From 126ca3497a01538c6f3ba6f6aa01371296be6ff3 Mon Sep 17 00:00:00 2001 From: Marco Braga Date: Tue, 7 Feb 2023 23:56:46 -0300 Subject: [PATCH 01/39] docs: add oci upi documentation feat/oci: add initial steps to create network resources feat/oci: add DNS, LB and network feat/provider-oci: add full-stack creation oci create cluster successfully running Update installing-agnostic-oci.md Update installing-agnostic-oci.md feat/oci: documenting the cluster create vars fix/nsg: compute nodes were using CP NSG feat/destroy: add OCI destroy resources feat/os_mirror: add OS image mirror role feat/destroy: add OCI destroy resources doc: update image with os_mirror, destroy and opct oci patchs: Platform External and CCM manifests oci/ccm: adapting to inject CCM manifests into install flow oci/csi: adapting to inject CSI manifests on install time oci: review to install and validate CCM and CSI compute: creating generic compute var to allow customization creating release 4.13.0-rc.0 installing with ccm+csi remove commented lines chore: reuse items on var files --- docs/documentation/integrate-provider.md | 3 + docs/guides/OCI/index.md | 17 + docs/guides/OCI/oci-image-registry-bucket.md | 12 + docs/guides/OCI/oci-install-ccm.md | 111 ++++++ .../OCI/oci-installing-quickly-examples.md | 90 +++++ docs/guides/OCI/oci-installing-steps.md | 293 ++++++++++++++++ docs/guides/OCI/oci-prerequisites.md | 97 +++++ .../OCI/platform-external-custom-release.md | 166 +++++++++ docs/guides/OCI/validate-cluster-with-opct.md | 51 +++ examples/create-cluster.yaml | 14 + examples/vars/common.yaml | 8 + examples/vars/oci/common.yaml | 21 ++ .../oci/ha-platform-external-ccm-csi.yaml | 21 ++ .../vars/oci/ha-platform-external-ccm.yaml | 20 ++ examples/vars/oci/ha-platform-external.yaml | 19 + examples/vars/oci/ha-platform-none-csi.yaml | 6 + examples/vars/oci/ha-platform-none.yaml | 5 + mkdocs.yaml | 10 +- playbooks/create_all.yaml | 3 + playbooks/vars/oci/profiles/default | 1 + .../oci/profiles/ha/destroy_resources.yaml | 26 ++ playbooks/vars/oci/profiles/ha/dns.yaml | 24 ++ playbooks/vars/oci/profiles/ha/iam.yaml | 2 + .../ha/loadbalancer-router-default.yaml | 2 + .../vars/oci/profiles/ha/loadbalancer.yaml | 187 ++++++++++ playbooks/vars/oci/profiles/ha/network.yaml | 332 ++++++++++++++++++ .../vars/oci/profiles/ha/node-bootstrap.yaml | 134 +++++++ .../vars/oci/profiles/ha/node-compute.yaml | 183 ++++++++++ .../oci/profiles/ha/node-controlplane.yaml | 179 ++++++++++ .../vars/oci/profiles/ha/node-generic.yaml | 57 +++ roles/bootstrap/tasks/oci.yaml | 51 +++ roles/clients/tasks/main.yaml | 2 +- roles/cloud_compute | 2 +- roles/cloud_dns | 2 +- roles/cloud_load_balancer | 2 +- roles/cloud_network | 2 +- roles/config/defaults/main.yaml | 1 + roles/config/tasks/create.yaml | 2 +- roles/config/tasks/load.yaml | 2 +- .../patches-manifests/deploy-oci-ccm.yaml | 56 +++ .../patches-manifests/deploy-oci-csi.yaml | 42 +++ .../patches-manifests/line_regex_patch.yaml | 10 + .../mc-kubelet-env-workaround.yaml | 16 + .../mc-kubelet-providerid.yaml | 40 +++ .../tasks/patches-manifests/yaml_patch.yaml | 6 + .../patches-manifests/yaml_patch_run.yaml | 18 + roles/config/tasks/save-state.yaml | 2 +- .../patches/mc-iscsid-service.yaml.j2 | 14 + .../templates/patches/mc-kubelet-env.yaml.j2 | 38 ++ .../mc-kubelet-env_kubelet-providerID.sh.j2 | 9 + .../patches/mc-kubelet-providerid.bu.j2 | 51 +++ .../patches/mc-kubelet-service.yaml.j2 | 68 ++++ .../templates/patches/mc-kubelet.yaml.j2 | 65 ++++ .../templates/patches/mc-oci-ccm.yaml.j2 | 17 + .../patches/oci/oci-ccm-00-namespace.yaml.j2 | 14 + .../oci/oci-ccm-01-secret-data.yaml.j2 | 20 ++ .../patches/oci/oci-ccm-01-secret.yaml.j2 | 8 + .../patches/oci/oci-ccm-02-rbac-sa.yaml.j2 | 6 + .../patches/oci/oci-ccm-03-rbac-cr.yaml.j2 | 143 ++++++++ .../patches/oci/oci-ccm-04-rbac-crb.yaml.j2 | 13 + .../patches/oci/oci-ccm-05-daemonset.yaml.j2 | 78 ++++ .../patches/oci/oci-csi-00-namespace.yaml.j2 | 14 + .../patches/oci/oci-csi-01-secret.yaml.j2 | 8 + .../oci/oci-csi-02-node-rbac-00-sa.yaml.j2 | 6 + .../oci/oci-csi-02-node-rbac-01-cr.yaml.j2 | 37 ++ .../oci/oci-csi-02-node-rbac-02-crb.yaml.j2 | 13 + .../oci/oci-csi-03-controller-driver.yaml.j2 | 202 +++++++++++ ...si-04-node-driver-00-csidriver-fss.yaml.j2 | 7 + ...csi-04-node-driver-01-csidriver-bv.yaml.j2 | 6 + ...oci-csi-04-node-driver-02-cm-iscsi.yaml.j2 | 20 ++ .../oci-csi-04-node-driver-03-cm-fss.yaml.j2 | 46 +++ ...ci-csi-04-node-driver-04-daemonset.yaml.j2 | 207 +++++++++++ .../oci-csi-05-storage-class-00-bv.yaml.j2 | 14 + ...oci-csi-05-storage-class-01-bv-enc.yaml.j2 | 11 + .../oci/oci-sample-csi-00-namespace.yaml.j2 | 12 + .../patches/oci/oci-sample-csi-00-pvc.yaml.j2 | 12 + .../patches/oci/oci-sample-csi-01-pod.yaml.j2 | 18 + .../oci/oci-sample-lb-00-deployment.yaml.j2 | 21 ++ .../oci/oci-sample-lb-01-service.yaml.j2 | 16 + .../patches/oci/oci-samples-namespace.j2 | 12 + roles/destroy/tasks/oci.yaml | 27 ++ roles/destroy/tasks/oci/bucket.yaml | 14 + roles/destroy/tasks/oci/compute.yaml | 37 ++ roles/destroy/tasks/oci/dns.yaml | 12 + roles/destroy/tasks/oci/iam.yaml | 2 + roles/destroy/tasks/oci/loadbalancer.yaml | 37 ++ roles/destroy/tasks/oci/network.yaml | 81 +++++ roles/os_mirror/tasks/oci.yaml | 41 +++ 88 files changed, 3815 insertions(+), 12 deletions(-) create mode 100644 docs/documentation/integrate-provider.md create mode 100644 docs/guides/OCI/index.md create mode 100644 docs/guides/OCI/oci-image-registry-bucket.md create mode 100644 docs/guides/OCI/oci-install-ccm.md create mode 100644 docs/guides/OCI/oci-installing-quickly-examples.md create mode 100644 docs/guides/OCI/oci-installing-steps.md create mode 100644 docs/guides/OCI/oci-prerequisites.md create mode 100644 docs/guides/OCI/platform-external-custom-release.md create mode 100644 docs/guides/OCI/validate-cluster-with-opct.md create mode 100644 examples/create-cluster.yaml create mode 100644 examples/vars/common.yaml create mode 100644 examples/vars/oci/common.yaml create mode 100644 examples/vars/oci/ha-platform-external-ccm-csi.yaml create mode 100644 examples/vars/oci/ha-platform-external-ccm.yaml create mode 100644 examples/vars/oci/ha-platform-external.yaml create mode 100644 examples/vars/oci/ha-platform-none-csi.yaml create mode 100644 examples/vars/oci/ha-platform-none.yaml create mode 120000 playbooks/vars/oci/profiles/default create mode 100644 playbooks/vars/oci/profiles/ha/destroy_resources.yaml create mode 100644 playbooks/vars/oci/profiles/ha/dns.yaml create mode 100644 playbooks/vars/oci/profiles/ha/iam.yaml create mode 100644 playbooks/vars/oci/profiles/ha/loadbalancer-router-default.yaml create mode 100644 playbooks/vars/oci/profiles/ha/loadbalancer.yaml create mode 100644 playbooks/vars/oci/profiles/ha/network.yaml create mode 100644 playbooks/vars/oci/profiles/ha/node-bootstrap.yaml create mode 100644 playbooks/vars/oci/profiles/ha/node-compute.yaml create mode 100644 playbooks/vars/oci/profiles/ha/node-controlplane.yaml create mode 100644 playbooks/vars/oci/profiles/ha/node-generic.yaml create mode 100644 roles/bootstrap/tasks/oci.yaml create mode 100644 roles/config/tasks/patches-manifests/deploy-oci-ccm.yaml create mode 100644 roles/config/tasks/patches-manifests/deploy-oci-csi.yaml create mode 100644 roles/config/tasks/patches-manifests/line_regex_patch.yaml create mode 100644 roles/config/tasks/patches-manifests/mc-kubelet-env-workaround.yaml create mode 100644 roles/config/tasks/patches-manifests/mc-kubelet-providerid.yaml create mode 100644 roles/config/tasks/patches-manifests/yaml_patch.yaml create mode 100644 roles/config/tasks/patches-manifests/yaml_patch_run.yaml create mode 100644 roles/config/templates/patches/mc-iscsid-service.yaml.j2 create mode 100644 roles/config/templates/patches/mc-kubelet-env.yaml.j2 create mode 100644 roles/config/templates/patches/mc-kubelet-env_kubelet-providerID.sh.j2 create mode 100644 roles/config/templates/patches/mc-kubelet-providerid.bu.j2 create mode 100644 roles/config/templates/patches/mc-kubelet-service.yaml.j2 create mode 100644 roles/config/templates/patches/mc-kubelet.yaml.j2 create mode 100644 roles/config/templates/patches/mc-oci-ccm.yaml.j2 create mode 100644 roles/config/templates/patches/oci/oci-ccm-00-namespace.yaml.j2 create mode 100644 roles/config/templates/patches/oci/oci-ccm-01-secret-data.yaml.j2 create mode 100644 roles/config/templates/patches/oci/oci-ccm-01-secret.yaml.j2 create mode 100644 roles/config/templates/patches/oci/oci-ccm-02-rbac-sa.yaml.j2 create mode 100644 roles/config/templates/patches/oci/oci-ccm-03-rbac-cr.yaml.j2 create mode 100644 roles/config/templates/patches/oci/oci-ccm-04-rbac-crb.yaml.j2 create mode 100644 roles/config/templates/patches/oci/oci-ccm-05-daemonset.yaml.j2 create mode 100644 roles/config/templates/patches/oci/oci-csi-00-namespace.yaml.j2 create mode 100644 roles/config/templates/patches/oci/oci-csi-01-secret.yaml.j2 create mode 100644 roles/config/templates/patches/oci/oci-csi-02-node-rbac-00-sa.yaml.j2 create mode 100644 roles/config/templates/patches/oci/oci-csi-02-node-rbac-01-cr.yaml.j2 create mode 100644 roles/config/templates/patches/oci/oci-csi-02-node-rbac-02-crb.yaml.j2 create mode 100644 roles/config/templates/patches/oci/oci-csi-03-controller-driver.yaml.j2 create mode 100644 roles/config/templates/patches/oci/oci-csi-04-node-driver-00-csidriver-fss.yaml.j2 create mode 100644 roles/config/templates/patches/oci/oci-csi-04-node-driver-01-csidriver-bv.yaml.j2 create mode 100644 roles/config/templates/patches/oci/oci-csi-04-node-driver-02-cm-iscsi.yaml.j2 create mode 100644 roles/config/templates/patches/oci/oci-csi-04-node-driver-03-cm-fss.yaml.j2 create mode 100644 roles/config/templates/patches/oci/oci-csi-04-node-driver-04-daemonset.yaml.j2 create mode 100644 roles/config/templates/patches/oci/oci-csi-05-storage-class-00-bv.yaml.j2 create mode 100644 roles/config/templates/patches/oci/oci-csi-05-storage-class-01-bv-enc.yaml.j2 create mode 100644 roles/config/templates/patches/oci/oci-sample-csi-00-namespace.yaml.j2 create mode 100644 roles/config/templates/patches/oci/oci-sample-csi-00-pvc.yaml.j2 create mode 100644 roles/config/templates/patches/oci/oci-sample-csi-01-pod.yaml.j2 create mode 100644 roles/config/templates/patches/oci/oci-sample-lb-00-deployment.yaml.j2 create mode 100644 roles/config/templates/patches/oci/oci-sample-lb-01-service.yaml.j2 create mode 100644 roles/config/templates/patches/oci/oci-samples-namespace.j2 create mode 100644 roles/destroy/tasks/oci.yaml create mode 100644 roles/destroy/tasks/oci/bucket.yaml create mode 100644 roles/destroy/tasks/oci/compute.yaml create mode 100644 roles/destroy/tasks/oci/dns.yaml create mode 100644 roles/destroy/tasks/oci/iam.yaml create mode 100644 roles/destroy/tasks/oci/loadbalancer.yaml create mode 100644 roles/destroy/tasks/oci/network.yaml create mode 100644 roles/os_mirror/tasks/oci.yaml diff --git a/docs/documentation/integrate-provider.md b/docs/documentation/integrate-provider.md new file mode 100644 index 0000000..335fdb5 --- /dev/null +++ b/docs/documentation/integrate-provider.md @@ -0,0 +1,3 @@ +# Steps to Integrate a new Provider into okd-installer + +> Placeholder diff --git a/docs/guides/OCI/index.md b/docs/guides/OCI/index.md new file mode 100644 index 0000000..36c0dab --- /dev/null +++ b/docs/guides/OCI/index.md @@ -0,0 +1,17 @@ +# Guides for Oracle Cloud Infrastructure + +> WIP + +> TODO: + +Create guides/docs for OCP/OKD on OCI: + +- Installing a cluster with agnostic installation quickly (Platform=None) +- Installing a cluster with Cloud Controller Manager using External provider (Platform=External) +- Installing a cluster with External Cloud provider integration: CCM and `Platform External` +- Installing a cluster with agnostic installation with Assisted Installer as a installation provider + +Generic guides: + +- Integrate new provider to the Ansible Collection (UPI stacks) +- Adding CCM to existing integrated external provider diff --git a/docs/guides/OCI/oci-image-registry-bucket.md b/docs/guides/OCI/oci-image-registry-bucket.md new file mode 100644 index 0000000..6befb8e --- /dev/null +++ b/docs/guides/OCI/oci-image-registry-bucket.md @@ -0,0 +1,12 @@ +# OCI Image Registry - Use S3 compatibility URL for persistent storage + +> WIP + +Steps to use the OCI S3 Compatibility API to set the persistent storage for the OpenShift Image Registry with OCI Bucket service. + +Steps: + +- Create access Key +- Create the secret used by image-registry +- Edit the image registry object adding the s3 configuration +- Test it \ No newline at end of file diff --git a/docs/guides/OCI/oci-install-ccm.md b/docs/guides/OCI/oci-install-ccm.md new file mode 100644 index 0000000..cd77982 --- /dev/null +++ b/docs/guides/OCI/oci-install-ccm.md @@ -0,0 +1,111 @@ +## Install a cluster on Oracle Cloud Infrastructure (OCI) with CCM + +Install an OCP cluster in OCI with Platform External as an option and OCI Cloud Controler Manager. + +## Requirements + +- Credentials +- Client installed + +## OCP Cluster Setup on OCI + +### Generate the vars file + +```bash +cat < ~/.oci/env +# Compartment that the cluster will be installed +OCI_COMPARTMENT_ID="" + +# Compartment that the DNS Zone is created (based domain) +# Only RR will be added +OCI_COMPARTMENT_ID_DNS="" + +# Compartment that the OS Image will be created +OCI_COMPARTMENT_ID_IMAGE="" +EOF +source ~/.oci/env + + +CLUSTER_NAME=oci-fd1-vpu90 +VARS_FILE=./vars-oci-ha_${CLUSTER_NAME}.yaml + +cat < ${VARS_FILE} +provider: oci +cluster_name: ${CLUSTER_NAME} +config_cluster_region: us-sanjose-1 + +oci_compartment_id: ${OCI_COMPARTMENT_ID} +oci_compartment_id_dns: ${OCI_COMPARTMENT_ID_DNS} +oci_compartment_id_image: ${OCI_COMPARTMENT_ID_IMAGE} + +cluster_profile: ha +destroy_bootstrap: no + +config_base_domain: splat-oci.devcluster.openshift.com +config_ssh_key: "$(cat ~/.ssh/id_rsa.pub;cat ~/.ssh/openshift-dev.pub)" +config_pull_secret_file: "${HOME}/.openshift/pull-secret-latest.json" + +config_cluster_version: 4.13.0 +version: 4.13.0 + +# Define the OS Image mirror +os_mirror: yes +os_mirror_from: stream_artifacts +os_mirror_stream: + architecture: x86_64 + artifact: openstack + format: qcow2.gz + +os_mirror_to_provider: oci +os_mirror_to_oci: + compartment_id: ${OCI_COMPARTMENT_ID_IMAGE} + bucket: rhcos-images + image_type: QCOW2 + +EOF + + +# Platform External setup only +cat <> ${VARS_FILE} + +# Platform External specifics (preview version) + +config_installer_environment: + OPENSHIFT_INSTALL_RELEASE_IMAGE_OVERRIDE: "quay.io/mrbraga/ocp-release:4.13.0-rc.0-x86_64_platexternal-kcmo-mco-3cmo" + +config_patches: +- rm-capi-machines +- mc-kubelet-providerid +- deploy-oci-ccm +- deploy-oci-csi +- yaml_patch + +cfg_patch_yaml_patch_specs: + ## patch infra object to create External provider + - manifest: /manifests/cluster-infrastructure-02-config.yml + patch: '{"spec":{"platformSpec":{"type":"External","external":{"platformName":"oci"}}},"status":{"platform":"External","platformStatus":{"type":"External","external":{}}}}' + +cfg_patch_kubelet_providerid_script: | + PROVIDERID=\$(curl -H "Authorization: Bearer Oracle" -sL http://169.254.169.254/opc/v2/instance/ | jq -r .id); + +# Notes for: oci-fd1-vpu90 +# - Multiple(3) FD for masters and workers +# - master volume VPU/GB 90 + +EOF +``` + +### Install the cluster + +```bash +ansible-playbook mtulio.okd_installer.create_all \ + -e certs_max_retries=20 \ + -e cert_wait_interval_sec=60 \ + -e @$VARS_FILE +``` + +## Destroy the cluster + +```bash +ansible-playbook mtulio.okd_installer.destroy_cluster -e @$VARS_FILE +``` diff --git a/docs/guides/OCI/oci-installing-quickly-examples.md b/docs/guides/OCI/oci-installing-quickly-examples.md new file mode 100644 index 0000000..18875ae --- /dev/null +++ b/docs/guides/OCI/oci-installing-quickly-examples.md @@ -0,0 +1,90 @@ +# Installing in OCI with build-in examples + +## Export variables + +```bash +export OKD_CONFIG_BASE_DOMAIN="" +export OCI_COMPARTMENT_ID="" +export OCI_COMPARTMENT_ID_DNS="" +export OCI_COMPARTMENT_ID_IMAGE="" +export OS_MIRROR_IMAGE_BUCKET_NAME="rhcos-images" +``` + +### Default vars + + +## Installing + + +### Installing a cluster on OCI with Platform Agnostic/None + +> TODO + +```bash +ansible-playbook examples/create-cluster.yaml \ + -e cluster_name=name \ + -e @./examples/vars/common.yaml \ + -e @./examples/vars/oci/common.yaml \ + -e @./examples/vars/oci/ha-platform-none.yaml +``` + +### Installing a cluster on OCI with Platform Agnostic/None with CSI Driver + +```bash +ansible-playbook examples/create-cluster.yaml \ + -e cluster_name=name \ + -e @./examples/vars/common.yaml \ + -e @./examples/vars/oci/common.yaml \ + -e @./examples/vars/oci/ha-platform-none-csi.yaml +``` + +### Installing a cluster on OCI with Platform External + +```bash +ansible-playbook examples/create-cluster.yaml \ + -e cluster_name=name \ + -e @./examples/vars/common.yaml \ + -e @./examples/vars/oci/common.yaml \ + -e @./examples/vars/oci/ha-platform-external.yaml +``` + +### Installing a cluster on OCI with Platform External with CCM + +```bash +ansible-playbook examples/create-cluster.yaml \ + -e cluster_name=name \ + -e @./examples/vars/common.yaml \ + -e @./examples/vars/oci/common.yaml \ + -e @./examples/vars/oci/ha-platform-external-ccm.yaml +``` + +### Installing a cluster on OCI with Platform External with CCM and CSI Driver + +```bash +ansible-playbook examples/create-cluster.yaml \ + -e cluster_name=name \ + -e @./examples/vars/common.yaml \ + -e @./examples/vars/oci/common.yaml \ + -e @./examples/vars/oci/ha-platform-external-ccm-csi.yaml +``` + +### Installing a cluster on OCI with Platform External with CSI Driver + +> TODO: OCI CSI Driver can be installed in Platform None with manual changes + + + +### Destroy a cluster + +```bash +ansible-playbook mtulio.okd_installer.destroy_cluster \ + -e cluster_name=name +``` \ No newline at end of file diff --git a/docs/guides/OCI/oci-installing-steps.md b/docs/guides/OCI/oci-installing-steps.md new file mode 100644 index 0000000..9fc2b5a --- /dev/null +++ b/docs/guides/OCI/oci-installing-steps.md @@ -0,0 +1,293 @@ +# Install OKD/OCP on OCI using an agnostic method + +> This document is under development on https://github.com/mtulio/ansible-collection-okd-installer/pull/26 + +Install OCP/OKD Cluster on Oracle Cloud Infrastructure using agnostic installation/UPI. + +- Prerequisites +- Installing OCP + - Install the Clientes + - Option 1 - Install quickly + - Option 2 - Install step-by-stack + - Create the Install config + - Create the manifests + - Setup IAM Stack + - Setup Network Stack + - Setup DNS Stack + - Setup Load Balancer Stack + - Patch the manifests + - Create the ignitions + - Setup Compute Stack + - Setup Bootstrap + - Setup Control Plane nodes + - Setup Compute nodes + - Check/Approve the certificates +- Review the Installation +- Destroy the Cluster + +## Prerequisites + +Read [here](./oci-prerequisites.md) + +## Installing OpenShift/OKD + +### Create the vars file + +```bash +cat < ~/.oci/env +# Compartment where the cluster will be installed +OCI_COMPARTMENT_ID="" + +# Compartment that the DNS Zone is created (based domain) +# Only RR will be added +OCI_COMPARTMENT_ID_DNS="" + +# Compartment that the OS Image will be created +OCI_COMPARTMENT_ID_IMAGE="" +EOF +source ~/.oci/env + +cat < ~/.openshift/env +export OCP_CUSTOM_RELEASE="quay.io/mtulio/ocp-release:latest" + +OCP_RELEASE_413="quay.io/mrbraga/ocp-release:4.13.0-rc.0-x86_64_platexternal-kcmo-mco-3cmo" +EOF +source ~/.openshift/env + +CLUSTER_NAME=oci-bm2 +VAR_FILE=./vars-oci-ha_${CLUSTER_NAME}.yaml + +cat < ${VAR_FILE} +provider: oci +cluster_name: ${CLUSTER_NAME} +config_cluster_region: us-sanjose-1 + +#TODO: create compartment validations +#TODO: allow create compartment from a parent +oci_compartment_id: ${OCI_COMPARTMENT_ID} +oci_compartment_id_dns: ${OCI_COMPARTMENT_ID_DNS} +oci_compartment_id_image: ${OCI_COMPARTMENT_ID_IMAGE} + +cluster_profile: ha +destroy_bootstrap: no + +config_base_domain: splat-oci.devcluster.openshift.com +config_ssh_key: "$(cat ~/.ssh/id_rsa.pub;cat ~/.ssh/openshift-dev.pub)" +config_pull_secret_file: "${HOME}/.openshift/pull-secret-latest.json" + +config_cluster_version: 4.13.0-rc.0 +version: 4.13.0-rc.0 +config_installer_environment: + OPENSHIFT_INSTALL_RELEASE_IMAGE_OVERRIDE: "quay.io/mrbraga/ocp-release:4.13.0-rc.0-x86_64_platexternal-kcmo-mco-3cmo" + +# Define the OS Image mirror +# custom_image_id: rhcos-412.86.202212081411-0-openstack.x86_64 + +os_mirror: yes +os_mirror_from: stream_artifacts +os_mirror_stream: + architecture: x86_64 + artifact: openstack + format: qcow2.gz + +os_mirror_to_provider: oci +os_mirror_to_oci: + compartment_id: ${OCI_COMPARTMENT_ID_IMAGE} + bucket: rhcos-images + image_type: QCOW2 + +## Apply patches to installer manifests (WIP) +# TODO: we must keep the OCI CCM manifests patch more generic + +config_patches: +- rm-capi-machines +- mc-kubelet-providerid +- deploy-oci-ccm +- deploy-oci-csi +- yaml_patch + +cfg_patch_yaml_patch_specs: + ## patch infra object to create External provider + - manifest: /manifests/cluster-infrastructure-02-config.yml + patch: '{"spec":{"platformSpec":{"type":"External","external":{"platformName":"oci"}}},"status":{"platform":"External","platformStatus":{"type":"External","external":{}}}}' + +cfg_patch_kubelet_providerid_script: | + PROVIDERID=\$(curl -H "Authorization: Bearer Oracle" -sL http://169.254.169.254/opc/v2/instance/ | jq -r .id); + +# Customize instance type +#compute_shape: "BM.Standard.E2.64" +#compute_shape_config: {} + +EOF + +``` + +### Install the clients + +```bash +ansible-playbook mtulio.okd_installer.install_clients -e @$VARS_FILE +``` + +### Installing option 1: quickly install + +```bash +ansible-playbook mtulio.okd_installer.create_all \ + -e certs_max_retries=20 \ + -e cert_wait_interval_sec=60 \ + -e @$VAR_FILE +``` + +### Installing option 2: step-by-step + +#### Create the Installer Configuration + +Create the installation configuration: + + +```bash +ansible-playbook mtulio.okd_installer.config -e mode=create-config -e @$VARS_FILE +``` + +The rendered install-config.yaml will be available on the following path: + +- `~/.ansible/okd-installer/clusters/$CLUSTER_NAME/install-config.yaml` + +If you want to skip this part, place your own install-config.yaml on the same +path and go to the next step. + +#### Create the Installer manifests + +Create the installation configuration: + +```bash +ansible-playbook mtulio.okd_installer.config -e mode=create-manifests -e @$VARS_FILE +``` + +The manifests will be rendered and saved on the install directory: + +- `~/.ansible/okd-installer/clusters/$CLUSTER_NAME/` + +If you want to skip that part, with your manifests, you must be able to run +the `openshift-install create manifests` under the install directory, and the file +`manifests/cluster-config.yaml` is created correctly. + +The infrastructure manifest also must exist on the path: `manifests/cluster-infrastructure-02-config.yml`. + + +**After this stage, the file `$install_dir/cluster_state.json` will be created and populated with the stack results.** + +#### IAM Stack + +N/A + +> TODO: create Compartment validations + +#### Create the Network Stack + +```bash +ansible-playbook mtulio.okd_installer.stack_network -e @$VARS_FILE +``` + +#### DNS Stack + +```bash +ansible-playbook mtulio.okd_installer.stack_dns -e @$VARS_FILE +``` + +#### Load Balancer Stack + +```bash +ansible-playbook mtulio.okd_installer.stack_loadbalancer -e @$VARS_FILE +``` + +#### Config Commit + +This stage allows the user to modify the cluster configurations (manifests), +then generate the ignition files used to create the cluster. + +##### Manifest patches (pre-ign) + +In this step, the playbooks will apply any patches to the manifests, +according to the vars file `config_patches`. + +The `config_patches` are predefined tasks that will run to reach specific goals. + +If you wouldn't like to apply patches, leave the empty value `config_patches: []`. + +If you would like to apply patches manually, you can do it by changing the manifests +on the install dir. Default install dir path: `~/.ansible/okd-installer/clusters/${cluster_name}/*` + +```bash +ansible-playbook mtulio.okd_installer.config -e mode=patch-manifests -e @$VARS_FILE +``` + +##### Config generation (ignitions) + +These steps should be the last before the configuration be 'committed': + +- `create ignitions` when using `openshift-install` as the config provider + +```bash +ansible-playbook mtulio.okd_installer.config -e mode=create-ignitions -e @$VARS_FILE +``` + +#### Mirror OS boot image + +- Download the image from the URL provided by openshift-install coreos-stream + +> Example: `$ jq -r '.architectures["x86_64"].artifacts.openstack.formats["qcow2.gz"].disk.location' ~/.ansible/okd-installer/clusters/ocp-oci/coreos-stream.json` + +```bash +ansible-playbook mtulio.okd_installer.os_mirror -e @$VARS_FILE +``` + +#### Compute Stack + +##### Bootstrap node + +- Upload the bootstrap ignition to blob and Create the Bootstrap Instance + +```bash +ansible-playbook mtulio.okd_installer.create_node -e node_role=bootstrap -e @$VARS_FILE +``` + +##### Control Plane nodes + +- Create the Control Plane nodes + +```bash +ansible-playbook mtulio.okd_installer.create_node -e node_role=controlplane -e @$VARS_FILE +``` + +##### Compute/worker nodes + +- Create the Compute nodes + +```bash +ansible-playbook mtulio.okd_installer.create_node -e node_role=compute -e @$VARS_FILE +``` + +- Approve worker nodes' certificates signing requests (CSR) + +```bash +oc adm certificate approve $(oc get csr -o json |jq -r '.items[] | select(.status.certificate == null).metadata.name') + +# OR + +oc get csr -o go-template='{{range .items}}{{if not .status}}{{.metadata.name}}{{"\n"}}{{end}}{{end}}' | xargs oc adm certificate approve +``` + +## Review the installation + +```bash +export KUBECONFIG=${HOME}/.ansible/okd-installer/clusters/${cluster_name}/auth/kubeconfig + +oc get nodes +oc get co +``` + +## Destroy cluster + +```bash +ansible-playbook mtulio.okd_installer.destroy_cluster -e @$VARS_FILE +``` diff --git a/docs/guides/OCI/oci-prerequisites.md b/docs/guides/OCI/oci-prerequisites.md new file mode 100644 index 0000000..2be8557 --- /dev/null +++ b/docs/guides/OCI/oci-prerequisites.md @@ -0,0 +1,97 @@ +# OCI PoC - Prerequisites + +The steps described on this document can be changed from the final version. + +The goal is to quickly setup the PoC environment installing all the dependencies and Oracle Cloud Infrastructure identities to use the CLI/SDK with Ansible. + +### Setup Ansible project + +> This steps should be made only when OCI provider is under development - not merged to `main` branch. Then the normal install flow should be used. + +- Setup your ansible workdir (optional, you can use the defaults) + +```bash +cat < ansible.cfg +[defaults] +inventory = ./inventories +collections_path=./collections +callbacks_enabled=ansible.posix.profile_roles,ansible.posix.profile_tasks +hash_behavior=merge + +[inventory] +enable_plugins = yaml, ini + +[callback_profile_tasks] +task_output_limit=1000 +sort_order=none +EOF +``` + +- Create a virtual ennv + +```bash +python3.9 -m venv ./.oci +source ./.oci/bin/activate +``` + +- Donwload requirements files + +``` +wget https://raw.githubusercontent.com/mtulio/ansible-collection-okd-installer/main/requirements.yml +wget https://raw.githubusercontent.com/mtulio/ansible-collection-okd-installer/main/requirements.txt +``` + +- Install ansible and dependencies + +```bash +pip install -r requirements.txt +``` + +- Install the Collections + +```bash +ansible-galaxy collection install -r requirements.yml +``` + +- Get the latest (under development) okd-installer for OCI + +> https://github.com/mtulio/ansible-collection-okd-installer/pull/26 + +```bash +git clone -b feat-added-provider-oci --recursive \ + git@github.com:mtulio/ansible-collection-okd-installer.git \ + collections/ansible_collections/mtulio/okd_installer +``` + +- Check if the collection is present + + +```bash +$ ansible-galaxy collection list |egrep "(okd_installer|^oracle)" +mtulio.okd_installer 0.0.0-latest +oracle.oci 4.23.0 +``` + +### Setup OCI credentials + +- See [API Key Authentication](https://docs.oracle.com/en-us/iaas/tools/oci-ansible-collection/4.11.0/guides/authentication.html#api-key-authentication): +- See https://docs.oracle.com/en-us/iaas/Content/API/Concepts/apisigningkey.htm#two + + +Make sure your credentials have been set correctly on the file `~/.oci/config` and you can use the OCI ansible collection: + +- Get the User ID from the documentation + +```bash +export oci_user_id=$(grep ^user ~/.oci/config | awk -F '=' '{print$2}') +``` + +- Retrieve facts from the user + +```bash +ansible localhost \ + -m oracle.oci.oci_identity_user_facts \ + -a user_id=${oci_user_id} +``` + +You must be able to collect the user information. diff --git a/docs/guides/OCI/platform-external-custom-release.md b/docs/guides/OCI/platform-external-custom-release.md new file mode 100644 index 0000000..7e26e1e --- /dev/null +++ b/docs/guides/OCI/platform-external-custom-release.md @@ -0,0 +1,166 @@ +# Platform External - creating a custom release to support it on 4.13 + +This guide describes how to create a custom OCP release image with minimal changes to enable Platform `External` to be considered 'external' on the `library-go` - `IsCloudProviderExternal()`, signalizing the Kubelet (MCO) and Kube Controller Manager (KCMO) flag `--cloud-provider` be external, waiting for an external CCM be deployed on install time (in this case [OCI CCM](https://github.com/oracle/oci-cloud-controller-manager)) + +This is part of a PoC to enable Platform External to install CCM on install time. All the work has been mapped on the [Enhancement Proposal 1353](https://github.com/openshift/enhancements/pull/1353). + +## Update the API + +### API + +> The minimal changes on API have been created on 4.13. It's not required for this PoC. + +References: + +- https://github.com/openshift/api/pull/1301 +- https://github.com/openshift/api/pull/1409 + +### library-go + +- Clone the Library-go + +- Make the changes: https://github.com/openshift/library-go/compare/release-4.13...mtulio:library-go:release-4.13-platexternal?expand=1#diff-478af36e9fb994fc80d37b7d2f6ae207c67d8c43b94f98f6ae3e420808958ba9R40-R41 + +- Push to your account + + +## Rebuilding KCMO + +Steps to propagate the library-go change to kube-controller-manager-operator. + +- Clone the repo https://github.com/openshift/cluster-kube-controller-manager-operator + +- Update the go.mod to use your version of library-go https://github.com/openshift/cluster-kube-controller-manager-operator/compare/release-4.13...mtulio:cluster-kube-controller-manager-operator:release-4.13-platexternal?expand=1 + +`go.mod` +``` +replace github.com/openshift/library-go => github.com/mtulio/library-go v0.0.0-20230313023417-78e409222bff +``` + +- upload your custom changes (optional) + +```bash +$ git remote -v +mtulio git@github.com:mtulio/cluster-kube-controller-manager-operator.git (fetch) +mtulio git@github.com:mtulio/cluster-kube-controller-manager-operator.git (push) +origin git@github.com:openshift/cluster-kube-controller-manager-operator.git (fetch) +$ git push --set-upstream mtulio release-4.13-platexternal -f +``` + +- Build a custom image + + +```bash +QUAY_USER=mrbraga +REPO_NAME=cluster-kube-controller-manager-operator + +podman build \ + --authfile ${PULL_SECRET} \ + -f Dockerfile.rhel7 \ + -t quay.io/${QUAY_USER}/${REPO_NAME}:latest \ + && podman push quay.io/${QUAY_USER}/${REPO_NAME}:latest + +TS=$(date +%Y%m%d%H%M) +podman tag quay.io/${QUAY_USER}/${REPO_NAME}:latest \ + "quay.io/${QUAY_USER}/${REPO_NAME}:${TS}" && \ + podman push "quay.io/${QUAY_USER}/${REPO_NAME}:${TS}" +``` + +## Building MCO + +Steps to propagate the library-go change to machine-config-operator. + +- Clone the repo https://github.com/openshift/machine-config-operator + +- Update the go.mod to use your version of library-go + +`go.mod` +``` +replace github.com/openshift/library-go => github.com/mtulio/library-go v0.0.0-20230313023417-78e409222bff +``` + +- Build a custom image + +```shell +QUAY_USER=mrbraga +REPO_NAME=machine-config-operator + +podman build -f Dockerfile.rhel7 \ + -t quay.io/${QUAY_USER}/${REPO_NAME}:latest && \ + podman push quay.io/${QUAY_USER}/${REPO_NAME}:latest + +TS=$(date +%Y%m%d%H%M) +podman tag quay.io/${QUAY_USER}/${REPO_NAME}:latest \ + "quay.io/${QUAY_USER}/${REPO_NAME}:${TS}" && \ + podman push "quay.io/${QUAY_USER}/${REPO_NAME}:${TS}" +``` + +## Building CCCMO + +Steps to propagate the library-go change to cluster-cloud-controller-manager-operator. + +- Clone the repo https://github.com/mtulio/cluster-cloud-controller-manager-operator + +- Update the go.mod to use your version of library-go + +- Build a custom image + +```bash +QUAY_USER=mrbraga +REPO_NAME=cluster-cloud-controller-manager-operator + +podman build \ + --authfile ${PULL_SECRET} \ + -f Dockerfile \ + -t quay.io/${QUAY_USER}/${REPO_NAME}:latest \ + && podman push quay.io/${QUAY_USER}/${REPO_NAME}:latest + +TS=$(date +%Y%m%d%H%M) +podman tag quay.io/${QUAY_USER}/${REPO_NAME}:latest \ + "quay.io/${QUAY_USER}/${REPO_NAME}:${TS}" && \ + podman push "quay.io/${QUAY_USER}/${REPO_NAME}:${TS}" +``` + +## Create a new release + +- Choose the base image on https://openshift-release.apps.ci.l2s4.p1.openshiftapps.com/ + +- Run the command + +```bash +VERSION_BASE="4.13.0-rc.0-x86_64" +OCP_RELEASE_BASE="quay.io/openshift-release-dev/ocp-release:${VERSION_BASE}" +CUSTOM_IMAGE_NAMESPACE="quay.io/${QUAY_USER}" +NEW_RELEASE_IMAGE="docker.io/mtulio/ocp-release" + +$(which time) -v oc adm release new -n origin \ + --server https://api.ci.openshift.org \ + -a ${PULL_SECRET} \ + --from-release ${OCP_RELEASE_BASE} \ + --to-image "${NEW_RELEASE_IMAGE}:latest" \ + machine-config-operator=${CUSTOM_IMAGE_NAMESPACE}/machine-config-operator:latest \ + cluster-kube-controller-manager-operator=${CUSTOM_IMAGE_NAMESPACE}/cluster-kube-controller-manager-operator:latest \ + cluster-cloud-controller-manager-operator=${CUSTOM_IMAGE_NAMESPACE}/cluster-cloud-controller-manager-operator:latest +``` + +- Mirror it creating custom labels to identify the customization and base image + +```bash +podman pull "${NEW_RELEASE_IMAGE}:latest" + +podman tag "${NEW_RELEASE_IMAGE}:latest" \ + "${CUSTOM_IMAGE_NAMESPACE}/ocp-release:latest" && \ + podman push "${CUSTOM_IMAGE_NAMESPACE}/ocp-release:latest" +podman tag "${NEW_RELEASE_IMAGE}:latest" \ + "${CUSTOM_IMAGE_NAMESPACE}/ocp-release:${VERSION_BASE}_platexternal-kcmo-mco-3cmo" && \ + podman push "${CUSTOM_IMAGE_NAMESPACE}/ocp-release:${VERSION_BASE}_platexternal-kcmo-mco-3cmo" +``` + +- Check if the release image `${NEW_RELEASE_IMAGE}:latest` was created + +- Use it + +```bash +OPENSHIFT_INSTALL_RELEASE_IMAGE_OVERRIDE: "quay.io/mrbraga/ocp-release:4.13.0-rc.0-x86_64_platexternal-kcmo-mco-3cmo" \ + openshift-install create cluster --dir my-install-dir/ +``` \ No newline at end of file diff --git a/docs/guides/OCI/validate-cluster-with-opct.md b/docs/guides/OCI/validate-cluster-with-opct.md new file mode 100644 index 0000000..4466f9a --- /dev/null +++ b/docs/guides/OCI/validate-cluster-with-opct.md @@ -0,0 +1,51 @@ +## OPCT setup + +- Create the OPCT [dedicated] node + +> https://redhat-openshift-ecosystem.github.io/provider-certification-tool/user/#option-a-command-line + +```bash +# Create OPCT node +ansible-playbook mtulio.okd_installer.create_node \ + -e node_role=generic -e sufix=opct-01 -e cpu=4 -e mem=16 \ + -e subnet=private -e nsg=compute \ + -e @$VAR_FILE +``` + +- OPCT dedicated node setup + +```bash + +oc label node opct-01.priv.ocp.oraclevcn.com node-role.kubernetes.io/tests="" +oc adm taint node opct-01.priv.ocp.oraclevcn.com node-role.kubernetes.io/tests="":NoSchedule + +# Set the OPCT requirements (registry, labels, wait-for COs stable) +ansible-playbook ../opct/hack/opct-runner/opct-run-tool-preflight.yaml -e @$VAR_FILE -D + +``` + +- OPCT regular + +```bash +# Run OPCT +~/opct/bin/openshift-provider-cert-linux-amd64-v0.3.0 run -w + +# Get the results and explore it +~/opct/bin/openshift-provider-cert-linux-amd64-v0.3.0 retrieve +~/opct/bin/openshift-provider-cert-linux-amd64-v0.3.0 results *.tar.gz +~/opct/bin/openshift-provider-cert-linux-amd64-v0.3.0 report *.tar.gz +``` + +- OPCT upgrade mode + +```bash +# from a cluster 4.12.1, run upgrade conformance to 4.13 +~/opct/bin/openshift-provider-cert-linux-amd64-v0.3.0 run -w \ + --mode=upgrade \ + --upgrade-to-image=$(oc adm release info 4.13.0-ec.2 -o jsonpath={.image}) + +# Get the results and explore it +~/opct/bin/openshift-provider-cert-linux-amd64-v0.3.0 retrieve +~/opct/bin/openshift-provider-cert-linux-amd64-v0.3.0 results *.tar.gz +~/opct/bin/openshift-provider-cert-linux-amd64-v0.3.0 report *.tar.gz +``` diff --git a/examples/create-cluster.yaml b/examples/create-cluster.yaml new file mode 100644 index 0000000..12d5b62 --- /dev/null +++ b/examples/create-cluster.yaml @@ -0,0 +1,14 @@ +--- +# Usage examples +# +# OCI Platform None/Agnostic: +# $ ansible-playbook examples/create-cluster.yaml -e cluster_name +# -e @./examples/vars/common.yaml -e @./examples/vars/oci/common.yaml +# -e @./examples/vars/oci/ha-platform-none.yaml +# + +- name: install clients + ansible.builtin.import_playbook: mtulio.okd_installer.install_clients.yaml + +- name: create cluster + ansible.builtin.import_playbook: mtulio.okd_installer.create_all.yaml \ No newline at end of file diff --git a/examples/vars/common.yaml b/examples/vars/common.yaml new file mode 100644 index 0000000..333ef5a --- /dev/null +++ b/examples/vars/common.yaml @@ -0,0 +1,8 @@ +--- +config_base_domain: "{{ ansible_env['OKD_CONFIG_BASE_DOMAIN'] }}" +config_ssh_key: "{{ lookup('file', ansible_env['HOME'] + '/.ssh/id_rsa.pub') }}" +config_pull_secret_file: "{{ ansible_env['HOME'] }}/.openshift/pull-secret-latest.json" + +version: 4.12.8 + +destroy_bootstrap: no \ No newline at end of file diff --git a/examples/vars/oci/common.yaml b/examples/vars/oci/common.yaml new file mode 100644 index 0000000..eb951b4 --- /dev/null +++ b/examples/vars/oci/common.yaml @@ -0,0 +1,21 @@ +--- + +provider: oci +config_cluster_region: us-sanjose-1 + +oci_compartment_id: "{{ ansible_env['OCI_COMPARTMENT_ID'] }}" +oci_compartment_id_dns: "{{ ansible_env['OCI_COMPARTMENT_ID_DNS'] }}" +oci_compartment_id_image: "{{ ansible_env['OCI_COMPARTMENT_ID_IMAGE'] }}" + +os_mirror: yes +os_mirror_from: stream_artifacts +os_mirror_stream: + architecture: x86_64 + artifact: openstack + format: qcow2.gz + +os_mirror_to_provider: oci +os_mirror_to_oci: + compartment_id: "{{ oci_compartment_id_image }}" + bucket: "{{ oci_image_bucket | d(ansible_env['OS_MIRROR_IMAGE_BUCKET_NAME']) }}" + image_type: QCOW2 \ No newline at end of file diff --git a/examples/vars/oci/ha-platform-external-ccm-csi.yaml b/examples/vars/oci/ha-platform-external-ccm-csi.yaml new file mode 100644 index 0000000..ab48cc5 --- /dev/null +++ b/examples/vars/oci/ha-platform-external-ccm-csi.yaml @@ -0,0 +1,21 @@ +--- +cluster_profile: ha + +version: 4.13.0-rc.0 +config_installer_environment: + OPENSHIFT_INSTALL_RELEASE_IMAGE_OVERRIDE: "quay.io/mrbraga/ocp-release:4.13.0-rc.0-x86_64_platexternal-kcmo-mco-3cmo" + +config_patches: +- rm-capi-machines +- mc-kubelet-providerid +- deploy-oci-ccm +- deploy-oci-csi +- yaml_patch + +cfg_patch_yaml_patch_specs: + ## patch infra object to create External provider + - manifest: /manifests/cluster-infrastructure-02-config.yml + patch: '{"spec":{"platformSpec":{"type":"External","external":{"platformName":"oci"}}},"status":{"platform":"External","platformStatus":{"type":"External","external":{}}}}' + +cfg_patch_kubelet_providerid_script: | + PROVIDERID=\$(curl -H "Authorization: Bearer Oracle" -sL http://169.254.169.254/opc/v2/instance/ | jq -r .id); \ No newline at end of file diff --git a/examples/vars/oci/ha-platform-external-ccm.yaml b/examples/vars/oci/ha-platform-external-ccm.yaml new file mode 100644 index 0000000..fa1d3f6 --- /dev/null +++ b/examples/vars/oci/ha-platform-external-ccm.yaml @@ -0,0 +1,20 @@ +--- +cluster_profile: ha + +version: 4.13.0-rc.0 +config_installer_environment: + OPENSHIFT_INSTALL_RELEASE_IMAGE_OVERRIDE: "quay.io/mrbraga/ocp-release:4.13.0-rc.0-x86_64_platexternal-kcmo-mco-3cmo" + +config_patches: +- rm-capi-machines +- mc-kubelet-providerid +- deploy-oci-ccm +- yaml_patch + +cfg_patch_yaml_patch_specs: + ## patch infra object to create External provider + - manifest: /manifests/cluster-infrastructure-02-config.yml + patch: '{"spec":{"platformSpec":{"type":"External","external":{"platformName":"oci"}}},"status":{"platform":"External","platformStatus":{"type":"External","external":{}}}}' + +cfg_patch_kubelet_providerid_script: | + PROVIDERID=\$(curl -H "Authorization: Bearer Oracle" -sL http://169.254.169.254/opc/v2/instance/ | jq -r .id); \ No newline at end of file diff --git a/examples/vars/oci/ha-platform-external.yaml b/examples/vars/oci/ha-platform-external.yaml new file mode 100644 index 0000000..bba75b0 --- /dev/null +++ b/examples/vars/oci/ha-platform-external.yaml @@ -0,0 +1,19 @@ +--- +cluster_profile: ha + +version: 4.13.0-rc.0 +config_installer_environment: + OPENSHIFT_INSTALL_RELEASE_IMAGE_OVERRIDE: "quay.io/mrbraga/ocp-release:4.13.0-rc.0-x86_64_platexternal-kcmo-mco-3cmo" + +config_patches: +- rm-capi-machines +- mc-kubelet-providerid +- yaml_patch + +cfg_patch_yaml_patch_specs: + ## patch infra object to create External provider + - manifest: /manifests/cluster-infrastructure-02-config.yml + patch: '{"spec":{"platformSpec":{"type":"External","external":{"platformName":"oci"}}},"status":{"platform":"External","platformStatus":{"type":"External","external":{}}}}' + +cfg_patch_kubelet_providerid_script: | + PROVIDERID=\$(curl -H "Authorization: Bearer Oracle" -sL http://169.254.169.254/opc/v2/instance/ | jq -r .id); \ No newline at end of file diff --git a/examples/vars/oci/ha-platform-none-csi.yaml b/examples/vars/oci/ha-platform-none-csi.yaml new file mode 100644 index 0000000..a21f7d6 --- /dev/null +++ b/examples/vars/oci/ha-platform-none-csi.yaml @@ -0,0 +1,6 @@ +--- +cluster_profile: ha + +config_patches: +- rm-capi-machines +- deploy-oci-csi \ No newline at end of file diff --git a/examples/vars/oci/ha-platform-none.yaml b/examples/vars/oci/ha-platform-none.yaml new file mode 100644 index 0000000..f45d765 --- /dev/null +++ b/examples/vars/oci/ha-platform-none.yaml @@ -0,0 +1,5 @@ +--- +cluster_profile: ha + +config_patches: +- rm-capi-machines \ No newline at end of file diff --git a/mkdocs.yaml b/mkdocs.yaml index 8de383c..85df4e9 100644 --- a/mkdocs.yaml +++ b/mkdocs.yaml @@ -111,10 +111,12 @@ nav: - Installing SNO with Ephemeral storage: guides/AWS/aws-sno.md - Installing HA Topology UPI BYO Network: guides/AWS/aws-upi-byo-network.md # - Digital Ocean: TODO.md - # - Oracle Cloud: - # - Installing HA Topology with UPI and Platform Agnostic: TODO.md - # - Installing HA Topology with UPI and Platform External: TODO.md - # - Installing HA Topology with UPI and Platform External and CSI Driver: TODO.md + - Oracle Cloud: + # - Installing HA Topology with UPI and Platform Agnostic: TODO.md + - guides/OCI/oci-prerequisites.md + - guides/OCI/oci-installing-steps.md + - Installing HA Topology with UPI and Platform External: guides/OCI/oci-install-ccm.md + # - Installing HA Topology with UPI and Platform External and CSI Driver: TODO.md #- Examples: TODO.md - Development: - development/index.md diff --git a/playbooks/create_all.yaml b/playbooks/create_all.yaml index a7f6031..f2d8e1f 100644 --- a/playbooks/create_all.yaml +++ b/playbooks/create_all.yaml @@ -9,6 +9,9 @@ ansible.builtin.set_fact: okdi_call_timer_start: "{{ ansible_date_time.date }} {{ ansible_date_time.time }}" +- name: OKD Installer | Create all | Clients install + ansible.builtin.import_playbook: install_clients.yaml + - name: OKD Installer | Create all | Config | create config ansible.builtin.import_playbook: config.yaml vars: diff --git a/playbooks/vars/oci/profiles/default b/playbooks/vars/oci/profiles/default new file mode 120000 index 0000000..cca3261 --- /dev/null +++ b/playbooks/vars/oci/profiles/default @@ -0,0 +1 @@ +ha \ No newline at end of file diff --git a/playbooks/vars/oci/profiles/ha/destroy_resources.yaml b/playbooks/vars/oci/profiles/ha/destroy_resources.yaml new file mode 100644 index 0000000..50d26f8 --- /dev/null +++ b/playbooks/vars/oci/profiles/ha/destroy_resources.yaml @@ -0,0 +1,26 @@ +--- +# placeholder +okd_cluster_destroy_instances_compartment_id: "{{ oci_compartment_id }}" +okd_cluster_destroy_instances: + - name: "{{ cluster_state.infra_id }}-bootstrap" + - name: "{{ cluster_state.infra_id }}-master-01" + - name: "{{ cluster_state.infra_id }}-master-02" + - name: "{{ cluster_state.infra_id }}-master-03" + - name: "{{ cluster_state.infra_id }}-worker-01" + - name: "{{ cluster_state.infra_id }}-worker-02" + - name: "{{ cluster_state.infra_id }}-worker-03" + - name: "{{ cluster_state.infra_id }}-opct-01" + wait: yes + wait_timeout: 120 + +okd_cluster_destroy_dns_compartment_id: "{{ oci_compartment_id_dns | d(oci_compartment_id) }}" +okd_cluster_destroy_dns_records: + zone_name_or_id: "{{ cluster_state.dns.base_domain }}" + patch_items_spec: + - operation: REMOVE + domain: "api.{{ cluster_state.dns.cluster_domain }}" + - operation: REMOVE + domain: "api-int.{{ cluster_state.dns.cluster_domain }}" + - operation: REMOVE + domain: "*.apps.{{ cluster_state.dns.cluster_domain }}" + diff --git a/playbooks/vars/oci/profiles/ha/dns.yaml b/playbooks/vars/oci/profiles/ha/dns.yaml new file mode 100644 index 0000000..0a9c737 --- /dev/null +++ b/playbooks/vars/oci/profiles/ha/dns.yaml @@ -0,0 +1,24 @@ +--- + +# https://docs.oracle.com/en-us/iaas/tools/oci-ansible-collection/4.12.0/collections/oracle/oci/oci_dns_zone_module.html#ansible-collections-oracle-oci-oci-dns-zone-module + +cloud_dns_zones: + # public + - name: "{{ cluster_state.dns.base_domain }}" + provider: oci + spec: + # scope: GLOBAL + # zone_type: PRIMARY + compartment_id: "{{ oci_compartment_id_dns | d(oci_compartment_id) }}" + + # OCI is using subnet's zone. + # TODO: Need to check if will not conflict with custom private zone. + # Currently the cluster is resolving the DNS using the public zone. + # private + # - name: "{{ cluster_state.dns.cluster_domain }}" + # provider: oci + # view_name: "{{ cluster_state.infra_id }}-vcn" + # spec: + # scope: PRIVATE + # zone_type: PRIMARY + # compartment_id: "{{ oci_compartment_id_dns | d(oci_compartment_id) }}" diff --git a/playbooks/vars/oci/profiles/ha/iam.yaml b/playbooks/vars/oci/profiles/ha/iam.yaml new file mode 100644 index 0000000..02eb760 --- /dev/null +++ b/playbooks/vars/oci/profiles/ha/iam.yaml @@ -0,0 +1,2 @@ +--- +# placeholder diff --git a/playbooks/vars/oci/profiles/ha/loadbalancer-router-default.yaml b/playbooks/vars/oci/profiles/ha/loadbalancer-router-default.yaml new file mode 100644 index 0000000..02eb760 --- /dev/null +++ b/playbooks/vars/oci/profiles/ha/loadbalancer-router-default.yaml @@ -0,0 +1,2 @@ +--- +# placeholder diff --git a/playbooks/vars/oci/profiles/ha/loadbalancer.yaml b/playbooks/vars/oci/profiles/ha/loadbalancer.yaml new file mode 100644 index 0000000..69aface --- /dev/null +++ b/playbooks/vars/oci/profiles/ha/loadbalancer.yaml @@ -0,0 +1,187 @@ +--- + +cloud_load_balancer_provider: oci + +# BackendSet +# https://docs.oracle.com/en-us/iaas/tools/oci-ansible-collection/4.12.0/collections/oracle/oci/oci_network_load_balancer_backend_set_module.html#ansible-collections-oracle-oci-oci-network-load-balancer-backend-set-module +# cloud_loadbalancer_targets: +# - name: "{{ cluster_state.infra_id }}-aext" +# provider: oci +# spec: +# name: "{{ cluster_state.infra_id }}-aext" +# compartment_id: "{{ oci_compartment_id }}" +# is_preserve_source: no +# ip_version: IPV4 +# #policy: TWO_TUPLE +# #backends: [] +# health_checker: +# port: 6443 +# protocol: HTTPS +# return_code: 200 +# url_path: /readyz +# interval_in_millis: 10000 +# timeout_in_millis: 3000 + + +# OCI NLB: https://docs.oracle.com/en-us/iaas/tools/oci-ansible-collection/4.12.0/collections/oracle/oci/oci_network_load_balancer_module.html#ansible-collections-oracle-oci-oci-network-load-balancer-module +cloud_loadbalancers: + - name: "{{ cluster_state.infra_id }}-nlb" + provider: oci + type: network + + # Is it supported multi-subnets? + subnet_name: "{{ cluster_state.infra_id }}-net-public" + nsg_name: "{{ cluster_state.infra_id }}-nsg-nlb" + spec: + compartment_id: "{{ oci_compartment_id }}" + display_name: "{{ cluster_state.infra_id }}-nlb" + is_private: false + is_preserve_source_destination: false + nlb_ip_version: IPV4 + #freeform_tags: "{{ cluster_state.tags }}" + +# BackendSet +# https://docs.oracle.com/en-us/iaas/tools/oci-ansible-collection/4.12.0/collections/oracle/oci/oci_network_load_balancer_backend_set_module.html#ansible-collections-oracle-oci-oci-network-load-balancer-backend-set-module + backend_set: + - provider: oci + spec: + name: "{{ cluster_state.infra_id }}-api" + is_preserve_source: false + ip_version: IPV4 + policy: FIVE_TUPLE + #backends: [] + health_checker: + port: 6443 + protocol: HTTPS + return_code: 200 + url_path: /readyz + interval_in_millis: 10000 + timeout_in_millis: 3000 + + - provider: oci + spec: + name: "{{ cluster_state.infra_id }}-mcs" + is_preserve_source: false + ip_version: IPV4 + policy: FIVE_TUPLE + #backends: [] + health_checker: + port: 22623 + protocol: HTTPS + return_code: 200 + url_path: /healthz + interval_in_millis: 10000 + timeout_in_millis: 3000 + + - provider: oci + spec: + name: "{{ cluster_state.infra_id }}-ingress-http" + is_preserve_source: false + ip_version: IPV4 + policy: FIVE_TUPLE + #backends: [] # TCP/31794 + health_checker: + port: 80 + protocol: TCP + # return_code: 200 + # url_path: /healthz + interval_in_millis: 10000 + timeout_in_millis: 3000 + + - provider: oci + spec: + name: "{{ cluster_state.infra_id }}-ingress-https" + is_preserve_source: false + ip_version: IPV4 + #policy: TWO_TUPLE + #backends: [] # TCP/32186 + health_checker: + port: 443 + protocol: TCP + # return_code: 200 + # url_path: /healthz + interval_in_millis: 10000 + timeout_in_millis: 3000 + + # https://docs.oracle.com/en-us/iaas/tools/oci-ansible-collection/4.12.0/collections/oracle/oci/oci_network_load_balancer_listener_module.html#ansible-collections-oracle-oci-oci-network-load-balancer-listener-module + listeners: + - spec: + name: "{{ cluster_state.infra_id }}-api" + default_backend_set_name: "{{ cluster_state.infra_id }}-api" + ip_version: IPV4 + port: 6443 + protocol: TCP + + - spec: + name: "{{ cluster_state.infra_id }}-mcs" + default_backend_set_name: "{{ cluster_state.infra_id }}-mcs" + ip_version: IPV4 + port: 22623 + protocol: TCP + + - spec: + name: "{{ cluster_state.infra_id }}-ingress-http" + default_backend_set_name: "{{ cluster_state.infra_id }}-ingress-http" + ip_version: IPV4 + port: 80 + protocol: TCP + + - spec: + name: "{{ cluster_state.infra_id }}-ingress-https" + default_backend_set_name: "{{ cluster_state.infra_id }}-ingress-https" + ip_version: IPV4 + port: 443 + protocol: TCP + + callbacks: + - name: register_dns + rr_ip: public + spec: + zone_name_or_id: "{{ cluster_state.dns.base_domain }}" + compartment_id: "{{ oci_compartment_id_dns | d(oci_compartment_id) }}" + scope: GLOBAL + patch_items: + - domain: "api.{{ cluster_state.dns.cluster_domain }}" + rtype: A + ttl: 300 + - domain: "*.apps.{{ cluster_state.dns.cluster_domain }}" + rtype: A + ttl: 300 + - name: register_dns + rr_ip: private + spec: + zone_name_or_id: "{{ cluster_state.dns.base_domain }}" + compartment_id: "{{ oci_compartment_id_dns | d(oci_compartment_id) }}" + scope: GLOBAL + patch_items: + - domain: "api-int.{{ cluster_state.dns.cluster_domain }}" + rtype: A + ttl: 300 + + # # private address + # - name: register_dns + # rr_ip: private + # view_name: "{{ cluster_state.infra_id }}-vcn" + # spec: + # zone_name_or_id: "{{ cluster_state.dns.cluster_domain }}" + # compartment_id: "{{ oci_compartment_id }}" + # scope: PRIVATE + # patch_items: + # - domain: "api-int.{{ cluster_state.dns.cluster_domain }}" + # rtype: A + # ttl: 300 + + # - name: register_dns + # rr_ip: public + # view_name: "{{ cluster_state.infra_id }}-vcn" + # spec: + # zone_name_or_id: "{{ cluster_state.dns.cluster_domain }}" + # compartment_id: "{{ oci_compartment_id }}" + # scope: PRIVATE + # patch_items: + # - domain: "api.{{ cluster_state.dns.cluster_domain }}" + # rtype: A + # ttl: 300 + # - domain: "*.apps.{{ cluster_state.dns.cluster_domain }}" + # rtype: A + # ttl: 300 diff --git a/playbooks/vars/oci/profiles/ha/network.yaml b/playbooks/vars/oci/profiles/ha/network.yaml new file mode 100644 index 0000000..54869c6 --- /dev/null +++ b/playbooks/vars/oci/profiles/ha/network.yaml @@ -0,0 +1,332 @@ +################################ +# AWS Networks +# AWS us-east-1: 10.0.0.0/16 (to 10.0.255.255/16) +# AWS : 10.23.0.0/16 (to 10.23.255.255/19) + +######################### + +# TODO: fix those rules to more restrictive. This is used to dev env. +# security_groups: [] + +cloud_networks: + ## OCI US San Jose 1 (HA topology) + - name: "{{ cluster_state.infra_id }}-vcn" + block: "{{ okd_net_default_cidr }}" + provider: oci + region: "{{ config_cluster_region }}" + compartment_id: "{{ oci_compartment_id }}" + + security_groups: "{{ security_groups | d([]) }}" + tags: "{{ cluster_state.tags | d({}) }}" + + spec_vcn: + dns_label: ocp + + internet_gateway: + spec: + is_enabled: yes + display_name: "{{ cluster_state.infra_id }}-igw" + + nat_gateway: + spec: + display_name: "{{ cluster_state.infra_id }}-natgw" + # route_table_name: "{{ cluster_state.infra_id }}-rt-private" + + # tags: "{{ cluster_state.tags | d({}) }}" + # wait: false + # - name: "{{ cluster_state.infra_id }}-natgw-1b" + # subnet: "{{ cluster_state.infra_id }}-net-public-1b" + # tags: "{{ cluster_state.tags | d({}) }}" + # wait: false + # - name: "{{ cluster_state.infra_id }}-natgw-1c" + # subnet: "{{ cluster_state.infra_id }}-net-public-1c" + # tags: "{{ cluster_state.tags | d({}) }}" + # wait: true + + #> TODO use generic list + route_table_public: + spec: + display_name: "{{ cluster_state.infra_id }}-rt-public" + route_rules: + - spec: + destination: "0.0.0.0/0" + destination_type: "CIDR_BLOCK" + network_entity_type: internet-gateway + network_entity_name: "{{ cluster_state.infra_id }}-igw" + + route_table_private: + spec: + display_name: "{{ cluster_state.infra_id }}-rt-private" + route_rules: + - spec: + destination: "0.0.0.0/0" + destination_type: "CIDR_BLOCK" + network_entity_type: nat-gateway + network_entity_name: "{{ cluster_state.infra_id }}-natgw" + + # # Generic list + # route_tables: + # - public: yes + # spec: + # display_name: "{{ cluster_state.infra_id }}-rt-public" + # route_rules: + # - spec: + # destination: "0.0.0.0/0" + # destination_type: "CIDR_BLOCK" + # network_entity_type: internet-gateway + # network_entity_name: "{{ cluster_state.infra_id }}-igw" + + # - public: no + # spec: + # display_name: "{{ cluster_state.infra_id }}-rt-private" + # route_rules: + # - spec: + # destination: "0.0.0.0/0" + # destination_type: "CIDR_BLOCK" + # network_entity_type: nat-gateway + # network_entity_name: "{{ cluster_state.infra_id }}-natgw" + + # create permissive security Lists to force to use NSGs + # https://docs.oracle.com/en-us/iaas/tools/oci-ansible-collection/4.12.0/collections/oracle/oci/oci_network_security_list_module.html#ansible-collections-oracle-oci-oci-network-security-list-module + security_lists: + - spec: + display_name: "{{ cluster_state.infra_id }}-seclist-public" + ingress_security_rules: [] + # - protocol: all + # source: 0.0.0.0/0 + # is_stateless: false + # source_type: CIDR_BLOCK + # description: Allow all inbound + egress_security_rules: + - destination: 0.0.0.0/0 + protocol: all + destination_type: CIDR_BLOCK + is_stateless: false + description: Allow All Outbound + + - spec: + display_name: "{{ cluster_state.infra_id }}-seclist-private" + # TODO restrict only for I/O of listeners/backendSet + ingress_security_rules: [] + # - protocol: all + # source: 0.0.0.0/0 + # is_stateless: false + # source_type: CIDR_BLOCK + # description: Allow all inbound + egress_security_rules: + - destination: 0.0.0.0/0 + protocol: all + destination_type: CIDR_BLOCK + is_stateless: false + description: Allow All Outbound + # - destination: "10.0.0.0/16" + # protocol: 6 + # tcp_options: + # destination_port_range: + # min: 6443 + # max: 6443 + # destination_type: CIDR_BLOCK + # is_stateless: false + # description: Allow API Outbound + # - destination: "10.0.0.0/16" + # protocol: 6 + # tcp_options: + # destination_port_range: + # min: 22623 + # max: 22623 + # destination_type: CIDR_BLOCK + # is_stateless: false + # description: Allow MCS Outbound + + subnets: + # Best practice create dedicated LB Subnet/Rtb? + # https://docs.oracle.com/en-us/iaas/Content/GSG/Tasks/loadbalancing.htm#Update + # Your load balancer must reside in different subnets from your application instances. This configuration allows you to keep your application instances secured in subnets with stricter access rules, while allowing public internet traffic to the load balancer in the public subnets. + + # - public: no + # spec: + # display_name: "{{ cluster_state.infra_id }}-net-private" + # cidr_block: "10.0.0.0/22" + # prohibit_public_ip_on_vnic: true + + - spec: + display_name: "{{ cluster_state.infra_id }}-net-public" + cidr_block: "10.0.0.0/20" + dns_label: pub + prohibit_internet_ingress: false + public: true + route_table_name: "{{ cluster_state.infra_id }}-rt-public" + security_list_names: + - "{{ cluster_state.infra_id }}-seclist-public" + + - spec: + display_name: "{{ cluster_state.infra_id }}-net-private" + cidr_block: "10.0.16.0/20" + dns_label: priv + prohibit_internet_ingress: true + public: false + route_table_name: "{{ cluster_state.infra_id }}-rt-private" + security_list_names: + - "{{ cluster_state.infra_id }}-seclist-private" + + + # - public: no + # security_list_names: + # - "{{ cluster_state.infra_id }}-seclist-default" + # spec: + # cidr_block: "10.0.32.0/22" + # display_name: "{{ cluster_state.infra_id }}-net-private-nodes" + # prohibit_internet_ingress: true + # prohibit_public_ip_on_vnic: true + # dns_label: nodes + + # - public: yes + # route_table_name: "{{ cluster_state.infra_id }}-rt-public-lb" + # security_list_names: + # - "{{ cluster_state.infra_id }}-seclist-lb" + # spec: + # cidr_block: "10.0.0.0/24" + # display_name: "{{ cluster_state.infra_id }}-net-public-lb" + + + # https://docs.oracle.com/en-us/iaas/tools/oci-ansible-collection/4.12.0/collections/oracle/oci/oci_network_security_list_module.html#ansible-collections-oracle-oci-oci-network-security-list-module + network_security_groups: + - spec: + display_name: "{{ cluster_state.infra_id }}-nsg-controlplane" + rules: + spec: + security_rules: + # INGRESS + - description: allow all inbound subnet + source: "10.0.0.0/16" + source_type: "CIDR_BLOCK" + direction: INGRESS + is_stateless: false + protocol: all + + - description: allow ssh + source: "0.0.0.0/0" + source_type: "CIDR_BLOCK" + direction: INGRESS + is_stateless: false + protocol: 6 + tcp_options: + destination_port_range: + min: 22 + max: 22 + + - description: allow API + source: "0.0.0.0/0" + source_type: "CIDR_BLOCK" + direction: INGRESS + is_stateless: false + protocol: 6 + tcp_options: + destination_port_range: + min: 6443 + max: 6443 + + # EGRESS + - description: allow all outbound subnet + destination: "0.0.0.0/0" + destination_type: "CIDR_BLOCK" + direction: EGRESS + is_stateless: false + protocol: all + + - spec: + display_name: "{{ cluster_state.infra_id }}-nsg-compute" + rules: + spec: + security_rules: + # INGRESS + - description: allow all inbound subnet + source: "10.0.0.0/16" + source_type: "CIDR_BLOCK" + direction: INGRESS + is_stateless: false + protocol: all + + - description: allow ssh + source: "0.0.0.0/0" + source_type: "CIDR_BLOCK" + direction: INGRESS + is_stateless: false + protocol: 6 + tcp_options: + destination_port_range: + min: 22 + max: 22 + + # EGRESS + - description: allow all outbound subnet + destination: "0.0.0.0/0" + destination_type: "CIDR_BLOCK" + direction: EGRESS + is_stateless: false + protocol: all + + - spec: + display_name: "{{ cluster_state.infra_id }}-nsg-nlb" + rules: + spec: + security_rules: + # INGRESS + - description: allow all inbound subnet + source: "10.0.0.0/16" + source_type: "CIDR_BLOCK" + direction: INGRESS + is_stateless: false + protocol: all + + - description: allow KAPI + source: "0.0.0.0/0" + source_type: "CIDR_BLOCK" + direction: INGRESS + is_stateless: false + protocol: 6 + tcp_options: + destination_port_range: + min: 6443 + max: 6443 + + - description: allow MCS + source: "0.0.0.0/0" + source_type: "CIDR_BLOCK" + direction: INGRESS + is_stateless: false + protocol: 6 + tcp_options: + destination_port_range: + min: 22623 + max: 22623 + + - description: allow IG-HTTP + source: "0.0.0.0/0" + source_type: "CIDR_BLOCK" + direction: INGRESS + is_stateless: false + protocol: 6 + tcp_options: + destination_port_range: + min: 80 + max: 80 + + - description: allow IG-HTTPS + source: "0.0.0.0/0" + source_type: "CIDR_BLOCK" + direction: INGRESS + is_stateless: false + protocol: 6 + tcp_options: + destination_port_range: + min: 443 + max: 443 + + # EGRESS + - description: allow all outbound subnet + destination: "0.0.0.0/0" + destination_type: "CIDR_BLOCK" + direction: EGRESS + is_stateless: false + protocol: all diff --git a/playbooks/vars/oci/profiles/ha/node-bootstrap.yaml b/playbooks/vars/oci/profiles/ha/node-bootstrap.yaml new file mode 100644 index 0000000..2841235 --- /dev/null +++ b/playbooks/vars/oci/profiles/ha/node-bootstrap.yaml @@ -0,0 +1,134 @@ +--- +_cluster_prefix: "{{ cluster_state.infra_id }}" + +# Vars used on Bootstrap +bootstrap_bucket: "{{ _cluster_prefix }}-infra" + +# Vars used on Machine/Compute Stack +_instance_type: "{{ bootstrap_instance | d('m6i.xlarge') }}" +_instance_profile: "{{ cluster_state.compute.iam_profile_bootstrap }}" +# _image_id: "{{ custom_image_id | d(cluster_state.compute.image_id) }}" +_image_id: "{{ custom_image_id }}" +_subnet_name: "{{ _cluster_prefix }}-net-public-1a" + +_machine_suffix: '' + +## User Data template +userdata_config_source: "{{ bootstrap_bucket_signed_url }}" + +## Common vars used in the Stack vars +# _common: +# prefix: "{{ _cluster_prefix }}-bootstrap" +# detailed_monitoring: yes +# ebs_optimized: no +# image_id: "{{ _image_id }}" +# instance_role: "{{ _instance_profile }}" +# instance_type: "{{ _instance_type }}" +# security_groups: +# - "{{ _cluster_prefix }}-bootstrap-sg" +# - "{{ _cluster_prefix }}-controlplane-sg" +# state: present +# tags: "{{ cluster_state.tags }}" +# termination_protection: no +# volumes: +# - device_name: /dev/xvda +# ebs: +# volume_size: 128 +# volume_type: gp3 +# delete_on_termination: true +# - device_name: /dev/xvdd +# ebs: +# volume_size: 32 +# volume_type: gp3 +# delete_on_termination: true + +# vpc_subnet_name: "{{ _subnet_name }}" +# wait: yes +# wait_timeout: 500 + +# Stack Compute (Ansible Role cloud_compute) options: +compute_resources: + # + # Node role: bootstrap + # Node: bootstrap + # + - provider: oci + type: machine + # name: "{{ cluster_state.infra_id }}-bootstrap{{ _machine_suffix }}" + + # RHCOS Custom Image + image_name: "{{ cluster_state.compute.image_id }}" + image_compartment_id: "{{ oci_compartment_id_image | d(oci_compartment_id) }}" + + # Network details + vnic_subnet_name: "{{ cluster_state.infra_id }}-net-public" + network_security_group_names: + - "{{ cluster_state.infra_id }}-nsg-controlplane" + # OCI spec + spec: + state: present + compartment_id: "{{ oci_compartment_id }}" + display_name: "{{ cluster_state.infra_id }}-bootstrap{{ _machine_suffix }}" + region: "{{ config_cluster_region }}" + #freeform_tags: {'Department': 'Finance'} + #defined_tags: {'Operations': {'CostCenter': 'US'}} + availability_domain: "gzqB:US-SANJOSE-1-AD-1" + # platform_config: + # type: AMD_VM + shape: "VM.Standard.E4.Flex" + shape_config: + ocpus: 4 + memory_in_gbs: 16 + #baseline_ocpu_utilization: BASELINE_1_8 + #nvmes: 1 + fault_domain: FAULT-DOMAIN-1 + # availability_domain: Uocm:PHX-AD-1 + agent_config: + are_all_plugins_disabled: true + + # Disk Configuration + preserve_boot_volume: false + source_details: + source_type: image + boot_volume_size_in_gbs: 120 + boot_volume_vpus_per_gb: 30 + + # that config will prevent actions like stop/start (not desired) + # preemptible_instance_config: + # preemption_action: + # preserve_boot_volume: false + # type: TERMINATE + + # Network + create_vnic_details: + display_name: "{{ cluster_state.infra_id }}-bootstrap-vnic0" + assign_public_ip: true + assign_private_dns_record: true + hostname_label: "bootstrap{{ _machine_suffix }}" + # defined_tags: {'Operations': {'CostCenter': 'US'}} + # freeform_tags: {'Department': 'Finance'} + # private_ip: private_ip_example + # skip_source_dest_check: true + # vlan_id: "ocid1.vlan.oc1..xxxxxxEXAMPLExxxxxx" + #subnet_id: "{{ machine_subnet_id }}" + #nsg_ids: "{{ machine_nsg_ids }}" + metadata: + user_data: "{{ lookup('template', 'ocp-bootstrap-user-data.j2') | to_nice_json | string | b64encode }}" + + # launch_options: + # firmware: BIOS + # boot_volume_type: PARAVIRTUALIZED + + callbacks: + - name: nlb + # nlb_name: ocp-nlb + nlb_name: "{{ cluster_state.infra_id }}-nlb" + backend_sets: + - name: "{{ cluster_state.infra_id }}-api" + port: 6443 + - name: "{{ cluster_state.infra_id }}-mcs" + port: 22623 + # - name: "6443" + # port: 6443 + # - name: "22623" + # port: 22623 diff --git a/playbooks/vars/oci/profiles/ha/node-compute.yaml b/playbooks/vars/oci/profiles/ha/node-compute.yaml new file mode 100644 index 0000000..5a4ddc1 --- /dev/null +++ b/playbooks/vars/oci/profiles/ha/node-compute.yaml @@ -0,0 +1,183 @@ +--- +# Vars used on Machine/Compute Stack +_userdata_path: "{{ config_install_dir }}/worker.ign" + +_shape_config_default: + ocpus: 4 + memory_in_gbs: 16 + #baseline_ocpu_utilization: BASELINE_1_8 + #nvmes: 1 + +# Uncomment if you want to run the nodes in the same FD +#node_compute_single_fault_domain: FAULT-DOMAIN-1 +_compute_fault_domains: # it will be used by index: worker-1 uses index 0... + - FAULT-DOMAIN-1 + - FAULT-DOMAIN-2 + - FAULT-DOMAIN-3 + +_shape: "{{ compute_shape | d('VM.Standard.E4.Flex') }}" +_shape_config: "{{ compute_shape_config | d(_shape_config_default) }}" + +_callbacks: + - name: nlb + nlb_name: "{{ cluster_state.infra_id }}-nlb" + backend_sets: + - name: "{{ cluster_state.infra_id }}-ingress-http" + port: 80 + - name: "{{ cluster_state.infra_id }}-ingress-https" + port: 443 + +# Stack Compute (Ansible Role cloud_compute) options: +compute_resources: + # + # Node role: compute + # Node: worker-01 + # + - provider: oci + type: machine + + # RHCOS Custom Image + image_name: "{{ cluster_state.compute.image_id }}" + image_compartment_id: "{{ oci_compartment_id_image | d(oci_compartment_id) }}" + + # Network details + vnic_subnet_name: "{{ cluster_state.infra_id }}-net-private" + network_security_group_names: + - "{{ cluster_state.infra_id }}-nsg-compute" + + # OCI spec + spec: + state: present + wait: yes + compartment_id: "{{ oci_compartment_id }}" + display_name: "{{ cluster_state.infra_id }}-worker-01" + region: "{{ config_cluster_region }}" + #freeform_tags: {'Department': 'Finance'} + #defined_tags: {'Operations': {'CostCenter': 'US'}} + availability_domain: "gzqB:US-SANJOSE-1-AD-1" + fault_domain: "{{ _compute_fault_domains[0] | d('FAULT-DOMAIN-1') }}" + + # platform_config: + # type: AMD_VM + shape: "{{ _shape }}" + shape_config: "{{ _shape_config }}" + + agent_config: + are_all_plugins_disabled: true + + source_details: + source_type: image + boot_volume_size_in_gbs: 120 + boot_volume_vpus_per_gb: 20 + + create_vnic_details: + display_name: "{{ cluster_state.infra_id }}-worker-01-vnic0" + assign_public_ip: false + assign_private_dns_record: true + hostname_label: "worker-01" + metadata: + user_data: "{{ lookup('file', _userdata_path) | b64encode }}" + + callbacks: "{{ _callbacks }}" + + # + # Node role: compute + # Node: worker-02 + # + - provider: oci + type: machine + + # RHCOS Custom Image + image_name: "{{ cluster_state.compute.image_id }}" + image_compartment_id: "{{ oci_compartment_id_image | d(oci_compartment_id) }}" + + # Network details + vnic_subnet_name: "{{ cluster_state.infra_id }}-net-private" + network_security_group_names: + - "{{ cluster_state.infra_id }}-nsg-compute" + + # OCI spec + spec: + state: present + wait: yes + compartment_id: "{{ oci_compartment_id }}" + display_name: "{{ cluster_state.infra_id }}-worker-02" + region: "{{ config_cluster_region }}" + #freeform_tags: {'Department': 'Finance'} + #defined_tags: {'Operations': {'CostCenter': 'US'}} + availability_domain: "gzqB:US-SANJOSE-1-AD-1" + fault_domain: "{{ _compute_fault_domains[1] | d('FAULT-DOMAIN-2') }}" + + # platform_config: + # type: AMD_VM + shape: "{{ _shape }}" + shape_config: "{{ _shape_config }}" + + agent_config: + are_all_plugins_disabled: true + + source_details: + source_type: image + boot_volume_size_in_gbs: 120 + boot_volume_vpus_per_gb: 20 + + create_vnic_details: + display_name: "{{ cluster_state.infra_id }}-worker-02-vnic0" + assign_public_ip: false + assign_private_dns_record: true + hostname_label: "worker-02" + metadata: + user_data: "{{ lookup('file', _userdata_path) | b64encode }}" + + callbacks: "{{ _callbacks }}" + + # + # Node role: compute + # Node: worker-03 + # + - provider: oci + type: machine + + # RHCOS Custom Image + image_name: "{{ cluster_state.compute.image_id }}" + image_compartment_id: "{{ oci_compartment_id_image | d(oci_compartment_id) }}" + + # Network details + vnic_subnet_name: "{{ cluster_state.infra_id }}-net-private" + network_security_group_names: + - "{{ cluster_state.infra_id }}-nsg-compute" + + # OCI spec + spec: + state: present + wait: no + compartment_id: "{{ oci_compartment_id }}" + display_name: "{{ cluster_state.infra_id }}-worker-03" + region: "{{ config_cluster_region }}" + #freeform_tags: {'Department': 'Finance'} + #defined_tags: {'Operations': {'CostCenter': 'US'}} + availability_domain: "gzqB:US-SANJOSE-1-AD-1" + fault_domain: "{{ _compute_fault_domains[2] | d('FAULT-DOMAIN-3') }}" + + # platform_config: + # type: AMD_VM + shape: "{{ _shape }}" + shape_config: "{{ _shape_config }}" + + agent_config: + are_all_plugins_disabled: true + + source_details: + source_type: image + boot_volume_size_in_gbs: 120 + boot_volume_vpus_per_gb: 20 + + create_vnic_details: + display_name: "{{ cluster_state.infra_id }}-worker-03-vnic0" + assign_public_ip: false + assign_private_dns_record: true + hostname_label: "worker-03" + metadata: + user_data: "{{ lookup('file', _userdata_path) | b64encode }}" + + callbacks: "{{ _callbacks }}" \ No newline at end of file diff --git a/playbooks/vars/oci/profiles/ha/node-controlplane.yaml b/playbooks/vars/oci/profiles/ha/node-controlplane.yaml new file mode 100644 index 0000000..c9668bd --- /dev/null +++ b/playbooks/vars/oci/profiles/ha/node-controlplane.yaml @@ -0,0 +1,179 @@ +--- +# Local/reused Control Plane vars are prefixed with _cp + +# Defaults used in thie file +node_controlplane_userdata_path: "{{ config_install_dir }}/master.ign" + +_platform_config: + type: AMD_VM +_shape: "VM.Standard.E4.Flex" +_shape_config: + ocpus: 4 + memory_in_gbs: 16 + #baseline_ocpu_utilization: BASELINE_1_8 + #nvmes: 1 + +# Uncomment if you want to run the nodes in the same FD +#node_controlplane_single_fault_domain: "FAULT-DOMAIN-1" +_controlplane_fault_domains: # it will be used by index: worker-1 uses index 0... + - FAULT-DOMAIN-1 + - FAULT-DOMAIN-2 + - FAULT-DOMAIN-3 + +_agent_config: + are_all_plugins_disabled: true + +_source_details: + source_type: image + boot_volume_size_in_gbs: 120 + # VPU/GB + # https://docs.oracle.com/en-us/iaas/Content/Block/Concepts/blockvolumeperformance.htm + boot_volume_vpus_per_gb: 90 + +# Callbacks used to register the instances +_callbacks: + - name: nlb + nlb_name: "{{ cluster_state.infra_id }}-nlb" + backend_sets: + - name: "{{ cluster_state.infra_id }}-api" + port: 6443 + - name: "{{ cluster_state.infra_id }}-mcs" + port: 22623 + +# Stack Compute (Ansible Role cloud_compute) options: +compute_resources: + # + # Node role: controlplane + # Node: master-01 + # + - provider: oci + type: machine + + # RHCOS Custom Image + image_name: "{{ cluster_state.compute.image_id }}" + image_compartment_id: "{{ oci_compartment_id_image | d(oci_compartment_id) }}" + + # Network details + vnic_subnet_name: "{{ cluster_state.infra_id }}-net-private" + network_security_group_names: + - "{{ cluster_state.infra_id }}-nsg-controlplane" + + # OCI spec + spec: + state: present + wait: no + compartment_id: "{{ oci_compartment_id }}" + display_name: "{{ cluster_state.infra_id }}-master-01" + region: "{{ config_cluster_region }}" + #freeform_tags: {'Department': 'Finance'} + #defined_tags: {'Operations': {'CostCenter': 'US'}} + availability_domain: "gzqB:US-SANJOSE-1-AD-1" + fault_domain: "{{ _controlplane_fault_domains[0] | d('FAULT-DOMAIN-1') }}" + + # platform_config: "{{ _platform_config }}" + shape: "{{ _shape }}" + shape_config: "{{ _shape_config }}" + agent_config: "{{ _agent_config }}" + source_details: "{{ _source_details }}" + + create_vnic_details: + display_name: "{{ cluster_state.infra_id }}-master-01-vnic0" + assign_public_ip: false + assign_private_dns_record: true + hostname_label: "master-01" + metadata: + user_data: "{{ lookup('file', node_controlplane_userdata_path) | b64encode }}" + + # Register the instance using callbacks + callbacks: "{{ _callbacks }}" + + + # + # Node role: controlplane + # Node: master-02 + # + - provider: oci + type: machine + + # RHCOS Custom Image + image_name: "{{ cluster_state.compute.image_id }}" + image_compartment_id: "{{ oci_compartment_id_image | d(oci_compartment_id) }}" + + # Network details + vnic_subnet_name: "{{ cluster_state.infra_id }}-net-private" + network_security_group_names: + - "{{ cluster_state.infra_id }}-nsg-controlplane" + + # OCI spec + spec: + state: present + wait: no + compartment_id: "{{ oci_compartment_id }}" + display_name: "{{ cluster_state.infra_id }}-master-02" + region: "{{ config_cluster_region }}" + #freeform_tags: {'Department': 'Finance'} + #defined_tags: {'Operations': {'CostCenter': 'US'}} + availability_domain: "gzqB:US-SANJOSE-1-AD-1" + fault_domain: "{{ _controlplane_fault_domains[1] | d('FAULT-DOMAIN-2') }}" + + # platform_config: "{{ _platform_config }}" + shape: "{{ _shape }}" + shape_config: "{{ _shape_config }}" + agent_config: "{{ _agent_config }}" + source_details: "{{ _source_details }}" + + create_vnic_details: + display_name: "{{ cluster_state.infra_id }}-master-02-vnic0" + assign_public_ip: false + assign_private_dns_record: true + hostname_label: "master-02" + metadata: + user_data: "{{ lookup('file', node_controlplane_userdata_path) | b64encode }}" + + # Register the instance using callbacks + callbacks: "{{ _callbacks }}" + + # + # Node role: controlplane + # Node: master-03 + # + - provider: oci + type: machine + + # RHCOS Custom Image + image_name: "{{ cluster_state.compute.image_id }}" + image_compartment_id: "{{ oci_compartment_id_image | d(oci_compartment_id) }}" + + # Network details + vnic_subnet_name: "{{ cluster_state.infra_id }}-net-private" + network_security_group_names: + - "{{ cluster_state.infra_id }}-nsg-controlplane" + + # OCI spec + spec: + state: present + wait: yes + compartment_id: "{{ oci_compartment_id }}" + display_name: "{{ cluster_state.infra_id }}-master-03" + region: "{{ config_cluster_region }}" + #freeform_tags: {'Department': 'Finance'} + #defined_tags: {'Operations': {'CostCenter': 'US'}} + availability_domain: "gzqB:US-SANJOSE-1-AD-1" + fault_domain: "{{ _controlplane_fault_domains[2] | d('FAULT-DOMAIN-3') }}" + + # platform_config: "{{ _platform_config }}" + shape: "{{ _shape }}" + shape_config: "{{ _shape_config }}" + agent_config: "{{ _agent_config }}" + source_details: "{{ _source_details }}" + + create_vnic_details: + display_name: "{{ cluster_state.infra_id }}-master-03-vnic0" + assign_public_ip: false + assign_private_dns_record: true + hostname_label: "master-03" + metadata: + user_data: "{{ lookup('file', node_controlplane_userdata_path) | b64encode }}" + + # Register the instance using callbacks + callbacks: "{{ _callbacks }}" diff --git a/playbooks/vars/oci/profiles/ha/node-generic.yaml b/playbooks/vars/oci/profiles/ha/node-generic.yaml new file mode 100644 index 0000000..8712ac7 --- /dev/null +++ b/playbooks/vars/oci/profiles/ha/node-generic.yaml @@ -0,0 +1,57 @@ +--- +# Vars used on Machine/Compute Stack +_userdata_path: "{{ config_install_dir }}/worker.ign" + +# Stack Compute (Ansible Role cloud_compute) options: +compute_resources: + # + # Node role: compute + # Node: opct-01 + # + - provider: oci + type: machine + + # RHCOS Custom Image + image_name: "{{ cluster_state.compute.image_id }}" + image_compartment_id: "{{ oci_compartment_id_image | d(oci_compartment_id) }}" + + # Network details + vnic_subnet_name: "{{ cluster_state.infra_id }}-net-{{ subnet | d('net-private') }}" + network_security_group_names: + - "{{ cluster_state.infra_id }}-nsg-{{ nsg | d('nsg-compute') }}" + + # OCI spec + spec: + state: present + wait: yes + compartment_id: "{{ oci_compartment_id }}" + display_name: "{{ cluster_state.infra_id }}-{{ sufix | d ('generic-01') }}" + region: "{{ config_cluster_region }}" + #freeform_tags: {'Department': 'Finance'} + #defined_tags: {'Operations': {'CostCenter': 'US'}} + availability_domain: "gzqB:US-SANJOSE-1-AD-1" + fault_domain: FAULT-DOMAIN-1 + + # platform_config: + # type: AMD_VM + shape: "VM.Standard.E4.Flex" + shape_config: + ocpus: "{{ cpu | d(2) }}" + memory_in_gbs: "{{ mem | d(8) }}" + #baseline_ocpu_utilization: BASELINE_1_8 + #nvmes: 1 + agent_config: + are_all_plugins_disabled: true + + source_details: + source_type: image + boot_volume_size_in_gbs: 120 + boot_volume_vpus_per_gb: 20 + + create_vnic_details: + display_name: "{{ cluster_state.infra_id }}-{{ sufix | d ('generic-01') }}-vnic0" + assign_public_ip: false + assign_private_dns_record: true + hostname_label: "{{ sufix | d ('generic-01') }}" + metadata: + user_data: "{{ lookup('file', _userdata_path) | b64encode }}" diff --git a/roles/bootstrap/tasks/oci.yaml b/roles/bootstrap/tasks/oci.yaml new file mode 100644 index 0000000..1213d0b --- /dev/null +++ b/roles/bootstrap/tasks/oci.yaml @@ -0,0 +1,51 @@ +--- +# https://docs.oracle.com/en-us/iaas/tools/oci-ansible-collection/4.12.0/collections/oracle/oci/oci_object_storage_object_module.html#ansible-collections-oracle-oci-oci-object-storage-object-module +# https://docs.oracle.com/en-us/iaas/tools/oci-ansible-collection/4.12.0/collections/oracle/oci/oci_object_storage_object_module.html#ansible-collections-oracle-oci-oci-object-storage-object-module + +- name: OCI | Get the namespace + oracle.oci.oci_object_storage_namespace_facts: + compartment_id: "{{ oci_compartment_id }}" + register: _objns + +- name: OCI | Create bucket + oracle.oci.oci_object_storage_bucket: + compartment_id: "{{ oci_compartment_id }}" + name: "{{ bootstrap_bucket }}" + namespace_name: "{{ _objns.namespace }}" + state: present + +# TODO: Make it indepotent +- name: OCI | Upload bootstrap.ign + oracle.oci.oci_object_storage_object: + namespace_name: "{{ _objns.namespace }}" + bucket_name: "{{ bootstrap_bucket }}" + object_name: "/bootstrap.ign" + src: "{{ config_install_dir + '/' + bootstrap_src_ign }}" + force: false + register: _upload + +- name: OCI | Create expiration timestamp + ansible.builtin.command: "date +'%Y-%m-%dT%H:%M:%S%z' -d '+1 hour'" + register: _cmd + changed_when: false + +- name: OCI | Create preauthenticated_request + oracle.oci.oci_object_storage_preauthenticated_request: + name: par-bootstrap + access_type: ObjectRead + time_expires: "{{ _cmd.stdout }}" + namespace_name: "{{ _objns.namespace }}" + bucket_name: "{{ bootstrap_bucket }}" + object_name: "/bootstrap.ign" + register: _objpreauth + #when: _upload.changed + +- name: OCI | Show existing URLs + oracle.oci.oci_object_storage_preauthenticated_request_facts: + namespace_name: "{{ _objns.namespace }}" + bucket_name: "{{ bootstrap_bucket }}" + register: _pars + +- name: OCI | Create Signed URL to bootstrap_bucket_signed_url + ansible.builtin.set_fact: + bootstrap_bucket_signed_url: "https://objectstorage.{{ config_cluster_region }}.oraclecloud.com{{ _objpreauth.preauthenticated_request.access_uri }}" diff --git a/roles/clients/tasks/main.yaml b/roles/clients/tasks/main.yaml index 136345f..5498dde 100644 --- a/roles/clients/tasks/main.yaml +++ b/roles/clients/tasks/main.yaml @@ -193,4 +193,4 @@ msg: - "binary=[{{ collection_bin_dir }}/{{ item.src }}]" - "link=[{{ collection_bin_dir }}/{{ item.link }}]" - with_items: "{{ _clients_map }}" \ No newline at end of file + with_items: "{{ _clients_map }}" diff --git a/roles/cloud_compute b/roles/cloud_compute index 5a0ea8a..2c60e24 160000 --- a/roles/cloud_compute +++ b/roles/cloud_compute @@ -1 +1 @@ -Subproject commit 5a0ea8a31f4ac8fe82e628fd6af8ef492ccee451 +Subproject commit 2c60e240bd23a3f5612c08a02dd4edaae1fba002 diff --git a/roles/cloud_dns b/roles/cloud_dns index c73d41e..7963424 160000 --- a/roles/cloud_dns +++ b/roles/cloud_dns @@ -1 +1 @@ -Subproject commit c73d41ec4c4cdbccf9aa7626420ada0ed5eb2215 +Subproject commit 7963424148b12d994106d3eb957cddee49649a71 diff --git a/roles/cloud_load_balancer b/roles/cloud_load_balancer index 7c521f0..2de0b77 160000 --- a/roles/cloud_load_balancer +++ b/roles/cloud_load_balancer @@ -1 +1 @@ -Subproject commit 7c521f0960eaa3a62d77237cb00fa1e58a2a8f21 +Subproject commit 2de0b77004652d7be5a2bbbcbd879f11c4c1b957 diff --git a/roles/cloud_network b/roles/cloud_network index 8e745fc..c1bc9ed 160000 --- a/roles/cloud_network +++ b/roles/cloud_network @@ -1 +1 @@ -Subproject commit 8e745fcdf35aa9fcb3bd64ad1e7317f805a4326f +Subproject commit c1bc9ed40d2707057a9809cded3fd2c7cf8c670d diff --git a/roles/config/defaults/main.yaml b/roles/config/defaults/main.yaml index 92b3c56..f55270b 100644 --- a/roles/config/defaults/main.yaml +++ b/roles/config/defaults/main.yaml @@ -8,6 +8,7 @@ config_default_hyperthreading: Enabled config_valid_providers: - aws + - oci # Compute config_compute_replicas: 3 diff --git a/roles/config/tasks/create.yaml b/roles/config/tasks/create.yaml index 90be653..19a04e4 100644 --- a/roles/config/tasks/create.yaml +++ b/roles/config/tasks/create.yaml @@ -3,4 +3,4 @@ # - create-config # - create-manifests # - patch-manifests -# - create-ignitions \ No newline at end of file +# - create-ignitions diff --git a/roles/config/tasks/load.yaml b/roles/config/tasks/load.yaml index bacb779..5c10584 100644 --- a/roles/config/tasks/load.yaml +++ b/roles/config/tasks/load.yaml @@ -50,7 +50,7 @@ - name: Load | Set custom_image_id from os_mirror config when: - - os_mirror | d({}) | length > 0 + - os_mirror | d(false) - os_mirror_from | d('') == 'stream_artifacts' block: - name: Load | Set custom_image_url from os_mirror config diff --git a/roles/config/tasks/patches-manifests/deploy-oci-ccm.yaml b/roles/config/tasks/patches-manifests/deploy-oci-ccm.yaml new file mode 100644 index 0000000..bcff630 --- /dev/null +++ b/roles/config/tasks/patches-manifests/deploy-oci-ccm.yaml @@ -0,0 +1,56 @@ +--- +- name: Patch | OCI | CCM | Set namespace oci_ccm_namespace + ansible.builtin.set_fact: + # default provided by repo is kube-system + oci_ccm_namespace: oci-cloud-controller-manager + when: oci_ccm_namespace is not defined + +- name: Patch | OCI | CCM | Create Namespace + ansible.builtin.template: + src: patches/oci/oci-ccm-00-namespace.yaml.j2 + dest: "{{ config_install_dir }}/manifests/oci-cloud-controller-manager-00-namespace.yaml" + mode: 0644 + +- name: Patch | OCI | CCM | Set subnet ID + ansible.builtin.set_fact: + _lb_subnet1: "{{ sb.state.id }}" + loop: "{{ (cluster_state.networks | first).subnets }}" + loop_control: + loop_var: sb + when: sb.public + +- name: Patch | OCI | CCM | Load OCI Secret data + ansible.builtin.set_fact: + oci_ccm_secret_data: "{{ lookup('template', 'patches/oci/oci-ccm-01-secret-data.yaml.j2') | from_yaml }}" + +- name: Patch | OCI | CCM | Create Secret + ansible.builtin.template: + src: patches/oci/oci-ccm-01-secret.yaml.j2 + dest: "{{ config_install_dir }}/manifests/oci-cloud-controller-manager-01-secret.yaml" + mode: 0644 + vars: + oci_compartment_id: oci_compartment_id + +- name: Patch | OCI | CCM | Create RBAC SA + ansible.builtin.template: + src: patches/oci/oci-ccm-02-rbac-sa.yaml.j2 + dest: "{{ config_install_dir }}/manifests/oci-cloud-controller-manager-02-rbac-sa.yaml" + mode: 0644 + +- name: Patch | OCI | CCM | Create RBAC CR + ansible.builtin.template: + src: patches/oci/oci-ccm-03-rbac-cr.yaml.j2 + dest: "{{ config_install_dir }}/manifests/oci-cloud-controller-manager-03-rbac-cr.yaml" + mode: 0644 + +- name: Patch | OCI | CCM | Create RBAC CRB + ansible.builtin.template: + src: patches/oci/oci-ccm-04-rbac-crb.yaml.j2 + dest: "{{ config_install_dir }}/manifests/oci-cloud-controller-manager-04-rbac-crb.yaml" + mode: 0644 + +- name: Patch | OCI | CCM | Create DaemonSet + ansible.builtin.template: + src: patches/oci/oci-ccm-05-daemonset.yaml.j2 + dest: "{{ config_install_dir }}/manifests/oci-cloud-controller-manager-05-daemonset.yaml" + mode: 0644 diff --git a/roles/config/tasks/patches-manifests/deploy-oci-csi.yaml b/roles/config/tasks/patches-manifests/deploy-oci-csi.yaml new file mode 100644 index 0000000..6ae1a8e --- /dev/null +++ b/roles/config/tasks/patches-manifests/deploy-oci-csi.yaml @@ -0,0 +1,42 @@ +--- +- name: Patch | OCI | CCM | Set namespace oci_ccm_namespace + ansible.builtin.set_fact: + # default provided by repo is kube-system + oci_csi_namespace: oci-csi + when: oci_csi_namespace is not defined + +- name: Patch | OCI | CSI | Load OCI Secret data + ansible.builtin.set_fact: + oci_ccm_secret_data: "{{ lookup('template', 'patches/oci/oci-ccm-01-secret-data.yaml.j2') | from_yaml }}" + +- name: Patch | OCI | CSI | Create Manifests to install dir manifests/ + ansible.builtin.template: + src: "patches/oci/{{ manifest }}.j2" + dest: "{{ config_install_dir }}/manifests/{{ manifest }}" + mode: 0644 + loop_control: + loop_var: manifest + loop: + - oci-csi-00-namespace.yaml + - oci-csi-01-secret.yaml + - oci-csi-02-node-rbac-00-sa.yaml + - oci-csi-02-node-rbac-01-cr.yaml + - oci-csi-02-node-rbac-02-crb.yaml + - oci-csi-03-controller-driver.yaml + - oci-csi-04-node-driver-00-csidriver-fss.yaml + - oci-csi-04-node-driver-01-csidriver-bv.yaml + - oci-csi-04-node-driver-02-cm-iscsi.yaml + - oci-csi-04-node-driver-03-cm-fss.yaml + - oci-csi-04-node-driver-04-daemonset.yaml + - oci-csi-05-storage-class-00-bv.yaml + - oci-csi-05-storage-class-01-bv-enc.yaml + +- name: Patch | OCI | CSI | Create MachineConfig iscsid.service + ansible.builtin.template: + src: patches/mc-iscsid-service.yaml.j2 + dest: "{{ config_install_dir }}/openshift//99_openshift-machineconfig_99-{{ machine_role }}-iscsid.yaml" + loop_control: + loop_var: machine_role + loop: + - master + - worker \ No newline at end of file diff --git a/roles/config/tasks/patches-manifests/line_regex_patch.yaml b/roles/config/tasks/patches-manifests/line_regex_patch.yaml new file mode 100644 index 0000000..b8b63da --- /dev/null +++ b/roles/config/tasks/patches-manifests/line_regex_patch.yaml @@ -0,0 +1,10 @@ +--- +- name: Config | Patch manifests | Line regex + ansible.builtin.lineinfile: + path: "{{ config_install_dir }}{{ patch_spec.manifest }}" + backrefs: true + regexp: "{{ patch_spec.regexp }}" + line: "{{ patch_spec.line }}" + loop: "{{ cfg_patch_line_regex_patch_specs }}" + loop_control: + loop_var: patch_spec diff --git a/roles/config/tasks/patches-manifests/mc-kubelet-env-workaround.yaml b/roles/config/tasks/patches-manifests/mc-kubelet-env-workaround.yaml new file mode 100644 index 0000000..f46612e --- /dev/null +++ b/roles/config/tasks/patches-manifests/mc-kubelet-env-workaround.yaml @@ -0,0 +1,16 @@ +--- +# NOTE: there is not guarantee that it would work. +# The Platform=External should have precedence before testing this approach. + +# Requires to cfg_patch_kubelet_env_workaround_content +## Each line should have the script generating the data to append to the +## kubelet workaround file. +- name: Crete kubelet config + ansible.builtin.template: + src: patches/mc-kubelet-env.yaml.j2 + dest: "{{ config_install_dir }}/openshift/99_openshift-machineconfig_00-{{ machine_role }}-kubelet-env-wa.yaml" + loop_control: + loop_var: machine_role + loop: + - master + - worker diff --git a/roles/config/tasks/patches-manifests/mc-kubelet-providerid.yaml b/roles/config/tasks/patches-manifests/mc-kubelet-providerid.yaml new file mode 100644 index 0000000..1b13826 --- /dev/null +++ b/roles/config/tasks/patches-manifests/mc-kubelet-providerid.yaml @@ -0,0 +1,40 @@ +--- +# NOTE: there is not guarantee that it would work. +# The Platform=External should have precedence before testing this approach. + +- name: Patch | mc-kubelet-providerid | Check requirements + ansible.builtin.assert: + that: + - cfg_patch_kubelet_providerid_script is defined + fail_msg: "'cfg_patch_kubelet_providerid_script' is required to use patch 'mc-kubelet-providerid'" + +- name: Patch | mc-kubelet-providerid | Set tmp dir + ansible.builtin.set_fact: + cluster_tmp_dir: "{{ config_install_dir }}/.tmp" + +- name: Patch | mc-kubelet-providerid | ensure tmp dir + ansible.builtin.file: + dest: "{{ cluster_tmp_dir }}" + state: directory + +- name: Patch | mc-kubelet-providerid | Create kubelet providerID + ansible.builtin.template: + src: patches/mc-kubelet-providerid.bu.j2 + dest: "{{ cluster_tmp_dir }}/99_openshift-machineconfig_00-{{ machine_role }}-kubelet-providerid.bu" + loop_control: + loop_var: machine_role + loop: + - master + - worker + +- name: Patch | mc-kubelet-providerid | Render butane config + ansible.builtin.shell: | + {{ bin_butane }} \ + {{ cluster_tmp_dir }}/99_openshift-machineconfig_00-{{ machine_role }}-kubelet-providerid.bu \ + -o {{ config_install_dir }}/openshift/99_openshift-machineconfig_00-{{ machine_role }}-kubelet-providerid.yaml + loop_control: + loop_var: machine_role + loop: + - master + - worker + diff --git a/roles/config/tasks/patches-manifests/yaml_patch.yaml b/roles/config/tasks/patches-manifests/yaml_patch.yaml new file mode 100644 index 0000000..a9e99d2 --- /dev/null +++ b/roles/config/tasks/patches-manifests/yaml_patch.yaml @@ -0,0 +1,6 @@ +--- + +- ansible.builtin.include_tasks: ./yaml_patch_run.yaml + loop: "{{ cfg_patch_yaml_patch_specs }}" + loop_control: + loop_var: patch_spec diff --git a/roles/config/tasks/patches-manifests/yaml_patch_run.yaml b/roles/config/tasks/patches-manifests/yaml_patch_run.yaml new file mode 100644 index 0000000..7db7321 --- /dev/null +++ b/roles/config/tasks/patches-manifests/yaml_patch_run.yaml @@ -0,0 +1,18 @@ +--- +# generic update executor + +- name: patch | reading file {{ config_install_dir + patch_spec.manifest }} + set_fact: + patch_file: "{{ lookup('file', config_install_dir + patch_spec.manifest) | from_yaml }}" + +- debug: var=patch_file +- debug: var=patch_spec.patch + +- name: patch | patching content + set_fact: + new_content: "{{ patch_file | combine(patch_spec.patch|from_json, recursive=True) }}" + +- name: patch | saving file {{ config_install_dir + patch_spec.manifest }} + copy: + dest: "{{ config_install_dir + patch_spec.manifest }}" + content: "{{ new_content | to_nice_yaml(indent=2) }}" diff --git a/roles/config/tasks/save-state.yaml b/roles/config/tasks/save-state.yaml index 93987b7..7124c8b 100644 --- a/roles/config/tasks/save-state.yaml +++ b/roles/config/tasks/save-state.yaml @@ -5,4 +5,4 @@ dest: "{{ config_install_dir + '/cluster_state.json' }}" content: "{{ cluster_state }}" mode: 0644 - changed_when: false + #changed_when: false diff --git a/roles/config/templates/patches/mc-iscsid-service.yaml.j2 b/roles/config/templates/patches/mc-iscsid-service.yaml.j2 new file mode 100644 index 0000000..f454bf6 --- /dev/null +++ b/roles/config/templates/patches/mc-iscsid-service.yaml.j2 @@ -0,0 +1,14 @@ +apiVersion: machineconfiguration.openshift.io/v1 +kind: MachineConfig +metadata: + labels: + machineconfiguration.openshift.io/role: {{ machine_role }} + name: 99-{{ machine_role }}-iscsid +spec: + config: + ignition: + version: 3.1.0 + systemd: + units: + - enabled: true + name: iscsid.service \ No newline at end of file diff --git a/roles/config/templates/patches/mc-kubelet-env.yaml.j2 b/roles/config/templates/patches/mc-kubelet-env.yaml.j2 new file mode 100644 index 0000000..b85de19 --- /dev/null +++ b/roles/config/templates/patches/mc-kubelet-env.yaml.j2 @@ -0,0 +1,38 @@ +# https://github.com/openshift/machine-config-operator/blob/master/templates/common/aws/files/usr-local-bin-aws-kubelet-providerid.yaml +apiVersion: machineconfiguration.openshift.io/v1 +kind: MachineConfig +metadata: + labels: + machineconfiguration.openshift.io/role: master + name: 00-{{ machine_role }}-kubelet-env +spec: + config: + ignition: + version: 3.1.0 + systemd: + units: + - name: kubelet-env.service + enabled: false + contents: | + [Unit] + Description=Fetch kubelet environments from Metadata + # Wait for NetworkManager to report it's online + #Wants=network-online.target + #Requires=crio.service kubelet-auto-node-size.service + #After=network-online.target + #After=ostree-finalize-staged.service + After=NetworkManager-wait-online.service + Before=kubelet.service + [Service] + User=root + Group=root + ExecStart=/opt/libexec/kubelet-env-workaround.sh + Type=oneshot + [Install] + WantedBy=network-online.target + storage: + files: + - mode: 0755 + path: "/opt/libexec/kubelet-env-workaround.sh" + contents: + source: data:text/plain;charset=utf-8;base64,{{ lookup('template', './mc-kubelet-env_kubelet-providerID.sh.j2') | b64encode }} diff --git a/roles/config/templates/patches/mc-kubelet-env_kubelet-providerID.sh.j2 b/roles/config/templates/patches/mc-kubelet-env_kubelet-providerID.sh.j2 new file mode 100644 index 0000000..a3ea527 --- /dev/null +++ b/roles/config/templates/patches/mc-kubelet-env_kubelet-providerID.sh.j2 @@ -0,0 +1,9 @@ +#!/bin/bash + +{{ cfg_patch_kubelet_env_workaround_content }} + +echo "#> Setting permissions 0644 for /etc/kubernetes/kubelet-workaround" +sudo chmod 0755 /etc/kubernetes/kubelet-workaround + +echo "#> Checking value of /etc/kubernetes/kubelet-workaround" +cat /etc/kubernetes/kubelet-workaround diff --git a/roles/config/templates/patches/mc-kubelet-providerid.bu.j2 b/roles/config/templates/patches/mc-kubelet-providerid.bu.j2 new file mode 100644 index 0000000..b276f21 --- /dev/null +++ b/roles/config/templates/patches/mc-kubelet-providerid.bu.j2 @@ -0,0 +1,51 @@ +# https://github.com/openshift/machine-config-operator/blob/master/templates/common/aws/files/usr-local-bin-aws-kubelet-providerid.yaml +variant: openshift +version: 4.12.0 +metadata: + name: 00-{{ machine_role }}-kubelet-providerid + labels: + machineconfiguration.openshift.io/role: {{ machine_role }} +storage: + files: + - mode: 0755 + path: "/usr/local/bin/kubelet-providerid" + contents: + inline: | + #!/bin/bash + set -e -o pipefail + NODECONF=/etc/systemd/system/kubelet.service.d/20-providerid.conf + if [ -e "${NODECONF}" ]; then + echo "Not replacing existing ${NODECONF}" + exit 0 + fi + + {{ cfg_patch_kubelet_providerid_script }} + + cat > "${NODECONF}" <> /data/out.txt; sleep 5; done"] + volumeMounts: + - name: persistent-storage + mountPath: /data + volumes: + - name: persistent-storage + persistentVolumeClaim: + claimName: oci-bv-claim diff --git a/roles/config/templates/patches/oci/oci-sample-lb-00-deployment.yaml.j2 b/roles/config/templates/patches/oci/oci-sample-lb-00-deployment.yaml.j2 new file mode 100644 index 0000000..69283de --- /dev/null +++ b/roles/config/templates/patches/oci/oci-sample-lb-00-deployment.yaml.j2 @@ -0,0 +1,21 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: nginx-deployment + namespace: {{ oci_samples_namespace | d('oci-samples') }} +spec: + replicas: 1 + selector: + matchLabels: + app: nginx + template: + metadata: + labels: + app: nginx + spec: + containers: + - name: nginx + image: nginx + ports: + - containerPort: 80 diff --git a/roles/config/templates/patches/oci/oci-sample-lb-01-service.yaml.j2 b/roles/config/templates/patches/oci/oci-sample-lb-01-service.yaml.j2 new file mode 100644 index 0000000..c717141 --- /dev/null +++ b/roles/config/templates/patches/oci/oci-sample-lb-01-service.yaml.j2 @@ -0,0 +1,16 @@ +--- +kind: Service +apiVersion: v1 +metadata: + name: nginx-service + namespace: {{ oci_samples_namespace | d('oci-samples') }} + labels: + app: nginx +spec: + selector: + app: nginx + type: LoadBalancer + ports: + - name: http + port: 81 + targetPort: 80 diff --git a/roles/config/templates/patches/oci/oci-samples-namespace.j2 b/roles/config/templates/patches/oci/oci-samples-namespace.j2 new file mode 100644 index 0000000..cbceb1d --- /dev/null +++ b/roles/config/templates/patches/oci/oci-samples-namespace.j2 @@ -0,0 +1,12 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: {{ oci_samples_namespace | d('oci-samples') }} + labels: + "pod-security.kubernetes.io/enforce": "privileged" + "pod-security.kubernetes.io/audit": "privileged" + "pod-security.kubernetes.io/warn": "privileged" + "pod-security.kubernetes.io/enforce-version": "v1.24" + "security.openshift.io/scc.podSecurityLabelSync": "false" + "openshift.io/run-level": "0" diff --git a/roles/destroy/tasks/oci.yaml b/roles/destroy/tasks/oci.yaml new file mode 100644 index 0000000..3376a85 --- /dev/null +++ b/roles/destroy/tasks/oci.yaml @@ -0,0 +1,27 @@ +--- +- name: OCI | Load Balancer + ansible.builtin.include_tasks: "{{ provider }}/loadbalancer.yaml" + tags: loadbalancer + +- name: OCI | Compute + ansible.builtin.include_tasks: "{{ provider }}/compute.yaml" + tags: compute + +- name: OCI | IAM + ansible.builtin.include_tasks: "{{ provider }}/iam.yaml" + tags: iam + +- name: OCI | DNS + ansible.builtin.include_tasks: "{{ provider }}/dns.yaml" + tags: dns + +- name: OCI | Network + ansible.builtin.include_tasks: "{{ provider }}/network.yaml" + tags: network + loop: "{{ cloud_networks }}" + loop_control: + loop_var: vcn + +- name: OCI | Bucket + ansible.builtin.include_tasks: "{{ provider }}/bucket.yaml" + tags: bucket diff --git a/roles/destroy/tasks/oci/bucket.yaml b/roles/destroy/tasks/oci/bucket.yaml new file mode 100644 index 0000000..e566603 --- /dev/null +++ b/roles/destroy/tasks/oci/bucket.yaml @@ -0,0 +1,14 @@ +--- +- name: OCI | Bucket | Get the namespace + oracle.oci.oci_object_storage_namespace_facts: + compartment_id: "{{ oci_compartment_id }}" + register: _objns + +- name: OCI | Bucket | Delete bootstrap + oracle.oci.oci_object_storage_bucket: + state: absent + compartment_id: "{{ oci_compartment_id }}" + name: "{{ cluster_state.infra_id }}-infra" + namespace_name: "{{ _objns.namespace }}" + force: yes + diff --git a/roles/destroy/tasks/oci/compute.yaml b/roles/destroy/tasks/oci/compute.yaml new file mode 100644 index 0000000..cafbdef --- /dev/null +++ b/roles/destroy/tasks/oci/compute.yaml @@ -0,0 +1,37 @@ +--- +- name: OCI | Compute | Discovery Instance ID + tags: compute + loop_control: + loop_var: instance + loop: "{{ okd_cluster_destroy_instances }}" + register: _instances + oracle.oci.oci_compute_instance_facts: + compartment_id: "{{ okd_cluster_destroy_instances_compartment_id }}" + display_name: "{{ instance.name }}" + +- name: OCI | LB | Show Delete + tags: compute + loop_control: + loop_var: results + loop: "{{ _instances.results }}" + when: + - _instances.results | length > 0 + - results.instances is defined and results.instances | length > 0 + debug: + msg: "Deleting Instance: {{ results.instances[0].display_name }}({{ results.instances[0].id }})" + +- name: OCI | Compute | Delete instance + tags: compute + loop_control: + loop_var: inst + loop: "{{ _instances.results }}" + when: + - _instances.results | length > 0 + - inst.instances is defined and inst.instances | length > 0 + oracle.oci.oci_compute_instance: + state: absent + compartment_id: "{{ okd_cluster_destroy_instances_compartment_id }}" + id: "{{ inst.instances[0].id }}" + preserve_boot_volume: false + wait: no + diff --git a/roles/destroy/tasks/oci/dns.yaml b/roles/destroy/tasks/oci/dns.yaml new file mode 100644 index 0000000..162d979 --- /dev/null +++ b/roles/destroy/tasks/oci/dns.yaml @@ -0,0 +1,12 @@ +--- +- name: OCI | DNS | Remove records + oracle.oci.oci_dns_zone_records: + compartment_id: "{{ okd_cluster_destroy_dns_compartment_id }}" + zone_name_or_id: "{{ okd_cluster_destroy_dns_records.zone_name_or_id }}" + patch_items: "{{ okd_cluster_destroy_dns_records.patch_items_spec }}" + # - operation: REMOVE + # domain: "{{ rr.domain }}" + # loop: "{{ okd_cluster_destroy_dns_records }}" + # loop_control: + # loop_var: rr + # register: _rr diff --git a/roles/destroy/tasks/oci/iam.yaml b/roles/destroy/tasks/oci/iam.yaml new file mode 100644 index 0000000..02eb760 --- /dev/null +++ b/roles/destroy/tasks/oci/iam.yaml @@ -0,0 +1,2 @@ +--- +# placeholder diff --git a/roles/destroy/tasks/oci/loadbalancer.yaml b/roles/destroy/tasks/oci/loadbalancer.yaml new file mode 100644 index 0000000..0c07f9c --- /dev/null +++ b/roles/destroy/tasks/oci/loadbalancer.yaml @@ -0,0 +1,37 @@ +--- +- name: OCI | LB | Discovery IDs + loop: "{{ cloud_loadbalancers }}" + loop_control: + loop_var: lb + register: _lb_out + oracle.oci.oci_network_load_balancer_facts: + compartment_id: "{{ lb.spec.compartment_id }}" + display_name: "{{ lb.name }}" + +# - debug: var=_lb_out + +- name: OCI | LB | Show Delete + loop: "{{ _lb_out.results }}" + loop_control: + loop_var: lb + register: _lb_del_out + debug: + msg: "Deleting Load Balancer ID: {{ lb.network_load_balancers[0].id }}" + when: + - debug | d(false) + - _lb_out.results is defined and _lb_out.results | length > 0 + check_mode: no + +- name: OCI | LB | Delete + loop: "{{ _lb_out.results }}" + loop_control: + loop_var: lb + register: _lb_del_out + oracle.oci.oci_network_load_balancer: + state: absent + id: "{{ lb.network_load_balancers[0].id }}" + when: + - _lb_out.results is defined and _lb_out.results | length > 0 + - lb.network_load_balancers is defined and lb.network_load_balancers | length > 0 + +# - debug: var=_lb_del_out diff --git a/roles/destroy/tasks/oci/network.yaml b/roles/destroy/tasks/oci/network.yaml new file mode 100644 index 0000000..d69bacc --- /dev/null +++ b/roles/destroy/tasks/oci/network.yaml @@ -0,0 +1,81 @@ +--- +- name: OCI | Network | Subnet | Delete + oracle.oci.oci_network_subnet: + state: absent + compartment_id: "{{ vcn.compartment_id }}" + display_name: "{{ subnet.spec.display_name }}" + environment: + OCI_USE_NAME_AS_IDENTIFIER: true + loop: "{{ vcn.subnets }}" + loop_control: + loop_var: subnet + register: _del_subnet + until: "_del_subnet is not failed" + retries: 5 + delay: 5 + +- name: OCI | Network | Route Table Public | Delete + oracle.oci.oci_network_route_table: + state: absent + compartment_id: "{{ vcn.compartment_id }}" + display_name: "{{ vcn.route_table_public.spec.display_name }}" + environment: + OCI_USE_NAME_AS_IDENTIFIER: true + +- name: OCI | Network | Route Table Private | Delete + oracle.oci.oci_network_route_table: + state: absent + compartment_id: "{{ vcn.compartment_id }}" + display_name: "{{ vcn.route_table_private.spec.display_name }}" + environment: + OCI_USE_NAME_AS_IDENTIFIER: true + +- name: OCI | Network | NatGW + oracle.oci.oci_network_nat_gateway: + state: absent + compartment_id: "{{ vcn.compartment_id }}" + display_name: "{{ vcn.nat_gateway.spec.display_name }}" + environment: + OCI_USE_NAME_AS_IDENTIFIER: true + +- name: OCI | VCN | IGW | Delete + oracle.oci.oci_network_internet_gateway: + state: absent + compartment_id: "{{ vcn.compartment_id }}" + display_name: "{{ vcn.internet_gateway.spec.display_name }}" + environment: + OCI_USE_NAME_AS_IDENTIFIER: true + +- name: OCI | Network | NSG | Delete + oracle.oci.oci_network_security_group: + state: absent + compartment_id: "{{ vcn.compartment_id }}" + display_name: "{{ nsg.spec.display_name }}" + environment: + OCI_USE_NAME_AS_IDENTIFIER: true + loop: "{{ vcn.network_security_groups }}" + loop_control: + loop_var: nsg + +- name: OCI | Network | SecList | Delete + oracle.oci.oci_network_security_list: + state: absent + compartment_id: "{{ vcn.compartment_id }}" + display_name: "{{ seclist.spec.display_name }}" + environment: + OCI_USE_NAME_AS_IDENTIFIER: true + loop: "{{ vcn.security_lists }}" + loop_control: + loop_var: seclist + +- name: OCI | Network | VCN | Delete + oracle.oci.oci_network_vcn: + state: absent + compartment_id: "{{ vcn.compartment_id }}" + display_name: "{{ vcn.name }}" + environment: + OCI_USE_NAME_AS_IDENTIFIER: true + register: oci_destroy_vcn + until: "oci_destroy_vcn is not failed" + retries: 5 + delay: 5 \ No newline at end of file diff --git a/roles/os_mirror/tasks/oci.yaml b/roles/os_mirror/tasks/oci.yaml new file mode 100644 index 0000000..f87cd57 --- /dev/null +++ b/roles/os_mirror/tasks/oci.yaml @@ -0,0 +1,41 @@ +--- + +- name: OCI | Get the namespace + oracle.oci.oci_object_storage_namespace_facts: + compartment_id: "{{ os_mirror_to_oci.compartment_id }}" + register: _objns + +- name: OCI | Create bucket + oracle.oci.oci_object_storage_bucket: + state: present + compartment_id: "{{ os_mirror_to_oci.compartment_id }}" + name: "{{ os_mirror_to_oci.bucket }}" + namespace_name: "{{ _objns.namespace }}" + +- name: OCI | Show Summary of OS Mirroring + debug: + msg: + - "Bucket/image object: {{ os_mirror_to_oci.bucket }}/{{ cluster_state.compute.image_id }}" + - "Image name: {{ cluster_state.compute.image_id }}" + when: not(_st_image.stat.exists) + +- name: OCI | Upload image to bucket + oracle.oci.oci_object_storage_object: + namespace_name: "{{ _objns.namespace }}" + bucket_name: "{{ os_mirror_to_oci.bucket }}" + object_name: "{{ cluster_state.compute.image_id }}" + src: "{{ collection_bin_dir + '/' + cluster_state.compute.image_id }}" + force: false + register: _upload + +- name: OCI | Creating Custom Image + oracle.oci.oci_compute_image: + compartment_id: "{{ os_mirror_to_oci.compartment_id }}" + image_source_details: + bucket_name: "{{ os_mirror_to_oci.bucket }}" + namespace_name: "{{ _objns.namespace }}" + object_name: "{{ cluster_state.compute.image_id }}" + source_type: objectStorageTuple + source_image_type: "{{ os_mirror_to_oci.image_type }}" + launch_mode: PARAVIRTUALIZED + display_name: "{{ cluster_state.compute.image_id }}" From b8c109610898d0315b3c5b568b1600265a89a928 Mon Sep 17 00:00:00 2001 From: Marco Braga Date: Fri, 9 Jun 2023 15:37:57 -0300 Subject: [PATCH 02/39] fixing CI linter --- playbooks/vars/oci/profiles/ha/destroy_resources.yaml | 4 +--- requirements.txt | 3 +++ requirements.yml | 7 ++++++- roles/cloud_load_balancer | 2 +- roles/cloud_network | 2 +- .../tasks/patches-manifests/mc-kubelet-providerid.yaml | 3 +-- roles/destroy/tasks/oci/compute.yaml | 3 +-- 7 files changed, 14 insertions(+), 10 deletions(-) diff --git a/playbooks/vars/oci/profiles/ha/destroy_resources.yaml b/playbooks/vars/oci/profiles/ha/destroy_resources.yaml index 50d26f8..d90f3e7 100644 --- a/playbooks/vars/oci/profiles/ha/destroy_resources.yaml +++ b/playbooks/vars/oci/profiles/ha/destroy_resources.yaml @@ -9,7 +9,6 @@ okd_cluster_destroy_instances: - name: "{{ cluster_state.infra_id }}-worker-01" - name: "{{ cluster_state.infra_id }}-worker-02" - name: "{{ cluster_state.infra_id }}-worker-03" - - name: "{{ cluster_state.infra_id }}-opct-01" wait: yes wait_timeout: 120 @@ -22,5 +21,4 @@ okd_cluster_destroy_dns_records: - operation: REMOVE domain: "api-int.{{ cluster_state.dns.cluster_domain }}" - operation: REMOVE - domain: "*.apps.{{ cluster_state.dns.cluster_domain }}" - + domain: "*.apps.{{ cluster_state.dns.cluster_domain }}" \ No newline at end of file diff --git a/requirements.txt b/requirements.txt index a62c0f8..a3c454e 100644 --- a/requirements.txt +++ b/requirements.txt @@ -11,3 +11,6 @@ botocore # kubernetes Collection kubernetes + +# provider: Oracle Cloud/OCI +oci==2.103.0 diff --git a/requirements.yml b/requirements.yml index 607d422..42d0988 100644 --- a/requirements.yml +++ b/requirements.yml @@ -14,4 +14,9 @@ collections: - name: community.aws version: '>=5.5.0,<5.6' - name: amazon.aws - version: '>=5.5.0,<5.6' \ No newline at end of file + version: '>=5.5.0,<5.6' + +# Oracle Cloud Infrastructure Ansible Collections +# https://docs.oracle.com/en-us/iaas/tools/oci-ansible-collection/4.11.0/installation/index.html +- name: oracle.oci + version: '>=4.23.0,<4.24.0' \ No newline at end of file diff --git a/roles/cloud_load_balancer b/roles/cloud_load_balancer index 2de0b77..bd32369 160000 --- a/roles/cloud_load_balancer +++ b/roles/cloud_load_balancer @@ -1 +1 @@ -Subproject commit 2de0b77004652d7be5a2bbbcbd879f11c4c1b957 +Subproject commit bd32369363fbcc6b5472f8ad3a43b704a25a7bb2 diff --git a/roles/cloud_network b/roles/cloud_network index c1bc9ed..0554034 160000 --- a/roles/cloud_network +++ b/roles/cloud_network @@ -1 +1 @@ -Subproject commit c1bc9ed40d2707057a9809cded3fd2c7cf8c670d +Subproject commit 0554034f5d56c3a49b5988e14028a6b44a3cf822 diff --git a/roles/config/tasks/patches-manifests/mc-kubelet-providerid.yaml b/roles/config/tasks/patches-manifests/mc-kubelet-providerid.yaml index 1b13826..db54be0 100644 --- a/roles/config/tasks/patches-manifests/mc-kubelet-providerid.yaml +++ b/roles/config/tasks/patches-manifests/mc-kubelet-providerid.yaml @@ -36,5 +36,4 @@ loop_var: machine_role loop: - master - - worker - + - worker \ No newline at end of file diff --git a/roles/destroy/tasks/oci/compute.yaml b/roles/destroy/tasks/oci/compute.yaml index cafbdef..82fdba2 100644 --- a/roles/destroy/tasks/oci/compute.yaml +++ b/roles/destroy/tasks/oci/compute.yaml @@ -33,5 +33,4 @@ compartment_id: "{{ okd_cluster_destroy_instances_compartment_id }}" id: "{{ inst.instances[0].id }}" preserve_boot_volume: false - wait: no - + wait: no \ No newline at end of file From b954d8d6f56f9a553337b1e66f2dd7dd96d40d11 Mon Sep 17 00:00:00 2001 From: Marco Braga Date: Fri, 9 Jun 2023 17:32:25 -0300 Subject: [PATCH 03/39] update CI workflows to use cache --- .github/workflows/mock-aws.yaml | 1 - .github/workflows/site-production.yaml | 1 - 2 files changed, 2 deletions(-) diff --git a/.github/workflows/mock-aws.yaml b/.github/workflows/mock-aws.yaml index e9db86f..3c3d155 100644 --- a/.github/workflows/mock-aws.yaml +++ b/.github/workflows/mock-aws.yaml @@ -136,7 +136,6 @@ jobs: cat ~/.ansible/okd-installer/clusters/${{ steps.vars.outputs.cluster-name }}/cluster_state.json || true cat ~/.ansible/okd-installer/clusters/${{ steps.vars.outputs.cluster-name }}install-config-bkp.yaml || true - - name: Destroy cluster (play destroy_cluster) env: VARS_FILE: "./vars-${{ steps.vars.outputs.cluster-name }}.yaml" diff --git a/.github/workflows/site-production.yaml b/.github/workflows/site-production.yaml index f1b8ae1..6138021 100644 --- a/.github/workflows/site-production.yaml +++ b/.github/workflows/site-production.yaml @@ -1,6 +1,5 @@ # Workflow for deploying static content to GitHub Pages name: github-pages - on: push: branches: ["main"] From 0ec039abfea293cba4ce9634be9827d7a3ae481f Mon Sep 17 00:00:00 2001 From: Marco Braga Date: Fri, 9 Jun 2023 17:47:27 -0300 Subject: [PATCH 04/39] unset failures when gitmodules is updated --- hack/ci/deploy.