-
Notifications
You must be signed in to change notification settings - Fork 4.7k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
refactor install to support configuration, plus help manpage
- Loading branch information
Showing
10 changed files
with
211 additions
and
81 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,65 @@ | ||
.\" Manpage for atomic-registry-install. | ||
.TH man 8 "17 Aug 2016" "0.1" "atomic-registry-install man page" | ||
.SH NAME | ||
atomic-registry-install \- Atomic Registry installer image | ||
.SH SYNOPSIS | ||
atomic install projectatomic/atomic-registry-install [HOSTNAME] | ||
.PP | ||
atomic uninstall projectatomic/atomic-registry-install [--remove-data] | ||
.SH DESCRIPTION | ||
A container-based installation of Atomic Registry. It installs systemd unit files, configuration and a setup script to deploy atomic registry. It supports overriding image names, tags and ports used for Atomic Registry. | ||
.SH OPTIONS | ||
.IP HOSTNAME | ||
installation hostname. By default the output of `hostname` is used. | ||
.B install | ||
only. | ||
|
||
.IP --remove-data | ||
destructively remove all configuration and datastore. | ||
.B uninstall | ||
only. | ||
.SH ENVIRONMENT | ||
Installation values may be overridden by environment variable. The following variables are passed into the installation container: | ||
.IP REGISTRYPORT=5000 | ||
The registry service port | ||
.IP MASTERPORT=8443 | ||
The master service port | ||
.IP CONSOLEPORT=9090 | ||
The console service port | ||
.IP REGISTRYIMAGE=openshift/origin-docker-registry | ||
The registry container image | ||
.IP MASTERIMAGE=openshift/origin | ||
The master container image | ||
.IP CONSOLEIMAGE=cockpit/kubernetes | ||
The console container image | ||
.IP REGISTRYTAG=latest | ||
The registry container tag | ||
.IP MASTERTAG=latest | ||
The master container tag | ||
.IP CONSOLETAG=latest | ||
The console container tag | ||
|
||
.SH EXAMPLES | ||
.B Install | ||
using custom hostname and default images, tags and ports | ||
.RS | ||
sudo atomic install projectatomic/atomic-registry-install registry.example.com | ||
.RE | ||
|
||
.B Install, | ||
overriding default ports and tags | ||
.RS | ||
sudo REGISTRYPORT=443 CONSOLEPORT=8080 MASTERTAG=v1.3.0-alpha.1 REGISTRYTAG=v1.3.0-alpha.1 atomic install projectatomic/atomic-registry-install | ||
.RE | ||
|
||
.B Uninstall, | ||
removing configuration and datastore. This is a | ||
.B "destructive uninstall. All data will be lost." | ||
.RS | ||
sudo atomic uninstall projectatomic/atomic-registry-install --remove-data | ||
.RE | ||
|
||
.SH SEE ALSO | ||
atomic-install(1), atomic-uninstall(1), docker(1) | ||
.SH AUTHOR | ||
Aaron Weitekamp (aweiteka@redhat.com) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,66 +1,114 @@ | ||
#!/bin/bash | ||
|
||
INSTALL_HOST=${1:-`hostname`} | ||
echo "Installing using hostname ${INSTALL_HOST}" | ||
|
||
# write out configuration | ||
openshift start master --write-config /etc/atomic-registry/master \ | ||
--etcd-dir /var/lib/atomic-registry/etcd \ | ||
--public-master ${INSTALL_HOST} \ | ||
--master https://localhost:8443 | ||
|
||
echo "Copy files to host" | ||
|
||
set -x | ||
mkdir -p /etc/atomic-registry/master/site | ||
mkdir -p /etc/atomic-registry/registry | ||
mkdir -p /etc/atomic-registry/serviceaccount | ||
