From: Chris Wheeler Date: Tue, 10 Dec 2024 01:13:37 +0000 (-0600) Subject: OKD bare metal deployment automation X-Git-Tag: k-release~3 X-Git-Url: https://gerrit.o-ran-sc.org/r/gitweb?a=commitdiff_plain;h=7cacfa09b0adec70aaf6c13dcb4744676d58063d;p=pti%2Frtp.git OKD bare metal deployment automation - Modified the ocloud role to import the ocloud_infra_baremetal role for bare metal hosts - Modified the ocloud_platform_okd role to support generation of bare metal agent-based installer ISO - Added ocloud_infra_baremetal role to handle virtual media and power control of bare metal hosts - Minor changes to the ocloud_platform_o2ims role - Added debug task in ocloud_platform_okd role to print agent-config.yml and install-config.yml in verbose mode - Updated README.md with information about bare metal deployment, Stolostron, and the oran-o2ims operator Issue-ID: INF-476 Change-Id: I2f6c538a4d2b3d462e1acf928201b53ac6c61079 Signed-off-by: Chris Wheeler --- diff --git a/.gitignore b/.gitignore index 4fdfd7a4..f5442207 100644 --- a/.gitignore +++ b/.gitignore @@ -6,6 +6,7 @@ /okd/fetched # ignored anywhere +collections/ fetched/ tmp/ temp/ diff --git a/okd/README.md b/okd/README.md index 53af7c74..deb777a5 100644 --- a/okd/README.md +++ b/okd/README.md @@ -8,6 +8,7 @@ Currently supported Kubernetes platforms and infrastructure targets are: ## Infrastructure - KVM/libvirtd virtual machine +- Bare metal (x86_64 architecture); see [Requirements for installing OpenShift on a single node](https://docs.okd.io/4.16/installing/installing_sno/install-sno-preparing-to-install-sno.html#install-sno-requirements-for-installing-on-a-single-node_install-sno-preparing) for hardware minimum resource requirements # Prerequisites The following prerequisites must be installed on the host where the playbook will be run (localhost, by default): @@ -21,6 +22,8 @@ To enable network access to cluster services, DNS address records must be define In the case of all-in-one topology clusters, all addresses must resolve to the machine network IP assigned to the node. +The okd/playbooks/deploy_dns.yml playbook can be used to deploy dnsmasq if a DNS server needs to be configured. + ## Ansible Install Ansible per [Installing Ansible on specific operating systems](https://docs.ansible.com/ansible/latest/installation_guide/installation_distros.html) documentation. @@ -57,7 +60,7 @@ ansible-galaxy collection install -r requirements.yml #### Optional The following variables can be set to override deployment defaults: -- ocloud_infra [default="vm"]: infrastructure target +- ocloud_infra [default="vm"]: infrastructure target (supported values: "vm", "baremetal") - ocloud_platform [default="okd"]: platform target - ocloud_topology [default="aio"]: O-Cloud cluster topology - ocloud_cluster_name [default="ocloud-{{ ocloud_infra }}-{{ ocloud_platform }}-{{ ocloud_topology }}"]: O-Cloud cluster name @@ -66,6 +69,9 @@ The following variables can be set to override deployment defaults: ### Infrastructure / VM +#### Required +- role: cluster role of the node (supported values: "master") + #### Optional The following variables can be set to override defaults for deploying to a VM infrastructure target: @@ -76,6 +82,31 @@ The following variables can be set to override defaults for deploying to a VM in - ocloud_net_name [default="ocloud"]: virtual network name - ocloud_net_bridge [default="ocloud-br"]: virtual network bridge name - ocloud_net_mac_prefix [default="52:54:00:01:23"]: virtual network MAC prefix +- ocloud_dns_servers: list of DNS resolvers to configure (see okd/playbooks/deploy_dns.yml if a DNS server needs to be deployed) +- ocloud_ntp_servers: list of NTP servers to configure (see okd/playbooks/deploy_ntp.yml if an NTP server needs to be deployed) + +### Infrastructure / Bare Metal +#### Required +The following variables must be set for deploying to a bare metal infrastructure target (see okd/inventory/host_vars/master-0-baremetal/ for example): +- bmc_address: hostname/IP of the node's out-of-band management interface (e.g. BMC, iDRAC, iLO) +- bmc_user: username used to authenticate to the node's out-of-band management interface +- bmc_password: password used to authenticate to the node's out-of-band management interface +- installation_disk_path: disk device to which OKD will be installed (reference the `deviceName` subfield in [About root device hints](https://docs.openshift.com/container-platform/4.16/installing/installing_with_agent_based_installer/preparing-to-install-with-agent-based-installer.html#root-device-hints_preparing-to-install-with-agent-based-installer) +- mac_addresses: dictionary of interface names and corresponding MAC addresses +- network_config: node network configuration in [nmstate](https://nmstate.io/) format +- ocloud_dns_servers: list of DNS resolvers to configure (see okd/playbooks/deploy_dns.yml if a DNS server needs to be deployed) +- ocloud_net_cidr: must be set to the subnet corresponding to the node's IP assigned in 'network_config' +- ocloud_ntp_servers: list of NTP servers to configure (see okd/playbooks/deploy_ntp.yml if an NTP server needs to be deployed) +- role: cluster role of the node (supported values: "master") + +#### Inventory +The following inventory variables must be defined for the 'http_store' host (see okd/inventory/host_vars/http_store/ for example +x inventory and okd/playbooks/deploy_http_store.yml if an HTTP store needs to be deployed): +- ansible_host: hostname/IP of the HTTP store that will serve the agent-based installer ISO image +- http_store_dir: document root on the HTTP store where thet agent-based installer ISO image will be copied +- http_port: port on which the HTTP store listens + +#### Optional ### Platform / OKD @@ -98,8 +129,9 @@ Execute the playbook from the base directory as follows: ansible-playbook -i inventory playbooks/ocloud.yml ``` -This will deploy the O-Cloud up through the bootstrap phase. -Continue to monitor the cluster deployment through completion per the Validation section below. +This will deploy the O-Cloud up through the bootstrap and installation phases, as well as deploying +[Stolostron](https://github.com/stolostron/stolostron) and the [oran-o2ims](https://github.com/openshift-kni/oran-o2ims) +operator. # Validation @@ -111,8 +143,9 @@ Set the KUBECONFIG variable to point to the config generated by the agent-based export KUBECONFIG=/tmp/ansible.6u4ydu5n/cfg/auth/kubeconfig ``` -Monitor the progress of the installation by running the 'oc get nodes', 'oc get clusteroperators', and -'oc get clusterversion' commands until all nodes are ready and all cluster operators are available, for example: +Verify the installation completion by running the 'oc get nodes', 'oc get clusteroperators', +and 'oc get clusterversion' commands and confirm all nodes are ready and all cluster operators +are available, for example: ``` $ oc get nodes @@ -160,6 +193,185 @@ NAME VERSION AVAILABLE PROGRESSING SINCE STA version 4.14.0-0.okd-2024-01-26-175629 True False 83m Cluster version is 4.14.0-0.okd-2024-01-26-175629 ``` +## Stolostron + +Verify the Stolostron deployment by running the 'oc get all -n open-cluster-management' +and 'oc get MultiClusterHub -n open-cluster-management' commands, for example: + +``` +$ oc get all -n open-cluster-management +Warning: apps.openshift.io/v1 DeploymentConfig is deprecated in v4.14+, unavailable in v4.10000+ +NAME READY STATUS RESTARTS AGE +pod/cluster-permission-6964454c7b-pt2pq 1/1 Running 0 3h31m +pod/console-chart-console-v2-7f5554f4bf-mpxkq 1/1 Running 0 3h31m +pod/console-chart-console-v2-7f5554f4bf-mt949 1/1 Running 0 3h31m +pod/grc-policy-addon-controller-8599cc9c55-qxhtq 1/1 Running 0 3h31m +pod/grc-policy-addon-controller-8599cc9c55-r2rpq 1/1 Running 0 3h31m +pod/grc-policy-propagator-78f57b57d8-f79b9 2/2 Running 0 3h31m +pod/grc-policy-propagator-78f57b57d8-j49cw 2/2 Running 0 3h31m +pod/insights-client-5445dbd97f-lfl4w 1/1 Running 0 3h31m +pod/insights-metrics-7b568c78fd-zdk7t 2/2 Running 0 3h31m +pod/klusterlet-addon-controller-v2-7b9c995cc5-kmtkb 1/1 Running 0 3h31m +pod/klusterlet-addon-controller-v2-7b9c995cc5-v8b6z 1/1 Running 0 3h31m +pod/multicluster-integrations-78bbdf889f-7nj27 3/3 Running 1 (3h32m ago) 3h34m +pod/multicluster-observability-operator-86dc5477cb-sbw5f 1/1 Running 0 3h31m +pod/multicluster-operators-application-7995b449fb-2gssq 3/3 Running 2 (3h32m ago) 3h34m +pod/multicluster-operators-channel-597d9ddc46-kvwk2 1/1 Running 1 (3h33m ago) 3h34m +pod/multicluster-operators-hub-subscription-58c97bf6cc-7rxqk 1/1 Running 1 (3h32m ago) 3h34m +pod/multicluster-operators-standalone-subscription-6b548d9bb8-r9rhf 1/1 Running 0 3h34m +pod/multicluster-operators-subscription-report-7bb6dfdcb6-nblvh 1/1 Running 0 3h34m +pod/multiclusterhub-operator-66d8788b98-98m7l 1/1 Running 1 (3h34m ago) 3h34m +pod/multiclusterhub-operator-66d8788b98-bg5s2 1/1 Running 0 3h34m +pod/search-api-6cbd6557c8-ld687 1/1 Running 0 3h30m +pod/search-collector-f68dbfc6-m955j 1/1 Running 0 3h30m +pod/search-indexer-54b95db649-6mlpc 1/1 Running 0 3h30m +pod/search-postgres-bb88bc4d4-ngff9 1/1 Running 0 3h30m +pod/search-v2-operator-controller-manager-79cfcfdf5b-d4r42 2/2 Running 0 3h31m +pod/submariner-addon-77b9fb5df8-27rbx 0/1 CrashLoopBackOff 46 (9s ago) 3h31m +pod/volsync-addon-controller-546985f674-lj56q 1/1 Running 0 3h31m + +NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE +service/channels-apps-open-cluster-management-webhook-svc ClusterIP 172.30.186.153 443/TCP 3h32m +service/console-chart-console-v2 ClusterIP 172.30.136.138 3000/TCP 3h31m +service/governance-policy-compliance-history-api ClusterIP 172.30.194.57 8384/TCP 3h31m +service/grc-policy-propagator-metrics ClusterIP 172.30.220.46 8443/TCP 3h31m +service/hub-subscription-metrics ClusterIP 172.30.238.159 8381/TCP 3h34m +service/insights-client ClusterIP 172.30.176.80 3030/TCP 3h31m +service/insights-metrics ClusterIP 172.30.187.226 8443/TCP 3h31m +service/multicluster-observability-webhook-service ClusterIP 172.30.160.21 443/TCP 3h31m +service/multicluster-operators-application-svc ClusterIP 172.30.104.75 443/TCP 3h33m +service/multicluster-operators-subscription ClusterIP 172.30.24.51 8443/TCP 3h33m +service/multiclusterhub-operator-metrics ClusterIP 172.30.250.141 8383/TCP 3h34m +service/multiclusterhub-operator-webhook ClusterIP 172.30.155.20 443/TCP 3h34m +service/propagator-webhook-service ClusterIP 172.30.186.176 443/TCP 3h31m +service/search-indexer ClusterIP 172.30.223.23 3010/TCP 3h30m +service/search-postgres ClusterIP 172.30.68.78 5432/TCP 3h30m +service/search-search-api ClusterIP 172.30.231.222 4010/TCP 3h30m +service/search-v2-operator-controller-manager-metrics-service ClusterIP 172.30.106.43 8443/TCP 3h31m +service/standalone-subscription-metrics ClusterIP 172.30.89.117 8389/TCP 3h34m + +NAME READY UP-TO-DATE AVAILABLE AGE +deployment.apps/cluster-permission 1/1 1 1 3h31m +deployment.apps/console-chart-console-v2 2/2 2 2 3h31m +deployment.apps/grc-policy-addon-controller 2/2 2 2 3h31m +deployment.apps/grc-policy-propagator 2/2 2 2 3h31m +deployment.apps/insights-client 1/1 1 1 3h31m +deployment.apps/insights-metrics 1/1 1 1 3h31m +deployment.apps/klusterlet-addon-controller-v2 2/2 2 2 3h31m +deployment.apps/multicluster-integrations 1/1 1 1 3h34m +deployment.apps/multicluster-observability-operator 1/1 1 1 3h31m +deployment.apps/multicluster-operators-application 1/1 1 1 3h34m +deployment.apps/multicluster-operators-channel 1/1 1 1 3h34m +deployment.apps/multicluster-operators-hub-subscription 1/1 1 1 3h34m +deployment.apps/multicluster-operators-standalone-subscription 1/1 1 1 3h34m +deployment.apps/multicluster-operators-subscription-report 1/1 1 1 3h34m +deployment.apps/multiclusterhub-operator 2/2 2 2 3h34m +deployment.apps/search-api 1/1 1 1 3h30m +deployment.apps/search-collector 1/1 1 1 3h30m +deployment.apps/search-indexer 1/1 1 1 3h30m +deployment.apps/search-postgres 1/1 1 1 3h30m +deployment.apps/search-v2-operator-controller-manager 1/1 1 1 3h31m +deployment.apps/submariner-addon 0/1 1 0 3h31m +deployment.apps/volsync-addon-controller 1/1 1 1 3h31m + +NAME DESIRED CURRENT READY AGE +replicaset.apps/cluster-permission-6964454c7b 1 1 1 3h31m +replicaset.apps/console-chart-console-v2-7f5554f4bf 2 2 2 3h31m +replicaset.apps/grc-policy-addon-controller-8599cc9c55 2 2 2 3h31m +replicaset.apps/grc-policy-propagator-78f57b57d8 2 2 2 3h31m +replicaset.apps/insights-client-5445dbd97f 1 1 1 3h31m +replicaset.apps/insights-metrics-7b568c78fd 1 1 1 3h31m +replicaset.apps/klusterlet-addon-controller-v2-7b9c995cc5 2 2 2 3h31m +replicaset.apps/multicluster-integrations-78bbdf889f 1 1 1 3h34m +replicaset.apps/multicluster-observability-operator-86dc5477cb 1 1 1 3h31m +replicaset.apps/multicluster-operators-application-7995b449fb 1 1 1 3h34m +replicaset.apps/multicluster-operators-channel-597d9ddc46 1 1 1 3h34m +replicaset.apps/multicluster-operators-hub-subscription-58c97bf6cc 1 1 1 3h34m +replicaset.apps/multicluster-operators-standalone-subscription-6b548d9bb8 1 1 1 3h34m +replicaset.apps/multicluster-operators-subscription-report-7bb6dfdcb6 1 1 1 3h34m +replicaset.apps/multiclusterhub-operator-66d8788b98 2 2 2 3h34m +replicaset.apps/search-api-6cbd6557c8 1 1 1 3h30m +replicaset.apps/search-collector-f68dbfc6 1 1 1 3h30m +replicaset.apps/search-indexer-54b95db649 1 1 1 3h30m +replicaset.apps/search-postgres-bb88bc4d4 1 1 1 3h30m +replicaset.apps/search-v2-operator-controller-manager-79cfcfdf5b 1 1 1 3h31m +replicaset.apps/submariner-addon-77b9fb5df8 1 1 0 3h31m +replicaset.apps/volsync-addon-controller-546985f674 1 1 1 3h31m + +NAME HOST/PORT PATH SERVICES PORT TERMINATION WILDCARD +route.route.openshift.io/search-api search-api-open-cluster-management.apps.ocloud-baremetal-okd-aio.example.com search-search-api reencrypt None + +$ oc get MultiClusterHub -n open-cluster-management +NAME STATUS AGE +multiclusterhub Running 3h34m +``` + +## oran-o2ims + +Verify the oran-o2ims operator deployment by running the 'oc get all -n oran-o2ims' +command, for example: + +``` +$ oc get all -n oran-o2ims +Warning: apps.openshift.io/v1 DeploymentConfig is deprecated in v4.14+, unavailable in v4.10000+ +NAME READY STATUS RESTARTS AGE +pod/deployment-manager-server-658bc7cbdf-qxw4s 2/2 Running 0 3h34m +pod/metadata-server-6ffb478f87-fk7hc 2/2 Running 0 3h34m +pod/oran-o2ims-controller-manager-bf459859f-lrbks 2/2 Running 32 (7m12s ago) 3h34m +pod/postgres-server-6f658dbfb9-gpp4b 1/1 Running 0 3h34m +pod/resource-server-77ccdfdf6d-2fgn8 2/2 Running 0 3h34m + +NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE +service/alarms-server ClusterIP 172.30.191.244 8000/TCP 3h34m +service/deployment-manager-server ClusterIP 172.30.71.250 8000/TCP 3h34m +service/metadata-server ClusterIP 172.30.186.182 8000/TCP 3h34m +service/oran-o2ims-controller-manager-metrics-service ClusterIP 172.30.238.160 8443/TCP 3h34m +service/postgres-server ClusterIP 172.30.134.42 5432/TCP 3h34m +service/resource-server ClusterIP 172.30.151.16 8000/TCP 3h34m + +NAME READY UP-TO-DATE AVAILABLE AGE +deployment.apps/deployment-manager-server 1/1 1 1 3h34m +deployment.apps/metadata-server 