summaryrefslogtreecommitdiffstats
path: root/deployment/Azure_ARM_Template/scripts/azure-rancher-server.sh
blob: fc92c295e3527897f9223634767a4f1578c31b5d (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
#!/bin/bash

set -x

DOCKER_VERSION=17.03
RANCHER_VERSION=1.6.18
KUBECTL_VERSION=1.8.10
HELM_VERSION=2.9.1

# setup root access - default login: oom/oom - comment out to restrict access too ssh key only
sed -i 's/PermitRootLogin.*/PermitRootLogin yes/' /etc/ssh/sshd_config
sed -i 's/PasswordAuthentication.*/PasswordAuthentication yes/' /etc/ssh/sshd_config
service sshd restart
echo -e "oom\noom" | passwd root

apt-get update
curl https://releases.rancher.com/install-docker/$DOCKER_VERSION.sh | sh
mkdir -p /etc/systemd/system/docker.service.d/
cat > /etc/systemd/system/docker.service.d/docker.conf << EOF
[Service]
ExecStart=
ExecStart=/usr/bin/dockerd -H fd:// --insecure-registry=nexus3.onap.org:10001
EOF
systemctl daemon-reload
systemctl restart docker
apt-mark hold docker-ce

#IP_ADDY=`ip address |grep ens|grep inet|awk '{print $2}'| awk -F / '{print $1}'`
#HOSTNAME=`hostname`

#echo "$IP_ADDY $HOSTNAME" >> /etc/hosts

docker login -u docker -p docker nexus3.onap.org:10001

sudo apt-get install make -y

sudo docker run -d --restart=unless-stopped -p 8080:8080 --name rancher_server rancher/server:v$RANCHER_VERSION
sudo curl -LO https://storage.googleapis.com/kubernetes-release/release/v$KUBECTL_VERSION/bin/linux/amd64/kubectl
sudo chmod +x ./kubectl
sudo mv ./kubectl /usr/local/bin/kubectl
sudo mkdir ~/.kube
wget http://storage.googleapis.com/kubernetes-helm/helm-v${HELM_VERSION}-linux-amd64.tar.gz
sudo tar -zxvf helm-v${HELM_VERSION}-linux-amd64.tar.gz
sudo mv linux-amd64/helm /usr/local/bin/helm

# nfs server
sudo apt-get install nfs-kernel-server -y

sudo mkdir -p /nfs_share
sudo chown nobody:nogroup /nfs_share/


sudo mkdir -p /dockerdata-nfs
sudo chmod 777 -R /dockerdata-nfs
sudo chown nobody:nogroup /dockerdata-nfs/

NFS_EXP="*(rw,sync,no_root_squash,no_subtree_check) "

echo "/dockerdata-nfs "$NFS_EXP | sudo tee -a /etc/exports

#Restart the NFS service
sudo exportfs -a
sudo systemctl restart nfs-kernel-server

echo "wait before installing rancher server"
sleep 60

# Create ONAP environment on rancher and register the nodes...
SERVER=$1
PRIVATE_IP=$2
NODE_COUNT=$3

echo "SERVER: ${SERVER}"
echo "PRIVATE_IP: ${PRIVATE_IP}"
echo "NODE_COUNT: ${NODE_COUNT}"
#install sshpass to login to the k8s nodes to run rancher agent
sudo apt-get install sshpass

# create kubernetes environment on rancher using cli
RANCHER_CLI_VER=0.6.7
KUBE_ENV_NAME='onap'
wget https://releases.rancher.com/cli/v${RANCHER_CLI_VER}/rancher-linux-amd64-v${RANCHER_CLI_VER}.tar.gz
sudo tar -zxvf rancher-linux-amd64-v${RANCHER_CLI_VER}.tar.gz
sudo cp rancher-v${RANCHER_CLI_VER}/rancher .
sudo chmod +x ./rancher

sudo apt install jq -y
echo "wait for rancher server container to finish - 3 min"
sleep 60
echo "2 more min"
sleep 60
echo "1 min left"
sleep 60
echo "get public and private tokens back to the rancher server so we can register the client later"
API_RESPONSE=`curl -s 'http://$SERVER:8080/v2-beta/apikey' -d '{"type":"apikey","accountId":"1a1","name":"autoinstall","description":"autoinstall","created":null,"kind":null,"removeTime":null,"removed":null,"uuid":null}'`
# Extract and store token
echo "API_RESPONSE: $API_RESPONSE"
KEY_PUBLIC=`echo $API_RESPONSE | jq -r .publicValue`
KEY_SECRET=`echo $API_RESPONSE | jq -r .secretValue`
echo "publicValue: $KEY_PUBLIC secretValue: $KEY_SECRET"

