From 014c9b97f4d0260de0ce712b006dc683abb8f96e Mon Sep 17 00:00:00 2001 From: Marco Braga Date: Tue, 2 May 2023 02:17:45 -0300 Subject: [PATCH] review and split non-provider intergration changes --- .github/workflows/mock-aws.yaml | 21 ++- playbooks/config.yaml | 1 - playbooks/create_all.yaml | 33 ++-- playbooks/destroy_cluster.yaml | 24 ++- playbooks/group_vars/all.yaml | 3 +- playbooks/os_mirror.yaml | 12 ++ playbooks/stack_loadbalancer.yaml | 21 ++- .../templates/ocp-bootstrap-user-data.j2 | 4 +- playbooks/templates/ocp-nodes-user-data.j2 | 4 +- .../HighlyAvailable/node-bootstrap.yaml | 3 +- .../HighlyAvailable/node-compute.yaml | 14 +- .../HighlyAvailable/node-controlplane.yaml | 14 +- .../SingleReplica/node-bootstrap.yaml | 3 +- .../SingleReplica/node-controlplane.yaml | 5 +- .../profiles/ha-single-az/node-bootstrap.yaml | 3 +- .../profiles/ha-single-az/node-compute.yaml | 14 +- .../ha-single-az/node-controlplane.yaml | 14 +- roles/bootstrap/meta/main.yml | 3 - roles/clients/defaults/main.yaml | 7 + roles/clients/meta/main.yml | 5 +- roles/clients/tasks/main.yaml | 79 ++++++--- roles/cloud_load_balancer | 2 +- roles/config/meta/main.yml | 3 - roles/config/tasks/create-assertions.yaml | 26 +++ roles/config/tasks/create-config.yaml | 32 ++++ roles/config/tasks/create-coreos-stream.yml | 8 + roles/config/tasks/create-ignitions.yaml | 17 ++ roles/config/tasks/create-manifests.yaml | 28 ++++ roles/config/tasks/create.yaml | 61 +------ roles/config/tasks/load.yaml | 150 ++++++++++-------- roles/config/tasks/patch-manifests.yaml | 19 +++ roles/config/templates/install-config.yaml.j2 | 2 +- roles/csr_approver/meta/main.yml | 3 - roles/destroy/meta/main.yml | 5 +- roles/os_mirror/README.md | 0 roles/os_mirror/defaults/main.yml | 2 + roles/os_mirror/meta/main.yml | 21 +++ roles/os_mirror/tasks/main.yaml | 6 + roles/os_mirror/tasks/stream_artifacts.yaml | 16 ++ 39 files changed, 455 insertions(+), 233 deletions(-) create mode 100644 playbooks/os_mirror.yaml create mode 100644 roles/config/tasks/create-config.yaml create mode 100644 roles/config/tasks/create-coreos-stream.yml create mode 100644 roles/config/tasks/create-ignitions.yaml create mode 100644 roles/config/tasks/create-manifests.yaml create mode 100644 roles/config/tasks/patch-manifests.yaml create mode 100644 roles/os_mirror/README.md create mode 100644 roles/os_mirror/defaults/main.yml create mode 100644 roles/os_mirror/meta/main.yml create mode 100644 roles/os_mirror/tasks/main.yaml create mode 100644 roles/os_mirror/tasks/stream_artifacts.yaml diff --git a/.github/workflows/mock-aws.yaml b/.github/workflows/mock-aws.yaml index 0bbefd5..bd68598 100644 --- a/.github/workflows/mock-aws.yaml +++ b/.github/workflows/mock-aws.yaml @@ -15,7 +15,7 @@ defaults: working-directory: 'mtulio.okd_installer' jobs: - create_all: + create_destroy_all: name: create-all runs-on: ubuntu-latest defaults: @@ -110,17 +110,32 @@ jobs: ansible-playbook mtulio.okd_installer.install_clients -e @$VARS_FILE tree ~/.ansible/okd-installer/bin || true - - name: Create cluster (play create_all) + # step to run create_all in new environment + - name: Create cluster (play create_all/new) env: VARS_FILE: "./vars-${{ steps.vars.outputs.cluster-name }}.yaml" run: | set -x - echo "Running create_all, the stdout will be suprised..." + echo "Running create_all new infrastructure..." ./run-play-steps.sh create_all cat ~/.ansible/okd-installer/clusters/${{ steps.vars.outputs.cluster-name }}/cluster_state.json || true cat ~/.ansible/okd-installer/clusters/${{ steps.vars.outputs.cluster-name }}install-config-bkp.yaml || true + # step to run create_all in existing environment (immutable) + - name: Create cluster (play create_all/existing) + env: + VARS_FILE: "./vars-${{ steps.vars.outputs.cluster-name }}.yaml" + run: | + set -x + echo "Running create_all in existing infrastructure..." + # TODO: target to idepotent execution, must check change==0 + ./run-play-steps.sh create_all + + cat ~/.ansible/okd-installer/clusters/${{ steps.vars.outputs.cluster-name }}/cluster_state.json || true + cat ~/.ansible/okd-installer/clusters/${{ steps.vars.outputs.cluster-name }}install-config-bkp.yaml || true + + - name: Destroy cluster (play destroy_cluster) env: VARS_FILE: "./vars-${{ steps.vars.outputs.cluster-name }}.yaml" diff --git a/playbooks/config.yaml b/playbooks/config.yaml index ea032c0..dd206dc 100644 --- a/playbooks/config.yaml +++ b/playbooks/config.yaml @@ -2,6 +2,5 @@ - name: okd-installer | Installer Configuration hosts: localhost connection: local - roles: - config diff --git a/playbooks/create_all.yaml b/playbooks/create_all.yaml index aac7215..15b9786 100644 --- a/playbooks/create_all.yaml +++ b/playbooks/create_all.yaml @@ -9,27 +9,43 @@ ansible.builtin.set_fact: okdi_call_timer_start: "{{ ansible_date_time.date }} {{ ansible_date_time.time }}" -# - name: OKD Installer | Create all | check required vars -# ansible.builtin.import_playbook: var_check_required.yaml - -- name: OKD Installer | Create all | create config +- name: OKD Installer | Create all | Config | create config ansible.builtin.import_playbook: config.yaml vars: - mode: create + mode: create-config -- name: OKD Installer | Create all | create stack | network - ansible.builtin.import_playbook: stack_network.yaml +- name: OKD Installer | Create all | Config | create config + ansible.builtin.import_playbook: config.yaml + vars: + mode: create-manifests - name: OKD Installer | Create all | create stack | IAM ansible.builtin.import_playbook: stack_iam.yaml +- name: OKD Installer | Create all | create stack | network + ansible.builtin.import_playbook: stack_network.yaml + - name: OKD Installer | Create all | create stack | DNS ansible.builtin.import_playbook: stack_dns.yaml - name: OKD Installer | Create all | create stack | Load Balancer ansible.builtin.import_playbook: stack_loadbalancer.yaml -- name: OKD Installer | Create all | create stack | Compute +- name: OKD Installer | Create all | Config | patch manifests + ansible.builtin.import_playbook: config.yaml + vars: + mode: patch-manifests + +- name: OKD Installer | Create all | Config | create ignitions + ansible.builtin.import_playbook: config.yaml + vars: + mode: create-ignitions + +- name: OKD Installer | Create all | os_mirror + ansible.builtin.import_playbook: os_mirror.yaml + when: os_mirror | d(false) + +- name: OKD Installer | Create all | create stack | Compute nodes ansible.builtin.import_playbook: create_node_all.yaml - name: OKD Installer | Create all | create stack | Load Balancer Router @@ -54,7 +70,6 @@ ansible.builtin.import_playbook: destroy_bootstrap.yaml when: destroy_bootstrap | d('yes') == 'yes' - - name: OKD Installer | Create ALL | End hosts: '{{ target|default("localhost") }}' connection: local diff --git a/playbooks/destroy_cluster.yaml b/playbooks/destroy_cluster.yaml index 4f87346..a3971ee 100644 --- a/playbooks/destroy_cluster.yaml +++ b/playbooks/destroy_cluster.yaml @@ -3,14 +3,11 @@ hosts: '{{ target|default("localhost") }}' connection: local gather_facts: yes - tasks: - name: OKD Installer | Destroy | Timer start ansible.builtin.set_fact: okdi_del_timer_start: "{{ ansible_date_time.date }} {{ ansible_date_time.time }}" -# - ansible.builtin.import_playbook: var_check_required.yaml - - name: okd-installer | Cluster Destroy | Config load ansible.builtin.import_playbook: config.yaml vars: @@ -20,12 +17,14 @@ hosts: '{{target|default("localhost")}}' connection: local gather_facts: yes + vars: profile_path: "{{ playbook_dir }}/vars/{{ config_provider }}/profiles/{{ cluster_profile|d('default') }}" vars_files: - "{{ profile_path }}/iam.yaml" - "{{ profile_path }}/dns.yaml" + pre_tasks: # Network - name: okd-installer | Destroy | Network | Loading Topology Names @@ -45,35 +44,30 @@ ansible.builtin.include_vars: file: "{{ profile_path }}/loadbalancer-router-default.yaml" - - name: okd-installer | Destroy | LB | Merge list + - name: okd-installer | Destroy | LB | Merge ansible.builtin.set_fact: - load_balancers_all: "{{ load_balancers_all + cloud_loadbalancers }}" + load_balancers_all: "{{ (load_balancers_all | d([])) + (cloud_loadbalancers | d([])) }}" - name: okd-installer | Destroy | LB | Load API Names ansible.builtin.include_vars: file: "{{ profile_path }}/loadbalancer.yaml" - - name: okd-installer | Destroy | LB | Merge list + - name: okd-installer | Destroy | LB | Merge ansible.builtin.set_fact: - load_balancers_all: "{{ load_balancers_all + cloud_loadbalancers }}" + load_balancers_all: "{{ load_balancers_all + (cloud_loadbalancers | d([])) }}" - name: okd-installer | Destroy | LB | Consolidate ansible.builtin.set_fact: cloud_loadbalancers: "{{ load_balancers_all }}" - - name: okd-installer | Destroy | LB | Show number of resources + - name: okd-installer | Destroy | LB | Show resource count ansible.builtin.debug: msg: "Found {{ cloud_loadbalancers | length }} Load Balancers on the Configuration" roles: - role: destroy - -- name: okd-installer | Destroy | Finish - hosts: '{{ target|default("localhost") }}' - connection: local - gather_facts: true - tasks: + post_tasks: - name: okd-installer | Destroy | Finish | Timer end ansible.builtin.set_fact: okdi_del_timer_end: "{{ ansible_date_time.date }} {{ ansible_date_time.time }}" @@ -82,4 +76,4 @@ ansible.builtin.debug: msg: - "start=[{{ okdi_del_timer_start | d('') }}] end=[{{ okdi_del_timer_end }}]" - - "total=[{{ ((okdi_del_timer_end | to_datetime) - (okdi_del_timer_start | to_datetime)) }}]" + - "total=[{{ ((okdi_del_timer_end | to_datetime) - (okdi_del_timer_start | to_datetime)) }}]" \ No newline at end of file diff --git a/playbooks/group_vars/all.yaml b/playbooks/group_vars/all.yaml index b77f042..eea401f 100644 --- a/playbooks/group_vars/all.yaml +++ b/playbooks/group_vars/all.yaml @@ -9,7 +9,8 @@ collection_cluster_dir: "{{ bindir | d(collection_work_dir + '/clusters') }}" config_install_dir: "{{ collection_cluster_dir }}/{{ cluster_name }}" bin_openshift_install: "{{ collection_bin_dir }}/openshift-install" -bin_oc: "{{ collection_bin_dir }}/openshift-install" +bin_oc: "{{ collection_bin_dir }}/oc" +bin_butane: "{{ collection_bin_dir }}/butane" ## export CONFIG_PULL_SECRET_FILE=${HOME}/.openshift/pull-secret-latest.jso config_pull_secret_file: "{{ lookup('ansible.builtin.env', 'CONFIG_PULL_SECRET_FILE') }}" diff --git a/playbooks/os_mirror.yaml b/playbooks/os_mirror.yaml new file mode 100644 index 0000000..9d067ff --- /dev/null +++ b/playbooks/os_mirror.yaml @@ -0,0 +1,12 @@ +--- +- name: okd-installer | Create Stack | Compute | Load Config + ansible.builtin.import_playbook: config.yaml + vars: + mode: load + +- name: okd-installer | OS Mirror + hosts: localhost + connection: local + + roles: + - os_mirror diff --git a/playbooks/stack_loadbalancer.yaml b/playbooks/stack_loadbalancer.yaml index 624a816..231ed38 100644 --- a/playbooks/stack_loadbalancer.yaml +++ b/playbooks/stack_loadbalancer.yaml @@ -1,4 +1,5 @@ --- +# - ansible.builtin.import_playbook: var_check_required.yaml - name: okd-installer | Stack | Load Balancer | Config load ansible.builtin.import_playbook: config.yaml @@ -9,6 +10,7 @@ hosts: '{{target|default("localhost")}}' connection: local vars: + cloud_loadbalancers_state: [] profile_path: "{{ playbook_dir }}/vars/{{ config_provider }}/profiles/{{ cluster_profile|d('default') }}" pre_tasks: @@ -22,11 +24,16 @@ file: "{{ profile_path }}/loadbalancer.yaml" when: var_file is not defined - roles: - - cloud_load_balancer + - name: okd-installer | Stack | LB | setup + ansible.builtin.include_role: + name: cloud_load_balancer -- name: okd-installer | Stack | LB | Save state - ansible.builtin.import_playbook: config.yaml - vars: - mode: save-state - cluster_state: "{{ cluster_state | combine({'load_balancers': cloud_load_balancers_state}) }}" + - name: okd-installer | Stack | LB | update cluster_state + ansible.builtin.set_fact: + cluster_state: "{{ cluster_state | combine({'loadbalancers': cloud_loadbalancers_state}) }}" + + - name: okd-installer | Stack | LB | save cluster_state + ansible.builtin.include_role: + name: config + vars: + mode: save-state diff --git a/playbooks/templates/ocp-bootstrap-user-data.j2 b/playbooks/templates/ocp-bootstrap-user-data.j2 index 84e9c8c..fb0da2d 100644 --- a/playbooks/templates/ocp-bootstrap-user-data.j2 +++ b/playbooks/templates/ocp-bootstrap-user-data.j2 @@ -2,9 +2,9 @@ "ignition": { "config": { "replace": { - "source": "{{ openshift_userdata.config_source }}" + "source": "{{ userdata_config_source }}" } }, "version": "3.1.0" } -} +} \ No newline at end of file diff --git a/playbooks/templates/ocp-nodes-user-data.j2 b/playbooks/templates/ocp-nodes-user-data.j2 index ad5efe5..ce3b0f1 100644 --- a/playbooks/templates/ocp-nodes-user-data.j2 +++ b/playbooks/templates/ocp-nodes-user-data.j2 @@ -3,7 +3,7 @@ "config": { "merge": [ { - "source": "{{ openshift_userdata.config_source }}" + "source": "{{ userdata_config_source }}" } ] }, @@ -11,7 +11,7 @@ "tls": { "certificateAuthorities": [ { - "source": "{{ openshift_userdata.ca_source }}" + "source": "{{ userdata_config_ca_source }}" } ] } diff --git a/playbooks/vars/aws/profiles/HighlyAvailable/node-bootstrap.yaml b/playbooks/vars/aws/profiles/HighlyAvailable/node-bootstrap.yaml index 06d7297..966bcb9 100644 --- a/playbooks/vars/aws/profiles/HighlyAvailable/node-bootstrap.yaml +++ b/playbooks/vars/aws/profiles/HighlyAvailable/node-bootstrap.yaml @@ -13,8 +13,7 @@ openshift_security_groups: - "{{ openshift_prefix }}-controlplane-sg" openshift_tags: "{{ cluster_state.tags }}" -openshift_userdata: - config_source: "s3://{{ openshift_bootstrap_bucket }}/bootstrap.ign" +userdata_config_source: "s3://{{ openshift_bootstrap_bucket }}/bootstrap.ign" _def: name: "{{ openshift_prefix }}-bootstrap" diff --git a/playbooks/vars/aws/profiles/HighlyAvailable/node-compute.yaml b/playbooks/vars/aws/profiles/HighlyAvailable/node-compute.yaml index 330540b..84968d2 100644 --- a/playbooks/vars/aws/profiles/HighlyAvailable/node-compute.yaml +++ b/playbooks/vars/aws/profiles/HighlyAvailable/node-compute.yaml @@ -11,10 +11,10 @@ openshift_security_groups: openshift_tags: "{{ cluster_state.tags }}" # User Data template -openshift_userdata_template: ocp-nodes-user-data.j2 -openshift_userdata: - config_source: "https://api-int.{{ cluster_state.dns.cluster_domain }}:22623/config/worker" - ca_source: "{{ cluster_state.certificates.root_ca }}" +_userdata_path: "{{ config_install_dir }}/worker.ign" +# _userdata_template: ocp-nodes-user-data.j2 +# userdata_config_source: "https://api-int.{{ cluster_state.dns.cluster_domain }}:22623/config/worker" +# userdata_config_ca_source: "{{ cluster_state.certificates.root_ca }}" _def: name: 'worker' @@ -55,7 +55,7 @@ compute_resources: security_groups: "{{ _def.security_groups }}" state: "{{ _def.state }}" termination_protection: "{{ _def.termination_protection }}" - user_data: "{{ lookup('template', openshift_userdata_template) | to_nice_json | string }}" + user_data: "{{ lookup('file', _userdata_path) | b64encode }}" volumes: "{{ _def.volumes | d([]) }}" wait: no @@ -74,7 +74,7 @@ compute_resources: security_groups: "{{ _def.security_groups }}" state: "{{ _def.state }}" termination_protection: "{{ _def.termination_protection }}" - user_data: "{{ lookup('template', openshift_userdata_template) | to_nice_json | string }}" + user_data: "{{ lookup('file', _userdata_path) | b64encode }}" volumes: "{{ _def.volumes | d([]) }}" wait: no @@ -93,6 +93,6 @@ compute_resources: security_groups: "{{ _def.security_groups }}" state: "{{ _def.state }}" termination_protection: "{{ _def.termination_protection }}" - user_data: "{{ lookup('template', openshift_userdata_template) | to_nice_json | string }}" + user_data: "{{ lookup('file', _userdata_path) | b64encode }}" volumes: "{{ _def.volumes | d([]) }}" wait: yes diff --git a/playbooks/vars/aws/profiles/HighlyAvailable/node-controlplane.yaml b/playbooks/vars/aws/profiles/HighlyAvailable/node-controlplane.yaml index 40b9fde..366c1a7 100644 --- a/playbooks/vars/aws/profiles/HighlyAvailable/node-controlplane.yaml +++ b/playbooks/vars/aws/profiles/HighlyAvailable/node-controlplane.yaml @@ -11,10 +11,10 @@ openshift_security_groups: openshift_tags: "{{ cluster_state.tags }}" # User Data template -openshift_userdata_template: ocp-nodes-user-data.j2 -openshift_userdata: - config_source: "https://api-int.{{ cluster_state.dns.cluster_domain }}:22623/config/master" - ca_source: "{{ cluster_state.certificates.root_ca }}" +_userdata_path: "{{ config_install_dir }}/master.ign" +# userdata_template: ocp-nodes-user-data.j2 +# userdata_config_source: "https://api-int.{{ cluster_state.dns.cluster_domain }}:22623/config/master" +# userdata_config_ca_source: "{{ cluster_state.certificates.root_ca }}" _def: name: 'master' @@ -54,7 +54,7 @@ compute_resources: security_groups: "{{ _def.security_groups }}" state: "{{ _def.state }}" termination_protection: "{{ _def.termination_protection }}" - user_data: "{{ lookup('template', openshift_userdata_template) | to_nice_json | string }}" + user_data: "{{ lookup('file', _userdata_path) | b64encode }}" volumes: "{{ _def.volumes | d([]) }}" wait: no @@ -91,7 +91,7 @@ compute_resources: security_groups: "{{ _def.security_groups }}" state: "{{ _def.state }}" termination_protection: "{{ _def.termination_protection }}" - user_data: "{{ lookup('template', openshift_userdata_template) | to_nice_json | string }}" + user_data: "{{ lookup('file', _userdata_path) | b64encode }}" volumes: "{{ _def.volumes | d([]) }}" wait: no @@ -128,7 +128,7 @@ compute_resources: security_groups: "{{ _def.security_groups }}" state: "{{ _def.state }}" termination_protection: "{{ _def.termination_protection }}" - user_data: "{{ lookup('template', openshift_userdata_template) | to_nice_json | string }}" + user_data: "{{ lookup('file', _userdata_path) | b64encode }}" volumes: "{{ _def.volumes | d([]) }}" wait: no diff --git a/playbooks/vars/aws/profiles/SingleReplica/node-bootstrap.yaml b/playbooks/vars/aws/profiles/SingleReplica/node-bootstrap.yaml index 1a63186..a7a0d56 100644 --- a/playbooks/vars/aws/profiles/SingleReplica/node-bootstrap.yaml +++ b/playbooks/vars/aws/profiles/SingleReplica/node-bootstrap.yaml @@ -11,8 +11,7 @@ _image_id: "{{ custom_image_id | d(cluster_state.compute.image_id) }}" _subnet_name: "{{ _cluster_prefix }}-net-public-1a" ## User Data template -openshift_userdata: - config_source: "s3://{{ bootstrap_bucket }}/bootstrap.ign" +userdata_config_source: "s3://{{ bootstrap_bucket }}/bootstrap.ign" ## Common vars used in the Stack vars _common: diff --git a/playbooks/vars/aws/profiles/SingleReplica/node-controlplane.yaml b/playbooks/vars/aws/profiles/SingleReplica/node-controlplane.yaml index 5f654d5..5ba4bc2 100644 --- a/playbooks/vars/aws/profiles/SingleReplica/node-controlplane.yaml +++ b/playbooks/vars/aws/profiles/SingleReplica/node-controlplane.yaml @@ -11,9 +11,8 @@ _tags: "{{ cluster_state.tags }}" ## User Data template _userdata_template: ocp-nodes-user-data.j2 -openshift_userdata: - config_source: "https://api-int.