gabrielgrant · May 17, 2019 18:51
diff --git a/OCPify-manifest.sh b/OCPify-manifest.sh
 #! /bin/bash

 set -e

 usage() {
    echo "
 Usage:
  $0 <base NodePort> BASE_MANIFEST

 Takes BASE_MANIFEST (which should be the JSON result of
 running \"pachctl deploy custom ... --dry-run\") and transforms it
 to be compatible with OpenShift.

 Two manifests are output:

 - output_manifest_admin.json sets up a [Cluster]Role, [Cluster]RoleBinding, and ServiceAccount
 - output_manifest.json contains the rest of the components to deploy Pachyderm


 base NodePort        default is 6 (ie use ports 30650-30654). You should
                     only need to change this if you are deployming
                     multiple instances of Pachyderm. Must be 0-9
 " >&2


 TODO="Options:
  -l, --local-role   Use a (local) Role and RoleBinding, rather than
                     ClusterRole and ClusterRoleBinding (the defaults).
                     This will disable usage of scaling based on
                     \"coeficient\", as pachd will not be able to
                     access the list of the Kubernetes (OpenShift) nodes
 "
 }



 export BASE_NODEPORT=6

 # if there are two args, check validity of base NodePort
 if [ "$#" -eq 2 ] ; then
    re='^[0-9]$'
    if ! [[ $1 =~ $re ]] ; then
        echo
        echo "Error: base NodePort argument must be a single digit (0-9); you provided \"$1\"" >&2
        usage
        exit 1
    fi
    export BASE_NODEPORT=$1
    BASE_MANIFEST=$2
 elif [ "$#" -eq 1 ] ; then
    export BASE_NODEPORT='6'  # default
    BASE_MANIFEST=$1
 else
    echo "Error: 1 or 2 arguments expected (you provided $#)" >&2
    usage
    exit 1
 fi

 # check $BASE_MANIFEST exists
 if [[ ! -f $BASE_MANIFEST ]]; then
    echo "Error: Specified BASE_MANIFEST does not exist (\"$BASE_MANIFEST\")" >&2
    usage
    exit 1
 fi

 OUTPUT_DIR=$(dirname "$BASE_MANIFEST")

 MAIN_OUTPUT_MANIFEST="${OUTPUT_DIR}/manifest.json"
 ADMIN_OUTPUT_MANIFEST="${OUTPUT_DIR}/admin_manifest.json"

 echo "OCPifying \"$BASE_MANIFEST\" using base NodePort $BASE_NODEPORT"

 set -x
 # -- Switch between generate mode or debug mode

 #OUTPUT_CMD="jq -S . | diff $BASE_MANIFEST - | less"
 OUTPUT_CMD="sponge $MAIN_OUTPUT_MANIFEST"  # comment out this line to see the result of each filter interactively


 cp $BASE_MANIFEST $MAIN_OUTPUT_MANIFEST


 # -- Apply manifest filters


 # disable usage of the docker socket (in pachd container template, within pachd Deployment)

 jq 'select(.kind == "Deployment" and .metadata.name == "pachd").spec.template.spec.containers[] |= (select(.name == "pachd").env[] |= (select(.name == "NO_EXPOSE_DOCKER_SOCKET").value = "true"))' < $MAIN_OUTPUT_MANIFEST | bash -c "$OUTPUT_CMD"


 # change service port numbers:
 #  - prefixes "1" onto the default "port" values, since containers can't bind on priviledged ports
 #  - adds the provided "base nodePort" (default 6), so multiple instances can be deployed side-by-side

 PACHD_SERVICE_SPEC_PORTS=`envsubst <<< '[
  {
    "name": "api-grpc-port",
    "port": 1650,
    "targetPort": 0,
    "nodePort": 30${BASE_NODEPORT}50
  },
  {
    "name": "trace-port",
    "port": 1651,
    "targetPort": 0,
    "nodePort": 30${BASE_NODEPORT}51
  },
  {
    "name": "api-http-port",
    "port": 1652,
    "targetPort": 0,
    "nodePort": 30${BASE_NODEPORT}52
  },
  {
    "name": "saml-port",
    "port": 1654,
    "targetPort": 0,
    "nodePort": 30${BASE_NODEPORT}54
  },
  {
    "name": "api-git-port",
    "port": 1999,
    "targetPort": 0,
    "nodePort": 30${BASE_NODEPORT}99
  }
 ]'`



 jq -S  'select(.kind == "Service" and .metadata.name == "pachd").spec.ports = $PACHD_SERVICE_SPEC_PORTS' --argjson PACHD_SERVICE_SPEC_PORTS "$PACHD_SERVICE_SPEC_PORTS" < $MAIN_OUTPUT_MANIFEST | bash -c "$OUTPUT_CMD"