export RANCHER_URL=http://${SERVER}:8080
export RANCHER_ACCESS_KEY=$KEY_PUBLIC
export RANCHER_SECRET_KEY=$KEY_SECRET
./rancher env ls
echo "wait 60 sec for rancher environments can settle before we create the onap kubernetes one"
sleep 60

echo "Creating kubernetes environment named ${KUBE_ENV_NAME}"
./rancher env create -t kubernetes $KUBE_ENV_NAME > kube_env_id.json
PROJECT_ID=$(<kube_env_id.json)
echo "env id: $PROJECT_ID"
export RANCHER_HOST_URL=http://${SERVER}:8080/v1/projects/$PROJECT_ID
echo "you should see an additional kubernetes environment usually with id 1a7"
./rancher env ls
# optionally disable cattle env

# add host registration url
# https://github.com/rancher/rancher/issues/2599
# wait for REGISTERING to ACTIVE
echo "sleep 60 to wait for REG to ACTIVE"
./rancher env ls
sleep 30
echo "check on environments again before registering the URL response"
./rancher env ls
sleep 30
REG_URL_RESPONSE=`curl -X POST -u $KEY_PUBLIC:$KEY_SECRET -H 'Accept: application/json' -H 'ContentType: application/json' -d '{"name":"$SERVER"}' "http://$SERVER:8080/v1/projects/$PROJECT_ID/registrationtokens"`
echo "REG_URL_RESPONSE: $REG_URL_RESPONSE"
echo "wait for server to finish url configuration - 2 min"
sleep 60
echo "60 more sec"
sleep 60

# see registrationUrl in
REGISTRATION_TOKENS=`curl http://$SERVER:8080/v2-beta/registrationtokens`
echo "REGISTRATION_TOKENS: $REGISTRATION_TOKENS"
REGISTRATION_URL=`echo $REGISTRATION_TOKENS | jq -r .data[0].registrationUrl`
REGISTRATION_DOCKER=`echo $REGISTRATION_TOKENS | jq -r .data[0].image`
REGISTRATION_TOKEN=`echo $REGISTRATION_TOKENS | jq -r .data[0].token`
echo "Registering host for image: $REGISTRATION_DOCKER url: $REGISTRATION_URL registrationToken: $REGISTRATION_TOKEN"
HOST_REG_COMMAND=`echo $REGISTRATION_TOKENS | jq -r .data[0].command`

#Loop using the private IP and the no of VMS to SSH into each machine
for i in `seq 1 $((${NODE_COUNT}-1))`;
do
	NODE_IP=${PRIVATE_IP}$i
	sshpass -p "oom" ssh -o StrictHostKeyChecking=no root@${NODE_IP} "hostnamectl set-hostname node$i && docker run --rm --privileged -v /var/run/docker.sock:/var/run/docker.sock -v /var/lib/racher:/var/lib/rancher $REGISTRATION_DOCKER $RANCHER_URL/v1/scripts/$REGISTRATION_TOKEN"
done

echo "waiting 10 min for host registration to finish"
sleep 540
echo "1 more min"
sleep 60
#read -p "wait for host registration to complete before generating the client token....."

# base64 encode the kubectl token from the auth pair
# generate this after the host is registered
KUBECTL_TOKEN=$(echo -n 'Basic '$(echo -n "$RANCHER_ACCESS_KEY:$RANCHER_SECRET_KEY" | base64 -w 0) | base64 -w 0)
echo "KUBECTL_TOKEN base64 encoded: ${KUBECTL_TOKEN}"
# add kubectl config - NOTE: the following spacing has to be "exact" or kubectl will not connect - with a localhost:8080 error
cat > ~/.kube/config <<EOF
apiVersion: v1
kind: Config
clusters:
- cluster:
    api-version: v1
    insecure-skip-tls-verify: true
    server: "https://$SERVER:8080/r/projects/$PROJECT_ID/kubernetes:6443"
  name: "${ENVIRON}"
contexts:
- context:
    cluster: "${ENVIRON}"
    user: "${ENVIRON}"
  name: "${ENVIRON}"
current-context: "${ENVIRON}"
users:
- name: "${ENVIRON}"
  user:
    token: "$KUBECTL_TOKEN"

EOF

echo "run the following if you installed a higher kubectl version than the server"
echo "helm init --upgrade"
echo "Verify all pods up on the kubernetes system - will return localhost:8080 until a host is added"
echo "kubectl get pods --all-namespaces"
kubectl get pods --all-namespaces


exit 0