The following config includes:
-
One bastion host for installation
-
One utility VM for other services such as container registry and httpd
-
DNS and other resources for OCP4
-
SSH access setup
-
This file ./default_vars.yml contains all the variables you need to define to control the deployment of your environment. These are the defaults.
-
Override the defaults for your environment by creating your own myenvironment-variables.yml file, as below.
You will needs to define the ocp4_pull_secret
variable in order to deploy this config.
Add this variable to your secret file.
It should look like:
ocp4_pull_secret: '{"auths":{"cloud.openshift.com":{"auth":"...","email":"..."},"quay.io":{"auth":"...","email":"..."},"registry.connect.redhat.com":{"auth":"...","email":"..."},"registry.redhat.io":{"auth":"...","email":"..."}}}'
You can create yaml files of your desired configs and secrets and execute them:
ansible-playbook ansible/main.yaml -e @myenvironment-variables.yml -e@my-secrets.yml
Run the destroy_env.yml
playbook.
Ex: ansible-playbook ansible/configs/ocp4-disconnected-osp-lab/destroy_env.yml -e @myenvironment-variables.yml -e@my-secrets.yml
TODO: Tie this into the cloud_providers/osp_destroy_env.yml
The teardown process is roughly as follows:
* Delete compute & storage resources
Use openstack purge
ex: openstack --os-cloud sten2 project purge --keep-project --project sten2-project
* Delete network resources
Use neutron purge
ex: neutron --os-cloud sten2 purge bb4e371f4bf443feb6e4435c8f5df6ae
* Delete the Heat stack
If you don’t delete the HOT as the user that created it, the keypair will not be deleted
* Delete Keypair if necessary
TODO: add this functionality
* Cleanup DNS entries for bastion & OpenShift
* Delete project
Software stages in config provide: * Pull copy of the installer to bastion * Pull copy of the oc binary to bastion * Clone ansible for generating the IaaS to bastion Go through the IPI created assets and create those? Talk to engineering and see what they are creating? * Install any load balancer to utility VM? * Install registry to utility VM?
Lab: * Explain UPI * Explain OpenStack environment and requirements * Prep work * Create IaaS components * OpenShift install * OLM install workaround?
With either setup, you also need to have a clouds.yaml
file on your system with credentials.
You can store this either in your working directory or in ~/.config/openstack/clouds.yaml
.
To prepare an admin host to deploy this config. This has been tested on RHEL 7.7. sudo subscription-manager register sudo subscription-manager attach --pool=<yourpool> sudo subscription-manager repos --disable=* --enable rhel-7-server-optional-rpms \ --enable rhel-7-server-rpms --enable rhel-7-server-extras-rpms
sudo yum update -y
sudo yum install python-virtualenv git gcc
git clone https://github.com/redhat-cop/agnosticd.git cd agnosticd git checkout disco-ocp4
virtualenv ~/venv-openstack source ~/venv-openstack/bin/activate
pip install -r ./ansible/configs/ocp4-disconnected-ha-lab/files/admin_host_requirements.txt
brew install python
PATH="/usr/local/opt/python/libexec/bin:/usr/local/bin:$PATH"
pip install virtualenv pip install virtualenvwrapper
export WORKON_HOME=~/.virtualenvs [ -f /usr/local/bin/virtualenvwrapper.sh ] && source /usr/local/bin/virtualenvwrapper.sh
mkvirtualenv venv-openstack
workon venv-openstack
git clone https://github.com/redhat-cop/agnosticd.git cd agnosticd git checkout disco-ocp4 pip install -r ./ansible/configs/ocp4-disconnected-ha-lab/files/macos_requirements.txt
User access: student_name is defined either in sample_vars or from deployer script. This is the account that people will use and will generally match their opentlc ID. lab-user is the default defined in the role
Pre-software: Student name is set up by the bastion-student-user role It generates a password if not defined in student_password It creates a user on the bastions *We should have it create on all nodes (i.e. utilityVM also) It adds student_key to the student_user account on bastion *We should have it create on all nodes Where do we get student_key from? It adds env_authorized_key to the student_user account on bastion What is this key actually used for? It gets generated in set_env_authorized_key role If this key is dynamically generated per run, can we send it in email? What about the guid-infra-key we create in heat template - can we use that instead of this? *We should have it create on all nodes It enables password auth and passwordless sudo Nate added tasks to copy priv key, pub key, ssh conf from root > student .ssh directory There is probably a better way
student_name account has the {{guid}}key.pub added to its authorized keys cloud-user has ^ + sucked in ones + one generated by nova
Software: We connect as ansible_user, which is cloud-user for OSP We install python Openstack modules using pip3 We need to make this available for all users, or at least student_name Add /usr/local/bin to system wide PATH
To load test, use cloudforms-oob: ./order_svc.sh -t 5 -y -c 'OPENTLC OpenShift 4 Labs' -d "environment=DEV,region=dev_na_osp,check=t,expiration=7,runtime=8" -i 'OpenShift 4 Install VM - OpenStack'