├── 3.10 ├── group_vars │ ├── .gitignore │ └── windows.example ├── bin │ ├── pause.ps1 │ ├── winssh.ps1 │ ├── disableipv6.ps1 │ ├── fixwinrm.bat │ ├── start_kubeovn.ps1 │ ├── setuprdp.ps1 │ ├── setguid.ps1 │ ├── get-net-name.ps1 │ ├── start_kubelet.ps1 │ ├── ReadMe.md │ ├── setup_kubeovn_service.ps1 │ ├── setup_kubelet_service.ps1 │ ├── setup_winrm.yml │ ├── docker-create.ps1 │ ├── setup-network.ps1 │ ├── x.ps1 │ └── expanddisk.ps1 ├── Dockerfile ├── standalone │ ├── test_ncc.sh │ ├── test.sh │ └── allinone.sh ├── test │ ├── wintest-part2.ps1 │ └── wintest-part1.ps1 ├── console-config.yaml ├── win1709.yml ├── scaleup.yml ├── console-template.yaml ├── ovn_presetup.yml └── azure │ ├── twonode.sh │ └── nodewin.ps1 ├── 3.11 ├── group_vars │ ├── .gitignore │ └── windows.example ├── bin │ ├── pause.ps1 │ ├── cloudbase.sst │ ├── fixwinrm.bat │ ├── export_certificate.ps1 │ ├── start_kubeovn.ps1 │ ├── setup_rdp.ps1 │ ├── start_kubelet.ps1 │ ├── README.md │ ├── setup_kubeovn_service.ps1 │ ├── setup_kubelet_service.ps1 │ ├── setup_winrm.yml │ ├── setup_sdn.ps1 │ └── expand_disk.ps1 ├── standalone │ ├── test_ncc.sh │ ├── test.sh │ ├── multihost.yml │ ├── multihost.sh │ └── allinone.sh ├── Dockerfile ├── testwin.yml ├── console-config.yaml ├── win1709.yml ├── auto-install-ovn.sh ├── scaleup.yml ├── daemon.yml ├── console-template.yaml └── azure │ └── twonode.sh ├── 3.9 ├── group_vars │ ├── .gitignore │ └── windows.example ├── bin │ ├── pause.ps1 │ ├── winssh.ps1 │ ├── disableipv6.ps1 │ ├── fixwinrm.bat │ ├── archive │ │ ├── start_kubeovn.ps1 │ │ ├── kickit.ps1 │ │ ├── start_kubelet.ps1 │ │ ├── kubestart.ps1 │ │ ├── start.ps1 │ │ └── start-kubelet.ps1 │ ├── start_kubeovn.ps1 │ ├── setuprdp.ps1 │ ├── setguid.ps1 │ ├── get-net-name.ps1 │ ├── start_kubelet.ps1 │ ├── ReadMe.md │ ├── setup_kubeovn_service.ps1 │ ├── setup_kubelet_service.ps1 │ ├── setup_winrm.yml │ ├── docker-create.ps1 │ ├── setup-network.ps1 │ ├── x.ps1 │ └── expanddisk.ps1 ├── Dockerfile ├── standalone │ ├── test_ncc.sh │ ├── test.sh │ └── allinone.sh ├── test │ ├── wintest-part2.ps1 │ └── wintest-part1.ps1 ├── console-config.yaml ├── win1709.yml ├── console-template.yaml ├── ovn_presetup.yml └── azure │ ├── twonode.sh │ └── nodewin.ps1 ├── logs └── readme.md ├── kvm ├── etc │ ├── modprobe.d │ │ └── dist.conf │ ├── sysconfig │ │ ├── network │ │ └── network-scripts │ │ │ ├── ifcfg-br0 │ │ │ └── ifcfg-bond0 │ └── dhcp │ │ └── dhcpd.conf ├── new-openshift.sh ├── new-winnode01.sh ├── new-windows.sh ├── importvm-rhel.sh ├── initialvm.sh ├── new-linux.sh ├── importvm-win1709.sh ├── restore-image.sh ├── backup-image.sh └── readme.md ├── doc ├── OpenShiftHybrid.pptx ├── OpenShiftHybrid-v1.pdf ├── photos │ ├── ErrorMessage.png │ ├── InstallRSAT.png │ ├── InstallHyperV.png │ ├── WindowsUpdate.png │ ├── AfterDockerCreate.png │ ├── ShowDockerCreate.png │ └── CheckExternalInterface.png ├── HowToOpenShiftHybrid.pdf ├── HowToOpenShiftHybrid.pptx ├── HowToOpenShiftWindowsBare.pdf └── HowToOpenShiftWindowsBare.pptx ├── issues └── changemacazure.png ├── examples ├── dhcpd.conf ├── ansible.hosts.single └── ansible.hosts.multi ├── debug.md ├── README.md └── LICENSE /3.10/group_vars/.gitignore: -------------------------------------------------------------------------------- 1 | windows 2 | -------------------------------------------------------------------------------- /3.11/group_vars/.gitignore: -------------------------------------------------------------------------------- 1 | windows 2 | -------------------------------------------------------------------------------- /3.9/group_vars/.gitignore: -------------------------------------------------------------------------------- 1 | windows 2 | -------------------------------------------------------------------------------- /logs/readme.md: -------------------------------------------------------------------------------- 1 | This directory must exist 2 | 3 | -------------------------------------------------------------------------------- /3.9/bin/pause.ps1: -------------------------------------------------------------------------------- 1 | while($true) 2 | { 3 | Start-Sleep -Seconds 60 4 | } 5 | -------------------------------------------------------------------------------- /3.10/bin/pause.ps1: -------------------------------------------------------------------------------- 1 | while($true) 2 | { 3 | Start-Sleep -Seconds 60 4 | } 5 | -------------------------------------------------------------------------------- /3.11/bin/pause.ps1: -------------------------------------------------------------------------------- 1 | while($true) 2 | { 3 | Start-Sleep -Seconds 60 4 | } 5 | -------------------------------------------------------------------------------- /kvm/etc/modprobe.d/dist.conf: -------------------------------------------------------------------------------- 1 | options kvm-amd nested=1 2 | options kvm ignore_msrs=1 3 | -------------------------------------------------------------------------------- /3.11/bin/cloudbase.sst: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openshift/openshift-windows/HEAD/3.11/bin/cloudbase.sst -------------------------------------------------------------------------------- /doc/OpenShiftHybrid.pptx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openshift/openshift-windows/HEAD/doc/OpenShiftHybrid.pptx -------------------------------------------------------------------------------- /issues/changemacazure.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openshift/openshift-windows/HEAD/issues/changemacazure.png -------------------------------------------------------------------------------- /kvm/etc/sysconfig/network: -------------------------------------------------------------------------------- 1 | NETWORKING=yes 2 | GATEWAY=147.75.109.145 3 | GATEWAYDEV=br0 4 | NOZEROCONF=yes 5 | -------------------------------------------------------------------------------- /doc/OpenShiftHybrid-v1.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openshift/openshift-windows/HEAD/doc/OpenShiftHybrid-v1.pdf -------------------------------------------------------------------------------- /doc/photos/ErrorMessage.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openshift/openshift-windows/HEAD/doc/photos/ErrorMessage.png -------------------------------------------------------------------------------- /doc/photos/InstallRSAT.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openshift/openshift-windows/HEAD/doc/photos/InstallRSAT.png -------------------------------------------------------------------------------- /doc/HowToOpenShiftHybrid.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openshift/openshift-windows/HEAD/doc/HowToOpenShiftHybrid.pdf -------------------------------------------------------------------------------- /doc/HowToOpenShiftHybrid.pptx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openshift/openshift-windows/HEAD/doc/HowToOpenShiftHybrid.pptx -------------------------------------------------------------------------------- /doc/photos/InstallHyperV.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openshift/openshift-windows/HEAD/doc/photos/InstallHyperV.png -------------------------------------------------------------------------------- /doc/photos/WindowsUpdate.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openshift/openshift-windows/HEAD/doc/photos/WindowsUpdate.png -------------------------------------------------------------------------------- /doc/photos/AfterDockerCreate.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openshift/openshift-windows/HEAD/doc/photos/AfterDockerCreate.png -------------------------------------------------------------------------------- /doc/photos/ShowDockerCreate.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openshift/openshift-windows/HEAD/doc/photos/ShowDockerCreate.png -------------------------------------------------------------------------------- /doc/HowToOpenShiftWindowsBare.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openshift/openshift-windows/HEAD/doc/HowToOpenShiftWindowsBare.pdf -------------------------------------------------------------------------------- /doc/HowToOpenShiftWindowsBare.pptx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openshift/openshift-windows/HEAD/doc/HowToOpenShiftWindowsBare.pptx -------------------------------------------------------------------------------- /3.9/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM microsoft/windowsservercore 2 | 3 | ADD bin/pause.ps1 /pause/pause.ps1 4 | 5 | CMD powershell /pause/pause.ps1 6 | -------------------------------------------------------------------------------- /doc/photos/CheckExternalInterface.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openshift/openshift-windows/HEAD/doc/photos/CheckExternalInterface.png -------------------------------------------------------------------------------- /3.10/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM microsoft/windowsservercore:1803 2 | 3 | ADD bin/pause.ps1 /pause/pause.ps1 4 | 5 | CMD powershell /pause/pause.ps1 6 | -------------------------------------------------------------------------------- /3.10/standalone/test_ncc.sh: -------------------------------------------------------------------------------- 1 | ./allinone.sh openshift winnode01 ncc9.com openshift.ncc9.com app.openshift.ncc9.com OpenShiftAdmin SuperLamb1 2 | 3 | -------------------------------------------------------------------------------- /3.11/standalone/test_ncc.sh: -------------------------------------------------------------------------------- 1 | ./allinone.sh openshift winnode01 ncc9.com openshift.ncc9.com app.openshift.ncc9.com OpenShiftAdmin SuperLamb1 2 | 3 | -------------------------------------------------------------------------------- /3.9/standalone/test_ncc.sh: -------------------------------------------------------------------------------- 1 | ./allinone.sh openshift winnode01 ncc9.com openshift.ncc9.com app.openshift.ncc9.com OpenShiftAdmin SuperLamb1 2 | 3 | -------------------------------------------------------------------------------- /kvm/new-openshift.sh: -------------------------------------------------------------------------------- 1 | rm -f /var/lib/libvirt/images/openshift.img 2 | ./new-linux.sh openshift 00:0c:29:f8:21:21 3 | virsh start openshift 4 | 5 | -------------------------------------------------------------------------------- /kvm/new-winnode01.sh: -------------------------------------------------------------------------------- 1 | rm -f /var/lib/libvirt/images/winnode01.img 2 | ./new-windows.sh winnode01 00:0c:29:f8:22:22 3 | virsh start winnode01 4 | 5 | -------------------------------------------------------------------------------- /3.10/bin/winssh.ps1: -------------------------------------------------------------------------------- 1 | Add-WindowsCapability -Online -Name OpenSSH.Server 2 | Set-Service -Name sshd -StartupType Automatic 3 | Start-Service sshd 4 | 5 | -------------------------------------------------------------------------------- /3.11/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM mcr.microsoft.com/windows/servercore:1809 2 | 3 | ADD bin/pause.ps1 /pause/pause.ps1 4 | 5 | CMD powershell /pause/pause.ps1 6 | -------------------------------------------------------------------------------- /3.9/bin/winssh.ps1: -------------------------------------------------------------------------------- 1 | Add-WindowsCapability -Online -Name OpenSSH.Server 2 | Set-Service -Name sshd -StartupType Automatic 3 | Start-Service sshd 4 | 5 | -------------------------------------------------------------------------------- /3.9/standalone/test.sh: -------------------------------------------------------------------------------- 1 | ./allinone.sh openshift winnode01 star.k.e2e.bos.redhat.com openshift.star.k.e2e.bos.redhat.com apps.star.k.e2e.bos.redhat.com glennswest SuperLamb1 2 | 3 | -------------------------------------------------------------------------------- /3.10/standalone/test.sh: -------------------------------------------------------------------------------- 1 | ./allinone.sh openshift winnode01 green.k.e2e.bos.redhat.com openshift.green.k.e2e.bos.redhat.com apps.green.k.e2e.bos.redhat.com glennswest SuperLamb1 2 | 3 | -------------------------------------------------------------------------------- /3.11/standalone/test.sh: -------------------------------------------------------------------------------- 1 | ./allinone.sh openshift winnode01 green.k.e2e.bos.redhat.com openshift.green.k.e2e.bos.redhat.com apps.green.k.e2e.bos.redhat.com glennswest SuperLamb1 2 | 3 | -------------------------------------------------------------------------------- /3.10/bin/disableipv6.ps1: -------------------------------------------------------------------------------- 1 | New-ItemProperty 'HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\' ` 2 | -Name 'DisabledComponents' -Value '0xffffffff' -PropertyType 'DWord' 3 | 4 | -------------------------------------------------------------------------------- /3.9/bin/disableipv6.ps1: -------------------------------------------------------------------------------- 1 | New-ItemProperty 'HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\' ` 2 | -Name 'DisabledComponents' -Value '0xffffffff' -PropertyType 'DWord' 3 | 4 | -------------------------------------------------------------------------------- /3.10/bin/fixwinrm.bat: -------------------------------------------------------------------------------- 1 | winrm set winrm/config/client/auth '@{Basic="true"}' 2 | winrm set winrm/config/service/auth '@{Basic="true"}' 3 | winrm set winrm/config/service '@{AllowUnencrypted="true"}' 4 | -------------------------------------------------------------------------------- /3.11/bin/fixwinrm.bat: -------------------------------------------------------------------------------- 1 | winrm set winrm/config/client/auth '@{Basic="true"}' 2 | winrm set winrm/config/service/auth '@{Basic="true"}' 3 | winrm set winrm/config/service '@{AllowUnencrypted="true"}' 4 | -------------------------------------------------------------------------------- /3.9/bin/fixwinrm.bat: -------------------------------------------------------------------------------- 1 | winrm set winrm/config/client/auth '@{Basic="true"}' 2 | winrm set winrm/config/service/auth '@{Basic="true"}' 3 | winrm set winrm/config/service '@{AllowUnencrypted="true"}' 4 | -------------------------------------------------------------------------------- /kvm/new-windows.sh: -------------------------------------------------------------------------------- 1 | virsh destroy $1 2 | sleep 5 3 | virsh undefine $1 4 | sleep 5 5 | virt-clone --connect qemu:///system --original win1709 --name $1 --file /var/lib/libvirt/images/$1.img --mac $2 6 | 7 | -------------------------------------------------------------------------------- /3.11/testwin.yml: -------------------------------------------------------------------------------- 1 | # Make sure basic components needed for Windows are Auto Installed and Updates Done 2 | - hosts: windows 3 | gather_facts: no 4 | tasks: 5 | - name: Check Comm 6 | win_ping: 7 | 8 | -------------------------------------------------------------------------------- /3.10/bin/start_kubeovn.ps1: -------------------------------------------------------------------------------- 1 | C:\bin\ovnkube.exe --init-node $env:COMPUTERNAME.ToLower() --config-file "C:\cni\ovn_k8s.conf" -cluster-subnet 10.128.0.0/14 -cni-conf-dir="C:\cni" -service-cluster-ip-range 172.30.0.0/16 2 | -------------------------------------------------------------------------------- /3.9/bin/archive/start_kubeovn.ps1: -------------------------------------------------------------------------------- 1 | C:\bin\ovnkube.exe --init-node $env:computername --config-file "C:\cni\ovn_k8s.conf" -cluster-subnet 10.128.0.0/14 -cni-conf-dir="C:\cni" -service-cluster-ip-range 172.30.0.0/16 2 | -------------------------------------------------------------------------------- /3.9/bin/start_kubeovn.ps1: -------------------------------------------------------------------------------- 1 | C:\bin\ovnkube.exe --init-node $env:COMPUTERNAME.ToLower() --config-file "C:\cni\ovn_k8s.conf" -cluster-subnet 10.128.0.0/14 -cni-conf-dir="C:\cni" -service-cluster-ip-range 172.30.0.0/16 2 | -------------------------------------------------------------------------------- /kvm/importvm-rhel.sh: -------------------------------------------------------------------------------- 1 | virt-install --name rhel75 --os-variant=rhel7 --cpu host --description "rhel75" --ram=15048 --vcpus=2 --disk path=/var/lib/libvirt/images/rhel75.img,size=60,sparse --network bridge:br0 --import 2 | 3 | -------------------------------------------------------------------------------- /kvm/etc/sysconfig/network-scripts/ifcfg-br0: -------------------------------------------------------------------------------- 1 | DEVICE=br0 2 | ONBOOT=yes 3 | TYPE=Bridge 4 | IPADDR=147.75.109.146 5 | NETMASK=255.255.255.240 6 | GATEWAY=147.75.109.145 7 | DNS1=147.75.207.207 8 | DNS2=147.75.207.208 9 | NM_CONTROLLED=no 10 | -------------------------------------------------------------------------------- /3.11/bin/export_certificate.ps1: -------------------------------------------------------------------------------- 1 | $cloudbaseCertID = "62912E07C6438E93A1AD1863637DD7484461B98A" 2 | $cert = (Get-ChildItem -Path "Cert:\LocalMachine\TrustedPublisher\${cloudbaseCertID}") 3 | Export-Certificate -Cert $cert -FilePath $PSScriptRoot\cloudbase.sst -Type SST 4 | -------------------------------------------------------------------------------- /3.11/bin/start_kubeovn.ps1: -------------------------------------------------------------------------------- 1 | C:\bin\ovnkube.exe --init-node $env:COMPUTERNAME.ToLower() ` 2 | --config-file "C:\cni\ovn_k8s.conf" ` 3 | -cluster-subnet 10.128.0.0/14 ` 4 | -cni-conf-dir="C:\cni" ` 5 | -service-cluster-ip-range 172.30.0.0/16 6 | -------------------------------------------------------------------------------- /3.9/bin/archive/kickit.ps1: -------------------------------------------------------------------------------- 1 | \bin\kubelet.exe --hostname-override="msnode01" --kubeconfig \k\config --resolv-conf="" --cni-bin-dir=/bin --network-plugin=cni --cni-conf-dir=\k\hybrid\cni --pod-infra-container-image="kubeletwin/pause" --allow-privileged=true --v=6 --enforce-node-allocatable="" --cgroups-per-qos=false 2 | 3 | -------------------------------------------------------------------------------- /kvm/initialvm.sh: -------------------------------------------------------------------------------- 1 | virsh destroy rhel75 2 | sleep 5 3 | virsh undefine rhel75 4 | sleep 5 5 | virt-install --name rhel75 --os-variant=rhel7 --description "rhel75" --ram=15048 --vcpus=2 --disk path=/var/lib/libvirt/images/openshift.img,size=60,sparse --network bridge:br0 --cdrom=/var/lib/libvirt/images/rhel75.iso 6 | 7 | -------------------------------------------------------------------------------- /3.10/bin/setuprdp.ps1: -------------------------------------------------------------------------------- 1 | Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server'-name "fDenyTSConnections" -Value 0 2 | Enable-NetFirewallRule -DisplayGroup "Remote Desktop" 3 | Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp' -name "UserAuthentication" -Value 1 4 | 5 | -------------------------------------------------------------------------------- /3.9/bin/setuprdp.ps1: -------------------------------------------------------------------------------- 1 | Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server'-name "fDenyTSConnections" -Value 0 2 | Enable-NetFirewallRule -DisplayGroup "Remote Desktop" 3 | Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp' -name "UserAuthentication" -Value 1 4 | 5 | -------------------------------------------------------------------------------- /3.11/bin/setup_rdp.ps1: -------------------------------------------------------------------------------- 1 | Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server'-name "fDenyTSConnections" -Value 0 2 | Enable-NetFirewallRule -DisplayGroup "Remote Desktop" 3 | Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp' -name "UserAuthentication" -Value 1 4 | 5 | -------------------------------------------------------------------------------- /kvm/etc/sysconfig/network-scripts/ifcfg-bond0: -------------------------------------------------------------------------------- 1 | DEVICE=bond0 2 | NAME=bond0 3 | BOOTPROTO=none 4 | ONBOOT=yes 5 | USERCTL=no 6 | TYPE=Bond 7 | BONDING_OPTS="mode=4 miimon=100 downdelay=200 updelay=200" 8 | #IPADDR=147.75.109.146 9 | #NETMASK=255.255.255.240 10 | #GATEWAY=147.75.109.145 11 | #DNS1=147.75.207.207 12 | #DNS2=147.75.207.208 13 | bridge=br0 14 | -------------------------------------------------------------------------------- /kvm/new-linux.sh: -------------------------------------------------------------------------------- 1 | virsh destroy $1 2 | sleep 5 3 | virsh undefine $1 4 | sleep 5 5 | #virt-install --name $1 --os-variant=rhel7 --description $1 --ram=15048 --vcpus=2 --disk path=/var/lib/libvirt/images/$1.img,size=60,sparse --network bridge:br0 6 | virt-clone --connect qemu:///system --original rhel75 --name $1 --file /var/lib/libvirt/images/$1.img --mac $2 7 | 8 | -------------------------------------------------------------------------------- /3.9/group_vars/windows.example: -------------------------------------------------------------------------------- 1 | ansible_user: *YourUsername* 2 | ansible_password: *YourPassword* 3 | ansible_port: 5985 4 | ansible_connection: winrm 5 | # The following is necessary for Python 2.7.9+ (or any older Python that has backported SSLContext, eg, Python 2.7.5 on RHEL7) when using default WinRM self-signed certificates: 6 | ansible_winrm_server_cert_validation: ignore 7 | -------------------------------------------------------------------------------- /3.10/test/wintest-part2.ps1: -------------------------------------------------------------------------------- 1 | choco install wget -y 2 | wget.exe https://cloudbase.it/downloads/openvswitch-hyperv-2.7.0-certified.msi -O openvswitch.msi 3 | msiexec /i openvswitch.msi ADDLOCAL="OpenvSwitchCLI,OpenvSwitchDriver,OVNHost" /qn 4 | NetSh Advfirewall set allprofiles state off 5 | setx PATH "C:\Program Files\Cloudbase Solutions\Open vSwitch\bin;$env:path" -m 6 | sleep 5 7 | Start-Service ovs-vswitchd 8 | -------------------------------------------------------------------------------- /3.9/test/wintest-part2.ps1: -------------------------------------------------------------------------------- 1 | choco install wget -y 2 | wget.exe https://cloudbase.it/downloads/openvswitch-hyperv-2.7.0-certified.msi -O openvswitch.msi 3 | msiexec /i openvswitch.msi ADDLOCAL="OpenvSwitchCLI,OpenvSwitchDriver,OVNHost" /qn 4 | NetSh Advfirewall set allprofiles state off 5 | setx PATH "C:\Program Files\Cloudbase Solutions\Open vSwitch\bin;$env:path" -m 6 | sleep 5 7 | Start-Service ovs-vswitchd 8 | -------------------------------------------------------------------------------- /3.10/bin/setguid.ps1: -------------------------------------------------------------------------------- 1 | if (!([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator")) { Start-Process powershell.exe "-NoProfile -ExecutionPolicy Bypass -File `"$PSCommandPath`"" -Verb RunAs; exit } 2 | 3 | ovs-vsctl set Open_vSwitch . external_ids:system-id=$Args 4 | ovs-vsctl get Open_vSwitch . external_ids:system-id 5 | 6 | -------------------------------------------------------------------------------- /3.9/bin/setguid.ps1: -------------------------------------------------------------------------------- 1 | if (!([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator")) { Start-Process powershell.exe "-NoProfile -ExecutionPolicy Bypass -File `"$PSCommandPath`"" -Verb RunAs; exit } 2 | 3 | ovs-vsctl set Open_vSwitch . external_ids:system-id=$Args 4 | ovs-vsctl get Open_vSwitch . external_ids:system-id 5 | 6 | -------------------------------------------------------------------------------- /3.9/test/wintest-part1.ps1: -------------------------------------------------------------------------------- 1 | mkdir \k 2 | Install-WindowsFeature -Name Hyper-V, RSAT-Hyper-V-Tools 3 | Find-PackageProvider -Name "Nuget" | Install-PackageProvider -Verbose -Force 4 | Install-Module -Name DockerMsftProvider -Repository PSGallery -Force 5 | Install-Package -Name docker -ProviderName DockerMsftProvider -Confirm 6 | Install-Package Docker -ProviderName DockerMsftProvider -Force 7 | Install-Package PSWindowsUpdate -Force 8 | Get-WUInstall -AcceptAll 9 | -------------------------------------------------------------------------------- /3.10/group_vars/windows.example: -------------------------------------------------------------------------------- 1 | ansible_user: *YourUsername* 2 | ansible_password: *YourPassword* 3 | ansible_port: 5985 4 | ansible_connection: winrm 5 | ansible_winrm_operation_timeout_sec: 600 6 | ansible_winrm_read_timeout_sec: 900 7 | # The following is necessary for Python 2.7.9+ (or any older Python that has backported SSLContext, eg, Python 2.7.5 on RHEL7) when using default WinRM self-signed certificates: 8 | ansible_winrm_server_cert_validation: ignore 9 | -------------------------------------------------------------------------------- /3.10/test/wintest-part1.ps1: -------------------------------------------------------------------------------- 1 | mkdir \k 2 | Install-WindowsFeature -Name Hyper-V, RSAT-Hyper-V-Tools 3 | Find-PackageProvider -Name "Nuget" | Install-PackageProvider -Verbose -Force 4 | Install-Module -Name DockerMsftProvider -Repository PSGallery -Force 5 | Install-Package -Name docker -ProviderName DockerMsftProvider -Confirm 6 | Install-Package Docker -ProviderName DockerMsftProvider -Force 7 | Install-Package PSWindowsUpdate -Force 8 | Get-WUInstall -AcceptAll 9 | -------------------------------------------------------------------------------- /3.11/group_vars/windows.example: -------------------------------------------------------------------------------- 1 | ansible_user: *YourUsername* 2 | ansible_password: *YourPassword* 3 | ansible_port: 5985 4 | ansible_connection: winrm 5 | ansible_winrm_operation_timeout_sec: 600 6 | ansible_winrm_read_timeout_sec: 900 7 | # The following is necessary for Python 2.7.9+ (or any older Python that has backported SSLContext, eg, Python 2.7.5 on RHEL7) when using default WinRM self-signed certificates: 8 | ansible_winrm_server_cert_validation: ignore 9 | -------------------------------------------------------------------------------- /3.9/bin/get-net-name.ps1: -------------------------------------------------------------------------------- 1 | $roughname = Get-NetRoute | Where-Object -FilterScript {$_.NextHop -Ne "::"} | Where-Object -FilterScript { $_.NextHop -Ne "0.0.0.0" } | Where-Object -FilterScript { ($_.NextHop.SubString(0,6) -Ne "fe80::") } | Get-NetAdapter | Format-List -Property "Name" | Out-String 2 | $roughname = $roughname -creplace '(?m)^\s*\r?\n','' 3 | $roughname = ($roughname -split '\n')[0] 4 | $INTERFACE_ALIAS= $roughname.Substring(7) -replace "`n|`r","" 5 | echo $INTERFACE_ALIAS 6 | -------------------------------------------------------------------------------- /kvm/importvm-win1709.sh: -------------------------------------------------------------------------------- 1 | virt-install --name win1709 --os-variant=win2k8r2 --os-type=windows --description "windows1709" --ram=15048 --vcpus=2 --disk /var/lib/libvirt/images/win1709.iso,device=cdrom,bus=ide --disk path=/var/lib/libvirt/images/win1709.img,size=60,sparse,bus=ide --network bridge:br0 --import --cpu host-passthrough --video cirrus --features hyperv_relaxed=on,hyperv_spinlocks=on,hyperv_vapic=on --clock hypervclock_present=yes --graphics vnc,listen=0.0.0.0 --noautoconsole 2 | -------------------------------------------------------------------------------- /3.10/bin/get-net-name.ps1: -------------------------------------------------------------------------------- 1 | $roughname = Get-NetRoute | Where-Object -FilterScript {$_.NextHop -Ne "::"} | Where-Object -FilterScript { $_.NextHop -Ne "0.0.0.0" } | Where-Object -FilterScript { ($_.NextHop.SubString(0,6) -Ne "fe80::") } | Get-NetAdapter | Format-List -Property "Name" | Out-String 2 | $roughname = $roughname -creplace '(?m)^\s*\r?