- Overview
- Prerequisites
- Installation Steps
- 1. Sign into your bastion host and become root of the host
- 2. Clone installation GIT repository on the bastion host
- 3. Obtain your openshift master hostname using the following command
- 4. Create the inventory hosts file
- 5. Check the connection with the OpenShift cluster
- 6. Create GitHub OAuth to enable GitHub authorization
- 7. Install all products from a single playbook
- 8. Run the playbook
- 9. Add the generated Authorization callback URL to GitHub OAuth
- 10.Add backup jobs (Optional not needed for dev)
- 11. Check the installation
- Uninstalling Integreatly
- Troubleshooting
The purpose of this repository is to provide a set of Ansible playbooks that can be used to install a range of Red Hat middleware products & other projects via Ansible Tower on openshift.
These products include:
-
Single Sign On
-
Managed Services Broker
-
EnMasse
-
Eclipse Che
-
Launcher
-
3Scale
-
Fuse
-
Gitea
-
Apicurito
-
Nexus
-
Datasync
-
Unified push
-
Mobile developer console
-
AMQ streams
Requirement |
Version |
Ansible |
>= v2.6 |
Openshift Container Platform |
>= v3.10 |
Openshift CLI (OC) |
>= v3.10 |
|
|
The following will provide information on how to install Integreatly on a openshift cluster via an bastion host.
ssh -i /path/ocpkey.pem ec2-user@bastion.NAME-GUID.openshiftworkshop.com
sudo -i
git clone https://github.com/integr8ly/installation.git
NOTE: This hostname will be needed in a following step to allow connection to your cluster
oc get nodes
-
Create the host file based on the template(
../inventories/hosts.default
) located in the inventories directory.cp inventories/hosts.template inventories/hosts
-
Update the hosts file master field with the master hostname from the previous step.
~/installation/inventories/hosts [local:vars] ansible_connection=local run_master_tasks=true [local] 127.0.0.1 [OSEv3:children] master [OSEv3:vars] ansible_user=ec2-user [master] 127.0.0.1
Run the following command to verify the connection to the OpenShift cluster.
ansible -m ping all
Output:
ansible -m ping all
master.example.openshiftworkshop.com | SUCCESS => {
"changed": false,
"ping": "pong"
}
-
Login into GitHub
-
Go to
Settings >> Developer Settings >> New OAuth App
. -
Add the following fields values
Table 2. Fields values descriptions Field
Value
Application Name
Any value
Home Page URL
Authorization callback URL
❗The callback URL is a placeholder for now and will be changed after the installation playbook is finished. -
Click on
Register Application
-
The values found in GitHub OAuth App,
Client ID
andClient Secret
, will be needed in the next step to install Integreatly.
All products can be installed using the install.yml playbook located in the playbooks/ directory.
Before running the installer, please consider the following variables:
Variable |
Description |
eval_self_signed_certs |
Whether the OpenShift cluster uses self-signed certs or not. Defaults to |
eval_threescale_enable_wildcard_route |
Whether 3Scale enables wildcard routing. Defaults to |
github_client_id |
GitHub OAuth client ID to enable GitHub authorization for Launcher. If not defined, GitHub authorization for Launcher will be disabled |
github_client_secret |
GitHub OAuth client secret to enable GitHub authorization for Launcher. If not defined, GitHub authorization for Launcher will be disabled |
prerequisites_install |
Boolean var that skips the installation of system wide tools/packages that are required by the installer if set to false (needs to be set to false when running the installer in a linux container). Defaults to |
Some products can be excluded from the install by setting a var. For example, setting gitea=false
will not install gitea. Installation of individual products will not be a supported installation method with this repo. You can however write your own playbook to execute specific roles & tasks as needed.
By default Mobile Developer Services will not be installed. In order to install these services, consider the following variables.
Variable |
Description |
Default Value |
mobile_security_service |
Whether Mobile Security Service will be installed or not |
|
mdc |
Whether Mobile Developer Console will be installed or not |
|
ups |
Whether Mobile Unified Push Server will be installed or not |
|
datasync |
Whether DataSync components will be installed or not |
|
ansible-playbook -i inventories/hosts playbooks/install.yml -e github_client_id=<your_client-id> -e github_client_secret=<your_client_secret>
The following flag can be used if self signed certs are used.
-e eval_self_signed_certs=true
💡
|
The following command installs Integreatly without GitHub authorization for Launcher. $ ansible-playbook -i inventories/hosts playbooks/install.yml |
Replace the authorization callback URL previously containing a temporary localhost value with the output of the installation seen below.
TASK [debug] *************************************************************************************************************************************************************************************************
ok: [127.0.0.1] => {
"msg": "All services have been provisioned successfully. Please add 'https://launcher-sso-launcher.apps.example.openshiftworkshop.com/auth/realms/launcher_realm/broker/github/endpoint' as the Authorization callback URL of your GitHub OAuth Application."
}
NOTE: Needs to be used in an existing integreatly cluster.
NOTE: Requires an existing s3 secret s3-credentials
in the backup namespace.
Sample command:
ansible-playbook \
-i inventories/host \
-e 'backup_schedule="30 2 * * *"' \
-e 'backup_namespace=openshift-integreatly-backups' \
playbooks/install_backups.yml
Parameters:
Variable |
Description |
Default |
backup_version |
backup-container-image tag version |
defaults to the most recent backup-container-image tag |
backup_resources_location |
http url to download openshift cronjob template file(s) |
|
backup_image |
backup image name to use (is used together with backup_version var) |
|
backup_schedule |
the cronjob schedule for all jobs - NOTE: always encapsulate the value in quotes, example: |
|
backup_namespace |
backup namespace name to add all cronjobs |
|
❗
|
Once the installation has finished you will no longer be able to login via the Openshift console or oc cli as the admin if there is an sso redirect in place. The new admin user is admin@example.com password is Password1
|
The URL for the solution explorer is https://tutorial-web-app-webapp.apps.<domain>/
For example, if the master url is https://master.example.openshiftworkshop.com/
, the web app is available at https://tutorial-web-app-webapp.apps.example.openshiftworkshop.com/
.
💡
|
The project Webapp is responsible for the solution explorer. You can find the URL looking for the router created for this project. |
❗
|
The default login credentials are admin@example.com / Password1
|
Run the uninstall.yml playbook from the root of the repository:
$ ansible-playbook -i inventories/hosts playbooks/uninstall.yml
By default this will delete all user-created namespaces as well, if you wish to keep these namespaces then add the following flag:
-e keep_namespaces=true
The issue means that python version used by Ansible has not this required module. In order to fix it is required to install the missing module. Following the command to install it via pip
.
$ pip install jmespath
ℹ️
|
The module need to be installed in the same version of python used by Ansible. Use the command $ ansible --version to check this path.
|
The issue means that python version used by Ansible has not this required module. In order to fix it is required to install the missing module. Following the command to install it via pip
.
$ pip install jsonpointer
Also, you might need to use the varible ansible_python_interpreter
in the host file to fix it, for example:
[local:vars]
ansible_connection=local
ansible_python_interpreter=python
💡
|
The module need to be installed in the same version of python used by Ansible. Use the command $ ansible --version to check this path.
|
If your cluster is using a self signed (non CA) certificate, there are a couple of things that needs to be noted.
-
Che will only allow the creation of one workspace when self signed certificates are used.
-
When a workspace is created, the following errors may appear on the workspace:
Connection failed with terminal Some error happened with terminal WebSocket connection
Failed to import project
-
In order to solve these issues, you will need to accept the certs for all the routes that was created for that workspace. These routes are listed in the workspace deployment within the Che namespace.