devstack: move master config to separate dir
It makes sense to keep the okd data dir tidy and the master generated config in a separate directory. Change-Id: I4cdef2222b189836891dbe8dd40d7d7a3058490a Signed-off-by: Antoni Segura Puimedon <celebdor@gmail.com>
This commit is contained in:
parent
e4f68578ba
commit
b5c6505550
|
@ -731,8 +731,8 @@ EOF
|
||||||
# Make oc easily available
|
# Make oc easily available
|
||||||
cat << EOF | sudo tee /usr/local/bin/oc
|
cat << EOF | sudo tee /usr/local/bin/oc
|
||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
CURL_CA_BUNDLE=${OPENSHIFT_DATA_DIR}/ca.crt \
|
CURL_CA_BUNDLE=${OPENSHIFT_DATA_DIR}/master/ca.crt \
|
||||||
KUBECONFIG=${OPENSHIFT_DATA_DIR}/admin.kubeconfig \
|
KUBECONFIG=${OPENSHIFT_DATA_DIR}/master/admin.kubeconfig \
|
||||||
${OPENSHIFT_BIN}/oc "\$@"
|
${OPENSHIFT_BIN}/oc "\$@"
|
||||||
EOF
|
EOF
|
||||||
sudo chmod a+x /usr/local/bin/oc
|
sudo chmod a+x /usr/local/bin/oc
|
||||||
|
@ -740,8 +740,8 @@ EOF
|
||||||
# Make kubectl easily available
|
# Make kubectl easily available
|
||||||
cat << EOF | sudo tee /usr/local/bin/kubectl
|
cat << EOF | sudo tee /usr/local/bin/kubectl
|
||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
CURL_CA_BUNDLE=${OPENSHIFT_DATA_DIR}/ca.crt \
|
CURL_CA_BUNDLE=${OPENSHIFT_DATA_DIR}/master/ca.crt \
|
||||||
KUBECONFIG=${OPENSHIFT_DATA_DIR}/admin.kubeconfig \
|
KUBECONFIG=${OPENSHIFT_DATA_DIR}/master/admin.kubeconfig \
|
||||||
${OPENSHIFT_BIN}/kubectl "\$@"
|
${OPENSHIFT_BIN}/kubectl "\$@"
|
||||||
EOF
|
EOF
|
||||||
sudo chmod a+x /usr/local/bin/kubectl
|
sudo chmod a+x /usr/local/bin/kubectl
|
||||||
|
@ -779,28 +779,28 @@ function run_openshift_master {
|
||||||
"--portal-net=${portal_net}" \
|
"--portal-net=${portal_net}" \
|
||||||
"--listen=0.0.0.0:${OPENSHIFT_API_PORT}" \
|
"--listen=0.0.0.0:${OPENSHIFT_API_PORT}" \
|
||||||
"--master=${OPENSHIFT_API_URL}" \
|
"--master=${OPENSHIFT_API_URL}" \
|
||||||
"--write-config=${OPENSHIFT_DATA_DIR}"
|
"--write-config=${OPENSHIFT_DATA_DIR}/master"
|
||||||
|
|
||||||
# Enable externalIPs
|
# Enable externalIPs
|
||||||
sed -i 's/externalIPNetworkCIDRs: null/externalIPNetworkCIDRs: ["0.0.0.0\/0"]/' "${OPENSHIFT_DATA_DIR}/master-config.yaml"
|
sed -i 's/externalIPNetworkCIDRs: null/externalIPNetworkCIDRs: ["0.0.0.0\/0"]/' "${OPENSHIFT_DATA_DIR}/master/master-config.yaml"
|
||||||
|
|
||||||
# Reconfigure Kuryr-Kubernetes to use the certs generated
|
# Reconfigure Kuryr-Kubernetes to use the certs generated
|
||||||
iniset "$KURYR_CONFIG" kubernetes ssl_client_crt_file "${OPENSHIFT_DATA_DIR}/admin.crt"
|
iniset "$KURYR_CONFIG" kubernetes ssl_client_crt_file "${OPENSHIFT_DATA_DIR}/master/admin.crt"
|
||||||
