diff --git a/.github/workflows/mock-aws.yaml b/.github/workflows/mock-aws.yaml
index 0bbefd5..e9db86f 100644
--- a/.github/workflows/mock-aws.yaml
+++ b/.github/workflows/mock-aws.yaml
@@ -15,7 +15,7 @@ defaults:
working-directory: 'mtulio.okd_installer'
jobs:
- create_all:
+ create_destroy_all:
name: create-all
runs-on: ubuntu-latest
defaults:
@@ -36,6 +36,7 @@ jobs:
#- "aws-none-sno"
dist-version:
- "okd-4.12.0-0"
+ - "okd-scos-4.13.0-0"
# container: ubuntu
services:
@@ -110,17 +111,32 @@ jobs:
ansible-playbook mtulio.okd_installer.install_clients -e @$VARS_FILE
tree ~/.ansible/okd-installer/bin || true
- - name: Create cluster (play create_all)
+ # step to run create_all in new environment
+ - name: Create cluster (play create_all/new)
env:
VARS_FILE: "./vars-${{ steps.vars.outputs.cluster-name }}.yaml"
run: |
set -x
- echo "Running create_all, the stdout will be suprised..."
+ echo "Running create_all new infrastructure..."
./run-play-steps.sh create_all
cat ~/.ansible/okd-installer/clusters/${{ steps.vars.outputs.cluster-name }}/cluster_state.json || true
cat ~/.ansible/okd-installer/clusters/${{ steps.vars.outputs.cluster-name }}install-config-bkp.yaml || true
+ # step to run create_all in existing environment (immutable)
+ - name: Create cluster (play create_all/existing)
+ env:
+ VARS_FILE: "./vars-${{ steps.vars.outputs.cluster-name }}.yaml"
+ run: |
+ set -x
+ echo "Running create_all in existing infrastructure..."
+ # TODO: target to idepotent execution, must check change==0
+ ./run-play-steps.sh create_all
+
+ cat ~/.ansible/okd-installer/clusters/${{ steps.vars.outputs.cluster-name }}/cluster_state.json || true
+ cat ~/.ansible/okd-installer/clusters/${{ steps.vars.outputs.cluster-name }}install-config-bkp.yaml || true
+
+
- name: Destroy cluster (play destroy_cluster)
env:
VARS_FILE: "./vars-${{ steps.vars.outputs.cluster-name }}.yaml"
diff --git a/docs/guides/AWS/aws-agnostic.md b/docs/guides/AWS/aws-agnostic.md
index f16ee4e..b938bb4 100644
--- a/docs/guides/AWS/aws-agnostic.md
+++ b/docs/guides/AWS/aws-agnostic.md
@@ -21,44 +21,92 @@ Table of Contents:
### Create and export config variables
-Create and export the environment file:
+Create and export the environments:
+
+- When deploying **OpenShift**:
-- `platform.none: {}`
```bash
-CLUSTER_NAME="aws-22122701"
-cat < ./.env-${CLUSTER_NAME}
-export CONFIG_CLUSTER_NAME=${CLUSTER_NAME}
-export CONFIG_PROVIDER=aws
-export CONFIG_CLUSTER_REGION=us-east-1
-export CONFIG_PLATFORM=none
-export CONFIG_BASE_DOMAIN=devcluster.openshift.com
-export CONFIG_PULL_SECRET_FILE=/home/mtulio/.openshift/pull-secret-latest.json
-export CONFIG_SSH_KEY="$(cat ~/.ssh/id_rsa.pub)"
-EOF
+# Release controller for each distribution:
+# OKD: https://amd64.origin.releases.ci.openshift.org/
+# OCP: https://openshift-release.apps.ci.l2s4.p1.openshiftapps.com/
+DISTRIBUTION="ocp"
+RELEASE_REPO="quay.io/openshift-release-dev/ocp-release"
+VERSION="4.13.0"
+RELEASE_VERSION="${VERSION}-x86_64"
+PULL_SECRET_FILE="${HOME}/.openshift/pull-secret-latest.json"
+```
+
+- When deploying **OKD with FCOS**:
+
+```bash
+DISTRIBUTION="okd"
+RELEASE_REPO=quay.io/openshift/okd
+VERSION=4.12.0-0.okd-2023-04-16-041331
+RELEASE_VERSION=$VERSION
+PULL_SECRET_FILE="{{ playbook_dir }}/../tests/config/pull-secret-okd-fake.json"
+```
+
+- When deploying **OKD with SCOS**:
-source ./.env-${CLUSTER_NAME}
+```bash
+DISTRIBUTION="okd"
+RELEASE_REPO=quay.io/okd/scos-release
+VERSION=4.13.0-0.okd-scos-2023-05-04-192252
+RELEASE_VERSION=$VERSION
+PULL_SECRET_FILE="{{ playbook_dir }}/../tests/config/pull-secret-okd-fake.json"
+```
+
+Create the Ansible var files:
+
+
+```bash
+CLUSTER_NAME="aws-none05"
+BASE_DOMAIN="devcluster.openshift.com"
+SSH_PUB_KEY="$(cat ~/.ssh/id_rsa.pub)"
+
+VARS_FILE="./vars-${CLUSTER_NAME}.yaml"
+cat < $VARS_FILE
+
+cluster_name: ${CLUSTER_NAME}
+config_base_domain: ${BASE_DOMAIN}
+
+distro_default: $DISTRIBUTION
+version: $VERSION
+release_image: $RELEASE_REPO
+release_version: $RELEASE_VERSION
+#release_image_version_arch: "quay.io/openshift-release-dev/ocp-release:4.13.0-x86_64"
+
+provider: aws
+config_provider: aws
+config_platform: none
+cluster_profile: ha
+config_cluster_region: us-east-1
+
+config_ssh_key: "${SSH_PUB_KEY}"
+config_pull_secret_file: "${PULL_SECRET_FILE}"
+EOF
```
Check if all required variables has been set:
```bash
-ansible-playbook mtulio.okd_installer.config \
- -e mode=check-vars \
- -e cluster_name=${CONFIG_CLUSTER_NAME}
+ansible-playbook mtulio.okd_installer.config -e mode=check-vars -e @$VARS_FILE
```
### Create or customize the `openshift-install` binary
Check the Guide [Install the `openshift-install` binary](./install-openshift-install.md) if you aren't set or would like to customize the cluster version.
+```bash
+ansible-playbook mtulio.okd_installer.install_clients -e @$VARS_FILE
+```
+
### Create the install config
To generate the install config, you must set variables (defined above) and the cluster_name:
```bash
-ansible-playbook mtulio.okd_installer.config \
- -e mode=create \
- -e cluster_name=${CONFIG_CLUSTER_NAME}
+ansible-playbook mtulio.okd_installer.config -e mode=create-config -e @$VARS_FILE
```
## Create the cluster
@@ -68,11 +116,7 @@ The okd-installer Collection provides one single playbook to create the cluster
Call the playbook to create the cluster:
```bash
-ansible-playbook mtulio.okd_installer.create_all \
- -e provider=${CONFIG_PROVIDER} \
- -e cluster_name=${CONFIG_CLUSTER_NAME} \
- -e certs_max_retries=20 \
- -e cert_wait_interval_sec=60
+ansible-playbook mtulio.okd_installer.create_all -e @$VARS_FILE
```
## Cluster Review (optional)
@@ -113,45 +157,6 @@ while true; do approve_certs; sleep 30; done
--log-level debug
```
-### Review Cluster Operators
-
-```bash
-export KUBECONFIG=${HOME}/.ansible/okd-installer/clusters/${CONFIG_CLUSTER_NAME}/auth/kubeconfig
-
-oc wait --all --for=condition=Available=True clusteroperators.config.openshift.io --timeout=10m > /dev/null
-oc wait --all --for=condition=Progressing=False clusteroperators.config.openshift.io --timeout=10m > /dev/null
-oc wait --all --for=condition=Degraded=False clusteroperators.config.openshift.io --timeout=10m > /dev/null
-
-oc get clusteroperators
-```
-
-### Day-2 Operation: Enable image-registry
-
-> NOTE: steps used in non-production clusters
-
-> [References](https://docs.openshift.com/container-platform/4.6/registry/configuring_registry_storage/configuring-registry-storage-baremetal.html)
-
-```bash
-oc patch configs.imageregistry.operator.openshift.io cluster --type merge --patch '{"spec":{"managementState":"Managed","storage":{"emptyDir":{}}}}'
-```
-
-
-
-### Create Load Balancer for default router
-
-This steps is optional as the `create_all` playbook already trigger it.
-
-```bash
-ansible-playbook mtulio.okd_installer.stack_loadbalancer \
- -e provider=${CONFIG_PROVIDER} \
- -e cluster_name=${CONFIG_CLUSTER_NAME} \
- -e var_file="./vars/${CONFIG_PROVIDER}/loadbalancer-router-default.yaml"
-```
-
-
## Destroy cluster
```bash
diff --git a/playbooks/config.yaml b/playbooks/config.yaml
index ea032c0..dd206dc 100644
--- a/playbooks/config.yaml
+++ b/playbooks/config.yaml
@@ -2,6 +2,5 @@
- name: okd-installer | Installer Configuration
hosts: localhost
connection: local
-
roles:
- config
diff --git a/playbooks/create_all.yaml b/playbooks/create_all.yaml
index aac7215..a7f6031 100644
--- a/playbooks/create_all.yaml
+++ b/playbooks/create_all.yaml
@@ -9,27 +9,43 @@
ansible.builtin.set_fact:
okdi_call_timer_start: "{{ ansible_date_time.date }} {{ ansible_date_time.time }}"
-# - name: OKD Installer | Create all | check required vars
-# ansible.builtin.import_playbook: var_check_required.yaml
-
-- name: OKD Installer | Create all | create config
+- name: OKD Installer | Create all | Config | create config
ansible.builtin.import_playbook: config.yaml
vars:
- mode: create
+ mode: create-config
-- name: OKD Installer | Create all | create stack | network
- ansible.builtin.import_playbook: stack_network.yaml
+- name: OKD Installer | Create all | Config | create config
+ ansible.builtin.import_playbook: config.yaml
+ vars:
+ mode: create-manifests
- name: OKD Installer | Create all | create stack | IAM
ansible.builtin.import_playbook: stack_iam.yaml
+- name: OKD Installer | Create all | create stack | network
+ ansible.builtin.import_playbook: stack_network.yaml
+
- name: OKD Installer | Create all | create stack | DNS
ansible.builtin.import_playbook: stack_dns.yaml
- name: OKD Installer | Create all | create stack | Load Balancer
ansible.builtin.import_playbook: stack_loadbalancer.yaml
-- name: OKD Installer | Create all | create stack | Compute
+- name: OKD Installer | Create all | Config | patch manifests
+ ansible.builtin.import_playbook: config.yaml
+ vars:
+ mode: patch-manifests
+
+- name: OKD Installer | Create all | Config | create ignitions
+ ansible.builtin.import_playbook: config.yaml
+ vars:
+ mode: create-ignitions
+
+- name: OKD Installer | Create all | os_mirror
+ ansible.builtin.import_playbook: os_mirror.yaml
+ when: os_mirror | d(false)
+
+- name: OKD Installer | Create all | create stack | Compute nodes
ansible.builtin.import_playbook: create_node_all.yaml
- name: OKD Installer | Create all | create stack | Load Balancer Router
@@ -52,8 +68,7 @@
- name: OKD Installer | Create all | Bootstrap Destroy
ansible.builtin.import_playbook: destroy_bootstrap.yaml
- when: destroy_bootstrap | d('yes') == 'yes'
-
+ when: destroy_bootstrap | d('no') == 'yes'
- name: OKD Installer | Create ALL | End
hosts: '{{ target|default("localhost") }}'
diff --git a/playbooks/destroy_cluster.yaml b/playbooks/destroy_cluster.yaml
index 4f87346..a3971ee 100644
--- a/playbooks/destroy_cluster.yaml
+++ b/playbooks/destroy_cluster.yaml
@@ -3,14 +3,11 @@
hosts: '{{ target|default("localhost") }}'
connection: local
gather_facts: yes
-
tasks:
- name: OKD Installer | Destroy | Timer start
ansible.builtin.set_fact:
okdi_del_timer_start: "{{ ansible_date_time.date }} {{ ansible_date_time.time }}"
-# - ansible.builtin.import_playbook: var_check_required.yaml
-
- name: okd-installer | Cluster Destroy | Config load
ansible.builtin.import_playbook: config.yaml
vars:
@@ -20,12 +17,14 @@
hosts: '{{target|default("localhost")}}'
connection: local
gather_facts: yes
+
vars:
profile_path: "{{ playbook_dir }}/vars/{{ config_provider }}/profiles/{{ cluster_profile|d('default') }}"
vars_files:
- "{{ profile_path }}/iam.yaml"
- "{{ profile_path }}/dns.yaml"
+
pre_tasks:
# Network
- name: okd-installer | Destroy | Network | Loading Topology Names
@@ -45,35 +44,30 @@
ansible.builtin.include_vars:
file: "{{ profile_path }}/loadbalancer-router-default.yaml"
- - name: okd-installer | Destroy | LB | Merge list
+ - name: okd-installer | Destroy | LB | Merge
ansible.builtin.set_fact:
- load_balancers_all: "{{ load_balancers_all + cloud_loadbalancers }}"
+ load_balancers_all: "{{ (load_balancers_all | d([])) + (cloud_loadbalancers | d([])) }}"
- name: okd-installer | Destroy | LB | Load API Names
ansible.builtin.include_vars:
file: "{{ profile_path }}/loadbalancer.yaml"
- - name: okd-installer | Destroy | LB | Merge list
+ - name: okd-installer | Destroy | LB | Merge
ansible.builtin.set_fact:
- load_balancers_all: "{{ load_balancers_all + cloud_loadbalancers }}"
+ load_balancers_all: "{{ load_balancers_all + (cloud_loadbalancers | d([])) }}"
- name: okd-installer | Destroy | LB | Consolidate
ansible.builtin.set_fact:
cloud_loadbalancers: "{{ load_balancers_all }}"
- - name: okd-installer | Destroy | LB | Show number of resources
+ - name: okd-installer | Destroy | LB | Show resource count
ansible.builtin.debug:
msg: "Found {{ cloud_loadbalancers | length }} Load Balancers on the Configuration"
roles:
- role: destroy
-
-- name: okd-installer | Destroy | Finish
- hosts: '{{ target|default("localhost") }}'
- connection: local
- gather_facts: true
- tasks:
+ post_tasks:
- name: okd-installer | Destroy | Finish | Timer end
ansible.builtin.set_fact:
okdi_del_timer_end: "{{ ansible_date_time.date }} {{ ansible_date_time.time }}"
@@ -82,4 +76,4 @@
ansible.builtin.debug:
msg:
- "start=[{{ okdi_del_timer_start | d('') }}] end=[{{ okdi_del_timer_end }}]"
- - "total=[{{ ((okdi_del_timer_end | to_datetime) - (okdi_del_timer_start | to_datetime)) }}]"
+ - "total=[{{ ((okdi_del_timer_end | to_datetime) - (okdi_del_timer_start | to_datetime)) }}]"
\ No newline at end of file
diff --git a/playbooks/group_vars/all.yaml b/playbooks/group_vars/all.yaml
index b77f042..c504a17 100644
--- a/playbooks/group_vars/all.yaml
+++ b/playbooks/group_vars/all.yaml
@@ -6,10 +6,10 @@ collection_bin_dir: "{{ bindir | d(collection_work_dir + '/bin') }}"
collection_cluster_dir: "{{ bindir | d(collection_work_dir + '/clusters') }}"
# Config
-
config_install_dir: "{{ collection_cluster_dir }}/{{ cluster_name }}"
-bin_openshift_install: "{{ collection_bin_dir }}/openshift-install"
-bin_oc: "{{ collection_bin_dir }}/openshift-install"
+bin_openshift_install: "{{ collection_bin_dir }}/openshift-install-{{ cluster_name }}"
+bin_oc: "{{ collection_bin_dir }}/oc-{{ cluster_name }}"
+bin_butane: "{{ collection_bin_dir }}/butane-{{ cluster_name }}"
## export CONFIG_PULL_SECRET_FILE=${HOME}/.openshift/pull-secret-latest.jso
config_pull_secret_file: "{{ lookup('ansible.builtin.env', 'CONFIG_PULL_SECRET_FILE') }}"
diff --git a/playbooks/os_mirror.yaml b/playbooks/os_mirror.yaml
new file mode 100644
index 0000000..9d067ff
--- /dev/null
+++ b/playbooks/os_mirror.yaml
@@ -0,0 +1,12 @@
+---
+- name: okd-installer | Create Stack | Compute | Load Config
+ ansible.builtin.import_playbook: config.yaml
+ vars:
+ mode: load
+
+- name: okd-installer | OS Mirror
+ hosts: localhost
+ connection: local
+
+ roles:
+ - os_mirror
diff --git a/playbooks/stack_loadbalancer.yaml b/playbooks/stack_loadbalancer.yaml
index 624a816..231ed38 100644
--- a/playbooks/stack_loadbalancer.yaml
+++ b/playbooks/stack_loadbalancer.yaml
@@ -1,4 +1,5 @@
---
+# - ansible.builtin.import_playbook: var_check_required.yaml
- name: okd-installer | Stack | Load Balancer | Config load
ansible.builtin.import_playbook: config.yaml
@@ -9,6 +10,7 @@
hosts: '{{target|default("localhost")}}'
connection: local
vars:
+ cloud_loadbalancers_state: []
profile_path: "{{ playbook_dir }}/vars/{{ config_provider }}/profiles/{{ cluster_profile|d('default') }}"
pre_tasks:
@@ -22,11 +24,16 @@
file: "{{ profile_path }}/loadbalancer.yaml"
when: var_file is not defined
- roles:
- - cloud_load_balancer
+ - name: okd-installer | Stack | LB | setup
