Merge pull request #403 from aishwaryabk/rel-4.8

Backport pending commits on release-4.8
ocp-power-automation · Mar 26, 2022 · a7e3e22 · a7e3e22
2 parents bb00fde + 7c28f60
commit a7e3e22
Show file tree

Hide file tree

Showing 12 changed files with 39 additions and 36 deletions.
diff --git a/docs/automation_host_prereqs.md b/docs/automation_host_prereqs.md
@@ -24,7 +24,7 @@ Install the following packages on the automation host. Select the appropriate in
 **Terraform >= 0.13.0**: Please refer to the [link](https://learn.hashicorp.com/terraform/getting-started/install.html) for instructions on installing Terraform. For validating the version run `terraform version` command after install.
 
 Install Terraform and providers for Power environment:
-1. Download the Terraform binary version 0.13.6 from https://www.power-devops.com/terraform and install it to /usr/local/bin.
+1. Download and install the Terraform binary (>= 0.13.0) for Linux/ppc64le from https://www.power-devops.com/terraform.
 2. Download the required Terraform providers for Power into your TF project directory:
 ```
 $ cd <path_to_TF_project>

diff --git a/docs/var.tfvars-doc.md b/docs/var.tfvars-doc.md
@@ -135,10 +135,11 @@ system_type         = "s922"    #Can be either s922 or e980
 
 These set of variables specify the username and the SSH key to be used for accessing the bastion node.
 ```
-rhel_username               = "root"
+rhel_username               = "root"  #Set it to an appropriate username for non-root user access
 public_key_file             = "data/id_rsa.pub"
 private_key_file            = "data/id_rsa"
 ```
+rhel_username is set to root. rhel_username can be set to an appropriate username having superuser privileges with no password prompt.
 Please note that only OpenSSH formatted keys are supported. Refer to the following links for instructions on creating SSH key based on your platform.
 - Windows 10 - https://phoenixnap.com/kb/generate-ssh-key-windows-10
 - Mac OSX - https://www.techrepublic.com/article/how-to-generate-ssh-keys-on-macos-mojave/

diff --git a/modules/1_prepare/prepare.tf b/modules/1_prepare/prepare.tf
@@ -133,15 +133,15 @@ resource "null_resource" "bastion_init" {
   }
   provisioner "file" {
     content     = var.private_key
-    destination = "~/.ssh/id_rsa"
+    destination = ".ssh/id_rsa"
   }
   provisioner "file" {
     content     = var.public_key
-    destination = "~/.ssh/id_rsa.pub"
+    destination = ".ssh/id_rsa.pub"
   }
   provisioner "remote-exec" {
     inline = [
-      "sudo chmod 600 ~/.ssh/id_rsa*",
+      "sudo chmod 600 .ssh/id_rsa*",
       "sudo sed -i.bak -e 's/^ - set_hostname/# - set_hostname/' -e 's/^ - update_hostname/# - update_hostname/' /etc/cloud/cloud.cfg",
       "sudo hostnamectl set-hostname --static ${lower(var.name_prefix)}bastion-${count.index}.${var.cluster_domain}",
       "echo 'HOSTNAME=${lower(var.name_prefix)}bastion-${count.index}.${var.cluster_domain}' | sudo tee -a /etc/sysconfig/network > /dev/null",
@@ -352,11 +352,11 @@ resource "null_resource" "setup_nfs_disk" {
   }
   provisioner "remote-exec" {
     inline = [
-      "rm -rf mkdir ${local.storage_path}; mkdir -p ${local.storage_path}; chmod -R 755 ${local.storage_path}",
+      "sudo rm -rf mkdir ${local.storage_path}; sudo mkdir -p ${local.storage_path}; sudo chmod -R 755 ${local.storage_path}",
       "sudo chmod +x /tmp/create_disk_link.sh",
       # Fix for copying file from Windows OS having CR
-      "sed -i 's/\r//g' /tmp/create_disk_link.sh",
-      "/tmp/create_disk_link.sh",
+      "sudo sed -i 's/\r//g' /tmp/create_disk_link.sh",
+      "sudo /tmp/create_disk_link.sh",
       "sudo mkfs.ext4 -F /dev/${local.disk_config.disk_name}",
       "echo '/dev/${local.disk_config.disk_name} ${local.storage_path} ext4 defaults 0 0' | sudo tee -a /etc/fstab > /dev/null",
       "sudo mount ${local.storage_path}",

diff --git a/modules/1_prepare/versions.tf b/modules/1_prepare/versions.tf
@@ -29,5 +29,5 @@ terraform {
       version = "~> 2.1"
     }
   }
-  required_version = "~> 0.13.0"
+  required_version = ">= 0.13.0"
 }
diff --git a/modules/4_nodes/versions.tf b/modules/4_nodes/versions.tf
@@ -29,5 +29,5 @@ terraform {
       version = "~> 2.1.0"
     }
   }
-  required_version = "~> 0.13.0"
+  required_version = ">= 0.13.0"
 }
diff --git a/modules/5_install/install.tf b/modules/5_install/install.tf
@@ -78,10 +78,12 @@ locals {
   }
 
   helpernode_inventory = {
-    bastion_ip = var.bastion_ip
+    rhel_username = var.rhel_username
+    bastion_ip    = var.bastion_ip
   }
 
   install_inventory = {
+    rhel_username  = var.rhel_username
     bastion_hosts  = [for ix in range(length(var.bastion_ip)) : "${var.name_prefix}bastion-${ix}"]
     bootstrap_host = var.bootstrap_ip == "" ? "" : "${var.node_prefix}bootstrap"
     master_hosts   = [for ix in range(length(var.master_ips)) : "${var.node_prefix}master-${ix}"]
@@ -161,21 +163,21 @@ resource "null_resource" "config" {
   }
   provisioner "file" {
     content     = templatefile("${path.module}/templates/helpernode_inventory", local.helpernode_inventory)
-    destination = "~/ocp4-helpernode/inventory"
+    destination = "ocp4-helpernode/inventory"
   }
   provisioner "file" {
     content     = var.pull_secret
-    destination = "~/.openshift/pull-secret"
+    destination = ".openshift/pull-secret"
   }
   provisioner "file" {
     content     = templatefile("${path.module}/templates/helpernode_vars.yaml", local.helpernode_vars)
-    destination = "~/ocp4-helpernode/helpernode_vars.yaml"
+    destination = "ocp4-helpernode/helpernode_vars.yaml"
   }
   provisioner "remote-exec" {
     inline = [
       "sed -i \"/^helper:.*/a \\ \\ networkifacename: $(ip r | grep \"${var.cidr} dev\" | awk '{print $3}')\" ocp4-helpernode/helpernode_vars.yaml",
       "echo 'Running ocp4-helpernode playbook...'",
-      "cd ocp4-helpernode && ansible-playbook -e @helpernode_vars.yaml tasks/main.yml ${var.ansible_extra_options}"
+      "cd ocp4-helpernode && ansible-playbook -e @helpernode_vars.yaml tasks/main.yml ${var.ansible_extra_options} --become"
     ]
   }
 }
@@ -204,10 +206,10 @@ resource "null_resource" "configure_public_vip" {
   provisioner "remote-exec" {
     inline = [
       # Set state=MASTER,priority=100 for first bastion and state=BACKUP,priority=90 for others.
-      "sed -i \"s/state <STATE>/state ${count.index == 0 ? "MASTER" : "BACKUP"}/\" /tmp/keepalived_vrrp_instance",
-      "sed -i \"s/priority <PRIORITY>/priority ${count.index == 0 ? "100" : "90"}/\" /tmp/keepalived_vrrp_instance",
-      "sed -i \"s/interface <INTERFACE>/interface $(ip r | grep ${var.public_cidr} | awk '{print $3}')/\" /tmp/keepalived_vrrp_instance",
-      "cat /tmp/keepalived_vrrp_instance >> /etc/keepalived/keepalived.conf",
+      "sudo sed -i \"s/state <STATE>/state ${count.index == 0 ? "MASTER" : "BACKUP"}/\" /tmp/keepalived_vrrp_instance",
+      "sudo sed -i \"s/priority <PRIORITY>/priority ${count.index == 0 ? "100" : "90"}/\" /tmp/keepalived_vrrp_instance",
+      "sudo sed -i \"s/interface <INTERFACE>/interface $(ip r | grep ${var.public_cidr} | awk '{print $3}')/\" /tmp/keepalived_vrrp_instance",
+      "sudo cat /tmp/keepalived_vrrp_instance >> /etc/keepalived/keepalived.conf",
       "sudo systemctl restart keepalived"
     ]
   }
@@ -234,14 +236,14 @@ echo "Configuring SNAT (experimental)..."
