Pxb210

scripts/helm-backup

@@ -1,5 +1,24 @@
 NAMESPACE=central
-VERSION=2.9.1
+VERSION=2.10.0
+
+kubectl apply -f - <<EOF
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: central
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: pxc-credentials
+  namespace: central
+data:
+  mongodb-px-backup-password: UDBydHdvcnhCYWNrdXA=
+  mongodb-root-password: UDBydHdvcnhCYWNrdXA=
+  mongodb-replica-set-key: UDBydHdvcnhCYWNrdXA=
+  postgresql-password: UDBydHdvcnhCYWNrdXA=
+  mysql-password: UDBydHdvcnhCYWNrdXA=
+EOF
 
 curl -O https://raw.githubusercontent.com/portworx/helm/master/stable/px-central-$VERSION.tgz
 helm install px-central px-central-$VERSION.tgz --namespace $NAMESPACE --create-namespace --version $VERSION --set persistentStorage.enabled=true,persistentStorage.storageClassName="px-csi-db",pxbackup.enabled=true,oidc.centralOIDC.updateAdminProfile=false,installCRDs=true
@@ -25,6 +44,6 @@ kubectl delete job pxcentral-post-install-hook --namespace $NAMESPACE
 helm upgrade px-central px-central-$VERSION.tgz --namespace $NAMESPACE --version $VERSION --reuse-values --set pxmonitor.enabled=true --set pxmonitor.pxCentralEndpoint=$pubIP:$backupPort
 until (kubectl get po -n $NAMESPACE -ljob-name=pxcentral-post-install-hook  -o wide | awk '{print $1, $2, $3}' |grep "Completed"); do echo "Waiting for post install hook";sleep 3; done
 
-BACKUP_POD_NAME=$(kubectl get pods -n $NAMESPACE -l app=px-backup -o jsonpath='{.items[0].metadata.name}' 2>/dev/null)
-kubectl cp -n $NAMESPACE $BACKUP_POD_NAME:pxbackupctl/linux/pxbackupctl /usr/bin/pxbackupctl
-chmod +x /usr/bin/pxbackupctl
+#BACKUP_POD_NAME=$(kubectl get pods -n $NAMESPACE -l app=px-backup -o jsonpath='{.items[0].metadata.name}' 2>/dev/null)
+#kubectl cp -n $NAMESPACE $BACKUP_POD_NAME:pxbackupctl/linux/pxbackupctl /usr/bin/pxbackupctl
+#chmod +x /usr/bin/pxbackupctl

