The following config includes:
-
One bastion host for installation
-
DNS and other resources for OCP4
-
SSH access setup
-
This file ./default_vars.yml contains all the variables you need to define to control the deployment of your environment. These are the defaults.
-
Override the defaults for your environment by creating your own myenvironment-variables.yml file, as below.
You will needs to define the ocp4_pull_secret
variable in order to deploy this config.
Add this variable to your secret file.
It should look like:
ocp4_pull_secret: '{"auths":{"cloud.openshift.com":{"auth":"...","email":"..."},"quay.io":{"auth":"...","email":"..."},"registry.connect.redhat.com":{"auth":"...","email":"..."},"registry.redhat.io":{"auth":"...","email":"..."}}}'
You can create yaml files of your desired configs and secrets and execute them:
ansible-playbook ansible/main.yaml -e @myenvironment-variables.yml -e@my-secrets.yml
Run the destroy_env.yml
playbook.
Ex: ansible-playbook ansible/configs/ocp4-disconnected-osp-lab/destroy_env.yml -e @myenvironment-variables.yml -e@my-secrets.yml
TODO: Tie this into the cloud_providers/osp_destroy_env.yml
The teardown process is roughly as follows:
-
Delete compute & storage resources
-
Use
openstack purge
-
ex:
openstack --os-cloud sten2 project purge --keep-project --project sten2-project
-
-
Delete network resources
-
Use
neutron purge
-
ex:
neutron --os-cloud sten2 purge bb4e371f4bf443feb6e4435c8f5df6ae
-
-
Delete the Heat stack
-
If you don’t delete the HOT as the user that created it, the keypair will not be deleted
-
-
Delete Keypair if necessary
-
TODO: add this functionality
-
-
Cleanup DNS entries for bastion & OpenShift
-
Delete project
Software stages in config provide:
-
Pull copy of the installer to bastion
-
Pull copy of the oc binary to bastion
-
Clone ansible for generating the IaaS to bastion
-
Go through the IPI created assets and create those?
-
Talk to engineering and see what they are creating?
-
-
Install any load balancer to utility VM?
-
Install registry to utility VM?
Lab:
-
Explain UPI
-
Explain OpenStack environment and requirements
-
Prep work
-
Create IaaS components
-
OpenShift install
-
OLM install workaround?
With either setup, you also need to have a clouds.yaml
file on your system with credentials.
You can store this either in your working directory or in ~/.config/openstack/clouds.yaml
.
To prepare an admin host to deploy this config. This has been tested on RHEL 7.7.
sudo subscription-manager register
sudo subscription-manager attach --pool=<yourpool>
sudo subscription-manager repos --disable=* --enable rhel-7-server-optional-rpms \
--enable rhel-7-server-rpms --enable rhel-7-server-extras-rpms
sudo yum update -y
sudo yum install python-virtualenv git gcc
git clone https://github.com/redhat-cop/agnosticd.git
cd agnosticd
git checkout disco-ocp4
virtualenv ~/venv-openstack
source ~/venv-openstack/bin/activate
pip install -r ./ansible/configs/ocp4-disconnected-ha-lab/files/admin_host_requirements.txt
# Install python3:
brew install python
# Make sure your path has this in it:
PATH="/usr/local/opt/python/libexec/bin:/usr/local/bin:$PATH"
# Make sure virtualenv and virtualenvwrapper are installed system wide
pip install virtualenv
pip install virtualenvwrapper
# Add this to your .bashrc
export WORKON_HOME=~/.virtualenvs
[ -f /usr/local/bin/virtualenvwrapper.sh ] && source /usr/local/bin/virtualenvwrapper.sh
# To start a new python virtual env
mkvirtualenv venv-openstack
# Activate virtual env
workon venv-openstack
# Clone repo and install python libraries
git clone https://github.com/redhat-cop/agnosticd.git
cd agnosticd
git checkout disco-ocp4
pip install -r ./ansible/configs/ocp4-disconnected-ha-lab/files/macos_requirements.txt
User access:
student_name
is defined either in sample_vars
or from deployer script. This is the account that people will use and will generally match their opentlc ID. lab-user
is the default defined in the role
Pre-software:
Student name is set up by the bastion-student-user role
It generates a password if not defined in student_password
It creates a user on the bastions
*We should have it create on all nodes (i.e. utilityVM also)
It adds student_key to the student_user account on bastion
*We should have it create on all nodes
Where do we get student_key from?
It adds env_authorized_key to the student_user account on bastion
What is this key actually used for? It gets generated in set_env_authorized_key role
If this key is dynamically generated per run, can we send it in email?
What about the guid-infra-key we create in heat template - can we use that instead of this?
*We should have it create on all nodes
It enables password auth and passwordless sudo
Nate added tasks to copy priv key, pub key, ssh conf from root > student .ssh directory
There is probably a better way
student_name account has the {{guid}}key.pub added to its authorized keys
cloud-user has ^ + sucked in ones + one generated by nova
Software:
We connect as ansible_user, which is cloud-user for OSP
We install python Openstack modules using pip3
We need to make this available for all users, or at least student_name
Add /usr/local/bin to system wide PATH
To load test, use cloudforms-oob:
./order_svc.sh -t 5 -y \
-c 'OPENTLC OpenShift 4 Labs' \
-d "environment=DEV,region=dev_na_osp,check=t,expiration=7,runtime=8" \
-i 'OpenShift 4 Install VM - OpenStack'