├── .gitmodules
├── .gitignore
├── suite-license-services
    ├── ibm-catalog.yaml
    ├── trust-manager-subscription.yaml
    ├── sls-operator-subscription.yaml
    ├── sls-custom-scc.yaml
    └── sls-deployment.yaml
├── sbo_setup.sh
├── cert-manager_setup.sh
├── util.sh
├── setup.sh
├── ibm-common-services_setup.sh
├── uds_setup.sh
├── local-path_setup.sh
├── get_setup_params.sh
├── mas_setup.sh
├── sls_setup.sh
├── README.md
├── mas-ws_setup.sh
├── mongodb_setup.sh
└── LICENSE


/.gitmodules:
--------------------------------------------------------------------------------
1 | 


--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
1 | *.log
2 | work
3 | 


--------------------------------------------------------------------------------
/suite-license-services/ibm-catalog.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: operators.coreos.com/v1alpha1
 2 | kind: CatalogSource
 3 | metadata:
 4 |   name: ibm-operator-catalog
 5 |   namespace: openshift-marketplace
 6 | spec:
 7 |   displayName: "IBM Operator Catalog"
 8 |   publisher: IBM
 9 |   sourceType: grpc
10 |   image: docker.io/ibmcom/ibm-operator-catalog
11 |   updateStrategy:
12 |     registryPoll:
13 |       interval: 45m
14 | 


--------------------------------------------------------------------------------
/suite-license-services/trust-manager-subscription.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: operators.coreos.com/v1alpha1
 2 | kind: Subscription
 3 | metadata:
 4 |   name: ibm-truststore-mgr-1.x-ibm-operator-catalog-openshift-marketplace
 5 |   namespace: ibm-sls
 6 | spec:
 7 |   source: ibm-operator-catalog
 8 |   sourceNamespace: openshift-marketplace
 9 |   name: ibm-truststore-mgr
10 |   channel: 1.x
11 |   startingCSV: ibm-truststore-mgr.v1.0.0
12 |   installPlanApproval: Automatic
13 | 


--------------------------------------------------------------------------------
/suite-license-services/sls-operator-subscription.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: operators.coreos.com/v1
 2 | kind: OperatorGroup
 3 | metadata:
 4 |   name: ibm-sls-group
 5 | spec:
 6 |   targetNamespaces:
 7 |     - ibm-sls
 8 | ---
 9 | apiVersion: operators.coreos.com/v1alpha1
10 | kind: Subscription
11 | metadata:
12 |   name: ibm-sls
13 |   namespace: ibm-sls
14 | spec:
15 |   channel: 3.x
16 |   installPlanApproval: Automatic
17 |   name: ibm-sls
18 |   source: ibm-operator-catalog
19 |   sourceNamespace: openshift-marketplace
20 | 


--------------------------------------------------------------------------------
/suite-license-services/sls-custom-scc.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: security.openshift.io/v1
 2 | metadata:
 3 |   annotations:
 4 |     kubernetes.io/description: "This policy is the most restrictive for SLS,
 5 |       requiring pods to run with a non-root UID, and preventing pods from accessing the host.
 6 |       The UID and GID will be bound by ranges specified at the Namespace level."
 7 |   name: ibm-sls-custom-scc
 8 | allowHostDirVolumePlugin: false
 9 | allowHostIPC: false
10 | allowHostNetwork: false
11 | allowHostPID: false
12 | allowHostPorts: false
13 | allowPrivilegeEscalation: true
14 | allowPrivilegedContainer: false
15 | allowedCapabilities: null
16 | defaultAddCapabilities: null
17 | fsGroup:
18 |   type: MustRunAs
19 | kind: SecurityContextConstraint
20 | priority: 0
21 | readOnlyRootFilesystem: false
22 | requiredDropCapabilities:
23 |   - KILL
24 |   - MKNOD
25 |   - SETUID
26 |   - SETGID
27 | runAsUser:
28 |   type: MustRunAsRange
29 | seLinuxContext:
30 |   type: MustRunAs
31 | supplementalGroups:
32 |   type: RunAsAny
33 | users: []
34 | volumes:
35 |   - configMap
36 |   - downwardAPI
37 |   - emptyDir
38 |   - persistentVolumeClaim
39 |   - projected
40 |   - secret
41 | 


--------------------------------------------------------------------------------
/suite-license-services/sls-deployment.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: sls.ibm.com/v1
 2 | kind: LicenseService
 3 | metadata:
 4 |   name: sls
 5 |   namespace: ibm-sls
 6 |   labels:
 7 |     app.kubernetes.io/instance: ibm-sls
 8 |     app.kubernetes.io/managed-by: olm
 9 |     app.kubernetes.io/name: ibm-sls
10 | spec:
11 |   license:
12 |     accept: true
13 |   domain: apps-crc.testing
14 |   mongo:
15 |     authMechanism: DEFAULT
16 |     configDb: admin
17 |     nodes:
18 |       - host: mas-mongo-ce-0.mas-mongo-ce-svc.mongo.svc.cluster.local
19 |         port: 27017
20 |       - host: mas-mongo-ce-1.mas-mongo-ce-svc.mongo.svc.cluster.local
21 |         port: 27017
22 |       - host: mas-mongo-ce-2.mas-mongo-ce-svc.mongo.svc.cluster.local
23 |         port: 27017
24 |     secretName: sls-mongo-credentials
25 |     certificates:
26 |       - alias: mongodb
27 |         crt: "${MONGO_CERT}"
28 |   rlks:
29 |     storage:
30 |       class: local-path
31 |       size: 5G
32 |   settings:
33 |     auth:
34 |       enforce: true
35 |     compliance:
36 |       enforce: true
37 |     reconciliation:
38 |       enabled: true
39 |       reconciliationPeriod: 1800
40 |     registration:
41 |       open: true
42 |     reporting:
43 |       maxDailyReports: 90
44 |       maxHourlyReports: 24
45 |       maxMonthlyReports: 12
46 |       reportGenerationPeriod: 3600
47 |       samplingPeriod: 900
48 | 


--------------------------------------------------------------------------------
/sbo_setup.sh:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env bash
 2 | 
 3 | ## This Script installs sb operator for MAS.
 4 | SCRIPT_DIR=$(
 5 |     cd $(dirname $0)
 6 |     pwd
 7 | )
 8 | 
 9 | source "${SCRIPT_DIR}/util.sh"
10 | 
11 | status=$(oc whoami 2>&1)
12 | if [[ $? -gt 0 ]]; then
13 |     echo "Login to OpenShift to continue Service Binding Operator installation."
14 |     exit 1
15 | fi
16 | 
17 | echo "--- Install Service Binding Operator"
18 | oc project default
19 | cat <<EOF | oc apply -f -
20 | apiVersion: operators.coreos.com/v1alpha1
21 | kind: Subscription
22 | metadata:
23 |   name: rh-service-binding-operator
24 |   namespace: openshift-operators
25 |   labels:
26 |     operators.coreos.com/rh-service-binding-operator.openshift-operators: ''
27 | spec:
28 |   channel: stable
29 |   name: rh-service-binding-operator
30 |   source: redhat-operators
31 |   sourceNamespace: openshift-marketplace
32 |   installPlanApproval: Automatic
33 | EOF
34 | 
35 | echo "--- Verify Service Binding Operator installation"
36 | projectName="openshift-operators"
37 | operatorName="rh-service-binding-operator"
38 | cmd="oc get subscription -n ${projectName} ${operatorName} --ignore-not-found=true -o jsonpath={.status.currentCSV}"
39 | waitUntilAvailable "${cmd}"
40 | csv=$(${cmd})
41 | 
42 | cmd="oc get csv -n ${projectName} ${csv} --ignore-not-found=true -o jsonpath={.status.phase}"
43 | state="Succeeded"
44 | waitUntil "${cmd}" "${state}"
45 | echo "Done."
46 | 


--------------------------------------------------------------------------------
/cert-manager_setup.sh:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env bash
 2 | 
 3 | ## This Script installs ibm cert manager operator 
 4 | SCRIPT_DIR=$(
 5 |   cd $(dirname $0)
 6 |   pwd
 7 | )
 8 | 
 9 | source "${SCRIPT_DIR}/util.sh"
10 | 
11 | status=$(oc whoami 2>&1)
12 | if [[ $? -gt 0 ]]; then
13 |   echo "Login to OpenShift to continue installation." 1>&2
14 |   exit 1
15 | fi
16 | 
17 | echo "--- Check IBM Common Services installed"
18 | if [[ ! $(oc get crd operandrequests.operator.ibm.com 2> /dev/null) ]]; then
19 |   echo "IBM Common Services not found." 1>&2
20 |   exit 1
21 | fi
22 | 
23 | echo "--- Install Cert Manager"
24 | cat <<EOF | oc apply -f -
25 | ---
26 | apiVersion: operator.ibm.com/v1alpha1
27 | kind: OperandRequest
28 | metadata:
29 |   name: common-service
30 |   namespace: ibm-common-services
31 | spec:
32 |   requests:
33 |     - operands:
34 |         - name: ibm-cert-manager-operator
35 |       registry: common-service
36 | EOF
37 | 
38 | echo "--- Verify Cert Manager installation"
39 | cmd="oc get subscription -n ibm-common-services ibm-cert-manager-operator --ignore-not-found=true -o jsonpath={.status.currentCSV}"
40 | waitUntilAvailable "${cmd}"
41 | csv=$(${cmd})
42 | cmd="oc get csv -n ibm-common-services ${csv} --ignore-not-found=true -o jsonpath={.status.phase}"
43 | state="Succeeded"
44 | waitUntil "${cmd}" "${state}"
45 | cmd="oc get CertManager default --ignore-not-found=true -o jsonpath={.status.certManagerStatus}"
46 | state="Successfully deployed cert-manager"
47 | waitUntil "${cmd}" "${state}"
48 | 
49 | echo "Done."
50 | 


--------------------------------------------------------------------------------
/util.sh:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env bash
 2 | 
 3 | function createProject() {
 4 |     existingns=$(oc get projects | grep -w "${projectName}" | awk '{print $1}')
 5 |     
 6 |     if [ "${existingns}" == "${projectName}" ]; then
 7 |         echo "Project ${existingns} already exists."
 8 |     else
 9 |         oc new-project "${projectName}"
10 |         if [ $? -ne 0 ]; then
11 |             echo "Project:${projectName} creation failed."
12 |             exit 1
13 |         fi
14 |     fi
15 |     
16 |     oc project "${projectName}"
17 | }
18 | 
19 | function waitUntil() {
20 |     cmd="$1"
21 |     target="$2"
22 |     retryCount=1200
23 |     retries=0
24 |     
25 |     until [[ $(${cmd}) = "${target}" ]]; do
26 |         sleep 10
27 |         retries=$((retries + 1))
28 |         if [[ $retries -eq $retryCount ]]; then
29 |             echo "Timed out." 1>&2
30 |             exit 1
31 |         fi
32 |     done
33 | }
34 | 
35 | function waitUntilAvailable() {
36 |     cmd="$1"
37 |     retryCount=600
38 |     retries=0
39 |     
40 |     while [ -z "$(${cmd})" ]; do
41 |         sleep 10
42 |         retries=$((retries + 1))
43 |         if [[ $retries -eq $retryCount ]]; then
44 |             echo "Timed out." 1>&2
45 |             exit 1
46 |         fi
47 |     done
48 | }
49 | 
50 | function approvePlan() {
51 |     installplan=$(oc get installplan -n ${projectName} | grep -i ${operatorName} | awk '{print $1}' | head -n 1)
52 |     
53 |     if [[ "${installplan}" != "" ]]; then
54 |         oc patch installplan ${installplan} -n ${projectName} --type merge --patch '{"spec":{"approved":true}}'
55 |     fi
56 | }
57 | 
58 | 