scripts/helm-backup-apps

@@ -1,41 +1,128 @@
-BACKUP_POD_IP=$(kubectl get pods -n central -l app=px-backup -o jsonpath='{.items[*].status.podIP}' 2>/dev/null)
 AWS_ACCESS_KEY=$(sed -n 's/aws_access_key_id[ =]*//p' /root/.aws/credentials 2>/dev/null)
 AWS_SECRET_KEY=$(sed -n 's/aws_secret_access_key[ =]*//p' /root/.aws/credentials 2>/dev/null)
-IMDSTOKEN=$(curl -s -X PUT 'http://169.254.169.254/latest/api/token' -H 'X-aws-ec2-metadata-token-ttl-seconds: 120')
-pubIP=$(curl -H "X-aws-ec2-metadata-token: $IMDSTOKEN" -s http://169.254.169.254/latest/meta-data/public-ipv4)
-backupPort=$(kubectl get svc px-backup-ui -n central -o=jsonpath='{.spec.ports[?(@.port==80)].nodePort}')
-client_secret=$(kubectl get secret --namespace central pxc-backup-secret -o jsonpath={.data.OIDC_CLIENT_SECRET} | base64 --decode)
-
-# Configures backup with clusters and locations
-pxbackupctl login -s http://$pubIP:$backupPort -u admin -p admin
-pxbackupctl create cloudcredential --aws-access-key $AWS_ACCESS_KEY --aws-secret-key $AWS_SECRET_KEY -e $BACKUP_POD_IP:10002 --orgID default -n s3 -p aws
-sleep 5
-cloud_credential_uid=$(pxbackupctl get cloudcredential -e $BACKUP_POD_IP:10002 --orgID default -o json | jq -cr '.[0].metadata.uid') 
-pxbackupctl create backuplocation --cloud-credential-name s3 --cloud-credential-Uid $cloud_credential_uid -n aws -p s3 --s3-endpoint https://s3.$aws_region.amazonaws.com --path $BACKUP_BUCKET --s3-region $aws_region -e $BACKUP_POD_IP:10002 --orgID default
-pxbackupctl create schedulepolicy --interval-minutes 15 --interval-retain 12 --name 15min-schedule -e $BACKUP_POD_IP:10002 --orgID default
-sleep 5
-ssh master-2 cat /root/.kube/config > /cluster-2-kube-config
-ssh master-3 cat /root/.kube/config > /cluster-3-kube-config
-pxbackupctl create cluster --name cluster-1 -k /root/.kube/.config -e $BACKUP_POD_IP:10002 --orgID default
-pxbackupctl create cluster --name cluster-2 -k /cluster-2-kube-config -e $BACKUP_POD_IP:10002 --orgID default
-pxbackupctl create cluster --name cluster-3 -k /cluster-3-kube-config -e $BACKUP_POD_IP:10002 --orgID default
-
-# Patches Prometheus operator to allow multiple instances to run
-kubectl patch deployment prometheus-operator -n kube-system  --type=json -p='[{"op": "add", "path": "/spec/template/spec/containers/0/args/-", "value": "-namespaces=kube-system" }]'
+ADMIN_PW=$(kubectl get secret pxcentral-keycloak-http -n central -o jsonpath="{.data.password}" | base64 --decode)
+
+if [ "$platform" = ocp4 ]; then
+
+# create ocp route for backup UI
+cat <<EOF | kubectl apply -f -
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: px-backup-ui
+  namespace: central
+spec:
+  to:
+    kind: Service
+    name: px-backup-ui
+    weight: 100
+  port:
+    targetPort: http
+  wildcardPolicy: None
+EOF
+
+# create ocp route for central UI
+cat <<EOF | kubectl apply -f -
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: px-central-ui
+  namespace: central
+spec:
+  to:
+    kind: Service
+    name: px-central-ui
+    weight: 100
+  port:
+    targetPort: http
+  wildcardPolicy: None
+EOF
+
+  # expose px-backup service to run pxbackupctl
+  kubectl patch svc px-backup -n central -p '{"spec":{"type":"LoadBalancer"}}'
+  backupIP=$(kubectl get svc px-backup -n central -o json | jq -r ".status.loadBalancer.ingress[0].hostname")
+
+  while [ $backupIP = "null" ]; do
+    sleep 2
+    echo "PX Backup grpc LB not assigned"
+    backupIP=$(kubectl get svc px-backup -n central -o json | jq -r ".status.loadBalancer.ingress[0].hostname")
+  done
+  echo "PX Backup grpc LB assigned: $backupIP"
+
+  backupPort=10002
+  authIP=$(kubectl get route px-central-ui -n central -o json |jq -r ".status.ingress[0].host")
+  authPort=80
+  PXB_URL=$(kubectl get route px-backup-ui -n central -o json |jq -r ".status.ingress[0].host")
+
+else  # platform is k8s on aws
+
+  IMDSTOKEN=$(curl -s -X PUT 'http://169.254.169.254/latest/api/token' -H 'X-aws-ec2-metadata-token-ttl-seconds: 120')
+  backupIP=$(curl -H "X-aws-ec2-metadata-token: $IMDSTOKEN" -s http://169.254.169.254/latest/meta-data/public-ipv4)
+  authIP=$backupIP
+  authPort=$(kubectl get svc px-central-ui -n central -o=jsonpath='{.spec.ports[?(@.port==80)].nodePort}')
+
+#expose px-backup api grpc endpoint
+kubectl apply -f - <<EOF
+apiVersion: v1
+kind: Service
+metadata:
+  name: px-backup-api-grpc
+  namespace: central
+spec:
+  ports:
+  - name: grpc
+    port: 10002
+    protocol: TCP
+    targetPort: 10002
+  selector:
+    app: px-backup
+  type: NodePort
+EOF
+  backupPort=$(kubectl get svc px-backup-api-grpc -n central -o=jsonpath='{.spec.ports[?(@.port==10002)].nodePort}')
+  PXB_URL=$(kubectl get svc px-backup-ui -n central -o=jsonpath='{.status.loadBalancer.ingress[0].hostname}')
+fi
+
+px pxb init config  --px-backup-api-url http://$backupIP:$backupPort --pxcentral-auth-url http://$authIP:$authPort
+px pxb set config --pxcentral-verify-ssl false
+px pxb login --username admin --password $ADMIN_PW
+
+while ! px pxb version; do
+        echo "waiting for grpc availability"
+        sleep 2
+done
+
+px pxb create cloudcredential --name aws-credential --provider aws --aws-access-key $AWS_ACCESS_KEY --aws-secret-key $AWS_SECRET_KEY
+px pxb create backuplocation --name s3 --provider s3 --path $BACKUP_BUCKET --cloud-credential-name aws-credential --s3-endpoint s3.amazonaws.com --s3-region $aws_region
+px pxb create schedulepolicy --name 15min-schedule --interval-minutes 15 --interval-retain 12
+
+px pxb connect cluster --name cluster-1 --kubeconfig /root/.kube/config
+
+for i in $(seq 2 $clusters); do
+  ssh master-$i cat /root/.kube/config > /tmp/cluster-$i-kube-config
+  px pxb connect cluster --name cluster-$i --kubeconfig /tmp/cluster-$i-kube-config
+done
+
+if [ "$platform" != ocp4 ]; then
+  # Patches Prometheus operator to allow multiple instances to run
+  kubectl patch deployment prometheus-operator -n kube-system  --type=json -p='[{"op": "add", "path": "/spec/template/spec/containers/0/args/-", "value": "-namespaces=kube-system" }]'
+
 ssh master-2 <<EOF
 kubectl patch deployment prometheus-operator -n kube-system  --type=json -p='[{"op": "add", "path": "/spec/template/spec/containers/0/args/-", "value": "-namespaces=kube-system" }]'
 EOF
+
 ssh master-3 << EOF
 kubectl patch deployment prometheus-operator -n kube-system  --type=json -p='[{"op": "add", "path": "/spec/template/spec/containers/0/args/-", "value": "-namespaces=kube-system" }]'
 EOF
 