+ ansible.builtin.include_role:
+ name: cloud_load_balancer
-- name: okd-installer | Stack | LB | Save state
- ansible.builtin.import_playbook: config.yaml
- vars:
- mode: save-state
- cluster_state: "{{ cluster_state | combine({'load_balancers': cloud_load_balancers_state}) }}"
+ - name: okd-installer | Stack | LB | update cluster_state
+ ansible.builtin.set_fact:
+ cluster_state: "{{ cluster_state | combine({'loadbalancers': cloud_loadbalancers_state}) }}"
+
+ - name: okd-installer | Stack | LB | save cluster_state
+ ansible.builtin.include_role:
+ name: config
+ vars:
+ mode: save-state
diff --git a/playbooks/templates/ocp-bootstrap-user-data.j2 b/playbooks/templates/ocp-bootstrap-user-data.j2
index 84e9c8c..fb0da2d 100644
--- a/playbooks/templates/ocp-bootstrap-user-data.j2
+++ b/playbooks/templates/ocp-bootstrap-user-data.j2
@@ -2,9 +2,9 @@
"ignition": {
"config": {
"replace": {
- "source": "{{ openshift_userdata.config_source }}"
+ "source": "{{ userdata_config_source }}"
}
},
"version": "3.1.0"
}
-}
+}
\ No newline at end of file
diff --git a/playbooks/templates/ocp-nodes-user-data.j2 b/playbooks/templates/ocp-nodes-user-data.j2
index ad5efe5..ce3b0f1 100644
--- a/playbooks/templates/ocp-nodes-user-data.j2
+++ b/playbooks/templates/ocp-nodes-user-data.j2
@@ -3,7 +3,7 @@
"config": {
"merge": [
{
- "source": "{{ openshift_userdata.config_source }}"
+ "source": "{{ userdata_config_source }}"
}
]
},
@@ -11,7 +11,7 @@
"tls": {
"certificateAuthorities": [
{
- "source": "{{ openshift_userdata.ca_source }}"
+ "source": "{{ userdata_config_ca_source }}"
}
]
}
diff --git a/playbooks/vars/aws/profiles/HighlyAvailable/node-bootstrap.yaml b/playbooks/vars/aws/profiles/HighlyAvailable/node-bootstrap.yaml
index 06d7297..966bcb9 100644
--- a/playbooks/vars/aws/profiles/HighlyAvailable/node-bootstrap.yaml
+++ b/playbooks/vars/aws/profiles/HighlyAvailable/node-bootstrap.yaml
@@ -13,8 +13,7 @@ openshift_security_groups:
- "{{ openshift_prefix }}-controlplane-sg"
openshift_tags: "{{ cluster_state.tags }}"
-openshift_userdata:
- config_source: "s3://{{ openshift_bootstrap_bucket }}/bootstrap.ign"
+userdata_config_source: "s3://{{ openshift_bootstrap_bucket }}/bootstrap.ign"
_def:
name: "{{ openshift_prefix }}-bootstrap"
diff --git a/playbooks/vars/aws/profiles/HighlyAvailable/node-compute.yaml b/playbooks/vars/aws/profiles/HighlyAvailable/node-compute.yaml
index 330540b..d510475 100644
--- a/playbooks/vars/aws/profiles/HighlyAvailable/node-compute.yaml
+++ b/playbooks/vars/aws/profiles/HighlyAvailable/node-compute.yaml
@@ -11,10 +11,7 @@ openshift_security_groups:
openshift_tags: "{{ cluster_state.tags }}"
# User Data template
-openshift_userdata_template: ocp-nodes-user-data.j2
-openshift_userdata:
- config_source: "https://api-int.{{ cluster_state.dns.cluster_domain }}:22623/config/worker"
- ca_source: "{{ cluster_state.certificates.root_ca }}"
+_userdata_path: "{{ config_install_dir }}/worker.ign"
_def:
name: 'worker'
@@ -55,7 +52,7 @@ compute_resources:
security_groups: "{{ _def.security_groups }}"
state: "{{ _def.state }}"
termination_protection: "{{ _def.termination_protection }}"
- user_data: "{{ lookup('template', openshift_userdata_template) | to_nice_json | string }}"
+ user_data: "{{ lookup('file', _userdata_path) | from_json | to_nice_json | string }}"
volumes: "{{ _def.volumes | d([]) }}"
wait: no
@@ -74,7 +71,7 @@ compute_resources:
security_groups: "{{ _def.security_groups }}"
state: "{{ _def.state }}"
termination_protection: "{{ _def.termination_protection }}"
- user_data: "{{ lookup('template', openshift_userdata_template) | to_nice_json | string }}"
+ user_data: "{{ lookup('file', _userdata_path) | from_json | to_nice_json | string }}"
volumes: "{{ _def.volumes | d([]) }}"
wait: no
@@ -93,6 +90,6 @@ compute_resources:
security_groups: "{{ _def.security_groups }}"
state: "{{ _def.state }}"
termination_protection: "{{ _def.termination_protection }}"
- user_data: "{{ lookup('template', openshift_userdata_template) | to_nice_json | string }}"
+ user_data: "{{ lookup('file', _userdata_path) | from_json | to_nice_json | string }}"
volumes: "{{ _def.volumes | d([]) }}"
wait: yes
diff --git a/playbooks/vars/aws/profiles/HighlyAvailable/node-controlplane.yaml b/playbooks/vars/aws/profiles/HighlyAvailable/node-controlplane.yaml
index 40b9fde..e672597 100644
--- a/playbooks/vars/aws/profiles/HighlyAvailable/node-controlplane.yaml
+++ b/playbooks/vars/aws/profiles/HighlyAvailable/node-controlplane.yaml
@@ -11,10 +11,7 @@ openshift_security_groups:
openshift_tags: "{{ cluster_state.tags }}"
# User Data template
-openshift_userdata_template: ocp-nodes-user-data.j2
-openshift_userdata:
- config_source: "https://api-int.{{ cluster_state.dns.cluster_domain }}:22623/config/master"
- ca_source: "{{ cluster_state.certificates.root_ca }}"
+_userdata_path: "{{ config_install_dir }}/master.ign"
_def:
name: 'master'
@@ -54,7 +51,7 @@ compute_resources:
security_groups: "{{ _def.security_groups }}"
state: "{{ _def.state }}"
termination_protection: "{{ _def.termination_protection }}"
- user_data: "{{ lookup('template', openshift_userdata_template) | to_nice_json | string }}"
+ user_data: "{{ lookup('file', _userdata_path) | from_json | to_nice_json | string }}"
volumes: "{{ _def.volumes | d([]) }}"
wait: no
@@ -91,7 +88,7 @@ compute_resources:
security_groups: "{{ _def.security_groups }}"
state: "{{ _def.state }}"
termination_protection: "{{ _def.termination_protection }}"
- user_data: "{{ lookup('template', openshift_userdata_template) | to_nice_json | string }}"
+ user_data: "{{ lookup('file', _userdata_path) | from_json | to_nice_json | string }}"
volumes: "{{ _def.volumes | d([]) }}"
wait: no
@@ -128,7 +125,7 @@ compute_resources:
security_groups: "{{ _def.security_groups }}"
state: "{{ _def.state }}"
termination_protection: "{{ _def.termination_protection }}"
- user_data: "{{ lookup('template', openshift_userdata_template) | to_nice_json | string }}"
+ user_data: "{{ lookup('file', _userdata_path) | from_json | to_nice_json | string }}"
volumes: "{{ _def.volumes | d([]) }}"
wait: no
diff --git a/playbooks/vars/aws/profiles/SingleReplica/node-bootstrap.yaml b/playbooks/vars/aws/profiles/SingleReplica/node-bootstrap.yaml
index 1a63186..a7a0d56 100644
--- a/playbooks/vars/aws/profiles/SingleReplica/node-bootstrap.yaml
+++ b/playbooks/vars/aws/profiles/SingleReplica/node-bootstrap.yaml
@@ -11,8 +11,7 @@ _image_id: "{{ custom_image_id | d(cluster_state.compute.image_id) }}"
_subnet_name: "{{ _cluster_prefix }}-net-public-1a"
## User Data template
-openshift_userdata:
- config_source: "s3://{{ bootstrap_bucket }}/bootstrap.ign"
+userdata_config_source: "s3://{{ bootstrap_bucket }}/bootstrap.ign"
## Common vars used in the Stack vars
_common:
diff --git a/playbooks/vars/aws/profiles/SingleReplica/node-controlplane.yaml b/playbooks/vars/aws/profiles/SingleReplica/node-controlplane.yaml
index 5f654d5..f695b82 100644
--- a/playbooks/vars/aws/profiles/SingleReplica/node-controlplane.yaml
+++ b/playbooks/vars/aws/profiles/SingleReplica/node-controlplane.yaml
@@ -10,10 +10,7 @@ _security_groups:
_tags: "{{ cluster_state.tags }}"
## User Data template
-_userdata_template: ocp-nodes-user-data.j2
-openshift_userdata:
- config_source: "https://api-int.{{ cluster_state.dns.cluster_domain }}:22623/config/master"
- ca_source: "{{ cluster_state.certificates.root_ca }}"
+_userdata_path: "{{ config_install_dir }}/master.ign"
## Common vars used in the Stack vars
_common:
@@ -58,7 +55,7 @@ compute_resources:
security_groups: "{{ _common.security_groups }}"
state: "{{ _common.state }}"
termination_protection: "{{ _common.termination_protection }}"
- user_data: "{{ lookup('template', _userdata_template) | to_nice_json | string }}"
