Skip to content

Cua bootnode #239

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 13 commits into
base: main
Choose a base branch
from
2 changes: 1 addition & 1 deletion azure/bootnode-image/bootnode-image-step-1.sh
Original file line number Diff line number Diff line change
Expand Up @@ -67,7 +67,7 @@ UNIQSTR=$(date +%Y%m%d%H%M%S)
echo "Unique string: $UNIQSTR"
az group create --name masocp-bootnode-vm-rg-${UNIQSTR} --location eastus2

output=$(az vm create --resource-group masocp-bootnode-vm-rg-${UNIQSTR} --name bootnode-prep --image RedHat:RHEL:92-gen2:latest --admin-username azureuser --ssh-key-values "$SSH_KEY" --size Standard_D2s_v3 --public-ip-sku Standard)
output=$(az vm create --resource-group masocp-bootnode-vm-rg-${UNIQSTR} --name bootnode-prep --image RedHat:RHEL:92-gen2:latest --admin-username azureuser --ssh-key-values "$SSH_KEY" --size Standard_D2s_v3 --public-ip-sku Standard --security-type Standard)

echo $output
vmip=$(echo $output | jq '.publicIpAddress' | tr -d '"')
Expand Down
218 changes: 1 addition & 217 deletions azure/deploy.sh
Original file line number Diff line number Diff line change
Expand Up @@ -127,227 +127,11 @@ if [[ $CLUSTER_TYPE == "azure" ]]; then
log " Vnet Id of Cluster: $REQUESTER_VPC_ID"
fi
#====================

# Deploy OCP cluster and bastion host
if [[ $OPENSHIFT_USER_PROVIDE == "false" ]]; then
cd $GIT_REPO_HOME

## Create OCP cluster
cd $GIT_REPO_HOME/azure
set +e
./create-ocp-cluster.sh
retcode=$?

if [[ $retcode -ne 0 ]]; then
log "OCP cluster creation failed"
exit 21
else
# Create a secret in the Cloud to keep OCP access credentials
cd $GIT_REPO_HOME
./create-secret.sh ocp


fi
set -e

oc login -u $OCP_USERNAME -p $OCP_PASSWORD --server=https://api.${CLUSTER_NAME}.${BASE_DOMAIN}:6443 --insecure-skip-tls-verify=true
log "==== Adding PID limits to worker nodes ===="
oc create -f $GIT_REPO_HOME/templates/container-runtime-config.yml

# Backup deployment context
rm -rf /tmp/ansible-devops
mkdir /tmp/ansible-devops
cp -r * /tmp/ansible-devops
cd /tmp
zip -r $BACKUP_FILE_NAME ansible-devops/*
rm -rf /tmp/ansible-devops
set +e
az storage blob upload --account-name ${STORAGE_ACNT_NAME} --container-name masocpcontainer --name ${DEPLOYMENT_CONTEXT_UPLOAD_PATH} --file ${BACKUP_FILE_NAME}
retcode=$?
if [[ $retcode -ne 0 ]]; then
log "Failed while uploading deployment context to blob storage"
exit 23
fi
set -e
log "OCP cluster deployment context backed up at $DEPLOYMENT_CONTEXT_UPLOAD_PATH in file $CLUSTER_NAME.zip"

else
log "==== Existing OCP cluster provided, skipping the cluster creation, Bastion host creation and S3 upload of deployment context ===="
fi

