diff --git a/docs/run-the-playbooks-for-abi.md b/docs/run-the-playbooks-for-abi.md index c3a65843..d5ea12db 100644 --- a/docs/run-the-playbooks-for-abi.md +++ b/docs/run-the-playbooks-for-abi.md @@ -1,8 +1,11 @@ # Run the Agent Based Installer (ABI) Playbooks ## Prerequisites -* KVM host with root user access or user with sudo privileges. ( applicable only in case of KVM) -* z/VM bastion with root user access or user with sudo privileges. ( applicable only in case of z/VM) -* z/VM Host with desired network cards enabled and storage details. ( applicable only in case of z/VM) +* KVM + * Host with root user access or user with sudo privileges. +* z/VM + * Bastion with root user access or user with sudo privileges. + * Host with desired network cards enabled and storage details. +* Checklist for Disconnected Cluster Installation ( [Disconnected Pre-requisites](https://github.com/IBM/Ansible-OpenShift-Provisioning/blob/main/docs/run-the-playbooks-for-disconnected.md#pre-requisites) ) ## Note: * This playbook support SNO, Compact and HA type of OCP cluster installation on KVM using ABI. @@ -21,6 +24,7 @@ * In case of SNO Section 9 ( `Compute Nodes` ) need to be comment or remove * First playbook to be run is `0_setup.yaml` which will create inventory file for ABI and will add ssh key to the kvm host. * In case of z/VM update variables in [zvm.yaml](https://github.com/IBM/Ansible-OpenShift-Provisioning/blob/main/inventories/default/group_vars/zvm.yaml). +* In case of disconnected cluster installation update variables in [disconnected.yaml](https://github.com/IBM/Ansible-OpenShift-Provisioning/blob/main/inventories/default/group_vars/disconnected.yaml). * Run this shell command: ``` @@ -33,7 +37,9 @@ ansible-playbook playbooks/0_setup.yaml * 3_setup_kvm_host.yaml ([code](https://github.com/IBM/Ansible-OpenShift-Provisioning/blob/main/playbooks/3_setup_kvm_host.yaml)) * 4_create_bastion.yaml ([code](https://github.com/IBM/Ansible-OpenShift-Provisioning/blob/main/playbooks/4_create_bastion.yaml)) * 5_setup_bastion.yaml ([code](https://github.com/IBM/Ansible-OpenShift-Provisioning/blob/main/playbooks/5_setup_bastion.yaml)) + * disconnected_mirror_artifacts.yaml (when disconnected is True) [code](https://github.com/IBM/Ansible-OpenShift-Provisioning/blob/main/playbooks/disconnected_mirror_artifacts.yaml) * create_abi_cluster.yaml ([code](https://github.com/IBM/Ansible-OpenShift-Provisioning/blob/main/playbooks/create_abi_cluster.yaml)) + * monitor_create_abi_cluster.yaml ([code](https://github.com/IBM/Ansible-OpenShift-Provisioning/blob/main/playbooks/monitor_create_abi_cluster.yaml)) * Watch Ansible as it completes the installation, correcting errors if they arise. * To look at what tasks are running in detail, open the playbook or roles/role-name/tasks/main.yaml diff --git a/playbooks/5_setup_bastion.yaml b/playbooks/5_setup_bastion.yaml index c1982ad4..7009fa6e 100644 --- a/playbooks/5_setup_bastion.yaml +++ b/playbooks/5_setup_bastion.yaml @@ -92,7 +92,7 @@ ansible.builtin.include_tasks: file: ../roles/bastion_setup_hipersocket_LPAR/tasks/main.yml when: vars_file.stat.exists and networking.mode is defined and networking.mode | lower =='hipersocket' - when: installation_type | lower =="lpar" + when: installation_type | lower == "lpar" - name: 5 setup bastion - configure bastion node with essential services hosts: bastion @@ -103,6 +103,7 @@ control_node_count: "{{ env.cluster.nodes.control.ip | length }}" vars_files: - "{{ inventory_dir }}/group_vars/all.yaml" + - "{{ inventory_dir }}/group_vars/disconnected.yaml" pre_tasks: - name: Import initial-resolv.yaml ansible.builtin.import_role: diff --git a/playbooks/create_abi_cluster.yaml b/playbooks/create_abi_cluster.yaml index eb91c861..24891e3c 100644 --- a/playbooks/create_abi_cluster.yaml +++ b/playbooks/create_abi_cluster.yaml @@ -7,9 +7,11 @@ vars_files: - "{{ inventory_dir }}/group_vars/all.yaml" - "{{ inventory_dir }}/group_vars/zvm.yaml" + - "{{ inventory_dir }}/group_vars/disconnected.yaml" roles: - common # Common Variable the will be used by all the inwalked roles. - - download_ocp_installer # Download Openshift Installer. + - { role: offline_artifacts, when: disconnected.enabled } # Update CA Certificates & Download OCP Packages + - { role: download_ocp_installer, when: not disconnected.enabled } # Download Openshift Installer. - prepare_configs # Prepare AgentConfig & InstallConfig. - create_agent # Create Agents || Build initrd.img, rootfs.img & kernelfs.img. diff --git a/playbooks/master_playbook_for_abi.yaml b/playbooks/master_playbook_for_abi.yaml index 35ca42c4..ec033b07 100644 --- a/playbooks/master_playbook_for_abi.yaml +++ b/playbooks/master_playbook_for_abi.yaml @@ -6,5 +6,7 @@ when: ( installation_type | lower == "kvm" ) - import_playbook: 4_create_bastion.yaml # Import Playbook To Create Bastion. - import_playbook: 5_setup_bastion.yaml # Import Playbook To Configure Bastion. +- import_playbook: disconnected_mirror_artifacts.yaml + when: disconnected.enabled - import_playbook: create_abi_cluster.yaml # Import Playbook To Create ABI Cluster. - import_playbook: monitor_create_abi_cluster.yaml # Import Playbook To Monitor ABI Cluster Installation. diff --git a/roles/dns/templates/dns.db.j2 b/roles/dns/templates/dns.db.j2 index 3998c7d2..f4d36fe2 100644 --- a/roles/dns/templates/dns.db.j2 +++ b/roles/dns/templates/dns.db.j2 @@ -30,4 +30,9 @@ api-int.{{ env.cluster.networking.metadata_name }} IN CNAME {{ env.bastion.ne apps.{{ env.cluster.networking.metadata_name }} IN CNAME {{ env.bastion.networking.hostname }}.{{ env.cluster.networking.base_domain }}. *.apps.{{ env.cluster.networking.metadata_name }} IN CNAME {{ env.bastion.networking.hostname }}.{{ env.cluster.networking.base_domain }}. +{% if disconnected.enabled %} +;entry for mirror host. +{{ env.cluster.networking.metadata_name }}.{{ env.cluster.networking.metadata_name }}.{{ env.cluster.networking.base_domain }}. IN A {{ env.file_server.ip }} +{% endif %} + ;EOF diff --git a/roles/offline_artifacts/tasks/main.yaml b/roles/offline_artifacts/tasks/main.yaml new file mode 100644 index 00000000..8f342f26 --- /dev/null +++ b/roles/offline_artifacts/tasks/main.yaml @@ -0,0 +1,105 @@ +--- +- name: Offline Artifacts + block: + - name: Get user home directory + shell: > + getent passwd {{ ansible_user }} | awk -F: '{ print $6 }' + changed_when: false + register: user_home + + - name: Delete OCP download directory for idempotency. + become: true + file: + path: "{{ user_home.stdout }}/ocp_pkgs" + state: absent + + - name: Create OCP download directory + file: + path: "{{ user_home.stdout }}/ocp_pkgs" + state: directory + + - name: Unzip OCP client and oc-mirror + ansible.builtin.unarchive: + src: "{{ item }}" + dest: "{{ user_home.stdout }}/ocp_pkgs/" + remote_src: yes + loop: + - "{{ env.file_server.protocol }}://{{ env.file_server.user + ':' + env.file_server.pass + '@' if env.file_server.protocol == 'ftp' else '' }}{{ env.file_server.ip }}{{ ':' + env.file_server.port if env.file_server.port | default('') | length > 0 else '' }}/{{ disconnected.mirroring.file_server.clients_dir }}/{{ disconnected.mirroring.file_server.oc_mirror_tgz }}" + - "{{ env.file_server.protocol }}://{{ env.file_server.user + ':' + env.file_server.pass + '@' if env.file_server.protocol == 'ftp' else '' }}{{ env.file_server.ip }}{{ ':' + env.file_server.port if env.file_server.port | default('') | length > 0 else '' }}/{{ disconnected.mirroring.file_server.clients_dir }}/{{ disconnected.mirroring.client_download.ocp_client_tgz }}" + + - name: Copy kubectl, oc, and oc-mirror binaries to /usr/local/sbin + become: true + ansible.builtin.copy: + src: "{{ user_home.stdout }}/ocp_pkgs/{{ item }}" + dest: /usr/sbin/{{ item }} + owner: root + group: root + mode: "755" + remote_src: yes + loop: + - kubectl + - oc + - oc-mirror + + - name: Check if