Merge pull request #10706 from aweiteka/ar-install-port-config

refactor AR install to support params, plus help manpage

Author: danmcp

examples/atomic-registry/Makefile

@@ -21,8 +21,11 @@ install-atomic:
 install-systemd:
 	atomic install $(TEST_IMAGE) $(INSTALLHOST)
 	systemctl enable --now atomic-registry-master.service
-	sleep 10
-	/var/run/setup-atomic-registry.sh $(INSTALLHOST)
+	while ! /bin/curl -kfLs https://localhost:8443/healthz; do \
+	    /bin/sleep 1; \
+	    echo -n '.'; \
+	done
+	/var/run/setup-atomic-registry.sh
 
 install-allinone:
 	atomic install $(TEST_IMAGE) $(INSTALLHOST)

examples/atomic-registry/systemd/Dockerfile

@@ -12,6 +12,15 @@ LABEL name="projectatomic/atomic-registry-install" \
                 -v /etc/atomic-registry/:/etc/atomic-registry/ \
                 -v /var/lib/atomic-registry/:/var/lib/atomic-registry/ \
                 -v /:/host \
+                -e REGISTRYPORT \
+                -e MASTERPORT \
+                -e CONSOLEPORT \
+                -e REGISTRYIMAGE \
+                -e MASTERIMAGE \
+                -e CONSOLEIMAGE \
+                -e REGISTRYTAG \
+                -e MASTERTAG \
+                -e CONSOLETAG \
                 --entrypoint /usr/bin/install.sh \
                 $IMAGE' \
       UNINSTALL='docker run -i --rm \
@@ -20,5 +29,6 @@ LABEL name="projectatomic/atomic-registry-install" \
                 --entrypoint /usr/bin/uninstall.sh \
                 $IMAGE'
 
+ADD help.1 /
 ADD services/ templates/ setup-atomic-registry.sh /exports/
 ADD install.sh uninstall.sh /usr/bin/

examples/atomic-registry/systemd/help.1

@@ -0,0 +1,65 @@
+.\" Manpage for atomic-registry-install.
+.TH man 8 "17 Aug 2016" "0.1" "atomic-registry-install man page"
+.SH NAME
+atomic-registry-install \- Atomic Registry installer image
+.SH SYNOPSIS
+atomic install projectatomic/atomic-registry-install [HOSTNAME]
+.PP
+atomic uninstall projectatomic/atomic-registry-install [--remove-data]
+.SH DESCRIPTION
+A container-based installation of Atomic Registry. It installs systemd unit files, configuration and a setup script to deploy atomic registry. It supports overriding image names, tags and ports used for Atomic Registry.
+.SH OPTIONS
+.IP HOSTNAME
+installation hostname. By default the output of `hostname` is used.
+.B install
+only.
+
+.IP --remove-data
+destructively remove all configuration and datastore.
+.B uninstall
+only.
+.SH ENVIRONMENT
+Installation values may be overridden by environment variable. The following variables are passed into the installation container:
+.IP REGISTRYPORT=5000
+The registry service port
+.IP MASTERPORT=8443
+The master service port
+.IP CONSOLEPORT=9090
+The console service port
+.IP REGISTRYIMAGE=openshift/origin-docker-registry
+The registry container image
+.IP MASTERIMAGE=openshift/origin
+The master container image
+.IP CONSOLEIMAGE=cockpit/kubernetes
+The console container image
+.IP REGISTRYTAG=latest
+The registry container tag
+.IP MASTERTAG=latest
+The master container tag
+.IP CONSOLETAG=latest
+The console container tag
+
+.SH EXAMPLES
+.B Install
+using custom hostname and default images, tags and ports
+.RS
+sudo atomic install projectatomic/atomic-registry-install registry.example.com
+.RE
+
+.B Install,
+overriding default ports and tags
+.RS
+sudo REGISTRYPORT=443 CONSOLEPORT=8080 MASTERTAG=v1.3.0-alpha.1 REGISTRYTAG=v1.3.0-alpha.1 atomic install projectatomic/atomic-registry-install
+.RE
+
+.B Uninstall,
+removing configuration and datastore. This is a
+.B "destructive uninstall. All data will be lost."
+.RS
+sudo atomic uninstall projectatomic/atomic-registry-install --remove-data
+.RE
+
+.SH SEE ALSO
+atomic-install(1), atomic-uninstall(1), docker(1)
+.SH AUTHOR
+Aaron Weitekamp ([email protected])