--------------------------------------------------------------------------------
/setup.sh:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env bash
 2 | 
 3 | # unattended full setup
 4 | 
 5 | while getopts p OPT
 6 | do
 7 |     case $OPT in
 8 |         "p" ) PROD="1" ;;
 9 |     esac
10 | done
11 | 
12 | SCRIPT_DIR=$(
13 |     cd $(dirname $0)
14 |     pwd
15 | )
16 | 
17 | if [ -z "${ENTITLEMENT_KEY}" ]; then
18 |     echo "Missing entitlement key in environemnt variable ENTITLEMENT_KEY."
19 |     exit 1
20 | fi
21 | 
22 | if [ -n "${PROD}" ]; then
23 |     if [ -z "${SLS_STORAGE_CLASS}" ]; then
24 |         echo "Missing SLS Storage Class environemnt variable SLS_STORAGE_CLASS."
25 |         exit 1
26 |     fi
27 |     
28 |     if [ -z "${SLS_DOMAIN_NAME}" ]; then
29 |         echo "Missing SLS base domain name environemnt variable SLS_DOMAIN_NAME."
30 |         exit 1
31 |     fi
32 |     
33 |     if [ -z "${UDS_STORAGE_CLASS}" ]; then
34 |         echo "Missing UDS Storage Class environemnt variable UDS_STORAGE_CLASS."
35 |         exit 1
36 |     fi
37 |     
38 |     if [ -z "${MONGODB_STORAGE_CLASS}" ]; then
39 |         echo "Missing MongoDB Storage Class environemnt variable MONGODB_STORAGE_CLASS."
40 |         exit 1
41 |     fi
42 |     
43 |     if [ -z ${MAS_INSTANCE_ID} ]; then
44 |         echo "Missing MAS Instance ID in environemnt variable MAS_INSTANCE_ID."
45 |         exit 1
46 |     fi
47 |     
48 |     if [ -z "${MAS_DOMAIN_NAME}" ]; then
49 |         echo "Missing Maximo base domain name environemnt variable MAS_DOMAIN_NAME."
50 |         exit 1
51 |     fi
52 |     
53 |     if [ -z "${MONGODB_CPU_LIMIT}" ]; then
54 |         export MONGODB_CPU_LIMIT="2"
55 |     fi
56 |     
57 |     if [ -z "${MONGODB_MEM_LIMIT}" ]; then
58 |         export MONGODB_MEM_LIMIT="2Gi"
59 |     fi
60 | fi
61 | 
62 | if [[ -d "${SCRIPT_DIR}/work" ]]; then
63 |     rm -r ${SCRIPT_DIR}/work/*
64 | fi
65 | 
66 | if [ -z "${PROD}" ]; then
67 |     ${SCRIPT_DIR}/local-path_setup.sh || exit 1
68 | fi
69 | 
70 | ${SCRIPT_DIR}/ibm-common-services_setup.sh || exit 1
71 | ${SCRIPT_DIR}/cert-manager_setup.sh || exit 1
72 | ${SCRIPT_DIR}/sbo_setup.sh || exit 1
73 | ${SCRIPT_DIR}/uds_setup.sh || exit 1
74 | ${SCRIPT_DIR}/mongodb_setup.sh || exit 1
75 | ${SCRIPT_DIR}/sls_setup.sh || exit 1
76 | ${SCRIPT_DIR}/mas_setup.sh || exit 1
77 | 
78 | ${SCRIPT_DIR}/get_setup_params.sh
79 | 


--------------------------------------------------------------------------------
/ibm-common-services_setup.sh:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env bash
 2 | 
 3 | ## This Script installs ibm cert manager operator 
 4 | 
 5 | SCRIPT_DIR=$(
 6 |   cd $(dirname $0)
 7 |   pwd
 8 | )
 9 | 
10 | source "${SCRIPT_DIR}/util.sh"
11 | 
12 | status=$(oc whoami 2>&1)
13 | if [[ $? -gt 0 ]]; then
14 |   echo "Login to OpenShift to continue cert manager installation." 1>&2
15 |   exit 1
16 | fi
17 | 
18 | echo "--- Install IBM Operator Catalog"
19 | cat <<EOF | oc apply -f -
20 | ---
21 | apiVersion: operators.coreos.com/v1alpha1
22 | kind: CatalogSource
23 | metadata:
24 |   name: ibm-operator-catalog
25 |   namespace: openshift-marketplace
26 | spec:
27 |   displayName: "IBM Operator Catalog"
28 |   publisher: IBM
29 |   sourceType: grpc
30 |   image: docker.io/ibmcom/ibm-operator-catalog
31 |   updateStrategy:
32 |     registryPoll:
33 |       interval: 45m
34 | ---
35 | apiVersion: operators.coreos.com/v1alpha1
36 | kind: CatalogSource
37 | metadata:
38 |   name: opencloud-operators
39 |   namespace: openshift-marketplace
40 | spec:
41 |   displayName: IBMCS Operators
42 |   publisher: IBM
43 |   sourceType: grpc
44 |   image: docker.io/ibmcom/ibm-common-service-catalog:latest
45 |   updateStrategy:
46 |     registryPoll:
47 |       interval: 45m
48 | EOF
49 | 
50 | echo "--- Install IBM Common Services"
51 | cat <<EOF | oc apply -f -
52 | apiVersion: v1
53 | kind: Namespace
54 | metadata:
55 |   name: ibm-common-services
56 | ---
57 | apiVersion: operators.coreos.com/v1alpha2
58 | kind: OperatorGroup
59 | metadata:
60 |   name: operatorgroup
61 |   namespace: ibm-common-services
62 | spec:
63 |   targetNamespaces:
64 |     - ibm-common-services
65 | ---
66 | apiVersion: operators.coreos.com/v1alpha1
67 | kind: Subscription
68 | metadata:
69 |   name: ibm-common-service-operator
70 |   namespace: ibm-common-services
71 | spec:
72 |   channel: v3
73 |   installPlanApproval: Automatic
74 |   name: ibm-common-service-operator
75 |   source: ibm-operator-catalog
76 |   sourceNamespace: openshift-marketplace
77 | EOF
78 | 
79 | echo "--- Wait until Operand CRD available"
80 | cmd="oc get crd operandrequests.operator.ibm.com -n ibm-common-services --ignore-not-found=true -o jsonpath={.status.conditions[?(@.type=='Established')].status}"
81 | state="True"
82 | waitUntil "${cmd}" "${state}"
83 | 
84 | echo "Done."
85 | 


--------------------------------------------------------------------------------
/uds_setup.sh:
--------------------------------------------------------------------------------
  1 | #!/usr/bin/env bash
  2 | 
  3 | ## This Script installs UDS operator for MAS.
  4 | SCRIPT_DIR=$(
  5 |     cd $(dirname $0)
  6 |     pwd
  7 | )
  8 | 
  9 | source "${SCRIPT_DIR}/util.sh"
 10 | 
 11 | if [ -z "${UDS_STORAGE_CLASS}" ]; then
 12 |     export UDS_STORAGE_CLASS="local-path"
 13 | fi
 14 | 
 15 | status=$(oc whoami 2>&1)
 16 | if [[ $? -gt 0 ]]; then
 17 |     echo "Login to OpenShift to continue installation." 1>&2
 18 |     exit 1
 19 | fi
 20 | 
 21 | echo "--- Check IBM Common Services installed"
 22 | if [[ ! $(oc get crd operandrequests.operator.ibm.com 2> /dev/null) ]]; then
 23 |     echo "IBM Common Services not found." 1>&2
 24 |     exit 1
 25 | fi
 26 | 
 27 | echo "--- Install User Data Services Operand opetator"
 28 | cat <<EOF | oc apply -f -
 29 | ---
 30 | apiVersion: operator.ibm.com/v1alpha1
 31 | kind: OperandRequest
 32 | metadata:
 33 |   name: user-data-services
 34 |   namespace: ibm-common-services
 35 | spec:
 36 |   requests:
 37 |     - operands:
 38 |         - name: ibm-user-data-services-operator
 39 |       registry: common-service
 40 | EOF
 41 | 
 42 | echo "--- Verify UDS installation"
 43 | cmd="oc get -n ibm-common-services subscription ibm-user-data-services-operator --ignore-not-found=true -o jsonpath={.status.currentCSV}"
 44 | waitUntilAvailable "${cmd}"
 45 | csv=$(${cmd})
 46 | cmd="oc get csv -n ibm-common-services ${csv} --ignore-not-found=true -o jsonpath={.status.phase}"
 47 | state="Succeeded"
 48 | waitUntil "${cmd}" "${state}"
 49 | 
 50 | echo "--- Install Analytics Proxy"
 51 | cat <<EOF | oc apply -f -
 52 | ---
 53 | apiVersion: uds.ibm.com/v1
 54 | kind: AnalyticsProxy
 55 | metadata:
 56 |  name: analyticsproxy
 57 |  namespace: ibm-common-services
 58 | spec:
 59 |  license:
 60 |    accept: true
 61 |  db_archive:
 62 |    persistent_storage:
 63 |      storage_size: 10G
 64 |  kafka:
 65 |    storage_size: 5G
 66 |    zookeeper_storage_size: 5G
 67 |  airgappeddeployment:
 68 |    enabled: false
 69 |  env_type: lite
 70 |  event_scheduler_frequency: '@hourly'
 71 |  storage_class: ${UDS_STORAGE_CLASS}
 72 |  proxy_settings:
 73 |    http_proxy: ''
 74 |    https_proxy: ''
 75 |    no_proxy: ''
 76 |  ibmproxyurl: 'https://iaps.ibm.com'
 77 |  allowed_domains: '*'
 78 |  postgres:
 79 |    backup_frequency: '@daily'
 80 |    backup_type: incremental
 81 |    storage_size: 10G
 82 |  tls:
 83 |    airgap_host: ''
 84 |    uds_host: ''
 85 | EOF
 86 | 
 87 | echo "--- Wait Analytics Proxy config completion"
 88 | cmd="oc get analyticsproxies.uds.ibm.com analyticsproxy -n ibm-common-services --ignore-not-found=true -o jsonpath={.status.phase}"
 89 | state="Ready"
 90 | waitUntil "${cmd}" "${state}"
 91 | 
 92 | echo "--- Generate UDS API Key"
 93 | cat <<EOF | oc apply -f -
 94 | apiVersion: uds.ibm.com/v1
 95 | kind: GenerateKey
 96 | metadata:
 97 |   name: uds-api-key
 98 |   namespace: ibm-common-services
 99 | spec:
100 |   image_pull_secret: uds-images-pull-secret
101 | EOF
102 | 


