From 8db7db1fc3dd8182a762e337799004a42d3b3e61 Mon Sep 17 00:00:00 2001 From: Robert Bohne Date: Thu, 17 Feb 2022 12:39:53 +0100 Subject: [PATCH 01/33] First steps to ansible execution env. --- ee-bindep.txt | 6 ++++++ ee-python-requirements.txt | 1 + ee-requirements.yml | 9 +++++++++ execution-environment.yml | 20 ++++++++++++++++++++ 4 files changed, 36 insertions(+) create mode 100644 ee-bindep.txt create mode 100644 ee-python-requirements.txt create mode 100644 ee-requirements.yml create mode 100644 execution-environment.yml diff --git a/ee-bindep.txt b/ee-bindep.txt new file mode 100644 index 00000000..beba5910 --- /dev/null +++ b/ee-bindep.txt @@ -0,0 +1,6 @@ +pkgconf-pkg-config +libvirt-client +libvirt-libs +libvirt-devel +gcc +python38-devel \ No newline at end of file diff --git a/ee-python-requirements.txt b/ee-python-requirements.txt new file mode 100644 index 00000000..5a47ce82 --- /dev/null +++ b/ee-python-requirements.txt @@ -0,0 +1 @@ +libvirt-python \ No newline at end of file diff --git a/ee-requirements.yml b/ee-requirements.yml new file mode 100644 index 00000000..07c53ad2 --- /dev/null +++ b/ee-requirements.yml @@ -0,0 +1,9 @@ +--- +collections: + - community.libvirt + - community.crypto + - community.general + - community.aws + - google.cloud + - community.azure + - kubernetes.core \ No newline at end of file diff --git a/execution-environment.yml b/execution-environment.yml new file mode 100644 index 00000000..69370dc4 --- /dev/null +++ b/execution-environment.yml @@ -0,0 +1,20 @@ +--- +version: 1 + +# build_arg_defaults: + # EE_BASE_IMAGE: 'quay.io/ansible/ansible-runner:latest' + +# ansible_config: 'ansible.cfg' + +dependencies: + galaxy: ee-requirements.yml + python: ee-python-requirements.txt + system: ee-bindep.txt + +# additional_build_steps: +# prepend: | +# RUN whoami +# RUN cat /etc/os-release +# append: +# - RUN echo This is a post-install command! +# - RUN ls -la /etc \ No newline at end of file From 7bc48598826702c3fcf6a810bcf74b2ba6c641d3 Mon Sep 17 00:00:00 2001 From: Robert Bohne Date: Fri, 25 Feb 2022 15:46:37 +0100 Subject: [PATCH 02/33] Changes to run playbooks agains a remote hosts --- ansible.cfg | 2 +- ansible/02-create-cluster.yml | 3 +-- ansible/99-destroy-cluster.yml | 3 +-- .../roles/openshift-4-cluster/defaults/main.yml | 6 +++--- .../openshift-4-cluster/tasks/build-k8s-vars.yml | 14 ++++++++++++-- .../tasks/certificate-install.yml | 15 +++++++++++++-- .../openshift-4-cluster/tasks/create-ignition.yml | 1 + .../openshift-4-cluster/tasks/create-network.yml | 6 +++--- .../roles/openshift-4-cluster/tasks/create-vm.yml | 1 + inventory/hosts.yaml | 6 ++++++ 10 files changed, 42 insertions(+), 15 deletions(-) create mode 100644 inventory/hosts.yaml diff --git a/ansible.cfg b/ansible.cfg index a1b3c0e9..30f9dadb 100644 --- a/ansible.cfg +++ b/ansible.cfg @@ -28,7 +28,7 @@ inventory_ignore_extensions = secrets.py, .pyc, .cfg, .crt, .ini timeout = 30 # Uncomment to use the provided example inventory -#inventory = inventory/hosts.example +inventory = inventory/hosts.yaml # Additional ssh options for OpenShift Ansible [ssh_connection] diff --git a/ansible/02-create-cluster.yml b/ansible/02-create-cluster.yml index 233d180b..9a95f20e 100755 --- a/ansible/02-create-cluster.yml +++ b/ansible/02-create-cluster.yml @@ -1,8 +1,7 @@ #!/usr/bin/env ansible-playbook --- # If you like to play: ./ansible/create.yml --skip-tags public_dns,letsencrypt -- hosts: localhost - connection: local +- hosts: host # gather_facts true because we need the public ip address gather_facts: true vars_files: diff --git a/ansible/99-destroy-cluster.yml b/ansible/99-destroy-cluster.yml index 329ec25d..24b21b9e 100755 --- a/ansible/99-destroy-cluster.yml +++ b/ansible/99-destroy-cluster.yml @@ -2,8 +2,7 @@ --- # If you like to play: ./ansible/destroy.yml --skip-tags public_dns,letsencrypt -- hosts: localhost - connection: local +- hosts: host gather_facts: true vars_files: - ../cluster.yml diff --git a/ansible/roles/openshift-4-cluster/defaults/main.yml b/ansible/roles/openshift-4-cluster/defaults/main.yml index 5af40823..257e993a 100644 --- a/ansible/roles/openshift-4-cluster/defaults/main.yml +++ b/ansible/roles/openshift-4-cluster/defaults/main.yml @@ -1,7 +1,7 @@ --- openshift_install_dir: "{{ playbook_dir }}/../{{ cluster_name }}" -ssh_public_key_location: /root/.ssh/id_rsa +ssh_public_key_location: ~/.ssh/id_rsa vn_subnet: "192.168.50.0" vn_name: "openshift-4-cluster" @@ -12,8 +12,8 @@ vn_public_domain: "h42.openshift.pub" ip_families: - IPv4 -listen_address: "{{ hostvars['localhost']['ansible_default_ipv4']['address'] | default('') }}" -listen_address_ipv6: "{{ hostvars['localhost']['ansible_default_ipv6']['address'] | default('') }}" +listen_address: "{{ hostvars[inventory_hostname]['ansible_default_ipv4']['address'] | default('') }}" +listen_address_ipv6: "{{ hostvars[inventory_hostname]['ansible_default_ipv6']['address'] | default('') }}" # Default: qcow2 # For more performance use LVM diff --git a/ansible/roles/openshift-4-cluster/tasks/build-k8s-vars.yml b/ansible/roles/openshift-4-cluster/tasks/build-k8s-vars.yml index 22adb96e..11439287 100644 --- a/ansible/roles/openshift-4-cluster/tasks/build-k8s-vars.yml +++ b/ansible/roles/openshift-4-cluster/tasks/build-k8s-vars.yml @@ -10,11 +10,21 @@ copy: src: "{{ openshift_install_dir }}/auth/kubeconfig" dest: "{{ openshift_install_dir }}/config/kubeconfig" + remote_src: yes mode: 0644 -- name: Fetch Kubeconfig +- name: Slurp kubeconfig + ansible.builtin.slurp: + src: "{{ openshift_install_dir }}/config/kubeconfig" + register: kubeconfig_raw + +- name: Copy content into kubeconfig set_fact: - kubeconfig: "{{ lookup('file', openshift_install_dir ~ '/config/kubeconfig' ) | from_yaml }}" + kubeconfig: "{{ kubeconfig_raw['content'] | b64decode | from_yaml }}" + +# - name: Fetch Kubeconfig +# set_fact: +# kubeconfig: "{{ lookup('file', openshift_install_dir ~ '/config/kubeconfig' ) | from_yaml }}" - name: Select cluster & user set_fact: diff --git a/ansible/roles/openshift-4-cluster/tasks/certificate-install.yml b/ansible/roles/openshift-4-cluster/tasks/certificate-install.yml index 526768af..ac400043 100644 --- a/ansible/roles/openshift-4-cluster/tasks/certificate-install.yml +++ b/ansible/roles/openshift-4-cluster/tasks/certificate-install.yml @@ -13,6 +13,17 @@ - name: Install certificates block: + + - name: Slurp certficate_fullchain + ansible.builtin.slurp: + src: "{{ certficate_fullchain }}" + register: tls_crt + + - name: Slurp certficate_key + ansible.builtin.slurp: + src: "{{ certficate_key }}" + register: tls_key + - name: Create secret with certificates for openshift-ingress k8s: state: present @@ -25,8 +36,8 @@ apiVersion: v1 kind: Secret data: - tls.crt: "{{ lookup('file',certficate_fullchain, rstrip=false) | b64encode }}" - tls.key: "{{ lookup('file',certficate_key, rstrip=false) | b64encode }}" + tls.crt: "{{ tls_crt['content'] }}" + tls.key: "{{ tls_key['content'] }}" metadata: name: letsencrypt-router-certs namespace: openshift-ingress diff --git a/ansible/roles/openshift-4-cluster/tasks/create-ignition.yml b/ansible/roles/openshift-4-cluster/tasks/create-ignition.yml index 6bd5980a..91a39df8 100644 --- a/ansible/roles/openshift-4-cluster/tasks/create-ignition.yml +++ b/ansible/roles/openshift-4-cluster/tasks/create-ignition.yml @@ -15,6 +15,7 @@ copy: dest: "{{ openshift_install_dir }}/install-config.yaml.original" src: "{{ openshift_install_dir }}/install-config.yaml" + remote_src: yes mode: 0644 - name: Create manifest files diff --git a/ansible/roles/openshift-4-cluster/tasks/create-network.yml b/ansible/roles/openshift-4-cluster/tasks/create-network.yml index 66cb14c2..874b0c2e 100644 --- a/ansible/roles/openshift-4-cluster/tasks/create-network.yml +++ b/ansible/roles/openshift-4-cluster/tasks/create-network.yml @@ -9,15 +9,15 @@ msg: "IPv6 is enabled via ip_families but your Host system do not have a public IPv6 subnet configured." when: - "'IPv6' in ip_families" - - hostvars['localhost']['ansible_default_ipv6'] | length == 0 + - ansible_default_ipv6 | length == 0 - name: Build IPv6 subnet set_fact: - vn_subnet_ipv6: "{{ hostvars['localhost']['ansible_default_ipv6']['address'].split(':')[:4] | join(':') | string }}:{{ '%x' % vn_subnet.split('.')[2] | int }}" + vn_subnet_ipv6: "{{ ansible_default_ipv6['address'].split(':')[:4] | join(':') | string }}:{{ '%x' % vn_subnet.split('.')[2] | int }}" ipv6_listen_public: - "{{ listen_address_ipv6 }}" ipv6_listen_private: - - "{{ hostvars['localhost']['ansible_default_ipv6']['address'].split(':')[:4] | join(':') | string }}:{{ '%x' % vn_subnet.split('.')[2] | int }}::1" + - "{{ ansible_default_ipv6['address'].split(':')[:4] | join(':') | string }}:{{ '%x' % vn_subnet.split('.')