1/1 1 1 3h34m +deployment.apps/oran-o2ims-controller-manager 1/1 1 1 3h34m +deployment.apps/postgres-server 1/1 1 1 3h34m +deployment.apps/resource-server 1/1 1 1 3h34m + +NAME DESIRED CURRENT READY AGE +replicaset.apps/deployment-manager-server-658bc7cbdf 1 1 1 3h34m +replicaset.apps/metadata-server-6ffb478f87 1 1 1 3h34m +replicaset.apps/oran-o2ims-controller-manager-bf459859f 1 1 1 3h34m +replicaset.apps/postgres-server-6f658dbfb9 1 1 1 3h34m +replicaset.apps/resource-server-77ccdfdf6d 1 1 1 3h34m + +NAME HOST/PORT PATH SERVICES PORT TERMINATION WILDCARD +route.route.openshift.io/api-4h7lp o2ims.apps.ocloud-baremetal-okd-aio.example.com /o2ims-infrastructureInventory/v1/resourceTypes resource-server api reencrypt/Redirect None +route.route.openshift.io/api-5x9tj o2ims.apps.ocloud-baremetal-okd-aio.example.com /o2ims-infrastructureMonitoring alarms-server api reencrypt/Redirect None +route.route.openshift.io/api-cg6wl o2ims.apps.ocloud-baremetal-okd-aio.example.com / metadata-server api reencrypt/Redirect None +route.route.openshift.io/api-dshdl o2ims.apps.ocloud-baremetal-okd-aio.example.com /o2ims-infrastructureInventory/v1/deploymentManagers deployment-manager-server api reencrypt/Redirect None +route.route.openshift.io/api-jkcz4 o2ims.apps.ocloud-baremetal-okd-aio.example.com /o2ims-infrastructureInventory/v1/resourcePools resource-server api reencrypt/Redirect None +route.route.openshift.io/api-njwp2 o2ims.apps.ocloud-baremetal-okd-aio.example.com /o2ims-infrastructureInventory/v1/subscriptions resource-server api reencrypt/Redirect None +``` + +Additionally, a service account can be created and a token generated for testing the O2 API endpoints: + +``` +$ oc apply -f https://raw.githubusercontent.com/openshift-kni/oran-o2ims/refs/heads/osc-k-release/config/testing/client-service-account-rbac.yaml +serviceaccount/test-client created +clusterrole.rbac.authorization.k8s.io/oran-o2ims-test-client-role created +clusterrolebinding.rbac.authorization.k8s.io/oran-o2ims-test-client-binding created + +$ TOKEN=`oc create token -n oran-o2ims test-client` + +$ curl -H "Authorization: Bearer $TOKEN" -k https://o2ims.apps.ocloud-baremetal-okd-aio.example.com/o2ims-infrastructureInventory/v1 +{ + "oCloudId": "c064e7b9-ee17-44eb-b689-90bb4d26274d", + "globalCloudId": "3ff52a9a-e4f3-52cc-8823-044b9af8558b", + "name": "OpenShift O-Cloud", + "description": "OpenShift O-Cloud", + "serviceUri": "https://o2ims.apps.ocloud-baremetal-okd-aio.example.com", + "extensions": { + } +``` # Troubleshooting ## OKD diff --git a/okd/inventory/host_vars/http_store/vars.yml b/okd/inventory/host_vars/http_store/vars.yml new file mode 100644 index 00000000..79eb11a6 --- /dev/null +++ b/okd/inventory/host_vars/http_store/vars.yml @@ -0,0 +1,4 @@ +ansible_host: 192.168.89.10 +http_store_dir: /opt/http_store/data +http_port: 80 +ansible_connection: local diff --git a/okd/inventory/host_vars/master-0-baremetal/vars.yml b/okd/inventory/host_vars/master-0-baremetal/vars.yml new file mode 100644 index 00000000..b38802bc --- /dev/null +++ b/okd/inventory/host_vars/master-0-baremetal/vars.yml @@ -0,0 +1,26 @@ +--- +ocloud_infra: baremetal +ocloud_platform: okd +ocloud_topology: aio +bmc_address: "192.168.12.34" +bmc_user: admin +role: master +installation_disk_path: "/dev/disk/by-path/pci-0000:c3:00.0-nvme-1" +mac_addresses: + ens1f0: "12:34:56:78:9A:BC" +network_config: + interfaces: + - name: ens1f0 + type: ethernet + state: up + ipv4: + enabled: true + dhcp: false + address: + - ip: "192.168.45.67" + prefix-length: "24" + routes: + config: + - destination: 0.0.0.0/0 + next-hop-address: "192.168.45.1" + next-hop-interface: "ens1f0" diff --git a/okd/inventory/host_vars/master-0-baremetal/vault.yml b/okd/inventory/host_vars/master-0-baremetal/vault.yml new