--------------------------------------------------------------------------------
/local-path_setup.sh:
--------------------------------------------------------------------------------
  1 | #!/usr/bin/env bash
  2 | 
  3 | ## This Script installs local path service for MAS based on https://github.com/code-ready/crc/wiki/Dynamic-volume-provisioning
  4 | SCRIPT_DIR=$(cd $(dirname $0); pwd)
  5 | 
  6 | source "${SCRIPT_DIR}/util.sh"
  7 | 
  8 | status=$(oc whoami 2>&1)
  9 | if [[ $? -gt 0 ]]; then
 10 |     echo "Login to OpenShift to continue local-path installation."
 11 |     exit 1;
 12 | fi
 13 | 
 14 | echo "--- Create namespace for local-path-storage."
 15 | projectName="local-path-storage"
 16 | createProject
 17 | 
 18 | echo "--- Create service account for local-path-storage"
 19 | oc create serviceaccount local-path-provisioner-service-account -n "${projectName}" 
 20 | 
 21 | echo "--- Configure adm policy for local-path-storage"
 22 | oc adm policy add-scc-to-user hostaccess -z local-path-provisioner-service-account -n "${projectName}" 
 23 | 
 24 | echo "--- Create service account for local-path-storage"
 25 | cat <<EOF | oc apply -n "${projectName}" -f - 
 26 | apiVersion: rbac.authorization.k8s.io/v1
 27 | kind: ClusterRole
 28 | metadata:
 29 |   name: local-path-provisioner-role
 30 | rules:
 31 | - apiGroups: [""]
 32 |   resources: ["nodes", "persistentvolumeclaims"]
 33 |   verbs: ["get", "list", "watch"]
 34 | - apiGroups: [""]
 35 |   resources: ["endpoints", "persistentvolumes", "pods"]
 36 |   verbs: ["*"]
 37 | - apiGroups: [""]
 38 |   resources: ["events"]
 39 |   verbs: ["create", "patch"]
 40 | - apiGroups: ["storage.k8s.io"]
 41 |   resources: ["storageclasses"]
 42 |   verbs: ["get", "list", "watch"]
 43 | ---
 44 | apiVersion: rbac.authorization.k8s.io/v1
 45 | kind: ClusterRoleBinding
 46 | metadata:
 47 |   name: local-path-provisioner-bind
 48 | roleRef:
 49 |   apiGroup: rbac.authorization.k8s.io
 50 |   kind: ClusterRole
 51 |   name: local-path-provisioner-role
 52 | subjects:
 53 | - kind: ServiceAccount
 54 |   name: local-path-provisioner-service-account
 55 |   namespace: local-path-storage
 56 | ---
 57 | apiVersion: apps/v1
 58 | kind: Deployment
 59 | metadata:
 60 |   name: local-path-provisioner
 61 |   namespace: local-path-storage
 62 | spec:
 63 |   replicas: 1
 64 |   selector:
 65 |     matchLabels:
 66 |       app: local-path-provisioner
 67 |   template:
 68 |     metadata:
 69 |       labels:
 70 |         app: local-path-provisioner
 71 |     spec:
 72 |       serviceAccountName: local-path-provisioner-service-account
 73 |       containers:
 74 |       - name: local-path-provisioner
 75 |         image: rancher/local-path-provisioner:v0.0.12
 76 |         imagePullPolicy: IfNotPresent
 77 |         command:
 78 |         - local-path-provisioner
 79 |         - --debug
 80 |         - start
 81 |         - --config
 82 |         - /etc/config/config.json
 83 |         volumeMounts:
 84 |         - name: config-volume
 85 |           mountPath: /etc/config/
 86 |         env:
 87 |         - name: POD_NAMESPACE
 88 |           valueFrom:
 89 |             fieldRef:
 90 |               fieldPath: metadata.namespace
 91 |       volumes:
 92 |         - name: config-volume
 93 |           configMap:
 94 |             name: local-path-config
 95 | ---
 96 | apiVersion: storage.k8s.io/v1
 97 | kind: StorageClass
 98 | metadata:
 99 |   name: local-path
100 |   annotations:
101 |     storageclass.kubernetes.io/is-default-class: "true"
102 | provisioner: rancher.io/local-path
103 | volumeBindingMode: WaitForFirstConsumer
104 | reclaimPolicy: Delete
105 | ---
106 | kind: ConfigMap
107 | apiVersion: v1
108 | metadata:
109 |   name: local-path-config
110 |   namespace: local-path-storage
111 | data:
112 |   config.json: |-
113 |         {
114 |                 "nodePathMap":[
115 |                 {
116 |                         "node":"DEFAULT_PATH_FOR_NON_LISTED_NODES",
117 |                         "paths":["/mnt/pv-data"]
118 |                 }
119 |                 ]
120 |         }
121 | EOF
122 | 


--------------------------------------------------------------------------------
/get_setup_params.sh:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env bash
 2 | 
 3 | SCRIPT_DIR=$(
 4 |   cd $(dirname $0)
 5 |   pwd
 6 | )
 7 | 
 8 | WORK_DIR="${SCRIPT_DIR}/work"
 9 | mkdir -p "${WORK_DIR}"
10 | 
11 | if [ -z ${MAS_INSTANCE_ID} ]; then
12 |     MAS_INSTANCE_ID=crc
13 | fi
14 | 
15 | if [ -z ${MONGODB_NAMESPACE} ]; then
16 |     MONGODB_NAMESPACE=mongodb
17 | fi
18 | 
19 | if [ -z ${UDS_NAMESPACE} ]; then
20 |     UDS_NAMESPACE=ibm-common-services
21 | fi
22 | 
23 | if [ -z ${SLS_NAMESPACE} ]; then
24 |     SLS_NAMESPACE=ibm-sls
25 | fi
26 | 
27 | status=$(oc whoami 2>&1)
28 | if [[ $? -gt 0 ]]; then
29 |   echo "Login to OpenShift to continue."
30 |   exit 1
31 | fi
32 | 
33 | echo "MongoDB Setup Parameters"
34 | echo "===========Hosts=============="
35 | oc get MongoDBCommunity -n ${MONGODB_NAMESPACE} -o 'jsonpath={..status.mongoUri}' | sed -e 's|mongodb\://||g' -e 's/,/\n/g'
36 | 
37 | echo ""
38 | echo "===========MongoDB login account credentials=============="
39 | echo "Username: admin"
40 | MONGO_PASSWORD=$(oc get secret mas-mongo-ce-admin-password -n ${MONGODB_NAMESPACE} --output="jsonpath={.data.password}" | base64 -d)
41 | echo "Password: ${MONGO_PASSWORD}"
42 | 
43 | echo "===========Certificates=============="
44 | oc get configmap mas-mongo-ce-cert-map -n ${MONGODB_NAMESPACE} -o jsonpath='{.data.ca\.crt}'
45 | echo ""
46 | 
47 | echo "UDS Setup Parameters"
48 | echo "===========Endpoint URL=============="
49 | echo https://$(oc get routes uds-endpoint -n "${UDS_NAMESPACE}" |awk 'NR==2 {print $2}')
50 | 
51 | echo "===========API KEY=============="
52 | oc get secret uds-api-key -n "${UDS_NAMESPACE}" --output="jsonpath={.data.apikey}" | base64 -d
53 | echo ""
54 | 
55 | echo "===========Certificates=============="
56 | oc get secret router-certs-default -n "openshift-ingress" -o "jsonpath={.data.tls\.crt}" | base64 -d
57 | 
58 | oc get secret -n ${SLS_NAMESPACE} sls-cert-client -o jsonpath='{.data.tls\.key}' | base64 -d -w 0 > ${WORK_DIR}/tls.key
59 | oc get secret -n ${SLS_NAMESPACE} sls-cert-client -o jsonpath='{.data.tls\.crt}' | base64 -d -w 0 > ${WORK_DIR}/tls.crt
60 | oc get secret -n ${SLS_NAMESPACE} sls-cert-client -o jsonpath='{.data.ca\.crt}' | base64 -d -w 0 > ${WORK_DIR}/ca.crt
61 | 
62 | echo "SLS Setup Parameters"
63 | echo ""
64 | echo "===========SLS Endpoint URL=============="
65 | oc get configmap -n ${SLS_NAMESPACE} sls-suite-registration -o jsonpath='{.data.url}'
66 | echo ""
67 | echo "===========Registration Key=============="
68 | oc get configmap -n ${SLS_NAMESPACE} sls-suite-registration -o jsonpath='{.data.registrationKey}'
69 | echo ""
70 | echo "===========Certificates=============="
71 | oc get configmap -n ${SLS_NAMESPACE} sls-suite-registration -o jsonpath='{.data.ca}'
72 | echo ""
73 | 
74 | echo "===========Registration Info=============="
75 | function getSlsInfo() {
76 |     curl -ks --cert ${WORK_DIR}/tls.crt --key ${WORK_DIR}/tls.key --cacert ${WORK_DIR}/tls.crt  $(oc get configmap -n ${SLS_NAMESPACE} sls-suite-registration -o jsonpath='{.data.url}')/api/entitlement/config | jq ${path}
77 | }
78 | path=".rlks.configuration"
79 | echo "Configuration: $(getSlsInfo)"
80 | path=".rlks.hosts[0].id"
81 | echo "Registration ID: $(getSlsInfo)"
82 | path=".rlks.hosts[0].hostname"
83 | echo "Hostname: $(getSlsInfo)"
84 | path=".rlks.hosts[0].port"
85 | echo "port: $(getSlsInfo)"
86 | 
87 | rm -r ${WORK_DIR}
88 | 
89 | echo ""
90 | echo "MAS Setup Parameters"
91 | echo "===========Initial Setup URL=============="
92 | echo https://$(oc get route -n mas-${MAS_INSTANCE_ID}-core ${MAS_INSTANCE_ID}-admin -o jsonpath='{.spec.host}')/initialsetup
93 | echo "===========Superuser Username=============="
94 | oc get secret ${MAS_INSTANCE_ID}-credentials-superuser -n mas-${MAS_INSTANCE_ID}-core -o jsonpath='{.data.username}' | base64 --decode && echo ""
95 | echo "===========Superuser Password=============="
96 | oc get secret ${MAS_INSTANCE_ID}-credentials-superuser -n mas-${MAS_INSTANCE_ID}-core -o jsonpath='{.data.password}' | base64 --decode && echo ""
97 | 
98 | 


