Skip to content

Latest commit

 

History

History
188 lines (136 loc) · 5.88 KB

README.adoc

File metadata and controls

188 lines (136 loc) · 5.88 KB

OCP 4 Cluster

Config Description

The following config includes:

  • One bastion host for installation

  • DNS and other resources for OCP4

  • SSH access setup

Review the default_vars.yml variable file

  • This file ./default_vars.yml contains all the variables you need to define to control the deployment of your environment. These are the defaults.

  • Override the defaults for your environment by creating your own myenvironment-variables.yml file, as below.

Secrets

You will needs to define the ocp4_pull_secret variable in order to deploy this config.

Add this variable to your secret file.

It should look like:

ocp4_pull_secret: '{"auths":{"cloud.openshift.com":{"auth":"...","email":"..."},"quay.io":{"auth":"...","email":"..."},"registry.connect.redhat.com":{"auth":"...","email":"..."},"registry.redhat.io":{"auth":"...","email":"..."}}}'

Running Ansible Playbook

Running Playbook With Environment and Secrets files

You can create yaml files of your desired configs and secrets and execute them:

ansible-playbook ansible/main.yaml -e @myenvironment-variables.yml -e@my-secrets.yml

To Delete an environment

Run the destroy_env.yml playbook.

Ex: ansible-playbook ansible/configs/ocp4-disconnected-osp-lab/destroy_env.yml -e @myenvironment-variables.yml -e@my-secrets.yml TODO: Tie this into the cloud_providers/osp_destroy_env.yml

The teardown process is roughly as follows:

  • Delete compute & storage resources

    • Use openstack purge

    • ex: openstack --os-cloud sten2 project purge --keep-project --project sten2-project

  • Delete network resources

    • Use neutron purge

    • ex: neutron --os-cloud sten2 purge bb4e371f4bf443feb6e4435c8f5df6ae

  • Delete the Heat stack

    • If you don’t delete the HOT as the user that created it, the keypair will not be deleted

  • Delete Keypair if necessary

    • TODO: add this functionality

  • Cleanup DNS entries for bastion & OpenShift

  • Delete project

Software stages in config provide:

  • Pull copy of the installer to bastion

  • Pull copy of the oc binary to bastion

  • Clone ansible for generating the IaaS to bastion

    • Go through the IPI created assets and create those?

    • Talk to engineering and see what they are creating?

  • Install any load balancer to utility VM?

  • Install registry to utility VM?

Lab:

  • Explain UPI

  • Explain OpenStack environment and requirements

  • Prep work

  • Create IaaS components

  • OpenShift install

  • OLM install workaround?

Workstation Setup:

With either setup, you also need to have a clouds.yaml file on your system with credentials. You can store this either in your working directory or in ~/.config/openstack/clouds.yaml.

RHEL:

To prepare an admin host to deploy this config. This has been tested on RHEL 7.7.

sudo subscription-manager register
sudo subscription-manager attach --pool=<yourpool>
sudo subscription-manager repos --disable=* --enable rhel-7-server-optional-rpms \
  --enable rhel-7-server-rpms --enable rhel-7-server-extras-rpms

sudo yum update -y

sudo yum install python-virtualenv git gcc

git clone https://github.com/redhat-cop/agnosticd.git
cd agnosticd
git checkout disco-ocp4

virtualenv ~/venv-openstack
source ~/venv-openstack/bin/activate

pip install -r ./ansible/configs/ocp4-disconnected-ha-lab/files/admin_host_requirements.txt

MacOS:

# Install python3:
brew install python

# Make sure your path has this in it:
PATH="/usr/local/opt/python/libexec/bin:/usr/local/bin:$PATH"

# Make sure virtualenv and virtualenvwrapper are installed system wide
pip install virtualenv
pip install virtualenvwrapper

# Add this to your .bashrc
export WORKON_HOME=~/.virtualenvs
[ -f /usr/local/bin/virtualenvwrapper.sh ] && source /usr/local/bin/virtualenvwrapper.sh

# To start a new python virtual env
mkvirtualenv venv-openstack

# Activate virtual env
workon venv-openstack

# Clone repo and install python libraries
git clone https://github.com/redhat-cop/agnosticd.git
cd agnosticd
git checkout disco-ocp4
pip install -r ./ansible/configs/ocp4-disconnected-ha-lab/files/macos_requirements.txt

User access:

student_name is defined either in sample_vars or from deployer script. This is the account that people will use and will generally match their opentlc ID. lab-user is the default defined in the role

Pre-software:

Student name is set up by the bastion-student-user role
  It generates a password if not defined in student_password
  It creates a user on the bastions
    *We should have it create on all nodes (i.e. utilityVM also)
  It adds student_key to the student_user account on bastion
    *We should have it create on all nodes
    Where do we get student_key from?
  It adds env_authorized_key to the student_user account on bastion
    What is this key actually used for? It gets generated in set_env_authorized_key role
    If this key is dynamically generated per run, can we send it in email?
    What about the guid-infra-key we create in heat template - can we use that instead of this?
    *We should have it create on all nodes
  It enables password auth and passwordless sudo
Nate added tasks to copy priv key, pub key, ssh conf from root > student .ssh directory
  There is probably a better way

student_name account has the {{guid}}key.pub added to its authorized keys
cloud-user has ^ + sucked in ones + one generated by nova

Software:

We connect as ansible_user, which is cloud-user for OSP
We install python Openstack modules using pip3
  We need to make this available for all users, or at least student_name
  Add /usr/local/bin to system wide PATH

To load test, use cloudforms-oob:

./order_svc.sh -t 5 -y \
  -c 'OPENTLC OpenShift 4 Labs' \
  -d "environment=DEV,region=dev_na_osp,check=t,expiration=7,runtime=8" \
  -i 'OpenShift 4 Install VM - OpenStack'