[2] | int }}::1" when: "'IPv6' in ip_families" tags: always diff --git a/ansible/roles/openshift-4-cluster/tasks/create-vm.yml b/ansible/roles/openshift-4-cluster/tasks/create-vm.yml index 9cc1c00c..9c798264 100644 --- a/ansible/roles/openshift-4-cluster/tasks/create-vm.yml +++ b/ansible/roles/openshift-4-cluster/tasks/create-vm.yml @@ -34,6 +34,7 @@ copy: src: "{{ vm_ignition_file }}" dest: "/var/lib/libvirt/images/{{ vm_instance_name }}.ign" + remote_src: true mode: '0644' - name: Debug - create /tmp/{{ vm_instance_name }}.virt.xml diff --git a/inventory/hosts.yaml b/inventory/hosts.yaml new file mode 100644 index 00000000..ce3be6c0 --- /dev/null +++ b/inventory/hosts.yaml @@ -0,0 +1,6 @@ +--- +host: + hosts: + host: + ansible_host: localhost + ansible_private_key_file: ~/.ssh/id_rsa \ No newline at end of file From 6edd8bdda78c958582fab6661d419684c64c6911 Mon Sep 17 00:00:00 2001 From: Robert Bohne Date: Fri, 25 Feb 2022 15:47:25 +0100 Subject: [PATCH 03/33] Use include_tasks instead include because of deprecation --- ansible/roles/letsencrypt/tasks/main.yml | 4 ++-- ansible/roles/openshift-4-cluster/tasks/create.yml | 12 ++++++------ ansible/roles/public_dns/tasks/create.yml | 2 +- ansible/roles/public_dns/tasks/destroy.yml | 2 +- 4 files changed, 10 insertions(+), 10 deletions(-) diff --git a/ansible/roles/letsencrypt/tasks/main.yml b/ansible/roles/letsencrypt/tasks/main.yml index 80955055..3b6d21c6 100644 --- a/ansible/roles/letsencrypt/tasks/main.yml +++ b/ansible/roles/letsencrypt/tasks/main.yml @@ -145,7 +145,7 @@ when: sample_com_challenge is changed - name: Include DNS provider - include: "create-{{ le_dns_provider }}.yml" + include_tasks: "create-{{ le_dns_provider }}.yml" when: - le_dns_provider in ['hetzner', 'digitalocean'] - sample_com_challenge is changed @@ -251,7 +251,7 @@ when: le_dns_provider == "transip" and sample_com_challenge is changed - name: Include DNS provider - include: "destroy-{{ le_dns_provider }}.yml" + include_tasks: "destroy-{{ le_dns_provider }}.yml" when: - le_dns_provider in ['hetzner', 'digitalocean'] - sample_com_challenge is changed diff --git a/ansible/roles/openshift-4-cluster/tasks/create.yml b/ansible/roles/openshift-4-cluster/tasks/create.yml index 1f183b84..c13f2d25 100644 --- a/ansible/roles/openshift-4-cluster/tasks/create.yml +++ b/ansible/roles/openshift-4-cluster/tasks/create.yml @@ -73,17 +73,17 @@ when: not letsencrypt_disabled - name: Download OpenShift Artifacts - include: download-openshift-artifacts.yml + include_tasks: download-openshift-artifacts.yml tags: download-openshift-artifacts - name: Create ignition files - include: create-ignition.yml + include_tasks: create-ignition.yml vars: ssh_public_key: "{{ lookup('file', '{{ ssh_public_key_location }}.pub') }}" tags: ignition - name: Create bootstrap node - include: create-vm.yml + include_tasks: create-vm.yml vars: vm_instance_name: "{{ cluster_name }}-bootstrap" vm_network: "{{ cluster_name }}" @@ -95,7 +95,7 @@ vm_root_disk_size: '120G' - name: Create master nodes - include: create-vm.yml + include_tasks: create-vm.yml vars: vm_instance_name: "{{ cluster_name }}-master-{{ item }}" vm_network: "{{ cluster_name }}" @@ -109,7 +109,7 @@ with_sequence: start=0 end="{{ master_count|int - 1 }}" stride=1 - name: Create compute node - include: create-vm.yml + include_tasks: create-vm.yml vars: vm_instance_name: "{{ cluster_name }}-compute-{{ item }}" vm_network: "{{ cluster_name }}" @@ -124,5 +124,5 @@ when: compute_count > 0 - name: Include post installation tasks - include: post-install.yml + include_tasks: post-install.yml tags: post-install diff --git a/ansible/roles/public_dns/tasks/create.yml b/ansible/roles/public_dns/tasks/create.yml index 40dd8d5d..3833b355 100644 --- a/ansible/roles/public_dns/tasks/create.yml +++ b/ansible/roles/public_dns/tasks/create.yml @@ -1,3 +1,3 @@ --- - name: Include DNS provider - include: "create-{{ pd_provider }}.yml" + include_tasks: "create-{{ pd_provider }}.yml" diff --git a/ansible/roles/public_dns/tasks/destroy.yml b/ansible/roles/public_dns/tasks/destroy.yml index 095eeb64..190d9a88 100644 --- a/ansible/roles/public_dns/tasks/destroy.yml +++ b/ansible/roles/public_dns/tasks/destroy.yml @@ -1,4 +1,4 @@ --- - name: Include DNS provider - include: "destroy-{{ pd_provider }}.yml" + include_tasks: "destroy-{{ pd_provider }}.yml" From e32df3c78fa8c9073ef41a7360fa59fa37441632 Mon Sep 17 00:00:00 2001 From: Robert Bohne Date: Fri, 25 Feb 2022 15:52:37 +0100 Subject: [PATCH 04/33] Fixed pre-commit --- ee-requirements.yml | 2 +- execution-environment.yml | 2 +- inventory/hosts.yaml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/ee-requirements.yml b/ee-requirements.yml index 07c53ad2..3060628c 100644 --- a/ee-requirements.yml +++ b/ee-requirements.yml @@ -6,4 +6,4 @@ collections: - community.aws - google.cloud - community.azure - - kubernetes.core \ No newline at end of file + - kubernetes.core diff --git a/execution-environment.yml b/execution-environment.yml index 69370dc4..158aab3b 100644 --- a/execution-environment.yml +++ b/execution-environment.yml @@ -17,4 +17,4 @@ dependencies: # RUN cat /etc/os-release # append: # - RUN echo This is a post-install command! -# - RUN ls -la /etc \ No newline at end of file +# - RUN ls -la /etc diff --git a/inventory/hosts.yaml b/inventory/hosts.yaml index ce3be6c0..b838923a 100644 --- a/inventory/hosts.yaml +++ b/inventory/hosts.yaml @@ -3,4 +3,4 @@ host: hosts: host: ansible_host: localhost - ansible_private_key_file: ~/.ssh/id_rsa \ No newline at end of file + ansible_private_key_file: ~/.ssh/id_rsa From 11ce2b8b82d793a1960056e2d037063bd1b078a8 Mon Sep 17 00:00:00 2001 From: Robert Bohne Date: Thu, 17 Mar 2022 16:23:57 +0100 Subject: [PATCH 05/33] Update documentation to use ansible-navigator --- README.md | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index 27bdb469..055b9fa2 100644 --- a/README.md +++ b/README.md @@ -72,8 +72,7 @@ subscription-manager repos \ --enable=rhel-8-for-x86_64-baseos-rpms \ --enable=rhel-8-for-x86_64-appstream-rpms \ --enable=rhel-8-for-x86_64-highavailability-rpms \ - --enable=ansible-2.9-for-rhel-8-x86_64-rpms \ - --enable=openstack-15-for-rhel-8-x86_64-rpms + --enable=ansible-automation-platform-2.1-for-rhel-8-x86_64-rpms ``` ## In case of CentOS Stream 8 🚨 currently broken due to issue [#205](https://github.com/RedHat-EMEA-SSA-Team/hetzner-ocp4/issues/205) @@ -88,7 +87,7 @@ yum install -y centos-release-ansible-29.noarch Install ansible (min version 2.9) and git ``` -yum install -y ansible git +yum install -y ansible-navigator git ``` You are now ready to clone this project to your CentOS system. @@ -207,7 +206,7 @@ Please configure in `cluster.yml` all necessary credentials: ``` [root@server ~]# cd hetzner-ocp4 -[root@server ~]# ansible-playbook ./ansible/setup.yml +[root@server ~]# ansible-navigator run -m stdout ./ansible/setup.yml ``` # Additional documentation @@ -228,7 +227,7 @@ Please configure in `cluster.yml` all necessary credentials: | Problem | Command | |---|---| |Check haproxy connections| ```podman exec -ti openshift-4-loadbalancer-${cluster_name} ./watch-stats.sh``` -|Start cluster after reboot|```./ansible/04-start-cluster.yml``` +|Start cluster after reboot|```ansible-navigator run -m stdout ./ansible/04-start-cluster.yml``` From 7f6396749c1c30fa1da496e0fc39fcb0a2678a18 Mon Sep 17 00:00:00 2001 From: Robert Bohne Date: Thu, 17 Mar 2022 16:24:32 +0100 Subject: [PATCH 06/33] Remove execution flag, because did not work anymore with ansible-navigator --- ansible/00-provision-hetzner.yml | 0 ansible/01-prepare-host.yml | 2 +- ansible/02-create-cluster.yml | 0 ansible/03-stop-cluster.yml | 0 ansible/04-start-cluster.yml | 0 ansible/99-destroy-cluster.yml | 0 ansible/renewal-certificate.yml | 0 ansible/run-add-ons.yml | 0 ansible/setup.yml | 0 9 files changed, 1 insertion(+), 1 deletion(-) mode change 100755 => 100644 ansible/00-provision-hetzner.yml mode change 100755 => 100644 ansible/01-prepare-host.yml mode change 100755 => 100644 ansible/02-create-cluster.yml mode change 100755 => 100644 ansible/03-stop-cluster.yml mode change 100755 => 100644 ansible/04-start-cluster.yml mode change 100755 => 100644 ansible/99-destroy-cluster.yml mode change 100755 => 100644 ansible/renewal-certificate.yml mode change 100755 => 100644 ansible/run-add-ons.yml mode change 100755 => 100644 ansible/setup.yml diff --git a/ansible/00-provision-hetzner.yml b/ansible/00-provision-hetzner.yml old mode 100755 new mode 100644 diff --git a/ansible/01-prepare-host.yml b/ansible/01-prepare-host.yml old mode 100755 new mode 100644 index bea8674e..3dd7367b --- a/ansible/01-prepare-host.yml +++ b/ansible/01-prepare-host.yml @@ -1,6 +1,6 @@ #!