--------------------------------------------------------------------------------
/mas_setup.sh:
--------------------------------------------------------------------------------
  1 | #!/usr/bin/env bash
  2 | 
  3 | ## This Script installs MAS core.
  4 | SCRIPT_DIR=$(
  5 |   cd $(dirname $0)
  6 |   pwd
  7 | )
  8 | 
  9 | source "${SCRIPT_DIR}/util.sh"
 10 | 
 11 | if [ -z "${ENTITLEMENT_KEY}" ]; then
 12 |   echo "Missing entitlement key in environemnt variable ENTITLEMENT_KEY." 1>&2
 13 |   exit 1
 14 | fi
 15 | 
 16 | if [ -z "${MAS_INSTANCE_ID}" ]; then
 17 |   MAS_INSTANCE_ID="crc"
 18 | fi
 19 | 
 20 | if [ -z "${MAS_DOMAIN_NAME}" ]; then
 21 |   MAS_DOMAIN_NAME="mas.apps-crc.testing"
 22 | fi
 23 | 
 24 | if [ -z "${MAS_CHANNEL}" ]; then
 25 |   MAS_CHANNEL="8.7.x"
 26 | fi
 27 | 
 28 | #if [ -z "${MAS_UPGRADE_PLAN}" ]; then
 29 | MAS_UPGRADE_PLAN="Automatic"
 30 | #fi
 31 | 
 32 | status=$(oc whoami 2>&1)
 33 | if [[ $? -gt 0 ]]; then
 34 |   echo "Login to OpenShift to continue installation." 1>&2
 35 |   exit 1
 36 | fi
 37 | 
 38 | echo "--- Create the project"
 39 | projectName="mas-${MAS_INSTANCE_ID}-core"
 40 | createProject
 41 | 
 42 | echo "--- Add IBM Entitlement Registry"
 43 | oc -n ${projectName} create secret docker-registry ibm-entitlement \
 44 |   --docker-server=cp.icr.io/cp \
 45 |   --docker-username=cp \
 46 |   --docker-password="${ENTITLEMENT_KEY}"
 47 | 
 48 | echo "--- Install IBM Operator Catalog"
 49 | cat <<EOF | oc apply -f -
 50 | ---
 51 | apiVersion: operators.coreos.com/v1alpha1
 52 | kind: CatalogSource
 53 | metadata:
 54 |   name: ibm-operator-catalog
 55 |   namespace: openshift-marketplace
 56 | spec:
 57 |   displayName: "IBM Operator Catalog"
 58 |   publisher: IBM
 59 |   sourceType: grpc
 60 |   image: docker.io/ibmcom/ibm-operator-catalog
 61 |   updateStrategy:
 62 |     registryPoll:
 63 |       interval: 45m
 64 | EOF
 65 | 
 66 | echo "--- Install IBM Operator Group"
 67 | cat <<EOF | oc apply -f -
 68 | ---
 69 | apiVersion: operators.coreos.com/v1
 70 | kind: OperatorGroup
 71 | metadata:
 72 |   name: ibm-mas-operator-group
 73 |   namespace: "${projectName}"
 74 | spec:
 75 |   targetNamespaces:
 76 |     - "${projectName}"
 77 | EOF
 78 | 
 79 | echo "--- Install MAS subscription"
 80 | cat <<EOF | oc apply -f -
 81 | ---
 82 | apiVersion: operators.coreos.com/v1alpha1
 83 | kind: Subscription
 84 | metadata:
 85 |   name: ibm-mas-operator
 86 |   namespace: "${projectName}"
 87 | spec:
 88 |   channel: "${MAS_CHANNEL}"
 89 |   installPlanApproval: "${MAS_UPGRADE_PLAN}"
 90 |   name: ibm-mas
 91 |   source: ibm-operator-catalog
 92 |   sourceNamespace: openshift-marketplace
 93 | EOF
 94 | 
 95 | echo "--- Wait MAS Operator installation"
 96 | operatorName=ibm-mas-operator
 97 | cmd="oc get subscription -n ${projectName} ${operatorName} --ignore-not-found=true -o jsonpath={.status.currentCSV}"
 98 | waitUntilAvailable "${cmd}"
 99 | csv=$(${cmd})
100 | 
101 | cmd="oc get csv -n ${projectName} ${csv}  --ignore-not-found=true -o jsonpath={.status.phase}"
102 | state="Succeeded"
103 | waitUntil "${cmd}" "${state}"
104 | 
105 | echo "--- Wait IBM Common Service installation"
106 | operatorSelector="operators.coreos.com/ibm-common-service-operator.${projectName}"
107 | cmd="oc get subscription -n ${projectName} -l ${operatorSelector} --ignore-not-found=true -o jsonpath={.items[0].status.currentCSV}"
108 | waitUntilAvailable "${cmd}"
109 | csv=$(${cmd})
110 | 
111 | cmd="oc get csv -n ${projectName} ${csv} --ignore-not-found=true -o jsonpath={.status.phase}"
112 | state="Succeeded"
113 | waitUntil "${cmd}" "${state}"
114 | 
115 | echo "--- Install Suite Config"
116 | cat <<EOF | oc apply -f -
117 | ---
118 | apiVersion: core.mas.ibm.com/v1
119 | kind: Suite
120 | metadata:
121 |   name: "${MAS_INSTANCE_ID}"
122 |   namespace: "${projectName}"
123 |   labels:
124 |     mas.ibm.com/instanceId: "${MAS_INSTANCE_ID}"
125 | spec:
126 |   certManagerNamespace: ibm-common-services
127 |   domain: "${MAS_DOMAIN_NAME}"
128 |   license:
129 |     accept: true
130 |   settings:
131 |     icr:
132 |       cp: cp.icr.io/cp
133 |       cpopen: icr.io/cpopen
134 | EOF
135 | 
136 | echo "--- Wait Suite config completion"
137 | cmd="oc get deployment/${MAS_INSTANCE_ID}-admin-dashboard --ignore-not-found=true -o jsonpath={.status.readyReplicas} -n ${projectName}"
138 | state="1"
139 | waitUntil "${cmd}" "${state}"
140 | 
141 | cmd="oc get deployment/${MAS_INSTANCE_ID}-coreapi --ignore-not-found=true -o jsonpath={.status.readyReplicas} -n ${projectName}"
142 | state="3"
143 | waitUntil "${cmd}" "${state}"
144 | 
145 | echo "Done"
146 | 


--------------------------------------------------------------------------------
/sls_setup.sh:
--------------------------------------------------------------------------------
  1 | #!/usr/bin/env bash
  2 | 
  3 | ## This Script installs sls operator for MAS.
  4 | SCRIPT_DIR=$(
  5 |     cd $(dirname $0)
  6 |     pwd
  7 | )
  8 | 
  9 | source "${SCRIPT_DIR}/util.sh"
 10 | 
 11 | if [ -z "${ENTITLEMENT_KEY}" ]; then
 12 |     echo "Missing entitlement key in environemnt variable ENTITLEMENT_KEY." 1>&2
 13 |     exit 1
 14 | fi
 15 | 
 16 | if [ -z "$MONGODB_NAMESPACE" ]; then
 17 |     MONGODB_NAMESPACE="mongodb"
 18 | fi
 19 | 
 20 | if [ -z "${MONGODB_REPLICAS}" ]; then
 21 |     MONGODB_REPLICAS="3"
 22 | fi
 23 | 
 24 | if [ -z "${SLS_STORAGE_CLASS}" ]; then
 25 |     SLS_STORAGE_CLASS=local-path
 26 | fi
 27 | 
 28 | if [ -z "${SLS_DOMAIN_NAME}" ]; then
 29 |     SLS_DOMAIN_NAME=apps-crc.testing
 30 | fi
 31 | 
 32 | status=$(oc whoami 2>&1)
 33 | if [[ $? -gt 0 ]]; then
 34 |     echo "Login to OpenShift to continue SLS Operator installation." 1>&2
 35 |     exit 1
 36 | fi
 37 | 
 38 | echo "--- Install IBM Operator Catalog"
 39 | oc project default
 40 | oc apply -f "${SCRIPT_DIR}/suite-license-services/ibm-catalog.yaml"
 41 | 
 42 | echo "--- Create namespace for IBM SLS"
 43 | projectName="ibm-sls"
 44 | createProject
 45 | 
 46 | echo "--- Install IBM Suite License Service"
 47 | oc apply -n "${projectName}" -f "${SCRIPT_DIR}/suite-license-services/sls-operator-subscription.yaml"
 48 | 
 49 | echo "--- Verify IBM Suite License Service installation"
 50 | operatorName="ibm-sls"
 51 | cmd="oc get subscription -n ${projectName} ${operatorName} -o jsonpath={.status.currentCSV}"
 52 | waitUntilAvailable "${cmd}"
 53 | csv=$(${cmd})
 54 | 
 55 | cmd="oc get csv -n ${projectName} ${csv} -o jsonpath={.status.phase}"
 56 | state="Succeeded"
 57 | waitUntil "${cmd}" "${state}"
 58 | 
 59 | echo "--- Add IBM Entitlement Registry"
 60 | oc -n ${projectName} create secret docker-registry ibm-entitlement \
 61 | --docker-server=cp.icr.io/cp \
 62 | --docker-username=cp \
 63 | --docker-password="${ENTITLEMENT_KEY}"
 64 | 
 65 | echo "--- Create Mongo DB credentials"
 66 | MONGO_PASSWORD=$(oc get secret mas-mongo-ce-admin-password -n ${MONGODB_NAMESPACE} --output="jsonpath={.data.password}" | base64 -d)
 67 | cat <<EOF | oc apply -f -
 68 | apiVersion: v1
 69 | kind: Secret
 70 | type: Opaque
 71 | metadata:
 72 |   name: sls-mongo-credentials
 73 |   namespace: ${projectName}
 74 | stringData:
 75 |   username: "admin"
 76 |   password: "${MONGO_PASSWORD}"
 77 | EOF
 78 | 
 79 | echo "--- Create License Service instance."
 80 | MONGO_NODES=""
 81 | for i in $(seq 0 $((${MONGODB_REPLICAS} - 1))); do
 82 |     MONGO_NODES="${MONGO_NODES}\n      - host: mas-mongo-ce-${i}.mas-mongo-ce-svc.${MONGODB_NAMESPACE}.svc.cluster.local\n        port: 27017\n"
 83 | done
 84 | MONGO_NODES=$(echo -ne "${MONGO_NODES}")
 85 | MONGO_CERT=$(oc get configmap mas-mongo-ce-cert-map -n ${MONGODB_NAMESPACE} -o jsonpath='{.data.ca\.crt}' | sed -E ':a;N;$!ba;s/\r{0,1}\n/\\n/g')
 86 | cat <<EOF | oc apply -f -
 87 | apiVersion: sls.ibm.com/v1
 88 | kind: LicenseService
 89 | metadata:
 90 |   name: sls
 91 |   namespace: ${projectName}
 92 |   labels:
 93 |     app.kubernetes.io/instance: ibm-sls
 94 |     app.kubernetes.io/managed-by: olm
 95 |     app.kubernetes.io/name: ibm-sls
 96 | spec:
 97 |   license:
 98 |     accept: true
 99 |   domain: ${SLS_DOMAIN_NAME}
100 |   mongo:
101 |     authMechanism: DEFAULT
102 |     configDb: admin
103 |     nodes:
104 | ${MONGO_NODES}
105 |     retryWrites: true
106 |     secretName: sls-mongo-credentials
107 |     certificates:
108 |       - alias: mongodb
109 |         crt: "${MONGO_CERT}"
110 |   rlks:
111 |     storage:
112 |       class: ${SLS_STORAGE_CLASS}
113 |       size: 5G
114 |   settings:
115 |     auth:
116 |       enforce: true
117 |     compliance:
118 |       enforce: true
119 |     reconciliation:
120 |       enabled: true
121 |       reconciliationPeriod: 1800
122 |     registration:
123 |       open: true
124 |     reporting:
125 |       maxDailyReports: 90
126 |       maxHourlyReports: 24
127 |       maxMonthlyReports: 12
128 |       reportGenerationPeriod: 3600
129 |       samplingPeriod: 900
130 | EOF
131 | 
132 | if [ -v SLS_INSTANCE_ID ]; then
133 |     echo "--- Add bootstrap secret."
134 | cat <<EOF | oc apply -f -
135 | apiVersion: v1
136 | kind: Secret
137 | metadata:
138 |   namespace: ${projectName}
139 |   name: sls-bootstrap
140 | stringData:
141 |   licensingId: ${SLS_INSTANCE_ID}
142 |   registrationKey: ${SLS_REGISTRATION_KEY}
143 | EOF
144 | fi
145 | 
146 | echo "--- Wait License Service instance ready."
147 | cmd="oc get -n ${projectName} licenseservice -o=jsonpath={.items[0].status.conditions[?(@.type=='Ready')].status}"
148 | state="True"
149 | waitUntil "${cmd}" "${state}"
150 | 
151 | echo "Done"