file mode 100644 index 00000000..ac228b2f --- /dev/null +++ b/okd/inventory/host_vars/master-0-baremetal/vault.yml @@ -0,0 +1,3 @@ +--- +# Encrypt with `ansible-vault encrypt vault.yml` before adding secrets +bmc_password: ~ diff --git a/okd/inventory/host_vars/master-0/vars.yml b/okd/inventory/host_vars/master-0-vm/vars.yml similarity index 82% rename from okd/inventory/host_vars/master-0/vars.yml rename to okd/inventory/host_vars/master-0-vm/vars.yml index db03d06a..917fee10 100644 --- a/okd/inventory/host_vars/master-0/vars.yml +++ b/okd/inventory/host_vars/master-0-vm/vars.yml @@ -2,3 +2,4 @@ ocloud_infra: vm ocloud_platform: okd ocloud_topology: aio +role: master diff --git a/okd/inventory/hosts.yml b/okd/inventory/hosts.yml index 8d36d512..41c456ee 100644 --- a/okd/inventory/hosts.yml +++ b/okd/inventory/hosts.yml @@ -8,6 +8,10 @@ kvm: localhost: ansible_connection: local +http_store: + hosts: + http_store: + ocloud: hosts: - master-0: + master-0-vm: diff --git a/okd/roles/ocloud/defaults/main.yml b/okd/roles/ocloud/defaults/main.yml index fa0e81f0..f3de43e4 100644 --- a/okd/roles/ocloud/defaults/main.yml +++ b/okd/roles/ocloud/defaults/main.yml @@ -5,3 +5,9 @@ ocloud_topology: "aio" ocloud_cluster_name: "ocloud-{{ ocloud_infra }}-{{ ocloud_platform }}-{{ ocloud_topology }}" ocloud_domain_name: "example.com" ocloud_net_cidr: "192.168.123.0/24" +ocloud_cluster_net_cidr: "10.128.0.0/14" +ocloud_cluster_net_hostprefix: "23" +ocloud_service_net_cidr: "172.30.0.0/16" +ocloud_network_type: "OVNKubernetes" +ocloud_ntp_servers: [] +ocloud_dns_servers: [] diff --git a/okd/roles/ocloud/tasks/main.yml b/okd/roles/ocloud/tasks/main.yml index c1a565e8..38469977 100644 --- a/okd/roles/ocloud/tasks/main.yml +++ b/okd/roles/ocloud/tasks/main.yml @@ -11,6 +11,12 @@ delegate_to: "{{ groups['kvm'][0] }}" when: ocloud_infra == "vm" +- name: Include infra role - {{ ocloud_infra }} + ansible.builtin.import_role: + name: "ocloud_infra_baremetal" + delegate_to: "{{ groups['deployer'][0] }}" + when: ocloud_infra == "baremetal" + - meta: flush_handlers - name: Include platform role - Stolostron diff --git a/okd/roles/ocloud_infra_baremetal/tasks/main.yml b/okd/roles/ocloud_infra_baremetal/tasks/main.yml new file mode 100644 index 00000000..6027a314 --- /dev/null +++ b/okd/roles/ocloud_infra_baremetal/tasks/main.yml @@ -0,0 +1,92 @@ +--- +- name: Get manager inventory information + community.general.redfish_info: + category: Manager + command: GetManagerInventory + baseuri: "{{ bmc_address }}" + username: "{{ bmc_user }}" + password: "{{ bmc_password }}" + register: redfish_manager_info + +- set_fact: + ocloud_infra_baremetal_manager_id: "{{ redfish_manager_info['redfish_facts']['manager']['entries'][0][1]['Id'] }}" + ocloud_infra_baremetal_image_url: "http://{{ hostvars['http_store']['ansible_host'] }}:{{ hostvars['http_store']['http_port'] }}/{{ ocloud_infra_baremetal_image }}" + +- name: Download platform boot image + ansible.builtin.fetch: + src: "{{ ocloud_platform_image }}" + dest: "/tmp/{{ ocloud_infra_baremetal_image }}" + flat: true + run_once: true + +- name: Copy platform boot image to HTTP store + ansible.builtin.copy: + src: "/tmp/{{ ocloud_infra_baremetal_image }}" + dest: "{{ hostvars['http_store']['http_store_dir'] }}/{{ ocloud_infra_baremetal_image }}" + delegate_to: http_store + run_once: true + become: true + +- name: Power off + community.general.redfish_command: + category: Systems + command: PowerForceOff + baseuri: "{{ bmc_address }}" + username: "{{ bmc_user }}" + password: "{{ bmc_password }}" + +- name: Get virtual media information + community.general.redfish_info: + category: Manager + command: GetVirtualMedia + baseuri: "{{ bmc_address }}" + username: "{{ bmc_user }}" + password: "{{ bmc_password }}" + register: virtual_media_info + +- name: Eject virtual media + community.general.redfish_command: + category: Manager + command: VirtualMediaEject + virtual_media: + image_url: "{{ item[1][0]['Image'] }}" + baseuri: "{{ bmc_address }}" + username: "{{ bmc_user }}" + password: "{{ bmc_password }}" + resource_id: "{{ ocloud_infra_baremetal_manager_id }}" + when: item[1][0]['ConnectedVia'] != "NotConnected" and item[1][0]['Image'] | length > 0 + loop: "{{ virtual_media_info['redfish_facts']['virtual_media']['entries'] }}" + +- name: Configure one-time boot from virtual media + community.general.redfish_command: + category: Systems + command: SetOneTimeBoot + bootdevice: Cd + baseuri: "{{ bmc_address }}" + username: "{{ bmc_user }}" + password: "{{ bmc_password }}" + resource_id: "{{ ocloud_infra_baremetal_manager_id }}" + +- name: Insert virtual media + community.general.redfish_command: + category: Manager + command: VirtualMediaInsert + baseuri: "{{ bmc_address }}" + username: "{{ bmc_user }}" + password: "{{ bmc_password }}" + virtual_media: + image_url: "{{ ocloud_infra_baremetal_image_url }}" + media_types: + - CD + - DVD + resource_id: "{{ ocloud_infra_baremetal_manager_id }}" + timeout: 120 + +- name: Power on + community.general.redfish_command: + category: Systems + command: PowerOn + baseuri: "{{ bmc_address }}" + username: "{{ bmc_user }}" + password: "{{ bmc_password }}" + notify: monitor_platform_deployment diff --git a/okd/roles/ocloud_infra_baremetal/vars/main.yml b/okd/roles/ocloud_infra_baremetal/vars/main.yml new file mode 100644 index 00000000..0d459926 --- /dev/null +++ b/okd/roles/ocloud_infra_baremetal/vars/main.yml @@ -0,0 +1,2 @@ +--- +ocloud_infra_baremetal_image: "{{ ocloud_cluster_name }}.iso" diff --git a/okd/roles/ocloud_platform_o2ims/defaults/main.yml b/okd/roles/ocloud_platform_o2ims/defaults/main.yml index 1b1d1269..546295d3 100644 --- a/okd/roles/ocloud_platform_o2ims/defaults/main.yml +++ b/okd/roles/ocloud_platform_o2ims/defaults/main.yml @@ -2,5 +2,5 @@ ocloud_platform_o2ims_golang_url: "https://go.dev/dl/go1.23.2.linux-amd64.tar.gz" ocloud_platform_o2ims_kubeconfig: "{{ ocloud_platform_okd_kubeconfig }}" ocloud_platform_o2ims_repo_url: "https://github.com/openshift-kni/oran-o2ims.git" -ocloud_platform_o2ims_repo_version: "main" +ocloud_platform_o2ims_repo_version: "osc-k-release" ocloud_platform_o2ims_service: "o2ims" diff --git a/okd/roles/ocloud_platform_o2ims/templates/v1alpha1_inventory.yaml.j2 b/okd/roles/ocloud_platform_o2ims/templates/v1alpha1_inventory.yaml.j2 index 284dbf51..ff87c2bb 100644 --- a/okd/roles/ocloud_platform_o2ims/templates/v1alpha1_inventory.yaml.j2 +++ b/okd/roles/ocloud_platform_o2ims/templates/v1alpha1_inventory.yaml.j2 @@ -12,7 +12,7 @@ metadata: spec: cloudID: {{ ocloud_platform_o2ims_ingress_host | to_uuid }} ingressHost: {{ ocloud_platform_o2ims_ingress_host }} - alarmSubscriptionServerConfig: + alarmServerConfig: enabled: false metadataServerConfig: enabled: true diff --git a/okd/roles/ocloud_platform_okd/tasks/install.yml b/okd/roles/ocloud_platform_okd/tasks/install.yml index 6896b881..5abb1db3 100644 --- a/okd/roles/ocloud_platform_okd/tasks/install.yml +++ b/okd/roles/ocloud_platform_okd/tasks/install.yml @@ -37,6 +37,13 @@ - agent-config.yaml - install-config.yaml +- ansible.builtin.debug: + verbosity: 2 + msg: "{{ lookup('file', [ocloud_platform_okd_staging_dir['path'], 'cfg', item] | path_join) }}" + loop: + - agent-config.yaml + - install-config.yaml + - name: Generate OKD agent-based installer image ansible.builtin.shell: cmd: "openshift-install agent create image --dir {{ ocloud_platform_okd_staging_dir['path'] }}/cfg" diff --git a/okd/roles/ocloud_platform_okd/templates/agent-config.yaml.j2 b/okd/roles/ocloud_platform_okd/templates/agent-config.yaml.j2 