github.com/verrazzano/verrazzano@v1.7.1/ci/scripts/ocne_ociccm.sh (about) 1 #!/bin/bash 2 3 # 4 # Copyright (c) 2023, Oracle and/or its affiliates. 5 # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. 6 # 7 8 get_security_list_id() { 9 n=0 10 while [ $n -le 30 ] && [ -z "${id}" ]; do 11 id=$(oci network security-list list --display-name "${TF_VAR_prefix}-lb-subnet" --compartment-id "${TF_VAR_compartment_id}" --vcn-id "${VCN_OCID}" --query 'data[0]."id"' --raw-output) 12 n=$((n+1)) 13 sleep 2 14 done 15 echo "${id}" 16 } 17 18 get_subnet_id() { 19 n=0 20 while [ $n -le 30 ] && [ -z "${id}" ]; do 21 id=$(oci network subnet list --display-name "${TF_VAR_prefix}-lb-subnet" --compartment-id "${TF_VAR_compartment_id}" --vcn-id "${VCN_OCID}" --query 'data[0]."id"' --raw-output) 22 n=$((n+1)) 23 sleep 2 24 done 25 echo "${id}" 26 } 27 28 get_route_table_id() { 29 n=0 30 while [ $n -le 30 ] && [ -z "${id}" ]; do 31 id=$(oci network route-table list --display-name internet-route --compartment-id "${TF_VAR_compartment_id}" --vcn-id "${VCN_OCID}" --query 'data[0]."id"' --raw-output) 32 n=$((n+1)) 33 sleep 2 34 done 35 echo "${id}" 36 } 37 38 get_dhcp_options_id() { 39 n=0 40 while [ $n -le 30 ] && [ -z "${id}" ]; do 41 id=$(oci network dhcp-options list --display-name ocne-dhcp-options --compartment-id "${TF_VAR_compartment_id}" --vcn-id "${VCN_OCID}" --query 'data[0]."id"' --raw-output) 42 n=$((n+1)) 43 sleep 2 44 done 45 echo "${id}" 46 } 47 48 create_security_list() { 49 lb_subnet_ingress=$(mktemp) 50 lb_subnet_egress=$(mktemp) 51 trap 'rm -f ${lb_subnet_ingress} ${lb_subnet_egress}' EXIT 52 53 cat > "${lb_subnet_ingress}" << EOL 54 [ 55 { 56 "protocol": "6", 57 "source": "0.0.0.0/0", 58 "tcpOptions": { 59 "destinationPortRange": { 60 "max": 443, 61 "min": 443 62 } 63 } 64 } 65 ] 66 EOL 67 68 cat > "${lb_subnet_egress}" << EOL 69 [ 70 { 71 "destination": "0.0.0.0/0", 72 "protocol": "all" 73 } 74 ] 75 EOL 76 77 oci network security-list create --display-name "${TF_VAR_prefix}-lb-subnet" \ 78 --compartment-id "${TF_VAR_compartment_id}" --vcn-id "${VCN_OCID}" \ 79 --ingress-security-rules file://"${lb_subnet_ingress}" --egress-security-rules file://"${lb_subnet_egress}" 80 81 } 82 83 create_subnet() { 84 igrt_id=$(get_route_table_id) 85 dhcp_id=$(get_dhcp_options_id) 86 oci network subnet create --display-name "${TF_VAR_prefix}-lb-subnet" \ 87 --compartment-id "${TF_VAR_compartment_id}" --vcn-id "${VCN_OCID}" \ 88 --cidr-block "10.0.2.0/24" --dns-label "lb" --security-list-ids "[\""${security_list_id}"\"]" \ 89 --prohibit-public-ip-on-vnic false --prohibit-internet-ingress false \ 90 --route-table-id "${igrt_id}" --dhcp-options-id "${dhcp_id}" 91 } 92 93 deployCCM() { 94 ociccm_name="ociccm" 95 echo "deployCCM with lb_subnet_id ${lb_subnet_id}" 96 scp -o StrictHostKeyChecking=no -i "${TF_VAR_ssh_private_key_path}" "${TF_VAR_api_private_key_path}" opc@"${API_SERVER_IP}":/home/opc/oci_api_deployer_key.pem 97 ssh -o StrictHostKeyChecking=no -i "${TF_VAR_ssh_private_key_path}" opc@"${API_SERVER_IP}" -- olcnectl --api-server="${API_SERVER_IP}":8091 \ 98 module create -E "${OCNE_ENVNAME}" -M oci-ccm -N "${ociccm_name}" \ 99 --oci-private-key-file /home/opc/oci_api_deployer_key.pem \ 100 --oci-ccm-kubernetes-module ${OCNE_K8SNAME} \ 101 --oci-region "${TF_VAR_region}" \ 102 --oci-tenancy "${TF_VAR_tenancy_id}" \ 103 --oci-compartment "${TF_VAR_compartment_id}" \ 104 --oci-user "${TF_VAR_user_id}" \ 105 --oci-fingerprint "${TF_VAR_fingerprint}" \ 106 --oci-vcn "${VCN_OCID}" \ 107 --oci-lb-subnet1 "${lb_subnet_id}" \ 108 --oci-lb-security-mode None 109 ssh -o StrictHostKeyChecking=no -i "${TF_VAR_ssh_private_key_path}" opc@"${API_SERVER_IP}" -- olcnectl --api-server="${API_SERVER_IP}":8091 \ 110 module install -E "${OCNE_ENVNAME}" -N "${ociccm_name}" 111 ssh -o StrictHostKeyChecking=no -i "${TF_VAR_ssh_private_key_path}" opc@"${API_SERVER_IP}" -- olcnectl --api-server="${API_SERVER_IP}":8091 \ 112 module instances -E "${OCNE_ENVNAME}" 113 } 114 115 deployCCM15() { 116 helm_name="myhelm" 117 ociccm_name="ociccm" 118 cp_count="${TF_VAR_control_plane_node_count}" 119 cp_nodes=$(terraform output -json control_plane_nodes) 120 for (( i=0; i<$cp_count; i++ )) do 121 control_plane_node=$(echo "${cp_nodes}" | jq -r ".[$i]") 122 scp -o StrictHostKeyChecking=no -i "${TF_VAR_ssh_private_key_path}" "${TF_VAR_api_private_key_path}" opc@"${control_plane_node}":/home/opc/oci_api_deployer_key.pem 123 done 124 # install helm module 125 ssh -o StrictHostKeyChecking=no -i "${TF_VAR_ssh_private_key_path}" opc@"${API_SERVER_IP}" -- olcnectl --api-server="${API_SERVER_IP}":8091 \ 126 module create -E ${OCNE_ENVNAME} -M helm -N ${helm_name} --helm-kubernetes-module ${OCNE_K8SNAME} 127 ssh -o StrictHostKeyChecking=no -i "${TF_VAR_ssh_private_key_path}" opc@"${API_SERVER_IP}" -- olcnectl --api-server="${API_SERVER_IP}":8091 \ 128 module install -E "${OCNE_ENVNAME}" -N ${helm_name} 129 # install oci-ccm module 130 echo "Install oci-ccm to ${API_SERVER_IP}" 131 ssh -o StrictHostKeyChecking=no -i "${TF_VAR_ssh_private_key_path}" opc@"${API_SERVER_IP}" -- olcnectl --api-server="${API_SERVER_IP}":8091 \ 132 module create -E "${OCNE_ENVNAME}" -M oci-ccm -N "${ociccm_name}" \ 133 --oci-private-key /home/opc/oci_api_deployer_key.pem \ 134 --oci-ccm-helm-module ${helm_name} \ 135 --oci-region "${TF_VAR_region}" \ 136 --oci-tenancy "${TF_VAR_tenancy_id}" \ 137 --oci-compartment "${TF_VAR_compartment_id}" \ 138 --oci-user "${TF_VAR_user_id}" \ 139 --oci-fingerprint "${TF_VAR_fingerprint}" \ 140 --oci-vcn "${VCN_OCID}" \ 141 --oci-lb-subnet1 "${lb_subnet_id}" \ 142 --oci-lb-security-mode None 143 ssh -o StrictHostKeyChecking=no -i "${TF_VAR_ssh_private_key_path}" opc@"${API_SERVER_IP}" -- olcnectl --api-server="${API_SERVER_IP}":8091 \ 144 module install -E "${OCNE_ENVNAME}" -N "${ociccm_name}" 145 ssh -o StrictHostKeyChecking=no -i "${TF_VAR_ssh_private_key_path}" opc@"${API_SERVER_IP}" -- olcnectl --api-server="${API_SERVER_IP}":8091 \ 146 module instances -E "${OCNE_ENVNAME}" 147 } 148 149 create_security_list 150 security_list_id=$(get_security_list_id) 151 152 if [ -z "${security_list_id}" ]; then 153 echo "Failed to create security list" 154 exit 1 155 else 156 create_subnet 157 lb_subnet_id=$(get_subnet_id) 158 if [ -z "${lb_subnet_id}" ]; then 159 echo "Failed to create subnet" 160 exit 1 161 else 162 echo "Installing OCNE-${OCNE_VERSION} OCI-CCM module with LB subnet ${lb_subnet_id}" 163 if [[ "${OCNE_VERSION}" == "1.5"* ]]; then 164 deployCCM15 165 else 166 deployCCM 167 fi 168 fi 169 fi 170