Installing Integreatly

Table of Contents

• Overview
  • Prerequisites
  • Installation Steps
    • 1. Sign into your bastion host and become root of the host
    • 2. Clone installation GIT repository on the bastion host
    • 3. Obtain your openshift master hostname using the following command
    • 4. Create the inventory hosts file
    • 5. Check the connection with the OpenShift cluster
    • 6. Create GitHub OAuth to enable GitHub authorization
    • 7. Install all products from a single playbook
    • 8. Run the playbook
    • 9. Add the generated Authorization callback URL to GitHub OAuth
    • 10.Add backup jobs (Optional not needed for dev)
    • 11. Check the installation
  • Uninstalling Integreatly
  • Troubleshooting
    • Self Signed Certs with Che

Overview

The purpose of this repository is to provide a set of Ansible playbooks that can be used to install a range of Red Hat middleware products & other projects via Ansible Tower on openshift.

These products include:

• Single Sign On

• Managed Services Broker

• EnMasse

• Eclipse Che

• Launcher

• 3Scale

• Fuse

• Gitea

• Apicurito

• Nexus

• Datasync

• Unified push

• Mobile developer console

• AMQ streams

Prerequisites

Table 1. Prerequisites

Requirement	Version
Ansible	>= v2.6
Openshift Container Platform	>= v3.10
Openshift CLI (OC)	>= v3.10

⚠️	SSH Access to Openshift master(s) Cluster administrator permissions The ssh user defined in the inventory, ansible_user, needs have sudo permission

Installation Steps

The following will provide information on how to install Integreatly on a openshift cluster via an bastion host.

1. Sign into your bastion host and become root of the host

ssh -i /path/ocpkey.pem ec2-user@bastion.NAME-GUID.openshiftworkshop.com

sudo -i

2. Clone installation GIT repository on the bastion host

git clone https://github.com/integr8ly/installation.git

3. Obtain your openshift master hostname using the following command

NOTE: This hostname will be needed in a following step to allow connection to your cluster

oc get nodes

4. Create the inventory hosts file

1. Create the host file based on the template(../inventories/hosts.default) located in the inventories directory.

   cp inventories/hosts.template inventories/hosts

2. Update the hosts file master field with the master hostname from the previous step.

   ~/installation/inventories/hosts
   
   [local:vars]
   ansible_connection=local
   
   run_master_tasks=true
   
   [local]
   127.0.0.1
   
   [OSEv3:children]
   master
   
   [OSEv3:vars]
   ansible_user=ec2-user
   
   [master]
   127.0.0.1

5. Check the connection with the OpenShift cluster

Run the following command to verify the connection to the OpenShift cluster.

ansible -m ping all

Output:

ansible -m ping all
master.example.openshiftworkshop.com | SUCCESS => {
    "changed": false,
    "ping": "pong"
}

6. Create GitHub OAuth to enable GitHub authorization

1. Login into GitHub

2. Go to Settings >> Developer Settings >> New OAuth App.

   

3. Add the following fields values

   Table 2. Fields values descriptions

   Field	Value
   Application Name	Any value
   Home Page URL	http://localhost
   Authorization callback URL	http://localhost

   ❗	The callback URL is a placeholder for now and will be changed after the installation playbook is finished.

4. Click on Register Application

5. The values found in GitHub OAuth App, Client ID and Client Secret, will be needed in the next step to install Integreatly.

7. Install all products from a single playbook

All products can be installed using the install.yml playbook located in the playbooks/ directory.

Before running the installer, please consider the following variables:

Table 3. Install playbook variables

Variable	Description
eval_self_signed_certs	Whether the OpenShift cluster uses self-signed certs or not. Defaults to false
eval_threescale_enable_wildcard_route	Whether 3Scale enables wildcard routing. Defaults to false
github_client_id	GitHub OAuth client ID to enable GitHub authorization for Launcher. If not defined, GitHub authorization for Launcher will be disabled
github_client_secret	GitHub OAuth client secret to enable GitHub authorization for Launcher. If not defined, GitHub authorization for Launcher will be disabled
prerequisites_install	Boolean var that skips the installation of system wide tools/packages that are required by the installer if set to false (needs to be set to false when running the installer in a linux container). Defaults to true.

Some products can be excluded from the install by setting a var. For example, setting gitea=false will not install gitea. Installation of individual products will not be a supported installation method with this repo. You can however write your own playbook to execute specific roles & tasks as needed.

By default Mobile Developer Services will not be installed. In order to install these services, consider the following variables.

Table 4. Install Mobile Developer Services

Variable	Description	Default Value
mobile_security_service	Whether Mobile Security Service will be installed or not	true
mdc	Whether Mobile Developer Console will be installed or not	true
ups	Whether Mobile Unified Push Server will be installed or not	true
datasync	Whether DataSync components will be installed or not	true

8. Run the playbook

 ansible-playbook -i inventories/hosts playbooks/install.yml -e github_client_id=<your_client-id> -e github_client_secret=<your_client_secret>

The following flag can be used if self signed certs are used.

-e eval_self_signed_certs=true

💡	The following command installs Integreatly without GitHub authorization for Launcher. $ ansible-playbook -i inventories/hosts playbooks/install.yml

9. Add the generated Authorization callback URL to GitHub OAuth

Replace the authorization callback URL previously containing a temporary localhost value with the output of the installation seen below.

TASK [debug] *************************************************************************************************************************************************************************************************
ok: [127.0.0.1] => {
    "msg": "All services have been provisioned successfully. Please add 'https://launcher-sso-launcher.apps.example.openshiftworkshop.com/auth/realms/launcher_realm/broker/github/endpoint' as the Authorization callback URL of your GitHub OAuth Application."
}

10.Add backup jobs (Optional not needed for dev)

NOTE: Needs to be used in an existing integreatly cluster.

NOTE: Requires an existing s3 secret s3-credentials in the backup namespace.

Sample command:

ansible-playbook \
-i inventories/host \
-e 'backup_schedule="30 2 * * *"' \
-e 'backup_namespace=openshift-integreatly-backups' \
playbooks/install_backups.yml

Parameters:

Variable	Description	Default
backup_version	backup-container-image tag version	defaults to the most recent backup-container-image tag
backup_resources_location	http url to download openshift cronjob template file(s)	https://raw.githubusercontent.com/integr8ly/backup-container-image/{{ backup_version }}/templates/openshift
backup_image	backup image name to use (is used together with backup_version var)	quay.io/integreatly/backup-container:{{ backup_version }}
backup_schedule	the cronjob schedule for all jobs - NOTE: always encapsulate the value in quotes, example: -e 'backup_schedule="30 2 * * *"'	30 2 * * *
backup_namespace	backup namespace name to add all cronjobs	openshift-integreatly-backups

11. Check the installation

❗	Once the installation has finished you will no longer be able to login via the Openshift console or oc cli as the admin if there is an sso redirect in place. The new admin user is admin@example.com password is Password1

The URL for the solution explorer is https://tutorial-web-app-webapp.apps.<domain>/ For example, if the master url is https://master.example.openshiftworkshop.com/, the web app is available at https://tutorial-web-app-webapp.apps.example.openshiftworkshop.com/.

💡	The project Webapp is responsible for the solution explorer. You can find the URL looking for the router created for this project.

❗	The default login credentials are admin@example.com / Password1

Uninstalling Integreatly

Run the uninstall.yml playbook from the root of the repository:

$ ansible-playbook -i inventories/hosts playbooks/uninstall.yml

By default this will delete all user-created namespaces as well, if you wish to keep these namespaces then add the following flag:

-e keep_namespaces=true

Troubleshooting

Message "You need to install \"jmespath\" prior to running json_query filter" is shown when the installation fails

The issue means that python version used by Ansible has not this required module. In order to fix it is required to install the missing module. Following the command to install it via pip.

$ pip install jmespath

ℹ️	The module need to be installed in the same version of python used by Ansible. Use the command $ ansible --version to check this path.

Message "jsonpointer module is not available" is shown when the installation fails

The issue means that python version used by Ansible has not this required module. In order to fix it is required to install the missing module. Following the command to install it via pip.

$ pip install jsonpointer

Also, you might need to use the varible ansible_python_interpreter in the host file to fix it, for example:

[local:vars]
ansible_connection=local
ansible_python_interpreter=python

💡	The module need to be installed in the same version of python used by Ansible. Use the command $ ansible --version to check this path.

Self Signed Certs with Che

If your cluster is using a self signed (non CA) certificate, there are a couple of things that needs to be noted.

• Che will only allow the creation of one workspace when self signed certificates are used.

• When a workspace is created, the following errors may appear on the workspace:

Connection failed with terminal
Some error happened with terminal WebSocket connection

Failed to import project

• In order to solve these issues, you will need to accept the certs for all the routes that was created for that workspace. These routes are listed in the workspace deployment within the Che namespace.