index db24c18a..b8c30b5c 100644 --- a/okd/roles/ocloud_platform_okd/templates/agent-config.yaml.j2 +++ b/okd/roles/ocloud_platform_okd/templates/agent-config.yaml.j2 @@ -1,5 +1,42 @@ +#jinja2:trim_blocks: True, lstrip_blocks: True apiVersion: v1beta1 kind: AgentConfig metadata: name: {{ ocloud_cluster_name }} +{% if hostvars[groups['ocloud'][0]]['ocloud_infra'] == "baremetal" %} +rendezvousIP: {{ hostvars[groups['ocloud'][0]]['network_config']['interfaces'][0]['ipv4']['address'][0]['ip'] }} +{% else %} rendezvousIP: {{ ocloud_net_cidr | ansible.utils.ipmath(11) }} +{% endif %} +{% if ocloud_ntp_servers is defined and ocloud_ntp_servers | length > 0 %} +additionalNTPSources: +{% for ntp_server in ocloud_ntp_servers %} +- {{ ntp_server }} +{% endfor %} +{% endif %} +{% if groups['ocloud'] | map('extract', hostvars, 'ocloud_infra') | select('equalto', 'baremetal') | length > 0 %} +hosts: +{% endif %} +{% for hostname in groups['ocloud'] %} + {% if hostvars[hostname]['ocloud_infra'] == "baremetal" %} + - role: {{ hostvars[hostname]['role'] }} + hostname: {{ hostname }} + interfaces: + - name: {{ hostvars[hostname]['network_config']['interfaces'][0]['name'] }} + macAddress: {{ hostvars[hostname]['mac_addresses'][hostvars[hostname]['network_config']['interfaces'][0]['name']] }} + networkConfig: + {{ hostvars[hostname]['network_config'] | to_nice_yaml(indent=2) | trim | indent(6) }} + dns-resolver: + config: + search: + - {{ ocloud_domain_name }} + server: + {% for dns_server in ocloud_dns_servers %} + - {{ dns_server }} + {% endfor %} + {% if hostvars[hostname]['installation_disk_path'] is defined %} + rootDeviceHints: + deviceName: {{ hostvars[hostname]['installation_disk_path'] }} + {% endif %} + {% endif %} +{% endfor %} diff --git a/okd/roles/ocloud_platform_okd/templates/install-config.yaml.j2 b/okd/roles/ocloud_platform_okd/templates/install-config.yaml.j2 index 781122eb..1a7eeced 100644 --- a/okd/roles/ocloud_platform_okd/templates/install-config.yaml.j2 +++ b/okd/roles/ocloud_platform_okd/templates/install-config.yaml.j2 @@ -1,26 +1,48 @@ +#jinja2:trim_blocks: True, lstrip_blocks: True apiVersion: v1 baseDomain: {{ ocloud_domain_name }} -compute: -- name: worker - replicas: 0 controlPlane: name: master - replicas: 1 + replicas: {{ groups['ocloud'] | map('extract', hostvars, 'role') | select('equalto', 'master') | length }} +compute: + - name: worker + replicas: {{ groups['ocloud'] | map('extract', hostvars, 'role') | select('equalto', 'worker') | length }} metadata: name: {{ ocloud_cluster_name }} networking: clusterNetwork: - - cidr: 10.128.0.0/14 - hostPrefix: 23 - networkType: OVNKubernetes + - cidr: {{ ocloud_cluster_net_cidr }} + hostPrefix: {{ ocloud_cluster_net_hostprefix }} + networkType: {{ ocloud_network_type }} machineNetwork: - cidr: {{ ocloud_net_cidr }} serviceNetwork: - - 172.30.0.0/16 + - {{ ocloud_service_net_cidr}} platform: + {% if groups['ocloud'] | length == 1 %} none: {} -bootstrapInPlace: - installationDisk: /dev/vda -fips: false + {% else %} + baremetal: + apiVips: + {% for vip in ocloud_platform_okd_api_vips %} + - {{ vip }} + {% endfor %} + ingressVips: + {% for vip in ocloud_platform_okd_ingress_vips %} + - {{ vip }} + {% endfor %} + {% endif %} pullSecret: '{{ ocloud_platform_okd_pull_secret }}' sshKey: '{{ ocloud_platform_okd_ssh_pubkey }}' +{% if (http_proxy is defined and http_proxy != "") or (https_proxy is defined and https_proxy != "") or (no_proxy is defined and no_proxy != "") %} +proxy: + {% if http_proxy is defined and http_proxy != "" %} + httpProxy: {{ http_proxy }} + {% endif %} + {% if https_proxy is defined and https_proxy != "" %} + httpsProxy: {{ https_proxy }} + {% endif %} + {% if no_proxy is defined and no_proxy != "" %} + noProxy: {{ no_proxy }} + {% endif %} +{% endif %}