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hack/ci/deploy.yml b/hack/ci/deploy.yml index 6ab5c83..b24205c 100644 --- a/hack/ci/deploy.yml +++ b/hack/ci/deploy.yml @@ -15,7 +15,7 @@ git submodule update --recursive --remote chdir={{ collection_root }} register: git_update - failed_when: git_update.stdout != '' + #failed_when: git_update.stdout != '' tags: build - name: Ensure the ~/.ansible directory exists. From 3cd37f5dc1d4756e903ec56f6b59c530e61d07e3 Mon Sep 17 00:00:00 2001 From: Marco Braga Date: Fri, 9 Jun 2023 21:20:35 -0300 Subject: [PATCH 05/39] add PR comment --- .github/workflows/main.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index f8e76ca..64e5bed 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -208,7 +208,6 @@ jobs: - Container: ${{ env.IMAGE }}:${{ env.VERSION }} - Docs Preview: ${{ steps.verceldeploy.outputs.url }} reactions: rocket - - name: Update comment if: steps.fbc.outputs.comment-id != '' uses: peter-evans/create-or-update-comment@v3 From 40346707c0639ab3a221d27bf54785aa0ee68c98 Mon Sep 17 00:00:00 2001 From: Marco Braga Date: Fri, 9 Jun 2023 21:42:10 -0300 Subject: [PATCH 06/39] add docs preview url published --- .github/workflows/site-preview.yaml | 74 +++++++++++++++++++++++++++++ 1 file changed, 74 insertions(+) create mode 100644 .github/workflows/site-preview.yaml diff --git a/.github/workflows/site-preview.yaml b/.github/workflows/site-preview.yaml new file mode 100644 index 0000000..1c4ad90 --- /dev/null +++ b/.github/workflows/site-preview.yaml @@ -0,0 +1,74 @@ + +name: github-pages-preview +env: + VERCEL_VERSION: 28.20.0 + VERCEL_ORG_ID: ${{ secrets.VERCEL_ORG_ID }} + VERCEL_PROJECT_ID: ${{ secrets.VERCEL_PROJECT_ID }} + +on: + push: + branches-ignore: + - main + +jobs: + Deploy-Preview: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + + - name: Set job vars + id: vars + run: | + echo "cache-key-npm=npm-vercel-${VERCEL_VERSION}" >> $GITHUB_OUTPUT + echo "cache-dir-npm=${HOME}/.npm" >> $GITHUB_OUTPUT + + - name: Set npm cache + uses: actions/cache@v3 + with: + path: ${{ steps.vars.outputs.cache-dir-npm }} + key: ${{ steps.vars.outputs.cache-key-npm }} + + - name: Install Vercel CLI + run: npm install --global vercel@${VERCEL_VERSION} + + - name: Pull Vercel Environment Information + run: vercel pull --yes --environment=preview --token=${{ secrets.VERCEL_TOKEN }} + + - name: Build Project Artifacts + run: vercel build --token=${{ secrets.VERCEL_TOKEN }} + + - name: Deploy Project Artifacts to Vercel + id: deploy + run: | + vercel deploy --prebuilt --token=${{ secrets.VERCEL_TOKEN }} | tee out.log + export PREVIEW_URL=$(grep ^Preview out.log | awk '{print$2}') + echo "Discovered Preview URL: ${PREVIEW_URL}" + echo "url-dev=$PREVIEW_URL" >> $GITHUB_OUTPUT + + - name: Find comment + uses: peter-evans/find-comment@v2 + id: fbc + with: + issue-number: ${{ github.event.pull_request.number }} + comment-author: 'github-actions[bot]' + body-includes: Docs published! + + - name: Create comment + if: steps.fbc.outputs.comment-id == '' + uses: peter-evans/create-or-update-comment@v3 + with: + issue-number: ${{ github.event.pull_request.number }} + body: | + Docs published! + - Preview URL: ${{ steps.deploy.outputs.url-dev }} + reactions: rocket + + - name: Update comment + if: steps.fbc.outputs.comment-id != '' + uses: peter-evans/create-or-update-comment@v3 + with: + comment-id: ${{ steps.fbc.outputs.comment-id }} + body: | + Docs published! + - Preview URL: ${{ steps.deploy.outputs.url-dev }} + reactions: hooray From cdc764ba8c38cc9bb4793fd38cb17f8e196ffa58 Mon Sep 17 00:00:00 2001 From: Marco Braga Date: Fri, 9 Jun 2023 22:31:40 -0300 Subject: [PATCH 07/39] preview doc --- .github/workflows/site-preview.yaml | 116 +++++++++++++++------------- 1 file changed, 63 insertions(+), 53 deletions(-) diff --git a/.github/workflows/site-preview.yaml b/.github/workflows/site-preview.yaml index 1c4ad90..25d5cd2 100644 --- a/.github/workflows/site-preview.yaml +++ b/.github/workflows/site-preview.yaml @@ -1,10 +1,5 @@ name: github-pages-preview -env: - VERCEL_VERSION: 28.20.0 - VERCEL_ORG_ID: ${{ secrets.VERCEL_ORG_ID }} - VERCEL_PROJECT_ID: ${{ secrets.VERCEL_PROJECT_ID }} - on: push: branches-ignore: @@ -13,62 +8,77 @@ on: jobs: Deploy-Preview: runs-on: ubuntu-latest + env: + VERCEL_VERSION: 28.20.0 + VERCEL_ORG_ID: ${{ secrets.VERCEL_ORG_ID }} + VERCEL_PROJECT_ID: ${{ secrets.VERCEL_PROJECT_ID }} steps: - uses: actions/checkout@v2 - - name: Set job vars - id: vars - run: | - echo "cache-key-npm=npm-vercel-${VERCEL_VERSION}" >> $GITHUB_OUTPUT - echo "cache-dir-npm=${HOME}/.npm" >> $GITHUB_OUTPUT + # - name: Set job vars + # id: vars + # run: | + # echo "cache-key-npm=npm-vercel-${VERCEL_VERSION}" >> $GITHUB_OUTPUT + # echo "cache-dir-npm=${HOME}/.npm" >> $GITHUB_OUTPUT + + # - name: Set npm cache + # uses: actions/cache@v3 + # with: + # path: ${{ steps.vars.outputs.cache-dir-npm }} + # key: ${{ steps.vars.outputs.cache-key-npm }} - - name: Set npm cache - uses: actions/cache@v3 - with: - path: ${{ steps.vars.outputs.cache-dir-npm }} - key: ${{ steps.vars.outputs.cache-key-npm }} + # - name: Install Vercel CLI + # run: npm install --global vercel@${VERCEL_VERSION} - - name: Install Vercel CLI - run: npm install --global vercel@${VERCEL_VERSION} + # - name: Pull Vercel Environment Information + # run: vercel pull --yes --environment=preview --token=${{ secrets.VERCEL_TOKEN }} - - name: Pull Vercel Environment Information - run: vercel pull --yes --environment=preview --token=${{ secrets.VERCEL_TOKEN }} + # - name: Build Project Artifacts + # run: vercel build --token=${{ secrets.VERCEL_TOKEN }} - - name: Build Project Artifacts - run: vercel build --token=${{ secrets.VERCEL_TOKEN }} + # - name: Deploy Project Artifacts to Vercel + # id: verceldeploy + # run: | + # export PREVIEW_URL=$(vercel deploy --prebuilt --token=${{ secrets.VERCEL_TOKEN }} | tee out.log + # export PREVIEW_URL=$(grep ^Preview out.log | awk '{print$2}') + # echo "Discovered Preview URL: ${PREVIEW_URL}" + # echo "url=$PREVIEW_URL" >> $GITHUB_OUTPUT - - name: Deploy Project Artifacts to Vercel - id: deploy - run: | - vercel deploy --prebuilt --token=${{ secrets.VERCEL_TOKEN }} | tee out.log - export PREVIEW_URL=$(grep ^Preview out.log | awk '{print$2}') - echo "Discovered Preview URL: ${PREVIEW_URL}" - echo "url-dev=$PREVIEW_URL" >> $GITHUB_OUTPUT + # # - name: Update PR with test results + # # uses: edumserrano/find-create-or-update-comment@v1 + # # with: + # # issue-number: ${{ github.event.pull_request.number }} + # # body-includes: '' + # # comment-author: 'github-actions[bot]' + # # body: | # can be a single value or you can compose text with multi-line values + # # + # # Preview Documentation published at URL: ${{ steps.verceldeploy.outputs.url }} + # # edit-mode: replace - - name: Find comment - uses: peter-evans/find-comment@v2 - id: fbc - with: - issue-number: ${{ github.event.pull_request.number }} - comment-author: 'github-actions[bot]' - body-includes: Docs published! + # # - name: Find comment + # # uses: peter-evans/find-comment@v2 + # # id: fbc + # # with: + # # issue-number: ${{ github.event.pull_request.number }} + # # comment-author: 'github-actions[bot]' + # # body-includes: Docs published! - - name: Create comment - if: steps.fbc.outputs.comment-id == '' - uses: peter-evans/create-or-update-comment@v3 - with: - issue-number: ${{ github.event.pull_request.number }} - body: | - Docs published! - - Preview URL: ${{ steps.deploy.outputs.url-dev }} - reactions: rocket + # - name: Create comment + # # if: steps.fbc.outputs.comment-id == '' + # uses: peter-evans/create-or-update-comment@v3 + # with: + # issue-number: ${{ github.event.pull_request.number }} + # body: | + # Docs published! + # - Preview URL: ${{ steps.verceldeploy.outputs.url-dev }} + # reactions: rocket - - name: Update comment - if: steps.fbc.outputs.comment-id != '' - uses: peter-evans/create-or-update-comment@v3 - with: - comment-id: ${{ steps.fbc.outputs.comment-id }} - body: | - Docs published! - - Preview URL: ${{ steps.deploy.outputs.url-dev }} - reactions: hooray + # # - name: Update comment + # # if: steps.fbc.outputs.comment-id != '' + # # uses: peter-evans/create-or-update-comment@v3 + # # with: + # # comment-id: ${{ steps.fbc.outputs.comment-id }} + # # body: | + # # Docs published! + # # - Preview URL: ${{ steps.deploy.outputs.url-dev }} + # # reactions: hooray From df9ed08d00dc2e1fba5e959818bcba991b0a1aec Mon Sep 17 00:00:00 2001 From: Marco Braga Date: Tue, 13 Jun 2023 00:45:08 -0300 Subject: [PATCH 08/39] review CCM manifests --- docs/guides/OCI/oci-install-ccm.md | 2 +- docs/guides/OCI/oci-installing-steps.md | 4 ++ .../patches-manifests/deploy-oci-ccm.yaml | 63 ++++++++++++------- 3 files changed, 46 insertions(+), 23 deletions(-) diff --git a/docs/guides/OCI/oci-install-ccm.md b/docs/guides/OCI/oci-install-ccm.md index cd77982..299f1a4 100644 --- a/docs/guides/OCI/oci-install-ccm.md +++ b/docs/guides/OCI/oci-install-ccm.md @@ -26,7 +26,7 @@ EOF source ~/.oci/env -CLUSTER_NAME=oci-fd1-vpu90 +CLUSTER_NAME=oci-ext01 VARS_FILE=./vars-oci-ha_${CLUSTER_NAME}.yaml cat < ${VARS_FILE} diff --git a/docs/guides/OCI/oci-installing-steps.md b/docs/guides/OCI/oci-installing-steps.md index 9fc2b5a..565c5b4 100644 --- a/docs/guides/OCI/oci-installing-steps.md +++ b/docs/guides/OCI/oci-installing-steps.md @@ -114,6 +114,10 @@ cfg_patch_yaml_patch_specs: cfg_patch_kubelet_providerid_script: | PROVIDERID=\$(curl -H "Authorization: Bearer Oracle" -sL http://169.254.169.254/opc/v2/instance/ | jq -r .id); +# using kube-system and downloading manifests from github +oci_ccm_namespace: kube-system +oci_ccm_version: v1.25.0 + # Customize instance type #compute_shape: "BM.Standard.E2.64" #compute_shape_config: {} diff --git a/roles/config/tasks/patches-manifests/deploy-oci-ccm.yaml b/roles/config/tasks/patches-manifests/deploy-oci-ccm.yaml index bcff630..45edbf7 100644 --- a/roles/config/tasks/patches-manifests/deploy-oci-ccm.yaml +++ b/roles/config/tasks/patches-manifests/deploy-oci-ccm.yaml @@ -2,16 +2,18 @@ - name: Patch | OCI | CCM | Set namespace oci_ccm_namespace ansible.builtin.set_fact: # default provided by repo is kube-system - oci_ccm_namespace: oci-cloud-controller-manager + #oci_ccm_namespace: oci-cloud-controller-manager + oci_ccm_namespace: "{{ cfg_patch_oci_ccm_namespace }}" when: oci_ccm_namespace is not defined - name: Patch | OCI | CCM | Create Namespace + when: oci_ccm_namespace != "kube-system" ansible.builtin.template: src: patches/oci/oci-ccm-00-namespace.yaml.j2 dest: "{{ config_install_dir }}/manifests/oci-cloud-controller-manager-00-namespace.yaml" mode: 0644 -- name: Patch | OCI | CCM | Set subnet ID +- name: Patch | OCI | CCM | Gather subnet ID ansible.builtin.set_fact: _lb_subnet1: "{{ sb.state.id }}" loop: "{{ (cluster_state.networks | first).subnets }}" @@ -31,26 +33,43 @@ vars: oci_compartment_id: oci_compartment_id -- name: Patch | OCI | CCM | Create RBAC SA - ansible.builtin.template: - src: patches/oci/oci-ccm-02-rbac-sa.yaml.j2 - dest: "{{ config_install_dir }}/manifests/oci-cloud-controller-manager-02-rbac-sa.yaml" - mode: 0644 +- name: Patch | OCI | CCM | Custom manifests + when: oci_ccm_namespace == "kube-system" + block: + - name: Get CCM manifests + ansible.builtin.get_url: + url: "{{ item.url }}" + dest: "{{ config_install_dir }}/manifests/oci-cloud-controller-manager-{{ item.suffix }}.yaml" + mode: '0440' + loop: + - url: "https://github.com/oracle/oci-cloud-controller-manager/releases/download/{{ oci_ccm_version }}/oci-cloud-controller-manager-rbac.yaml" + suffix: "02-rbac" + - url: "https://github.com/oracle/oci-cloud-controller-manager/releases/download/{{ oci_ccm_version }}/oci-cloud-controller-manager.yaml" + suffix: "03" -- name: Patch | OCI | CCM | Create RBAC CR - ansible.builtin.template: - src: patches/oci/oci-ccm-03-rbac-cr.yaml.j2 - dest: "{{ config_install_dir }}/manifests/oci-cloud-controller-manager-03-rbac-cr.yaml" - mode: 0644 +- name: Patch | OCI | CCM | Custom manifests + when: oci_ccm_namespace != "kube-system" + block: + - name: Patch | OCI | CCM | Create RBAC SA + ansible.builtin.template: + src: patches/oci/oci-ccm-02-rbac-sa.yaml.j2 + dest: "{{ config_install_dir }}/manifests/oci-cloud-controller-manager-02-rbac-sa.yaml" + mode: 0644 -- name: Patch | OCI | CCM | Create RBAC CRB - ansible.builtin.template: - src: patches/oci/oci-ccm-04-rbac-crb.yaml.j2 - dest: "{{ config_install_dir }}/manifests/oci-cloud-controller-manager-04-rbac-crb.yaml" - mode: 0644 + - name: Patch | OCI | CCM | Create RBAC CR + ansible.builtin.template: + src: patches/oci/oci-ccm-03-rbac-cr.yaml.j2 + dest: "{{ config_install_dir }}/manifests/oci-cloud-controller-manager-03-rbac-cr.yaml" + mode: 0644 -- name: Patch | OCI | CCM | Create DaemonSet - ansible.builtin.template: - src: patches/oci/oci-ccm-05-daemonset.yaml.j2 - dest: "{{ config_install_dir }}/manifests/oci-cloud-controller-manager-05-daemonset.yaml" - mode: 0644 + - name: Patch | OCI | CCM | Create RBAC CRB + ansible.builtin.template: + src: patches/oci/oci-ccm-04-rbac-crb.yaml.j2 + dest: "{{ config_install_dir }}/manifests/oci-cloud-controller-manager-04-rbac-crb.yaml" + mode: 0644 + + - name: Patch | OCI | CCM | Create DaemonSet + ansible.builtin.template: + src: patches/oci/oci-ccm-05-daemonset.yaml.j2 + dest: "{{ config_install_dir }}/manifests/oci-cloud-controller-manager-05-daemonset.yaml" + mode: 0644 From fd15231a9dbc90fc53119900497c92ba8c333287 Mon Sep 17 00:00:00 2001 From: Marco Braga Date: Thu, 15 Jun 2023 16:50:42 -0300 Subject: [PATCH 09/39] update install user guide with clearly prereqs --- docs/guides/OCI/oci-install-ccm.md | 35 +++++++++++++----------- docs/guides/OCI/oci-prerequisites.md | 40 +++++++++++----------------- 2 files changed, 36 insertions(+), 39 deletions(-) diff --git a/docs/guides/OCI/oci-install-ccm.md b/docs/guides/OCI/oci-install-ccm.md index 299f1a4..3019edc 100644 --- a/docs/guides/OCI/oci-install-ccm.md +++ b/docs/guides/OCI/oci-install-ccm.md @@ -4,12 +4,12 @@ Install an OCP cluster in OCI with Platform External as an option and OCI Cloud ## Requirements -- Credentials -- Client installed +- okd-installer Collection with [OCI dependencies installed](./oci-prerequisites.md): +- Child Compartment created in Oracle Cloud Console to install the cluster, place the DNS zone and compute images ## OCP Cluster Setup on OCI -### Generate the vars file +### Create the vars file ```bash cat < ~/.oci/env @@ -17,7 +17,6 @@ cat < ~/.oci/env OCI_COMPARTMENT_ID="" # Compartment that the DNS Zone is created (based domain) -# Only RR will be added OCI_COMPARTMENT_ID_DNS="" # Compartment that the OS Image will be created @@ -26,7 +25,7 @@ EOF source ~/.oci/env -CLUSTER_NAME=oci-ext01 +CLUSTER_NAME=oci-ext02 VARS_FILE=./vars-oci-ha_${CLUSTER_NAME}.yaml cat < ${VARS_FILE} @@ -42,11 +41,11 @@ cluster_profile: ha destroy_bootstrap: no config_base_domain: splat-oci.devcluster.openshift.com -config_ssh_key: "$(cat ~/.ssh/id_rsa.pub;cat ~/.ssh/openshift-dev.pub)" +config_ssh_key: "$(cat ~/.ssh/id_rsa.pub; cat ~/.ssh/openshift-dev.pub)" config_pull_secret_file: "${HOME}/.openshift/pull-secret-latest.json" -config_cluster_version: 4.13.0 -version: 4.13.0 +config_cluster_version: 4.13.0-rc.0 +version: 4.13.0-rc.0 # Define the OS Image mirror os_mirror: yes @@ -68,11 +67,11 @@ EOF # Platform External setup only cat <> ${VARS_FILE} -# Platform External specifics (preview version) - +# Platform External specifics (preview release with minimal changes) config_installer_environment: OPENSHIFT_INSTALL_RELEASE_IMAGE_OVERRIDE: "quay.io/mrbraga/ocp-release:4.13.0-rc.0-x86_64_platexternal-kcmo-mco-3cmo" +# Available manifest paches (runs after 'create manifest' stage) config_patches: - rm-capi-machines - mc-kubelet-providerid @@ -80,17 +79,23 @@ config_patches: - deploy-oci-csi - yaml_patch +# YAML Patches cfg_patch_yaml_patch_specs: - ## patch infra object to create External provider + ## patch infra object to create External provider - manifest: /manifests/cluster-infrastructure-02-config.yml patch: '{"spec":{"platformSpec":{"type":"External","external":{"platformName":"oci"}}},"status":{"platform":"External","platformStatus":{"type":"External","external":{}}}}' +# MachineConfig to set the Kubelet environment. Will use this script to discover the ProviderID cfg_patch_kubelet_providerid_script: | PROVIDERID=\$(curl -H "Authorization: Bearer Oracle" -sL http://169.254.169.254/opc/v2/instance/ | jq -r .id); -# Notes for: oci-fd1-vpu90 -# - Multiple(3) FD for masters and workers -# - master volume VPU/GB 90 +# Choose CCM deployment parameters +## Use patched manifests for OCP +oci_ccm_namespace: oci-cloud-controller-manager +## Use default manifests from github https://github.com/oracle/oci-cloud-controller-manager#deployment +## Note: that method is failing when copying the manifests 'as-is' in OCP. Need more investigation: +# oci_ccm_namespace: kube-system +# oci_ccm_version: v1.25.0 EOF ``` @@ -108,4 +113,4 @@ ansible-playbook mtulio.okd_installer.create_all \ ```bash ansible-playbook mtulio.okd_installer.destroy_cluster -e @$VARS_FILE -``` +``` \ No newline at end of file diff --git a/docs/guides/OCI/oci-prerequisites.md b/docs/guides/OCI/oci-prerequisites.md index 2be8557..811aefa 100644 --- a/docs/guides/OCI/oci-prerequisites.md +++ b/docs/guides/OCI/oci-prerequisites.md @@ -2,13 +2,13 @@ The steps described on this document can be changed from the final version. -The goal is to quickly setup the PoC environment installing all the dependencies and Oracle Cloud Infrastructure identities to use the CLI/SDK with Ansible. +The goal is to quickly setup the PoC environment installing all the dependencies to deploy a cluster in Oracle Cloud Infrastructure - official Collection `oracle.oci`, setup identities to use the CLI/SDK, etc. ### Setup Ansible project -> This steps should be made only when OCI provider is under development - not merged to `main` branch. Then the normal install flow should be used. +> This steps should be made only when OCI provider is under development in the branch `feat-added-provider-oci`. -- Setup your ansible workdir (optional, you can use the defaults) +- Setup the ansible workdir (optional, you can use the defaults except the `collections_path`) ```bash cat < ansible.cfg @@ -27,33 +27,16 @@ sort_order=none EOF ``` -- Create a virtual ennv +- Create a virtual env + +> Tested in Python 3.9 and 3.10 ```bash python3.9 -m venv ./.oci source ./.oci/bin/activate ``` -- Donwload requirements files - -``` -wget https://raw.githubusercontent.com/mtulio/ansible-collection-okd-installer/main/requirements.yml -wget https://raw.githubusercontent.com/mtulio/ansible-collection-okd-installer/main/requirements.txt -``` - -- Install ansible and dependencies - -```bash -pip install -r requirements.txt -``` - -- Install the Collections - -```bash -ansible-galaxy collection install -r requirements.yml -``` - -- Get the latest (under development) okd-installer for OCI +- Get the latest (under development) okd-installer collection with OCI modules: > https://github.com/mtulio/ansible-collection-okd-installer/pull/26 @@ -63,6 +46,13 @@ git clone -b feat-added-provider-oci --recursive \ collections/ansible_collections/mtulio/okd_installer ``` +- Install the dependencies: + +```bash +pip install -r collections/ansible_collections/mtulio/okd_installer/requirements.txt +ansible-galaxy collection install -r collections/ansible_collections/mtulio/okd_installer/requirements.yml +``` + - Check if the collection is present @@ -82,6 +72,8 @@ Make sure your credentials have been set correctly on the file `~/.oci/config` a - Get the User ID from the documentation +> you may need to adapt if there are more than one profile + ```bash export oci_user_id=$(grep ^user ~/.oci/config | awk -F '=' '{print$2}') ``` From 367cab54837c97da739031e772cbb40deb0ebee4 Mon Sep 17 00:00:00 2001 From: Marco Braga Date: Sun, 18 Jun 2023 20:43:42 -0300 Subject: [PATCH 10/39] changing container build workdir --- hack/Containerfile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/hack/Containerfile b/hack/Containerfile index 78a516c..cad93c1 100644 --- a/hack/Containerfile +++ b/hack/Containerfile @@ -2,7 +2,8 @@ FROM quay.io/centos/centos:stream9 ENV ANSIBLE_UNSAFE_WRITES=1 -WORKDIR /okd-installer +WORKDIR /opt/okd-installer +ENV ANSIBLE_HOME=/opt/okd-installer RUN dnf install python3-pip -y \ && dnf clean all From ebaf3ac2ec454d1f43faa1d87c79881fd98f7506 Mon Sep 17 00:00:00 2001 From: Marco Braga Date: Sun, 18 Jun 2023 22:52:48 -0300 Subject: [PATCH 11/39] fix relative path --- roles/cloud_network | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/cloud_network b/roles/cloud_network index 0554034..699a795 160000 --- a/roles/cloud_network +++ b/roles/cloud_network @@ -1 +1 @@ -Subproject commit 0554034f5d56c3a49b5988e14028a6b44a3cf822 +Subproject commit 699a79514aad817cf096aa4686c6dd6fed1cface From bdbd649e95bd1228e56e254bee837b020bb3e7b0 Mon Sep 17 00:00:00 2001 From: Marco Braga Date: Sun, 18 Jun 2023 23:30:39 -0300 Subject: [PATCH 12/39] fix pipeline to ensure latest PR on builds --- .github/workflows/main.yml | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 64e5bed..7de2bef 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -10,9 +10,9 @@ on: schedule: - cron: "0 5 * * 0" -defaults: - run: - working-directory: 'mtulio.okd_installer' +# defaults: + # run: + # working-directory: 'mtulio.okd_installer' jobs: @@ -24,7 +24,7 @@ jobs: - name: Check out the codebase. uses: actions/checkout@v3 with: - path: 'mtulio.okd_installer' + # path: 'mtulio.okd_installer' submodules: recursive - name: Set up Python 3. @@ -60,7 +60,7 @@ jobs: - name: Check out the codebase. uses: actions/checkout@v3 with: - path: 'mtulio.okd_installer' + # path: 'mtulio.okd_installer' submodules: recursive - name: Set up Python 3. @@ -90,8 +90,8 @@ jobs: - name: Checkout uses: actions/checkout@v3 with: - path: 'mtulio.okd_installer' - fetch-depth: 5 + # path: 'mtulio.okd_installer' + # fetch-depth: 5 submodules: recursive - name: Build Collection @@ -132,8 +132,8 @@ jobs: - name: Checkout uses: actions/checkout@v3 with: - path: 'mtulio.okd_installer' - fetch-depth: 5 + # path: 'mtulio.okd_installer' + # fetch-depth: 5 submodules: recursive - name: Download artifacts @@ -231,8 +231,8 @@ jobs: - name: Checkout uses: actions/checkout@v3 with: - path: 'mtulio.okd_installer' - fetch-depth: 5 + # path: 'mtulio.okd_installer' + # fetch-depth: 5 submodules: recursive - name: Download artifacts @@ -277,8 +277,8 @@ jobs: - name: Checkout uses: actions/checkout@v3 with: - path: 'mtulio.okd_installer' - fetch-depth: 5 + # path: 'mtulio.okd_installer' + # fetch-depth: 5 submodules: recursive - name: Get version @@ -314,8 +314,8 @@ jobs: - name: Checkout uses: actions/checkout@v3 with: - path: 'mtulio.okd_installer' - fetch-depth: 5 + # path: 'mtulio.okd_installer' + # fetch-depth: 5 submodules: recursive - name: Get version From c8a8387c6b17c9ceb9074c20137dfd1e41b7e85e Mon Sep 17 00:00:00 2001 From: Marco Braga Date: Mon, 19 Jun 2023 00:02:35 -0300 Subject: [PATCH 13/39] fix builder to reset submodules --- hack/ci/deploy.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hack/ci/deploy.yml b/hack/ci/deploy.yml index b24205c..67760a0 100644 --- a/hack/ci/deploy.yml +++ b/hack/ci/deploy.yml @@ -12,7 +12,7 @@ pre_tasks: - name: Verify none of the git submodules need updates. command: > - git submodule update --recursive --remote + git submodule update --recursive chdir={{ collection_root }} register: git_update #failed_when: git_update.stdout != '' From 5bb6f9234f86ebcd68d87e4c3527377ae5d6e6be Mon Sep 17 00:00:00 2001 From: Marco Braga Date: Mon, 19 Jun 2023 14:56:30 -0300 Subject: [PATCH 14/39] hide info from default stdout --- roles/cloud_compute | 2 +- roles/cloud_load_balancer | 2 +- roles/cloud_network | 2 +- roles/config/tasks/patches-manifests/deploy-oci-ccm.yaml | 1 + 4 files changed, 4 insertions(+), 3 deletions(-) diff --git a/roles/cloud_compute b/roles/cloud_compute index 2c60e24..205e702 160000 --- a/roles/cloud_compute +++ b/roles/cloud_compute @@ -1 +1 @@ -Subproject commit 2c60e240bd23a3f5612c08a02dd4edaae1fba002 +Subproject commit 205e70259c18b6c56fbf96f3ecff38143d640522 diff --git a/roles/cloud_load_balancer b/roles/cloud_load_balancer index bd32369..4cec6aa 160000 --- a/roles/cloud_load_balancer +++ b/roles/cloud_load_balancer @@ -1 +1 @@ -Subproject commit bd32369363fbcc6b5472f8ad3a43b704a25a7bb2 +Subproject commit 4cec6aa93b52bb6ce4cb45e82adf75e04ebcc990 diff --git a/roles/cloud_network b/roles/cloud_network index 699a795..469b356 160000 --- a/roles/cloud_network +++ b/roles/cloud_network @@ -1 +1 @@ -Subproject commit 699a79514aad817cf096aa4686c6dd6fed1cface +Subproject commit 469b3561a8e3ef533c6a8cc639f9f21481530d8e diff --git a/roles/config/tasks/patches-manifests/deploy-oci-ccm.yaml b/roles/config/tasks/patches-manifests/deploy-oci-ccm.yaml index 45edbf7..67b686e 100644 --- a/roles/config/tasks/patches-manifests/deploy-oci-ccm.yaml +++ b/roles/config/tasks/patches-manifests/deploy-oci-ccm.yaml @@ -20,6 +20,7 @@ loop_control: loop_var: sb when: sb.public + no_log: not(debug | d(false)) - name: Patch | OCI | CCM | Load OCI Secret data ansible.builtin.set_fact: From 4b1c2a0fcdafb267b79616b1cb723269380788d7 Mon Sep 17 00:00:00 2001 From: Marco Braga Date: Mon, 19 Jun 2023 17:04:34 -0300 Subject: [PATCH 15/39] revert no_log in network seclist --- playbooks/destroy_cluster.yaml | 2 +- roles/cloud_network | 2 +- roles/destroy/tasks/oci/network.yaml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/playbooks/destroy_cluster.yaml b/playbooks/destroy_cluster.yaml index a3971ee..e4a83ca 100644 --- a/playbooks/destroy_cluster.yaml +++ b/playbooks/destroy_cluster.yaml @@ -76,4 +76,4 @@ ansible.builtin.debug: msg: - "start=[{{ okdi_del_timer_start | d('') }}] end=[{{ okdi_del_timer_end }}]" - - "total=[{{ ((okdi_del_timer_end | to_datetime) - (okdi_del_timer_start | to_datetime)) }}]" \ No newline at end of file + - "total=[{{ ((okdi_del_timer_end | to_datetime) - (okdi_del_timer_start | to_datetime)) }}]" diff --git a/roles/cloud_network b/roles/cloud_network index 469b356..06b2a3e 160000 --- a/roles/cloud_network +++ b/roles/cloud_network @@ -1 +1 @@ -Subproject commit 469b3561a8e3ef533c6a8cc639f9f21481530d8e +Subproject commit 06b2a3e0d4847be6c5f02c0bc1c5078451e6df3d diff --git a/roles/destroy/tasks/oci/network.yaml b/roles/destroy/tasks/oci/network.yaml index d69bacc..deece0a 100644 --- a/roles/destroy/tasks/oci/network.yaml +++ b/roles/destroy/tasks/oci/network.yaml @@ -11,7 +11,7 @@ loop_var: subnet register: _del_subnet until: "_del_subnet is not failed" - retries: 5 + retries: 10 delay: 5 - name: OCI | Network | Route Table Public | Delete From d6a97eaeb651fbc94ce3cf1acf2de7300904c881 Mon Sep 17 00:00:00 2001 From: Marco Braga Date: Thu, 22 Jun 2023 15:34:02 -0300 Subject: [PATCH 16/39] review installation with no_log --- docs/guides/OCI/oci-install-ccm.md | 2 +- roles/cloud_compute | 2 +- roles/cloud_load_balancer | 2 +- roles/cloud_network | 2 +- roles/config/tasks/patches-manifests/deploy-oci-ccm.yaml | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/docs/guides/OCI/oci-install-ccm.md b/docs/guides/OCI/oci-install-ccm.md index 3019edc..541a2ce 100644 --- a/docs/guides/OCI/oci-install-ccm.md +++ b/docs/guides/OCI/oci-install-ccm.md @@ -25,7 +25,7 @@ EOF source ~/.oci/env -CLUSTER_NAME=oci-ext02 +CLUSTER_NAME=oci-ext03 VARS_FILE=./vars-oci-ha_${CLUSTER_NAME}.yaml cat < ${VARS_FILE} diff --git a/roles/cloud_compute b/roles/cloud_compute index 205e702..f12cdbd 160000 --- a/roles/cloud_compute +++ b/roles/cloud_compute @@ -1 +1 @@ -Subproject commit 205e70259c18b6c56fbf96f3ecff38143d640522 +Subproject commit f12cdbd2bbb4a876c885b62c9f05a3a41ce0bf81 diff --git a/roles/cloud_load_balancer b/roles/cloud_load_balancer index 4cec6aa..804deef 160000 --- a/roles/cloud_load_balancer +++ b/roles/cloud_load_balancer @@ -1 +1 @@ -Subproject commit 4cec6aa93b52bb6ce4cb45e82adf75e04ebcc990 +Subproject commit 804deef5e47ee02e256f67379cdf7f1835e296f9 diff --git a/roles/cloud_network b/roles/cloud_network index 06b2a3e..8906b16 160000 --- a/roles/cloud_network +++ b/roles/cloud_network @@ -1 +1 @@ -Subproject commit 06b2a3e0d4847be6c5f02c0bc1c5078451e6df3d +Subproject commit 8906b16da07f67a630758085d914b892208f29bb diff --git a/roles/config/tasks/patches-manifests/deploy-oci-ccm.yaml b/roles/config/tasks/patches-manifests/deploy-oci-ccm.yaml index 67b686e..87a49a0 100644 --- a/roles/config/tasks/patches-manifests/deploy-oci-ccm.yaml +++ b/roles/config/tasks/patches-manifests/deploy-oci-ccm.yaml @@ -20,7 +20,7 @@ loop_control: loop_var: sb when: sb.public - no_log: not(debug | d(false)) + no_log: true - name: Patch | OCI | CCM | Load OCI Secret data ansible.builtin.set_fact: From f30fa79af8dc73579b25bf4dfc18e039a8d30f7b Mon Sep 17 00:00:00 2001 From: Marco Braga Date: Thu, 6 Jul 2023 20:26:26 -0300 Subject: [PATCH 17/39] chores when provisioning stable nightly --- docs/guides/OCI/oci-install-ccm.md | 170 ++++++++++++++++-- roles/config/templates/install-config.yaml.j2 | 4 + roles/destroy/tasks/oci/compute.yaml | 2 + 3 files changed, 163 insertions(+), 13 deletions(-) diff --git a/docs/guides/OCI/oci-install-ccm.md b/docs/guides/OCI/oci-install-ccm.md index 541a2ce..5d76ea1 100644 --- a/docs/guides/OCI/oci-install-ccm.md +++ b/docs/guides/OCI/oci-install-ccm.md @@ -24,8 +24,8 @@ OCI_COMPARTMENT_ID_IMAGE="" EOF source ~/.oci/env - -CLUSTER_NAME=oci-ext03 +# MCO patch without revendor (w/o disabling FG) +CLUSTER_NAME=oci-ext106 VARS_FILE=./vars-oci-ha_${CLUSTER_NAME}.yaml cat < ${VARS_FILE} @@ -41,11 +41,22 @@ cluster_profile: ha destroy_bootstrap: no config_base_domain: splat-oci.devcluster.openshift.com -config_ssh_key: "$(cat ~/.ssh/id_rsa.pub; cat ~/.ssh/openshift-dev.pub)" +config_ssh_key: "$(cat ~/.ssh/openshift-dev.pub)" config_pull_secret_file: "${HOME}/.openshift/pull-secret-latest.json" -config_cluster_version: 4.13.0-rc.0 -version: 4.13.0-rc.0 +config_featureset: TechPreviewNoUpgrade + +#release_image: registry.ci.openshift.org/ocp/release +#release_version: 4.14.0-0.nightly-2023-06-27-233015 + +# custom installer w/ support to external +# 4.14.0-0.nightly-2023-06-29-external +release_image: quay.io/mrbraga/ocp-release +release_version: 4.14.0-0.nightly-2023-06-27-233015 + +#config_cluster_version: 4.14.0-0.nightly-2023-06-27-233015 +#version: 4.14.0-0.nightly-2023-06-27-233015 +#version: 4.13.4 # Define the OS Image mirror os_mirror: yes @@ -67,9 +78,16 @@ EOF # Platform External setup only cat <> ${VARS_FILE} +config_platform: external +config_platform_spec: '{"platformName":"oci"}' + # Platform External specifics (preview release with minimal changes) +#config_installer_environment: +# OPENSHIFT_INSTALL_RELEASE_IMAGE_OVERRIDE: "quay.io/mrbraga/ocp-release:4.13.0-rc.0-x86_64_platexternal-kcmo-mco-3cmo" + config_installer_environment: - OPENSHIFT_INSTALL_RELEASE_IMAGE_OVERRIDE: "quay.io/mrbraga/ocp-release:4.13.0-rc.0-x86_64_platexternal-kcmo-mco-3cmo" + OPENSHIFT_INSTALL_RELEASE_IMAGE_OVERRIDE: "quay.io/mrbraga/ocp-release:4.14.0-0.nightly-2023-06-27-233015-mco_manual_crd-installer" + # Available manifest paches (runs after 'create manifest' stage) config_patches: @@ -77,13 +95,15 @@ config_patches: - mc-kubelet-providerid - deploy-oci-ccm - deploy-oci-csi -- yaml_patch +# - yaml_patch # YAML Patches -cfg_patch_yaml_patch_specs: - ## patch infra object to create External provider - - manifest: /manifests/cluster-infrastructure-02-config.yml - patch: '{"spec":{"platformSpec":{"type":"External","external":{"platformName":"oci"}}},"status":{"platform":"External","platformStatus":{"type":"External","external":{}}}}' +# cfg_patch_yaml_patch_specs: +# ## patch infra object to create External provider +# - manifest: /manifests/cluster-infrastructure-02-config.yml +# patch: '{"spec":{"platformSpec":{"type":"External","external":{"platformName":"oci"}}},"status":{"platform":"External","platformStatus":{"type":"External","external":{"cloudControllerManager":{"state":"External"}}}}}' +# - manifest: /manifests/cluster-infrastructure-02-config.yml +# patch: '{"spec":{"platformSpec":{"type":"External","external":{"platformName":"oci"}}},"status":{"platform":"External","platformStatus":{"type":"External","external":{}}}}' # MachineConfig to set the Kubelet environment. Will use this script to discover the ProviderID cfg_patch_kubelet_providerid_script: | @@ -93,7 +113,7 @@ cfg_patch_kubelet_providerid_script: | ## Use patched manifests for OCP oci_ccm_namespace: oci-cloud-controller-manager ## Use default manifests from github https://github.com/oracle/oci-cloud-controller-manager#deployment -## Note: that method is failing when copying the manifests 'as-is' in OCP. Need more investigation: +## Note: that method is failing when copying the manifests 'as-is' in OCP. Reason: the RBAC manifest file (and any bundle / single file with many objects) must be splitted to prevent rendering errors in the bootstrap stage # oci_ccm_namespace: kube-system # oci_ccm_version: v1.25.0 @@ -104,7 +124,7 @@ EOF ```bash ansible-playbook mtulio.okd_installer.create_all \ - -e certs_max_retries=20 \ + -e cert_max_retries=30 \ -e cert_wait_interval_sec=60 \ -e @$VARS_FILE ``` @@ -113,4 +133,128 @@ ansible-playbook mtulio.okd_installer.create_all \ ```bash ansible-playbook mtulio.okd_installer.destroy_cluster -e @$VARS_FILE +``` + + +## Examples + +### Installing 4.14 with CCM + +- OCP 4.14-nightly-patched_CMO + Platform External + OCI + CSI +```bash +CLUSTER_NAME=oci-ext107 +VARS_FILE=./vars-oci-ha_${CLUSTER_NAME}.yaml + +cat < ${VARS_FILE} +provider: oci +cluster_name: ${CLUSTER_NAME} +config_cluster_region: us-sanjose-1 + +release_image: quay.io/mrbraga/ocp-release +release_version: 4.14.0-0.nightly-2023-07-05-071214 + +config_platform: external +config_platform_spec: '{"platformName":"oci"}' + +config_installer_environment: + OPENSHIFT_INSTALL_RELEASE_IMAGE_OVERRIDE: "quay.io/mrbraga/ocp-release:4.14.0-0.nightly-2023-07-05-071214" + +config_featureset: TechPreviewNoUpgrade +config_base_domain: splat-oci.devcluster.openshift.com +config_ssh_key: "$(cat ~/.ssh/openshift-dev.pub)" +config_pull_secret_file: "${HOME}/.openshift/pull-secret-latest.json" + +cluster_profile: ha +destroy_bootstrap: no + +oci_compartment_id: ${OCI_COMPARTMENT_ID} +oci_compartment_id_dns: ${OCI_COMPARTMENT_ID_DNS} +oci_compartment_id_image: ${OCI_COMPARTMENT_ID_IMAGE} +oci_ccm_namespace: oci-cloud-controller-manager + +# Define the OS Image mirror +os_mirror: yes +os_mirror_from: stream_artifacts +os_mirror_stream: + architecture: x86_64 + artifact: openstack + format: qcow2.gz + +os_mirror_to_provider: oci +os_mirror_to_oci: + compartment_id: ${OCI_COMPARTMENT_ID_IMAGE} + bucket: rhcos-images + image_type: QCOW2 + +# Available manifest paches (runs after 'create manifest' stage) +config_patches: +- rm-capi-machines +- mc-kubelet-providerid +- deploy-oci-ccm +- deploy-oci-csi + +# MachineConfig to set the Kubelet environment. Will use this script to discover the ProviderID +cfg_patch_kubelet_providerid_script: | + PROVIDERID=\$(curl -H "Authorization: Bearer Oracle" -sL http://169.254.169.254/opc/v2/instance/ | jq -r .id); +EOF +``` + + +- OKD SCOS 4.14-nightly-patched_CMO + Platform External + OCI + CSI +```bash +CLUSTER_NAME=oci-ext107 +VARS_FILE=./vars-oci-ha_${CLUSTER_NAME}.yaml + +cat < ${VARS_FILE} +provider: oci +cluster_name: ${CLUSTER_NAME} +config_cluster_region: us-sanjose-1 + +release_image: quay.io/mrbraga/ocp-release +release_version: 4.14.0-0.nightly-2023-07-05-071214 + +config_platform: external +config_platform_spec: '{"platformName":"oci"}' + +config_installer_environment: + OPENSHIFT_INSTALL_RELEASE_IMAGE_OVERRIDE: "quay.io/mrbraga/ocp-release:4.14.0-0.nightly-2023-07-05-071214" + +config_featureset: TechPreviewNoUpgrade +config_base_domain: splat-oci.devcluster.openshift.com +config_ssh_key: "$(cat ~/.ssh/openshift-dev.pub)" +config_pull_secret_file: "${HOME}/.openshift/pull-secret-okd-fake.json" + +cluster_profile: ha +destroy_bootstrap: no + +oci_compartment_id: ${OCI_COMPARTMENT_ID} +oci_compartment_id_dns: ${OCI_COMPARTMENT_ID_DNS} +oci_compartment_id_image: ${OCI_COMPARTMENT_ID_IMAGE} +oci_ccm_namespace: oci-cloud-controller-manager + +# Define the OS Image mirror +os_mirror: yes +os_mirror_from: stream_artifacts +os_mirror_stream: + architecture: x86_64 + artifact: openstack + format: qcow2.gz + +os_mirror_to_provider: oci +os_mirror_to_oci: + compartment_id: ${OCI_COMPARTMENT_ID_IMAGE} + bucket: rhcos-images + image_type: QCOW2 + +# Available manifest paches (runs after 'create manifest' stage) +config_patches: +- rm-capi-machines +- mc-kubelet-providerid +- deploy-oci-ccm +- deploy-oci-csi + +# MachineConfig to set the Kubelet environment. Will use this script to discover the ProviderID +cfg_patch_kubelet_providerid_script: | + PROVIDERID=\$(curl -H "Authorization: Bearer Oracle" -sL http://169.254.169.254/opc/v2/instance/ | jq -r .id); +EOF ``` \ No newline at end of file diff --git a/roles/config/templates/install-config.yaml.j2 b/roles/config/templates/install-config.yaml.j2 index e8aa153..1c19535 100644 --- a/roles/config/templates/install-config.yaml.j2 +++ b/roles/config/templates/install-config.yaml.j2 @@ -4,6 +4,10 @@ apiVersion: v1 baseDomain: {{ config_base_domain }} {% endif %} +{% if config_featureset is defined %} +featureSet: {{ config_featureset }} +{% endif %} + # Compute Pool {% if cluster_profile == 'ha' %} compute: {{ config_compute | from_yaml }} diff --git a/roles/destroy/tasks/oci/compute.yaml b/roles/destroy/tasks/oci/compute.yaml index 82fdba2..abca60e 100644 --- a/roles/destroy/tasks/oci/compute.yaml +++ b/roles/destroy/tasks/oci/compute.yaml @@ -17,6 +17,7 @@ when: - _instances.results | length > 0 - results.instances is defined and results.instances | length > 0 + - debug | d(false) debug: msg: "Deleting Instance: {{ results.instances[0].display_name }}({{ results.instances[0].id }})" @@ -28,6 +29,7 @@ when: - _instances.results | length > 0 - inst.instances is defined and inst.instances | length > 0 + no_log: true oracle.oci.oci_compute_instance: state: absent compartment_id: "{{ okd_cluster_destroy_instances_compartment_id }}" From 1688dc061df23379d296657b711e5fa7e7ae0e44 Mon Sep 17 00:00:00 2001 From: Marco Braga Date: Thu, 13 Jul 2023 23:52:58 -0300 Subject: [PATCH 18/39] update the cloud LB role --- roles/cloud_load_balancer | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/cloud_load_balancer b/roles/cloud_load_balancer index 804deef..ca88ff5 160000 --- a/roles/cloud_load_balancer +++ b/roles/cloud_load_balancer @@ -1 +1 @@ -Subproject commit 804deef5e47ee02e256f67379cdf7f1835e296f9 +Subproject commit ca88ff59cb690caea8e31d384d4748d0004fded1 From f0b4d0684a002809577c099df38f3fbd9bef2865 Mon Sep 17 00:00:00 2001 From: Marco Braga Date: Fri, 14 Jul 2023 00:43:32 -0300 Subject: [PATCH 19/39] aws: comment network vpce --- .../aws/profiles/HighlyAvailable/network.yaml | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/playbooks/vars/aws/profiles/HighlyAvailable/network.yaml b/playbooks/vars/aws/profiles/HighlyAvailable/network.yaml index ca6da74..f80d998 100644 --- a/playbooks/vars/aws/profiles/HighlyAvailable/network.yaml +++ b/playbooks/vars/aws/profiles/HighlyAvailable/network.yaml @@ -189,14 +189,14 @@ cloud_networks: # route_table: "{{ cluster_state.infra_id }}-rt-public-edge" # map_public: false - endpoint_services: - - name: s3 - service: com.amazonaws.us-east-1.s3 - route_tables: - - "{{ cluster_state.infra_id }}-rt-public" - - "{{ cluster_state.infra_id }}-rt-private-1a" - - "{{ cluster_state.infra_id }}-rt-private-1b" - - "{{ cluster_state.infra_id }}-rt-private-1c" + # endpoint_services: + # - name: s3 + # service: com.amazonaws.us-east-1.s3 + # route_tables: + # - "{{ cluster_state.infra_id }}-rt-public" + # - "{{ cluster_state.infra_id }}-rt-private-1a" + # - "{{ cluster_state.infra_id }}-rt-private-1b" + # - "{{ cluster_state.infra_id }}-rt-private-1c" # - "{{ cluster_state.infra_id }}-rt-public-edge" # - name: ec2 From 5b461d6f144bad5d5558dabe41932b9b5fd329a5 Mon Sep 17 00:00:00 2001 From: Marco Braga Date: Fri, 4 Aug 2023 11:31:33 -0300 Subject: [PATCH 20/39] updating to OCP ec4 tests --- docs/guides/AWS/aws-agnostic.md | 33 ++++++++++ docs/guides/OCI/oci-install-ccm.md | 64 ++++++++----------- .../aws/profiles/HighlyAvailable/network.yaml | 25 -------- roles/cloud_compute | 2 +- roles/csr_approver/tasks/approve.yaml | 4 ++ roles/destroy/tasks/oci/compute.yaml | 23 +++---- 6 files changed, 76 insertions(+), 75 deletions(-) diff --git a/docs/guides/AWS/aws-agnostic.md b/docs/guides/AWS/aws-agnostic.md index b938bb4..23d4d88 100644 --- a/docs/guides/AWS/aws-agnostic.md +++ b/docs/guides/AWS/aws-agnostic.md @@ -164,3 +164,36 @@ ansible-playbook mtulio.okd_installer.destroy_cluster \ -e provider=${CONFIG_PROVIDER} \ -e cluster_name=${CONFIG_CLUSTER_NAME} ``` + + +## Quick install 4.14 + +```bash +CLUSTER_NAME=aws-none127 +VARS_FILE=./vars-oci-ha_${CLUSTER_NAME}.yaml + +cat < ${VARS_FILE} +provider: aws +cluster_name: ${CLUSTER_NAME} +config_cluster_region: us-east-1 + +cluster_profile: ha +# destroy_bootstrap: no + +config_base_domain: devcluster.openshift.com +config_ssh_key: "$(cat ~/.ssh/openshift-dev.pub)" +config_pull_secret_file: "${HOME}/.openshift/pull-secret-latest.json" + +config_featureset: TechPreviewNoUpgrade + +config_cluster_version: 4.14.0-ec.3 +version: 4.14.0-ec.3 +EOF +``` + +```bash +ansible-playbook mtulio.okd_installer.create_all \ + -e cert_max_retries=30 \ + -e cert_wait_interval_sec=60 \ + -e @$VARS_FILE +``` \ No newline at end of file diff --git a/docs/guides/OCI/oci-install-ccm.md b/docs/guides/OCI/oci-install-ccm.md index 5d76ea1..ef65307 100644 --- a/docs/guides/OCI/oci-install-ccm.md +++ b/docs/guides/OCI/oci-install-ccm.md @@ -25,7 +25,7 @@ EOF source ~/.oci/env # MCO patch without revendor (w/o disabling FG) -CLUSTER_NAME=oci-ext106 +CLUSTER_NAME=oci-ext414ec4-2 VARS_FILE=./vars-oci-ha_${CLUSTER_NAME}.yaml cat < ${VARS_FILE} @@ -44,19 +44,10 @@ config_base_domain: splat-oci.devcluster.openshift.com config_ssh_key: "$(cat ~/.ssh/openshift-dev.pub)" config_pull_secret_file: "${HOME}/.openshift/pull-secret-latest.json" -config_featureset: TechPreviewNoUpgrade - -#release_image: registry.ci.openshift.org/ocp/release -#release_version: 4.14.0-0.nightly-2023-06-27-233015 - -# custom installer w/ support to external -# 4.14.0-0.nightly-2023-06-29-external -release_image: quay.io/mrbraga/ocp-release -release_version: 4.14.0-0.nightly-2023-06-27-233015 +#config_featureset: TechPreviewNoUpgrade -#config_cluster_version: 4.14.0-0.nightly-2023-06-27-233015 -#version: 4.14.0-0.nightly-2023-06-27-233015 -#version: 4.13.4 +config_cluster_version: 4.14.0-ec.4 +version: 4.14.0-ec.4 # Define the OS Image mirror os_mirror: yes @@ -81,41 +72,18 @@ cat <> ${VARS_FILE} config_platform: external config_platform_spec: '{"platformName":"oci"}' -# Platform External specifics (preview release with minimal changes) -#config_installer_environment: -# OPENSHIFT_INSTALL_RELEASE_IMAGE_OVERRIDE: "quay.io/mrbraga/ocp-release:4.13.0-rc.0-x86_64_platexternal-kcmo-mco-3cmo" - -config_installer_environment: - OPENSHIFT_INSTALL_RELEASE_IMAGE_OVERRIDE: "quay.io/mrbraga/ocp-release:4.14.0-0.nightly-2023-06-27-233015-mco_manual_crd-installer" - - # Available manifest paches (runs after 'create manifest' stage) config_patches: - rm-capi-machines - mc-kubelet-providerid - deploy-oci-ccm - deploy-oci-csi -# - yaml_patch - -# YAML Patches -# cfg_patch_yaml_patch_specs: -# ## patch infra object to create External provider -# - manifest: /manifests/cluster-infrastructure-02-config.yml -# patch: '{"spec":{"platformSpec":{"type":"External","external":{"platformName":"oci"}}},"status":{"platform":"External","platformStatus":{"type":"External","external":{"cloudControllerManager":{"state":"External"}}}}}' -# - manifest: /manifests/cluster-infrastructure-02-config.yml -# patch: '{"spec":{"platformSpec":{"type":"External","external":{"platformName":"oci"}}},"status":{"platform":"External","platformStatus":{"type":"External","external":{}}}}' # MachineConfig to set the Kubelet environment. Will use this script to discover the ProviderID cfg_patch_kubelet_providerid_script: | PROVIDERID=\$(curl -H "Authorization: Bearer Oracle" -sL http://169.254.169.254/opc/v2/instance/ | jq -r .id); -# Choose CCM deployment parameters -## Use patched manifests for OCP oci_ccm_namespace: oci-cloud-controller-manager -## Use default manifests from github https://github.com/oracle/oci-cloud-controller-manager#deployment -## Note: that method is failing when copying the manifests 'as-is' in OCP. Reason: the RBAC manifest file (and any bundle / single file with many objects) must be splitted to prevent rendering errors in the bootstrap stage -# oci_ccm_namespace: kube-system -# oci_ccm_version: v1.25.0 EOF ``` @@ -129,12 +97,32 @@ ansible-playbook mtulio.okd_installer.create_all \ -e @$VARS_FILE ``` -## Destroy the cluster +### Destroy the cluster ```bash ansible-playbook mtulio.okd_installer.destroy_cluster -e @$VARS_FILE ``` +### Steps + +```bash +ansible-playbook mtulio.okd_installer.install_clients -e @$VARS_FILE +ansible-playbook mtulio.okd_installer.config -e mode=create-config -e @$VARS_FILE +ansible-playbook mtulio.okd_installer.config -e mode=create-manifests -e @$VARS_FILE +ansible-playbook mtulio.okd_installer.stack_network -e @$VARS_FILE +ansible-playbook mtulio.okd_installer.stack_dns -e @$VARS_FILE +ansible-playbook mtulio.okd_installer.stack_loadbalancer -e @$VARS_FILE +ansible-playbook mtulio.okd_installer.config -e mode=patch-manifests -e @$VARS_FILE +ansible-playbook mtulio.okd_installer.config -e mode=create-ignitions -e @$VARS_FILE +ansible-playbook mtulio.okd_installer.os_mirror -e @$VARS_FILE +ansible-playbook mtulio.okd_installer.create_node -e node_role=bootstrap -e @$VARS_FILE +ansible-playbook mtulio.okd_installer.create_node -e node_role=controlplane -e @$VARS_FILE +ansible-playbook mtulio.okd_installer.create_node -e node_role=compute -e @$VARS_FILE +export KUBECONFIG= +oc adm certificate approve $(oc get csr -o json |jq -r '.items[] | select(.status.certificate == null).metadata.name') + +ansible-playbook mtulio.okd_installer.destroy_cluster -e @$VARS_FILE +``` ## Examples @@ -142,7 +130,7 @@ ansible-playbook mtulio.okd_installer.destroy_cluster -e @$VARS_FILE - OCP 4.14-nightly-patched_CMO + Platform External + OCI + CSI ```bash -CLUSTER_NAME=oci-ext107 +CLUSTER_NAME=oci-ext108 VARS_FILE=./vars-oci-ha_${CLUSTER_NAME}.yaml cat < ${VARS_FILE} diff --git a/playbooks/vars/aws/profiles/HighlyAvailable/network.yaml b/playbooks/vars/aws/profiles/HighlyAvailable/network.yaml index f80d998..628f867 100644 --- a/playbooks/vars/aws/profiles/HighlyAvailable/network.yaml +++ b/playbooks/vars/aws/profiles/HighlyAvailable/network.yaml @@ -131,11 +131,6 @@ cloud_networks: - dest: 0.0.0.0/0 gw_type: igw - # - name: "{{ cluster_state.infra_id }}-rt-public-edge" - # routes: - # - dest: 0.0.0.0/0 - # gw_type: cagw - subnets: - name: "{{ cluster_state.infra_id }}-net-public-1a" az: us-east-1a @@ -169,26 +164,6 @@ cloud_networks: route_table: "{{ cluster_state.infra_id }}-rt-private-1c" map_public: false - # # Edge (Local Zone) subnets - # - name: "{{ cluster_state.infra_id }}-net-public-nyc-lz-1a" - # az: us-east-1-nyc-1a - # cidr: 10.0.60.0/22 - # route_table: "{{ cluster_state.infra_id }}-rt-public" - # map_public: true - - # - name: "{{ cluster_state.infra_id }}-net-private-nyc-lz-1a" - # az: us-east-1-nyc-1a - # cidr: 10.0.64.0/22 - # route_table: "{{ cluster_state.infra_id }}-rt-private-1a" - # map_public: false - - # # Edge (Wavelength) subnets - # - name: "{{ cluster_state.infra_id }}-net-public-nyc-wlz-1" - # az: us-east-1-wl1-nyc-wlz-1 - # cidr: 10.0.68.0/22 - # route_table: "{{ cluster_state.infra_id }}-rt-public-edge" - # map_public: false - # endpoint_services: # - name: s3 # service: com.amazonaws.us-east-1.s3 diff --git a/roles/cloud_compute b/roles/cloud_compute index f12cdbd..496d88e 160000 --- a/roles/cloud_compute +++ b/roles/cloud_compute @@ -1 +1 @@ -Subproject commit f12cdbd2bbb4a876c885b62c9f05a3a41ce0bf81 +Subproject commit 496d88ea8663a911c5855bf6b8665127b6357a50 diff --git a/roles/csr_approver/tasks/approve.yaml b/roles/csr_approver/tasks/approve.yaml index 006b9b9..59f3bb2 100644 --- a/roles/csr_approver/tasks/approve.yaml +++ b/roles/csr_approver/tasks/approve.yaml @@ -11,6 +11,10 @@ kind: CertificateSigningRequest kubeconfig: "{{ config_install_dir }}/auth/kubeconfig" register: all_csr + until: "all_csr | length > 0" + retries: 12 + delay: 5 + no_log: true - name: Approver | Set pending list ansible.builtin.set_fact: diff --git a/roles/destroy/tasks/oci/compute.yaml b/roles/destroy/tasks/oci/compute.yaml index abca60e..8fe08ff 100644 --- a/roles/destroy/tasks/oci/compute.yaml +++ b/roles/destroy/tasks/oci/compute.yaml @@ -9,17 +9,18 @@ compartment_id: "{{ okd_cluster_destroy_instances_compartment_id }}" display_name: "{{ instance.name }}" -- name: OCI | LB | Show Delete - tags: compute - loop_control: - loop_var: results - loop: "{{ _instances.results }}" - when: - - _instances.results | length > 0 - - results.instances is defined and results.instances | length > 0 - - debug | d(false) - debug: - msg: "Deleting Instance: {{ results.instances[0].display_name }}({{ results.instances[0].id }})" +# TODO: commenting to further review to prevent showing undesired fields (user-data). +# - name: OCI | Compute | Show Delete +# tags: compute +# loop_control: +# loop_var: results +# loop: "{{ _instances.results }}" +# when: +# - _instances.results | length > 0 +# - results.instances is defined and results.instances | length > 0 +# - debug | d(false) +# debug: +# msg: "Deleting Instance: {{ results.instances[0].display_name }}({{ results.instances[0].id }})" - name: OCI | Compute | Delete instance tags: compute From c0b1077038db5106f39be5d2a688daa7dc79cf2b Mon Sep 17 00:00:00 2001 From: Marco Braga Date: Wed, 16 Aug 2023 12:17:47 -0300 Subject: [PATCH 21/39] doc/typo: VARS_FILE is now broadly referenced --- docs/guides/OCI/oci-installing-steps.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/guides/OCI/oci-installing-steps.md b/docs/guides/OCI/oci-installing-steps.md index 565c5b4..d01aa77 100644 --- a/docs/guides/OCI/oci-installing-steps.md +++ b/docs/guides/OCI/oci-installing-steps.md @@ -55,9 +55,9 @@ EOF source ~/.openshift/env CLUSTER_NAME=oci-bm2 -VAR_FILE=./vars-oci-ha_${CLUSTER_NAME}.yaml +VARS_FILE=./vars-oci-ha_${CLUSTER_NAME}.yaml -cat < ${VAR_FILE} +cat < ${VARS_FILE} provider: oci cluster_name: ${CLUSTER_NAME} config_cluster_region: us-sanjose-1 @@ -138,7 +138,7 @@ ansible-playbook mtulio.okd_installer.install_clients -e @$VARS_FILE ansible-playbook mtulio.okd_installer.create_all \ -e certs_max_retries=20 \ -e cert_wait_interval_sec=60 \ - -e @$VAR_FILE + -e @$VARS_FILE ``` ### Installing option 2: step-by-step From db2965c69faf7f1bf69b7075700fce88012fc83e Mon Sep 17 00:00:00 2001 From: Marco Braga Date: Sat, 16 Sep 2023 23:42:13 -0300 Subject: [PATCH 22/39] restructure documentation/guides for OCI and AWS --- docs/guides/AWS/aws-agnostic.md | 4 +- docs/guides/AWS/index.md | 2 +- .../dev-platform-external-custom-release.md} | 2 +- docs/guides/OCI/index.md | 28 +++++++------ .../OCI/{oci-prerequisites.md => init.md} | 2 +- .../OCI/installing-assisted-installer.md | 5 +++ .../OCI/installing-customization-external.md | 3 ++ .../OCI/installing-customization-infra.md | 3 ++ ...teps.md => installing-quickly-agnostic.md} | 10 ++--- ...-ccm.md => installing-quickly-external.md} | 10 ++--- ...xamples.md => lab-examples-custom-vars.md} | 0 ....md => setting-registry-storage-bucket.md} | 0 ...th-opct.md => testing-opct-conformance.md} | 0 docs/guides/index.md | 14 ++++++- docs/guides/opportunities.md | 40 +++++++++++++++++++ mkdocs.yaml | 20 ++++++---- 16 files changed, 105 insertions(+), 38 deletions(-) rename docs/guides/OCI/{platform-external-custom-release.md => hack/dev-platform-external-custom-release.md} (92%) rename docs/guides/OCI/{oci-prerequisites.md => init.md} (96%) create mode 100644 docs/guides/OCI/installing-assisted-installer.md create mode 100644 docs/guides/OCI/installing-customization-external.md create mode 100644 docs/guides/OCI/installing-customization-infra.md rename docs/guides/OCI/{oci-installing-steps.md => installing-quickly-agnostic.md} (97%) rename docs/guides/OCI/{oci-install-ccm.md => installing-quickly-external.md} (98%) rename docs/guides/OCI/{oci-installing-quickly-examples.md => lab-examples-custom-vars.md} (100%) rename docs/guides/OCI/{oci-image-registry-bucket.md => setting-registry-storage-bucket.md} (100%) rename docs/guides/OCI/{validate-cluster-with-opct.md => testing-opct-conformance.md} (100%) create mode 100644 docs/guides/opportunities.md diff --git a/docs/guides/AWS/aws-agnostic.md b/docs/guides/AWS/aws-agnostic.md index 23d4d88..463db32 100644 --- a/docs/guides/AWS/aws-agnostic.md +++ b/docs/guides/AWS/aws-agnostic.md @@ -31,7 +31,7 @@ Create and export the environments: # OCP: https://openshift-release.apps.ci.l2s4.p1.openshiftapps.com/ DISTRIBUTION="ocp" RELEASE_REPO="quay.io/openshift-release-dev/ocp-release" -VERSION="4.13.0" +VERSION="4.14.0-rc.0" RELEASE_VERSION="${VERSION}-x86_64" PULL_SECRET_FILE="${HOME}/.openshift/pull-secret-latest.json" ``` @@ -60,7 +60,7 @@ Create the Ansible var files: ```bash -CLUSTER_NAME="aws-none05" +CLUSTER_NAME="aws-n414rc0" BASE_DOMAIN="devcluster.openshift.com" SSH_PUB_KEY="$(cat ~/.ssh/id_rsa.pub)" diff --git a/docs/guides/AWS/index.md b/docs/guides/AWS/index.md index adea6bf..91bc5e9 100644 --- a/docs/guides/AWS/index.md +++ b/docs/guides/AWS/index.md @@ -1,4 +1,4 @@ -# AWS Guides +# OKD/OCP guides for Amazon Web Services (AWS) !!! warning "Oops... TODO / WIP page" This page is not completed! \ No newline at end of file diff --git a/docs/guides/OCI/platform-external-custom-release.md b/docs/guides/OCI/hack/dev-platform-external-custom-release.md similarity index 92% rename from docs/guides/OCI/platform-external-custom-release.md rename to docs/guides/OCI/hack/dev-platform-external-custom-release.md index 7e26e1e..c8e7e0b 100644 --- a/docs/guides/OCI/platform-external-custom-release.md +++ b/docs/guides/OCI/hack/dev-platform-external-custom-release.md @@ -1,6 +1,6 @@ # Platform External - creating a custom release to support it on 4.13 -This guide describes how to create a custom OCP release image with minimal changes to enable Platform `External` to be considered 'external' on the `library-go` - `IsCloudProviderExternal()`, signalizing the Kubelet (MCO) and Kube Controller Manager (KCMO) flag `--cloud-provider` be external, waiting for an external CCM be deployed on install time (in this case [OCI CCM](https://github.com/oracle/oci-cloud-controller-manager)) +This guide describe how to create a custom OCP release image with minimal changes to enable Platform `External` to be considered 'external' on the `library-go` - `IsCloudProviderExternal()`, signalizing the Kubelet (MCO) and Kube Controller Manager (KCMO) flag `--cloud-provider` be external, waiting for an external CCM be deployed on install time (in this case [OCI CCM](https://github.com/oracle/oci-cloud-controller-manager)) This is part of a PoC to enable Platform External to install CCM on install time. All the work has been mapped on the [Enhancement Proposal 1353](https://github.com/openshift/enhancements/pull/1353). diff --git a/docs/guides/OCI/index.md b/docs/guides/OCI/index.md index 36c0dab..398ce82 100644 --- a/docs/guides/OCI/index.md +++ b/docs/guides/OCI/index.md @@ -1,17 +1,19 @@ -# Guides for Oracle Cloud Infrastructure +# OKD/OCP guides for Oracle Cloud Infrastructure (OCI) -> WIP +!!! warning "Developer Preview" + This document is available only for development preview. -> TODO: + The [PR #26](https://github.com/mtulio/ansible-collection-okd-installer/pull/26)is under development and is subject to change the whole document described under OCI guides. -Create guides/docs for OCP/OKD on OCI: +Guides for OKD/OCP in Oracle Cloud Infrastructure (OCI): -- Installing a cluster with agnostic installation quickly (Platform=None) -- Installing a cluster with Cloud Controller Manager using External provider (Platform=External) -- Installing a cluster with External Cloud provider integration: CCM and `Platform External` -- Installing a cluster with agnostic installation with Assisted Installer as a installation provider - -Generic guides: - -- Integrate new provider to the Ansible Collection (UPI stacks) -- Adding CCM to existing integrated external provider +- [Requirements](./init.md) +- [Installing a cluster quickly on OCI with platform agnostic (None)](./installing-quickly-agnostic.md) +- [Installing a cluster quickly on OCI with platform external (External)](./installing-quickly-external.md) +- [Installing a cluster on OCI with infrastructure customizations](./installing-customization-infra.md) +- [Installing a cluster on OCI using platform external (External) with CCM customizations](./installing-customization-external.md) +- [Installing a cluster on OCI with Assisted Installer](./installing-assisted-installer.md) +- [Setting up the registry storage with OCI Bucket](./setting-registry-storage-bucket.md) +- [Lab / Examples distributed/reused vars](./lab-examples-custom-vars.md) +- [Testing the installation with Kubernetes/OpenShift conformance test suites](./testing-opct-conformance.md) +- [hack/platform external development/building custom components in OKD](./hack/dev-platform-external-custom-release.md) \ No newline at end of file diff --git a/docs/guides/OCI/oci-prerequisites.md b/docs/guides/OCI/init.md similarity index 96% rename from docs/guides/OCI/oci-prerequisites.md rename to docs/guides/OCI/init.md index 811aefa..5de7b68 100644 --- a/docs/guides/OCI/oci-prerequisites.md +++ b/docs/guides/OCI/init.md @@ -86,4 +86,4 @@ ansible localhost \ -a user_id=${oci_user_id} ``` -You must be able to collect the user information. +Ansible should return the user attributes, otherwise check your credentials. diff --git a/docs/guides/OCI/installing-assisted-installer.md b/docs/guides/OCI/installing-assisted-installer.md new file mode 100644 index 0000000..581fea1 --- /dev/null +++ b/docs/guides/OCI/installing-assisted-installer.md @@ -0,0 +1,5 @@ +> TODO + +- Describe the steps to install the infrastructure, using Assisted Installer as a config provider. Finish the work started on: + +https://github.com/mtulio/ansible-collection-okd-installer/pull/28 \ No newline at end of file diff --git a/docs/guides/OCI/installing-customization-external.md b/docs/guides/OCI/installing-customization-external.md new file mode 100644 index 0000000..ebad665 --- /dev/null +++ b/docs/guides/OCI/installing-customization-external.md @@ -0,0 +1,3 @@ +> TODO: + +- describe the step-by-step to create a cluster customizing CCM manifests (using from OCI CCM repo) to deploy OKD/OCP \ No newline at end of file diff --git a/docs/guides/OCI/installing-customization-infra.md b/docs/guides/OCI/installing-customization-infra.md new file mode 100644 index 0000000..6787c2f --- /dev/null +++ b/docs/guides/OCI/installing-customization-infra.md @@ -0,0 +1,3 @@ +> TODO + +- Describe how to customize infra deployment changing default vars diff --git a/docs/guides/OCI/oci-installing-steps.md b/docs/guides/OCI/installing-quickly-agnostic.md similarity index 97% rename from docs/guides/OCI/oci-installing-steps.md rename to docs/guides/OCI/installing-quickly-agnostic.md index d01aa77..500c54c 100644 --- a/docs/guides/OCI/oci-installing-steps.md +++ b/docs/guides/OCI/installing-quickly-agnostic.md @@ -54,7 +54,7 @@ OCP_RELEASE_413="quay.io/mrbraga/ocp-release:4.13.0-rc.0-x86_64_platexternal-kcm EOF source ~/.openshift/env -CLUSTER_NAME=oci-bm2 +CLUSTER_NAME=oci-e414rc0 VARS_FILE=./vars-oci-ha_${CLUSTER_NAME}.yaml cat < ${VARS_FILE} @@ -75,10 +75,10 @@ config_base_domain: splat-oci.devcluster.openshift.com config_ssh_key: "$(cat ~/.ssh/id_rsa.pub;cat ~/.ssh/openshift-dev.pub)" config_pull_secret_file: "${HOME}/.openshift/pull-secret-latest.json" -config_cluster_version: 4.13.0-rc.0 -version: 4.13.0-rc.0 -config_installer_environment: - OPENSHIFT_INSTALL_RELEASE_IMAGE_OVERRIDE: "quay.io/mrbraga/ocp-release:4.13.0-rc.0-x86_64_platexternal-kcmo-mco-3cmo" +config_cluster_version: 4.14.0-rc.0 +version: 4.14.0-rc.0 +# config_installer_environment: +# OPENSHIFT_INSTALL_RELEASE_IMAGE_OVERRIDE: "quay.io/mrbraga/ocp-release:4.14.0-rc.0-x86_64_platexternal-kcmo-mco-3cmo" # Define the OS Image mirror # custom_image_id: rhcos-412.86.202212081411-0-openstack.x86_64 diff --git a/docs/guides/OCI/oci-install-ccm.md b/docs/guides/OCI/installing-quickly-external.md similarity index 98% rename from docs/guides/OCI/oci-install-ccm.md rename to docs/guides/OCI/installing-quickly-external.md index ef65307..8dc4b5d 100644 --- a/docs/guides/OCI/oci-install-ccm.md +++ b/docs/guides/OCI/installing-quickly-external.md @@ -25,7 +25,7 @@ EOF source ~/.oci/env # MCO patch without revendor (w/o disabling FG) -CLUSTER_NAME=oci-ext414ec4-2 +CLUSTER_NAME=oci-e414rc0 VARS_FILE=./vars-oci-ha_${CLUSTER_NAME}.yaml cat < ${VARS_FILE} @@ -44,10 +44,8 @@ config_base_domain: splat-oci.devcluster.openshift.com config_ssh_key: "$(cat ~/.ssh/openshift-dev.pub)" config_pull_secret_file: "${HOME}/.openshift/pull-secret-latest.json" -#config_featureset: TechPreviewNoUpgrade - -config_cluster_version: 4.14.0-ec.4 -version: 4.14.0-ec.4 +config_cluster_version: 4.14.0-rc.0 +version: 4.14.0-rc.0 # Define the OS Image mirror os_mirror: yes @@ -103,7 +101,7 @@ ansible-playbook mtulio.okd_installer.create_all \ ansible-playbook mtulio.okd_installer.destroy_cluster -e @$VARS_FILE ``` -### Steps +### Steps by playbook ```bash ansible-playbook mtulio.okd_installer.install_clients -e @$VARS_FILE diff --git a/docs/guides/OCI/oci-installing-quickly-examples.md b/docs/guides/OCI/lab-examples-custom-vars.md similarity index 100% rename from docs/guides/OCI/oci-installing-quickly-examples.md rename to docs/guides/OCI/lab-examples-custom-vars.md diff --git a/docs/guides/OCI/oci-image-registry-bucket.md b/docs/guides/OCI/setting-registry-storage-bucket.md similarity index 100% rename from docs/guides/OCI/oci-image-registry-bucket.md rename to docs/guides/OCI/setting-registry-storage-bucket.md diff --git a/docs/guides/OCI/validate-cluster-with-opct.md b/docs/guides/OCI/testing-opct-conformance.md similarity index 100% rename from docs/guides/OCI/validate-cluster-with-opct.md rename to docs/guides/OCI/testing-opct-conformance.md diff --git a/docs/guides/index.md b/docs/guides/index.md index 75f4cc7..f010694 100644 --- a/docs/guides/index.md +++ b/docs/guides/index.md @@ -1,4 +1,14 @@ # Guides -!!! warning "Oops... TODO / WIP page" - This page is not completed! +!!! warning "Documentation under development" + This page is under development and is subject to change quickly. + + Stay tuned for the updates. + +This section contain guides about exploring `okd-installer` for each specific cloud provider. + +To begin exploring, please see the following pages related for each provider: + +- [AWS - Amazon Web Services](./AWS) +- [OCI - Oracle Cloud Infrastructure](./OCI) +- [Developer Call: Opportunities to contribute adding new providers](./opportunities.md) \ No newline at end of file diff --git a/docs/guides/opportunities.md b/docs/guides/opportunities.md new file mode 100644 index 0000000..6e71ba7 --- /dev/null +++ b/docs/guides/opportunities.md @@ -0,0 +1,40 @@ +# Dev Call: Cloud Provider Opportunities for OKD + +Hey, are you looking for opportunities to explore OKD into other cloud providers +using okd-installer Collection? This section describes some opportunities +if you are looking for challenges! + +Here are a matrix with existing Cloud Providers with Ansible automation, or API/SDK reference +if you would like to a challenge creating new modules: + +| Provider Name | Ansible | Platform External:CCM/CSI | +| -- | -- | -- | +| Digital Ocean | [Collection](https://docs.ansible.com/ansible/latest/collections/community/digitalocean/index.html) | [CCM](https://github.com/digitalocean/digitalocean-cloud-controller-manager) / [CSI](https://github.com/digitalocean/csi-digitalocean) | +| Vultr Cloud | [Modules](https://github.com/ngine-io/ansible-collection-vultr) | [CCM](https://github.com/vultr/vultr-cloud-controller-manager) / [CSI](https://github.com/vultr/vultr-csi) | +| Hetzner Cloud | [Modules](https://github.com/ansible-collections/hetzner.hcloud) | [CCM](https://github.com/hetznercloud/hcloud-cloud-controller-manager) / [CSI](https://github.com/hetznercloud/csi-driver / Ansible modules) | +| IONOS | [Modules](https://github.com/ionos-cloud/module-ansible) | [CCM](https://github.com/23technologies/machine-controller-manager-provider-ionos) / CSI | + + + +## Existing exploration / hacking / labs + +### Digital Ocean + +Looking for Digital Ocean installations? We need contributors! =] + +Please take a look at the ongoing [PR #40](https://github.com/mtulio/ansible-collection-okd-installer/pull/40). + +### IONOS + +Looking for IONOS installations? Feel free to submit the contribution! =] + +There is an exploration[1] using Official IONOS Ansible Collection and +the okd-installer Collection. Please take a look at the [PR #9](https://github.com/mtulio/ansible-collection-okd-installer/pull/9). + +[1] https://docs.ionos.com/ansible/ \ No newline at end of file diff --git a/mkdocs.yaml b/mkdocs.yaml index 85df4e9..13841ac 100644 --- a/mkdocs.yaml +++ b/mkdocs.yaml @@ -110,13 +110,19 @@ nav: - Installing HA Topology with UPI and Platform Agnostic: guides/AWS/aws-agnostic.md - Installing SNO with Ephemeral storage: guides/AWS/aws-sno.md - Installing HA Topology UPI BYO Network: guides/AWS/aws-upi-byo-network.md - # - Digital Ocean: TODO.md - - Oracle Cloud: - # - Installing HA Topology with UPI and Platform Agnostic: TODO.md - - guides/OCI/oci-prerequisites.md - - guides/OCI/oci-installing-steps.md - - Installing HA Topology with UPI and Platform External: guides/OCI/oci-install-ccm.md - # - Installing HA Topology with UPI and Platform External and CSI Driver: TODO.md + - Oracle Cloud Infrastructure: + - guides/OCI/index.md + - "Requirements": guides/OCI/init.md + - Installing a cluster quickly on OCI with platform agnostic (None): guides/OCI/installing-quickly-agnostic.md + - Installing a cluster quickly on OCI with platform external (External): guides/OCI/installing-quickly-external.md + - Installing a cluster on OCI with infrastructure customizations: guides/OCI/installing-customization-infra.md + - Installing a cluster on OCI using platform external (External) with CCM customizations: guides/OCI/installing-customization-external.md + - Installing a cluster on OCI with Assisted Installer: guides/OCI/installing-assisted-installer.md + - Setting up the registry storage with OCI Bucket: guides/OCI/setting-registry-storage-bucket.md + - Lab / Examples distributed/reused vars: guides/OCI/lab-examples-custom-vars.md + - Testing the installation with Kubernetes/OpenShift conformance test suites: guides/OCI/testing-opct-conformance.md + - hack/platform external development/building custom components in OKD: guides/OCI/hack/dev-platform-external-custom-release.md + - Dev Call - Cloud Provider Opportunities for OKD: guides/opportunities.md #- Examples: TODO.md - Development: - development/index.md From 591fb443f154afe3f4ac866f06c0112edf6fee3f Mon Sep 17 00:00:00 2001 From: Marco Braga Date: Sun, 17 Sep 2023 01:49:39 -0300 Subject: [PATCH 23/39] doc: creating module reusable docs --- .../guides/AWS/installing-quickly-agnostic.md | 21 +++++ docs/index.md | 3 +- docs/modules/cfg-env-cluster-aws.md | 19 +++++ docs/modules/cfg-env-distribution-okdscos.md | 14 ++++ docs/modules/cfg-okdc-varfile-external.md | 36 +++++++++ docs/modules/cfg-okdc-varfile-oci.md | 56 +++++++++++++ docs/modules/cfg-okdc-varfile.md | 19 +++++ docs/modules/play-approve_certs.md | 21 +++++ docs/modules/play-create_all.md | 9 +++ docs/modules/play-destroy_cluster.md | 7 ++ mkdocs.yaml | 80 +++++++++++-------- 11 files changed, 251 insertions(+), 34 deletions(-) create mode 100644 docs/guides/AWS/installing-quickly-agnostic.md create mode 100644 docs/modules/cfg-env-cluster-aws.md create mode 100644 docs/modules/cfg-env-distribution-okdscos.md create mode 100644 docs/modules/cfg-okdc-varfile-external.md create mode 100644 docs/modules/cfg-okdc-varfile-oci.md create mode 100644 docs/modules/cfg-okdc-varfile.md create mode 100644 docs/modules/play-approve_certs.md create mode 100644 docs/modules/play-create_all.md create mode 100644 docs/modules/play-destroy_cluster.md diff --git a/docs/guides/AWS/installing-quickly-agnostic.md b/docs/guides/AWS/installing-quickly-agnostic.md new file mode 100644 index 0000000..dc3ae62 --- /dev/null +++ b/docs/guides/AWS/installing-quickly-agnostic.md @@ -0,0 +1,21 @@ + +The steps below describes how to validate the OpenShift cluster installed +in an agnostic installation using standard topology. + +## Prerequisites + +--8<-- "docs/modules/cfg-env-cluster-aws.md" + +--8<-- "docs/modules/cfg-env-distribution-okdscos.md" + +--8<-- "docs/modules/cfg-okdc-varfile.md" + +## Install + +--8<-- "docs/modules/play-create_all.md" + +--8<-- "docs/modules/play-approve_certs.md" + +## Destroy + +--8<-- "docs/modules/play-destroy_cluster.md" \ No newline at end of file diff --git a/docs/index.md b/docs/index.md index aecde2c..8cc238a 100644 --- a/docs/index.md +++ b/docs/index.md @@ -5,7 +5,8 @@ [![](https://img.shields.io/ansible/collection/1867)](https://galaxy.ansible.com/mtulio/okd_installer) -Ansible Collection to install OKD/OpenShift clusters with customization. +Ansible Collection okd-installer allow you to keep infrastructure required to deploy +OKD/OCP as a code in non-integrated providrs or UPI installation method. - [Summary](#summary) - [Content](#content) diff --git a/docs/modules/cfg-env-cluster-aws.md b/docs/modules/cfg-env-cluster-aws.md new file mode 100644 index 0000000..d61d4c5 --- /dev/null +++ b/docs/modules/cfg-env-cluster-aws.md @@ -0,0 +1,19 @@ + +### Required environment variables + +Export the variables related to the cluster: + +```bash +# Cluster Install Configuration +CLUSTER_NAME="mycluster" + +# Provider Information +PROVIDER=aws +CLUSTER_REGION=us-east-1 +CLUSTER_DOMAIN="aws.example.com" + +# AWS Credentials +AWS_ACCESS_KEY_ID="AK..." +AWS_SECRET_ACCESS_KEY="[superSecret]" +AWS_DEFAULT_REGION="${CLUSTER_REGION}" +``` \ No newline at end of file diff --git a/docs/modules/cfg-env-distribution-okdscos.md b/docs/modules/cfg-env-distribution-okdscos.md new file mode 100644 index 0000000..5fd2be3 --- /dev/null +++ b/docs/modules/cfg-env-distribution-okdscos.md @@ -0,0 +1,14 @@ + +### Distribution OKD SCOS + +To obtain the openshift installer and client, visit releases for stable versions or the [CI Release Controller](https://amd64.origin.releases.ci.openshift.org/) for nightlies. + +Export the variables related to deployment environment: + +```bash +DISTRIBUTION="okd" +RELEASE_REPO=quay.io/okd/scos-release +VERSION=4.14.0-0.okd-scos-2023-08-17-022029 +RELEASE_VERSION=$VERSION +PULL_SECRET_FILE="{{ playbook_dir }}/../tests/config/pull-secret-okd-fake.json" +``` \ No newline at end of file diff --git a/docs/modules/cfg-okdc-varfile-external.md b/docs/modules/cfg-okdc-varfile-external.md new file mode 100644 index 0000000..bed4245 --- /dev/null +++ b/docs/modules/cfg-okdc-varfile-external.md @@ -0,0 +1,36 @@ + + +```bash +# Platform External setup only +cat <> ${VARS_FILE} + +# Define the OS Image mirror +os_mirror: yes +os_mirror_from: stream_artifacts +os_mirror_stream: + architecture: x86_64 + artifact: openstack + format: qcow2.gz + +os_mirror_to_provider: oci +os_mirror_to_oci: + compartment_id: ${OCI_COMPARTMENT_ID_IMAGE} + bucket: rhcos-images + image_type: QCOW2 + + +# Available manifest paches (runs after 'create manifest' stage) +config_patches: +- rm-capi-machines +- mc-kubelet-providerid +- deploy-oci-ccm +- deploy-oci-csi + +# MachineConfig to set the Kubelet environment. Will use this script to discover the ProviderID +cfg_patch_kubelet_providerid_script: | + PROVIDERID=\$(curl -H "Authorization: Bearer Oracle" -sL http://169.254.169.254/opc/v2/instance/ | jq -r .id); + +oci_ccm_namespace: oci-cloud-controller-manager + +EOF +``` \ No newline at end of file diff --git a/docs/modules/cfg-okdc-varfile-oci.md b/docs/modules/cfg-okdc-varfile-oci.md new file mode 100644 index 0000000..6845488 --- /dev/null +++ b/docs/modules/cfg-okdc-varfile-oci.md @@ -0,0 +1,56 @@ + + +```bash +# Platform External setup only +cat <> ${VARS_FILE} +cat < ~/.oci/env +# Compartment that the cluster will be installed +OCI_COMPARTMENT_ID="" + +# Compartment that the DNS Zone is created (based domain) +OCI_COMPARTMENT_ID_DNS="" + +# Compartment that the OS Image will be created +OCI_COMPARTMENT_ID_IMAGE="" +EOF +source ~/.oci/env + + +# Platform External setup only +cat <> ${VARS_FILE} + +oci_compartment_id: ${OCI_COMPARTMENT_ID} +oci_compartment_id_dns: ${OCI_COMPARTMENT_ID_DNS} +oci_compartment_id_image: ${OCI_COMPARTMENT_ID_IMAGE} + + +# Define the OS Image mirror +os_mirror: yes +os_mirror_from: stream_artifacts +os_mirror_stream: + architecture: x86_64 + artifact: openstack + format: qcow2.gz + +os_mirror_to_provider: oci +os_mirror_to_oci: + compartment_id: ${OCI_COMPARTMENT_ID_IMAGE} + bucket: rhcos-images + image_type: QCOW2 + + +# Available manifest paches (runs after 'create manifest' stage) +config_patches: +- rm-capi-machines +- mc-kubelet-providerid +- deploy-oci-ccm +- deploy-oci-csi + +# MachineConfig to set the Kubelet environment. Will use this script to discover the ProviderID +cfg_patch_kubelet_providerid_script: | + PROVIDERID=\$(curl -H "Authorization: Bearer Oracle" -sL http://169.254.169.254/opc/v2/instance/ | jq -r .id); + +oci_ccm_namespace: oci-cloud-controller-manager + +EOF +``` \ No newline at end of file diff --git a/docs/modules/cfg-okdc-varfile.md b/docs/modules/cfg-okdc-varfile.md new file mode 100644 index 0000000..461d75e --- /dev/null +++ b/docs/modules/cfg-okdc-varfile.md @@ -0,0 +1,19 @@ +### Create the vars file + +```bash +cat < ${VARS_FILE} +provider: ${PROVIDER} +cluster_name: ${CLUSTER_NAME} +config_cluster_region: ${CLUSTER_REGION} + +config_cluster_version: 4.14.0-rc.0 +version: 4.14.0-rc.0 + +cluster_profile: ha +destroy_bootstrap: no + +config_base_domain: ${CLUSTER_DOMAIN} +config_ssh_key: "$(cat ~/.ssh/openshift-dev.pub)" +config_pull_secret_file: "${HOME}/.openshift/pull-secret-latest.json" +EOF +``` diff --git a/docs/modules/play-approve_certs.md b/docs/modules/play-approve_certs.md new file mode 100644 index 0000000..164679a --- /dev/null +++ b/docs/modules/play-approve_certs.md @@ -0,0 +1,21 @@ +#### Approve certificates + +The `create_all` already trigger the certificates approval with one default timeout. If the nodes was not yet joined to the cluster (`oc get nodes`) or still have pending certificates (`oc get csr`) due the short delay for approval, you can call it again with longer timeout: + +- Approve the certificates (default execution) + +```bash +ansible-playbook mtulio.okd_installer.approve_certs \ + -e provider=${CONFIG_PROVIDER} \ + -e cluster_name=${CONFIG_CLUSTER_NAME} +``` + +- Change the intervals to check (example 5 minutes) + +```bash +ansible-playbook mtulio.okd_installer.approve_certs \ + -e provider=${CONFIG_PROVIDER} \ + -e cluster_name=${CONFIG_CLUSTER_NAME} \ + -e certs_max_retries=3 \ + -e cert_wait_interval_sec=10 +``` \ No newline at end of file diff --git a/docs/modules/play-create_all.md b/docs/modules/play-create_all.md new file mode 100644 index 0000000..f64687a --- /dev/null +++ b/docs/modules/play-create_all.md @@ -0,0 +1,9 @@ + +### Install the cluster + +```bash +ansible-playbook mtulio.okd_installer.create_all \ + -e cert_max_retries=30 \ + -e cert_wait_interval_sec=60 \ + -e @$VARS_FILE +``` \ No newline at end of file diff --git a/docs/modules/play-destroy_cluster.md b/docs/modules/play-destroy_cluster.md new file mode 100644 index 0000000..f711439 --- /dev/null +++ b/docs/modules/play-destroy_cluster.md @@ -0,0 +1,7 @@ +## Destroy cluster + +```bash +ansible-playbook mtulio.okd_installer.destroy_cluster \ + -e provider=${CONFIG_PROVIDER} \ + -e cluster_name=${CONFIG_CLUSTER_NAME} +``` \ No newline at end of file diff --git a/mkdocs.yaml b/mkdocs.yaml index 13841ac..f4cf6fd 100644 --- a/mkdocs.yaml +++ b/mkdocs.yaml @@ -64,44 +64,14 @@ markdown_extensions: - name: mermaid class: mermaid format: !!python/name:pymdownx.superfences.fence_code_format + # enable modules (include md files) + - pymdownx.snippets: + check_paths: true nav: - Home: - index.md - How it works: Getting-started.md - - Deployment: - - deployment/index.md - - Installation Guide: deployment/installing.md - - Configurations: deployment/configuration.md - - Playbooks: - - deployment/playbooks/index.md - - Installing Clients: deployment/playbooks/install-clients.md - - Create Cluster: TODO.md - - Destroy Cluster: TODO.md - - Config Create: TODO.md - - Config Manifest: TODO.md - - Config Patch Manifests: TODO.md - - Config Ignitions: TODO.md - - OS Mirror: TODO.md - - Stack IAM: TODO.md - - Stack Network: TODO.md - - Stack DNS: TODO.md - - Stack Load Balancer: TODO.md - - Stack Compute: TODO.md - - Approve Certificates: TODO.md - - Roles: - - deployment/roles/index.md - - clients: TODO.md - - bootstrap: TODO.md - - config: TODO.md - - csr_approver: TODO.md - - destroy: TODO.md - - cloud_compute: TODO.md - - cloud_dns: TODO.md - - cloud_iam: TODO.md - - cloud_load_balancer: TODO.md - - cloud_network: TODO.md - - Integrating Provider: deployment/integrating.md - Guides: - guides/index.md - AWS: @@ -110,6 +80,7 @@ nav: - Installing HA Topology with UPI and Platform Agnostic: guides/AWS/aws-agnostic.md - Installing SNO with Ephemeral storage: guides/AWS/aws-sno.md - Installing HA Topology UPI BYO Network: guides/AWS/aws-upi-byo-network.md + - Oracle Cloud Infrastructure: - guides/OCI/index.md - "Requirements": guides/OCI/init.md @@ -123,6 +94,49 @@ nav: - Testing the installation with Kubernetes/OpenShift conformance test suites: guides/OCI/testing-opct-conformance.md - hack/platform external development/building custom components in OKD: guides/OCI/hack/dev-platform-external-custom-release.md - Dev Call - Cloud Provider Opportunities for OKD: guides/opportunities.md + - Deployment: + - deployment/index.md + - Installation Guide: deployment/installing.md + - Configurations: deployment/configuration.md + - Playbooks: + - deployment/playbooks/index.md + - approve_certs: TODO.md + - config_load: TODO.md + - create_all: TODO.md + - create_node: TODO.md + - create_node_all: TODO.md + - config_dump: TODO.md + - config: + - TODO.md + - Config Manifest: TODO.md + - Config Patch Manifests: TODO.md + - Config Ignitions: TODO.md + - create_imageregistry: TODO.md + - destroy_cluster: TODO.md + - destroy_bootstrap: TODO.md + - install_clients: TODO.md + - os_mirror: TODO.md + - stack_dns: TODO.md + - stack_loadbalancer: TODO.md + - stack_iam: TODO.md + - stack_network: TODO.md + - ping: TODO.md + - var_check_required: TODO.md + - Global Vars: + - TODO.md + - Roles: + - deployment/roles/index.md + - clients: TODO.md + - bootstrap: TODO.md + - config: TODO.md + - csr_approver: TODO.md + - destroy: TODO.md + - cloud_compute: TODO.md + - cloud_dns: TODO.md + - cloud_iam: TODO.md + - cloud_load_balancer: TODO.md + - cloud_network: TODO.md + - Integrating Provider: deployment/integrating.md #- Examples: TODO.md - Development: - development/index.md From 6afdec6ec992146c63945b77acf2b89d67bd1f5e Mon Sep 17 00:00:00 2001 From: Marco Braga Date: Mon, 18 Sep 2023 03:01:39 -0300 Subject: [PATCH 24/39] docs: using modules to enhance guides --- docs/guides/AWS/aws-sno.md | 113 ++++--------- docs/guides/AWS/index.md | 20 ++- docs/guides/AWS/init.md | 4 + .../guides/AWS/installing-quickly-agnostic.md | 16 +- .../AWS/script/installing-quickly-agnostic.md | 29 ++++ .../dev-platform-external-custom-release.md | 123 ++++++++++++++ docs/guides/OCI/index.md | 2 +- docs/guides/OCI/init.md | 19 ++- .../OCI/installing-customization-external.md | 22 ++- .../guides/OCI/installing-quickly-external.md | 150 +----------------- .../OCI/setting-registry-storage-bucket.md | 2 + docs/modules/cfg-env-cluster-aws.md | 19 --- docs/modules/cfg-env-distribution-okdscos.md | 1 + docs/modules/play-create_all.sh | 4 + docs/modules/play-destroy_cluster.md | 6 +- docs/modules/play-destroy_cluster.sh | 3 + docs/modules/pre-cfg-varfile-external.md | 6 + ...xternal.md => pre-cfg-varfile-external.sh} | 11 +- docs/modules/pre-cfg-varfile.md | 6 + ...cfg-okdc-varfile.md => pre-cfg-varfile.sh} | 13 +- docs/modules/pre-env-aws-none.md | 6 + docs/modules/pre-env-aws-none.sh | 3 + docs/modules/pre-env-cfg.md | 6 + docs/modules/pre-env-cfg.sh | 4 + docs/modules/pre-env-creds-aws.md | 6 + docs/modules/pre-env-creds-aws.sh | 4 + docs/modules/pre-env-distribution-ocp.md | 5 + docs/modules/pre-env-distribution-ocp.sh | 5 + docs/modules/pre-env-distribution-okd-fcos.md | 5 + docs/modules/pre-env-distribution-okd-fcos.sh | 5 + docs/modules/pre-env-distribution-okd-scos.md | 5 + docs/modules/pre-env-distribution-okd-scos.sh | 5 + docs/modules/pre-env-distributions.md | 9 ++ mkdocs.yaml | 20 ++- .../aws/profiles/SingleReplica/network.yaml | 8 +- roles/clients/defaults/main.yaml | 6 +- roles/config/defaults/main.yaml | 2 +- 37 files changed, 386 insertions(+), 287 deletions(-) create mode 100644 docs/guides/AWS/init.md create mode 100644 docs/guides/AWS/script/installing-quickly-agnostic.md delete mode 100644 docs/modules/cfg-env-cluster-aws.md create mode 100644 docs/modules/play-create_all.sh create mode 100644 docs/modules/play-destroy_cluster.sh create mode 100644 docs/modules/pre-cfg-varfile-external.md rename docs/modules/{cfg-okdc-varfile-external.md => pre-cfg-varfile-external.sh} (88%) create mode 100644 docs/modules/pre-cfg-varfile.md rename docs/modules/{cfg-okdc-varfile.md => pre-cfg-varfile.sh} (59%) create mode 100644 docs/modules/pre-env-aws-none.md create mode 100644 docs/modules/pre-env-aws-none.sh create mode 100644 docs/modules/pre-env-cfg.md create mode 100644 docs/modules/pre-env-cfg.sh create mode 100644 docs/modules/pre-env-creds-aws.md create mode 100644 docs/modules/pre-env-creds-aws.sh create mode 100644 docs/modules/pre-env-distribution-ocp.md create mode 100644 docs/modules/pre-env-distribution-ocp.sh create mode 100644 docs/modules/pre-env-distribution-okd-fcos.md create mode 100644 docs/modules/pre-env-distribution-okd-fcos.sh create mode 100644 docs/modules/pre-env-distribution-okd-scos.md create mode 100644 docs/modules/pre-env-distribution-okd-scos.sh create mode 100644 docs/modules/pre-env-distributions.md diff --git a/docs/guides/AWS/aws-sno.md b/docs/guides/AWS/aws-sno.md index 7087588..ad8450f 100644 --- a/docs/guides/AWS/aws-sno.md +++ b/docs/guides/AWS/aws-sno.md @@ -2,9 +2,9 @@ Install a single node replica OpenShift/OKD. -The steps will create every infrastrucure stack to deploy a SNO on the AWS provider. +The steps will create every infrastrucure stack to deploy a Single Replicas OKD/OpenShift on AWS. -The infra resources created will be: +The following describes the cloud infrastructure resources created: - VPC and it's subnets on a single AZ - Security Groups @@ -14,13 +14,15 @@ The infra resources created will be: ## Deployment considerations -The deployment described in this document is introducing a more performant disk layout to avoid disruptions and concurrency between resources on the same disk (by default). The disk layout is when using EC2 instance `m6id.xlarge`: +The deployment described in this document introduces a more performant disk layout to avoid disruptions and concurrency between resources in the same disk (by default), considering the capacity isolation. + +The following disk layout is used when deploying in EC2 instance with `m6id.xlarge`: - Ephemeral disk (local storage) for `/var/lib/containers` -- Dedicated etcd EBS mounted on `/var/lib/etcd` +- Dedicated etcd mounted in `/var/lib/etcd` in the second EBS using gp3 ```text -$ cat ~/opct/results/opct-sno-aws/sno2-run-lsblk.txt +$ cat ~/results/opct-sno-aws/sno2-run-lsblk.txt NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT nvme0n1 259:0 0 128G 0 disk |-nvme0n1p1 259:4 0 1M 0 part @@ -34,26 +36,31 @@ nvme2n1 259:2 0 220.7G 0 disk /var/lib/containers Using this layout we decreased the amount of memory used by monitoring stack (Prometheus), and, consequently the etcd when using a single/shared-disk deployment. The API disruptions decreased drastically, allowing to use smaller instance types with 16GiB of RAM and 4 vCPU. -Steps: +> TODO add metrics/graphs from the before/after improvements. + +## Steps - Generate the SNO ignitions - Create the Stacks: Network, IAM, DNS, LB - Create the Compute with ignition +### Create the configuration variables -## Create the configuration variables +Create the okd-installer configuration: ```bash -cat < ./vars-sno.yaml +VARS_FILE=./vars-sno.yaml +cat << EOF > $VARS_FILE provider: aws cluster_name: sno-aws +version: 4.14.0-rc.0 config_base_domain: devcluster.openshift.com config_ssh_key: "$(cat ~/.ssh/id_rsa.pub)" config_pull_secret_file: ${HOME}/.openshift/pull-secret-latest.json config_cluster_region: us-east-1 -cluster_profile: sno +cluster_profile: SingleReplica create_worker: no destroy_bootstrap: no @@ -72,7 +79,7 @@ config_bootstrapinplace_disk: /dev/nvme0n1 #- t4g.xlarge: ~98/od 29/spot #- m6gd.xlarge: ~131/od ~52/spot #- r6gd.2xlaarge: ~168/od ~62/spot -controlplane_instance: m6id.xlarge +controlplane_instance: m6id.2xlarge # Patch manifests to: # 1) mount ephemeral disk on /var/lib/containers @@ -89,100 +96,44 @@ cfg_patch_mc_varlibcontainers: machineconfiguration_roles: - master -# TODO: create cfg for patch mc_varlibetcd to receive the disk - EOF ``` -## Client - -See [Install the Clients](./install-openshift-install.md) - -## Config - -Create the installation configuration: - -```bash -ansible-playbook mtulio.okd_installer.config \ - -e mode=create \ - -e @./vars-sno.yaml -``` - -## Deploy each stack (optional) - -> the playbook `create_all` can be used to deploy all stacks - -- Network Stack - -```bash -ansible-playbook mtulio.okd_installer.stack_network \ - -e @./vars-sno.yaml -``` - -- IAM Stack - - -```bash -ansible-playbook mtulio.okd_installer.stack_iam \ - -e @./vars-sno.yaml -``` - -- DNS Stack +Where: -```bash -ansible-playbook mtulio.okd_installer.stack_dns \ - -e @./vars-sno.yaml -``` - -- Load Balancer Stack +- `cluster_profile: sno`: ... +- `create_worker: no`: ... +- `destroy_bootstrap: no`: ... +- `config_patches`: ... +- `cfg_patch_mc_varlibcontainers`: ... -```bash -ansible-playbook mtulio.okd_installer.stack_loadbalancer \ - -e @./vars-sno.yaml -``` -- Compute Stack: Deploy the bootstrap node +### create cluster -- Create the Bootstrap Node +- Create cluster: ```bash -ansible-playbook mtulio.okd_installer.create_node \ - -e @./vars-sno.yaml \ - -e node_role=controlplane +ansible-playbook mtulio.okd_installer.create_all -e @$VARS_FILE ``` -## Deploy cluster - -Deploy a cluster creating all the resources with a single execution/playbook: - -> This steps will deploy all the stacks - -```bash -ansible-playbook mtulio.okd_installer.create_all \ - -e @./vars-sno.yaml -``` - -You can check when the bootstrap finished, or the Single Replica node have joined to the cluster: +- Check resources: ```bash $ KUBECONFIG=$HOME/.ansible/okd-installer/clusters/opct-sno/auth/kubeconfig oc get nodes NAME STATUS ROLES AGE VERSION ip-10-0-50-187 Ready control-plane,master,tests,worker 24m v1.25.4+77bec7a +$ KUBECONFIG=$HOME/.ansible/okd-installer/clusters/opct-sno/auth/kubeconfig oc get co ``` -The you can destroy the bootstrap node: - -> Alternatively you can opt to remove the flag `destroy_bootstrap` to your var file +- Destroy the bootstrap node: ```bash -ansible-playbook mtulio.okd_installer.destroy_bootstrap \ - -e @./vars-sno.yaml +ansible-playbook mtulio.okd_installer.destroy_bootstrap -e @$VARS_FILE ``` ## Destroy ```bash -ansible-playbook mtulio.okd_installer.destroy_cluster \ - -e @./vars-sno.yaml -``` +ansible-playbook mtulio.okd_installer.destroy_cluster -e @$VARS_FILE +``` \ No newline at end of file diff --git a/docs/guides/AWS/index.md b/docs/guides/AWS/index.md index 91bc5e9..faba59a 100644 --- a/docs/guides/AWS/index.md +++ b/docs/guides/AWS/index.md @@ -1,4 +1,20 @@ # OKD/OCP guides for Amazon Web Services (AWS) -!!! warning "Oops... TODO / WIP page" - This page is not completed! \ No newline at end of file +!!! warning "Developer Preview" + This document is available only for development preview. + +Available guides for OKD/OCP on Amazon Web Services (AWS): + +- [Requirements](./init.md) +- [Installing a cluster quickly on OCI with platform agnostic (None)](./installing-quickly-agnostic.md) +- [AWS Single Node Openshift/OKD (SingleReplica Topology)](./aws-sno.md) + +!!! danger "Outdated documents" + The following guides could be outdated are not working with the current version. + +Review in progress: + +- [OKD Install Guide on AWS provider with platform agnostic](./aws-agnostic.md) +- [OKD Install on AWS provider with UPI](./aws-upi.md) +- [OKD Install on AWS provider with UPI](./aws-upi-byo-network.md) +- [Install OKD/OCP cluster on AWS with Agnostic Platform (None) BYO LB](./aws-agnostic-byo-lb.md) diff --git a/docs/guides/AWS/init.md b/docs/guides/AWS/init.md new file mode 100644 index 0000000..cf7497f --- /dev/null +++ b/docs/guides/AWS/init.md @@ -0,0 +1,4 @@ +# Prerequisites AWS + +!!! warning "TODO" + Describe the prerequisites \ No newline at end of file diff --git a/docs/guides/AWS/installing-quickly-agnostic.md b/docs/guides/AWS/installing-quickly-agnostic.md index dc3ae62..c6a47e8 100644 --- a/docs/guides/AWS/installing-quickly-agnostic.md +++ b/docs/guides/AWS/installing-quickly-agnostic.md @@ -1,14 +1,24 @@ +# Installing a cluster quickly on OCI with platform agnostic (None) The steps below describes how to validate the OpenShift cluster installed in an agnostic installation using standard topology. ## Prerequisites ---8<-- "docs/modules/cfg-env-cluster-aws.md" +--8<-- "docs/modules/pre-env-creds-aws.md" ---8<-- "docs/modules/cfg-env-distribution-okdscos.md" +## Setup ---8<-- "docs/modules/cfg-okdc-varfile.md" +--8<-- "docs/modules/pre-env-distributions.md" + +### Export the emvironment variables for cloud provider + +--8<-- "docs/modules/pre-env-aws-none.md" +--8<-- "docs/modules/pre-env-cfg.md" + +### Create the okd-installer var file + +--8<-- "docs/modules/pre-cfg-varfile.md" ## Install diff --git a/docs/guides/AWS/script/installing-quickly-agnostic.md b/docs/guides/AWS/script/installing-quickly-agnostic.md new file mode 100644 index 0000000..7c9e187 --- /dev/null +++ b/docs/guides/AWS/script/installing-quickly-agnostic.md @@ -0,0 +1,29 @@ +# Installing a cluster quickly on OCI with platform agnostic (None) + +Script containing all steps described in the guide. + +## Requirements + +```bash +--8<-- "docs/modules/pre-env-creds-aws.sh" +``` + +## Install + +```bash +--8<-- "docs/modules/pre-env-distribution-ocp.sh" + +--8<-- "docs/modules/pre-env-aws-none.sh" + +--8<-- "docs/modules/pre-env-cfg.sh" + +--8<-- "docs/modules/pre-cfg-varfile.sh" + +--8<-- "docs/modules/play-create_all.sh" +``` + +## Destroy + +```bash +--8<-- "docs/modules/play-destroy_cluster.sh" +``` \ No newline at end of file diff --git a/docs/guides/OCI/hack/dev-platform-external-custom-release.md b/docs/guides/OCI/hack/dev-platform-external-custom-release.md index c8e7e0b..540f93c 100644 --- a/docs/guides/OCI/hack/dev-platform-external-custom-release.md +++ b/docs/guides/OCI/hack/dev-platform-external-custom-release.md @@ -163,4 +163,127 @@ podman tag "${NEW_RELEASE_IMAGE}:latest" \ ```bash OPENSHIFT_INSTALL_RELEASE_IMAGE_OVERRIDE: "quay.io/mrbraga/ocp-release:4.13.0-rc.0-x86_64_platexternal-kcmo-mco-3cmo" \ openshift-install create cluster --dir my-install-dir/ +``` + +## Usage custom release in this collection + +### Installing 4.14 with CCM + +- OCP 4.14-nightly-patched_CMO + Platform External + OCI + CSI +```bash +CLUSTER_NAME=oci-ext108 +VARS_FILE=./vars-oci-ha_${CLUSTER_NAME}.yaml + +cat < ${VARS_FILE} +provider: oci +cluster_name: ${CLUSTER_NAME} +config_cluster_region: us-sanjose-1 + +release_image: quay.io/mrbraga/ocp-release +release_version: 4.14.0-0.nightly-2023-07-05-071214 + +config_platform: external +config_platform_spec: '{"platformName":"oci"}' + +config_installer_environment: + OPENSHIFT_INSTALL_RELEASE_IMAGE_OVERRIDE: "quay.io/mrbraga/ocp-release:4.14.0-0.nightly-2023-07-05-071214" + +config_featureset: TechPreviewNoUpgrade +config_base_domain: splat-oci.devcluster.openshift.com +config_ssh_key: "$(cat ~/.ssh/openshift-dev.pub)" +config_pull_secret_file: "${HOME}/.openshift/pull-secret-latest.json" + +cluster_profile: ha +destroy_bootstrap: no + +oci_compartment_id: ${OCI_COMPARTMENT_ID} +oci_compartment_id_dns: ${OCI_COMPARTMENT_ID_DNS} +oci_compartment_id_image: ${OCI_COMPARTMENT_ID_IMAGE} +oci_ccm_namespace: oci-cloud-controller-manager + +# Define the OS Image mirror +os_mirror: yes +os_mirror_from: stream_artifacts +os_mirror_stream: + architecture: x86_64 + artifact: openstack + format: qcow2.gz + +os_mirror_to_provider: oci +os_mirror_to_oci: + compartment_id: ${OCI_COMPARTMENT_ID_IMAGE} + bucket: rhcos-images + image_type: QCOW2 + +# Available manifest paches (runs after 'create manifest' stage) +config_patches: +- rm-capi-machines +- mc-kubelet-providerid +- deploy-oci-ccm +- deploy-oci-csi + +# MachineConfig to set the Kubelet environment. Will use this script to discover the ProviderID +cfg_patch_kubelet_providerid_script: | + PROVIDERID=\$(curl -H "Authorization: Bearer Oracle" -sL http://169.254.169.254/opc/v2/instance/ | jq -r .id); +EOF +``` + + +- OKD SCOS 4.14-nightly-patched_CMO + Platform External + OCI + CSI +```bash +CLUSTER_NAME=oci-ext107 +VARS_FILE=./vars-oci-ha_${CLUSTER_NAME}.yaml + +cat < ${VARS_FILE} +provider: oci +cluster_name: ${CLUSTER_NAME} +config_cluster_region: us-sanjose-1 + +release_image: quay.io/mrbraga/ocp-release +release_version: 4.14.0-0.nightly-2023-07-05-071214 + +config_platform: external +config_platform_spec: '{"platformName":"oci"}' + +config_installer_environment: + OPENSHIFT_INSTALL_RELEASE_IMAGE_OVERRIDE: "quay.io/mrbraga/ocp-release:4.14.0-0.nightly-2023-07-05-071214" + +config_featureset: TechPreviewNoUpgrade +config_base_domain: splat-oci.devcluster.openshift.com +config_ssh_key: "$(cat ~/.ssh/openshift-dev.pub)" +config_pull_secret_file: "${HOME}/.openshift/pull-secret-okd-fake.json" + +cluster_profile: ha +destroy_bootstrap: no + +oci_compartment_id: ${OCI_COMPARTMENT_ID} +oci_compartment_id_dns: ${OCI_COMPARTMENT_ID_DNS} +oci_compartment_id_image: ${OCI_COMPARTMENT_ID_IMAGE} +oci_ccm_namespace: oci-cloud-controller-manager + +# Define the OS Image mirror +os_mirror: yes +os_mirror_from: stream_artifacts +os_mirror_stream: + architecture: x86_64 + artifact: openstack + format: qcow2.gz + +os_mirror_to_provider: oci +os_mirror_to_oci: + compartment_id: ${OCI_COMPARTMENT_ID_IMAGE} + bucket: rhcos-images + image_type: QCOW2 + +# Available manifest paches (runs after 'create manifest' stage) +config_patches: +- rm-capi-machines +- mc-kubelet-providerid +- deploy-oci-ccm +- deploy-oci-csi + +# MachineConfig to set the Kubelet environment. Will use this script to discover the ProviderID +cfg_patch_kubelet_providerid_script: | + PROVIDERID=\$(curl -H "Authorization: Bearer Oracle" -sL http://169.254.169.254/opc/v2/instance/ | jq -r .id); +EOF ``` \ No newline at end of file diff --git a/docs/guides/OCI/index.md b/docs/guides/OCI/index.md index 398ce82..8ddf947 100644 --- a/docs/guides/OCI/index.md +++ b/docs/guides/OCI/index.md @@ -5,7 +5,7 @@ The [PR #26](https://github.com/mtulio/ansible-collection-okd-installer/pull/26)is under development and is subject to change the whole document described under OCI guides. -Guides for OKD/OCP in Oracle Cloud Infrastructure (OCI): +Guides for OKD/OCP on Oracle Cloud Infrastructure (OCI): - [Requirements](./init.md) - [Installing a cluster quickly on OCI with platform agnostic (None)](./installing-quickly-agnostic.md) diff --git a/docs/guides/OCI/init.md b/docs/guides/OCI/init.md index 5de7b68..32b6d5a 100644 --- a/docs/guides/OCI/init.md +++ b/docs/guides/OCI/init.md @@ -1,4 +1,4 @@ -# OCI PoC - Prerequisites +# Prerequisites OCI (PoC) The steps described on this document can be changed from the final version. @@ -87,3 +87,20 @@ ansible localhost \ ``` Ansible should return the user attributes, otherwise check your credentials. + + +## Export the Compartment used to deploy the cluster + +```bash +cat < ~/.oci/env +# Compartment that the cluster will be installed +OCI_COMPARTMENT_ID="" + +# Compartment that the DNS Zone is created (based domain) +OCI_COMPARTMENT_ID_DNS="" + +# Compartment that the OS Image will be created +OCI_COMPARTMENT_ID_IMAGE="" +EOF +source ~/.oci/env +``` \ No newline at end of file diff --git a/docs/guides/OCI/installing-customization-external.md b/docs/guides/OCI/installing-customization-external.md index ebad665..21c148a 100644 --- a/docs/guides/OCI/installing-customization-external.md +++ b/docs/guides/OCI/installing-customization-external.md @@ -1,3 +1,23 @@ > TODO: -- describe the step-by-step to create a cluster customizing CCM manifests (using from OCI CCM repo) to deploy OKD/OCP \ No newline at end of file +- describe the step-by-step to create a cluster customizing CCM manifests (using from OCI CCM repo) to deploy OKD/OCP + + +```bash +ansible-playbook mtulio.okd_installer.install_clients -e @$VARS_FILE +ansible-playbook mtulio.okd_installer.config -e mode=create-config -e @$VARS_FILE +ansible-playbook mtulio.okd_installer.config -e mode=create-manifests -e @$VARS_FILE +ansible-playbook mtulio.okd_installer.stack_network -e @$VARS_FILE +ansible-playbook mtulio.okd_installer.stack_dns -e @$VARS_FILE +ansible-playbook mtulio.okd_installer.stack_loadbalancer -e @$VARS_FILE +ansible-playbook mtulio.okd_installer.config -e mode=patch-manifests -e @$VARS_FILE +ansible-playbook mtulio.okd_installer.config -e mode=create-ignitions -e @$VARS_FILE +ansible-playbook mtulio.okd_installer.os_mirror -e @$VARS_FILE +ansible-playbook mtulio.okd_installer.create_node -e node_role=bootstrap -e @$VARS_FILE +ansible-playbook mtulio.okd_installer.create_node -e node_role=controlplane -e @$VARS_FILE +ansible-playbook mtulio.okd_installer.create_node -e node_role=compute -e @$VARS_FILE +export KUBECONFIG=${HOME}/.ansible/okd-installer/clusters/${CLUSTER_NAME}/auth/kubeconfig +oc adm certificate approve $(oc get csr -o json |jq -r '.items[] | select(.status.certificate == null).metadata.name') + +ansible-playbook mtulio.okd_installer.destroy_cluster -e @$VARS_FILE +``` \ No newline at end of file diff --git a/docs/guides/OCI/installing-quickly-external.md b/docs/guides/OCI/installing-quickly-external.md index 8dc4b5d..d542526 100644 --- a/docs/guides/OCI/installing-quickly-external.md +++ b/docs/guides/OCI/installing-quickly-external.md @@ -2,10 +2,12 @@ Install an OCP cluster in OCI with Platform External as an option and OCI Cloud Controler Manager. -## Requirements +## Prerequisites - okd-installer Collection with [OCI dependencies installed](./oci-prerequisites.md): -- Child Compartment created in Oracle Cloud Console to install the cluster, place the DNS zone and compute images +- Compartments used to create the cluster created and exported to variable `${}` +- DNS Zone place the DNS zone and exported to variable `${}` +- Compartment used to store the RHCOS image exported to variable `${}` ## OCP Cluster Setup on OCI @@ -99,148 +101,4 @@ ansible-playbook mtulio.okd_installer.create_all \ ```bash ansible-playbook mtulio.okd_installer.destroy_cluster -e @$VARS_FILE -``` - -### Steps by playbook - -```bash -ansible-playbook mtulio.okd_installer.install_clients -e @$VARS_FILE -ansible-playbook mtulio.okd_installer.config -e mode=create-config -e @$VARS_FILE -ansible-playbook mtulio.okd_installer.config -e mode=create-manifests -e @$VARS_FILE -ansible-playbook mtulio.okd_installer.stack_network -e @$VARS_FILE -ansible-playbook mtulio.okd_installer.stack_dns -e @$VARS_FILE -ansible-playbook mtulio.okd_installer.stack_loadbalancer -e @$VARS_FILE -ansible-playbook mtulio.okd_installer.config -e mode=patch-manifests -e @$VARS_FILE -ansible-playbook mtulio.okd_installer.config -e mode=create-ignitions -e @$VARS_FILE -ansible-playbook mtulio.okd_installer.os_mirror -e @$VARS_FILE -ansible-playbook mtulio.okd_installer.create_node -e node_role=bootstrap -e @$VARS_FILE -ansible-playbook mtulio.okd_installer.create_node -e node_role=controlplane -e @$VARS_FILE -ansible-playbook mtulio.okd_installer.create_node -e node_role=compute -e @$VARS_FILE -export KUBECONFIG= -oc adm certificate approve $(oc get csr -o json |jq -r '.items[] | select(.status.certificate == null).metadata.name') - -ansible-playbook mtulio.okd_installer.destroy_cluster -e @$VARS_FILE -``` - -## Examples - -### Installing 4.14 with CCM - -- OCP 4.14-nightly-patched_CMO + Platform External + OCI + CSI -```bash -CLUSTER_NAME=oci-ext108 -VARS_FILE=./vars-oci-ha_${CLUSTER_NAME}.yaml - -cat < ${VARS_FILE} -provider: oci -cluster_name: ${CLUSTER_NAME} -config_cluster_region: us-sanjose-1 - -release_image: quay.io/mrbraga/ocp-release -release_version: 4.14.0-0.nightly-2023-07-05-071214 - -config_platform: external -config_platform_spec: '{"platformName":"oci"}' - -config_installer_environment: - OPENSHIFT_INSTALL_RELEASE_IMAGE_OVERRIDE: "quay.io/mrbraga/ocp-release:4.14.0-0.nightly-2023-07-05-071214" - -config_featureset: TechPreviewNoUpgrade -config_base_domain: splat-oci.devcluster.openshift.com -config_ssh_key: "$(cat ~/.ssh/openshift-dev.pub)" -config_pull_secret_file: "${HOME}/.openshift/pull-secret-latest.json" - -cluster_profile: ha -destroy_bootstrap: no - -oci_compartment_id: ${OCI_COMPARTMENT_ID} -oci_compartment_id_dns: ${OCI_COMPARTMENT_ID_DNS} -oci_compartment_id_image: ${OCI_COMPARTMENT_ID_IMAGE} -oci_ccm_namespace: oci-cloud-controller-manager - -# Define the OS Image mirror -os_mirror: yes -os_mirror_from: stream_artifacts -os_mirror_stream: - architecture: x86_64 - artifact: openstack - format: qcow2.gz - -os_mirror_to_provider: oci -os_mirror_to_oci: - compartment_id: ${OCI_COMPARTMENT_ID_IMAGE} - bucket: rhcos-images - image_type: QCOW2 - -# Available manifest paches (runs after 'create manifest' stage) -config_patches: -- rm-capi-machines -- mc-kubelet-providerid -- deploy-oci-ccm -- deploy-oci-csi - -# MachineConfig to set the Kubelet environment. Will use this script to discover the ProviderID -cfg_patch_kubelet_providerid_script: | - PROVIDERID=\$(curl -H "Authorization: Bearer Oracle" -sL http://169.254.169.254/opc/v2/instance/ | jq -r .id); -EOF -``` - - -- OKD SCOS 4.14-nightly-patched_CMO + Platform External + OCI + CSI -```bash -CLUSTER_NAME=oci-ext107 -VARS_FILE=./vars-oci-ha_${CLUSTER_NAME}.yaml - -cat < ${VARS_FILE} -provider: oci -cluster_name: ${CLUSTER_NAME} -config_cluster_region: us-sanjose-1 - -release_image: quay.io/mrbraga/ocp-release -release_version: 4.14.0-0.nightly-2023-07-05-071214 - -config_platform: external -config_platform_spec: '{"platformName":"oci"}' - -config_installer_environment: - OPENSHIFT_INSTALL_RELEASE_IMAGE_OVERRIDE: "quay.io/mrbraga/ocp-release:4.14.0-0.nightly-2023-07-05-071214" - -config_featureset: TechPreviewNoUpgrade -config_base_domain: splat-oci.devcluster.openshift.com -config_ssh_key: "$(cat ~/.ssh/openshift-dev.pub)" -config_pull_secret_file: "${HOME}/.openshift/pull-secret-okd-fake.json" - -cluster_profile: ha -destroy_bootstrap: no - -oci_compartment_id: ${OCI_COMPARTMENT_ID} -oci_compartment_id_dns: ${OCI_COMPARTMENT_ID_DNS} -oci_compartment_id_image: ${OCI_COMPARTMENT_ID_IMAGE} -oci_ccm_namespace: oci-cloud-controller-manager - -# Define the OS Image mirror -os_mirror: yes -os_mirror_from: stream_artifacts -os_mirror_stream: - architecture: x86_64 - artifact: openstack - format: qcow2.gz - -os_mirror_to_provider: oci -os_mirror_to_oci: - compartment_id: ${OCI_COMPARTMENT_ID_IMAGE} - bucket: rhcos-images - image_type: QCOW2 - -# Available manifest paches (runs after 'create manifest' stage) -config_patches: -- rm-capi-machines -- mc-kubelet-providerid -- deploy-oci-ccm -- deploy-oci-csi - -# MachineConfig to set the Kubelet environment. Will use this script to discover the ProviderID -cfg_patch_kubelet_providerid_script: | - PROVIDERID=\$(curl -H "Authorization: Bearer Oracle" -sL http://169.254.169.254/opc/v2/instance/ | jq -r .id); -EOF ``` \ No newline at end of file diff --git a/docs/guides/OCI/setting-registry-storage-bucket.md b/docs/guides/OCI/setting-registry-storage-bucket.md index 6befb8e..859f4dd 100644 --- a/docs/guides/OCI/setting-registry-storage-bucket.md +++ b/docs/guides/OCI/setting-registry-storage-bucket.md @@ -2,6 +2,8 @@ > WIP +https://docs.okd.io/latest/registry/configuring_registry_storage/configuring-registry-storage-aws-user-infrastructure.html + Steps to use the OCI S3 Compatibility API to set the persistent storage for the OpenShift Image Registry with OCI Bucket service. Steps: diff --git a/docs/modules/cfg-env-cluster-aws.md b/docs/modules/cfg-env-cluster-aws.md deleted file mode 100644 index d61d4c5..0000000 --- a/docs/modules/cfg-env-cluster-aws.md +++ /dev/null @@ -1,19 +0,0 @@ - -### Required environment variables - -Export the variables related to the cluster: - -```bash -# Cluster Install Configuration -CLUSTER_NAME="mycluster" - -# Provider Information -PROVIDER=aws -CLUSTER_REGION=us-east-1 -CLUSTER_DOMAIN="aws.example.com" - -# AWS Credentials -AWS_ACCESS_KEY_ID="AK..." -AWS_SECRET_ACCESS_KEY="[superSecret]" -AWS_DEFAULT_REGION="${CLUSTER_REGION}" -``` \ No newline at end of file diff --git a/docs/modules/cfg-env-distribution-okdscos.md b/docs/modules/cfg-env-distribution-okdscos.md index 5fd2be3..6ed31d4 100644 --- a/docs/modules/cfg-env-distribution-okdscos.md +++ b/docs/modules/cfg-env-distribution-okdscos.md @@ -6,6 +6,7 @@ To obtain the openshift installer and client, visit releases for stable versions Export the variables related to deployment environment: ```bash +## Distribution information DISTRIBUTION="okd" RELEASE_REPO=quay.io/okd/scos-release VERSION=4.14.0-0.okd-scos-2023-08-17-022029 diff --git a/docs/modules/play-create_all.sh b/docs/modules/play-create_all.sh new file mode 100644 index 0000000..f8a306d --- /dev/null +++ b/docs/modules/play-create_all.sh @@ -0,0 +1,4 @@ +ansible-playbook mtulio.okd_installer.create_all \ + -e cert_max_retries=30 \ + -e cert_wait_interval_sec=60 \ + -e @$VARS_FILE \ No newline at end of file diff --git a/docs/modules/play-destroy_cluster.md b/docs/modules/play-destroy_cluster.md index f711439..f706ac8 100644 --- a/docs/modules/play-destroy_cluster.md +++ b/docs/modules/play-destroy_cluster.md @@ -1,7 +1,5 @@ -## Destroy cluster +### Destroy cluster ```bash -ansible-playbook mtulio.okd_installer.destroy_cluster \ - -e provider=${CONFIG_PROVIDER} \ - -e cluster_name=${CONFIG_CLUSTER_NAME} +--8<-- "docs/modules/play-destroy_cluster.sh" ``` \ No newline at end of file diff --git a/docs/modules/play-destroy_cluster.sh b/docs/modules/play-destroy_cluster.sh new file mode 100644 index 0000000..bfb6134 --- /dev/null +++ b/docs/modules/play-destroy_cluster.sh @@ -0,0 +1,3 @@ +ansible-playbook mtulio.okd_installer.destroy_cluster \ + -e provider=${CONFIG_PROVIDER} \ + -e cluster_name=${CONFIG_CLUSTER_NAME} \ No newline at end of file diff --git a/docs/modules/pre-cfg-varfile-external.md b/docs/modules/pre-cfg-varfile-external.md new file mode 100644 index 0000000..9b765e6 --- /dev/null +++ b/docs/modules/pre-cfg-varfile-external.md @@ -0,0 +1,6 @@ + +- okd-installer configuratoin for external platform type: + +```bash +--8<-- "docs/modules/pre-cfg-varfile-external.sh" +``` \ No newline at end of file diff --git a/docs/modules/cfg-okdc-varfile-external.md b/docs/modules/pre-cfg-varfile-external.sh similarity index 88% rename from docs/modules/cfg-okdc-varfile-external.md rename to docs/modules/pre-cfg-varfile-external.sh index bed4245..41f8ca1 100644 --- a/docs/modules/cfg-okdc-varfile-external.md +++ b/docs/modules/pre-cfg-varfile-external.sh @@ -1,8 +1,5 @@ - - -```bash # Platform External setup only -cat <> ${VARS_FILE} +cat << EOF >> ${VARS_FILE} # Define the OS Image mirror os_mirror: yes @@ -18,7 +15,6 @@ os_mirror_to_oci: bucket: rhcos-images image_type: QCOW2 - # Available manifest paches (runs after 'create manifest' stage) config_patches: - rm-capi-machines @@ -30,7 +26,4 @@ config_patches: cfg_patch_kubelet_providerid_script: | PROVIDERID=\$(curl -H "Authorization: Bearer Oracle" -sL http://169.254.169.254/opc/v2/instance/ | jq -r .id); -oci_ccm_namespace: oci-cloud-controller-manager - -EOF -``` \ No newline at end of file +oci_ccm_namespace: oci-cloud-controller-manager \ No newline at end of file diff --git a/docs/modules/pre-cfg-varfile.md b/docs/modules/pre-cfg-varfile.md new file mode 100644 index 0000000..b9ace88 --- /dev/null +++ b/docs/modules/pre-cfg-varfile.md @@ -0,0 +1,6 @@ + +- Create the basic configuration for okd-installer: + +```bash +--8<-- "docs/modules/pre-cfg-varfile.sh" +``` diff --git a/docs/modules/cfg-okdc-varfile.md