Skip to content

sullyvon/ocpv4-deployment-tam

Repository files navigation

Overview

Hub And Spoke Architecture Design

Installation Procedures

Setup laptop

sudo dnf install ansible-core wget
ssh-keygen -t ed25519
cat ~/.ssh/id_ed25519.pub

Go to github settings and add ssh pub key

Fix ssh config

cat ~/.ssh/config
HostName github.com
IdentityFile ~/.ssh/id_ed25519
chmod 0600 ~/.ssh/conig
mkdir -p ~/redhat/ocpv4/git && cd ~/redhat/ocpv4/git/
git clone [email protected]:sullyvon/ocpv4-deployment-tam.git
#this should go into the staging software playbook
sudo curl -sSL -o /usr/local/bin/argocd https://github.com/argoproj/argo-cd/releases/latest/download/argocd-linux-amd64
sudo chmod +x /usr/local/bin/argocd

Ansible Core Hub Cluster Deployment

NOTE

For simplicity we demo this via ansible core but for an Enterprise environment Ansible Tower makes more sense

Stage OCPv4 CLI Tooling

cd ~/redhat/ocpv4/ocpv4-deployment-tam/common/playbooks
ansible-playbook --connection=local --inventory 127.0.0.1, --limit 127.0.0.1 common-stage-ocpv4-software.yaml -e "becomemethod=sudo privileged_user=dsulliva ocpv4_version=4.10.12"

Generate Per Cluster SSH Key

cd ~/redhat/ocpv4/ocpv4-deployment-tam/common/playbooks
ansible-playbook --connection=local --inventory 127.0.0.1, --limit 127.0.0.1 common-ssh-keygen.yml -e "cluster_id=dsulliva-hub01"

From the output you need to get the public key generated this will go into our cluster install-config.yaml

TASK [ssh-keygen : debug] *****************************************************************************************************************************************************************************************
ok: [127.0.0.1] => {
    "msg": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCeDv8bR/y6W2gPonSUr9Vzn4YsxCm4d7yyODPGLinZooUbN9gvK3FAmOuamVgeF+nfrQv9wCPi7ifkFTIYi68G0SC77YYrrQXStUI2IvCZUXkBEO2B6H6PhQN//2FeXbV+2tx3OpAMt17DKhIWtbrAkNLo/Ra7SL9zO4c9RvRehnh/FpWQGRfY3djtEl+PrwG+Vbdt1by4e0v4MLO7CIaIuT0Mf4siuU33NGS81kIU5x82mXkpVHjslwcLqpr5E/L1qCWX6SJ3cgiGD9PvgCL1alvBKoPxhgkjMzcvUX2tuWFWpehqswblGb9UBOCOdPUg67CJjzYWSdNmApZzuSvmi3DOCrSidHGqqXbfcRSfluti3yQi7bbxDfBXbxN08iXHZjJke9GNPKNbhsKyvMnI5MY1X9oeUNIewSYbqykflyfjorOdirWBpgaGL/sCqQcvjytterLtLCGZjtLaYWPZfZLRluY8XEhQ7tGelXlf6JWT5YaTfqVZifpON25NQIYYKkivKcSeIBoH6tUaB+ggDdnuI2xT9i/uKIjMtoOOwMxfagIgRj1hkgbb29m8qj1nlBuGccDP/1bkVEMpt1JKXuCjvO6jxh+ncM6bGeRT8dcy6i7iPv4tI3n+H0qJ+mwbdYZRwozk7xcO39tDxe3ydCzfoKWbK0Qr2Jb7cn4tvQ== [email protected]"
}

Replace the sshKey field with one in msg output above

cd ~/redhat/ocpv4/git//ocpv4-deployment-tam/
vi dsulliva-hub01/config/install-config.yaml

Download Pull Secret and fix your pull secret

download to ~/.docker/config.tmp and convert to ansible vaulted hash

cd ~/.docker/
[dsulliva@fancy .docker]$ cat config.tmp | ansible-vault encrypt_string #Do not forget the password you use here
cd ~/redhat/ocpv4/git//ocpv4-deployment-tam/common/playbook
mkdir vars
vi dsulliva-hub01.yaml #add in pullsecret with reference to the encrypted vault hash

Install OpenShift Hub Cluster

cd ~/redhat/ocpv4/git/ocpv4-deployment-tam/common/playbooks
ansible-playbook --ask-vault-pass --connection=local --inventory 127.0.0.1, --limit 127.0.0.1 common-install-ocpv4.yml -e "becomemethod=sudo privileged_user=dsulliva privileged_group=dsulliva ocpv4_version=4.10.12 cluster_id=dsulliva-hub01"

In another terminal

cd ~/dsulliva-hub01
ls -lrt #find the latest install file
tail <latestinstallfile>

Run Post Configuration On Hub Cluster

cd ~/redhat/ocpv4/git/ocpv4-deployment-tam/common/playbooks
ansible-playbook --connection=local --inventory 127.0.0.1, --limit 127.0.0.1 common-post-ocpv4-config.yml -e "becomemethod=sudo privileged_user=dsulliva privileged_group=dsulliva ocpv4_version=4.10.12 cluster_id=dsulliva-hub01 postconfig_mode=init ready_node_count=15 clustertype=hubextrh acm_managed_cluster=false openshift_gitops_endpoint=openshift-gitops-server-openshift-gitops.apps.dsulliva-hub01.sandbox517.opentlc.com openshift_gitops_gstnonprod_endpoint=openshift-gitops-gstnonprod-server-openshift-gitops.apps.dsulliva-hub01.sandbox517.opentlc.com"

While the above is running open another terminal

export KUBECONFIG=~/dsulliva-hub01/installocpv4/auth/kubeconfig
cd ~/redhat/ocpv4/git/ocpv4-deployment-tam/scripts
#we need to do this because all our operator Subscriptions are set to Manual approval
bash approve_operator_ip.sh

This playbook/role has 4 main kustomize stages

  • Stage I does our machinesets and optionally mco chrony

Per code here

cd ~/redhat/ocpv4/git/ocpv4-deployment-tam/gitops/kustomize/dsulliva-hub01

To actively watch

watch -n 5 'oc get machines -n openshift-machine-api && oc get nodes'

We really want our machines online and time right before we start throw our operators on

  • Stage II does openshift-gitops operator and stages some namespaces

Another chicken and egg problem kind of need argocd up before you can deploy argocd applications

Per code here

cd ~/redhat/ocpv4/git/ocpv4-deployment-tam/gitops/kustomize/openshift-gitops-operator
  • Stage III does phase one of argocd/openshift-gitops applications

Per code here

cd ~/redhat/ocpv4/git/ocpv4-deployment-tam/gitops/applications/dsulliva-hub01

To actively follow

watch -n 5 'oc get pods -n openshift-storage && oc get pvc --all-namespaces'
  • Stage IV does phase two of the argocd/openshift-gitops applications

Per code here

cd ~/redhat/ocpv4/git/ocpv4-deployment-tam/gitops/applications/dsulliva-hub01/stage_two
watch -n 5 'oc get nodes'

Ansible Core Hub Cluster Quay Setup

Increase your timeout to help with slow/transient network issues

oc annotate route hub-registry-quay --overwrite haproxy.router.openshift.io/timeout=120s -n quay-enterprise

Create a vault encrypted password for quay use the same vault password you used for the pullsecret

echo -n "<fixme>" | ansible-vault encrypt_string

Run quay init playbook

cd ~/redhat/ocpv4/git/ocpv4-deployment-tam/common/playbooks
ansible-playbook --ask-vault-pass --connection=local --inventory 127.0.0.1, --limit 127.0.0.1 common-post-hub-init-quayadmin-config.yml -e "becomemethod=sudo privileged_user=dsulliva privileged_group=dsulliva ocpv4_version=4.10.12 cluster_id=dsulliva-hub01 hubendpoint=hub-registry-quay-quay-enterprise.apps.dsulliva-hub01.sandbox517.opentlc.com"
cd ~/redhat/ocpv4/git/ocpv4-deployment-tam/common/playbooks
ansible-playbook --connection=local --inventory 127.0.0.1, --limit 127.0.0.1 common-post-hub-mirror-ocpv4-release.yml -e "becomemethod=sudo privileged_user=dsulliva privileged_group=dsulliva ocpv4_version=4.10.12 cluster_id=dsulliva-hub01 MIRROR_TO_REGISTRY=hub-registry-quay-quay-enterprise.apps.dsulliva-hub01.sandbox517.opentlc.com/ocpv4"

Ansible Core Spoke Cluster Deployment

Generate Per Cluster SSH Key

cd ~/redhat/ocpv4/git/ocpv4-deployment-tam/common/playbooks
ansible-playbook --connection=local --inventory 127.0.0.1, --limit 127.0.0.1 common-ssh-keygen.yml -e "cluster_id=dsulliva-spoke01"

Replace the sshKey field from output in install-config.yaml below

cd ~/redhat/ocpv4/git//ocpv4-deployment-tam/
vi dsulliva-spoke01/config/install-config.yaml

Install OpenShift Spoke Cluster

cd ~/redhat/ocpv4/git/ocpv4-deployment-tam/common/playbooks
ansible-playbook --ask-vault-pass --connection=local --inventory 127.0.0.1, --limit 127.0.0.1 common-install-ocpv4.yml -e "becomemethod=sudo privileged_user=dsulliva privileged_group=dsulliva ocpv4_version=4.10.12 cluster_id=dsulliva-spoke01"

*Clean up time be careful this wipes out the cluster

ansible-playbook --connection=local --inventory 127.0.0.1, --limit 127.0.0.1 common-destroy-ocpv4.yml -e "becomemethod=sudo privileged_user=dsulliva privileged_group=dsulliva ocpv4_version=4.10.12 cluster_id=dsulliva-spoke01"

About

No description, website, or topics provided.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

 
 
 

Contributors

Languages