iniset "$KURYR_CONFIG" kubernetes ssl_client_key_file "${OPENSHIFT_DATA_DIR}/admin.key"
|
iniset "$KURYR_CONFIG" kubernetes ssl_client_key_file "${OPENSHIFT_DATA_DIR}/master/admin.key"
|
||||||
iniset "$KURYR_CONFIG" kubernetes ssl_ca_crt_file "${OPENSHIFT_DATA_DIR}/ca.crt"
|
iniset "$KURYR_CONFIG" kubernetes ssl_ca_crt_file "${OPENSHIFT_DATA_DIR}/master/ca.crt"
|
||||||
|
|
||||||
sudo chown "${STACK_USER}:${STACK_USER}" -R "$OPENSHIFT_DATA_DIR"
|
sudo chown "${STACK_USER}:${STACK_USER}" -R "$OPENSHIFT_DATA_DIR"
|
||||||
|
|
||||||
# Generate kubelet kubeconfig
|
# Generate kubelet kubeconfig
|
||||||
"${OPENSHIFT_BIN}/oc" adm create-kubeconfig \
|
"${OPENSHIFT_BIN}/oc" adm create-kubeconfig \
|
||||||
"--client-key=${OPENSHIFT_DATA_DIR}/master.kubelet-client.key" \
|
"--client-key=${OPENSHIFT_DATA_DIR}/master/master.kubelet-client.key" \
|
||||||
"--client-certificate=${OPENSHIFT_DATA_DIR}/master.kubelet-client.crt" \
|
"--client-certificate=${OPENSHIFT_DATA_DIR}/master/master.kubelet-client.crt" \
|
||||||
"--certificate-authority=${OPENSHIFT_DATA_DIR}/ca.crt" \
|
"--certificate-authority=${OPENSHIFT_DATA_DIR}/master/ca.crt" \
|
||||||
"--master=${OPENSHIFT_API_URL}" \
|
"--master=${OPENSHIFT_API_URL}" \
|
||||||
"--kubeconfig=${OPENSHIFT_DATA_DIR}/master.kubelet-client.kubeconfig"
|
"--kubeconfig=${OPENSHIFT_DATA_DIR}/master/master.kubelet-client.kubeconfig"
|
||||||
|
|
||||||
cmd="/usr/local/bin/openshift start master \
|
cmd="/usr/local/bin/openshift start master \
|
||||||
--config=${OPENSHIFT_DATA_DIR}/master-config.yaml"
|
--config=${OPENSHIFT_DATA_DIR}/master/master-config.yaml"
|
||||||
|
|
||||||
wait_for "etcd" "http://${SERVICE_HOST}:${ETCD_PORT}/v2/machines"
|
wait_for "etcd" "http://${SERVICE_HOST}:${ETCD_PORT}/v2/machines"
|
||||||
|
|
||||||
|
@ -820,9 +820,9 @@ function run_openshift_master {
|
||||||
# Description: Gives the system:admin permissions over the cluster
|
# Description: Gives the system:admin permissions over the cluster
|
||||||
function make_admin_cluster_admin {
|
function make_admin_cluster_admin {
|
||||||
wait_for "OpenShift API Server" "$OPENSHIFT_API_URL" \
|
wait_for "OpenShift API Server" "$OPENSHIFT_API_URL" \
|
||||||
"${OPENSHIFT_DATA_DIR}/ca.crt"
|
"${OPENSHIFT_DATA_DIR}/master/ca.crt"
|
||||||
/usr/local/bin/oc adm policy add-cluster-role-to-user cluster-admin admin \
|
/usr/local/bin/oc adm policy add-cluster-role-to-user cluster-admin admin \
|
||||||
"--config=${OPENSHIFT_DATA_DIR}/openshift-master.kubeconfig"
|
"--config=${OPENSHIFT_DATA_DIR}/master/openshift-master.kubeconfig"
|
||||||
}
|
}
|
||||||
|
|
||||||
# run_openshift_node
|
# run_openshift_node
|
||||||
|
@ -834,7 +834,7 @@ function run_openshift_node {
|
||||||
sudo mkdir -p "$CNI_BIN_DIR"
|
