Skip to content

Instantly share code, notes, and snippets.

@alainpham

alainpham/createLinuxUsers.sh

Last active July 2, 2019 15:56
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save alainpham/8c733bcfa49c73cb2ce4c66312d1fda3 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save alainpham/8c733bcfa49c73cb2ce4c66312d1fda3 to your computer and use it in GitHub Desktop.
Download ZIP
Install OCP
Raw
createLinuxUsers.sh
for i in {2..10}
do
adduser user$i
mkdir -f /home/user$i/.ssh
cp /home/ec2-user/.ssh/id_rsa.pub /home/user$i/.ssh/authorized_keys
chown user$i:user$i -R /home/user$i/.ssh
done
for i in {2..10}
do
chown user$i:user$i -R /home/user$i/.ssh
done
Raw
install-openshift.sh
#!/bin/bash
## see: https://youtu.be/aqXSbDZggK4
## Default variables to use
export INTERACTIVE=${INTERACTIVE:="true"}
export PVS=${INTERACTIVE:="true"}
export DOMAIN=${DOMAIN:="$(curl -s ipinfo.io/ip).nip.io"}
export USERNAME=${USERNAME:="$(whoami)"}
export PASSWORD=${PASSWORD:=password}
export VERSION=${VERSION:="3.11"}
export SCRIPT_REPO=${SCRIPT_REPO:="https://raw.githubusercontent.com/alainpham/installcentos/master"}
export IP=${IP:="$(ip route get 8.8.8.8 | awk '{print $NF; exit}')"}
export API_PORT=${API_PORT:="8443"}
export LETSENCRYPT=${LETSENCRYPT:="false"}
export MAIL=${MAIL:="example@email.com"}
## Make the script interactive to set the variables
if [ "$INTERACTIVE" = "true" ]; then
read -rp "Domain to use: ($DOMAIN): " choice;
if [ "$choice" != "" ] ; then
export DOMAIN="$choice";
fi
read -rp "Username: ($USERNAME): " choice;
if [ "$choice" != "" ] ; then
export USERNAME="$choice";
fi
read -rp "Password: ($PASSWORD): " choice;
if [ "$choice" != "" ] ; then
export PASSWORD="$choice";
fi
read -rp "OpenShift Version: ($VERSION): " choice;
if [ "$choice" != "" ] ; then
export VERSION="$choice";
fi
read -rp "IP: ($IP): " choice;
if [ "$choice" != "" ] ; then
export IP="$choice";
fi
read -rp "API Port: ($API_PORT): " choice;
if [ "$choice" != "" ] ; then
export API_PORT="$choice";
fi
echo "Do you wish to enable HTTPS with Let's Encrypt?"
echo "Warnings: "
echo " Let's Encrypt only works if the IP is using publicly accessible IP and custom certificates."
echo " This feature doesn't work with OpenShift CLI for now."
select yn in "Yes" "No"; do
case $yn in
Yes) export LETSENCRYPT=true; break;;
No) export LETSENCRYPT=false; break;;
*) echo "Please select Yes or No.";;
esac
done
if [ "$LETSENCRYPT" = true ] ; then
read -rp "Email(required for Let's Encrypt): ($MAIL): " choice;
if [ "$choice" != "" ] ; then
export MAIL="$choice";
fi
fi
echo
fi
echo "******"
echo "* Your domain is $DOMAIN "
echo "* Your IP is $IP "
echo "* Your username is $USERNAME "
echo "* Your password is $PASSWORD "
echo "* OpenShift version: $VERSION "
echo "* Enable HTTPS with Let's Encrypt: $LETSENCRYPT "
if [ "$LETSENCRYPT" = true ] ; then
echo "* Your email is $MAIL "
fi
echo "******"
# install updates
yum update -y
# install the following base packages
yum install -y wget git zile nano net-tools docker-1.13.1\
bind-utils iptables-services \
bridge-utils bash-completion \
kexec-tools sos psacct openssl-devel \
httpd-tools NetworkManager \
python-cryptography python2-pip python-devel python-passlib \
java-1.8.0-openjdk-headless
if [ $? -eq 1 ]; then
systemctl start NetworkManager
systemctl enable NetworkManager
fi
[ ! -d openshift-ansible ] && git clone https://github.com/openshift/openshift-ansible.git -b release-${VERSION} --depth=1
cat <<EOD > /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
${IP} $(hostname) console console.${DOMAIN}
EOD
if [ -z $DISK ]; then
echo "Not setting the Docker storage."
