├── env
├── cmdline
├── settings
└── extravars.example
├── documentation
├── .nojekyll
├── modules
│ └── ROOT
│ │ ├── _attributes.adoc
│ │ ├── pages
│ │ ├── _attributes.adoc
│ │ ├── index.adoc
│ │ ├── openshift_vars.adoc
│ │ ├── cloud_resources.adoc
│ │ ├── prepare_env.adoc
│ │ ├── aws.adoc
│ │ ├── azure.adoc
│ │ ├── gcp.adoc
│ │ └── setup.adoc
│ │ └── nav.adoc
└── antora.yml
├── project
├── out
│ └── .gitkeep
├── provision-cloud-resources.yaml
├── deprovision-cloud-resources.yaml
├── keys
│ └── README.md
└── ansible.cfg
├── inventory
└── hosts
├── roles
├── cloud-resources
│ ├── templates
│ │ ├── localhost.yaml.j2
│ │ ├── docker-storage-setup.j2
│ │ ├── connect.sh.j2
│ │ ├── azure.conf.j2
│ │ ├── openshift_hosts.j2
│ │ ├── add-openshift-users.sh.j2
│ │ ├── host_vars.yaml.j2
│ │ ├── deploy.sh.j2
│ │ └── hosts_prepare.yaml.j2
│ ├── files
│ │ ├── openshift_users.yaml
│ │ ├── ansible.cfg
│ │ └── add_openshift_users.yaml
│ ├── defaults
│ │ └── main.yaml
│ └── tasks
│ │ ├── main.yaml
│ │ ├── cloud_inventory.yaml
│ │ ├── gcp.yaml
│ │ ├── aws.yaml
│ │ └── azure.yaml
├── openshift-users
│ ├── defaults
│ │ └── main.yaml
│ └── tasks
│ │ └── main.yaml
├── cloud-resources-rollback
│ └── tasks
│ │ ├── azure_rollback.yaml
│ │ ├── main.yaml
│ │ ├── gcp_rollback.yaml
│ │ └── aws_rollback.yaml
└── azure_network_reconfig
│ └── tasks
│ └── main.yaml
├── supplemental-ui
├── partials
│ ├── head-meta.hbs
│ └── header-content.hbs
└── img
│ └── favicon.ico
├── .editorconfig
├── Dockerfile
├── .gitignore
├── README.adoc
├── provision.sh
├── deprovision.sh
├── site.yml
├── site-gh-pages.yml
├── .circleci
└── config.yml
└── LICENSE
/env/cmdline:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/documentation/.nojekyll:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/project/out/.gitkeep:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/inventory/hosts:
--------------------------------------------------------------------------------
1 | localhost
--------------------------------------------------------------------------------
/roles/cloud-resources/templates/localhost.yaml.j2:
--------------------------------------------------------------------------------
1 | ansible_become: no
--------------------------------------------------------------------------------
/supplemental-ui/partials/head-meta.hbs:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/documentation/modules/ROOT/_attributes.adoc:
--------------------------------------------------------------------------------
1 | :imagesdir: {moduledir}/assets/images
2 | :source-highlighter: highlightjs
--------------------------------------------------------------------------------
/supplemental-ui/img/favicon.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/redhat-developer-demos/openshift-hybridizer/HEAD/supplemental-ui/img/favicon.ico
--------------------------------------------------------------------------------
/documentation/antora.yml:
--------------------------------------------------------------------------------
1 | name: openshift-hybridizer
2 | title: OpenShift Hybridizer
3 | version: "0.0.1"
4 | nav:
5 | - modules/ROOT/nav.adoc
6 |
7 | start_page: ROOT:index.adoc
8 |
--------------------------------------------------------------------------------
/project/provision-cloud-resources.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: Create instance(s)
3 | hosts: localhost
4 | connection: local
5 | gather_facts: no
6 |
7 | roles:
8 | - cloud-resources
--------------------------------------------------------------------------------
/project/deprovision-cloud-resources.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: Delete instance(s)
3 | hosts: localhost
4 | connection: local
5 | gather_facts: no
6 |
7 | roles:
8 | - cloud-resources-rollback
9 |
--------------------------------------------------------------------------------
/.editorconfig:
--------------------------------------------------------------------------------
1 | root = true
2 |
3 | [*{.yaml,.yml,.json}]
4 | indent_style = space
5 | indent_size = 2
6 | end_of_line = lf
7 | charset = utf-8
8 | trim_trailing_whitespace = false
9 | insert_final_newline = false
--------------------------------------------------------------------------------
/Dockerfile:
--------------------------------------------------------------------------------
1 | FROM ansible/ansible-runner:latest
2 |
3 | RUN pip install --upgrade pip \
4 | && pip install 'cryptography>=2.2.1' 'boto' 'boto3' 'apache-libcloud' 'ansible[azure]'
5 |
6 | VOLUME /runner/env
7 |
--------------------------------------------------------------------------------
/roles/cloud-resources/templates/docker-storage-setup.j2:
--------------------------------------------------------------------------------
1 | VG=docker-vg
2 | {% if cloud_provider == 'aws' %}
3 | DEVS=/dev/nvme1n1
4 | {% elif cloud_provider == 'azr' %}
5 | DEVS=/dev/sdc
6 | {% else %}
7 | DEVS=/dev/sdb
8 | {% endif %}
--------------------------------------------------------------------------------
/project/keys/README.md:
--------------------------------------------------------------------------------
1 | # README
2 |
3 | Put all your Cloud credentials here. This directory will be mounted inside the Ansible Runner container and will be used by the Ansible Cloud Modules
4 |
5 | e.g azure_id_rsa - the Azure Private Key or gce-credentials.json
6 |
--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
1 | env/envvars
2 | env/extravars
3 | env/extravars.*
4 | !env/env/extravars.example
5 | project/keys
6 | !project/keys/README.md
7 | project/.ansible
8 | out/**
9 | !out/.gitkeep
10 | artifacts/**
11 | !artifacts/.gitkeep
12 | inventory/**
13 | !inventory/hostsdocs.old
14 | .cache
15 |
--------------------------------------------------------------------------------
/roles/cloud-resources/templates/connect.sh.j2:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | # {{cloud_provider}} VM {{instance_name}}
3 | # Public IP: {{public_ip}}
4 | # Private Key to use : {{private_key_file}}
5 | # Sudo user : {{cloud_user}}
6 | set - e
7 | ssh -i {{lookup('env','PROJECT_DIR')}}/{{private_key_file}} {{cloud_user}}@{{public_ip}}
--------------------------------------------------------------------------------
/roles/openshift-users/defaults/main.yaml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # Add or modify the users in this list and rerun the add-openshift-users.sh
4 | # to have the users add/updated in OpenShift htpasswd file
5 | openshift_users:
6 | - {username: "developer",password: "supers3cret"}
7 | # Add the List of users to be deleted from OpenShift
8 | openshift_delete_users:
9 | # - developer
--------------------------------------------------------------------------------
/roles/cloud-resources/files/openshift_users.yaml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # Add or modify the users in this list and rerun the add-openshift-users.sh
4 | # to have the users add/updated in OpenShift htpasswd file
5 | openshift_users:
6 | - {username: "developer",password: "supers3cret"}
7 | - {username: "admin",password: "supers3cretAdmin"}
8 | # Add the List of users to be deleted from OpenShift
9 | openshift_delete_users:
10 | # - developer
--------------------------------------------------------------------------------
/roles/cloud-resources/templates/azure.conf.j2:
--------------------------------------------------------------------------------
1 | tenantId: {{azr.tenant}}
2 | subscriptionId: {{azr.subscription_id}}
3 | aadClientId: {{azr.client_id}}
4 | aadClientSecret: {{azr.secret}}
5 | aadTenantId: {{azr.tenant}}
6 | resourceGroup: {{azr.resource_group}}
7 | cloud: {{azr.cloud}}
8 | location: {{azr.location}}
9 | vnetName: {{azr.vm_net_name}}
10 | securityGroupName: {{azr.security_group}}
11 | primaryAvailabilitySetName: all-in-one-openshift
--------------------------------------------------------------------------------
/documentation/modules/ROOT/pages/_attributes.adoc:
--------------------------------------------------------------------------------
1 | :moduledir: ..
2 | include::{moduledir}/_attributes.adoc[]
3 |
4 | //URIs
5 | :uri-docker-myrepo-hca: workspace7/ansible-runner
6 | :uri-docker-hca: quay.io/workspace7/ansible-runner
7 | :uri-ansible: https://github.com/ansible/ansible-runner
8 | :uri-repo: https://github.com/redhat-developer-demos/openshift-hybridizer
9 | :uri-repo-file-prefix: {uri-repo}/blob/master/
10 | :uri-repo-tree-prefix: {uri-repo}/tree/master/
--------------------------------------------------------------------------------
/README.adoc:
--------------------------------------------------------------------------------
1 | = OpenShift Hybridizer
2 | This content is brought to you by http://developers.redhat.com - Register today!
3 |
4 | image:https://circleci.com/gh/kameshsampath/openshift-hybridizer.svg?style=svg["CircleCI", link="https://circleci.com/gh/kameshsampath/openshift-hybridizer"]
5 |
6 | - An HTML version of the documentation is available at https://redhat-developer-demos.github.io/openshift-hybridizer/
7 |
8 | - The source code is available at https://github.com/redhat-developer-demos/openshift-hybridizer
--------------------------------------------------------------------------------
/roles/cloud-resources/defaults/main.yaml:
--------------------------------------------------------------------------------
1 | openshift_release: "v3.11"
2 | openshift_deployment_type: origin
3 | v_origin_installer_image: v3.11.0
4 | v_ocp_installer_image: v3.10.21-4
5 | hybridizer_cluster_id: allinone
6 | openshift_firewall_ports:
7 | udp:
8 | - 53
9 | - 8053
10 | - 4789
11 | - 2049
12 | tcp:
13 | - 22
14 | - 443
15 | - 80
16 | - 8443
17 | - 10250
18 | - 2379
19 | - 2380
20 | - 8444
21 | - 2049
22 | - 53
23 | - 8053
24 |
--------------------------------------------------------------------------------
/roles/cloud-resources-rollback/tasks/azure_rollback.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | - debug:
3 | msg: "DeProvision Azure Env"
4 |
5 | - name: Azure Delete OpenShift resource group
6 | azure_rm_resourcegroup:
7 | name: OpenShift
8 | client_id: "{{azr.client_id}}"
9 | secret: "{{azr.secret}}"
10 | subscription_id: "{{azr.subscription_id}}"
11 | tenant: "{{azr.tenant}}"
12 | location: "{{azr.location}}"
13 | force: yes
14 | state: absent
15 | tags:
16 | - cloud-azr
17 | - rollback
--------------------------------------------------------------------------------
/documentation/modules/ROOT/pages/index.adoc:
--------------------------------------------------------------------------------
1 | = OpenShift Hybridizer
2 | include::_attributes.adoc[]
3 |
4 | The https://www.ansible.com[Ansible] scripts that can be used to provision an **Hybrid Cloud Environment** and generate the required https://www.ansible.com[Ansible] scripts to deploy **All In One** OpenShift cluster on to it.
