Merge pull request #5 from codefresh-io/validator

Validator

Author: kosta709

.gitignore

@@ -3,8 +3,9 @@
 assets
 .kube
 
+tmp/
 # values.yaml
-values.yaml
+/values.yaml
 
 # decrypted files
 **/*-dec.*

README.md

@@ -12,29 +12,39 @@ Before running `cf-onprem` script it is needed to:
 * make configuration changes specific for each customer
 
 There are three files that customize `codefresh` chart deployment:
-* `sa-dec.json` contains GCP service account that enables a customer to pull codefresh images
-* `values.yaml` contains different parameters for chart customization
-* `values-dec.yaml` contains secrets such as `githubClientSecret`, etc.
+* `values.yaml.tpl` contains template of values.yaml for different parameters for chart customization
 
-Also to be able to encrypt `*-dec.*` files and decrypt `*-enc.*` files `aws cli` should be configured with permissions to use AWS KMS service and [sops](https://github.com/mozilla/sops/releases) binary installed on your system.
 
 ### How to run
 1. Clone [onprem](https://github.com/codefresh-io/onprem) repository
 ```
 git clone [email protected]:codefresh-io/onprem.git
 cd onprem
 ```
-2. Decrypt `sa-enc.json` and `values-enc.yaml` files
-```
-./sops.sh -d
-```
-3. Make configuration changes in `sa-dec.json`, `values.yaml`, `values-dec.yaml` files and customize variables in `env-vars` file
-4. Run `cf-onprem` script
-5. If it is needed to upload new configuration into remote repository then encrypt `sa-dec.json`, `values-dec.yaml` files
-```
-./sops.sh -e
-```
-6. Commit and push changes
-```
-git push origin master
-```
+2. cp `values.yaml.tpl`  `values.yaml`
+
+3. Edit values.yaml
+Mandatory to set `global.appUrl` and `firebaseToken` 
+
+    ##### Running on local volumes
+        Codefresh can run on local volumes - https://kubernetes.io/docs/concepts/storage/volumes/#local  
+
+        To create local volumes edit `local-volumes/values.yaml`, set:
+        - defaultNodeSelector
+        - mkdirPods.nodes
+
+        then run `local-volumes/create-local-pvcs.sh`
+        edit values.yaml and set the values for `existingPvc`s
+
+4. Validate values and cluster
+   `./run-validator.sh`
+   It will validate:
+   - values.yaml
+   - ability to launch persistent services on specified storage classes
+   - ability to launch persistent services on specified existing pvcs
+   - To do: validating networks, dns, loadbalances, ingress
+
+5. run Intaller:
+ ```
+ ./cf-onprem [ --web-tls-key certs/key.pem --web-tls-cert certs/cert.pem ]
+ ```

cf-onprem

@@ -2,20 +2,17 @@
 #
 
 #set -x
-
-msg() { echo -e "\e[32mINFO [$(date +%F\ %T)] ---> $1\e[0m"; }
-warning() { echo -e "\e[33mWARNING [$(date +%F\ %T)] ---> $1\e[0m"; }
-err() { echo -e "\e[31mERR [$(date +%F\ %T)] ---> $1\e[0m" ; exit 1; }
+DIR=$(dirname $0)
+source ${DIR}/scripts/helpers.sh
 
 if [ -f "./env-vars" ]; then
 . ./env-vars
 fi
 
-readonly HELM_VERSION="${CF_HELM_VERSION:-2.10.0}"
 readonly CHANNEL="${CF_HELM_CHANNEL:-dev}"
 readonly CODEFRESH_REPOSITORY=http://charts.codefresh.io/${CHANNEL}
 
-#export KUBECONFIG=./.kube/config
+readonly RELEASE=cf
 
 readonly WORKING_DIR="$(dirname "$0")"
 readonly SERVICE_ACCOUNT="${WORKING_DIR}/sa.json"
@@ -29,144 +26,6 @@ usage() {
 	exit 0
 }
 
-check() { command -v $1 >/dev/null 2>&1 || err "$1 binary is required!"; }
-
-ver() { printf "%03d%03d%03d%03d" $(echo "$1" | tr '.' ' '); }
-
-exists() {
-	if command -v $1 >/dev/null 2>&1; then
-		msg "$1 binary installed"
-	else
-		warning "Please install $1 to proceed"
-		exit 1
-	fi
-}
-
-run_as_root() {
-	if [[ $EUID > 0 ]]; then
-		err "Please run as root/sudo"
-		exit 1
-	fi
-}
-
-approveContext() {
-	msg "Your kubectl is configured with the following context: "
-	kubectl config current-context
-	read -r -p "Are you sure you want to continue? [y/N] " response
-
-	if [[ "$response" =~ ^([yY][eE][sS]|[yY])+$ ]]
-	then
-			msg "No problem, continuing with the script..."
-	else
-			msg "Exiting..."
-			exit 0
-	fi
-}
-
-checkHelmInstalled() {
-  if command -v $1 >/dev/null 2>&1; then
-    helm_version=$(helm version --client --short | sed 's/.*\: v//' | sed 's/+.*//')
-    msg "helm is already installed and has version v$helm_version"
-    [ $(ver $helm_version) -lt $(ver $HELM_VERSION) ] && \
-    err "You have older helm version than required. Please upgrade to v$HELM_VERSION or newer !"
-  else
-    warning "helm is not installed"
-    if [[ ! "$YES" == 'true' ]]; then
-    read -p "Do you want to install helm ? [y/n] " yn
-      case ${yn} in
-        y|Y)
-          helmInstall
-      ;;
-        *)
-          err "Need helm to deploy Codefresh app ! Exiting..."
-          #exit 1
-      ;;
-      esac
-    else
-      helmInstall
-    fi
-  fi
-}
-
-helmInstall() {
-  msg "Downloading and installing helm..."
-<< ////
-  case "$(uname -s)" in
-    Linux)
-      os=linux
-    ;;
-    Darwin)
-      os=darwin
-    ;;
-    *)
-    ;;
-  esac
-////
-  wget https://storage.googleapis.com/kubernetes-helm/helm-v${HELM_VERSION}-${os}-amd64.tar.gz -P /tmp/
-  tar xvf /tmp/helm-v${HELM_VERSION}-${os}-amd64.tar.gz -C /tmp/
-  chmod +x /tmp/${os}-amd64/helm
-  sudo mv /tmp/${os}-amd64/helm /usr/local/bin/
-  rm -rf /tmp/helm-v${HELM_VERSION}-${os}-amd64 /tmp/helm-v${HELM_VERSION}-${os}-amd64.tar.gz
-}
-
-checkTillerInstalled() {
-  status=$(kubectl -nkube-system get pod -l app=helm -l name=tiller -o=go-template --template='{{  range $i, $v := .items }}{{ if eq $v.status.phase "Running" }}{{ $v.status.phase }}{{ end }}{{ end }}')
-  if [ "$status" == "Running" ]; then
-    msg "Tiller is installed and running"
-    helm init -c
-    helm_version=$(helm version --client --short | sed 's/.*\: v//' | sed 's/+.*//')
-    tiller_version=$(helm version --server --short | sed 's/.*\: v//' | sed 's/+.*//')
-    if [[ ! "$YES" == 'true' ]] && [ $(ver $tiller_version) -lt $(ver $helm_version) ]; then
-      warning "You're running helm v$helm_version but tiller has v$tiller_version."
-      read -p  " Do you want to upgrade tiller to v$helm_version ? [y/n] " yn
-      case ${yn} in
-        y|Y)
-          kubectl create -f ./tiller-rbac-config.yaml > /dev/null 2>&1
-          helm init --upgrade --service-account tiller --wait
-      ;;
-        *)
-          err "You need to upgrade tiller ! Exiting..."
-      ;;
-      esac
-    fi
-    if [[ "$YES" == 'true' ]] && [ $(ver $tiller_version) -lt $(ver $helm_version) ]; then
-      err "You're running helm v$helm_version but tiller has v$tiller_version . You need to upgrade tiller ! Exiting..."
-    fi
-  else
-    warning "Unable to determine tiller at its default location."
-    if [[ ! "$YES" == 'true' ]]; then
-      read -p  " Do you want to deploy tiller ? [y/n] " yn
-      case ${yn} in
-        y|Y)
-          kubectl create -f ./tiller-rbac-config.yaml
-          helm init --service-account tiller --wait
-      ;;
-        *)
-          err "Need to deploy tiller ! Exiting..."
-          exit 1
-      ;;
-      esac
-    else
-      kubectl create -f ./tiller-rbac-config.yaml
-      helm init --service-account tiller --wait
-    fi
-  fi
-
-}
-
-checkTillerStatus() {
-	while true; do
-    status=$(kubectl -nkube-system get pod -l app=helm -l name=tiller -o=go-template --template='{{  range $i, $v := .items }}{{ if eq $v.status.phase "Running" }}{{ $v.status.phase }}{{ end }}{{ end }}')
-
-	  msg "Tiller status = $status"
-	  [ "$status" == "Running" ] && break
-
-	  msg "Sleeping 5 seconds ..."
-	  sleep 5
-
-	done
-}
-
 generateWebTlsValuesFile() {
 
 WEBTLSKEY=$(cat ${WebTlsKey} | sed 's/^/    /')
@@ -177,6 +36,11 @@ WEBTLSCERT_CFUI=$(cat ${WebTlsCert} | sed 's/^/      /')
 
 cat <<-EOF >${WEBTLS_VALUES_FILE}
 ---
+ingress:
+  webTlsSecretName: "star.codefresh.io"
+nomios:
+  ingress:
+    webTlsSecretName: "star.codefresh.io"
 webTLS:
   secretName: star.codefresh.io
   key: |
@@ -199,7 +63,7 @@ EOF
 
 # run_as_root
 
-while [[ $1 =~ ^(-(y)|--(yes|web-tls-key|web-tls-cert|set)) ]]
+while [[ $1 =~ ^(-(y)|--(yes|web-tls-key|web-tls-cert|set|debug)) ]]
 do
   key=$1
   value=$2
@@ -219,6 +83,9 @@ do
         SET_VALUES="$SET_VALUES --set $value"
         shift
       ;;
+    --debug)
+        SET_DEBUG="--debug"
+      ;;
   esac
   shift # past argument or value
 done
@@ -316,12 +183,21 @@ EOF
 
 [ -n "${WebTlsKey}" ] && [ -f "${WebTlsKey}" ] && [ -n "${WebTlsCert}" ] && [ -f "${WebTlsCert}" ] && [ -f "${WEBTLS_VALUES_FILE}" ] && WEBTLS_VALUES="--values ${WEBTLS_VALUES_FILE}"
 
-cf_status=$(helm ls -q cf)
+cf_status=$(helm status $RELEASE 2>/dev/null | awk -F': ' '$1 == "STATUS" {print $2}')
+
+if [[ -z "${cf_status}" ]]; then
+  SEEDJOBS="--set global.seedJobs=true"
+  CERTJOBS="--set global.certsJobs=true"
+  IN_INSTALLER="true" ${DIR}/run-validator.sh
+  if [[ $? != 0 ]]; then
+    echo "Validation failed"
+    exit 1
+  fi
+fi
 
-[ -z "${cf_status}" ] && SEEDJOBS="--set global.seedJobs=true" && CERTJOBS="--set global.certsJobs=true"
 
 msg "Installing/Updating Codefresh..."
-helm upgrade cf codefresh-onprem-${CHANNEL}/codefresh \
+helm upgrade ${RELEASE} codefresh-onprem-${CHANNEL}/codefresh \
   --install \
   --namespace codefresh \
   --values "${VALUES_FILE}" \
@@ -331,5 +207,6 @@ helm upgrade cf codefresh-onprem-${CHANNEL}/codefresh \
   --set cfapi.redeploy=true \
   ${SEEDJOBS} \
   ${CERTJOBS} \
-  ${SET_VALUES}
+  ${SET_VALUES} \
+  ${SET_DEBUG}
 #  ${MTU_VALUE}

env-vars

@@ -1,2 +1,2 @@
-export CF_HELM_CHANNEL=
+export CF_HELM_CHANNEL=test
 export CF_HELM_VERSION=

local-volumes/Chart.yaml

@@ -0,0 +1,19 @@
+apiVersion: "v1"
+name: local-volumes
+version: 1.0.0
+kubeVersion: "1.10.0 - 2.0.0"
+description: Creates local volumes for Codefresh onprem installation
+keywords:
+  - codefresh
+  - onprem
+  - local-volumes
+home: https://codefresh.io/
+sources:
+  - https://github.com/codefresh-io/onprem
+maintainers: 
+  - name: Codefresh Authors
+    email: [email protected]
+engine: gotpl 
+icon: https://codefresh.io/docs/assets/brand/codefresh-social-logo.png
+appVersion: v2.0.10
+tillerVersion: ">2.9.0"

local-volumes/README.md

@@ -0,0 +1,11 @@
+### Local Volumes helm chart 
+Creates Loval volumes and pvcs, makes directories on the nodes
+
+Copy from template and edit values.yaml
+Set 
+```
+cp values.yaml.tmpl values.yaml
+vi  values.yaml
+
+./create-local-pvcs.sh
+```

local-volumes/create-local-pvcs.sh

@@ -0,0 +1,49 @@
+#!/usr/bin/env bash
+#
+
+DIR=$(dirname $0)
+RELEASE=cf-local-volumes
+CHART=$(realpath ${DIR}/../local-volumes)
+NAMESPACE=${NAMESPACE:-codefresh}
+HELM_TIMEOUT=60
+
+source ${DIR}/../scripts/helpers.sh
+
+approveContext
+
+RELEASE_STATUS=$(helm status $RELEASE 2>/dev/null | awk -F': ' '$1 == "STATUS" {print $2}')
+if [[ -n "${RELEASE_STATUS}" ]]; then
+   echo "There is a previous run of $RELEASE with status $RELEASE_STATUS
+Run: helm status cf-local-volumes; to check the status of the release
+Or run: helm del --purge cf-local-volumes; to delete it   
+
+   "
+   exit 1
+fi
+
+VALUES_FILE=${DIR}/values.yaml
+
+HELM=${HELM:-helm}
+
+HELM_COMMAND="$HELM --namespace $NAMESPACE install -n $RELEASE $CHART $@"
+
+echo "Running ${RELEASE} helm release 
+$HELM_COMMAND
+"
+
+eval $HELM_COMMAND &
+HELM_PID=$!
+
+wait $HELM_PID
+HELM_EXIT_STATUS=$?
+
+if [[ "${HELM_EXIT_STATUS}" == 0 ]]; then
+  echo "Local Volumes chart has been submitted. Run the command below to insect the status
+   kubectl --namespace $NAMESPACE get pods,pvc,pv,svc -l app=${RELEASE}
+  "
+else
+  echo "
+  Local Volumes chart submission FAILED."
+fi
+
+exit $HELM_EXIT_STATUS