mkdir -p /host/var/lib/atomic-registry/registry | ||
|
||
cp /exports/unit_files/* /host/etc/systemd/system/ | ||
cp /exports/config/* /host/etc/sysconfig/ | ||
cp /exports/oauthclient.yaml /etc/atomic-registry/master/ | ||
cp /exports/setup-atomic-registry.sh /host/var/run/ | ||
cp /exports/registry-login-template.html /host/etc/atomic-registry/master/site/ | ||
|
||
chown -R 1001:root /host/var/lib/atomic-registry/registry | ||
chown -R 1001:root /etc/atomic-registry/registry | ||
|
||
set +x | ||
echo "Add serviceaccount token and certificate to registry configuration" | ||
ln /etc/atomic-registry/master/ca.crt /etc/atomic-registry/serviceaccount/ca.crt | ||
echo "default" >> /etc/atomic-registry/serviceaccount/namespace | ||
echo "This directory stores the service account token, namespace text file and certificate to enable the registry to connect to the API master." \ | ||
>> /etc/atomic-registry/serviceaccount/README | ||
cat /etc/atomic-registry/master/ca.crt > /etc/atomic-registry/serviceaccount/service-ca.crt | ||
cat /etc/atomic-registry/master/service-signer.crt >> /etc/atomic-registry/serviceaccount/service-ca.crt | ||
|
||
echo "This directory stores the docker/distribution registry configuration file. To secure the service add TLS certificates here and reference them as environment variables." \ | ||
>> /etc/atomic-registry/registry/README | ||
echo "This directory stores configuration and certificates for the API master." \ | ||
>> /etc/atomic-registry/master/README | ||
|
||
set -x | ||
|
||
# add OpenShift API master URL to web console env file | ||
echo "OPENSHIFT_OAUTH_PROVIDER_URL=https://${INSTALL_HOST}:8443" >> /host/etc/sysconfig/atomic-registry-console | ||
echo "REGISTRY_HOST=${INSTALL_HOST}:5000" >> /host/etc/sysconfig/atomic-registry-console | ||
# generate random secret for multi-registry shared storage deployment | ||
echo "REGISTRY_HTTP_SECRET=$(head -c 64 /dev/urandom | base64 -w0)" >> /host/etc/sysconfig/atomic-registry | ||
echo "DOCKER_REGISTRY_SERVICE_HOST=${INSTALL_HOST}" >> /host/etc/sysconfig/atomic-registry | ||
|
||
# load updated systemd unit files | ||
chroot /host systemctl daemon-reload | ||
|
||
set +x | ||
|
||
echo "Updating login template" | ||
sed -i 's/ templates: null$/ templates:\n login: site\/registry-login-template.html/' /etc/atomic-registry/master/master-config.yaml | ||
|
||
echo "Optionally edit configuration file authentication /etc/atomic-registry/master/master-config.yaml," | ||
echo "and/or add certificates to /etc/atomic-registry/master," | ||
echo "then enable and start services:" | ||
echo " sudo systemctl enable --now atomic-registry-master.service" | ||
echo "Once all 3 containers are running (docker ps), run the setup script" | ||
echo "(you can run it again if it is run early and fails)" | ||
echo " sudo /var/run/setup-atomic-registry.sh ${INSTALL_HOST}" | ||
set -o errexit | ||
set -o nounset | ||
set -o pipefail | ||
|
||
installhost="${1:-"$(hostname)"}" | ||
|
||
# Defaults | ||
REGISTRYPORT="${REGISTRYPORT:-5000}" | ||
MASTERPORT="${MASTERPORT:-8443}" | ||
CONSOLEPORT="${CONSOLEPORT:-9090}" | ||
REGISTRYIMAGE="${REGISTRYIMAGE:-openshift/origin-docker-registry}" | ||
MASTERIMAGE="${MASTERIMAGE:-openshift/origin}" | ||
CONSOLEIMAGE="${CONSOLEIMAGE:-cockpit/kubernetes}" | ||
