$ tar xvf rosa-linux.tar.gz
×
Getting started with the rosa CLI
Setup and basic usage of the rosa CLI.
About the rosa CLI
Use the rosa command-line utility for Red Hat OpenShift Service on AWS (ROSA) to create, update, manage, and delete Red Hat OpenShift Service on AWS clusters and resources.
Setting up the rosa CLI
Use the following steps to install and configure the Red Hat OpenShift Service on AWS (ROSA) CLI (rosa) on your installation host.
Procedure
-
Download the latest version of the
rosaCLI for your operating system from the Downloads page on OpenShift Cluster Manager. -
Extract the
rosabinary file from the downloaded archive. The following example extracts the binary from a Linux tar archive: -
Add
rosato your path. In the following example, the/usr/local/bindirectory is included in the path of the user:$ sudo mv rosa /usr/local/bin/rosa -
Verify if the
rosaCLI tool is installed correctly by querying therosaversion:$ rosa versionExample output1.2.6 -
Optional: Enable tab completion for the
rosaCLI. With tab completion enabled, you can press theTabkey twice to automatically complete subcommands and receive command suggestions:-
To enable persistent tab completion for Bash on a Linux host:
-
Generate a
rosatab completion configuration file for Bash and save it to your/etc/bash_completion.d/directory:# rosa completion bash > /etc/bash_completion.d/rosa -
Open a new terminal to activate the configuration.
-
-
To enable persistent tab completion for Bash on a macOS host:
-
Generate a
rosatab completion configuration file for Bash and save it to your/usr/local/etc/bash_completion.d/directory:$ rosa completion bash > /usr/local/etc/bash_completion.d/rosa -
Open a new terminal to activate the configuration.
-
-
To enable persistent tab completion for Zsh:
-
If tab completion is not enabled for your Zsh environment, enable it by running the following command:
$ echo "autoload -U compinit; compinit" >> ~/.zshrc -
Generate a
rosatab completion configuration file for Zsh and save it to the first directory in your functions path:$ rosa completion zsh > "${fpath[1]}/_rosa" -
Open a new terminal to activate the configuration.
-
-
To enable persistent tab completion for fish:
-
Generate a
rosatab completion configuration file for fish and save it to your~/.config/fish/completions/directory:$ rosa completion fish > ~/.config/fish/completions/rosa.fish -
Open a new terminal to activate the configuration.
-
-
To enable persistent tab completion for PowerShell:
-
Generate a
rosatab completion configuration file for PowerShell and save it to a file namedrosa.ps1:PS> rosa completion powershell | Out-String | Invoke-Expression -
Source the
rosa.ps1file from your PowerShell profile.
-
For more information about configuring
rosatab completion, see the help menu by runningrosa completion --help. -
Configuring the rosa CLI
Use the following commands to configure the rosa CLI.
login
Log in to your Red Hat account, saving the credentials to the rosa configuration file. You must provide a token when logging in. You can copy your token from the Red Hat OpenShift Service on AWS token page.
The rosa CLI looks for a token in the following priority order:
-
Command-line arguments
-
The
ROSA_TOKENenvironment variable -
The
rosaconfiguration file -
Interactively from a command-line prompt
Syntax
$ rosa login [arguments]| Option | Definition |
|---|---|
--client-id |
The OpenID client identifier (string). Default: |
--client-secret |
The OpenID client secret (string). |
--insecure |
Enables insecure communication with the server. This disables verification of TLS certificates and host names. |
--scope |
The OpenID scope (string). If this option is used, it replaces the default scopes. This can be repeated multiple times to specify multiple scopes. Default: |
--token |
Accesses or refreshes the token (string). |
--token-url |
The OpenID token URL (string). Default: |
| Option | Definition |
|---|---|
--help |
Shows help for this command. |
--debug |
Enables debug mode. |
--profile |
Specifies an AWS profile (string) from your credentials file. |
--v <level> |
The log level for V logs. |
logout
Log out of rosa. Logging out also removes the rosa configuration file.
Syntax
$ rosa logout [arguments]| Option | Definition |
|---|---|
--help |
Shows help for this command. |
--debug |
Enables debug mode. |
--profile |
Specifies an AWS profile (string) from your credentials file. |
--v <level> |
The log level for V logs. |
verify permissions
Verify that the AWS permissions required to create a ROSA cluster are configured correctly:
Syntax
$ rosa verify permissions [arguments]|
This command verifies permissions only for clusters that do not use the AWS Security Token Service (STS). |
| Option | Definition |
|---|---|
--help |
Shows help for this command. |
--debug |
Enables debug mode. |
--region |
The AWS region (string) in which to run the command. This value overrides the |
--profile |
Specifies an AWS profile (string) from your credentials file. |
--v <level> |
The log level for V logs. |
Examples
Verify that the AWS permissions are configured correctly:
$ rosa verify permissionsVerify that the AWS permissions are configured correctly in a specific region:
$ rosa verify permissions --region=us-west-2verify quota
Verifies that AWS quotas are configured correctly for your default region.
