OpenShift 4 Provisioning and Configuration using Ansible.
Runs in a container, no need for additional libraries or software, aside from podman
.
- Helps with the manual tasks of creating the needed VMs for OpenShift nodes
- Configures several aspects of an OpenShift cluster (i.e. authentication, logging, monitoring, ODF storage, and more...)
- Can scale up the cluster, creating additional nodes.
- Strives to be idempotent at any phase.
- Can configure external services (NFS shares on an existent machine, ATM).
Only VMware at the moment. More to come...
The automation runs in a container, so you'll need a RHEL8-like machine with podman
installed. You don't need root privileges to run it.
Pull the container:
$ podman pull quay.io/fcarrus/ocp4-deployment-automation:latest
Create a directory where to keep the automation inventory and all the installation-related files, i.e.:
$ mkdir /home/myuser/mycluster
Use the inventory.yaml.example file in this repository to define your cluster's configuration (nodes, post-deploy config, etc.). Documentation on variables is in the example file.
Place the file in the directory created above and name it inventory.yaml
.
Use the run.sh script in this repository as a template for your own script. You should edit the MYDIRECTORY
variable and assign it the directory you created, i.e.:
MYDIRECTORY="/home/myuser/mycluster/"
Run the automation's check playbook. It validates some of the variables in the inventory, so it can fail early before starting the deployment.
$ ./run.sh check
Run the automation's prepare playbook. It creates the install-config.yaml, manifests and ignition files. They are all placed in the directory you created.
$ ./run.sh prepare
Run the automation's deploy playbook. It creates the CoreOS template image and the node VMs, then waits for the cluster to be up&running.
$ ./run.sh deploy
Run the automation's configure playbook. It uses the kubeconfig file to configure the cluster as specified in the inventory file.
$ ./run.sh configure
The configure playbook can be run for single parts of configuration at a time, making use of Ansible tags, i.e.:
$ ./run.sh configure -t node-labels,ingress,logging
All the tags available for the configure playbook are:
api-certificate
: Replace the API endpoint's SSL certificate.ca-bundle
: Inject certification authorities in the trusted bundle.defns
: Set up the default namespace template adding NetworkPolicies.idp
: Set up OAuth Identity Provider(s).image-registry
: Configure the Image Registry.ingress
: Configure the Ingress Controller.logging
: Install the Logging stack and configure it.manifests
: Add objects to OpenShift in post-deploy phase.monitoring
: Configure the monitoring stack.node-labels
: Label nodes.node-taints
: Apply node taints.odf
: Install ODF and create a StorageCluster object.proxy
: Configure cluster-wide proxy settings.registry-sources
: Configure additional registry sources.rhacm
: Install RHACM and configure the cluster as Hub.selfprov
: Disable the self-provisioning feature.update-cap
: Updates the cluster auto approver with additional nodes after scaling up.
There is a playbook for configuring an external RHEL-like server with NFS shares (see documentation in the inventory example file):
$ ./run.sh external_nfs