examples/atomic-registry/systemd/install.sh

@@ -1,66 +1,114 @@
 #!/bin/bash
 
-INSTALL_HOST=${1:-`hostname`}
-echo "Installing using hostname ${INSTALL_HOST}"
-
-# write out configuration
-openshift start master --write-config /etc/atomic-registry/master \
-  --etcd-dir /var/lib/atomic-registry/etcd \
-  --public-master ${INSTALL_HOST} \
-  --master https://localhost:8443
-
-echo "Copy files to host"
-
-set -x
-mkdir -p /etc/atomic-registry/master/site
-mkdir -p /etc/atomic-registry/registry
-mkdir -p /etc/atomic-registry/serviceaccount
-mkdir -p /host/var/lib/atomic-registry/registry
-
-cp /exports/unit_files/* /host/etc/systemd/system/
-cp /exports/config/* /host/etc/sysconfig/
-cp /exports/oauthclient.yaml /etc/atomic-registry/master/
-cp /exports/setup-atomic-registry.sh /host/var/run/
-cp /exports/registry-login-template.html /host/etc/atomic-registry/master/site/
-
-chown -R 1001:root /host/var/lib/atomic-registry/registry
-chown -R 1001:root /etc/atomic-registry/registry
-
-set +x
-echo "Add serviceaccount token and certificate to registry configuration"
-ln /etc/atomic-registry/master/ca.crt /etc/atomic-registry/serviceaccount/ca.crt
-echo "default" >> /etc/atomic-registry/serviceaccount/namespace
-echo "This directory stores the service account token, namespace text file and certificate to enable the registry to connect to the API master." \
-    >> /etc/atomic-registry/serviceaccount/README
-cat /etc/atomic-registry/master/ca.crt > /etc/atomic-registry/serviceaccount/service-ca.crt
-cat /etc/atomic-registry/master/service-signer.crt >> /etc/atomic-registry/serviceaccount/service-ca.crt
-
-echo "This directory stores the docker/distribution registry configuration file. To secure the service add TLS certificates here and reference them as environment variables." \
-    >> /etc/atomic-registry/registry/README
-echo "This directory stores configuration and certificates for the API master." \
-    >> /etc/atomic-registry/master/README
-
-set -x
-
-# add OpenShift API master URL to web console env file
-echo "OPENSHIFT_OAUTH_PROVIDER_URL=https://${INSTALL_HOST}:8443" >> /host/etc/sysconfig/atomic-registry-console
-echo "REGISTRY_HOST=${INSTALL_HOST}:5000" >> /host/etc/sysconfig/atomic-registry-console
-# generate random secret for multi-registry shared storage deployment
-echo "REGISTRY_HTTP_SECRET=$(head -c 64 /dev/urandom | base64 -w0)" >> /host/etc/sysconfig/atomic-registry
-echo "DOCKER_REGISTRY_SERVICE_HOST=${INSTALL_HOST}" >> /host/etc/sysconfig/atomic-registry
-
-# load updated systemd unit files
-chroot /host systemctl daemon-reload
-
-set +x
-
-echo "Updating login template"
-sed -i 's/  templates: null$/  templates:\n    login: site\/registry-login-template.html/' /etc/atomic-registry/master/master-config.yaml
-
-echo "Optionally edit configuration file authentication /etc/atomic-registry/master/master-config.yaml,"
-echo "and/or add certificates to /etc/atomic-registry/master,"
-echo "then enable and start services:"
-echo "   sudo systemctl enable --now atomic-registry-master.service"
-echo "Once all 3 containers are running (docker ps), run the setup script"
-echo "(you can run it again if it is run early and fails)"
-echo "   sudo /var/run/setup-atomic-registry.sh ${INSTALL_HOST}"
+set -o errexit
+set -o nounset
+set -o pipefail
+
+installhost="${1:-"$(hostname)"}"
+
+# Defaults
+REGISTRYPORT="${REGISTRYPORT:-5000}"
+MASTERPORT="${MASTERPORT:-8443}"
+CONSOLEPORT="${CONSOLEPORT:-9090}"
+REGISTRYIMAGE="${REGISTRYIMAGE:-openshift/origin-docker-registry}"
+MASTERIMAGE="${MASTERIMAGE:-openshift/origin}"
+CONSOLEIMAGE="${CONSOLEIMAGE:-cockpit/kubernetes}"
+REGISTRYTAG="${REGISTRYTAG:-latest}"
+MASTERTAG="${MASTERTAG:-latest}"
+CONSOLETAG="${CONSOLETAG:-latest}"
+
+echo "Installing using hostname ${installhost}"
+
+function write_config() {
+  openshift start master --write-config=/etc/atomic-registry/master \
+    --etcd-dir=/var/lib/atomic-registry/etcd \
+    --public-master="${installhost}:${MASTERPORT}" \
+    --master="https://localhost:${MASTERPORT}" \
+    --listen="https://0.0.0.0:${MASTERPORT}" \
+    --cors-allowed-origins="${installhost}:${CONSOLEPORT}"
+}
+
+function copy_files_to_host() {
+  echo "Copy files to host"
+
+  set -x
+  mkdir -p /etc/atomic-registry/master/site
