-
Notifications
You must be signed in to change notification settings - Fork 256
/
deploy.sh
executable file
·274 lines (235 loc) · 8.47 KB
/
deploy.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
#!/bin/bash
set -eu
function usage {
echo "Usage : deploy.sh [-b -i -t -n -k -m]"
echo ""
echo " -b: deploy BMO"
echo " -i: deploy Ironic"
echo " -t: deploy with TLS enabled"
echo " -n: deploy without authentication"
echo " -k: deploy with keepalived"
echo " -m: deploy with mariadb (requires TLS enabled)"
}
DEPLOY_BMO=false
DEPLOY_IRONIC=false
DEPLOY_TLS=false
DEPLOY_BASIC_AUTH=true
DEPLOY_KEEPALIVED=false
DEPLOY_MARIADB=false
while getopts ":hbitnkm" options; do
case "${options}" in
h)
usage
exit 0
;;
b)
DEPLOY_BMO=true
;;
i)
DEPLOY_IRONIC=true
;;
t)
DEPLOY_TLS=true
;;
n)
echo "WARNING: Deploying without authentication is not recommended"
DEPLOY_BASIC_AUTH=false
;;
k)
DEPLOY_KEEPALIVED=true
;;
m)
DEPLOY_MARIADB=true
;;
:)
echo "ERROR: -${OPTARG} requires an argument"
usage
exit 1
;;
*)
usage
exit 1
;;
esac
done
# Backward compatibility
shift $(( OPTIND - 1 ))
if [ $# -gt 0 ]; then
echo "WARNING: positional arguments are deprecated, run deploy.sh -h for information"
fi
if [ -n "${1:-}" ]; then
DEPLOY_BMO=$1
fi
if [ -n "${2:-}" ]; then
DEPLOY_IRONIC=$2
fi
if [ -n "${3:-}" ]; then
DEPLOY_TLS=$3
fi
if [ -n "${4:-}" ]; then
DEPLOY_BASIC_AUTH=$4
fi
if [ -n "${5:-}" ]; then
DEPLOY_KEEPALIVED=$5
fi
if [[ "${DEPLOY_BMO}" == "false" ]] && [[ "${DEPLOY_IRONIC}" == "false" ]]; then
echo "ERROR: nothing to deploy"
usage
exit 1
fi
if [[ "${DEPLOY_MARIADB}" == "true" ]] && [[ "${DEPLOY_TLS}" == "false" ]]; then
echo "ERROR: Deploying Ironic with MariaDB without TLS is not supported."
usage
exit 1
fi
MARIADB_HOST_IP="${MARIADB_HOST_IP:-"127.0.0.1"}"
KUBECTL_ARGS="${KUBECTL_ARGS:-""}"
RESTART_CONTAINER_CERTIFICATE_UPDATED=${RESTART_CONTAINER_CERTIFICATE_UPDATED:-"false"}
export NAMEPREFIX=${NAMEPREFIX:-"baremetal-operator"}
SCRIPTDIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )/.." && pwd )"