# Login to OCP cluster
log "==== Adding ER key details to OCP default pull-secret ===="
cd /tmp
export OCP_SERVER="$(echo https://api.${CLUSTER_NAME}.${BASE_DOMAIN}:6443)"
oc login -u $OCP_USERNAME -p $OCP_PASSWORD --server=$OCP_SERVER --insecure-skip-tls-verify=true
export OCP_TOKEN="$(oc whoami --show-token)"
oc extract secret/pull-secret -n openshift-config --keys=.dockerconfigjson --to=. --confirm
export encodedEntitlementKey=$(echo cp:$SLS_ENTITLEMENT_KEY | tr -d '\n' | base64 -w0)
export emailAddress=$(cat .dockerconfigjson | jq -r '.auths["cloud.openshift.com"].email')
jq '.auths |= . + {"cp.icr.io": { "auth" : "$encodedEntitlementKey", "email" : "$emailAddress"}}' .dockerconfigjson >/tmp/dockerconfig.json

envsubst </tmp/dockerconfig.json >/tmp/.dockerconfigjson
oc set data secret/pull-secret -n openshift-config --from-file=/tmp/.dockerconfigjson

# Run ansible playbook to create azurefiles storage class
log "=== Creating azurefiles-premium Storage class , managed-premium Storage class on OCP cluster ==="
cd $GIT_REPO_HOME/azure/azurefiles
./azurefiles-premium.sh
retcode=$?
if [[ $retcode -ne 0 ]]; then
log "Failed to create azurefiles-premium storageclass"
exit 27
fi

## Configure OCP cluster
log "==== OCP cluster configuration (Cert Manager) started ===="
cd $GIT_REPO_HOME
set +e
export ROLE_NAME=ibm_catalogs && ansible-playbook ibm.mas_devops.run_role
export ROLE_NAME=common_services && ansible-playbook ibm.mas_devops.run_role
export ROLE_NAME=cert_manager && ansible-playbook ibm.mas_devops.run_role
if [[ $? -ne 0 ]]; then
# One reason for this failure is catalog sources not having required state information, so recreate the catalog-operator pod
# https://bugzilla.redhat.com/show_bug.cgi?id=1807128
echo "Deleting catalog-operator pod"
podname=$(oc get pods -n openshift-operator-lifecycle-manager | grep catalog-operator | awk {'print $1'})
oc logs $podname -n openshift-operator-lifecycle-manager
oc delete pod $podname -n openshift-operator-lifecycle-manager
sleep 10
# Retry the step
export ROLE_NAME=ibm_catalogs && ansible-playbook ibm.mas_devops.run_role
export ROLE_NAME=common_services && ansible-playbook ibm.mas_devops.run_role
export ROLE_NAME=cert_manager && ansible-playbook ibm.mas_devops.run_role
retcode=$?
if [[ $retcode -ne 0 ]]; then
log "Failed while configuring OCP cluster"
exit 24
fi
fi
log "==== OCP cluster configuration (Cert Manager) completed ===="

if [[ -n $DBProvisionedVPCId ]]; then
log "==== Vnet peering between cluster and Database starts ===="

cd $GIT_REPO_HOME
sh $GIT_REPO_HOME/azure/db/db-create-vnet-peer.sh
log "==== Vnet peering between cluster and Database ends ===="
fi
set -e
## Deploy MongoDB
log "==== MongoDB deployment started ===="
export ROLE_NAME=mongodb && ansible-playbook ibm.mas_devops.run_role
log "==== MongoDB deployment completed ===="

## Copying the entitlement.lic to MAS_CONFIG_DIR
cp $GIT_REPO_HOME/entitlement.lic $MAS_CONFIG_DIR

## Deploy Amqstreams
# log "==== Amq streams deployment started ===="
# ansible-playbook install-amqstream.yml
# log "==== Amq streams deployment completed ===="

# SLS Deployment
if [[ (-z $SLS_URL) || (-z $SLS_REGISTRATION_KEY) || (-z $SLS_PUB_CERT_URL) ]]; then
## Deploy SLS
log "==== SLS deployment started ===="
# sls and gencfg_sls are combined in common sls role
export ROLE_NAME=sls && ansible-playbook ibm.mas_devops.run_role
log "==== SLS deployment completed ===="

else
log "=== Using Existing SLS Deployment ===" #
# works when SLS_URL is set, handled in same sls role
export ROLE_NAME=sls && ansible-playbook ibm.mas_devops.run_role
log "=== Generated SLS Config YAML ==="
fi

