Skip to content

Latest commit

 

History

History
 
 

ocp4-cluster

OCP 4 Cluster

Config Description

The following config includes:

  • One bastion host for installation

  • One utility VM for other services such as container registry and httpd

  • DNS and other resources for OCP4

  • SSH access setup

Review the default_vars.yml variable file

  • This file ./default_vars.yml contains all the variables you need to define to control the deployment of your environment. These are the defaults.

  • Override the defaults for your environment by creating your own myenvironment-variables.yml file, as below.

Secrets

You will needs to define the ocp4_pull_secret variable in order to deploy this config.

Add this variable to your secret file.

It should look like:

ocp4_pull_secret: '{"auths":{"cloud.openshift.com":{"auth":"...","email":"..."},"quay.io":{"auth":"...","email":"..."},"registry.connect.redhat.com":{"auth":"...","email":"..."},"registry.redhat.io":{"auth":"...","email":"..."}}}'

Running Ansible Playbook

Running Playbook With Environment and Secrets files

You can create yaml files of your desired configs and secrets and execute them:

ansible-playbook ansible/main.yaml -e @myenvironment-variables.yml -e@my-secrets.yml

To Delete an environment

Run the destroy_env.yml playbook.

Ex: ansible-playbook ansible/configs/ocp4-disconnected-osp-lab/destroy_env.yml -e @myenvironment-variables.yml -e@my-secrets.yml TODO: Tie this into the cloud_providers/osp_destroy_env.yml

The teardown process is roughly as follows: * Delete compute & storage resources Use openstack purge ex: openstack --os-cloud sten2 project purge --keep-project --project sten2-project * Delete network resources Use neutron purge ex: neutron --os-cloud sten2 purge bb4e371f4bf443feb6e4435c8f5df6ae * Delete the Heat stack If you don’t delete the HOT as the user that created it, the keypair will not be deleted * Delete Keypair if necessary TODO: add this functionality * Cleanup DNS entries for bastion & OpenShift * Delete project

Software stages in config provide: * Pull copy of the installer to bastion * Pull copy of the oc binary to bastion * Clone ansible for generating the IaaS to bastion Go through the IPI created assets and create those? Talk to engineering and see what they are creating? * Install any load balancer to utility VM? * Install registry to utility VM?

Lab: * Explain UPI * Explain OpenStack environment and requirements * Prep work * Create IaaS components * OpenShift install * OLM install workaround?

Workstation Setup:

With either setup, you also need to have a clouds.yaml file on your system with credentials. You can store this either in your working directory or in ~/.config/openstack/clouds.yaml.

RHEL:

To prepare an admin host to deploy this config. This has been tested on RHEL 7.7. sudo subscription-manager register sudo subscription-manager attach --pool=<yourpool> sudo subscription-manager repos --disable=* --enable rhel-7-server-optional-rpms \ --enable rhel-7-server-rpms --enable rhel-7-server-extras-rpms

sudo yum update -y

sudo yum install python-virtualenv git gcc

git clone https://github.com/redhat-cop/agnosticd.git cd agnosticd git checkout disco-ocp4

virtualenv ~/venv-openstack source ~/venv-openstack/bin/activate

pip install -r ./ansible/configs/ocp4-disconnected-ha-lab/files/admin_host_requirements.txt

MacOS:

Install python3:

brew install python

Make sure your path has this in it:

PATH="/usr/local/opt/python/libexec/bin:/usr/local/bin:$PATH"

Make sure virtualenv and virtualenvwrapper are installed system wide

pip install virtualenv pip install virtualenvwrapper

Add this to your .bashrc

export WORKON_HOME=~/.virtualenvs [ -f /usr/local/bin/virtualenvwrapper.sh ] && source /usr/local/bin/virtualenvwrapper.sh

To start a new python virtual env

mkvirtualenv venv-openstack

Activate virtual env

workon venv-openstack

Clone repo and install python libraries

git clone https://github.com/redhat-cop/agnosticd.git cd agnosticd git checkout disco-ocp4 pip install -r ./ansible/configs/ocp4-disconnected-ha-lab/files/macos_requirements.txt

User access: student_name is defined either in sample_vars or from deployer script. This is the account that people will use and will generally match their opentlc ID. lab-user is the default defined in the role

Pre-software: Student name is set up by the bastion-student-user role It generates a password if not defined in student_password It creates a user on the bastions *We should have it create on all nodes (i.e. utilityVM also) It adds student_key to the student_user account on bastion *We should have it create on all nodes Where do we get student_key from? It adds env_authorized_key to the student_user account on bastion What is this key actually used for? It gets generated in set_env_authorized_key role If this key is dynamically generated per run, can we send it in email? What about the guid-infra-key we create in heat template - can we use that instead of this? *We should have it create on all nodes It enables password auth and passwordless sudo Nate added tasks to copy priv key, pub key, ssh conf from root > student .ssh directory There is probably a better way

student_name account has the {{guid}}key.pub added to its authorized keys cloud-user has ^ + sucked in ones + one generated by nova

Software: We connect as ansible_user, which is cloud-user for OSP We install python Openstack modules using pip3 We need to make this available for all users, or at least student_name Add /usr/local/bin to system wide PATH

To load test, use cloudforms-oob: ./order_svc.sh -t 5 -y -c 'OPENTLC OpenShift 4 Labs' -d "environment=DEV,region=dev_na_osp,check=t,expiration=7,runtime=8" -i 'OpenShift 4 Install VM - OpenStack'