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
  1 | # Setup scripts for Maximo Application Suite on Redhat CodeReady Containers
  2 | 
  3 | ```mas-standalone-install``` is installation scripts for Maximo Application Suite (MAS) 8.7 on Red Hat CodeReady Containers (CRC). This scripts enable to install all prereqs, MongoDB, UDS, SLS, cert-manager, service binding operator, and MAS core on CRC env. An entitlement key for IBM Container Registry is a only required parameter for MAS core installation. No need the other parametersand they are configured by default for CRC. If you want to setup prereqs on a small OpenShift environment without exaggerated configurations, you can use this scripts with custom variables for your environment. Please consider [Ansible scripts](https://ibm-mas.github.io/ansible-devops) or any other tools for large projects.
  4 | 
  5 | Detailed for the scripts here: https://www.linkedin.com/pulse/running-maximo-manage-stand-alone-openshift-server-red-nishimura/
  6 | 
  7 | Disclaimer: I (and also IBM) do NOT support running the MAS on CRC with this guide. You need to have skills to debug K8s/OpenShift to try out the installation.
  8 | 
  9 | ## Usage
 10 | 
 11 | Install CRC, prereqs, and MAS Core.
 12 | 
 13 | ```shell
 14 | $ sudo yum update && yum install jq git
 15 | $ crc setup
 16 | $ crc config set cpus 12
 17 | $ crc config set memory 32000
 18 | $ crc config set disk-size 300
 19 | $ crc config set disable-update-check true
 20 | $ crc start
 21 | $ eval $(crc oc-env)
 22 | $ oc login -u kubeadmin -p ************ https://api.crc.testing:6443
 23 | $ git clone https://github.com/nishi2go/mas-standalone-install
 24 | $ cd mas-standalone-install
 25 | $ export ENTITLEMENT_KEY=<Your Entitlement Key> # Get from https://myibm.ibm.com/products-services/containerlibrary
 26 | $ ./setup.sh
 27 | ```
 28 | 
 29 | The additional script, ```mas-ws_setup.sh```, enables to complete MAS workspace configuration except license file uploading to start deployment for MAS apps like Maximo Manage. To put your license file path to ```SLS_LICENSE_FILE```, all of the steps of Suite setup are completed without any manual interventions.
 30 | 
 31 | ```shell
 32 | $ export UDS_EMAIL=<Your e-mail>
 33 | $ export UDS_LASTNAME=<Your last name>
 34 | $ export UDS_FIRSTNAME=<Your first name>
 35 | $ # export SLS_LICENSE_FILE=<Your license path>
 36 | $ ./mas-ws_setup.sh
 37 | ```
 38 | 
 39 | The required information to complete Suite setup can be obtained from the following command.
 40 | 
 41 | ```shell
 42 | $ ./get_setup_params.sh
 43 | ```
 44 | 
 45 | For a small OCP enviroment, use ```-p``` option with required environment variables.
 46 | 
 47 | ```shell
 48 | $ export ENTITLEMENT_KEY=<Your Entitlement Key> # Get from https://myibm.ibm.com/products-services/containerlibrary
 49 | $ ./setup.sh -p
 50 | ```
 51 | 
 52 | 
 53 | ## Environment varialbe list
 54 | 
 55 | ```
 56 | ENTITLEMENT_KEY
 57 | ```
 58 | 
 59 | A key for accessing IBM Container Registry. It can be obtained from here: https://myibm.ibm.com/products-services/containerlibrary
 60 | 
 61 | ```
 62 | MAS_INSTANCE_ID (default: crc)
 63 | ```
 64 | 
 65 | An instance ID for the deployment. https://www.ibm.com/docs/en/mas87/8.7.0?topic=installation-instance-requirements#instance_name
 66 | 
 67 | ```
 68 | MAS_DOMAIN_NAME (default: mas.apps-crc.testing)
 69 | ```
 70 | 
 71 | A base domain name for the deployment. https://www.ibm.com/docs/en/mas87/8.7.0?topic=installation-instance-requirements#dns
 72 | 
 73 | ```
 74 | MAS_CHANNEL (default: 8.7.x)
 75 | ```
 76 | 
 77 | A channel for the MAS subscription. This specifies which version to be used in the instance.
 78 | 
 79 | ```
 80 | MAS_WORKSPACE_ID (default: dev)
 81 | ```
 82 | 
 83 | A workspace ID for the instance. https://www.ibm.com/docs/en/mas87/8.7.0?topic=installation-instance-requirements#workspace
 84 | 
 85 | ```
 86 | MAS_WORKSPACE_NAME (default: Maximo dev)
 87 | ```
 88 | 
 89 | A description for the workspace ID. https://www.ibm.com/docs/en/mas87/8.7.0?topic=installation-instance-requirements#workspace
 90 | 
 91 |     
 92 | ```
 93 | SLS_NAMESPACE (default: ibm-sls)
 94 | ```
 95 | 
 96 | A namespace for Suite License Service.
 97 | 
 98 | ```
 99 | SLS_STORAGE_CLASS (default: local-path)
100 | ```
101 | 
102 | A storage class (RWO) for persistent storage in the SLS operator. Use appropriate storage class provided by cloud provider or on-premise solutions in OCP env.
103 | 
104 | ```
105 | SLS_DOMAIN_NAME (default: apps-crc.testing)
106 | ```
107 | 
108 | A base domain name for SLS.
109 | 
110 | ```
111 | SLS_LICENSE_FILE
112 | ```
113 | 
114 | A license file path for uploading MAS AppPoints token license to SLS.
115 | 
116 | ```
117 | UDS_EMAIL
118 | ```
119 | A contact email address to use for User Data Service communication. 
120 | 
121 | ```
122 | UDS_LASTNAME
123 | ```
124 | The given name of the owner of the provided contact email address.
125 | 
126 | ```
127 | UDS_FIRSTNAME
128 | ```
129 | 
130 | The surname of the owner of the provided contact email address.
131 | 
132 | ```
133 | UDS_STORAGE_CLASS (default: local-path)
134 | ```
135 | 
136 | A storage class (RWO) for persistent storage in the UDS operator. Use appropriate storage class provided by cloud provider or on-premise solutions in OCP env.
137 | 
138 | ```
139 | MONGODB_NAMESPACE (defualt: mongodb)
140 | ```
141 | 
142 | A namespace for the MongoDB operator.
143 | 
144 | ```
145 | MONGODB_REPLICAS (default: 3)
146 | ```
147 | 
148 | A number of instances for MongoDB service.
149 | 
150 | ```
151 | MONGODB_CPU_REQUEST (default: 100m)
152 | ```
153 | 
154 | A request parameter for CPU in the MongoDB instance. See https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#requests-and-limits
155 | 
156 | ```
157 | MONGODB_MEM_REQUEST (default: 256Mi)
158 | ```
159 | A request parameter for memory in the MongoDB instance. See https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#requests-and-limits
160 | 
161 | ```
162 | MONGODB_CPU_LIMIT (default: 1)
163 | ```
164 | 
165 | A limit parameter for CPU in the MongoDB instance. See https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#requests-and-limits
166 | 
167 | ```
168 | MONGODB_MEM_LIMIT (default: 1Gi)
169 | ```
170 | 
171 | A limit parameter for memory in the MongoDB instance. See https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#requests-and-limits
172 | 
173 | ```
174 | MONGODB_STORAGE_SIZE (default: 20Gi)
175 | ```
176 | 
177 | The storage claim size of the provided storage class for the MongoDB instances.
178 | 
179 | ```
180 | MONGODB_STORAGE_LOG_SIZE (default: 2Gi)
181 | ```
182 | 
183 | The storage claim size of the provided storage class for the MongoDB logs.
184 | 
185 | ```
186 | MONGODB_STORAGE_CLASS (default: local-path)
187 | ```
188 | 
189 | Storage class (RWO) for persistent storage in the UDS operator. Use appropriate storage class provided by cloud provider or on-premise solutions in OCP env.
190 | 
191 | ```
192 | MONGODB_PASSWORD (default: auto-generated)
193 | ```
194 | 
195 | A MongoDB password to access the MongoDB servcies. This parameter is automatically generated when it specified in the environment variable.
196 | 