\n','' 3 | $roughname = ($roughname -split '\n')[0] 4 | $INTERFACE_ALIAS= $roughname.Substring(7) -replace "`n|`r","" 5 | echo $INTERFACE_ALIAS 6 | -------------------------------------------------------------------------------- /kvm/restore-image.sh: -------------------------------------------------------------------------------- 1 | # Add the following to your ~/.bashrc after creating on azure portal 2 | # Values much match from portal on blob storage account 3 | # export BLOB_ACCT="kybridkvm.blob.core.windows.net" 4 | 5 | export vmpath=/var/lib/libvirt/images/$1.img 6 | /usr/bin/azcopy --quiet --destination /tmp/$1.xml --source https://$BLOB_ACCT/vms/$1.xml 7 | /usr/bin/azcopy --quiet --destination $vmpath --source https://$BLOB_ACCT/image/$1.img 8 | virsh define $1 /tmp/$1.xml 9 | 10 | 11 | -------------------------------------------------------------------------------- /3.9/bin/archive/start_kubelet.ps1: -------------------------------------------------------------------------------- 1 | c:\bin\kubelet.exe --hostname-override=$(hostname) --v=6 ` 2 | --resolv-conf="" ` 3 | --allow-privileged=true --enable-debugging-handlers ` 4 | --cluster-dns="10.0.0.4,10.0.1.6" --cluster-domain=cluster.local ` 5 | --kubeconfig=c:\k\config --hairpin-mode=promiscuous-bridge ` 6 | --image-pull-progress-deadline=20m --cgroups-per-qos=false ` 7 | --enforce-node-allocatable="" --pod-infra-container-image=glennswest/pause:latest ` 8 | --network-plugin=cni --cni-bin-dir="c:\bin" --cni-conf-dir "c:\cni" 9 | 10 | 11 | -------------------------------------------------------------------------------- /3.10/bin/start_kubelet.ps1: -------------------------------------------------------------------------------- 1 | $Env:lhost=$Env:COMPUTERNAME.ToLower() 2 | echo $Env:lhost 3 | c:\bin\kubelet.exe --hostname-override="$Env:lhost" --v=6 ` 4 | --resolv-conf="" ` 5 | --allow-privileged=true --enable-debugging-handlers ` 6 | --cluster-dns="10.0.0.4,10.0.1.6" --cluster-domain=cluster.local ` 7 | --kubeconfig=c:\k\config --hairpin-mode=promiscuous-bridge ` 8 | --image-pull-progress-deadline=20m --cgroups-per-qos=false ` 9 | --enforce-node-allocatable="" --pod-infra-container-image=kubeletwin/pause:latest ` 10 | --network-plugin=cni --cni-bin-dir="c:\bin" --cni-conf-dir "c:\cni" 11 | 12 | 13 | -------------------------------------------------------------------------------- /3.9/bin/start_kubelet.ps1: -------------------------------------------------------------------------------- 1 | $Env:lhost=$Env:COMPUTERNAME.ToLower() 2 | echo $Env:lhost 3 | c:\bin\kubelet.exe --hostname-override="$Env:lhost" --v=6 ` 4 | --resolv-conf="" ` 5 | --allow-privileged=true --enable-debugging-handlers ` 6 | --cluster-dns="10.0.0.4,10.0.1.6" --cluster-domain=cluster.local ` 7 | --kubeconfig=c:\k\config --hairpin-mode=promiscuous-bridge ` 8 | --image-pull-progress-deadline=20m --cgroups-per-qos=false ` 9 | --enforce-node-allocatable="" --pod-infra-container-image=glennswest/pause:latest ` 10 | --network-plugin=cni --cni-bin-dir="c:\bin" --cni-conf-dir "c:\cni" 11 | 12 | 13 | -------------------------------------------------------------------------------- /kvm/backup-image.sh: -------------------------------------------------------------------------------- 1 | # Add the following to your ~/.bashrc after creating on azure portal 2 | # Values much match from portal on blob storage account 3 | # export BLOB_KEY="tL23zdf31ft8h+qG0SjjL2+NDzbUGG6UbbKcZuarhOuR5J0L+9IV8gk8fHG7Z4XxdYP0+1LFlpet7lfRKa2oBA==" 4 | # export BLOB_ACCT="something.blob.core.windows.net" 5 | 6 | 7 | export vmpath=/var/lib/libvirt/images/$1.img 8 | virsh dumpxml $1 > /tmp/$1.xml 9 | /usr/bin/azcopy --quiet --source /tmp/$1.xml --destination https://$BLOB_ACCT/vms/$1.xml --dest-key $BLOB_KEY 10 | /usr/bin/azcopy --quiet --source $vmpath --destination https://$BLOB_ACCT/image/$1.img --dest-key $BLOB_KEY 11 | 12 | 13 | -------------------------------------------------------------------------------- /3.9/bin/archive/kubestart.ps1: -------------------------------------------------------------------------------- 1 | c:\bin\kubelet.exe --hostname-override=$(hostname) --v=6 ` 2 | --resolv-conf="" ` 3 | --allow-privileged=true --enable-debugging-handlers ` 4 | --cluster-dns=10.0.1.6 --cluster-domain=cluster.local ` 5 | --kubeconfig=c:\k\config --hairpin-mode=promiscuous-bridge ` 6 | --image-pull-progress-deadline=20m --cgroups-per-qos=false ` 7 | --enforce-node-allocatable="" --pod-infra-container-image=glennswest/pause:latest ` 8 | --network-plugin=cni --cni-bin-dir="c:\k\hybrid\bin" --cni-conf-dir "C:\k\hybrid\cni\config" ` 9 | --tls-cert-file="C:\k\server.crt" --tls-private-key-file="C:\k\server.key" 10 | 11 | 12 | -------------------------------------------------------------------------------- /examples/dhcpd.conf: -------------------------------------------------------------------------------- 1 | # 2 | # DHCP Server Configuration file. 3 | # see /usr/share/doc/dhcp*/dhcpd.conf.example 4 | # see dhcpd.conf(5) man page 5 | # 6 | subnet 147.75.39.72 netmask 255.255.255.248 { 7 | option routers 147.75.39.73; 8 | option subnet-mask 255.255.255.248; 9 | 10 | option domain-name "ncc9.com"; 11 | option domain-name-servers 8.8.8.8; 12 | 13 | 14 | range 147.75.39.77 147.75.39.77; 15 | host winnode01 { 16 | option host-name "winnode01.ncc9.com"; 17 | hardware ethernet 00:0c:29:f8:f4:54; 18 | fixed-address 147.75.39.76; 19 | } 20 | } 21 | 22 | 23 | -------------------------------------------------------------------------------- /3.11/bin/start_kubelet.ps1: -------------------------------------------------------------------------------- 1 | $Env:lhost=$Env:COMPUTERNAME.ToLower() 2 | echo $Env:lhost 3 | c:\bin\kubelet.exe --hostname-override="$Env:lhost" --v=6 ` 4 | --resolv-conf="" ` 5 | --allow-privileged=true ` 6 | --enable-debugging-handlers ` 7 | --cluster-dns="10.0.0.4,10.0.1.6" ` 8 | --cluster-domain=cluster.local ` 9 | --kubeconfig=c:\k\config ` 10 | --hairpin-mode=promiscuous-bridge ` 11 | --image-pull-progress-deadline=20m ` 12 | --cgroups-per-qos=false ` 13 | --enforce-node-allocatable="" ` 14 | --pod-infra-container-image=kubeletwin/pause:latest ` 15 | --network-plugin=cni ` 16 | --cni-bin-dir="c:\bin" ` 17 | --cni-conf-dir "c:\cni" 18 | -------------------------------------------------------------------------------- /3.9/bin/ReadMe.md: -------------------------------------------------------------------------------- 1 | # How to deploy Kuberbetes on Windows with Flannel + HostGW 2 | * Download Kubelet.exe, Kubectl.exe, Kube-Proxy.exe to c:\k 3 | * Copy Kubeconfig from Linux master to c:\k 4 | * Download start.ps1 to c:\k and run powershell powershell c:\k\start.ps1 5 | 6 | 7 | # Temp Binaries that will be removed soon 8 | There are several pending PRs, because of which the bins are published here 9 | [host-gw: add windows support](https://github.com/coreos/flannel/pull/921) 10 | * flanned.exe - 11 | 12 | [Windows CNI for overlay (vxlan) and host-gw (l2bridge) modes](https://github.com/containernetworking/plugins/pull/85) 13 | * cni\flannel.exe - 14 | * cni\host-local.exe 15 | * cni\l2bridge.exe -------------------------------------------------------------------------------- /3.10/bin/ReadMe.md: -------------------------------------------------------------------------------- 1 | # How to deploy Kuberbetes on Windows with Flannel + HostGW 2 | * Download Kubelet.exe, Kubectl.exe, Kube-Proxy.exe to c:\k 3 | * Copy Kubeconfig from Linux master to c:\k 4 | * Download start.ps1 to c:\k and run powershell powershell c:\k\start.ps1 5 | 6 | 7 | # Temp Binaries that will be removed soon 8 | There are several pending PRs, because of which the bins are published here 9 | [host-gw: add windows support](https://github.com/coreos/flannel/pull/921) 10 | * flanned.exe - 11 | 12 | [Windows CNI for overlay (vxlan) and host-gw (l2bridge) modes](https://github.com/containernetworking/plugins/pull/85) 13 | * cni\flannel.exe - 14 | * cni\host-local.exe 15 | * cni\l2bridge.exe -------------------------------------------------------------------------------- /3.11/bin/README.md: -------------------------------------------------------------------------------- 1 | # How to deploy Kuberbetes on Windows with Flannel + HostGW 2 | * Download Kubelet.exe, Kubectl.exe, Kube-Proxy.exe to c:\k 3 | * Copy Kubeconfig from Linux master to c:\k 4 | * Download start.ps1 to c:\k and run powershell powershell c:\k\start.ps1 5 | 6 | 7 | # Temp Binaries that will be removed soon 8 | There are several pending PRs, because of which the bins are published here 9 | [host-gw: add windows support](https://github.com/coreos/flannel/pull/921) 10 | * flanned.exe - 11 | 12 | [Windows CNI for overlay (vxlan) and host-gw (l2bridge) modes](https://github.com/containernetworking/plugins/pull/85) 13 | * cni\flannel.exe - 14 | * cni\host-local.exe 15 | * cni\l2bridge.exe 16 | -------------------------------------------------------------------------------- /3.9/bin/setup_kubeovn_service.ps1: -------------------------------------------------------------------------------- 1 | $powershell = (Get-Command powershell).Source 2 | $scriptPath = 'C:\k\hybrid\3.9\bin\start_kubeovn.ps1' 3 | $arguments = '-ExecutionPolicy Bypass -NoProfile -File "{0}"' -f $scriptPath 4 | $serviceName = "kubeovn" 5 | nssm install $serviceName $powershell $arguments 6 | nssm set kubeovn DisplayName Kubeovn 7 | nssm set kubeovn Description OVN For OpenShift 8 | nssm set kubeovn Start SERVICE_AUTO_START 9 | nssm set kubeovn AppStdout C:\k\hybrid\logs\kubeovn.log 10 | nssm set kubeovn AppStderr C:\k\hybrid\logs\kubeovn.log 11 | nssm set kubeovn AppRotateFiles 1 12 | nssm set kubeovn AppRotateOnline 1 13 | nssm set kubeovn AppRotateSeconds 86400 14 | nssm set kubeovn AppRotateBytes 1048576 15 | -------------------------------------------------------------------------------- /3.10/bin/setup_kubeovn_service.ps1: -------------------------------------------------------------------------------- 1 | $powershell = (Get-Command powershell).Source 2 | $scriptPath = 'C:\k\hybrid\3.10\bin\start_kubeovn.ps1' 3 | $arguments = '-ExecutionPolicy Bypass -NoProfile -File "{0}"' -f $scriptPath 4 | $serviceName = "kubeovn" 5 | nssm install $serviceName $powershell $arguments 6 | nssm set kubeovn DisplayName Kubeovn 7 | nssm set kubeovn Description OVN For OpenShift 8 | nssm set kubeovn Start SERVICE_AUTO_START 9 | nssm set kubeovn AppStdout C:\k\hybrid\logs\kubeovn.log 10 | nssm set kubeovn AppStderr C:\k\hybrid\logs\kubeovn.log 11 | nssm set kubeovn AppRotateFiles 1 12 | nssm set kubeovn AppRotateOnline 1 13 | nssm set kubeovn AppRotateSeconds 86400 14 | nssm set kubeovn AppRotateBytes 1048576 15 | -------------------------------------------------------------------------------- /3.11/bin/setup_kubeovn_service.ps1: -------------------------------------------------------------------------------- 1 | $powershell = (Get-Command powershell).Source 2 | $scriptPath = 'C:\k\hybrid\3.11\bin\start_kubeovn.ps1' 3 | $arguments = '-ExecutionPolicy Bypass -NoProfile -File "{0}"' -f $scriptPath 4 | $serviceName = "kubeovn" 5 | nssm install $serviceName $powershell $arguments 6 | nssm set kubeovn DisplayName Kubeovn 7 | nssm set kubeovn Description OVN For OpenShift 8 | nssm set kubeovn Start SERVICE_AUTO_START 9 | nssm set kubeovn AppStdout C:\k\hybrid\logs\kubeovn.log 10 | nssm set kubeovn AppStderr C:\k\hybrid\logs\kubeovn.log 11 | nssm set kubeovn AppRotateFiles 1 12 | nssm set kubeovn AppRotateOnline 1 13 | nssm set kubeovn AppRotateSeconds 86400 14 | nssm set kubeovn AppRotateBytes 1048576 15 | -------------------------------------------------------------------------------- /3.9/bin/setup_kubelet_service.ps1: -------------------------------------------------------------------------------- 1 | $powershell = (Get-Command powershell).Source 2 | $scriptPath = "C:\k\hybrid\3.9\bin\start_kubelet.ps1" 3 | $arguments = '-ExecutionPolicy Bypass -NoProfile -File "{0}"' -f $scriptPath 4 | $serviceName = "kubelet" 5 | nssm install $serviceName $powershell $arguments 6 | nssm set kubelet DisplayName Kubelet 7 | nssm set kubelet Description Kubelet OVN For OpenShift 8 | nssm set kubelet Start SERVICE_AUTO_START 9 | nssm set kubelet AppStdout C:\k\hybrid\logs\kubelet.log 10 | nssm set kubelet AppStderr C:\k\hybrid\logs\kubelet.log 11 | nssm set kubelet AppRotateFiles 1 12 | nssm set kubelet AppRotateOnline 1 13 | nssm set kubelet AppRotateSeconds 86400 14 | nssm set kubelet AppRotateBytes 1048576 15 | -------------------------------------------------------------------------------- /3.10/bin/setup_kubelet_service.ps1: -------------------------------------------------------------------------------- 1 | $powershell = (Get-Command powershell).Source 2 | $scriptPath = "C:\k\hybrid\3.10\bin\start_kubelet.ps1" 3 | $arguments = '-ExecutionPolicy Bypass -NoProfile -File "{0}"' -f $scriptPath 4 | $serviceName = "ocpkubelet" 5 | nssm install $serviceName $powershell $arguments 6 | nssm set ocpkubelet DisplayName ocpkubelet 7 | nssm set ocpkubelet Description Kubelet For OpenShift 8 | nssm set ocpkubelet Start SERVICE_AUTO_START 9 | nssm set ocpkubelet AppStdout C:\k\hybrid\logs\kubelet.log 10 | nssm set ocpkubelet AppStderr C:\k\hybrid\logs\kubelet.log 11 | nssm set ocpkubelet AppRotateFiles 1 12 | nssm set ocpkubelet AppRotateOnline 1 13 | nssm set ocpkubelet AppRotateSeconds 86400 14 | nssm set ocpkubelet AppRotateBytes 1048576 15 | -------------------------------------------------------------------------------- /3.11/bin/setup_kubelet_service.ps1: -------------------------------------------------------------------------------- 1 | $powershell = (Get-Command powershell).Source 2 | $scriptPath = "C:\k\hybrid\3.11\bin\start_kubelet.ps1" 3 | $arguments = '-ExecutionPolicy Bypass -NoProfile -File "{0}"' -f $scriptPath 4 | $serviceName = "ocpkubelet" 5 | nssm install $serviceName $powershell $arguments 6 | nssm set ocpkubelet DisplayName ocpkubelet 7 | nssm set ocpkubelet Description Kubelet For OpenShift 8 | nssm set ocpkubelet Start SERVICE_AUTO_START 9 | nssm set ocpkubelet AppStdout C:\k\hybrid\logs\kubelet.log 10 | nssm set ocpkubelet AppStderr C:\k\hybrid\logs\kubelet.log 11 | nssm set ocpkubelet AppRotateFiles 1 12 | nssm set ocpkubelet AppRotateOnline 1 13 | nssm set ocpkubelet AppRotateSeconds 86400 14 | nssm set ocpkubelet AppRotateBytes 1048576 15 | -------------------------------------------------------------------------------- /3.9/console-config.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: webconsole.config.openshift.io/v1 2 | kind: WebConsoleConfiguration 3 | clusterInfo: 4 | consolePublicURL: https://openshift.star.k.e2e.bos.redhat.com:8443/console/ 5 | loggingPublicURL: "" 6 | logoutPublicURL: "" 7 | masterPublicURL: https://openshift.star.k.e2e.bos.redhat.com:8443 8 | metricsPublicURL: "" 9 | extensions: 10 | scriptURLs: [] 11 | stylesheetURLs: [] 12 | properties: null 13 | features: 14 | inactivityTimeoutMinutes: 0 15 | clusterResourceOverridesEnabled: false 16 | servingInfo: 17 | bindAddress: 0.0.0.0:8443 18 | bindNetwork: tcp4 19 | certFile: /var/serving-cert/tls.crt 20 | clientCA: "" 21 | keyFile: /var/serving-cert/tls.key 22 | maxRequestsInFlight: 0 23 | namedCertificates: null 24 | requestTimeoutSeconds: 0 25 | -------------------------------------------------------------------------------- /3.10/console-config.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: webconsole.config.openshift.io/v1 2 | kind: WebConsoleConfiguration 3 | clusterInfo: 4 | consolePublicURL: https://openshift.green.k.e2e.bos.redhat.com:8443/console/ 5 | loggingPublicURL: "" 6 | logoutPublicURL: "" 7 | masterPublicURL: https://openshift.green.k.e2e.bos.redhat.com:8443 8 | metricsPublicURL: "" 9 | extensions: 10 | scriptURLs: [] 11 | stylesheetURLs: [] 12 | properties: null 13 | features: 14 | inactivityTimeoutMinutes: 0 15 | clusterResourceOverridesEnabled: false 16 | servingInfo: 17 | bindAddress: 0.0.0.0:8443 18 | bindNetwork: tcp4 19 | certFile: /var/serving-cert/tls.crt 20 | clientCA: "" 21 | keyFile: /var/serving-cert/tls.key 22 | maxRequestsInFlight: 0 23 | namedCertificates: null 24 | requestTimeoutSeconds: 0 25 | -------------------------------------------------------------------------------- /3.11/console-config.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: webconsole.config.openshift.io/v1 2 | kind: WebConsoleConfiguration 3 | clusterInfo: 4 | consolePublicURL: https://openshift.green.k.e2e.bos.redhat.com:8443/console/ 5 | loggingPublicURL: "" 6 | logoutPublicURL: "" 7 | masterPublicURL: https://openshift.green.k.e2e.bos.redhat.com:8443 8 | metricsPublicURL: "" 9 | extensions: 10 | scriptURLs: [] 11 | stylesheetURLs: [] 12 | properties: null 13 | features: 14 | inactivityTimeoutMinutes: 0 15 | clusterResourceOverridesEnabled: false 16 | servingInfo: 17 | bindAddress: 0.0.0.0:8443 18 | bindNetwork: tcp4 19 | certFile: /var/serving-cert/tls.crt 20 | clientCA: "" 21 | keyFile: /var/serving-cert/tls.key 22 | maxRequestsInFlight: 0 23 | namedCertificates: null 24 | requestTimeoutSeconds: 0 25 | -------------------------------------------------------------------------------- /kvm/etc/dhcp/dhcpd.conf: -------------------------------------------------------------------------------- 1 | # 2 | # DHCP Server Configuration file. 3 | # see /usr/share/doc/dhcp*/dhcpd.conf.example 4 | # see dhcpd.conf(5) man page 5 | # 6 | subnet 147.75.109.144 netmask 255.255.255.240 { 7 | option routers 147.75.109.145; 8 | option subnet-mask 255.255.255.240; 9 | 10 | option domain-name "ncc9.com"; 11 | option domain-name-servers 8.8.8.8; 12 | 13 | 14 | range 147.75.109.149 147.75.109.155; 15 | host openshift { 16 | option host-name "openshift.ncc9.com"; 17 | hardware ethernet 00:0c:29:f8:21:21; 18 | fixed-address 147.75.109.147; 19 | } 20 | host winnode01 { 21 | option host-name "winnode01.ncc9.com"; 22 | hardware ethernet 00:0c:29:f8:22:22; 23 | fixed-address 147.75.109.148; 24 | } 25 | 26 | } 27 | 28 | -------------------------------------------------------------------------------- /3.10/bin/setup_winrm.yml: -------------------------------------------------------------------------------- 1 | # Presetup for WindowsFeature 2 | - hosts: 127.0.0.1 3 | connection: local 4 | sudo: yes 5 | gather_facts: no 6 | vars: 7 | user: "{{lookup('env','USER')}}" 8 | tasks: 9 | - debug: msg="User is {{ user }}" 10 | - name: Install PIP and Related 11 | shell: yum install -y gcc libffi-devel python-devel krb5-devel krb5-libs krb5-workstation 12 | - name: Add yumutils 13 | shell: yum install -y yum-utils 14 | - name: Enable Extras 15 | shell: yum-config-manager --enable rhel-7-server-extras-rpms 16 | - name: Enable EPEL 17 | shell: yum install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm || true 18 | ignore_errors: yes 19 | - name: Install PIP and Related 20 | shell: yum install -y python-pip 21 | - name: disable epel 22 | shell: yum-config-manager --disable epel 23 | - name: Install pywinrm 24 | shell: pip install "pywinrm" --upgrade 25 | - name: Install pywinrm keberos 26 | shell: pip install pywinrm[kerberos] --upgrade 27 | -------------------------------------------------------------------------------- /3.11/bin/setup_winrm.yml: -------------------------------------------------------------------------------- 1 | # Presetup for WindowsFeature 2 | - hosts: 127.0.0.1 3 | connection: local 4 | sudo: yes 5 | gather_facts: no 6 | vars: 7 | user: "{{lookup('env','USER')}}" 8 | tasks: 9 | - debug: msg="User is {{ user }}" 10 | - name: Install PIP and Related 11 | shell: yum install -y gcc libffi-devel python-devel krb5-devel krb5-libs krb5-workstation 12 | - name: Add yumutils 13 | shell: yum install -y yum-utils 14 | - name: Enable Extras 15 | shell: yum-config-manager --enable rhel-7-server-extras-rpms 16 | - name: Enable EPEL 17 | shell: yum install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm || true 18 | ignore_errors: yes 19 | - name: Install PIP and Related 20 | shell: yum install -y python-pip 21 | - name: disable epel 22 | shell: yum-config-manager --disable epel 23 | - name: Install pywinrm 24 | shell: pip install "pywinrm" --upgrade 25 | - name: Install pywinrm keberos 26 | shell: pip install pywinrm[kerberos] --upgrade 27 | -------------------------------------------------------------------------------- /3.9/bin/setup_winrm.yml: -------------------------------------------------------------------------------- 1 | # Presetup for WindowsFeature 2 | - hosts: 127.0.0.1 3 | connection: local 4 | sudo: yes 5 | gather_facts: no 6 | vars: 7 | user: "{{lookup('env','USER')}}" 8 | tasks: 9 | - debug: msg="User is {{ user }}" 10 | - name: Install PIP and Related 11 | shell: yum install -y gcc libffi-devel python-devel krb5-devel krb5-libs krb5-workstation 12 | - name: Add yumutils 13 | shell: yum install -y yum-utils 14 | - name: Enable Extras 15 | shell: yum-config-manager --enable rhel-7-server-extras-rpms 16 | - name: Enable EPEL 17 | shell: yum install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm || true 18 | ignore_errors: yes 19 | - name: Install PIP and Related 20 | shell: yum install -y python-pip 21 | - name: disable epel 22 | shell: yum-config-manager --disable epel 23 | - name: Install pywinrm 24 | shell: pip install "pywinrm" --upgrade 25 | - name: Install pywinrm keberos 26 | shell: pip install pywinrm[kerberos] --upgrade 27 | -------------------------------------------------------------------------------- /3.10/bin/docker-create.ps1: -------------------------------------------------------------------------------- 1 | $a = Test-Path "C:\k\docker_create.lock" 2 | IF ($a -eq "True") {Write-Host "Docker Network Already Created";exit} 3 | Write-Host "Creating Docker Network" 4 | date > c:\k\docker_create.lock 5 | $roughname = Get-NetRoute | Where-Object -FilterScript {$_.NextHop -Ne "::"} | Where-Object -FilterScript { $_.NextHop -Ne "0.0.0.0" } | Where-Object -FilterScript { ($_.NextHop.SubString(0,6) -Ne "fe80::") } | Get-NetAdapter | Format-List -Property "Name" | Out-String 6 | $roughname = $roughname -creplace '(?m)^\s*\r?\n','' 7 | $roughname = ($roughname -split '\n')[0] 8 | echo $roughname 9 | $INTERFACE_ALIAS= $roughname.Substring(7) -replace "`n|`r","" 10 | echo $INTERFACE_ALIAS 11 | echo $INTERFACE_ALIAS > C:\k\interface.txt 12 | # multinode 13 | #docker network create -d transparent --gateway 10.128.2.1 --subnet 10.128.2.0/24 -o com.docker.network.windowsshim.interface="Ethernet0" external 14 | # Single node 15 | docker network create -d transparent --gateway 10.128.1.1 --subnet 10.128.1.0/24 -o com.docker.network.windowsshim.interface=$INTERFACE_ALIAS external 16 | 17 | -------------------------------------------------------------------------------- /3.9/bin/docker-create.ps1: -------------------------------------------------------------------------------- 1 | $a = Test-Path "C:\k\docker_create.lock" 2 | IF ($a -eq "True") {Write-Host "Docker Network Already Created";exit} 3 | Write-Host "Creating Docker Network" 4 | date > c:\k\docker_create.lock 5 | $roughname = Get-NetRoute | Where-Object -FilterScript {$_.NextHop -Ne "::"} | Where-Object -FilterScript { $_.NextHop -Ne "0.0.0.0" } | Where-Object -FilterScript { ($_.NextHop.SubString(0,6) -Ne "fe80::") } | Get-NetAdapter | Format-List -Property "Name" | Out-String 6 | $roughname = $roughname -creplace '(?m)^\s*\r?\n','' 7 | $roughname = ($roughname -split '\n')[0] 8 | echo $roughname 9 | $INTERFACE_ALIAS= $roughname.Substring(7) -replace "`n|`r","" 10 | echo $INTERFACE_ALIAS 11 | echo $INTERFACE_ALIAS > C:\k\interface.txt 12 | # multinode 13 | #docker network create -d transparent --gateway 10.128.2.1 --subnet 10.128.2.0/24 -o com.docker.network.windowsshim.interface="Ethernet0" external 14 | # Single node 15 | docker network create -d transparent --gateway 10.128.1.1 --subnet 10.128.1.0/24 -o com.docker.network.windowsshim.interface=$INTERFACE_ALIAS external 16 | 17 | -------------------------------------------------------------------------------- /3.10/win1709.yml: -------------------------------------------------------------------------------- 1 | - hosts: windows 2 | gather_facts: no 3 | vars: 4 | ipv6cmd: !unsafe New-ItemProperty 'HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\' -Name 'DisabledComponents' -Value '0xffffffff' -PropertyType 'DWord' 5 | tasks: 6 | - name: Check Comm 7 | win_ping: 8 | - name: Fix search 9 | win_shell: Set-DnsClientGlobalSetting -SuffixSearchList @("star.k.e2e.bos.redhat.com") 10 | - name: Turn off v6 11 | win_shell: "{{ipv6cmd}}" 12 | - name: Rename Computer 13 | win_shell: Rename-Computer -NewName "{{inventory_hostname}}" -Force 14 | - name: Enable Ping 15 | win_shell: Set-NetFirewallRule -Name FPS-ICMP4-ERQ-In -Enabled True;Set-NetFirewallRule -Name FPS-ICMP4-ERQ-out -Enabled True 16 | - name: Enable RDP Part 1 17 | win_shell: Set-ItemProperty ‘HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server\‘ -Name “fDenyTSConnections” -Value 0 18 | - name: Enable RDP Part 2 19 | win_shell: Set-ItemProperty ‘HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp\‘ -Name “UserAuthentication” -Value 1 20 | - name: Enable RDP Part 3 21 | win_shell: Enable-NetFirewallRule -DisplayGroup “Remote Desktop” 22 | -------------------------------------------------------------------------------- /3.11/win1709.yml: -------------------------------------------------------------------------------- 1 | - hosts: windows 2 | gather_facts: no 3 | vars: 4 | ipv6cmd: !unsafe New-ItemProperty 'HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\' -Name 'DisabledComponents' -Value '0xffffffff' -PropertyType 'DWord' 5 | tasks: 6 | - name: Check Comm 7 | win_ping: 8 | - name: Fix search 9 | win_shell: Set-DnsClientGlobalSetting -SuffixSearchList @("star.k.e2e.bos.redhat.com") 10 | - name: Turn off v6 11 | win_shell: "{{ipv6cmd}}" 12 | - name: Rename Computer 13 | win_shell: Rename-Computer -NewName "{{inventory_hostname}}" -Force 14 | - name: Enable Ping 15 | win_shell: Set-NetFirewallRule -Name FPS-ICMP4-ERQ-In -Enabled True;Set-NetFirewallRule -Name FPS-ICMP4-ERQ-out -Enabled True 16 | - name: Enable RDP Part 1 17 | win_shell: Set-ItemProperty ‘HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server\‘ -Name “fDenyTSConnections” -Value 0 18 | - name: Enable RDP Part 2 19 | win_shell: Set-ItemProperty ‘HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp\‘ -Name “UserAuthentication” -Value 1 20 | - name: Enable RDP Part 3 21 | win_shell: Enable-NetFirewallRule -DisplayGroup “Remote Desktop” 22 | -------------------------------------------------------------------------------- /3.9/win1709.yml: -------------------------------------------------------------------------------- 1 | - hosts: windows 2 | gather_facts: no 3 | vars: 4 | ipv6cmd: !unsafe New-ItemProperty 'HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\' -Name 'DisabledComponents' -Value '0xffffffff' -PropertyType 'DWord' 5 | tasks: 6 | - name: Check Comm 7 | win_ping: 8 | - name: Fix search 9 | win_shell: Set-DnsClientGlobalSetting -SuffixSearchList @("star.k.e2e.bos.redhat.com") 10 | - name: Turn off v6 11 | win_shell: "{{ipv6cmd}}" 12 | - name: Rename Computer 13 | win_shell: Rename-Computer -NewName "{{inventory_hostname}}" -Force 14 | - name: Enable Ping 15 | win_shell: Set-NetFirewallRule -Name FPS-ICMP4-ERQ-In -Enabled True;Set-NetFirewallRule -Name FPS-ICMP4-ERQ-out -Enabled True 16 | - name: Enable RDP Part 1 17 | win_shell: Set-ItemProperty ‘HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server\‘ -Name “fDenyTSConnections” -Value 0 18 | - name: Enable RDP Part 2 19 | win_shell: Set-ItemProperty ‘HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp\‘ -Name “UserAuthentication” -Value 1 20 | - name: Enable RDP Part 3 21 | win_shell: Enable-NetFirewallRule -DisplayGroup “Remote Desktop” 22 | -------------------------------------------------------------------------------- /3.11/auto-install-ovn.sh: -------------------------------------------------------------------------------- 1 | cd ~/openshift-windows/3.11/ 2 | wait_file() { 3 | local file="$1"; shift 4 | local wait_seconds="${1:-10}"; shift # 10 seconds as default timeout 5 | 6 | until test $((wait_seconds--)) -eq 0 -o -f "$file" ; do sleep 1; done 7 | 8 | ((++wait_seconds)) 9 | } 10 | 11 | oc_cmd_path=/usr/bin/oc 12 | kconfig_path=/root/.kube/config 13 | ansible_path=/usr/bin/ansible-playbook 14 | 15 | echo "Wait on Ansible" 16 | wait_file "$ansible_path" 36000 || { 17 | echo "Ansible Not Installed - Timeout" 18 | exit 1 19 | } 20 | echo "Ansible Installed" 21 | #echo "OVN Presetup Executing" 22 | #ansible-playbook ovn_presetup.yml 23 | #echo "OVN Preset Complete" 24 | echo "Waiting On OC Command Installation" 25 | wait_file "$oc_cmd_path" 36000 || { 26 | echo "Openshift Not Installed - Timeout" 27 | exit 1 28 | } 29 | echo "OC command is installed" 30 | echo "Waiting on Kubeconfig" 31 | wait_file "$kconfig_path" 36000 || { 32 | echo "Kubeconfig not created - Timeout" 33 | exit 1 34 | } 35 | echo "Kubeconfig is created" 36 | echo "Waiting on API Response" 37 | until oc whoami | grep -m 1 "system:admin"; do sleep 1 ; done 38 | echo "API Is Ready" 39 | sleep 400s 40 | echo "Waiting on API Response(2)" 41 | until oc whoami | grep -m 1 "system:admin"; do sleep 1 ; done 42 | echo "API Is Ready" 43 | ansible-playbook /root/openshift-windows/3.11/daemon.yml 44 | echo "Create node daemonset" 45 | oc create -f /root/ovn-kubernetes/dist/yaml/ovnkube.yaml 46 | -------------------------------------------------------------------------------- /3.10/scaleup.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - import_playbook: ../init/evaluate_groups.yml 3 | 4 | - name: Ensure there are new_nodes 5 | hosts: localhost 6 | connection: local 7 | gather_facts: no 8 | tasks: 9 | - fail: 10 | msg: > 11 | Detected no new_nodes in inventory. Please add hosts to the 12 | new_nodes host group to add nodes. 