The purpose of this repository is to provide a set of Ansible playbooks that can be used to install a range of Red Hat middleware products on Openshift.
These products include:
- Single Sign On
- Managed Services Broker
- EnMasse
- Eclipse Che
- Launcher
- 3Scale
- Ansible v2.6
- Openshift Container Platform v3.10
- Openshift CLI (OC) v3.10
- SSH Access to Openshift master(s)
- Cluster administrator permissions
The following section demonstrates how to install each of the products listed above on an existing Openshift cluster.
git clone https://github.com/integr8ly/installation.git
Prior to running the playbooks the master hostname and associated SSH username must be set in the inventory host file to match the target cluster configuration. The following example sets the SSH username to evals
and the master hostname to master.evals.example.com
:
~/installation/evals/inventories/hosts
[local:vars]
ansible_connection=local
[local]
127.0.0.1
[OSEv3:children]
master
[OSEv3:vars]
ansible_user=evals
[master]
master.evals.example.com
There are currently two options for installing:
- Install all products from a single playbook
- Install each product separately using their associated install playbooks
All products can be installed using the install.yml
playbook located in the evals/playbooks/
directory.
Before running the installer, please consider the following variables:
eval_self_signed_certs
- Whether the OpenShift cluster uses self-signed certs or not. Defaults totrue
.
Run the playbook:
oc login https://<openshift-master-url>
cd evals/
ansible-playbook -i inventories/hosts playbooks/install.yml
Each product has an associated install playbook available from the evals/playbooks/
directory.
oc login https://<openshift-master-url>
cd evals/
ansible-playbook -i inventories/hosts playbooks/rhsso.yml
Upon completion, a new identity provider named rh_sso
should be presented on the Openshift master console login screen.
Default login credentials are evals@example.com / Password1
To configure custom account credentials, simply override the rhsso role environment variables by specifying user parameters as part of the install command:
ansible-playbook -i inventories/hosts playbooks/rhsso.yml -e rhsso_evals_username=<username> -e rhsso_evals_password=<password>
oc login https://<openshift-master-url>
cd evals/
ansible-playbook -i inventories/hosts playbooks/enmasse.yml
Once the playbook has completed a service named EnMasse (standard)
will be available
in the Service Catalog. This can be provisioned into your namespace to use EnMasse.
Set the following variables:
che_route_suffix
- The router suffix of the OpenShift cluster.che_keycloak_host
- The route to the previously created SSO, without protocol.che_keycloak_user
- Username to authenticate as, this would be the admin user by default.che_keycloak_password
- Password of the user.che_namespace
- The namesapce to provision che into.che_infra_namespace
- This can usually be the same asche_namespace
.
oc login https://<openshift-master-url>
cd evals/
ansible-playbook -i inventories/hosts playbooks/che-install.yml
The Launcher playbook also requires information about the existing SSO that was provisioned previously. It needs to know the route of the SSO. This can be retrieved using:
oc get route secure-sso -o jsonpath='{.spec.host}' -n rhsso
It also needs to know the realm to interact with. By default this would be
openshift
. Finally it needs the credentials of a user to login as, by default
this would be the admin
user created by the SSO playbook.
Specify the following variables in the inventory files or as --extra-vars
when
running the playbook.
launcher_openshift_sso_route
- The route to the previously created SSO, without protocol.launcher_openshift_sso_realm
- The realm to create resources in the SSO, this would beopenshift
by default.launcher_openshift_sso_username
- Username to authenticate as, this would be the admin user by default.launcher_openshift_sso_password
- Password of the user.
If using self signed certs set launcher_sso_validate_certs
to no/false
.
Without this, an error will be thrown similar to this:
fatal: [127.0.0.1]: FAILED! => {"msg": "The conditional check 'launcher_sso_auth_response.status == 200' failed. The error was: error while evaluating conditional (launcher_sso_auth_response.status == 200): 'dict object' has no attribute 'status'"}
Next, run the playbook.
oc login https://<openshift-master-url>
cd evals
ansible-playbook -i inventories/hosts playbooks/launcher.yml
Once the playbook has completed it will print a debug message saying to update
the Authorization callback URL
of the GitHub OAuth Application. Once this is
done the launcher setup has finished.
Note: 3Scale requires access to ReadWriteMany PVs. As such, it will only work on Openshift clusters that have RWX PVs available.
oc login https://<openshift-master-url>
cd evals/
ansible-playbook -i inventories/hosts playbooks/3scale.yml -e threescale_route_suffix=<openshift-router-suffix>
oc login https://<openshift-master-url>
cd evals/
ansible-playbook -i inventories/hosts playbooks/webapp.yml
Run the uninstall.yml playbook from inside the evals directory:
cd evals/
ansible-playbook -i inventories/hosts playbooks/uninstall.yml
By default this will delete all user-created namespaces as well, if you wish to keep these namespaces then add the following flag:
-e keep_namespaces=true