--------------------------------------------------------------------------------
/mas-ws_setup.sh:
--------------------------------------------------------------------------------
  1 | #!/usr/bin/env bash
  2 | 
  3 | ## This Script installs MAS workspace.
  4 | SCRIPT_DIR=$(
  5 |   cd $(dirname $0)
  6 |   pwd
  7 | )
  8 | 
  9 | source "${SCRIPT_DIR}/util.sh"
 10 | 
 11 | if [ -z "${UDS_EMAIL}" ]; then
 12 |   echo "Missing email address in environemnt variable UDS_EMAIL." 1>&2
 13 |   exit 1
 14 | fi
 15 | 
 16 | if [ -z "${UDS_LASTNAME}" ]; then
 17 |   echo "Missing last name in environemnt variable UDS_LASTNAME." 1>&2
 18 |   exit 1
 19 | fi
 20 | 
 21 | if [ -z "${UDS_FIRSTNAME}" ]; then
 22 |   echo "Missing first name in environemnt variable UDS_FIRSTNAME." 1>&2
 23 |   exit 1
 24 | fi
 25 | 
 26 | if [ -z "$UDS_NAMESPACE" ]; then
 27 |   UDS_NAMESPACE="ibm-common-services"
 28 | fi
 29 | 
 30 | if [ -z "$SLS_NAMESPACE" ]; then
 31 |   SLS_NAMESPACE="ibm-sls"
 32 | fi
 33 | 
 34 | if [ -z "${MAS_INSTANCE_ID}" ]; then
 35 |   MAS_INSTANCE_ID="crc"
 36 | fi
 37 | 
 38 | if [ -z "${MAS_WORKSPACE_ID}" ]; then
 39 |   MAS_WORKSPACE_ID="dev"
 40 | fi
 41 | 
 42 | if [ -z "${MAS_WORKSPACE_NAME}" ]; then
 43 |   MAS_WORKSPACE_NAME="Maximo dev"
 44 | fi
 45 | 
 46 | if [ -z "${MAS_DOMAIN_NAME}" ]; then
 47 |   MAS_DOMAIN_NAME="mas.apps-crc.testing"
 48 | fi
 49 | 
 50 | if [ -z "$MONGODB_NAMESPACE" ]; then
 51 |   MONGODB_NAMESPACE="mongodb"
 52 | fi
 53 | 
 54 | if [ -z "${MONGODB_REPLICAS}" ]; then
 55 |   MONGODB_REPLICAS=3
 56 | fi
 57 | 
 58 | status=$(oc whoami 2>&1)
 59 | if [[ $? -gt 0 ]]; then
 60 |   echo "Login to OpenShift to continue installation." 1>&2
 61 |   exit 1
 62 | fi
 63 | 
 64 | echo "--- Set up the project"
 65 | projectName="mas-${MAS_INSTANCE_ID}-core"
 66 | createProject
 67 | 
 68 | echo "--- Install MongoDB Config for MAS"
 69 | MONGO_PASSWORD=$(oc get secret mas-mongo-ce-admin-password -n ${MONGODB_NAMESPACE} --output="jsonpath={.data.password}" | base64 -d)
 70 | MONGO_CERT=$(oc get configmap mas-mongo-ce-cert-map -n ${MONGODB_NAMESPACE} -o jsonpath='{.data.ca\.crt}' | sed -E ':a;N;$!ba;s/\r{0,1}\n/\\n/g')
 71 | MONGO_NODES=""
 72 | for i in $(seq 0 $((${MONGODB_REPLICAS} - 1))); do
 73 |   MONGO_NODES="${MONGO_NODES}\n      - host: mas-mongo-ce-${i}.mas-mongo-ce-svc.${MONGODB_NAMESPACE}.svc.cluster.local\n        port: 27017\n"
 74 | done
 75 | MONGO_NODES=$(echo -ne "${MONGO_NODES}")
 76 | 
 77 | cat <<EOF | oc apply -f -
 78 | ---
 79 | apiVersion: v1
 80 | kind: Secret
 81 | type: Opaque
 82 | metadata:
 83 |   name: "${MAS_INSTANCE_ID}-mongodb-admin"
 84 |   namespace: ${projectName}
 85 | stringData:
 86 |   username: admin
 87 |   password: "${MONGO_PASSWORD}"
 88 | ---
 89 | apiVersion: config.mas.ibm.com/v1
 90 | kind: MongoCfg
 91 | metadata:
 92 |   name: "${MAS_INSTANCE_ID}-mongo-system"
 93 |   namespace: "${projectName}"
 94 |   labels:
 95 |     app.kubernetes.io/instance: ibm-mas
 96 |     app.kubernetes.io/managed-by: olm
 97 |     app.kubernetes.io/name: ibm-mas
 98 |     mas.ibm.com/configScope: system
 99 |     mas.ibm.com/instanceId: "${MAS_INSTANCE_ID}"
100 | spec:
101 |   displayName: "MongoDB in ${MONGODB_NAMESPACE}"
102 |   type: external
103 |   config:
104 |     hosts:
105 | ${MONGO_NODES}
106 |     configDb: admin
107 |     authMechanism: DEFAULT
108 |     credentials:
109 |       secretName: "${MAS_INSTANCE_ID}-mongodb-admin"
110 |   certificates:
111 |     - alias: mongodbca
112 |       crt: "${MONGO_CERT}"
113 | EOF
114 | 
115 | echo "--- Install UDS Config for MAS"
116 | UDS_URL=$(echo -n https://$(oc get routes uds-endpoint -n "${UDS_NAMESPACE}" | awk 'NR==2 {print $2}'))
117 | UDS_APIKEY=$(oc get secret uds-api-key -n "${UDS_NAMESPACE}" --output="jsonpath={.data.apikey}" | base64 -d)
118 | UDS_CERT1=$(oc get secret router-certs-default -n "openshift-ingress" -o "jsonpath={.data.tls\.crt}" | base64 -d | sed -E ':a;N;$!ba;s/\r{0,1}\n/\\n/g')
119 | 
120 | cat <<EOF | oc apply -f -
121 | ---
122 | apiVersion: v1
123 | kind: Secret
124 | type: opaque
125 | metadata:
126 |   name: uds-apikey
127 |   namespace: "${projectName}"
128 | stringData:
129 |   api_key: "${UDS_APIKEY}"
130 | EOF
131 | 
132 | cat <<EOF | oc apply -f -
133 | ---
134 | apiVersion: config.mas.ibm.com/v1
135 | kind: BasCfg
136 | metadata:
137 |   labels:
138 |     app.kubernetes.io/instance: ibm-mas
139 |     app.kubernetes.io/managed-by: olm
140 |     app.kubernetes.io/name: ibm-mas
141 |     mas.ibm.com/configScope: system
142 |     mas.ibm.com/instanceId: "${MAS_INSTANCE_ID}"
143 |   name: ${MAS_INSTANCE_ID}-bas-system
144 |   namespace: "${projectName}"
145 | spec:
146 |   certificates:
147 |     - alias: uds-crt1
148 |       crt: "${UDS_CERT1}"
149 |   config:
150 |     contact:
151 |       email: "${UDS_EMAIL}"
152 |       firstName: ${UDS_FIRSTNAME}
153 |       lastName: ${UDS_LASTNAME}
154 |     credentials:
155 |       secretName: uds-apikey
156 |     url: ${UDS_URL}
157 |   displayName: System BAS Configuration
158 | EOF
159 | 
160 | echo "--- Install SLS Config for MAS"
161 | SLS_URL=$(oc get configmap -n "${SLS_NAMESPACE}" sls-suite-registration -o jsonpath='{.data.url}')
162 | SLS_KEY=$(oc get configmap -n "${SLS_NAMESPACE}" sls-suite-registration -o jsonpath='{.data.registrationKey}')
163 | SLS_CERT=$(oc get configmap -n "${SLS_NAMESPACE}" sls-suite-registration -o jsonpath='{.data.ca}' | sed -E ':a;N;$!ba;s/\r{0,1}\n/\\n/g')
164 | 
165 | cat <<EOF | oc apply -f -
166 | ---
167 | apiVersion: v1
168 | kind: Secret
169 | type: opaque
170 | metadata:
171 |   name: sls-registration-key
172 |   namespace: "${projectName}"
173 | stringData:
174 |   registrationKey: "${SLS_KEY}"
175 | ---
176 | kind: SlsCfg
177 | apiVersion: config.mas.ibm.com/v1
178 | metadata:
179 |   labels:
180 |     app.kubernetes.io/instance: ibm-mas
181 |     app.kubernetes.io/managed-by: olm
182 |     app.kubernetes.io/name: ibm-mas
183 |     mas.ibm.com/configScope: system
184 |     mas.ibm.com/instanceId: "${MAS_INSTANCE_ID}"
185 |   name: ${MAS_INSTANCE_ID}-sls-system
186 |   namespace: "${projectName}"
187 | spec:
188 |   certificates:
189 |     - alias: slsca
190 |       crt: "${SLS_CERT}"
191 |   config:
192 |     credentials:
193 |       secretName: sls-registration-key
194 |     url: ${SLS_URL}
195 |   displayName: System SLS Configuration
196 | EOF
197 | 
198 | echo "--- Install MAS Workspace Config"
199 | cat <<EOF | oc apply -f -
200 | ---
201 | apiVersion: core.mas.ibm.com/v1
202 | kind: Workspace
203 | metadata:
204 |   name: "${MAS_INSTANCE_ID}-${MAS_WORKSPACE_ID}"
205 |   namespace: "${projectName}"
206 |   labels:
207 |     mas.ibm.com/instanceId: "${MAS_INSTANCE_ID}"
208 |     mas.ibm.com/workspaceId: "${MAS_WORKSPACE_ID}"
209 | spec:
210 |   displayName: "${MAS_WORKSPACE_NAME}"
211 | EOF
212 | 
213 | echo "--- Wait MongoDB config completion"
214 | cmd="oc get suite.core.mas.ibm.com ${MAS_INSTANCE_ID} -n ${projectName} -o jsonpath={.status.conditions[?(@.type==\"SystemDatabaseReady\")].status}"
215 | state="True"
216 | waitUntil "${cmd}" "${state}"
217 | 
218 | echo "--- Wait SLS config completion"
219 | if [ -v SLS_LICENSE_FILE ]; then
220 |   echo "--- Upload SLS lisence file"
221 |   WORK_DIR="${SCRIPT_DIR}/work"
222 |   mkdir -p "${WORK_DIR}"
223 |   oc get secret -n ${SLS_NAMESPACE} sls-cert-client -o jsonpath='{.data.tls\.key}' | base64 -d -w 0 >${WORK_DIR}/tls.key
224 |   oc get secret -n ${SLS_NAMESPACE} sls-cert-client -o jsonpath='{.data.tls\.crt}' | base64 -d -w 0 >${WORK_DIR}/tls.crt
225 |   oc get secret -n ${SLS_NAMESPACE} sls-cert-client -o jsonpath='{.data.ca\.crt}' | base64 -d -w 0 >${WORK_DIR}/ca.crt
226 |   curl -ks --cert ${WORK_DIR}/tls.crt --key ${WORK_DIR}/tls.key --cacert ${WORK_DIR}/ca.crt -X PUT -F "file=@${SLS_LICENSE_FILE}" $(oc get configmap -n ${SLS_NAMESPACE} sls-suite-registration -o jsonpath='{.data.url}')/api/entitlement/file
227 |   curl -ks --cert ${WORK_DIR}/tls.crt --key ${WORK_DIR}/tls.key --cacert ${WORK_DIR}/ca.crt $(oc get configmap -n ${SLS_NAMESPACE} sls-suite-registration -o jsonpath='{.data.url}')/api/tokens | jq '.[0]'
228 |   rm -r ${WORK_DIR}
229 |   echo ""
230 | 
231 |   cmd="oc get suite.core.mas.ibm.com ${MAS_INSTANCE_ID} -n ${projectName} -o jsonpath={.status.conditions[?(@.type==\"SLSIntegrationReady\")].status}"
232 |   state="True"
233 |   waitUntil "${cmd}" "${state}"
234 | 
235 |   cmd="oc get suite.core.mas.ibm.com ${MAS_INSTANCE_ID} -n ${projectName} -o jsonpath={.status.conditions[?(@.type==\"Ready\")].status}"
236 |   state="True"
237 |   waitUntil "${cmd}" "${state}"
238 | else
239 |   cmd="oc get suite.core.mas.ibm.com ${MAS_INSTANCE_ID} -n ${projectName} -o jsonpath={.status.conditions[?(@.type==\"SLSIntegrationReady\")].reason}"
240 |   state="MissingLicenseFile"
241 |   waitUntil "${cmd}" "${state}"
242 |   echo "Put your license file to enable MAS workspece."
243 | fi
244 | 
245 | echo "--- Wait UDS config completion"
246 | cmd="oc get suite.core.mas.ibm.com ${MAS_INSTANCE_ID} -n ${projectName} -o jsonpath={.status.conditions[?(@.type==\"BASIntegrationReady\")].status}"
247 | state="True"
248 | waitUntil "${cmd}" "${state}"
249 | 
250 | echo "Done"
251 | 