else
cp /etc/sysconfig/docker-storage-setup /etc/sysconfig/docker-storage-setup.bk
echo DEVS=$DISK > /etc/sysconfig/docker-storage-setup
echo VG=DOCKER >> /etc/sysconfig/docker-storage-setup
echo SETUP_LVM_THIN_POOL=yes >> /etc/sysconfig/docker-storage-setup
echo DATA_SIZE="100%FREE" >> /etc/sysconfig/docker-storage-setup
systemctl stop docker
rm -rf /var/lib/docker
wipefs --all $DISK
docker-storage-setup
fi
systemctl restart docker
systemctl enable docker
if [ ! -f ~/.ssh/id_rsa ]; then
ssh-keygen -q -f ~/.ssh/id_rsa -N ""
cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
ssh -o StrictHostKeyChecking=no root@$IP "pwd" < /dev/null
fi
export METRICS="True"
export LOGGING="True"
memory=$(cat /proc/meminfo | grep MemTotal | sed "s/MemTotal:[ ]*\([0-9]*\) kB/\1/")
if [ "$memory" -lt "4194304" ]; then
export METRICS="False"
fi
if [ "$memory" -lt "16777216" ]; then
export LOGGING="False"
fi
envsubst < inventory.download > inventory.ini
# add proxy in inventory.ini if proxy variables are set
if [ ! -z "${HTTPS_PROXY:-${https_proxy:-${HTTP_PROXY:-${http_proxy}}}}" ]; then
echo >> inventory.ini
echo "openshift_http_proxy=\"${HTTP_PROXY:-${http_proxy:-${HTTPS_PROXY:-${https_proxy}}}}\"" >> inventory.ini
echo "openshift_https_proxy=\"${HTTPS_PROXY:-${https_proxy:-${HTTP_PROXY:-${http_proxy}}}}\"" >> inventory.ini
if [ ! -z "${NO_PROXY:-${no_proxy}}" ]; then
__no_proxy="${NO_PROXY:-${no_proxy}},${IP},.${DOMAIN}"
else
__no_proxy="${IP},.${DOMAIN}"
fi
echo "openshift_no_proxy=\"${__no_proxy}\"" >> inventory.ini
fi
# Let's Encrypt setup
if [ "$LETSENCRYPT" = true ] ; then
# Install CertBot
yum install --enablerepo=epel -y certbot
# Configure Let's Encrypt certificate
certbot certonly --manual \
--preferred-challenges dns \
--email $MAIL \
--server https://acme-v02.api.letsencrypt.org/directory \
--agree-tos \
-d $DOMAIN \
-d *.$DOMAIN \
-d *.apps.$DOMAIN
## Modify inventory.ini
# Declare usage of Custom Certificate
# Configure Custom Certificates for the Web Console or CLI => Doesn't Work for CLI
# Configure a Custom Master Host Certificate
# Configure a Custom Wildcard Certificate for the Default Router
# Configure a Custom Certificate for the Image Registry
## See here for more explanation: https://docs.okd.io/latest/install_config/certificate_customization.html
cat <<EOT >> inventory.ini
openshift_master_overwrite_named_certificates=true
openshift_master_cluster_hostname=console-internal.${DOMAIN}
openshift_master_cluster_public_hostname=console.${DOMAIN}
openshift_master_named_certificates=[{"certfile": "/etc/letsencrypt/live/${DOMAIN}/fullchain.pem", "keyfile": "/etc/letsencrypt/live/${DOMAIN}/privkey.pem", "cafile": "/etc/letsencrypt/live/${DOMAIN}/chain.pem", "names": ["console.${DOMAIN}"]}]
openshift_hosted_router_certificate={"certfile": "/etc/letsencrypt/live/${DOMAIN}/fullchain.pem", "keyfile": "/etc/letsencrypt/live/${DOMAIN}/privkey.pem", "cafile": "/etc/letsencrypt/live/${DOMAIN}/chain.pem"}
openshift_hosted_registry_routehost=registry.apps.${DOMAIN}
openshift_hosted_registry_routecertificates={"certfile": "/etc/letsencrypt/live/${DOMAIN}/fullchain.pem", "keyfile": "/etc/letsencrypt/live/${DOMAIN}/privkey.pem", "cafile": "/etc/letsencrypt/live/${DOMAIN}/chain.pem"}