5 |
6 |
7 | Currently supported **Cloud Providers**:
8 |
9 | * Azure(**azr**)
10 | * Amazon(**aws**)
11 | * Google Cloud Platform (**gcp**)
12 |
13 | IMPORTANT: Supports only OpenShift 3.10 or above
--------------------------------------------------------------------------------
/provision.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | set -e
4 |
5 | _CURR_DIR="$( cd "$(dirname "$0")" ; pwd -P )"
6 |
7 | docker run -t -u `id -u` -v ${_CURR_DIR}/artifacts:/runner/artifacts:Z \
8 | -v ${_CURR_DIR}/out:/runner/out:Z \
9 | -v ${_CURR_DIR}/env:/runner/env:Z \
10 | -v ${_CURR_DIR}/inventory:/runner/inventory:Z \
11 | -v ${_CURR_DIR}/project:/runner/project:Z \
12 | -v ${_CURR_DIR}/roles:/runner/roles:Z \
13 | -e PROJECT_DIR=${_CURR_DIR}/project \
14 | -e RUNNER_PLAYBOOK=provision-cloud-resources.yaml \
15 | quay.io/workspace7/ansible-runner:latest
16 |
--------------------------------------------------------------------------------
/project/ansible.cfg:
--------------------------------------------------------------------------------
1 | # config file for ansible -- http://ansible.com/
2 | # ==============================================
3 | [defaults]
4 | forks = 50
5 | host_key_checking = false
6 | gathering = smart
7 | retry_files_enabled = false
8 | fact_caching = jsonfile
9 | fact_caching_connection = .ansible/cached_facts
10 | fact_caching_timeout = 900
11 | roles_path = /runner/roles
12 | local_tmp = /runner/.ansible/tmp
13 |
14 | [ssh_connection]
15 | ssh_args = -o ControlMaster=auto -o ControlPersist=900s -o GSSAPIAuthentication=no
16 | control_path = /var/tmp/%%h-%%r
--------------------------------------------------------------------------------
/deprovision.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | set -e
4 |
5 | _CURR_DIR="$( cd "$(dirname "$0")" ; pwd -P )"
6 |
7 | docker run -t -u `id -u` -v ${_CURR_DIR}/artifacts:/runner/artifacts:Z \
8 | -v ${_CURR_DIR}/out:/runner/out:Z \
9 | -v ${_CURR_DIR}/env:/runner/env:Z \
10 | -v ${_CURR_DIR}/inventory:/runner/inventory:Z \
11 | -v ${_CURR_DIR}/project:/runner/project:Z \
12 | -v ${_CURR_DIR}/roles:/runner/roles:Z \
13 | -e PROJECT_DIR=${_CURR_DIR}/project \
14 | -e RUNNER_PLAYBOOK=deprovision-cloud-resources.yaml \
15 | quay.io/workspace7/ansible-runner:latest
16 |
17 |
--------------------------------------------------------------------------------
/site.yml:
--------------------------------------------------------------------------------
1 | runtime:
2 | cache_dir: ./.cache/antora
3 | site:
4 | title: openshift-hybridizer Docs
5 | url: http://localhost:9090
6 | start_page: openshift-hybridizer::index.adoc
7 |
8 | content:
9 | sources:
10 | - url: file:///Users/kameshs/git/kameshsampath/openshift-hybridizer
11 | branches: master
12 | start_path: docs
13 | ui:
14 | bundle:
15 | url: https://gitlab.com/antora/antora-ui-default/-/jobs/artifacts/master/raw/build/ui-bundle.zip?job=bundle-stable
16 | snapshot: true
17 | supplemental_files: ./supplemental-ui
18 | output:
19 | dir: ./docs
--------------------------------------------------------------------------------
/site-gh-pages.yml:
--------------------------------------------------------------------------------
1 | runtime:
2 | cache_dir: ./.cache/antora
3 | site:
4 | title: OpenShift Hybridizer Docs
5 | url: https://redhat-developer-demos.github.io/openshift-hybridizer/
6 | start_page: openshift-hybridizer::index.adoc
7 |
8 | content:
9 | sources:
10 | - url: .
11 | branches: master
12 | start_path: documentation
13 | ui:
14 | bundle:
15 | url: https://gitlab.com/antora/antora-ui-default/-/jobs/artifacts/master/raw/build/ui-bundle.zip?job=bundle-stable
16 | snapshot: true
17 | supplemental_files: ./supplemental-ui
18 | output:
19 | dir: ./site
20 |
--------------------------------------------------------------------------------
/roles/cloud-resources/tasks/main.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: Set Extra facts
3 | set_fact:
4 | hybridcloud_distro_base_dir: "/runner/out"
5 |
6 | - name: Setup Distribution Directories
7 | file:
8 | path: "{{hybridcloud_distro_base_dir}}/{{item}}/inventory/host_vars"
9 | state: directory
10 | with_items: "{{ clouds }}"
11 | tags:
12 | - prepare
13 |
14 | - name: Provision Node in GCP
15 | include_tasks: "gcp.yaml"
16 | when: ('gcp' in clouds)
17 |
18 | - name: Provision Node in AWS
19 | include_tasks: "aws.yaml"
20 | when: ('aws' in clouds)
21 |
22 | - name: Provision Node in Azure
23 | include_tasks: "azure.yaml"
24 | when: ('azr' in clouds)
25 |
--------------------------------------------------------------------------------
/roles/cloud-resources-rollback/tasks/main.yaml:
--------------------------------------------------------------------------------
1 | - name: Deprovision Node in GCP
2 | include_tasks: "gcp_rollback.yaml"
3 | when: gcp_rollback
4 |
5 | - name: Deprovision Node in AWS
6 | include_tasks: "aws_rollback.yaml"
7 | when: aws_rollback
8 |
9 | - name: Deprovision Node in Azure
10 | include_tasks: "azure_rollback.yaml"
11 | when: azure_rollback
12 |
13 | - name: Delete all the existing Cloud Providers Hosts folder
14 | file:
15 | path: out/
16 | state: absent
17 |
18 | - name: Create out folder
19 | file:
20 | path: out/
21 | state: directory
22 |
23 | - name: Create a gitkeep file insite the out folder
24 | copy:
25 | content: ""
26 | dest: out/.gitkeep
27 |
28 |
--------------------------------------------------------------------------------
/roles/cloud-resources-rollback/tasks/gcp_rollback.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: GCE Delete All In One OpenShift Node
3 | gce:
4 | instance_names: "{{instance_name}}"
5 | service_account_email: "{{ gcp.service_account_email }}"
6 | credentials_file: "{{ gcp.credentials_file }}"
7 | project_id: "{{ gcp.project_id }}"
8 | zone: "{{gcp.zone}}"
9 | state: absent
10 | ignore_errors: True
11 |
12 | - name: GCE Delete Static IP
13 | gce_eip:
14 | service_account_email: "{{ gcp.service_account_email }}"
15 | credentials_file: "{{ gcp.credentials_file }}"
16 | project_id: "{{ gcp.project_id }}"
17 | name: openshift-ip
18 | region: "{{gcp.region}}"
19 | state: absent
20 | ignore_errors: True
21 |
22 |
--------------------------------------------------------------------------------
/env/settings:
--------------------------------------------------------------------------------
1 | ---
2 | # If no output is detected from ansible in this number of seconds the execution will be terminated.
3 | idle_timeout: 600
4 | # The maximum amount of time to allow the job to run for (in seconds), exceeding this and the execution will be terminated.
5 | job_timeout: 600
6 | # Number of seconds for the internal pexpect command to wait to block on input before continuuing
7 | pexpect_timeout: 10
8 | # Use poll() function for communication with child processes instead of select(). select() is used when
9 | # the value is set to ``False``. select() has a known limitation of using only up to 1024 file descriptors.
10 | pexpect_use_poll: True
11 | # Allow output from ansible to not be printed to the screen
12 | suppress_ansible_output: False
--------------------------------------------------------------------------------
/roles/cloud-resources/files/ansible.cfg:
--------------------------------------------------------------------------------
1 | # config file for ansible -- http://ansible.com/
2 | # ==============================================
3 | [defaults]
4 | forks = 50
5 | host_key_checking = false
6 | gathering = smart
7 | inventory_path = ./
8 | roles_path = ./roles:./openshift-ansible/roles
9 | library = ./openshift-ansible/roles/openshift_facts/library:./openshift-ansible/library
10 | retry_files_enabled = false
11 | fact_caching = jsonfile
12 | fact_caching_connection = .ansible/cached_facts
13 | fact_caching_timeout = 900
14 | log_path = ./deploy.log
15 |
16 | [privilege_escalation]
17 | become = True
18 |
19 | [ssh_connection]
20 | ssh_args = -o ControlMaster=auto -o ControlPersist=900s -o GSSAPIAuthentication=no
21 | control_path = /var/tmp/%%h-%%r
--------------------------------------------------------------------------------
/roles/cloud-resources/templates/openshift_hosts.j2:
--------------------------------------------------------------------------------
1 | [OSEv3:children]
2 | masters
3 | nodes
4 | etcd
5 |
6 | [OSEv3:vars]
7 | # localhost likely doesn't meet the minimum requirements
8 | openshift_disable_check=disk_availability,memory_availability,docker_image_availability,docker_storage
9 | openshift_portal_net=172.30.0.0/16
10 |
11 | # Type of installation
12 | openshift_release={{openshift_release}}
13 |
14 | # User management
15 | openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', 'challenge': 'true', 'kind': 'HTPasswdPasswordIdentityProvider'}]
16 | openshift_master_manage_htpasswd=false
17 |
18 | openshift_enable_service_catalog=false
19 |
20 | [masters]
21 | {{cloud_host_alias}}
22 |
23 | [etcd]
24 | {{cloud_host_alias}}
25 |
26 | [nodes]
27 | {{cloud_host_alias}} openshift_node_group_name="node-config-all-in-one"
--------------------------------------------------------------------------------
/roles/cloud-resources/templates/add-openshift-users.sh.j2:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | # {{cloud_provider}} VM {{instance_name}}
3 | # Public IP: {{public_ip}}
4 | set - e
5 |
6 | _CURR_DIR="$( cd "$(dirname "$0")" ; pwd -P )"
7 |
8 | docker run -u `id -u` \
9 | -v ${_CURR_DIR}/inventory:/tmp/inventory:Z \
10 | -v ${_CURR_DIR}/openshift_users.yaml:/tmp/openshift_users.yaml:Z \
11 | -v ${_CURR_DIR}/add_openshift_users.yaml:/tmp/add_openshift_users.yaml:Z \
12 | -v {{lookup('env','PROJECT_DIR')}}/{{private_key_file}}:/opt/app-root/src/.ssh/id_rsa:Z \
13 | -e INVENTORY_DIR=/tmp/inventory \
14 | -e OPTS="--become -v" \
15 | -e PLAYBOOK_FILE=/tmp/add_openshift_users.yaml \
16 | {% if is_rhel -%}
17 | registry.access.redhat.com/openshift3/ose-ansible:{{v_ocp_installer_image}}
18 | {% else -%}
19 | docker.io/openshift/origin-ansible:{{v_origin_installer_image}}
20 | {% endif %}
--------------------------------------------------------------------------------
/.circleci/config.yml:
--------------------------------------------------------------------------------
1 | version: 2
2 | jobs:
3 | site:
4 | docker:
5 | - image: quay.io/workspace7/antora
6 | working_directory: ~/repo
7 | steps:
8 | - checkout
9 | - run:
10 | name: Generate Documentation
11 | command: |
12 | git config credential.helper 'cache --timeout=120'
13 | git config user.name "$GH_USERNAME"
14 | git config user.email "$GH_EMAIL"
15 | git checkout -b gh-pages
16 | antora generate --pull --stacktrace site-gh-pages.yml
17 | shopt -s extglob
18 | rm -vrf !("site")
19 | mv site/* . && rm -rf site
20 | touch .nojekyll
21 | git add .
22 | git commit -m "generated documentation"
23 | git push --force -q https://${GH_TOKEN}@github.com/kameshsampath/openshift-hybridizer.git gh-pages
24 | workflows:
25 | version: 2
26 | generate_site:
27 | jobs:
28 | - site:
29 | filters:
30 | branches:
31 | ignore:
32 | - "gh-pages"
33 |
--------------------------------------------------------------------------------
/documentation/modules/ROOT/nav.adoc:
--------------------------------------------------------------------------------
1 | * xref:index.adoc[Overview]
2 | * Setup
3 | ** xref:prepare_env.adoc[Prepare Environment]
4 | ** xref:cloud_resources.adoc[Prepare Cloud Resources]
5 | ** xref:setup.adoc#prov-cloud-resource[Provision Cloud Resources]
6 | ** xref:setup.adoc#deploy-openshift[Deploy OpenShift]
7 | ** xref:setup.adoc#node-connect[Connect to Node]
8 | ** xref:setup.adoc#add-users-to-openshift[Add users to OpenShift]
9 | ** xref:setup.adoc#add-admin-user-to-openshift[Add Admin User to OpenShift]
10 | ** xref:setup.adoc#deprov-cloud-resource[DeProvision Cloud Resources]
11 |
12 | * xref:openshift_vars.adoc[OpenShift Variables]
13 | * Clouds
14 | ** xref:gcp.adoc[Google Cloud]
15 | *** xref:gcp.adoc#create-gce-creds[Create Credentials]
16 | *** xref:gcp.adoc#gce-variables[Variables]
17 | *** xref:gcp.adoc#gce-references[References]
18 | ** xref:aws.adoc[Amazon Web Services]
19 | *** xref:aws.adoc#aws-variables[Variables]
20 | *** xref:aws.adoc#aws-amis[AMIs]
21 | *** xref:aws.adoc#aws-references[References]
22 | ** xref:azure.adoc[Azure]
23 | *** xref:azure.adoc#create-azr-sa[Create Service Account]
24 | *** xref:azure.adoc#azr-variables[Variables]
25 | *** xref:azure.adoc#azr-references[References]
--------------------------------------------------------------------------------
/roles/azure_network_reconfig/tasks/main.yaml:
--------------------------------------------------------------------------------
1 | - name: Enable NM_CONTROLLED
2 | lineinfile:
3 | regexp: '^(NM_CONTROLLED=)(no)$'
4 | backrefs: yes
5 | path: /etc/sysconfig/network-scripts/ifcfg-eth0
6 | line: '\1yes'
7 | become: yes
8 | register: nmcontolled_changed
9 |
10 | - name: restart azure vm
11 | azure_rm_virtualmachine:
12 | name: "{{instance_name}}"
13 | client_id: "{{azr.client_id}}"
14 | secret: "{{azr.secret}}"
15 | subscription_id: "{{azr.subscription_id}}"
16 | tenant: "{{azr.tenant}}"
17 | location: "{{azr.location}}"
18 | resource_group: "{{azr.resource_group}}"
19 | restarted: yes
20 | when: nmcontolled_changed is changed
21 | delegate_to: localhost
22 |
23 | - name: wait for azure restart
24 | local_action: shell ansible -u {{ ansible_user_id }} -m ping {{ inventory_hostname }}
25 | register: result
26 | until: result.rc == 0
27 | retries: 30
28 | delay: 10
29 | when: nmcontolled_changed is changed
30 |
31 | - name: check eth0 is available
32 | shell: nmcli c s
33 | register: nmcli_out
34 | when: nmcontolled_changed is changed
35 |
36 | # TODO to evaluate change or failure
37 | - debug: msg="{{nmcli_out}}"
38 |
39 |
--------------------------------------------------------------------------------
/documentation/modules/ROOT/pages/openshift_vars.adoc:
--------------------------------------------------------------------------------
1 | = OpenShift Variables
2 | include::_attributes.adoc[]
3 |
4 | This section of document details on the variables that are used for OpenShift installation as well host files generation:
5 |
6 | |===
7 | | Name |Description | Default value | Example
8 |
9 | |openshift_release | The OpenShift release to be installed | v3.10 |
10 | |openshift_deployment_type | The OpenShift deployment type either _origin_ or _enterprise_ | origin |
11 |
12 | |v_origin_installer_image | The OpenShift Ansible installer image version | v3.10.0 |
13 |
14 | |===
15 |
16 | For an example if you want to setup OpenShift 3.11, then your extravars will look like:
17 |
18 | [source,yaml]
19 | ----
20 |
21 | ansible_become: no
22 | ansible_connection: local
23 |
24 | openshift_release: "v3.11" <1>
25 | v_origin_installer_image: v3.11.0 <2>
26 |
27 | instance_name: "openshift-all-in-one"
28 |
29 | clouds:
30 | - aws
31 | - azr
32 | - gcp
33 |
34 | gcp_rollback: True
35 | azure_rollback: True
36 | aws_rollback: True
37 |
38 | gcp:
39 | ...