/usr/bin/env ansible-playbook --- -- hosts: localhost +- hosts: host vars_files: - ../cluster.yml tasks: diff --git a/ansible/02-create-cluster.yml b/ansible/02-create-cluster.yml old mode 100755 new mode 100644 diff --git a/ansible/03-stop-cluster.yml b/ansible/03-stop-cluster.yml old mode 100755 new mode 100644 diff --git a/ansible/04-start-cluster.yml b/ansible/04-start-cluster.yml old mode 100755 new mode 100644 diff --git a/ansible/99-destroy-cluster.yml b/ansible/99-destroy-cluster.yml old mode 100755 new mode 100644 diff --git a/ansible/renewal-certificate.yml b/ansible/renewal-certificate.yml old mode 100755 new mode 100644 diff --git a/ansible/run-add-ons.yml b/ansible/run-add-ons.yml old mode 100755 new mode 100644 diff --git a/ansible/setup.yml b/ansible/setup.yml old mode 100755 new mode 100644 From 539c993ce60b490b9b026092c4528f08275c3978 Mon Sep 17 00:00:00 2001 From: Robert Bohne Date: Thu, 17 Mar 2022 16:27:06 +0100 Subject: [PATCH 07/33] Remove shebang --- ansible/00-provision-hetzner.yml | 1 - ansible/01-prepare-host.yml | 1 - ansible/02-create-cluster.yml | 1 - ansible/03-stop-cluster.yml | 1 - ansible/04-start-cluster.yml | 1 - ansible/99-destroy-cluster.yml | 1 - ansible/renewal-certificate.yml | 1 - ansible/run-add-ons.yml | 1 - ansible/setup.yml | 1 - 9 files changed, 9 deletions(-) diff --git a/ansible/00-provision-hetzner.yml b/ansible/00-provision-hetzner.yml index 73e8870c..c8ca4a72 100644 --- a/ansible/00-provision-hetzner.yml +++ b/ansible/00-provision-hetzner.yml @@ -1,4 +1,3 @@ -#!/usr/bin/env ansible-playbook --- - name: Build inventory diff --git a/ansible/01-prepare-host.yml b/ansible/01-prepare-host.yml index 3dd7367b..6f70fd4b 100644 --- a/ansible/01-prepare-host.yml +++ b/ansible/01-prepare-host.yml @@ -1,4 +1,3 @@ -#!/usr/bin/env ansible-playbook --- - hosts: host vars_files: diff --git a/ansible/02-create-cluster.yml b/ansible/02-create-cluster.yml index 9a95f20e..b848351b 100644 --- a/ansible/02-create-cluster.yml +++ b/ansible/02-create-cluster.yml @@ -1,4 +1,3 @@ -#!/usr/bin/env ansible-playbook --- # If you like to play: ./ansible/create.yml --skip-tags public_dns,letsencrypt - hosts: host diff --git a/ansible/03-stop-cluster.yml b/ansible/03-stop-cluster.yml index c88e891a..c59c2ebc 100644 --- a/ansible/03-stop-cluster.yml +++ b/ansible/03-stop-cluster.yml @@ -1,4 +1,3 @@ -#!/usr/bin/env ansible-playbook --- # If you like to play: ./ansible/create.yml --skip-tags public_dns,letsencrypt - hosts: localhost diff --git a/ansible/04-start-cluster.yml b/ansible/04-start-cluster.yml index db7dcd17..4c2b4ee7 100644 --- a/ansible/04-start-cluster.yml +++ b/ansible/04-start-cluster.yml @@ -1,4 +1,3 @@ -#!/usr/bin/env ansible-playbook --- # If you like to play: ./ansible/create.yml --skip-tags public_dns,letsencrypt - hosts: localhost diff --git a/ansible/99-destroy-cluster.yml b/ansible/99-destroy-cluster.yml index 24b21b9e..cba8ec58 100644 --- a/ansible/99-destroy-cluster.yml +++ b/ansible/99-destroy-cluster.yml @@ -1,4 +1,3 @@ -#!/usr/bin/env ansible-playbook --- # If you like to play: ./ansible/destroy.yml --skip-tags public_dns,letsencrypt diff --git a/ansible/renewal-certificate.yml b/ansible/renewal-certificate.yml index 00286a22..f9c1f976 100644 --- a/ansible/renewal-certificate.yml +++ b/ansible/renewal-certificate.yml @@ -1,4 +1,3 @@ -#!/usr/bin/env ansible-playbook --- - hosts: localhost vars_files: diff --git a/ansible/run-add-ons.yml b/ansible/run-add-ons.yml index df28af8e..6926e555 100644 --- a/ansible/run-add-ons.yml +++ b/ansible/run-add-ons.yml @@ -1,4 +1,3 @@ -#!/usr/bin/env ansible-playbook --- - name: Test diff --git a/ansible/setup.yml b/ansible/setup.yml index 1ce0a02f..9ba76fc9 100644 --- a/ansible/setup.yml +++ b/ansible/setup.yml @@ -1,4 +1,3 @@ -#!/usr/bin/env ansible-playbook --- - import_playbook: 01-prepare-host.yml - import_playbook: 02-create-cluster.yml From 2bc1fa7ad1ae6597761e97487638b42dd49b8ec5 Mon Sep 17 00:00:00 2001 From: Robert Bohne Date: Thu, 17 Mar 2022 16:29:04 +0100 Subject: [PATCH 08/33] Don't install special python modules --- .../openshift-4-cluster/tasks/prepare-host-RedHat-8.yml | 5 ----- 1 file changed, 5 deletions(-) diff --git a/ansible/roles/openshift-4-cluster/tasks/prepare-host-RedHat-8.yml b/ansible/roles/openshift-4-cluster/tasks/prepare-host-RedHat-8.yml index 94180abe..6877dbc0 100644 --- a/ansible/roles/openshift-4-cluster/tasks/prepare-host-RedHat-8.yml +++ b/ansible/roles/openshift-4-cluster/tasks/prepare-host-RedHat-8.yml @@ -6,11 +6,6 @@ - "@virtualization-client" - "@virtualization-platform" - "@virtualization-tools" - # ansible virt need lxml - - python3-lxml - # Important for python3-openshift - - python3-requests-oauthlib - - python3-openshift state: present - name: Upgrade all packages From 3c374fd2e539df6cec238cce00cf6a75ae6055b4 Mon Sep 17 00:00:00 2001 From: Robert Bohne Date: Thu, 17 Mar 2022 16:33:12 +0100 Subject: [PATCH 09/33] Add ansible-navigator configuration --- .gitignore | 1 + ansible-navigator.yaml | 90 ++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 91 insertions(+) create mode 100644 ansible-navigator.yaml diff --git a/.gitignore b/.gitignore index 458d999a..bab10c45 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,4 @@ cluster.yml .DS_Store certificate/ +ansible-navigator.log diff --git a/ansible-navigator.yaml b/ansible-navigator.yaml new file mode 100644 index 00000000..3a3f879e --- /dev/null +++ b/ansible-navigator.yaml @@ -0,0 +1,90 @@ +--- +ansible-navigator: +# ansible: +# config: /tmp/ansible.cfg +# cmdline: "--forks 15" +# inventories: +# - /tmp/test_inventory.yml +# playbook: /tmp/test_playbook.yml +# +# ansible-builder: +# workdir: /tmp/ +# +# ansible-runner: +# artifact-dir: /tmp/test1 +# rotate-artifacts-count: 10 +# timeout: 300 +# +# app: run +# +# collection-doc-cache-path: /tmp/cache.db +# +# color: +# enable: False +# osc4: False +# +# documentation: +# plugin: +# name: shell +# type: become +# +# editor: +# command: vim_from_setting +# console: False +# +# exec: +# shell: False +# command: /bin/foo +# + execution-environment: +# container-engine: podman +# enabled: False +# environment-variables: +# pass: +# - ONE +# - TWO +# - THREE +# set: +# KEY1: VALUE1 +# KEY2: VALUE2 +# KEY3: VALUE3 + image: quay.io/redhat-emea-ssa-team/hetzner-ocp4-ansible-ee:devel +# pull: +# arguments: +# - "--tls-verify=false" +# policy: never +# volume-mounts: +# - src: "/tmp" +# dest: "/test1" +# options: "Z" + container-options: + - "--net=host" +# +# help-builder: False +# +# help-config: True +# +# help-doc: True +# +# help-inventory: True +# +# help-playbook: False +# +# inventory-columns: +# - ansible_network_os +# - ansible_network_cli_ssh_type +# - ansible_connection +# + logging: + level: critical + # append: False + # file: /tmp/log.txt + # + # mode: stdout + # + # playbook-artifact: + # enable: True + # replay: /tmp/test_artifact.json + # save-as: /tmp/test_artifact.json + # + # time-zone: Japanubscription-manager repos --enable ansible-automation-platform-2.1-for-rhel-8-x86_64-rpms From 15f6021a59247a2333839a1f8c989e3eb92bd123 Mon Sep 17 00:00:00 2001 From: Robert Bohne Date: Thu, 17 Mar 2022 16:40:05 +0100 Subject: [PATCH 10/33] Move depencies into ansible ee --- ansible/roles/public_dns/tasks/create-azure.yml | 10 ---------- ansible/roles/public_dns/tasks/create-route53.yml | 7 ------- ee-python-requirements.txt | 12 +++++++++++- ee-requirements.yml | 3 +++ 4 files changed, 14 insertions(+), 18 deletions(-) diff --git a/ansible/roles/public_dns/tasks/create-azure.yml b/ansible/roles/public_dns/tasks/create-azure.yml index a65fe611..750a79e9 100644 --- a/ansible/roles/public_dns/tasks/create-azure.yml +++ b/ansible/roles/public_dns/tasks/create-azure.yml @@ -1,14 +1,4 @@ --- -- name: Install Azure Ansible pip dependencies - pip: - name: - - packaging - - msrest - - msrestazure - - azure.common - - azure.mgmt - - azure.storage - - azure.mgmt.automation - name: Create DNS record at Azure azure_rm_dnsrecordset: diff --git a/ansible/roles/public_dns/tasks/create-route53.yml b/ansible/roles/public_dns/tasks/create-route53.yml index b7640e53..39b3c4b5 100644 --- a/ansible/roles/public_dns/tasks/create-route53.yml +++ b/ansible/roles/public_dns/tasks/create-route53.yml @@ -1,11 +1,4 @@ --- -- name: Install boto on RHEL/CentOS 8 via pip - # RPM / Package python3-boto3.noarch (The AWS SDK for Python) did not work - pip: - name: - - boto - state: present - - name: Create DNS record at Route53 route53: state: present diff --git a/ee-python-requirements.txt b/ee-python-requirements.txt index 5a47ce82..be3f2c34 100644 --- a/ee-python-requirements.txt +++ b/ee-python-requirements.txt @@ -1 +1,11 @@ -libvirt-python \ No newline at end of file +libvirt-python +# Azure should be covert by collection: community.azure +# packaging +# msrest +# msrestazure +# azure.common +# azure.mgmt +# azure.storage +# azure.mgmt.automation +# AWS should be covert by collection: community.aws +# boto diff --git a/ee-requirements.yml b/ee-requirements.yml index 3060628c..5df685e1 100644 --- a/ee-requirements.yml +++ b/ee-requirements.yml @@ -7,3 +7,6 @@ collections: - google.cloud - community.azure - kubernetes.core + - ansible.posix + - community.azure + - community.aws From 97b8ddcf8b75eec5fcde616b2a41d92e8cb032d3 Mon Sep 17 00:00:00 2001 From: Robert Bohne Date: Thu, 17 Mar 2022 16:41:06 +0100 Subject: [PATCH 11/33] Fix pre-commit --- ansible-navigator.