REGISTRYTAG="${REGISTRYTAG:-latest}" | ||
MASTERTAG="${MASTERTAG:-latest}" | ||
CONSOLETAG="${CONSOLETAG:-latest}" | ||
|
||
echo "Installing using hostname ${installhost}" | ||
|
||
function write_config() { | ||
openshift start master --write-config=/etc/atomic-registry/master \ | ||
--etcd-dir=/var/lib/atomic-registry/etcd \ | ||
--public-master="${installhost}:${MASTERPORT}" \ | ||
--master="https://localhost:${MASTERPORT}" \ | ||
--listen="https://0.0.0.0:${MASTERPORT}" \ | ||
--cors-allowed-origins="${installhost}:${CONSOLEPORT}" | ||
} | ||
|
||
function copy_files_to_host() { | ||
echo "Copy files to host" | ||
|
||
set -x | ||
mkdir -p /etc/atomic-registry/master/site | ||
mkdir -p /etc/atomic-registry/registry | ||
mkdir -p /etc/atomic-registry/serviceaccount | ||
mkdir -p /host/var/lib/atomic-registry/registry | ||
|
||
cp /exports/unit_files/* /host/etc/systemd/system/ | ||
cp /exports/config/* /host/etc/sysconfig/ | ||
cp /exports/oauthclient.yaml /etc/atomic-registry/master/ | ||
cp /exports/setup-atomic-registry.sh /host/var/run/ | ||
cp /exports/registry-login-template.html /host/etc/atomic-registry/master/site/ | ||
|
||
chown -R 1001:root /host/var/lib/atomic-registry/registry | ||
chown -R 1001:root /etc/atomic-registry/registry | ||
|
||
set +x | ||
echo "Add serviceaccount token and certificate to registry configuration" | ||
ln /etc/atomic-registry/master/ca.crt /etc/atomic-registry/serviceaccount/ca.crt | ||
echo "default" >> /etc/atomic-registry/serviceaccount/namespace | ||
echo "This directory stores the service account token, namespace text file and certificate to enable the registry to connect to the API master." \ | ||
>> /etc/atomic-registry/serviceaccount/README | ||
cat /etc/atomic-registry/master/ca.crt > /etc/atomic-registry/serviceaccount/service-ca.crt | ||
cat /etc/atomic-registry/master/service-signer.crt >> /etc/atomic-registry/serviceaccount/service-ca.crt | ||
|
||
echo "This directory stores the docker/distribution registry configuration file. To secure the service add TLS certificates here and reference them as environment variables." \ | ||
>> /etc/atomic-registry/registry/README | ||
echo "This directory stores configuration and certificates for the API master." \ | ||
>> /etc/atomic-registry/master/README | ||
} | ||
|
||
function customize_config() { | ||
echo "Update custom ports, images and tags" | ||
|
||
echo "REGISTRY_HTTP_SECRET=$(head -c 64 /dev/urandom | base64 -w0)" >> /host/etc/sysconfig/atomic-registry | ||
|
||
sed -i "s/8443/${MASTERPORT}/g" /host/etc/sysconfig/atomic-registry | ||
|
||
echo "OPENSHIFT_OAUTH_PROVIDER_URL=https://${installhost}:${MASTERPORT}" >> /host/etc/sysconfig/atomic-registry-console | ||
echo "REGISTRY_HOST=${installhost}:${REGISTRYPORT}" >> /host/etc/sysconfig/atomic-registry-console | ||
echo "DOCKER_REGISTRY_SERVICE_PORT=${REGISTRYPORT}" >> /host/etc/sysconfig/atomic-registry | ||
echo "REGISTRY_HTTP_ADDR=:${REGISTRYPORT}" >> /host/etc/sysconfig/atomic-registry | ||
echo "REGISTRYPORT=${REGISTRYPORT}" >> /host/etc/sysconfig/atomic-registry | ||
echo "REGISTRYIMAGE=${REGISTRYIMAGE}" >> /host/etc/sysconfig/atomic-registry | ||
echo "REGISTRYTAG=${REGISTRYTAG}" >> /host/etc/sysconfig/atomic-registry | ||
echo "KUBERNETES_SERVICE_HOST=${installhost}" >> /host/etc/sysconfig/atomic-registry | ||