40 |
41 | aws:
42 | ...
43 |
44 | azr:
45 | ...
46 |
47 | ----
48 |
49 | <1> making OpenShift version to be 3.11
50 | <2> making Hybridizer to use v3.11.0 of OpenShift Ansible installer
--------------------------------------------------------------------------------
/roles/openshift-users/tasks/main.yaml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | - name: Factize OpenShift Users
4 | set_fact:
5 | openshift_user: { 'username': "{{item.username}}", 'password': "{{ item.password | default(lookup('password', '/dev/null length=8 chars=ascii_letters')) }}" }
6 | with_items: "{{openshift_users}}"
7 | register: openshift_users_result
8 |
9 | - name: make a list
10 | set_fact: _openshift_users="{{ openshift_users_result.results | map(attribute='ansible_facts.openshift_user') | list }}"
11 |
12 | - name: OpenShift Users List
13 | debug: msg="{{item.username}}/{{item.password}}"
14 | with_items: "{{_openshift_users}}"
15 |
16 | - name: "Install packages needed to run htpasswd module on {{inventory_hostname}}"
17 | package:
18 | name: "{{item}}"
19 | state: present
20 | with_items:
21 | - python2-pip
22 | - python2-passlib
23 |
24 | - name: Add OpenShift Users to htpasswd file
25 | htpasswd:
26 | path: /etc/origin/master/htpasswd
27 | name: "{{item.username}}"
28 | password: "{{item.password}}"
29 | mode: 0640
30 | loop: "{{_openshift_users}}"
31 |
32 | - name: Delete Users from OpenShift htpasswd file
33 | htpasswd:
34 | path: /etc/origin/master/htpasswd
35 | name: "{{item}}"
36 | state: absent
37 | with_items: "{{ openshift_delete_users | default([]) }}"
--------------------------------------------------------------------------------
/roles/cloud-resources/files/add_openshift_users.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: Create OpenShift Users
3 | hosts: masters
4 | vars_files:
5 | - openshift_users.yaml
6 | tasks:
7 | - name: Factize OpenShift Users
8 | set_fact:
9 | openshift_user: { 'username': "{{item.username}}", 'password': "{{ item.password | default(lookup('password', '/dev/null length=8 chars=ascii_letters')) }}" }
10 | with_items: "{{openshift_users}}"
11 | register: openshift_users_result
12 |
13 | - name: make a list
14 | set_fact: _openshift_users="{{ openshift_users_result.results | map(attribute='ansible_facts.openshift_user') | list }}"
15 |
16 | - name: OpenShift Users List
17 | debug: msg="{{item.username}}/{{item.password}}"
18 | with_items: "{{_openshift_users}}"
19 |
20 | - name: "Install packages needed to run htpasswd module on {{inventory_hostname}}"
21 | package:
22 | name: "{{item}}"
23 | state: present
24 | with_items:
25 | - python2-passlib
26 |
27 | - name: Add OpenShift Users to htpasswd file
28 | htpasswd:
29 | path: /etc/origin/master/htpasswd
30 | name: "{{item.username}}"
31 | password: "{{item.password}}"
32 | mode: 0640
33 | loop: "{{_openshift_users}}"
34 |
35 | - name: Delete Users from OpenShift htpasswd file
36 | htpasswd:
37 | path: /etc/origin/master/htpasswd
38 | name: "{{item}}"
39 | state: absent
40 | with_items: "{{ openshift_delete_users | default([]) }}"
--------------------------------------------------------------------------------
/documentation/modules/ROOT/pages/cloud_resources.adoc:
--------------------------------------------------------------------------------
1 | = Cloud Resources
2 | include::_attributes.adoc[]
3 |
4 | == Preparation
5 |
6 | Rename `$PROJECT_HOME/env/extravars.example` to `$PROJECT_HOME/env/extravars`, this file will be used to configure your cloud keys and other ansible facts.
7 |
8 | The following Cloud Provider specific sections will detail more on the variables that can defined in `extravars`.
9 |
10 | NOTE: The `$PROJECT_HOME/env/extravars` follows YAML convention.
11 |
12 | == Variables
13 |
14 | |===
15 | | Name |Description | Default value | Example
16 |
17 | | clouds | The public cloud(s)where to provision| Currently supported values are azr, aws and gcp.
18 | a|
19 | [source,yaml]
20 | ----
21 | clouds:
22 | - gcp
23 | - azr
24 | - aws
25 | ----
26 |
27 | The example configures provisioning of three clouds: AWS, Azure and Google Cloud Platform
28 |
29 | |instance_name | The compute instance name that will be assigned | openshift-all-in-one |
30 |
31 | |gcp_rollback | Delete all Google Cloud Platform resources that were provisioned | False |
32 |
33 | |azure_rollback | Delete all Azure resources that were provisioned | False |
34 |
35 | |aws_rollback | Delete all Amazon Web Services resources that were provisioned | False |
36 |
37 | |===
38 |
39 | Checkout the respective cloud guides below for more details on how to prepare and configure each cloud for OpenShift installation:
40 |
41 | * xref:gcp.adoc[Google Cloud]
42 |
43 | * xref:aws.adoc[Amazon Web Services]
44 |
45 | * xref:azure.adoc[Azure]
46 |
--------------------------------------------------------------------------------
/documentation/modules/ROOT/pages/prepare_env.adoc:
--------------------------------------------------------------------------------
1 | = Prepare Environment
2 | include::_attributes.adoc[]
3 |
4 | == Sources
5 |
6 | The sources of these scripts can be downloaded from {uri-repo}#[GitHub].
7 |
8 | Lets clone the sources `git clone {uri-repo}` to a directory on local file system. For convenience we shall refer to the sources clone directory as `$PROJECT_HOME`.
9 |
10 | == Pre Requisites
11 |
12 | * `Docker` installed and available locally, based on your environment have native docker for linux or https://docs.docker.com/docker-for-mac/[Docker for Mac] or https://docs.docker.com/docker-for-windows/[Docker for Windows] installed
13 |
14 | * Refer to the following documentation on what are the pre-requisites for each Cloud Provider that are currently supported:
15 |
16 | ** AWS - https://docs.ansible.com/ansible/2.5/scenario_guides/guide_aws.html
17 |
18 | ** Azure - https://docs.ansible.com/ansible/2.5/scenario_guides/guide_azure.html
19 |
20 | ** Google Cloud Platform -
21 | https://docs.ansible.com/ansible/2.5/scenario_guides/guide_gce.html
22 |
23 | [[container-installer]]
24 | == Installer Image
25 |
26 | The installer image is built from {uri-ansible}[Ansible Runner] with need Ansible Cloud modules which are required to provision the cloud resources. The provisioned Cloud resources can then be used to deploy **All In One** OpenShift cluster.
27 |
28 | The installer image is available at `{uri-docker-hca}`, to pull it run the command:
29 |
30 | [source,sh,subs=attributes+]
31 | ----
32 | $ docker pull {uri-docker-hca}
33 | ----
--------------------------------------------------------------------------------
/roles/cloud-resources/templates/host_vars.yaml.j2:
--------------------------------------------------------------------------------
1 | ansible_host: {{cloud_host}}
2 | ansible_user: {{cloud_user}}
3 |
4 | {% if is_rhel -%}
5 | deployment_type: openshift-enterprise
6 | networkPluginName: redhat/ovs-networkpolicy
7 | {% else -%}
8 | deployment_type: origin
9 | {% endif %}
10 |
11 | {% if cloud_provider == 'gcp' %}
12 | openshift_cloudprovider_kind: gce
13 | openshift_gcp_project: {{gcp.project_id}}
14 | openshift_gcp_prefix: {{hybridizer_cluster_id}}
15 | {% elif cloud_provider == 'aws' %}
16 | openshift_cloudprovider_kind: aws
17 | openshift_cloudprovider_aws_access_key: "{{ aws.access_key }}"
18 | openshift_cloudprovider_aws_secret_key: "{{ aws.secret_key }}"
19 | openshift_clusterid: {{hybridizer_cluster_id}}
20 | {% elif cloud_provider == 'azr' -%}
21 | openshift_cloudprovider_kind: azure
22 | openshift_cloudprovider_azure_client_id: "{{azr.client_id}}"
23 | openshift_cloudprovider_azure_client_secret: "{{azr.secret}}"
24 | openshift_cloudprovider_azure_tenant_id: "{{azr.tenant}}"
25 | openshift_cloudprovider_azure_subscription_id: "{{azr.subscription_id}}"
26 | openshift_cloudprovider_azure_resource_group: "{{azr.resource_group}}"
27 | openshift_cloudprovider_azure_location: "{{azr.location}}"
28 | openshift_cloudprovider_azure_cloud: "{{azr.cloud}}"
29 | openshift_cloudprovider_azure_vnet_name: "{{azr.vm_net_name}}"
30 | openshift_cloudprovider_azure_security_group_name: "{{azr.security_group}}"
31 | openshift_cloudprovider_azure_availability_set_name: "all-in-one-openshift"
32 | {% endif %}
33 |
34 | # the default domain suffixes to the app
35 | openshift_master_default_subdomain: "{{cloud_host}}.nip.io"
36 | # accessing the master API from outside world
37 | openshift_public_hostname: "{{cloud_host}}"
--------------------------------------------------------------------------------
/roles/cloud-resources-rollback/tasks/aws_rollback.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | - debug:
3 | msg: "DeProvision AWS Env"
4 |
5 | - name: Get All OpenShift all-in-one instances
6 | ec2_instance_facts:
7 | region: "{{aws.region}}"
8 | aws_access_key: "{{aws.access_key}}"
9 | aws_secret_key: "{{aws.secret_key}}"
10 | filters:
11 | "tag:Name": "{{instance_name}}"
12 | register: instances
13 |
14 | - name: AWS Delete All in one OpenShift Node
15 | ec2:
16 | region: "{{aws.region}}"
17 | aws_access_key: "{{aws.access_key}}"
18 | aws_secret_key: "{{aws.secret_key}}"
19 | instance_ids: "{{item.instance_id}}"
20 | state: absent
21 | with_items: "{{instances.instances}}"
22 | tags:
23 | - rollback
24 | - cloud-aws
25 |
26 | # Query and delete VPC Resources
27 |
28 | - name: AWS Query OpenShift VPC
29 | ec2_vpc_net_facts:
30 | region: "{{aws.region}}"
31 | aws_access_key: "{{aws.access_key}}"
32 | aws_secret_key: "{{aws.secret_key}}"
33 | filters:
34 | "tag:Name": 'openshift-vpc'
35 | tags:
36 | - rollback
37 | - cloud-aws
38 | register: ec2vpc
39 |
40 | - name: AWS Set VPC ID to Local Variable
41 | set_fact:
42 | vpc_id: "{{ec2vpc.vpcs[0].id}}"
43 | tags:
44 | - rollback
45 | - cloud-aws
46 | when: ( ec2vpc.vpcs | list | length > 0)
47 |
48 | # TODO How to delete VPC with Depndencies ??
49 | - name: Delete VPC
50 | ec2_vpc_net:
51 | name: openshift-vpc
52 | region: "{{aws.region}}"
53 | aws_access_key: "{{aws.access_key}}"
54 | aws_secret_key: "{{aws.secret_key}}"
55 | cidr_block: '10.10.0.0/16'
56 | state: absent
57 | ignore_errors: True
58 | when: vpc_id is defined
59 | tags:
60 | - rollback
61 | - cloud-aws
62 |
63 | - name: "EC2 Delete ec2 key pair {{aws.key_pair_name}}"
64 | ec2_key:
65 | name: "{{aws.key_pair_name}}"
66 | region: "{{aws.region}}"
67 | aws_access_key: "{{aws.access_key}}"
68 | aws_secret_key: "{{aws.secret_key}}"
69 | state: absent
70 | tags:
71 | - rollback
72 | - cloud-aws
--------------------------------------------------------------------------------
/roles/cloud-resources/templates/deploy.sh.j2:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | set -e
4 |
5 | _CURR_DIR="$( cd "$(dirname "$0")" ; pwd -P )"
6 |
7 | #############################
8 | ### Prepare for openshift
9 | ############################
10 | docker run -u `id -u` \
11 | -v ${_CURR_DIR}/inventory:/tmp/inventory:Z \
12 | -v ${_CURR_DIR}/docker-storage-setup:/tmp/docker-storage-setup:Z \
13 | -v ${_CURR_DIR}/hosts_prepare.yaml:/tmp/hosts_prepare.yaml:Z \
14 | {% if cloud_provider == 'azr' %}
15 | -v ${_CURR_DIR}/azure.conf:/tmp/azure.conf:Z \
16 | {% endif %}
17 | -v {{lookup('env','PROJECT_DIR')}}/{{private_key_file}}:/opt/app-root/src/.ssh/id_rsa:Z \
18 | -e INVENTORY_DIR=/tmp/inventory \
19 | -e OPTS="--become -v" \
20 | -e PLAYBOOK_FILE=/tmp/hosts_prepare.yaml \
21 | {% if is_rhel -%}
22 | registry.access.redhat.com/openshift3/ose-ansible:{{v_ocp_installer_image}}
23 | {% else -%}
24 | docker.io/openshift/origin-ansible:{{v_origin_installer_image}}
25 | {% endif %}
26 |
27 | #############################
28 | ### openshift pre-req
29 | ############################
30 | docker run -u `id -u` \
31 | -v ${_CURR_DIR}/inventory:/tmp/inventory:Z \
32 | -v {{lookup('env','PROJECT_DIR')}}/{{private_key_file}}:/opt/app-root/src/.ssh/id_rsa:Z \
33 | -e INVENTORY_DIR=/tmp/inventory \
34 | -e OPTS="--become -v" \
35 | -e PLAYBOOK_FILE=playbooks/prerequisites.yml \
36 | {% if is_rhel -%}
37 | registry.access.redhat.com/openshift3/ose-ansible:{{v_ocp_installer_image}}
38 | {% else -%}
39 | docker.io/openshift/origin-ansible:{{v_origin_installer_image}}
40 | {% endif %}
41 |
42 | #############################
43 | ### openshift deployment
44 | ############################
45 | docker run -u `id -u` \
46 | -v ${_CURR_DIR}/inventory:/tmp/inventory:Z \
47 | -v {{lookup('env','PROJECT_DIR')}}/{{private_key_file}}:/opt/app-root/src/.ssh/id_rsa:Z \
48 | -e INVENTORY_DIR=/tmp/inventory \
49 | -e OPTS="--become -v" \
50 | -e PLAYBOOK_FILE=playbooks/deploy_cluster.yml \
51 | {% if is_rhel -%}
52 | registry.access.redhat.com/openshift3/ose-ansible:{{v_ocp_installer_image}}
53 | {% else -%}
54 | docker.io/openshift/origin-ansible:{{v_origin_installer_image}}
55 | {% endif %}
--------------------------------------------------------------------------------
/documentation/modules/ROOT/pages/aws.adoc:
--------------------------------------------------------------------------------
1 | = Amazon Web Services
2 | include::_attributes.adoc[]
3 |
4 | IMPORTANT: When using Centos 7 images, you may need to subscribe to the images at https://aws.amazon.com/marketplace/pp/B00O7WM7QW, if you run without subscription the installer will fail with th error and provides the details on how to subscribe.
5 |
6 | [[aws-variables]]
7 | == Variables
8 |
9 | |===
10 | |Variable Name |Description | Default value
11 |
12 | |access_key | Your AWS Account Access Key |
13 |
14 | |secret_key | Your AWS Account Access Secret Key |
15 |
16 | |key_pair_name | The SSH Key pair that will be created, this key will be added to `~/.ssh/authorized_keys` of the `cloud_user` in the ec2 instances| openshift
17 |
18 | | cloud_user | The user to SSH into the instances | centos
19 |
20 | | private_key_file | The SSH private key file that gets saved after keypair creation | aws_openshift.pem
21 |
22 | | instance_type | The https://aws.amazon.com/ec2/instance-types/[ec2 compute instances] size | m5.xlarge
23 |
24 | | image | The AMI ID of the imagem defaults to CentOS 7 of `ap-south-1`, refer to https://wiki.centos.org/Cloud/AWS for more details of AMI for other regions / CentOS 6 is AMI is not supported as it doesn't provide support for Elastic Network Adapter (ENA). Valid combinations of region/AMIs can be found in https://github.com/redhat-developer-demos/openshift-hybridizer/blob/master/docs/_includes/aws-amis.adoc[this document] | ami-1780a878
25 |
26 | | region | The https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html/[ec2 compute region] | ap-south-1
27 |
28 | | security_group | The firewall Security Group by deault allows Port 22, 80,443 and 8443 | all-ssh-http-https
29 |
30 | | is_rhel | Whether the AMI used is RHEL, this reserved for future use | False
31 |
32 | |===
33 |
34 | [[aws-amis]]
35 | == Valid region / AMI combinations
36 |
37 | |===
38 | |Region | AMI
39 | |us-west-1 | ami-4826c22b
40 | |us-east-2 | ami-9c0638f9
41 | |===
42 |
43 | [[aws-references]]
44 | == References
45 | https://docs.ansible.com/ansible/2.6/scenario_guides/guide_aws.html[Ansible AWS Guide]
46 |
47 | https://docs.aws.amazon.com/general/latest/gr/managing-aws-access-keys.html[Managing AWS Account Keys]
--------------------------------------------------------------------------------
/supplemental-ui/partials/header-content.hbs:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/roles/cloud-resources/tasks/cloud_inventory.yaml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | ###########################################
4 | # Ansible Inventory Setup
5 | ############################################
6 |
7 | - name: "{{cloud_provider|upper}} Ensure Hosts Directory is present"
8 | file:
9 | dest: "{{hybricloud_inventory_dir}}"
10 | state: directory
11 | tags:
12 | -"cloud-{{cloud_host_alias}}"
13 |
14 | - name: "{{cloud_provider|upper}} Setup Host Variables"
15 | template:
16 | src: host_vars.yaml.j2
17 | dest: "{{hybricloud_inventory_dir}}/host_vars/{{cloud_host_alias}}.yaml"
18 | tags:
19 | -" cloud-{{cloud_host_alias}}"
20 |
21 | - name: "{{cloud_provider|upper}} Setup OpenShift Inventory"
22 | template:
23 | src: openshift_hosts.j2
24 | dest: "{{hybricloud_inventory_dir}}/hosts"
25 | tags:
26 | - "cloud-{{cloud_host_alias}}"
27 |
28 | - name: "{{cloud_provider|upper}} Setup localhost Host Variables"
29 | template:
30 | src: localhost.yaml.j2
31 | dest: "{{hybricloud_inventory_dir}}/host_vars/localhost.yaml"
32 | tags:
33 | - "cloud-{{cloud_host_alias}}"
34 |
35 | ###########################################
36 | # Cloud Provider Extras
37 | ############################################
38 | - name: "{{cloud_provider|upper}} Docker Storage Setup Config File"
39 | template:
40 | src: docker-storage-setup.j2
41 | dest: "{{hybridcloud_distro_dir}}/docker-storage-setup"
42 |
43 | - name: "{{cloud_provider|upper}} Setup OpenShift Node Prepare tasks"
44 | template:
45 | src: hosts_prepare.yaml.j2
46 | dest: "{{hybridcloud_distro_dir}}/hosts_prepare.yaml"
47 |
48 | - name: "{{cloud_provider|upper}} Copy OpenShift Deploy Script"
49 | template:
50 | src: deploy.sh.j2
51 | mode: 0755
52 | dest: "{{hybridcloud_distro_dir}}/deploy.sh"
53 |
54 | - name: "{{cloud_provider|upper}} Utility SSH Script to Connect to Cloud VM"
55 | template:
56 | src: connect.sh.j2
57 | mode: 0755
58 | dest: "{{hybridcloud_distro_dir}}/connect.sh"
59 |
60 | ###########################################
61 | # OpenShift Add Users Playbook and Script
62 | ############################################
63 |
64 | - name: Copy OpenShift Add Users Playbook
65 | copy:
66 | src: "{{item}}"
67 | dest: "{{hybridcloud_distro_dir}}/{{item}}"
68 | with_items:
69 | - add_openshift_users.yaml
70 | - openshift_users.yaml
71 |
72 | - name: Utility script to add Users to OpenShift
73 | template:
74 | src: add-openshift-users.sh.j2
75 | mode: 0755
76 | dest: "{{hybridcloud_distro_dir}}/add-openshift-users.sh"
77 |
--------------------------------------------------------------------------------
/documentation/modules/ROOT/pages/azure.adoc:
--------------------------------------------------------------------------------
1 | = Azure
2 | include::_attributes.adoc[]
3 |
4 | [[create-azr-sa]]
5 | == Create Azure Service Principal
6 |
7 | To know how to create your Azure Service Principal, refer to https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-service-principal-portal[Creating Azure Service Principal]. This helps in setting the variables `client_id`, `tenant` and `secret`.
8 |
9 | [NOTE]
10 | ====
11 | To know your subscription id check out
12 | https://blogs.msdn.microsoft.com/mschray/2016/03/18/getting-your-azure-subscription-guid-new-portal/
13 | ====
14 |
15 | [IMPORTANT]
16 | ====
17 | The application should have `Contributor` role to allow provisioning of resources correctly.