{{ cluster_state.dns.cluster_domain }}:22623/config/master" - ca_source: "{{ cluster_state.certificates.root_ca }}" +userdata_config_source: "https://api-int.{{ cluster_state.dns.cluster_domain }}:22623/config/master" +userdata_config_ca_source: "{{ cluster_state.certificates.root_ca }}" ## Common vars used in the Stack vars _common: diff --git a/playbooks/vars/aws/profiles/ha-single-az/node-bootstrap.yaml b/playbooks/vars/aws/profiles/ha-single-az/node-bootstrap.yaml index d67247e..4f99236 100644 --- a/playbooks/vars/aws/profiles/ha-single-az/node-bootstrap.yaml +++ b/playbooks/vars/aws/profiles/ha-single-az/node-bootstrap.yaml @@ -11,8 +11,7 @@ _image_id: "{{ custom_image_id | d(cluster_state.compute.image_id) }}" _subnet_name: "{{ _cluster_prefix }}-net-public-1a" ## User Data template -openshift_userdata: - config_source: "s3://{{ bootstrap_bucket }}/bootstrap.ign" +userdata_config_source: "s3://{{ bootstrap_bucket }}/bootstrap.ign" ## Common vars used in the Stack vars _common: diff --git a/playbooks/vars/aws/profiles/ha-single-az/node-compute.yaml b/playbooks/vars/aws/profiles/ha-single-az/node-compute.yaml index 5388e1e..bb07375 100644 --- a/playbooks/vars/aws/profiles/ha-single-az/node-compute.yaml +++ b/playbooks/vars/aws/profiles/ha-single-az/node-compute.yaml @@ -9,10 +9,10 @@ _security_groups: _tags: "{{ cluster_state.tags }}" ## User Data template -_userdata_template: ocp-nodes-user-data.j2 -openshift_userdata: - config_source: "https://api-int.{{ cluster_state.dns.cluster_domain }}:22623/config/worker" - ca_source: "{{ cluster_state.certificates.root_ca }}" +_userdata_path: "{{ config_install_dir }}/worker.ign" +# _userdata_template: ocp-nodes-user-data.j2 +# userdata_config_source: "https://api-int.{{ cluster_state.dns.cluster_domain }}:22623/config/worker" +# userdata_config_ca_source: "{{ cluster_state.certificates.root_ca }}" ## Common vars used in the Stack vars _common: @@ -52,7 +52,7 @@ compute_resources: security_groups: "{{ _common.security_groups }}" state: "{{ _common.state }}" termination_protection: "{{ _common.termination_protection }}" - user_data: "{{ lookup('template', _userdata_template) | to_nice_json | string }}" + user_data: "{{ lookup('file', _userdata_path) | b64encode }}" volumes: "{{ _common.volumes | d([]) }}" wait: no @@ -71,7 +71,7 @@ compute_resources: security_groups: "{{ _common.security_groups }}" state: "{{ _common.state }}" termination_protection: "{{ _common.termination_protection }}" - user_data: "{{ lookup('template', _userdata_template) | to_nice_json | string }}" + user_data: "{{ lookup('file', _userdata_path) | b64encode }}" volumes: "{{ _common.volumes | d([]) }}" wait: no @@ -90,7 +90,7 @@ compute_resources: security_groups: "{{ _common.security_groups }}" state: "{{ _common.state }}" termination_protection: "{{ _common.termination_protection }}" - user_data: "{{ lookup('template', _userdata_template) | to_nice_json | string }}" + user_data: "{{ lookup('file', _userdata_path) | b64encode }}" volumes: "{{ _common.volumes | d([]) }}" wait: no diff --git a/playbooks/vars/aws/profiles/ha-single-az/node-controlplane.yaml b/playbooks/vars/aws/profiles/ha-single-az/node-controlplane.yaml index 06fbda2..d90cd05 100644 --- a/playbooks/vars/aws/profiles/ha-single-az/node-controlplane.yaml +++ b/playbooks/vars/aws/profiles/ha-single-az/node-controlplane.yaml @@ -10,10 +10,10 @@ _security_groups: _tags: "{{ cluster_state.tags }}" ## User Data template -_userdata_template: ocp-nodes-user-data.j2 -openshift_userdata: - config_source: "https://api-int.{{ cluster_state.dns.cluster_domain }}:22623/config/master" - ca_source: "{{ cluster_state.certificates.root_ca }}" +_userdata_path: "{{ config_install_dir }}/master.ign" +# _userdata_template: ocp-nodes-user-data.j2 +# userdata_config_source: "https://api-int.{{ cluster_state.dns.cluster_domain }}:22623/config/master" +# userdata_config_ca_source: "{{ cluster_state.certificates.root_ca }}" ## Common vars used in the Stack vars _common: @@ -53,7 +53,7 @@ compute_resources: security_groups: "{{ _common.security_groups }}" state: "{{ _common.state }}" termination_protection: "{{ _common.termination_protection }}" - user_data: "{{ lookup('template', _userdata_template) | to_nice_json | string }}" + user_data: "{{ lookup('file', _userdata_path) | b64encode }}" volumes: "{{ _common.volumes | d([]) }}" wait: no @@ -90,7 +90,7 @@ compute_resources: security_groups: "{{ _common.security_groups }}" state: "{{ _common.state }}" termination_protection: "{{ _common.termination_protection }}" - user_data: "{{ lookup('template', _userdata_template) | to_nice_json | string }}" + user_data: "{{ lookup('file', _userdata_path) | b64encode }}" volumes: "{{ _common.volumes | d([]) }}" wait: no @@ -127,7 +127,7 @@ compute_resources: security_groups: "{{ _common.security_groups }}" state: "{{ _common.state }}" termination_protection: "{{ _common.termination_protection }}" - user_data: "{{ lookup('template', _userdata_template) | to_nice_json | string }}" + user_data: "{{ lookup('file', _userdata_path) | b64encode }}" volumes: "{{ _common.volumes | d([]) }}" wait: no diff --git a/roles/bootstrap/meta/main.yml b/roles/bootstrap/meta/main.yml index e984ac5..9e9ca99 100644 --- a/roles/bootstrap/meta/main.yml +++ b/roles/bootstrap/meta/main.yml @@ -14,8 +14,5 @@ galaxy_info: - okd - installer - bootstrap - - aws - - amazon - - digitalocean dependencies: [] diff --git a/roles/clients/defaults/main.yaml b/roles/clients/defaults/main.yaml index 70ae473..efe1e1e 100644 --- a/roles/clients/defaults/main.yaml +++ b/roles/clients/defaults/main.yaml @@ -20,3 +20,10 @@ release_image_version_arch: "{{ release_image }}:{{ release_version }}" workdir: "{{ lookup('env', 'HOME') }}/.ansible/okd-installer" client_os: linux + +## Butane https://github.com/coreos/butane +cli_butane_version: v0.17.0 +cli_butane_arch: x86_64 +cli_butane_os: unknown-linux-gnu +cli_butane_bin: "butane-{{ cli_butane_arch }}-{{ cli_butane_os }}" +cli_butane_url: "https://github.com/coreos/butane/releases/download/{{ cli_butane_version }}/{{ cli_butane_bin }}" \ No newline at end of file diff --git a/roles/clients/meta/main.yml b/roles/clients/meta/main.yml index 970898c..f3b1dc8 100644 --- a/roles/clients/meta/main.yml +++ b/roles/clients/meta/main.yml @@ -16,7 +16,8 @@ galaxy_info: - openshift - okd - installer - - aws - - amazon + - okd-installer + - openshift-installer + - automation dependencies: [] diff --git a/roles/clients/tasks/main.yaml b/roles/clients/tasks/main.yaml index 587a0d9..2bca28e 100644 --- a/roles/clients/tasks/main.yaml +++ b/roles/clients/tasks/main.yaml @@ -14,14 +14,17 @@ - name: Mount the binary names ansible.builtin.set_fact: - bin_installer: "openshift-install-{{ client_os }}-{{ version | d(release_version) }}" bin_clients: "openshift-client-{{ client_os }}-{{ version | d(release_version) }}" - bin_oc: "oc-{{ client_os }}-{{ version | d(release_version) }}" - bin_kubectl: "kubectl-{{ client_os }}-{{ version | d(release_version) }}" + _bin_installer: "openshift-install-{{ client_os }}-{{ version | d(release_version) }}" + _bin_oc: "oc-{{ client_os }}-{{ version | d(release_version) }}" + _bin_kubectl: "kubectl-{{ client_os }}-{{ version | d(release_version) }}" + _bin_butane: "{{ cli_butane_bin }}-{{ cli_butane_version }}" + +# Client: openshift-install - name: openshift-install | Check is present ansible.builtin.stat: - path: "{{ collection_bin_dir }}/{{ bin_installer }}" + path: "{{ collection_bin_dir }}/{{ _bin_installer }}" register: check_bin_inst - name: openshift-install | Install client @@ -29,12 +32,12 @@ block: - name: openshift-install | Check tarball ansible.builtin.stat: - path: "{{ collection_tmp_dir }}/{{ bin_installer }}.tar.gz" + path: "{{ collection_tmp_dir }}/{{ _bin_installer }}.tar.gz" register: check_tar_inst - name: openshift-install | Download msg ansible.builtin.debug: - msg: "Donwloading tools [{{ release_image_version_arch | d(local_version) }}] using secret [{{ config_pull_secret_file }}]" + msg: "Downloading tools [{{ release_image_version_arch | d(local_version) }}] using secret [{{ config_pull_secret_file }}]" when: not(check_tar_inst.stat.exists) - name: openshift-install | Check vars @@ -68,7 +71,7 @@ - name: openshift-install | Extract tarball ansible.builtin.unarchive: - src: "{{ collection_tmp_dir }}/{{ bin_installer }}.tar.gz" + src: "{{ collection_tmp_dir }}/{{ _bin_installer }}.tar.gz" dest: "{{ collection_tmp_dir }}" when: not(check_bin_inst.stat.exists) register: ext_bin_inst @@ -76,7 +79,7 @@ - name: openshift-install | Copy to bin dir ansible.builtin.copy: src: "{{ collection_tmp_dir }}/openshift-install" - dest: "{{ collection_bin_dir }}/{{ bin_installer }}" + dest: "{{ collection_bin_dir }}/{{ _bin_installer }}" mode: 0755 when: ext_bin_inst.changed @@ -86,9 +89,11 @@ path: "{{ collection_tmp_dir }}/openshift-install" when: ext_bin_inst.changed +# Client: oc + - name: oc | Check openshift client is present ansible.builtin.stat: - path: "{{ collection_bin_dir }}/{{ bin_oc }}" + path: "{{ collection_bin_dir }}/{{ _bin_oc }}" register: check_bin_cli - name: oc | Install clients @@ -104,7 +109,7 @@ - name: oc | Copy to bin path ansible.builtin.copy: src: "{{ collection_tmp_dir }}/oc" - dest: "{{ collection_bin_dir }}/{{ bin_oc }}" + dest: "{{ collection_bin_dir }}/{{ _bin_oc }}" mode: 0755 when: ext_bin_cli.changed @@ -117,7 +122,7 @@ - name: kubectl | Copy to bin path ansible.builtin.copy: src: "{{ collection_tmp_dir }}/kubectl" - dest: "{{ collection_bin_dir }}/{{ bin_kubectl }}" + dest: "{{ collection_bin_dir }}/{{ _bin_kubectl }}" mode: 0755 when: ext_bin_cli.changed @@ -127,26 +132,64 @@ path: "{{ collection_tmp_dir }}/kubectl" when: ext_bin_cli.changed +# Client: butane + +- name: butane | Check butane client is present + ansible.builtin.stat: + path: "{{ collection_bin_dir }}/{{ _bin_butane }}" + register: check_bin_butane + +- name: butane | Install clients + when: not(check_bin_butane.stat.exists) + block: + - name: butane | Extract from tarball + ansible.builtin.get_url: + url: "{{ cli_butane_url }}" + dest: "{{ collection_tmp_dir }}/butane" + mode: '0440' + register: ext_bin_butane + + - name: butane | Copy to bin path + ansible.builtin.copy: + src: "{{ collection_tmp_dir }}/butane" + dest: "{{ collection_bin_dir }}/{{ _bin_butane }}" + mode: 0755 + when: ext_bin_butane.changed + + - name: butane | Remove tmp file + ansible.builtin.file: + state: absent + path: "{{ collection_tmp_dir }}/butane" + when: ext_bin_butane.changed + +# Creating links to binaries + - name: Ensure file links are present ansible.builtin.file: state: link src: "{{ collection_bin_dir }}/{{ item.src }}" dest: "{{ collection_bin_dir }}/{{ item.link }}" with_items: - - src: "{{ bin_installer }}" + - src: "{{ _bin_installer }}" link: openshift-install - - src: "{{ bin_oc }}" + - src: "{{ _bin_oc }}" link: oc - - src: "{{ bin_kubectl }}" + - src: "{{ _bin_kubectl }}" link: kubectl + - src: "{{ _bin_butane }}" + link: butane - name: Show clients path ansible.builtin.debug: - msg: "binary=[{{ item.src }}] link=[{{ item.link }}]" + msg: + - "binary=[{{ collection_bin_dir }}/{{ item.src }}]" + - "link=[{{ collection_bin_dir }}/{{ item.link }}]" with_items: - - src: "{{ bin_installer }}" + - src: "{{ _bin_installer }}" link: openshift-install - - src: "{{ bin_oc }}" + - src: "{{ _bin_oc }}" link: oc - - src: "{{ bin_kubectl }}" + - src: "{{ _bin_kubectl }}" link: kubectl + - src: "{{ _bin_butane }}" + link: butane \ No newline at end of file diff --git a/roles/cloud_load_balancer b/roles/cloud_load_balancer index 2795033..f4809bc 160000 --- a/roles/cloud_load_balancer +++ b/roles/cloud_load_balancer @@ -1 +1 @@ -Subproject commit 279503361343c6e5e1e503dc914bfd9511c89aeb +Subproject commit f4809bc8feeb035b505a4ded0a659aea647f08e8 diff --git a/roles/config/meta/main.yml b/roles/config/meta/main.yml index cb54a6e..3ef6632 100644 --- a/roles/config/meta/main.yml +++ b/roles/config/meta/main.yml @@ -16,8 +16,5 @@ galaxy_info: - okd - openshift - installer - - aws - - amazon - - digitalocean dependencies: [] diff --git a/roles/config/tasks/create-assertions.yaml b/roles/config/tasks/create-assertions.yaml index dfb50cd..f57869c 100644 --- a/roles/config/tasks/create-assertions.yaml +++ b/roles/config/tasks/create-assertions.yaml @@ -3,6 +3,12 @@ - name: Create | Assertions | Variables