forked from codecentric/springboot-sample-app
-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathocp-setup.sh
executable file
·182 lines (159 loc) · 5.81 KB
/
ocp-setup.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
#!/bin/bash
# TODO: Think about using dictonary to store possible arguments
#declare -A args
declare ocp_cluster_url
declare ocp_token
declare app_name
declare git_user
declare git_pass
# Capture named arguments for later use
for ((i=1;i<=$#;i++));
do
if [ ${!i} = "--help" ] || [ ${!i} = "-h" ];
then
# Print out required arguments
echo "Required arguments for ocp-project-setup: ";
echo "--ocp-cluster-url URL of the target OpenShift cluster";
echo "--ocp-token Token used for login to OpenShift cluster";
echo "--app-name Name of the application to use as a prefix for all generated OpenShift projects";
echo "--git-user Username of git account to be stored as a secret in the generated develop project";
echo "--git-pass Password of git account to be stored as a secret in the generated develop project";
# Exit the script
exit 0;
elif [ ${!i} = "--ocp-cluster-url" ];
then ((i++))
ocp_cluster_url=${!i};
elif [ ${!i} = "--ocp-token" ];
then ((i++))
ocp_token=${!i};
elif [ ${!i} = "--app-name" ];
then ((i++))
app_name=${!i};
elif [ ${!i} = "--git-user" ];
then ((i++))
git_user=${!i};
elif [ ${!i} = "--git-pass" ];
then ((i++))
git_pass=${!i};
fi
done;
# Ensure that all required arguments are present
if [ -z "$ocp_cluster_url" ] || \
[ -z "$ocp_token" ] || \
[ -z "$app_name" ] || \
[ -z "$git_user" ] || \
[ -z "$git_pass" ];
then
echo "Not all required arguments are present.";
echo "Required arguments for ocp-project-setup: ";
echo "--ocp-cluster-url URL of the target OpenShift cluster";
echo "--ocp-token Token used for login to OpenShift cluster";
echo "--app-name Name of the application to use as a prefix for all generated OpenShift projects";
echo "--git-user Username of git account to be stored as a secret in the generated develop project";
echo "--git-pass Password of git account to be stored as a secret in the generated develop project";
echo "Exiting..."
exit 1;
fi
# Log into OpenShift cluster.
# echo
# echo "What is your OpenShift token?"
# echo -n
# read TOKEN
oc login $ocp_cluster_url --token=$ocp_token
# echo
# echo "What name would you like to preface your projects?"
# echo "(i.e. ____-dev, ____-int, ____-stress, etc.)"
# echo -n
# read app_name
# Create new projects for each stage of the pipeline.
# Development, integration, UAT, stress, production.
echo
echo ================================================
echo
echo "Creating new projects in OpenShift..."
echo
echo ================================================
echo
oc new-project $app_name-develop
oc new-project $app_name-integration
oc new-project $app_name-uat
oc new-project $app_name-stress
oc new-project $app_name-prod
# Create cicd service account for Jenkins.
echo
echo ================================================
echo
echo "Creating cicd service account for Jenkins..."
echo
echo ================================================
echo
oc project $app_name-develop
oc create serviceaccount cicd
# Give edit access to service account in each projectUAT
echo
echo ================================================
echo
echo "Giving edit access to cicd service account..."
echo
echo ================================================
echo
oc policy add-role-to-user edit system:serviceaccount:$app_name-develop:cicd -n $app_name-develop
oc policy add-role-to-user edit system:serviceaccount:$app_name-develop:cicd -n $app_name-integration
oc policy add-role-to-user edit system:serviceaccount:$app_name-develop:cicd -n $app_name-uat
oc policy add-role-to-user edit system:serviceaccount:$app_name-develop:cicd -n $app_name-stress
oc policy add-role-to-user edit system:serviceaccount:$app_name-develop:cicd -n $app_name-prod
oc policy add-role-to-user self-provisioner system:serviceaccount:$app_name-develop:cicd
# Give image-pulling role to service account
# to pull images from development project
echo
echo ================================================
echo
echo "Giving image-puller access to cicd service account..."
echo
echo ================================================
echo
oc policy add-role-to-group system:image-puller system:serviceaccounts:$app_name-integration -n $app_name-develop
oc policy add-role-to-group system:image-puller system:serviceaccounts:$app_name-uat -n $app_name-integration
oc policy add-role-to-group system:image-puller system:serviceaccounts:$app_name-stress -n $app_name-uat
oc policy add-role-to-group system:image-puller system:serviceaccounts:$app_name-prod -n $app_name-stress
# Create gitsecret for dev project.
echo
echo ================================================
echo
echo "Creating git secret for dev project..."
echo
echo ================================================
echo
# echo -n "What is your TFS username? "
# read GIT_USERNAME
# echo -n "What is your TFS password? "
# read GIT_PASSWORD
oc project $app_name-develop
oc secrets new-basicauth gitsecret --username=$git_user --password=$git_pass
# TODO add application label to secret
# oc label secret gitsecret applicationName=cipe
# In order to use this within your Jenkins pipeline,
# you will need to retrieve the service account's token
# and place it in your Jenkinsfile for authTokenDev.
echo
echo ================================================
echo
echo "Retrieving auth token for service account..."
echo
echo ================================================
echo
oc project $app_name-develop
declare ocp_sa_token=`oc serviceaccounts get-token cicd`
echo
echo ================================================
echo
echo "Additional changes are required in your Jenkinsfile."
echo
echo "Please enter this auth token in your Jenkinsfile."
echo "-- authTokenDev = $ocp_sa_token"
echo
echo "Make sure to change the project names as well."
echo "Your dev project will be $app_name-develop, etc."
echo
echo ================================================
echo