18 | Ref: https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-service-principal-portal#assign-application-to-role
19 | ====
20 |
21 | [[azr-variables]]
22 | == Variables
23 |
24 | |===
25 | |Variable Name | Description | Default value
26 |
27 | |client_id | Azure Client ID or Application Id |
28 |
29 | |secret | Azure Client Secret Key|
30 |
31 | |subscription_id | Your Azure Subscription ID . More info https://blogs.msdn.microsoft.com/mschray/2016/03/18/getting-your-azure-subscription-guid-new-portal/[here] |
32 |
33 | |tenant | Azure Tenant ID |
34 |
35 | | location | The https://azure.microsoft.com/en-in/global-infrastructure/regions/[Azure Regions]. Examples: southindia, eastus, northeurope |
36 |
37 | | cloud_user | The user to SSH into the instances, this will be created during instance creation. For Linux instances this user will have `sudo` rights | centos
38 |
39 | | private_key_file | The SSH private key file will be required to SSH into the instances, if the file does not exists it will created | $PROJECT_HOME/keys/azure_id_rsa
40 |
41 | |public_key_file | The SSH Public Key of the `private_key_file` that will be added to `~/.ssh/authorized_keys` of the `cloud_user` in the Azure VM instances| $PROJECT_HOME/keys/azure_id_rsa.pub
42 |
43 | | resource_group | The resource group a.k.a logical group name under which all the resources of the `location` will be grouped. https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-overview | OpenShift
44 |
45 | | cloud | The Azure Cloud Environment to use, possible values are **AzurePublicCloud** or **AzureChinaCloud** or **AzureUSGovernment** | AzurePublicCloud
46 |
47 | | vm_size | The Azure https://docs.microsoft.com/en-us/azure/cloud-services/cloud-services-sizes-specs[VM sizes] | Standard_D4_v3
48 |
49 | | image | The Azure VM OS Image, defaults to CentOS offered by Rogue Wave (OpenLogic) a|
50 | [source,yaml]
51 | ----
52 | image:
53 | offer: CentOS
54 | publisher: OpenLogic
55 | sku: '7.5'
56 | version: latest
57 | ----
58 |
59 | | security_group| Azure Network Security Group that will be by default attached to the network, by default allows Port 22, 80,443 and 8443 | openshift-nsg
60 |
61 | | vm_net_name | The virtual private connection (VPC) name | openshift-net
62 |
63 | |===
64 |
65 | [[azr-references]]
66 | == References
67 | https://docs.ansible.com/ansible/2.6/scenario_guides/guide_azure.html[Ansible Azure Guide]
68 |
69 | video::WygwzN9FfMQ[youtube]
--------------------------------------------------------------------------------
/documentation/modules/ROOT/pages/gcp.adoc:
--------------------------------------------------------------------------------
1 | = Google Cloud
2 | include::_attributes.adoc[]
3 |
4 | [[create-gce-creds]]
5 | == Creating GCE Credentials
6 |
7 | You can Download 'gcloud' from https://cloud.google.com/sdk/
8 |
9 | [source,sh,subs=attributes+]
10 | ----
11 | #!/bin/bash
12 |
13 | # Select the project
14 | $ gcloud projects list
15 |
16 | # GCP project where resources will be created assign the PROJECT_NAME to variable called IAM_PROJECT
17 | $ IAM_PROJECT=""
18 | # The Google Service Account Name
19 | $ IAM_SA_NAME="vm-instance-admin"
20 |
21 | # Step 1: Create a Service Account
22 | $ gcloud iam service-accounts create $IAM_SA_NAME \
23 | --display-name "Projects VM Instance Admin"
24 |
25 | # Step 2: Create the Service Account Key
26 |
27 | $ IAM_ACCOUNT="${IAM_SA_NAME}@${IAM_PROJECT}.iam.gserviceaccount.com"
28 |
29 | $ gcloud iam service-accounts keys create \
30 | --iam-account $IAM_ACCOUNT \ gce-key.json
31 |
32 | # Step 3: Grant VM instance Admin role
33 |
34 | $ gcloud projects add-iam-policy-binding $IAM_PROJECT \
35 | --member serviceAccount:$IAM_ACCOUNT --role roles/compute.instanceAdmin.v1
36 |
37 | $ gcloud projects add-iam-policy-binding $IAM_PROJECT \
38 | --member serviceAccount:$IAM_ACCOUNT --role roles/compute.networkAdmin
39 |
40 | $ gcloud projects add-iam-policy-binding $IAM_PROJECT \
41 | --member serviceAccount:$IAM_ACCOUNT --role roles/compute.securityAdmin
42 |
43 | $ gcloud projects add-iam-policy-binding $IAM_PROJECT \
44 | --member serviceAccount:$IAM_ACCOUNT --role roles/iam.serviceAccountUser
45 |
46 | ----
47 |
48 | [[gce-variables]]
49 | == Variables
50 |
51 | |===
52 | |Variable Name | Description | Default value
53 |
54 | |service_account_email| The Google Cloud https://cloud.google.com/compute/docs/access/service-accounts/[Service Accounts] |
55 |
56 | |project_id | The Google Cloud Project where the resources will be created |
57 |
58 | |credentials_file| The Google Cloud credentials JSON file corresponding to the `service_account_email` . Refer to <> on how to create one for your project|
59 |
60 | |region| The Google compute https://cloud.google.com/compute/docs/regions-zones/[regions and zones] | asia-south1
61 |
62 | |zone| The Google compute https://cloud.google.com/compute/docs/regions-zones/[regions and zones] | asia-south1-a
63 |
64 | | cloud_user | The user to SSH into the instances| centos
65 |
66 | | private_key_file | The SSH private key file will be required to SSH into the instances, if the file does not exists it will created | $PROJECT_HOME/keys/gce_idrsa
67 |
68 | |public_key_file | The SSH Public Key of the `private_key_file` that will be added to `~/.ssh/authorized_keys` of the `cloud_user` in the GCP VM instances| $PROJECT_HOME/keys/gce_idrsa.pub
69 |
70 | |machine_type | The type of Google Compute https://cloud.google.com/compute/docs/machine-types[machine types] to provision | n1-standard-4
71 |
72 | |image| The Google compute OS https://cloud.google.com/compute/docs/images#os-compute-support[public images] | centos-7
73 |
74 | |os_source_image| The Google compute OS https://cloud.google.com/compute/docs/images#os-compute-support[public images], this option allows to use any customized images if needed. Reserved for future |/projects/centos-cloud/global/images/family/centos-7
75 |
76 | | docker_disk_size | Size of the the Docker Disk in GB, the Google Persistence Disk that will be attached to act as Docker Storage | 100
77 |
78 | | is_rhel | Whether the image used is RHEL, this reserved for future use | False
79 |
80 | |===
81 |
82 |
83 | [[gce-references]]
84 | == References
85 |
86 | https://docs.ansible.com/ansible/2.6/scenario_guides/guide_gce.html[Ansible GCP Guide]
87 |
88 | https://cloud.google.com/sdk/docs/quickstart-macos
89 |
90 | video::tSnzoW4RlaQ[youtube]
--------------------------------------------------------------------------------
/roles/cloud-resources/tasks/gcp.yaml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | - name: Provisioning GCE
4 | debug:
5 | msg: "Provisioning GCE Instances"
6 |
7 | #############################################################################
8 | ## Security KeyPair
9 | #############################################################################
10 | - name: "Check that the {{gcp.private_key_file}} exists"
11 | stat:
12 | path: "{{gcp.private_key_file}}"
13 | register: gcpsshfile
14 |
15 | - name: "GCP SSH Key Pair"
16 | shell: |
17 | ssh-keygen -t rsa -N '' -f "{{gcp.private_key_file}}"
18 | when: gcpsshfile.stat.exists == False
19 | register: gcp_sshkey
20 | tags:
21 | - cloud-gcp
22 |
23 | - name: GCP SSH Public Key Metadata
24 | set_fact:
25 | ssh_public_key_metadata: "{{ lookup('file',gcp.public_key_file) + ' ' + gcp.cloud_user | trim }}"
26 |
27 | # - debug:
28 | # msg: "{{ssh_public_key_metadata}}"
29 | # when: gcp_sshkey is changed
30 |
31 | #############################################################################
32 | ## Network
33 | #############################################################################
34 |
35 | - name: GCE Create Static IP
36 | gce_eip:
37 | service_account_email: "{{ gcp.service_account_email }}"
38 | credentials_file: "{{ gcp.credentials_file }}"
39 | project_id: "{{ gcp.project_id }}"
40 | name: openshift-ip
41 | region: "{{gcp.region}}"
42 | state: present
43 | tags:
44 | - cloud-gcp
45 |
46 | - name: GCE Create Firewall Rule to allow OpenShift Console Access
47 | gce_net:
48 | service_account_email: "{{ gcp.service_account_email }}"
49 | credentials_file: "{{ gcp.credentials_file }}"
50 | project_id: "{{ gcp.project_id }}"
51 | name: default
52 | fwname: "openshift-master-console"
53 | allowed: tcp:8443
54 | state: "present"
55 | target_tags: "openshift-master"
56 | tags:
57 | - cloud-gcp
58 |
59 | - name: GCE Create All In One OpenShift Node
60 | gce:
61 | instance_names: "{{instance_name}}"
62 | machine_type: "{{gcp.machine_type}}"
63 | image: "{{gcp.image}}"
64 | external_ip: "openshift-ip"
65 | service_account_email: "{{ gcp.service_account_email }}"
66 | credentials_file: "{{ gcp.credentials_file }}"
67 | project_id: "{{ gcp.project_id }}"
68 | zone: "{{gcp.zone}}"
69 | disk_size: "20"
70 | persistent_boot_disk: "True"
71 | metadata:
72 | ssh-keys:
73 | - "{{gcp.cloud_user}}:{{ssh_public_key_metadata}}"
74 | service_account_permissions:
75 | - logging-write
76 | - monitoring
77 | - compute-rw
78 | - storage-rw
79 | - 'https://www.googleapis.com/auth/pubsub'
80 | - 'https://www.googleapis.com/auth/trace.append'
81 | tags: http-server,https-server,openshift-master
82 | register: gce_master
83 | tags:
84 | - cloud-gcp
85 |
86 | - name: GCE Create Docker Disk
87 | gce_pd:
88 | name: "{{instance_name}}-docker-disk"
89 | size_gb: "{{gcp.docker_disk_size}}"
90 | delete_on_termination: "yes"
91 | disk_type: pd-ssd
92 | instance_name: "{{instance_name}}"
93 | mode: READ_WRITE
94 | service_account_email: "{{ gcp.service_account_email }}"
95 | credentials_file: "{{ gcp.credentials_file }}"
96 | project_id: "{{ gcp.project_id }}"
97 | zone: "{{gcp.zone}}"
98 | tags:
99 | - cloud-gcp
100 |
101 | - name: GCP Set VM Facts
102 | set_fact:
103 | public_ip: "{{ gce_master.instance_data[0].public_ip }}"
104 | #############################################################################
105 | ## Write to inventory
106 | ##############################################################################
107 | - name: Setup Cloud Inventory Tasks
108 | include_tasks: "cloud_inventory.yaml"
109 | vars:
110 | cloud_host: "{{ public_ip }}"
111 | cloud_user: "{{ gcp.cloud_user}}"
112 | private_key_file: "{{gcp.private_key_file}}"
113 | cloud_host_alias: "gcp-openshift"
114 | cloud_provider: "gcp"
115 | is_rhel: "{{gcp.is_rhel}}"
116 | hybricloud_inventory_dir: "{{hybridcloud_distro_base_dir}}/gcp/inventory"
117 | hybridcloud_distro_dir: "{{hybridcloud_distro_base_dir}}/gcp"
118 | tags:
119 | - cloud-gcp
--------------------------------------------------------------------------------
/roles/cloud-resources/templates/hosts_prepare.yaml.j2:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | - hosts:
4 | - {{cloud_host_alias}}
5 |
6 | tasks:
7 |
8 | {% if cloud_provider == 'azr' and azr.image.offer == 'CentOS' -%}
9 | # enable the default eth0 network to be NM Controlled
10 | - name: Enable NM_CONTROLLED
11 | lineinfile:
12 | regexp: '^(NM_CONTROLLED=)(no)$'
13 | backrefs: yes
14 | path: /etc/sysconfig/network-scripts/ifcfg-eth0
15 | line: '\1yes'
16 | become: yes
17 | register: nmcontolled_changed
18 |
19 | - name: restart azure vm
20 | azure_rm_virtualmachine:
21 | name: "{{instance_name}}"
22 | client_id: "{{azr.client_id}}"
23 | secret: "{{azr.secret}}"
24 | subscription_id: "{{azr.subscription_id}}"
25 | tenant: "{{azr.tenant}}"
26 | location: "{{azr.location}}"
27 | resource_group: "{{azr.resource_group}}"
28 | restarted: yes
29 | when: nmcontolled_changed is changed
30 | delegate_to: localhost
31 |
32 | - name: wait for azure restart
33 | local_action: shell ansible -u {{ azr.cloud_user }} -m ping {{'{{'}} inventory_hostname {{'}}'}}
34 | register: result
35 | until: result.rc == 0
36 | retries: 30
37 | delay: 10
38 | when: nmcontolled_changed is changed
39 |
40 | - name: check eth0 is available
41 | shell: nmcli c s
42 | register: nmcli_out
43 | when: nmcontolled_changed is changed
44 |
45 | # TODO to evaluate change or failure
46 | - debug: msg={%- raw %} "{{nmcli_out}}"{% endraw %}
47 | {% endif %}
48 |
49 | {% if is_rhel -%}
50 | - name: Subscribe to RedHat
51 | redhat_subscription:
52 | state: present
53 | username: {{azr.rhn_username}}
54 | password: {{azr.rhn_password}}
55 | force_register: True
56 | pool_ids: {{azr.rhn_pool_ids}}
57 | - name: Subscribe to needed OpenShift RedHat Repositories
58 | shell: |
59 | subscription-manager repos --disable="*" \
60 | --enable="rhel-7-server-rpms" \
61 | --enable="rhel-7-server-extras-rpms" \
62 | --enable="rhel-7-server-ose-3.9-rpms" \
63 | --enable="rhel-7-fast-datapath-rpms" \
64 | --enable="rhel-7-server-ansible-2.4-rpms"
65 | {% endif %}
66 |
67 | - name: Install essential and utility packages
68 | package:
69 | {%- raw %}
70 | name: "{{item}}"
71 | state: latest
72 | {% endraw -%}
73 | with_items:
74 | - wget
75 | - git
76 | - net-tools
77 | - bind-utils
78 | - yum-utils
79 | - iptables-services
80 | - bridge-utils
81 | - bash-completion
82 | - kexec-tools
83 | - sos
84 | - psacct
85 | - httpd-tools
86 | - docker
87 | - system-storage-manager
88 | - NetworkManager
89 | - centos-release-openshift-origin311
90 | - centos-release-ansible26
91 |
92 | {% if cloud_provider == 'azr' -%}
93 | - name: Create Azure Cloud Provider Config Directory
94 | file:
95 | dest: /etc/azure
96 | mode: 0600
97 | state: directory
98 |
99 | - name: Copy Azure Cloud Provider Configuration
100 | copy:
101 | src: "/tmp/azure.conf"
102 | mode: 0600
103 | dest: /etc/azure/azure.conf
104 | {% endif %}
105 |
106 | {% if is_rhel -%}
107 | # This is required only for centos machines
108 | - name: Add RedHat Registry Certificates
109 | shell: |
110 | cd /tmp
111 | sudo mkdir -p /etc/rhsm/ca
112 | sudo wget http://mirror.centos.org/centos/7/os/x86_64/Packages/python-rhsm-certificates-1.19.10-1.el7_4.x86_64.rpm
113 | sudo rpm2cpio python-rhsm-certificates-1.19.10-1.el7_4.x86_64.rpm | cpio -iv --to-stdout ./etc/rhsm/ca/redhat-uep.pem | tee /etc/rhsm/ca/redhat-uep.pem
114 | args:
115 | executable: /bin/bash
116 |
117 | - name: Check Red Hat Registry Certificates are Present
118 | file:
119 | name: /etc/rhsm/ca/redhat-uep.pem
120 | state: file
121 | register: proceed
122 | {% endif %}
123 |
124 | - set_fact:
125 | proceed: {{ proceed | default(True) }}
126 |
127 | - name: Stop Docker
128 | service:
129 | name: docker
130 | enabled: true
131 | state: stopped
132 | when: proceed
133 |
134 | - name: Delete /var/lib/docker
135 | file:
136 | name: /var/lib/docker
137 | state: absent
138 | run_once: true
139 | when: proceed
140 |
141 | - name: Reconfigure Docker Storage Setup
142 | copy:
143 | src: "/tmp/docker-storage-setup"
144 | dest: /etc/sysconfig/docker-storage-setup
145 | run_once: true
146 | when: proceed
147 |
148 | - name: Enable and Start Docker Service
149 | service:
150 | name: docker
151 | enabled: true
152 | state: started
153 | when: proceed
154 |
155 | - name: Enable and Start NetworkManager
156 | service:
157 | name: NetworkManager
158 | enabled: true
159 | state: started
160 | when: proceed
161 |
--------------------------------------------------------------------------------
/documentation/modules/ROOT/pages/setup.adoc:
--------------------------------------------------------------------------------
1 | = Setup
2 | include::_attributes.adoc[]
3 |
4 | [[prov-cloud-resource]]
5 | == Provisioning
6 |
7 | The provisioning consists of two parts:
8 |
9 | - Provision Cloud Resources
10 | - Deploying OpenShift
11 |
12 | === Cloud Resources
13 |
14 | [source,sh,subs=attributes+]
15 | ----
16 | $ ./provision.sh
17 | ----
18 |
19 | [NOTE]
20 | ====
21 | For easier explanation, further sections in the document assumes you have provisioned for one cloud say `gcp`
22 | ====
23 |
24 | [[node-connect]]
25 | == Connecting to OpenShift Node
26 |
27 | The following commands shows how you can connect to the provisioned instance via ssh:
28 |
29 | [source,sh]
30 | ----
31 | $ cd $PROJECT_HOME/out/gcp
32 | $ ./connect.sh
33 | ----
34 |
35 | The `connect.sh` script also holds information about the public IP, the ssh user and the private key to be used.
