@@ -32,12 +32,10 @@ Once it is pulled it will start and be visible in the `docker ps` list of contai

     [vagrant@openshiftdev origin]$ sudo /data/src/github.com/openshift/origin/_output/local/bin/linux/amd64/openshift start &

     If running in https mode, ensure osc can authenticate to the master

-    [vagrant@openshiftdev origin]$ export KUBECONFIG=/data/src/github.com/openshift/origin/openshift.local.certificates/admin/.kubeconfig

+    [vagrant@openshiftdev origin]$ export KUBECONFIG=/data/src/github.com/openshift/origin/openshift.local.certificates/openshift-client/.kubeconfig

     [vagrant@openshiftdev origin]$ sudo chmod a+r "$KUBECONFIG"

-

-    If running in https mode, ensure install-router.sh can authenticate to the master

     [vagrant@openshiftdev origin]$ sudo chmod a+r openshift.local.certificates/openshift-client/key.key

-    [vagrant@openshiftdev origin]$ CERT_DIR=openshift.local.certificates/openshift-client hack/install-router.sh {router_id} {master_url}

+    [vagrant@openshiftdev origin]$ openshift ex router --create --credentials="${KUBECONFIG}"

     [vagrant@openshiftdev origin]$ osc get pods

 #### Clustered vagrant environment

@@ -46,7 +44,7 @@ Once it is pulled it will start and be visible in the `docker ps` list of contai

     $ export OPENSHIFT_DEV_CLUSTER=true

     $ vagrant up

     $ vagrant ssh master

-    [vagrant@openshift-master ~]$ hack/install-router.sh {router_id} {master_url}

+    [vagrant@openshift-master ~]$ openshift ex router --create --credentials="${KUBECONFIG}"

@@ -58,12 +56,14 @@ In order to run the router in a deployed environment the following conditions mu

 * The machine may or may not be registered with the master.  Optimally it will not serve pods while also serving as the router

 * The machine must not have services running on it that bind to host port 80 since this is what the router uses for traffic

-To install the router pod you use the `hack/install-router.sh` script, passing it the router id, master url, and, optionally,

-the OpenShift executable.  If the executable is not passed the script will try to find it via the `PATH`.  If the

-script is still unable to find the OpenShift executable then it will simply create the `/tmp/router.json` file and stop.

-It is then up to the user to issue the `osc create` command manually.

+To install the router pod you use the `openshift ex router` command line, passing the flags `--create` and `--credentials=<kubeconfig_file>`.

+The credentials flag controls the identity that the router will use to talk to the master (and the address of the master) so in most

+environments you can use the `${CERTS_DIR}/openshift-client/.kubeconfig` file. Once you run this command you can check the configuration

+of the router by running `osc get dc router` to check the deployment status.

+

+`openshift ex router` offers other options for deploying routers - run `openshift help ex router` for more details.

-### Manually   

+### Manually

 To run the router manually (outside of a pod) you should first build the images with instructions found below.  Then you

 can run the router anywhere that it can access both the pods and the master.  The router exposes port 80 so the host 

@@ -93,10 +93,10 @@ the present working directory is the same directory as this README.

     need to accept the server certificates and present its own client

     certificate. These are generated as part of the `openshift start`

     command in whatever the current directory is at the time. You will

-    need to point osc and curl at the appropriate .kubeconfig in order 

-    to connect to OpenShift. Assuming you are running as a user other 

-    than root, you will also need to make the .kubeconfig readable by 

-    that user. (Note: this is just for example purposes; in a real 

+    need to point osc and curl at the appropriate .kubeconfig in order

+    to connect to OpenShift. Assuming you are running as a user other

+    than root, you will also need to make the .kubeconfig readable by

+    that user. (Note: this is just for example purposes; in a real

     installation, users would generate their own keys and not have access

     to the system keys.)

@@ -285,7 +285,7 @@ Congratulations, you've successfully deployed and updated an application on Open

 Advanced

 ---------

-OpenShift also provides features that live outside the deployment life cycle like routing.  