TEMP_BMO_OVERLAY="${SCRIPTDIR}/config/overlays/temp"
TEMP_IRONIC_OVERLAY="${SCRIPTDIR}/ironic-deployment/overlays/temp"
rm -rf "${TEMP_BMO_OVERLAY}"
rm -rf "${TEMP_IRONIC_OVERLAY}"
mkdir -p "${TEMP_BMO_OVERLAY}"
mkdir -p "${TEMP_IRONIC_OVERLAY}"
KUSTOMIZE="${SCRIPTDIR}/tools/bin/kustomize"
KUSTOMIZE_BUILD="tools/bin/kustomize"
make -C "$(dirname "$0")/.." "${KUSTOMIZE_BUILD}"
#
# Generate credentials as needed
#
IRONIC_DATA_DIR="${IRONIC_DATA_DIR:-/opt/metal3/ironic/}"
IRONIC_AUTH_DIR="${IRONIC_AUTH_DIR:-"${IRONIC_DATA_DIR}auth/"}"
sudo mkdir -p "${IRONIC_DATA_DIR}"
sudo chown -R "${USER}:$(id -gn)" "${IRONIC_DATA_DIR}"
mkdir -p "${IRONIC_AUTH_DIR}"
# If usernames and passwords are unset, read them from file or generate them
if [[ "${DEPLOY_BASIC_AUTH}" == "true" ]]; then
if [ -z "${IRONIC_USERNAME:-}" ]; then
if [ ! -f "${IRONIC_AUTH_DIR}ironic-username" ]; then
IRONIC_USERNAME="$(uuidgen)"
echo "$IRONIC_USERNAME" > "${IRONIC_AUTH_DIR}ironic-username"
else
IRONIC_USERNAME="$(cat "${IRONIC_AUTH_DIR}ironic-username")"
fi
fi
if [ -z "${IRONIC_PASSWORD:-}" ]; then
if [ ! -f "${IRONIC_AUTH_DIR}ironic-password" ]; then
IRONIC_PASSWORD="$(uuidgen)"
echo "$IRONIC_PASSWORD" > "${IRONIC_AUTH_DIR}ironic-password"
else
IRONIC_PASSWORD="$(cat "${IRONIC_AUTH_DIR}ironic-password")"
fi
fi
if [[ "${DEPLOY_BMO}" == "true" ]]; then
echo "${IRONIC_USERNAME}" > "${TEMP_BMO_OVERLAY}/ironic-username"
echo "${IRONIC_PASSWORD}" > "${TEMP_BMO_OVERLAY}/ironic-password"
fi
if [[ "${DEPLOY_IRONIC}" == "true" ]]; then
htpasswd -n -b -B "${IRONIC_USERNAME}" "${IRONIC_PASSWORD}" > \
"${TEMP_IRONIC_OVERLAY}/ironic-htpasswd"
fi
fi
#
# Ironic
#
if [[ "${DEPLOY_IRONIC}" == "true" ]]; then
# Create a temporary overlay where we can make changes.
pushd "${TEMP_IRONIC_OVERLAY}"
${KUSTOMIZE} create --resources=../../../config/namespace \
--namespace=baremetal-operator-system --nameprefix=baremetal-operator-
if [ "${DEPLOY_BASIC_AUTH}" == "true" ]; then
${KUSTOMIZE} edit add secret ironic-htpasswd --from-file=htpasswd=ironic-htpasswd