openshift_hosted_registry_routetermination=reencrypt
EOT
# Add Cron Task to renew certificate
echo "@weekly certbot renew --pre-hook=\"oc scale --replicas=0 dc router\" --post-hook=\"oc scale --replicas=1 dc router\"" > certbotcron
crontab certbotcron
rm certbotcron
fi
mkdir -p /etc/origin/master/
touch /etc/origin/master/htpasswd
ansible-playbook -i inventory.ini openshift-ansible/playbooks/prerequisites.yml
ansible-playbook -i inventory.ini openshift-ansible/playbooks/deploy_cluster.yml
htpasswd -b /etc/origin/master/htpasswd ${USERNAME} ${PASSWORD}
oc adm policy add-cluster-role-to-user cluster-admin ${USERNAME}
if [ "$PVS" = "true" ]; then
curl -o vol.yaml $SCRIPT_REPO/vol.yaml
for i in `seq 1 200`;
do
DIRNAME="vol$i"
mkdir -p /mnt/data/$DIRNAME
chcon -Rt svirt_sandbox_file_t /mnt/data/$DIRNAME
chmod 777 /mnt/data/$DIRNAME
sed "s/name: vol/name: vol$i/g" vol.yaml > oc_vol.yaml
sed -i "s/path: \/mnt\/data\/vol/path: \/mnt\/data\/vol$i/g" oc_vol.yaml
oc create -f oc_vol.yaml
echo "created volume $i"
done
rm oc_vol.yaml
fi
echo "******"
echo "* Your console is https://console.$DOMAIN:$API_PORT"
echo "* Your username is $USERNAME "
echo "* Your password is $PASSWORD "
echo "*"
echo "* Login using:"
echo "*"
echo "$ oc login -u ${USERNAME} -p ${PASSWORD} https://console.$DOMAIN:$API_PORT/"
echo "******"
oc login -u ${USERNAME} -p ${PASSWORD} https://console.$DOMAIN:$API_PORT/
Raw
inventory.download
[OSEv3:children]
masters
nodes
etcd
[masters]
${IP} openshift_ip=${IP} openshift_schedulable=true
[etcd]
${IP} openshift_ip=${IP}
[nodes]
${IP} openshift_ip=${IP} openshift_schedulable=true openshift_node_group_name="node-config-all-in-one"
[OSEv3:vars]
oreg_auth_user=USER
oreg_auth_password=PASSWD
ansible_ssh_user=root
enable_excluders=False
enable_docker_excluder=False
ansible_service_broker_install=False
containerized=false
os_sdn_network_plugin_name='redhat/openshift-ovs-subnet'
openshift_disable_check=disk_availability,docker_storage,memory_availability,docker_image_availability
deployment_type=enterprise
openshift_deployment_type=openshift-enterprise
template_service_broker_selector={"region":"infra"}
openshift_metrics_image_version="v${VERSION}"
openshift_logging_image_version="v${VERSION}"
openshift_logging_elasticsearch_proxy_image_version="v1.0.0"
openshift_logging_es_nodeselector={"node-role.kubernetes.io/infra":"true"}
logging_elasticsearch_rollout_override=false
osm_use_cockpit=true
openshift_metrics_install_metrics=${METRICS}
openshift_logging_install_logging=false
openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', 'challenge': 'true', 'kind': 'HTPasswdPasswordIdentityProvider'}]
openshift_master_htpasswd_file='/etc/origin/master/htpasswd'
openshift_public_hostname=console.${DOMAIN}
openshift_master_default_subdomain=apps.${DOMAIN}
openshift_master_api_port=${API_PORT}
openshift_master_console_port=${API_PORT}
Raw
more-users.sh
for i in {01..10}
do
pass=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1)
htpasswd -b /etc/origin/master/htpasswd user$i $pass
echo "user$i $pass">>temp.txt
oc adm policy add-cluster-role-to-user cluster-admin user$i
done
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment