From edca58301f51675f101d3ca7822fe342227b4dc5 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 3 Nov 2021 12:10:45 +0100 Subject: [PATCH 01/97] build(deps): bump actions/checkout from 2.3.4 to 2.4.0 (#812) Bumps [actions/checkout](https://github.com/actions/checkout) from 2.3.4 to 2.4.0. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v2.3.4...v2.4.0) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/ansible-lint.yml | 2 +- .github/workflows/jekyll.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ansible-lint.yml b/.github/workflows/ansible-lint.yml index 523737b0ad..613405c45d 100644 --- a/.github/workflows/ansible-lint.yml +++ b/.github/workflows/ansible-lint.yml @@ -10,7 +10,7 @@ jobs: steps: # Important: This sets up your GITHUB_WORKSPACE environment variable - - uses: actions/checkout@v2.3.4 + - uses: actions/checkout@v2.4.0 - uses: actions/cache@v2.1.6 with: diff --git a/.github/workflows/jekyll.yml b/.github/workflows/jekyll.yml index 14c622b9d4..1bd3b7329c 100644 --- a/.github/workflows/jekyll.yml +++ b/.github/workflows/jekyll.yml @@ -11,7 +11,7 @@ jobs: jekyll: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2.3.4 + - uses: actions/checkout@v2.4.0 # Use GitHub Actions' cache to shorten build times and decrease load on servers - uses: actions/cache@v2.1.6 From c08a5a95f9fee8fcb091d7e7d5146b7cee526cac Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 3 Nov 2021 12:11:45 +0100 Subject: [PATCH 02/97] build(deps): update ansible requirement from <4.7.0 to <4.9.0 (#813) Updates the requirements on [ansible](https://github.com/ansible/ansible) to permit the latest version. - [Release notes](https://github.com/ansible/ansible/releases) - [Commits](https://github.com/ansible/ansible/commits) --- updated-dependencies: - dependency-name: ansible dependency-type: direct:production ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- test-requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test-requirements.txt b/test-requirements.txt index 7c1ba49c06..9c752b5c2c 100644 --- a/test-requirements.txt +++ b/test-requirements.txt @@ -1,2 +1,2 @@ -ansible<4.7.0 +ansible<4.9.0 ansible-lint<6.0.0 From 36935498f70e132b678f9ef504b73d7cb642c49e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 15 Nov 2021 11:02:23 +0000 Subject: [PATCH 03/97] build(deps): bump technote-space/broken-link-checker-action Bumps [technote-space/broken-link-checker-action](https://github.com/technote-space/broken-link-checker-action) from 2.2.9 to 2.2.10. - [Release notes](https://github.com/technote-space/broken-link-checker-action/releases) - [Changelog](https://github.com/technote-space/broken-link-checker-action/blob/main/.releasegarc) - [Commits](https://github.com/technote-space/broken-link-checker-action/compare/v2.2.9...v2.2.10) --- updated-dependencies: - dependency-name: technote-space/broken-link-checker-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- .github/workflows/broken-link-check.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/broken-link-check.yml b/.github/workflows/broken-link-check.yml index c88b7e489e..5650612617 100644 --- a/.github/workflows/broken-link-check.yml +++ b/.github/workflows/broken-link-check.yml @@ -13,4 +13,4 @@ jobs: runs-on: ubuntu-latest steps: - name: Broken Link Check - uses: technote-space/broken-link-checker-action@v2.2.9 + uses: technote-space/broken-link-checker-action@v2.2.10 From b4ab28acdf03af10103a1a204fed3dc31fa1b290 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 18 Nov 2021 11:02:12 +0000 Subject: [PATCH 04/97] build(deps): bump actions/setup-python from 2.2.2 to 2.3.0 Bumps [actions/setup-python](https://github.com/actions/setup-python) from 2.2.2 to 2.3.0. - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](https://github.com/actions/setup-python/compare/v2.2.2...v2.3.0) --- updated-dependencies: - dependency-name: actions/setup-python dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/ansible-lint.