 # change  container port numbers

 PACHD_DEPLOYMENT_CONTAINER_PORTS='[
  {
    "containerPort": 1650,
    "name": "api-grpc-port",
    "protocol": "TCP"
  },
  {
    "containerPort": 1651,
    "name": "trace-port"
  },
  {
    "containerPort": 1652,
    "name": "api-http-port",
    "protocol": "TCP"
  },
  {
    "containerPort": 1653,
    "name": "peer-port",
    "protocol": "TCP"
  },
  {
    "containerPort": 1999,
    "name": "api-git-port",
    "protocol": "TCP"
  },
  {
    "containerPort": 1654,
    "name": "saml-port",
    "protocol": "TCP"
  }
 ]'



 jq -S  'select(.kind == "Deployment" and .metadata.name == "pachd").spec.template.spec.containers[] |= (select(.name == "pachd").ports = $PACHD_DEPLOYMENT_CONTAINER_PORTS)' --argjson PACHD_DEPLOYMENT_CONTAINER_PORTS "$PACHD_DEPLOYMENT_CONTAINER_PORTS" < $MAIN_OUTPUT_MANIFEST | bash -c "$OUTPUT_CMD"



 # add port env vars

 PACHD_DEPLOYMENT_CONTAINER_PORTS_ENVVARS='[
  {
    "name": "PORT",
    "value": "1650"
  },
  {
    "name": "PPROF_PORT",
    "value": "1651"
  },
  {
    "name": "HTTP_PORT",
    "value": "1652"
  },
  {
    "name": "PEER_PORT",
    "value": "1653"
  },
  {
    "name": "PPS_WORKER_GRPC_PORT",
    "value": "1680"
  }
 ]'

 jq -S  'select(.kind == "Deployment" and .metadata.name == "pachd").spec.template.spec.containers[] |= (select(.name == "pachd").env += $PACHD_DEPLOYMENT_CONTAINER_PORTS_ENVVARS )' --argjson PACHD_DEPLOYMENT_CONTAINER_PORTS_ENVVARS "$PACHD_DEPLOYMENT_CONTAINER_PORTS_ENVVARS" < $MAIN_OUTPUT_MANIFEST | bash -c "$OUTPUT_CMD"

 # tell pachd to generate Pipeline RC manifests that don't use root

 DISABLE_ROOT_ENV_VAR='[{
  "name": "WORKER_USES_ROOT",
  "value": "false"
 }]'

 jq -S 'select(.kind == "Deployment" and .metadata.name == "pachd").spec.template.spec.containers[] |= (select(.name == "pachd").env += $DISABLE_ROOT_ENV_VAR)' --argjson DISABLE_ROOT_ENV_VAR "$DISABLE_ROOT_ENV_VAR" < $MAIN_OUTPUT_MANIFEST | bash -c "$OUTPUT_CMD"

 # remove PV

 jq -S  'select(.kind != "PersistentVolume")' < $MAIN_OUTPUT_MANIFEST | bash -c "$OUTPUT_CMD"

 # rename PVC

 jq -S  'select(.kind == "PersistentVolumeClaim").spec.volumeName=$ETCD_PV_NAME' --arg ETCD_PV_NAME "$ETCD_PV_NAME" < $MAIN_OUTPUT_MANIFEST | bash -c "$OUTPUT_CMD"


 # remove dash service

 jq -S  'select(.kind != "Service" or .metadata.name != "dash")' < $MAIN_OUTPUT_MANIFEST | bash -c "$OUTPUT_CMD"

 # remove dash deployment

 jq -S  'select(.kind != "Deployment" or .metadata.name != "dash")' < $MAIN_OUTPUT_MANIFEST | bash -c "$OUTPUT_CMD"

 # filter ClusterRole, ClusterRoleBinding, and ServiceAccount into admin-manifest.json


 jq -S  'select(.kind == "ClusterRole" or .kind == "ClusterRoleBinding" or .kind == "ServiceAccount")' < $MAIN_OUTPUT_MANIFEST > $ADMIN_OUTPUT_MANIFEST

 jq -S  'select(.kind != "ClusterRole" and .kind != "ClusterRoleBinding" and .kind != "ServiceAccount")' < $MAIN_OUTPUT_MANIFEST | bash -c "$OUTPUT_CMD"

 set +x

 echo
 echo "Successfully converted manifests"
 echo "Output to $MAIN_OUTPUT_MANIFEST and $ADMIN_OUTPUT_MANIFEST"
 echo
	#! /bin/bash

	set -e

	usage() {
	echo "
	Usage:
	$0 <base NodePort> BASE_MANIFEST

	Takes BASE_MANIFEST (which should be the JSON result of
	running \"pachctl deploy custom ... --dry-run\") and transforms it
	to be compatible with OpenShift.

