-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathprovision.yml
343 lines (340 loc) · 12.5 KB
/
provision.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
- hosts: localhost
vars:
password: password
strategy: ${strategy}
ddns_enabled: ${ddns_enabled}
tasks:
#COMMON
- name: Enabled container-tools (skopeo, podman and buildah)
shell: yum module enable -y container-tools:rhel8
register: result
retries: 10
until: result.rc == 0
delay: 30
- name: Install container-tools
shell: yum module install -y container-tools:rhel8
register: result
retries: 10
until: result.rc == 0
delay: 30
- name: Install yum git
yum:
name:
- git
#DDNS
- name: install ddns systemd unit file
template: src=ddns.j2 dest=/etc/systemd/system/ddns.service
when: ddns_enabled
- name: start ddns service
systemd: state=started name=ddns daemon_reload=yes enabled=yes
when: ddns_enabled
#COMMON
- name: Make sure we have a 'libvirt' group
group:
name: libvirt
state: present
- name: Allow 'libvirt' group to have passwordless sudo
lineinfile:
dest: /etc/sudoers
state: present
regexp: '^%libvirt'
line: '%libvirt ALL=(ALL) NOPASSWD: ALL'
validate: 'visudo -cf %s'
- name: Create a login user
user:
name: crcuser
password: "{{ password | password_hash('sha512') }}"
state: present
append: yes
groups: libvirt
- name: pull-secret.txt
copy:
dest: "/home/crcuser/pull-secret.txt"
content: |
${crc_pull_secret}
- name: install ansible collections
become: "true"
become_user: "{{ (strategy == 'mnc') | ternary('root', 'crcuser') }}"
shell: |
ansible-galaxy collection install /etc/ansible-provision/redhat-openshift-2.0.1.tar.gz
pip3 install --upgrade --user openshift
#CRC
- name: Download and Extract CRC
become: "true"
become_user: "crcuser"
unarchive:
src: https://mirror.openshift.com/pub/openshift-v4/clients/crc/1.22.0/crc-linux-amd64.tar.xz
dest: /home/crcuser
remote_src: yes
group: crcuser
owner: crcuser
creates: /home/crcuser/crc/
when: strategy == "crc"
- name: Rename crc directory
#CRC 1.22 uses OpenShift 4.6.15
command: mv /home/crcuser/crc-linux-1.22.0-amd64/ /home/crcuser/crc/
when: strategy == "crc"
- name: crc consent-telemetry
become_user: crcuser
command: /home/crcuser/crc/crc config set consent-telemetry no
retries: 20
delay: 15
when: strategy == "crc"
- name: crc setup
command: runuser -l crcuser -c '/home/crcuser/crc/crc setup'
when: strategy == "crc"
- name: crc config set memory
command: runuser -l crcuser -c '/home/crcuser/crc/crc config set memory ${crc_snc_memory}'
when: strategy == "crc"
- name: crc config set cpus
command: runuser -l crcuser -c '/home/crcuser/crc/crc config set cpus ${crc_snc_cpus}'
when: strategy == "crc"
- name: crc config set enable-cluster-monitoring
command: runuser -l crcuser -c '/home/crcuser/crc/crc config set enable-cluster-monitoring ${crc_monitoring_enabled}'
when: strategy == "crc"
- name: crc config set pull-secret-file
command: runuser -l crcuser -c '/home/crcuser/crc/crc config set pull-secret-file /home/crcuser/pull-secret.txt'
when: strategy == "crc"
- name: install crc systemd unit file
template: src=crc.j2 dest=/etc/systemd/system/crc.service
when: strategy == "crc"
- name: start crc
systemd: state=started name=crc daemon_reload=yes enabled=yes
when: strategy == "crc"
- name: Change PATH CRC
shell: |
echo 'export PATH="$PATH:/home/crcuser/crc:/home/crcuser/.crc/bin/oc"' >> /etc/bashrc
echo 'export KUBECONFIG="/home/crcuser/.crc/machines/crc/kubeconfig"' >> /etc/bashrc
echo 'export K8S_AUTH_KUBECONFIG="/home/crcuser/.crc/machines/crc/kubeconfig"' >> /etc/bashrc
become: true
when: strategy == "crc"
- name: ssh config to enter inside CRC VM
shell: |
cat <<EOF > ~/.ssh/config
Host master
Hostname 192.168.130.11
User core
IdentityFile /home/crcuser/.crc/machines/crc/id_ecdsa
StrictHostKeyChecking no
UserKnownHostsFile /dev/null
EOF
chmod 600 ~/.ssh/config
become: yes
become_user: "crcuser"
when: strategy == "crc"
#SNC