+ user_data: "{{ lookup('file', _userdata_path) | b64encode }}"
volumes: "{{ _common.volumes | d([]) }}"
wait: no
diff --git a/playbooks/vars/aws/profiles/ha-single-az/node-bootstrap.yaml b/playbooks/vars/aws/profiles/ha-single-az/node-bootstrap.yaml
index d67247e..4f99236 100644
--- a/playbooks/vars/aws/profiles/ha-single-az/node-bootstrap.yaml
+++ b/playbooks/vars/aws/profiles/ha-single-az/node-bootstrap.yaml
@@ -11,8 +11,7 @@ _image_id: "{{ custom_image_id | d(cluster_state.compute.image_id) }}"
_subnet_name: "{{ _cluster_prefix }}-net-public-1a"
## User Data template
-openshift_userdata:
- config_source: "s3://{{ bootstrap_bucket }}/bootstrap.ign"
+userdata_config_source: "s3://{{ bootstrap_bucket }}/bootstrap.ign"
## Common vars used in the Stack vars
_common:
diff --git a/playbooks/vars/aws/profiles/ha-single-az/node-compute.yaml b/playbooks/vars/aws/profiles/ha-single-az/node-compute.yaml
index 5388e1e..977e0a9 100644
--- a/playbooks/vars/aws/profiles/ha-single-az/node-compute.yaml
+++ b/playbooks/vars/aws/profiles/ha-single-az/node-compute.yaml
@@ -9,10 +9,7 @@ _security_groups:
_tags: "{{ cluster_state.tags }}"
## User Data template
-_userdata_template: ocp-nodes-user-data.j2
-openshift_userdata:
- config_source: "https://api-int.{{ cluster_state.dns.cluster_domain }}:22623/config/worker"
- ca_source: "{{ cluster_state.certificates.root_ca }}"
+_userdata_path: "{{ config_install_dir }}/worker.ign"
## Common vars used in the Stack vars
_common:
@@ -52,7 +49,7 @@ compute_resources:
security_groups: "{{ _common.security_groups }}"
state: "{{ _common.state }}"
termination_protection: "{{ _common.termination_protection }}"
- user_data: "{{ lookup('template', _userdata_template) | to_nice_json | string }}"
+ user_data: "{{ lookup('file', _userdata_path) | from_json | to_nice_json | string }}"
volumes: "{{ _common.volumes | d([]) }}"
wait: no
@@ -71,7 +68,7 @@ compute_resources:
security_groups: "{{ _common.security_groups }}"
state: "{{ _common.state }}"
termination_protection: "{{ _common.termination_protection }}"
- user_data: "{{ lookup('template', _userdata_template) | to_nice_json | string }}"
+ user_data: "{{ lookup('file', _userdata_path) | from_json | to_nice_json | string }}"
volumes: "{{ _common.volumes | d([]) }}"
wait: no
@@ -90,25 +87,6 @@ compute_resources:
security_groups: "{{ _common.security_groups }}"
state: "{{ _common.state }}"
termination_protection: "{{ _common.termination_protection }}"
- user_data: "{{ lookup('template', _userdata_template) | to_nice_json | string }}"
+ user_data: "{{ lookup('file', _userdata_path) | from_json | to_nice_json | string }}"
volumes: "{{ _common.volumes | d([]) }}"
- wait: no
-
- - provider: aws
- type: machine
- name: "{{ _common.name }}-4"
- vpc_subnet_name: "{{ _common.prefix }}-net-private-1a"
- filters:
- tag:Name: "{{ _common.name }}-4"
- tags: "{% set x = _common.tags.__setitem__('Name', _common.name + '-4') %}{{ _common.tags }}"
- detailed_monitoring: "{{ _common.detailed_monitoring }}"
- ebs_optimized: "{{ _common.ebs_optimized }}"
- image_id: "{{ _common.image_id }}"
- instance_role: "{{ _common.instance_role }}"
- instance_type: "{{ _common.instance_type }}"
- security_groups: "{{ _common.security_groups }}"
- state: "{{ _common.state }}"
- termination_protection: "{{ _common.termination_protection }}"
- user_data: "{{ lookup('template', _userdata_template) | to_nice_json | string }}"
- volumes: "{{ _common.volumes | d([]) }}"
- wait: no
+ wait: no
\ No newline at end of file
diff --git a/playbooks/vars/aws/profiles/ha-single-az/node-controlplane.yaml b/playbooks/vars/aws/profiles/ha-single-az/node-controlplane.yaml
index 06fbda2..c4402fe 100644
--- a/playbooks/vars/aws/profiles/ha-single-az/node-controlplane.yaml
+++ b/playbooks/vars/aws/profiles/ha-single-az/node-controlplane.yaml
@@ -10,10 +10,7 @@ _security_groups:
_tags: "{{ cluster_state.tags }}"
## User Data template
-_userdata_template: ocp-nodes-user-data.j2
-openshift_userdata:
- config_source: "https://api-int.{{ cluster_state.dns.cluster_domain }}:22623/config/master"
- ca_source: "{{ cluster_state.certificates.root_ca }}"
+_userdata_path: "{{ config_install_dir }}/master.ign"
## Common vars used in the Stack vars
_common:
@@ -53,7 +50,7 @@ compute_resources:
security_groups: "{{ _common.security_groups }}"
state: "{{ _common.state }}"
termination_protection: "{{ _common.termination_protection }}"
- user_data: "{{ lookup('template', _userdata_template) | to_nice_json | string }}"
+ user_data: "{{ lookup('file', _userdata_path) | from_json | to_nice_json | string }}"
volumes: "{{ _common.volumes | d([]) }}"
wait: no
@@ -90,7 +87,7 @@ compute_resources:
security_groups: "{{ _common.security_groups }}"
state: "{{ _common.state }}"
termination_protection: "{{ _common.termination_protection }}"
- user_data: "{{ lookup('template', _userdata_template) | to_nice_json | string }}"
+ user_data: "{{ lookup('file', _userdata_path) | from_json | to_nice_json | string }}"
volumes: "{{ _common.volumes | d([]) }}"
wait: no
@@ -127,7 +124,7 @@ compute_resources:
security_groups: "{{ _common.security_groups }}"
state: "{{ _common.state }}"
termination_protection: "{{ _common.termination_protection }}"
- user_data: "{{ lookup('template', _userdata_template) | to_nice_json | string }}"
+ user_data: "{{ lookup('file', _userdata_path) | from_json | to_nice_json | string }}"
volumes: "{{ _common.volumes | d([]) }}"
wait: no
diff --git a/requirements.yml b/requirements.yml
index 247f84a..607d422 100644
--- a/requirements.yml
+++ b/requirements.yml
@@ -10,9 +10,8 @@ collections:
- name: community.kubernetes
version: '>=2.0.0,<3.0.0'
-# The version 5x was crashing when using ansible==6.4.0, setting to the major
-# distributed on that ansible version: 3.y.z
+# AWS modules
- name: community.aws
- version: '>=3.0.0,<4.0.0'
+ version: '>=5.5.0,<5.6'
- name: amazon.aws
- version: '>=3.0.0,<4.0.0'
+ version: '>=5.5.0,<5.6'
\ No newline at end of file
diff --git a/roles/bootstrap/meta/main.yml b/roles/bootstrap/meta/main.yml
index e984ac5..9e9ca99 100644
--- a/roles/bootstrap/meta/main.yml
+++ b/roles/bootstrap/meta/main.yml
@@ -14,8 +14,5 @@ galaxy_info:
- okd
- installer
- bootstrap
- - aws
- - amazon
- - digitalocean
dependencies: []
diff --git a/roles/bootstrap/tasks/aws.yaml b/roles/bootstrap/tasks/aws.yaml
index d91b596..bb0332c 100644
--- a/roles/bootstrap/tasks/aws.yaml
+++ b/roles/bootstrap/tasks/aws.yaml
@@ -7,7 +7,7 @@
# TODO: Make it indepotent
- name: Upload bootstrap.ign
- amazon.aws.aws_s3:
+ amazon.aws.s3_object:
bucket: "{{ bootstrap_bucket }}"
object: "/bootstrap.ign"
src: "{{ config_install_dir + '/' + bootstrap_src_ign }}"
diff --git a/roles/clients/defaults/main.yaml b/roles/clients/defaults/main.yaml
index 70ae473..7a09276 100644
--- a/roles/clients/defaults/main.yaml
+++ b/roles/clients/defaults/main.yaml
@@ -1,11 +1,11 @@
---
-distro_default: okd
+distro_default: ocp
distro_image:
okd: "quay.io/openshift/okd"
ocp: "quay.io/openshift-release-dev/ocp-release"
release_arch: x86_64
-default_version: 4.12.0
+default_version: 4.13.0
# OCP release version has the arch on the sufix
# https://openshift-release.apps.ci.l2s4.p1.openshiftapps.com/
# OKD does not have the arch on suffix
@@ -20,3 +20,10 @@ release_image_version_arch: "{{ release_image }}:{{ release_version }}"
workdir: "{{ lookup('env', 'HOME') }}/.ansible/okd-installer"
client_os: linux
+
+## Butane https://github.com/coreos/butane
+cli_butane_version: v0.17.0
+cli_butane_arch: x86_64
+cli_butane_os: unknown-linux-gnu
+cli_butane_bin: "butane-{{ cli_butane_arch }}-{{ cli_butane_os }}"
+cli_butane_url: "https://github.com/coreos/butane/releases/download/{{ cli_butane_version }}/{{ cli_butane_bin }}"
\ No newline at end of file