 
 PRIVATE_INTERFACE=$(ip r | grep "${var.cidr} dev" | awk '{print $3}')
 
-firewall-cmd --zone=public --add-masquerade --permanent
+sudo firewall-cmd --zone=public --add-masquerade --permanent
 # Masquerade will enable ip forwarding automatically
-firewall-cmd --reload
+sudo firewall-cmd --reload
 
 #Checksum needs to be turned off to avoid a bug with ibmveth
-PRIVATE_CONNECTION_NAME=$(nmcli -t -f NAME connection show | grep $PRIVATE_INTERFACE)
-nmcli connection modify "$PRIVATE_CONNECTION_NAME" ethtool.feature-rx off
-nmcli connection up "$PRIVATE_CONNECTION_NAME"
+PRIVATE_CONNECTION_NAME=$(sudo nmcli -t -f NAME connection show | grep $PRIVATE_INTERFACE)
+sudo nmcli connection modify "$PRIVATE_CONNECTION_NAME" ethtool.feature-rx off
+sudo nmcli connection up "$PRIVATE_CONNECTION_NAME"
 
 EOF
     ]
@@ -301,7 +303,7 @@ resource "null_resource" "pre_install" {
   # DHCP config for setting MTU; Since helpernode DHCP template does not support MTU setting
   provisioner "remote-exec" {
     inline = [
-      "sed -i.mtubak '/option routers/i option interface-mtu ${var.private_network_mtu};' /etc/dhcp/dhcpd.conf",
+      "sudo sed -i.mtubak '/option routers/i option interface-mtu ${var.private_network_mtu};' /etc/dhcp/dhcpd.conf",
       "sudo systemctl restart dhcpd.service"
     ]
   }
@@ -333,11 +335,11 @@ resource "null_resource" "install" {
   }
   provisioner "file" {
     content     = templatefile("${path.module}/templates/install_inventory", local.install_inventory)
-    destination = "~/ocp4-playbooks/inventory"
+    destination = "ocp4-playbooks/inventory"
   }
   provisioner "file" {
     content     = templatefile("${path.module}/templates/install_vars.yaml", local.install_vars)
-    destination = "~/ocp4-playbooks/install_vars.yaml"
+    destination = "ocp4-playbooks/install_vars.yaml"
   }
   provisioner "remote-exec" {
     inline = [
@@ -362,7 +364,7 @@ resource "null_resource" "powervs_config" {
 
   provisioner "file" {
     content     = templatefile("${path.module}/templates/powervs_config_vars.yaml", local.powervs_config_vars)
-    destination = "~/ocp4-playbooks/powervs_config_vars.yaml"
+    destination = "ocp4-playbooks/powervs_config_vars.yaml"
   }
   provisioner "remote-exec" {
     inline = [
@@ -391,7 +393,7 @@ resource "null_resource" "upgrade" {
 
   provisioner "file" {
     content     = templatefile("${path.module}/templates/upgrade_vars.yaml", local.upgrade_vars)
-    destination = "~/ocp4-playbooks/upgrade_vars.yaml"
+    destination = "ocp4-playbooks/upgrade_vars.yaml"
   }
   provisioner "remote-exec" {
     inline = [

diff --git a/modules/5_install/templates/helpernode_inventory b/modules/5_install/templates/helpernode_inventory
@@ -1,4 +1,4 @@
 [vmhost]
 %{ for ip in bastion_ip ~}
-${ip} ansible_connection=ssh ansible_user=root
+${ip} ansible_connection=ssh ansible_user=${rhel_username}
 %{ endfor ~}
diff --git a/modules/5_install/templates/install_inventory b/modules/5_install/templates/install_inventory
@@ -1,6 +1,6 @@
 [bastion]
 %{ for bastion in bastion_hosts ~}
-${bastion} ansible_connection=ssh ansible_user=root
+${bastion} ansible_connection=ssh ansible_user=${rhel_username}
 %{ endfor ~}
 
 %{ if bootstrap_host != "" ~}

diff --git a/modules/5_install/versions.tf b/modules/5_install/versions.tf
@@ -25,5 +25,5 @@ terraform {
       version = "~> 2.1"
     }
   }
-  required_version = "~> 0.13.0"
+  required_version = ">= 0.13.0"
 }
diff --git a/modules/7_ibmcloud/versions.tf b/modules/7_ibmcloud/versions.tf
@@ -25,5 +25,5 @@ terraform {
       version = "1.39.0"
     }
   }
-  required_version = "~> 0.13.0"
+  required_version = ">= 0.13.0"
 }
diff --git a/var.tfvars b/var.tfvars
@@ -26,8 +26,8 @@ processor_type   = "shared"
 system_type      = "s922"
 network_name     = "ocp-net"
 
-rhel_username                   = "root"
-connection_timeout              = 30 # minutes
+rhel_username                   = "root" #Set it to an appropriate username for non-root user access
+connection_timeout              = 30     # minutes
 public_key_file                 = "data/id_rsa.pub"
 private_key_file                = "data/id_rsa"
 rhel_subscription_username      = "<subscription-id>"       #Leave this as-is if using CentOS as bastion image

diff --git a/versions.tf b/versions.tf
@@ -29,5 +29,5 @@ terraform {
       version = "~> 2.3"
     }
   }
-  required_version = "~> 0.13.0"
+  required_version = ">= 0.13.0"
 }