sudo mkdir -p "$CNI_BIN_DIR"
|
||||||
curl -L "$OPENSHIFT_CNI_BINARY_URL" | sudo tar -C "$CNI_BIN_DIR" -xzvf - ./loopback
|
curl -L "$OPENSHIFT_CNI_BINARY_URL" | sudo tar -C "$CNI_BIN_DIR" -xzvf - ./loopback
|
||||||
command="/usr/local/bin/openshift start node \
|
command="/usr/local/bin/openshift start node \
|
||||||
--kubeconfig=${OPENSHIFT_DATA_DIR}/master.kubelet-client.kubeconfig \
|
--kubeconfig=${OPENSHIFT_DATA_DIR}/master/master.kubelet-client.kubeconfig \
|
||||||
--enable=kubelet,plugins \
|
--enable=kubelet,plugins \
|
||||||
--network-plugin=cni \
|
--network-plugin=cni \
|
||||||
--listen=https://0.0.0.0:8442"
|
--listen=https://0.0.0.0:8442"
|
||||||
|
@ -842,7 +842,7 @@ function run_openshift_node {
|
||||||
# Link master config necessary for bootstrapping
|
# Link master config necessary for bootstrapping
|
||||||
# TODO: This needs to be generated so we don't depend on it on multinode
|
# TODO: This needs to be generated so we don't depend on it on multinode
|
||||||
mkdir -p "${OPENSHIFT_BIN}/openshift.local.config"
|
mkdir -p "${OPENSHIFT_BIN}/openshift.local.config"
|
||||||
ln -fs "${OPENSHIFT_DATA_DIR}" "${OPENSHIFT_BIN}/openshift.local.config/master"
|
ln -fs "${OPENSHIFT_DATA_DIR}/master" "${OPENSHIFT_BIN}/openshift.local.config/master"
|
||||||
mkdir -p "${OPENSHIFT_DATA_DIR}/node"
|
mkdir -p "${OPENSHIFT_DATA_DIR}/node"
|
||||||
ln -fs "${OPENSHIFT_DATA_DIR}/node" "${OPENSHIFT_BIN}/openshift.local.config/node"
|
ln -fs "${OPENSHIFT_DATA_DIR}/node" "${OPENSHIFT_BIN}/openshift.local.config/node"
|
||||||
|
|
||||||
|
@ -1285,11 +1285,11 @@ function run_openshift_registry {
|
||||||
mkdir -p "${OPENSHIFT_DATA_DIR}/registry"
|
mkdir -p "${OPENSHIFT_DATA_DIR}/registry"
|
||||||
registry_yaml=$(mktemp)
|
registry_yaml=$(mktemp)
|
||||||
oc adm registry \
|
oc adm registry \
|
||||||
--config=${OPENSHIFT_DATA_DIR}/admin.kubeconfig \
|
--config=${OPENSHIFT_DATA_DIR}/master/admin.kubeconfig \
|
||||||
--service-account=registry \
|
--service-account=registry \
|
||||||
--mount-host=${OPENSHIFT_DATA_DIR}/registry \
|
--mount-host=${OPENSHIFT_DATA_DIR}/registry \
|
||||||
--tls-certificate=${OPENSHIFT_DATA_DIR}/registry.crt \
|
--tls-certificate=${OPENSHIFT_DATA_DIR}/master/registry.crt \
|
||||||
--tls-key=${OPENSHIFT_DATA_DIR}/registry.key \
|
--tls-key=${OPENSHIFT_DATA_DIR}/master/registry.key \
|
||||||
-o yaml > $registry_yaml
|
-o yaml > $registry_yaml
|
||||||
|
|
||||||
python - <<EOF "$registry_yaml" "$registry_ip"
|
python - <<EOF "$registry_yaml" "$registry_ip"
|
||||||
|
@ -1353,12 +1353,12 @@ function oc_generate_server_certificates {
|
||||||
name="$1"
|
name="$1"
|
||||||
cert_hostnames="$2"
|
cert_hostnames="$2"
|
||||||
oc adm ca create-server-cert \