# Deploy UDS
if [[ (-z $UDS_API_KEY) || (-z $UDS_ENDPOINT_URL) || (-z $UDS_PUB_CERT_URL) ]]; then
# Deploy UDS
log "==== UDS deployment started ===="
# uds and gencfg_uds are combined in common uds role
export ROLE_NAME=uds && ansible-playbook ibm.mas_devops.run_role
log "==== UDS deployment completed ===="

else
log "=== Using Existing UDS Deployment ==="
# works when UDS_ENDPOINT_URL is set, handled in same uds role
export ROLE_NAME=uds && ansible-playbook ibm.mas_devops.run_role
log "=== Generated UDS Config YAML ==="
fi

# Deploy CP4D
if [[ $DEPLOY_CP4D == "true" ]]; then
log "==== CP4D deployment started ===="
export ROLE_NAME=cp4d && ansible-playbook ibm.mas_devops.run_role
log "==== CP4D deployment completed ===="
fi

## Deploy Manage
if [[ $DEPLOY_MANAGE == "true" && (-z $MAS_JDBC_USER) && (-z $MAS_JDBC_PASSWORD) && (-z $MAS_JDBC_URL) && (-z $MAS_JDBC_CERT_URL) ]]; then

log "==== Configure internal db2 for manage started ===="
export ROLE_NAME=db2 && ansible-playbook ibm.mas_devops.run_role
export ROLE_NAME=suite_db2_setup_for_manage && ansible-playbook ibm.mas_devops.run_role
log "==== Configuration of internal db2 for manage completed ===="
fi

## Create MAS Workspace
log "==== MAS Workspace generation started ===="
export ROLE_NAME=gencfg_workspace && ansible-playbook ibm.mas_devops.run_role
log "==== MAS Workspace generation completed ===="

if [[ $DEPLOY_MANAGE == "true" && (-n $MAS_JDBC_USER) && (-n $MAS_JDBC_PASSWORD) && (-n $MAS_JDBC_URL) ]]; then
export SSL_ENABLED=false
#Setting the DB values
if [[ ${MAS_JDBC_URL,, } =~ ^jdbc:db2? ]]; then
log "Setting to DB2 Values"
export MAS_APP_SETTINGS_DB2_SCHEMA="maximo"
export MAS_APP_SETTINGS_TABLESPACE="maxdata"
export MAS_APP_SETTINGS_INDEXSPACE="maxindex"
elif [[ ${MAS_JDBC_URL,, } =~ ^jdbc:sql? ]]; then
log "Setting to MSSQL Values"
export MAS_APP_SETTINGS_DB2_SCHEMA="dbo"
export MAS_APP_SETTINGS_TABLESPACE="PRIMARY"
export MAS_APP_SETTINGS_INDEXSPACE="PRIMARY"
elif [[ ${MAS_JDBC_URL,, } =~ ^jdbc:oracle? ]]; then
log "Setting to ORACLE Values"
export MAS_APP_SETTINGS_DB2_SCHEMA="maximo"
export MAS_APP_SETTINGS_TABLESPACE="maxdata"
export MAS_APP_SETTINGS_INDEXSPACE="maxindex"
fi

log " MAS_APP_SETTINGS_DB2_SCHEMA: $MAS_APP_SETTINGS_DB2_SCHEMA"
log " DEPLOY_MANAGEMAS_APP_SETTINGS_TABLESPACE: $MAS_APP_SETTINGS_TABLESPACE"
log " MAS_APP_SETTINGS_INDEXSPACE: $MAS_APP_SETTINGS_INDEXSPACE"
if [ -n "$MAS_JDBC_CERT_URL" ]; then
log "MAS_JDBC_CERT_URL is not empty, setting SSL_ENABLED as true"
export SSL_ENABLED=true
fi
log "==== Configure JDBC started for external DB2 ==== SSL_ENABLED = $SSL_ENABLED"
export ROLE_NAME=gencfg_jdbc && ansible-playbook ibm.mas_devops.run_role
log "==== Configure JDBC completed for external DB2 ===="
fi