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ansible-navigator.yaml b/ansible-navigator.yaml index 3a3f879e..425ae8b0 100644 --- a/ansible-navigator.yaml +++ b/ansible-navigator.yaml @@ -48,7 +48,7 @@ ansible-navigator: # KEY1: VALUE1 # KEY2: VALUE2 # KEY3: VALUE3 - image: quay.io/redhat-emea-ssa-team/hetzner-ocp4-ansible-ee:devel + image: quay.io/redhat-emea-ssa-team/hetzner-ocp4-ansible-ee:devel # pull: # arguments: # - "--tls-verify=false" @@ -76,7 +76,7 @@ ansible-navigator: # - ansible_connection # logging: - level: critical + level: critical # append: False # file: /tmp/log.txt # From ef8693412a9939e89e95e632f091959f9c06b2fa Mon Sep 17 00:00:00 2001 From: Robert Bohne Date: Thu, 17 Mar 2022 17:04:27 +0100 Subject: [PATCH 12/33] Move dns provider to ansible ee --- ansible/roles/openshift-4-cluster/tasks/prepare-host.yml | 4 ---- ee-requirements.yml | 1 + 2 files changed, 1 insertion(+), 4 deletions(-) diff --git a/ansible/roles/openshift-4-cluster/tasks/prepare-host.yml b/ansible/roles/openshift-4-cluster/tasks/prepare-host.yml index cb2b1976..ed935916 100644 --- a/ansible/roles/openshift-4-cluster/tasks/prepare-host.yml +++ b/ansible/roles/openshift-4-cluster/tasks/prepare-host.yml @@ -38,7 +38,3 @@ insertafter: '^\[Network\]' regexp: '^IPForward=' when: stat_result.stat.exists - -# Install ansible collection for digitalocean dns provider -- name: Ansible collection community.digitalocean - command: "ansible-galaxy collection install community.digitalocean" diff --git a/ee-requirements.yml b/ee-requirements.yml index 5df685e1..2e9e448b 100644 --- a/ee-requirements.yml +++ b/ee-requirements.yml @@ -10,3 +10,4 @@ collections: - ansible.posix - community.azure - community.aws + - community.digitalocean \ No newline at end of file From 4fd5b30dc927386963712c9df9a0aed5ca2dd1e7 Mon Sep 17 00:00:00 2001 From: Robert Bohne Date: Fri, 18 Mar 2022 11:45:07 +0100 Subject: [PATCH 13/33] Run kubernetes.core.k8s as local_action --- .../tasks/entitlement-from-rhel-node.yaml | 3 +- .../add-on-roles/ntp/tasks/post-install.yml | 3 +- .../web-terminal/tasks/post-install.yml | 3 +- .../tasks/certificate-install.yml | 12 +++++--- .../tasks/post-install-storage-nfs.yml | 30 ++++++++++++------- .../tasks/post-install.yml | 15 ++++++---- docs/add-ons.md | 6 ++-- ee-requirements.yml | 3 +- 8 files changed, 50 insertions(+), 25 deletions(-) diff --git a/ansible/add-on-roles/cluster-entitlement/tasks/entitlement-from-rhel-node.yaml b/ansible/add-on-roles/cluster-entitlement/tasks/entitlement-from-rhel-node.yaml index 20762fa1..c078dce5 100644 --- a/ansible/add-on-roles/cluster-entitlement/tasks/entitlement-from-rhel-node.yaml +++ b/ansible/add-on-roles/cluster-entitlement/tasks/entitlement-from-rhel-node.yaml @@ -31,7 +31,8 @@ register: register_entitlement_base64 - name: Apply entitle machineconfig - k8s: + delegate_to: localhost + kubernetes.core.k8s: state: present kubeconfig: "{{ k8s_kubeconfig }}" host: "{{ k8s_host }}" diff --git a/ansible/add-on-roles/ntp/tasks/post-install.yml b/ansible/add-on-roles/ntp/tasks/post-install.yml index a633be01..452bebcc 100644 --- a/ansible/add-on-roles/ntp/tasks/post-install.yml +++ b/ansible/add-on-roles/ntp/tasks/post-install.yml @@ -8,7 +8,8 @@ register: register_encoded_chrony_conf - name: Apply NTP machineconfig - k8s: + delegate_to: localhost + kubernetes.core.k8s: state: present kubeconfig: "{{ k8s_kubeconfig }}" host: "{{ k8s_host }}" diff --git a/ansible/add-on-roles/web-terminal/tasks/post-install.yml b/ansible/add-on-roles/web-terminal/tasks/post-install.yml index 063fa553..b9b1e78a 100644 --- a/ansible/add-on-roles/web-terminal/tasks/post-install.yml +++ b/ansible/add-on-roles/web-terminal/tasks/post-install.yml @@ -1,7 +1,8 @@ --- - name: Apply web-terminal subscription - k8s: + delegate_to: localhost + kubernetes.core.k8s: state: present kubeconfig: "{{ k8s_kubeconfig }}" host: "{{ k8s_host }}" diff --git a/ansible/roles/openshift-4-cluster/tasks/certificate-install.yml b/ansible/roles/openshift-4-cluster/tasks/certificate-install.yml index ac400043..e00d10b5 100644 --- a/ansible/roles/openshift-4-cluster/tasks/certificate-install.yml +++ b/ansible/roles/openshift-4-cluster/tasks/certificate-install.yml @@ -25,7 +25,8 @@ register: tls_key - name: Create secret with certificates for openshift-ingress - k8s: + delegate_to: localhost + kubernetes.core.k8s: state: present kubeconfig: "{{ k8s_kubeconfig }}" host: "{{ k8s_host }}" @@ -43,7 +44,8 @@ namespace: openshift-ingress type: kubernetes.io/tls - name: Patch ingresscontroller/default - k8s: + delegate_to: localhost + kubernetes.core.k8s: state: present kubeconfig: "{{ k8s_kubeconfig }}" host: "{{ k8s_host }}" @@ -63,7 +65,8 @@ # Hot fix, remove of openshift api cert installation because of # https://github.com/RedHat-EMEA-SSA-Team/hetzner-ocp4/issues/117 # - name: Create secret with certificates for openshift api - # k8s: + # delegate_to: localhost + # kubernetes.core.k8s # state: present # kubeconfig: "{{ k8s_kubeconfig }}" # host: "{{ k8s_host }}" @@ -81,7 +84,8 @@ # namespace: openshift-config # type: kubernetes.io/tls # - name: Patch api server config - # k8s: + # delegate_to: localhost + # kubernetes.core.k8s: # state: present # kubeconfig: "{{ k8s_kubeconfig }}" # host: "{{ k8s_host }}" diff --git a/ansible/roles/openshift-4-cluster/tasks/post-install-storage-nfs.yml b/ansible/roles/openshift-4-cluster/tasks/post-install-storage-nfs.yml index 7fa0c14a..9b56d4b6 100644 --- a/ansible/roles/openshift-4-cluster/tasks/post-install-storage-nfs.yml +++ b/ansible/roles/openshift-4-cluster/tasks/post-install-storage-nfs.yml @@ -63,7 +63,8 @@ - name: Create infra-registry pv - k8s: + delegate_to: localhost + kubernetes.core.k8s: state: present kubeconfig: "{{ k8s_kubeconfig }}" host: "{{ k8s_host }}" @@ -86,7 +87,8 @@ persistentVolumeReclaimPolicy: Recycle - name: Create registry-storage pvc - k8s: + delegate_to: localhost + kubernetes.core.k8s: state: present kubeconfig: "{{ k8s_kubeconfig }}" host: "{{ k8s_host }}" @@ -129,7 +131,8 @@ - "user-pvs" - name: Create Namespace - k8s: + delegate_to: localhost + kubernetes.core.k8s: state: present kubeconfig: "{{ k8s_kubeconfig }}" host: "{{ k8s_host }}" @@ -143,7 +146,8 @@ name: "{{ storage_nfs_target_namespace }}" - name: Create ServiceAccount - k8s: + delegate_to: localhost + kubernetes.core.k8s: state: present kubeconfig: "{{ k8s_kubeconfig }}" host: "{{ k8s_host }}" @@ -158,7 +162,8 @@ namespace: "{{ storage_nfs_target_namespace }}" - name: Create ClusteRole nfs-client-provisioner-runner - k8s: + delegate_to: localhost + kubernetes.core.k8s: state: present kubeconfig: "{{ k8s_kubeconfig }}" host: "{{ k8s_host }}" @@ -185,7 +190,8 @@ verbs: ["create", "update", "patch"] - name: Create ClusterRoleBinding nfs-client-provisioner-runner <-> nfs-client-provisioner - k8s: + delegate_to: localhost + kubernetes.core.k8s: state: present kubeconfig: "{{ k8s_kubeconfig }}" host: "{{ k8s_host }}" @@ -207,7 +213,8 @@ apiGroup: rbac.authorization.k8s.io - name: Create Role nfs-client-provisioner - k8s: + delegate_to: localhost + kubernetes.core.k8s: state: present kubeconfig: "{{ k8s_kubeconfig }}" host: "{{ k8s_host }}" @@ -230,7 +237,8 @@ verbs: ["use"] - name: Create RoleBinding nfs-client-provisioner <-> nfs-client-provisioner - k8s: + delegate_to: localhost + kubernetes.core.k8s: state: present kubeconfig: "{{ k8s_kubeconfig }}" host: "{{ k8s_host }}" @@ -252,7 +260,8 @@ apiGroup: rbac.authorization.k8s.io - name: Deploy nfs-provisioner - k8s: + delegate_to: localhost + kubernetes.core.k8s: state: present kubeconfig: "{{ k8s_kubeconfig }}" host: "{{ k8s_host }}" @@ -298,7 +307,8 @@ path: "{{ storage_nfs_path_prefix }}/{{ cluster_name }}-pv-user-pvs" - name: Storage Class - k8s: + delegate_to: localhost + kubernetes.core.k8s: state: present kubeconfig: "{{ k8s_kubeconfig }}" host: "{{ k8s_host }}" diff --git a/ansible/roles/openshift-4-cluster/tasks/post-install.yml b/ansible/roles/openshift-4-cluster/tasks/post-install.yml index 4be0c89a..00d82724 100644 --- a/ansible/roles/openshift-4-cluster/tasks/post-install.yml +++ b/ansible/roles/openshift-4-cluster/tasks/post-install.yml @@ -88,7 +88,8 @@ - name: Handle auth_htpasswd block: - name: Create htpasswd secret - k8s: + delegate_to: localhost + kubernetes.core.k8s: state: present kubeconfig: "{{ k8s_kubeconfig }}" host: "{{ k8s_host }}" @@ -124,7 +125,8 @@ - name: Handle auth_redhatsso block: - name: Create google secret secret - k8s: + delegate_to: localhost + kubernetes.core.k8s: state: present kubeconfig: "{{ k8s_kubeconfig }}" host: "{{ k8s_host }}" @@ -170,7 +172,8 @@ msg: "Only one of auth_github.organizations or auth_github.teams must be defined (at least one must be defined)" when: (auth_github.organizations is defined) and (auth_github.teams is defined) - name: Create GitHub secret - k8s: + delegate_to: localhost + kubernetes.core.k8s: state: present kubeconfig: "{{ k8s_kubeconfig }}" host: "{{ k8s_host }}" @@ -207,7 +210,8 @@ - idp - name: Configure identity providers - k8s: + delegate_to: localhost + kubernetes.core.k8s: state: present kubeconfig: "{{ k8s_kubeconfig }}" host: "{{ k8s_host }}" @@ -230,7 +234,8 @@ ########################################################################################### - name: Setup cluster role bindings - k8s: + delegate_to: localhost + kubernetes.core.k8s: state: present kubeconfig: "{{ k8s_kubeconfig }}" host: "{{ k8s_host }}" diff --git a/docs/add-ons.md b/docs/add-ons.md index