Post installation/configuration/deployment script

ghost commented 7 years ago

Hello,

It's more a general question than an issue: I am looking for a way to run post installation/configuration/deployment scripts:

Bastion: Import corporate CA certificate + corporate proxy configuration for the system
Nodes: When using CentOS Atomic, I would like to disable the atomic-devmode
After the openshift installation: I want to deploy services such as metrics (hawkular) or the logging, etc...

I'm a heat newbee but I'm willing to invest time to integrate such improvement as far as I can get tips where to start (files, process)

Thanks a lot for your answers. P.

liveaverage commented 7 years ago

I can't comment on usage of CentOS Atomic, but I am using custom corporate CA cert, and corporate proxy config, with Red Hat 7.2 as the base OS + Openshift Origin. I've found fragments/rhn-register.sh is executed early (enough) by cloud-init to allow customization for every node type (bastion, infra, master, etc.). So I've simply prefixed this user-data script with what's specific to my environment:


# Custom Tasks
curl -k https://localgit.domain.local/projects/PR/browse/ca.pem?raw > /etc/pki/ca-trust/source/anchors/ca.pem
/usr/bin/update-ca-trust
curl -k https://localgit.domain.local/projects/PR/repos/utils/browse/subs/subscribe.sh?raw | bash -s -- -r
sed -i -e 's/proxy_hostname =.*$/proxy_hostname = yourproxy.domain.local/;s/proxy_port =.*$/proxy_port = 80/' /etc/rhsm/rhsm.conf
sed -i 's/subscription.rhsm.redhat.com/subscription.rhn.redhat.com/' /etc/rhsm/rhsm.conf
subscription-manager repos --enable rhel-7-server-thirdparty-oracle-java-rpms --proxy=http://yourproxy.domain.local:8080
subscription-manager repos --enable rhel-7-server-optional-rpms --proxy=http://yourproxy.domain.local:8080
subscription-manager repos --enable rhel-7-server-extras-rpms --proxy=http://yourproxy.domain.local:8080
subscription-manager repos --enable rhel-7-server-openstack-10-tools-rpms --proxy=http://yourproxy.domain.local:8080
subscription-manager repos --enable rhel-7-server-openstack-8-tools-rpms --proxy=http://yourproxy.domain.local:8080
echo 'proxy=http://yourproxy.domain.local:8080' >> /etc/yum.conf
echo 'http_caching=packages' >> /etc/yum.conf
echo 'export NO_PROXY=169.254.169.254,127.0.0.1,localhost,sub.domain.local,domain.local' >> /etc/profile.d/proxy.sh
echo 'export HTTP_PROXY=http://yourproxy.domain.local:8080' >> /etc/profile.d/proxy.sh
echo 'export HTTPS_PROXY=http://yourproxy.domain.local:8080' >> /etc/profile.d/proxy.sh
echo 'export REQUESTS_CA_BUNDLE="/etc/pki/tls/certs/ca-bundle.crt"' >> /etc/profile.d/proxy.sh
source /etc/profile.d/proxy.sh

# Custom /mnt fixup
umount /mnt

# Custom Packages

yum -y localinstall https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
yum -y install python-devel
yum -y install python-pip
yum -y install wget

# Custom Manage os-collect-config installation without Director repository

mkdir /tmp/osi
wget -r -P /tmp/osi -np -nH --cut-dirs=3 http://customrpms.domain.local/os/
yum -y install /tmp/osi/*.rpm
systemctl enable os-collect-config

# Custom Proxy fixups for origin-master and origin-node services:
cat >/etc/sysconfig/origin-node <<EOF
OPTIONS=--loglevel=2
CONFIG_FILE=/etc/origin/node/node-config.yaml
NO_PROXY=169.254.169.254,127.0.0.1,localhost,sub.domain.local,domain.local
HTTP_PROXY=http://yourproxy.domain.local:8080
HTTPS_PROXY=http://yourproxy.domain.local:8080
IMAGE_VERSION=v1.3.1

EOF

cat >/etc/sysconfig/origin-master <<EOF
OPTIONS=--loglevel=2
CONFIG_FILE=/etc/origin/master/master-config.yaml
NO_PROXY=169.254.169.254,127.0.0.1,localhost,sub.domain.local,domain.local
HTTP_PROXY=http://yourproxy.domain.local:8080
HTTPS_PROXY=http://yourproxy.domain.local:8080

EOF

# Custom Proxy fixups for docker

[[ -d /etc/systemd/system/docker.service.d ]] || mkdir -p /etc/systemd/system/docker.service.d

if ! [ -e /etc/systemd/system/docker.service.d/http-proxy.conf ]; then

cat >/etc/systemd/system/docker.service.d/http-proxy.conf <<EOF
[Service]
Environment="NO_PROXY=169.254.169.254,127.0.0.1,localhost,sub.domain.local,domain.local" "HTTP_PROXY=http://yourproxy.domain.local:8080" "HTTPS_PROXY=http://yourproxy.domain.local:8080"

EOF

fi

Even when the above is configured, you'll still need to update default templates to accommodate proxies. RH has great docs on this: https://access.redhat.com/documentation/en/openshift-enterprise/3.0/paged/administrator-guide/chapter-21-working-with-http-proxies

ioggstream commented 7 years ago

@liveaverage I'm working around this:

create a /etc/profile.d/proxy.sh
source it from os-collect-config
adding openshift_http{,s}_proxy no_proxy in the inventory template

It seems it works...

redhat-openstack / openshift-on-openstack

Post installation/configuration/deployment script #311