if [[ "${DEPLOY_TLS}" == "true" ]]; then
# Basic-auth + TLS is special since TLS also means reverse proxy, which affects basic-auth.
# Therefore we have an overlay that we use as base for this case.
${KUSTOMIZE} edit add resource ../../overlays/basic-auth_tls
else
${KUSTOMIZE} edit add resource ../../base
${KUSTOMIZE} edit add component ../../components/basic-auth
fi
else
if [[ "${DEPLOY_TLS}" == "true" ]]; then
${KUSTOMIZE} edit add component ../../components/tls
fi
fi
if [[ "${DEPLOY_KEEPALIVED}" == "true" ]]; then
${KUSTOMIZE} edit add component ../../components/keepalived
fi
if [[ "${DEPLOY_MARIADB}" == "true" ]]; then
${KUSTOMIZE} edit add component ../../components/mariadb
fi
popd
fi
#
# BMO
#
if [[ "${DEPLOY_BMO}" == "true" ]]; then
# Create a temporary overlay where we can make changes.
pushd "${TEMP_BMO_OVERLAY}"
${KUSTOMIZE} create --resources=../../base,../../namespace \
--namespace=baremetal-operator-system
if [ "${DEPLOY_BASIC_AUTH}" == "true" ]; then
${KUSTOMIZE} edit add component ../../components/basic-auth
# These files are created below
${KUSTOMIZE} edit add secret ironic-credentials \
--from-file=username=ironic-username --from-file=password=ironic-password
fi
if [[ "${DEPLOY_TLS}" == "true" ]]; then
${KUSTOMIZE} edit add component ../../components/tls
fi
popd
fi
#
# Deploy
#
if [[ "${DEPLOY_BMO}" == "true" ]]; then
pushd "${TEMP_BMO_OVERLAY}"
# This is to keep the current behavior of using the ironic.env file for the configmap
cp "${SCRIPTDIR}/config/default/ironic.env" "${TEMP_BMO_OVERLAY}/ironic.env"
${KUSTOMIZE} edit add configmap ironic --behavior=create --from-env-file=ironic.env
# shellcheck disable=SC2086
${KUSTOMIZE} build "${TEMP_BMO_OVERLAY}" | kubectl apply ${KUBECTL_ARGS} -f -
popd
fi
if [[ "${DEPLOY_IRONIC}" == "true" ]]; then
pushd "${TEMP_IRONIC_OVERLAY}"
# Copy the configmap content from either the keepalived or default kustomization
# and edit based on environment.
if [[ "${DEPLOY_KEEPALIVED}" == "true" ]]; then
IRONIC_BMO_CONFIGMAP_SOURCE="${SCRIPTDIR}/ironic-deployment/components/keepalived/ironic_bmo_configmap.env"
else
IRONIC_BMO_CONFIGMAP_SOURCE="${SCRIPTDIR}/ironic-deployment/default/ironic_bmo_configmap.env"
fi
IRONIC_BMO_CONFIGMAP="${TEMP_IRONIC_OVERLAY}/ironic_bmo_configmap.env"
cp "${IRONIC_BMO_CONFIGMAP_SOURCE}" "${IRONIC_BMO_CONFIGMAP}"
if grep -q "RESTART_CONTAINER_CERTIFICATE_UPDATED" "${IRONIC_BMO_CONFIGMAP}" ; then
sed "s/\(RESTART_CONTAINER_CERTIFICATE_UPDATED\).*/\1=${RESTART_CONTAINER_CERTIFICATE_UPDATED}/" -i "${IRONIC_BMO_CONFIGMAP}"
else
echo "RESTART_CONTAINER_CERTIFICATE_UPDATED=${RESTART_CONTAINER_CERTIFICATE_UPDATED}" >> "${IRONIC_BMO_CONFIGMAP}"
fi
sed -i "s/IRONIC_HOST_IP/${IRONIC_HOST_IP}/g" "${SCRIPTDIR}/ironic-deployment/components/tls/certificate.yaml"
sed -i "s/MARIADB_HOST_IP/${MARIADB_HOST_IP}/g" "${SCRIPTDIR}/ironic-deployment/components/mariadb/certificate.yaml"
${KUSTOMIZE} edit add configmap ironic-bmo-configmap --behavior=create --from-env-file=ironic_bmo_configmap.env
# shellcheck disable=SC2086
${KUSTOMIZE} build "${TEMP_IRONIC_OVERLAY}" | kubectl apply ${KUBECTL_ARGS} -f -
popd
fi
#
# Cleanup
#
if [[ "${DEPLOY_BASIC_AUTH}" == "true" ]]; then
if [[ "${DEPLOY_BMO}" == "true" ]]; then
rm "${TEMP_BMO_OVERLAY}/ironic-username"
rm "${TEMP_BMO_OVERLAY}/ironic-password"
rm -f "${TEMP_BMO_OVERLAY}/ironic-inspector-username"
rm -f "${TEMP_BMO_OVERLAY}/ironic-inspector-password"
fi
if [[ "${DEPLOY_IRONIC}" == "true" ]]; then
rm "${TEMP_IRONIC_OVERLAY}/ironic-htpasswd"
rm -f "${TEMP_IRONIC_OVERLAY}/ironic-auth-config"
rm -f "${TEMP_IRONIC_OVERLAY}/ironic-inspector-auth-config"
rm -f "${TEMP_IRONIC_OVERLAY}/ironic-inspector-htpasswd"
fi
fi