diff --git a/.gitignore b/.gitignore index 458d999a..66d81482 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,5 @@ cluster.yml .DS_Store certificate/ +ansible-navigator.log +context/ \ No newline at end of file diff --git a/README.md b/README.md index 27bdb469..31daa227 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,3 @@ -### 🚨 Warning: Installation on Centos 8 Stream might fail due to issue [#205](https://github.com/RedHat-EMEA-SSA-Team/hetzner-ocp4/issues/205) - # Disclaimer This environment has been created for the sole purpose of providing an easy to deploy and consume a Red Hat OpenShift Container Platform 4 environment *as a sandpit*. @@ -63,8 +61,7 @@ subscription-manager register # get pool id via: # subscription-manager list --available - -subscription-manager attach --pool=... +subscription-manager attach [--auto] --pool=... subscription-manager repos --disable=* @@ -72,23 +69,31 @@ subscription-manager repos \ --enable=rhel-8-for-x86_64-baseos-rpms \ --enable=rhel-8-for-x86_64-appstream-rpms \ --enable=rhel-8-for-x86_64-highavailability-rpms \ - --enable=ansible-2.9-for-rhel-8-x86_64-rpms \ - --enable=openstack-15-for-rhel-8-x86_64-rpms -``` + --enable=ansible-automation-platform-2.1-for-rhel-8-x86_64-rpms + -## In case of CentOS Stream 8 🚨 currently broken due to issue [#205](https://github.com/RedHat-EMEA-SSA-Team/hetzner-ocp4/issues/205) +yum install -y ansible-navigator git podman -Enable ansible repo: ``` -yum install -y centos-release-ansible-29.noarch + +## In case of Rocky Linux 8 or Centos 8 + +Ansible navigator installation based on the upstream [documentation](https://ansible-navigator.readthedocs.io/en/latest/installation/#install-ansible-navigator). + +```bash +dnf install -y python3-pip podman git +python3 -m pip install ansible-navigator --user +echo 'export PATH=$HOME/.local/bin:$PATH' >> ~/.profile +source ~/.profile + ``` ## Initialize tools -Install ansible (min version 2.9) and git ``` -yum install -y ansible git +ssh-keygen +cat ~/.ssh/*.pub >> ~/.ssh/authorized_keys ``` You are now ready to clone this project to your CentOS system. @@ -206,8 +211,8 @@ Please configure in `cluster.yml` all necessary credentials: ## Prepare kvm-host and install OpenShift ``` -[root@server ~]# cd hetzner-ocp4 -[root@server ~]# ansible-playbook ./ansible/setup.yml +cd hetzner-ocp4 +ansible-navigator run -m stdout ./ansible/setup.yml ``` # Additional documentation @@ -228,10 +233,22 @@ Please configure in `cluster.yml` all necessary credentials: | Problem | Command | |---|---| |Check haproxy connections| ```podman exec -ti openshift-4-loadbalancer-${cluster_name} ./watch-stats.sh``` -|Start cluster after reboot|```./ansible/04-start-cluster.yml``` +|Start cluster after reboot|```ansible-navigator run -m stdout ./ansible/04-start-cluster.yml``` + + +# Build / Development +## Build ansible execution enviorment +```bash +ansible-builder build \ + --container-runtime podman \ + --tag quay.io/redhat-emea-ssa-team/hetzner-ocp4-ansible-ee:devel + +podman push quay.io/redhat-emea-ssa-team/hetzner-ocp4-ansible-ee:devel +``` # Stargazers over time [![Stargazers over time](https://starchart.cc/RedHat-EMEA-SSA-Team/hetzner-ocp4.svg)](https://starchart.cc/RedHat-EMEA-SSA-Team/hetzner-ocp4) + diff --git a/ansible-navigator.yaml b/ansible-navigator.yaml new file mode 100644 index 00000000..221ea557 --- /dev/null +++ b/ansible-navigator.yaml @@ -0,0 +1,12 @@ +--- +ansible-navigator: + execution-environment: + container-options: + - --net=host + image: quay.io/redhat-emea-ssa-team/hetzner-ocp4-ansible-ee:master + logging: + level: critical + mode: stdout + playbook-artifact: + enable: true + save-as: /tmp/hetzner-ocp4-{playbook_name}-artifact-{ts_utc}.json diff --git a/ansible.cfg b/ansible.cfg index a1b3c0e9..627086d1 100644 --- a/ansible.cfg +++ b/ansible.cfg @@ -22,13 +22,12 @@ gathering = smart # fact_caching = jsonfile # fact_caching_connection = $HOME/ansible/facts # fact_caching_timeout = 600 -callback_whitelist = profile_tasks inventory_ignore_extensions = secrets.py, .pyc, .cfg, .crt, .ini # work around privilege escalation timeouts in ansible: timeout = 30 # Uncomment to use the provided example inventory -#inventory = inventory/hosts.example +inventory = inventory/hosts.yaml # Additional ssh options for OpenShift Ansible [ssh_connection] diff --git a/ansible/00-provision-hetzner.yml b/ansible/00-provision-hetzner.yml old mode 100755 new mode 100644 index 73e8870c..c8ca4a72 --- a/ansible/00-provision-hetzner.yml +++ b/ansible/00-provision-hetzner.yml @@ -1,4 +1,3 @@ -#!/usr/bin/env ansible-playbook --- - name: Build inventory diff --git a/ansible/01-prepare-host.yml b/ansible/01-prepare-host.yml old mode 100755 new mode 100644 index bea8674e..6f70fd4b --- a/ansible/01-prepare-host.yml +++ b/ansible/01-prepare-host.yml @@ -1,6 +1,5 @@ -#!/usr/bin/env ansible-playbook --- -- hosts: localhost +- hosts: host vars_files: - ../cluster.yml tasks: diff --git a/ansible/02-create-cluster.yml b/ansible/02-create-cluster.yml old mode 100755 new mode 100644 index 233d180b..b848351b --- a/ansible/02-create-cluster.yml +++ b/ansible/02-create-cluster.yml @@ -1,8 +1,6 @@ -#!/usr/bin/env ansible-playbook --- # If you like to play: ./ansible/create.yml --skip-tags public_dns,letsencrypt -- hosts: localhost - connection: local +- hosts: host # gather_facts true because we need the public ip address gather_facts: true vars_files: diff --git a/ansible/03-stop-cluster.yml b/ansible/03-stop-cluster.yml old mode 100755 new mode 100644 index c88e891a..47ee2489 --- a/ansible/03-stop-cluster.yml +++ b/ansible/03-stop-cluster.yml @@ -1,8 +1,6 @@ -#!/usr/bin/env ansible-playbook --- # If you like to play: ./ansible/create.yml --skip-tags public_dns,letsencrypt -- hosts: localhost - connection: local +- hosts: host # gather_facts true because we need the public ip address gather_facts: true vars_files: diff --git a/ansible/04-start-cluster.yml b/ansible/04-start-cluster.yml old mode 100755 new mode 100644 index db7dcd17..dc6a59c2 --- a/ansible/04-start-cluster.yml +++ b/ansible/04-start-cluster.yml @@ -1,8 +1,6 @@ -#!/usr/bin/env ansible-playbook --- # If you like to play: ./ansible/create.yml --skip-tags public_dns,letsencrypt -- hosts: localhost - connection: local +- hosts: host # gather_facts true because we need the public ip address gather_facts: true vars_files: diff --git a/ansible/99-destroy-cluster.yml b/ansible/99-destroy-cluster.yml old mode 100755 new mode 100644 index 329ec25d..cba8ec58 --- a/ansible/99-destroy-cluster.yml +++ b/ansible/99-destroy-cluster.yml @@ -1,9 +1,7 @@ -#!/usr/bin/env ansible-playbook --- # If you like to play: ./ansible/destroy.yml --skip-tags public_dns,letsencrypt -- hosts: localhost - connection: local +- hosts: host gather_facts: true vars_files: - ../cluster.yml diff --git a/ansible/add-on-roles/cluster-entitlement/tasks/entitlement-from-rhel-node.yaml b/ansible/add-on-roles/cluster-entitlement/tasks/entitlement-from-rhel-node.yaml index 20762fa1..c078dce5 100644 --- a/ansible/add-on-roles/cluster-entitlement/tasks/entitlement-from-rhel-node.yaml +++ b/ansible/add-on-roles/cluster-entitlement/tasks/entitlement-from-rhel-node.yaml @@ -31,7 +31,8 @@ register: register_entitlement_base64 - name: Apply entitle machineconfig - k8s: + delegate_to: localhost + kubernetes.core.k8s: state: present kubeconfig: "{{ k8s_kubeconfig }}" host: "{{ k8s_host }}" diff --git a/ansible/add-on-roles/cluster-entitlement/tasks/post-install.yaml b/ansible/add-on-roles/cluster-entitlement/tasks/post-install.yaml index 5f0d32f2..94a4662c 100644 --- a/ansible/add-on-roles/cluster-entitlement/tasks/post-install.yaml +++ b/ansible/add-on-roles/cluster-entitlement/tasks/post-install.yaml @@ -4,5 +4,5 @@ msg: "Run cluster entitlement against {{ kubeconfig }}" - name: "Include entitlement-from-rhel-node.yaml" - include: "entitlement-from-rhel-node.yaml" + include_tasks: "entitlement-from-rhel-node.yaml" when: ansible_distribution == "RedHat" diff --git a/ansible/add-on-roles/ntp/tasks/post-install.yml b/ansible/add-on-roles/ntp/tasks/post-install.yml index a633be01..452bebcc 100644 --- a/ansible/add-on-roles/ntp/tasks/post-install.yml +++ b/ansible/add-on-roles/ntp/tasks/post-install.yml @@ -8,7 +8,8 @@ register: register_encoded_chrony_conf - name: Apply NTP machineconfig - k8s: + delegate_to: localhost + kubernetes.core.k8s: state: present kubeconfig: "{{ k8s_kubeconfig }}" host: "{{ k8s_host }}" diff --git a/ansible/add-on-roles/web-terminal/tasks/post-install.yml b/ansible/add-on-roles/web-terminal/tasks/post-install.yml index 063fa553..b9b1e78a 100644 --- a/ansible/add-on-roles/web-terminal/tasks/post-install.yml +++ b/ansible/add-on-roles/web-terminal/tasks/post-install.yml @@ -1,7 +1,8 @@ --- - name: Apply web-terminal subscription - k8s: + delegate_to: localhost + kubernetes.core.k8s: state: present kubeconfig: "{{ k8s_kubeconfig }}" host: "{{ k8s_host }}" diff --git a/ansible/renewal-certificate.yml b/ansible/renewal-certificate.yml old mode 100755 new mode 100644 index 00286a22..67569e50 --- a/ansible/renewal-certificate.yml +++ b/ansible/renewal-certificate.yml @@ -1,6 +1,5 @@ -#!/usr/bin/env ansible-playbook --- -- hosts: localhost +- hosts: host vars_files: - ../cluster.yml tasks: diff --git a/ansible/roles/letsencrypt/tasks/create-digitalocean.yml b/ansible/roles/letsencrypt/tasks/create-digitalocean.yml index 3a0f50a7..7bf6277a 100644 --- a/ansible/roles/letsencrypt/tasks/create-digitalocean.yml +++ b/ansible/roles/letsencrypt/tasks/create-digitalocean.yml @@ -1,6 +1,7 @@ --- - name: Create DNS record at DigitalOcean + delegate_to: localhost community.digitalocean.digital_ocean_domain_record: oauth_token: "{{ digitalocean_token }}" state: present diff --git a/ansible/roles/letsencrypt/tasks/create-hetzner.yml b/ansible/roles/letsencrypt/tasks/create-hetzner.yml index 61593ea9..2590932e 100644 --- a/ansible/roles/letsencrypt/tasks/create-hetzner.yml +++ b/ansible/roles/letsencrypt/tasks/create-hetzner.yml @@ -1,6 +1,7 @@ --- - name: Get DNS zone id at Hetzner + delegate_to: localhost uri: url: "https://dns.hetzner.com/api/v1/zones" body_format: json @@ -13,6 +14,7 @@ register: le_hetzner_zone_id - name: Create letsencrypt DNS record at Hetzner + delegate_to: localhost uri: url: "https://dns.hetzner.com/api/v1/records" method: POST diff --git a/ansible/roles/letsencrypt/tasks/destroy-digitalocean.yml b/ansible/roles/letsencrypt/tasks/destroy-digitalocean.yml index aa5e01c7..daf4f47e 100644 --- a/ansible/roles/letsencrypt/tasks/destroy-digitalocean.yml +++ b/ansible/roles/letsencrypt/tasks/destroy-digitalocean.yml @@ -1,6 +1,7 @@ --- - name: Destroy DNS record at DigitalOcean + delegate_to: localhost community.digitalocean.digital_ocean_domain_record: oauth_token: "{{ digitalocean_token }}" state: absent diff --git a/ansible/roles/letsencrypt/tasks/destroy-hetzner.yml b/ansible/roles/letsencrypt/tasks/destroy-hetzner.yml index c271178e..43a91354 100644 --- a/ansible/roles/letsencrypt/tasks/destroy-hetzner.yml +++ b/ansible/roles/letsencrypt/tasks/destroy-hetzner.yml @@ -1,5 +1,6 @@ --- - name: Delete DNS record at Hetzner + delegate_to: localhost uri: # noqa no-handler url: "https://dns.hetzner.com/api/v1/records/{{ item.json.record.id }}" method: DELETE diff --git a/ansible/roles/letsencrypt/tasks/main.yml b/ansible/roles/letsencrypt/tasks/main.yml index 80955055..ec3b749e 100644 --- a/ansible/roles/letsencrypt/tasks/main.yml +++ b/ansible/roles/letsencrypt/tasks/main.yml @@ -56,6 +56,7 @@ when: sample_com_challenge is changed - name: Create DNS record at CloudFlare + delegate_to: localhost cloudflare_dns: zone: "{{ le_cloudflare_zone }}" record: "{{ item.0.key }}" @@ -70,6 +71,7 @@ when: le_dns_provider == "cloudflare" and sample_com_challenge is changed - name: Create DNS record at Route53 + delegate_to: localhost route53: state: present zone: "{{ le_aws_zone }}" @@ -85,6 +87,7 @@ when: le_dns_provider == "route53" and sample_com_challenge is changed - name: Create DNS record at GCP + delegate_to: localhost gcp_dns_resource_record_set: name: "{{ item.0.key }}." type: TXT @@ -103,6 +106,7 @@ when: le_dns_provider == "gcp" and sample_com_challenge is changed - name: Create DNS record at Azure + delegate_to: localhost azure_rm_dnsrecordset: client_id: "{{ le_azure_client_id }}" secret: "{{ le_azure_secret }}" @@ -121,6 +125,7 @@ when: le_dns_provider == "azure" and sample_com_challenge is changed - name: Create DNS record at TransIP + delegate_to: localhost uri: url: "https://api.transip.nl/v6/domains/{{ transip_zone }}/dns" method: POST @@ -145,7 +150,7 @@ when: sample_com_challenge is changed - name: Include DNS provider - include: "create-{{ le_dns_provider }}.yml" + include_tasks: "create-{{ le_dns_provider }}.yml" when: - le_dns_provider in ['hetzner', 'digitalocean'] - sample_com_challenge is changed @@ -171,6 +176,7 @@ when: sample_com_challenge is changed - name: Delete DNS record at CloudFlare + delegate_to: localhost cloudflare_dns: zone: "{{ le_cloudflare_zone }}" record: "{{ item.0.key }}" @@ -185,6 +191,7 @@ when: le_dns_provider == "cloudflare" and sample_com_challenge is changed - name: Delete DNS record at Route53 + delegate_to: localhost route53: state: absent zone: "{{ le_aws_zone }}" @@ -200,6 +207,7 @@ when: le_dns_provider == "route53" and sample_com_challenge is changed - name: Delete DNS record at GCP + delegate_to: localhost gcp_dns_resource_record_set: name: "{{ item.0.key }}." managed_zone: @@ -218,6 +226,7 @@ when: le_dns_provider == "gcp" and sample_com_challenge is changed - name: Delete DNS record at Azure + delegate_to: localhost azure_rm_dnsrecordset: client_id: "{{ le_azure_client_id }}" secret: "{{ le_azure_secret }}" @@ -233,6 +242,7 @@ when: le_dns_provider == "azure" and sample_com_challenge is changed - name: Delete DNS record at TransIP + delegate_to: localhost uri: url: "https://api.transip.nl/v6/domains/{{ transip_zone }}/dns" method: DELETE @@ -251,7 +261,7 @@ when: le_dns_provider == "transip" and sample_com_challenge is changed - name: Include DNS provider - include: "destroy-{{ le_dns_provider }}.yml" + include_tasks: "destroy-{{ le_dns_provider }}.yml" when: - le_dns_provider in ['hetzner', 'digitalocean'] - sample_com_challenge is changed diff --git a/ansible/roles/openshift-4-cluster/defaults/main.yml b/ansible/roles/openshift-4-cluster/defaults/main.yml index 5af40823..860e7c92 100644 --- a/ansible/roles/openshift-4-cluster/defaults/main.yml +++ b/ansible/roles/openshift-4-cluster/defaults/main.yml @@ -1,7 +1,7 @@ --- openshift_install_dir: "{{ playbook_dir }}/../{{ cluster_name }}" -ssh_public_key_location: /root/.ssh/id_rsa +ssh_public_key_location: ~/.ssh/id_rsa vn_subnet: "192.168.50.0" vn_name: "openshift-4-cluster" @@ -12,8 +12,8 @@ vn_public_domain: "h42.openshift.pub" ip_families: - IPv4 -listen_address: "{{ hostvars['localhost']['ansible_default_ipv4']['address'] | default('') }}" -listen_address_ipv6: "{{ hostvars['localhost']['ansible_default_ipv6']['address'] | default('') }}" +listen_address: "{{ hostvars[inventory_hostname]['ansible_default_ipv4']['address'] | default('') }}" +listen_address_ipv6: "{{ hostvars[inventory_hostname]['ansible_default_ipv6']['address'] | default('') }}" # Default: qcow2 # For more performance use LVM @@ -42,7 +42,7 @@ vm_autostart: false # Important: OpenShift version must match to RHEL CoreOS version! # reference to OpenShift version -openshift_version: 4.9.5 +openshift_version: 4.10.16 openshift_install_command: "/opt/openshift-install-{{ openshift_version }}/openshift-install" # dev-pre: # {{ openshift_mirror }}/pub/openshift-v4/clients/ocp-dev-preview @@ -59,7 +59,7 @@ opm_download_url: "{{ openshift_location }}/opm-linux-{{ opm_version }}.tar.gz" opm_dest: "/opt/openshift-client-{{ openshift_client_version }}/" # reference to coreos qcow file -coreos_version: 4.9.0 +coreos_version: 4.10.3 coreos_download_url: "{{ openshift_mirror }}/pub/openshift-v4/dependencies/rhcos/{{ coreos_version.split('.')[:2]|join('.') }}/{{ coreos_version }}/rhcos-{{coreos_version}}-x86_64-qemu.x86_64.qcow2.gz" # noqa line-length coreos_csum_url: "{{ openshift_mirror }}/pub/openshift-v4/dependencies/rhcos/{{ coreos_version.split('.')