ansible.builtin.include_tasks: check-vars.yaml +- name: Create | Assertions | Check required provider + ansible.builtin.assert: + that: + - provider is in config_valid_providers + fail_msg: "'provider' is not a valid provider {{ config_valid_providers }}" + - name: Create | Assrt. | Directories ansible.builtin.file: state: directory @@ -30,3 +36,23 @@ ansible.builtin.debug: msg: "CONFIG_PULL_SECRET_FILE env var was not found. Please set it with pull-secret file path" failed_when: not(ps_out.stat.exists) + +- name: Create | Config | Check file manifests/cluster-config.yaml + ansible.builtin.stat: + path: "{{ config_install_dir }}/install-config.yaml" + register: _installconfig + +- name: Create | Assrt. | Check file manifests/cluster-config.yaml + ansible.builtin.stat: + path: "{{ config_install_dir }}/manifests/cluster-config.yaml" + register: _manifests + +- name: Create | Assrt. | Check file metadata.json + ansible.builtin.stat: + path: "{{ config_install_dir }}/metadata.json" + register: _metadata + +- name: Create | Assrt. | Check file coreos-stream.json + ansible.builtin.stat: + path: "{{ config_install_dir }}/coreos-stream.json" + register: _coreosstream diff --git a/roles/config/tasks/create-config.yaml b/roles/config/tasks/create-config.yaml new file mode 100644 index 0000000..9c76cf3 --- /dev/null +++ b/roles/config/tasks/create-config.yaml @@ -0,0 +1,32 @@ +--- # create-config manages the install-config.yaml + +- name: Create | Config | Run Check vars + ansible.builtin.include_tasks: check.yaml + +- name: Create | Config | Run custom assertions + ansible.builtin.include_tasks: create-assertions.yaml + +- name: Create | Config | Render Install config file + when: + - not(_installconfig.stat.exists) + - not(_manifests.stat.exists) + - not(_metadata.stat.exists) + block: + - name: Create | Config | Render Install config file + ansible.builtin.template: + src: install-config.yaml.j2 + dest: "{{ config_install_dir }}/install-config.yaml" + mode: 0644 + + - name: Create | Config | Copy/Save the rendered install config + ansible.builtin.copy: + src: "{{ config_install_dir }}/install-config.yaml" + dest: "{{ config_install_dir }}/install-config-bkp.yaml" + mode: 0644 + + - name: Create | Config | Show + ansible.builtin.debug: + msg: "Installer configuration generated at path: {{ config_install_dir }}/install-config.yaml" + +- name: Create | Manifests | CoreOS Stream JSON + ansible.builtin.include_tasks: create-coreos-stream.yml diff --git a/roles/config/tasks/create-coreos-stream.yml b/roles/config/tasks/create-coreos-stream.yml new file mode 100644 index 0000000..bd3a76a --- /dev/null +++ b/roles/config/tasks/create-coreos-stream.yml @@ -0,0 +1,8 @@ +--- + +- name: Create | Create CoreOS Stream JSON + when: not(_coreosstream.stat.exists) + ansible.builtin.shell: | + {{ bin_openshift_install }} coreos print-stream-json \ + > {{ config_install_dir }}/coreos-stream.json + environment: "{{ config_installer_environment | d(omit) }}" \ No newline at end of file diff --git a/roles/config/tasks/create-ignitions.yaml b/roles/config/tasks/create-ignitions.yaml new file mode 100644 index 0000000..348e5b9 --- /dev/null +++ b/roles/config/tasks/create-ignitions.yaml @@ -0,0 +1,17 @@ +--- # generate ignition files from a install directory + +- name: Create | Ignitions | Run Check vars + ansible.builtin.include_tasks: check.yaml + +- name: Create | Ignitions | Run custom assertions + ansible.builtin.include_tasks: create-assertions.yaml + +- name: Create | Ignitions | Generate + when: + - _manifests.stat.exists + - not(_metadata.stat.exists) + block: + - name: Create | Create ignition configs + ansible.builtin.shell: | + {{ bin_openshift_install }} create ignition-configs --dir {{ config_install_dir }} + environment: "{{ config_installer_environment | d(omit) }}" \ No newline at end of file diff --git a/roles/config/tasks/create-manifests.yaml b/roles/config/tasks/create-manifests.yaml new file mode 100644 index 0000000..d64cf97 --- /dev/null +++ b/roles/config/tasks/create-manifests.yaml @@ -0,0 +1,28 @@ +--- # create-config manages the install-config.yaml + +- name: Create | Manifests | Run Check vars + ansible.builtin.include_tasks: check.yaml + +- name: Create | Manifests | Run custom assertions + ansible.builtin.include_tasks: create-assertions.yaml + +- name: Create | Manifests | Check + when: _installconfig.stat.exists + ansible.builtin.debug: + msg: "install-config must be created first with 'create-config'" + +- name: Create | Manifests | Generate + when: + - not(_manifests.stat.exists) + - not(_metadata.stat.exists) + block: + - name: Create | Create manifests + ansible.builtin.shell: | + {{ bin_openshift_install }} create manifests --dir {{ config_install_dir }} + environment: "{{ config_installer_environment | d(omit) }}" + +- name: Create | Manifests | CoreOS Stream JSON + ansible.builtin.include_tasks: create-coreos-stream.yml + +- name: Create | Manifests | Load/Create cluster_state.json + ansible.builtin.include_tasks: load.yaml diff --git a/roles/config/tasks/create.yaml b/roles/config/tasks/create.yaml index d1b572a..90be653 100644 --- a/roles/config/tasks/create.yaml +++ b/roles/config/tasks/create.yaml @@ -1,57 +1,6 @@ --- - -- name: Create | Run Check vars - ansible.builtin.include_tasks: check.yaml - -- name: Create | Run custom assertions - ansible.builtin.include_tasks: create-assertions.yaml - -- name: Create | Check if metadata.json exists - ansible.builtin.stat: - path: "{{ config_install_dir }}/metadata.json" - register: st_metadata - -- name: Create | Render Install config file - ansible.builtin.template: - src: install-config.yaml.j2 - dest: "{{ config_install_dir }}/install-config.yaml" - mode: 0644 - when: not(st_metadata.stat.exists) - -- name: Create | Backup the rendered install config - ansible.builtin.copy: - src: "{{ config_install_dir }}/install-config.yaml" - dest: "{{ config_install_dir }}/install-config-bkp.yaml" - mode: 0644 - when: not(st_metadata.stat.exists) - -- name: Create | Generate installer metadata - when: not(st_metadata.stat.exists) - block: - - name: Create | Create manifests - ansible.builtin.shell: | - {{ bin_openshift_install }} create manifests --dir {{ config_install_dir }} - - - name: Create | Apply patches on manifest