10 # setup root access - default login: oom/oom - comment out to restrict access too ssh key only
11 sed -i 's/PermitRootLogin.*/PermitRootLogin yes/' /etc/ssh/sshd_config
12 sed -i 's/PasswordAuthentication.*/PasswordAuthentication yes/' /etc/ssh/sshd_config
14 echo -e "oom\noom" | passwd root
17 curl https://releases.rancher.com/install-docker/$DOCKER_VERSION.sh | sh
18 mkdir -p /etc/systemd/system/docker.service.d/
19 cat > /etc/systemd/system/docker.service.d/docker.conf << EOF
22 ExecStart=/usr/bin/dockerd -H fd:// --insecure-registry=nexus3.onap.org:10001
24 systemctl daemon-reload
25 systemctl restart docker
26 apt-mark hold docker-ce
28 #IP_ADDY=`ip address |grep ens|grep inet|awk '{print $2}'| awk -F / '{print $1}'`
31 #echo "$IP_ADDY $HOSTNAME" >> /etc/hosts
33 docker login -u docker -p docker nexus3.onap.org:10001
35 sudo apt-get install make -y
37 sudo docker run -d --restart=unless-stopped -p 8080:8080 --name rancher_server rancher/server:v$RANCHER_VERSION
38 sudo curl -LO https://storage.googleapis.com/kubernetes-release/release/v$KUBECTL_VERSION/bin/linux/amd64/kubectl
39 sudo chmod +x ./kubectl
40 sudo mv ./kubectl /usr/local/bin/kubectl
42 wget http://storage.googleapis.com/kubernetes-helm/helm-v${HELM_VERSION}-linux-amd64.tar.gz
43 sudo tar -zxvf helm-v${HELM_VERSION}-linux-amd64.tar.gz
44 sudo mv linux-amd64/helm /usr/local/bin/helm
47 sudo apt-get install nfs-kernel-server -y
49 sudo mkdir -p /nfs_share
50 sudo chown nobody:nogroup /nfs_share/
53 sudo mkdir -p /dockerdata-nfs
54 sudo chmod 777 -R /dockerdata-nfs
55 sudo chown nobody:nogroup /dockerdata-nfs/
57 NFS_EXP="*(rw,sync,no_root_squash,no_subtree_check) "
59 echo "/dockerdata-nfs "$NFS_EXP | sudo tee -a /etc/exports
61 #Restart the NFS service
63 sudo systemctl restart nfs-kernel-server
65 echo "wait before installing rancher server"
68 # Create ONAP environment on rancher and register the nodes...
73 echo "SERVER: ${SERVER}"
74 echo "PRIVATE_IP: ${PRIVATE_IP}"
75 echo "NODE_COUNT: ${NODE_COUNT}"
76 #install sshpass to login to the k8s nodes to run rancher agent
77 sudo apt-get install sshpass
79 # create kubernetes environment on rancher using cli
82 wget https://releases.rancher.com/cli/v${RANCHER_CLI_VER}/rancher-linux-amd64-v${RANCHER_CLI_VER}.tar.gz
83 sudo tar -zxvf rancher-linux-amd64-v${RANCHER_CLI_VER}.tar.gz
84 sudo cp rancher-v${RANCHER_CLI_VER}/rancher .