- name: Change PATH SNC
shell: |
echo 'export PATH="$PATH:/home/crcuser/snc/openshift-clients/linux"' >> /etc/bashrc
echo 'export KUBECONFIG="/home/crcuser/snc/crc-tmp-install-data/auth/kubeconfig"' >> /etc/bashrc
echo 'export K8S_AUTH_KUBECONFIG="/home/crcuser/snc/crc-tmp-install-data/auth/kubeconfig"' >> /etc/bashrc
when: strategy == "snc"
- name: ssh config to enter inside SNC VMs (master and bootstrap)
shell: |
cat <<EOF > ~/.ssh/config
Host master
Hostname 192.168.126.11
User core
IdentityFile /home/crcuser/snc/id_ecdsa_crc
StrictHostKeyChecking no
UserKnownHostsFile /dev/null
Host bootstrap
Hostname 192.168.126.10
User core
IdentityFile /home/crcuser/snc/id_ecdsa_crc
StrictHostKeyChecking no
UserKnownHostsFile /dev/null
EOF
chmod 600 ~/.ssh/config
become: yes
become_user: "crcuser"
when: strategy == "snc"
- name: dnf update
shell: dnf update -y
register: result
retries: 6
until: result.rc == 0
delay: 30
when: strategy == "snc"
- name: install virt-filesystems
shell: yum -y install /usr/bin/virt-filesystems
register: result
retries: 6
until: result.rc == 0
delay: 30
when: strategy == "snc"
- name: SNC deps pre-install
shell: |
dnf -y module install virt
dnf -y install virt-install virt-viewer
echo -e 'listen_tls = 0\nlisten_tcp = 1\ntcp_port = "16509"\nauth_tcp = "none"' | tee -a /etc/libvirt/libvirtd.conf
sed -i 's/LIBVIRTD_ARGS="--timeout 120"/#LIBVIRTD_ARGS="--timeout 120"/' /etc/sysconfig/libvirtd
sed -i 's/#LIBVIRTD_ARGS="--listen"/LIBVIRTD_ARGS="--listen"/' /etc/sysconfig/libvirtd
systemctl mask libvirtd.socket libvirtd-ro.socket libvirtd-admin.socket libvirtd-tls.socket libvirtd-tcp.socket
echo "net.ipv4.ip_forward = 1" | tee /etc/sysctl.d/99-ipforward.conf
sysctl -p /etc/sysctl.d/99-ipforward.conf
when: strategy == "snc"
- name: restart libvirtd service
shell: |
sudo systemctl restart libvirtd
when: strategy == "snc"
- name: SNC pre-install
shell: |
set -exuo pipefail
mkdir /home/crcuser/snc
git clone --branch 4.6 https://github.com/code-ready/snc /home/crcuser/snc
#git clone --branch fix-hardcoded-api.crc.testing https://github.com/danielmenezesbr/snc /home/crcuser/snc
cd /home/crcuser/snc
#patch for work with *.nip.io
sed -i '/if echo $${ping_status}/c\ if false; then' snc-library.sh
#vm customizations
sed -i 's/domainMemory = 14336/domainMemory = ${crc_snc_memory}/' snc.sh
sed -i 's/domainVcpu = 6/domainVcpu = ${crc_snc_cpus}/' snc.sh
sed -i 's/volumeSize = 33285996544/volumeSize = ${snc_disk_size}/' snc.sh
cat <<'EOF' > install.sh
set -exuo pipefail
export OPENSHIFT_VERSION="4.6.18"
export MIRROR="https://mirror.openshift.com/pub/openshift-v4/x86_64/clients/ocp"
export OPENSHIFT_PULL_SECRET_PATH="/home/crcuser/pull-secret.txt"
export CRC_BASE_DOMAIN="127.0.0.1.nip.io"
./snc.sh 2>&1 || true
sudo virsh autostart $(sudo virsh list --all --name | head -n 1)
EOF
chmod +x install.sh
# nip.io requires stop firewalld
sudo systemctl stop firewalld
sudo systemctl disable firewalld
become: yes
become_user: "crcuser"
when: strategy == "snc"
- name: SNC install
ansible.builtin.shell: /home/crcuser/snc/install.sh &> install.out &
args:
chdir: /home/crcuser/snc
become: yes
become_user: "crcuser"
when: strategy == "snc"
#Multi-Node
- name: Change env
shell: |
echo 'export KUBECONFIG="/root/ocp/install/auth/kubeconfig"' >> /etc/bashrc
echo 'export K8S_AUTH_KUBECONFIG="/root/ocp/install/auth/kubeconfig"' >> /etc/bashrc
when: strategy == "mnc"
- name: install wget
shell: yum -y install wget
register: result
retries: 6
until: result.rc == 0
delay: 30
when: strategy == "mnc"
- name: install yq
shell: |
wget https://github.com/mikefarah/yq/releases/download/1.15.0/yq_linux_amd64
mv yq_linux_amd64 yq
chmod +x yq
mv yq /usr/bin/
yq -V
when: strategy == "mnc"
- name: Update Root user's Password
user:
name: root
update_password: always
password: $6$mysecretsalt$MIJffjeQyfrKKrGkprGrDL/g2mCJa53koLmYQuuLmY9y37pDvGKPXU1Ov3RbMi.tpQ9cWvxAzUVtBLe7KrZoU.