+OpenShift also provides features that live outside the deployment life cycle like routing.

 1.  Your sample app has been created with a secure route which can be viewed by performing a `GET` on the route api object.

@@ -295,53 +295,47 @@ OpenShift also provides features that live outside the deployment life cycle lik

 2.  To use the route you must first install a router.  OpenShift provides an HAProxy router implementation that we'll use.

-To install the router you must know the ip address of the host the router will be deployed on (used later) and the api 

+To install the router you must know the ip address of the host the router will be deployed on (used later) and the api

 url the master is listening on.  The api url can be found in the logs, your ip address can be determined with `ip a`.  Replace

 the ip address shown below with the correct one for your environment.

-            # Optional: pre-pull the router image.  This will be pulled automatically when the pod is created but will 

-            # take some time.  Your pod will stay in Pending state while the pull is completed 

+            # Optional: pre-pull the router image.  This will be pulled automatically when the pod is created but will

+            # take some time.  Your pod will stay in Pending state while the pull is completed

             $ docker pull openshift/origin-haproxy-router

-            

-            $ pushd ../..

-            $ sudo chmod +r ./openshift.local.certificates/openshift-client/key.key

-            $ CERT_DIR=openshift.local.certificates/openshift-client hack/install-router.sh router https://10.0.2.15:8443

-              Creating router file and starting pod...

-              router

-            $ popd

+

+            $ openshift ex router --create --credentials="${KUBECONFIG}"

+              router # the service

+              router # the deployment config

 3.  Wait for the router to start.

-            $ osc get pods

-            POD                       IP                  CONTAINER(S)                   IMAGE(S)                          HOST                           LABELS                                                                                                             STATUS

-            docker-registry-1-fnd84   172.17.0.3          registry-container             openshift/docker-registry         openshiftdev.local/127.0.0.1   deployment=docker-registry-1,deploymentconfig=docker-registry,name=registrypod,template=docker-registry-template   Running

-            router                    172.17.0.10         origin-haproxy-router-router   openshift/origin-haproxy-router   openshiftdev.local/127.0.0.1   <none>                                                                                                             Running

+            $ osc describe dc router

+            # watch for the number of deployed pods to go to 1

 4.  *Optional:* View the logs of the router.

- 

-            $ osc log router

+            $ osc log router-1-<podrandom-suffix>

 5.  Curl the url, substituting the ip address shown for the correct value in your environment.

-            $ curl -s -k --resolve www.example.com:443:10.0.2.15 https://www.example.com 

-                ... removed for readability ... 

+            $ curl -s -k --resolve www.example.com:443:10.0.2.15 https://www.example.com

+                ... removed for readability ...

                 <title>Hello from OpenShift v3!</title>

                 ... removed for readability ...

-            

+

 7. *Optional*: View the certificate being used for the secure route.

-            

+

             $ openssl s_client -servername www.example.com -connect 10.0.2.15:443

             ... removed for readability ...

             subject=/CN=www.example.com/ST=SC/C=US/emailAddress=example@example.com/O=Example/OU=Example

             issuer=/C=US/ST=SC/L=Default City/O=Default Company Ltd/OU=Test CA/CN=www.exampleca.com/emailAddress=example@example.com

             ... removed for readability ...

             ^C

-            

+

 Additional Operations

deleted file mode 100755

@@ -1,87 +0,0 @@

-#!/bin/bash

-set -e

-

-# ID to be used as the k8s id and also appended to the container name. Defaults to router1

-ROUTER_ID="${1}"

-# Full address to connect to the master.

-MASTER_URL="${2}"

-# openshift executable - optional, will try to find it on the path if not specified

-OPENSHIFT="${3}"

-

-OS_ROOT=$(dirname "${BASH_SOURCE}")/..

-

-if [[ "${ROUTER_ID}" == "" ]]; then

-	echo "No router id provided, cannot create router..."

-	exit

-fi

-

-if [[ "${MASTER_URL}" == "" ]]; then

-	echo "No master url provided, cannot create router..."