Syntax
$ rosa verify quota [arguments]| Option | Definition |
|---|---|
--help |
Shows help for this command. |
--debug |
Enables debug mode. |
--region |
The AWS region (string) in which to run the command. This value overrides the |
--profile |
Specifies an AWS profile (string) from your credentials file. |
--v <level> |
The log level for V logs. |
Examples
Verify that the AWS quotas are configured correctly for the default region:
$ rosa verify quotaVerify that the AWS quotas are configured correctly in a specific region:
$ rosa verify quota --region=us-west-2download oc
Download the latest compatible version of the OpenShift Container Platform CLI (oc).
After downloading oc, you must unzip the archive and add it to your path.
Syntax
$ rosa download oc [arguments]| Option | Definition |
|---|---|
--help |
Shows help for this command. |
--debug |
Enables debug mode. |
--profile |
Specifies an AWS profile (string) from your credentials file. |
--v <level> |
The log level for V logs. |
Example
Download oc client tools:
$ rosa download ocverify oc
Verifies that the OpenShift Container Platform CLI (oc) is installed correctly.
Syntax
$ rosa verify oc [arguments]| Option | Definition |
|---|---|
--help |
Shows help for this command. |
--debug |
Enables debug mode. |
--region |
The AWS region (string) in which to run the command. This value overrides the AWS_REGION environment variable. |
--profile |
Specifies an AWS profile (string) from your credentials file. |
--v <level> |
The log level for V logs. |
Example
Verify oc client tools:
$ rosa verify ocInitializing Red Hat OpenShift Service on AWS
Use the init command to initialize Red Hat OpenShift Service on AWS (ROSA) only if you are using non-STS.
init
Perform a series of checks to verify that you are ready to deploy an Red Hat OpenShift Service on AWS cluster.
The list of checks includes the following:
-
Checks to see that you have logged in (see
login) -
Checks that your AWS credentials are valid
-
Checks that your AWS permissions are valid (see
verify permissions) -
Checks that your AWS quota levels are high enough (see
verify quota) -
Runs a cluster simulation to ensure cluster creation will perform as expected
-
Checks that the
osdCcsAdminuser has been created in your AWS account -
Checks that the OpenShift Container Platform command-line tool is available on your system
Syntax
$ rosa init [arguments]| Option | Definition |
|---|---|
--region |
The AWS region (string) in which to verify quota and permissions. This value overrides the |
--delete |
Deletes the stack template that is applied to your AWS account during the |
--client-id |
The OpenID client identifier (string). Default: |
--client-secret |
The OpenID client secret (string). |
--insecure |
Enables insecure communication with the server. This disables verification of TLS certificates and host names. |
--scope |
The OpenID scope (string). If this option is used, it completely replaces the default scopes. This can be repeated multiple times to specify multiple scopes. Default: |
--token |
Accesses or refreshes the token (string). |
--token-url |
The OpenID token URL (string). Default: |
| Option | Definition |
|---|---|
--help |
Shows help for this command. |
--debug |
Enables debug mode. |
--profile |
Specifies an AWS profile (string) from your credentials file. |
--v <level> |
The log level for V logs. |
Examples
Configure your AWS account to allow ROSA clusters:
$ rosa initConfigure a new AWS account using pre-existing OpenShift Cluster Manager credentials:
$ rosa init --token=$OFFLINE_ACCESS_TOKENUsing a Bash script
This is an example workflow of how to use a Bash script with the rosa CLI.
Prerequisites
Make sure that AWS credentials are available as one of the following options:
-
AWS profile
-
Environment variables (
AWS_ACCESS_KEY_ID,AWS_SECRET_ACCESS_KEY)
Procedure
-
Initialize
rosausing an Red Hat OpenShift Cluster Manager offline token from Red Hat:$ rosa init --token=<token> -
Create the Red Hat OpenShift Service on AWS (ROSA) cluster:
$ rosa create cluster --cluster-name=<cluster_name> -
Add an identity provider (IDP):
$ rosa create idp --cluster=<cluster_name> --type=<identity_provider> [arguments] -
Add a
dedicated-adminuser:$ rosa grant user dedicated-admin --user=<idp_user_name> --cluster=<cluster_name>