--------------------------------------------------------------------------------
/mongodb_setup.sh:
--------------------------------------------------------------------------------
  1 | #!/usr/bin/env bash
  2 | 
  3 | ## This Script installs MongoDB Community operator
  4 | ## Based on the blog https://www.mongodb.com/blog/post/run-secure-containerized-mongodb-deployments-using-the-mongo-db-community-kubernetes-oper?hmsr=joyk.com&utm_source=joyk.com&utm_medium=referral
  5 | 
  6 | SCRIPT_DIR=$(
  7 |     cd $(dirname $0)
  8 |     pwd
  9 | )
 10 | 
 11 | source "${SCRIPT_DIR}/util.sh"
 12 | 
 13 | if [ -z "${MONGODB_NAMESPACE}" ]; then
 14 |     MONGODB_NAMESPACE="mongodb"
 15 | fi
 16 | 
 17 | if [ -z "${MONGODB_REPLICAS}" ]; then
 18 |     MONGODB_REPLICAS=3
 19 | fi
 20 | 
 21 | if [ -z "${MONGODB_CPU_REQUEST}" ]; then
 22 |     MONGODB_CPU_REQUEST="100m"
 23 | fi
 24 | 
 25 | if [ -z "${MONGODB_MEM_REQUEST}" ]; then
 26 |     MONGODB_MEM_REQUEST="256Mi"
 27 | fi
 28 | 
 29 | if [ -z "${MONGODB_CPU_LIMIT}" ]; then
 30 |     MONGODB_CPU_LIMIT="1"
 31 | fi
 32 | 
 33 | if [ -z "${MONGODB_MEM_LIMIT}" ]; then
 34 |     MONGODB_MEM_LIMIT="1Gi"
 35 | fi
 36 | 
 37 | if [ -z "${MONGODB_STORAGE_SIZE}" ]; then
 38 |     MONGODB_STORAGE_SIZE="20Gi"
 39 | fi
 40 | 
 41 | if [ -z "${MONGODB_STORAGE_LOG_SIZE}" ]; then
 42 |     MONGODB_STORAGE_LOG_SIZE="2Gi"
 43 | fi
 44 | 
 45 | if [ -z "${MONGODB_STORAGE_CLASS}" ]; then
 46 |     MONGODB_STORAGE_CLASS="local-path"
 47 | fi
 48 | 
 49 | if [ -z "${MONGODB_PASSWORD}" ]; then
 50 |     MONGODB_PASSWORD=$(openssl rand -base64 29 | tr -d "=+/" | cut -c1-25)
 51 | fi
 52 | 
 53 | if [ -z "${MONGODB_ALWAYS_GEN_PASSWORD}" ]; then
 54 |     MONGODB_ALWAYS_GEN_PASSWORD=0
 55 | fi
 56 | 
 57 | if [ -z "${MONGODB_ALWAYS_GEN_CERT}" ]; then
 58 |     MONGODB_ALWAYS_GEN_CERT=0
 59 | fi
 60 | 
 61 | status=$(oc whoami 2>&1)
 62 | if [[ $? -gt 0 ]]; then
 63 |     echo "Login to OpenShift to continue installation." 1>&2
 64 |     exit 1
 65 | fi
 66 | 
 67 | echo "--- Create namespace for MongoDB"
 68 | projectName=${MONGODB_NAMESPACE}
 69 | createProject
 70 | 
 71 | echo "--- Install MongoDB Community CRD"
 72 | oc apply -n ${MONGODB_NAMESPACE} -f https://raw.githubusercontent.com/mongodb/mongodb-kubernetes-operator/master/config/crd/bases/mongodbcommunity.mongodb.com_mongodbcommunity.yaml
 73 | 
 74 | echo "--- Install MongoDB Roles"
 75 | oc apply -n ${MONGODB_NAMESPACE} -f https://raw.githubusercontent.com/mongodb/mongodb-kubernetes-operator/master/config/rbac/role.yaml
 76 | oc apply -n ${MONGODB_NAMESPACE} -f https://raw.githubusercontent.com/mongodb/mongodb-kubernetes-operator/master/config/rbac/role_database.yaml
 77 | 
 78 | echo "--- Install MongoDB RoleBinding"
 79 | oc apply -n ${MONGODB_NAMESPACE} -f https://raw.githubusercontent.com/mongodb/mongodb-kubernetes-operator/master/config/rbac/role_binding.yaml
 80 | oc apply -n ${MONGODB_NAMESPACE} -f https://raw.githubusercontent.com/mongodb/mongodb-kubernetes-operator/master/config/rbac/role_binding_database.yaml
 81 | 
 82 | echo "--- Install MongoDB Service Account"
 83 | oc apply -n ${MONGODB_NAMESPACE} -f https://raw.githubusercontent.com/mongodb/mongodb-kubernetes-operator/master/config/rbac/service_account.yaml
 84 | oc apply -n ${MONGODB_NAMESPACE} -f https://raw.githubusercontent.com/mongodb/mongodb-kubernetes-operator/master/config/rbac/service_account_database.yaml
 85 | 
 86 | echo "--- Install MongoDB Certificate"
 87 | oldCert=$(oc get secret mas-mongo-ce-cert-secret -n ${MONGODB_NAMESPACE} --ignore-not-found)
 88 | if [ ${MONGODB_ALWAYS_GEN_CERT} = 1 ] || [ -z "${oldCert}" ]; then
 89 |     WORK_DIR="${SCRIPT_DIR}/work"
 90 |     mkdir -p "${WORK_DIR}"
 91 |     openssl genrsa -out ${WORK_DIR}/ca.key 4096
 92 |     openssl req -new -x509 -days 3650 -key ${WORK_DIR}/ca.key -reqexts v3_req -extensions v3_ca -out ${WORK_DIR}/ca.crt -subj "/C=US/ST=NY/L=New York/O=AIAPPS/OU=MAS/CN=MAS"
 93 |     
 94 |     oc create secret tls ca-mas-mongodb-key-pair --cert=${WORK_DIR}/ca.crt --key=${WORK_DIR}/ca.key -n ${MONGODB_NAMESPACE}
 95 |     oc create configmap mas-mongo-ce-cert-map --from-file=ca.crt=${WORK_DIR}/ca.crt -n ${MONGODB_NAMESPACE}
 96 |     
 97 | cat <<EOF | oc apply -n ${MONGODB_NAMESPACE} -f -
 98 | ---
 99 | apiVersion: cert-manager.io/v1
100 | kind: Issuer
101 | metadata:
102 |   name: mas-mongodb-issuer
103 | spec:
104 |   ca:
105 |     secretName: ca-mas-mongodb-key-pair
106 | EOF
107 |     MONGO_NODES=""
108 |     for i in $(seq 0 $((${MONGODB_REPLICAS} - 1))); do
109 |         MONGO_NODES="${MONGO_NODES}\n    - mas-mongo-ce-${i}.mas-mongo-ce-svc.${MONGODB_NAMESPACE}.svc.cluster.local"
110 |     done
111 |     MONGO_NODES=$(echo -ne "${MONGO_NODES}")
112 |     
113 |     COMMON_NAME="mas-mongo-ce-svc.${MONGODB_NAMESPACE}.svc.cluster.local"
114 |     
115 | cat <<EOF | oc apply -n ${MONGODB_NAMESPACE} -f -
116 | ---
117 | apiVersion: cert-manager.io/v1
118 | kind: Certificate
119 | metadata:
120 |   name: mas-mongodb-cert
121 | spec:
122 |   secretName: mas-mongo-ce-cert-secret
123 |   duration: 262800h
124 |   renewBefore: 360h
125 |   privateKey:
126 |     rotationPolicy: Always
127 |   issuerRef:
128 |     name: mas-mongodb-issuer
129 |     kind: Issuer
130 |   subject:
131 |     organizations:
132 |       - MAS
133 |   commonName: "${COMMON_NAME}"
134 |   dnsNames: ${MONGO_NODES}
135 |     - "localhost"
136 | EOF
137 |     
138 |     rm -r ${WORK_DIR}
139 | fi
140 | 
141 | echo "--- Install MongoDB Password Secret"
142 | oldPassword=$(oc get secret mas-mongo-ce-admin-password -n ${MONGODB_NAMESPACE} --ignore-not-found)
143 | if [ ${MONGODB_ALWAYS_GEN_PASSWORD} = 1 ] || [ -z "${oldPassword}" ]; then
144 | cat <<EOF | oc apply -n ${MONGODB_NAMESPACE} -f -
145 | ---
146 | apiVersion: v1
147 | kind: Secret
148 | type: Opaque
149 | metadata:
150 |   name: mas-mongo-ce-admin-password
151 |   namespace: ${MONGODB_NAMESPACE}
152 | stringData:
153 |   password: "${MONGODB_PASSWORD}"
154 | EOF
155 | fi
156 | 
157 | echo "--- Install MongoDB manager for Openshift"
158 | cat <<EOF | oc apply -n ${MONGODB_NAMESPACE} -f -
159 | ---
160 | apiVersion: apps/v1
161 | kind: Deployment
162 | metadata:
163 |   annotations:
164 |     email: support@mongodb.com
165 |   labels:
166 |     owner: mongodb
167 |   name: mongodb-kubernetes-operator
168 |   namespace: "${MONGODB_NAMESPACE}"
169 | spec:
170 |   replicas: 1
171 |   selector:
172 |     matchLabels:
173 |       name: mongodb-kubernetes-operator
174 |   strategy:
175 |     rollingUpdate:
176 |       maxUnavailable: 1
177 |     type: RollingUpdate
178 |   template:
179 |     metadata:
180 |       labels:
181 |         name: mongodb-kubernetes-operator
182 |     spec:
183 |       affinity:
184 |         podAntiAffinity:
185 |           requiredDuringSchedulingIgnoredDuringExecution:
186 |           - labelSelector:
187 |               matchExpressions:
188 |               - key: name
189 |                 operator: In
190 |                 values:
191 |                 - mongodb-kubernetes-operator
192 |             topologyKey: kubernetes.io/hostname
193 |       containers:
194 |       - command:
195 |         - /usr/local/bin/entrypoint
196 |         env:
197 |         - name: WATCH_NAMESPACE
198 |           valueFrom:
199 |             fieldRef:
200 |               fieldPath: metadata.namespace
201 |         - name: POD_NAME
202 |           valueFrom:
203 |             fieldRef:
204 |               fieldPath: metadata.name
205 |         - name: MANAGED_SECURITY_CONTEXT
206 |           value: 'true'
207 |         - name: OPERATOR_NAME
208 |           value: mongodb-kubernetes-operator
209 |         - name: AGENT_IMAGE
210 |           value: quay.io/mongodb/mongodb-agent:11.12.0.7388-1
211 |         - name: READINESS_PROBE_IMAGE
212 |           value: quay.io/mongodb/mongodb-kubernetes-readinessprobe:1.0.8
213 |         - name: VERSION_UPGRADE_HOOK_IMAGE
214 |           value: quay.io/mongodb/mongodb-kubernetes-operator-version-upgrade-post-start-hook:1.0.4
215 |         - name: MONGODB_IMAGE
216 |           value: mongo
217 |         - name: MONGODB_REPO_URL
218 |           value: docker.io
219 |         image: quay.io/mongodb/mongodb-kubernetes-operator:0.7.3
220 |         imagePullPolicy: Always
221 |         name: mongodb-kubernetes-operator
222 |         resources:
223 |           limits:
224 |             cpu: 1100m
225 |             memory: 1Gi
226 |           requests:
227 |             cpu: 10m
228 |             memory: 100Mi
229 |       serviceAccountName: mongodb-kubernetes-operator
230 | EOF
231 | 
232 | echo "--- Wait until MongoDB manager available"
233 | cmd="oc get deployment mongodb-kubernetes-operator -n ${MONGODB_NAMESPACE} --ignore-not-found -o jsonpath={..status.conditions[?(@.type=='Available')].status}"
234 | state="True"
235 | waitUntil "${cmd}" "${state}"
236 | 
237 | echo "--- Install MongoDB Operator for Openshift"
238 | cat <<EOF | oc apply -n ${MONGODB_NAMESPACE} -f -
239 | ---
240 | apiVersion: mongodbcommunity.mongodb.com/v1
241 | kind: MongoDBCommunity
242 | metadata:
243 |   name: mas-mongo-ce
244 | spec:
245 |   members: ${MONGODB_REPLICAS}
246 |   type: ReplicaSet
247 |   version: "4.2.6"
248 |   security:
249 |     tls:
250 |       enabled: true
251 |       certificateKeySecretRef:
252 |         name: mas-mongo-ce-cert-secret
253 |       caConfigMapRef:
254 |         name: mas-mongo-ce-cert-map
255 |     authentication:
256 |       modes: ["SCRAM-SHA-1", "SCRAM-SHA-256"]
257 |   users:
258 |     - name: admin
259 |       db: admin
260 |       passwordSecretRef:
261 |         name: mas-mongo-ce-admin-password
262 |       roles:
263 |         - name: clusterAdmin
264 |           db: admin
265 |         - name: userAdminAnyDatabase
266 |           db: admin
267 |         - name: dbAdminAnyDatabase
268 |           db: admin
269 |         - name: dbOwner
270 |           db: admin
271 |         - name: readWriteAnyDatabase
272 |           db: admin
273 |       scramCredentialsSecretName: mas-mongo-ce-scram
274 |   additionalMongodConfig:
275 |     storage.wiredTiger.engineConfig.journalCompressor: snappy
276 |     net.tls.allowInvalidCertificates: true
277 |     net.tls.allowInvalidHostnames: true
278 |   statefulSet:
279 |     spec:
280 |       serviceName: mas-mongo-ce-svc
281 |       selector: {}
282 |       template:
283 |         spec:
284 |           containers:
285 |           - name: mongod
286 |             resources:
287 |               requests:
288 |                 cpu: "${MONGODB_CPU_REQUEST}"
289 |                 memory: "${MONGODB_MEM_REQUEST}"
290 |               limits:
291 |                 cpu: "${MONGODB_CPU_LIMIT}"
292 |                 memory: "${MONGODB_MEM_LIMIT}"
293 |       volumeClaimTemplates:
294 |         - metadata:
295 |             name: data-volume
296 |           spec:
297 |             accessModes: [ "ReadWriteOnce" ]
298 |             storageClassName: "${MONGODB_STORAGE_CLASS}"
299 |             resources:
300 |               requests:
301 |                 storage: "${MONGODB_STORAGE_SIZE}"
302 |         - metadata:
303 |             name: logs-volume
304 |           spec:
305 |             accessModes: [ "ReadWriteOnce" ]
306 |             storageClassName: "${MONGODB_STORAGE_CLASS}"
307 |             resources:
308 |               requests:
309 |                 storage: "${MONGODB_STORAGE_LOG_SIZE}"
310 | EOF
311 | 
312 | echo "--- Wait until MongoDB instance available"
313 | cmd="oc get statefulset mas-mongo-ce -n ${MONGODB_NAMESPACE} --ignore-not-found -o jsonpath={..status.readyReplicas}"
314 | state="${MONGODB_REPLICAS}"
315 | waitUntil "${cmd}" "${state}"
316 | 
317 | echo "Done."
318 | 