	Two manifests are output:

	- output_manifest_admin.json sets up a [Cluster]Role, [Cluster]RoleBinding, and ServiceAccount
	- output_manifest.json contains the rest of the components to deploy Pachyderm


	base NodePort default is 6 (ie use ports 30650-30654). You should
	only need to change this if you are deployming
	multiple instances of Pachyderm. Must be 0-9
	" >&2


	TODO="Options:
	-l, --local-role Use a (local) Role and RoleBinding, rather than
	ClusterRole and ClusterRoleBinding (the defaults).
	This will disable usage of scaling based on
	\"coeficient\", as pachd will not be able to
	access the list of the Kubernetes (OpenShift) nodes
	"
	}



	export BASE_NODEPORT=6

	# if there are two args, check validity of base NodePort
	if [ "$#" -eq 2 ] ; then
	re='^[0-9]$'
	if ! [[ $1 =~ $re ]] ; then
	echo
	echo "Error: base NodePort argument must be a single digit (0-9); you provided \"$1\"" >&2
	usage
	exit 1
	fi
	export BASE_NODEPORT=$1
	BASE_MANIFEST=$2
	elif [ "$#" -eq 1 ] ; then
	export BASE_NODEPORT='6' # default
	BASE_MANIFEST=$1
	else
	echo "Error: 1 or 2 arguments expected (you provided $#)" >&2
	usage
	exit 1
	fi

	# check $BASE_MANIFEST exists
	if [[ ! -f $BASE_MANIFEST ]]; then
	echo "Error: Specified BASE_MANIFEST does not exist (\"$BASE_MANIFEST\")" >&2
	usage
	exit 1
	fi

	OUTPUT_DIR=$(dirname "$BASE_MANIFEST")

	MAIN_OUTPUT_MANIFEST="${OUTPUT_DIR}/manifest.json"
	ADMIN_OUTPUT_MANIFEST="${OUTPUT_DIR}/admin_manifest.json"

	echo "OCPifying \"$BASE_MANIFEST\" using base NodePort $BASE_NODEPORT"

	set -x
	# -- Switch between generate mode or debug mode

	#OUTPUT_CMD="jq -S . \| diff $BASE_MANIFEST - \| less"
	OUTPUT_CMD="sponge $MAIN_OUTPUT_MANIFEST" # comment out this line to see the result of each filter interactively


	cp $BASE_MANIFEST $MAIN_OUTPUT_MANIFEST


	# -- Apply manifest filters


	# disable usage of the docker socket (in pachd container template, within pachd Deployment)

	jq 'select(.kind == "Deployment" and .metadata.name == "pachd").spec.template.spec.containers[] \|= (select(.name == "pachd").env[] \|= (select(.name == "NO_EXPOSE_DOCKER_SOCKET").value = "true"))' < $MAIN_OUTPUT_MANIFEST \| bash -c "$OUTPUT_CMD"


	# change service port numbers:
	# - prefixes "1" onto the default "port" values, since containers can't bind on priviledged ports
	# - adds the provided "base nodePort" (default 6), so multiple instances can be deployed side-by-side

	PACHD_SERVICE_SPEC_PORTS=`envsubst <<< '[
	{
	"name": "api-grpc-port",
	"port": 1650,
	"targetPort": 0,
	"nodePort": 30${BASE_NODEPORT}50
	},
	{
	"name": "trace-port",
	"port": 1651,
	"targetPort": 0,
	"nodePort": 30${BASE_NODEPORT}51
	},
	{
	"name": "api-http-port",
	"port": 1652,
	"targetPort": 0,
	"nodePort": 30${BASE_NODEPORT}52
	},
	{
	"name": "saml-port",
	"port": 1654,
	"targetPort": 0,
	"nodePort": 30${BASE_NODEPORT}54
	},
	{
	"name": "api-git-port",
	"port": 1999,
	"targetPort": 0,
	"nodePort": 30${BASE_NODEPORT}99
	}
	]'`



	jq -S 'select(.kind == "Service" and .metadata.name == "pachd").spec.ports = $PACHD_SERVICE_SPEC_PORTS' --argjson PACHD_SERVICE_SPEC_PORTS "$PACHD_SERVICE_SPEC_PORTS" < $MAIN_OUTPUT_MANIFEST \| bash -c "$OUTPUT_CMD"