+  mkdir -p /etc/atomic-registry/registry
+  mkdir -p /etc/atomic-registry/serviceaccount
+  mkdir -p /host/var/lib/atomic-registry/registry
+
+  cp /exports/unit_files/* /host/etc/systemd/system/
+  cp /exports/config/* /host/etc/sysconfig/
+  cp /exports/oauthclient.yaml /etc/atomic-registry/master/
+  cp /exports/setup-atomic-registry.sh /host/var/run/
+  cp /exports/registry-login-template.html /host/etc/atomic-registry/master/site/
+
+  chown -R 1001:root /host/var/lib/atomic-registry/registry
+  chown -R 1001:root /etc/atomic-registry/registry
+
+  set +x
+  echo "Add serviceaccount token and certificate to registry configuration"
+  ln /etc/atomic-registry/master/ca.crt /etc/atomic-registry/serviceaccount/ca.crt
+  echo "default" >> /etc/atomic-registry/serviceaccount/namespace
+  echo "This directory stores the service account token, namespace text file and certificate to enable the registry to connect to the API master." \
+      >> /etc/atomic-registry/serviceaccount/README
+  cat /etc/atomic-registry/master/ca.crt > /etc/atomic-registry/serviceaccount/service-ca.crt
+  cat /etc/atomic-registry/master/service-signer.crt >> /etc/atomic-registry/serviceaccount/service-ca.crt
+
+  echo "This directory stores the docker/distribution registry configuration file. To secure the service add TLS certificates here and reference them as environment variables." \
+      >> /etc/atomic-registry/registry/README
+  echo "This directory stores configuration and certificates for the API master." \
+      >> /etc/atomic-registry/master/README
+}
+
+function customize_config() {
+  echo "Update custom ports, images and tags"
+
+  echo "REGISTRY_HTTP_SECRET=$(head -c 64 /dev/urandom | base64 -w0)" >> /host/etc/sysconfig/atomic-registry
+
+  sed -i "s/8443/${MASTERPORT}/g" /host/etc/sysconfig/atomic-registry
+
+  echo "OPENSHIFT_OAUTH_PROVIDER_URL=https://${installhost}:${MASTERPORT}" >> /host/etc/sysconfig/atomic-registry-console
+  echo "REGISTRY_HOST=${installhost}:${REGISTRYPORT}" >> /host/etc/sysconfig/atomic-registry-console
+  echo "DOCKER_REGISTRY_SERVICE_PORT=${REGISTRYPORT}" >> /host/etc/sysconfig/atomic-registry
+  echo "REGISTRY_HTTP_ADDR=:${REGISTRYPORT}" >> /host/etc/sysconfig/atomic-registry
+  echo "REGISTRYPORT=${REGISTRYPORT}" >> /host/etc/sysconfig/atomic-registry
+  echo "REGISTRYIMAGE=${REGISTRYIMAGE}" >> /host/etc/sysconfig/atomic-registry
+  echo "REGISTRYTAG=${REGISTRYTAG}" >> /host/etc/sysconfig/atomic-registry
+  echo "KUBERNETES_SERVICE_HOST=${installhost}" >> /host/etc/sysconfig/atomic-registry
+  echo "KUBERNETES_SERVICE_PORT=${MASTERPORT}" >> /host/etc/sysconfig/atomic-registry
+  echo "MASTERPORT=${MASTERPORT}" >> /host/etc/sysconfig/atomic-registry-master
+  echo "MASTERIMAGE=${MASTERIMAGE}" >> /host/etc/sysconfig/atomic-registry-master
+  echo "MASTERTAG=${MASTERTAG}" >> /host/etc/sysconfig/atomic-registry-master
+  echo "CONSOLEPORT=${CONSOLEPORT}" >> /host/etc/sysconfig/atomic-registry-console
+  echo "CONSOLEIMAGE=${CONSOLEIMAGE}" >> /host/etc/sysconfig/atomic-registry-console
+  echo "CONSOLETAG=${CONSOLETAG}" >> /host/etc/sysconfig/atomic-registry-console
+  echo "KUBERNETES_SERVICE_HOST=${installhost}" >> /host/etc/sysconfig/atomic-registry-console
+  echo "KUBERNETES_SERVICE_PORT=${MASTERPORT}" >> /host/etc/sysconfig/atomic-registry-console
+
+  echo "Updating login template"
+  sed -i 's/  templates: null$/  templates:\n    login: site\/registry-login-template.html/' /host/etc/atomic-registry/master/master-config.yaml
+
+  echo "Files updated"
+  for file in /host/etc/sysconfig/atomic*; do
+    echo $'\t'"${file}:"
+    cat "${file}"
+    echo
+  done
+  chroot /host systemctl daemon-reload
+}
+
+function print_next_steps() {
+  echo "Optionally edit configuration file authentication /etc/atomic-registry/master/master-config.yaml,"
+  echo "and/or add certificates to /etc/atomic-registry/master,"
+  echo "then enable and start services:"
+  echo "   sudo systemctl enable --now atomic-registry-master.service"
+  echo "Once all 3 containers are running (docker ps), run the setup script"
+  echo "(you can run it again if it is run early and fails)"
+  echo "   sudo /var/run/setup-atomic-registry.sh"
+}
+
+write_config
+copy_files_to_host
+customize_config
+print_next_steps

