This project is a basic automation to use the OpenShift Installation sandbox on Red Hat OpenTLC (internal users only). The purpose of this tool is not automate the sandbox provising (see AgnosticD for that), but to provide a simple and fast way to generate a custom install-config.yaml and AWS credential file, download the necessary binaries and start the installation.
Ansible 2.9+ must be installed on the system. Supported systems are Linux and Mac OS.
The following additional packages must be installed:
- Python Netaddr to manipulate addressed (
python3-netaddr
on Fedora/RHEL ornetaddr
if installing pip3) - Python OpenShift to access OpenShift API (
python3-openshift
on Fedora/RHEL oropenshift
if installing with pip3) - Python Passlib to generate htpasswd files (
python3-passlib
on Fedora/RHEL orpasslib
if installing with pip3)
A future release will automatically handle those dependencies on the different platforms.
The following Ansible Collections are required:
community.general
, used by core modulesansible.netcommon
, used to apply IP filteringkubernetes.core
, used to test installation results
To install them:
$ ansible-galaxy collection install -r requirements.yml
On Mac OS X the homebrew package manager must be installed to manage extra packages.
First, loging to https://labs.opentlc.com to order a new OpenShift 4 Installation Lab sandbox under
Services ->
Catalog ->
OPENTLC OpenShift 4 Labs ->
OpenShift 4 Installation Lab
Click on the Order button and complete the request form by submitting the order the lab reason, the provisioning AWS region and by accepting terms and conditions.
When OpenTLC provisioning is complete, an e-mail will be sent to the requesting user with informations about the temporary Sandbox environment.
The important informations in the OpenTLC e-mails appear as follows:
Here is some important information about your environment:
Top level domain: .sandboxNNN.opentlc.com
WARNING: with great power comes great responsibility. We monitor usage.
Your AWS programmatic access:
aws_access_key_id = XXXXXXXXXXXXXXXXXXXX
aws_secret_access_key = xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
SSH Access: ssh <username>@<bastion_url>
SSH password: xxxxxxxxxx
IMPORTANT: Remember that all OpenTLC labs are time constrained and will be destroyed after a variable amount of time (usually 4/5 working days).
After receiving the informations run the cluster deploy playbook locally:
$ ansible-playbook install.yaml
Ansible will prompt for sudo password to install the latest oc
and openshift-install
binaries under the /usr/local/bin
path.
Users are expected to provide the following mandatory informations in the user_info.yaml
file in order to complete the installation.
base_domain
: the sandbox base domain that will be used to expose APIs and Ingressaws_access_key_id
: the AWS acces key id available in the received e-mail.aws_secret_access_key
: the AWS secret access key available in the received e-mail.pull_secret
: the Red Hat pull secret necessary to pull the cluster imagesssh_key
: the public SSH key that will be injected in the nodesinstall_dir
: the installation directory where install files and logs will be created
After the installation login to the cluster using the provided informations
in the Ansible output or in the .openshift_install.log
file in the installation
directory.
Under install_dir/auth
the installation deploys the kubeconfig
file.
The OpenTLC labs use AWS sandboxes for demo and training purposes but it is important to avoid unnecessary compute resource usage, for cost and environmental reasons. After finishing using a cluster destroy it using the follwing command:
$ ansible-playbook destroy.yaml
The install_path
variable must be provided (again, in the user_info.yaml
file,
to confirm the previously used installation directory.
Users can customize cluster installation configs or day two customizations by
editing the cluster_config_vars.yaml
. After the base cluster installation is
complete users can choose to create custom users with the HTPasswd identity
provider or to deploy common extra operators with a simple boolean variable.
Available extra configs, with their predefined values, are:
---
# Cluster name
cluster_name: ocp4
# Sizing of master nodes
master_flavor: m5.xlarge
# Sizing of worker nodes.
worker_flavor: m5.large
# Number or worker replicas.
worker_replicas: 3
# AWS install region
aws_region: eu-central-1
# Network type. Supported values: OpenShiftSDN, OVNKubernetes
network_type: OpenShiftSDN
# The service network used top allocate service vips. To test Submariner
# multicluster connectivity be sure to use diffrenet CIDRs.
service_network: 172.30.0.0/16
# Enable FIPS mode
fips_enabled: false
## Post Install Configs
# HTPasswd Users. Change passwords before installing.
htpasswd_users:
developer1: RedHat123!
developer2: RedHat123!
# Install OpenShift Pipelines Operator
pipelines_operator: true
# Install OpenShift GitOps Operator
gitops_operator: true
# Install Serverless Operator
serverless_operator: true
# Install OCS Operator
ocs_operator: true
Sometimes it is useful to repeat the pre and post install tasks for debugging
purposes without having to redeploy the cluster. To do so, skip the install task
using the --skip-tags
option:
$ ansible-playbook cluster_deploy.yaml --skip-tags install
Gianni Salinetti [email protected]