Enable service-catalog using oc cluster up option #83
Conversation
|
Don't forget about when we deploy to ec2 we create SSL certificates then configure oc cluster up to use those certs with the hostname. Need to be sure that functionality still works, saw a few SSL related tasks were removed, unsure if they were solely for the apiserver of service catalog, or if some of them might enable using a custom ssl cert for the ec2 provisioning. |
cfchase
force-pushed
the
service-catalog-true
branch
2 times, most recently
from
a1c2f5e
to
7a167d7
Compare
cfchase
changed the title
|
@jwmatthews restored ec2 install using a separate role. I'm still debugging failures when using --service-catalog=true and editing the master-config.yml to use ssl, but this should get websockets working on local installs. Will follow up with ec2 changes in a separate PR. |
|
Saw success with linux and ec2 (using old behavior) Saw failure on mac, debugging. |
|
I saw success on the mac testing. I needed to:
After that worked and saw provision/bind workflow successful. |
|
ACK |
cfchase
changed the title
| when: ansible_os_family == "RedHat" | ||
|
|
||
| - set_fact: | ||
| oc_tools_dir: /usr/bin |
There was a problem hiding this comment.
oc_tools_dir needs to be in the user's path for the oc commands to execute correctly. The other option would be to execute oc commands with a modified environment.PATH variable.
cfchase
force-pushed
the
service-catalog-true
branch
from
50ccb15
to
ec85ba5
Compare
|
successfully tested this branch |
|
Doing 1 more run with testing ec2, then will merge if all checks out |
|
TASK [demo_prep : create rds apb resource file] ********************************************************************************************************************************************************** TASK [demo_prep : create rds postgres demo instance] ***************************************************************************************************************************************************** PLAY RECAP *********************************************************************************************************************************************************************************************** Looks like we need to update one more spot in 'demo_prep' to switch from kubectl to oc and stop using the kube config from service catalog |
|
I pushed 1 commit to address the prior failure i saw with ec2. |
|
The SSL cert isn't correct for EC2. I suspect SSL configuration is not correct, we should fix before merging. |
jwmatthews
changed the title
| dest: "{{ oc_host_config_dir }}/master/master-config.yaml" | ||
| insertbefore: "openshift.io/ImagePolicy:" | ||
| line: " PodPreset:\n configuration:\n kind: DefaultAdmissionConfig\n apiVersion: v1\n disable: false" | ||
| line: " namedCertificates:\n - certFile: /var/lib/origin/openshift.local.config/console-fullchain.pem\n keyFile: /var/lib/origin/openshift.local.config/console-privkey.pem\n names:\n - \"cchase.ec2.dog8code.com\"\n - \"apiserver-service-catalog.cchase.ec2.dog8code.com\"" |
There was a problem hiding this comment.
We'll want to remove the 'cchase.*' references.
| @@ -128,15 +127,6 @@ | |||
| - "{{ docker_images_group1 }}" | |||
| - "{{ docker_images_group2 }}" | |||
|
|
|||
| - name: Remove {{ oc_host_config_dir }}/master/master-config.yaml when resetting cluster | |||
There was a problem hiding this comment.
I think we want this block back in, on a reset it helps to be sure we are regenerating the master-config.yaml.
I'm running reset_environment.sh now, and it still has changes in master-config.yaml from prior run.
There was a problem hiding this comment.
I added this back, nothing else needed to be done here.
There was a problem hiding this comment.
I think I was confused by this comment. I thought that the intent of the reset was to avoid the extra up/down to generate the config. If we want to generate a new config every time, should we just do the extra up/down any time we use a custom config?
There was a problem hiding this comment.
The original context was catasb only worked on ec2 provisioning.
reset was intended to reuse the provisioned instance, just reset the oc cluster portion.
Then we added in the local options, so reset became much closer to setup_local_environment, not sure off hand what the diffs are if there are any on local context.
Essentially we want reset to be capable of clearing out the prior config and resetting from scratch.
|
I made changes and am seeing success with the cert now. |
also removed some unused pieces from the service catalog apiserver now being behind the api aggregator
jwmatthews
changed the title
|
I pushed some changes, seeing good results with ec2 now. Doing one more pass of a clean setup of ec2, and checking local linux again. |
|
@cfchase this is all good on my end. I'm good to merge this in now, assuming you are OK with the 2 commits I added. |
|
@jwmatthews thanks for the fixes. |
Use oc cluster up --service-catalog=true instead of separate service catalog setup.