+fi
+
 cat <<EOF >> /etc/motd
 +================================================+
 SAVE THE FOLLOWING DETAILS FOR FUTURE REFERENCES
 +================================================+
-PX-Central User Interface Access URL : http://$pubIP:$backupPort
+PX-Central User Interface Access URL : http://$PXB_URL
 PX-Central admin user name: admin
-PX-Central admin user password: admin
+PX-Central admin user password: $ADMIN_PW
 +================================================+
 EOF
 

scripts/install-px

@@ -143,6 +143,12 @@ done
 
 kubectl apply -f /tmp/px.yml
 
+# Install px cli
+curl -L -o /tmp/pxcli.tgz https://mirrors.portworx.com/packages/px-cli/latest/px-v1.0.0.linux.amd64.tar.gz
+tar -xzf /tmp/pxcli.tgz  -C /tmp/
+chmod +x /tmp/px/bin/px* 
+cp /tmp/px/bin/* /usr/local/bin/
+
 # Install pxctl.sh
 cp /assets/pxctl.sh /usr/bin/pxctl
 chmod 755 /usr/bin/pxctl

templates/ocp-backup.yml

@@ -0,0 +1,14 @@
+description: Two Cluster OCP with Backup & AsyncDR on a aws vm
+scripts: ["install-awscli","install-px", "licenses"]
+aws_type: "m6i.xlarge"
+platform: "ocp4"
+cloud: "aws"
+clusters: 2
+nodes: 5
+cluster:
+  - id: 1
+    scripts: ["helm-backup", "helm-backup-apps"]
+  - id: 2
+    scripts: ["clusterpair"]
+env:
+  cloud_drive: "type%3Dgp2%2Csize%3D150"

templates/ocp-kubevirt.yml

@@ -9,7 +9,7 @@ cloud: "aws"
 clusters: 2
 cluster:
   - id: 1
-    scripts: [ "kubevirt-apps", "helm-backup", "helm-backup-ocp4-kubevirt"]
+    scripts: [ "kubevirt-apps", "helm-backup", "helm-backup-apps"]
   - id: 2
     scripts: ["clusterpair"]
 env: