From: Chris Wheeler Date: Mon, 24 Mar 2025 23:01:19 +0000 (+0000) Subject: Prereq roles for alarm management and provisioning on OKD O-Cloud X-Git-Tag: l-release~14 X-Git-Url: https://gerrit.o-ran-sc.org/r/gitweb?a=commitdiff_plain;h=edf0920ce410d6cd6733119d78720fed24a680f0;p=pti%2Frtp.git Prereq roles for alarm management and provisioning on OKD O-Cloud - Added ocloud_setup role - Added ocloud_platform_cgu role (cluster-group-upgrades) - Added ocloud_platform_siteconfig role - Added ocloud_platform_mco role (multi-cluster-observability) Issue-ID: INF-491 Change-Id: Ibc8d5c4835a3e4756bc2dfa17e1b70e60a9d7f99 Signed-Off-By: Chris Wheeler --- diff --git a/okd/roles/ocloud_platform_cgu/defaults/main.yml b/okd/roles/ocloud_platform_cgu/defaults/main.yml new file mode 100644 index 00000000..7467a064 --- /dev/null +++ b/okd/roles/ocloud_platform_cgu/defaults/main.yml @@ -0,0 +1,4 @@ +--- +ocloud_platform_cgu_kubeconfig: "{{ ocloud_platform_okd_kubeconfig }}" +ocloud_platform_cgu_version: "4.19.0" +ocloud_platform_cgu_repo_url: "https://github.com/openshift-kni/cluster-group-upgrades-operator.git" diff --git a/okd/roles/ocloud_platform_cgu/meta/main.yml b/okd/roles/ocloud_platform_cgu/meta/main.yml new file mode 100644 index 00000000..5b478055 --- /dev/null +++ b/okd/roles/ocloud_platform_cgu/meta/main.yml @@ -0,0 +1,3 @@ +--- +dependencies: + - role: ocloud_setup diff --git a/okd/roles/ocloud_platform_cgu/tasks/main.yml b/okd/roles/ocloud_platform_cgu/tasks/main.yml new file mode 100644 index 00000000..4b7c6343 --- /dev/null +++ b/okd/roles/ocloud_platform_cgu/tasks/main.yml @@ -0,0 +1,13 @@ +--- +- name: Clone cluster-group-upgrades repo + ansible.builtin.git: + repo: "{{ ocloud_platform_cgu_repo_url }}" + dest: "{{ ocloud_staging_dir['path'] }}/git/cluster-group-upgrades" + +- name: Install cluster-group-upgrades + ansible.builtin.shell: + chdir: "{{ ocloud_staging_dir['path'] }}/git/cluster-group-upgrades" + cmd: "make install deploy VERSION={{ ocloud_platform_cgu_snapshot }}" + environment: + PATH: "{{ ocloud_staging_dir['path'] }}/go/bin:{{ ansible_env.PATH }}" + KUBECONFIG: "{{ ocloud_platform_cgu_kubeconfig }}" diff --git a/okd/roles/ocloud_platform_mco/defaults/main.yml b/okd/roles/ocloud_platform_mco/defaults/main.yml new file mode 100644 index 00000000..58af2184 --- /dev/null +++ b/okd/roles/ocloud_platform_mco/defaults/main.yml @@ -0,0 +1,8 @@ +--- +ocloud_platform_mco_kubeconfig: "{{ ocloud_platform_okd_kubeconfig }}" +ocloud_platform_mco_pull_secret: "{{ ocloud_platform_okd_pull_secret }}" +ocloud_platform_mco_namespace: "open-cluster-management-observability" +ocloud_platform_mco_minio_image: "quay.io/minio/minio:RELEASE.2021-08-25T00-41-18Z" +ocloud_platform_mco_storageclass: "local-storage" +ocloud_platform_mco_storage_size: "10Gi" +ocloud_platform_mco_minio_storage_size: "1Gi" diff --git a/okd/roles/ocloud_platform_mco/meta/main.yml b/okd/roles/ocloud_platform_mco/meta/main.yml new file mode 100644 index 00000000..5b478055 --- /dev/null +++ b/okd/roles/ocloud_platform_mco/meta/main.yml @@ -0,0 +1,3 @@ +--- +dependencies: + - role: ocloud_setup diff --git a/okd/roles/ocloud_platform_mco/tasks/main.yml b/okd/roles/ocloud_platform_mco/tasks/main.yml new file mode 100644 index 00000000..ec6e28ee --- /dev/null +++ b/okd/roles/ocloud_platform_mco/tasks/main.yml @@ -0,0 +1,66 @@ +--- +- set_fact: + ocloud_platform_mco_replicas: "{{ groups['ocloud'] | map('extract', hostvars, 'role') | select('equalto', 'master') | length }}" + +- name: Create namespace + kubernetes.core.k8s: + api_version: v1 + kind: Namespace + name: "{{ ocloud_platform_mco_namespace }}" + state: present + kubeconfig: "{{ ocloud_platform_mco_kubeconfig }}" + +- name: Create StorageClass + kubernetes.core.k8s: + template: "sc.yaml.j2" + state: present + kubeconfig: "{{ ocloud_platform_mco_kubeconfig }}" + +- name: Create PersistentVolumes + kubernetes.core.k8s: + template: "pv.yaml.j2" + state: present + kubeconfig: "{{ ocloud_platform_mco_kubeconfig }}" + loop: "{{ groups['ocloud'] }}" + when: hostvars[item]['role'] == "master" + +- name: Create pull secret + kubernetes.core.k8s: + template: "pull-secret.yaml.j2" + state: present + kubeconfig: "{{ ocloud_platform_mco_kubeconfig }}" + +- name: Generate S3 access and secret keys + set_fact: + ocloud_platform_mco_access_key: "{{ 999999999 | random | to_uuid }}" + ocloud_platform_mco_secret_key: "{{ 999999999 | random | to_uuid }}" + +- name: Create PersistentVolumeClaim - minio + kubernetes.core.k8s: + template: "pvc.yaml.j2" + state: present + kubeconfig: "{{ ocloud_platform_mco_kubeconfig }}" + +- name: Create Secret + kubernetes.core.k8s: + template: "secret.yaml.j2" + state: present + kubeconfig: "{{ ocloud_platform_mco_kubeconfig }}" + +- name: Create Deployment - minio + kubernetes.core.k8s: + template: "deployment.yaml.j2" + state: present + kubeconfig: "{{ ocloud_platform_mco_kubeconfig }}" + +- name: Create Service - minio + kubernetes.core.k8s: + template: "service.yaml.j2" + state: present + kubeconfig: "{{ ocloud_platform_mco_kubeconfig }}" + +- name: Create MultiClusterObservability resource + kubernetes.core.k8s: + template: "mco.yaml.j2" + state: present + kubeconfig: "{{ ocloud_platform_mco_kubeconfig }}" diff --git a/okd/roles/ocloud_platform_mco/templates/deployment.yaml.j2 b/okd/roles/ocloud_platform_mco/templates/deployment.yaml.j2 new file mode 100644 index 00000000..651774f2 --- /dev/null +++ b/okd/roles/ocloud_platform_mco/templates/deployment.yaml.j2 @@ -0,0 +1,42 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: minio + namespace: "{{ ocloud_platform_mco_namespace }}" + labels: + app.kubernetes.io/name: minio +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: minio + strategy: + type: Recreate + template: + metadata: + labels: + app.kubernetes.io/name: minio + spec: + containers: + - command: + - /bin/sh + - -c + - mkdir -p /storage/thanos && /usr/bin/minio server /storage + env: + - name: MINIO_ACCESS_KEY + value: "{{ ocloud_platform_mco_access_key }}" + - name: MINIO_SECRET_KEY + value: "{{ ocloud_platform_mco_secret_key }}" + image: "{{ ocloud_platform_mco_minio_image }}" + name: minio + ports: + - containerPort: 9000 + protocol: TCP + volumeMounts: + - mountPath: /storage + name: storage + volumes: + - name: storage + persistentVolumeClaim: + claimName: minio diff --git a/okd/roles/ocloud_platform_mco/templates/mco.yaml.j2 b/okd/roles/ocloud_platform_mco/templates/mco.yaml.j2 new file mode 100644 index 00000000..01147b79 --- /dev/null +++ b/okd/roles/ocloud_platform_mco/templates/mco.yaml.j2 @@ -0,0 +1,36 @@ +apiVersion: observability.open-cluster-management.io/v1beta2 +kind: MultiClusterObservability +metadata: + name: observability + namespace: "{{ ocloud_platform_mco_namespace }}" +spec: + observabilityAddonSpec: {} + storageConfig: + metricObjectStorage: + name: thanos-object-storage + key: thanos.yaml + compactStorageSize: "{{ ocloud_platform_mco_storage_size }}" + receiveStorageSize: "{{ ocloud_platform_mco_storage_size }}" + advanced: + alertmanager: + replicas: {{ ocloud_platform_mco_replicas }} + grafana: + replicas: {{ ocloud_platform_mco_replicas }} + observatoriumAPI: + replicas: {{ ocloud_platform_mco_replicas }} + query: + replicas: {{ ocloud_platform_mco_replicas }} + queryFrontend: + replicas: {{ ocloud_platform_mco_replicas }} + queryFrontendMemcached: + replicas: {{ ocloud_platform_mco_replicas }} + rbacQueryProxy: + replicas: {{ ocloud_platform_mco_replicas }} + receive: + replicas: {{ ocloud_platform_mco_replicas }} + rule: + replicas: {{ ocloud_platform_mco_replicas }} + store: + replicas: {{ ocloud_platform_mco_replicas }} + storeMemcached: + replicas: {{ ocloud_platform_mco_replicas }} diff --git a/okd/roles/ocloud_platform_mco/templates/pull-secret.yaml.j2 b/okd/roles/ocloud_platform_mco/templates/pull-secret.yaml.j2 new file mode 100644 index 00000000..73443339 --- /dev/null +++ b/okd/roles/ocloud_platform_mco/templates/pull-secret.yaml.j2 @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: Secret +metadata: + name: multiclusterhub-operator-pull-secret + namespace: "{{ ocloud_platform_mco_namespace }}" +data: + .dockerconfigjson: {{ ocloud_platform_mco_pull_secret | to_json | b64encode }} +type: kubernetes.io/dockerconfigjson diff --git a/okd/roles/ocloud_platform_mco/templates/pv.yaml.j2 b/okd/roles/ocloud_platform_mco/templates/pv.yaml.j2 new file mode 100644 index 00000000..658fa731 --- /dev/null +++ b/okd/roles/ocloud_platform_mco/templates/pv.yaml.j2 @@ -0,0 +1,138 @@ +--- +apiVersion: v1 +kind: PersistentVolume +metadata: + name: pv1-{{ item }} +spec: + capacity: + storage: "1Gi" + volumeMode: "Filesystem" + accessModes: + - ReadWriteOnce + persistentVolumeReclaimPolicy: Retain + storageClassName: "local-storage" + local: + path: "/dev/disk/by-partlabel/pv1" + nodeAffinity: + required: + nodeSelectorTerms: + - matchExpressions: + - key: kubernetes.io/hostname + operator: In + values: + - {{ item }} +--- +apiVersion: v1 +kind: PersistentVolume +metadata: + name: pv2-{{ item }} +spec: + capacity: + storage: "1Gi" + volumeMode: "Filesystem" + accessModes: + - ReadWriteOnce + persistentVolumeReclaimPolicy: Retain + storageClassName: "local-storage" + local: + path: "/dev/disk/by-partlabel/pv2" + nodeAffinity: + required: + nodeSelectorTerms: + - matchExpressions: + - key: kubernetes.io/hostname + operator: In + values: + - {{ item }} +--- +apiVersion: v1 +kind: PersistentVolume +metadata: + name: pv3-{{ item }} +spec: + capacity: + storage: "1Gi" + volumeMode: "Filesystem" + accessModes: + - ReadWriteOnce + persistentVolumeReclaimPolicy: Retain + storageClassName: "local-storage" + local: + path: "/dev/disk/by-partlabel/pv3" + nodeAffinity: + required: + nodeSelectorTerms: + - matchExpressions: + - key: kubernetes.io/hostname + operator: In + values: + - {{ item }} +--- +apiVersion: v1 +kind: PersistentVolume +metadata: + name: pv4-{{ item }} +spec: + capacity: + storage: "10Gi" + volumeMode: "Filesystem" + accessModes: + - ReadWriteOnce + persistentVolumeReclaimPolicy: Retain + storageClassName: "local-storage" + local: + path: "/dev/disk/by-partlabel/pv4" + nodeAffinity: + required: + nodeSelectorTerms: + - matchExpressions: + - key: kubernetes.io/hostname + operator: In + values: + - {{ item }} +--- +apiVersion: v1 +kind: PersistentVolume +metadata: + name: pv5-{{ item }} +spec: + capacity: + storage: "10Gi" + volumeMode: "Filesystem" + accessModes: + - ReadWriteOnce + persistentVolumeReclaimPolicy: Retain + storageClassName: "local-storage" + local: + path: "/dev/disk/by-partlabel/pv5" + nodeAffinity: + required: + nodeSelectorTerms: + - matchExpressions: + - key: kubernetes.io/hostname + operator: In + values: + - {{ item }} +--- +apiVersion: v1 +kind: PersistentVolume +metadata: + name: pv6-{{ item }} +spec: + capacity: + storage: "10Gi" + volumeMode: "Filesystem" + accessModes: + - ReadWriteOnce + persistentVolumeReclaimPolicy: Retain + storageClassName: "local-storage" + local: + path: "/dev/disk/by-partlabel/pv6" + nodeAffinity: + required: + nodeSelectorTerms: + - matchExpressions: + - key: kubernetes.io/hostname + operator: In + values: + - {{ item }} diff --git a/okd/roles/ocloud_platform_mco/templates/pvc.yaml.j2 b/okd/roles/ocloud_platform_mco/templates/pvc.yaml.j2 new file mode 100644 index 00000000..c8db9421 --- /dev/null +++ b/okd/roles/ocloud_platform_mco/templates/pvc.yaml.j2 @@ -0,0 +1,15 @@ +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + labels: + app.kubernetes.io/name: minio + name: minio + namespace: "{{ ocloud_platform_mco_namespace }}" +spec: + storageClassName: "{{ ocloud_platform_mco_storageclass }}" + accessModes: + - ReadWriteOnce + resources: + requests: + storage: "{{ ocloud_platform_mco_minio_storage_size }}" diff --git a/okd/roles/ocloud_platform_mco/templates/sc.yaml.j2 b/okd/roles/ocloud_platform_mco/templates/sc.yaml.j2 new file mode 100644 index 00000000..899f864a --- /dev/null +++ b/okd/roles/ocloud_platform_mco/templates/sc.yaml.j2 @@ -0,0 +1,9 @@ +--- +apiVersion: storage.k8s.io/v1 +kind: StorageClass +metadata: + name: "{{ ocloud_platform_mco_storageclass }}" + annotations: + storageclass.kubernetes.io/is-default-class: "true" +provisioner: kubernetes.io/no-provisioner +volumeBindingMode: WaitForFirstConsumer diff --git a/okd/roles/ocloud_platform_mco/templates/secret.yaml.j2 b/okd/roles/ocloud_platform_mco/templates/secret.yaml.j2 new file mode 100644 index 00000000..97708ae6 --- /dev/null +++ b/okd/roles/ocloud_platform_mco/templates/secret.yaml.j2 @@ -0,0 +1,16 @@ +--- +apiVersion: v1 +kind: Secret +metadata: + name: thanos-object-storage + namespace: "{{ ocloud_platform_mco_namespace }}" +type: Opaque +stringData: + thanos.yaml: | + type: s3 + config: + bucket: "thanos" + endpoint: "minio:9000" + insecure: true + access_key: "{{ ocloud_platform_mco_access_key }}" + secret_key: "{{ ocloud_platform_mco_secret_key }}" diff --git a/okd/roles/ocloud_platform_mco/templates/service.yaml.j2 b/okd/roles/ocloud_platform_mco/templates/service.yaml.j2 new file mode 100644 index 00000000..cf934463 --- /dev/null +++ b/okd/roles/ocloud_platform_mco/templates/service.yaml.j2 @@ -0,0 +1,14 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: minio + namespace: "{{ ocloud_platform_mco_namespace }}" +spec: + ports: + - port: 9000 + protocol: TCP + targetPort: 9000 + selector: + app.kubernetes.io/name: minio + type: ClusterIP diff --git a/okd/roles/ocloud_platform_okd/tasks/install.yml b/okd/roles/ocloud_platform_okd/tasks/install.yml index 5abb1db3..36b0bbd3 100644 --- a/okd/roles/ocloud_platform_okd/tasks/install.yml +++ b/okd/roles/ocloud_platform_okd/tasks/install.yml @@ -11,6 +11,7 @@ loop: - bin - cfg + - cfg/openshift - name: Download OKD CLI ansible.builtin.get_url: @@ -37,6 +38,13 @@ - agent-config.yaml - install-config.yaml +- name: Copy MachineConfig manifests + ansible.builtin.template: + src: "{{ item }}.j2" + dest: "{{ ocloud_platform_okd_staging_dir['path'] }}/cfg/openshift/{{ item }}" + loop: + - 99-master-pvs.yaml + - ansible.builtin.debug: verbosity: 2 msg: "{{ lookup('file', [ocloud_platform_okd_staging_dir['path'], 'cfg', item] | path_join) }}" diff --git a/okd/roles/ocloud_platform_okd/templates/99-master-pvs.yaml.j2 b/okd/roles/ocloud_platform_okd/templates/99-master-pvs.yaml.j2 new file mode 100644 index 00000000..c1be32ac --- /dev/null +++ b/okd/roles/ocloud_platform_okd/templates/99-master-pvs.yaml.j2 @@ -0,0 +1,68 @@ +# Generated by Butane; do not edit +apiVersion: machineconfiguration.openshift.io/v1 +kind: MachineConfig +metadata: + labels: + machineconfiguration.openshift.io/role: master + name: 99-master-pvs +spec: + config: + ignition: + version: 3.4.0 + storage: + disks: + - device: {{ installation_disk_path | default("/dev/vda") }} + partitions: + - label: pv1 + number: 5 + sizeMiB: 1024 + startMiB: 32768 + - label: pv2 + number: 6 + sizeMiB: 1024 + startMiB: 33792 + - label: pv3 + number: 7 + sizeMiB: 1024 + startMiB: 34816 + - label: pv4 + number: 8 + sizeMiB: 10240 + startMiB: 35840 + - label: pv5 + number: 9 + sizeMiB: 10240 + startMiB: 46080 + - label: pv6 + number: 10 + sizeMiB: 10240 + startMiB: 56320 + - label: var + number: 11 + sizeMiB: 0 + startMiB: 66560 + filesystems: + - device: /dev/disk/by-partlabel/var + format: xfs + mountOptions: + - defaults + - prjquota + path: /var + systemd: + units: + - contents: |- + # Generated by Butane + [Unit] + Requires=systemd-fsck@dev-disk-by\x2dpartlabel-var.service + After=systemd-fsck@dev-disk-by\x2dpartlabel-var.service + + [Mount] + Where=/var + What=/dev/disk/by-partlabel/var + Type=xfs + Options=defaults,prjquota + + [Install] + RequiredBy=local-fs.target + enabled: true + name: var.mount diff --git a/okd/roles/ocloud_platform_siteconfig/defaults/main.yml b/okd/roles/ocloud_platform_siteconfig/defaults/main.yml new file mode 100644 index 00000000..925e9dd8 --- /dev/null +++ b/okd/roles/ocloud_platform_siteconfig/defaults/main.yml @@ -0,0 +1,4 @@ +--- +ocloud_platform_siteconfig_kubeconfig: "{{ ocloud_platform_okd_kubeconfig }}" +ocloud_platform_siteconfig_snapshot: "2.14.0-SNAPSHOT-2025-03-24-21-08-55" +ocloud_platform_siteconfig_repo_url: "https://github.com/stolostron/siteconfig.git" diff --git a/okd/roles/ocloud_platform_siteconfig/meta/main.yml b/okd/roles/ocloud_platform_siteconfig/meta/main.yml new file mode 100644 index 00000000..5b478055 --- /dev/null +++ b/okd/roles/ocloud_platform_siteconfig/meta/main.yml @@ -0,0 +1,3 @@ +--- +dependencies: + - role: ocloud_setup diff --git a/okd/roles/ocloud_platform_siteconfig/tasks/main.yml b/okd/roles/ocloud_platform_siteconfig/tasks/main.yml new file mode 100644 index 00000000..9566fa2e --- /dev/null +++ b/okd/roles/ocloud_platform_siteconfig/tasks/main.yml @@ -0,0 +1,13 @@ +--- +- name: Clone stolostron/siteconfig repo + ansible.builtin.git: + repo: "{{ ocloud_platform_siteconfig_repo_url }}" + dest: "{{ ocloud_staging_dir['path'] }}/git/siteconfig" + +- name: Install siteconfig + ansible.builtin.shell: + chdir: "{{ ocloud_staging_dir['path'] }}/git/siteconfig" + cmd: "make install deploy VERSION={{ ocloud_platform_siteconfig_snapshot }}" + environment: + PATH: "{{ ocloud_staging_dir['path'] }}/go/bin:{{ ansible_env.PATH }}" + KUBECONFIG: "{{ ocloud_platform_siteconfig_kubeconfig }}" diff --git a/okd/roles/ocloud_setup/defaults/main.yml b/okd/roles/ocloud_setup/defaults/main.yml new file mode 100644 index 00000000..0ee983cc --- /dev/null +++ b/okd/roles/ocloud_setup/defaults/main.yml @@ -0,0 +1,4 @@ +--- +ocloud_setup_okd_cli_version: "stable-4.18" +ocloud_setup_okd_cli_url: "https://mirror.openshift.com/pub/openshift-v4/x86_64/clients/ocp" +ocloud_setup_golang_url: "https://go.dev/dl/go1.23.2.linux-amd64.tar.gz" diff --git a/okd/roles/ocloud_setup/tasks/main.yml b/okd/roles/ocloud_setup/tasks/main.yml new file mode 100644 index 00000000..a8c6565e --- /dev/null +++ b/okd/roles/ocloud_setup/tasks/main.yml @@ -0,0 +1,23 @@ +--- +- name: Gather facts + ansible.builtin.setup: + gather_subset: all + +- name: Create staging dir for O-Cloud installation + ansible.builtin.tempfile: + path: "{{ lookup('env', 'HOME') }}" + prefix: "ocloud.{{ ansible_date_time['date'] }}." + state: directory + register: ocloud_staging_dir + +- name: Create staging subdirs + ansible.builtin.file: + path: "{{ ocloud_staging_dir['path'] }}/{{ item }}" + state: directory + loop: + - bin + - cfg + - git + +- include_tasks: okd.yml + when: ocloud_platform == "okd" diff --git a/okd/roles/ocloud_setup/tasks/okd.yml b/okd/roles/ocloud_setup/tasks/okd.yml new file mode 100644 index 00000000..3d51a048 --- /dev/null +++ b/okd/roles/ocloud_setup/tasks/okd.yml @@ -0,0 +1,22 @@ +--- +- name: Download OKD CLI + ansible.builtin.get_url: + url: "{{ ocloud_setup_okd_cli_url }}/{{ ocloud_setup_okd_cli_version }}/openshift-client-linux.tar.gz" + dest: "{{ ocloud_staging_dir['path'] }}" + +- name: Extract OKD CLI + ansible.builtin.unarchive: + src: "{{ ocloud_staging_dir['path'] }}/openshift-client-linux.tar.gz" + dest: "{{ ocloud_staging_dir['path'] }}/bin" + remote_src: true + +- name: Download golang + ansible.builtin.get_url: + url: "{{ ocloud_setup_golang_url }}" + dest: "{{ ocloud_staging_dir['path'] }}/go.linux-amd64.tar.gz" + +- name: Extract golang + ansible.builtin.unarchive: + src: "{{ ocloud_staging_dir['path'] }}/go.linux-amd64.tar.gz" + dest: "{{ ocloud_staging_dir['path'] }}" + remote_src: true