diff --git a/roles/clients/meta/main.yml b/roles/clients/meta/main.yml
index 970898c..f3b1dc8 100644
--- a/roles/clients/meta/main.yml
+++ b/roles/clients/meta/main.yml
@@ -16,7 +16,8 @@ galaxy_info:
- openshift
- okd
- installer
- - aws
- - amazon
+ - okd-installer
+ - openshift-installer
+ - automation
dependencies: []
diff --git a/roles/clients/tasks/main.yaml b/roles/clients/tasks/main.yaml
index 587a0d9..136345f 100644
--- a/roles/clients/tasks/main.yaml
+++ b/roles/clients/tasks/main.yaml
@@ -8,20 +8,23 @@
- "{{ collection_tmp_dir }}"
- "{{ collection_bin_dir }}"
-- name: Create default_version var
- ansible.builtin.set_fact:
- default_version: "{{ release_image }}:{{ version | d(release_version) }}-{{ release_arch }}"
+# - name: Create default_version var
+# ansible.builtin.set_fact:
+# _default_version: "{{ release_image }}:{{ version | d(default_version) }}-{{ release_arch }}"
- name: Mount the binary names
ansible.builtin.set_fact:
- bin_installer: "openshift-install-{{ client_os }}-{{ version | d(release_version) }}"
bin_clients: "openshift-client-{{ client_os }}-{{ version | d(release_version) }}"
- bin_oc: "oc-{{ client_os }}-{{ version | d(release_version) }}"
- bin_kubectl: "kubectl-{{ client_os }}-{{ version | d(release_version) }}"
+ _bin_installer: "openshift-install-{{ client_os }}-{{ version | d(release_version) }}"
+ _bin_oc: "oc-{{ client_os }}-{{ version | d(release_version) }}"
+ _bin_kubectl: "kubectl-{{ client_os }}-{{ version | d(release_version) }}"
+ _bin_butane: "{{ cli_butane_bin }}-{{ cli_butane_version }}"
+
+# Client: openshift-install
- name: openshift-install | Check is present
ansible.builtin.stat:
- path: "{{ collection_bin_dir }}/{{ bin_installer }}"
+ path: "{{ collection_bin_dir }}/{{ _bin_installer }}"
register: check_bin_inst
- name: openshift-install | Install client
@@ -29,12 +32,12 @@
block:
- name: openshift-install | Check tarball
ansible.builtin.stat:
- path: "{{ collection_tmp_dir }}/{{ bin_installer }}.tar.gz"
+ path: "{{ collection_tmp_dir }}/{{ _bin_installer }}.tar.gz"
register: check_tar_inst
- name: openshift-install | Download msg
ansible.builtin.debug:
- msg: "Donwloading tools [{{ release_image_version_arch | d(local_version) }}] using secret [{{ config_pull_secret_file }}]"
+ msg: "Downloading tools [{{ release_image_version_arch | d(local_version) }}] using secret [{{ config_pull_secret_file }}]"
when: not(check_tar_inst.stat.exists)
- name: openshift-install | Check vars
@@ -68,7 +71,7 @@
- name: openshift-install | Extract tarball
ansible.builtin.unarchive:
- src: "{{ collection_tmp_dir }}/{{ bin_installer }}.tar.gz"
+ src: "{{ collection_tmp_dir }}/{{ _bin_installer }}.tar.gz"
dest: "{{ collection_tmp_dir }}"
when: not(check_bin_inst.stat.exists)
register: ext_bin_inst
@@ -76,7 +79,7 @@
- name: openshift-install | Copy to bin dir
ansible.builtin.copy:
src: "{{ collection_tmp_dir }}/openshift-install"
- dest: "{{ collection_bin_dir }}/{{ bin_installer }}"
+ dest: "{{ collection_bin_dir }}/{{ _bin_installer }}"
mode: 0755
when: ext_bin_inst.changed
@@ -86,9 +89,11 @@
path: "{{ collection_tmp_dir }}/openshift-install"
when: ext_bin_inst.changed
+# Client: oc
+
- name: oc | Check openshift client is present
ansible.builtin.stat:
- path: "{{ collection_bin_dir }}/{{ bin_oc }}"
+ path: "{{ collection_bin_dir }}/{{ _bin_oc }}"
register: check_bin_cli
- name: oc | Install clients
@@ -104,7 +109,7 @@
- name: oc | Copy to bin path
ansible.builtin.copy:
src: "{{ collection_tmp_dir }}/oc"
- dest: "{{ collection_bin_dir }}/{{ bin_oc }}"
+ dest: "{{ collection_bin_dir }}/{{ _bin_oc }}"
mode: 0755
when: ext_bin_cli.changed
@@ -117,7 +122,7 @@
- name: kubectl | Copy to bin path
ansible.builtin.copy:
src: "{{ collection_tmp_dir }}/kubectl"
- dest: "{{ collection_bin_dir }}/{{ bin_kubectl }}"
+ dest: "{{ collection_bin_dir }}/{{ _bin_kubectl }}"
mode: 0755
when: ext_bin_cli.changed
@@ -127,26 +132,65 @@
path: "{{ collection_tmp_dir }}/kubectl"
when: ext_bin_cli.changed
+# Client: butane
+
+- name: butane | Check butane client is present
+ ansible.builtin.stat:
+ path: "{{ collection_bin_dir }}/{{ _bin_butane }}"
+ register: check_bin_butane
+
+- name: butane | Install clients
+ when: not(check_bin_butane.stat.exists)
+ block:
+ - name: butane | Extract from tarball
+ ansible.builtin.get_url:
+ url: "{{ cli_butane_url }}"
+ dest: "{{ collection_tmp_dir }}/butane"
+ mode: '0440'
+ register: ext_bin_butane
+
+ - name: butane | Copy to bin path
+ ansible.builtin.copy:
+ src: "{{ collection_tmp_dir }}/butane"
+ dest: "{{ collection_bin_dir }}/{{ _bin_butane }}"
+ mode: 0755
+ when: ext_bin_butane.changed
+
+ - name: butane | Remove tmp file
+ ansible.builtin.file:
+ state: absent
+ path: "{{ collection_tmp_dir }}/butane"
+ when: ext_bin_butane.changed
+
+# Creating links to binaries
+
+## Create symlinks for cluster to prevent using wrong versions
+- name: Create binary suffix by cluster name
+ ansible.builtin.set_fact:
+ _clients_suffix: "{{ cluster_name | d('') }}"
+
+- name: Map clients version to cluster name
+ ansible.builtin.set_fact:
+ _clients_map:
+ - src: "{{ _bin_installer }}"
+ link: "openshift-install-{{ _clients_suffix }}"
+ - src: "{{ _bin_oc }}"
+ link: "oc-{{ _clients_suffix }}"
+ - src: "{{ _bin_kubectl }}"
+ link: "kubectl-{{ _clients_suffix }}"
+ - src: "{{ _bin_butane }}"
+ link: "butane-{{ _clients_suffix }}"
+
- name: Ensure file links are present
ansible.builtin.file:
state: link
src: "{{ collection_bin_dir }}/{{ item.src }}"
dest: "{{ collection_bin_dir }}/{{ item.link }}"
- with_items:
- - src: "{{ bin_installer }}"
- link: openshift-install
- - src: "{{ bin_oc }}"
- link: oc
- - src: "{{ bin_kubectl }}"
- link: kubectl
+ with_items: "{{ _clients_map }}"
- name: Show clients path
ansible.builtin.debug:
- msg: "binary=[{{ item.src }}] link=[{{ item.link }}]"
- with_items:
- - src: "{{ bin_installer }}"
- link: openshift-install
- - src: "{{ bin_oc }}"
- link: oc
- - src: "{{ bin_kubectl }}"
- link: kubectl
+ msg:
+ - "binary=[{{ collection_bin_dir }}/{{ item.src }}]"
+ - "link=[{{ collection_bin_dir }}/{{ item.link }}]"
+ with_items: "{{ _clients_map }}"
\ No newline at end of file
diff --git a/roles/cloud_load_balancer b/roles/cloud_load_balancer
index 2795033..7c521f0 160000
--- a/roles/cloud_load_balancer
+++ b/roles/cloud_load_balancer
@@ -1 +1 @@
-Subproject commit 279503361343c6e5e1e503dc914bfd9511c89aeb
+Subproject commit 7c521f0960eaa3a62d77237cb00fa1e58a2a8f21
diff --git a/roles/cloud_network b/roles/cloud_network
index e582043..8e745fc 160000
--- a/roles/cloud_network
+++ b/roles/cloud_network
@@ -1 +1 @@
-Subproject commit e58204317c76b447cbdb5bd3e830b4be75331057
+Subproject commit 8e745fcdf35aa9fcb3bd64ad1e7317f805a4326f
diff --git a/roles/config/meta/main.yml b/roles/config/meta/main.yml
index cb54a6e..3ef6632 100644
--- a/roles/config/meta/main.yml
+++ b/roles/config/meta/main.yml
@@ -16,8 +16,5 @@ galaxy_info:
- okd
- openshift
- installer
- - aws
- - amazon
- - digitalocean
dependencies: []
diff --git a/roles/config/tasks/check-vars.yaml b/roles/config/tasks/check-vars.yaml
index 3d19ea3..8cad6b8 100644
--- a/roles/config/tasks/check-vars.yaml
+++ b/roles/config/tasks/check-vars.yaml
@@ -36,3 +36,14 @@
that:
- config_cluster_region is defined
fail_msg: "'config_cluster_region' is not defined. Check the env var CONFIG_CLUSTER_REGION"
+
+- name: Check Binary | installer present
+ stat:
+ path: "{{ bin_openshift_install }}"
+ register: _stat_installer
+
+- name: Check Binary | openshift-install
+ ansible.builtin.assert:
+ that:
+ - _stat_installer.stat.exists
+ fail_msg: "Installer binary is not present on path '{{ bin_openshift_install }}'. Run install_clients playbook first"