85 sudo chmod +x ./rancher
87 sudo apt install jq -y
88 echo "wait for rancher server container to finish - 3 min"
94 echo "get public and private tokens back to the rancher server so we can register the client later"
95 API_RESPONSE=`curl -s 'http://$SERVER:8080/v2-beta/apikey' -d '{"type":"apikey","accountId":"1a1","name":"autoinstall","description":"autoinstall","created":null,"kind":null,"removeTime":null,"removed":null,"uuid":null}'`
96 # Extract and store token
97 echo "API_RESPONSE: $API_RESPONSE"
98 KEY_PUBLIC=`echo $API_RESPONSE | jq -r .publicValue`
99 KEY_SECRET=`echo $API_RESPONSE | jq -r .secretValue`
100 echo "publicValue: $KEY_PUBLIC secretValue: $KEY_SECRET"
102 export RANCHER_URL=http://${SERVER}:8080
103 export RANCHER_ACCESS_KEY=$KEY_PUBLIC
104 export RANCHER_SECRET_KEY=$KEY_SECRET
106 echo "wait 60 sec for rancher environments can settle before we create the onap kubernetes one"
109 echo "Creating kubernetes environment named ${KUBE_ENV_NAME}"
110 ./rancher env create -t kubernetes $KUBE_ENV_NAME > kube_env_id.json
111 PROJECT_ID=$(<kube_env_id.json)
112 echo "env id: $PROJECT_ID"
113 export RANCHER_HOST_URL=http://${SERVER}:8080/v1/projects/$PROJECT_ID
114 echo "you should see an additional kubernetes environment usually with id 1a7"
116 # optionally disable cattle env
118 # add host registration url
119 # https://github.com/rancher/rancher/issues/2599
120 # wait for REGISTERING to ACTIVE
121 echo "sleep 60 to wait for REG to ACTIVE"
124 echo "check on environments again before registering the URL response"
127 REG_URL_RESPONSE=`curl -X POST -u $KEY_PUBLIC:$KEY_SECRET -H 'Accept: application/json' -H 'ContentType: application/json' -d '{"name":"$SERVER"}' "http://$SERVER:8080/v1/projects/$PROJECT_ID/registrationtokens"`
128 echo "REG_URL_RESPONSE: $REG_URL_RESPONSE"
129 echo "wait for server to finish url configuration - 2 min"
134 # see registrationUrl in
135 REGISTRATION_TOKENS=`curl http://$SERVER:8080/v2-beta/registrationtokens`
136 echo "REGISTRATION_TOKENS: $REGISTRATION_TOKENS"
137 REGISTRATION_URL=`echo $REGISTRATION_TOKENS | jq -r .data[0].registrationUrl`
138 REGISTRATION_DOCKER=`echo $REGISTRATION_TOKENS | jq -r .data[0].image`
139 REGISTRATION_TOKEN=`echo $REGISTRATION_TOKENS | jq -r .data[0].token`
140 echo "Registering host for image: $REGISTRATION_DOCKER url: $REGISTRATION_URL registrationToken: $REGISTRATION_TOKEN"
141 HOST_REG_COMMAND=`echo $REGISTRATION_TOKENS | jq -r .data[0].command`
143 #Loop using the private IP and the no of VMS to SSH into each machine
144 for i in `seq 1 $((${NODE_COUNT}-1))`;
146 NODE_IP=${PRIVATE_IP}$i
147 sshpass -p "oom" ssh -o StrictHostKeyChecking=no root@${NODE_IP} "hostnamectl set-hostname node$i && docker run --rm --privileged -v /var/run/docker.sock:/var/run/docker.sock -v /var/lib/racher:/var/lib/rancher $REGISTRATION_DOCKER $RANCHER_URL/v1/scripts/$REGISTRATION_TOKEN"
150 echo "waiting 10 min for host registration to finish"
154 #read -p "wait for host registration to complete before generating the client token....."
156 # base64 encode the kubectl token from the auth pair
157 # generate this after the host is registered
158 KUBECTL_TOKEN=$(echo -n 'Basic '$(echo -n "$RANCHER_ACCESS_KEY:$RANCHER_SECRET_KEY" | base64 -w 0) | base64 -w 0)
159 echo "KUBECTL_TOKEN base64 encoded: ${KUBECTL_TOKEN}"
160 # add kubectl config - NOTE: the following spacing has to be "exact" or kubectl will not connect - with a localhost:8080 error
161 cat > ~/.kube/config <<EOF
167 insecure-skip-tls-verify: true
168 server: "https://$SERVER:8080/r/projects/$PROJECT_ID/kubernetes:6443"
172 cluster: "${ENVIRON}"
175 current-context: "${ENVIRON}"
179 token: "$KUBECTL_TOKEN"
183 echo "run the following if you installed a higher kubectl version than the server"
184 echo "helm init --upgrade"
185 echo "Verify all pods up on the kubernetes system - will return localhost:8080 until a host is added"
186 echo "kubectl get pods --all-namespaces"
187 kubectl get pods --all-namespaces