## Deploy MAS
log "==== MAS deployment started ===="
export ROLE_NAME=suite_dns && ansible-playbook ibm.mas_devops.run_role
export ROLE_NAME=suite_install && ansible-playbook ibm.mas_devops.run_role
export ROLE_NAME=suite_config && ansible-playbook ibm.mas_devops.run_role
export ROLE_NAME=suite_verify && ansible-playbook ibm.mas_devops.run_role
log "==== MAS deployment completed ===="

## Deploy Manage
if [[ $DEPLOY_MANAGE == "true" ]]; then
# Deploy Manage
log "==== MAS Manage deployment started ===="
export ROLE_NAME=suite_app_install && ansible-playbook ibm.mas_devops.run_role
log "==== MAS Manage deployment completed ===="

# Configure app to use the DB
log "==== MAS Manage configure app started ===="
export MAS_APPWS_BINDINGS_JDBC="workspace-application"
export ROLE_NAME=suite_app_config && ansible-playbook ibm.mas_devops.run_role
log "==== MAS Manage configure app completed ===="
fi
fi
10 changes: 9 additions & 1 deletion azure/ocp-terraform/azure_infra/provider.tf
Original file line number Diff line number Diff line change
@@ -1,8 +1,16 @@
terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
version = "3.21.0"
}
}
}
provider "azurerm" {
version = "= 2.6.0"
subscription_id = var.azure-subscription-id
client_id = var.azure-client-id
client_secret = var.azure-client-secret
tenant_id = var.azure-tenant-id
partner_id = "pid-5a1e8d63-79c9-418d-b3af-b2a21a557aac-partnercenter"
features {}
}
28 changes: 14 additions & 14 deletions azure/ocp-terraform/azure_infra/vnet.tf
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ resource "azurerm_resource_group" "cpdrg" {
}

resource "azurerm_virtual_network" "cpdvirtualnetwork" {
count = var.new-or-existing == "new" ? 1 : 0
count = var.new-or-existing == "new" ? 1 : 0
name = var.virtual-network-name
address_space = [var.virtual-network-cidr]
location = var.region
Expand All @@ -34,11 +34,11 @@ resource "azurerm_virtual_network" "cpdvirtualnetwork" {


resource "azurerm_subnet" "masternode" {
count = var.new-or-existing == "new" ? 1 : 0
count = var.new-or-existing == "new" ? 1 : 0
name = var.master-subnet-name
resource_group_name = var.resource-group
virtual_network_name = var.virtual-network-name
address_prefix = var.master-subnet-cidr
address_prefixes = [var.master-subnet-cidr]
depends_on = [
azurerm_resource_group.cpdrg,
azurerm_virtual_network.cpdvirtualnetwork
Expand All @@ -50,7 +50,7 @@ resource "azurerm_subnet" "workernode" {
name = var.worker-subnet-name
resource_group_name = var.resource-group
virtual_network_name = var.virtual-network-name
address_prefix = var.worker-subnet-cidr
address_prefixes = [var.worker-subnet-cidr]
depends_on = [
azurerm_resource_group.cpdrg,
azurerm_virtual_network.cpdvirtualnetwork
Expand All @@ -75,7 +75,7 @@ resource "azurerm_network_interface" "nfs" {
}

resource "azurerm_network_security_group" "master" {
count = var.new-or-existing == "new" ? 1 : 0
count = var.new-or-existing == "new" ? 1 : 0
name = var.master-nsg-name
location = var.region
resource_group_name = var.resource-group
Expand All @@ -99,7 +99,7 @@ resource "azurerm_network_security_group" "master" {
}