diff --git a/roles/config/tasks/create-assertions.yaml b/roles/config/tasks/create-assertions.yaml
index dfb50cd..f57869c 100644
--- a/roles/config/tasks/create-assertions.yaml
+++ b/roles/config/tasks/create-assertions.yaml
@@ -3,6 +3,12 @@
- name: Create | Assertions | Variables
ansible.builtin.include_tasks: check-vars.yaml
+- name: Create | Assertions | Check required provider
+ ansible.builtin.assert:
+ that:
+ - provider is in config_valid_providers
+ fail_msg: "'provider' is not a valid provider {{ config_valid_providers }}"
+
- name: Create | Assrt. | Directories
ansible.builtin.file:
state: directory
@@ -30,3 +36,23 @@
ansible.builtin.debug:
msg: "CONFIG_PULL_SECRET_FILE env var was not found. Please set it with pull-secret file path"
failed_when: not(ps_out.stat.exists)
+
+- name: Create | Config | Check file manifests/cluster-config.yaml
+ ansible.builtin.stat:
+ path: "{{ config_install_dir }}/install-config.yaml"
+ register: _installconfig
+
+- name: Create | Assrt. | Check file manifests/cluster-config.yaml
+ ansible.builtin.stat:
+ path: "{{ config_install_dir }}/manifests/cluster-config.yaml"
+ register: _manifests
+
+- name: Create | Assrt. | Check file metadata.json
+ ansible.builtin.stat:
+ path: "{{ config_install_dir }}/metadata.json"
+ register: _metadata
+
+- name: Create | Assrt. | Check file coreos-stream.json
+ ansible.builtin.stat:
+ path: "{{ config_install_dir }}/coreos-stream.json"
+ register: _coreosstream
diff --git a/roles/config/tasks/create-config.yaml b/roles/config/tasks/create-config.yaml
new file mode 100644
index 0000000..9c76cf3
--- /dev/null
+++ b/roles/config/tasks/create-config.yaml
@@ -0,0 +1,32 @@
+--- # create-config manages the install-config.yaml
+
+- name: Create | Config | Run Check vars
+ ansible.builtin.include_tasks: check.yaml
+
+- name: Create | Config | Run custom assertions
+ ansible.builtin.include_tasks: create-assertions.yaml
+
+- name: Create | Config | Render Install config file
+ when:
+ - not(_installconfig.stat.exists)
+ - not(_manifests.stat.exists)
+ - not(_metadata.stat.exists)
+ block:
+ - name: Create | Config | Render Install config file
+ ansible.builtin.template:
+ src: install-config.yaml.j2
+ dest: "{{ config_install_dir }}/install-config.yaml"
+ mode: 0644
+
+ - name: Create | Config | Copy/Save the rendered install config
+ ansible.builtin.copy:
+ src: "{{ config_install_dir }}/install-config.yaml"
+ dest: "{{ config_install_dir }}/install-config-bkp.yaml"
+ mode: 0644
+
+ - name: Create | Config | Show
+ ansible.builtin.debug:
+ msg: "Installer configuration generated at path: {{ config_install_dir }}/install-config.yaml"
+
+- name: Create | Manifests | CoreOS Stream JSON
+ ansible.builtin.include_tasks: create-coreos-stream.yml
diff --git a/roles/config/tasks/create-coreos-stream.yml b/roles/config/tasks/create-coreos-stream.yml
new file mode 100644
index 0000000..bd3a76a
--- /dev/null
+++ b/roles/config/tasks/create-coreos-stream.yml
@@ -0,0 +1,8 @@
+---
+
+- name: Create | Create CoreOS Stream JSON
+ when: not(_coreosstream.stat.exists)
+ ansible.builtin.shell: |
+ {{ bin_openshift_install }} coreos print-stream-json \
+ > {{ config_install_dir }}/coreos-stream.json
+ environment: "{{ config_installer_environment | d(omit) }}"
\ No newline at end of file
diff --git a/roles/config/tasks/create-ignitions.yaml b/roles/config/tasks/create-ignitions.yaml
new file mode 100644
index 0000000..348e5b9
--- /dev/null
+++ b/roles/config/tasks/create-ignitions.yaml
@@ -0,0 +1,17 @@
+--- # generate ignition files from a install directory
+
+- name: Create | Ignitions | Run Check vars
+ ansible.builtin.include_tasks: check.yaml
+
+- name: Create | Ignitions | Run custom assertions
+ ansible.builtin.include_tasks: create-assertions.yaml
+
+- name: Create | Ignitions | Generate
+ when:
+ - _manifests.stat.exists
+ - not(_metadata.stat.exists)
+ block:
+ - name: Create | Create ignition configs
+ ansible.builtin.shell: |
+ {{ bin_openshift_install }} create ignition-configs --dir {{ config_install_dir }}
+ environment: "{{ config_installer_environment | d(omit) }}"
\ No newline at end of file
diff --git a/roles/config/tasks/create-manifests.yaml b/roles/config/tasks/create-manifests.yaml
new file mode 100644
index 0000000..d64cf97
--- /dev/null
+++ b/roles/config/tasks/create-manifests.yaml
@@ -0,0 +1,28 @@
+--- # create-config manages the install-config.yaml
+
+- name: Create | Manifests | Run Check vars
+ ansible.builtin.include_tasks: check.yaml
+
+- name: Create | Manifests | Run custom assertions
+ ansible.builtin.include_tasks: create-assertions.yaml
+
+- name: Create | Manifests | Check
+ when: _installconfig.stat.exists
+ ansible.builtin.debug:
+ msg: "install-config must be created first with 'create-config'"
+
+- name: Create | Manifests | Generate
+ when:
+ - not(_manifests.stat.exists)
+ - not(_metadata.stat.exists)
+ block:
+ - name: Create | Create manifests
+ ansible.builtin.shell: |
+ {{ bin_openshift_install }} create manifests --dir {{ config_install_dir }}
+ environment: "{{ config_installer_environment | d(omit) }}"
+
+- name: Create | Manifests | CoreOS Stream JSON
+ ansible.builtin.include_tasks: create-coreos-stream.yml
+
+- name: Create | Manifests | Load/Create cluster_state.json
+ ansible.builtin.include_tasks: load.yaml
diff --git a/roles/config/tasks/create.yaml b/roles/config/tasks/create.yaml
index d1b572a..90be653 100644
--- a/roles/config/tasks/create.yaml
+++ b/roles/config/tasks/create.yaml
@@ -1,57 +1,6 @@
---
-
-- name: Create | Run Check vars
- ansible.builtin.include_tasks: check.yaml
-
-- name: Create | Run custom assertions
- ansible.builtin.include_tasks: create-assertions.yaml
-
-- name: Create | Check if metadata.json exists
- ansible.builtin.stat:
- path: "{{ config_install_dir }}/metadata.json"
- register: st_metadata
-
-- name: Create | Render Install config file
- ansible.builtin.template:
- src: install-config.yaml.j2
- dest: "{{ config_install_dir }}/install-config.yaml"
- mode: 0644
- when: not(st_metadata.stat.exists)
-
-- name: Create | Backup the rendered install config
- ansible.builtin.copy:
- src: "{{ config_install_dir }}/install-config.yaml"
- dest: "{{ config_install_dir }}/install-config-bkp.yaml"
- mode: 0644
- when: not(st_metadata.stat.exists)
-
-- name: Create | Generate installer metadata
- when: not(st_metadata.stat.exists)
- block:
- - name: Create | Create manifests
- ansible.builtin.shell: |
- {{ bin_openshift_install }} create manifests --dir {{ config_install_dir }}
-
- - name: Create | Apply patches on manifest stage
- ansible.builtin.include_tasks:
- file: "patches-manifests/{{ patch_name }}.yaml"
- loop_control:
- loop_var: patch_name
- loop: "{{ config_patches | d('rm-capi-machines') }}"
-
- - name: Create | Create ignition configs
- ansible.builtin.shell: |
- {{ bin_openshift_install }} create ignition-configs --dir {{ config_install_dir }}
-
-
-# Render Stream JSON
-- name: Create | Check exists coreos-stream.json
- ansible.builtin.stat:
- path: "{{ config_install_dir }}/coreos-stream.json"
- register: ex_coj
-
-- name: Create | Create CoreOS Stream JSON
- ansible.builtin.shell: |
- {{ bin_openshift_install }} coreos print-stream-json \
- > {{ config_install_dir }}/coreos-stream.json
- when: not(ex_coj.stat.exists)
+# NOTE: placeholder file, deprecated by the following 'modes'/actions:
+# - create-config
+# - create-manifests
+# - patch-manifests
+# - create-ignitions
\ No newline at end of file
diff --git a/roles/config/tasks/load.yaml b/roles/config/tasks/load.yaml
index 9da1b84..bacb779 100644
--- a/roles/config/tasks/load.yaml
+++ b/roles/config/tasks/load.yaml
@@ -18,83 +18,103 @@
- st_dir.stat.isdir
fail_msg: "installer dir [{{ config_install_dir }}] is not present. Create config first."