36 |
37 | [[deploy-openshift]]
38 | == Deploy OpenShift
39 |
40 | After successful provisioning of <>, there should be one directory per cloud created under `$PROJECT_HOME/out`.
41 |
42 | e.g. The following shows the directory tree for Azure and GCP
43 | [source,sh,subs=attributes+]
44 | ----
45 | out
46 | |-azr
47 | |---inventory <1>
48 | |-----host_vars <2>
49 | |- connect.sh <3>
50 | |- host_prepare.yaml <4>
51 | |- deploy.sh <5>
52 | |- docker-storage-setup <6>
53 | |- add_openshift_users.yaml <7>
54 | |- add-openshift-users.sh <8>
55 | |- openshift_users.yaml <9>
56 | |-gcp
57 | |---inventory
58 | |-----host_vars
59 | |- connect.sh
60 | |- host_prepare.yaml
61 | |- deploy.sh
62 | |- docker-storage-setup
63 | |- add_openshift_users.yaml <7>
64 | |- add-openshift-users.sh <8>
65 | |- openshift_users.yaml <9>
66 | ----
67 |
68 | <1> The cloud specific Ansible Inventory directory
69 | <2> host_vars, the Ansible host variables for the cloud provider
70 | <3> The SSH connect utility, this has the IP address of the OpenShift
71 | <4> The Cloud Host OpenShift Deployment preparation tasks
72 | <5> The OpenShift Deploy script
73 | <6> The Docker storage setup file
74 | <7> The Ansible playbook to add users who will have access to the OpenShift Web Console
75 | <8> The utility script to run the `add_openshift_users` play
76 | <9> openshift_users.yaml the users that need to be added/modified/deleted from OpenShift users file
77 |
78 | e.g. Lets say you want to deploy OpenShift to your Google Cloud Platform(gcp), run the following commands:
79 |
80 | [source,sh,subs=attributes+]
81 | ----
82 | $ cd $PROJECT_HOME/out/gcp
83 | $ ./deploy.sh
84 | ----
85 |
86 | [[add-users-to-openshift]]
87 | === Add Users to OpenShift
88 |
89 | There are no users created by default with OpenShift installation, this section details on how to add new users.
90 |
91 | The OpenShift installed is by default configured to use https://docs.openshift.org/3.9/install_config/configuring_authentication.html#HTPasswdPasswordIdentityProvider[HTPasswd] as the identity provider, with HTPasswd identity provider, the default htpasswd file is `/etc/origin/master/htpasswd`.
92 |
93 | The following section details on how to add/update/remove users from the htpasswd file to allow users access to the OpenShift Web Console.
94 |
95 | The `out//openshift_users.yaml` has two variables defined:
96 |
97 | **openshift_users** - a list of dict/hash with keys **username** and an optional **password**, if **password** is omitted a random 8 letter password will be generated
98 |
99 | e.g.
100 | [source,yaml,subs=attributes+]
101 | ----
102 | openshift_users:
103 | - {username: "developer",password: "supers3cret"}
104 | - {username: "demo"} <1>
105 | ----
106 | <1> in this case the password for the user `demo` in this case will be generated
107 |
108 | **openshift_delete_users** - a list of usernames that needs to be removed or deleted from OpenShift users htpasswd file
109 | e.g.
110 | [source,yaml,subs=attributes+]
111 | ----
112 | openshift_delete_users:
113 | - developer <1>
114 | ----
115 | <1> the user `developer` will be deleted from the OpenShift users htpasswd file
116 |
117 | After you have defined the users, run the following command:
118 |
119 | [source,sh,subs=attributes+]
120 | ----
121 | $ cd $PROJECT_HOME/out/gcp
122 | $ ./add-openshift-users.sh
123 | ----
124 |
125 | [[add-admin-user-to-openshift]]
126 | === Adding Admin User to OpenShift
127 |
128 | Follow the steps defined above to add a new user called `admin` with the password of your choice, to provide the user `admin` with **Cluster Admin Privileges** you might need to login to the node and execute the following commands:
129 |
130 | [source,sh,subs=attributes+]
131 | ----
132 | $ cd $PROJECT_HOME/out/gcp
133 | $ ./connect.sh
134 | $ sudo -i
135 | $ oc login -u system:admin
136 | $ oc adm policy add-cluster-role-to-user cluster-admin admin
137 | ----
138 |
139 | [[deprov-cloud-resource]]
140 | == DeProvisioning
141 |
142 | The undeploying of Cloud Resources are controlled by three main variables that are defined in `env/extravars`
143 |
144 | [source,yaml,subs=attributes+]
145 | ----
146 | gcp_rollback: False <1>
147 | azure_rollback: False <2>
148 | aws_rollback: False <3>
149 | ----
150 |
151 | <1> Set to `True` to undeploy GCP resources
152 | <2> Set to `True` to undeploy Azure resources
153 | <3> Set to `True` to undeploy AWS resources
154 |
155 | [source,sh]
156 | ----
157 | $ ./deprovision.sh
158 | ----
159 |
160 | NOTE: Sometime the Cloud resources might take time to get terminated or deleted, please verify via the respective cloud console to make sure the resources are deleted.
--------------------------------------------------------------------------------
/env/extravars.example:
--------------------------------------------------------------------------------
1 | ---
2 | ansible_become: no
3 | ansible_connection: local
4 |
5 | # Using different openshift version, default is v3.11
6 | #openshift_release: "v3.11"
7 | #v_origin_installer_image: v3.11.0
8 |
9 | # Recommended to put this file inside vault
10 | # https://docs.ansible.com/ansible/latest/user_guide/playbooks_vault.html
11 |
12 | # PROJECT_HOME is the directory where the sources are cloned
13 |
14 | # the name of the all in one instance that will be created
15 | instance_name: "openshift-all-in-one"
16 |
17 | # Hybrid Clouds where the resources will be provisioned
18 | # Currently only Google Cloud(gcp), Amazon(aws), and Azure(azr) are supported
19 | clouds:
20 | - gcp
21 | - aws
22 | - azr
23 | ####################################################################################
24 | # Rollback Variables
25 | # Rollback all Google Cloud Platform resources
26 | gcp_rollback: False
27 | # Rollback all Azure resources
28 | azure_rollback: False
29 | # Rollback all AWS resources
30 | aws_rollback: False
31 | ####################################################################################
32 |
33 | ####################################################################################
34 | #
35 | # Google Cloud Variables
36 | # https://docs.ansible.com/ansible/latest/scenario_guides/guide_gce.html
37 | ####################################################################################
38 | gcp:
39 | # https://cloud.google.com/compute/docs/access/service-accounts
40 | service_account_email: ""
41 | # Download the GCE credentials file JSON
42 | # save it under name gce-key.json inside $PROJECT_HOME/project/keys
43 | # IMPORTANT: If you change this path then you might need to alter the scripts
44 | project_id: ""
45 | credentials_file: keys/gce-key.json
46 | # https://cloud.google.com/compute/docs/regions-zones/
47 | region: "asia-south1"
48 | zone: "asia-south1-a"
49 | # This user will have sudo right and the public key (public_key_file) of private_key_file
50 | # will be added to the users .ssh/authorized_keys
51 | cloud_user: centos
52 | # The Private key that will be used to SSH into instances
53 | # If these files are not present the will be generated
54 | private_key_file: keys/gce_idrsa
55 | public_key_file: keys/gce_idrsa.pub
56 | # https://cloud.google.com/compute/docs/machine-types
57 | machine_type: "n1-standard-4" # 4 cpu 15 GB
58 | image: "centos-7"
59 | os_source_image: '/projects/centos-cloud/global/images/family/centos-7'
60 | #Size in GB
61 | docker_disk_size: 100
62 | is_rhel: False
63 |
64 | ####################################################################################
65 | #
66 | # Amazon Variables
67 | # https://docs.ansible.com/ansible/latest/scenario_guides/guide_aws.html
68 | #
69 | ####################################################################################
70 | aws:
71 | access_key: ""
72 | secret_key: ""
73 | # This user will have passwordless sudo rights and the public key of private_key_file
74 | # will be added to the users .ssh/authorized_keys
75 | cloud_user: centos
76 | # the SSH Key Pair Name that will provide access to instances
77 | key_pair_name: "openshift"
78 | # keys directory corresponds to $PROJECT_HOME/project/keys
79 | private_key_file: keys/aws_openshift.pem
80 | # https://aws.amazon.com/ec2/instance-types/
81 | instance_type: "m5.xlarge"
82 | # CentOS 7, Please check with https://wiki.centos.org/Cloud/AWS to find AMI ids for your region.
83 | image: "ami-1780a878"
84 | #https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html
85 | region: "ap-south-1"
86 | security_group: all-ssh-http-https
87 | is_rhel: False
88 |
89 | ##########################################################################################################
90 | #
91 | # Azure
92 | # https://docs.ansible.com/ansible/latest/scenario_guides/guide_azure.html
93 | # https://azure.microsoft.com/en-us/documentation/articles/resource-group-create-service-principal-portal/
94 | ###########################################################################################################
95 | azr:
96 | client_id: ""
97 | secret: ""
98 | subscription_id: ""
99 | tenant: ""
100 | # https://azure.microsoft.com/en-in/global-infrastructure/regions/
101 | location: ""
102 | # This user will have sudo right and the public key (public_key_file) of private_key_file
103 | # will be added to the users .ssh/authorized_keys
104 | cloud_user: centos
105 | # The Private Key to connect to VM and its public key which will be added to authorized keys
106 | # keys == $PROJECT_HOME/project/keys
107 | # The Private key that will be used to SSH into instances
108 | # If these files are not present the will be generated
109 | private_key_file: keys/azure_id_rsa
110 | public_key_file: keys/azure_id_rsa.pub
111 | resource_group: OpenShift
112 | cloud: AzurePublicCloud
113 | # https://docs.microsoft.com/en-us/azure/cloud-services/cloud-services-sizes-specs
114 | vm_size: "Standard_D4_v3"
115 | image:
116 | offer: CentOS
117 | publisher: OpenLogic
118 | sku: '7.5'
119 | version: latest
120 | security_group: openshift-nsg
121 | vm_net_name: openshift-net
122 |
123 | # # Only for RHEL Images
124 | # rhn_username: ''
125 | # rhn_password: ''
126 | # rhn_pool_ids:
127 | # image:
128 | # offer: RHEL
129 | # publisher: RedHat
130 | # sku: '7.5'
131 | # version: latest
132 |
--------------------------------------------------------------------------------
/roles/cloud-resources/tasks/aws.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | # - name: Provisioning AWS
3 | # debug:
4 | # msg: "{{aws}}"
5 |
6 | #############################################################################
7 | ## Security KeyPair
8 | #############################################################################
9 | - name: "AWS ec2 key pair {{aws.key_pair_name}}"
10 | ec2_key:
11 | name: "{{aws.key_pair_name}}"
12 | region: "{{aws.region}}"
13 | aws_access_key: "{{aws.access_key}}"
14 | aws_secret_key: "{{aws.secret_key}}"
15 | register: ec2key
16 | tags:
17 | - cloud-aws
18 |
19 | - name: AWS Save the Key Locally
20 | copy:
21 | content: "{{ec2key.key.private_key}}"
22 | dest: "{{aws.private_key_file}}"
23 | mode: 0700
24 | when: ec2key.key.private_key is defined
25 | tags:
26 | - cloud-aws
27 |
28 | #############################################################################
29 | ## VPC Network
30 | #############################################################################
31 | - name: AWS VPC OpenShift
32 | ec2_vpc_net:
33 | name: openshift-vpc
34 | region: "{{aws.region}}"
35 | aws_access_key: "{{aws.access_key}}"
36 | aws_secret_key: "{{aws.secret_key}}"
37 | cidr_block: 192.168.0.0/16
38 | tags:
39 | Name: "{{instance_name}}"
40 | OpenShift_Type: 'Origin'
41 | register: ec2vpc
42 | tags:
43 | - cloud-aws
44 |
45 | - name: AWS VPC OpenShift VPC Subnet
46 | ec2_vpc_subnet:
47 | region: "{{aws.region}}"
48 | aws_access_key: "{{aws.access_key}}"
49 | aws_secret_key: "{{aws.secret_key}}"
50 | vpc_id: "{{ec2vpc.vpc.id}}"
51 | cidr: 192.168.1.0/24
52 | resource_tags:
53 | Name: "{{instance_name}}"
54 | OpenShift_Type: 'Origin'
55 | register: openshift_subnet
56 | tags:
57 | - cloud-aws
58 |
59 | - name: AWS VPC OpenShift Internet Gateway
60 | ec2_vpc_igw:
61 | region: "{{aws.region}}"
62 | aws_access_key: "{{aws.access_key}}"
63 | aws_secret_key: "{{aws.secret_key}}"
64 | vpc_id: "{{ec2vpc.vpc.id}}"
65 | tags:
66 | Name: "{{instance_name}}"
67 | OpenShift_Type: 'Origin'
68 | register: ec2igw
69 | tags:
70 | - cloud-aws
71 |
72 | - name: AWS VPC OpenShift Public Subnet Route Table
73 | ec2_vpc_route_table:
74 | region: "{{aws.region}}"
75 | aws_access_key: "{{aws.access_key}}"
76 | aws_secret_key: "{{aws.secret_key}}"
77 | vpc_id: "{{ec2vpc.vpc.id}}"
78 | subnets:
79 | - "{{ openshift_subnet.subnet.id }}"
80 | routes:
81 | - dest: 0.0.0.0/0
82 | gateway_id: "{{ ec2igw.gateway_id }}"
83 | tags:
84 | Name: "{{instance_name}}"
85 | OpenShift_Type: 'Origin'
86 | register: public_route_table
87 | tags:
88 | - cloud-aws
89 |
90 | - name: AWS VPC OpenShift Security Group
91 | ec2_group:
92 | name: "{{aws.security_group}}"
93 | description: "OpenShift Rules"
94 | vpc_id: "{{ec2vpc.vpc.id}}"
95 | region: "{{aws.region}}"
96 | aws_access_key: "{{aws.access_key}}"
97 | aws_secret_key: "{{aws.secret_key}}"
98 | rules:
99 | - proto: tcp
100 | ports:
101 | - 22
102 | cidr_ip: 0.0.0.0/0
103 | - proto: tcp
104 | ports:
105 | - 22
106 | cidr_ip: 0.0.0.0/0
107 | - proto: tcp
108 | ports:
109 | - 80
110 | cidr_ip: 0.0.0.0/0
111 | - proto: tcp
112 | ports:
113 | - 443
114 | cidr_ip: 0.0.0.0/0
115 | - proto: tcp
116 | ports:
117 | - 8443
118 | cidr_ip: 0.0.0.0/0
119 | register: securitygroup
120 | tags:
121 | - cloud-aws
122 |
123 | #############################################################################
124 | ## Compute Network
125 | #############################################################################
126 |
127 | - name: AWS Create All in one OpenShift Node
128 | ec2:
129 | region: "{{aws.region}}"
130 | aws_access_key: "{{aws.access_key}}"
131 | aws_secret_key: "{{aws.secret_key}}"
132 | image: "{{aws.image}}"
133 | instance_type: "{{aws.instance_type}}"
134 | key_name: "{{aws.key_pair_name}}"
135 | group:
136 | - "{{aws.security_group}}"
137 | vpc_subnet_id: "{{ openshift_subnet.subnet.id }}"
138 | instance_tags:
139 | "{ 'Name' : '{{instance_name}}', 'OpenShift_Type' : 'Origin', 'kubernetes.io/cluster/{{hybridizer_cluster_id}}': '{{hybridizer_cluster_id}}' }"
140 | register: ec2instance
141 | tags:
142 | - cloud-aws
143 |
144 | # - debug: msg="{{ec2instance}}"
145 |
146 | # Docker Disk
147 | - name: "AWS Add Docker Volume to instance {{ec2instance.instance_ids[0]}}"
148 | ec2_vol:
149 | region: "{{aws.region}}"
150 | aws_access_key: "{{aws.access_key}}"
151 | aws_secret_key: "{{aws.secret_key}}"
152 | delete_on_termination: yes
153 | instance: "{{ec2instance.instance_ids[0]}}"
154 | volume_size: 100
155 | volume_type: 'gp2'
156 | tags:
157 | OpenShift_Type: "Origin"
158 | register: ec2vol
159 | tags:
160 | - cloud-aws
161 |
162 | # - debug: msg="{{ec2instance}}"
163 |
164 | - name: AWS Attach Elastic IP
165 | ec2_eip:
166 | region: "{{aws.region}}"
167 | aws_access_key: "{{aws.access_key}}"
168 | aws_secret_key: "{{aws.secret_key}}"
169 | device_id: "{{ item }}"
170 | in_vpc: True
171 | release_on_disassociation: yes
172 | register: ec2ip
173 | with_items: "{{ ec2instance.instance_ids}}"
174 | tags:
175 | - cloud-aws
176 |
177 | - name: Get Public IP
178 | set_fact:
179 | public_ip: "{{ec2ip.results[0].public_ip}}"
180 | dns_name: "{{ec2instance.instances[0].public_dns_name}}"
181 | tags:
182 | - cloud-aws
183 |
184 | - name: AWS Wait for SSH for instances
185 | wait_for:
186 | delay: "1"
187 | host: "{{ public_ip }}"
188 | port: "22"
189 | state: started
190 | timeout: "30"
191 | tags:
192 | - cloud-aws
193 |
194 | - debug:
195 | msg: "AWS OpenShift Node Details DNS {{dns_name}} IP {{public_ip}}"
196 | tags:
197 | - cloud-aws
198 |
199 | #############################################################################
200 | ## Write to inventory
201 | ##############################################################################
202 | - name: Setup Cloud Inventory Tasks
203 | include_tasks: cloud_inventory.yaml
204 | vars:
205 | cloud_host: "{{ public_ip }}"
206 | cloud_user: "{{ aws.cloud_user}}"
207 | private_key_file: "{{aws.private_key_file}}"
208 | cloud_host_alias: "aws-openshift"
209 | cloud_provider: "aws"
210 | is_rhel: "{{aws.is_rhel}}"
211 | hybricloud_inventory_dir: "{{hybridcloud_distro_base_dir}}/aws/inventory"
212 | hybridcloud_distro_dir: "{{hybridcloud_distro_base_dir}}/aws"
213 | tags:
214 | - cloud-aws
--------------------------------------------------------------------------------
/roles/cloud-resources/tasks/azure.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: Its Azure Env
3 | debug:
4 | msg: "Provision Azure Env"
5 |
6 | #############################################################################
7 | ## Security KeyPair
8 | #############################################################################
9 | - name: "Check that the {{azr.private_key_file}} exists"
10 | stat:
11 | path: "{{azr.private_key_file}}"
12 | register: azrsshfile
13 | tags:
14 | - cloud-azr
15 |
16 | - name: Create Azure SSH Key Pair
17 | shell: |
18 | ssh-keygen -t rsa -N '' -f "{{azr.private_key_file}}"
19 | when: azrsshfile.stat.exists == False
20 | register: azr_sshkey
21 | tags:
22 | - cloud-azr
23 |
24 | #############################################################################
25 | ## Resource Group
26 | #############################################################################
27 |
28 | - name: Azure Create a resource group
29 | azure_rm_resourcegroup:
30 | name: "{{azr.resource_group}}"
31 | client_id: "{{azr.client_id}}"
32 | secret: "{{azr.secret}}"
33 | subscription_id: "{{azr.subscription_id}}"
34 | tenant: "{{azr.tenant}}"
35 | location: "{{azr.location}}"
36 | tags:
37 | name: openshift-all-in-one
38 | register:
39 | azr_rm_resource_group
40 | tags:
41 | - cloud-azr
42 |
43 | #############################################################################
44 | ## Security Group
45 | #############################################################################
46 |
47 | - name: Azure Create OpenShift Network Security Group
48 | azure_rm_securitygroup:
49 | name: "{{azr.security_group}}"
50 | client_id: "{{azr.client_id}}"
51 | secret: "{{azr.secret}}"
52 | subscription_id: "{{azr.subscription_id}}"
53 | tenant: "{{azr.tenant}}"
54 | location: "{{azr.location}}"
55 | resource_group: "{{azr.resource_group}}"
56 | rules:
57 | - name: 'allow-ssh'
58 | description: "Allowing SSH"
59 | priority: 100
60 | destination_port_range: 22
61 | access: Allow
62 | - name: 'allow-http'
63 | description: "Allowing HTTP"
64 | priority: 101
65 | destination_port_range: 80
66 | access: Allow
67 | - name: 'allow-https'
68 | description: "Allowing HTTPS"
69 | priority: 102
70 | destination_port_range: 443
71 | access: Allow
72 | - name: 'allow-openshift-master-console'
73 | description: "Allowing OpenShift Master Console"
74 | priority: 103
75 | destination_port_range: 8443
76 | access: Allow
77 | tags:
78 | name: openshift-all-in-one
79 | register:
80 | azr_rm_nsg
81 | tags:
82 | - cloud-azr
83 |
84 | #############################################################################
85 | ## VPC Network
86 | #############################################################################
87 | - name: Azure Create OpenShift Network
88 | azure_rm_virtualnetwork:
89 | name: "{{azr.vm_net_name}}"
90 | client_id: "{{azr.client_id}}"
91 | secret: "{{azr.secret}}"
92 | subscription_id: "{{azr.subscription_id}}"
93 | tenant: "{{azr.tenant}}"
94 | location: "{{azr.location}}"
95 | resource_group: "{{azr.resource_group}}"
96 | address_prefixes_cidr:
97 | - 192.168.0.0/16
98 | tags:
99 | name: openshift-all-in-one
100 | register:
101 | azr_rm_vnet
102 | tags:
103 | - cloud-azr
104 |
105 | - name: Azure Create OpenShift Network Subnet
106 | azure_rm_subnet:
107 | name: openshift-subnet-01
108 | virtual_network_name: "{{azr.vm_net_name}}"
109 | client_id: "{{azr.client_id}}"
110 | secret: "{{azr.secret}}"
111 | subscription_id: "{{azr.subscription_id}}"
112 | tenant: "{{azr.tenant}}"
113 | resource_group: "{{azr.resource_group}}"
114 | address_prefix_cidr: "192.168.1.0/24"
115 | security_group: "{{azr.security_group}}"
116 | tags:
117 | name: openshift-all-in-one
118 | register:
119 | azr_rm_vnet_subnet
120 | tags:
121 | - cloud-azr
122 |
123 | - name: Azure Create OpenShift Default NIC
124 | azure_rm_networkinterface:
125 | name: openshift-nic01
126 | client_id: "{{azr.client_id}}"
127 | secret: "{{azr.secret}}"
128 | subscription_id: "{{azr.subscription_id}}"
129 | tenant: "{{azr.tenant}}"
130 | resource_group: "{{azr.resource_group}}"
131 | ip_configurations:
132 | - name: "openshift-ip"
133 | public_ip_address_name: "openshift-ip"
134 | public_ip_allocation_method: "Static"
135 | primary: True
136 | security_group: "{{azr.security_group}}"
137 | subnet_name: openshift-subnet-01
138 | virtual_network: "{{azr.vm_net_name}}"
139 | tags:
140 | name: openshift-all-in-one
141 | register:
142 | azr_rm_nic01
143 | tags:
144 | - cloud-azr
145 |
146 | #############################################################################
147 | ## Compute
148 | #############################################################################
149 |
150 | - name: Azure Create All In One OpenShift Node
151 | azure_rm_virtualmachine:
152 | name: "{{instance_name}}"
153 | client_id: "{{azr.client_id}}"
154 | secret: "{{azr.secret}}"
155 | subscription_id: "{{azr.subscription_id}}"
156 | tenant: "{{azr.tenant}}"
157 | location: "{{azr.location}}"
158 | resource_group: "{{azr.resource_group}}"
159 | ssh_password_enabled: False
160 | managed_disk_type: Standard_LRS
161 | data_disks:
162 | - lun: 0
163 | managed_disk_type: "Standard_LRS"
164 | disk_size_gb: 128
165 | storage_blob_name: "{{instance_name}}-docker"
166 | ssh_public_keys:
167 | - key_data: "{{lookup('file',azr.public_key_file)}}"
168 | path: "/home/{{azr.cloud_user}}/.ssh/authorized_keys"
169 | vm_size: "{{azr.vm_size}}"
170 | admin_username: "{{azr.cloud_user}}"
171 | image: "{{azr.image}}"
172 | network_interface_names:
173 | - openshift-nic01
174 | tags:
175 | name: openshift-all-in-one
176 | register:
177 | azr_rm_vm
178 |
179 | - name: Azure Public IP Query Fact
180 | set_fact:
181 | public_ip_query: "networkProfile.networkInterfaces[?name == 'openshift-nic01'].properties.ipConfigurations[0].properties.publicIPAddress.properties.ipAddress"
182 |
183 | - name: Azure Set VM Facts
184 | set_fact:
185 | public_ip: "{{azr_rm_vm.ansible_facts.azure_vm.properties|json_query(public_ip_query)|first}}"
186 |
187 | - debug:
188 | msg: "Azure OpenShift Node Details IP {{public_ip}}"
189 | tags:
190 | - cloud-azr
191 |
192 | - name: azure wait for ssh
193 | wait_for:
194 | delay: "1"
195 | host: "{{ public_ip }}"
196 | port: "22"
197 | state: started
198 | timeout: "120"
199 | tags:
200 | - cloud-azr
201 |
202 | #############################################################################
203 | ## Write to inventory
204 | ##############################################################################
205 |
206 | - name: Azure Build VM Hosts
207 | add_host:
208 | name: "azr-openshift"
209 | ansible_ssh_host: "{{public_ip}}"
210 | ansible_ssh_user: "{{azr.cloud_user}}"
211 | ansible_ssh_private_key_file: "{{azr.private_key_file}}"
212 | tags:
213 | - cloud-azr
214 |
215 | - name: Setup Cloud Inventory Tasks
216 | include_tasks: cloud_inventory.yaml
217 | vars:
218 | cloud_host: "{{ public_ip }}"
219 | cloud_user: "{{ azr.cloud_user}}"
220 | private_key_file: "{{azr.private_key_file}}"
221 | cloud_host_alias: "azr-openshift"
222 | cloud_provider: "azr"
223 | is_rhel: "{{azr.image.offer == 'RHEL'}}"
224 | hybricloud_inventory_dir: "{{hybridcloud_distro_base_dir}}/azr/inventory"
225 | hybridcloud_distro_dir: "{{hybridcloud_distro_base_dir}}/azr"
226 | tags:
227 | - cloud-azr
228 |
229 | - name: Azure Cloud Provider Configuration
230 | template:
231 | src: azure.conf.j2
232 | dest: "{{hybridcloud_distro_base_dir}}/azr/azure.conf"
233 | tags:
234 | - cloud-azr
--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
1 | Apache License
2 | Version 2.0, January 2004
3 | http://www.apache.org/licenses/
4 |
5 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
6 |
7 | 1. Definitions.