-	exit

-fi

-if [[ "${MASTER_URL}" != "http"* ]]; then

-	echo "Master url must include protocol, e.g. https://localhost:8443"

-	exit

-fi

-

-if [[ "${OPENSHIFT}" == "" ]]; then

-    if [[ "$(which osc)" != "" ]]; then

-        OPENSHIFT=$(which osc)

-    fi

-fi

-

-OPENSHIFT_INSECURE="${OPENSHIFT_INSECURE:-false}"

-CERT_DIR="${CERT_DIR:-}"

-OPENSHIFT_CA_DATA="${OPENSHIFT_CA_DATA:-}"

-OPENSHIFT_CERT_DATA="${OPENSHIFT_CERT_DATA:-}"

-OPENSHIFT_KEY_DATA="${OPENSHIFT_KEY_DATA:-}"

-

-if [[ "${MASTER_URL}" == "https"* ]]; then

-	# Read client cert data in to send to containerized components

-	if [ -n "${CERT_DIR}" ]; then

-		OPENSHIFT_CA_DATA="$(cat "${CERT_DIR}/root.crt")"

-		OPENSHIFT_CERT_DATA="$(cat "${CERT_DIR}/cert.crt")"

-		OPENSHIFT_KEY_DATA="$(cat "${CERT_DIR}/key.key")"

-	fi

-

-	# I don't know how to do this inline with bash and it's logically a separate step we want to remove anyway

-	# TODO: remove this once services can provide root cert data to pods

-	# Escape cert data for json

-	OPENSHIFT_CA_DATA="${OPENSHIFT_CA_DATA//$'\n'/\\\\n}"

-	OPENSHIFT_CERT_DATA="${OPENSHIFT_CERT_DATA//$'\n'/\\\\n}"

-	OPENSHIFT_KEY_DATA="${OPENSHIFT_KEY_DATA//$'\n'/\\\\n}"

-

-

-	if [[ "$OPENSHIFT_CA_DATA" == "" ]]; then

-		echo "Running against an HTTPS master (${MASTER_URL}) without a trusted certificate bundle."

-		echo "Set \$CERT_DIR to the directory containing the root certificate bundle (root.crt), client certificate (cert.crt), and the client key (key.key) to start securely next time."

-		echo "Starting insecurely..."

-		OPENSHIFT_INSECURE=true

-	fi

-

-else

-	OPENSHIFT_INSECURE=""

-	OPENSHIFT_CA_DATA=""

-	OPENSHIFT_CERT_DATA=""

-	OPENSHIFT_KEY_DATA=""

-fi

-

-# update the template file

-echo "Creating router file and starting pod..."

-cp "${OS_ROOT}/images/router/haproxy/pod.json" /tmp/router.json

-sed -i "s|ROUTER_ID|${ROUTER_ID}|g" /tmp/router.json

-sed -i "s|\${OPENSHIFT_MASTER}|${MASTER_URL}|"       /tmp/router.json

-sed -i "s|\${OPENSHIFT_INSECURE}|${OPENSHIFT_INSECURE}|"   /tmp/router.json

-sed -i "s|\${OPENSHIFT_CA_DATA}|${OPENSHIFT_CA_DATA}|"     /tmp/router.json

-sed -i "s|\${OPENSHIFT_CERT_DATA}|${OPENSHIFT_CERT_DATA}|"     /tmp/router.json

-sed -i "s|\${OPENSHIFT_KEY_DATA}|${OPENSHIFT_KEY_DATA}|"     /tmp/router.json

-# TODO: provide security context to client inside router pod

-

-# create the pod if we can find openshift

-if [ "${OPENSHIFT}" == "" ]; then

-    echo "Unable to find openshift binary"

-    echo "/tmp/router.json has been created.  In order to start the router please run:"

-    echo "osc create -f /tmp/router.json"