13 | when: 14 | - g_new_node_hosts | default([]) | length == 0 15 | - fail: 16 | msg: > 17 | Please run playbooks/openshift-master/scaleup.yml if you need to 18 | scale up both masters and nodes. This playbook is only needed if 19 | you are only adding new nodes and not new masters. 20 | when: 21 | - g_new_node_hosts | default([]) | length > 0 22 | - g_new_master_hosts | default([]) | length > 0 23 | 24 | # if g_new_node_hosts is not empty, oo_nodes_to_config will be set to 25 | # g_new_node_hosts via evaluate_groups.yml 26 | 27 | - import_playbook: ../prerequisites.yml 28 | vars: 29 | l_scale_up_hosts: "oo_nodes_to_config" 30 | l_base_packages_hosts: "oo_nodes_to_config" 31 | l_init_fact_hosts: "oo_masters_to_config:oo_etcd_to_config:oo_lb_to_config:oo_nodes_to_config" 32 | l_sanity_check_hosts: "{{ groups['oo_nodes_to_config'] | union(groups['oo_masters_to_config']) }}" 33 | 34 | - import_playbook: ../init/version.yml 35 | vars: 36 | l_openshift_version_set_hosts: "oo_nodes_to_config:!oo_first_master" 37 | 38 | - import_playbook: private/bootstrap.yml 39 | - import_playbook: private/join.yml 40 | 41 | - import_playbook: ../openshift-glusterfs/private/add_hosts.yml 42 | -------------------------------------------------------------------------------- /3.11/scaleup.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - import_playbook: ../init/evaluate_groups.yml 3 | 4 | - name: Ensure there are new_nodes 5 | hosts: localhost 6 | connection: local 7 | gather_facts: no 8 | tasks: 9 | - fail: 10 | msg: > 11 | Detected no new_nodes in inventory. Please add hosts to the 12 | new_nodes host group to add nodes. 13 | when: 14 | - g_new_node_hosts | default([]) | length == 0 15 | - fail: 16 | msg: > 17 | Please run playbooks/openshift-master/scaleup.yml if you need to 18 | scale up both masters and nodes. This playbook is only needed if 19 | you are only adding new nodes and not new masters. 20 | when: 21 | - g_new_node_hosts | default([]) | length > 0 22 | - g_new_master_hosts | default([]) | length > 0 23 | 24 | # if g_new_node_hosts is not empty, oo_nodes_to_config will be set to 25 | # g_new_node_hosts via evaluate_groups.yml 26 | 27 | - import_playbook: ../prerequisites.yml 28 | vars: 29 | l_scale_up_hosts: "oo_nodes_to_config" 30 | l_base_packages_hosts: "oo_nodes_to_config" 31 | l_init_fact_hosts: "oo_masters_to_config:oo_etcd_to_config:oo_lb_to_config:oo_nodes_to_config" 32 | l_sanity_check_hosts: "{{ groups['oo_nodes_to_config'] | union(groups['oo_masters_to_config']) }}" 33 | 34 | - import_playbook: ../init/version.yml 35 | vars: 36 | l_openshift_version_set_hosts: "oo_nodes_to_config:!oo_first_master" 37 | 38 | - import_playbook: private/bootstrap.yml 39 | - import_playbook: private/join.yml 40 | 41 | - import_playbook: ../openshift-glusterfs/private/add_hosts.yml 42 | -------------------------------------------------------------------------------- /3.10/bin/setup-network.ps1: -------------------------------------------------------------------------------- 1 | $a = Test-Path "C:\k\network_setup.lock" 2 | IF ($a -eq "True") {Write-Host "Network Already Installed";exit} 3 | Write-Host "Installing Network" 4 | date > c:\k\network_setup.lock 5 | $ErrorActionPreference = "SilentlyContinue" 6 | 7 | # The name is saved in the docker setup 8 | $roughname = Get-Content "C:\k\interface.txt" | Out-String 9 | $INTERFACE_ALIAS= $roughname -replace "`n|`r","" 10 | echo $INTERFACE_ALIAS 11 | 12 | Stop-Service ovs-vswitchd -force; Get-VMSwitch -SwitchType External | Disable-VMSwitchExtension "Cloudbase Open vSwitch Extension" 13 | Get-VMSwitch -SwitchType External | Set-VMSwitch -AllowManagementOS $false 14 | # Ignore the error from the first command 15 | Get-VMSwitch -SwitchType External | Set-VMSwitch -AllowManagementOS $false 16 | ovs-vsctl --no-wait --may-exist add-br br-ex 17 | ovs-vsctl --no-wait add-port br-ex "$INTERFACE_ALIAS" 18 | Get-VMSwitch -SwitchType External | Enable-VMSwitchExtension "Cloudbase Open vSwitch Extension"; sleep 2; Restart-Service ovs-vswitchd 19 | # Clone the MAC Address of $INTERFACE_ALIAS on br-ex 20 | $MAC_ADDRESS=$(Get-NetAdapter "$INTERFACE_ALIAS").MacAddress 21 | $FAKE_MAC_ADDRESS=$MAC_ADDRESS.Substring(0,15)+"90" 22 | Set-NetAdapter -Name "$INTERFACE_ALIAS" -MacAddress $FAKE_MAC_ADDRESS -Confirm:$false 23 | Set-NetAdapter -Name br-ex -MacAddress $MAC_ADDRESS -Confirm:$false 24 | # br-ex will get all the interface details from the DHCP server now 25 | Enable-NetAdapter br-ex 26 | # First time may not work 27 | Set-NetAdapter -Name br-ex -MacAddress $MAC_ADDRESS -Confirm:$false 28 | # Make sure arp etc is update to date 29 | ping 8.8.8.8 30 | Write-Host "SDN Network is setup" 31 | -------------------------------------------------------------------------------- /3.9/bin/setup-network.ps1: -------------------------------------------------------------------------------- 1 | $a = Test-Path "C:\k\network_setup.lock" 2 | IF ($a -eq "True") {Write-Host "Network Already Installed";exit} 3 | Write-Host "Installing Network" 4 | date > c:\k\network_setup.lock 5 | $ErrorActionPreference = "SilentlyContinue" 6 | 7 | # The name is saved in the docker setup 8 | $roughname = Get-Content "C:\k\interface.txt" | Out-String 9 | $INTERFACE_ALIAS= $roughname -replace "`n|`r","" 10 | echo $INTERFACE_ALIAS 11 | 12 | Stop-Service ovs-vswitchd -force; Get-VMSwitch -SwitchType External | Disable-VMSwitchExtension "Cloudbase Open vSwitch Extension" 13 | Get-VMSwitch -SwitchType External | Set-VMSwitch -AllowManagementOS $false 14 | # Ignore the error from the first command 15 | Get-VMSwitch -SwitchType External | Set-VMSwitch -AllowManagementOS $false 16 | ovs-vsctl --no-wait --may-exist add-br br-ex 17 | ovs-vsctl --no-wait add-port br-ex "$INTERFACE_ALIAS" 18 | Get-VMSwitch -SwitchType External | Enable-VMSwitchExtension "Cloudbase Open vSwitch Extension"; sleep 2; Restart-Service ovs-vswitchd 19 | # Clone the MAC Address of $INTERFACE_ALIAS on br-ex 20 | $MAC_ADDRESS=$(Get-NetAdapter "$INTERFACE_ALIAS").MacAddress 21 | $FAKE_MAC_ADDRESS=$MAC_ADDRESS.Substring(0,15)+"90" 22 | Set-NetAdapter -Name "$INTERFACE_ALIAS" -MacAddress $FAKE_MAC_ADDRESS -Confirm:$false 23 | Set-NetAdapter -Name br-ex -MacAddress $MAC_ADDRESS -Confirm:$false 24 | # br-ex will get all the interface details from the DHCP server now 25 | Enable-NetAdapter br-ex 26 | # First time may not work 27 | Set-NetAdapter -Name br-ex -MacAddress $MAC_ADDRESS -Confirm:$false 28 | # Make sure arp etc is update to date 29 | ping 8.8.8.8 30 | Write-Host "SDN Network is setup" 31 | -------------------------------------------------------------------------------- /3.11/daemon.yml: -------------------------------------------------------------------------------- 1 | - hosts: localhost 2 | become: yes 3 | become_user: root 4 | tasks: 5 | - name: open firewall 6641 6 | shell: iptables -A OS_FIREWALL_ALLOW -p tcp -m state --state NEW -m tcp --dport 6641 -j ACCEPT 7 | - name: open firewall 6642 8 | shell: iptables -A OS_FIREWALL_ALLOW -p tcp -m state --state NEW -m tcp --dport 6642 -j ACCEPT 9 | - name: open firewall 6081 10 | shell: iptables -A OS_FIREWALL_ALLOW -p udp -m state --state NEW -m udp --dport 6081 -j ACCEPT 11 | - name: Save iptables rules 12 | shell: service iptables save 13 | - name: Remove OVS DB Content 14 | shell: rm -rf /var/lib/openvswitch/ovn*.db 15 | - name: Remove any old ovn-kubernets 16 | shell: rm -r -f ~/ovn-kubernetes 17 | - name: Clone ovn-kubernetes 18 | shell: git clone https://github.com/glennswest/ovn-kubernetes ~/ovn-kubernetes 19 | - name: Provision the OVN Namespace 20 | shell: oc create -f /root/ovn-kubernetes/dist/yaml/ovn-namespace.yaml 21 | ignore_errors: yes 22 | - name: Provision the OVN Policy 23 | shell: oc create -f /root/ovn-kubernetes/dist/yaml/ovn-policy.yaml 24 | ignore_errors: yes 25 | - name: Provision the OVN Project 26 | shell: oc project ovn-kubernetes 27 | ignore_errors: yes 28 | - name: Add adm policy auyuid 29 | shell: oc adm policy add-scc-to-user anyuid -z ovn 30 | ignore_errors: yes 31 | - name: Run the ovn-setup 32 | shell: cd ~/ovn-kubernetes/dist/ansible/scripts; ./ovn-setup.sh > ovn-setup.out 33 | ignore_errors: yes 34 | - name: Start the ovn-ovs daemonset 35 | shell: oc create -f /root/ovn-kubernetes/dist/yaml/sdn-ovs.yaml 36 | ignore_errors: yes 37 | - name: Start the master ovn daemonset 38 | shell: oc create -f /root/ovn-kubernetes/dist/yaml/ovnkube-master.yaml 39 | ignore_errors: yes 40 | -------------------------------------------------------------------------------- /3.10/bin/x.ps1: -------------------------------------------------------------------------------- 1 | Write-Host "Installing Network" 2 | date > c:\k\network_setup.lock 3 | $ErrorActionPreference = "SilentlyContinue" 4 | 5 | If (-NOT ([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator")) 6 | { 7 | $arguments = "& '" + $myinvocation.mycommand.definition + "'" 8 | Start-Process powershell -Verb runAs -ArgumentList $arguments 9 | Break 10 | } 11 | 12 | # The name is saved in the docker setup 13 | $roughname = Get-Content "C:\k\interface.txt" | Out-String 14 | $INTERFACE_ALIAS= $roughname -replace "`n|`r","" 15 | echo $INTERFACE_ALIAS 16 | 17 | Stop-Service ovs-vswitchd -force; Get-VMSwitch -SwitchType External | Disable-VMSwitchExtension "Cloudbase Open vSwitch Extension" 18 | Get-VMSwitch -SwitchType External | Set-VMSwitch -AllowManagementOS $false 19 | # Ignore the error from the first command 20 | Get-VMSwitch -SwitchType External | Set-VMSwitch -AllowManagementOS $false 21 | ovs-vsctl --no-wait --may-exist add-br br-ex 22 | ovs-vsctl --no-wait add-port br-ex "$INTERFACE_ALIAS" 23 | Get-VMSwitch -SwitchType External | Enable-VMSwitchExtension "Cloudbase Open vSwitch Extension"; sleep 2; Restart-Service ovs-vswitchd 24 | # Clone the MAC Address of $INTERFACE_ALIAS on br-ex 25 | $MAC_ADDRESS=$(Get-NetAdapter "$INTERFACE_ALIAS").MacAddress 26 | $FAKE_MAC_ADDRESS=$MAC_ADDRESS.Substring(0,15)+"99" 27 | Set-NetAdapter -Name "$INTERFACE_ALIAS" -MacAddress $FAKE_MAC_ADDRESS -Confirm:$false 28 | Set-NetAdapter -Name br-ex -MacAddress $MAC_ADDRESS -Confirm:$false 29 | # br-ex will get all the interface details from the DHCP server now 30 | Enable-NetAdapter br-ex 31 | # First time may not work 32 | Set-NetAdapter -Name br-ex -MacAddress $MAC_ADDRESS -Confirm:$false 33 | # Make sure arp etc is update to date 34 | ping 8.8.8.8 35 | Write-Host "SDN Network is setup" 36 | -------------------------------------------------------------------------------- /3.9/bin/x.ps1: -------------------------------------------------------------------------------- 1 | Write-Host "Installing Network" 2 | date > c:\k\network_setup.lock 3 | $ErrorActionPreference = "SilentlyContinue" 4 | 5 | If (-NOT ([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator")) 6 | { 7 | $arguments = "& '" + $myinvocation.mycommand.definition + "'" 8 | Start-Process powershell -Verb runAs -ArgumentList $arguments 9 | Break 10 | } 11 | 12 | # The name is saved in the docker setup 13 | $roughname = Get-Content "C:\k\interface.txt" | Out-String 14 | $INTERFACE_ALIAS= $roughname -replace "`n|`r","" 15 | echo $INTERFACE_ALIAS 16 | 17 | Stop-Service ovs-vswitchd -force; Get-VMSwitch -SwitchType External | Disable-VMSwitchExtension "Cloudbase Open vSwitch Extension" 18 | Get-VMSwitch -SwitchType External | Set-VMSwitch -AllowManagementOS $false 19 | # Ignore the error from the first command 20 | Get-VMSwitch -SwitchType External | Set-VMSwitch -AllowManagementOS $false 21 | ovs-vsctl --no-wait --may-exist add-br br-ex 22 | ovs-vsctl --no-wait add-port br-ex "$INTERFACE_ALIAS" 23 | Get-VMSwitch -SwitchType External | Enable-VMSwitchExtension "Cloudbase Open vSwitch Extension"; sleep 2; Restart-Service ovs-vswitchd 24 | # Clone the MAC Address of $INTERFACE_ALIAS on br-ex 25 | $MAC_ADDRESS=$(Get-NetAdapter "$INTERFACE_ALIAS").MacAddress 26 | $FAKE_MAC_ADDRESS=$MAC_ADDRESS.Substring(0,15)+"99" 27 | Set-NetAdapter -Name "$INTERFACE_ALIAS" -MacAddress $FAKE_MAC_ADDRESS -Confirm:$false 28 | Set-NetAdapter -Name br-ex -MacAddress $MAC_ADDRESS -Confirm:$false 29 | # br-ex will get all the interface details from the DHCP server now 30 | Enable-NetAdapter br-ex 31 | # First time may not work 32 | Set-NetAdapter -Name br-ex -MacAddress $MAC_ADDRESS -Confirm:$false 33 | # Make sure arp etc is update to date 34 | ping 8.8.8.8 35 | Write-Host "SDN Network is setup" 36 | -------------------------------------------------------------------------------- /examples/ansible.hosts.single: -------------------------------------------------------------------------------- 1 | [OSEv3:children] 2 | masters 3 | nodes 4 | etcd 5 | new_nodes 6 | new_masters 7 | 8 | [OSEv3:vars] 9 | openshift_web_console_install=False 10 | openshift_enable_service_catalog=False 11 | openshift_hosted_manage_router=False 12 | openshift_hosted_manage_registry=False 13 | openshift_hosted_manage_registry_console=False 14 | ansible_ssh_user=root 15 | openshift_use_openshift_sdn=false 16 | os_sdn_network_plugin_name=cni 17 | openshift_disable_check=memory_availability 18 | oreg_url=registry.access.redhat.com/openshift3/ose-${component}:${version} 19 | openshift_examples_modify_imagestreams=true 20 | openshift_clock_enabled=true 21 | openshift_enable_service_catalog=false 22 | debug_level=2 23 | console_port=8443 24 | docker_udev_workaround=True 25 | openshift_node_debug_level="{{ node_debug_level | default(debug_level, true) }}" 26 | openshift_master_debug_level="{{ master_debug_level | default(debug_level, true) }}" 27 | openshift_master_access_token_max_seconds=2419200 28 | openshift_hosted_router_replicas=3 29 | openshift_hosted_registry_replicas=1 30 | openshift_master_api_port="{{ console_port }}" 31 | openshift_master_console_port="{{ console_port }}" 32 | openshift_override_hostname_check=true 33 | osm_use_cockpit=false 34 | openshift_install_examples=true 35 | deployment_type=openshift-enterprise 36 | openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', 'challenge': 'true', 'kind': 'HTPasswdPasswordIdentityProvider', 'filename': '/etc/origin/master/htpasswd'}] 37 | openshift_master_manage_htpasswd=false 38 | 39 | openshift_master_default_subdomain=openshift.ncc9.com 40 | osm_default_subdomain=app.ncc9.com 41 | openshift_use_dnsmasq=true 42 | openshift_public_hostname=openshift.ncc9.com 43 | 44 | [masters] 45 | openshift.ncc9.com openshift_node_labels="{'region': 'infra'}" 46 | 47 | [etcd] 48 | openshift.ncc9.com 49 | 50 | [new_nodes] 51 | [new_masters] 52 | 53 | [nodes] 54 | openshift.ncc9.com 55 | 56 | [windows] 57 | winnode01.ncc9.com 58 | -------------------------------------------------------------------------------- /3.11/standalone/multihost.yml: -------------------------------------------------------------------------------- 1 | - hosts: nodes 2 | gather_facts: False 3 | tasks: 4 | - name: Do ssh first 5 | shell: ssh "root@{{inventory_hostname}}" -o "StrictHostKeyChecking=no" ls 6 | delegate_to: localhost 7 | - name: Install dnsmasq 8 | shell: yum install -y dnsmasq 9 | args: 10 | warn: false 11 | - name: Enable dnsmasq 12 | shell: systemctl enable dnsmasq.service 13 | - name: Start dnsmasq 14 | shell: systemctl start dnsmasq.service 15 | - name: Turn off swap 16 | shell: swapoff -a 17 | - name: Turn off all repos 18 | shell: subscription-manager repos --disable="*" 19 | - name: Enable Needed Repos 20 | shell: subscription-manager repos --enable="rhel-7-server-rpms" --enable="rhel-7-server-extras-rpms" --enable="rhel-7-server-ose-3.11-rpms" --enable="rhel-7-server-ansible-2.6-rpms" 21 | - name: Update all nodes 22 | shell: yum -y update 23 | args: 24 | warn: False 25 | - name: Install needed tools 26 | shell: yum -y install gcc wget git net-tools atomic-openshift-utils git net-tools bind-utils iptables-services bridge-utils bash-completion httpd-tools nodejs qemu-img kexec-tools sos psacct docker-1.13.1 ansible libffi-devel yum-utils 27 | - name: Install Docker 28 | shell: yum -y install docker-1.13.1 29 | - name: Enable Docker 30 | shell: systemctl enable docker 31 | - name: Start Docker 32 | shell: systemctl start docker 33 | - hosts: masters[0] 34 | gather_facts: False 35 | tasks: 36 | - name: Add EPEL 37 | shell: yum -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm 38 | - name: EPEL Disabled by default 39 | shell: yum-config-manager --disable epel 40 | - name: Install jq on master 41 | shell: yum -y install --enablerepo="epel" jq 42 | - name: Remove old ovn repo 43 | shell: rm -r -f /root/ovn-kubernetes 44 | ignore_errors: yes 45 | - name: Remove old openshift-windows repo 46 | shell: rm -r -f /root/openshift-windows 47 | ignore_errors: yes 48 | - name: Clone the ovn repo 49 | shell: git clone https://github.com/glennswest/ovn-kubernetes /root/ovn-kubernetes 50 | - name: Clone the openshift repo 51 | shell: git clone https://github.com/openshift/openshift-windows /root/openshift-windows 52 | - name: Start background ovn install 53 | shell: nohup /root/openshift-windows/3.11/auto-install-ovn.sh < /dev/null > /root/auto-install-ovn.out 2>&1 & 54 | 55 | 56 | -------------------------------------------------------------------------------- /debug.md: -------------------------------------------------------------------------------- 1 | 2 | Check the guid task 3 | Get-ScheduledTask ovnsetguid | Get-ScheduledTaskInfo 4 | 5 | Proper Result: 6 | 7 | 8 | LastRunTime : 7/17/2018 9:01:01 AM 9 | LastTaskResult : 0 10 | NextRunTime : 7/17/2018 2:00:00 PM 11 | NumberOfMissedRuns : 0 12 | TaskName : ovnsetguid 13 | TaskPath : \ 14 | PSComputerName : 15 | 16 | 17 | To Check guid: 18 | ovs-vsctl get Open_vSwitch . external_ids:system-id 19 | 20 | Proper Result: 21 | ovs-vsctl get Open_vSwitch . external_ids:system-id 22 | "bc2f7e9f-c616-43fb-9f3e-5d3d55679121" 23 | 24 | NOTE: The guid value will be different 25 | 26 | To Trigger Run: 27 | 28 | Start-ScheduledTask -TaskName ovnsetguid 29 | 30 | 31 | To check ovn networking: 32 | 33 | ovn-sbctl show 34 | 35 | Proper Result 36 | [root@openshift winpacman]# ovn-sbctl show 37 | Chassis "a685029b-223f-4ddd-bf4d-b1c5e77706c8" 38 | hostname: "winnode01" 39 | Encap geneve 40 | ip: "147.75.39.76" 41 | options: {csum="true"} 42 | Port_Binding default_winpacman 43 | Port_Binding "k8s-winnode01.ncc9.com" 44 | Chassis "164714fe-a946-43ce-95c9-4098d27884fa" 45 | hostname: "openshift.ncc9.com" 46 | Encap geneve 47 | ip: "147.75.39.75" 48 | options: {csum="true"} 49 | Port_Binding "br-localnet_openshift.ncc9.com" 50 | Port_Binding "jtor-GR_openshift.ncc9.com" 51 | Port_Binding "k8s-openshift.ncc9.com" 52 | Port_Binding "rtoj-GR_openshift.ncc9.com" 53 | Port_Binding "default_docker-registry-1-8bpbd" 54 | Port_Binding "openshift-web-console_webconsole-6d47bf59bd-btqm5" 55 | Port_Binding "etor-GR_openshift.ncc9.com" 56 | Port_Binding "rtoe-GR_openshift.ncc9.com" 57 | 58 | To delete extra extries - delete chassis 59 | 60 | Example of improper entries: 61 | [root@openshift ~]# ovn-sbctl show 62 | Chassis "1c861065-6305-4994-b472-654fe41aca0c" 63 | hostname: "winnode01" 64 | Encap geneve 65 | ip: "147.75.39.76" 66 | options: {csum="true"} 67 | Chassis "bc2f7e9f-c616-43fb-9f3e-5d3d55679121" 68 | hostname: "winnode01" 69 | Encap geneve 70 | ip: "147.75.39.76" 71 | options: {csum="true"} 72 | Chassis "6a7de652-f068-4f6a-924d-b39864497c41" 73 | hostname: "winnode01" 74 | Encap geneve 75 | ip: "147.75.39.76" 76 | options: {csum="true"} 77 | Chassis "6b489885-5c50-4436-90dc-8c3bba4683fb" 78 | hostname: "winnode01" 79 | Encap geneve 80 | ip: "147.75.39.76" 81 | options: {csum="true"} 82 | Chassis "726b3a6f-0680-441e-9ed6-c04292943fa4" 83 | 84 | Should only be one entry for the node. Use the delete to cleanup. 85 | 86 | -------------------------------------------------------------------------------- /examples/ansible.hosts.multi: -------------------------------------------------------------------------------- 1 | [OSEv3:children] 2 | masters 3 | nodes 4 | etcd 5 | new_nodes 6 | new_masters 7 | 8 | [OSEv3:vars] 9 | oreg_url=registry.access.redhat.com/openshift3/ose-${component}:${version} 10 | openshift_examples_modify_imagestreams=true 11 | openshift_clock_enabled=true 12 | openshift_enable_service_catalog=false 13 | debug_level=2 14 | console_port=8443 15 | docker_udev_workaround=True 16 | openshift_node_debug_level="{{ node_debug_level | default(debug_level, true) }}" 17 | openshift_master_debug_level="{{ master_debug_level | default(debug_level, true) }}" 18 | openshift_master_access_token_max_seconds=2419200 19 | openshift_hosted_router_replicas=3 20 | openshift_hosted_registry_replicas=1 21 | openshift_master_api_port="{{ console_port }}" 22 | openshift_master_console_port="{{ console_port }}" 23 | openshift_override_hostname_check=true 24 | osm_use_cockpit=false 25 | openshift_node_local_quota_per_fsgroup=512Mi 26 | openshift_install_examples=true 27 | deployment_type=openshift-enterprise 28 | openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', 'challenge': 'true', 'kind': 'HTPasswdPasswordIdentityProvider', 'filename': '/etc/origin/master/htpasswd'}] 29 | openshift_master_manage_htpasswd=false 30 | 31 | openshift_use_openshift_sdn=false 32 | os_sdn_network_plugin_name=cni 33 | 34 | # default selectors for router and registry services 35 | openshift_router_selector='role=infra' 36 | openshift_registry_selector='role=infra' 37 | 38 | # Select default nodes for projects 39 | ansible_become=yes 40 | ansible_ssh_user=glennswest 41 | remote_user=glennswest 42 | 43 | openshift_master_default_subdomain=52.179.199.176.nip.io 44 | openshift_public_hostname=gwmon.eastus2.cloudapp.azure.com 45 | 46 | openshift_master_cluster_method=native 47 | openshift_master_cluster_hostname=gwmon.eastus2.cloudapp.azure.com 48 | openshift_master_cluster_public_hostname=gwmon.eastus2.cloudapp.azure.com 49 | 50 | 51 | [masters] 52 | master1 openshift_hostname=master1 openshift_node_labels="{'role': 'master'}" 53 | master2 openshift_hostname=master2 openshift_node_labels="{'role': 'master'}" 54 | master3 openshift_hostname=master3 openshift_node_labels="{'role': 'master'}" 55 | 56 | [etcd] 57 | master1 58 | master2 59 | master3 60 | 61 | 62 | [new_nodes] 63 | [new_masters] 64 | 65 | [nodes] 66 | master1 openshift_hostname=master1 openshift_node_labels="{'role':'master','zone':'default','logging':'true'}" 67 | master2 openshift_hostname=master2 openshift_node_labels="{'role':'master','zone':'default','logging':'true'}" 68 | master3 openshift_hostname=master3 openshift_node_labels="{'role':'master','zone':'default','logging':'true'}" 69 | infranode1 openshift_hostname=infranode1 openshift_node_labels="{'role': 'infra', 'zone': 'default','logging':'true'}" 70 | infranode2 openshift_hostname=infranode2 openshift_node_labels="{'role': 'infra', 'zone': 'default','logging':'true'}" 71 | infranode3 openshift_hostname=infranode3 openshift_node_labels="{'role': 'infra', 'zone': 'default','logging':'true'}" 72 | node01 openshift_hostname=node01 openshift_node_labels="{'role':'app','zone':'default','logging':'true'}" 73 | 74 | [windows] 75 | winnode01 openshift_hostname=winnode01 openshift_node_labels="{'role':'windows','zone':'default','logging':'true'}" 76 | winnode02 openshift_hostname=winnode02 openshift_node_labels="{'role':'windows','zone':'default','logging':'true'}" 77 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # OpenShift environment with Windows and Linux nodes 2 | 3 | This current is tested on VMware, with two machines, one running OpenShift 3.11 on RHEL 7.5, and one running OpenShift with Windows. 4 | An OpenShift entitlement is required. 5 | 6 | The Windows Node is Windows Server Core 2019/Windows Datacenter Edition 2019. 7 | The Windows node requires it to be enabled for Ansible. 8 | bin/winansible.ps1 set's up the windows node for ansible. 9 | 10 | ## Azure 11 | The openshift-windows repository code for 3.11 now supports Microsoft Azure Cloud. A full ARM template is now included and has been tested. 12 | 13 | How to Use: 14 | 15 | ## Repos for Openshift Windows: 16 | 17 | Supported 18 | 19 | https://github.com/openshift/openshift-windows 20 | 21 | Upstream: 22 | 23 | https://github.com/glennswest/openshift-windows 24 | 25 | Requirements: 26 | 1. Linux node with host name set, and static ip, and a proper search domain 27 | 2. Windows node with a hostname set, and dhcp that returns same ip all the time, matching hostname. (Windows 2019 Datacenter Edition) 28 | 3. The windows node must have the correct host name, make sure you rename it. 29 | 30 | Overview: 31 | 1. Install two nodes, one with RHEL 7.5 and one with Windows 1803. 32 | 2. Setup DNS for both nodes, and search domain so the hosts can be found by both there short name, and there fully qualified name. 33 | 3. Make sure the windows node can use DHCP to find its IP address. 34 | 4. Make sure the Mac address is unique for the windows node in the first 5 bytes. 35 | 5. Login to root, and install git 36 | 6. git clone repo 37 | 7. cd repo (Either hybrid or opepnshift-windows) 38 | 8. Run allinone.sh 39 | 40 | Important Note: The Windows Node must run on a physical box, or a environment that supports nested virt, with passthru configured on the VM. 41 | 42 | ./allinone.sh LinuxHostName WindowsHostName InternalDomain OpenShiftPublicURL AppPublicURL UserName Password rhnusername rhnpassword 43 | 44 | Arguments Examples: 45 | 46 | Linux Host Name - node01 or openshift or linuxnode 47 | Windows Host Name: winnode01 or windows 48 | Internal Domain: ncc9.com 49 | Openshift Public URL: openshift.ncc9.com 50 | App Public URL: example: app.openshift.ncc9.com 51 | Username: example: openshift 52 | Password: SuperSecret 53 | rhnusername: A Red Hat Network Username - For OpenShift and RHEL Subscription 54 | rhnpassword: A Red Hat Network Password 55 | 56 | 57 | 9. cd .. 58 | 10. Prepare Windows Machine 59 | A. RDP To windows console (Or use vmware console) 60 | B. From Command Prompt: (To Enable Ansible) be sure to specify the version of OpenShift to be installed. The command below assumes 3.11 specify a different version if required 61 | i. type: powershell 62 | ii. type: [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 63 | iii. Invoke-WebRequest -Uri https://raw.githubusercontent.com/openshift/openshift-windows/master/3.11/bin/winansible.ps1 -OutFile "winansible.ps1" -UseDefaultCredentials 64 | iv. .\winansible.ps1 65 | v. Rename-Computer -NewName "winnode01" -Restart -Force 66 | vi. Disconnect from windows. 67 | 11. copy the group_vars/windows.example to group_vars/windows 68 | 12. Add a user name and password to group_vars/windows 69 | 13. ansible-playbook windows.yml 70 | 71 | ## Known Issues/ Changes: 72 | 1.Azure testing is current in process. Azure will require a further update to fucntion. 73 | 2. The 3.11 branch requires 2 additional arguments, rhnusername and rhnpassword 74 | 3. Nested Virt is no longer required 75 | -------------------------------------------------------------------------------- /3.11/bin/setup_sdn.ps1: -------------------------------------------------------------------------------- 1 | Param( 2 | [Parameter(Mandatory=$true)] 3 | [string]$SubnetFile, 4 | [Parameter(Mandatory=$false)] 5 | [string]$OVSNetworkName="external", 6 | [Parameter(Mandatory=$false)] 7 | [int]$OVSCmdTimeout=30 8 | ) 9 | 10 | $ErrorActionPreference = "Stop" 11 | 12 | 13 | function Get-NetworkInfo { 14 | if(!(Test-Path $SubnetFile)) { 15 | Throw "The subnet file $SubnetFile doesn't exist" 16 | } 17 | $subnet = Get-Content $SubnetFile -Raw | ConvertFrom-Json 18 | if(!($subnet -is [string])) { 19 | Throw "The content from file $SubnetFile is not a string: $subnet" 20 | } 21 | $splitSubnet = $subnet.Split('/') 22 | if($splitSubnet.Count -ne 2) { 23 | Throw "The subnet format from file is incorrect: $subnet" 24 | } 25 | $net = $splitSubnet[0].Split('.') 26 | $gateway = "{0}.{1}.{2}.{3}" -f @($net[0], $net[1], $net[2], "1") 27 | return @{ 28 | "subnet" = $subnet 29 | "gateway" = $gateway 30 | } 31 | } 32 | 33 | function New-OVSNetwork { 34 | $primaryIfIndex = (Get-NetRoute -DestinationPrefix "0.0.0.0/0").ifIndex 35 | $mainInterface = Get-NetAdapter -InterfaceIndex $primaryIfIndex 36 | [array]$networks = Get-HnsNetwork | Where-Object { 37 | ($_.Name -eq $OVSNetworkName) -and ($_.Type -eq "Transparent") 38 | } 39 | if($networks) { 40 | if($networks.Count -gt 1) { 41 | # If we reach this, something weird happened 42 | Throw "More than one OVS network was found" 43 | } 44 | $adapterName = $networks[0].NetworkAdapterName 45 | # Clean up existing network to refresh its subnet and gateway values 46 | $networks | Remove-HnsNetwork 47 | } else { 48 | $adapterName = $mainInterface.InterfaceAlias 49 | } 50 | $netInfo = Get-NetworkInfo 51 | $net = New-HnsNetwork -Name $OVSNetworkName -Type "Transparent" -AdapterName $adapterName ` 52 | -AddressPrefix $netInfo["subnet"] -Gateway $netInfo["gateway"] 53 | # Check if the virtual adapter is present post HNS network creation 54 | $virtualAdapterName = "vEthernet ($($net.NetworkAdapterName))" 55 | $adapter = Get-NetAdapter -Name $virtualAdapterName -ErrorAction SilentlyContinue 56 | if(!$adapter) { 57 | Throw "The virtual adapter $virtualAdapterName doesn't exist post HNS network creation" 58 | } 59 | return $net 60 | } 61 | 62 | 63 | try { 64 | Import-Module HostNetworkingService 65 | Import-Module HNSHelper -DisableNameChecking 66 | Import-Module OVS -DisableNameChecking 67 | 68 | $net = New-OVSNetwork 69 | Set-Service "ovs-vswitchd" -StartupType Disabled 70 | Stop-Service "ovs-vswitchd" -Force -ErrorAction SilentlyContinue 71 | Disable-OVSOnHNSNetwork $net.ID 72 | $bridgeName = "vEthernet ($($net.NetworkAdapterName))" 73 | ovs-vsctl.exe --timeout $OVSCmdTimeout --if-exists --no-wait del-br "$bridgeName" 74 | if($LASTEXITCODE) { 75 | Throw "Failed to cleanup existing OVS bridge" 76 | } 77 | ovs-vsctl.exe --timeout $OVSCmdTimeout --no-wait --may-exist add-br "$bridgeName" 78 | if($LASTEXITCODE) { 79 | Throw "Failed to add the OVS bridge" 80 | } 81 | ovs-vsctl.exe --timeout $OVSCmdTimeout --no-wait --may-exist add-port "$bridgeName" "$($net.NetworkAdapterName)" 82 | if($LASTEXITCODE) { 83 | Throw "Failed to add the HNS interface to OVS bridge" 84 | } 85 | Enable-OVSOnHNSNetwork $net.ID 86 | Set-Service "ovs-vswitchd" -StartupType Automatic 87 | Start-Service "ovs-vswitchd" 88 | Write-Output "The SDN network setup is ready" 89 | } catch { 90 | Write-Output $_.ScriptStackTrace 91 | exit 1 92 | } 93 | exit 0 94 | -------------------------------------------------------------------------------- /3.10/bin/expanddisk.ps1: -------------------------------------------------------------------------------- 1 | <#PSScriptInfo 2 | .VERSION 1.0.0 3 | .GUID e009159d-97e2-492a-a289-42426518dd41 4 | .AUTHOR Arjun Bahree 5 | .COMPANYNAME 6 | .COPYRIGHT 7 | .TAGS Windows PowerShell DiskPartition OSDisk 8 | .LICENSEURI https://github.com/bahreex/Bahree-PowerShell-Library/blob/master/LICENSE 9 | .PROJECTURI https://github.com/bahreex/Bahree-PowerShell-Library/tree/master/General 10 | .ICONURI 11 | .EXTERNALMODULEDEPENDENCIES 12 | .REQUIREDSCRIPTS 13 | .EXTERNALSCRIPTDEPENDENCIES 14 | .RELEASENOTES 15 | #> 16 | 17 | <# 18 | .DESCRIPTION 19 | Lets you extend/Increase the OS Drive Partition Size for any Windows based Machine. 20 | #> 21 | 22 | <# 23 | .SYNOPSIS 24 | Lets you extend/Increase the OS Drive Partition Size for any Windows based Machine. 25 | 26 | .DESCRIPTION 27 | This script lets you extend/Increase the OS Drive Partition size for any Windows based Machine by adding the entire 28 | unallocated space available on the OS Disk, if any. This script is particularly useful for extending the OS Drive 29 | partition for Windows based Azure VM's, after the VM OS Disk size has been Increased from outside the VM using 30 | PowerShell or Azure Portal. This is so because the Increase in size done for the VM OS Disk from outside does not 31 | automatically get added to the OS Drive partition, and shows as unallocated space on the OS Disk of the VM. You will 32 | have to manually extend the OS Drive partition from within the VM OS to add the unallocated space to the OS 33 | partition. This script helps to automate the same process end-to-end. You need to be already logged into your Azure 34 | account through PowerShell before calling this script. 35 | 36 | .EXAMPLE 37 | .\Extend-WinOSDiskSize.ps1 38 | 39 | .Notes 40 | Author: Arjun Bahree 41 | E-mail: arjun.bahree@gmail.com 42 | Creation Date: 28/Dec/2017 43 | Last Revision Date: 28/Dec/2017 44 | Development Environment: VS Code IDE 45 | PS Version: 5.1 46 | Platform: Windows 47 | #> 48 | 49 | [CmdletBinding()] 50 | param () 51 | 52 | # Iterate through all the disks on the Windows machine 53 | foreach($disk in Get-Disk) 54 | { 55 | # Check if the disk in context is a Boot and System disk 56 | if((Get-Disk -Number $disk.number).IsBoot -And (Get-Disk -Number $disk.number).IsSystem) 57 | { 58 | # Get the drive letter assigned to the disk partition where OS is installed 59 | $driveLetter = (Get-Partition -DiskNumber $disk.Number | where {$_.DriveLetter}).DriveLetter 60 | Write-verbose "Current OS Drive: $driveLetter :\" 61 | 62 | # Get current size of the OS parition on the Disk 63 | $currentOSDiskSize = (Get-Partition -DriveLetter $driveLetter).Size 64 | Write-verbose "Current OS Partition Size: $currentOSDiskSize" 65 | 66 | # Get Partition Number of the OS partition on the Disk 67 | $partitionNum = (Get-Partition -DriveLetter $driveLetter).PartitionNumber 68 | Write-verbose "Current OS Partition Number: $partitionNum" 69 | 70 | # Get the available unallocated disk space size 71 | $unallocatedDiskSize = (Get-Disk -Number $disk.number).LargestFreeExtent 72 | Write-verbose "Total Unallocated Space Available: $unallocatedDiskSize" 73 | 74 | # Get the max allowed size for the OS Partition on the disk 75 | $allowedSize = (Get-PartitionSupportedSize -DiskNumber $disk.Number -PartitionNumber $partitionNum).SizeMax 76 | Write-verbose "Total Partition Size allowed: $allowedSize" 77 | 78 | if ($unallocatedDiskSize -gt 0 -And $unallocatedDiskSize -le $allowedSize) 79 | { 80 | $totalDiskSize = $allowedSize 81 | 82 | # Resize the OS Partition to Include the entire Unallocated disk space 83 | $resizeOp = Resize-Partition -DriveLetter C -Size $totalDiskSize 84 | Write-verbose "OS Drive Resize Completed $resizeOp" 85 | } 86 | else { 87 | Write-Verbose "There is no Unallocated space to extend OS Drive Partition size" 88 | } 89 | } 90 | } 91 | 92 | -------------------------------------------------------------------------------- /3.9/bin/expanddisk.ps1: -------------------------------------------------------------------------------- 1 | <#PSScriptInfo 2 | .VERSION 1.0.0 3 | .GUID e009159d-97e2-492a-a289-42426518dd41 4 | .AUTHOR Arjun Bahree 5 | .COMPANYNAME 6 | .COPYRIGHT 7 | .TAGS Windows PowerShell DiskPartition OSDisk 8 | .LICENSEURI https://github.com/bahreex/Bahree-PowerShell-Library/blob/master/LICENSE 9 | .PROJECTURI https://github.com/bahreex/Bahree-PowerShell-Library/tree/master/General 10 | .ICONURI 11 | .EXTERNALMODULEDEPENDENCIES 12 | .REQUIREDSCRIPTS 13 | .EXTERNALSCRIPTDEPENDENCIES 14 | .RELEASENOTES 15 | #> 16 | 17 | <# 18 | .DESCRIPTION 19 | Lets you extend/Increase the OS Drive Partition Size for any Windows based Machine. 20 | #> 21 | 22 | <# 23 | .SYNOPSIS 24 | Lets you extend/Increase the OS Drive Partition Size for any Windows based Machine. 25 | 26 | .DESCRIPTION 27 | This script lets you extend/Increase the OS Drive Partition size for any Windows based Machine by adding the entire 28 | unallocated space available on the OS Disk, if any. This script is particularly useful for extending the OS Drive 29 | partition for Windows based Azure VM's, after the VM OS Disk size has been Increased from outside the VM using 30 | PowerShell or Azure Portal. This is so because the Increase in size done for the VM OS Disk from outside does not 31 | automatically get added to the OS Drive partition, and shows as unallocated space on the OS Disk of the VM. You will 32 | have to manually extend the OS Drive partition from within the VM OS to add the unallocated space to the OS 33 | partition. This script helps to automate the same process end-to-end. You need to be already logged into your Azure 34 | account through PowerShell before calling this script. 35 | 36 | .EXAMPLE 37 | .\Extend-WinOSDiskSize.ps1 38 | 39 | .Notes 40 | Author: Arjun Bahree 41 | E-mail: arjun.bahree@gmail.com 42 | Creation Date: 28/Dec/2017 43 | Last Revision Date: 28/Dec/2017 44 | Development Environment: VS Code IDE 45 | PS Version: 5.1 46 | Platform: Windows 47 | #> 48 | 49 | [CmdletBinding()] 50 | param () 51 | 52 | # Iterate through all the disks on the Windows machine 53 | foreach($disk in Get-Disk) 54 | { 55 | # Check if the disk in context is a Boot and System disk 56 | if((Get-Disk -Number $disk.number).IsBoot -And (Get-Disk -Number $disk.number).IsSystem) 57 | { 58 | # Get the drive letter assigned to the disk partition where OS is installed 59 | $driveLetter = (Get-Partition -DiskNumber $disk.Number | where {$_.DriveLetter}).DriveLetter 60 | Write-verbose "Current OS Drive: $driveLetter :\" 61 | 62 | # Get current size of the OS parition on the Disk 63 | $currentOSDiskSize = (Get-Partition -DriveLetter $driveLetter).Size 64 | Write-verbose "Current OS Partition Size: $currentOSDiskSize" 65 | 66 | # Get Partition Number of the OS partition on the Disk 67 | $partitionNum = (Get-Partition -DriveLetter $driveLetter).PartitionNumber 68 | Write-verbose "Current OS Partition Number: $partitionNum" 69 | 70 | # Get the available unallocated disk space size 71 | $unallocatedDiskSize = (Get-Disk -Number $disk.number).LargestFreeExtent 72 | Write-verbose "Total Unallocated Space Available: $unallocatedDiskSize" 73 | 74 | # Get the max allowed size for the OS Partition on the disk 75 | $allowedSize = (Get-PartitionSupportedSize -DiskNumber $disk.Number -PartitionNumber $partitionNum).SizeMax 76 | Write-verbose "Total Partition Size allowed: $allowedSize" 77 | 78 | if ($unallocatedDiskSize -gt 0 -And $unallocatedDiskSize -le $allowedSize) 79 | { 80 | $totalDiskSize = $allowedSize 81 | 82 | # Resize the OS Partition to Include the entire Unallocated disk space 83 | $resizeOp = Resize-Partition -DriveLetter C -Size $totalDiskSize 84 | Write-verbose "OS Drive Resize Completed $resizeOp" 85 | } 86 | else { 87 | Write-Verbose "There is no Unallocated space to extend OS Drive Partition size" 88 | } 89 | } 90 | } 91 | 92 | -------------------------------------------------------------------------------- /3.11/bin/expand_disk.ps1: -------------------------------------------------------------------------------- 1 | <#PSScriptInfo 2 | .VERSION 1.0.0 3 | .GUID e009159d-97e2-492a-a289-42426518dd41 4 | .AUTHOR Arjun Bahree 5 | .COMPANYNAME 6 | .COPYRIGHT 7 | .TAGS Windows PowerShell DiskPartition OSDisk 8 | .LICENSEURI https://github.com/bahreex/Bahree-PowerShell-Library/blob/master/LICENSE 9 | .PROJECTURI https://github.com/bahreex/Bahree-PowerShell-Library/tree/master/General 10 | .ICONURI 11 | .EXTERNALMODULEDEPENDENCIES 12 | .REQUIREDSCRIPTS 13 | .EXTERNALSCRIPTDEPENDENCIES 14 | .RELEASENOTES 15 | #> 16 | 17 | <# 18 | .DESCRIPTION 19 | Lets you extend/Increase the OS Drive Partition Size for any Windows based Machine. 20 | #> 21 | 22 | <# 23 | .SYNOPSIS 24 | Lets you extend/Increase the OS Drive Partition Size for any Windows based Machine. 25 | 26 | .DESCRIPTION 27 | This script lets you extend/Increase the OS Drive Partition size for any Windows based Machine by adding the entire 28 | unallocated space available on the OS Disk, if any. This script is particularly useful for extending the OS Drive 29 | partition for Windows based Azure VM's, after the VM OS Disk size has been Increased from outside the VM using 30 | PowerShell or Azure Portal. This is so because the Increase in size done for the VM OS Disk from outside does not 31 | automatically get added to the OS Drive partition, and shows as unallocated space on the OS Disk of the VM. You will 32 | have to manually extend the OS Drive partition from within the VM OS to add the unallocated space to the OS 33 | partition. This script helps to automate the same process end-to-end. You need to be already logged into your Azure 34 | account through PowerShell before calling this script. 35 | 36 | .EXAMPLE 37 | .\Extend-WinOSDiskSize.ps1 38 | 39 | .Notes 40 | Author: Arjun Bahree 41 | E-mail: arjun.bahree@gmail.com 42 | Creation Date: 28/Dec/2017 43 | Last Revision Date: 28/Dec/2017 44 | Development Environment: VS Code IDE 45 | PS Version: 5.1 46 | Platform: Windows 47 | #> 48 | 49 | [CmdletBinding()] 50 | param () 51 | 52 | # Iterate through all the disks on the Windows machine 53 | foreach($disk in Get-Disk) 54 | { 55 | # Check if the disk in context is a Boot and System disk 56 | if((Get-Disk -Number $disk.number).IsBoot -And (Get-Disk -Number $disk.number).IsSystem) 57 | { 58 | # Get the drive letter assigned to the disk partition where OS is installed 59 | $driveLetter = (Get-Partition -DiskNumber $disk.Number | where {$_.DriveLetter}).DriveLetter 60 | Write-verbose "Current OS Drive: $driveLetter :\" 61 | 62 | # Get current size of the OS parition on the Disk 63 | $currentOSDiskSize = (Get-Partition -DriveLetter $driveLetter).Size 64 | Write-verbose "Current OS Partition Size: $currentOSDiskSize" 65 | 66 | # Get Partition Number of the OS partition on the Disk 67 | $partitionNum = (Get-Partition -DriveLetter $driveLetter).PartitionNumber 68 | Write-verbose "Current OS Partition Number: $partitionNum" 69 | 70 | # Get the available unallocated disk space size 71 | $unallocatedDiskSize = (Get-Disk -Number $disk.number).LargestFreeExtent 72 | Write-verbose "Total Unallocated Space Available: $unallocatedDiskSize" 73 | 74 | # Get the max allowed size for the OS Partition on the disk 75 | $allowedSize = (Get-PartitionSupportedSize -DiskNumber $disk.Number -PartitionNumber $partitionNum).SizeMax 76 | Write-verbose "Total Partition Size allowed: $allowedSize" 77 | 78 | if ($unallocatedDiskSize -gt 0 -And $unallocatedDiskSize -le $allowedSize) 79 | { 80 | $totalDiskSize = $allowedSize 81 | 82 | # Resize the OS Partition to Include the entire Unallocated disk space 83 | $resizeOp = Resize-Partition -DriveLetter C -Size $totalDiskSize 84 | Write-verbose "OS Drive Resize Completed $resizeOp" 85 | } 86 | else { 87 | Write-Verbose "There is no Unallocated space to extend OS Drive Partition size" 88 | } 89 | } 90 | } 91 | 92 | -------------------------------------------------------------------------------- /3.10/console-template.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: template.openshift.io/v1 2 | kind: Template 3 | metadata: 4 | name: openshift-web-console 5 | annotations: 6 | openshift.io/display-name: OpenShift Web Console 7 | description: The server for the OpenShift web console. 8 | iconClass: icon-openshift 9 | tags: openshift,infra 10 | openshift.io/documentation-url: https://github.com/openshift/origin-web-console-server 11 | openshift.io/support-url: https://access.redhat.com 12 | openshift.io/provider-display-name: Red Hat, Inc. 13 | parameters: 14 | - name: IMAGE 15 | value: registry.access.redhat.com/openshift3/ose-web-console:v3.9 16 | - name: OPENSHIFT_PULL_POLICY 17 | value: Always 18 | - name: NAMESPACE 19 | # This namespace cannot be changed. Only `openshift-web-console` is supported. 20 | value: openshift-web-console 21 | - name: LOGLEVEL 22 | value: "0" 23 | - name: API_SERVER_CONFIG 24 | - name: NODE_SELECTOR 25 | value: '{"node-role.kubernetes.io/master": "true"}' 26 | - name: REPLICA_COUNT 27 | value: "1" 28 | objects: 29 | 30 | # to create the web console server 31 | - apiVersion: apps/v1beta1 32 | kind: Deployment 33 | metadata: 34 | namespace: ${NAMESPACE} 35 | name: webconsole 36 | labels: 37 | app: openshift-web-console 38 | webconsole: "true" 39 | spec: 40 | replicas: "${{REPLICA_COUNT}}" 41 | strategy: 42 | type: Recreate 43 | template: 44 | metadata: 45 | name: webconsole 46 | labels: 47 | app: openshift-web-console 48 | webconsole: "true" 49 | spec: 50 | serviceAccountName: webconsole 51 | containers: 52 | - name: webconsole 53 | image: ${IMAGE} 54 | imagePullPolicy: ${OPENSHIFT_PULL_POLICY} 55 | command: 56 | - "/usr/bin/origin-web-console" 57 | - "--audit-log-path=-" 58 | - "-v=${LOGLEVEL}" 59 | - "--config=/var/webconsole-config/webconsole-config.yaml" 60 | ports: 61 | - containerPort: 8443 62 | volumeMounts: 63 | - mountPath: /var/serving-cert 64 | name: serving-cert 65 | - mountPath: /var/webconsole-config 66 | name: webconsole-config 67 | readinessProbe: 68 | httpGet: 69 | path: /healthz 70 | port: 8443 71 | scheme: HTTPS 72 | livenessProbe: 73 | exec: 74 | command: 75 | - /bin/sh 76 | - -c 77 | - |- 78 | if [[ ! -f /tmp/webconsole-config.hash ]]; then \ 79 | md5sum /var/webconsole-config/webconsole-config.yaml > /tmp/webconsole-config.hash; \ 80 | elif [[ $(md5sum /var/webconsole-config/webconsole-config.yaml) != $(cat /tmp/webconsole-config.hash) ]]; then \ 81 | echo 'webconsole-config.yaml has changed.'; \ 82 | exit 1; \ 83 | fi && curl -k -f https://0.0.0.0:8443/console/ 84 | resources: 85 | requests: 86 | cpu: 100m 87 | memory: 100Mi 88 | nodeSelector: "${{NODE_SELECTOR}}" 89 | volumes: 90 | - name: serving-cert 91 | secret: 92 | defaultMode: 400 93 | secretName: webconsole-serving-cert 94 | - name: webconsole-config 95 | configMap: 96 | defaultMode: 440 97 | name: webconsole-config 98 | 99 | # to create the config for the web console 100 | - apiVersion: v1 101 | kind: ConfigMap 102 | metadata: 103 | namespace: ${NAMESPACE} 104 | name: webconsole-config 105 | labels: 106 | app: openshift-web-console 107 | data: 108 | webconsole-config.yaml: ${API_SERVER_CONFIG} 109 | 110 | # to be able to assign powers to the process 111 | - apiVersion: v1 112 | kind: ServiceAccount 113 | metadata: 114 | namespace: ${NAMESPACE} 115 | name: webconsole 116 | labels: 117 | app: openshift-web-console 118 | 119 | # to be able to expose web console inside the cluster 120 | - apiVersion: v1 121 | kind: Service 122 | metadata: 123 | namespace: ${NAMESPACE} 124 | name: webconsole 125 | labels: 126 | app: openshift-web-console 127 | annotations: 128 | service.alpha.openshift.io/serving-cert-secret-name: webconsole-serving-cert 129 | prometheus.io/scrape: "true" 130 | prometheus.io/scheme: https 131 | spec: 132 | selector: 133 | webconsole: "true" 134 | ports: 135 | - name: https 136 | port: 443 137 | targetPort: 8443 138 | -------------------------------------------------------------------------------- /3.11/console-template.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: template.openshift.io/v1 2 | kind: Template 3 | metadata: 4 | name: openshift-web-console 5 | annotations: 6 | openshift.io/display-name: OpenShift Web Console 7 | description: The server for the OpenShift web console. 8 | iconClass: icon-openshift 9 | tags: openshift,infra 10 | openshift.io/documentation-url: https://github.com/openshift/origin-web-console-server 11 | openshift.io/support-url: https://access.redhat.com 12 | openshift.io/provider-display-name: Red Hat, Inc. 13 | parameters: 14 | - name: IMAGE 15 | value: registry.access.redhat.com/openshift3/ose-web-console:v3.9 16 | - name: OPENSHIFT_PULL_POLICY 17 | value: Always 18 | - name: NAMESPACE 19 | # This namespace cannot be changed. Only `openshift-web-console` is supported. 20 | value: openshift-web-console 21 | - name: LOGLEVEL 22 | value: "0" 23 | - name: API_SERVER_CONFIG 24 | - name: NODE_SELECTOR 25 | value: '{"node-role.kubernetes.io/master": "true"}' 26 | - name: REPLICA_COUNT 27 | value: "1" 28 | objects: 29 | 30 | # to create the web console server 31 | - apiVersion: apps/v1beta1 32 | kind: Deployment 33 | metadata: 34 | namespace: ${NAMESPACE} 35 | name: webconsole 36 | labels: 37 | app: openshift-web-console 38 | webconsole: "true" 39 | spec: 40 | replicas: "${{REPLICA_COUNT}}" 41 | strategy: 42 | type: Recreate 43 | template: 44 | metadata: 45 | name: webconsole 46 | labels: 47 | app: openshift-web-console 48 | webconsole: "true" 49 | spec: 50 | serviceAccountName: webconsole 51 | containers: 52 | - name: webconsole 53 | image: ${IMAGE} 54 | imagePullPolicy: ${OPENSHIFT_PULL_POLICY} 55 | command: 56 | - "/usr/bin/origin-web-console" 57 | - "--audit-log-path=-" 58 | - "-v=${LOGLEVEL}" 59 | - "--config=/var/webconsole-config/webconsole-config.yaml" 60 | ports: 61 | - containerPort: 8443 62 | volumeMounts: 63 | - mountPath: /var/serving-cert 64 | name: serving-cert 65 | - mountPath: /var/webconsole-config 66 | name: webconsole-config 67 | readinessProbe: 68 | httpGet: 69 | path: /healthz 70 | port: 8443 71 | scheme: HTTPS 72 | livenessProbe: 73 | exec: 74 | command: 75 | - /bin/sh 76 | - -c 77 | - |- 78 | if [[ ! -f /tmp/webconsole-config.hash ]]; then \ 79 | md5sum /var/webconsole-config/webconsole-config.yaml > /tmp/webconsole-config.hash; \ 80 | elif [[ $(md5sum /var/webconsole-config/webconsole-config.yaml) != $(cat /tmp/webconsole-config.hash) ]]; then \ 81 | echo 'webconsole-config.yaml has changed.'; \ 82 | exit 1; \ 83 | fi && curl -k -f https://0.0.0.0:8443/console/ 84 | resources: 85 | requests: 86 | cpu: 100m 87 | memory: 100Mi 88 | nodeSelector: "${{NODE_SELECTOR}}" 89 | volumes: 90 | - name: serving-cert 91 | secret: 92 | defaultMode: 400 93 | secretName: webconsole-serving-cert 94 | - name: webconsole-config 95 | configMap: 96 | defaultMode: 440 97 | name: webconsole-config 98 | 99 | # to create the config for the web console 100 | - apiVersion: v1 101 | kind: ConfigMap 102 | metadata: 103 | namespace: ${NAMESPACE} 104 | name: webconsole-config 105 | labels: 106 | app: openshift-web-console 107 | data: 108 | webconsole-config.yaml: ${API_SERVER_CONFIG} 109 | 110 | # to be able to assign powers to the process 111 | - apiVersion: v1 112 | kind: ServiceAccount 113 | metadata: 114 | namespace: ${NAMESPACE} 115 | name: webconsole 116 | labels: 117 | app: openshift-web-console 118 | 119 | # to be able to expose web console inside the cluster 120 | - apiVersion: v1 121 | kind: Service 122 | metadata: 123 | namespace: ${NAMESPACE} 124 | name: webconsole 125 | labels: 126 | app: openshift-web-console 127 | annotations: 128 | service.alpha.openshift.io/serving-cert-secret-name: webconsole-serving-cert 129 | prometheus.io/scrape: "true" 130 | prometheus.io/scheme: https 131 | spec: 132 | selector: 133 | webconsole: "true" 134 | ports: 135 | - name: https 136 | port: 443 137 | targetPort: 8443 138 | -------------------------------------------------------------------------------- /3.9/console-template.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: template.openshift.io/v1 2 | kind: Template 3 | metadata: 4 | name: openshift-web-console 5 | annotations: 6 | openshift.io/display-name: OpenShift Web Console 7 | description: The server for the OpenShift web console. 8 | iconClass: icon-openshift 9 | tags: openshift,infra 10 | openshift.io/documentation-url: https://github.com/openshift/origin-web-console-server 11 | openshift.io/support-url: https://access.redhat.com 12 | openshift.io/provider-display-name: Red Hat, Inc. 13 | parameters: 14 | - name: IMAGE 15 | value: registry.access.redhat.com/openshift3/ose-web-console:v3.9 16 | - name: OPENSHIFT_PULL_POLICY 17 | value: Always 18 | - name: NAMESPACE 19 | # This namespace cannot be changed. Only `openshift-web-console` is supported. 20 | value: openshift-web-console 21 | - name: LOGLEVEL 22 | value: "0" 23 | - name: API_SERVER_CONFIG 24 | - name: NODE_SELECTOR 25 | value: '{"node-role.kubernetes.io/master": "true"}' 26 | - name: REPLICA_COUNT 27 | value: "1" 28 | objects: 29 | 30 | # to create the web console server 31 | - apiVersion: apps/v1beta1 32 | kind: Deployment 33 | metadata: 34 | namespace: ${NAMESPACE} 35 | name: webconsole 36 | labels: 37 | app: openshift-web-console 38 | webconsole: "true" 39 | spec: 40 | replicas: "${{REPLICA_COUNT}}" 41 | strategy: 42 | type: Recreate 43 | template: 44 | metadata: 45 | name: webconsole 46 | labels: 47 | app: openshift-web-console 48 | webconsole: "true" 49 | spec: 50 | serviceAccountName: webconsole 51 | containers: 52 | - name: webconsole 53 | image: ${IMAGE} 54 | imagePullPolicy: ${OPENSHIFT_PULL_POLICY} 55 | command: 56 | - "/usr/bin/origin-web-console" 57 | - "--audit-log-path=-" 58 | - "-v=${LOGLEVEL}" 59 | - "--config=/var/webconsole-config/webconsole-config.yaml" 60 | ports: 61 | - containerPort: 8443 62 | volumeMounts: 63 | - mountPath: /var/serving-cert 64 | name: serving-cert 65 | - mountPath: /var/webconsole-config 66 | name: webconsole-config 67 | readinessProbe: 68 | httpGet: 69 | path: /healthz 70 | port: 8443 71 | scheme: HTTPS 72 | livenessProbe: 73 | exec: 74 | command: 75 | - /bin/sh 76 | - -c 77 | - |- 78 | if [[ ! -f /tmp/webconsole-config.hash ]]; then \ 79 | md5sum /var/webconsole-config/webconsole-config.yaml > /tmp/webconsole-config.hash; \ 80 | elif [[ $(md5sum /var/webconsole-config/webconsole-config.yaml) != $(cat /tmp/webconsole-config.hash) ]]; then \ 81 | echo 'webconsole-config.yaml has changed.'; \ 82 | exit 1; \ 83 | fi && curl -k -f https://0.0.0.0:8443/console/ 84 | resources: 85 | requests: 86 | cpu: 100m 87 | memory: 100Mi 88 | nodeSelector: "${{NODE_SELECTOR}}" 89 | volumes: 90 | - name: serving-cert 91 | secret: 92 | defaultMode: 400 93 | secretName: webconsole-serving-cert 94 | - name: webconsole-config 95 | configMap: 96 | defaultMode: 440 97 | name: webconsole-config 98 | 99 | # to create the config for the web console 100 | - apiVersion: v1 101 | kind: ConfigMap 102 | metadata: 103 | namespace: ${NAMESPACE} 104 | name: webconsole-config 105 | labels: 106 | app: openshift-web-console 107 | data: 108 | webconsole-config.yaml: ${API_SERVER_CONFIG} 109 | 110 | # to be able to assign powers to the process 111 | - apiVersion: v1 112 | kind: ServiceAccount 113 | metadata: 114 | namespace: ${NAMESPACE} 115 | name: webconsole 116 | labels: 117 | app: openshift-web-console 118 | 119 | # to be able to expose web console inside the cluster 120 | - apiVersion: v1 121 | kind: Service 122 | metadata: 123 | namespace: ${NAMESPACE} 124 | name: webconsole 125 | labels: 126 | app: openshift-web-console 127 | annotations: 128 | service.alpha.openshift.io/serving-cert-secret-name: webconsole-serving-cert 129 | prometheus.io/scrape: "true" 130 | prometheus.io/scheme: https 131 | spec: 132 | selector: 133 | webconsole: "true" 134 | ports: 135 | - name: https 136 | port: 443 137 | targetPort: 8443 138 | -------------------------------------------------------------------------------- /3.10/ovn_presetup.yml: -------------------------------------------------------------------------------- 1 | - hosts: localhost 2 | become: yes 3 | become_user: root 4 | tasks: 5 | - name: Install go 6 | yum: 7 | name: golang 8 | enablerepo: rhel-7-server-optional-rpms 9 | - name: Install openshift clients 10 | yum: 11 | name: atomic-openshift-clients 12 | - name: Clear previous build if it exists 13 | file: path=~/ovn-kubernetes state=absent 14 | - name: Clone to ovn-kubernetes repo 15 | shell: git clone https://github.com/openvswitch/ovn-kubernetes ~/ovn-kubernetes 16 | - name: Create destination directory 17 | file: path=/opt/cni/bin state=directory 18 | - name: Create the ovn-kubernetes directory 19 | file: path=~/ovn-kubernetes state=directory 20 | - name: Build The Controller (Linux) 21 | shell: cd ~/ovn-kubernetes;cd go-controller;make;make install 22 | - name: Build The Controller (Windows) 23 | shell: cd ~/ovn-kubernetes;cd go-controller;make clean;make windows 24 | - name: Create directory for cni plugins 25 | file: path=/tmp/cniplugin state=directory 26 | - name: Get cni plugins 27 | shell: wget -q https://github.com/containernetworking/plugins/releases/download/v0.7.1/cni-plugins-amd64-v0.7.1.tgz; tar xvzf cni-plugins-amd64-v0.7.1.tgz -C /tmp/cniplugin 28 | - hosts: nodes 29 | become: yes 30 | become_user: root 31 | tasks: 32 | - name: Create /opt/cni/bin 33 | file: path=/opt/cni/bin state=directory 34 | - name: Create openvswitch /etc directory 35 | file: path=/etc/openvswitch state=directory 36 | - name: Push the ovn-k8s-cni-overlay to all nodes 37 | copy: 38 | src: /opt/cni/bin/ovn-k8s-cni-overlay 39 | dest: /opt/cni/bin/ovn-k8s-cni-overlay 40 | mode: u+rwx 41 | - name: Push the ovnkube to all nodes 42 | copy: 43 | src: /usr/bin/ovnkube 44 | dest: /usr/bin/ovnkube 45 | mode: u+rwx 46 | - name: Push the cni loopback plugin to all nodes 47 | copy: 48 | src: /tmp/cniplugin/loopback 49 | dest: /opt/cni/bin/loopback 50 | mode: u+rwx 51 | - name: Create destination directory 52 | file: path=/etc/cni/net.d state=directory 53 | - name: Create cni config 54 | copy: 55 | dest: /etc/cni/net.d/10-ovn-kubernetes.conf 56 | content: | 57 | {"name":"ovn-kubernetes", "type":"ovn-k8s-cni-overlay"} 58 | - hosts: nodes 59 | become: yes 60 | become_user: root 61 | tasks: 62 | - name: Remove openvswitch existing 63 | shell: yum -y remove openvswitch 64 | - name: Remove openvswitch existing - Common 65 | shell: yum -y remove openvswitch-ovn-common 66 | - name: Remove openvswitch existing - Central 67 | shell: yum -y remove openvswitch-ovn-central 68 | - name: Remove openvswitch existing - ovn-host 69 | shell: yum -y remove openvswitch-ovn-host 70 | - name: install upstream openvswitch 2.7 71 | shell: rpm --replacepkgs -i http://cbs.centos.org/kojifiles/packages/openvswitch/2.7.0/1.el7/x86_64/openvswitch-2.7.0-1.el7.x86_64.rpm 72 | - name: Install ovn common 73 | shell: rpm -i http://cbs.centos.org/kojifiles/packages/openvswitch/2.7.0/1.el7/x86_64/openvswitch-ovn-common-2.7.0-1.el7.x86_64.rpm 74 | - name: install ovn central 75 | shell: rpm -i http://cbs.centos.org/kojifiles/packages/openvswitch/2.7.0/1.el7/x86_64/openvswitch-ovn-central-2.7.0-1.el7.x86_64.rpm 76 | - name: Install ovn host 77 | shell: rpm -i http://cbs.centos.org/kojifiles/packages/openvswitch/2.7.0/1.el7/x86_64/openvswitch-ovn-host-2.7.0-1.el7.x86_64.rpm 78 | - name: Install python-openvswitch 79 | shell: yum -y install python-openvswitch 80 | - name: Install ovn docker 81 | shell: rpm -i http://cbs.centos.org/kojifiles/packages/openvswitch/2.7.0/1.el7/x86_64/openvswitch-ovn-docker-2.7.0-1.el7.x86_64.rpm 