b/docs/modules/pre-cfg-varfile.sh similarity index 59% rename from docs/modules/cfg-okdc-varfile.md rename to docs/modules/pre-cfg-varfile.sh index 461d75e..83cebb7 100644 --- a/docs/modules/cfg-okdc-varfile.md +++ b/docs/modules/pre-cfg-varfile.sh @@ -1,19 +1,16 @@ -### Create the vars file - -```bash +# okd-installer config cat < ${VARS_FILE} provider: ${PROVIDER} cluster_name: ${CLUSTER_NAME} config_cluster_region: ${CLUSTER_REGION} -config_cluster_version: 4.14.0-rc.0 -version: 4.14.0-rc.0 +config_cluster_version: ${VERSION} +version: ${VERSION} cluster_profile: ha destroy_bootstrap: no config_base_domain: ${CLUSTER_DOMAIN} config_ssh_key: "$(cat ~/.ssh/openshift-dev.pub)" -config_pull_secret_file: "${HOME}/.openshift/pull-secret-latest.json" -EOF -``` +config_pull_secret_file: "${PULL_SECRET_FILE}" +EOF \ No newline at end of file diff --git a/docs/modules/pre-env-aws-none.md b/docs/modules/pre-env-aws-none.md new file mode 100644 index 0000000..c6ac046 --- /dev/null +++ b/docs/modules/pre-env-aws-none.md @@ -0,0 +1,6 @@ + +- Set the Cloud Provider Name and the Platform Type (OKD/OpenShift): + +```bash +--8<-- "docs/modules/pre-env-aws-none.sh" +``` \ No newline at end of file diff --git a/docs/modules/pre-env-aws-none.sh b/docs/modules/pre-env-aws-none.sh new file mode 100644 index 0000000..8016a96 --- /dev/null +++ b/docs/modules/pre-env-aws-none.sh @@ -0,0 +1,3 @@ +# Provider Information +export CONFIG_PROVIDER=aws +export CONFIG_PLATFORM=none \ No newline at end of file diff --git a/docs/modules/pre-env-cfg.md b/docs/modules/pre-env-cfg.md new file mode 100644 index 0000000..1d92893 --- /dev/null +++ b/docs/modules/pre-env-cfg.md @@ -0,0 +1,6 @@ + +- Cluster configuration: + +```bash +--8<-- "docs/modules/pre-env-cfg.sh" +``` \ No newline at end of file diff --git a/docs/modules/pre-env-cfg.sh b/docs/modules/pre-env-cfg.sh new file mode 100644 index 0000000..4233e33 --- /dev/null +++ b/docs/modules/pre-env-cfg.sh @@ -0,0 +1,4 @@ +# Cluster Install Configuration +CLUSTER_NAME="mycluster" +CLUSTER_REGION=us-east-1 +CLUSTER_DOMAIN="aws.example.com" \ No newline at end of file diff --git a/docs/modules/pre-env-creds-aws.md b/docs/modules/pre-env-creds-aws.md new file mode 100644 index 0000000..efaee92 --- /dev/null +++ b/docs/modules/pre-env-creds-aws.md @@ -0,0 +1,6 @@ + +- AWS Credentials used by CLI: + +```bash +--8<-- "docs/modules/pre-env-creds-aws.sh" +``` \ No newline at end of file diff --git a/docs/modules/pre-env-creds-aws.sh b/docs/modules/pre-env-creds-aws.sh new file mode 100644 index 0000000..5c43bbf --- /dev/null +++ b/docs/modules/pre-env-creds-aws.sh @@ -0,0 +1,4 @@ +# AWS Credentials +AWS_ACCESS_KEY_ID="AK..." +AWS_SECRET_ACCESS_KEY="[superSecret]" +AWS_DEFAULT_REGION="${CLUSTER_REGION}" \ No newline at end of file diff --git a/docs/modules/pre-env-distribution-ocp.md b/docs/modules/pre-env-distribution-ocp.md new file mode 100644 index 0000000..a632607 --- /dev/null +++ b/docs/modules/pre-env-distribution-ocp.md @@ -0,0 +1,5 @@ +- **OpenShift**: + +```bash +--8<-- "docs/modules/pre-env-distribution-ocp.sh" +``` \ No newline at end of file diff --git a/docs/modules/pre-env-distribution-ocp.sh b/docs/modules/pre-env-distribution-ocp.sh new file mode 100644 index 0000000..9303929 --- /dev/null +++ b/docs/modules/pre-env-distribution-ocp.sh @@ -0,0 +1,5 @@ +DISTRIBUTION="ocp" +RELEASE_REPO="quay.io/openshift-release-dev/ocp-release" +VERSION="4.14.0-rc.0" +RELEASE_VERSION="${VERSION}-x86_64" +PULL_SECRET_FILE="${HOME}/.openshift/pull-secret-latest.json" \ No newline at end of file diff --git a/docs/modules/pre-env-distribution-okd-fcos.md b/docs/modules/pre-env-distribution-okd-fcos.md new file mode 100644 index 0000000..98a5a9f --- /dev/null +++ b/docs/modules/pre-env-distribution-okd-fcos.md @@ -0,0 +1,5 @@ +- **OKD with FCOS**: + +```bash +--8<-- "docs/modules/pre-env-distribution-okd-fcos.sh" +``` \ No newline at end of file diff --git a/docs/modules/pre-env-distribution-okd-fcos.sh b/docs/modules/pre-env-distribution-okd-fcos.sh new file mode 100644 index 0000000..5c4776e --- /dev/null +++ b/docs/modules/pre-env-distribution-okd-fcos.sh @@ -0,0 +1,5 @@ +DISTRIBUTION="okd" +RELEASE_REPO=quay.io/openshift/okd +VERSION=4.12.0-0.okd-2023-04-16-041331 +RELEASE_VERSION=$VERSION +PULL_SECRET_FILE="{{ playbook_dir }}/../tests/config/pull-secret-okd-fake.json" \ No newline at end of file diff --git a/docs/modules/pre-env-distribution-okd-scos.md b/docs/modules/pre-env-distribution-okd-scos.md new file mode 100644 index 0000000..14bca88 --- /dev/null +++ b/docs/modules/pre-env-distribution-okd-scos.md @@ -0,0 +1,5 @@ +- **OKD with SCOS**: + +```bash +--8<-- "docs/modules/pre-env-distribution-okd-scos.sh" +``` \ No newline at end of file diff --git a/docs/modules/pre-env-distribution-okd-scos.sh b/docs/modules/pre-env-distribution-okd-scos.sh new file mode 100644 index 0000000..facd296 --- /dev/null +++ b/docs/modules/pre-env-distribution-okd-scos.sh @@ -0,0 +1,5 @@ +DISTRIBUTION="okd" +RELEASE_REPO=quay.io/okd/scos-release +VERSION=4.13.0-0.okd-scos-2023-05-04-192252 +RELEASE_VERSION=$VERSION +PULL_SECRET_FILE="{{ playbook_dir }}/../tests/config/pull-secret-okd-fake.json" \ No newline at end of file diff --git a/docs/modules/pre-env-distributions.md b/docs/modules/pre-env-distributions.md new file mode 100644 index 0000000..6f436ae --- /dev/null +++ b/docs/modules/pre-env-distributions.md @@ -0,0 +1,9 @@ +### Select the Distribution + +> For development releases, visit the Release Controller For [OKD](https://amd64.origin.releases.ci.openshift.org/) and [OpenShift](https://openshift-release.apps.ci.l2s4.p1.openshiftapps.com/) + +--8<-- "docs/modules/pre-env-distribution-ocp.md" + +--8<-- "docs/modules/pre-env-distribution-okd-scos.md" + +--8<-- "docs/modules/pre-env-distribution-okd-fcos.md" \ No newline at end of file diff --git a/mkdocs.yaml b/mkdocs.yaml index f4cf6fd..80e84d7 100644 --- a/mkdocs.yaml +++ b/mkdocs.yaml @@ -38,6 +38,9 @@ theme: - search.suggest - content.tabs.link + # copy clipboard + - content.code.copy + font: text: Roboto code: Roboto Mono @@ -68,6 +71,14 @@ markdown_extensions: - pymdownx.snippets: check_paths: true + # copy clipboard feature (content.code.copy) + - pymdownx.highlight: + anchor_linenums: true + line_spans: __span + pygments_lang_class: true + - pymdownx.inlinehilite + - pymdownx.superfences + nav: - Home: - index.md @@ -76,11 +87,14 @@ nav: - guides/index.md - AWS: - guides/AWS/index.md - - Installing HA Topology with UPI: guides/AWS/aws-upi.md - - Installing HA Topology with UPI and Platform Agnostic: guides/AWS/aws-agnostic.md + - guides/AWS/installing-quickly-agnostic.md - Installing SNO with Ephemeral storage: guides/AWS/aws-sno.md + - Scripts: + - guides/AWS/script/installing-quickly-agnostic.md + - "-> Review In Progress:": TODO.md + - Installing HA Topology with UPI and Platform Agnostic: guides/AWS/aws-agnostic.md + - Installing HA Topology with UPI: guides/AWS/aws-upi.md - Installing HA Topology UPI BYO Network: guides/AWS/aws-upi-byo-network.md - - Oracle Cloud Infrastructure: - guides/OCI/index.md - "Requirements": guides/OCI/init.md diff --git a/playbooks/vars/aws/profiles/SingleReplica/network.yaml b/playbooks/vars/aws/profiles/SingleReplica/network.yaml index 54d13d3..e4cfc8a 100644 --- a/playbooks/vars/aws/profiles/SingleReplica/network.yaml +++ b/playbooks/vars/aws/profiles/SingleReplica/network.yaml @@ -84,7 +84,7 @@ cloud_networks: - name: "{{ cluster_state.infra_id }}-vpc" block: "{{ okd_net_default_cidr }}" provider: aws - region: "{{ provider_region }}" + region: "{{ cluster_state.region }}" security_groups: "{{ security_groups | d([]) }}" tags: "{{ cluster_state.tags | d({}) }}" @@ -109,20 +109,20 @@ cloud_networks: subnets: - name: "{{ cluster_state.infra_id }}-net-public-1a" - az: "{{ provider_region }}a" + az: "{{ cluster_state.region }}a" cidr: 10.0.16.0/22 route_table: "{{ cluster_state.infra_id }}-rt-public" map_public: yes - name: "{{ cluster_state.infra_id }}-net-private-1a" - az: "{{ provider_region }}a" + az: "{{ cluster_state.region }}a" cidr: 10.0.48.0/22 route_table: "{{ cluster_state.infra_id }}-rt-private" map_public: no endpoint_services: - name: s3 - service: "com.amazonaws.{{ provider_region }}.s3" + service: "com.amazonaws.{{ cluster_state.region }}.s3" route_tables: - "{{ cluster_state.infra_id }}-rt-public" - "{{ cluster_state.infra_id }}-rt-private" diff --git a/roles/clients/defaults/main.yaml b/roles/clients/defaults/main.yaml index 7a09276..2537a7f 100644 --- a/roles/clients/defaults/main.yaml +++ b/roles/clients/defaults/main.yaml @@ -5,17 +5,15 @@ distro_image: ocp: "quay.io/openshift-release-dev/ocp-release" release_arch: x86_64 -default_version: 4.13.0 +default_version: 4.14.0-rc.0 # OCP release version has the arch on the sufix # https://openshift-release.apps.ci.l2s4.p1.openshiftapps.com/ # OKD does not have the arch on suffix # https://amd64.origin.releases.ci.openshift.org/ -# Example: release_version: 4.11.0-0.okd-2022-08-20-022919 +# Example: release_version: 4.14.0-0.okd-scos-2023-08-17-022029 release_version: "{{ version | d(default_version) }}-{{ release_arch }}" -# https://amd64.origin.releases.ci.openshift.org/ release_image: "quay.io/openshift-release-dev/ocp-release" - release_image_version_arch: "{{ release_image }}:{{ release_version }}" workdir: "{{ lookup('env', 'HOME') }}/.ansible/okd-installer" diff --git a/roles/config/defaults/main.yaml b/roles/config/defaults/main.yaml index f55270b..4212cb8 100644 --- a/roles/config/defaults/main.yaml +++ b/roles/config/defaults/main.yaml @@ -41,7 +41,7 @@ config_networking_clusternetwork: config_networking_machinenetwork: - cidr: 10.0.0.0/16 -config_networking_networktype: OpenShiftSDN +config_networking_networktype: OVNKubernetes config_networking_servicenetwork: - 172.30.0.0/16 From dc65c906c8f252b21320dce261f3fbcdb9960ffe Mon Sep 17 00:00:00 2001 From: Marco Braga Date: Fri, 22 Sep 2023 18:34:49 -0300 Subject: [PATCH 25/39] update doc/guides for AWS and OCI --- .../guides/AWS/installing-quickly-agnostic.md | 11 ++++++ .../guides/OCI/installing-quickly-external.md | 34 ++++++++++++++++--- docs/modules/play-destroy_cluster.sh | 4 +-- docs/modules/pre-cfg-varfile.sh | 3 +- .../HighlyAvailable/node-bootstrap.yaml | 2 +- .../HighlyAvailable/node-compute.yaml | 2 +- .../HighlyAvailable/node-controlplane.yaml | 2 +- 7 files changed, 47 insertions(+), 11 deletions(-) diff --git a/docs/guides/AWS/installing-quickly-agnostic.md b/docs/guides/AWS/installing-quickly-agnostic.md index c6a47e8..87ebb67 100644 --- a/docs/guides/AWS/installing-quickly-agnostic.md +++ b/docs/guides/AWS/installing-quickly-agnostic.md @@ -20,6 +20,17 @@ in an agnostic installation using standard topology. --8<-- "docs/modules/pre-cfg-varfile.md" +- Discovery the AMI: + +```bash +cat < ${VARS_FILE} +# discovery AMI ID: ~/.ansible/okd-installer/bin/openshift-install-linux-4.14.0-rc.0 coreos print-stream-json | jq -r '.architectures.x86_64.images.aws.regions["us-east-1"].image' +custom_image_id: ami-0a4a3456fc86deabc +EOF +``` + + + ## Install --8<-- "docs/modules/play-create_all.md" diff --git a/docs/guides/OCI/installing-quickly-external.md b/docs/guides/OCI/installing-quickly-external.md index d542526..9d3b873 100644 --- a/docs/guides/OCI/installing-quickly-external.md +++ b/docs/guides/OCI/installing-quickly-external.md @@ -9,9 +9,9 @@ Install an OCP cluster in OCI with Platform External as an option and OCI Cloud - DNS Zone place the DNS zone and exported to variable `${}` - Compartment used to store the RHCOS image exported to variable `${}` -## OCP Cluster Setup on OCI +## Setup with Platform External type and CCM -### Create the vars file +Create the vars file for okd-installer collection: ```bash cat < ~/.oci/env @@ -88,7 +88,7 @@ oci_ccm_namespace: oci-cloud-controller-manager EOF ``` -### Install the cluster +## Install the cluster ```bash ansible-playbook mtulio.okd_installer.create_all \ @@ -97,7 +97,33 @@ ansible-playbook mtulio.okd_installer.create_all \ -e @$VARS_FILE ``` -### Destroy the cluster +### Approve certificates + +```bash +oc get csr \ + -o go-template='{{range .items}}{{if not .status}}{{.metadata.name}}{{"\n"}}{{end}}{{end}}' \ + | xargs oc adm certificate approve +``` + +## Testing + +Setup the test environment (internal registry, labeling and taint worker node, etc): + +```bash +ansible-playbook opct-runner/opct-run-tool-preflight.yaml -e @$VARS_FILE +``` + +Run the tests: + +> TMP note: remove the `-serial` + +```bash +~/opct/bin/opct-devel run -w --plugins-image openshift-tests-provider-cert:devel-serial &&\ + ~/opct/bin/opct-devel retrieve &&\ + ~/opct/bin/opct-devel report *.tar.gz --save-to /tmp/results --server-skip +``` + +## Destroy the cluster ```bash ansible-playbook mtulio.okd_installer.destroy_cluster -e @$VARS_FILE diff --git a/docs/modules/play-destroy_cluster.sh b/docs/modules/play-destroy_cluster.sh index bfb6134..b33373a 100644 --- a/docs/modules/play-destroy_cluster.sh +++ b/docs/modules/play-destroy_cluster.sh @@ -1,3 +1 @@ -ansible-playbook mtulio.okd_installer.destroy_cluster \ - -e provider=${CONFIG_PROVIDER} \ - -e cluster_name=${CONFIG_CLUSTER_NAME} \ No newline at end of file +ansible-playbook mtulio.okd_installer.destroy_cluster -e @$VARS_FILE \ No newline at end of file diff --git a/docs/modules/pre-cfg-varfile.sh b/docs/modules/pre-cfg-varfile.sh index 83cebb7..dfd8bc9 100644 --- a/docs/modules/pre-cfg-varfile.sh +++ b/docs/modules/pre-cfg-varfile.sh @@ -1,6 +1,7 @@ # okd-installer config cat < ${VARS_FILE} -provider: ${PROVIDER} +provider: ${CONFIG_PROVIDER} +config_platform: ${CONFIG_PLATFORM} cluster_name: ${CLUSTER_NAME} config_cluster_region: ${CLUSTER_REGION} diff --git a/playbooks/vars/aws/profiles/HighlyAvailable/node-bootstrap.yaml b/playbooks/vars/aws/profiles/HighlyAvailable/node-bootstrap.yaml index 966bcb9..f4c72f8 100644 --- a/playbooks/vars/aws/profiles/HighlyAvailable/node-bootstrap.yaml +++ b/playbooks/vars/aws/profiles/HighlyAvailable/node-bootstrap.yaml @@ -6,7 +6,7 @@ openshift_instance_type: "{{ controlplane_instance | d('m6i.xlarge') }}" openshift_instance_profile: "{{ cluster_state.compute.iam_profile_bootstrap }}" # TODO: fix image lookup for agnostic installations #openshift_image_id: "{{ cluster_state.compute.image_id }}" -openshift_image_id: "ami-0722eb0819717090f" +openshift_image_id: "{{ custom_image_id | d('ami-0a4a3456fc86deabc') }}" openshift_subnet_name: "{{ openshift_prefix }}-net-public-1a" openshift_security_groups: - "{{ openshift_prefix }}-bootstrap-sg" diff --git a/playbooks/vars/aws/profiles/HighlyAvailable/node-compute.yaml b/playbooks/vars/aws/profiles/HighlyAvailable/node-compute.yaml index d510475..80a814f 100644 --- a/playbooks/vars/aws/profiles/HighlyAvailable/node-compute.yaml +++ b/playbooks/vars/aws/profiles/HighlyAvailable/node-compute.yaml @@ -5,7 +5,7 @@ openshift_instance_type: "{{ compute_instance | d('m6i.xlarge') }}" openshift_instance_profile: "{{ cluster_state.compute.iam_profile_compute }}" # TODO: fix image lookup for agnostic installations #openshift_image_id: "{{ cluster_state.compute.image_id }}" -openshift_image_id: "ami-0722eb0819717090f" +openshift_image_id: "{{ custom_image_id | d('ami-0a4a3456fc86deabc') }}" openshift_security_groups: - "{{ openshift_prefix }}-compute-sg" openshift_tags: "{{ cluster_state.tags }}" diff --git a/playbooks/vars/aws/profiles/HighlyAvailable/node-controlplane.yaml b/playbooks/vars/aws/profiles/HighlyAvailable/node-controlplane.yaml index e672597..4427db8 100644 --- a/playbooks/vars/aws/profiles/HighlyAvailable/node-controlplane.yaml +++ b/playbooks/vars/aws/profiles/HighlyAvailable/node-controlplane.yaml @@ -4,7 +4,7 @@ openshift_instance_type: "{{ controlplane_instance | d('m6i.xlarge') }}" openshift_instance_profile: "{{ cluster_state.compute.iam_profile_controlplane }}" # TODO: fix image lookup for agnostic installations #openshift_image_id: "{{ custom_image_id |d(cluster_state.compute.image_id) }}" -openshift_image_id: "ami-0722eb0819717090f" +openshift_image_id: "{{ custom_image_id | d('ami-0a4a3456fc86deabc') }}" openshift_security_groups: - "{{ openshift_prefix }}-bootstrap-sg" - "{{ openshift_prefix }}-controlplane-sg" From 459b509f23659a6885ecd3061908457cea6d3933 Mon Sep 17 00:00:00 2001 From: Marco Braga Date: Wed, 18 Oct 2023 18:53:59 -0300 Subject: [PATCH 26/39] describe the steps to provision ARM64 clusters --- .../OCI/installing-quickly-external-arm64.md | 169 ++++++++++++++++++ .../guides/OCI/installing-quickly-external.md | 84 +++++---- docs/modules/pre-env-distribution-ocp.sh | 2 +- .../vars/oci/profiles/ha/node-bootstrap.yaml | 8 +- .../vars/oci/profiles/ha/node-compute.yaml | 20 +-- .../oci/profiles/ha/node-controlplane.yaml | 65 +++++-- 6 files changed, 285 insertions(+), 63 deletions(-) create mode 100644 docs/guides/OCI/installing-quickly-external-arm64.md diff --git a/docs/guides/OCI/installing-quickly-external-arm64.md b/docs/guides/OCI/installing-quickly-external-arm64.md new file mode 100644 index 0000000..bf0bf00 --- /dev/null +++ b/docs/guides/OCI/installing-quickly-external-arm64.md @@ -0,0 +1,169 @@ +## Install a OCP cluster with ARM64 Arch on Oracle Cloud Infrastructure (OCI) with CCM + +Install an OCP cluster in OCI with Platform External as an option and OCI Cloud Controler Manager. + +## Prerequisites + +- okd-installer Collection with [OCI dependencies installed](./oci-prerequisites.md): +- Compartments used to launch the cluster created and exported to variable `${OCI_COMPARTMENT_ID}` +- DNS Zone place the DNS zone and exported to variable `${OCI_COMPARTMENT_ID_DNS}` +- Compartment used to store the RHCOS image exported to variable `${OCI_COMPARTMENT_ID_IMAGE}` + +Example: + +```bash +cat < ~/.oci/env +# Compartment that the cluster will be installed +OCI_COMPARTMENT_ID="" + +# Compartment that the DNS Zone is created (based domain) +OCI_COMPARTMENT_ID_DNS="" + +# Compartment that the OS Image will be created +OCI_COMPARTMENT_ID_IMAGE="" +EOF +source ~/.oci/env +``` + +## Setup with Platform External type and CCM + +Create the vars file for okd-installer collection: + +```bash +# MCO patch without revendor (w/o disabling FG) +CLUSTER_NAME=oci-e414rc2arm1usash1 +VARS_FILE=./vars-oci-ha_${CLUSTER_NAME}.yaml + +cat < ${VARS_FILE} +provider: oci +cluster_name: ${CLUSTER_NAME} +config_cluster_region: us-ashburn-1 + +cluster_profile: ha +destroy_bootstrap: no + +#config_base_domain: splat-oci.devcluster.openshift.com +config_base_domain: us-ashburn-1.splat-oci.devcluster.openshift.com + +config_ssh_key: "$(cat ~/.ssh/openshift-dev.pub)" +config_pull_secret_file: "${HOME}/.openshift/pull-secret-latest.json" + +config_cluster_version: 4.14.0-rc.2 +version: 4.14.0-rc.2 + +config_platform: external +config_platform_spec: '{"platformName":"oci"}' + +oci_ccm_namespace: oci-cloud-controller-manager +oci_compartment_id: ${OCI_COMPARTMENT_ID} +oci_compartment_id_dns: ${OCI_COMPARTMENT_ID_DNS} +oci_compartment_id_image: ${OCI_COMPARTMENT_ID_IMAGE} + +# Available manifest paches (runs after 'create manifest' stage) +config_patches: +- rm-capi-machines +- mc_varlibetcd +- mc-kubelet-providerid +- deploy-oci-ccm +#- deploy-oci-csi + +# MachineConfig to set the Kubelet environment. Will use this script to discover the ProviderID +cfg_patch_kubelet_providerid_script: | + PROVIDERID=\$(curl -H "Authorization: Bearer Oracle" -sL http://169.254.169.254/opc/v2/instance/ | jq -r .id); + +# spread nodes between "AZs" +oci_availability_domains: +- gzqB:US-ASHBURN-AD-1 +- gzqB:US-ASHBURN-AD-2 +- gzqB:US-ASHBURN-AD-3 + +oci_fault_domains: +- FAULT-DOMAIN-1 +- FAULT-DOMAIN-2 +- FAULT-DOMAIN-3 + +# OCI config for ARM64 +config_default_architecture: arm64 +compute_shape: "VM.Standard.A1.Flex" +controlplane_shape: "VM.Standard.A1.Flex" +bootstrap_instance: "VM.Standard.A1.Flex" + +# Define the OS Image mirror +os_mirror: yes +os_mirror_from: stream_artifacts +os_mirror_stream: + architecture: aarch64 + artifact: openstack + format: qcow2.gz + +os_mirror_to_provider: oci +os_mirror_to_oci: + compartment_id: ${OCI_COMPARTMENT_ID_IMAGE} + bucket: rhcos-images + image_type: QCOW2 + # not supported yet, must be added for arm64 + # https://oci-ansible-collection.readthedocs.io/en/latest/collections/oracle/oci/oci_compute_image_shape_compatibility_entry_module.html#ansible-collections-oracle-oci-oci-compute-image-shape-compatibility-entry-module + compatibility_shapes: + - name: VM.Standard.A1.Flex + memory_constraints: + min_in_gbs: 4 + max_in_gbs: 128 + ocpu_constraints: + min: 2 + max: 32 +EOF +``` + +## Install the cluster + +```bash +ansible-playbook mtulio.okd_installer.create_all \ + -e cert_max_retries=30 \ + -e cert_wait_interval_sec=60 \ + -e @$VARS_FILE +``` + +### Approve certificates + +Export `KUBECONFIG`: + +```bash +export KUBECONFIG=$HOME/.ansible/okd-installer/clusters/${CLUSTER_NAME}/auth/kubeconfig +``` + +Check and Approve the certificates: +```bash +oc get csr \ + -o go-template='{{range .items}}{{if not .status}}{{.metadata.name}}{{"\n"}}{{end}}{{end}}' \ + | xargs oc adm certificate approve +``` + +Check if the nodes joined to the cluster: + +```bash +oc get nodes +``` + +## Testing + +Setup the test environment (internal registry, labeling and taint worker node, etc): + +```bash +test_node=$(oc get nodes -l node-role.kubernetes.io/worker='' -o jsonpath='{.items[0].metadata.name}') +oc label node $test_node node-role.kubernetes.io/tests="" +oc adm taint node $test_node node-role.kubernetes.io/tests="":NoSchedule +``` + +Run the tests: + +```bash +./opct run -w &&\ + ./opct retrieve &&\ + ./opct report *.tar.gz --save-to /tmp/results --server-skip +``` + +## Destroy the cluster + +```bash +ansible-playbook mtulio.okd_installer.destroy_cluster -e @$VARS_FILE +``` \ No newline at end of file diff --git a/docs/guides/OCI/installing-quickly-external.md b/docs/guides/OCI/installing-quickly-external.md index 9d3b873..bdfa230 100644 --- a/docs/guides/OCI/installing-quickly-external.md +++ b/docs/guides/OCI/installing-quickly-external.md @@ -5,13 +5,11 @@ Install an OCP cluster in OCI with Platform External as an option and OCI Cloud ## Prerequisites - okd-installer Collection with [OCI dependencies installed](./oci-prerequisites.md): -- Compartments used to create the cluster created and exported to variable `${}` -- DNS Zone place the DNS zone and exported to variable `${}` -- Compartment used to store the RHCOS image exported to variable `${}` +- Compartments used to launch the cluster created and exported to variable `${OCI_COMPARTMENT_ID}` +- DNS Zone place the DNS zone and exported to variable `${OCI_COMPARTMENT_ID_DNS}` +- Compartment used to store the RHCOS image exported to variable `${OCI_COMPARTMENT_ID_IMAGE}` -## Setup with Platform External type and CCM - -Create the vars file for okd-installer collection: +Example: ```bash cat < ~/.oci/env @@ -25,9 +23,15 @@ OCI_COMPARTMENT_ID_DNS="" OCI_COMPARTMENT_ID_IMAGE="" EOF source ~/.oci/env +``` +## Setup with Platform External type and CCM + +Create the vars file for okd-installer collection: + +```bash # MCO patch without revendor (w/o disabling FG) -CLUSTER_NAME=oci-e414rc0 +CLUSTER_NAME=oci-e414rc2 VARS_FILE=./vars-oci-ha_${CLUSTER_NAME}.yaml cat < ${VARS_FILE} @@ -43,41 +47,24 @@ cluster_profile: ha destroy_bootstrap: no config_base_domain: splat-oci.devcluster.openshift.com + config_ssh_key: "$(cat ~/.ssh/openshift-dev.pub)" config_pull_secret_file: "${HOME}/.openshift/pull-secret-latest.json" -config_cluster_version: 4.14.0-rc.0 -version: 4.14.0-rc.0 - -# Define the OS Image mirror -os_mirror: yes -os_mirror_from: stream_artifacts -os_mirror_stream: - architecture: x86_64 - artifact: openstack - format: qcow2.gz - -os_mirror_to_provider: oci -os_mirror_to_oci: - compartment_id: ${OCI_COMPARTMENT_ID_IMAGE} - bucket: rhcos-images - image_type: QCOW2 - -EOF - - -# Platform External setup only -cat <> ${VARS_FILE} +config_cluster_version: 4.14.0-rc.2 +version: 4.14.0-rc.2 +# Platform External setup config_platform: external config_platform_spec: '{"platformName":"oci"}' # Available manifest paches (runs after 'create manifest' stage) config_patches: - rm-capi-machines +- mc_varlibetcd - mc-kubelet-providerid - deploy-oci-ccm -- deploy-oci-csi +#- deploy-oci-csi # MachineConfig to set the Kubelet environment. Will use this script to discover the ProviderID cfg_patch_kubelet_providerid_script: | @@ -85,9 +72,33 @@ cfg_patch_kubelet_providerid_script: | oci_ccm_namespace: oci-cloud-controller-manager +# Define the OS Image mirror +os_mirror: yes +os_mirror_from: stream_artifacts +os_mirror_stream: + architecture: x86_64 + artifact: openstack + format: qcow2.gz + +os_mirror_to_provider: oci +os_mirror_to_oci: + compartment_id: ${OCI_COMPARTMENT_ID_IMAGE} + bucket: rhcos-images + image_type: QCOW2 + +# Experimental: increase the boot volume performance +# controlplane_source_details: +# source_type: image +# boot_volume_size_in_gbs: 1200 +# boot_volume_vpus_per_gb: 120 + +# Mount control plane as a second volume +# cfg_patch_mc_varlibetcd: +# device_path: /dev/sdb EOF ``` + ## Install the cluster ```bash @@ -99,12 +110,25 @@ ansible-playbook mtulio.okd_installer.create_all \ ### Approve certificates +Export `KUBECONFIG`: + +```bash +export KUBECONFIG=$HOME/.ansible/okd-installer/clusters/${CLUSTER_NAME}/auth/kubeconfig +``` + +Check and Approve the certificates: ```bash oc get csr \ -o go-template='{{range .items}}{{if not .status}}{{.metadata.name}}{{"\n"}}{{end}}{{end}}' \ | xargs oc adm certificate approve ``` +Check if the nodes joined to the cluster: + +```bash +oc get nodes +``` + ## Testing Setup the test environment (internal registry, labeling and taint worker node, etc): diff --git a/docs/modules/pre-env-distribution-ocp.sh b/docs/modules/pre-env-distribution-ocp.sh index 9303929..0f3289b 100644 --- a/docs/modules/pre-env-distribution-ocp.sh +++ b/docs/modules/pre-env-distribution-ocp.sh @@ -1,5 +1,5 @@ DISTRIBUTION="ocp" RELEASE_REPO="quay.io/openshift-release-dev/ocp-release" -VERSION="4.14.0-rc.0" +VERSION="4.14.0-rc.2" RELEASE_VERSION="${VERSION}-x86_64" PULL_SECRET_FILE="${HOME}/.openshift/pull-secret-latest.json" \ No newline at end of file diff --git a/playbooks/vars/oci/profiles/ha/node-bootstrap.yaml b/playbooks/vars/oci/profiles/ha/node-bootstrap.yaml index 2841235..df7ba28 100644 --- a/playbooks/vars/oci/profiles/ha/node-bootstrap.yaml +++ b/playbooks/vars/oci/profiles/ha/node-bootstrap.yaml @@ -5,7 +5,7 @@ _cluster_prefix: "{{ cluster_state.infra_id }}" bootstrap_bucket: "{{ _cluster_prefix }}-infra" # Vars used on Machine/Compute Stack -_instance_type: "{{ bootstrap_instance | d('m6i.xlarge') }}" +_instance_type: "{{ bootstrap_instance | d('VM.Standard.E4.Flex') }}" _instance_profile: "{{ cluster_state.compute.iam_profile_bootstrap }}" # _image_id: "{{ custom_image_id | d(cluster_state.compute.image_id) }}" _image_id: "{{ custom_image_id }}" @@ -16,6 +16,8 @@ _machine_suffix: '' ## User Data template userdata_config_source: "{{ bootstrap_bucket_signed_url }}" +default_availability_domain: "gzqB:US-ASHBURN-AD-1" + ## Common vars used in the Stack vars # _common: # prefix: "{{ _cluster_prefix }}-bootstrap" @@ -72,10 +74,10 @@ compute_resources: region: "{{ config_cluster_region }}" #freeform_tags: {'Department': 'Finance'} #defined_tags: {'Operations': {'CostCenter': 'US'}} - availability_domain: "gzqB:US-SANJOSE-1-AD-1" + availability_domain: "{{ default_availability_domain }}" # platform_config: # type: AMD_VM - shape: "VM.Standard.E4.Flex" + shape: "{{ _instance_type }}" shape_config: ocpus: 4 memory_in_gbs: 16 diff --git a/playbooks/vars/oci/profiles/ha/node-compute.yaml b/playbooks/vars/oci/profiles/ha/node-compute.yaml index 5a4ddc1..6087ab1 100644 --- a/playbooks/vars/oci/profiles/ha/node-compute.yaml +++ b/playbooks/vars/oci/profiles/ha/node-compute.yaml @@ -10,10 +10,10 @@ _shape_config_default: # Uncomment if you want to run the nodes in the same FD #node_compute_single_fault_domain: FAULT-DOMAIN-1 -_compute_fault_domains: # it will be used by index: worker-1 uses index 0... - - FAULT-DOMAIN-1 - - FAULT-DOMAIN-2 - - FAULT-DOMAIN-3 +default_availability_domain: "gzqB:US-ASHBURN-AD-1" +default_fault_domain: FAULT-DOMAIN-1 +_compute_availability_domain: "{{ oci_availability_domains }}" +_compute_fault_domains: "{{ oci_fault_domains }}" _shape: "{{ compute_shape | d('VM.Standard.E4.Flex') }}" _shape_config: "{{ compute_shape_config | d(_shape_config_default) }}" @@ -54,8 +54,8 @@ compute_resources: region: "{{ config_cluster_region }}" #freeform_tags: {'Department': 'Finance'} #defined_tags: {'Operations': {'CostCenter': 'US'}} - availability_domain: "gzqB:US-SANJOSE-1-AD-1" - fault_domain: "{{ _compute_fault_domains[0] | d('FAULT-DOMAIN-1') }}" + availability_domain: "{{ _compute_availability_domain[0] | d(default_availability_domain) }}" + fault_domain: "{{ _compute_fault_domains[0] | d(default_fault_domain) }}" # platform_config: # type: AMD_VM @@ -105,8 +105,8 @@ compute_resources: region: "{{ config_cluster_region }}" #freeform_tags: {'Department': 'Finance'} #defined_tags: {'Operations': {'CostCenter': 'US'}} - availability_domain: "gzqB:US-SANJOSE-1-AD-1" - fault_domain: "{{ _compute_fault_domains[1] | d('FAULT-DOMAIN-2') }}" + availability_domain: "{{ _compute_availability_domain[1] | d(default_availability_domain) }}" + fault_domain: "{{ _compute_fault_domains[1] | d(default_fault_domain) }}" # platform_config: # type: AMD_VM @@ -156,8 +156,8 @@ compute_resources: region: "{{ config_cluster_region }}" #freeform_tags: {'Department': 'Finance'} #defined_tags: {'Operations': {'CostCenter': 'US'}} - availability_domain: "gzqB:US-SANJOSE-1-AD-1" - fault_domain: "{{ _compute_fault_domains[2] | d('FAULT-DOMAIN-3') }}" + availability_domain: "{{ _compute_availability_domain[2] | d(default_availability_domain) }}" + fault_domain: "{{ _compute_fault_domains[2] | d(default_fault_domain) }}" # platform_config: # type: AMD_VM diff --git a/playbooks/vars/oci/profiles/ha/node-controlplane.yaml b/playbooks/vars/oci/profiles/ha/node-controlplane.yaml index c9668bd..afbe836 100644 --- a/playbooks/vars/oci/profiles/ha/node-controlplane.yaml +++ b/playbooks/vars/oci/profiles/ha/node-controlplane.yaml @@ -4,9 +4,9 @@ # Defaults used in thie file node_controlplane_userdata_path: "{{ config_install_dir }}/master.ign" -_platform_config: - type: AMD_VM -_shape: "VM.Standard.E4.Flex" +# _platform_config: +# type: AMD_VM +_shape: "{{ controlplane_shape | d('VM.Standard.E4.Flex') }}" _shape_config: ocpus: 4 memory_in_gbs: 16 @@ -15,20 +15,20 @@ _shape_config: # Uncomment if you want to run the nodes in the same FD #node_controlplane_single_fault_domain: "FAULT-DOMAIN-1" -_controlplane_fault_domains: # it will be used by index: worker-1 uses index 0... - - FAULT-DOMAIN-1 - - FAULT-DOMAIN-2 - - FAULT-DOMAIN-3 +default_availability_domain: "gzqB:US-ASHBURN-AD-1" +default_fault_domain: FAULT-DOMAIN-1 +_controlplane_availability_domain: "{{ oci_availability_domains }}" +_controlplane_fault_domains: "{{ oci_fault_domains }}" _agent_config: are_all_plugins_disabled: true _source_details: source_type: image - boot_volume_size_in_gbs: 120 # VPU/GB # https://docs.oracle.com/en-us/iaas/Content/Block/Concepts/blockvolumeperformance.htm - boot_volume_vpus_per_gb: 90 + boot_volume_size_in_gbs: 512 + boot_volume_vpus_per_gb: 60 # Callbacks used to register the instances _callbacks: @@ -67,14 +67,14 @@ compute_resources: region: "{{ config_cluster_region }}" #freeform_tags: {'Department': 'Finance'} #defined_tags: {'Operations': {'CostCenter': 'US'}} - availability_domain: "gzqB:US-SANJOSE-1-AD-1" - fault_domain: "{{ _controlplane_fault_domains[0] | d('FAULT-DOMAIN-1') }}" + availability_domain: "{{ _controlplane_availability_domain[0] | d(default_availability_domain) }}" + fault_domain: "{{ _controlplane_fault_domains[0] | d(default_fault_domain) }}" # platform_config: "{{ _platform_config }}" shape: "{{ _shape }}" shape_config: "{{ _shape_config }}" agent_config: "{{ _agent_config }}" - source_details: "{{ _source_details }}" + source_details: "{{ controlplane_source_details | d(_source_details) }}" create_vnic_details: display_name: "{{ cluster_state.infra_id }}-master-01-vnic0" @@ -84,10 +84,37 @@ compute_resources: metadata: user_data: "{{ lookup('file', node_controlplane_userdata_path) | b64encode }}" + # Extra volumes + # https://oci-ansible-collection.readthedocs.io/en/latest/collections/oracle/oci/oci_blockstorage_volume_module.html#ansible-collections-oracle-oci-oci-blockstorage-volume-module + # oracle.oci.oci_compute_volume_attachment + # volume_attachment_spec: + # device: /dev/sdb + # display_name: master-01-etcd-attc + # #instance_id + # is_read_only: no + # is_shareable: no + # type: service_determined + # #volume_id + # # oracle.oci.oci_blockstorage_volume + # blockstorage_volume_spec: + # # required + # #compartment_id: "ocid1.compartment.oc1..xxxxxxEXAMPLExxxxxx" + # # optional + # availability_domain: "{{ _controlplane_fault_domains[0] | d('FAULT-DOMAIN-1') }}" + # # source_details: + # # # required + # # type: blockVolumeReplica + # # id: "ocid1.resource.oc1..xxxxxxEXAMPLExxxxxx" + # display_name: master-01-etcd + # vpus_per_gb: 60 + # size_in_gbs: 60 + # is_auto_tune_enabled: true + + + ## attachments https://oci-ansible-collection.readthedocs.io/en/latest/collections/oracle/oci/oci_compute_volume_attachment_module.html#ansible-collections-oracle-oci-oci-compute-volume-attachment-module # Register the instance using callbacks callbacks: "{{ _callbacks }}" - # # Node role: controlplane # Node: master-02 @@ -113,14 +140,14 @@ compute_resources: region: "{{ config_cluster_region }}" #freeform_tags: {'Department': 'Finance'} #defined_tags: {'Operations': {'CostCenter': 'US'}} - availability_domain: "gzqB:US-SANJOSE-1-AD-1" - fault_domain: "{{ _controlplane_fault_domains[1] | d('FAULT-DOMAIN-2') }}" + availability_domain: "{{ _controlplane_availability_domain[1] | d(default_availability_domain) }}" + fault_domain: "{{ _controlplane_fault_domains[1] | d(default_fault_domain) }}" # platform_config: "{{ _platform_config }}" shape: "{{ _shape }}" shape_config: "{{ _shape_config }}" agent_config: "{{ _agent_config }}" - source_details: "{{ _source_details }}" + source_details: "{{ controlplane_source_details | d(_source_details) }}" create_vnic_details: display_name: "{{ cluster_state.infra_id }}-master-02-vnic0" @@ -158,14 +185,14 @@ compute_resources: region: "{{ config_cluster_region }}" #freeform_tags: {'Department': 'Finance'} #defined_tags: {'Operations': {'CostCenter': 'US'}} - availability_domain: "gzqB:US-SANJOSE-1-AD-1" - fault_domain: "{{ _controlplane_fault_domains[2] | d('FAULT-DOMAIN-3') }}" + availability_domain: "{{ _controlplane_availability_domain[2] | d(default_availability_domain) }}" + fault_domain: "{{ _controlplane_fault_domains[2] | d(default_fault_domain) }}" # platform_config: "{{ _platform_config }}" shape: "{{ _shape }}" shape_config: "{{ _shape_config }}" agent_config: "{{ _agent_config }}" - source_details: "{{ _source_details }}" + source_details: "{{ controlplane_source_details | d(_source_details) }}" create_vnic_details: display_name: "{{ cluster_state.infra_id }}-master-03-vnic0" From 0202c40d425de4391363747101d3ba013cb93763 Mon Sep 17 00:00:00 2001 From: Marco Braga Date: Sat, 21 Oct 2023 14:12:17 -0300 Subject: [PATCH 27/39] update instructions to deploy arm --- .../AWS/installing-quickly-agnostic-arm.md | 88 +++++++++++++++++++ .../OCI/installing-customization-infra.md | 2 +- .../guides/OCI/installing-quickly-agnostic.md | 22 +++-- .../guides/OCI/installing-quickly-external.md | 19 +++- .../vars/oci/profiles/ha/node-compute.yaml | 4 +- .../oci/profiles/ha/node-controlplane.yaml | 4 +- 6 files changed, 125 insertions(+), 14 deletions(-) create mode 100644 docs/guides/AWS/installing-quickly-agnostic-arm.md diff --git a/docs/guides/AWS/installing-quickly-agnostic-arm.md b/docs/guides/AWS/installing-quickly-agnostic-arm.md new file mode 100644 index 0000000..fd2d628 --- /dev/null +++ b/docs/guides/AWS/installing-quickly-agnostic-arm.md @@ -0,0 +1,88 @@ +# Installing a cluster quickly on OCI with platform agnostic (None) + +The steps below describes how to validate the OpenShift cluster installed +in an agnostic installation using standard topology. + +## Prerequisites + +--8<-- "docs/modules/pre-env-creds-aws.md" + +## Setup + +--8<-- "docs/modules/pre-env-distributions.md" + +### Export the emvironment variables for cloud provider + +--8<-- "docs/modules/pre-env-aws-none.md" +--8<-- "docs/modules/pre-env-cfg.md" + +### Create the okd-installer var file + +--8<-- "docs/modules/pre-cfg-varfile.md" + +- Discovery the AMI: + +```bash +DISTRIBUTION="ocp" +RELEASE_REPO="quay.io/openshift-release-dev/ocp-release" +VERSION="4.14.0-rc.6" +#RELEASE_VERSION="${VERSION}-x86_64" +PULL_SECRET_FILE="${HOME}/.openshift/pull-secret-latest.json" + +# Provider