-else

-    "${OPENSHIFT}" --server="${MASTER_URL}" create -f /tmp/router.json

-fi

@@ -234,16 +234,13 @@ echo "start-build: ok"

 osc describe build ${started} | grep openshift/ruby-20-centos$

 osc cancel-build "${started}" --dump-logs --restart

-echo "cancel-build: ok"

-

 # a build for which there is an upstream tag in the corresponding imagerepo, so

 # the build should use that specific tag of the image instead of the image field

 # as defined in the buildconfig

 started=$(osc start-build ruby-sample-build-validtag)

 osc describe build ${started} | grep openshift/ruby-20-centos:success$

 osc cancel-build "${started}" --dump-logs --restart

-

-osc get minions,pods

+echo "cancel-build: ok"

 openshift ex policy add-group cluster-admin system:unauthenticated

 openshift ex policy remove-group cluster-admin system:unauthenticated

@@ -259,4 +256,12 @@ openshift ex new-project ui-test-project --admin="anypassword:createuser"

 openshift ex policy add-user admin anypassword:adduser -n ui-test-project

 osc describe policybinding master -n ui-test-project | grep createuser

 osc describe policybinding master -n ui-test-project | grep adduser

-echo "UI project commands: ok"

+echo "ui-project-commands: ok"

+

+[ ! "$(openshift ex router | grep 'does not exist')"]

+[ "$(openshift ex router -o yaml --credentials="${KUBECONFIG}" | grep 'openshift/origin-haproxy-')" ]

+openshift ex router --create --credentials="${KUBECONFIG}"

+[ "$(openshift ex router | grep 'service exists')" ]

+echo "ex router: ok"

+

+osc get minions,pods

@@ -209,8 +209,12 @@ openshift ex new-project test --description="This is an example project to demon

 echo "The console should be available at ${API_SCHEME}://${PUBLIC_MASTER_HOST}:$(($API_PORT + 1)).	You may need to visit ${API_SCHEME}://${PUBLIC_MASTER_HOST}:${API_PORT} first to accept the certificate."

 echo "Log in as 'e2e-user' to see the 'test' project."

+# install the router

+echo "[INFO] Installing the router"

+openshift ex router --create --credentials="${KUBECONFIG}" --images="${USE_IMAGES}"

 # install the registry

+echo "[INFO] Installing the registry"

 CERT_DIR="${CERT_DIR}/openshift-client" hack/install-registry.sh

 echo "[INFO] Waiting for Docker registry pod to start"

@@ -262,16 +266,8 @@ wait_for_app "test"

 #wait_for_build "custom"

 #wait_for_app "custom"

-if [[ "$ROUTER_TESTS_ENABLED" == "true" ]]; then

-	echo "[INFO] Installing router with master url of ${API_SCHEME}://${CONTAINER_ACCESSIBLE_API_HOST}:${API_PORT} and starting pod..."

-	echo "[INFO] To disable router testing set ROUTER_TESTS_ENABLED=false..."

-	CERT_DIR="${CERT_DIR}/openshift-client" "${OS_ROOT}/hack/install-router.sh" "router1" "${API_SCHEME}://${CONTAINER_ACCESSIBLE_API_HOST}:${API_PORT}"

-	wait_for_command "osc get pods | grep router1 | grep -i Running" $((5*TIME_MIN))

-

-	echo "[INFO] Validating routed app response..."

-	validate_response "-s -k --resolve www.example.com:443:${CONTAINER_ACCESSIBLE_API_HOST} https://www.example.com" "Hello from OpenShift" 0.2 50

-else

-	echo "[INFO] Validating app response..."

-	validate_response "http://${FRONTEND_IP}:5432" "Hello from OpenShift"

-fi

+# ensure the router is started

+wait_for_command "osc get pods | grep router-1 | grep -i Running" $((5*TIME_MIN))

+echo "[INFO] Validating routed app response..."

+validate_response "-s -k --resolve www.example.com:443:${CONTAINER_ACCESSIBLE_API_HOST} https://www.example.com" "Hello from OpenShift" 0.2 50