82 | - name: Install ovn vtep 83 | shell: rpm -i http://cbs.centos.org/kojifiles/packages/openvswitch/2.7.0/1.el7/x86_64/openvswitch-ovn-vtep-2.7.0-1.el7.x86_64.rpm 84 | - name: Install ovn devel 85 | shell: rpm --replacepkgs -i http://cbs.centos.org/kojifiles/packages/openvswitch/2.7.0/1.el7/x86_64/openvswitch-devel-2.7.0-1.el7.x86_64.rpm 86 | - name: Clear any previous ovn-kubernetes-master.sh 87 | file: path=/usr/local/bin/ovn-kubernetes-master.sh state=absent 88 | - name: open firewall 6641 89 | shell: iptables -A OS_FIREWALL_ALLOW -p tcp -m state --state NEW -m tcp --dport 6641 -j ACCEPT 90 | - name: open firewall 6642 91 | shell: iptables -A OS_FIREWALL_ALLOW -p tcp -m state --state NEW -m tcp --dport 6642 -j ACCEPT 92 | - name: open firewall 6081 93 | shell: iptables -A OS_FIREWALL_ALLOW -p udp -m state --state NEW -m udp --dport 6081 -j ACCEPT 94 | - name: Save iptables rules 95 | shell: service iptables save 96 | - hosts: masters 97 | become: yes 98 | become_user: root 99 | tasks: 100 | - name: Create destination directory 101 | file: path=/etc/cni/net.d state=directory 102 | - name: Create cni config 103 | copy: 104 | dest: /etc/cni/net.d/10-ovn-kubernetes.conf 105 | content: | 106 | {"name":"ovn-kubernetes", "type":"ovn-k8s-cni-overlay"} 107 | -------------------------------------------------------------------------------- /3.9/ovn_presetup.yml: -------------------------------------------------------------------------------- 1 | - hosts: localhost 2 | become: yes 3 | become_user: root 4 | tasks: 5 | - name: Install go 6 | yum: 7 | name: golang 8 | enablerepo: rhel-7-server-optional-rpms 9 | - name: Install openshift clients 10 | yum: 11 | name: atomic-openshift-clients 12 | - name: Clear previous build if it exists 13 | file: path=~/ovn-kubernetes state=absent 14 | - name: Clone to ovn-kubernetes repo 15 | shell: git clone https://github.com/openvswitch/ovn-kubernetes ~/ovn-kubernetes 16 | - name: Create destination directory 17 | file: path=/opt/cni/bin state=directory 18 | - name: Create the ovn-kubernetes directory 19 | file: path=~/ovn-kubernetes state=directory 20 | - name: Build The Controller (Linux) 21 | shell: cd ~/ovn-kubernetes;cd go-controller;make;make install 22 | - name: Build The Controller (Windows) 23 | shell: cd ~/ovn-kubernetes;cd go-controller;make clean;make windows 24 | - name: Create directory for cni plugins 25 | file: path=/tmp/cniplugin state=directory 26 | - name: Get cni plugins 27 | shell: wget -q https://github.com/containernetworking/plugins/releases/download/v0.7.1/cni-plugins-amd64-v0.7.1.tgz; tar xvzf cni-plugins-amd64-v0.7.1.tgz -C /tmp/cniplugin 28 | - hosts: nodes 29 | become: yes 30 | become_user: root 31 | tasks: 32 | - name: Create /opt/cni/bin 33 | file: path=/opt/cni/bin state=directory 34 | - name: Create openvswitch /etc directory 35 | file: path=/etc/openvswitch state=directory 36 | - name: Push the ovn-k8s-cni-overlay to all nodes 37 | copy: 38 | src: /opt/cni/bin/ovn-k8s-cni-overlay 39 | dest: /opt/cni/bin/ovn-k8s-cni-overlay 40 | mode: u+rwx 41 | - name: Push the ovnkube to all nodes 42 | copy: 43 | src: /usr/bin/ovnkube 44 | dest: /usr/bin/ovnkube 45 | mode: u+rwx 46 | - name: Push the cni loopback plugin to all nodes 47 | copy: 48 | src: /tmp/cniplugin/loopback 49 | dest: /opt/cni/bin/loopback 50 | mode: u+rwx 51 | - name: Create destination directory 52 | file: path=/etc/cni/net.d state=directory 53 | - name: Create cni config 54 | copy: 55 | dest: /etc/cni/net.d/10-ovn-kubernetes.conf 56 | content: | 57 | {"name":"ovn-kubernetes", "type":"ovn-k8s-cni-overlay"} 58 | - hosts: nodes 59 | become: yes 60 | become_user: root 61 | tasks: 62 | - name: Remove openvswitch existing 63 | shell: yum -y remove openvswitch 64 | - name: Remove openvswitch existing - Common 65 | shell: yum -y remove openvswitch-ovn-common 66 | - name: Remove openvswitch existing - Central 67 | shell: yum -y remove openvswitch-ovn-central 68 | - name: Remove openvswitch existing - ovn-host 69 | shell: yum -y remove openvswitch-ovn-host 70 | - name: install upstream openvswitch 2.7 71 | shell: rpm --replacepkgs -i http://cbs.centos.org/kojifiles/packages/openvswitch/2.7.0/1.el7/x86_64/openvswitch-2.7.0-1.el7.x86_64.rpm 72 | - name: Install ovn common 73 | shell: rpm -i http://cbs.centos.org/kojifiles/packages/openvswitch/2.7.0/1.el7/x86_64/openvswitch-ovn-common-2.7.0-1.el7.x86_64.rpm 74 | - name: install ovn central 75 | shell: rpm -i http://cbs.centos.org/kojifiles/packages/openvswitch/2.7.0/1.el7/x86_64/openvswitch-ovn-central-2.7.0-1.el7.x86_64.rpm 76 | - name: Install ovn host 77 | shell: rpm -i http://cbs.centos.org/kojifiles/packages/openvswitch/2.7.0/1.el7/x86_64/openvswitch-ovn-host-2.7.0-1.el7.x86_64.rpm 78 | - name: Install python-openvswitch 79 | shell: yum -y install python-openvswitch 80 | - name: Install ovn docker 81 | shell: rpm -i http://cbs.centos.org/kojifiles/packages/openvswitch/2.7.0/1.el7/x86_64/openvswitch-ovn-docker-2.7.0-1.el7.x86_64.rpm 82 | - name: Install ovn vtep 83 | shell: rpm -i http://cbs.centos.org/kojifiles/packages/openvswitch/2.7.0/1.el7/x86_64/openvswitch-ovn-vtep-2.7.0-1.el7.x86_64.rpm 84 | - name: Install ovn devel 85 | shell: rpm --replacepkgs -i http://cbs.centos.org/kojifiles/packages/openvswitch/2.7.0/1.el7/x86_64/openvswitch-devel-2.7.0-1.el7.x86_64.rpm 86 | - name: Clear any previous ovn-kubernetes-master.sh 87 | file: path=/usr/local/bin/ovn-kubernetes-master.sh state=absent 88 | - name: open firewall 6641 89 | shell: iptables -A OS_FIREWALL_ALLOW -p tcp -m state --state NEW -m tcp --dport 6641 -j ACCEPT 90 | - name: open firewall 6642 91 | shell: iptables -A OS_FIREWALL_ALLOW -p tcp -m state --state NEW -m tcp --dport 6642 -j ACCEPT 92 | - name: open firewall 6081 93 | shell: iptables -A OS_FIREWALL_ALLOW -p udp -m state --state NEW -m udp --dport 6081 -j ACCEPT 94 | - name: Save iptables rules 95 | shell: service iptables save 96 | - hosts: masters 97 | become: yes 98 | become_user: root 99 | tasks: 100 | - name: Create destination directory 101 | file: path=/etc/cni/net.d state=directory 102 | - name: Create cni config 103 | copy: 104 | dest: /etc/cni/net.d/10-ovn-kubernetes.conf 105 | content: | 106 | {"name":"ovn-kubernetes", "type":"ovn-k8s-cni-overlay"} 107 | -------------------------------------------------------------------------------- /3.9/bin/archive/start.ps1: -------------------------------------------------------------------------------- 1 | Param( 2 | [parameter(Mandatory = $false)] $clusterCIDR="192.168.0.0/16", 3 | [parameter(Mandatory = $true)] $ManagementIP 4 | ) 5 | 6 | function DownloadFileOverHttps() 7 | { 8 | param( 9 | [parameter(Mandatory = $true)] $Url, 10 | [parameter(Mandatory = $true)] $DestinationPath 11 | ) 12 | 13 | if (Test-Path $DestinationPath) 14 | { 15 | Write-Host "File $DestinationPath already exists." 16 | return 17 | } 18 | 19 | $secureProtocols = @() 20 | $insecureProtocols = @([System.Net.SecurityProtocolType]::SystemDefault, [System.Net.SecurityProtocolType]::Ssl3) 21 | 22 | foreach ($protocol in [System.Enum]::GetValues([System.Net.SecurityProtocolType])) 23 | { 24 | if ($insecureProtocols -notcontains $protocol) 25 | { 26 | $secureProtocols += $protocol 27 | } 28 | } 29 | [System.Net.ServicePointManager]::SecurityProtocol = $secureProtocols 30 | 31 | try { 32 | curl $Url -UseBasicParsing -OutFile $DestinationPath -Verbose 33 | Write-Log "Downloaded $Url=>$DestinationPath" 34 | } catch { 35 | Write-Error "Failed to download $Url" 36 | } 37 | } 38 | 39 | function DownloadFlannelBinaries() 40 | { 41 | DownloadFileOverHttps -Url "https://github.com/Microsoft/SDN/raw/master/Kubernetes/flannel/l2bridge/flanneld.exe" -DestinationPath c:\flannel\flanneld.exe 42 | } 43 | 44 | function DownloadCniBinaries() 45 | { 46 | Write-Host "Downloading CNI binaries" 47 | DownloadFlannelBinaries 48 | md $BaseDir\cni -ErrorAction Ignore 49 | DownloadFileOverHttps -Url "https://github.com/Microsoft/SDN/raw/master/Kubernetes/flannel/l2bridge/cni/config/cni.conf" -DestinationPath $BaseDir\cni\config\cni.conf 50 | DownloadFileOverHttps -Url "https://github.com/Microsoft/SDN/raw/master/Kubernetes/flannel/l2bridge/cni/l2bridge.exe" -DestinationPath $BaseDir\cni\l2bridge.exe 51 | DownloadFileOverHttps -Url "https://github.com/Microsoft/SDN/raw/master/Kubernetes/flannel/l2bridge/cni/flannel.exe" -DestinationPath $BaseDir\cni\flannel.exe 52 | DownloadFileOverHttps -Url "https://github.com/Microsoft/SDN/raw/master/Kubernetes/flannel/l2bridge/cni/host-local.exe" -DestinationPath $BaseDir\cni\host-local.exe 53 | DownloadFileOverHttps -Url "https://github.com/Microsoft/SDN/raw/master/Kubernetes/flannel/l2bridge/net-conf.json" -DestinationPath C:\etc\kube-flannel\net-conf.json 54 | } 55 | 56 | function DownloadWindowsKubernetesScripts() 57 | { 58 | Write-Host "Downloading Windows Kubernetes scripts" 59 | DownloadFileOverHttps -Url https://github.com/Microsoft/SDN/raw/master/Kubernetes/windows/hns.psm1 -DestinationPath $BaseDir\hns.psm1 60 | DownloadFileOverHttps -Url https://github.com/Microsoft/SDN/raw/master/Kubernetes/windows/InstallImages.ps1 -DestinationPath $BaseDir\InstallImages.ps1 61 | DownloadFileOverHttps -Url https://github.com/Microsoft/SDN/raw/master/Kubernetes/windows/Dockerfile -DestinationPath $BaseDir\Dockerfile 62 | DownloadFileOverHttps -Url https://github.com/Microsoft/SDN/raw/master/Kubernetes/windows/stop.ps1 -DestinationPath $BaseDir\stop.ps1 63 | DownloadFileOverHttps -Url https://github.com/Microsoft/SDN/raw/master/Kubernetes/flannel/l2bridge/start-kubelet.ps1 -DestinationPath $BaseDir\start-Kubelet.ps1 64 | DownloadFileOverHttps -Url https://github.com/Microsoft/SDN/raw/master/Kubernetes/flannel/l2bridge/start-kubeproxy.ps1 -DestinationPath $BaseDir\start-Kubeproxy.ps1 65 | } 66 | 67 | function DownloadAllFiles() 68 | { 69 | DownloadCniBinaries 70 | DownloadWindowsKubernetesScripts 71 | } 72 | 73 | function StartFlanneld($ipaddress) 74 | { 75 | CleanupOldNetwork 76 | 77 | # Start FlannelD, which would recreate the network. 78 | # Expect disruption in node connectivity for few seconds 79 | pushd 80 | cd C:\flannel\ 81 | [Environment]::SetEnvironmentVariable("NODE_NAME", (hostname).ToLower()) 82 | start C:\flannel\flanneld.exe -ArgumentList "--kubeconfig-file=C:\k\config --iface=$ipaddress --ip-masq=1 --kube-subnet-mgr=1" # -NoNewWindow 83 | popd 84 | 85 | # Wait till the network is available 86 | while( !(Get-HnsNetwork -Verbose | ? Type -EQ $NetworkMode.ToLower()) ) 87 | { 88 | Write-Host "Waiting for the Network to be created" 89 | Start-Sleep 10 90 | } 91 | } 92 | 93 | function CleanupOldNetwork() 94 | { 95 | $hnsNetwork = Get-HnsNetwork | ? Type -EQ $NetworkMode.ToLower() 96 | 97 | if ($hnsNetwork) 98 | { 99 | # Cleanup all containers 100 | docker ps -q | foreach {docker rm $_ -f} 101 | 102 | Write-Host "Cleaning up old HNS network found" 103 | Remove-HnsNetwork $hnsNetwork 104 | } 105 | Start-Sleep 10 106 | } 107 | 108 | $BaseDir = "c:\k" 109 | md $BaseDir -ErrorAction Ignore 110 | # Download All the files 111 | DownloadAllFiles 112 | 113 | # Prepare POD infra Images 114 | start powershell $BaseDir\InstallImages.ps1 115 | 116 | # Prepare Network & Start Infra services 117 | $NetworkMode = "L2Bridge" 118 | $NetworkName = "cbr0" 119 | 120 | powershell $BaseDir\start-kubelet.ps1 -RegisterOnly 121 | 122 | 123 | StartFlanneld $ManagementIP 124 | 125 | Start powershell -ArgumentList "-File $BaseDir\start-kubelet.ps1 -clusterCIDR $clusterCIDR -NetworkName $NetworkName" 126 | Start-Sleep 10 127 | start powershell -ArgumentList " -File $BaseDir\start-kubeproxy.ps1 -NetworkName $NetworkName" 128 | -------------------------------------------------------------------------------- /kvm/readme.md: -------------------------------------------------------------------------------- 1 | # kvm tools for testing openshift-windows 2 | ## Packet.net setup 3 | Create a new c2.medium.x86 instance and choose centos7. During the create dialog, make sure to increase the number of ip's by going to the ssh-and-user-data tab 4 | and choose /28 subnet 5 | 6 | ## KVM Setup on Centos 7 7 | This is designed for use on Packet.Net EpyC Hardware as a service 8 | yum install -y qemu-kvm qemu-img virt-manager libvirt libvirt-python libvirt-client virt-install virt-viewer bridge-utils 9 | yum install -y "@X Window System" xorg-x11-xauth xorg-x11-fonts-* xorg-x11-utils -y 10 | yum install -y dhcp 11 | 12 | Execute: 13 | systemctl start libvirtd 14 | systemctl enable libvirtd 15 | rmmod kvm-amd 16 | cp etc/modprobe.d/dist.conf /etc/modprobe.d/ 17 | modprobe kvm-amd 18 | 19 | To verify nested virt is enable: 20 | cat /sys/module/kvm_amd/parameters/nested 21 | 22 | virt-manager 23 | Right click on the qemu/kvm and delete the default network 24 | 25 | ## Setup the bonded bridge 26 | Edit the bond0 ifcfg 27 | /etc/sysconfig/network-scripts/ifcfg-bond0 (Example in: etc/sysconfig/network-scripts/ifcfg-bond0) 28 | 29 | Add the Bridge 30 | brctl addif br0 bond0 31 | brctl show 32 | 33 | Example: 34 | [root@kvm kvm]# brctl show 35 | bridge name bridge id STP enabled interfaces 36 | br0 8000.ec0d9abf3d58 no bond0 37 | vnet0 38 | 39 | ## Setup dhcp 40 | Add dhcp support to host for packet.net range 41 | Example: etc/dhcp/dhcpd.conf 42 | 43 | 44 | ## Verify nested virt in guest vm 45 | ssh into guest vm, and use lsmod, and lscpu to verify nested virt 46 | 47 | [root@kvm kvm]# ssh root@openshift.ncc9.com 48 | The authenticity of host 'openshift.ncc9.com (147.75.109.147)' can't be established. 49 | ECDSA key fingerprint is SHA256:OcqRfBiWK1OncHR6DTDiBDSvLmlUfnwlUkH0UNFuOyc. 50 | ECDSA key fingerprint is MD5:18:4a:ef:05:71:75:42:40:f3:ff:9e:c5:cb:b5:6c:ef. 51 | Are you sure you want to continue connecting (yes/no)? yes 52 | Warning: Permanently added 'openshift.ncc9.com' (ECDSA) to the list of known hosts. 53 | root@openshift.ncc9.com's password: 54 | Last failed login: Fri Aug 3 18:33:30 EDT 2018 from 103.89.89.189 on ssh:notty 55 | There was 1 failed login attempt since the last successful login. 56 | Last login: Fri Aug 3 17:49:24 2018 from 75-139-7-79.dhcp.kgpt.tn.charter.com 57 | [root@openshift ~]# hostname 58 | openshift.ncc9.com 59 | [root@openshift ~]# lsmod | grep kvm 60 | kvm_amd 2176426 0 61 | kvm 578518 1 kvm_amd 62 | irqbypass 13503 1 kvm 63 | [root@openshift ~]# lscpu 64 | Architecture: x86_64 65 | CPU op-mode(s): 32-bit, 64-bit 66 | Byte Order: Little Endian 67 | CPU(s): 2 68 | On-line CPU(s) list: 0,1 69 | Thread(s) per core: 1 70 | Core(s) per socket: 1 71 | Socket(s): 2 72 | NUMA node(s): 1 73 | Vendor ID: AuthenticAMD 74 | CPU family: 23 75 | Model: 1 76 | Model name: AMD EPYC Processor (with IBPB) 77 | Stepping: 2 78 | CPU MHz: 1996.249 79 | BogoMIPS: 3992.49 80 | Virtualization: AMD-V 81 | Hypervisor vendor: KVM 82 | Virtualization type: full 83 | L1d cache: 64K 84 | L1i cache: 64K 85 | L2 cache: 512K 86 | NUMA node0 CPU(s): 0,1 87 | Flags: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 syscall nx mmxext fxsr_opt pdpe1gb lm art rep_good nopl extd_apicid eagerfpu pni pclmulqdq ssse3 fma cx16 sse4_1 sse4_2 movbe popcnt aes xsave avx f16c rdrand hypervisor lahf_lm cmp_legacy svm cr8_legacy abm sse4a misalignsse 3dnowprefetch osvw retpoline_amd vmmcall fsgsbase bmi1 avx2 smep bmi2 rdseed adx smap clflushopt sha_ni xsaveopt xsavec xgetbv1 ibpb arat 88 | [root@openshift ~]# 89 | 90 | 91 | ## Adding VirtIO Drivers 92 | virsh change-media win1709 hda /usr/share/virtio-win/virtio-win-0.1.149.iso 93 | 94 | 95 | ## Scripts 96 | 97 | ### restore-image.sh 98 | This allows the restore of a saved kvm image via azure using azcopy. Install azcopy first, before using the scripts. 99 | The blob acct must be set to restore the image 100 | 101 | [root@kvm kvm]# echo $BLOB_ACCT 102 | hybridkvm.blob.core.windows.net 103 | 104 | ### initialvm.sh - Use o rhel75 iso to install a rhel 75 image 105 | This script takes a rhel75 iso image of the complete os and creates a thin vm. Once its created, a subscription needs to be added, and any extranious rhn repos removed. 106 | It should be set up to use dhcp. 107 | 108 | ## Improving Perfomance 109 | Using virtio drivers will significantly improve perofmance in a kvm environment: 110 | 111 | wget https://fedorapeople.org/groups/virt/virtio-win/virtio-win.repo -O /etc/yum.repos.d/virtio-win.repo 112 | yum install virtio-win 113 | yum --enablerepo=virtio-win-latest upgrade virtio-win 114 | 115 | 116 | ## BUGS 117 | win2016 bsod install workaround 118 | 119 | https://gist.github.com/jorritfolmer/d01194a00f440ad257bd56d51baddc2d 120 | 121 | Extraneous messages: 122 | https://patchwork.kernel.org/patch/10048427/ 123 | Add supress_ignore_msrs_prints as well 124 | 125 | ## References: 126 | KVM Install 127 | https://www.linuxtechi.com/install-kvm-hypervisor-on-centos-7-and-rhel-7/ 128 | Cloning 129 | https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/virtualization_deployment_and_administration_guide/cloning-a-vm 130 | Nested Virt 131 | https://www.linuxtechi.com/enable-nested-virtualization-kvm-centos-7-rhel-7/ 132 | Windows 133 | https://medium.com/@piecritic/how-i-learned-to-stop-crying-and-install-windows-server-on-kvm-9e56fe1a8740 134 | Adding VirtIO to a existing Image 135 | https://easyengine.io/tutorials/kvm/enable-virtio-existing-vms/ 136 | 137 | 138 | -------------------------------------------------------------------------------- /3.11/standalone/multihost.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | if [ $# -ne 9 ] 3 | then echo;echo "allinone.sh ----- HELP ------";echo "allinone arguments required";echo "allinone.sh LinuxHostName WindowsHostName InternalDomain OpenShiftPublicURL AppPublicURL UserName Password";echo "allinone.sh openshift winnode01 ncc9.com openshift.ncc9.com apps.openshift.com glennswest SuperLamb1 rhnusername rhnpassword";exit 4 | fi 5 | 6 | set -f # avoid globbing (expansion of *). 7 | echo $1 8 | echo $2 9 | LinuxHostNames=(${1//,/ }) 10 | WindowsHostNames=(${2//,/ }) 11 | export InternalDomain=$3 12 | export OpenShiftPublicURL=$4 13 | export AppPublicURL=$5 14 | export theUserName=$6 15 | export thePassword=$7 16 | export rhnusername=$8 17 | export rhnpassword=$9 18 | export theRepo="https://github.com/openshift/openshift-windows" 19 | export AUSERNAME=$theUserName 20 | 21 | echo $0 "Starting" 22 | echo "Linux HostNames: " ${LinuxHostNames[@]} 23 | echo "Master HostName: " ${LinuxHostNames[0]} 24 | echo "Windows Hostnames: " ${WindowsHostNames[@]} 25 | echo "Internal Domain: " $InternalDomain 26 | echo "Openshift Public URL: " $OpenShiftPublicURL 27 | echo "App Public URL: " $AppPublicURL 28 | echo "User Name: " $theUserName 29 | echo "" > ./parameters.vars 30 | echo "---" >> ./parameters.vars 31 | echo "InternalDomain: " $InternalDomain >> ./parameters.vars 32 | echo "OpenShiftPublicURL: " $OpenShiftPublicURL >> ./parameters.vars 33 | echo "AppPublicURL: " $AppPublicURL >> ./parameters.vars 34 | echo "theUserName: " $theUserName >> ./parameters.vars 35 | echo "thePassword: " $thePassword >> ./parameters.vars 36 | echo "theRepo: " $theRepo >> ./parameters.vars 37 | 38 | mkdir /etc/ansible 39 | cp -f ./parameters.vars /etc/ansible 40 | 41 | yum install -y dnsmasq 42 | 43 | systemctl enable dnsmasq.service 44 | systemctl start dnsmasq.service 45 | 46 | swapoff -a 47 | 48 | subscription-manager repos --disable="*" 49 | subscription-manager repos --enable="rhel-7-server-rpms" \ 50 | --enable="rhel-7-server-extras-rpms" \ 51 | --enable="rhel-7-server-ose-3.11-rpms" \ 52 | --enable="rhel-7-server-ansible-2.6-rpms" 53 | yum -y update 54 | yum -y install gcc wget git net-tools atomic-openshift-utils git net-tools bind-utils iptables-services bridge-utils bash-completion httpd-tools nodejs qemu-img kexec-tools sos psacct docker-1.13.1 ansible libffi-devel yum-utils atomic-openshift-clients 55 | #yum install -y openshift-ansible 56 | git clone https://github.com/openshift/openshift-ansible.git ~/openshift-ansible 57 | cd ~/openshift-ansible 58 | git checkout release-3.11 59 | git pull 60 | cd ~ 61 | yum -y install PyYAML 62 | yum -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm 63 | yum-config-manager --disable epel 64 | yum -y install --enablerepo="epel" jq 65 | 66 | # Enable what is needed for windows nodes 67 | yum install -y python-dns 68 | yum -y install --enablerepo="epel" python-devel krb5-devel krb5-libs krb5-workstation python-kerberos python-setuptools 69 | yum -y install --enablerepo="epel" python-pip 70 | pip install "pywinrm>=0.2.2" 71 | pip install pywinrm[kerberos] 72 | 73 | 74 | 75 | cat < /etc/ansible/hosts 76 | [OSEv3:children] 77 | masters 78 | nodes 79 | etcd 80 | new_nodes 81 | new_masters 82 | 83 | [OSEv3:vars] 84 | oreg_auth_user=${rhnusername} 85 | oreg_auth_password=${rhnpassword} 86 | ansible_ssh_user=root 87 | openshift_use_openshift_sdn=false 88 | os_sdn_network_plugin_name=cni 89 | openshift_disable_check=memory_availability 90 | openshift_enable_service_catalog=false 91 | debug_level=2 92 | console_port=8443 93 | deployment_type=openshift-enterprise 94 | openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', 'challenge': 'true', 'kind': 'HTPasswdPasswordIdentityProvider'}] 95 | openshift_master_manage_htpasswd=false 96 | 97 | openshift_master_default_subdomain=$AppPublicURL 98 | openshift_use_dnsmasq=true 99 | openshift_master_cluster_public_hostname=$OpenShiftPublicURL 100 | 101 | osm_default_node_selector="node-role.kubernetes.io/compute=true" 102 | 103 | [masters] 104 | ${LinuxHostNames[0]}.$InternalDomain openshift_public_hostname=$OpenShiftPublicURL 105 | 106 | [etcd] 107 | ${LinuxHostNames[0]}.$InternalDomain 108 | 109 | [new_nodes] 110 | [new_masters] 111 | 112 | [nodes] 113 | ${LinuxHostNames[0]}.$InternalDomain openshift_public_hostname=$OpenShiftPublicURL openshift_node_group_name='node-config-all-in-one' 114 | EOF 115 | 116 | for i in "${LinuxHostNames[@]:1}"; do 117 | echo $i.$InternalDomain openshift_node_group_name='node-config-compute' >> /etc/ansible/hosts 118 | done 119 | 120 | cat <> /etc/ansible/hosts 121 | 122 | [windows] 123 | EOF 124 | 125 | for i in "${WindowsHostNames[@]}"; do 126 | echo $i.$InternalDomain >> /etc/ansible/hosts 127 | done 128 | 129 | 130 | cat < ~/postinstall.yml 131 | --- 132 | - hosts: masters 133 | vars: 134 | vars_files: 135 | - /etc/ansible/parameters.vars 136 | tasks: 137 | - name: Create Master Directory 138 | file: path=/etc/origin/master state=directory 139 | - name: add initial user to Red Hat OpenShift Container Platform 140 | shell: htpasswd -c -b /etc/origin/master/htpasswd ${theUserName} ${thePassword} 141 | 142 | EOF 143 | 144 | 145 | cat < ~/openshift-install.sh 146 | ansible-playbook ~/openshift-windows/3.11/standalone/multihost.yml 147 | ansible-playbook ~/openshift-ansible/playbooks/prerequisites.yml < /dev/null 148 | ansible-playbook ~/openshift-ansible/playbooks/deploy_cluster.yml < /dev/null || true 149 | ansible-playbook ~/postinstall.yml 150 | 151 | oc adm policy add-cluster-role-to-user cluster-admin ${theUserName} 152 | EOF 153 | 154 | 155 | chmod +x ~/openshift-install.sh 156 | ~/openshift-install.sh | tee openshift-install.out 157 | -------------------------------------------------------------------------------- /3.9/bin/archive/start-kubelet.ps1: -------------------------------------------------------------------------------- 1 | Param( 2 | $clusterCIDR="192.168.0.0/16", 3 | $NetworkName = "cbr0", 4 | [switch] $RegisterOnly 5 | ) 6 | 7 | $NetworkMode = "L2Bridge" 8 | # Todo : Get these values using kubectl 9 | $KubeDnsSuffix ="svc.cluster.local" 10 | $KubeDnsServiceIp="11.0.0.10" 11 | $serviceCIDR="11.0.0.0/8" 12 | 13 | $WorkingDir = "c:\k" 14 | $CNIPath = [Io.path]::Combine($WorkingDir , "cni") 15 | $CNIConfig = [Io.path]::Combine($CNIPath, "config", "cni.conf") 16 | 17 | $endpointName = "cbr0" 18 | $vnicName = "vEthernet ($endpointName)" 19 | 20 | 21 | function 22 | IsNodeRegistered() 23 | { 24 | c:\k\kubectl.exe --kubeconfig=c:\k\config get nodes/$($(hostname).ToLower()) 25 | return (!$LASTEXITCODE) 26 | } 27 | 28 | function 29 | RegisterNode() 30 | { 31 | if (!(IsNodeRegistered)) 32 | { 33 | $argList = @("--hostname-override=$(hostname)","--pod-infra-container-image=kubeletwin/pause","--resolv-conf=""""", "--kubeconfig=c:\k\config") 34 | $process = Start-Process -FilePath c:\k\kubelet.exe -PassThru -ArgumentList $argList 35 | 36 | # Wait till the 37 | while (!(IsNodeRegistered)) 38 | { 39 | Write-Host "waiting to discover node registration status" 40 | Start-Sleep -sec 1 41 | } 42 | 43 | $process | Stop-Process | Out-Null 44 | } 45 | } 46 | 47 | function 48 | Get-MgmtIpAddress() 49 | { 50 | return (Get-HnsNetwork | ? Name -EQ $NetworkName.ToLower()).ManagementIP 51 | } 52 | 53 | function 54 | ConvertTo-DecimalIP 55 | { 56 | param( 57 | [Parameter(Mandatory = $true, Position = 0)] 58 | [Net.IPAddress] $IPAddress 59 | ) 60 | $i = 3; $DecimalIP = 0; 61 | $IPAddress.GetAddressBytes() | % { 62 | $DecimalIP += $_ * [Math]::Pow(256, $i); $i-- 63 | } 64 | 65 | return [UInt32]$DecimalIP 66 | } 67 | 68 | function 69 | ConvertTo-DottedDecimalIP 70 | { 71 | param( 72 | [Parameter(Mandatory = $true, Position = 0)] 73 | [Uint32] $IPAddress 74 | ) 75 | 76 | $DottedIP = $(for ($i = 3; $i -gt -1; $i--) 77 | { 78 | $Remainder = $IPAddress % [Math]::Pow(256, $i) 79 | ($IPAddress - $Remainder) / [Math]::Pow(256, $i) 80 | $IPAddress = $Remainder 81 | }) 82 | 83 | return [String]::Join(".", $DottedIP) 84 | } 85 | 86 | function 87 | ConvertTo-MaskLength 88 | { 89 | param( 90 | [Parameter(Mandatory = $True, Position = 0)] 91 | [Net.IPAddress] $SubnetMask 92 | ) 93 | $Bits = "$($SubnetMask.GetAddressBytes() | % { 94 | [Convert]::ToString($_, 2) 95 | } )" -replace "[\s0]" 96 | return $Bits.Length 97 | } 98 | 99 | function 100 | Get-MgmtSubnet 101 | { 102 | $na = Get-NetAdapter | ? Name -Like "vEthernet (Ethernet*" 103 | if (!$na) { 104 | throw "Failed to find a suitable network adapter, check your network settings." 105 | } 106 | $addr = (Get-NetIPAddress -InterfaceAlias $na.ifAlias -AddressFamily IPv4).IPAddress 107 | $mask = (Get-WmiObject Win32_NetworkAdapterConfiguration | ? InterfaceIndex -eq $($na.ifIndex)).IPSubnet[0] 108 | $mgmtSubnet = (ConvertTo-DecimalIP $addr) -band (ConvertTo-DecimalIP $mask) 109 | $mgmtSubnet = ConvertTo-DottedDecimalIP $mgmtSubnet 110 | return "$mgmtSubnet/$(ConvertTo-MaskLength $mask)" 111 | } 112 | 113 | function 114 | Update-CNIConfig($podCIDR) 115 | { 116 | $jsonSampleConfig = '{ 117 | "cniVersion": "0.2.0", 118 | "name": "", 119 | "type": "flannel", 120 | "delegate": { 121 | "type": "l2bridge", 122 | "dns" : { 123 | "Nameservers" : [ "11.0.0.10" ], 124 | "Search": [ "svc.cluster.local" ] 125 | }, 126 | "AdditionalArgs" : [ 127 | { 128 | "Name" : "EndpointPolicy", "Value" : { "Type" : "OutBoundNAT", "ExceptionList": [ "", "", "" ] } 129 | }, 130 | { 131 | "Name" : "EndpointPolicy", "Value" : { "Type" : "ROUTE", "DestinationPrefix": "", "NeedEncap" : true } 132 | }, 133 | { 134 | "Name" : "EndpointPolicy", "Value" : { "Type" : "ROUTE", "DestinationPrefix": "/32", "NeedEncap" : true } 135 | } 136 | ] 137 | } 138 | }' 139 | #Add-Content -Path $CNIConfig -Value $jsonSampleConfig 140 | 141 | $configJson = ConvertFrom-Json $jsonSampleConfig 142 | $configJson.name = "cbr0" 143 | $configJson.delegate.dns.Nameservers[0] = $KubeDnsServiceIp 144 | $configJson.delegate.dns.Search[0] = $KubeDnsSuffix 145 | 146 | $configJson.delegate.AdditionalArgs[0].Value.ExceptionList[0] = $clusterCIDR 147 | $configJson.delegate.AdditionalArgs[0].Value.ExceptionList[1] = $serviceCIDR 148 | $configJson.delegate.AdditionalArgs[0].Value.ExceptionList[2] = Get-MgmtSubnet 149 | 150 | $configJson.delegate.AdditionalArgs[1].Value.DestinationPrefix = $serviceCIDR 151 | $configJson.delegate.AdditionalArgs[2].Value.DestinationPrefix = "$(Get-MgmtIpAddress)/32" 152 | 153 | if (Test-Path $CNIConfig) { 154 | Clear-Content -Path $CNIConfig 155 | } 156 | 157 | Write-Host "Generated CNI Config [$configJson]" 158 | 159 | Add-Content -Path $CNIConfig -Value (ConvertTo-Json $configJson -Depth 20) 160 | } 161 | 162 | if ($RegisterOnly.IsPresent) 163 | { 164 | RegisterNode 165 | exit 166 | } 167 | 168 | Update-CNIConfig $podCIDR 169 | 170 | c:\k\kubelet.exe --hostname-override=$(hostname) --v=6 ` 171 | --pod-infra-container-image=kubeletwin/pause --resolv-conf="" ` 172 | --allow-privileged=true --enable-debugging-handlers ` 173 | --cluster-dns=$KubeDnsServiceIp --cluster-domain=cluster.local ` 174 | --kubeconfig=c:\k\config --hairpin-mode=promiscuous-bridge ` 175 | --image-pull-progress-deadline=20m --cgroups-per-qos=false ` 176 | --enforce-node-allocatable="" ` 177 | --network-plugin=cni --cni-bin-dir="c:\k\cni" --cni-conf-dir "c:\k\cni\config" 178 | -------------------------------------------------------------------------------- /3.10/standalone/allinone.