stage - ansible.builtin.include_tasks: - file: "patches-manifests/{{ patch_name }}.yaml" - loop_control: - loop_var: patch_name - loop: "{{ config_patches | d('rm-capi-machines') }}" - - - name: Create | Create ignition configs - ansible.builtin.shell: | - {{ bin_openshift_install }} create ignition-configs --dir {{ config_install_dir }} - - -# Render Stream JSON -- name: Create | Check exists coreos-stream.json - ansible.builtin.stat: - path: "{{ config_install_dir }}/coreos-stream.json" - register: ex_coj - -- name: Create | Create CoreOS Stream JSON - ansible.builtin.shell: | - {{ bin_openshift_install }} coreos print-stream-json \ - > {{ config_install_dir }}/coreos-stream.json - when: not(ex_coj.stat.exists) +# NOTE: placeholder file, deprecated by the following 'modes'/actions: +# - create-config +# - create-manifests +# - patch-manifests +# - create-ignitions \ No newline at end of file diff --git a/roles/config/tasks/load.yaml b/roles/config/tasks/load.yaml index 9da1b84..bacb779 100644 --- a/roles/config/tasks/load.yaml +++ b/roles/config/tasks/load.yaml @@ -18,83 +18,103 @@ - st_dir.stat.isdir fail_msg: "installer dir [{{ config_install_dir }}] is not present. Create config first." -- name: Load | Set bootstrap ignition filename for HA - ansible.builtin.set_fact: - _filename_bootstrap_ign: "bootstrap.ign" +- name: Load | Check if cluster_state file + ansible.builtin.stat: + path: "{{ config_install_dir + '/cluster_state.json' }}" + register: st_out -- name: Load | Variables from ignition files - ansible.builtin.set_fact: - _installer_state: "{{ lookup('file', config_install_dir + '/.openshift_install_state.json') }}" - _installer_metadata: "{{ lookup('file', config_install_dir + '/metadata.json') }}" - _ignition_bootstrap: "{{ lookup('file', config_install_dir + '/' + _filename_bootstrap_ign) }}" - installer_coreos_stream: "{{ lookup('file', config_install_dir + '/coreos-stream.json') }}" - no_log: true +- name: Load | Create initial cluster_state + when: not(st_out.stat.exists) + block: + - name: Load | Load variables from manifests + ansible.builtin.set_fact: + _installer_coreos_stream: "{{ lookup('file', config_install_dir + '/coreos-stream.json') }}" + _manifest_capi_userdata_master_secret: "{{ lookup('file', config_install_dir + '/openshift/99_openshift-cluster-api_master-user-data-secret.yaml') | from_yaml }}" + _manifest_capi_userdata_worker_secret: "{{ lookup('file', config_install_dir + '/openshift/99_openshift-cluster-api_worker-user-data-secret.yaml') | from_yaml }}" + _manifest_infrastructure_obj: "{{ lookup('file', config_install_dir + '/manifests/cluster-infrastructure-02-config.yml') | from_yaml }}" + _manifest_installconfig_cm: "{{ lookup('file', config_install_dir + '/manifests/cluster-config.yaml') | from_yaml }}" -- name: Load | Set defaults short vars - ansible.builtin.set_fact: - base_domain: "{{ _installer_state[\"*installconfig.InstallConfig\"][\"config\"][\"baseDomain\"] }}" - tags: {} - image_id_ign: "{{ _installer_state[\"*rhcos.Image\"] | d('') }}" - _region: "{{ config_cluster_region | d(lookup('env', 'CONFIG_REGION')) }}" - _provider: "{{ provider | d('NA') }}" - _arch: "{{ arch | d('x86_64') }}" + - name: Load | Load from install-config + ansible.builtin.set_fact: + _manifest_installconfig: "{{ _manifest_installconfig_cm.data['install-config'] | from_yaml }}" + _manifest_capi_userdata_master: "{{ _manifest_capi_userdata_master_secret.data.userData | b64decode }}" + _manifest_capi_userdata_worker: "{{ _manifest_capi_userdata_worker_secret.data.userData | b64decode }}" -- name: Load | Lookup ImageID - block: - - name: Load | Lookup ImageID | Check image + - name: Load | Set defaults short vars ansible.builtin.set_fact: - image_id_stream: "{{ installer_coreos_stream.architectures[_arch].images[_provider].regions[_region].image }}" + tags: {} + _infrastructureName: "{{ _manifest_infrastructure_obj.status.infrastructureName }}" + _region: "{{ config_cluster_region | d(lookup('env', 'CONFIG_REGION')) }}" + _provider: "{{ provider | d('NA') }}" + _arch: "{{ arch | d('x86_64') }}" + + - name: Load | Set custom_image_id from os_mirror config when: - - _provider != 'NA' - when: - - custom_image_id | d('') == '' - - image_id_ign == '' + - os_mirror | d({}) | length > 0 + - os_mirror_from | d('') == 'stream_artifacts' + block: + - name: Load | Set custom_image_url from os_mirror config + ansible.builtin.set_fact: + custom_image_url: "{{ \ + _installer_coreos_stream\ + .architectures[os_mirror_stream.architecture]\ + .artifacts[os_mirror_stream.artifact]\ + .formats[os_mirror_stream.format]\ + .disk.location | d('') }}" -- name: Load | Check if cluster_state file - ansible.builtin.stat: - path: "{{ config_install_dir + '/cluster_state.json' }}" - register: st_out + - name: Load | Set custom_image_id from os_mirror config + ansible.builtin.set_fact: + custom_image_id: "{{ custom_image_url | basename }}" + + - name: Load | Lookup ImageID + block: + - name: Load | Lookup ImageID | Check image + ansible.builtin.set_fact: + image_id_stream: "{{ _installer_coreos_stream.architectures[_arch].images[_provider].regions[_region].image | d('') }}" + when: + - _provider != 'NA' + when: + - custom_image_id | d('') == '' + + - name: Load | Create initial cluster_state + ansible.builtin.set_fact: + cluster_state: + cluster_name: "{{ _manifest_installconfig.metadata.name }}" + cluster_id: "{{ _infrastructureName }}" + infra_id: "{{ _infrastructureName }}" + tags: "{% set x = tags.__setitem__('kubernetes.io/cluster/' + _infrastructureName, 'owned') %}{{ tags }}" + region: "{{ _region }}" + platform: + provider: "{{ _provider }}" + platform: "{{ config_platform | d('none') }}" + dns: + base_domain: "{{ _manifest_installconfig.baseDomain }}" + base_domain_id: '' + cluster_domain: "{{ _manifest_installconfig.metadata.name }}.