f1e25b5e..02acd690 100644 --- a/docs/add-ons.md +++ b/docs/add-ons.md @@ -55,7 +55,8 @@ Here an example of tasks/main.yml --- # tasks file for hetzner-ocp4-add-on-example - name: Create namespace - k8s: + delegate_to: localhost + kubernetes.core.k8s: state: present kubeconfig: "{{ k8s_kubeconfig }}" host: "{{ k8s_host }}" @@ -69,7 +70,8 @@ Here an example of tasks/main.yml name: hetzner-ocp4-add-on-example - name: Create Deployment - k8s: + delegate_to: localhost + kubernetes.core.k8s: state: present kubeconfig: "{{ k8s_kubeconfig }}" host: "{{ k8s_host }}" diff --git a/ee-requirements.yml b/ee-requirements.yml index 2e9e448b..2d08a7d5 100644 --- a/ee-requirements.yml +++ b/ee-requirements.yml @@ -10,4 +10,5 @@ collections: - ansible.posix - community.azure - community.aws - - community.digitalocean \ No newline at end of file + - community.digitalocean + - community.kubernetes From 83fa6c423e6b16583a90749a1c98f2af132db644 Mon Sep 17 00:00:00 2001 From: Robert Bohne Date: Fri, 18 Mar 2022 11:55:41 +0100 Subject: [PATCH 14/33] Ignore context/ --- .gitignore | 1 + 1 file changed, 1 insertion(+) diff --git a/.gitignore b/.gitignore index bab10c45..66d81482 100644 --- a/.gitignore +++ b/.gitignore @@ -2,3 +2,4 @@ cluster.yml .DS_Store certificate/ ansible-navigator.log +context/ \ No newline at end of file From a90e2fa1f29e532c32e19ee89ef1055cb547ded0 Mon Sep 17 00:00:00 2001 From: Robert Bohne Date: Fri, 18 Mar 2022 11:55:46 +0100 Subject: [PATCH 15/33] Update README.md --- README.md | 24 ++++++++++++++++++++---- 1 file changed, 20 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 055b9fa2..cc21fbb1 100644 --- a/README.md +++ b/README.md @@ -63,8 +63,7 @@ subscription-manager register # get pool id via: # subscription-manager list --available - -subscription-manager attach --pool=... +subscription-manager attach [--auto] --pool=... subscription-manager repos --disable=* @@ -84,10 +83,15 @@ yum install -y centos-release-ansible-29.noarch ## Initialize tools -Install ansible (min version 2.9) and git +Install ansible-navigator, git and podman ``` -yum install -y ansible-navigator git +yum install -y ansible-navigator git podman +``` + +``` +ssh-keygen +cat ~/.ssh/*.pub >> ~/.ssh/authorized_keys ``` You are now ready to clone this project to your CentOS system. @@ -230,7 +234,19 @@ Please configure in `cluster.yml` all necessary credentials: |Start cluster after reboot|```ansible-navigator run -m stdout ./ansible/04-start-cluster.yml``` +# Build / Development + +## Build ansible execution enviorment + +```bash +ansible-builder build \ + --container-runtime podman \ + --tag quay.io/redhat-emea-ssa-team/hetzner-ocp4-ansible-ee:devel + +podman push quay.io/redhat-emea-ssa-team/hetzner-ocp4-ansible-ee:devel +``` # Stargazers over time [![Stargazers over time](https://starchart.cc/RedHat-EMEA-SSA-Team/hetzner-ocp4.svg)](https://starchart.cc/RedHat-EMEA-SSA-Team/hetzner-ocp4) + From 35fa3dca67f43f24325d69df36e650a79006a1d7 Mon Sep 17 00:00:00 2001 From: Robert Bohne Date: Fri, 18 Mar 2022 14:33:26 +0100 Subject: [PATCH 16/33] Fixed post-install tags --- ansible/roles/openshift-4-cluster/tasks/post-install.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ansible/roles/openshift-4-cluster/tasks/post-install.yml b/ansible/roles/openshift-4-cluster/tasks/post-install.yml index 00d82724..f9f9673a 100644 --- a/ansible/roles/openshift-4-cluster/tasks/post-install.yml +++ b/ansible/roles/openshift-4-cluster/tasks/post-install.yml @@ -65,6 +65,8 @@ retries: 60 delay: 60 until: install_status.rc == 0 + tags: + - post-install ########################################################################################### # Install letsencrypt certificates From 4ae73543c482ee755153b2f94de7865f88284ed5 Mon Sep 17 00:00:00 2001 From: Robert Bohne Date: Fri, 18 Mar 2022 16:48:03 +0100 Subject: [PATCH 17/33] fixed ansible warnings --- ansible.cfg | 1 - .../cluster-entitlement/tasks/post-install.yaml | 2 +- ansible/roles/openshift-4-cluster/tasks/destroy.yml | 6 +++--- ansible/roles/openshift-4-cluster/tasks/post-install.yml | 6 +++--- ansible/roles/openshift-4-cluster/tasks/prepare-host.yml | 2 +- ansible/roles/openshift-4-cluster/tasks/start.yml | 6 +++--- ansible/roles/openshift-4-cluster/tasks/stop.yml | 2 +- 7 files changed, 12 insertions(+), 13 deletions(-) diff --git a/ansible.cfg b/ansible.cfg index 30f9dadb..627086d1 100644 --- a/ansible.cfg +++ b/ansible.cfg @@ -22,7 +22,6 @@ gathering = smart # fact_caching = jsonfile # fact_caching_connection = $HOME/ansible/facts # fact_caching_timeout = 600 -callback_whitelist = profile_tasks inventory_ignore_extensions = secrets.py, .pyc, .cfg, .crt, .ini # work around privilege escalation timeouts in ansible: timeout = 30 diff --git a/ansible/add-on-roles/cluster-entitlement/tasks/post-install.yaml b/ansible/add-on-roles/cluster-entitlement/tasks/post-install.yaml index 5f0d32f2..94a4662c 100644 --- a/ansible/add-on-roles/cluster-entitlement/tasks/post-install.yaml +++ b/ansible/add-on-roles/cluster-entitlement/tasks/post-install.yaml @@ -4,5 +4,5 @@ msg: "Run cluster entitlement against {{ kubeconfig }}" - name: "Include entitlement-from-rhel-node.yaml" - include: "entitlement-from-rhel-node.yaml" + include_tasks: "entitlement-from-rhel-node.yaml" when: ansible_distribution == "RedHat" diff --git a/ansible/roles/openshift-4-cluster/tasks/destroy.yml b/ansible/roles/openshift-4-cluster/tasks/destroy.yml index 105891e0..a791803e 100644 --- a/ansible/roles/openshift-4-cluster/tasks/destroy.yml +++ b/ansible/roles/openshift-4-cluster/tasks/destroy.yml @@ -9,16 +9,16 @@ msg: "Letsencrypt certifcates stays...." tags: letsencrypt -- include: destroy-vm.yml +- include_tasks: destroy-vm.yml vars: vm_instance_name: "{{ cluster_name }}-bootstrap" -- include: destroy-vm.yml +- include_tasks: destroy-vm.yml vars: vm_instance_name: "{{ cluster_name }}-master-{{ item }}" with_sequence: start=0 end="{{ master_count|int - 1 }}" stride=1 -- include: destroy-vm.yml +- include_tasks: destroy-vm.yml vars: vm_instance_name: "{{ cluster_name }}-compute-{{ item }}" with_sequence: start=0 end="{{ compute_count|int - 1 if compute_count|int > 0 else 0 }}" stride=1 diff --git a/ansible/roles/openshift-4-cluster/tasks/post-install.yml b/ansible/roles/openshift-4-cluster/tasks/post-install.yml index f9f9673a..ea893fe3 100644 --- a/ansible/roles/openshift-4-cluster/tasks/post-install.yml +++ b/ansible/roles/openshift-4-cluster/tasks/post-install.yml @@ -12,7 +12,7 @@ until: bootstrap_status.rc == 0 - name: Destroy bootstrap node - include: destroy-vm.yml + include_tasks: destroy-vm.yml vars: vm_instance_name: "{{ cluster_name }}-bootstrap" @@ -71,7 +71,7 @@ ########################################################################################### # Install letsencrypt certificates ########################################################################################### -- include: certificate-install.yml +- include_tasks: certificate-install.yml when: letsencrypt_disabled == false tags: - post-install @@ -267,7 +267,7 @@ ########################################################################################### - name: Include post-install-add-ons - include: post-install-add-ons.yml + include_tasks: post-install-add-ons.yml when: add_ons_enabled tags: - post-install diff --git a/ansible/roles/openshift-4-cluster/tasks/prepare-host.yml b/ansible/roles/openshift-4-cluster/tasks/prepare-host.yml index ed935916..9ed65690 100644 --- a/ansible/roles/openshift-4-cluster/tasks/prepare-host.yml +++ b/ansible/roles/openshift-4-cluster/tasks/prepare-host.yml @@ -1,6 +1,6 @@ --- - name: Include OS specific part - include: "prepare-host-{{ ansible_distribution }}-{{ ansible_distribution_major_version }}.yml" + include_tasks: "prepare-host-{{ ansible_distribution }}-{{ ansible_distribution_major_version }}.yml" - name: Enable and Start libvirtd systemd: diff --git a/ansible/roles/openshift-4-cluster/tasks/start.yml b/ansible/roles/openshift-4-cluster/tasks/start.yml index 70a49756..20ffdc47 100644 --- a/ansible/roles/openshift-4-cluster/tasks/start.yml +++ b/ansible/roles/openshift-4-cluster/tasks/start.yml @@ -1,15 +1,15 @@ --- # Should be stopped / destroyed -# - include: start-vm.yml +# - include_tasks: start-vm.yml # vars: # vm_instance_name: "{{ cluster_name }}-bootstrap" -- include: start-vm.yml +- include_tasks: start-vm.yml vars: vm_instance_name: "{{ cluster_name }}-master-{{ item }}" with_sequence: start=0 end="{{ master_count|int - 1 }}" stride=1 -- include: start-vm.yml +- include_tasks: start-vm.yml vars: vm_instance_name: "{{ cluster_name }}-compute-{{ item }}" with_sequence: start=0 end="{{ compute_count|int - 1 if compute_count|int > 0 else 0 }}" stride=1 diff --git a/ansible/roles/openshift-4-cluster/tasks/stop.yml b/ansible/roles/openshift-4-cluster/tasks/stop.yml index c98b0b54..df9ad234 100644 --- a/ansible/roles/openshift-4-cluster/tasks/stop.yml +++ b/ansible/roles/openshift-4-cluster/tasks/stop.yml @@ -1,6 +1,6 @@ --- # Should be stopped / destroyed -# - include: stop-vm.yml +# - include_tasks: stop-vm.yml # vars: # vm_instance_name: "{{ cluster_name }}-bootstrap" From 747c350629850e701ef8dd8cc988b32685c015ac Mon Sep 17 00:00:00 2001 From: Robert Bohne Date: Tue, 22 Mar 2022 20:52:20 +0100 Subject: [PATCH 18/33] Fixed rocky 8 installation --- README.md | 21 ++++++++++++++----- .../tasks/prepare-host-Rocky-8.yml | 7 ------- 2 files changed, 16 insertions(+), 12 deletions(-) diff --git a/README.md b/README.md index cc21fbb1..1bd41f65 100644 --- a/README.md +++ b/README.md @@ -72,6 +72,22 @@ subscription-manager repos \ --enable=rhel-8-for-x86_64-appstream-rpms \ --enable=rhel-8-for-x86_64-highavailability-rpms \ --enable=ansible-automation-platform-2.1-for-rhel-8-x86_64-rpms + + +yum install -y ansible-navigator git podman + +``` + +## In case of Rocky Linux 8 + +Ansible navigator installation based on the upstream [documentation](https://ansible-navigator.readthedocs.io/en/latest/installation/#install-ansible-navigator). + +```bash +dnf install -y python3-pip podman git +python3 -m pip install ansible-navigator --user +echo 'export PATH=$HOME/.local/bin:$PATH' >> ~/.profile +source ~/.profile + ``` ## In case of CentOS Stream 8 🚨 currently broken due to issue [#205](https://github.com/RedHat-EMEA-SSA-Team/hetzner-ocp4/issues/205) @@ -83,11 +99,6 @@ yum install -y centos-release-ansible-29.noarch ## Initialize tools -Install ansible-navigator, git and podman - -``` -yum install -y ansible-navigator git podman -``` ``` ssh-keygen diff --git a/ansible/roles/openshift-4-cluster/tasks/prepare-host-Rocky-8.yml b/ansible/roles/openshift-4-cluster/tasks/prepare-host-Rocky-8.yml index c1ea8e08..ffbe7caa 100644 --- a/ansible/roles/openshift-4-cluster/tasks/prepare-host-Rocky-8.yml +++ b/ansible/roles/openshift-4-cluster/tasks/prepare-host-Rocky-8.yml @@ -6,13 +6,6 @@ - "@virtualization-client" - "@virtualization-platform" - "@virtualization-tools" - # ansible virt need lxml - - python3-lxml - - python3-pip - # Important for python3-openshift - - python3-requests-oauthlib - # Need's epel - is enabled by default on hetzner - - python3-openshift state: present - name: Upgrade all packages From 841816cbc6ebd0f7a1dcbc2f4bffb9a418016c7c Mon Sep 17 00:00:00 2001 From: Robert Bohne Date: Tue, 22 Mar 2022 21:41:04 +0100 Subject: [PATCH 19/33] Fixed Centos 8 and Rocky --- README.md | 9 +-------- .../tasks/prepare-host-CentOS-8.yml | 12 ------------ .../tasks/prepare-host-Rocky-8.yml | 3 +++ 3 files changed, 4 insertions(+), 20 deletions(-) diff --git a/README.md b/README.md index 1bd41f65..bd894ec8 100644 --- a/README.md +++ b/README.md @@ -78,7 +78,7 @@ yum install -y ansible-navigator git podman ``` -## In case of Rocky Linux 8 +## In case of Rocky Linux 8 or Centos 8 Ansible navigator installation based on the upstream [documentation](https://ansible-navigator.readthedocs.io/en/latest/installation/#install-ansible-navigator). @@ -90,13 +90,6 @@ source ~/.profile ``` -## In case of CentOS Stream 8 🚨 currently broken due to issue [#205](https://github.com/RedHat-EMEA-SSA-Team/hetzner-ocp4/issues/205) - -Enable ansible repo: -``` -yum install -y centos-release-ansible-29.noarch -``` - ## Initialize tools diff --git a/ansible/roles/openshift-4-cluster/tasks/prepare-host-CentOS-8.yml b/ansible/roles/openshift-4-cluster/tasks/prepare-host-CentOS-8.yml index 850b276a..d80b795d 100644 --- a/ansible/roles/openshift-4-cluster/tasks/prepare-host-CentOS-8.yml +++ b/ansible/roles/openshift-4-cluster/tasks/prepare-host-CentOS-8.yml @@ -1,11 +1,5 @@ --- -- name: Enable EPEL release - yum: - name: - - epel-release.noarch - state: present - - name: Installing KVM Packages yum: name: @@ -15,12 +9,6 @@ - "@virtualization-tools" # ansible virt need lxml - python3-lxml - - python3-pip - # Important for python3-openshift - - python3-requests-oauthlib - # Need's epel - is enabled by default on hetzner - - python3-openshift - # It looks like firewalld is not installed in CentOS Stream - firewalld state: present diff --git a/ansible/roles/openshift-4-cluster/tasks/prepare-host-Rocky-8.yml b/ansible/roles/openshift-4-cluster/tasks/prepare-host-Rocky-8.yml index ffbe7caa..64836668 100644 --- a/ansible/roles/openshift-4-cluster/tasks/prepare-host-Rocky-8.yml +++ b/ansible/roles/openshift-4-cluster/tasks/prepare-host-Rocky-8.yml @@ -6,6 +6,9 @@ - "@virtualization-client" - "@virtualization-platform" - "@virtualization-tools" + # ansible virt need lxml + - python3-lxml + - firewalld state: present - name: Upgrade all packages From 008e3716c2bced11369f061edf606b97c2d554d1 Mon Sep 17 00:00:00 2001 From: Robert Bohne Date: Tue, 22 Mar 2022 22:19:41 +0100 Subject: [PATCH 20/33] Improve README --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index bd894ec8..88704f12 100644 --- a/README.md +++ b/README.md @@ -213,8 +213,8 @@ Please configure in `cluster.yml` all necessary credentials: ## Prepare kvm-host and install OpenShift ``` -[root@server ~]# cd hetzner-ocp4 -[root@server ~]# ansible-navigator run -m stdout ./ansible/setup.yml +cd hetzner-ocp4 +ansible-navigator run -m stdout ./ansible/setup.yml ``` # Additional documentation From 26a3dcf0f5193abcc8277fc29bec4328d4fabb4e Mon Sep 17 00:00:00 2001 From: Robert Bohne Date: Mon, 28 Mar 2022 11:41:51 +0200 Subject: [PATCH 21/33] Fixed inventory --- inventory/hosts.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/inventory/hosts.yaml b/inventory/hosts.yaml index b838923a..fd00a829 100644 --- a/inventory/hosts.yaml +++ b/inventory/hosts.yaml @@ -1,5 +1,5 @@ --- -host: +all: hosts: host: ansible_host: localhost From c6b95f0ec1624059f28907b9533f00714b8fdf00 Mon Sep 17 00:00:00 2001 From: Robert Bohne Date: Mon, 28 Mar 2022 11:51:38 +0200 Subject: [PATCH 22/33] Remove warning --- README.md | 2 -- 1 file changed, 2 deletions(-) diff --git a/README.md b/README.md index 88704f12..31daa227 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,3 @@ -### 🚨 Warning: Installation on Centos 8 Stream might fail due to issue [#205](https://github.com/RedHat-EMEA-SSA-Team/hetzner-ocp4/issues/205) - # Disclaimer This environment has been created for the sole purpose of providing an easy to deploy and consume a Red Hat OpenShift Container Platform 4 environment *as a sandpit*. From 13195cff88ff58a622864e06ce4e5e14bb54c5a0 Mon Sep 17 00:00:00 2001 From: Robert Bohne Date: Wed, 27 Apr 2022 11:53:01 +0200 Subject: [PATCH 23/33] Run dns api in ee not on target node - fixed bug #214 --- ansible/roles/letsencrypt/tasks/main.yml | 12 ++++++++++++ .../openshift-4-cluster/tasks/create-network.yml | 1 + .../openshift-4-cluster/tasks/destroy-network.yml | 1 + 3 files changed, 14 insertions(+) diff --git a/ansible/roles/letsencrypt/tasks/main.yml b/ansible/roles/letsencrypt/tasks/main.yml index 3b6d21c6..2283b1e3 100644 --- a/ansible/roles/letsencrypt/tasks/main.yml +++ b/ansible/roles/letsencrypt/tasks/main.yml @@ -56,6 +56,7 @@ when: sample_com_challenge is changed - name: Create DNS record at CloudFlare + delegate_to: localhost cloudflare_dns: zone: "{{ le_cloudflare_zone }}" record: "{{ item.0.key }}" @@ -70,6 +71,7 @@ when: le_dns_provider == "cloudflare" and sample_com_challenge is changed - name: Create DNS record at Route53 + delegate_to: localhost route53: state: present zone: "{{ le_aws_zone }}" @@ -85,6 +87,7 @@ when: le_dns_provider == "route53" and sample_com_challenge is changed - name: Create DNS record at GCP + delegate_to: localhost gcp_dns_resource_record_set: name: "{{ item.0.key }}." type: TXT @@ -103,6 +106,7 @@ when: le_dns_provider == "gcp" and sample_com_challenge is changed - name: Create DNS record at Azure + delegate_to: localhost azure_rm_dnsrecordset: client_id: "{{ le_azure_client_id }}" secret: "{{ le_azure_secret }}" @@ -121,6 +125,7 @@ when: le_dns_provider == "azure" and sample_com_challenge is changed - name: Create DNS record at TransIP + delegate_to: localhost uri: url: "https://api.transip.nl/v6/domains/{{ transip_zone }}/dns" method: POST @@ -145,6 +150,7 @@ when: sample_com_challenge is changed - name: Include DNS provider + delegate_to: localhost include_tasks: "create-{{ le_dns_provider }}.yml" when: - le_dns_provider in ['hetzner', 'digitalocean'] @@ -171,6 +177,7 @@ when: sample_com_challenge is changed - name: Delete DNS record at CloudFlare + delegate_to: localhost cloudflare_dns: zone: "{{ le_cloudflare_zone }}" record: "{{ item.0.key }}" @@ -185,6 +192,7 @@ when: le_dns_provider == "cloudflare" and sample_com_challenge is changed - name: Delete DNS record at Route53 + delegate_to: localhost route53: state: absent zone: "{{ le_aws_zone }}" @@ -200,6 +208,7 @@ when: le_dns_provider == "route53" and sample_com_challenge is changed - name: Delete DNS record at GCP + delegate_to: localhost gcp_dns_resource_record_set: name: "{{ item.0.key }}." managed_zone: @@ -218,6 +227,7 @@ when: le_dns_provider == "gcp" and sample_com_challenge is changed - name: Delete DNS record at Azure + delegate_to: localhost azure_rm_dnsrecordset: client_id: "{{ le_azure_client_id }}" secret: "{{ le_azure_secret }}" @@ -233,6 +243,7 @@ when: le_dns_provider == "azure" and sample_com_challenge is changed - name: Delete DNS record at TransIP + delegate_to: localhost uri: url: "https://api.transip.nl/v6/domains/{{ transip_zone }}/dns" method: DELETE @@ -251,6 +262,7 @@ when: le_dns_provider == "transip" and sample_com_challenge is changed - name: Include DNS provider + delegate_to: localhost include_tasks: "destroy-{{ le_dns_provider }}.yml" when: - le_dns_provider in ['hetzner', 'digitalocean'] diff --git a/ansible/roles/openshift-4-cluster/tasks/create-network.yml b/ansible/roles/openshift-4-cluster/tasks/create-network.yml index 874b0c2e..3a8e90ea 100644 --- a/ansible/roles/openshift-4-cluster/tasks/create-network.yml +++ b/ansible/roles/openshift-4-cluster/tasks/create-network.yml @@ -136,6 +136,7 @@ # Public DNS # - name: Create public dns entries + delegate_to: localhost import_role: name: public_dns tasks_from: create.yml diff --git a/ansible/roles/openshift-4-cluster/tasks/destroy-network.yml b/ansible/roles/openshift-4-cluster/tasks/destroy-network.yml index 5a3c6df4..1f4d904a 100644 --- a/ansible/roles/openshift-4-cluster/tasks/destroy-network.yml +++ b/ansible/roles/openshift-4-cluster/tasks/destroy-network.yml @@ -1,5 +1,6 @@ --- - name: Destroy public dns entries + delegate_to: localhost import_role: name: public_dns tasks_from: destroy.yml From daf34a69624d1d5828e62c623a7e41f0f45d8a58 Mon Sep 17 00:00:00 2001 From: Robert Bohne Date: Wed, 27 Apr 2022 14:28:57 +0200 Subject: [PATCH 24/33] Use host instead of localhost in playbooks --- ansible/03-stop-cluster.yml | 3 +-- ansible/04-start-cluster.yml | 3 +-- ansible/renewal-certificate.yml | 2 +- ansible/run-add-ons.yml | 2 +- 4 files changed, 4 insertions(+), 6 deletions(-) diff --git a/ansible/03-stop-cluster.yml b/ansible/03-stop-cluster.yml index c59c2ebc..47ee2489 100644 --- a/ansible/03-stop-cluster.yml +++ b/ansible/03-stop-cluster.yml @@ -1,7 +1,6 @@ --- # If you like to play: ./ansible/create.yml --skip-tags public_dns,letsencrypt -- hosts: localhost - connection: local +- hosts: host # gather_facts true because we need the public ip address gather_facts: true vars_files: diff --git a/ansible/04-start-cluster.yml b/ansible/04-start-cluster.yml index 4c2b4ee7..dc6a59c2 100644 --- a/ansible/04-start-cluster.yml +++ b/ansible/04-start-cluster.yml @@ -1,7 +1,6 @@ --- # If you like to play: ./ansible/create.yml --skip-tags public_dns,letsencrypt -- hosts: localhost - connection: local +- hosts: host # gather_facts true because we need the public ip address gather_facts: true vars_files: diff --git a/ansible/renewal-certificate.yml b/ansible/renewal-certificate.yml index f9c1f976..67569e50 100644 --- a/ansible/renewal-certificate.yml +++ b/ansible/renewal-certificate.yml @@ -1,5 +1,5 @@ --- -- hosts: localhost +- hosts: host vars_files: - ../cluster.yml tasks: diff --git a/ansible/run-add-ons.yml b/ansible/run-add-ons.yml index 6926e555..b4711fa1 100644 --- a/ansible/run-add-ons.yml +++ b/ansible/run-add-ons.yml @@ -1,7 +1,7 @@ --- - name: Test - hosts: localhost + hosts: host connection: local # gather_facts: no vars_files: From 6fef495c2c052b17f42167dc725630a074420689 Mon Sep 17 00:00:00 2001 From: Robert Bohne Date: Wed, 27 Apr 2022 14:29:24 +0200 Subject: [PATCH 25/33] Update ansible-navigator config --- ansible-navigator.yaml | 86 ++---------------------------------------- 1 file changed, 4 insertions(+), 82 deletions(-) diff --git a/ansible-navigator.yaml b/ansible-navigator.yaml index 425ae8b0..9b9b74ff 100644 --- a/ansible-navigator.yaml +++ b/ansible-navigator.yaml @@ -1,90 +1,12 @@ --- ansible-navigator: -# ansible: -# config: /tmp/ansible.cfg -# cmdline: "--forks 15" -# inventories: -# - /tmp/test_inventory.yml -# playbook: /tmp/test_playbook.yml -# -# ansible-builder: -# workdir: /tmp/ -# -# ansible-runner: -# artifact-dir: /tmp/test1 -# rotate-artifacts-count: 10 -# timeout: 300 -# -# app: run -# -# collection-doc-cache-path: /tmp/cache.db -# -# color: -# enable: False -# osc4: False -# -# documentation: -# plugin: -# name: shell -# type: become -# -# editor: -# command: vim_from_setting -# console: False -# -# exec: -# shell: False -# command: /bin/foo -# execution-environment: -# container-engine: podman -# enabled: False -# environment-variables: -# pass: -# - ONE -# - TWO -# - THREE -# set: -# KEY1: VALUE1 -# KEY2: VALUE2 -# KEY3: VALUE3 image: quay.io/redhat-emea-ssa-team/hetzner-ocp4-ansible-ee:devel -# pull: -# arguments: -# - "--tls-verify=false" -# policy: never -# volume-mounts: -# - src: "/tmp" -# dest: "/test1" -# options: "Z" container-options: - "--net=host" -# -# help-builder: False -# -# help-config: True -# -# help-doc: True -# -# help-inventory: True -# -# help-playbook: False -# -# inventory-columns: -# - ansible_network_os -# - ansible_network_cli_ssh_type -# - ansible_connection -# logging: level: critical - # append: False - # file: /tmp/log.txt - # - # mode: stdout - # - # playbook-artifact: - # enable: True - # replay: /tmp/test_artifact.json - # save-as: /tmp/test_artifact.json - # - # time-zone: Japanubscription-manager repos --enable ansible-automation-platform-2.1-for-rhel-8-x86_64-rpms + mode: stdout + playbook-artifact: + enable: True + save-as: /tmp/hetzner-ocp4-{playbook_name}-artifact-{ts_utc}.json From 068510e43bd0d785e4c0c05676f9fd52697be2f6 Mon Sep 17 00:00:00 2001 From: Robert Bohne Date: Wed, 27 Apr 2022 15:37:15 +0200 Subject: [PATCH 26/33] Fixed delegate_to --- ansible/roles/letsencrypt/tasks/create-digitalocean.yml | 1 + ansible/roles/letsencrypt/tasks/create-hetzner.yml | 2 ++ ansible/roles/letsencrypt/tasks/destroy-digitalocean.yml | 1 + ansible/roles/letsencrypt/tasks/destroy-hetzner.yml | 1 + ansible/roles/letsencrypt/tasks/main.yml | 2 -- 5 files changed, 5 insertions(+), 2 deletions(-) diff --git a/ansible/roles/letsencrypt/tasks/create-digitalocean.yml b/ansible/roles/letsencrypt/tasks/create-digitalocean.yml index 3a0f50a7..7bf6277a 100644 --- a/ansible/roles/letsencrypt/tasks/create-digitalocean.yml +++ b/ansible/roles/letsencrypt/tasks/create-digitalocean.yml @@ -1,6 +1,7 @@ --- - name: Create DNS record at DigitalOcean + delegate_to: localhost community.digitalocean.digital_ocean_domain_record: oauth_token: "{{ digitalocean_token }}" state: present diff --git a/ansible/roles/letsencrypt/tasks/create-hetzner.yml b/ansible/roles/letsencrypt/tasks/create-hetzner.yml index 61593ea9..2590932e 100644 --- a/ansible/roles/letsencrypt/tasks/create-hetzner.yml +++ b/ansible/roles/letsencrypt/tasks/create-hetzner.yml @@ -1,6 +1,7 @@ --- - name: Get DNS zone id at Hetzner + delegate_to: localhost uri: url: "https://dns.hetzner.com/api/v1/zones" body_format: json @@ -13,6 +14,7 @@ register: le_hetzner_zone_id - name: Create letsencrypt DNS record at Hetzner + delegate_to: localhost uri: url: "https://dns.hetzner.com/api/v1/records" method: POST diff --git a/ansible/roles/letsencrypt/tasks/destroy-digitalocean.yml b/ansible/roles/letsencrypt/tasks/destroy-digitalocean.yml index aa5e01c7..daf4f47e 100644 --- a/ansible/roles/letsencrypt/tasks/destroy-digitalocean.yml +++ b/ansible/roles/letsencrypt/tasks/destroy-digitalocean.yml @@ -1,6 +1,7 @@ --- - name: Destroy DNS record at DigitalOcean + delegate_to: localhost community.digitalocean.digital_ocean_domain_record: oauth_token: "{{ digitalocean_token }}" state: absent diff --git a/ansible/roles/letsencrypt/tasks/destroy-hetzner.yml b/ansible/roles/letsencrypt/tasks/destroy-hetzner.yml index c271178e..43a91354 100644 --- a/ansible/roles/letsencrypt/tasks/destroy-hetzner.yml +++ b/ansible/roles/letsencrypt/tasks/destroy-hetzner.yml @@ -1,5 +1,6 @@ --- - name: Delete DNS record at Hetzner + delegate_to: localhost uri: # noqa no-handler url: "https://dns.hetzner.com/api/v1/records/{{ item.json.record.id }}" method: DELETE diff --git a/ansible/roles/letsencrypt/tasks/main.yml b/ansible/roles/letsencrypt/tasks/main.yml index 2283b1e3..ec3b749e 100644 --- a/ansible/roles/letsencrypt/tasks/main.yml +++ b/ansible/roles/letsencrypt/tasks/main.yml @@ -150,7 +150,6 @@ when: sample_com_challenge is changed - name: Include DNS provider - delegate_to: localhost include_tasks: "create-{{ le_dns_provider }}.yml" when: - le_dns_provider in ['hetzner', 'digitalocean'] @@ -262,7 +261,6 @@ when: le_dns_provider == "transip" and sample_com_challenge is changed - name: Include DNS provider - delegate_to: localhost include_tasks: "destroy-{{ le_dns_provider }}.yml" when: - le_dns_provider in ['hetzner', 'digitalocean'] From 9f3736852011acc09a6c6911f043dfc5266f733a Mon Sep 17 00:00:00 2001 From: Robert Bohne Date: Fri, 10 Jun 2022 08:48:31 +0200 Subject: [PATCH 27/33] Fixed docs/air-gapped/prep-mirror-registry.yaml for ansible-navigator --- docs/air-gapped/prep-mirror-registry.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/air-gapped/prep-mirror-registry.yaml b/docs/air-gapped/prep-mirror-registry.yaml index f732ee50..98867d6e 100755 --- a/docs/air-gapped/prep-mirror-registry.yaml +++ b/docs/air-gapped/prep-mirror-registry.yaml @@ -1,7 +1,6 @@ #!