examples/atomic-registry/systemd/services/config/atomic-registry

@@ -1,14 +1,13 @@
-REGISTRY_HTTP_ADDR=:5000
 REGISTRY_HTTP_NET=tcp
-KUBERNETES_SERVICE_PORT=8443
-KUBERNETES_SERVICE_HOST=localhost
 KUBERNETES_PORT_8443_TCP_PROTO=tcp
 KUBERNETES_SERVICE_PORT_HTTPS=8443
 KUBERNETES_PORT_8443_TCP_ADDR=localhost
 KUBERNETES_PORT_8443_TCP=tcp://localhost:8443
 REGISTRY_MIDDLEWARE_REPOSITORY_OPENSHIFT_ENFORCEQUOTA=false
-DOCKER_REGISTRY_SERVICE_PORT=5000
 
-# To secure the registry, drop the certificates here, uncomment and restart service
+##
+# To secure the registry, copy the certificates to these paths, uncomment and restart service
+##
 #REGISTRY_HTTP_TLS_CERTIFICATE=/etc/atomic-registry/registry/registry.crt
 #REGISTRY_HTTP_TLS_KEY=/etc/atomic-registry/registry/registry.key
+

examples/atomic-registry/systemd/services/config/atomic-registry-console

@@ -1,7 +1,7 @@
 # Uncomment to enable debug messages
 #G_MESSAGES_DEBUG=cockpit-ws,cockpit-wrapper,cockpit-bridge
-KUBERNETES_SERVICE_HOST=localhost
-KUBERNETES_SERVICE_PORT=8443
 REGISTRY_ONLY=true
 OPENSHIFT_OAUTH_CLIENT_ID=cockpit-oauth-client
+
+# Set to false to use your own SSL certificates
 KUBERNETES_INSECURE=true

examples/atomic-registry/systemd/services/unit_files/atomic-registry-console.service

@@ -6,8 +6,9 @@ Requires=docker.service
 
 [Service]
 Environment=GOTRACEBACK=crash
+EnvironmentFile=/etc/sysconfig/atomic-registry-console
 ExecStartPre=-/usr/bin/docker rm -f atomic-registry-console
-ExecStart=/usr/bin/docker run --rm --env-file=/etc/sysconfig/atomic-registry-console --name atomic-registry-console -p 9090:9090 --net=host -u 1001 cockpit/kubernetes
+ExecStart=/usr/bin/docker run --rm --env-file=/etc/sysconfig/atomic-registry-console --name atomic-registry-console -p ${CONSOLEPORT}:9090 -u 1001 ${CONSOLEIMAGE}:${CONSOLETAG}
 ExecStop=/usr/bin/docker stop atomic-registry-console
 LimitNOFILE=131072
 LimitCORE=infinity

examples/atomic-registry/systemd/services/unit_files/atomic-registry-master.service

