This project contains the rosa command line tool that simplifies the use of Red Hat OpenShift Service on AWS, also known as ROSA.
Refer to the official ROSA documentation: https://access.redhat.com/products/red-hat-openshift-service-aws
- Follow the AWS Command Line Interface documentation to install and configure the AWS CLI for your operating system.
- Download the latest release of rosa and add it to your path.
- Initialize your AWS account by running
rosa initand following the instructions. - Create your first ROSA cluster by running
rosa create cluster --interactive
If you'd like to build this project from source use the following steps:
- Clone the repository
git clone https://github.com/openshift/rosa.git
cdto the checkout out source directory
cd rosa
- Install the binary
make install
NOTE: If you don't have $GOPATH/bin in your $PATH you need to add it or move rosa to a standard system directory eg. for Linux/OSX:
sudo mv $GOPATH/bin/rosa /usr/local/bin
If you don't want to build from sources you can retrieve the rosa binary from the latest image.
You can copy it to your local with this command:
podman run --pull=always --rm registry.ci.openshift.org/ci/rosa-aws-cli:latest cat /usr/bin/rosa > ~/rosa && chmod +x ~/rosa
Also you can test a binary created after a specific merged commit just using the commit hash as image tag:
podman run --pull=always --rm registry.ci.openshift.org/ci/rosa-aws-cli:f7925249718111e3e9b61e2df608a6ea9cf5b6ce cat /usr/bin/rosa > ~/rosa && chmod +x ~/rosa
NOTE: There is a side-effect of container image registry authentication which results in an auth error when your token is expired even when the image requires no authentication. In that case all you need to do is authenticate again:
$ oc registry login
info: Using registry public hostname registry.ci.openshift.org
Saved credentials for registry.ci.openshift.org
$ cat ~/.docker/config.json | jq '.auths["registry.ci.openshift.org"]'
{
"auth": "token"
}
The OCM_KEYRING environment variable provides the ability to store the ROSA
configuration containing your authentication tokens in your OS keyring. This is provided
as an alternative to storing the configuration in plain-text on your system.
OCM_KEYRING will override all other token or configuration related flags.
OCM_KEYRING supports the following keyrings:
- Windows Credential Manager -
wincred - macOS Keychain -
keychain - Secret Service (Gnome Keyring, KWallet, etc.) -
secret-service - Pass -
pass
To ensure OCM_KEYRING is provided to all rosa commands, it is recommended to set it in your ~/.bashrc file or equivalent.
| wincred | keychain | secret-service | pass | |
|---|---|---|---|---|
| Windows | ✔️ | ❌ | ❌ | ❌ |
| macOS | ❌ | ✔️ | ❌ | ✔️ |
| Linux | ❌ | ❌ | ✔️ | ✔️ |
We want to hear it. Open an issue against the repo and someone from the team will be in touch.