resource "azurerm_network_security_group" "worker" {
count = var.new-or-existing == "new" ? 1 : 0
count = var.new-or-existing == "new" ? 1 : 0
name = var.worker-nsg-name
location = var.region
resource_group_name = var.resource-group
Expand All @@ -126,7 +126,7 @@ resource "azurerm_network_security_rule" "nfsin" {
}

resource "azurerm_network_security_rule" "worker-https" {
count = var.new-or-existing == "new" ? 1 : 0
count = var.new-or-existing == "new" ? 1 : 0
name = "https"
priority = 500
direction = "Inbound"
Expand All @@ -141,7 +141,7 @@ resource "azurerm_network_security_rule" "worker-https" {
}

resource "azurerm_network_security_rule" "worker-http" {
count = var.new-or-existing == "new" ? 1 : 0
count = var.new-or-existing == "new" ? 1 : 0
name = "http"
priority = 501
direction = "Inbound"
Expand All @@ -156,7 +156,7 @@ resource "azurerm_network_security_rule" "worker-http" {
}

resource "azurerm_subnet_network_security_group_association" "master" {
count = var.new-or-existing == "new" ? 1 : 0
count = var.new-or-existing == "new" ? 1 : 0
subnet_id = "/subscriptions/${var.azure-subscription-id}/resourceGroups/${var.resource-group}/providers/Microsoft.Network/virtualNetworks/${var.virtual-network-name}/subnets/${var.master-subnet-name}"
network_security_group_id = "/subscriptions/${var.azure-subscription-id}/resourceGroups/${var.resource-group}/providers/Microsoft.Network/networkSecurityGroups/${azurerm_network_security_group.master[count.index].name}"
depends_on = [
Expand All @@ -167,7 +167,7 @@ resource "azurerm_subnet_network_security_group_association" "master" {
}

resource "azurerm_subnet_network_security_group_association" "worker" {
count = var.new-or-existing == "new" ? 1 : 0
count = var.new-or-existing == "new" ? 1 : 0
subnet_id = "/subscriptions/${var.azure-subscription-id}/resourceGroups/${var.resource-group}/providers/Microsoft.Network/virtualNetworks/${var.virtual-network-name}/subnets/${var.worker-subnet-name}"
network_security_group_id = "/subscriptions/${var.azure-subscription-id}/resourceGroups/${var.resource-group}/providers/Microsoft.Network/networkSecurityGroups/${azurerm_network_security_group.worker[count.index].name}"
depends_on = [
Expand All @@ -183,11 +183,11 @@ resource "azurerm_subnet_network_security_group_association" "worker" {
# Create bastion subnet in the vnet

resource "azurerm_subnet" "bastion_subnet" {
count = var.new-or-existing == "new" ? 1 : 0
count = var.new-or-existing == "new" ? 1 : 0
name = "AzureBastionSubnet"
resource_group_name = var.resource-group
virtual_network_name = var.virtual-network-name
address_prefix = var.bastion_cidr
address_prefixes = [var.bastion_cidr]
depends_on = [
azurerm_resource_group.cpdrg,
azurerm_virtual_network.cpdvirtualnetwork
Expand All @@ -196,7 +196,7 @@ resource "azurerm_subnet_network_security_group_association" "worker" {

#Create public IP
resource "azurerm_public_ip" "bastion_ip" {
count = var.new-or-existing == "new" ? 1 : 0
count = var.new-or-existing == "new" ? 1 : 0
name = "bastion-ip"
location = var.region
resource_group_name = var.resource-group
Expand All @@ -210,7 +210,7 @@ resource "azurerm_subnet_network_security_group_association" "worker" {

#Create bastion host
resource "azurerm_bastion_host" "bastion_host" {
count = var.new-or-existing == "new" ? 1 : 0
count = var.new-or-existing == "new" ? 1 : 0
name = "azure-bastion-host"
location = var.region
resource_group_name = var.resource-group
Expand Down
Empty file modified init.sh
100644 → 100755
Empty file.
Empty file modified pre-validate.sh
100644 → 100755
Empty file.