|
oc adm ca create-server-cert \
|
||||||
--signer-cert="${OPENSHIFT_DATA_DIR}/ca.crt" \
|
--signer-cert="${OPENSHIFT_DATA_DIR}/master/ca.crt" \
|
||||||
--signer-key="${OPENSHIFT_DATA_DIR}/ca.key" \
|
--signer-key="${OPENSHIFT_DATA_DIR}/master/ca.key" \
|
||||||
--signer-serial="${OPENSHIFT_DATA_DIR}/ca.serial.txt" \
|
--signer-serial="${OPENSHIFT_DATA_DIR}/master/ca.serial.txt" \
|
||||||
--hostnames="$cert_hostnames" \
|
--hostnames="$cert_hostnames" \
|
||||||
--cert="${OPENSHIFT_DATA_DIR}/${name}.crt" \
|
--cert="${OPENSHIFT_DATA_DIR}/master/${name}.crt" \
|
||||||
--key="${OPENSHIFT_DATA_DIR}/${name}.key"
|
--key="${OPENSHIFT_DATA_DIR}/master/${name}.key"
|
||||||
}
|
}
|
||||||
|
|
||||||
# docker_install_ca_certs
|
# docker_install_ca_certs
|
||||||
|
@ -1373,7 +1373,7 @@ function docker_install_ca_certs {
|
||||||
for hostname in ${registry_hostnames[@]}; do
|
for hostname in ${registry_hostnames[@]}; do
|
||||||
destdir="/etc/docker/certs.d/${hostname}:5000"
|
destdir="/etc/docker/certs.d/${hostname}:5000"
|
||||||
sudo install -d -o "$STACK_USER" "$destdir"
|
sudo install -d -o "$STACK_USER" "$destdir"
|
||||||
sudo install -o "$STACK_USER" "${OPENSHIFT_DATA_DIR}/ca.crt" "${destdir}/"
|
sudo install -o "$STACK_USER" "${OPENSHIFT_DATA_DIR}/master/ca.crt" "${destdir}/"
|
||||||
done
|
done
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -198,7 +198,7 @@ function copy_tempest_kubeconfig {
|
||||||
tempest_home='/home/tempest'
|
tempest_home='/home/tempest'
|
||||||
if is_service_enabled openshift-master; then
|
if is_service_enabled openshift-master; then
|
||||||
sudo mkdir -p "${HOME}/.kube"
|
sudo mkdir -p "${HOME}/.kube"
|
||||||
sudo cp "${OPENSHIFT_DATA_DIR}/admin.kubeconfig" "${HOME}/.kube/config"
|
sudo cp "${OPENSHIFT_DATA_DIR}/master/admin.kubeconfig" "${HOME}/.kube/config"
|
||||||
sudo chown -R $STACK_USER "${HOME}/.kube"
|
sudo chown -R $STACK_USER "${HOME}/.kube"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
@ -710,7 +710,7 @@ function run_kuryr_kubernetes {
|
||||||
local python_bin=$(which python)
|
local python_bin=$(which python)
|
||||||
if is_service_enabled openshift-master; then
|
if is_service_enabled openshift-master; then
|
||||||
wait_for "OpenShift API Server" "$KURYR_K8S_API_LB_URL" \
|
wait_for "OpenShift API Server" "$KURYR_K8S_API_LB_URL" \
|
||||||
"${OPENSHIFT_DATA_DIR}/ca.crt" 1200
|
"${OPENSHIFT_DATA_DIR}/master/ca.crt" 1200
|
||||||
else
|
else
|
||||||
wait_for "Kubernetes API Server" "$KURYR_K8S_API_LB_URL" \
|
wait_for "Kubernetes API Server" "$KURYR_K8S_API_LB_URL" \
|
||||||
"${KURYR_HYPERKUBE_DATA_DIR}/kuryr-ca.crt" 1200
|
"${KURYR_HYPERKUBE_DATA_DIR}/kuryr-ca.crt" 1200
|
||||||
|
|
Loading…
Reference in New Issue