	# change container port numbers

	PACHD_DEPLOYMENT_CONTAINER_PORTS='[
	{
	"containerPort": 1650,
	"name": "api-grpc-port",
	"protocol": "TCP"
	},
	{
	"containerPort": 1651,
	"name": "trace-port"
	},
	{
	"containerPort": 1652,
	"name": "api-http-port",
	"protocol": "TCP"
	},
	{
	"containerPort": 1653,
	"name": "peer-port",
	"protocol": "TCP"
	},
	{
	"containerPort": 1999,
	"name": "api-git-port",
	"protocol": "TCP"
	},
	{
	"containerPort": 1654,
	"name": "saml-port",
	"protocol": "TCP"
	}
	]'



	jq -S 'select(.kind == "Deployment" and .metadata.name == "pachd").spec.template.spec.containers[] \|= (select(.name == "pachd").ports = $PACHD_DEPLOYMENT_CONTAINER_PORTS)' --argjson PACHD_DEPLOYMENT_CONTAINER_PORTS "$PACHD_DEPLOYMENT_CONTAINER_PORTS" < $MAIN_OUTPUT_MANIFEST \| bash -c "$OUTPUT_CMD"



	# add port env vars

	PACHD_DEPLOYMENT_CONTAINER_PORTS_ENVVARS='[
	{
	"name": "PORT",
	"value": "1650"
	},
	{
	"name": "PPROF_PORT",
	"value": "1651"
	},
	{
	"name": "HTTP_PORT",
	"value": "1652"
	},
	{
	"name": "PEER_PORT",
	"value": "1653"
	},
	{
	"name": "PPS_WORKER_GRPC_PORT",
	"value": "1680"
	}
	]'

	jq -S 'select(.kind == "Deployment" and .metadata.name == "pachd").spec.template.spec.containers[] \|= (select(.name == "pachd").env += $PACHD_DEPLOYMENT_CONTAINER_PORTS_ENVVARS )' --argjson PACHD_DEPLOYMENT_CONTAINER_PORTS_ENVVARS "$PACHD_DEPLOYMENT_CONTAINER_PORTS_ENVVARS" < $MAIN_OUTPUT_MANIFEST \| bash -c "$OUTPUT_CMD"

	# tell pachd to generate Pipeline RC manifests that don't use root

	DISABLE_ROOT_ENV_VAR='[{
	"name": "WORKER_USES_ROOT",
	"value": "false"
	}]'

	jq -S 'select(.kind == "Deployment" and .metadata.name == "pachd").spec.template.spec.containers[] \|= (select(.name == "pachd").env += $DISABLE_ROOT_ENV_VAR)' --argjson DISABLE_ROOT_ENV_VAR "$DISABLE_ROOT_ENV_VAR" < $MAIN_OUTPUT_MANIFEST \| bash -c "$OUTPUT_CMD"

	# remove PV

	jq -S 'select(.kind != "PersistentVolume")' < $MAIN_OUTPUT_MANIFEST \| bash -c "$OUTPUT_CMD"

	# rename PVC

	jq -S 'select(.kind == "PersistentVolumeClaim").spec.volumeName=$ETCD_PV_NAME' --arg ETCD_PV_NAME "$ETCD_PV_NAME" < $MAIN_OUTPUT_MANIFEST \| bash -c "$OUTPUT_CMD"


	# remove dash service

	jq -S 'select(.kind != "Service" or .metadata.name != "dash")' < $MAIN_OUTPUT_MANIFEST \| bash -c "$OUTPUT_CMD"

	# remove dash deployment

	jq -S 'select(.kind != "Deployment" or .metadata.name != "dash")' < $MAIN_OUTPUT_MANIFEST \| bash -c "$OUTPUT_CMD"

	# filter ClusterRole, ClusterRoleBinding, and ServiceAccount into admin-manifest.json


	jq -S 'select(.kind == "ClusterRole" or .kind == "ClusterRoleBinding" or .kind == "ServiceAccount")' < $MAIN_OUTPUT_MANIFEST > $ADMIN_OUTPUT_MANIFEST

	jq -S 'select(.kind != "ClusterRole" and .kind != "ClusterRoleBinding" and .kind != "ServiceAccount")' < $MAIN_OUTPUT_MANIFEST \| bash -c "$OUTPUT_CMD"

	set +x

	echo
	echo "Successfully converted manifests"
	echo "Output to $MAIN_OUTPUT_MANIFEST and $ADMIN_OUTPUT_MANIFEST"
	echo