8 |
9 | "License" shall mean the terms and conditions for use, reproduction,
10 | and distribution as defined by Sections 1 through 9 of this document.
11 |
12 | "Licensor" shall mean the copyright owner or entity authorized by
13 | the copyright owner that is granting the License.
14 |
15 | "Legal Entity" shall mean the union of the acting entity and all
16 | other entities that control, are controlled by, or are under common
17 | control with that entity. For the purposes of this definition,
18 | "control" means (i) the power, direct or indirect, to cause the
19 | direction or management of such entity, whether by contract or
20 | otherwise, or (ii) ownership of fifty percent (50%) or more of the
21 | outstanding shares, or (iii) beneficial ownership of such entity.
22 |
23 | "You" (or "Your") shall mean an individual or Legal Entity
24 | exercising permissions granted by this License.
25 |
26 | "Source" form shall mean the preferred form for making modifications,
27 | including but not limited to software source code, documentation
28 | source, and configuration files.
29 |
30 | "Object" form shall mean any form resulting from mechanical
31 | transformation or translation of a Source form, including but
32 | not limited to compiled object code, generated documentation,
33 | and conversions to other media types.
34 |
35 | "Work" shall mean the work of authorship, whether in Source or
36 | Object form, made available under the License, as indicated by a
37 | copyright notice that is included in or attached to the work
38 | (an example is provided in the Appendix below).
39 |
40 | "Derivative Works" shall mean any work, whether in Source or Object
41 | form, that is based on (or derived from) the Work and for which the
42 | editorial revisions, annotations, elaborations, or other modifications
43 | represent, as a whole, an original work of authorship. For the purposes
44 | of this License, Derivative Works shall not include works that remain
45 | separable from, or merely link (or bind by name) to the interfaces of,
46 | the Work and Derivative Works thereof.
47 |
48 | "Contribution" shall mean any work of authorship, including
49 | the original version of the Work and any modifications or additions
50 | to that Work or Derivative Works thereof, that is intentionally
51 | submitted to Licensor for inclusion in the Work by the copyright owner
52 | or by an individual or Legal Entity authorized to submit on behalf of
53 | the copyright owner. For the purposes of this definition, "submitted"
54 | means any form of electronic, verbal, or written communication sent
55 | to the Licensor or its representatives, including but not limited to
56 | communication on electronic mailing lists, source code control systems,
57 | and issue tracking systems that are managed by, or on behalf of, the
58 | Licensor for the purpose of discussing and improving the Work, but
59 | excluding communication that is conspicuously marked or otherwise
60 | designated in writing by the copyright owner as "Not a Contribution."
61 |
62 | "Contributor" shall mean Licensor and any individual or Legal Entity
63 | on behalf of whom a Contribution has been received by Licensor and
64 | subsequently incorporated within the Work.
65 |
66 | 2. Grant of Copyright License. Subject to the terms and conditions of
67 | this License, each Contributor hereby grants to You a perpetual,
68 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable
69 | copyright license to reproduce, prepare Derivative Works of,
70 | publicly display, publicly perform, sublicense, and distribute the
71 | Work and such Derivative Works in Source or Object form.
72 |
73 | 3. Grant of Patent License. Subject to the terms and conditions of
74 | this License, each Contributor hereby grants to You a perpetual,
75 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable
76 | (except as stated in this section) patent license to make, have made,
77 | use, offer to sell, sell, import, and otherwise transfer the Work,
78 | where such license applies only to those patent claims licensable
79 | by such Contributor that are necessarily infringed by their
80 | Contribution(s) alone or by combination of their Contribution(s)
81 | with the Work to which such Contribution(s) was submitted. If You
82 | institute patent litigation against any entity (including a
83 | cross-claim or counterclaim in a lawsuit) alleging that the Work
84 | or a Contribution incorporated within the Work constitutes direct
85 | or contributory patent infringement, then any patent licenses
86 | granted to You under this License for that Work shall terminate
87 | as of the date such litigation is filed.
88 |
89 | 4. Redistribution. You may reproduce and distribute copies of the
90 | Work or Derivative Works thereof in any medium, with or without
91 | modifications, and in Source or Object form, provided that You
92 | meet the following conditions:
93 |
94 | (a) You must give any other recipients of the Work or
95 | Derivative Works a copy of this License; and
96 |
97 | (b) You must cause any modified files to carry prominent notices
98 | stating that You changed the files; and
99 |
100 | (c) You must retain, in the Source form of any Derivative Works
101 | that You distribute, all copyright, patent, trademark, and
102 | attribution notices from the Source form of the Work,
103 | excluding those notices that do not pertain to any part of
104 | the Derivative Works; and
105 |
106 | (d) If the Work includes a "NOTICE" text file as part of its
107 | distribution, then any Derivative Works that You distribute must
108 | include a readable copy of the attribution notices contained
109 | within such NOTICE file, excluding those notices that do not
110 | pertain to any part of the Derivative Works, in at least one
111 | of the following places: within a NOTICE text file distributed
112 | as part of the Derivative Works; within the Source form or
113 | documentation, if provided along with the Derivative Works; or,
114 | within a display generated by the Derivative Works, if and
115 | wherever such third-party notices normally appear. The contents
116 | of the NOTICE file are for informational purposes only and
117 | do not modify the License. You may add Your own attribution
118 | notices within Derivative Works that You distribute, alongside
119 | or as an addendum to the NOTICE text from the Work, provided
120 | that such additional attribution notices cannot be construed
121 | as modifying the License.
122 |
123 | You may add Your own copyright statement to Your modifications and
124 | may provide additional or different license terms and conditions
125 | for use, reproduction, or distribution of Your modifications, or
126 | for any such Derivative Works as a whole, provided Your use,
127 | reproduction, and distribution of the Work otherwise complies with
128 | the conditions stated in this License.
129 |
130 | 5. Submission of Contributions. Unless You explicitly state otherwise,
131 | any Contribution intentionally submitted for inclusion in the Work
132 | by You to the Licensor shall be under the terms and conditions of
133 | this License, without any additional terms or conditions.
134 | Notwithstanding the above, nothing herein shall supersede or modify
135 | the terms of any separate license agreement you may have executed
136 | with Licensor regarding such Contributions.
137 |
138 | 6. Trademarks. This License does not grant permission to use the trade
139 | names, trademarks, service marks, or product names of the Licensor,
140 | except as required for reasonable and customary use in describing the
141 | origin of the Work and reproducing the content of the NOTICE file.
142 |
143 | 7. Disclaimer of Warranty. Unless required by applicable law or
144 | agreed to in writing, Licensor provides the Work (and each
145 | Contributor provides its Contributions) on an "AS IS" BASIS,
146 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
147 | implied, including, without limitation, any warranties or conditions
148 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
149 | PARTICULAR PURPOSE. You are solely responsible for determining the
150 | appropriateness of using or redistributing the Work and assume any
151 | risks associated with Your exercise of permissions under this License.
152 |
153 | 8. Limitation of Liability. In no event and under no legal theory,
154 | whether in tort (including negligence), contract, or otherwise,
155 | unless required by applicable law (such as deliberate and grossly
156 | negligent acts) or agreed to in writing, shall any Contributor be
157 | liable to You for damages, including any direct, indirect, special,
158 | incidental, or consequential damages of any character arising as a
159 | result of this License or out of the use or inability to use the
160 | Work (including but not limited to damages for loss of goodwill,
161 | work stoppage, computer failure or malfunction, or any and all
162 | other commercial damages or losses), even if such Contributor
163 | has been advised of the possibility of such damages.
164 |
165 | 9. Accepting Warranty or Additional Liability. While redistributing
166 | the Work or Derivative Works thereof, You may choose to offer,
167 | and charge a fee for, acceptance of support, warranty, indemnity,
168 | or other liability obligations and/or rights consistent with this
169 | License. However, in accepting such obligations, You may act only
170 | on Your own behalf and on Your sole responsibility, not on behalf
171 | of any other Contributor, and only if You agree to indemnify,
172 | defend, and hold each Contributor harmless for any liability
173 | incurred by, or claims asserted against, such Contributor by reason
174 | of your accepting any such warranty or additional liability.
175 |
176 | END OF TERMS AND CONDITIONS
177 |
178 | APPENDIX: How to apply the Apache License to your work.
179 |
180 | To apply the Apache License to your work, attach the following
181 | boilerplate notice, with the fields enclosed by brackets "[]"
182 | replaced with your own identifying information. (Don't include
183 | the brackets!) The text should be enclosed in the appropriate
184 | comment syntax for the file format. We also recommend that a
185 | file or class name and description of purpose be included on the
186 | same "printed page" as the copyright notice for easier
187 | identification within third-party archives.
188 |
189 | Copyright [yyyy] [name of copyright owner]
190 |
191 | Licensed under the Apache License, Version 2.0 (the "License");
192 | you may not use this file except in compliance with the License.
193 | You may obtain a copy of the License at
194 |
195 | http://www.apache.org/licenses/LICENSE-2.0
196 |
197 | Unless required by applicable law or agreed to in writing, software
198 | distributed under the License is distributed on an "AS IS" BASIS,
199 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
200 | See the License for the specific language governing permissions and
201 | limitations under the License.
202 |
--------------------------------------------------------------------------------