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | if [ $# -ne 7 ] 3 | then echo;echo "allinone.sh ----- HELP ------";echo "allinone arguments required";echo "allinone.sh LinuxHostName WindowsHostName InternalDomain OpenShiftPublicURL AppPublicURL UserName Password";echo "allinone.sh openshift winnode01 ncc9.com openshift.ncc9.com apps.openshift.com glennswest SuperLamb1";exit 4 | fi 5 | 6 | export LinuxHostName=$1 7 | export WindowsHostName=$2 8 | export InternalDomain=$3 9 | export OpenShiftPublicURL=$4 10 | export AppPublicURL=$5 11 | export theUserName=$6 12 | export thePassword=$7 13 | export theRepo="https://github.com/openshift/openshift-windows" 14 | export AUSERNAME=$theUserName 15 | export LinuxInternalIP=`nslookup $LinuxHostName | awk '/^Address: / { print $2 ; exit }'` 16 | export WindowsInternalIP=`nslookup $WindowsHostName | awk '/^Address: / { print $2 ; exit }'` 17 | export WindowsNicName="Ethernet0" 18 | 19 | echo $0 "Starting" 20 | echo "Linux Hostname: " $LinuxHostName 21 | echo "Windows Hostname: " $WindowsHostName 22 | echo "Internal Domain: " $InternalDomain 23 | echo "Openshift Public URL: " $OpenShiftPublicURL 24 | echo "App Public URL: " $AppPublicURL 25 | echo "User Name: " $theUserName 26 | echo "" > ./parameters.vars 27 | echo "---" >> ./parameters.vars 28 | echo "InternalDomain: " $InternalDomain >> ./parameters.vars 29 | echo "OpenShiftPublicURL: " $OpenShiftPublicURL >> ./parameters.vars 30 | echo "AppPublicURL: " $AppPublicURL >> ./parameters.vars 31 | echo "theUserName: " $theUserName >> ./parameters.vars 32 | echo "thePassword: " $thePassword >> ./parameters.vars 33 | echo "theRepo: " $theRepo >> ./parameters.vars 34 | echo "WindowsNicName: " $WindowsNicName >> ./parameters.vars 35 | 36 | mkdir /etc/ansible 37 | cp -f ./parameters.vars /etc/ansible 38 | 39 | yum install -y dnsmasq 40 | 41 | systemctl enable dnsmasq.service 42 | systemctl start dnsmasq.service 43 | 44 | swapoff -a 45 | 46 | subscription-manager repos --disable="*" 47 | subscription-manager repos --enable="rhel-7-server-rpms" --enable="rhel-7-server-extras-rpms" --enable="rhel-7-fast-datapath-rpms" --enable="rhel-7-server-ose-3.10-rpms" --enable="rhel-7-server-ansible-2.4-rpms" 48 | yum -y update 49 | yum -y install gcc wget git net-tools atomic-openshift-utils git net-tools bind-utils iptables-services bridge-utils bash-completion httpd-tools nodejs qemu-img kexec-tools sos psacct docker-1.13.1 ansible libffi-devel yum-utils 50 | #yum install -y openshift-ansible 51 | git clone https://github.com/openshift/openshift-ansible.git ~/openshift-ansible 52 | cd ~/openshift-ansible 53 | git checkout release-3.10 54 | git pull 55 | cd ~ 56 | yum -y install docker-1.13.1 57 | yum -y install PyYAML 58 | yum -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm 59 | yum-config-manager --disable epel 60 | yum -y install --enablerepo="epel" jq 61 | systemctl enable docker 62 | systemctl start docker 63 | 64 | # Enable what is needed for windows nodes 65 | yum install -y python-dns 66 | yum -y install --enablerepo="epel" python-devel krb5-devel krb5-libs krb5-workstation python-kerberos python-setuptools 67 | yum -y install --enablerepo="epel" python-pip 68 | pip install "pywinrm>=0.2.2" 69 | pip install pywinrm[kerberos] 70 | 71 | 72 | 73 | cat < /home/${USER}/.ansible.cfg 74 | [defaults] 75 | remote_tmp = ~/.ansible/tmp 76 | local_tmp = ~/.ansible/tmp 77 | host_key_checking = False 78 | forks=30 79 | gather_timeout=60 80 | timeout=240 81 | library = /usr/share/ansible:/usr/share/ansible/openshift-ansible/library 82 | [ssh_connection] 83 | control_path = ~/.ansible/cp/ssh%%h-%%p-%%r 84 | ssh_args = -o ControlMaster=auto -o ControlPersist=600s -o ControlPath=~/.ansible/cp-%h-%p-%r 85 | EOF 86 | 87 | cat < /etc/ansible/hosts 88 | [OSEv3:children] 89 | masters 90 | nodes 91 | etcd 92 | new_nodes 93 | new_masters 94 | 95 | [OSEv3:vars] 96 | openshift_web_console_install=False 97 | openshift_enable_service_catalog=False 98 | openshift_hosted_manage_router=False 99 | openshift_hosted_manage_registry=False 100 | openshift_hosted_manage_registry_console=False 101 | ansible_ssh_user=root 102 | openshift_use_openshift_sdn=false 103 | os_sdn_network_plugin_name=cni 104 | openshift_disable_check=memory_availability 105 | openshift_enable_service_catalog=false 106 | debug_level=2 107 | console_port=8443 108 | deployment_type=openshift-enterprise 109 | openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', 'challenge': 'true', 'kind': 'HTPasswdPasswordIdentityProvider'}] 110 | openshift_master_manage_htpasswd=false 111 | 112 | openshift_master_default_subdomain=$AppPublicURL 113 | openshift_use_dnsmasq=true 114 | openshift_public_hostname=$OpenShiftPublicURL 115 | 116 | osm_default_node_selector="node-role.kubernetes.io/compute=true" 117 | 118 | [masters] 119 | $LinuxHostName.$InternalDomain 120 | 121 | [etcd] 122 | $LinuxHostName.$InternalDomain 123 | 124 | [new_nodes] 125 | [new_masters] 126 | 127 | [nodes] 128 | $LinuxHostName.$InternalDomain openshift_node_group_name='node-config-all-in-one' 129 | 130 | [windows] 131 | $WindowsHostName.$InternalDomain 132 | 133 | EOF 134 | 135 | cat < ~/postinstall.yml 136 | --- 137 | - hosts: masters 138 | vars: 139 | vars_files: 140 | - /etc/ansible/parameters.vars 141 | tasks: 142 | - name: Create Master Directory 143 | file: path=/etc/origin/master state=directory 144 | - name: add initial user to Red Hat OpenShift Container Platform 145 | shell: htpasswd -c -b /etc/origin/master/htpasswd ${theUserName} ${thePassword} 146 | 147 | EOF 148 | 149 | 150 | cat < ~/openshift-install.sh 151 | ansible-playbook ~/openshift-ansible/playbooks/prerequisites.yml < /dev/null 152 | ansible-playbook ~/openshift-ansible/playbooks/deploy_cluster.yml < /dev/null || true 153 | ansible-playbook ~/postinstall.yml 154 | 155 | yum -y install atomic-openshift-clients 156 | oc adm policy add-cluster-role-to-user cluster-admin ${theUserName} 157 | EOF 158 | 159 | 160 | chmod +x ~/openshift-install.sh 161 | ~/openshift-install.sh | tee openshift-install.out 162 | -------------------------------------------------------------------------------- /3.11/standalone/allinone.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | if [ $# -ne 9 ] 3 | then echo;echo "allinone.sh ----- HELP ------";echo "allinone arguments required";echo "allinone.sh LinuxHostName WindowsHostName InternalDomain OpenShiftPublicURL AppPublicURL UserName Password";echo "allinone.sh openshift winnode01 ncc9.com openshift.ncc9.com apps.openshift.com glennswest SuperLamb1 rhnusername rhnpassword";exit 4 | fi 5 | 6 | export LinuxHostName=$1 7 | export WindowsHostName=$2 8 | export InternalDomain=$3 9 | export OpenShiftPublicURL=$4 10 | export AppPublicURL=$5 11 | export theUserName=$6 12 | export thePassword=$7 13 | export rhnusername=$8 14 | export rhnpassword=$9 15 | export theRepo="https://github.com/openshift/openshift-windows" 16 | export AUSERNAME=$theUserName 17 | export LinuxInternalIP=`nslookup $LinuxHostName | awk '/^Address: / { print $2 ; exit }'` 18 | export WindowsInternalIP=`nslookup $WindowsHostName | awk '/^Address: / { print $2 ; exit }'` 19 | export WindowsNicName="Ethernet0" 20 | 21 | echo $0 "Starting" 22 | echo "Linux Hostname: " $LinuxHostName 23 | echo "Windows Hostname: " $WindowsHostName 24 | echo "Internal Domain: " $InternalDomain 25 | echo "Openshift Public URL: " $OpenShiftPublicURL 26 | echo "App Public URL: " $AppPublicURL 27 | echo "User Name: " $theUserName 28 | echo "" > ./parameters.vars 29 | echo "---" >> ./parameters.vars 30 | echo "InternalDomain: " $InternalDomain >> ./parameters.vars 31 | echo "OpenShiftPublicURL: " $OpenShiftPublicURL >> ./parameters.vars 32 | echo "AppPublicURL: " $AppPublicURL >> ./parameters.vars 33 | echo "theUserName: " $theUserName >> ./parameters.vars 34 | echo "thePassword: " $thePassword >> ./parameters.vars 35 | echo "theRepo: " $theRepo >> ./parameters.vars 36 | echo "WindowsNicName: " $WindowsNicName >> ./parameters.vars 37 | 38 | mkdir /etc/ansible 39 | cp -f ./parameters.vars /etc/ansible 40 | 41 | yum install -y dnsmasq 42 | 43 | systemctl enable dnsmasq.service 44 | systemctl start dnsmasq.service 45 | 46 | swapoff -a 47 | 48 | subscription-manager repos --disable="*" 49 | subscription-manager repos --enable="rhel-7-server-rpms" \ 50 | --enable="rhel-7-server-extras-rpms" \ 51 | --enable="rhel-7-server-ose-3.11-rpms" \ 52 | --enable="rhel-7-server-ansible-2.6-rpms" 53 | yum -y update 54 | yum -y install gcc wget git net-tools atomic-openshift-utils git net-tools bind-utils iptables-services bridge-utils bash-completion httpd-tools nodejs qemu-img kexec-tools sos psacct docker-1.13.1 ansible libffi-devel yum-utils 55 | #yum install -y openshift-ansible 56 | git clone https://github.com/openshift/openshift-ansible.git ~/openshift-ansible 57 | cd ~/openshift-ansible 58 | git checkout release-3.11 59 | git pull 60 | cd ~ 61 | yum -y install docker-1.13.1 62 | yum -y install PyYAML 63 | yum -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm 64 | yum-config-manager --disable epel 65 | yum -y install --enablerepo="epel" jq 66 | systemctl enable docker 67 | systemctl start docker 68 | 69 | # Enable what is needed for windows nodes 70 | yum install -y python-dns 71 | yum -y install --enablerepo="epel" python-devel krb5-devel krb5-libs krb5-workstation python-kerberos python-setuptools 72 | yum -y install --enablerepo="epel" python-pip 73 | pip install "pywinrm>=0.2.2" 74 | pip install pywinrm[kerberos] 75 | 76 | 77 | 78 | cat < /home/${USER}/.ansible.cfg 79 | [defaults] 80 | remote_tmp = ~/.ansible/tmp 81 | local_tmp = ~/.ansible/tmp 82 | host_key_checking = False 83 | forks=30 84 | gather_timeout=60 85 | timeout=240 86 | library = /usr/share/ansible:/usr/share/ansible/openshift-ansible/library 87 | [ssh_connection] 88 | control_path = ~/.ansible/cp/ssh%%h-%%p-%%r 89 | ssh_args = -o ControlMaster=auto -o ControlPersist=600s -o ControlPath=~/.ansible/cp-%h-%p-%r 90 | EOF 91 | 92 | cat < /etc/ansible/hosts 93 | [OSEv3:children] 94 | masters 95 | nodes 96 | etcd 97 | new_nodes 98 | new_masters 99 | 100 | [OSEv3:vars] 101 | oreg_auth_user=${rhnusername} 102 | oreg_auth_password=${rhnpassword} 103 | ansible_ssh_user=root 104 | openshift_use_openshift_sdn=false 105 | os_sdn_network_plugin_name=cni 106 | openshift_disable_check=memory_availability 107 | openshift_enable_service_catalog=false 108 | debug_level=2 109 | console_port=8443 110 | deployment_type=openshift-enterprise 111 | openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', 'challenge': 'true', 'kind': 'HTPasswdPasswordIdentityProvider'}] 112 | openshift_master_manage_htpasswd=false 113 | 114 | openshift_master_default_subdomain=$AppPublicURL 115 | openshift_use_dnsmasq=true 116 | openshift_master_cluster_public_hostname=$OpenShiftPublicURL 117 | 118 | osm_default_node_selector="node-role.kubernetes.io/compute=true" 119 | 120 | [masters] 121 | $LinuxHostName.$InternalDomain openshift_public_hostname=$OpenShiftPublicURL 122 | 123 | [etcd] 124 | $LinuxHostName.$InternalDomain 125 | 126 | [new_nodes] 127 | [new_masters] 128 | 129 | [nodes] 130 | $LinuxHostName.$InternalDomain openshift_public_hostname=$OpenShiftPublicURL openshift_node_group_name='node-config-all-in-one' 131 | 132 | [windows] 133 | $WindowsHostName.$InternalDomain 134 | 135 | EOF 136 | 137 | cat < ~/postinstall.yml 138 | --- 139 | - hosts: masters 140 | vars: 141 | vars_files: 142 | - /etc/ansible/parameters.vars 143 | tasks: 144 | - name: Create Master Directory 145 | file: path=/etc/origin/master state=directory 146 | - name: add initial user to Red Hat OpenShift Container Platform 147 | shell: htpasswd -c -b /etc/origin/master/htpasswd ${theUserName} ${thePassword} 148 | 149 | EOF 150 | 151 | 152 | cat < ~/openshift-install.sh 153 | nohup ~/openshift-windows/3.11/auto-install-ovn.sh > ~/auto-install-ovn.out & 154 | ansible-playbook ~/openshift-ansible/playbooks/prerequisites.yml < /dev/null 155 | ansible-playbook ~/openshift-ansible/playbooks/deploy_cluster.yml < /dev/null || true 156 | ansible-playbook ~/postinstall.yml 157 | 158 | yum -y install atomic-openshift-clients 159 | oc adm policy add-cluster-role-to-user cluster-admin ${theUserName} 160 | EOF 161 | 162 | 163 | chmod +x ~/openshift-install.sh 164 | ~/openshift-install.sh | tee openshift-install.out 165 | -------------------------------------------------------------------------------- /3.9/standalone/allinone.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | if [ $# -ne 7 ] 3 | then echo;echo "allinone.sh ----- HELP ------";echo "allinone arguments required";echo "allinone.sh LinuxHostName WindowsHostName InternalDomain OpenShiftPublicURL AppPublicURL UserName Password";echo "allinone.sh openshift winnode01 ncc9.com openshift.ncc9.com apps.openshift.com glennswest SuperLamb1";exit 4 | fi 5 | 6 | export LinuxHostName=$1 7 | export WindowsHostName=$2 8 | export InternalDomain=$3 9 | export OpenShiftPublicURL=$4 10 | export AppPublicURL=$5 11 | export theUserName=$6 12 | export thePassword=$7 13 | export theRepo="https://github.com/openshift/openshift-windows" 14 | export AUSERNAME=$theUserName 15 | export LinuxInternalIP=`nslookup $LinuxHostName | awk '/^Address: / { print $2 ; exit }'` 16 | export WindowsInternalIP=`nslookup $WindowsHostName | awk '/^Address: / { print $2 ; exit }'` 17 | export WindowsNicName="Ethernet0" 18 | 19 | echo $0 "Starting" 20 | echo "Linux Hostname: " $LinuxHostName 21 | echo "Windows Hostname: " $WindowsHostName 22 | echo "Internal Domain: " $InternalDomain 23 | echo "Openshift Public URL: " $OpenShiftPublicURL 24 | echo "App Public URL: " $AppPublicURL 25 | echo "User Name: " $theUserName 26 | echo "" > ./parameters.vars 27 | echo "---" >> ./parameters.vars 28 | echo "InternalDomain: " $InternalDomain >> ./parameters.vars 29 | echo "OpenShiftPublicURL: " $OpenShiftPublicURL >> ./parameters.vars 30 | echo "AppPublicURL: " $AppPublicURL >> ./parameters.vars 31 | echo "theUserName: " $theUserName >> ./parameters.vars 32 | echo "thePassword: " $thePassword >> ./parameters.vars 33 | echo "theRepo: " $theRepo >> ./parameters.vars 34 | echo "WindowsNicName: " $WindowsNicName >> ./parameters.vars 35 | 36 | mkdir /etc/ansible 37 | cp -f ./parameters.vars /etc/ansible 38 | 39 | yum install -y dnsmasq 40 | 41 | systemctl enable dnsmasq.service 42 | systemctl start dnsmasq.service 43 | 44 | swapoff -a 45 | 46 | subscription-manager repos --disable="*" 47 | subscription-manager repos --enable="rhel-7-server-rpms" --enable="rhel-7-server-extras-rpms" --enable="rhel-7-fast-datapath-rpms" --enable="rhel-7-server-ose-3.9-rpms" --enable="rhel-7-server-ansible-2.4-rpms" 48 | yum -y update 49 | yum -y install gcc wget git net-tools atomic-openshift-utils git net-tools bind-utils iptables-services bridge-utils bash-completion httpd-tools nodejs qemu-img kexec-tools sos psacct docker-1.13.1 ansible libffi-devel yum-utils 50 | yum install -y atomic-openshift-utils 51 | yum -y install docker-1.13.1 52 | yum -y install PyYAML 53 | yum -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm 54 | yum-config-manager --disable epel 55 | yum -y install --enablerepo="epel" jq 56 | systemctl enable docker 57 | systemctl start docker 58 | 59 | # Enable what is needed for windows nodes 60 | yum install -y python-dns 61 | yum -y install --enablerepo="epel" python-devel krb5-devel krb5-libs krb5-workstation python-kerberos python-setuptools 62 | yum -y install --enablerepo="epel" python-pip 63 | pip install "pywinrm>=0.2.2" 64 | pip install pywinrm[kerberos] 65 | 66 | 67 | 68 | cat < /home/${USER}/.ansible.cfg 69 | [defaults] 70 | remote_tmp = ~/.ansible/tmp 71 | local_tmp = ~/.ansible/tmp 72 | host_key_checking = False 73 | forks=30 74 | gather_timeout=60 75 | timeout=240 76 | library = /usr/share/ansible:/usr/share/ansible/openshift-ansible/library 77 | [ssh_connection] 78 | control_path = ~/.ansible/cp/ssh%%h-%%p-%%r 79 | ssh_args = -o ControlMaster=auto -o ControlPersist=600s -o ControlPath=~/.ansible/cp-%h-%p-%r 80 | EOF 81 | 82 | cat < /etc/ansible/hosts 83 | [OSEv3:children] 84 | masters 85 | nodes 86 | etcd 87 | new_nodes 88 | new_masters 89 | 90 | [OSEv3:vars] 91 | openshift_web_console_install=False 92 | openshift_enable_service_catalog=False 93 | openshift_hosted_manage_router=False 94 | openshift_hosted_manage_registry=False 95 | openshift_hosted_manage_registry_console=False 96 | ansible_ssh_user=root 97 | openshift_use_openshift_sdn=false 98 | os_sdn_network_plugin_name=cni 99 | openshift_disable_check=memory_availability 100 | oreg_url=registry.access.redhat.com/openshift3/ose-\${component}:\${version} 101 | openshift_examples_modify_imagestreams=true 102 | openshift_clock_enabled=true 103 | openshift_enable_service_catalog=false 104 | debug_level=2 105 | console_port=8443 106 | docker_udev_workaround=True 107 | openshift_node_debug_level="{{ node_debug_level | default(debug_level, true) }}" 108 | openshift_master_debug_level="{{ master_debug_level | default(debug_level, true) }}" 109 | openshift_master_access_token_max_seconds=2419200 110 | openshift_hosted_router_replicas=1 111 | openshift_hosted_registry_replicas=1 112 | openshift_master_api_port="{{ console_port }}" 113 | openshift_master_console_port="{{ console_port }}" 114 | openshift_override_hostname_check=true 115 | osm_use_cockpit=false 116 | openshift_install_examples=true 117 | deployment_type=openshift-enterprise 118 | openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', 'challenge': 'true', 'kind': 'HTPasswdPasswordIdentityProvider', 'filename': '/etc/origin/master/htpasswd'}] 119 | openshift_master_manage_htpasswd=false 120 | 121 | openshift_master_default_subdomain=$AppPublicURL 122 | openshift_use_dnsmasq=true 123 | openshift_public_hostname=$OpenShiftPublicURL 124 | 125 | [masters] 126 | $LinuxHostName openshift_host_name=$LinuxHostName openshift_node_labels="{'region': 'infra'}" 127 | 128 | [etcd] 129 | $LinuxHostName 130 | 131 | [new_nodes] 132 | [new_masters] 133 | 134 | [nodes] 135 | $LinuxHostName openshift_host_name=$LinuxHostName 136 | 137 | [windows] 138 | $WindowsHostName 139 | 140 | EOF 141 | 142 | cat < ~/postinstall.yml 143 | --- 144 | - hosts: masters 145 | vars: 146 | vars_files: 147 | - /etc/ansible/parameters.vars 148 | tasks: 149 | - name: Create Master Directory 150 | file: path=/etc/origin/master state=directory 151 | - name: add initial user to Red Hat OpenShift Container Platform 152 | shell: htpasswd -c -b /etc/origin/master/htpasswd ${theUserName} ${thePassword} 153 | 154 | EOF 155 | 156 | 157 | cat < ~/openshift-install.sh 158 | ansible-playbook /usr/share/ansible/openshift-ansible/playbooks/prerequisites.yml < /dev/null 159 | ansible-playbook /usr/share/ansible/openshift-ansible/playbooks/deploy_cluster.yml < /dev/null || true 160 | ansible-playbook ~/postinstall.yml 161 | 162 | yum -y install atomic-openshift-clients 163 | oc adm policy add-cluster-role-to-user cluster-admin ${theUserName} 164 | EOF 165 | 166 | 167 | chmod +x ~/openshift-install.sh 168 | ~/openshift-install.sh | tee openshift-install.out 169 | -------------------------------------------------------------------------------- /3.11/azure/twonode.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | if mkdir ~/twonode.lock; then 4 | echo "Locking succeeded" >&2 5 | else 6 | echo "Lock failed - exit" >&2 7 | exit 1 8 | fi 9 | export MYARGS=$@ 10 | IFS=' ' read -r -a array <<< "$MYARGS" 11 | export RESOURCEGROUP=$1 12 | export WILDCARDZONE=$2 13 | export AUSERNAME=$3 14 | export PASSWORD=$4 15 | export THEHOSTNAME=$5 16 | export NODECOUNT=$6 17 | export ROUTEREXTIP=$7 18 | export RHNUSERNAME=$8 19 | export RHNPASSWORD=$9 20 | export RHNPOOLID=${10} 21 | export SSHPRIVATEDATA=${11} 22 | export SSHPUBLICDATA=${12} 23 | export SSHPUBLICDATA2=${13} 24 | export SSHPUBLICDATA3=${14} 25 | export REGISTRYSTORAGENAME=${array[14]} 26 | export REGISTRYKEY=${array[15]} 27 | export LOCATION=${array[16]} 28 | export SUBSCRIPTIONID=${array[17]} 29 | export TENANTID=${array[18]} 30 | export AADCLIENTID=${array[19]} 31 | export AADCLIENTSECRET=${array[20]} 32 | export RHSMMODE=${array[21]} 33 | export METRICS=${array[22]} 34 | export LOGGING=${array[23]} 35 | export OPSLOGGING=${array[24]} 36 | export FULLDOMAIN=${THEHOSTNAME#*.*} 37 | export WILDCARDFQDN=${RESOURCEGROUP}.${FULLDOMAIN} 38 | export WILDCARDIP=`dig +short ${WILDCARDFQDN}` 39 | export WILDCARDNIP=${WILDCARDIP}.nip.io 40 | export LOGGING_ES_INSTANCES="3" 41 | export OPSLOGGING_ES_INSTANCES="3" 42 | export METRICS_INSTANCES="1" 43 | export LOGGING_ES_SIZE="10" 44 | export OPSLOGGING_ES_SIZE="10" 45 | export METRICS_CASSANDRASIZE="10" 46 | echo "Show wildcard info" 47 | echo $WILDCARDFQDN 48 | echo $WILDCARDIP 49 | echo $WILDCARDNIP 50 | echo $RHSMMODE 51 | 52 | echo 'Show Registry Values' 53 | echo $REGISTRYSTORAGENAME 54 | echo $REGISTRYKEY 55 | echo $LOCATION 56 | echo $SUBSCRIPTIONID 57 | echo $TENANTID 58 | echo $AADCLIENTID 59 | echo $AADCLIENTSECRET 60 | 61 | domain=$(grep search /etc/resolv.conf | awk '{print $2}') 62 | 63 | ps -ef | grep twonode.sh > cmdline.out 64 | 65 | systemctl enable dnsmasq.service 66 | systemctl start dnsmasq.service 67 | 68 | swapoff -a 69 | 70 | echo "Resize Root FS" 71 | rootdev=`findmnt --target / -o SOURCE -n` 72 | rootdrivename=`lsblk -no pkname $rootdev` 73 | rootdrive="/dev/"$rootdrivename 74 | majorminor=`lsblk $rootdev -o MAJ:MIN | tail -1` 75 | part_number=${majorminor#*:} 76 | yum install -y cloud-utils-growpart.noarch 77 | growpart $rootdrive $part_number -u on 78 | xfs_growfs $rootdev 79 | 80 | 81 | mkdir -p /var/lib/origin/openshift.local.volumes 82 | ZEROVG=$( parted -m /dev/sda print all 2>/dev/null | grep unknown | grep /dev/sd | cut -d':' -f1 | head -n1) 83 | parted -s -a optimal ${ZEROVG} mklabel gpt -- mkpart primary xfs 1 -1 84 | sleep 5 85 | mkfs.xfs -f ${ZEROVG}1 86 | echo "${ZEROVG}1 /var/lib/origin/openshift.local.volumes xfs defaults,gquota 0 0" >> /etc/fstab 87 | mount ${ZEROVG}1 88 | 89 | DOCKERVG=$( parted -m /dev/sda print all 2>/dev/null | grep unknown | grep /dev/sd | cut -d':' -f1 | head -n1 ) 90 | 91 | echo "DEVS=${DOCKERVG}" >> /etc/sysconfig/docker-storage-setup 92 | cat < /etc/sysconfig/docker-storage-setup 93 | DEVS=$DOCKERVG 94 | VG=docker_vol 95 | DATA_SIZE=95%VG 96 | STORAGE_DRIVER=overlay2 97 | CONTAINER_ROOT_LV_NAME=dockerlv 98 | CONTAINER_ROOT_LV_MOUNT_PATH=/var/lib/docker 99 | CONTAINER_ROOT_LV_SIZE=100%FREE 100 | EOF 101 | 102 | mkdir -p /home/$AUSERNAME/.azuresettings 103 | echo $REGISTRYSTORAGENAME > /home/$AUSERNAME/.azuresettings/registry_storage_name 104 | echo $REGISTRYKEY > /home/$AUSERNAME/.azuresettings/registry_key 105 | echo $LOCATION > /home/$AUSERNAME/.azuresettings/location 106 | echo $SUBSCRIPTIONID > /home/$AUSERNAME/.azuresettings/subscription_id 107 | echo $TENANTID > /home/$AUSERNAME/.azuresettings/tenant_id 108 | echo $AADCLIENTID > /home/$AUSERNAME/.azuresettings/aad_client_id 109 | echo $AADCLIENTSECRET > /home/$AUSERNAME/.azuresettings/aad_client_secret 110 | echo $RESOURCEGROUP > /home/$AUSERNAME/.azuresettings/resource_group 111 | chmod -R 600 /home/$AUSERNAME/.azuresettings/* 112 | chown -R $AUSERNAME /home/$AUSERNAME/.azuresettings 113 | 114 | mkdir -p /home/$AUSERNAME/.ssh 115 | echo $SSHPUBLICDATA $SSHPUBLICDATA2 $SSHPUBLICDATA3 > /home/$AUSERNAME/.ssh/id_rsa.pub 116 | echo $SSHPRIVATEDATA | base64 --d > /home/$AUSERNAME/.ssh/id_rsa 117 | chown $AUSERNAME /home/$AUSERNAME/.ssh/id_rsa.pub 118 | chmod 600 /home/$AUSERNAME/.ssh/id_rsa.pub 119 | chown $AUSERNAME /home/$AUSERNAME/.ssh/id_rsa 120 | chmod 600 /home/$AUSERNAME/.ssh/id_rsa 121 | cp /home/$AUSERNAME/.ssh/authorized_keys /root/.ssh/authorized_keys 122 | 123 | mkdir -p /root/.azuresettings 124 | echo $REGISTRYSTORAGENAME > /root/.azuresettings/registry_storage_name 125 | echo $REGISTRYKEY > /root/.azuresettings/registry_key 126 | echo $LOCATION > /root/.azuresettings/location 127 | echo $SUBSCRIPTIONID > /root/.azuresettings/subscription_id 128 | echo $TENANTID > /root/.azuresettings/tenant_id 129 | echo $AADCLIENTID > /root/.azuresettings/aad_client_id 130 | echo $AADCLIENTSECRET > /root/.azuresettings/aad_client_secret 131 | echo $RESOURCEGROUP > /root/.azuresettings/resource_group 132 | chmod -R 600 /root/.azuresettings/* 133 | chown -R root /root/.azuresettings 134 | 135 | mkdir -p /root/.ssh 136 | echo $SSHPRIVATEDATA | base64 --d > /root/.ssh/id_rsa 137 | echo $SSHPUBLICDATA $SSHPUBLICDATA2 $SSHPUBLICDATA3 > /root/.ssh/id_rsa.pub 138 | cp /home/$AUSERNAME/.ssh/authorized_keys /root/.ssh/authorized_keys 139 | chown root /root/.ssh/id_rsa.pub 140 | chmod 600 /root/.ssh/id_rsa.pub 141 | chown root /root/.ssh/id_rsa 142 | chmod 600 /root/.ssh/id_rsa 143 | chown root /root/.ssh/authorized_keys 144 | chmod 600 /root/.ssh/authorized_keys 145 | 146 | 147 | # Continue Setting Up Host 148 | subscription-manager unregister 149 | yum -y remove RHEL7 150 | rm -f /etc/yum.repos.d/rh-cloud.repo 151 | # Found that wildcard disable not working all the time - make sure 152 | yum-config-manager --disable epel 153 | yum-config-manager --disable epel-testing 154 | sleep 30 155 | if [[ $RHSMMODE == "usernamepassword" ]] 156 | then 157 | subscription-manager register --username="${RHNUSERNAME}" --password="${RHNPASSWORD}" 158 | else 159 | subscription-manager register --org="${RHNUSERNAME}" --activationkey="${RHNPASSWORD}" 160 | fi 161 | subscription-manager attach --pool=$RHNPOOLID 162 | yum-config-manager --disable rhel-7-server-htb-rpms || true 163 | yum -y install git 164 | cd /root 165 | git clone https://github.com/openshift/openshift-windows 166 | 167 | cat < /root/openshift-windows/3.11/group_vars/windows.yml 168 | ansible_user: ${AUSERNAME} 169 | ansible_password: ${PASSWORD} 170 | ansible_port: 5985 171 | ansible_connection: winrm 172 | ansible_winrm_read_timeout_sec: 600 173 | # The following is necessary for Python 2.7.9+ (or any older Python that has backported SSLContext, eg, Python 2.7.5 on RHEL7) when using default WinRM self-signed certificates: 174 | ansible_winrm_server_cert_validation: ignore 175 | EOF 176 | 177 | cat < /home/${AUSERNAME}/.ansible.cfg 178 | [defaults] 179 | remote_tmp = ~/.ansible/tmp 180 | local_tmp = ~/.ansible/tmp 181 | host_key_checking = False 182 | forks=30 183 | gather_timeout=60 184 | timeout=240 185 | library = /usr/share/ansible:/usr/share/ansible/openshift-ansible/library 186 | [ssh_connection] 187 | control_path = ~/.ansible/cp/ssh%%h-%%p-%%r 188 | ssh_args = -o ControlMaster=auto -o ControlPersist=600s -o ControlPath=~/.ansible/cp-%h-%p-%r 189 | EOF 190 | chown ${AUSERNAME} /home/${AUSERNAME}/.ansible.cfg 191 | 192 | cat < /root/.ansible.cfg 193 | [defaults] 194 | remote_tmp = ~/.ansible/tmp 195 | local_tmp = ~/.ansible/tmp 196 | host_key_checking = False 197 | forks=30 198 | gather_timeout=60 199 | timeout=240 200 | library = /usr/share/ansible:/usr/share/ansible/openshift-ansible/library 201 | [ssh_connection] 202 | control_path = ~/.ansible/cp/ssh%%h-%%p-%%r 203 | ssh_args = -o ControlMaster=auto -o ControlPersist=600s -o ControlPath=~/.ansible/cp-%h-%p-%r 204 | EOF 205 | 206 | export LOCAL_DOMAIN=`hostname -d` 207 | cat < ~/install.sh 208 | cd /root/openshift-windows 209 | cd 3.11 210 | cd standalone 211 | ssh -o StrictHostKeyChecking=no root@${RESOURCEGROUP} ls 212 | sudo ./allinone.sh ${RESOURCEGROUP} ${RESOURCEGROUP}win ${LOCAL_DOMAIN} ${WILDCARDFQDN} ${WILDCARDNIP} ${AUSERNAME} ${PASSWORD} ${RHNUSERNAME} ${RHNPASSWORD} 213 | mkdir /home/${AUSERNAME}/.kube 214 | cp /root/.kube/config /home/${AUSERNAME}/.kube/config 215 | chown -R ${AUSERNAME} /home/${AUSERNAME}/.kube 216 | cd .. 217 | sleep 60s 218 | sudo ansible-playbook windows.yml 219 | EOF 220 | chown ${AUSERNAME} /home/${AUSERNAME}/.ansible.cfg 221 | chown ${AUSERNAME} /root/install.sh 222 | chown -R ${AUSERNAME} /root/openshift-windows 223 | chmod +x /root/install.sh 224 | /root/install.sh &> /home/${AUSERNAME}/install.out & 225 | exit 0 226 | -------------------------------------------------------------------------------- /3.10/azure/twonode.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | if mkdir ~/twonode.lock; then 4 | echo "Locking succeeded" >&2 5 | else 6 | echo "Lock failed - exit" >&2 7 | exit 1 8 | fi 9 | export MYARGS=$@ 10 | IFS=' ' read -r -a array <<< "$MYARGS" 11 | export RESOURCEGROUP=$1 12 | export WILDCARDZONE=$2 13 | export AUSERNAME=$3 14 | export PASSWORD=$4 15 | export THEHOSTNAME=$5 16 | export NODECOUNT=$6 17 | export ROUTEREXTIP=$7 18 | export RHNUSERNAME=$8 19 | export RHNPASSWORD=$9 20 | export RHNPOOLID=${10} 21 | export SSHPRIVATEDATA=${11} 22 | export SSHPUBLICDATA=${12} 23 | export SSHPUBLICDATA2=${13} 24 | export SSHPUBLICDATA3=${14} 25 | export REGISTRYSTORAGENAME=${array[14]} 26 | export REGISTRYKEY=${array[15]} 27 | export LOCATION=${array[16]} 28 | export SUBSCRIPTIONID=${array[17]} 29 | export TENANTID=${array[18]} 30 | export AADCLIENTID=${array[19]} 31 | export AADCLIENTSECRET=${array[20]} 32 | export RHSMMODE=${array[21]} 33 | export METRICS=${array[22]} 34 | export LOGGING=${array[23]} 35 | export OPSLOGGING=${array[24]} 36 | export FULLDOMAIN=${THEHOSTNAME#*.*} 37 | export WILDCARDFQDN=${RESOURCEGROUP}.