@@ -10,7 +10,7 @@ Wants=atomic-registry.service
 EnvironmentFile=/etc/sysconfig/atomic-registry-master
 Environment=GOTRACEBACK=crash
 ExecStartPre=-/usr/bin/docker rm -f atomic-registry-master
-ExecStart=/usr/bin/docker run --rm --privileged --name atomic-registry-master -p 8443:8443 --net=host --env-file=/etc/sysconfig/atomic-registry-master -v /var/lib/atomic-registry/etcd:/var/lib/atomic-registry/etcd -v /etc/atomic-registry/:/etc/atomic-registry/ openshift/origin start master --config=/etc/atomic-registry/master/master-config.yaml $OPTIONS
+ExecStart=/usr/bin/docker run --rm --privileged --name atomic-registry-master -p ${MASTERPORT}:${MASTERPORT} --env-file=/etc/sysconfig/atomic-registry-master -v /var/lib/atomic-registry/etcd:/var/lib/atomic-registry/etcd -v /etc/atomic-registry/:/etc/atomic-registry/ ${MASTERIMAGE}:${MASTERTAG} start master --config=/etc/atomic-registry/master/master-config.yaml $OPTIONS
 ExecStop=/usr/bin/docker stop atomic-registry-master
 LimitNOFILE=131072
 LimitCORE=infinity

examples/atomic-registry/systemd/services/unit_files/atomic-registry.service

@@ -5,8 +5,9 @@ After=docker.service
 Requires=docker.service
 
 [Service]
+EnvironmentFile=/etc/sysconfig/atomic-registry
 ExecStartPre=-/usr/bin/docker rm -f atomic-registry
-ExecStart=/usr/bin/docker run --rm --env-file=/etc/sysconfig/atomic-registry --name atomic-registry -p 5000:5000 --net=host -v /var/lib/atomic-registry/registry:/registry:Z -v /etc/atomic-registry/registry:/etc/atomic-registry/registry -v /etc/atomic-registry/serviceaccount:/var/run/secrets/kubernetes.io/serviceaccount -u 1001 openshift/origin-docker-registry
+ExecStart=/usr/bin/docker run --rm --env-file=/etc/sysconfig/atomic-registry --name atomic-registry -p ${REGISTRYPORT}:${REGISTRYPORT} --net=host -v /var/lib/atomic-registry/registry:/registry:Z -v /etc/atomic-registry/registry:/etc/atomic-registry/registry -v /etc/atomic-registry/serviceaccount:/var/run/secrets/kubernetes.io/serviceaccount -u 1001 ${REGISTRYIMAGE}:${REGISTRYTAG}
 ExecStop=/usr/bin/docker stop atomic-registry
 LimitNOFILE=131072
 LimitCORE=infinity

examples/atomic-registry/systemd/setup-atomic-registry.sh

@@ -1,7 +1,10 @@
-#!/bin/bash
+#!/usr/bin/env bash
+
+set -o pipefail
+
+INSTALL_HOST=$(awk -F ' ' '/^masterPublicURL/ {print $2}' /etc/atomic-registry/master/master-config.yaml | awk '{split($0,a,":"); print a[1] ":" a[2]}')
+CONSOLEPORT=$(awk -F '=' '/CONSOLEPORT/ {print $2}' /etc/sysconfig/atomic-registry-console)
 
-# we need the hostname the web console is coming from to whitelist oauth requests
-INSTALL_HOST=${1:-`hostname`}
 # we're running this on the host
 # the commands will be exec'd in the master container that has the oc client
 CMD="docker exec -it"
@@ -24,10 +27,10 @@ $CMD atomic-registry cat /config.yml > /etc/atomic-registry/registry/config.yml
 echo "REGISTRY_CONFIGURATION_PATH=/etc/atomic-registry/registry/config.yml" >> /etc/sysconfig/atomic-registry
 
 # Create oauthclient for web console. required for web console to delegate auth
-$CMD atomic-registry-master oc new-app --file=/etc/atomic-registry/master/oauthclient.yaml --param=COCKPIT_KUBE_URL=https://${INSTALL_HOST}:9090
+$CMD atomic-registry-master oc new-app --file=/etc/atomic-registry/master/oauthclient.yaml --param=COCKPIT_KUBE_URL=${INSTALL_HOST}:${CONSOLEPORT}
 
 # restart with these changes
 systemctl restart atomic-registry.service
 set +x
-echo "Launch web console in browser at https://${INSTALL_HOST}:9090"
+echo "Launch web console in browser at ${INSTALL_HOST}:${CONSOLEPORT}"
 echo "By default, ANY username and ANY password will successfully authenticate."