- name: OpenShift install
shell: |
set -exuo pipefail
cd /root
ansible-galaxy install luisarizmendi.ocp_libvirt_ipi_role
sed -i 's/mode tcp/mode http/g' .ansible/roles/luisarizmendi.ocp_libvirt_ipi_role/templates/haproxy.cfg.back.j2
export KVM="/root"
export HOME="$${KVM}"
cat <<'EOF' > $${KVM}/ocp_libvirt_ipi.yaml
---
- hosts: localhost
roles:
- role: luisarizmendi.ocp_libvirt_ipi_role
vars:
ocp_install_file_path: "ocp-config/install-config.yaml"
ocp_release: "4.6.18"
ocp_master_memory: 16
ocp_master_cpu: 4
ocp_master_disk: 50
ocp_worker_memory: 10
ocp_worker_cpu: 4
ocp_worker_disk: 50
kvm_interface: "Wired connection 1"
kvm_nestedvirtualization: "true"
ansible_user: "root"
lb: "false"
nfs_storage: "false"
EOF
mkdir ocp-config
export CLUSTER_NAME="mycluster"
export BASE_DOMAIN="127.0.0.1.nip.io"
export CLUSTER_DIR="$${HOME}/ocp-config"
SSH_KEY="$${HOME}/.ssh/id_rsa"
if [ ! -f $SSH_KEY ]; then
ssh-keygen -t rsa -N "" -f $SSH_KEY
fi
export PUB_SSH_KEY="$${SSH_KEY}.pub"
PULL_SECRET=$(cat "/home/crcuser/pull-secret.txt")
cat > "$${CLUSTER_DIR}/install-config.yaml" << EOF
apiVersion: v1
baseDomain: "$${BASE_DOMAIN}"
compute:
- hyperthreading: Enabled
architecture: amd64
name: worker
platform: {}
replicas: 2
controlPlane:
hyperthreading: Enabled
architecture: amd64
name: master
platform: {}
replicas: 3
metadata:
creationTimestamp: null
name: "$${CLUSTER_NAME}"
networking:
clusterNetwork:
- cidr: 10.128.0.0/14
hostPrefix: 23
machineNetwork:
- cidr: 192.168.126.0/24
networkType: OpenShiftSDN
serviceNetwork:
- 172.30.0.0/16
platform:
libvirt:
URI: qemu+tcp://192.168.122.1/system
network:
if: tt0
publish: External
pullSecret: $(echo \'"$${PULL_SECRET}"\')
sshKey: |
$(cat "$${PUB_SSH_KEY}")
EOF
cat <<EOF > patch_libvirt_network.sh
set -exuo pipefail
until virsh net-list --name | grep "mycluster"
do
sleep 60
done
while : ; do
VAR=\$(virsh net-list --name | grep "mycluster") || ""
if [ ! -z "\$VAR" ]; then
virsh net-update \$VAR add dns-host "<host ip='192.168.126.51'><hostname>oauth-openshift.apps.$CLUSTER_NAME.$BASE_DOMAIN</hostname></host>"
virsh net-update \$VAR add dns-host "<host ip='192.168.126.51'><hostname>oauth-openshift.apps.$CLUSTER_NAME.$BASE_DOMAIN</hostname></host>" --config --parent-index 0
virsh net-dumpxml \$VAR
break;
fi
sleep 30;
done
EOF
chmod +x patch_libvirt_network.sh
./patch_libvirt_network.sh &> patch_libvirt_network.out &
ansible-playbook -vv --tags install $${KVM}/ocp_libvirt_ipi.yaml &> ansible.install.out &
become: yes
become_user: "root"
when: strategy == "mnc"