[:2]|join('.') }}/{{ coreos_version }}/sha256sum.txt" # noqa line-length diff --git a/ansible/roles/openshift-4-cluster/tasks/build-k8s-vars.yml b/ansible/roles/openshift-4-cluster/tasks/build-k8s-vars.yml index 22adb96e..11439287 100644 --- a/ansible/roles/openshift-4-cluster/tasks/build-k8s-vars.yml +++ b/ansible/roles/openshift-4-cluster/tasks/build-k8s-vars.yml @@ -10,11 +10,21 @@ copy: src: "{{ openshift_install_dir }}/auth/kubeconfig" dest: "{{ openshift_install_dir }}/config/kubeconfig" + remote_src: yes mode: 0644 -- name: Fetch Kubeconfig +- name: Slurp kubeconfig + ansible.builtin.slurp: + src: "{{ openshift_install_dir }}/config/kubeconfig" + register: kubeconfig_raw + +- name: Copy content into kubeconfig set_fact: - kubeconfig: "{{ lookup('file', openshift_install_dir ~ '/config/kubeconfig' ) | from_yaml }}" + kubeconfig: "{{ kubeconfig_raw['content'] | b64decode | from_yaml }}" + +# - name: Fetch Kubeconfig +# set_fact: +# kubeconfig: "{{ lookup('file', openshift_install_dir ~ '/config/kubeconfig' ) | from_yaml }}" - name: Select cluster & user set_fact: diff --git a/ansible/roles/openshift-4-cluster/tasks/certificate-install.yml b/ansible/roles/openshift-4-cluster/tasks/certificate-install.yml index 526768af..e00d10b5 100644 --- a/ansible/roles/openshift-4-cluster/tasks/certificate-install.yml +++ b/ansible/roles/openshift-4-cluster/tasks/certificate-install.yml @@ -13,8 +13,20 @@ - name: Install certificates block: + + - name: Slurp certficate_fullchain + ansible.builtin.slurp: + src: "{{ certficate_fullchain }}" + register: tls_crt + + - name: Slurp certficate_key + ansible.builtin.slurp: + src: "{{ certficate_key }}" + register: tls_key + - name: Create secret with certificates for openshift-ingress - k8s: + delegate_to: localhost + kubernetes.core.k8s: state: present kubeconfig: "{{ k8s_kubeconfig }}" host: "{{ k8s_host }}" @@ -25,14 +37,15 @@ apiVersion: v1 kind: Secret data: - tls.crt: "{{ lookup('file',certficate_fullchain, rstrip=false) | b64encode }}" - tls.key: "{{ lookup('file',certficate_key, rstrip=false) | b64encode }}" + tls.crt: "{{ tls_crt['content'] }}" + tls.key: "{{ tls_key['content'] }}" metadata: name: letsencrypt-router-certs namespace: openshift-ingress type: kubernetes.io/tls - name: Patch ingresscontroller/default - k8s: + delegate_to: localhost + kubernetes.core.k8s: state: present kubeconfig: "{{ k8s_kubeconfig }}" host: "{{ k8s_host }}" @@ -52,7 +65,8 @@ # Hot fix, remove of openshift api cert installation because of # https://github.com/RedHat-EMEA-SSA-Team/hetzner-ocp4/issues/117 # - name: Create secret with certificates for openshift api - # k8s: + # delegate_to: localhost + # kubernetes.core.k8s # state: present # kubeconfig: "{{ k8s_kubeconfig }}" # host: "{{ k8s_host }}" @@ -70,7 +84,8 @@ # namespace: openshift-config # type: kubernetes.io/tls # - name: Patch api server config - # k8s: + # delegate_to: localhost + # kubernetes.core.k8s: # state: present # kubeconfig: "{{ k8s_kubeconfig }}" # host: "{{ k8s_host }}" diff --git a/ansible/roles/openshift-4-cluster/tasks/create-ignition.yml b/ansible/roles/openshift-4-cluster/tasks/create-ignition.yml index 6bd5980a..91a39df8 100644 --- a/ansible/roles/openshift-4-cluster/tasks/create-ignition.yml +++ b/ansible/roles/openshift-4-cluster/tasks/create-ignition.yml @@ -15,6 +15,7 @@ copy: dest: "{{ openshift_install_dir }}/install-config.yaml.original" src: "{{ openshift_install_dir }}/install-config.yaml" + remote_src: yes mode: 0644 - name: Create manifest files diff --git a/ansible/roles/openshift-4-cluster/tasks/create-network.yml b/ansible/roles/openshift-4-cluster/tasks/create-network.yml index 66cb14c2..3a8e90ea 100644 --- a/ansible/roles/openshift-4-cluster/tasks/create-network.yml +++ b/ansible/roles/openshift-4-cluster/tasks/create-network.yml @@ -9,15 +9,15 @@ msg: "IPv6 is enabled via ip_families but your Host system do not have a public IPv6 subnet configured." when: - "'IPv6' in ip_families" - - hostvars['localhost']['ansible_default_ipv6'] | length == 0 + - ansible_default_ipv6 | length == 0 - name: Build IPv6 subnet set_fact: - vn_subnet_ipv6: "{{ hostvars['localhost']['ansible_default_ipv6']['address'].split(':')[:4] | join(':') | string }}:{{ '%x' % vn_subnet.split('.')[2] | int }}" + vn_subnet_ipv6: "{{ ansible_default_ipv6['address'].split(':')[:4] | join(':') | string }}:{{ '%x' % vn_subnet.split('.')[2] | int }}" ipv6_listen_public: - "{{ listen_address_ipv6 }}" ipv6_listen_private: - - "{{ hostvars['localhost']['ansible_default_ipv6']['address'].split(':')[:4] | join(':') | string }}:{{ '%x' % vn_subnet.split('.')[2] | int }}::1" + - "{{ ansible_default_ipv6['address'].split(':')[:4] | join(':') | string }}:{{ '%x' % vn_subnet.split('.')[2] | int }}::1" when: "'IPv6' in ip_families" tags: always @@ -136,6 +136,7 @@ # Public DNS # - name: Create public dns entries + delegate_to: localhost import_role: name: public_dns tasks_from: create.yml diff --git a/ansible/roles/openshift-4-cluster/tasks/create-vm.yml b/ansible/roles/openshift-4-cluster/tasks/create-vm.yml index 9cc1c00c..9c798264 100644 --- a/ansible/roles/openshift-4-cluster/tasks/create-vm.yml +++ b/ansible/roles/openshift-4-cluster/tasks/create-vm.yml @@ -34,6 +34,7 @@ copy: src: "{{ vm_ignition_file }}" dest: "/var/lib/libvirt/images/{{ vm_instance_name }}.ign" + remote_src: true mode: '0644' - name: Debug - create /tmp/{{ vm_instance_name }}.virt.xml diff --git a/ansible/roles/openshift-4-cluster/tasks/create.yml b/ansible/roles/openshift-4-cluster/tasks/create.yml index 1f183b84..f447a0be 100644 --- a/ansible/roles/openshift-4-cluster/tasks/create.yml +++ b/ansible/roles/openshift-4-cluster/tasks/create.yml @@ -73,17 +73,20 @@ when: not letsencrypt_disabled - name: Download OpenShift Artifacts - include: download-openshift-artifacts.yml + # Work-a-round: tags inheritance don't work without a block. + # https://github.com/ansible/ansible/issues/41540#issuecomment-419433375 + block: + - include_tasks: download-openshift-artifacts.yml tags: download-openshift-artifacts - name: Create ignition files - include: create-ignition.yml + include_tasks: create-ignition.yml vars: ssh_public_key: "{{ lookup('file', '{{ ssh_public_key_location }}.pub') }}" tags: ignition - name: Create bootstrap node - include: create-vm.yml + include_tasks: create-vm.yml vars: vm_instance_name: "{{ cluster_name }}-bootstrap" vm_network: "{{ cluster_name }}" @@ -95,7 +98,7 @@ vm_root_disk_size: '120G' - name: Create master nodes - include: create-vm.yml + include_tasks: create-vm.yml vars: vm_instance_name: "{{ cluster_name }}-master-{{ item }}" vm_network: "{{ cluster_name }}" @@ -109,7 +112,7 @@ with_sequence: start=0 end="{{ master_count|int - 1 }}" stride=1 - name: Create compute node - include: create-vm.yml + include_tasks: create-vm.yml vars: vm_instance_name: "{{ cluster_name }}-compute-{{ item }}" vm_network: "{{ cluster_name }}" @@ -124,5 +127,5 @@ when: compute_count > 0 - name: Include post installation tasks - include: post-install.yml + include_tasks: post-install.yml tags: post-install diff --git a/ansible/roles/openshift-4-cluster/tasks/destroy-network.yml b/ansible/roles/openshift-4-cluster/tasks/destroy-network.yml index 5a3c6df4..1f4d904a 100644 --- a/ansible/roles/openshift-4-cluster/tasks/destroy-network.yml +++ b/ansible/roles/openshift-4-cluster/tasks/destroy-network.yml @@ -1,5 +1,6 @@ --- - name: Destroy public dns entries + delegate_to: localhost import_role: name: public_dns tasks_from: destroy.yml diff --git a/ansible/roles/openshift-4-cluster/tasks/destroy.yml b/ansible/roles/openshift-4-cluster/tasks/destroy.yml index 105891e0..a791803e 100644 --- a/ansible/roles/openshift-4-cluster/tasks/destroy.yml +++ b/ansible/roles/openshift-4-cluster/tasks/destroy.yml @@ -9,16 +9,16 @@ msg: "Letsencrypt certifcates stays...." tags: letsencrypt -- include: destroy-vm.yml +- include_tasks: destroy-vm.yml vars: vm_instance_name: "{{ cluster_name }}-bootstrap" -- include: destroy-vm.yml +- include_tasks: destroy-vm.yml vars: vm_instance_name: "{{ cluster_name }}-master-{{ item }}" with_sequence: start=0 end="{{ master_count|int - 1 }}" stride=1 -- include: destroy-vm.yml +- include_tasks: destroy-vm.yml vars: vm_instance_name: "{{ cluster_name }}-compute-{{ item }}" with_sequence: start=0 end="{{ compute_count|int - 1 if compute_count|int > 0 else 0 }}" stride=1 diff --git a/ansible/roles/openshift-4-cluster/tasks/post-install-storage-nfs.yml b/ansible/roles/openshift-4-cluster/tasks/post-install-storage-nfs.yml index 7fa0c14a..9b56d4b6 100644 --- a/ansible/roles/openshift-4-cluster/tasks/post-install-storage-nfs.yml +++ b/ansible/roles/openshift-4-cluster/tasks/post-install-storage-nfs.yml @@ -63,7 +63,8 @@ - name: Create infra-registry pv - k8s: + delegate_to: localhost + kubernetes.core.k8s: state: present kubeconfig: "{{ k8s_kubeconfig }}" host: "{{ k8s_host }}" @@ -86,7 +87,8 @@ persistentVolumeReclaimPolicy: Recycle - name: Create registry-storage pvc - k8s: + delegate_to: localhost + kubernetes.core.k8s: state: present kubeconfig: "{{ k8s_kubeconfig }}" host: "{{ k8s_host }}" @@ -129,7 +131,8 @@ - "user-pvs" - name: Create Namespace - k8s: + delegate_to: localhost + kubernetes.core.k8s: state: present kubeconfig: "{{ k8s_kubeconfig }}" host: "{{ k8s_host }}" @@ -143,7 +146,8 @@ name: "{{ storage_nfs_target_namespace }}" - name: Create ServiceAccount - k8s: + delegate_to: localhost + kubernetes.core.k8s: state: present kubeconfig: "{{ k8s_kubeconfig }}" host: "{{ k8s_host }}" @@ -158,7 +162,8 @@ namespace: "{{ storage_nfs_target_namespace }}" - name: Create ClusteRole nfs-client-provisioner-runner - k8s: + delegate_to: localhost + kubernetes.core.k8s: state: present kubeconfig: "{{ k8s_kubeconfig }}" host: "{{ k8s_host }}" @@ -185,7 +190,8 @@ verbs: ["create", "update", "patch"] - name: Create ClusterRoleBinding nfs-client-provisioner-runner <-> nfs-client-provisioner - k8s: + delegate_to: localhost + kubernetes.core.k8s: state: present kubeconfig: "{{ k8s_kubeconfig }}" host: "{{ k8s_host }}" @@ -207,7 +213,8 @@ apiGroup: rbac.authorization.k8s.io - name: Create Role nfs-client-provisioner - k8s: + delegate_to: localhost + kubernetes.core.k8s: state: present kubeconfig: "{{ k8s_kubeconfig }}" host: "{{ k8s_host }}" @@ -230,7 +237,8 @@ verbs: ["use"] - name: Create RoleBinding nfs-client-provisioner <-> nfs-client-provisioner - k8s: + delegate_to: localhost + kubernetes.core.k8s: state: present kubeconfig: "{{ k8s_kubeconfig }}" host: "{{ k8s_host }}" @@ -252,7 +260,8 @@ apiGroup: rbac.authorization.k8s.io - name: Deploy nfs-provisioner - k8s: + delegate_to: localhost + kubernetes.core.k8s: state: present kubeconfig: "{{ k8s_kubeconfig }}" host: "{{ k8s_host }}" @@ -298,7 +307,8 @@ path: "{{ storage_nfs_path_prefix }}/{{ cluster_name }}-pv-user-pvs" - name: Storage Class - k8s: + delegate_to: localhost + kubernetes.core.k8s: state: present kubeconfig: "{{ k8s_kubeconfig }}" host: "{{ k8s_host }}" diff --git a/ansible/roles/openshift-4-cluster/tasks/post-install.yml b/ansible/roles/openshift-4-cluster/tasks/post-install.yml index 4be0c89a..ea893fe3 100644 --- a/ansible/roles/openshift-4-cluster/tasks/post-install.yml +++ b/ansible/roles/openshift-4-cluster/tasks/post-install.yml @@ -12,7 +12,7 @@ until: bootstrap_status.rc == 0 - name: Destroy bootstrap node - include: destroy-vm.yml + include_tasks: destroy-vm.yml vars: vm_instance_name: "{{ cluster_name }}-bootstrap" @@ -65,11 +65,13 @@ retries: 60 delay: 60 until: install_status.rc == 0 + tags: + - post-install ########################################################################################### # Install letsencrypt certificates ########################################################################################### -- include: certificate-install.yml +- include_tasks: certificate-install.yml when: letsencrypt_disabled == false tags: - post-install @@ -88,7 +90,8 @@ - name: Handle auth_htpasswd block: - name: Create htpasswd secret - k8s: + delegate_to: localhost + kubernetes.core.k8s: state: present kubeconfig: "{{ k8s_kubeconfig }}" host: "{{ k8s_host }}" @@ -124,7 +127,8 @@ - name: Handle auth_redhatsso block: - name: Create google secret secret - k8s: + delegate_to: localhost + kubernetes.core.k8s: state: present kubeconfig: "{{ k8s_kubeconfig }}" host: "{{ k8s_host }}" @@ -170,7 +174,8 @@ msg: "Only one of auth_github.organizations or auth_github.teams must be defined (at least one must be defined)" when: (auth_github.organizations is defined) and (auth_github.teams is defined) - name: Create GitHub secret - k8s: + delegate_to: localhost + kubernetes.core.k8s: state: present kubeconfig: "{{ k8s_kubeconfig }}" host: "{{ k8s_host }}" @@ -207,7 +212,8 @@ - idp - name: Configure identity providers - k8s: + delegate_to: localhost + kubernetes.core.k8s: state: present kubeconfig: "{{ k8s_kubeconfig }}" host: "{{ k8s_host }}" @@ -230,7 +236,8 @@ ########################################################################################### - name: Setup cluster role bindings - k8s: + delegate_to: localhost + kubernetes.core.k8s: state: present kubeconfig: "{{ k8s_kubeconfig }}" host: "{{ k8s_host }}" @@ -260,7 +267,7 @@ ########################################################################################### - name: Include post-install-add-ons - include: post-install-add-ons.yml + include_tasks: post-install-add-ons.yml when: add_ons_enabled tags: - post-install diff --git a/ansible/roles/openshift-4-cluster/tasks/prepare-host-CentOS-8.yml b/ansible/roles/openshift-4-cluster/tasks/prepare-host-CentOS-8.yml index 850b276a..d80b795d 100644 --- a/ansible/roles/openshift-4-cluster/tasks/prepare-host-CentOS-8.yml +++ b/ansible/roles/openshift-4-cluster/tasks/prepare-host-CentOS-8.yml @@ -1,11 +1,5 @@ --- -- name: Enable EPEL release - yum: - name: - - epel-release.noarch - state: present - - name: Installing KVM Packages yum: name: @@ -15,12 +9,6 @@ - "@virtualization-tools" # ansible virt need lxml - python3-lxml - - python3-pip - # Important for python3-openshift - - python3-requests-oauthlib - # Need's epel - is enabled by default on hetzner - - python3-openshift - # It looks like firewalld is not installed in CentOS Stream - firewalld state: present diff --git a/ansible/roles/openshift-4-cluster/tasks/prepare-host-RedHat-8.yml b/ansible/roles/openshift-4-cluster/tasks/prepare-host-RedHat-8.yml index 94180abe..6877dbc0 100644 --- a/ansible/roles/openshift-4-cluster/tasks/prepare-host-RedHat-8.yml +++ b/ansible/roles/openshift-4-cluster/tasks/prepare-host-RedHat-8.yml @@ -6,11 +6,6 @@ - "@virtualization-client" - "@virtualization-platform" - "@virtualization-tools" - # ansible virt need lxml - - python3-lxml - # Important for python3-openshift - - python3-requests-oauthlib - - python3-openshift state: present - name: Upgrade all packages diff --git a/ansible/roles/openshift-4-cluster/tasks/prepare-host-Rocky-8.yml b/ansible/roles/openshift-4-cluster/tasks/prepare-host-Rocky-8.yml index c1ea8e08..64836668 100644 --- a/ansible/roles/openshift-4-cluster/tasks/prepare-host-Rocky-8.yml +++ b/ansible/roles/openshift-4-cluster/tasks/prepare-host-Rocky-8.yml @@ -8,11 +8,7 @@ - "@virtualization-tools" # ansible virt need lxml - python3-lxml - - python3-pip - # Important for python3-openshift - - python3-requests-oauthlib - # Need's epel - is enabled by default on hetzner - - python3-openshift + - firewalld state: present - name: Upgrade all packages diff --git a/ansible/roles/openshift-4-cluster/tasks/prepare-host.yml b/ansible/roles/openshift-4-cluster/tasks/prepare-host.yml index cb2b1976..9ed65690 100644 --- a/ansible/roles/openshift-4-cluster/tasks/prepare-host.yml +++ b/ansible/roles/openshift-4-cluster/tasks/prepare-host.yml @@ -1,6 +1,6 @@ --- - name: Include OS specific part - include: "prepare-host-{{ ansible_distribution }}-{{ ansible_distribution_major_version }}.yml" + include_tasks: "prepare-host-{{ ansible_distribution }}-{{ ansible_distribution_major_version }}.yml" - name: Enable and Start libvirtd systemd: @@ -38,7 +38,3 @@ insertafter: '^\[Network\]' regexp: '^IPForward=' when: stat_result.stat.exists - -# Install ansible collection for digitalocean dns provider -- name: Ansible collection community.digitalocean - command: "ansible-galaxy collection install community.digitalocean" diff --git a/ansible/roles/openshift-4-cluster/tasks/start.yml b/ansible/roles/openshift-4-cluster/tasks/start.yml index 70a49756..20ffdc47 100644 --- a/ansible/roles/openshift-4-cluster/tasks/start.yml +++ b/ansible/roles/openshift-4-cluster/tasks/start.yml @@ -1,15 +1,15 @@ --- # Should be stopped / destroyed -# - include: start-vm.yml +# - include_tasks: start-vm.yml # vars: # vm_instance_name: "{{ cluster_name }}-bootstrap" -- include: start-vm.yml +- include_tasks: start-vm.yml vars: vm_instance_name: "{{ cluster_name }}-master-{{ item }}" with_sequence: start=0 end="{{ master_count|int - 1 }}" stride=1 -- include: start-vm.yml +- include_tasks: start-vm.yml vars: vm_instance_name: "{{ cluster_name }}-compute-{{ item }}" with_sequence: start=0 end="{{ compute_count|int - 1 if compute_count|int > 0 else 0 }}" stride=1 diff --git a/ansible/roles/openshift-4-cluster/tasks/stop.yml b/ansible/roles/openshift-4-cluster/tasks/stop.yml index c98b0b54..df9ad234 100644 --- a/ansible/roles/openshift-4-cluster/tasks/stop.yml +++ b/ansible/roles/openshift-4-cluster/tasks/stop.yml @@ -1,6 +1,6 @@ --- # Should be stopped / destroyed -# - include: stop-vm.yml +# - include_tasks: stop-vm.yml # vars: # vm_instance_name: "{{ cluster_name }}-bootstrap" diff --git a/ansible/roles/public_dns/tasks/create-azure.yml b/ansible/roles/public_dns/tasks/create-azure.yml index a65fe611..750a79e9 100644 --- a/ansible/roles/public_dns/tasks/create-azure.yml +++ b/ansible/roles/public_dns/tasks/create-azure.yml @@ -1,14 +1,4 @@ --- -- name: Install Azure Ansible pip dependencies - pip: - name: - - packaging - - msrest - - msrestazure - - azure.common - - azure.mgmt - - azure.storage - - azure.mgmt.automation - name: Create DNS record at Azure azure_rm_dnsrecordset: diff --git a/ansible/roles/public_dns/tasks/create-route53.yml b/ansible/roles/public_dns/tasks/create-route53.yml index b7640e53..39b3c4b5 100644 --- a/ansible/roles/public_dns/tasks/create-route53.yml +++ b/ansible/roles/public_dns/tasks/create-route53.yml @@ -1,11 +1,4 @@ --- -- name: Install boto on RHEL/CentOS 8 via pip - # RPM / Package python3-boto3.noarch (The AWS SDK for Python) did not work - pip: - name: - - boto - state: present - - name: Create DNS record at Route53 route53: state: present diff --git a/ansible/roles/public_dns/tasks/create.yml b/ansible/roles/public_dns/tasks/create.yml index 40dd8d5d..3833b355 100644 --- a/ansible/roles/public_dns/tasks/create.yml +++ b/ansible/roles/public_dns/tasks/create.yml @@ -1,3 +1,3 @@ --- - name: Include DNS provider - include: "create-{{ pd_provider }}.yml" + include_tasks: "create-{{ pd_provider }}.yml" diff --git a/ansible/roles/public_dns/tasks/destroy.yml b/ansible/roles/public_dns/tasks/destroy.yml index 095eeb64..190d9a88 100644 --- a/ansible/roles/public_dns/tasks/destroy.yml +++ b/ansible/roles/public_dns/tasks/destroy.yml @@ -1,4 +1,4 @@ --- - name: Include DNS provider - include: "destroy-{{ pd_provider }}.yml" + include_tasks: "destroy-{{ pd_provider }}.yml" diff --git a/ansible/run-add-ons.yml b/ansible/run-add-ons.yml old mode 100755 new mode 100644 index df28af8e..b4711fa1 --- a/ansible/run-add-ons.yml +++ b/ansible/run-add-ons.yml @@ -1,8 +1,7 @@ -#!/usr/bin/env ansible-playbook --- - name: Test - hosts: localhost + hosts: host connection: local # gather_facts: no vars_files: diff --git a/ansible/setup.yml b/ansible/setup.yml old mode 100755 new mode 100644 index 1ce0a02f..9ba76fc9 --- a/ansible/setup.yml +++ b/ansible/setup.yml @@ -1,4 +1,3 @@ -#!/usr/bin/env ansible-playbook --- - import_playbook: 01-prepare-host.yml - import_playbook: 02-create-cluster.yml diff --git a/docs/add-ons.md b/docs/add-ons.md index f1e25b5e..02acd690 100644 --- a/docs/add-ons.md +++ b/docs/add-ons.md @@ -55,7 +55,8 @@ Here an example of tasks/main.yml --- # tasks file for hetzner-ocp4-add-on-example - name: Create namespace - k8s: + delegate_to: localhost + kubernetes.core.k8s: state: present kubeconfig: "{{ k8s_kubeconfig }}" host: "{{ k8s_host }}" @@ -69,7 +70,8 @@ Here an example of tasks/main.yml name: hetzner-ocp4-add-on-example - name: Create Deployment - k8s: + delegate_to: localhost + kubernetes.core.k8s: state: present kubeconfig: "{{ k8s_kubeconfig }}" host: "{{ k8s_host }}" diff --git a/docs/air-gapped.md b/docs/air-gapped.md index aed26c1c..8003250a 100644 --- a/docs/air-gapped.md +++ b/docs/air-gapped.md @@ -9,18 +9,21 @@ Create only the network, important to install and start the mirror registry add network_forward_mode: "route" ``` into `cluster.yml` and setup the network: -``` -./ansible/02-create-cluster.yml --tags network + +```bash +# ansible-navigator run ./ansible/02-create-cluster.yml \ + [-e @cluster-air-gapped.yml \] + --tags network ``` ## Setup mirror registry on kvm-host ### via Office quay mirror registry -https://docs.openshift.com/container-platform/4.9/installing/installing-mirroring-installation-images.html#mirror-registry +https://docs.openshift.com/container-platform/latest/installing/disconnected_install/installing-mirroring-creating-registry.html ``` -./docs/air-gapped/setup-registry.yam +ansible-navigator run ./docs/air-gapped/prep-mirror-registry.yaml [-e @cluster-air-gapped.yml] ./mirror-registry install \ --quayHostname host.compute.local:5000 \ @@ -29,9 +32,13 @@ https://docs.openshift.com/container-platform/4.9/installing/installing-mirrorin --sslKey /var/lib/libvirt/images/mirror-registry/certs/registry.key \ --sslCert /var/lib/libvirt/images/mirror-registry/certs/registry.crt \ --initPassword r3dh4t\!1 + +podman login --username init --password r3dh4t\!1 \ + --authfile mirror-registry-pullsecret.json \ + host.compute.local:5000 ``` -### via Docker registry +### via Docker registry - deprecated ``` ./docs/air-gapped/setup-registry.yaml @@ -64,7 +71,9 @@ jq -s '{"auths": ( .[0].auths + .