/usr/bin/env ansible-playbook --- -- hosts: localhost - connection: local +- hosts: host # gather_facts true because we need the public ip address gather_facts: false tags: @@ -112,6 +111,7 @@ copy: src: "{{certs_dir}}/ca.crt" dest: /etc/pki/ca-trust/source/anchors/ + remote_src: true - name: Update ca trust shell: | From ede8dbe0066e8970fb66e51d5d19b41660984d72 Mon Sep 17 00:00:00 2001 From: Robert Bohne Date: Fri, 10 Jun 2022 13:38:27 +0200 Subject: [PATCH 28/33] Update docs/air-gapped --- docs/air-gapped.md | 57 ++++++++++++++++++++++++++++++++++------------ 1 file changed, 43 insertions(+), 14 deletions(-) diff --git a/docs/air-gapped.md b/docs/air-gapped.md index aed26c1c..01e7cf28 100644 --- a/docs/air-gapped.md +++ b/docs/air-gapped.md @@ -9,18 +9,21 @@ Create only the network, important to install and start the mirror registry add network_forward_mode: "route" ``` into `cluster.yml` and setup the network: -``` -./ansible/02-create-cluster.yml --tags network + +```bash +# ansible-navigator run ./ansible/02-create-cluster.yml \ + [-e @cluster-air-gapped.yml \] + --tags network ``` ## Setup mirror registry on kvm-host ### via Office quay mirror registry -https://docs.openshift.com/container-platform/4.9/installing/installing-mirroring-installation-images.html#mirror-registry +https://docs.openshift.com/container-platform/latest/installing/disconnected_install/installing-mirroring-creating-registry.html ``` -./docs/air-gapped/setup-registry.yam +ansible-navigator run ./docs/air-gapped/prep-mirror-registry.yaml [-e @cluster-air-gapped.yml] ./mirror-registry install \ --quayHostname host.compute.local:5000 \ @@ -29,9 +32,13 @@ https://docs.openshift.com/container-platform/4.9/installing/installing-mirrorin --sslKey /var/lib/libvirt/images/mirror-registry/certs/registry.key \ --sslCert /var/lib/libvirt/images/mirror-registry/certs/registry.crt \ --initPassword r3dh4t\!1 + +podman login --username init --password r3dh4t\!1 \ + --authfile mirror-registry-pullsecret.json \ + host.compute.local:5000 ``` -### via Docker registry +### via Docker registry - deprecated ``` ./docs/air-gapped/setup-registry.yaml @@ -64,7 +71,9 @@ jq -s '{"auths": ( .[0].auths + .[1].auths ) }' mirror-registry-pullsecret.json Install oc client ``` -./ansible/02-create-cluster.yml --tags download-openshift-artifacts +# ansible-navigator run ./ansible/02-create-cluster.yml \ + [-e @cluster-air-gapped.yml \] + --tags network ``` Mirror images: @@ -193,15 +202,21 @@ image_pull_secret: | ## Install cluster ``` -./ansible/02-create-cluster.yml +# ansible-navigator run ./ansible/02-create-cluster.yml [-e @cluster-air-gapped.yml \] ``` ## Sync Operatorhub Not all operators support disconnected environments: [Red Hat Operators Supported in Disconnected Mode](https://access.redhat.com/articles/4740011) -How to sync operators with OpenShift 4.8: [official documentation](https://docs.openshift.com/container-platform/4.8/operators/admin/olm-restricted-networks.html) +How to sync operators with OpenShift 4.8: [official documentation](https://docs.openshift.com/container-platform/latest/operators/admin/olm-restricted-networks.html) + +### Disable default catalog source +``` +oc patch OperatorHub cluster --type json \ + -p '[{"op": "add", "path": "/spec/disableAllDefaultSources", "value": true}]' +``` ### run index @@ -213,18 +228,32 @@ podman run -p50051:50051 \ ### Export names +Install grpcurl +``` grpcurl -plaintext localhost:50051 api.Registry/ListPackages > packages.out +``` -## Sync image for `oc debug node/` +### Sync Index -``` -oc image mirror -a ${LOCAL_SECRET_JSON} \ - registry.redhat.io/rhel7/support-tools:latest \ - ${LOCAL_REGISTRY}/rhel7/support-tools:latest +```bash + +opm index prune \ + -f registry.redhat.io/redhat/redhat-operator-index:v4.10 \ + -p codeready-workspaces2 \ + -t ${LOCAL_REGISTRY}/olm/redhat-operator-index:v4.10 + + +podman push ${LOCAL_REGISTRY}/olm/redhat-operator-index:v4.10 -oc debug node/compute-0 --image=${LOCAL_REGISTRY}/rhel7/support-tools:latest ``` +``` +oc adm catalog mirror \ + ${LOCAL_REGISTRY}/olm/redhat-operator-index:v4.10 \ + ${LOCAL_REGISTRY}/olm \ + --manifests-only \ + -a ${LOCAL_SECRET_JSON} +``` ## If `storage_nfs: true` From dfe739cc606ae32dfb68086194e96ca7ec297140 Mon Sep 17 00:00:00 2001 From: Robert Bohne Date: Fri, 10 Jun 2022 18:36:54 +0200 Subject: [PATCH 29/33] Fixed nfs-prov. image (docs/air-gapped) --- docs/air-gapped.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/air-gapped.md b/docs/air-gapped.md index 01e7cf28..8003250a 100644 --- a/docs/air-gapped.md +++ b/docs/air-gapped.md @@ -260,7 +260,7 @@ oc adm catalog mirror \ 1) Copy nfs-client-provisioner image ```bash oc image mirror -a ${LOCAL_SECRET_JSON} \ - quay.io/external_storage/nfs-client-provisioner:latest \ + k8s.gcr.io/sig-storage/nfs-subdir-external-provisioner:v4.0.2 \ ${LOCAL_REGISTRY}/${LOCAL_REPOSITORY}:nfs-client-provisioner-latest ``` From 499944bf89c71c39f9b09ba82a16014ae02072af Mon Sep 17 00:00:00 2001 From: Robert Bohne Date: Sun, 19 Jun 2022 21:04:35 +0200 Subject: [PATCH 30/33] Fixed tags heredity --- ansible/roles/openshift-4-cluster/tasks/create.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/ansible/roles/openshift-4-cluster/tasks/create.yml b/ansible/roles/openshift-4-cluster/tasks/create.yml index c13f2d25..f447a0be 100644 --- a/ansible/roles/openshift-4-cluster/tasks/create.yml +++ b/ansible/roles/openshift-4-cluster/tasks/create.yml @@ -73,7 +73,10 @@ when: not letsencrypt_disabled - name: Download OpenShift Artifacts - include_tasks: download-openshift-artifacts.yml + # Work-a-round: tags inheritance don't work without a block. + # https://github.com/ansible/ansible/issues/41540#issuecomment-419433375 + block: + - include_tasks: download-openshift-artifacts.yml tags: download-openshift-artifacts - name: Create ignition files From 7a118f6805ba11a2005a77cc2f3cf598c39ae94d Mon Sep 17 00:00:00 2001 From: Robert Bohne Date: Sun, 19 Jun 2022 21:05:30 +0200 Subject: [PATCH 31/33] Bump openshift version to 4.10.16 --- ansible/roles/openshift-4-cluster/defaults/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ansible/roles/openshift-4-cluster/defaults/main.yml b/ansible/roles/openshift-4-cluster/defaults/main.yml index 257e993a..860e7c92 100644 --- a/ansible/roles/openshift-4-cluster/defaults/main.yml +++ b/ansible/roles/openshift-4-cluster/defaults/main.yml @@ -42,7 +42,7 @@ vm_autostart: false # Important: OpenShift version must match to RHEL CoreOS version! # reference to OpenShift version -openshift_version: 4.9.5 +openshift_version: 4.10.16 openshift_install_command: "/opt/openshift-install-{{ openshift_version }}/openshift-install" # dev-pre: # {{ openshift_mirror }}/pub/openshift-v4/clients/ocp-dev-preview @@ -59,7 +59,7 @@ opm_download_url: "{{ openshift_location }}/opm-linux-{{ opm_version }}.tar.gz" opm_dest: "/opt/openshift-client-{{ openshift_client_version }}/" # reference to coreos qcow file -coreos_version: 4.9.0 +coreos_version: 4.10.3 coreos_download_url: "{{ openshift_mirror }}/pub/openshift-v4/dependencies/rhcos/{{ coreos_version.split('.')[:2]|join('.') }}/{{ coreos_version }}/rhcos-{{coreos_version}}-x86_64-qemu.x86_64.qcow2.gz" # noqa line-length coreos_csum_url: "{{ openshift_mirror }}/pub/openshift-v4/dependencies/rhcos/{{ coreos_version.split('.')[:2]|join('.') }}/{{ coreos_version }}/sha256sum.txt" # noqa line-length From 61373668bd9b891a0ae23ce06b4f675477fad744 Mon Sep 17 00:00:00 2001 From: Robert Bohne Date: Sun, 19 Jun 2022 21:06:26 +0200 Subject: [PATCH 32/33] Reformat ansible-navigator.yaml and switch to master tag --- ansible-navigator.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/ansible-navigator.yaml b/ansible-navigator.yaml index 9b9b74ff..221ea557 100644 --- a/ansible-navigator.yaml +++ b/ansible-navigator.yaml @@ -1,12 +1,12 @@ --- ansible-navigator: execution-environment: - image: quay.io/redhat-emea-ssa-team/hetzner-ocp4-ansible-ee:devel container-options: - - "--net=host" + - --net=host + image: quay.io/redhat-emea-ssa-team/hetzner-ocp4-ansible-ee:master logging: level: critical mode: stdout playbook-artifact: - enable: True + enable: true save-as: /tmp/hetzner-ocp4-{playbook_name}-artifact-{ts_utc}.json From aefb9810eb72dea5eed3938409598b78c7b9c9a7 Mon Sep 17 00:00:00 2001 From: Robert Bohne Date: Sun, 19 Jun 2022 21:07:27 +0200 Subject: [PATCH 33/33] Update docs/release-notes.md --- docs/release-notes.md | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/docs/release-notes.md b/docs/release-notes.md index ebd277c6..d5ee18f3 100644 --- a/docs/release-notes.md +++ b/docs/release-notes.md @@ -1,5 +1,20 @@ # RELEASE NOTES +## 2022-06-19 + + * Bump OpenShift Version to 4.10 + * Rewrite playbooks to run in ansible-navigator + New useage: + + * Install ansible navigator & configure ssh + * [RHEL](https://github.com/RedHat-EMEA-SSA-Team/hetzner-ocp4/tree/master#in-case-of-red-hat-enterprise-linux-8) + * [Rocky/Centos](https://github.com/RedHat-EMEA-SSA-Team/hetzner-ocp4/tree/master#in-case-of-rocky-linux-8-or-centos-8) + + * Run playbooks: `ansible-navigator run -m stdout ./ansible/setup.yml` + + * Build ansible execution environment: + quay.io/redhat-emea-ssa-team/hetzner-ocp4-ansible-ee:master + ## 2022-02-16 * Introduce ansible-lint pre-commit hook and fix eveything