From 93eb9ba8fc5d6d14b8ffff1b946c528233cbb1d5 Mon Sep 17 00:00:00 2001
From: Vishal Patil <vishpat@gmail.com>
Date: Mon, 4 Jan 2016 16:42:25 -0500
Subject: Add Nuage support to openshift ansible

Added variables

Made changes for node configuration

Add service restart logic to node

Fixed ansible syntax errors

Add cert and key info for nodes

Added active and standby controller ip configuration information

Uncommented the nuage sdn check

Changed ca_crt -> ca_cert

Added restarting of atomic openshift master

Removed service account dependencies

Fixes

Fixed the api server url

Removed redundant restart of atomic openshift master

Configure nuagekubemon on all of the master nodes

Restart master api and controllers as well on nuagekubemon installation

Converted plugin config into template

Add template for nuagekubemon

Removed uplink interface from vars

Able to copy cert keys

Uninstall default ovs

Add the kubemon template

Do not install rdo sdn rpms in case of nuage

Addressed latest review comments

Set the networkPluginName for nuage
---
 roles/nuage_master/files/serviceaccount.sh | 63 ++++++++++++++++++++++++++++++
 1 file changed, 63 insertions(+)
 create mode 100644 roles/nuage_master/files/serviceaccount.sh

(limited to 'roles/nuage_master/files')

diff --git a/roles/nuage_master/files/serviceaccount.sh b/roles/nuage_master/files/serviceaccount.sh
new file mode 100644
index 000000000..f6fdb8a8d
--- /dev/null
+++ b/roles/nuage_master/files/serviceaccount.sh
@@ -0,0 +1,63 @@
+#!/bin/bash
+# Parse CLI options
+for i in "$@"; do
+    case $i in
+        --master-cert-dir=*)
+            MASTER_DIR="${i#*=}"
+            CA_CERT=${MASTER_DIR}/ca.crt
+            CA_KEY=${MASTER_DIR}/ca.key
+            CA_SERIAL=${MASTER_DIR}/ca.serial.txt
+            ADMIN_FILE=${MASTER_DIR}/admin.kubeconfig
+        ;;
+        --server=*)
+            SERVER="${i#*=}"
+        ;;
+        --output-cert-dir=*)
+            OUTDIR="${i#*=}"
+            CONFIG_FILE=${OUTDIR}/nuage.kubeconfig
+        ;;
+    esac
+done
+
+# If any are missing, print the usage and exit
+if [ -z $SERVER ] || [ -z $OUTDIR ] || [ -z $MASTER_DIR ]; then
+    echo "Invalid syntax: $@"
+    echo "Usage:"
+    echo "  $0 --server=<address>:<port> --output-cert-dir=/path/to/output/dir/ --master-cert-dir=/path/to/master/"
+    echo "--master-cert-dir:  Directory where the master's configuration is held"
+    echo "--server:           Address of Kubernetes API server (default port is 8443)"
+    echo "--output-cert-dir:  Directory to put artifacts in"
+    echo ""
+    echo "All options are required"
+    exit 1
+fi
+
+# Login as admin so that we can create the service account
+oc login -u system:admin --config=$ADMIN_FILE || exit 1
+oc project default --config=$ADMIN_FILE
+
+ACCOUNT_CONFIG='
+{
+  "apiVersion": "v1",
+  "kind": "ServiceAccount",
+  "metadata": {
+    "name": "nuage"
+  }
+}
+'
+
+# Create the account with the included info
+echo $ACCOUNT_CONFIG|oc create --config=$ADMIN_FILE -f -
+
+# Add the cluser-reader role, which allows this service account read access to
+# everything in the cluster except secrets
+oadm policy add-cluster-role-to-user cluster-reader system:serviceaccounts:default:nuage --config=$ADMIN_FILE
+
+# Generate certificates and a kubeconfig for the service account
+oadm create-api-client-config --certificate-authority=${CA_CERT} --client-dir=${OUTDIR} --signer-cert=${CA_CERT} --signer-key=${CA_KEY} --signer-serial=${CA_SERIAL} --user=system:serviceaccounts:default:nuage --master=${SERVER} --public-master=${SERVER} --basename='nuage'
+
+# Verify the finalized kubeconfig
+if ! [ $(oc whoami --config=$CONFIG_FILE) == 'system:serviceaccounts:default:nuage' ]; then
+    echo "Service account creation failed!"
+    exit 1
+fi
-- 
cgit v1.2.3