode: '0755' + timeout: 30 + +- name: Get version from sdk_version + set_fact: _sdk_version="{{ sdk_version | regex_search('v(.*)', '\\1') | first }}" + +- name: Set operator-sdk file for version < 1.3.0 + set_fact: _operator_sdk_file="operator-sdk-{{ sdk_version }}-x86_64-linux-gnu" + when: _sdk_version is version('1.3.0', 'lt', strict=True ) + +- name: Set operator-sdk file for version >= 1.3.0 + set_fact: _operator_sdk_file="operator-sdk_linux_amd64" + when: _sdk_version is version('1.3.0', 'ge', strict=True ) + +- name: Download operator-sdk + get_url: + url: https://github.com/operator-framework/operator-sdk/releases/download/{{ sdk_version }}/{{ _operator_sdk_file }} + dest: "{{ lookup('env', 'HOME') }}/bin/operator-sdk" + mode: '0755' + force: yes + timeout: 30 + +- name: Download and extract kustomize + unarchive: + src: https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize%2F{{ kustomize_version }}/kustomize_{{ kustomize_version }}_linux_amd64.tar.gz + dest: "{{ lookup('env', 'HOME') }}/bin/" + remote_src: yes + +- name: Download kuttl + get_url: + url: https://github.com/kudobuilder/kuttl/releases/download/v{{ kuttl_version }}/kubectl-kuttl_{{ kuttl_version }}_linux_x86_64 + dest: "{{ lookup('env', 'HOME') }}/bin/kubectl-kuttl" + mode: '0755' + timeout: 30 + +- name: Set proper golang on the system + become: true + become_user: root + block: + + - name: Deinstall golang + package: + state: absent + name: + - golang-bin + - golang-src + - golang + + - name: Delete old go version installed from upstream + file: + path: "{{ item }}" + state: absent + with_items: + - /usr/local/go + - "{{ lookup('env', 'HOME') }}/bin/go" + - "{{ lookup('env', 'HOME') }}/bin/gofmt" + - /usr/local/bin/go + - /usr/local/bin/gofmt + + - name: Download and extract golang + unarchive: + src: "https://golang.org/dl/go{{ go_version }}.linux-amd64.tar.gz" + dest: "/usr/local" + remote_src: yes + extra_opts: + - "--exclude" + - "go/misc" + - "--exclude" + - "go/pkg/linux_amd64_race" + - "--exclude" + - "go/test" + + - name: set alternatives link to installed go version + shell: | + set -e + update-alternatives --install /usr/local/bin/{{ item }} {{ item }} /usr/local/go/bin/{{ item }} 1 + with_items: + - go + - gofmt + +- name: Clean bash cache + debug: + msg: When move from rpm to upstream version, make sure to clean bash cache using `hash -d go` diff --git a/devsetup/scripts/crc-setup.sh b/devsetup/scripts/crc-setup.sh new file mode 100755 index 0000000..288eb9e --- /dev/null +++ b/devsetup/scripts/crc-setup.sh @@ -0,0 +1,57 @@ +#!/bin/bash +# set -x + +if [ "$EUID" -eq 0 ] + then echo "Please do not run as root." + exit +fi + +CRC_URL=$1 +KUBEADMIN_PWD=$2 +PULL_SECRET_FILE=$3 + +if [ -z "${CRC_URL}" ]; then + echo "Please set CRC_URL as ARG1"; exit 1 +fi +if [ -z "${KUBEADMIN_PWD}" ]; then + echo "Please set KUBEADMIN_PWD as ARG2"; exit 1 +fi +if [ -z "${PULL_SECRET_FILE}" ]; then + echo "Please set PULL_SECRET_FILE as ARG3"; exit 1 +fi +# verify pull secret file exist +if [ ! -f "${PULL_SECRET_FILE}" ]; then + echo "Pull secret file ${PULL_SECRET_FILE} does not exist, Please download from https://cloud.redhat.com/openshift/create/local"; exit 1 +fi + +CRC_BIN=$(which crc) +if [ -z "${CRC_BIN}" ]; then + mkdir -p ~/bin + curl -L "${CRC_URL}" | tar -U --strip-components=1 -C ~/bin -xJf - *crc + CRC_BIN=$(which crc) +fi + +# config CRC +${CRC_BIN} config set consent-telemetry no +${CRC_BIN} config set kubeadmin-password ${KUBEADMIN_PWD} +${CRC_BIN} config set pull-secret-file ${PULL_SECRET_FILE} +# Executing systemctl action failed: exit status 1: Failed to connect to bus: No such file or directory +# https://github.com/code-ready/crc/issues/2674 +crc config set skip-check-daemon-systemd-unit true +crc config set skip-check-daemon-systemd-sockets true +${CRC_BIN} setup + +${CRC_BIN} start +${CRC_BIN} console --credentials # get the kubeadmin login and then login + +# add crc provided oc client to PATH +eval $(${CRC_BIN} oc-env) + +# login to crc env +oc login -u kubeadmin -p ${KUBEADMIN_PWD} https://api.crc.testing:6443 + +# make sure you can push to the internal registry; without this step you'll get x509 errors +echo -n "Adding router-ca to system certs to allow accessing the crc image registry" +oc extract secret/router-ca --keys=tls.crt -n openshift-ingress-operator --confirm --to=/tmp +sudo cp -f /tmp/tls.crt /etc/pki/ca-trust/source/anchors/crc-router-ca.pem +sudo update-ca-trust diff --git a/devsetup/vars/default.yaml b/devsetup/vars/default.yaml new file mode 100644 index 0000000..284697c --- /dev/null +++ b/devsetup/vars/default.yaml @@ -0,0 +1,12 @@ +--- +# Released version of the opm package (can be set to 'latest') +opm_version: latest + +# operator-sdk version to use (must be specific version) +sdk_version: v1.20.0 + +# golang version +go_version: 1.17.9 + +# kustomize version to use (must be specific version) +kustomize_version: v4.5.4