echo "KUBERNETES_SERVICE_PORT=${MASTERPORT}" >> /host/etc/sysconfig/atomic-registry | ||
echo "MASTERPORT=${MASTERPORT}" >> /host/etc/sysconfig/atomic-registry-master | ||
echo "MASTERIMAGE=${MASTERIMAGE}" >> /host/etc/sysconfig/atomic-registry-master | ||
echo "MASTERTAG=${MASTERTAG}" >> /host/etc/sysconfig/atomic-registry-master | ||
echo "CONSOLEPORT=${CONSOLEPORT}" >> /host/etc/sysconfig/atomic-registry-console | ||
echo "CONSOLEIMAGE=${CONSOLEIMAGE}" >> /host/etc/sysconfig/atomic-registry-console | ||
echo "CONSOLETAG=${CONSOLETAG}" >> /host/etc/sysconfig/atomic-registry-console | ||
echo "KUBERNETES_SERVICE_HOST=${installhost}" >> /host/etc/sysconfig/atomic-registry-console | ||
echo "KUBERNETES_SERVICE_PORT=${MASTERPORT}" >> /host/etc/sysconfig/atomic-registry-console | ||
|
||
echo "Updating login template" | ||
sed -i 's/ templates: null$/ templates:\n login: site\/registry-login-template.html/' /host/etc/atomic-registry/master/master-config.yaml | ||
|
||
echo "Files updated" | ||
for file in /host/etc/sysconfig/atomic*; do | ||
echo $'\t'"${file}:" | ||
cat "${file}" | ||
echo | ||
done | ||
chroot /host systemctl daemon-reload | ||
} | ||
|
||
function print_next_steps() { | ||
echo "Optionally edit configuration file authentication /etc/atomic-registry/master/master-config.yaml," | ||
echo "and/or add certificates to /etc/atomic-registry/master," | ||
echo "then enable and start services:" | ||
echo " sudo systemctl enable --now atomic-registry-master.service" | ||
echo "Once all 3 containers are running (docker ps), run the setup script" | ||
echo "(you can run it again if it is run early and fails)" | ||
echo " sudo /var/run/setup-atomic-registry.sh" | ||
} | ||
|
||
write_config | ||
copy_files_to_host | ||
customize_config | ||
print_next_steps |
9 changes: 4 additions & 5 deletions
9
examples/atomic-registry/systemd/services/config/atomic-registry
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,14 +1,13 @@ | ||
REGISTRY_HTTP_ADDR=:5000 | ||
REGISTRY_HTTP_NET=tcp | ||
KUBERNETES_SERVICE_PORT=8443 | ||
KUBERNETES_SERVICE_HOST=localhost | ||
KUBERNETES_PORT_8443_TCP_PROTO=tcp | ||
KUBERNETES_SERVICE_PORT_HTTPS=8443 | ||
KUBERNETES_PORT_8443_TCP_ADDR=localhost | ||
KUBERNETES_PORT_8443_TCP=tcp://localhost:8443 | ||
REGISTRY_MIDDLEWARE_REPOSITORY_OPENSHIFT_ENFORCEQUOTA=false | ||
DOCKER_REGISTRY_SERVICE_PORT=5000 | ||
|
||
# To secure the registry, drop the certificates here, uncomment and restart service | ||
## | ||
# To secure the registry, copy the certificates to these paths, uncomment and restart service | ||
## | ||
#REGISTRY_HTTP_TLS_CERTIFICATE=/etc/atomic-registry/registry/registry.crt | ||
#REGISTRY_HTTP_TLS_KEY=/etc/atomic-registry/registry/registry.key | ||
|
4 changes: 2 additions & 2 deletions
4
examples/atomic-registry/systemd/services/config/atomic-registry-console
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,7 +1,7 @@ | ||
# Uncomment to enable debug messages | ||
#G_MESSAGES_DEBUG=cockpit-ws,cockpit-wrapper,cockpit-bridge | ||
KUBERNETES_SERVICE_HOST=localhost | ||
KUBERNETES_SERVICE_PORT=8443 | ||
REGISTRY_ONLY=true | ||
OPENSHIFT_OAUTH_CLIENT_ID=cockpit-oauth-client | ||
|
||
# Set to false to use your own SSL certificates | ||
KUBERNETES_INSECURE=true |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters