-
Notifications
You must be signed in to change notification settings - Fork 16
/
Copy pathdeploy.sh
168 lines (149 loc) · 6.39 KB
/
deploy.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
#!/bin/bash
# Print the menu
echo "================================================="
echo "Install ARO Cluster. Choose an option (1-5): "
echo "================================================="
options=(
"Terraform Init"
"Terraform Validate"
"Terraform Plan"
"Terraform Apply"
"Quit"
)
# Select an option
COLUMNS=0
select opt in "${options[@]}"; do
case $opt in
"Terraform Init")
terraform init
exit
;;
"Terraform Validate")
terraform validate
exit
;;
"Terraform Plan")
op="plan"
break
;;
"Terraform Apply")
op="apply"
break
;;
"Quit")
exit
;;
*) echo "Invalid option $REPLY" ;;
esac
done
# ARO cluster name
resourcePrefix="<azure-resources-name-prefix>"
aroDomain="${resourcePrefix,,}"
aroClusterServicePrincipalDisplayName="${resourcePrefix,,}-aro-sp-${RANDOM}"
pullSecret=$(cat pull-secret.txt)
# Name and location of the resource group for the Azure Red Hat OpenShift (ARO) cluster
aroResourceGroupName="${resourcePrefix}RG"
location="northeurope"
# Subscription id, subscription name, and tenant id of the current subscription
subscriptionId=$(az account show --query id --output tsv)
subscriptionName=$(az account show --query name --output tsv)
tenantId=$(az account show --query tenantId --output tsv)
# Register the necessary resource providers
az provider register --namespace 'Microsoft.RedHatOpenShift' --wait
az provider register --namespace 'Microsoft.Compute' --wait
az provider register --namespace 'Microsoft.Storage' --wait
az provider register --namespace 'Microsoft.Authorization' --wait
# Check if the resource group already exists
echo "Checking if [$aroResourceGroupName] resource group actually exists in the [$subscriptionName] subscription..."
az group show --name $aroResourceGroupName &>/dev/null
if [[ $? != 0 ]]; then
echo "No [$aroResourceGroupName] resource group actually exists in the [$subscriptionName] subscription"
echo "Creating [$aroResourceGroupName] resource group in the [$subscriptionName] subscription..."
# Create the resource group
az group create --name $aroResourceGroupName --location $location 1>/dev/null
if [[ $? == 0 ]]; then
echo "[$aroResourceGroupName] resource group successfully created in the [$subscriptionName] subscription"
else
echo "Failed to create [$aroResourceGroupName] resource group in the [$subscriptionName] subscription"
exit
fi
else
echo "[$aroResourceGroupName] resource group already exists in the [$subscriptionName] subscription"
fi
# Create the service principal for the Azure Red Hat OpenShift (ARO) cluster
echo "Creating service principal with [$aroClusterServicePrincipalDisplayName] display name in the [$tenantId] tenant..."
az ad sp create-for-rbac \
--name $aroClusterServicePrincipalDisplayName >app-service-principal.json
aroClusterServicePrincipalClientId=$(jq -r '.appId' app-service-principal.json)
aroClusterServicePrincipalClientSecret=$(jq -r '.password' app-service-principal.json)
aroClusterServicePrincipalObjectId=$(az ad sp show --id $aroClusterServicePrincipalClientId | jq -r '.id')
# Assign the User Access Administrator role to the new service principal with resource group scope
roleName='User Access Administrator'
az role assignment create \
--role "$roleName" \
--assignee-object-id $aroClusterServicePrincipalObjectId \
--resource-group $aroResourceGroupName \
--assignee-principal-type 'ServicePrincipal' >/dev/null
if [[ $? == 0 ]]; then
echo "[$aroClusterServicePrincipalDisplayName] service principal successfully assigned [$roleName] with [$aroResourceGroupName] resource group scope"
else
echo "Failed to assign [$roleName] role with [$aroResourceGroupName] resource group scope to the [$aroClusterServicePrincipalDisplayName] service principal"
exit
fi
# Assign the Contributor role to the new service principal with resource group scope
roleName='Contributor'
az role assignment create \
--role "$roleName" \
--assignee-object-id $aroClusterServicePrincipalObjectId \
--resource-group $aroResourceGroupName \
--assignee-principal-type 'ServicePrincipal' >/dev/null
if [[ $? == 0 ]]; then
echo "[$aroClusterServicePrincipalDisplayName] service principal successfully assigned [$roleName] with [$aroResourceGroupName] resource group scope"
else
echo "Failed to assign [$roleName] role with [$aroResourceGroupName] resource group scope to the [$aroClusterServicePrincipalDisplayName] service principal"
exit
fi
# Get the service principal object ID for the OpenShift resource provider
aroResourceProviderServicePrincipalObjectId=$(az ad sp list --display-name "Azure Red Hat OpenShift RP" --query [0].id -o tsv)
if [[ $op == 'plan' ]]; then
terraform plan \
-compact-warnings \
-out main.tfplan \
-var "resource_prefix=$resourcePrefix" \
-var "location=$location" \
-var "domain=$aroDomain" \
-var "pull_secret=$pullSecret" \
-var "aro_cluster_aad_sp_client_id=$aroClusterServicePrincipalClientId" \
-var "aro_cluster_aad_sp_client_secret=$aroClusterServicePrincipalClientSecret" \
-var "aro_cluster_aad_sp_object_id=$aroClusterServicePrincipalObjectId" \
-var "aro_rp_aad_sp_object_id=$aroResourceProviderServicePrincipalObjectId"
else
if [[ -f "main.tfplan" ]]; then
terraform apply \
-compact-warnings \
-auto-approve \
main.tfplan \
-var "resource_prefix=$resourcePrefix" \
-var "resource_group_name=$aroResourceGroupName" \
-var "location=$location" \
-var "domain=$aroDomain" \
-var "pull_secret=$pullSecret" \
-var "aro_cluster_aad_sp_client_id=$aroClusterServicePrincipalClientId" \
-var "aro_cluster_aad_sp_client_secret=$aroClusterServicePrincipalClientSecret" \
-var "aro_cluster_aad_sp_object_id=$aroClusterServicePrincipalObjectId" \
-var "aro_rp_aad_sp_object_id=$aroResourceProviderServicePrincipalObjectId"
else
terraform apply \
-compact-warnings \
-auto-approve \
-var "resource_prefix=$resourcePrefix" \
-var "resource_group_name=$aroResourceGroupName" \
-var "location=$location" \
-var "domain=$aroDomain" \
-var "pull_secret=$pullSecret" \
-var "aro_cluster_aad_sp_client_id=$aroClusterServicePrincipalClientId" \
-var "aro_cluster_aad_sp_client_secret=$aroClusterServicePrincipalClientSecret" \
-var "aro_cluster_aad_sp_object_id=$aroClusterServicePrincipalObjectId" \
-var "aro_rp_aad_sp_object_id=$aroResourceProviderServicePrincipalObjectId"
fi
fi