{{ _manifest_installconfig.baseDomain }}" + cluster_domain_id: '' + registers: [] + network: + vpc_id: '' + subnets: [] + loadbalancers: {} + compute: + image_id: "{{ custom_image_id | d(image_id_stream) }}" + image_url: "{{ custom_image_url | d('') }}" + iam_profile_bootstrap: "{{ _infrastructureName }}-instance-bootstrap" + iam_profile_compute: "{{ _infrastructureName }}-instance-compute" + iam_profile_controlplane: "{{ _infrastructureName }}-instance-controlPlane" + user_data_master: "{{ _manifest_capi_userdata_master }}" + user_data_worker: "{{ _manifest_capi_userdata_worker }}" + iam: + profile_bootstrap: "{{ _infrastructureName }}-instance-bootstrap" + profile_controlplane: "{{ _infrastructureName }}-instance-controlplane" + profile_compute: "{{ _infrastructureName }}-instance-compute" - name: Load | Set local cluster_state ansible.builtin.set_fact: cluster_state: "{{ lookup('file', config_install_dir + '/cluster_state.json', errors='ignore') }}" when: st_out.stat.exists -- name: Load | Create initial cluster_state - ansible.builtin.set_fact: - cluster_state: - cluster_name: "{{ _installer_metadata.clusterName }}" - cluster_id: "{{ _installer_metadata.clusterID }}" - infra_id: "{{ _installer_metadata.infraID }}" - tags: "{% set x = tags.__setitem__('kubernetes.io/cluster/' + _installer_metadata.infraID, 'owned') %}{{ tags }}" - region: "{{ _region }}" - platform: - provider: "{{ _provider }}" - platform: "{{ config_platform | d('none') }}" - dns: - base_domain: "{{ base_domain }}" - base_domain_id: '' - cluster_domain: "{{ _installer_metadata.clusterName }}.{{ base_domain }}" - cluster_domain_id: '' - registers: [] - network: - vpc_id: '' - subnets: [] - loadbalancers: {} - compute: - image_id: "{{ custom_image_id | d(image_id_stream) | d(image_id_ign) }}" - iam_profile_bootstrap: "{{ _installer_metadata.infraID }}-instance-bootstrap" - iam_profile_compute: "{{ _installer_metadata.infraID }}-instance-compute" - iam_profile_controlplane: "{{ _installer_metadata.infraID }}-instance-controlPlane" - certificates: - root_ca: "{{ _ignition_bootstrap | json_query(query_root_ca) | join('') }}" - iam: - profile_bootstrap: "{{ _installer_metadata.infraID }}-instance-bootstrap" - profile_controlplane: "{{ _installer_metadata.infraID }}-instance-controlplane" - profile_compute: "{{ _installer_metadata.infraID }}-instance-compute" - vars: - query_root_ca: "storage.files[?path=='/opt/openshift/tls/root-ca.crt'].contents.source" - when: not(st_out.stat.exists) - name: Load | Save state ansible.builtin.include_tasks: save-state.yaml diff --git a/roles/config/tasks/patch-manifests.yaml b/roles/config/tasks/patch-manifests.yaml new file mode 100644 index 0000000..9376bb5 --- /dev/null +++ b/roles/config/tasks/patch-manifests.yaml @@ -0,0 +1,19 @@ +--- # step will run to patch manifests before ignitions creation based on config_patches list. + +- name: Patch | Manifests | Run Load vars + ansible.builtin.include_tasks: load.yaml + +- name: Patch | Manifests | Run custom assertions + ansible.builtin.include_tasks: create-assertions.yaml + +- name: Patch | Manifests | Generate + when: + - _manifests.stat.exists + - not(_metadata.stat.exists) + block: + - name: Patch | Apply patches on manifest stage + ansible.builtin.include_tasks: + file: "patches-manifests/{{ patch_name }}.yaml" + loop_control: + loop_var: patch_name + loop: "{{ config_patches | d('rm-capi-machines') }}" diff --git a/roles/config/templates/install-config.yaml.j2 b/roles/config/templates/install-config.yaml.j2 index b67bf87..e8aa153 100644 --- a/roles/config/templates/install-config.yaml.j2 +++ b/roles/config/templates/install-config.yaml.j2 @@ -6,7 +6,7 @@ baseDomain: {{ config_base_domain }} # Compute Pool {% if cluster_profile == 'ha' %} -compute: {{ config_compute }} +compute: {{ config_compute | from_yaml }} {% elif cluster_profile == 'sno' %} compute: diff --git a/roles/csr_approver/meta/main.yml b/roles/csr_approver/meta/main.yml index 4fcfba2..05ff922 100644 --- a/roles/csr_approver/meta/main.yml +++ b/roles/csr_approver/meta/main.yml @@ -14,8 +14,5 @@ galaxy_info: - okd - installer - bootstrap - - aws - - amazon - - digitalocean dependencies: [] diff --git a/roles/destroy/meta/main.yml b/roles/destroy/meta/main.yml index 0ab0370..2ce412c 100644 --- a/roles/destroy/meta/main.yml +++ b/roles/destroy/meta/main.yml @@ -1,6 +1,6 @@ --- galaxy_info: - role_name: okd_cluster_destroy + role_name: destroy author: mtulio description: Ansible Role to Destroy OKD Cluster on the Cloud Provider license: Apache-2.0 @@ -17,8 +17,5 @@ galaxy_info: - openshift - cloud - installer - - aws - - amazon - - digitalocean dependencies: [] diff --git a/roles/os_mirror/README.md b/roles/os_mirror/README.md new file mode 100644 index 0000000..e69de29 diff --git a/roles/os_mirror/defaults/main.yml b/roles/os_mirror/defaults/main.yml new file mode 100644 index 0000000..94f8260 --- /dev/null +++ b/roles/os_mirror/defaults/main.yml @@ -0,0 +1,2 @@ +--- +os_mirror: {} \ No newline at end of file diff --git a/roles/os_mirror/meta/main.yml b/roles/os_mirror/meta/main.yml new file mode 100644 index 0000000..c887620 --- /dev/null +++ b/roles/os_mirror/meta/main.yml @@ -0,0 +1,21 @@ +--- +galaxy_info: + role_name: os_mirror + author: mtulio + description: Ansible Role to Mirror OS to the provider + license: Apache-2.0 + min_ansible_version: "4.1" + platforms: + - name: EL + versions: + - all + - name: Debian + versions: + - all + galaxy_tags: + - okd + - openshift + - cloud + - installer + +dependencies: [] diff --git a/roles/os_mirror/tasks/main.yaml b/roles/os_mirror/tasks/main.yaml new file mode 100644 index 0000000..02a42c0 --- /dev/null +++ b/roles/os_mirror/tasks/main.yaml @@ -0,0 +1,6 @@ +--- +- name: gather from source + ansible.builtin.include_tasks: "./{{ os_mirror_from }}.yaml" + +- name: upload to provider {{ os_mirror_to_provider }} + ansible.builtin.include_tasks: "./{{ os_mirror_to_provider }}.yaml" diff --git a/roles/os_mirror/tasks/stream_artifacts.yaml b/roles/os_mirror/tasks/stream_artifacts.yaml new file mode 100644 index 0000000..9794268 --- /dev/null +++ b/roles/os_mirror/tasks/stream_artifacts.yaml @@ -0,0 +1,16 @@ +--- +- name: from stream_artifact | Check exists locally + stat: + path: "{{ collection_bin_dir }}/{{ cluster_state.compute.image_id }}" + register: _st_image + +- name: stream_artifact | show + debug: + msg: "Downloading image: {{ cluster_state.compute.image_url }}" + when: not(_st_image.stat.exists) + +- name: from stream_artifact | Downloading {{ cluster_state.compute.image_url }} + get_url: + url: "{{ cluster_state.compute.image_url }}" + dest: "{{ collection_bin_dir }}/{{ cluster_state.compute.image_id }}" + when: not(_st_image.stat.exists)