${FULLDOMAIN} 38 | export WILDCARDIP=`dig +short ${WILDCARDFQDN}` 39 | export WILDCARDNIP=${WILDCARDIP}.nip.io 40 | export LOGGING_ES_INSTANCES="3" 41 | export OPSLOGGING_ES_INSTANCES="3" 42 | export METRICS_INSTANCES="1" 43 | export LOGGING_ES_SIZE="10" 44 | export OPSLOGGING_ES_SIZE="10" 45 | export METRICS_CASSANDRASIZE="10" 46 | echo "Show wildcard info" 47 | echo $WILDCARDFQDN 48 | echo $WILDCARDIP 49 | echo $WILDCARDNIP 50 | echo $RHSMMODE 51 | 52 | echo 'Show Registry Values' 53 | echo $REGISTRYSTORAGENAME 54 | echo $REGISTRYKEY 55 | echo $LOCATION 56 | echo $SUBSCRIPTIONID 57 | echo $TENANTID 58 | echo $AADCLIENTID 59 | echo $AADCLIENTSECRET 60 | 61 | domain=$(grep search /etc/resolv.conf | awk '{print $2}') 62 | 63 | ps -ef | grep twonode.sh > cmdline.out 64 | 65 | systemctl enable dnsmasq.service 66 | systemctl start dnsmasq.service 67 | 68 | swapoff -a 69 | 70 | echo "Resize Root FS" 71 | rootdev=`findmnt --target / -o SOURCE -n` 72 | rootdrivename=`lsblk -no pkname $rootdev` 73 | rootdrive="/dev/"$rootdrivename 74 | majorminor=`lsblk $rootdev -o MAJ:MIN | tail -1` 75 | part_number=${majorminor#*:} 76 | yum install -y cloud-utils-growpart.noarch 77 | growpart $rootdrive $part_number -u on 78 | xfs_growfs $rootdev 79 | 80 | 81 | mkdir -p /var/lib/origin/openshift.local.volumes 82 | ZEROVG=$( parted -m /dev/sda print all 2>/dev/null | grep unknown | grep /dev/sd | cut -d':' -f1 | head -n1) 83 | parted -s -a optimal ${ZEROVG} mklabel gpt -- mkpart primary xfs 1 -1 84 | sleep 5 85 | mkfs.xfs -f ${ZEROVG}1 86 | echo "${ZEROVG}1 /var/lib/origin/openshift.local.volumes xfs defaults,gquota 0 0" >> /etc/fstab 87 | mount ${ZEROVG}1 88 | 89 | DOCKERVG=$( parted -m /dev/sda print all 2>/dev/null | grep unknown | grep /dev/sd | cut -d':' -f1 | head -n1 ) 90 | 91 | echo "DEVS=${DOCKERVG}" >> /etc/sysconfig/docker-storage-setup 92 | cat < /etc/sysconfig/docker-storage-setup 93 | DEVS=$DOCKERVG 94 | VG=docker_vol 95 | DATA_SIZE=95%VG 96 | STORAGE_DRIVER=overlay2 97 | CONTAINER_ROOT_LV_NAME=dockerlv 98 | CONTAINER_ROOT_LV_MOUNT_PATH=/var/lib/docker 99 | CONTAINER_ROOT_LV_SIZE=100%FREE 100 | EOF 101 | 102 | mkdir -p /home/$AUSERNAME/.azuresettings 103 | echo $REGISTRYSTORAGENAME > /home/$AUSERNAME/.azuresettings/registry_storage_name 104 | echo $REGISTRYKEY > /home/$AUSERNAME/.azuresettings/registry_key 105 | echo $LOCATION > /home/$AUSERNAME/.azuresettings/location 106 | echo $SUBSCRIPTIONID > /home/$AUSERNAME/.azuresettings/subscription_id 107 | echo $TENANTID > /home/$AUSERNAME/.azuresettings/tenant_id 108 | echo $AADCLIENTID > /home/$AUSERNAME/.azuresettings/aad_client_id 109 | echo $AADCLIENTSECRET > /home/$AUSERNAME/.azuresettings/aad_client_secret 110 | echo $RESOURCEGROUP > /home/$AUSERNAME/.azuresettings/resource_group 111 | chmod -R 600 /home/$AUSERNAME/.azuresettings/* 112 | chown -R $AUSERNAME /home/$AUSERNAME/.azuresettings 113 | 114 | mkdir -p /home/$AUSERNAME/.ssh 115 | echo $SSHPUBLICDATA $SSHPUBLICDATA2 $SSHPUBLICDATA3 > /home/$AUSERNAME/.ssh/id_rsa.pub 116 | echo $SSHPRIVATEDATA | base64 --d > /home/$AUSERNAME/.ssh/id_rsa 117 | chown $AUSERNAME /home/$AUSERNAME/.ssh/id_rsa.pub 118 | chmod 600 /home/$AUSERNAME/.ssh/id_rsa.pub 119 | chown $AUSERNAME /home/$AUSERNAME/.ssh/id_rsa 120 | chmod 600 /home/$AUSERNAME/.ssh/id_rsa 121 | cp /home/$AUSERNAME/.ssh/authorized_keys /root/.ssh/authorized_keys 122 | 123 | mkdir -p /root/.azuresettings 124 | echo $REGISTRYSTORAGENAME > /root/.azuresettings/registry_storage_name 125 | echo $REGISTRYKEY > /root/.azuresettings/registry_key 126 | echo $LOCATION > /root/.azuresettings/location 127 | echo $SUBSCRIPTIONID > /root/.azuresettings/subscription_id 128 | echo $TENANTID > /root/.azuresettings/tenant_id 129 | echo $AADCLIENTID > /root/.azuresettings/aad_client_id 130 | echo $AADCLIENTSECRET > /root/.azuresettings/aad_client_secret 131 | echo $RESOURCEGROUP > /root/.azuresettings/resource_group 132 | chmod -R 600 /root/.azuresettings/* 133 | chown -R root /root/.azuresettings 134 | 135 | mkdir -p /root/.ssh 136 | echo $SSHPRIVATEDATA | base64 --d > /root/.ssh/id_rsa 137 | echo $SSHPUBLICDATA $SSHPUBLICDATA2 $SSHPUBLICDATA3 > /root/.ssh/id_rsa.pub 138 | cp /home/$AUSERNAME/.ssh/authorized_keys /root/.ssh/authorized_keys 139 | chown root /root/.ssh/id_rsa.pub 140 | chmod 600 /root/.ssh/id_rsa.pub 141 | chown root /root/.ssh/id_rsa 142 | chmod 600 /root/.ssh/id_rsa 143 | chown root /root/.ssh/authorized_keys 144 | chmod 600 /root/.ssh/authorized_keys 145 | 146 | 147 | # Continue Setting Up Host 148 | subscription-manager unregister 149 | yum -y remove RHEL7 150 | rm -f /etc/yum.repos.d/rh-cloud.repo 151 | # Found that wildcard disable not working all the time - make sure 152 | yum-config-manager --disable epel 153 | yum-config-manager --disable epel-testing 154 | sleep 30 155 | if [[ $RHSMMODE == "usernamepassword" ]] 156 | then 157 | subscription-manager register --username="${RHNUSERNAME}" --password="${RHNPASSWORD}" 158 | else 159 | subscription-manager register --org="${RHNUSERNAME}" --activationkey="${RHNPASSWORD}" 160 | fi 161 | subscription-manager attach --pool=$RHNPOOLID 162 | yum-config-manager --disable rhel-7-server-htb-rpms || true 163 | yum -y install git 164 | cd /home/${AUSERNAME} 165 | git clone https://github.com/glennswest/openshift-windows 166 | 167 | cat < /home/${AUSERNAME}/openshift-windows/3.10/group_vars/windows.yml 168 | ansible_user: ${AUSERNAME} 169 | ansible_password: ${PASSWORD} 170 | ansible_port: 5985 171 | ansible_connection: winrm 172 | ansible_winrm_read_timeout_sec: 600 173 | # The following is necessary for Python 2.7.9+ (or any older Python that has backported SSLContext, eg, Python 2.7.5 on RHEL7) when using default WinRM self-signed certificates: 174 | ansible_winrm_server_cert_validation: ignore 175 | EOF 176 | 177 | cat < /home/${AUSERNAME}/.ansible.cfg 178 | [defaults] 179 | remote_tmp = ~/.ansible/tmp 180 | local_tmp = ~/.ansible/tmp 181 | host_key_checking = False 182 | forks=30 183 | gather_timeout=60 184 | timeout=240 185 | library = /usr/share/ansible:/usr/share/ansible/openshift-ansible/library 186 | [ssh_connection] 187 | control_path = ~/.ansible/cp/ssh%%h-%%p-%%r 188 | ssh_args = -o ControlMaster=auto -o ControlPersist=600s -o ControlPath=~/.ansible/cp-%h-%p-%r 189 | EOF 190 | chown ${AUSERNAME} /home/${AUSERNAME}/.ansible.cfg 191 | 192 | cat < /root/.ansible.cfg 193 | [defaults] 194 | remote_tmp = ~/.ansible/tmp 195 | local_tmp = ~/.ansible/tmp 196 | host_key_checking = False 197 | forks=30 198 | gather_timeout=60 199 | timeout=240 200 | library = /usr/share/ansible:/usr/share/ansible/openshift-ansible/library 201 | [ssh_connection] 202 | control_path = ~/.ansible/cp/ssh%%h-%%p-%%r 203 | ssh_args = -o ControlMaster=auto -o ControlPersist=600s -o ControlPath=~/.ansible/cp-%h-%p-%r 204 | EOF 205 | 206 | export LOCAL_DOMAIN=`hostname -d` 207 | cat < /home/${AUSERNAME}/install.sh 208 | cd /home/${AUSERNAME}/openshift-windows 209 | cd 3.10 210 | cd standalone 211 | ssh -o StrictHostKeyChecking=no root@${RESOURCEGROUP} ls 212 | ./allinone.sh ${RESOURCEGROUP} ${RESOURCEGROUP}win ${LOCAL_DOMAIN} ${WILDCARDFQDN} ${WILDCARDNIP} ${AUSERNAME} ${PASSWORD} 213 | mkdir /home/${AUSERNAME}/.kube 214 | cp /root/.kube/config /home/${AUSERNAME}/.kube/config 215 | chown -R ${AUSERNAME} /home/${AUSERNAME}/.kube 216 | cd .. 217 | ansible-playbook ovn_presetup.yml 218 | sleep 45s 219 | ansible-playbook ovn_postsetup.yml 220 | #ansible-playbook windows.yml 221 | EOF 222 | chmod +x /home/${AUSERNAME}/install.sh 223 | chown ${AUSERNAME} /home/${AUSERNAME}/.ansible.cfg 224 | chown ${AUSERNAME} /home/${AUSERNAME}/install.sh 225 | chown -R ${AUSERNAME} /home/${AUSERNAME}/openshift-windows 226 | /home/${AUSERNAME}/install.sh &> /home/${AUSERNAME}/install.out & 227 | exit 0 228 | -------------------------------------------------------------------------------- /3.9/azure/twonode.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | if mkdir ~/twonode.lock; then 4 | echo "Locking succeeded" >&2 5 | else 6 | echo "Lock failed - exit" >&2 7 | exit 1 8 | fi 9 | export MYARGS=$@ 10 | IFS=' ' read -r -a array <<< "$MYARGS" 11 | export RESOURCEGROUP=$1 12 | export WILDCARDZONE=$2 13 | export AUSERNAME=$3 14 | export PASSWORD=$4 15 | export THEHOSTNAME=$5 16 | export NODECOUNT=$6 17 | export ROUTEREXTIP=$7 18 | export RHNUSERNAME=$8 19 | export RHNPASSWORD=$9 20 | export RHNPOOLID=${10} 21 | export SSHPRIVATEDATA=${11} 22 | export SSHPUBLICDATA=${12} 23 | export SSHPUBLICDATA2=${13} 24 | export SSHPUBLICDATA3=${14} 25 | export REGISTRYSTORAGENAME=${array[14]} 26 | export REGISTRYKEY=${array[15]} 27 | export LOCATION=${array[16]} 28 | export SUBSCRIPTIONID=${array[17]} 29 | export TENANTID=${array[18]} 30 | export AADCLIENTID=${array[19]} 31 | export AADCLIENTSECRET=${array[20]} 32 | export RHSMMODE=${array[21]} 33 | export METRICS=${array[22]} 34 | export LOGGING=${array[23]} 35 | export OPSLOGGING=${array[24]} 36 | export FULLDOMAIN=${THEHOSTNAME#*.*} 37 | export WILDCARDFQDN=${RESOURCEGROUP}.${FULLDOMAIN} 38 | export WILDCARDIP=`dig +short ${WILDCARDFQDN}` 39 | export WILDCARDNIP=${WILDCARDIP}.nip.io 40 | export LOGGING_ES_INSTANCES="3" 41 | export OPSLOGGING_ES_INSTANCES="3" 42 | export METRICS_INSTANCES="1" 43 | export LOGGING_ES_SIZE="10" 44 | export OPSLOGGING_ES_SIZE="10" 45 | export METRICS_CASSANDRASIZE="10" 46 | echo "Show wildcard info" 47 | echo $WILDCARDFQDN 48 | echo $WILDCARDIP 49 | echo $WILDCARDNIP 50 | echo $RHSMMODE 51 | 52 | echo 'Show Registry Values' 53 | echo $REGISTRYSTORAGENAME 54 | echo $REGISTRYKEY 55 | echo $LOCATION 56 | echo $SUBSCRIPTIONID 57 | echo $TENANTID 58 | echo $AADCLIENTID 59 | echo $AADCLIENTSECRET 60 | 61 | domain=$(grep search /etc/resolv.conf | awk '{print $2}') 62 | 63 | ps -ef | grep twonode.sh > cmdline.out 64 | 65 | systemctl enable dnsmasq.service 66 | systemctl start dnsmasq.service 67 | 68 | swapoff -a 69 | 70 | echo "Resize Root FS" 71 | rootdev=`findmnt --target / -o SOURCE -n` 72 | rootdrivename=`lsblk -no pkname $rootdev` 73 | rootdrive="/dev/"$rootdrivename 74 | majorminor=`lsblk $rootdev -o MAJ:MIN | tail -1` 75 | part_number=${majorminor#*:} 76 | yum install -y cloud-utils-growpart.noarch 77 | growpart $rootdrive $part_number -u on 78 | xfs_growfs $rootdev 79 | 80 | 81 | mkdir -p /var/lib/origin/openshift.local.volumes 82 | ZEROVG=$( parted -m /dev/sda print all 2>/dev/null | grep unknown | grep /dev/sd | cut -d':' -f1 | head -n1) 83 | parted -s -a optimal ${ZEROVG} mklabel gpt -- mkpart primary xfs 1 -1 84 | sleep 5 85 | mkfs.xfs -f ${ZEROVG}1 86 | echo "${ZEROVG}1 /var/lib/origin/openshift.local.volumes xfs defaults,gquota 0 0" >> /etc/fstab 87 | mount ${ZEROVG}1 88 | 89 | DOCKERVG=$( parted -m /dev/sda print all 2>/dev/null | grep unknown | grep /dev/sd | cut -d':' -f1 | head -n1 ) 90 | 91 | echo "DEVS=${DOCKERVG}" >> /etc/sysconfig/docker-storage-setup 92 | cat < /etc/sysconfig/docker-storage-setup 93 | DEVS=$DOCKERVG 94 | VG=docker_vol 95 | DATA_SIZE=95%VG 96 | STORAGE_DRIVER=overlay2 97 | CONTAINER_ROOT_LV_NAME=dockerlv 98 | CONTAINER_ROOT_LV_MOUNT_PATH=/var/lib/docker 99 | CONTAINER_ROOT_LV_SIZE=100%FREE 100 | EOF 101 | 102 | mkdir -p /home/$AUSERNAME/.azuresettings 103 | echo $REGISTRYSTORAGENAME > /home/$AUSERNAME/.azuresettings/registry_storage_name 104 | echo $REGISTRYKEY > /home/$AUSERNAME/.azuresettings/registry_key 105 | echo $LOCATION > /home/$AUSERNAME/.azuresettings/location 106 | echo $SUBSCRIPTIONID > /home/$AUSERNAME/.azuresettings/subscription_id 107 | echo $TENANTID > /home/$AUSERNAME/.azuresettings/tenant_id 108 | echo $AADCLIENTID > /home/$AUSERNAME/.azuresettings/aad_client_id 109 | echo $AADCLIENTSECRET > /home/$AUSERNAME/.azuresettings/aad_client_secret 110 | echo $RESOURCEGROUP > /home/$AUSERNAME/.azuresettings/resource_group 111 | chmod -R 600 /home/$AUSERNAME/.azuresettings/* 112 | chown -R $AUSERNAME /home/$AUSERNAME/.azuresettings 113 | 114 | mkdir -p /home/$AUSERNAME/.ssh 115 | echo $SSHPUBLICDATA $SSHPUBLICDATA2 $SSHPUBLICDATA3 > /home/$AUSERNAME/.ssh/id_rsa.pub 116 | echo $SSHPRIVATEDATA | base64 --d > /home/$AUSERNAME/.ssh/id_rsa 117 | chown $AUSERNAME /home/$AUSERNAME/.ssh/id_rsa.pub 118 | chmod 600 /home/$AUSERNAME/.ssh/id_rsa.pub 119 | chown $AUSERNAME /home/$AUSERNAME/.ssh/id_rsa 120 | chmod 600 /home/$AUSERNAME/.ssh/id_rsa 121 | cp /home/$AUSERNAME/.ssh/authorized_keys /root/.ssh/authorized_keys 122 | 123 | mkdir -p /root/.azuresettings 124 | echo $REGISTRYSTORAGENAME > /root/.azuresettings/registry_storage_name 125 | echo $REGISTRYKEY > /root/.azuresettings/registry_key 126 | echo $LOCATION > /root/.azuresettings/location 127 | echo $SUBSCRIPTIONID > /root/.azuresettings/subscription_id 128 | echo $TENANTID > /root/.azuresettings/tenant_id 129 | echo $AADCLIENTID > /root/.azuresettings/aad_client_id 130 | echo $AADCLIENTSECRET > /root/.azuresettings/aad_client_secret 131 | echo $RESOURCEGROUP > /root/.azuresettings/resource_group 132 | chmod -R 600 /root/.azuresettings/* 133 | chown -R root /root/.azuresettings 134 | 135 | mkdir -p /root/.ssh 136 | echo $SSHPRIVATEDATA | base64 --d > /root/.ssh/id_rsa 137 | echo $SSHPUBLICDATA $SSHPUBLICDATA2 $SSHPUBLICDATA3 > /root/.ssh/id_rsa.pub 138 | cp /home/$AUSERNAME/.ssh/authorized_keys /root/.ssh/authorized_keys 139 | chown root /root/.ssh/id_rsa.pub 140 | chmod 600 /root/.ssh/id_rsa.pub 141 | chown root /root/.ssh/id_rsa 142 | chmod 600 /root/.ssh/id_rsa 143 | chown root /root/.ssh/authorized_keys 144 | chmod 600 /root/.ssh/authorized_keys 145 | 146 | 147 | # Continue Setting Up Host 148 | subscription-manager unregister 149 | yum -y remove RHEL7 150 | rm -f /etc/yum.repos.d/rh-cloud.repo 151 | # Found that wildcard disable not working all the time - make sure 152 | yum-config-manager --disable epel 153 | yum-config-manager --disable epel-testing 154 | sleep 30 155 | if [[ $RHSMMODE == "usernamepassword" ]] 156 | then 157 | subscription-manager register --username="${RHNUSERNAME}" --password="${RHNPASSWORD}" 158 | else 159 | subscription-manager register --org="${RHNUSERNAME}" --activationkey="${RHNPASSWORD}" 160 | fi 161 | subscription-manager attach --pool=$RHNPOOLID 162 | yum-config-manager --disable rhel-7-server-htb-rpms || true 163 | yum -y install git 164 | cd /home/${AUSERNAME} 165 | git clone https://github.com/glennswest/openshift-windows 166 | 167 | cat < /home/${AUSERNAME}/openshift-windows/3.9/group_vars/windows.yml 168 | ansible_user: ${AUSERNAME} 169 | ansible_password: ${PASSWORD} 170 | ansible_port: 5985 171 | ansible_connection: winrm 172 | ansible_winrm_read_timeout_sec: 600 173 | # The following is necessary for Python 2.7.9+ (or any older Python that has backported SSLContext, eg, Python 2.7.5 on RHEL7) when using default WinRM self-signed certificates: 174 | ansible_winrm_server_cert_validation: ignore 175 | EOF 176 | 177 | cat < /home/${AUSERNAME}/.ansible.cfg 178 | [defaults] 179 | remote_tmp = ~/.ansible/tmp 180 | local_tmp = ~/.ansible/tmp 181 | host_key_checking = False 182 | forks=30 183 | gather_timeout=60 184 | timeout=240 185 | library = /usr/share/ansible:/usr/share/ansible/openshift-ansible/library 186 | [ssh_connection] 187 | control_path = ~/.ansible/cp/ssh%%h-%%p-%%r 188 | ssh_args = -o ControlMaster=auto -o ControlPersist=600s -o ControlPath=~/.ansible/cp-%h-%p-%r 189 | EOF 190 | chown ${AUSERNAME} /home/${AUSERNAME}/.ansible.cfg 191 | 192 | cat < /root/.ansible.cfg 193 | [defaults] 194 | remote_tmp = ~/.ansible/tmp 195 | local_tmp = ~/.ansible/tmp 196 | host_key_checking = False 197 | forks=30 198 | gather_timeout=60 199 | timeout=240 200 | library = /usr/share/ansible:/usr/share/ansible/openshift-ansible/library 201 | [ssh_connection] 202 | control_path = ~/.ansible/cp/ssh%%h-%%p-%%r 203 | ssh_args = -o ControlMaster=auto -o ControlPersist=600s -o ControlPath=~/.ansible/cp-%h-%p-%r 204 | EOF 205 | 206 | export LOCAL_DOMAIN=`hostname -d` 207 | cat < /home/${AUSERNAME}/install.sh 208 | cd /home/${AUSERNAME}/openshift-windows 209 | cd 3.9 210 | cd standalone 211 | ssh -o StrictHostKeyChecking=no root@${RESOURCEGROUP} ls 212 | ./allinone.sh ${RESOURCEGROUP} ${RESOURCEGROUP}win ${LOCAL_DOMAIN} ${WILDCARDFQDN} ${WILDCARDNIP} ${AUSERNAME} ${PASSWORD} 213 | mkdir /home/${AUSERNAME}/.kube 214 | cp /root/.kube/config /home/${AUSERNAME}/.kube/config 215 | chown -R ${AUSERNAME} /home/${AUSERNAME}/.kube 216 | cd .. 217 | ansible-playbook ovn_presetup.yml 218 | sleep 45s 219 | ansible-playbook ovn_postsetup.yml 220 | #ansible-playbook windows.yml 221 | EOF 222 | chmod +x /home/${AUSERNAME}/install.sh 223 | chown ${AUSERNAME} /home/${AUSERNAME}/.ansible.cfg 224 | chown ${AUSERNAME} /home/${AUSERNAME}/install.sh 225 | chown -R ${AUSERNAME} /home/${AUSERNAME}/openshift-windows 226 | /home/${AUSERNAME}/install.sh &> /home/${AUSERNAME}/install.out & 227 | exit 0 228 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Apache License 2 | Version 2.0, January 2004 3 | http://www.apache.org/licenses/ 4 | 5 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 6 | 7 | 1. Definitions. 8 | 9 | "License" shall mean the terms and conditions for use, reproduction, 10 | and distribution as defined by Sections 1 through 9 of this document. 11 | 12 | "Licensor" shall mean the copyright owner or entity authorized by 13 | the copyright owner that is granting the License. 14 | 15 | "Legal Entity" shall mean the union of the acting entity and all 16 | other entities that control, are controlled by, or are under common 17 | control with that entity. For the purposes of this definition, 18 | "control" means (i) the power, direct or indirect, to cause the 19 | direction or management of such entity, whether by contract or 20 | otherwise, or (ii) ownership of fifty percent (50%) or more of the 21 | outstanding shares, or (iii) beneficial ownership of such entity. 22 | 23 | "You" (or "Your") shall mean an individual or Legal Entity 24 | exercising permissions granted by this License. 25 | 26 | "Source" form shall mean the preferred form for making modifications, 27 | including but not limited to software source code, documentation 28 | source, and configuration files. 29 | 30 | "Object" form shall mean any form resulting from mechanical 31 | transformation or translation of a Source form, including but 32 | not limited to compiled object code, generated documentation, 33 | and conversions to other media types. 34 | 35 | "Work" shall mean the work of authorship, whether in Source or 36 | Object form, made available under the License, as indicated by a 37 | copyright notice that is included in or attached to the work 38 | (an example is provided in the Appendix below). 39 | 40 | "Derivative Works" shall mean any work, whether in Source or Object 41 | form, that is based on (or derived from) the Work and for which the 42 | editorial revisions, annotations, elaborations, or other modifications 43 | represent, as a whole, an original work of authorship. For the purposes 44 | of this License, Derivative Works shall not include works that remain 45 | separable from, or merely link (or bind by name) to the interfaces of, 46 | the Work and Derivative Works thereof. 47 | 48 | "Contribution" shall mean any work of authorship, including 49 | the original version of the Work and any modifications or additions 50 | to that Work or Derivative Works thereof, that is intentionally 51 | submitted to Licensor for inclusion in the Work by the copyright owner 52 | or by an individual or Legal Entity authorized to submit on behalf of 53 | the copyright owner. For the purposes of this definition, "submitted" 54 | means any form of electronic, verbal, or written communication sent 55 | to the Licensor or its representatives, including but not limited to 56 | communication on electronic mailing lists, source code control systems, 57 | and issue tracking systems that are managed by, or on behalf of, the 58 | Licensor for the purpose of discussing and improving the Work, but 59 | excluding communication that is conspicuously marked or otherwise 60 | designated in writing by the copyright owner as "Not a Contribution." 61 | 62 | "Contributor" shall mean Licensor and any individual or Legal Entity 63 | on behalf of whom a Contribution has been received by Licensor and 64 | subsequently incorporated within the Work. 65 | 66 | 2. Grant of Copyright License. Subject to the terms and conditions of 67 | this License, each Contributor hereby grants to You a perpetual, 68 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 69 | copyright license to reproduce, prepare Derivative Works of, 70 | publicly display, publicly perform, sublicense, and distribute the 71 | Work and such Derivative Works in Source or Object form. 72 | 73 | 3. Grant of Patent License. Subject to the terms and conditions of 74 | this License, each Contributor hereby grants to You a perpetual, 75 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 76 | (except as stated in this section) patent license to make, have made, 77 | use, offer to sell, sell, import, and otherwise transfer the Work, 78 | where such license applies only to those patent claims licensable 79 | by such Contributor that are necessarily infringed by their 80 | Contribution(s) alone or by combination of their Contribution(s) 81 | with the Work to which such Contribution(s) was submitted. If You 82 | institute patent litigation against any entity (including a 83 | cross-claim or counterclaim in a lawsuit) alleging that the Work 84 | or a Contribution incorporated within the Work constitutes direct 85 | or contributory patent infringement, then any patent licenses 86 | granted to You under this License for that Work shall terminate 87 | as of the date such litigation is filed. 88 | 89 | 4. Redistribution. You may reproduce and distribute copies of the 90 | Work or Derivative Works thereof in any medium, with or without 91 | modifications, and in Source or Object form, provided that You 92 | meet the following conditions: 93 | 94 | (a) You must give any other recipients of the Work or 95 | Derivative Works a copy of this License; and 96 | 97 | (b) You must cause any modified files to carry prominent notices 98 | stating that You changed the files; and 99 | 100 | (c) You must retain, in the Source form of any Derivative Works 101 | that You distribute, all copyright, patent, trademark, and 102 | attribution notices from the Source form of the Work, 103 | excluding those notices that do not pertain to any part of 104 | the Derivative Works; and 105 | 106 | (d) If the Work includes a "NOTICE" text file as part of its 107 | distribution, then any Derivative Works that You distribute must 108 | include a readable copy of the attribution notices contained 109 | within such NOTICE file, excluding those notices that do not 110 | pertain to any part of the Derivative Works, in at least one 111 | of the following places: within a NOTICE text file distributed 112 | as part of the Derivative Works; within the Source form or 113 | documentation, if provided along with the Derivative Works; or, 114 | within a display generated by the Derivative Works, if and 115 | wherever such third-party notices normally appear. The contents 116 | of the NOTICE file are for informational purposes only and 117 | do not modify the License. You may add Your own attribution 118 | notices within Derivative Works that You distribute, alongside 119 | or as an addendum to the NOTICE text from the Work, provided 120 | that such additional attribution notices cannot be construed 121 | as modifying the License. 122 | 123 | You may add Your own copyright statement to Your modifications and 124 | may provide additional or different license terms and conditions 125 | for use, reproduction, or distribution of Your modifications, or 126 | for any such Derivative Works as a whole, provided Your use, 127 | reproduction, and distribution of the Work otherwise complies with 128 | the conditions stated in this License. 129 | 130 | 5. Submission of Contributions. Unless You explicitly state otherwise, 131 | any Contribution intentionally submitted for inclusion in the Work 132 | by You to the Licensor shall be under the terms and conditions of 133 | this License, without any additional terms or conditions. 134 | Notwithstanding the above, nothing herein shall supersede or modify 135 | the terms of any separate license agreement you may have executed 136 | with Licensor regarding such Contributions. 137 | 138 | 6. Trademarks. This License does not grant permission to use the trade 139 | names, trademarks, service marks, or product names of the Licensor, 140 | except as required for reasonable and customary use in describing the 141 | origin of the Work and reproducing the content of the NOTICE file. 142 | 143 | 7. Disclaimer of Warranty. Unless required by applicable law or 144 | agreed to in writing, Licensor provides the Work (and each 145 | Contributor provides its Contributions) on an "AS IS" BASIS, 146 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 147 | implied, including, without limitation, any warranties or conditions 148 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A 149 | PARTICULAR PURPOSE. You are solely responsible for determining the 150 | appropriateness of using or redistributing the Work and assume any 151 | risks associated with Your exercise of permissions under this License. 152 | 153 | 8. Limitation of Liability. In no event and under no legal theory, 154 | whether in tort (including negligence), contract, or otherwise, 155 | unless required by applicable law (such as deliberate and grossly 156 | negligent acts) or agreed to in writing, shall any Contributor be 157 | liable to You for damages, including any direct, indirect, special, 158 | incidental, or consequential damages of any character arising as a 159 | result of this License or out of the use or inability to use the 160 | Work (including but not limited to damages for loss of goodwill, 161 | work stoppage, computer failure or malfunction, or any and all 162 | other commercial damages or losses), even if such Contributor 163 | has been advised of the possibility of such damages. 164 | 165 | 9. Accepting Warranty or Additional Liability. While redistributing 166 | the Work or Derivative Works thereof, You may choose to offer, 167 | and charge a fee for, acceptance of support, warranty, indemnity, 168 | or other liability obligations and/or rights consistent with this 169 | License. However, in accepting such obligations, You may act only 170 | on Your own behalf and on Your sole responsibility, not on behalf 171 | of any other Contributor, and only if You agree to indemnify, 172 | defend, and hold each Contributor harmless for any liability 173 | incurred by, or claims asserted against, such Contributor by reason 174 | of your accepting any such warranty or additional liability. 175 | 176 | END OF TERMS AND CONDITIONS 177 | 178 | APPENDIX: How to apply the Apache License to your work. 179 | 180 | To apply the Apache License to your work, attach the following 181 | boilerplate notice, with the fields enclosed by brackets "[]" 182 | replaced with your own identifying information. (Don't include 183 | the brackets!) The text should be enclosed in the appropriate 184 | comment syntax for the file format. We also recommend that a 185 | file or class name and description of purpose be included on the 186 | same "printed page" as the copyright notice for easier 187 | identification within third-party archives. 188 | 189 | Copyright [yyyy] [name of copyright owner] 190 | 191 | Licensed under the Apache License, Version 2.0 (the "License"); 192 | you may not use this file except in compliance with the License. 193 | You may obtain a copy of the License at 194 | 195 | http://www.apache.org/licenses/LICENSE-2.0 196 | 197 | Unless required by applicable law or agreed to in writing, software 198 | distributed under the License is distributed on an "AS IS" BASIS, 199 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 200 | See the License for the specific language governing permissions and 201 | limitations under the License. 202 | -------------------------------------------------------------------------------- /3.9/azure/nodewin.ps1: -------------------------------------------------------------------------------- 1 | #requires -Version 3.0 2 | 3 | # From: https://github.com/ansible/ansible/blob/devel/examples/scripts/ConfigureRemotingForAnsible.ps1 4 | # Configure a Windows host for remote management with Ansible 5 | # ----------------------------------------------------------- 6 | # 7 | # This script checks the current WinRM (PS Remoting) configuration and makes 8 | # the necessary changes to allow Ansible to connect, authenticate and 9 | # execute PowerShell commands. 10 | # 11 | # All events are logged to the Windows EventLog, useful for unattended runs. 12 | # 13 | # Use option -Verbose in order to see the verbose output messages. 14 | # 15 | # Use option -CertValidityDays to specify how long this certificate is valid 16 | # starting from today. So you would specify -CertValidityDays 3650 to get 17 | # a 10-year valid certificate. 18 | # 19 | # Use option -ForceNewSSLCert if the system has been SysPreped and a new 20 | # SSL Certificate must be forced on the WinRM Listener when re-running this 21 | # script. This is necessary when a new SID and CN name is created. 