--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
  1 |                                  Apache License
  2 |                            Version 2.0, January 2004
  3 |                         http://www.apache.org/licenses/
  4 | 
  5 |    TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
  6 | 
  7 |    1. Definitions.
  8 | 
  9 |       "License" shall mean the terms and conditions for use, reproduction,
 10 |       and distribution as defined by Sections 1 through 9 of this document.
 11 | 
 12 |       "Licensor" shall mean the copyright owner or entity authorized by
 13 |       the copyright owner that is granting the License.
 14 | 
 15 |       "Legal Entity" shall mean the union of the acting entity and all
 16 |       other entities that control, are controlled by, or are under common
 17 |       control with that entity. For the purposes of this definition,
 18 |       "control" means (i) the power, direct or indirect, to cause the
 19 |       direction or management of such entity, whether by contract or
 20 |       otherwise, or (ii) ownership of fifty percent (50%) or more of the
 21 |       outstanding shares, or (iii) beneficial ownership of such entity.
 22 | 
 23 |       "You" (or "Your") shall mean an individual or Legal Entity
 24 |       exercising permissions granted by this License.
 25 | 
 26 |       "Source" form shall mean the preferred form for making modifications,
 27 |       including but not limited to software source code, documentation
 28 |       source, and configuration files.
 29 | 
 30 |       "Object" form shall mean any form resulting from mechanical
 31 |       transformation or translation of a Source form, including but
 32 |       not limited to compiled object code, generated documentation,
 33 |       and conversions to other media types.
 34 | 
 35 |       "Work" shall mean the work of authorship, whether in Source or
 36 |       Object form, made available under the License, as indicated by a
 37 |       copyright notice that is included in or attached to the work
 38 |       (an example is provided in the Appendix below).
 39 | 
 40 |       "Derivative Works" shall mean any work, whether in Source or Object
 41 |       form, that is based on (or derived from) the Work and for which the
 42 |       editorial revisions, annotations, elaborations, or other modifications
 43 |       represent, as a whole, an original work of authorship. For the purposes
 44 |       of this License, Derivative Works shall not include works that remain
 45 |       separable from, or merely link (or bind by name) to the interfaces of,
 46 |       the Work and Derivative Works thereof.
 47 | 
 48 |       "Contribution" shall mean any work of authorship, including
 49 |       the original version of the Work and any modifications or additions
 50 |       to that Work or Derivative Works thereof, that is intentionally
 51 |       submitted to Licensor for inclusion in the Work by the copyright owner
 52 |       or by an individual or Legal Entity authorized to submit on behalf of
 53 |       the copyright owner. For the purposes of this definition, "submitted"
 54 |       means any form of electronic, verbal, or written communication sent
 55 |       to the Licensor or its representatives, including but not limited to
 56 |       communication on electronic mailing lists, source code control systems,
 57 |       and issue tracking systems that are managed by, or on behalf of, the
 58 |       Licensor for the purpose of discussing and improving the Work, but
 59 |       excluding communication that is conspicuously marked or otherwise
 60 |       designated in writing by the copyright owner as "Not a Contribution."
 61 | 
 62 |       "Contributor" shall mean Licensor and any individual or Legal Entity
 63 |       on behalf of whom a Contribution has been received by Licensor and
 64 |       subsequently incorporated within the Work.
 65 | 
 66 |    2. Grant of Copyright License. Subject to the terms and conditions of
 67 |       this License, each Contributor hereby grants to You a perpetual,
 68 |       worldwide, non-exclusive, no-charge, royalty-free, irrevocable
 69 |       copyright license to reproduce, prepare Derivative Works of,
 70 |       publicly display, publicly perform, sublicense, and distribute the
 71 |       Work and such Derivative Works in Source or Object form.
 72 | 
 73 |    3. Grant of Patent License. Subject to the terms and conditions of
 74 |       this License, each Contributor hereby grants to You a perpetual,
 75 |       worldwide, non-exclusive, no-charge, royalty-free, irrevocable
 76 |       (except as stated in this section) patent license to make, have made,
 77 |       use, offer to sell, sell, import, and otherwise transfer the Work,
 78 |       where such license applies only to those patent claims licensable
 79 |       by such Contributor that are necessarily infringed by their
 80 |       Contribution(s) alone or by combination of their Contribution(s)
 81 |       with the Work to which such Contribution(s) was submitted. If You
 82 |       institute patent litigation against any entity (including a
 83 |       cross-claim or counterclaim in a lawsuit) alleging that the Work
 84 |       or a Contribution incorporated within the Work constitutes direct
 85 |       or contributory patent infringement, then any patent licenses
 86 |       granted to You under this License for that Work shall terminate
 87 |       as of the date such litigation is filed.
 88 | 
 89 |    4. Redistribution. You may reproduce and distribute copies of the
 90 |       Work or Derivative Works thereof in any medium, with or without
 91 |       modifications, and in Source or Object form, provided that You
 92 |       meet the following conditions:
 93 | 
 94 |       (a) You must give any other recipients of the Work or
 95 |           Derivative Works a copy of this License; and
 96 | 
 97 |       (b) You must cause any modified files to carry prominent notices
 98 |           stating that You changed the files; and
 99 | 
100 |       (c) You must retain, in the Source form of any Derivative Works
101 |           that You distribute, all copyright, patent, trademark, and
102 |           attribution notices from the Source form of the Work,
103 |           excluding those notices that do not pertain to any part of
104 |           the Derivative Works; and
105 | 
106 |       (d) If the Work includes a "NOTICE" text file as part of its
107 |           distribution, then any Derivative Works that You distribute must
108 |           include a readable copy of the attribution notices contained
109 |           within such NOTICE file, excluding those notices that do not
110 |           pertain to any part of the Derivative Works, in at least one
111 |           of the following places: within a NOTICE text file distributed
112 |           as part of the Derivative Works; within the Source form or
113 |           documentation, if provided along with the Derivative Works; or,
114 |           within a display generated by the Derivative Works, if and
115 |           wherever such third-party notices normally appear. The contents
116 |           of the NOTICE file are for informational purposes only and
117 |           do not modify the License. You may add Your own attribution
118 |           notices within Derivative Works that You distribute, alongside
119 |           or as an addendum to the NOTICE text from the Work, provided
120 |           that such additional attribution notices cannot be construed
121 |           as modifying the License.
122 | 
123 |       You may add Your own copyright statement to Your modifications and
124 |       may provide additional or different license terms and conditions
125 |       for use, reproduction, or distribution of Your modifications, or
126 |       for any such Derivative Works as a whole, provided Your use,
127 |       reproduction, and distribution of the Work otherwise complies with
128 |       the conditions stated in this License.
129 | 
130 |    5. Submission of Contributions. Unless You explicitly state otherwise,
131 |       any Contribution intentionally submitted for inclusion in the Work
132 |       by You to the Licensor shall be under the terms and conditions of
133 |       this License, without any additional terms or conditions.
134 |       Notwithstanding the above, nothing herein shall supersede or modify
135 |       the terms of any separate license agreement you may have executed
136 |       with Licensor regarding such Contributions.
137 | 
138 |    6. Trademarks. This License does not grant permission to use the trade
139 |       names, trademarks, service marks, or product names of the Licensor,
140 |       except as required for reasonable and customary use in describing the
141 |       origin of the Work and reproducing the content of the NOTICE file.
142 | 
143 |    7. Disclaimer of Warranty. Unless required by applicable law or
144 |       agreed to in writing, Licensor provides the Work (and each
145 |       Contributor provides its Contributions) on an "AS IS" BASIS,
146 |       WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
147 |       implied, including, without limitation, any warranties or conditions
148 |       of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
149 |       PARTICULAR PURPOSE. You are solely responsible for determining the
150 |       appropriateness of using or redistributing the Work and assume any
151 |       risks associated with Your exercise of permissions under this License.
152 | 
153 |    8. Limitation of Liability. In no event and under no legal theory,
154 |       whether in tort (including negligence), contract, or otherwise,
155 |       unless required by applicable law (such as deliberate and grossly
156 |       negligent acts) or agreed to in writing, shall any Contributor be
157 |       liable to You for damages, including any direct, indirect, special,
158 |       incidental, or consequential damages of any character arising as a
159 |       result of this License or out of the use or inability to use the
160 |       Work (including but not limited to damages for loss of goodwill,
161 |       work stoppage, computer failure or malfunction, or any and all
162 |       other commercial damages or losses), even if such Contributor
163 |       has been advised of the possibility of such damages.
164 | 
165 |    9. Accepting Warranty or Additional Liability. While redistributing
166 |       the Work or Derivative Works thereof, You may choose to offer,
167 |       and charge a fee for, acceptance of support, warranty, indemnity,
168 |       or other liability obligations and/or rights consistent with this
169 |       License. However, in accepting such obligations, You may act only
170 |       on Your own behalf and on Your sole responsibility, not on behalf
171 |       of any other Contributor, and only if You agree to indemnify,
172 |       defend, and hold each Contributor harmless for any liability
173 |       incurred by, or claims asserted against, such Contributor by reason
174 |       of your accepting any such warranty or additional liability.
175 | 
176 |    END OF TERMS AND CONDITIONS
177 | 
178 |    APPENDIX: How to apply the Apache License to your work.
179 | 
180 |       To apply the Apache License to your work, attach the following
181 |       boilerplate notice, with the fields enclosed by brackets "[]"
182 |       replaced with your own identifying information. (Don't include
183 |       the brackets!)  The text should be enclosed in the appropriate
184 |       comment syntax for the file format. We also recommend that a
185 |       file or class name and description of purpose be included on the
186 |       same "printed page" as the copyright notice for easier
187 |       identification within third-party archives.
188 | 
189 |    Copyright [yyyy] [name of copyright owner]
190 | 
191 |    Licensed under the Apache License, Version 2.0 (the "License");
192 |    you may not use this file except in compliance with the License.
193 |    You may obtain a copy of the License at
194 | 
195 |        http://www.apache.org/licenses/LICENSE-2.0
196 | 
197 |    Unless required by applicable law or agreed to in writing, software
198 |    distributed under the License is distributed on an "AS IS" BASIS,
199 |    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
200 |    See the License for the specific language governing permissions and
201 |    limitations under the License.
202 | 


--------------------------------------------------------------------------------