Information +export CONFIG_PROVIDER=aws +export CONFIG_PLATFORM=none + +# Cluster Install Configuration +CLUSTER_NAME="aws-n412rc6a0" +CLUSTER_REGION=us-east-1 +CLUSTER_DOMAIN="devcluster.openshift.com" +VARS_FILE=./vars_${DISTRIBUTION}-${CLUSTER_NAME}.yaml + +# okd-installer config +cat < ${VARS_FILE} +provider: ${CONFIG_PROVIDER} +config_platform: ${CONFIG_PLATFORM} +cluster_name: ${CLUSTER_NAME} +config_cluster_region: ${CLUSTER_REGION} + +config_cluster_version: ${VERSION} +version: ${VERSION} + +config_default_architecture: arm64 +controlplane_instance: m6g.xlarge +compute_instance: m6g.xlarge + +cluster_profile: ha +destroy_bootstrap: no + +config_base_domain: ${CLUSTER_DOMAIN} +config_ssh_key: "$(cat ~/.ssh/openshift-dev.pub)" +config_pull_secret_file: "${PULL_SECRET_FILE}" +EOF + +# Install the clients (installer) and extract the image ID from stream information. +ansible-playbook mtulio.okd_installer.install_clients -e @$VARS_FILE + +IMAGE_ID=$(~/.ansible/okd-installer/bin/openshift-install-linux-${VERSION} coreos print-stream-json | jq -r ".architectures[\"aarch64\"].images.aws.regions[\"$CLUSTER_REGION\"].image") + +cat <> ${VARS_FILE} +custom_image_id: ${IMAGE_ID} +EOF + +# create the cluster +ansible-playbook mtulio.okd_installer.create_all \ + -e cert_max_retries=30 \ + -e cert_wait_interval_sec=60 \ + -e @$VARS_FILE +``` + +## Install + +--8<-- "docs/modules/play-create_all.md" + +--8<-- "docs/modules/play-approve_certs.md" + +## Destroy + +--8<-- "docs/modules/play-destroy_cluster.md" \ No newline at end of file diff --git a/docs/guides/OCI/installing-customization-infra.md b/docs/guides/OCI/installing-customization-infra.md index 6787c2f..3dc60b9 100644 --- a/docs/guides/OCI/installing-customization-infra.md +++ b/docs/guides/OCI/installing-customization-infra.md @@ -1,3 +1,3 @@ > TODO -- Describe how to customize infra deployment changing default vars +- Describe how to customize infra deployment changing default vars (inherit from AWS) diff --git a/docs/guides/OCI/installing-quickly-agnostic.md b/docs/guides/OCI/installing-quickly-agnostic.md index 500c54c..5625cc2 100644 --- a/docs/guides/OCI/installing-quickly-agnostic.md +++ b/docs/guides/OCI/installing-quickly-agnostic.md @@ -54,13 +54,15 @@ OCP_RELEASE_413="quay.io/mrbraga/ocp-release:4.13.0-rc.0-x86_64_platexternal-kcm EOF source ~/.openshift/env -CLUSTER_NAME=oci-e414rc0 +CLUSTER_NAME=oci-e414rc6ad3 VARS_FILE=./vars-oci-ha_${CLUSTER_NAME}.yaml cat < ${VARS_FILE} provider: oci cluster_name: ${CLUSTER_NAME} -config_cluster_region: us-sanjose-1 + +config_cluster_region: us-ashburn-1 +config_base_domain: us-ashburn-1.splat-oci.devcluster.openshift.com #TODO: create compartment validations #TODO: allow create compartment from a parent @@ -71,12 +73,11 @@ oci_compartment_id_image: ${OCI_COMPARTMENT_ID_IMAGE} cluster_profile: ha destroy_bootstrap: no -config_base_domain: splat-oci.devcluster.openshift.com config_ssh_key: "$(cat ~/.ssh/id_rsa.pub;cat ~/.ssh/openshift-dev.pub)" config_pull_secret_file: "${HOME}/.openshift/pull-secret-latest.json" -config_cluster_version: 4.14.0-rc.0 -version: 4.14.0-rc.0 +config_cluster_version: 4.14.0-rc.6 +version: 4.14.0-rc.6 # config_installer_environment: # OPENSHIFT_INSTALL_RELEASE_IMAGE_OVERRIDE: "quay.io/mrbraga/ocp-release:4.14.0-rc.0-x86_64_platexternal-kcmo-mco-3cmo" @@ -122,6 +123,17 @@ oci_ccm_version: v1.25.0 #compute_shape: "BM.Standard.E2.64" #compute_shape_config: {} +# spread nodes between "AZs" +oci_availability_domains: +- gzqB:US-ASHBURN-AD-1 +- gzqB:US-ASHBURN-AD-2 +- gzqB:US-ASHBURN-AD-3 + +oci_fault_domains: +- FAULT-DOMAIN-1 +- FAULT-DOMAIN-2 +- FAULT-DOMAIN-3 + EOF ``` diff --git a/docs/guides/OCI/installing-quickly-external.md b/docs/guides/OCI/installing-quickly-external.md index bdfa230..f37ea16 100644 --- a/docs/guides/OCI/installing-quickly-external.md +++ b/docs/guides/OCI/installing-quickly-external.md @@ -31,13 +31,15 @@ Create the vars file for okd-installer collection: ```bash # MCO patch without revendor (w/o disabling FG) -CLUSTER_NAME=oci-e414rc2 +CLUSTER_NAME=oci-e414rc2ad3v1 VARS_FILE=./vars-oci-ha_${CLUSTER_NAME}.yaml cat < ${VARS_FILE} provider: oci cluster_name: ${CLUSTER_NAME} -config_cluster_region: us-sanjose-1 + +config_cluster_region: us-ashburn-1 +config_base_domain: us-ashburn-1.splat-oci.devcluster.openshift.com oci_compartment_id: ${OCI_COMPARTMENT_ID} oci_compartment_id_dns: ${OCI_COMPARTMENT_ID_DNS} @@ -46,8 +48,6 @@ oci_compartment_id_image: ${OCI_COMPARTMENT_ID_IMAGE} cluster_profile: ha destroy_bootstrap: no -config_base_domain: splat-oci.devcluster.openshift.com - config_ssh_key: "$(cat ~/.ssh/openshift-dev.pub)" config_pull_secret_file: "${HOME}/.openshift/pull-secret-latest.json" @@ -95,6 +95,17 @@ os_mirror_to_oci: # Mount control plane as a second volume # cfg_patch_mc_varlibetcd: # device_path: /dev/sdb + +# spread nodes between "AZs" +oci_availability_domains: +- gzqB:US-ASHBURN-AD-1 +- gzqB:US-ASHBURN-AD-2 +- gzqB:US-ASHBURN-AD-3 + +oci_fault_domains: +- FAULT-DOMAIN-1 +- FAULT-DOMAIN-2 +- FAULT-DOMAIN-3 EOF ``` diff --git a/playbooks/vars/oci/profiles/ha/node-compute.yaml b/playbooks/vars/oci/profiles/ha/node-compute.yaml index 6087ab1..c0e4d09 100644 --- a/playbooks/vars/oci/profiles/ha/node-compute.yaml +++ b/playbooks/vars/oci/profiles/ha/node-compute.yaml @@ -12,8 +12,8 @@ _shape_config_default: #node_compute_single_fault_domain: FAULT-DOMAIN-1 default_availability_domain: "gzqB:US-ASHBURN-AD-1" default_fault_domain: FAULT-DOMAIN-1 -_compute_availability_domain: "{{ oci_availability_domains }}" -_compute_fault_domains: "{{ oci_fault_domains }}" +_compute_availability_domain: "{{ oci_availability_domains | d([default_availability_domain]) }}" +_compute_fault_domains: "{{ oci_fault_domains | d([default_fault_domain]) }}" _shape: "{{ compute_shape | d('VM.Standard.E4.Flex') }}" _shape_config: "{{ compute_shape_config | d(_shape_config_default) }}" diff --git a/playbooks/vars/oci/profiles/ha/node-controlplane.yaml b/playbooks/vars/oci/profiles/ha/node-controlplane.yaml index afbe836..8fe6a68 100644 --- a/playbooks/vars/oci/profiles/ha/node-controlplane.yaml +++ b/playbooks/vars/oci/profiles/ha/node-controlplane.yaml @@ -17,8 +17,8 @@ _shape_config: #node_controlplane_single_fault_domain: "FAULT-DOMAIN-1" default_availability_domain: "gzqB:US-ASHBURN-AD-1" default_fault_domain: FAULT-DOMAIN-1 -_controlplane_availability_domain: "{{ oci_availability_domains }}" -_controlplane_fault_domains: "{{ oci_fault_domains }}" +_controlplane_availability_domain: "{{ oci_availability_domains | d([default_availability_domain]) }}" +_controlplane_fault_domains: "{{ oci_fault_domains | d([default_fault_domain]) }}" _agent_config: are_all_plugins_disabled: true From 47f3db4ce3b600462ff63a17bebb441d79f7394f Mon Sep 17 00:00:00 2001 From: Marco Braga Date: Mon, 23 Oct 2023 12:12:14 -0300 Subject: [PATCH 28/39] enable doc preview job --- .github/workflows/site-preview.yaml | 110 ++++++++++++++-------------- 1 file changed, 55 insertions(+), 55 deletions(-) diff --git a/.github/workflows/site-preview.yaml b/.github/workflows/site-preview.yaml index 25d5cd2..773ce45 100644 --- a/.github/workflows/site-preview.yaml +++ b/.github/workflows/site-preview.yaml @@ -15,70 +15,70 @@ jobs: steps: - uses: actions/checkout@v2 - # - name: Set job vars - # id: vars - # run: | - # echo "cache-key-npm=npm-vercel-${VERCEL_VERSION}" >> $GITHUB_OUTPUT - # echo "cache-dir-npm=${HOME}/.npm" >> $GITHUB_OUTPUT + - name: Set job vars + id: vars + run: | + echo "cache-key-npm=npm-vercel-${VERCEL_VERSION}" >> $GITHUB_OUTPUT + echo "cache-dir-npm=${HOME}/.npm" >> $GITHUB_OUTPUT - # - name: Set npm cache - # uses: actions/cache@v3 - # with: - # path: ${{ steps.vars.outputs.cache-dir-npm }} - # key: ${{ steps.vars.outputs.cache-key-npm }} + - name: Set npm cache + uses: actions/cache@v3 + with: + path: ${{ steps.vars.outputs.cache-dir-npm }} + key: ${{ steps.vars.outputs.cache-key-npm }} + + - name: Install Vercel CLI + run: npm install --global vercel@${VERCEL_VERSION} - # - name: Install Vercel CLI - # run: npm install --global vercel@${VERCEL_VERSION} + - name: Pull Vercel Environment Information + run: vercel pull --yes --environment=preview --token=${{ secrets.VERCEL_TOKEN }} - # - name: Pull Vercel Environment Information - # run: vercel pull --yes --environment=preview --token=${{ secrets.VERCEL_TOKEN }} + - name: Build Project Artifacts + run: vercel build --token=${{ secrets.VERCEL_TOKEN }} - # - name: Build Project Artifacts - # run: vercel build --token=${{ secrets.VERCEL_TOKEN }} + - name: Deploy Project Artifacts to Vercel + id: verceldeploy + run: | + export PREVIEW_URL=$(vercel deploy --prebuilt --token=${{ secrets.VERCEL_TOKEN }} | tee out.log) + export PREVIEW_URL=$(grep ^Preview out.log | awk '{print$2}') + echo "Discovered Preview URL: ${PREVIEW_URL}" + echo "url=$PREVIEW_URL" >> $GITHUB_OUTPUT - # - name: Deploy Project Artifacts to Vercel - # id: verceldeploy - # run: | - # export PREVIEW_URL=$(vercel deploy --prebuilt --token=${{ secrets.VERCEL_TOKEN }} | tee out.log - # export PREVIEW_URL=$(grep ^Preview out.log | awk '{print$2}') - # echo "Discovered Preview URL: ${PREVIEW_URL}" - # echo "url=$PREVIEW_URL" >> $GITHUB_OUTPUT + # - name: Update PR with test results + # uses: edumserrano/find-create-or-update-comment@v1 + # with: + # issue-number: ${{ github.event.pull_request.number }} + # body-includes: '' + # comment-author: 'github-actions[bot]' + # body: | # can be a single value or you can compose text with multi-line values + # + # Preview Documentation published at URL: ${{ steps.verceldeploy.outputs.url }} + # edit-mode: replace - # # - name: Update PR with test results - # # uses: edumserrano/find-create-or-update-comment@v1 - # # with: - # # issue-number: ${{ github.event.pull_request.number }} - # # body-includes: '' - # # comment-author: 'github-actions[bot]' - # # body: | # can be a single value or you can compose text with multi-line values - # # - # # Preview Documentation published at URL: ${{ steps.verceldeploy.outputs.url }} - # # edit-mode: replace + # - name: Find comment + # uses: peter-evans/find-comment@v2 + # id: fbc + # with: + # issue-number: ${{ github.event.pull_request.number }} + # comment-author: 'github-actions[bot]' + # body-includes: Docs published! - # # - name: Find comment - # # uses: peter-evans/find-comment@v2 - # # id: fbc - # # with: - # # issue-number: ${{ github.event.pull_request.number }} - # # comment-author: 'github-actions[bot]' - # # body-includes: Docs published! + - name: Create comment + # if: steps.fbc.outputs.comment-id == '' + uses: peter-evans/create-or-update-comment@v3 + with: + issue-number: ${{ github.event.pull_request.number }} + body: | + Docs published! + - Preview URL: ${{ steps.verceldeploy.outputs.url-dev }} + reactions: rocket - # - name: Create comment - # # if: steps.fbc.outputs.comment-id == '' + # - name: Update comment + # if: steps.fbc.outputs.comment-id != '' # uses: peter-evans/create-or-update-comment@v3 # with: - # issue-number: ${{ github.event.pull_request.number }} + # comment-id: ${{ steps.fbc.outputs.comment-id }} # body: | # Docs published! - # - Preview URL: ${{ steps.verceldeploy.outputs.url-dev }} - # reactions: rocket - - # # - name: Update comment - # # if: steps.fbc.outputs.comment-id != '' - # # uses: peter-evans/create-or-update-comment@v3 - # # with: - # # comment-id: ${{ steps.fbc.outputs.comment-id }} - # # body: | - # # Docs published! - # # - Preview URL: ${{ steps.deploy.outputs.url-dev }} - # # reactions: hooray + # - Preview URL: ${{ steps.deploy.outputs.url-dev }} + # reactions: hooray From bda5bc65ea7d55f6a86943e8a169e4b4c5cd552c Mon Sep 17 00:00:00 2001 From: Marco Braga Date: Mon, 23 Oct 2023 14:29:32 -0300 Subject: [PATCH 29/39] doc/ci: remove unused flow, forcing comment every build --- .github/workflows/main.yml | 42 +++++++-------- .github/workflows/site-preview.yaml | 84 ----------------------------- 2 files changed, 21 insertions(+), 105 deletions(-) delete mode 100644 .github/workflows/site-preview.yaml diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 7de2bef..1f4102d 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -189,16 +189,16 @@ jobs: echo "Discovered Preview URL: ${PREVIEW_URL}" echo "url=$PREVIEW_URL" >> $GITHUB_OUTPUT - # Commenting in PR - - name: Find comment - uses: peter-evans/find-comment@v2 - id: fbc - with: - issue-number: ${{ github.event.pull_request.number }} - comment-author: 'github-actions[bot]' - body-includes: '' + # Commenting in PR the build information (force to always create a comment) + # - name: Find comment + # uses: peter-evans/find-comment@v2 + # id: fbc + # with: + # issue-number: ${{ github.event.pull_request.number }} + # comment-author: 'github-actions[bot]' + # body-includes: '' - name: Create comment - if: steps.fbc.outputs.comment-id == '' + # if: steps.fbc.outputs.comment-id == '' uses: peter-evans/create-or-update-comment@v3 with: issue-number: ${{ github.event.pull_request.number }} @@ -208,18 +208,18 @@ jobs: - Container: ${{ env.IMAGE }}:${{ env.VERSION }} - Docs Preview: ${{ steps.verceldeploy.outputs.url }} reactions: rocket - - name: Update comment - if: steps.fbc.outputs.comment-id != '' - uses: peter-evans/create-or-update-comment@v3 - with: - comment-id: ${{ steps.fbc.outputs.comment-id }} - body: | - - Artifacts built by CI: - - Container: ${{ env.IMAGE }}:${{ env.VERSION }} - - Docs Preview: ${{ steps.verceldeploy.outputs.url }} - reactions: hooray - edit-mode: replace + # - name: Update comment + # if: steps.fbc.outputs.comment-id != '' + # uses: peter-evans/create-or-update-comment@v3 + # with: + # comment-id: ${{ steps.fbc.outputs.comment-id }} + # body: | + # + # Artifacts built by CI: + # - Container: ${{ env.IMAGE }}:${{ env.VERSION }} + # - Docs Preview: ${{ steps.verceldeploy.outputs.url }} + # reactions: hooray + # edit-mode: replace # Build a container image on main branch, publishing the 'latest' to repository. publish-container-latest: diff --git a/.github/workflows/site-preview.yaml b/.github/workflows/site-preview.yaml deleted file mode 100644 index 773ce45..0000000 --- a/.github/workflows/site-preview.yaml +++ /dev/null @@ -1,84 +0,0 @@ - -name: github-pages-preview -on: - push: - branches-ignore: - - main - -jobs: - Deploy-Preview: - runs-on: ubuntu-latest - env: - VERCEL_VERSION: 28.20.0 - VERCEL_ORG_ID: ${{ secrets.VERCEL_ORG_ID }} - VERCEL_PROJECT_ID: ${{ secrets.VERCEL_PROJECT_ID }} - steps: - - uses: actions/checkout@v2 - - - name: Set job vars - id: vars - run: | - echo "cache-key-npm=npm-vercel-${VERCEL_VERSION}" >> $GITHUB_OUTPUT - echo "cache-dir-npm=${HOME}/.npm" >> $GITHUB_OUTPUT - - - name: Set npm cache - uses: actions/cache@v3 - with: - path: ${{ steps.vars.outputs.cache-dir-npm }} - key: ${{ steps.vars.outputs.cache-key-npm }} - - - name: Install Vercel CLI - run: npm install --global vercel@${VERCEL_VERSION} - - - name: Pull Vercel Environment Information - run: vercel pull --yes --environment=preview --token=${{ secrets.VERCEL_TOKEN }} - - - name: Build Project Artifacts - run: vercel build --token=${{ secrets.VERCEL_TOKEN }} - - - name: Deploy Project Artifacts to Vercel - id: verceldeploy - run: | - export PREVIEW_URL=$(vercel deploy --prebuilt --token=${{ secrets.VERCEL_TOKEN }} | tee out.log) - export PREVIEW_URL=$(grep ^Preview out.log | awk '{print$2}') - echo "Discovered Preview URL: ${PREVIEW_URL}" - echo "url=$PREVIEW_URL" >> $GITHUB_OUTPUT - - # - name: Update PR with test results - # uses: edumserrano/find-create-or-update-comment@v1 - # with: - # issue-number: ${{ github.event.pull_request.number }} - # body-includes: '' - # comment-author: 'github-actions[bot]' - # body: | # can be a single value or you can compose text with multi-line values - # - # Preview Documentation published at URL: ${{ steps.verceldeploy.outputs.url }} - # edit-mode: replace - - # - name: Find comment - # uses: peter-evans/find-comment@v2 - # id: fbc - # with: - # issue-number: ${{ github.event.pull_request.number }} - # comment-author: 'github-actions[bot]' - # body-includes: Docs published! - - - name: Create comment - # if: steps.fbc.outputs.comment-id == '' - uses: peter-evans/create-or-update-comment@v3 - with: - issue-number: ${{ github.event.pull_request.number }} - body: | - Docs published! - - Preview URL: ${{ steps.verceldeploy.outputs.url-dev }} - reactions: rocket - - # - name: Update comment - # if: steps.fbc.outputs.comment-id != '' - # uses: peter-evans/create-or-update-comment@v3 - # with: - # comment-id: ${{ steps.fbc.outputs.comment-id }} - # body: | - # Docs published! - # - Preview URL: ${{ steps.deploy.outputs.url-dev }} - # reactions: hooray From a3257b52d4013fbb1e56be9c4287f0d5a9289d77 Mon Sep 17 00:00:00 2001 From: Marco Braga Date: Mon, 23 Oct 2023 14:35:40 -0300 Subject: [PATCH 30/39] renaming prerequisites OCI docs --- docs/guides/OCI/index.md | 2 +- docs/guides/OCI/installing-quickly-external.md | 2 +- docs/guides/OCI/{init.md => prerequisites.md} | 0 mkdocs.yaml | 2 +- 4 files changed, 3 insertions(+), 3 deletions(-) rename docs/guides/OCI/{init.md => prerequisites.md} (100%) diff --git a/docs/guides/OCI/index.md b/docs/guides/OCI/index.md index 8ddf947..3f4e236 100644 --- a/docs/guides/OCI/index.md +++ b/docs/guides/OCI/index.md @@ -7,7 +7,7 @@ Guides for OKD/OCP on Oracle Cloud Infrastructure (OCI): -- [Requirements](./init.md) +- [Prerequisites](./prerequisites.md) - [Installing a cluster quickly on OCI with platform agnostic (None)](./installing-quickly-agnostic.md) - [Installing a cluster quickly on OCI with platform external (External)](./installing-quickly-external.md) - [Installing a cluster on OCI with infrastructure customizations](./installing-customization-infra.md) diff --git a/docs/guides/OCI/installing-quickly-external.md b/docs/guides/OCI/installing-quickly-external.md index f37ea16..080f4ef 100644 --- a/docs/guides/OCI/installing-quickly-external.md +++ b/docs/guides/OCI/installing-quickly-external.md @@ -4,7 +4,7 @@ Install an OCP cluster in OCI with Platform External as an option and OCI Cloud ## Prerequisites -- okd-installer Collection with [OCI dependencies installed](./oci-prerequisites.md): +- okd-installer Collection with [OCI dependencies installed](./prerequisites.md): - Compartments used to launch the cluster created and exported to variable `${OCI_COMPARTMENT_ID}` - DNS Zone place the DNS zone and exported to variable `${OCI_COMPARTMENT_ID_DNS}` - Compartment used to store the RHCOS image exported to variable `${OCI_COMPARTMENT_ID_IMAGE}` diff --git a/docs/guides/OCI/init.md b/docs/guides/OCI/prerequisites.md similarity index 100% rename from docs/guides/OCI/init.md rename to docs/guides/OCI/prerequisites.md diff --git a/mkdocs.yaml b/mkdocs.yaml index 80e84d7..86463e5 100644 --- a/mkdocs.yaml +++ b/mkdocs.yaml @@ -97,7 +97,7 @@ nav: - Installing HA Topology UPI BYO Network: guides/AWS/aws-upi-byo-network.md - Oracle Cloud Infrastructure: - guides/OCI/index.md - - "Requirements": guides/OCI/init.md + - Prerequisites: guides/OCI/prerequisites.md - Installing a cluster quickly on OCI with platform agnostic (None): guides/OCI/installing-quickly-agnostic.md - Installing a cluster quickly on OCI with platform external (External): guides/OCI/installing-quickly-external.md - Installing a cluster on OCI with infrastructure customizations: guides/OCI/installing-customization-infra.md From 13d5ac267faa4d80b19ec00b44e8704220f4e6fa Mon Sep 17 00:00:00 2001 From: Marco Braga Date: Mon, 23 Oct 2023 14:53:49 -0300 Subject: [PATCH 31/39] adding warning/helper message when need to set ansible_python_interpreter --- docs/guides/OCI/prerequisites.md | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/docs/guides/OCI/prerequisites.md b/docs/guides/OCI/prerequisites.md index 32b6d5a..7a60293 100644 --- a/docs/guides/OCI/prerequisites.md +++ b/docs/guides/OCI/prerequisites.md @@ -57,7 +57,7 @@ ansible-galaxy collection install -r collections/ansible_collections/mtulio/okd_ ```bash -$ ansible-galaxy collection list |egrep "(okd_installer|^oracle)" +$ ansible-galaxy collection list |grep -E "(okd_installer|^oracle)" mtulio.okd_installer 0.0.0-latest oracle.oci 4.23.0 ``` @@ -67,7 +67,6 @@ oracle.oci 4.23.0 - See [API Key Authentication](https://docs.oracle.com/en-us/iaas/tools/oci-ansible-collection/4.11.0/guides/authentication.html#api-key-authentication): - See https://docs.oracle.com/en-us/iaas/Content/API/Concepts/apisigningkey.htm#two - Make sure your credentials have been set correctly on the file `~/.oci/config` and you can use the OCI ansible collection: - Get the User ID from the documentation @@ -86,8 +85,13 @@ ansible localhost \ -a user_id=${oci_user_id} ``` -Ansible should return the user attributes, otherwise check your credentials. +!!! warning "Python Virtual Environment" + If you are getting errors like `oci python sdk required for this module`, even it is already installed from previews steps, + and you are using Python Virtual Environment, you must point the `ansible_python_interpreter` to the python interpretar path. + For example: `ansible localhost -m oracle.oci.oci_identity_user_facts -a user_id=${oci_user_id} -e ansible_python_interpreter=$VIRTUAL_ENV/bin/python3` + +Ansible should return the user attributes, otherwise check your credentials. ## Export the Compartment used to deploy the cluster From 1b8e09a6a11db1303393a6424a862e0af6c25a48 Mon Sep 17 00:00:00 2001 From: Marco Braga Date: Mon, 23 Oct 2023 15:05:48 -0300 Subject: [PATCH 32/39] force to expire CI builds in one week --- .github/workflows/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 1f4102d..c8affd3 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -347,7 +347,7 @@ jobs: podman login -u="${QUAY_USER}" -p="${QUAY_PASS}" quay.io echo "> Build container image:" - podman build -t ${IMAGE}:${VERSION} -f hack/Containerfile . + podman build --build-arg=QUAY_EXPIRATION=never -t ${IMAGE}:${VERSION} -f hack/Containerfile . podman tag ${IMAGE}:${VERSION} ${IMAGE}:${VERSION_BUILD} echo "> Publish container image:" From 801300fa9748f0848f2a92eb463d0c4bd71270e3 Mon Sep 17 00:00:00 2001 From: Marco Braga Date: Mon, 23 Oct 2023 15:17:45 -0300 Subject: [PATCH 33/39] setting expiration labels to correct containerfile --- hack/Containerfile | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/hack/Containerfile b/hack/Containerfile index cad93c1..b561050 100644 --- a/hack/Containerfile +++ b/hack/Containerfile @@ -1,7 +1,15 @@ FROM quay.io/centos/centos:stream9 -ENV ANSIBLE_UNSAFE_WRITES=1 +ARG QUAY_EXPIRATION=1w +ARG TARGETARCH=amd64 +ARG TARGETPLATFORM=linux-amd64 +ARG TARGETOS=linux +LABEL quay.expires-after=${QUAY_EXPIRATION} \ + architecture=$TARGETARCH \ + platform=$TARGETPLATFORM \ + os=$TARGETOS +ENV ANSIBLE_UNSAFE_WRITES=1 WORKDIR /opt/okd-installer ENV ANSIBLE_HOME=/opt/okd-installer From b518a1a2a919b96abe71b57ac6261da274bed09e Mon Sep 17 00:00:00 2001 From: Marco Braga Date: Mon, 23 Oct 2023 15:47:38 -0300 Subject: [PATCH 34/39] bump sdk and collection versions --- docs/guides/OCI/prerequisites.md | 15 +++++++++++---- requirements.txt | 2 +- requirements.yml | 2 +- 3 files changed, 13 insertions(+), 6 deletions(-) diff --git a/docs/guides/OCI/prerequisites.md b/docs/guides/OCI/prerequisites.md index 7a60293..6f38290 100644 --- a/docs/guides/OCI/prerequisites.md +++ b/docs/guides/OCI/prerequisites.md @@ -49,17 +49,24 @@ git clone -b feat-added-provider-oci --recursive \ - Install the dependencies: ```bash -pip install -r collections/ansible_collections/mtulio/okd_installer/requirements.txt -ansible-galaxy collection install -r collections/ansible_collections/mtulio/okd_installer/requirements.yml +pip install -Ur collections/ansible_collections/mtulio/okd_installer/requirements.txt +ansible-galaxy collection install --upgrade -r collections/ansible_collections/mtulio/okd_installer/requirements.yml ``` -- Check if the collection is present +- Check if the SDK is installed: + +```bash +$ pip freeze | grep oci +oci==2.112.4 +``` + +- Check if the collection is present: ```bash $ ansible-galaxy collection list |grep -E "(okd_installer|^oracle)" mtulio.okd_installer 0.0.0-latest -oracle.oci 4.23.0 +oracle.oci 4.33.0 ``` ### Setup OCI credentials diff --git a/requirements.txt b/requirements.txt index a3c454e..3710d2b 100644 --- a/requirements.txt +++ b/requirements.txt @@ -13,4 +13,4 @@ botocore kubernetes # provider: Oracle Cloud/OCI -oci==2.103.0 +oci>=2.112.4,<2.113 diff --git a/requirements.yml b/requirements.yml index 42d0988..b6b64d4 100644 --- a/requirements.yml +++ b/requirements.yml @@ -19,4 +19,4 @@ collections: # Oracle Cloud Infrastructure Ansible Collections # https://docs.oracle.com/en-us/iaas/tools/oci-ansible-collection/4.11.0/installation/index.html - name: oracle.oci - version: '>=4.23.0,<4.24.0' \ No newline at end of file + version: '>=4.33.0,<4.34.0' \ No newline at end of file From 6934b99e641f14168657d63dbc3ed6f2e7e244b1 Mon Sep 17 00:00:00 2001 From: Marco Braga Date: Mon, 23 Oct 2023 15:48:21 -0300 Subject: [PATCH 35/39] add check vars by provider --- roles/config/tasks/check-vars-aws.yaml | 3 +++ roles/config/tasks/check-vars-oci.yaml | 19 +++++++++++++++++++ roles/config/tasks/check-vars.yaml | 3 +++ 3 files changed, 25 insertions(+) create mode 100644 roles/config/tasks/check-vars-aws.yaml create mode 100644 roles/config/tasks/check-vars-oci.yaml diff --git a/roles/config/tasks/check-vars-aws.yaml b/roles/config/tasks/check-vars-aws.yaml new file mode 100644 index 0000000..fccc671 --- /dev/null +++ b/roles/config/tasks/check-vars-aws.yaml @@ -0,0 +1,3 @@ +--- + +# TODO \ No newline at end of file diff --git a/roles/config/tasks/check-vars-oci.yaml b/roles/config/tasks/check-vars-oci.yaml new file mode 100644 index 0000000..e03fb70 --- /dev/null +++ b/roles/config/tasks/check-vars-oci.yaml @@ -0,0 +1,19 @@ +--- + +- name: Check Vars | oci_compartment_id + ansible.builtin.assert: + that: + - oci_compartment_id is defined + fail_msg: "'oci_compartment_id' is not defined" + +- name: Check Vars | oci_compartment_id_dns + ansible.builtin.assert: + that: + - oci_compartment_id_dns is defined + fail_msg: "'oci_compartment_id_dns' is not defined" + +- name: Check Vars | oci_compartment_id_image + ansible.builtin.assert: + that: + - oci_compartment_id_image is defined + fail_msg: "'oci_compartment_id_image' is not defined" \ No newline at end of file diff --git a/roles/config/tasks/check-vars.yaml b/roles/config/tasks/check-vars.yaml index 8cad6b8..738fde6 100644 --- a/roles/config/tasks/check-vars.yaml +++ b/roles/config/tasks/check-vars.yaml @@ -47,3 +47,6 @@ that: - _stat_installer.stat.exists fail_msg: "Installer binary is not present on path '{{ bin_openshift_install }}'. Run install_clients playbook first" + +- name: Check Vars | Provider + include: "./check-vars-{{ provider }}.yaml" \ No newline at end of file From 36ca09962272ab9137d729e75bb14adf81bb591e Mon Sep 17 00:00:00 2001 From: Marco Braga Date: Mon, 23 Oct 2023 15:48:37 -0300 Subject: [PATCH 36/39] fix container image expiration period --- hack/Containerfile | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/hack/Containerfile b/hack/Containerfile index b561050..cce8d03 100644 --- a/hack/Containerfile +++ b/hack/Containerfile @@ -2,12 +2,12 @@ FROM quay.io/centos/centos:stream9 ARG QUAY_EXPIRATION=1w ARG TARGETARCH=amd64 -ARG TARGETPLATFORM=linux-amd64 +ARG TARGETPLATFORM="linux-amd64" ARG TARGETOS=linux -LABEL quay.expires-after=${QUAY_EXPIRATION} \ - architecture=$TARGETARCH \ - platform=$TARGETPLATFORM \ - os=$TARGETOS +LABEL quay.expires-after="${QUAY_EXPIRATION}" \ + architecture="$TARGETARCH" \ + platform="$TARGETPLATFORM" \ + os="$TARGETOS" ENV ANSIBLE_UNSAFE_WRITES=1 WORKDIR /opt/okd-installer From 87d6d37c7ed06825a0a4c8c782b2c31cb6e29a92 Mon Sep 17 00:00:00 2001 From: Marco Braga Date: Mon, 23 Oct 2023 15:49:14 -0300 Subject: [PATCH 37/39] adding ansible interpreter note in the docs --- docs/guides/OCI/installing-quickly-agnostic.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/docs/guides/OCI/installing-quickly-agnostic.md b/docs/guides/OCI/installing-quickly-agnostic.md index 5625cc2..fac8feb 100644 --- a/docs/guides/OCI/installing-quickly-agnostic.md +++ b/docs/guides/OCI/installing-quickly-agnostic.md @@ -57,6 +57,9 @@ source ~/.openshift/env CLUSTER_NAME=oci-e414rc6ad3 VARS_FILE=./vars-oci-ha_${CLUSTER_NAME}.yaml +# if you are using python virtual env, like me ;D, set the interpreter path: +ANSIBLE_PYTHON_INTERPRETER=${VENV_PATH}/$VIRTUAL_ENV/bin/python3 + cat < ${VARS_FILE} provider: oci cluster_name: ${CLUSTER_NAME} @@ -73,7 +76,7 @@ oci_compartment_id_image: ${OCI_COMPARTMENT_ID_IMAGE} cluster_profile: ha destroy_bootstrap: no -config_ssh_key: "$(cat ~/.ssh/id_rsa.pub;cat ~/.ssh/openshift-dev.pub)" +config_ssh_key: "$(cat ~/.ssh/id_rsa.pub)" config_pull_secret_file: "${HOME}/.openshift/pull-secret-latest.json" config_cluster_version: 4.14.0-rc.6 From c1eb4c275e61aaca8a0c4dc259404b3e81f1f37f Mon Sep 17 00:00:00 2001 From: Marco Braga Date: Mon, 23 Oct 2023 16:06:23 -0300 Subject: [PATCH 38/39] fix label for target plat --- hack/Containerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hack/Containerfile b/hack/Containerfile index cce8d03..90b6013 100644 --- a/hack/Containerfile +++ b/hack/Containerfile @@ -2,7 +2,7 @@ FROM quay.io/centos/centos:stream9 ARG QUAY_EXPIRATION=1w ARG TARGETARCH=amd64 -ARG TARGETPLATFORM="linux-amd64" +ARG TARGETPLATFORM ARG TARGETOS=linux LABEL quay.expires-after="${QUAY_EXPIRATION}" \ architecture="$TARGETARCH" \ From 521f0aa1bd0bcb689fe884a5651495cf2cb06077 Mon Sep 17 00:00:00 2001 From: Marco Braga Date: Tue, 24 Oct 2023 12:57:09 -0300 Subject: [PATCH 39/39] doc/OCI: updating references for platform external deployment --- .../guides/OCI/installing-quickly-agnostic.md | 73 +++++-------------- .../guides/OCI/installing-quickly-external.md | 37 ++++++---- docs/guides/OCI/prerequisites.md | 5 +- 3 files changed, 41 insertions(+), 74 deletions(-) diff --git a/docs/guides/OCI/installing-quickly-agnostic.md b/docs/guides/OCI/installing-quickly-agnostic.md index fac8feb..de8ff3e 100644 --- a/docs/guides/OCI/installing-quickly-agnostic.md +++ b/docs/guides/OCI/installing-quickly-agnostic.md @@ -27,37 +27,41 @@ Install OCP/OKD Cluster on Oracle Cloud Infrastructure using agnostic installati ## Prerequisites -Read [here](./oci-prerequisites.md) +- okd-installer Collection with [OCI dependencies installed](./prerequisites.md): +- Compartments used to launch the cluster created and exported to variable `${OCI_COMPARTMENT_ID}` +- DNS Zone place the DNS zone and exported to variable `${OCI_COMPARTMENT_ID_DNS}` +- Compartment used to store the RHCOS image exported to variable `${OCI_COMPARTMENT_ID_IMAGE}` -## Installing OpenShift/OKD - -### Create the vars file +Example: ```bash cat < ~/.oci/env -# Compartment where the cluster will be installed +# Compartment that the cluster will be installed OCI_COMPARTMENT_ID="" # Compartment that the DNS Zone is created (based domain) -# Only RR will be added OCI_COMPARTMENT_ID_DNS="" # Compartment that the OS Image will be created OCI_COMPARTMENT_ID_IMAGE="" EOF source ~/.oci/env +``` -cat < ~/.openshift/env -export OCP_CUSTOM_RELEASE="quay.io/mtulio/ocp-release:latest" +- If you are using python virtual env, like me ;D, set the interpreter path: -OCP_RELEASE_413="quay.io/mrbraga/ocp-release:4.13.0-rc.0-x86_64_platexternal-kcmo-mco-3cmo" -EOF -source ~/.openshift/env +```bash +ANSIBLE_PYTHON_INTERPRETER=${VENV_PATH}/$VIRTUAL_ENV/bin/python3 +``` -CLUSTER_NAME=oci-e414rc6ad3 +## Installing OpenShift/OKD + +### Create the vars file + +```bash +CLUSTER_NAME=oci-n414rc6 VARS_FILE=./vars-oci-ha_${CLUSTER_NAME}.yaml -# if you are using python virtual env, like me ;D, set the interpreter path: ANSIBLE_PYTHON_INTERPRETER=${VENV_PATH}/$VIRTUAL_ENV/bin/python3 cat < ${VARS_FILE} @@ -67,8 +71,6 @@ cluster_name: ${CLUSTER_NAME} config_cluster_region: us-ashburn-1 config_base_domain: us-ashburn-1.splat-oci.devcluster.openshift.com -#TODO: create compartment validations -#TODO: allow create compartment from a parent oci_compartment_id: ${OCI_COMPARTMENT_ID} oci_compartment_id_dns: ${OCI_COMPARTMENT_ID_DNS} oci_compartment_id_image: ${OCI_COMPARTMENT_ID_IMAGE} @@ -81,11 +83,6 @@ config_pull_secret_file: "${HOME}/.openshift/pull-secret-latest.json" config_cluster_version: 4.14.0-rc.6 version: 4.14.0-rc.6 -# config_installer_environment: -# OPENSHIFT_INSTALL_RELEASE_IMAGE_OVERRIDE: "quay.io/mrbraga/ocp-release:4.14.0-rc.0-x86_64_platexternal-kcmo-mco-3cmo" - -# Define the OS Image mirror -# custom_image_id: rhcos-412.86.202212081411-0-openstack.x86_64 os_mirror: yes os_mirror_from: stream_artifacts @@ -100,45 +97,9 @@ os_mirror_to_oci: bucket: rhcos-images image_type: QCOW2 -## Apply patches to installer manifests (WIP) -# TODO: we must keep the OCI CCM manifests patch more generic - config_patches: - rm-capi-machines -- mc-kubelet-providerid -- deploy-oci-ccm -- deploy-oci-csi -- yaml_patch - -cfg_patch_yaml_patch_specs: - ## patch infra object to create External provider - - manifest: /manifests/cluster-infrastructure-02-config.yml - patch: '{"spec":{"platformSpec":{"type":"External","external":{"platformName":"oci"}}},"status":{"platform":"External","platformStatus":{"type":"External","external":{}}}}' - -cfg_patch_kubelet_providerid_script: | - PROVIDERID=\$(curl -H "Authorization: Bearer Oracle" -sL http://169.254.169.254/opc/v2/instance/ | jq -r .id); - -# using kube-system and downloading manifests from github -oci_ccm_namespace: kube-system -oci_ccm_version: v1.25.0 - -# Customize instance type -#compute_shape: "BM.Standard.E2.64" -#compute_shape_config: {} - -# spread nodes between "AZs" -oci_availability_domains: -- gzqB:US-ASHBURN-AD-1 -- gzqB:US-ASHBURN-AD-2 -- gzqB:US-ASHBURN-AD-3 - -oci_fault_domains: -- FAULT-DOMAIN-1 -- FAULT-DOMAIN-2 -- FAULT-DOMAIN-3 - EOF - ``` ### Install the clients diff --git a/docs/guides/OCI/installing-quickly-external.md b/docs/guides/OCI/installing-quickly-external.md index 080f4ef..d5172b6 100644 --- a/docs/guides/OCI/installing-quickly-external.md +++ b/docs/guides/OCI/installing-quickly-external.md @@ -25,15 +25,31 @@ EOF source ~/.oci/env ``` +- If you are using python virtual env, like me ;D, set the interpreter path: + +```bash +ANSIBLE_PYTHON_INTERPRETER=${VENV_PATH}/$VIRTUAL_ENV/bin/python3 +``` + ## Setup with Platform External type and CCM Create the vars file for okd-installer collection: +!!! warning "Ensure variables are defined" + Make sure all variables is defined, otherwise you may get unexpected failures. + ```sh + echo -e "OCI_COMPARTMENT_ID=${OCI_COMPARTMENT_ID}" + echo -e "OCI_COMPARTMENT_ID_DNS=${OCI_COMPARTMENT_ID_DNS}" + echo -e "OCI_COMPARTMENT_ID_IMAGE=${OCI_COMPARTMENT_ID_IMAGE}" + ``` + ```bash -# MCO patch without revendor (w/o disabling FG) -CLUSTER_NAME=oci-e414rc2ad3v1 +CLUSTER_NAME=oci-e414rc7v1 VARS_FILE=./vars-oci-ha_${CLUSTER_NAME}.yaml +# if you are using python virtual env, like me ;D, set the interpreter path: +ANSIBLE_PYTHON_INTERPRETER=${VENV_PATH}/$VIRTUAL_ENV/bin/python3 + cat < ${VARS_FILE} provider: oci cluster_name: ${CLUSTER_NAME} @@ -48,11 +64,11 @@ oci_compartment_id_image: ${OCI_COMPARTMENT_ID_IMAGE} cluster_profile: ha destroy_bootstrap: no -config_ssh_key: "$(cat ~/.ssh/openshift-dev.pub)" +config_ssh_key: "$(cat ~/.ssh/id_rsa.pub)" config_pull_secret_file: "${HOME}/.openshift/pull-secret-latest.json" -config_cluster_version: 4.14.0-rc.2 -version: 4.14.0-rc.2 +config_cluster_version: 4.14.0-rc.7 +version: 4.14.0-rc.7 # Platform External setup config_platform: external @@ -61,7 +77,6 @@ config_platform_spec: '{"platformName":"oci"}' # Available manifest paches (runs after 'create manifest' stage) config_patches: - rm-capi-machines -- mc_varlibetcd - mc-kubelet-providerid - deploy-oci-ccm #- deploy-oci-csi @@ -86,16 +101,6 @@ os_mirror_to_oci: bucket: rhcos-images image_type: QCOW2 -# Experimental: increase the boot volume performance -# controlplane_source_details: -# source_type: image -# boot_volume_size_in_gbs: 1200 -# boot_volume_vpus_per_gb: 120 - -# Mount control plane as a second volume -# cfg_patch_mc_varlibetcd: -# device_path: /dev/sdb - # spread nodes between "AZs" oci_availability_domains: - gzqB:US-ASHBURN-AD-1 diff --git a/docs/guides/OCI/prerequisites.md b/docs/guides/OCI/prerequisites.md index 6f38290..b93d3ca 100644 --- a/docs/guides/OCI/prerequisites.md +++ b/docs/guides/OCI/prerequisites.md @@ -21,9 +21,10 @@ hash_behavior=merge [inventory] enable_plugins = yaml, ini +# https://docs.ansible.com/ansible/latest/collections/ansible/posix/profile_tasks_callback.html [callback_profile_tasks] -task_output_limit=1000 -sort_order=none +task_output_limit=25 +sort_order=descending EOF ```