[1].auths ) }' mirror-registry-pullsecret.json Install oc client ``` -./ansible/02-create-cluster.yml --tags download-openshift-artifacts +# ansible-navigator run ./ansible/02-create-cluster.yml \ + [-e @cluster-air-gapped.yml \] + --tags network ``` Mirror images: @@ -193,15 +202,21 @@ image_pull_secret: | ## Install cluster ``` -./ansible/02-create-cluster.yml +# ansible-navigator run ./ansible/02-create-cluster.yml [-e @cluster-air-gapped.yml \] ``` ## Sync Operatorhub Not all operators support disconnected environments: [Red Hat Operators Supported in Disconnected Mode](https://access.redhat.com/articles/4740011) -How to sync operators with OpenShift 4.8: [official documentation](https://docs.openshift.com/container-platform/4.8/operators/admin/olm-restricted-networks.html) +How to sync operators with OpenShift 4.8: [official documentation](https://docs.openshift.com/container-platform/latest/operators/admin/olm-restricted-networks.html) + +### Disable default catalog source +``` +oc patch OperatorHub cluster --type json \ + -p '[{"op": "add", "path": "/spec/disableAllDefaultSources", "value": true}]' +``` ### run index @@ -213,25 +228,39 @@ podman run -p50051:50051 \ ### Export names +Install grpcurl +``` grpcurl -plaintext localhost:50051 api.Registry/ListPackages > packages.out +``` -## Sync image for `oc debug node/` +### Sync Index -``` -oc image mirror -a ${LOCAL_SECRET_JSON} \ - registry.redhat.io/rhel7/support-tools:latest \ - ${LOCAL_REGISTRY}/rhel7/support-tools:latest +```bash + +opm index prune \ + -f registry.redhat.io/redhat/redhat-operator-index:v4.10 \ + -p codeready-workspaces2 \ + -t ${LOCAL_REGISTRY}/olm/redhat-operator-index:v4.10 + + +podman push ${LOCAL_REGISTRY}/olm/redhat-operator-index:v4.10 -oc debug node/compute-0 --image=${LOCAL_REGISTRY}/rhel7/support-tools:latest ``` +``` +oc adm catalog mirror \ + ${LOCAL_REGISTRY}/olm/redhat-operator-index:v4.10 \ + ${LOCAL_REGISTRY}/olm \ + --manifests-only \ + -a ${LOCAL_SECRET_JSON} +``` ## If `storage_nfs: true` 1) Copy nfs-client-provisioner image ```bash oc image mirror -a ${LOCAL_SECRET_JSON} \ - quay.io/external_storage/nfs-client-provisioner:latest \ + k8s.gcr.io/sig-storage/nfs-subdir-external-provisioner:v4.0.2 \ ${LOCAL_REGISTRY}/${LOCAL_REPOSITORY}:nfs-client-provisioner-latest ``` diff --git a/docs/air-gapped/prep-mirror-registry.yaml b/docs/air-gapped/prep-mirror-registry.yaml index f732ee50..98867d6e 100755 --- a/docs/air-gapped/prep-mirror-registry.yaml +++ b/docs/air-gapped/prep-mirror-registry.yaml @@ -1,7 +1,6 @@ #!/usr/bin/env ansible-playbook --- -- hosts: localhost - connection: local +- hosts: host # gather_facts true because we need the public ip address gather_facts: false tags: @@ -112,6 +111,7 @@ copy: src: "{{certs_dir}}/ca.crt" dest: /etc/pki/ca-trust/source/anchors/ + remote_src: true - name: Update ca trust shell: | diff --git a/docs/release-notes.md b/docs/release-notes.md index ebd277c6..d5ee18f3 100644 --- a/docs/release-notes.md +++ b/docs/release-notes.md @@ -1,5 +1,20 @@ # RELEASE NOTES +## 2022-06-19 + + * Bump OpenShift Version to 4.10 + * Rewrite playbooks to run in ansible-navigator + New useage: + + * Install ansible navigator & configure ssh + * [RHEL](https://github.com/RedHat-EMEA-SSA-Team/hetzner-ocp4/tree/master#in-case-of-red-hat-enterprise-linux-8) + * [Rocky/Centos](https://github.com/RedHat-EMEA-SSA-Team/hetzner-ocp4/tree/master#in-case-of-rocky-linux-8-or-centos-8) + + * Run playbooks: `ansible-navigator run -m stdout ./ansible/setup.yml` + + * Build ansible execution environment: + quay.io/redhat-emea-ssa-team/hetzner-ocp4-ansible-ee:master + ## 2022-02-16 * Introduce ansible-lint pre-commit hook and fix eveything diff --git a/ee-bindep.txt b/ee-bindep.txt new file mode 100644 index 00000000..beba5910 --- /dev/null +++ b/ee-bindep.txt @@ -0,0 +1,6 @@ +pkgconf-pkg-config +libvirt-client +libvirt-libs +libvirt-devel +gcc +python38-devel \ No newline at end of file diff --git a/ee-python-requirements.txt b/ee-python-requirements.txt new file mode 100644 index 00000000..be3f2c34 --- /dev/null +++ b/ee-python-requirements.txt @@ -0,0 +1,11 @@ +libvirt-python +# Azure should be covert by collection: community.azure +# packaging +# msrest +# msrestazure +# azure.common +# azure.mgmt +# azure.storage +# azure.mgmt.automation +# AWS should be covert by collection: community.aws +# boto diff --git a/ee-requirements.yml b/ee-requirements.yml new file mode 100644 index 00000000..2d08a7d5 --- /dev/null +++ b/ee-requirements.yml @@ -0,0 +1,14 @@ +--- +collections: + - community.libvirt + - community.crypto + - community.general + - community.aws + - google.cloud + - community.azure + - kubernetes.core + - ansible.posix + - community.azure + - community.aws + - community.digitalocean + - community.kubernetes diff --git a/execution-environment.yml b/execution-environment.yml new file mode 100644 index 00000000..158aab3b --- /dev/null +++ b/execution-environment.yml @@ -0,0 +1,20 @@ +--- +version: 1 + +# build_arg_defaults: + # EE_BASE_IMAGE: 'quay.io/ansible/ansible-runner:latest' + +# ansible_config: 'ansible.cfg' + +dependencies: + galaxy: ee-requirements.yml + python: ee-python-requirements.txt + system: ee-bindep.txt + +# additional_build_steps: +# prepend: | +# RUN whoami +# RUN cat /etc/os-release +# append: +# - RUN echo This is a post-install command! +# - RUN ls -la /etc diff --git a/inventory/hosts.yaml b/inventory/hosts.yaml new file mode 100644 index 00000000..fd00a829 --- /dev/null +++ b/inventory/hosts.yaml @@ -0,0 +1,6 @@ +--- +all: + hosts: + host: + ansible_host: localhost + ansible_private_key_file: ~/.ssh/id_rsa