-- name: Load | Set bootstrap ignition filename for HA
- ansible.builtin.set_fact:
- _filename_bootstrap_ign: "bootstrap.ign"
+- name: Load | Check if cluster_state file
+ ansible.builtin.stat:
+ path: "{{ config_install_dir + '/cluster_state.json' }}"
+ register: st_out
-- name: Load | Variables from ignition files
- ansible.builtin.set_fact:
- _installer_state: "{{ lookup('file', config_install_dir + '/.openshift_install_state.json') }}"
- _installer_metadata: "{{ lookup('file', config_install_dir + '/metadata.json') }}"
- _ignition_bootstrap: "{{ lookup('file', config_install_dir + '/' + _filename_bootstrap_ign) }}"
- installer_coreos_stream: "{{ lookup('file', config_install_dir + '/coreos-stream.json') }}"
- no_log: true
+- name: Load | Create initial cluster_state
+ when: not(st_out.stat.exists)
+ block:
+ - name: Load | Load variables from manifests
+ ansible.builtin.set_fact:
+ _installer_coreos_stream: "{{ lookup('file', config_install_dir + '/coreos-stream.json') }}"
+ _manifest_capi_userdata_master_secret: "{{ lookup('file', config_install_dir + '/openshift/99_openshift-cluster-api_master-user-data-secret.yaml') | from_yaml }}"
+ _manifest_capi_userdata_worker_secret: "{{ lookup('file', config_install_dir + '/openshift/99_openshift-cluster-api_worker-user-data-secret.yaml') | from_yaml }}"
+ _manifest_infrastructure_obj: "{{ lookup('file', config_install_dir + '/manifests/cluster-infrastructure-02-config.yml') | from_yaml }}"
+ _manifest_installconfig_cm: "{{ lookup('file', config_install_dir + '/manifests/cluster-config.yaml') | from_yaml }}"
-- name: Load | Set defaults short vars
- ansible.builtin.set_fact:
- base_domain: "{{ _installer_state[\"*installconfig.InstallConfig\"][\"config\"][\"baseDomain\"] }}"
- tags: {}
- image_id_ign: "{{ _installer_state[\"*rhcos.Image\"] | d('') }}"
- _region: "{{ config_cluster_region | d(lookup('env', 'CONFIG_REGION')) }}"
- _provider: "{{ provider | d('NA') }}"
- _arch: "{{ arch | d('x86_64') }}"
+ - name: Load | Load from install-config
+ ansible.builtin.set_fact:
+ _manifest_installconfig: "{{ _manifest_installconfig_cm.data['install-config'] | from_yaml }}"
+ _manifest_capi_userdata_master: "{{ _manifest_capi_userdata_master_secret.data.userData | b64decode }}"
+ _manifest_capi_userdata_worker: "{{ _manifest_capi_userdata_worker_secret.data.userData | b64decode }}"
-- name: Load | Lookup ImageID
- block:
- - name: Load | Lookup ImageID | Check image
+ - name: Load | Set defaults short vars
ansible.builtin.set_fact:
- image_id_stream: "{{ installer_coreos_stream.architectures[_arch].images[_provider].regions[_region].image }}"
+ tags: {}
+ _infrastructureName: "{{ _manifest_infrastructure_obj.status.infrastructureName }}"
+ _region: "{{ config_cluster_region | d(lookup('env', 'CONFIG_REGION')) }}"
+ _provider: "{{ provider | d('NA') }}"
+ _arch: "{{ arch | d('x86_64') }}"
+
+ - name: Load | Set custom_image_id from os_mirror config
when:
- - _provider != 'NA'
- when:
- - custom_image_id | d('') == ''
- - image_id_ign == ''
+ - os_mirror | d({}) | length > 0
+ - os_mirror_from | d('') == 'stream_artifacts'
+ block:
+ - name: Load | Set custom_image_url from os_mirror config
+ ansible.builtin.set_fact:
+ custom_image_url: "{{ \
+ _installer_coreos_stream\
+ .architectures[os_mirror_stream.architecture]\
+ .artifacts[os_mirror_stream.artifact]\
+ .formats[os_mirror_stream.format]\
+ .disk.location | d('') }}"
-- name: Load | Check if cluster_state file
- ansible.builtin.stat:
- path: "{{ config_install_dir + '/cluster_state.json' }}"
- register: st_out
+ - name: Load | Set custom_image_id from os_mirror config
+ ansible.builtin.set_fact:
+ custom_image_id: "{{ custom_image_url | basename }}"
+
+ - name: Load | Lookup ImageID
+ block:
+ - name: Load | Lookup ImageID | Check image
+ ansible.builtin.set_fact:
+ image_id_stream: "{{ _installer_coreos_stream.architectures[_arch].images[_provider].regions[_region].image | d('') }}"
+ when:
+ - _provider != 'NA'
+ when:
+ - custom_image_id | d('') == ''
+
+ - name: Load | Create initial cluster_state
+ ansible.builtin.set_fact:
+ cluster_state:
+ cluster_name: "{{ _manifest_installconfig.metadata.name }}"
+ cluster_id: "{{ _infrastructureName }}"
+ infra_id: "{{ _infrastructureName }}"
+ tags: "{% set x = tags.__setitem__('kubernetes.io/cluster/' + _infrastructureName, 'owned') %}{{ tags }}"
+ region: "{{ _region }}"
+ platform:
+ provider: "{{ _provider }}"
+ platform: "{{ config_platform | d('none') }}"
+ dns:
+ base_domain: "{{ _manifest_installconfig.baseDomain }}"
+ base_domain_id: ''
+ cluster_domain: "{{ _manifest_installconfig.metadata.name }}.{{ _manifest_installconfig.baseDomain }}"
+ cluster_domain_id: ''
+ registers: []
+ network:
+ vpc_id: ''
+ subnets: []
+ loadbalancers: {}
+ compute:
+ image_id: "{{ custom_image_id | d(image_id_stream) }}"
+ image_url: "{{ custom_image_url | d('') }}"
+ iam_profile_bootstrap: "{{ _infrastructureName }}-instance-bootstrap"
+ iam_profile_compute: "{{ _infrastructureName }}-instance-compute"
+ iam_profile_controlplane: "{{ _infrastructureName }}-instance-controlPlane"
+ user_data_master: "{{ _manifest_capi_userdata_master }}"
+ user_data_worker: "{{ _manifest_capi_userdata_worker }}"
+ iam:
+ profile_bootstrap: "{{ _infrastructureName }}-instance-bootstrap"
+ profile_controlplane: "{{ _infrastructureName }}-instance-controlplane"
+ profile_compute: "{{ _infrastructureName }}-instance-compute"
- name: Load | Set local cluster_state
ansible.builtin.set_fact:
cluster_state: "{{ lookup('file', config_install_dir + '/cluster_state.json', errors='ignore') }}"
when: st_out.stat.exists
-- name: Load | Create initial cluster_state
- ansible.builtin.set_fact:
- cluster_state:
- cluster_name: "{{ _installer_metadata.clusterName }}"
- cluster_id: "{{ _installer_metadata.clusterID }}"
- infra_id: "{{ _installer_metadata.infraID }}"
- tags: "{% set x = tags.__setitem__('kubernetes.io/cluster/' + _installer_metadata.infraID, 'owned') %}{{ tags }}"
- region: "{{ _region }}"
- platform:
- provider: "{{ _provider }}"
- platform: "{{ config_platform | d('none') }}"
- dns:
- base_domain: "{{ base_domain }}"
- base_domain_id: ''
- cluster_domain: "{{ _installer_metadata.clusterName }}.{{ base_domain }}"
- cluster_domain_id: ''
- registers: []
- network:
- vpc_id: ''
- subnets: []
- loadbalancers: {}
- compute:
- image_id: "{{ custom_image_id | d(image_id_stream) | d(image_id_ign) }}"
- iam_profile_bootstrap: "{{ _installer_metadata.infraID }}-instance-bootstrap"
- iam_profile_compute: "{{ _installer_metadata.infraID }}-instance-compute"
- iam_profile_controlplane: "{{ _installer_metadata.infraID }}-instance-controlPlane"
- certificates:
- root_ca: "{{ _ignition_bootstrap | json_query(query_root_ca) | join('') }}"
- iam:
- profile_bootstrap: "{{ _installer_metadata.infraID }}-instance-bootstrap"
- profile_controlplane: "{{ _installer_metadata.infraID }}-instance-controlplane"
- profile_compute: "{{ _installer_metadata.infraID }}-instance-compute"
- vars:
- query_root_ca: "storage.files[?path=='/opt/openshift/tls/root-ca.crt'].contents.source"
- when: not(st_out.stat.exists)
- name: Load | Save state
ansible.builtin.include_tasks: save-state.yaml
diff --git a/roles/config/tasks/patch-manifests.yaml b/roles/config/tasks/patch-manifests.yaml
new file mode 100644
index 0000000..9376bb5
--- /dev/null
+++ b/roles/config/tasks/patch-manifests.yaml
@@ -0,0 +1,19 @@
+--- # step will run to patch manifests before ignitions creation based on config_patches list.