directory {{ user_home.stdout }}/.docker exists + ansible.builtin.stat: + path: "{{ user_home.stdout }}/.docker" + register: home_docker + + - name: Create directory {{ user_home.stdout }}/.docker + file: + path: "{{ user_home.stdout }}/.docker" + state: directory + when: not home_docker.stat.exists + + - name: create pull secret file for mirroring + ansible.builtin.template: + src: mirror-secret.json.j2 + dest: "{{ user_home.stdout }}/.docker/config.json" + backup: yes + force: yes + + - name: create ca cert file for adding to ca trust when ca is not trusted and updating ca trust + become: true + block: + - name: create ca cert file when ca is untrusted + ansible.builtin.template: + src: ca.crt.j2 + dest: /etc/pki/ca-trust/source/anchors/registry.crt + force: yes + - name: update ca trust with the cert file + ansible.builtin.shell: | + set -o pipefail + update-ca-trust + when: not disconnected.registry.ca_trusted + + - name: run the oc adm release extract command + block: + - name: run the oc adm release extract command + ansible.builtin.shell: | + set -o pipefail + oc adm -a {{ user_home.stdout }}/.docker/config.json release extract \ + --command=openshift-install "{{ disconnected.registry.url }}/openshift/release-images:{{ disconnected.mirroring.oc_mirror.release_image_tag }}" + register: cmd_oc_extract + args: + chdir: "{{ user_home.stdout }}/ocp_pkgs" + + - name: print output of cmd_oc_extract + ansible.builtin.debug: + var: cmd_oc_extract + + - name: Copy openshift-install binaries to /usr/local/sbin + become: true + ansible.builtin.copy: + src: "{{ user_home.stdout }}/ocp_pkgs/openshift-install" + dest: /usr/sbin/openshift-install + owner: root + group: root + mode: "755" + remote_src: yes + + - name: Install NMState package + ansible.builtin.yum: + name: nmstate + state: latest + skip_broken: yes diff --git a/roles/offline_artifacts/templates/ca.crt.j2 b/roles/offline_artifacts/templates/ca.crt.j2 new file mode 100644 index 00000000..7101b74f --- /dev/null +++ b/roles/offline_artifacts/templates/ca.crt.j2 @@ -0,0 +1 @@ +{{ disconnected.registry.ca_cert }} diff --git a/roles/offline_artifacts/templates/mirror-secret.json.j2 b/roles/offline_artifacts/templates/mirror-secret.json.j2 new file mode 100644 index 00000000..88354b06 --- /dev/null +++ b/roles/offline_artifacts/templates/mirror-secret.json.j2 @@ -0,0 +1 @@ +{{ disconnected.registry.mirror_pull_secret }} diff --git a/roles/prepare_configs/templates/install-config.yaml.j2 b/roles/prepare_configs/templates/install-config.yaml.j2 index 9ab5181a..6d863d04 100644 --- a/roles/prepare_configs/templates/install-config.yaml.j2 +++ b/roles/prepare_configs/templates/install-config.yaml.j2 @@ -33,7 +33,18 @@ networking: - {{ install_config_vars.service_network }} platform: none: {} -pullSecret: > - {{ env.redhat.pull_secret }} sshKey: > {{ ssh_key.stdout }} +pullSecret: '{{ env.redhat.pull_secret if not disconnected.enabled else disconnected.registry.pull_secret }}' +{% if disconnected.enabled %} +{{ 'imageContentSources: ' }} +{{ '- mirrors:'}} +{{ ' - ' + disconnected.registry.url + '/' }}{{ disconnected.mirroring.legacy.ocp_org if disconnected.mirroring.legacy.platform else 'openshift' }}{{ '/' }}{{ disconnected.mirroring.legacy.ocp_repo if disconnected.mirroring.legacy.platform else 'release-images' }} +{{ ' source: quay.io/openshift-release-dev/ocp-release' }} +{{ '- mirrors:'}} +{{ ' - ' + disconnected.registry.url + '/' }}{{ disconnected.mirroring.legacy.ocp_org if disconnected.mirroring.legacy.platform else 'openshift' }}{{ '/' }}{{ disconnected.mirroring.legacy.ocp_repo if disconnected.mirroring.legacy.platform else 'release' }} +{{ ' source: quay.io/openshift-release-dev/ocp-v4.0-art-dev' }} +{% endif %} +{% if disconnected.enabled and not disconnected.registry.ca_trusted %} +{{ 'additionalTrustBundle: |' }}{% for line in disconnected.registry.ca_cert.split('\n') %}{{ '\n ' + line }}{% endfor %} +{% endif %}