22 | # 23 | # Use option -EnableCredSSP to enable CredSSP as an authentication option. 24 | # 25 | # Use option -DisableBasicAuth to disable basic authentication. 26 | # 27 | # Use option -SkipNetworkProfileCheck to skip the network profile check. 28 | # Without specifying this the script will only run if the device's interfaces 29 | # are in DOMAIN or PRIVATE zones. Provide this switch if you want to enable 30 | # WinRM on a device with an interface in PUBLIC zone. 31 | # 32 | # Use option -SubjectName to specify the CN name of the certificate. This 33 | # defaults to the system's hostname and generally should not be specified. 34 | 35 | # Written by Trond Hindenes 36 | # Updated by Chris Church 37 | # Updated by Michael Crilly 38 | # Updated by Anton Ouzounov 39 | # Updated by Nicolas Simond 40 | # Updated by Dag Wieërs 41 | # Updated by Jordan Borean 42 | # Updated by Erwan Quélin 43 | # 44 | # Version 1.0 - 2014-07-06 45 | # Version 1.1 - 2014-11-11 46 | # Version 1.2 - 2015-05-15 47 | # Version 1.3 - 2016-04-04 48 | # Version 1.4 - 2017-01-05 49 | # Version 1.5 - 2017-02-09 50 | # Version 1.6 - 2017-04-18 51 | # Version 1.7 - 2017-11-23 52 | 53 | # Support -Verbose option 54 | [CmdletBinding()] 55 | 56 | Param ( 57 | [string]$SubjectName = $env:COMPUTERNAME, 58 | [int]$CertValidityDays = 1095, 59 | [switch]$SkipNetworkProfileCheck, 60 | $CreateSelfSignedCert = $true, 61 | [switch]$ForceNewSSLCert, 62 | [switch]$GlobalHttpFirewallAccess, 63 | [switch]$DisableBasicAuth = $false, 64 | [switch]$EnableCredSSP 65 | ) 66 | 67 | Function Write-Log 68 | { 69 | $Message = $args[0] 70 | Write-EventLog -LogName Application -Source $EventSource -EntryType Information -EventId 1 -Message $Message 71 | } 72 | 73 | Function Write-VerboseLog 74 | { 75 | $Message = $args[0] 76 | Write-Verbose $Message 77 | Write-Log $Message 78 | } 79 | 80 | Function Write-HostLog 81 | { 82 | $Message = $args[0] 83 | Write-Output $Message 84 | Write-Log $Message 85 | } 86 | 87 | Function New-LegacySelfSignedCert 88 | { 89 | Param ( 90 | [string]$SubjectName, 91 | [int]$ValidDays = 1095 92 | ) 93 | 94 | $name = New-Object -COM "X509Enrollment.CX500DistinguishedName.1" 95 | $name.Encode("CN=$SubjectName", 0) 96 | 97 | $key = New-Object -COM "X509Enrollment.CX509PrivateKey.1" 98 | $key.ProviderName = "Microsoft RSA SChannel Cryptographic Provider" 99 | $key.KeySpec = 1 100 | $key.Length = 4096 101 | $key.SecurityDescriptor = "D:PAI(A;;0xd01f01ff;;;SY)(A;;0xd01f01ff;;;BA)(A;;0x80120089;;;NS)" 102 | $key.MachineContext = 1 103 | $key.Create() 104 | 105 | $serverauthoid = New-Object -COM "X509Enrollment.CObjectId.1" 106 | $serverauthoid.InitializeFromValue("1.3.6.1.5.5.7.3.1") 107 | $ekuoids = New-Object -COM "X509Enrollment.CObjectIds.1" 108 | $ekuoids.Add($serverauthoid) 109 | $ekuext = New-Object -COM "X509Enrollment.CX509ExtensionEnhancedKeyUsage.1" 110 | $ekuext.InitializeEncode($ekuoids) 111 | 112 | $cert = New-Object -COM "X509Enrollment.CX509CertificateRequestCertificate.1" 113 | $cert.InitializeFromPrivateKey(2, $key, "") 114 | $cert.Subject = $name 115 | $cert.Issuer = $cert.Subject 116 | $cert.NotBefore = (Get-Date).AddDays(-1) 117 | $cert.NotAfter = $cert.NotBefore.AddDays($ValidDays) 118 | $cert.X509Extensions.Add($ekuext) 119 | $cert.Encode() 120 | 121 | $enrollment = New-Object -COM "X509Enrollment.CX509Enrollment.1" 122 | $enrollment.InitializeFromRequest($cert) 123 | $certdata = $enrollment.CreateRequest(0) 124 | $enrollment.InstallResponse(2, $certdata, 0, "") 125 | 126 | # extract/return the thumbprint from the generated cert 127 | $parsed_cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2 128 | $parsed_cert.Import([System.Text.Encoding]::UTF8.GetBytes($certdata)) 129 | 130 | return $parsed_cert.Thumbprint 131 | } 132 | 133 | Function Enable-GlobalHttpFirewallAccess 134 | { 135 | Write-Verbose "Forcing global HTTP firewall access" 136 | # this is a fairly naive implementation; could be more sophisticated about rule matching/collapsing 137 | $fw = New-Object -ComObject HNetCfg.FWPolicy2 138 | 139 | # try to find/enable the default rule first 140 | $add_rule = $false 141 | $matching_rules = $fw.Rules | ? { $_.Name -eq "Windows Remote Management (HTTP-In)" } 142 | $rule = $null 143 | If ($matching_rules) { 144 | If ($matching_rules -isnot [Array]) { 145 | Write-Verbose "Editing existing single HTTP firewall rule" 146 | $rule = $matching_rules 147 | } 148 | Else { 149 | # try to find one with the All or Public profile first 150 | Write-Verbose "Found multiple existing HTTP firewall rules..." 151 | $rule = $matching_rules | % { $_.Profiles -band 4 }[0] 152 | 153 | If (-not $rule -or $rule -is [Array]) { 154 | Write-Verbose "Editing an arbitrary single HTTP firewall rule (multiple existed)" 155 | # oh well, just pick the first one 156 | $rule = $matching_rules[0] 157 | } 158 | } 159 | } 160 | 161 | If (-not $rule) { 162 | Write-Verbose "Creating a new HTTP firewall rule" 163 | $rule = New-Object -ComObject HNetCfg.FWRule 164 | $rule.Name = "Windows Remote Management (HTTP-In)" 165 | $rule.Description = "Inbound rule for Windows Remote Management via WS-Management. [TCP 5985]" 166 | $add_rule = $true 167 | } 168 | 169 | $rule.Profiles = 0x7FFFFFFF 170 | $rule.Protocol = 6 171 | $rule.LocalPorts = 5985 172 | $rule.RemotePorts = "*" 173 | $rule.LocalAddresses = "*" 174 | $rule.RemoteAddresses = "*" 175 | $rule.Enabled = $true 176 | $rule.Direction = 1 177 | $rule.Action = 1 178 | $rule.Grouping = "Windows Remote Management" 179 | 180 | If ($add_rule) { 181 | $fw.Rules.Add($rule) 182 | } 183 | 184 | Write-Verbose "HTTP firewall rule $($rule.Name) updated" 185 | } 186 | 187 | # Setup error handling. 188 | Trap 189 | { 190 | $_ 191 | Exit 1 192 | } 193 | $ErrorActionPreference = "Stop" 194 | 195 | # Get the ID and security principal of the current user account 196 | $myWindowsID=[System.Security.Principal.WindowsIdentity]::GetCurrent() 197 | $myWindowsPrincipal=new-object System.Security.Principal.WindowsPrincipal($myWindowsID) 198 | 199 | # Get the security principal for the Administrator role 200 | $adminRole=[System.Security.Principal.WindowsBuiltInRole]::Administrator 201 | 202 | # Check to see if we are currently running "as Administrator" 203 | if (-Not $myWindowsPrincipal.IsInRole($adminRole)) 204 | { 205 | Write-Output "ERROR: You need elevated Administrator privileges in order to run this script." 206 | Write-Output " Start Windows PowerShell by using the Run as Administrator option." 207 | Exit 2 208 | } 209 | 210 | $EventSource = $MyInvocation.MyCommand.Name 211 | If (-Not $EventSource) 212 | { 213 | $EventSource = "Powershell CLI" 214 | } 215 | 216 | If ([System.Diagnostics.EventLog]::Exists('Application') -eq $False -or [System.Diagnostics.EventLog]::SourceExists($EventSource) -eq $False) 217 | { 218 | New-EventLog -LogName Application -Source $EventSource 219 | } 220 | 221 | # Detect PowerShell version. 222 | If ($PSVersionTable.PSVersion.Major -lt 3) 223 | { 224 | Write-Log "PowerShell version 3 or higher is required." 225 | Throw "PowerShell version 3 or higher is required." 226 | } 227 | 228 | # Find and start the WinRM service. 229 | Write-Verbose "Verifying WinRM service." 230 | If (!(Get-Service "WinRM")) 231 | { 232 | Write-Log "Unable to find the WinRM service." 233 | Throw "Unable to find the WinRM service." 234 | } 235 | ElseIf ((Get-Service "WinRM").Status -ne "Running") 236 | { 237 | Write-Verbose "Setting WinRM service to start automatically on boot." 238 | Set-Service -Name "WinRM" -StartupType Automatic 239 | Write-Log "Set WinRM service to start automatically on boot." 240 | Write-Verbose "Starting WinRM service." 241 | Start-Service -Name "WinRM" -ErrorAction Stop 242 | Write-Log "Started WinRM service." 243 | 244 | } 245 | 246 | # WinRM should be running; check that we have a PS session config. 247 | If (!(Get-PSSessionConfiguration -Verbose:$false) -or (!(Get-ChildItem WSMan:\localhost\Listener))) 248 | { 249 | If ($SkipNetworkProfileCheck) { 250 | Write-Verbose "Enabling PS Remoting without checking Network profile." 251 | Enable-PSRemoting -SkipNetworkProfileCheck -Force -ErrorAction Stop 252 | Write-Log "Enabled PS Remoting without checking Network profile." 253 | } 254 | Else { 255 | Write-Verbose "Enabling PS Remoting." 256 | Enable-PSRemoting -Force -ErrorAction Stop 257 | Write-Log "Enabled PS Remoting." 258 | } 259 | } 260 | Else 261 | { 262 | Write-Verbose "PS Remoting is already enabled." 263 | } 264 | 265 | # Make sure there is a SSL listener. 266 | $listeners = Get-ChildItem WSMan:\localhost\Listener 267 | If (!($listeners | Where {$_.Keys -like "TRANSPORT=HTTPS"})) 268 | { 269 | # We cannot use New-SelfSignedCertificate on 2012R2 and earlier 270 | $thumbprint = New-LegacySelfSignedCert -SubjectName $SubjectName -ValidDays $CertValidityDays 271 | Write-HostLog "Self-signed SSL certificate generated; thumbprint: $thumbprint" 272 | 273 | # Create the hashtables of settings to be used. 274 | $valueset = @{ 275 | Hostname = $SubjectName 276 | CertificateThumbprint = $thumbprint 277 | } 278 | 279 | $selectorset = @{ 280 | Transport = "HTTPS" 281 | Address = "*" 282 | } 283 | 284 | Write-Verbose "Enabling SSL listener." 285 | New-WSManInstance -ResourceURI 'winrm/config/Listener' -SelectorSet $selectorset -ValueSet $valueset 286 | Write-Log "Enabled SSL listener." 287 | } 288 | Else 289 | { 290 | Write-Verbose "SSL listener is already active." 291 | 292 | # Force a new SSL cert on Listener if the $ForceNewSSLCert 293 | If ($ForceNewSSLCert) 294 | { 295 | 296 | # We cannot use New-SelfSignedCertificate on 2012R2 and earlier 297 | $thumbprint = New-LegacySelfSignedCert -SubjectName $SubjectName -ValidDays $CertValidityDays 298 | Write-HostLog "Self-signed SSL certificate generated; thumbprint: $thumbprint" 299 | 300 | $valueset = @{ 301 | CertificateThumbprint = $thumbprint 302 | Hostname = $SubjectName 303 | } 304 | 305 | # Delete the listener for SSL 306 | $selectorset = @{ 307 | Address = "*" 308 | Transport = "HTTPS" 309 | } 310 | Remove-WSManInstance -ResourceURI 'winrm/config/Listener' -SelectorSet $selectorset 311 | 312 | # Add new Listener with new SSL cert 313 | New-WSManInstance -ResourceURI 'winrm/config/Listener' -SelectorSet $selectorset -ValueSet $valueset 314 | } 315 | } 316 | 317 | # Check for basic authentication. 318 | $basicAuthSetting = Get-ChildItem WSMan:\localhost\Service\Auth | Where-Object {$_.Name -eq "Basic"} 319 | 320 | If ($DisableBasicAuth) 321 | { 322 | If (($basicAuthSetting.Value) -eq $true) 323 | { 324 | Write-Verbose "Disabling basic auth support." 325 | Set-Item -Path "WSMan:\localhost\Service\Auth\Basic" -Value $false 326 | Write-Log "Disabled basic auth support." 327 | } 328 | Else 329 | { 330 | Write-Verbose "Basic auth is already disabled." 331 | } 332 | } 333 | Else 334 | { 335 | If (($basicAuthSetting.Value) -eq $false) 336 | { 337 | Write-Verbose "Enabling basic auth support." 338 | Set-Item -Path "WSMan:\localhost\Service\Auth\Basic" -Value $true 339 | Write-Log "Enabled basic auth support." 340 | } 341 | Else 342 | { 343 | Write-Verbose "Basic auth is already enabled." 344 | } 345 | } 346 | 347 | # If EnableCredSSP if set to true 348 | If ($EnableCredSSP) 349 | { 350 | # Check for CredSSP authentication 351 | $credsspAuthSetting = Get-ChildItem WSMan:\localhost\Service\Auth | Where {$_.Name -eq "CredSSP"} 352 | If (($credsspAuthSetting.Value) -eq $false) 353 | { 354 | Write-Verbose "Enabling CredSSP auth support." 355 | Enable-WSManCredSSP -role server -Force 356 | Write-Log "Enabled CredSSP auth support." 357 | } 358 | } 359 | 360 | If ($GlobalHttpFirewallAccess) { 361 | Enable-GlobalHttpFirewallAccess 362 | } 363 | 364 | # Configure firewall to allow WinRM HTTPS connections. 365 | $fwtest1 = netsh advfirewall firewall show rule name="Allow WinRM HTTPS" 366 | $fwtest2 = netsh advfirewall firewall show rule name="Allow WinRM HTTPS" profile=any 367 | If ($fwtest1.count -lt 5) 368 | { 369 | Write-Verbose "Adding firewall rule to allow WinRM HTTPS." 370 | netsh advfirewall firewall add rule profile=any name="Allow WinRM HTTPS" dir=in localport=5986 protocol=TCP action=allow 371 | Write-Log "Added firewall rule to allow WinRM HTTPS." 372 | } 373 | ElseIf (($fwtest1.count -ge 5) -and ($fwtest2.count -lt 5)) 374 | { 375 | Write-Verbose "Updating firewall rule to allow WinRM HTTPS for any profile." 376 | netsh advfirewall firewall set rule name="Allow WinRM HTTPS" new profile=any 377 | Write-Log "Updated firewall rule to allow WinRM HTTPS for any profile." 378 | } 379 | Else 380 | { 381 | Write-Verbose "Firewall rule already exists to allow WinRM HTTPS." 382 | } 383 | 384 | # Test a remoting connection to localhost, which should work. 385 | $httpResult = Invoke-Command -ComputerName "localhost" -ScriptBlock {$env:COMPUTERNAME} -ErrorVariable httpError -ErrorAction SilentlyContinue 386 | $httpsOptions = New-PSSessionOption -SkipCACheck -SkipCNCheck -SkipRevocationCheck 387 | 388 | $httpsResult = New-PSSession -UseSSL -ComputerName "localhost" -SessionOption $httpsOptions -ErrorVariable httpsError -ErrorAction SilentlyContinue 389 | 390 | If ($httpResult -and $httpsResult) 391 | { 392 | Write-Verbose "HTTP: Enabled | HTTPS: Enabled" 393 | } 394 | ElseIf ($httpsResult -and !$httpResult) 395 | { 396 | Write-Verbose "HTTP: Disabled | HTTPS: Enabled" 397 | } 398 | ElseIf ($httpResult -and !$httpsResult) 399 | { 400 | Write-Verbose "HTTP: Enabled | HTTPS: Disabled" 401 | } 402 | Else 403 | { 404 | Write-Log "Unable to establish an HTTP or HTTPS remoting session." 405 | Throw "Unable to establish an HTTP or HTTPS remoting session." 406 | } 407 | winrm set winrm/config/client/auth '@{Basic="true"}' 408 | winrm set winrm/config/service/auth '@{Basic="true"}' 409 | winrm set winrm/config/service '@{AllowUnencrypted="true"}' 410 | Write-VerboseLog "PS Remoting has been successfully configured for Ansible." 411 | 412 | -------------------------------------------------------------------------------- /3.10/azure/nodewin.ps1: -------------------------------------------------------------------------------- 1 | #requires -Version 3.0 2 | 3 | # From: https://github.com/ansible/ansible/blob/devel/examples/scripts/ConfigureRemotingForAnsible.ps1 4 | # Configure a Windows host for remote management with Ansible 5 | # ----------------------------------------------------------- 6 | # 7 | # This script checks the current WinRM (PS Remoting) configuration and makes 8 | # the necessary changes to allow Ansible to connect, authenticate and 9 | # execute PowerShell commands. 10 | # 11 | # All events are logged to the Windows EventLog, useful for unattended runs. 12 | # 13 | # Use option -Verbose in order to see the verbose output messages. 14 | # 15 | # Use option -CertValidityDays to specify how long this certificate is valid 16 | # starting from today. So you would specify -CertValidityDays 3650 to get 17 | # a 10-year valid certificate. 18 | # 19 | # Use option -ForceNewSSLCert if the system has been SysPreped and a new 20 | # SSL Certificate must be forced on the WinRM Listener when re-running this 21 | # script. This is necessary when a new SID and CN name is created. 22 | # 23 | # Use option -EnableCredSSP to enable CredSSP as an authentication option. 24 | # 25 | # Use option -DisableBasicAuth to disable basic authentication. 26 | # 27 | # Use option -SkipNetworkProfileCheck to skip the network profile check. 28 | # Without specifying this the script will only run if the device's interfaces 29 | # are in DOMAIN or PRIVATE zones. Provide this switch if you want to enable 30 | # WinRM on a device with an interface in PUBLIC zone. 31 | # 32 | # Use option -SubjectName to specify the CN name of the certificate. This 33 | # defaults to the system's hostname and generally should not be specified. 34 | 35 | # Written by Trond Hindenes 36 | # Updated by Chris Church 37 | # Updated by Michael Crilly 38 | # Updated by Anton Ouzounov 39 | # Updated by Nicolas Simond 40 | # Updated by Dag Wieërs 41 | # Updated by Jordan Borean 42 | # Updated by Erwan Quélin 43 | # 44 | # Version 1.0 - 2014-07-06 45 | # Version 1.1 - 2014-11-11 46 | # Version 1.2 - 2015-05-15 47 | # Version 1.3 - 2016-04-04 48 | # Version 1.4 - 2017-01-05 49 | # Version 1.5 - 2017-02-09 50 | # Version 1.6 - 2017-04-18 51 | # Version 1.7 - 2017-11-23 52 | 53 | # Support -Verbose option 54 | [CmdletBinding()] 55 | 56 | Param ( 57 | [string]$SubjectName = $env:COMPUTERNAME, 58 | [int]$CertValidityDays = 1095, 59 | [switch]$SkipNetworkProfileCheck, 60 | $CreateSelfSignedCert = $true, 61 | [switch]$ForceNewSSLCert, 62 | [switch]$GlobalHttpFirewallAccess, 63 | [switch]$DisableBasicAuth = $false, 64 | [switch]$EnableCredSSP 65 | ) 66 | 67 | Function Write-Log 68 | { 69 | $Message = $args[0] 70 | Write-EventLog -LogName Application -Source $EventSource -EntryType Information -EventId 1 -Message $Message 71 | } 72 | 73 | Function Write-VerboseLog 74 | { 75 | $Message = $args[0] 76 | Write-Verbose $Message 77 | Write-Log $Message 78 | } 79 | 80 | Function Write-HostLog 81 | { 82 | $Message = $args[0] 83 | Write-Output $Message 84 | Write-Log $Message 85 | } 86 | 87 | Function New-LegacySelfSignedCert 88 | { 89 | Param ( 90 | [string]$SubjectName, 91 | [int]$ValidDays = 1095 92 | ) 93 | 94 | $name = New-Object -COM "X509Enrollment.CX500DistinguishedName.1" 95 | $name.Encode("CN=$SubjectName", 0) 96 | 97 | $key = New-Object -COM "X509Enrollment.CX509PrivateKey.1" 98 | $key.ProviderName = "Microsoft RSA SChannel Cryptographic Provider" 99 | $key.KeySpec = 1 100 | $key.Length = 4096 101 | $key.SecurityDescriptor = "D:PAI(A;;0xd01f01ff;;;SY)(A;;0xd01f01ff;;;BA)(A;;0x80120089;;;NS)" 102 | $key.MachineContext = 1 103 | $key.Create() 104 | 105 | $serverauthoid = New-Object -COM "X509Enrollment.CObjectId.1" 106 | $serverauthoid.InitializeFromValue("1.3.6.1.5.5.7.3.1") 107 | $ekuoids = New-Object -COM "X509Enrollment.CObjectIds.1" 108 | $ekuoids.Add($serverauthoid) 109 | $ekuext = New-Object -COM "X509Enrollment.CX509ExtensionEnhancedKeyUsage.1" 110 | $ekuext.InitializeEncode($ekuoids) 111 | 112 | $cert = New-Object -COM "X509Enrollment.CX509CertificateRequestCertificate.1" 113 | $cert.InitializeFromPrivateKey(2, $key, "") 114 | $cert.Subject = $name 115 | $cert.Issuer = $cert.Subject 116 | $cert.NotBefore = (Get-Date).AddDays(-1) 117 | $cert.NotAfter = $cert.NotBefore.AddDays($ValidDays) 118 | $cert.X509Extensions.Add($ekuext) 119 | $cert.Encode() 120 | 121 | $enrollment = New-Object -COM "X509Enrollment.CX509Enrollment.1" 122 | $enrollment.InitializeFromRequest($cert) 123 | $certdata = $enrollment.CreateRequest(0) 124 | $enrollment.InstallResponse(2, $certdata, 0, "") 125 | 126 | # extract/return the thumbprint from the generated cert 127 | $parsed_cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2 128 | $parsed_cert.Import([System.Text.Encoding]::UTF8.GetBytes($certdata)) 129 | 130 | return $parsed_cert.Thumbprint 131 | } 132 | 133 | Function Enable-GlobalHttpFirewallAccess 134 | { 135 | Write-Verbose "Forcing global HTTP firewall access" 136 | # this is a fairly naive implementation; could be more sophisticated about rule matching/collapsing 137 | $fw = New-Object -ComObject HNetCfg.FWPolicy2 138 | 139 | # try to find/enable the default rule first 140 | $add_rule = $false 141 | $matching_rules = $fw.Rules | ? { $_.Name -eq "Windows Remote Management (HTTP-In)" } 142 | $rule = $null 143 | If ($matching_rules) { 144 | If ($matching_rules -isnot [Array]) { 145 | Write-Verbose "Editing existing single HTTP firewall rule" 146 | $rule = $matching_rules 147 | } 148 | Else { 149 | # try to find one with the All or Public profile first 150 | Write-Verbose "Found multiple existing HTTP firewall rules..." 151 | $rule = $matching_rules | % { $_.Profiles -band 4 }[0] 152 | 153 | If (-not $rule -or $rule -is [Array]) { 154 | Write-Verbose "Editing an arbitrary single HTTP firewall rule (multiple existed)" 155 | # oh well, just pick the first one 156 | $rule = $matching_rules[0] 157 | } 158 | } 159 | } 160 | 161 | If (-not $rule) { 162 | Write-Verbose "Creating a new HTTP firewall rule" 163 | $rule = New-Object -ComObject HNetCfg.FWRule 164 | $rule.Name = "Windows Remote Management (HTTP-In)" 165 | $rule.Description = "Inbound rule for Windows Remote Management via WS-Management. [TCP 5985]" 166 | $add_rule = $true 167 | } 168 | 169 | $rule.Profiles = 0x7FFFFFFF 170 | $rule.Protocol = 6 171 | $rule.LocalPorts = 5985 172 | $rule.RemotePorts = "*" 173 | $rule.LocalAddresses = "*" 174 | $rule.RemoteAddresses = "*" 175 | $rule.Enabled = $true 176 | $rule.Direction = 1 177 | $rule.Action = 1 178 | $rule.Grouping = "Windows Remote Management" 179 | 180 | If ($add_rule) { 181 | $fw.Rules.Add($rule) 182 | } 183 | 184 | Write-Verbose "HTTP firewall rule $($rule.Name) updated" 185 | } 186 | 187 | # Setup error handling. 188 | Trap 189 | { 190 | $_ 191 | Exit 1 192 | } 193 | $ErrorActionPreference = "Stop" 194 | 195 | # Get the ID and security principal of the current user account 196 | $myWindowsID=[System.Security.Principal.WindowsIdentity]::GetCurrent() 197 | $myWindowsPrincipal=new-object System.Security.Principal.WindowsPrincipal($myWindowsID) 198 | 199 | # Get the security principal for the Administrator role 200 | $adminRole=[System.Security.Principal.WindowsBuiltInRole]::Administrator 201 | 202 | # Check to see if we are currently running "as Administrator" 203 | if (-Not $myWindowsPrincipal.IsInRole($adminRole)) 204 | { 205 | Write-Output "ERROR: You need elevated Administrator privileges in order to run this script." 206 | Write-Output " Start Windows PowerShell by using the Run as Administrator option." 207 | Exit 2 208 | } 209 | 210 | $EventSource = $MyInvocation.MyCommand.Name 211 | If (-Not $EventSource) 212 | { 213 | $EventSource = "Powershell CLI" 214 | } 215 | 216 | If ([System.Diagnostics.EventLog]::Exists('Application') -eq $False -or [System.Diagnostics.EventLog]::SourceExists($EventSource) -eq $False) 217 | { 218 | New-EventLog -LogName Application -Source $EventSource 219 | } 220 | 221 | # Detect PowerShell version. 222 | If ($PSVersionTable.PSVersion.Major -lt 3) 223 | { 224 | Write-Log "PowerShell version 3 or higher is required." 225 | Throw "PowerShell version 3 or higher is required." 226 | } 227 | 228 | # Find and start the WinRM service. 229 | Write-Verbose "Verifying WinRM service." 230 | If (!(Get-Service "WinRM")) 231 | { 232 | Write-Log "Unable to find the WinRM service." 233 | Throw "Unable to find the WinRM service." 234 | } 235 | ElseIf ((Get-Service "WinRM").Status -ne "Running") 236 | { 237 | Write-Verbose "Setting WinRM service to start automatically on boot." 238 | Set-Service -Name "WinRM" -StartupType Automatic 239 | Write-Log "Set WinRM service to start automatically on boot." 240 | Write-Verbose "Starting WinRM service." 241 | Start-Service -Name "WinRM" -ErrorAction Stop 242 | Write-Log "Started WinRM service." 243 | 244 | } 245 | 246 | # WinRM should be running; check that we have a PS session config. 247 | If (!(Get-PSSessionConfiguration -Verbose:$false) -or (!(Get-ChildItem WSMan:\localhost\Listener))) 248 | { 249 | If ($SkipNetworkProfileCheck) { 250 | Write-Verbose "Enabling PS Remoting without checking Network profile." 251 | Enable-PSRemoting -SkipNetworkProfileCheck -Force -ErrorAction Stop 252 | Write-Log "Enabled PS Remoting without checking Network profile." 253 | } 254 | Else { 255 | Write-Verbose "Enabling PS Remoting." 256 | Enable-PSRemoting -Force -ErrorAction Stop 257 | Write-Log "Enabled PS Remoting." 258 | } 259 | } 260 | Else 261 | { 262 | Write-Verbose "PS Remoting is already enabled." 263 | } 264 | 265 | # Make sure there is a SSL listener. 266 | $listeners = Get-ChildItem WSMan:\localhost\Listener 267 | If (!($listeners | Where {$_.Keys -like "TRANSPORT=HTTPS"})) 268 | { 269 | # We cannot use New-SelfSignedCertificate on 2012R2 and earlier 270 | $thumbprint = New-LegacySelfSignedCert -SubjectName $SubjectName -ValidDays $CertValidityDays 271 | Write-HostLog "Self-signed SSL certificate generated; thumbprint: $thumbprint" 272 | 273 | # Create the hashtables of settings to be used. 274 | $valueset = @{ 275 | Hostname = $SubjectName 276 | CertificateThumbprint = $thumbprint 277 | } 278 | 279 | $selectorset = @{ 280 | Transport = "HTTPS" 281 | Address = "*" 282 | } 283 | 284 | Write-Verbose "Enabling SSL listener." 285 | New-WSManInstance -ResourceURI 'winrm/config/Listener' -SelectorSet $selectorset -ValueSet $valueset 286 | Write-Log "Enabled SSL listener." 287 | } 288 | Else 289 | { 290 | Write-Verbose "SSL listener is already active." 291 | 292 | # Force a new SSL cert on Listener if the $ForceNewSSLCert 293 | If ($ForceNewSSLCert) 294 | { 295 | 296 | # We cannot use New-SelfSignedCertificate on 2012R2 and earlier 297 | $thumbprint = New-LegacySelfSignedCert -SubjectName $SubjectName -ValidDays $CertValidityDays 298 | Write-HostLog "Self-signed SSL certificate generated; thumbprint: $thumbprint" 299 | 300 | $valueset = @{ 301 | CertificateThumbprint = $thumbprint 302 | Hostname = $SubjectName 303 | } 304 | 305 | # Delete the listener for SSL 306 | $selectorset = @{ 307 | Address = "*" 308 | Transport = "HTTPS" 309 | } 310 | Remove-WSManInstance -ResourceURI 'winrm/config/Listener' -SelectorSet $selectorset 311 | 312 | # Add new Listener with new SSL cert 313 | New-WSManInstance -ResourceURI 'winrm/config/Listener' -SelectorSet $selectorset -ValueSet $valueset 314 | } 315 | } 316 | 317 | # Check for basic authentication. 318 | $basicAuthSetting = Get-ChildItem WSMan:\localhost\Service\Auth | Where-Object {$_.Name -eq "Basic"} 319 | 320 | If ($DisableBasicAuth) 321 | { 322 | If (($basicAuthSetting.Value) -eq $true) 323 | { 324 | Write-Verbose "Disabling basic auth support." 325 | Set-Item -Path "WSMan:\localhost\Service\Auth\Basic" -Value $false 326 | Write-Log "Disabled basic auth support." 327 | } 328 | Else 329 | { 330 | Write-Verbose "Basic auth is already disabled." 331 | } 332 | } 333 | Else 334 | { 335 | If (($basicAuthSetting.Value) -eq $false) 336 | { 337 | Write-Verbose "Enabling basic auth support." 338 | Set-Item -Path "WSMan:\localhost\Service\Auth\Basic" -Value $true 339 | Write-Log "Enabled basic auth support." 340 | } 341 | Else 342 | { 343 | Write-Verbose "Basic auth is already enabled." 344 | } 345 | } 346 | 347 | # If EnableCredSSP if set to true 348 | If ($EnableCredSSP) 349 | { 350 | # Check for CredSSP authentication 351 | $credsspAuthSetting = Get-ChildItem WSMan:\localhost\Service\Auth | Where {$_.Name -eq "CredSSP"} 352 | If (($credsspAuthSetting.Value) -eq $false) 353 | { 354 | Write-Verbose "Enabling CredSSP auth support." 355 | Enable-WSManCredSSP -role server -Force 356 | Write-Log "Enabled CredSSP auth support." 357 | } 358 | } 359 | 360 | If ($GlobalHttpFirewallAccess) { 361 | Enable-GlobalHttpFirewallAccess 362 | } 363 | 364 | # Configure firewall to allow WinRM HTTPS connections. 365 | $fwtest1 = netsh advfirewall firewall show rule name="Allow WinRM HTTPS" 366 | $fwtest2 = netsh advfirewall firewall show rule name="Allow WinRM HTTPS" profile=any 367 | If ($fwtest1.count -lt 5) 368 | { 369 | Write-Verbose "Adding firewall rule to allow WinRM HTTPS." 370 | netsh advfirewall firewall add rule profile=any name="Allow WinRM HTTPS" dir=in localport=5986 protocol=TCP action=allow 371 | Write-Log "Added firewall rule to allow WinRM HTTPS." 372 | } 373 | ElseIf (($fwtest1.count -ge 5) -and ($fwtest2.count -lt 5)) 374 | { 375 | Write-Verbose "Updating firewall rule to allow WinRM HTTPS for any profile." 376 | netsh advfirewall firewall set rule name="Allow WinRM HTTPS" new profile=any 377 | Write-Log "Updated firewall rule to allow WinRM HTTPS for any profile." 378 | } 379 | Else 380 | { 381 | Write-Verbose "Firewall rule already exists to allow WinRM HTTPS." 382 | } 383 | 384 | # Test a remoting connection to localhost, which should work. 385 | $httpResult = Invoke-Command -ComputerName "localhost" -ScriptBlock {$env:COMPUTERNAME} -ErrorVariable httpError -ErrorAction SilentlyContinue 386 | $httpsOptions = New-PSSessionOption -SkipCACheck -SkipCNCheck -SkipRevocationCheck 387 | 388 | $httpsResult = New-PSSession -UseSSL -ComputerName "localhost" -SessionOption $httpsOptions -ErrorVariable httpsError -ErrorAction SilentlyContinue 389 | 390 | If ($httpResult -and $httpsResult) 391 | { 392 | Write-Verbose "HTTP: Enabled | HTTPS: Enabled" 393 | } 394 | ElseIf ($httpsResult -and !$httpResult) 395 | { 396 | Write-Verbose "HTTP: Disabled | HTTPS: Enabled" 397 | } 398 | ElseIf ($httpResult -and !$httpsResult) 399 | { 400 | Write-Verbose "HTTP: Enabled | HTTPS: Disabled" 401 | } 402 | Else 403 | { 404 | Write-Log "Unable to establish an HTTP or HTTPS remoting session." 405 | Throw "Unable to establish an HTTP or HTTPS remoting session." 406 | } 407 | winrm set winrm/config/client/auth '@{Basic="true"}' 408 | winrm set winrm/config/service/auth '@{Basic="true"}' 409 | winrm set winrm/config/service '@{AllowUnencrypted="true"}' 410 | Write-VerboseLog "PS Remoting has been successfully configured for Ansible." 411 | 412 | --------------------------------------------------------------------------------