+
+- name: Patch | Manifests | Run Load vars
+ ansible.builtin.include_tasks: load.yaml
+
+- name: Patch | Manifests | Run custom assertions
+ ansible.builtin.include_tasks: create-assertions.yaml
+
+- name: Patch | Manifests | Generate
+ when:
+ - _manifests.stat.exists
+ - not(_metadata.stat.exists)
+ block:
+ - name: Patch | Apply patches on manifest stage
+ ansible.builtin.include_tasks:
+ file: "patches-manifests/{{ patch_name }}.yaml"
+ loop_control:
+ loop_var: patch_name
+ loop: "{{ config_patches | d('rm-capi-machines') }}"
diff --git a/roles/config/templates/install-config.yaml.j2 b/roles/config/templates/install-config.yaml.j2
index b67bf87..e8aa153 100644
--- a/roles/config/templates/install-config.yaml.j2
+++ b/roles/config/templates/install-config.yaml.j2
@@ -6,7 +6,7 @@ baseDomain: {{ config_base_domain }}
# Compute Pool
{% if cluster_profile == 'ha' %}
-compute: {{ config_compute }}
+compute: {{ config_compute | from_yaml }}
{% elif cluster_profile == 'sno' %}
compute:
diff --git a/roles/csr_approver/meta/main.yml b/roles/csr_approver/meta/main.yml
index 4fcfba2..05ff922 100644
--- a/roles/csr_approver/meta/main.yml
+++ b/roles/csr_approver/meta/main.yml
@@ -14,8 +14,5 @@ galaxy_info:
- okd
- installer
- bootstrap
- - aws
- - amazon
- - digitalocean
dependencies: []
diff --git a/roles/csr_approver/tasks/approve.yaml b/roles/csr_approver/tasks/approve.yaml
index a8c545e..006b9b9 100644
--- a/roles/csr_approver/tasks/approve.yaml
+++ b/roles/csr_approver/tasks/approve.yaml
@@ -35,7 +35,7 @@
- name: Approver | Approve CSRs
ansible.builtin.command: |
- {{ oc_bin }} \
+ {{ bin_oc | d(oc_bin) }} \
--kubeconfig {{ config_install_dir }}/auth/kubeconfig \
adm certificate approve {{ csr_name }}
vars:
diff --git a/roles/destroy/meta/main.yml b/roles/destroy/meta/main.yml
index 0ab0370..2ce412c 100644
--- a/roles/destroy/meta/main.yml
+++ b/roles/destroy/meta/main.yml
@@ -1,6 +1,6 @@
---
galaxy_info:
- role_name: okd_cluster_destroy
+ role_name: destroy
author: mtulio
description: Ansible Role to Destroy OKD Cluster on the Cloud Provider
license: Apache-2.0
@@ -17,8 +17,5 @@ galaxy_info:
- openshift
- cloud
- installer
- - aws
- - amazon
- - digitalocean
dependencies: []
diff --git a/roles/os_mirror/README.md b/roles/os_mirror/README.md
new file mode 100644
index 0000000..e69de29
diff --git a/roles/os_mirror/defaults/main.yml b/roles/os_mirror/defaults/main.yml
new file mode 100644
index 0000000..94f8260
--- /dev/null
+++ b/roles/os_mirror/defaults/main.yml
@@ -0,0 +1,2 @@
+---
+os_mirror: {}
\ No newline at end of file
diff --git a/roles/os_mirror/meta/main.yml b/roles/os_mirror/meta/main.yml
new file mode 100644
index 0000000..c887620
--- /dev/null
+++ b/roles/os_mirror/meta/main.yml
@@ -0,0 +1,21 @@
+---
+galaxy_info:
+ role_name: os_mirror
+ author: mtulio
+ description: Ansible Role to Mirror OS to the provider
+ license: Apache-2.0
+ min_ansible_version: "4.1"
+ platforms:
+ - name: EL
+ versions:
+ - all
+ - name: Debian
+ versions:
+ - all
+ galaxy_tags:
+ - okd
+ - openshift
+ - cloud
+ - installer
+
+dependencies: []
diff --git a/roles/os_mirror/tasks/main.yaml b/roles/os_mirror/tasks/main.yaml
new file mode 100644
index 0000000..02a42c0
--- /dev/null
+++ b/roles/os_mirror/tasks/main.yaml
@@ -0,0 +1,6 @@
+---
+- name: gather from source
+ ansible.builtin.include_tasks: "./{{ os_mirror_from }}.yaml"
+
+- name: upload to provider {{ os_mirror_to_provider }}
+ ansible.builtin.include_tasks: "./{{ os_mirror_to_provider }}.yaml"
diff --git a/roles/os_mirror/tasks/stream_artifacts.yaml b/roles/os_mirror/tasks/stream_artifacts.yaml
new file mode 100644
index 0000000..9794268
--- /dev/null
+++ b/roles/os_mirror/tasks/stream_artifacts.yaml
@@ -0,0 +1,16 @@
+---
+- name: from stream_artifact | Check exists locally
+ stat:
+ path: "{{ collection_bin_dir }}/{{ cluster_state.compute.image_id }}"
+ register: _st_image
+
+- name: stream_artifact | show
+ debug:
+ msg: "Downloading image: {{ cluster_state.compute.image_url }}"
+ when: not(_st_image.stat.exists)
+
+- name: from stream_artifact | Downloading {{ cluster_state.compute.image_url }}
+ get_url:
+ url: "{{ cluster_state.compute.image_url }}"
+ dest: "{{ collection_bin_dir }}/{{ cluster_state.compute.image_id }}"
+ when: not(_st_image.stat.exists)
diff --git a/tests/config/okd-scos-4.13.0-0.env b/tests/config/okd-scos-4.13.0-0.env
new file mode 100644
index 0000000..5222e5f
--- /dev/null
+++ b/tests/config/okd-scos-4.13.0-0.env
@@ -0,0 +1,7 @@
+export PULL_SECRET_FILE="${PWD}/config/pull-secret-okd-fake.json"
+export CONFIG_PULL_SECRET_FILE="${PWD}/config/pull-secret-okd-fake.json"
+export CONFIG_SSH_KEY=$(ssh-keygen -q -t rsa -N '' -f ${HOME}/.ssh/id_rsa <</dev/null 2>&1; cat ${HOME}/.ssh/id_rsa.pub)
+
+export DISTRIBUTION=okd
+export RELEASE_IMAGE=quay.io/okd/scos-release
+export RELEASE_VERSION=4.13.0-0.okd-scos-2023-05-04-192252
\ No newline at end of file