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ansible-lint.yml b/.github/workflows/ansible-lint.yml index 613405c45d..59c26045c1 100644 --- a/.github/workflows/ansible-lint.yml +++ b/.github/workflows/ansible-lint.yml @@ -19,7 +19,7 @@ jobs: restore-keys: | ${{ runner.os }}-pip- - - uses: actions/setup-python@v2.2.2 + - uses: actions/setup-python@v2.3.0 - name: Install dependencies run: | From 9197bb64feffcfce3e5b0cdd689eddbb7f50aaf7 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 23 Nov 2021 11:03:28 +0000 Subject: [PATCH 05/97] build(deps): bump actions/cache from 2.1.6 to 2.1.7 Bumps [actions/cache](https://github.com/actions/cache) from 2.1.6 to 2.1.7. - [Release notes](https://github.com/actions/cache/releases) - [Commits](https://github.com/actions/cache/compare/v2.1.6...v2.1.7) --- updated-dependencies: - dependency-name: actions/cache dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- .github/workflows/ansible-lint.yml | 2 +- .github/workflows/jekyll.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ansible-lint.yml b/.github/workflows/ansible-lint.yml index 59c26045c1..bfc2637738 100644 --- a/.github/workflows/ansible-lint.yml +++ b/.github/workflows/ansible-lint.yml @@ -12,7 +12,7 @@ jobs: # Important: This sets up your GITHUB_WORKSPACE environment variable - uses: actions/checkout@v2.4.0 - - uses: actions/cache@v2.1.6 + - uses: actions/cache@v2.1.7 with: path: ~/.cache/pip key: ${{ runner.os }}-pip-${{ hashFiles('**/*requirements.txt') }} diff --git a/.github/workflows/jekyll.yml b/.github/workflows/jekyll.yml index 1bd3b7329c..b6469208ab 100644 --- a/.github/workflows/jekyll.yml +++ b/.github/workflows/jekyll.yml @@ -14,7 +14,7 @@ jobs: - uses: actions/checkout@v2.4.0 # Use GitHub Actions' cache to shorten build times and decrease load on servers - - uses: actions/cache@v2.1.6 + - uses: actions/cache@v2.1.7 with: path: vendor/bundle key: ${{ runner.os }}-gems-${{ hashFiles('**/Gemfile.lock') }} From f01363c781c3b48254a72d035fb27f67ddfd14cd Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 25 Nov 2021 12:09:10 +0100 Subject: [PATCH 06/97] build(deps): update ansible requirement from <4.9.0 to <4.10.0 (#817) Updates the requirements on [ansible](https://github.com/ansible/ansible) to permit the latest version. - [Release notes](https://github.com/ansible/ansible/releases) - [Commits](https://github.com/ansible/ansible/commits) --- updated-dependencies: - dependency-name: ansible dependency-type: direct:production ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- test-requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test-requirements.txt b/test-requirements.txt index 9c752b5c2c..c23a472160 100644 --- a/test-requirements.txt +++ b/test-requirements.txt @@ -1,2 +1,2 @@ -ansible<4.9.0 +ansible<4.10.0 ansible-lint<6.0.0 From 9c750b05037499250065f98402fa2ef10330d598 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 30 Nov 2021 11:02:32 +0000 Subject: [PATCH 07/97] build(deps): bump actions/setup-python from 2.3.0 to 2.3.1 Bumps [actions/setup-python](https://github.com/actions/setup-python) from 2.3.0 to 2.3.1. - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](https://github.com/actions/setup-python/compare/v2.3.0...v2.3.1) --- updated-dependencies: - dependency-name: actions/setup-python dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- .github/workflows/ansible-lint.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ansible-lint.yml b/.github/workflows/ansible-lint.yml index bfc2637738..fdb1e52b66 100644 --- a/.github/workflows/ansible-lint.yml +++ b/.github/workflows/ansible-lint.yml @@ -19,7 +19,7 @@ jobs: restore-keys: | ${{ runner.os }}-pip- - - uses: actions/setup-python@v2.3.0 + - uses: actions/setup-python@v2.3.1 - name: Install dependencies run: | From 8e5b2e9cc958a4fffadfd4d74d48c8f951cdd366 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 1 Dec 2021 12:08:27 +0100 Subject: [PATCH 08/97] build(deps): update ansible requirement from <4.10.0 to <5.1.0 (#819) Updates the requirements on [ansible](https://github.com/ansible/ansible) to permit the latest version. - [Release notes](https://github.com/ansible/ansible/releases) - [Commits](https://github.com/ansible/ansible/commits) --- updated-dependencies: - dependency-name: ansible dependency-type: direct:production ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- test-requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test-requirements.txt b/test-requirements.txt index c23a472160..5db33a2591 100644 --- a/test-requirements.txt +++ b/test-requirements.txt @@ -1,2 +1,2 @@ -ansible<4.10.0 +ansible<5.1.0 ansible-lint<6.0.0 From d6cbacfcb892305fab7ab2071eb86cd16b5627a3 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 22 Dec 2021 12:31:58 +0100 Subject: [PATCH 09/97] build(deps): update ansible requirement from <5.1.0 to <5.2.0 (#821) Updates the requirements on [ansible](https://github.com/ansible/ansible) to permit the latest version. - [Release notes](https://github.com/ansible/ansible/releases) - [Commits](https://github.com/ansible/ansible/commits) --- updated-dependencies: - dependency-name: ansible dependency-type: direct:production ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- test-requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test-requirements.txt b/test-requirements.txt index 5db33a2591..ffeef48df3 100644 --- a/test-requirements.txt +++ b/test-requirements.txt @@ -1,2 +1,2 @@ -ansible<5.1.0 +ansible<5.2.0 ansible-lint<6.0.0 From 1b3de29baeb697c9c95858dc80fe1874e23c37cb Mon Sep 17 00:00:00 2001 From: Rabin Yasharzadehe Date: Mon, 27 Dec 2021 12:12:19 +0200 Subject: [PATCH 10/97] Update install-config.j2 template to support provisioningDHCPRange Allow to set the provisioningDHCPRange if the prov_dhcp_range variable is set --- .../roles/installer/templates/install-config.j2 | 3 +++ 1 file changed, 3 insertions(+) diff --git a/ansible-ipi-install/roles/installer/templates/install-config.j2 b/ansible-ipi-install/roles/installer/templates/install-config.j2 index de2c6f7f6e..d325b0f688 100644 --- a/ansible-ipi-install/roles/installer/templates/install-config.j2 +++ b/ansible-ipi-install/roles/installer/templates/install-config.j2 @@ -55,6 +55,9 @@ platform: {% if (release_version.split('.')[0]|int > 4) or ((release_version.split('.')[0]|int == 4) and (release_version.split('.')[1]|int > 3)) %} provisioningNetworkInterface: {{ masters_prov_nic }} provisioningNetworkCIDR: {{ provisioning_subnet }} +{% if prov_dhcp_range is defined and prov_dhcp_range|length %} + provisioningDHCPRange: {{ prov_dhcp_range }} +{% endif %} {% endif %} {% if bootstraposimage is defined and bootstraposimage|length %} bootstrapOSImage: {{ bootstraposimage }} From 12a865228c660bde392e8cb8fe959ebe549bb4d0 Mon Sep 17 00:00:00 2001 From: Derek Higgins Date: Mon, 17 Jan 2022 15:28:36 +0000 Subject: [PATCH 11/97] Add derekhiggins as an approver The previous owners of this repository have moved onto other things, I'll will be keeping things operating until more permanent owners are identified. --- OWNERS | 1 + OWNERS_ALIASES | 3 +++ ansible-ipi-install/OWNERS | 1 + documentation/OWNERS | 1 + 4 files changed, 6 insertions(+) diff --git a/OWNERS b/OWNERS index 0bf63b40cc..81957bb26e 100644 --- a/OWNERS +++ b/OWNERS @@ -5,6 +5,7 @@ filters: - directedsoul1 - iranzo approvers: + - derekhiggins - rlopez133 - iranzo - directedsoul1 diff --git a/OWNERS_ALIASES b/OWNERS_ALIASES index d344474cef..d52156ef85 100644 --- a/OWNERS_ALIASES +++ b/OWNERS_ALIASES @@ -2,11 +2,13 @@ aliases: approvers: + - derekhiggins - karmab - davidvossel - rlopez133 - iranzo code-reviewers: + - derekhiggins - karmab - e-minguez - davidvossel @@ -33,6 +35,7 @@ aliases: - fromanirh - cynepco3hahue dit-reviewers: + - derekhiggins - rlopez133 - directedsoul1 - iranzo diff --git a/ansible-ipi-install/OWNERS b/ansible-ipi-install/OWNERS index e384e99724..98850f7b1c 100644 --- a/ansible-ipi-install/OWNERS +++ b/ansible-ipi-install/OWNERS @@ -3,4 +3,5 @@ reviewers: - dit-reviewers approvers: + - derekhiggins - rlopez133 diff --git a/documentation/OWNERS b/documentation/OWNERS index e384e99724..98850f7b1c 100644 --- a/documentation/OWNERS +++ b/documentation/OWNERS @@ -3,4 +3,5 @@ reviewers: - dit-reviewers approvers: + - derekhiggins - rlopez133 From 1f06c99298e241c37a49a6407c434b8ff96013d3 Mon Sep 17 00:00:00 2001 From: Jose Luis Ojosnegros Manchon Date: Mon, 17 Jan 2022 16:55:18 +0100 Subject: [PATCH 12/97] Update OWNERS_ALIASES (#820) --- OWNERS_ALIASES | 3 +++ 1 file changed, 3 insertions(+) diff --git a/OWNERS_ALIASES b/OWNERS_ALIASES index d52156ef85..f603eb3032 100644 --- a/OWNERS_ALIASES +++ b/OWNERS_ALIASES @@ -27,6 +27,9 @@ aliases: - simon3z - SchSeba - fedepaol + - Tal-or + - marioferh + - jlojosnegros cnf-approvers: - MarSik - simon3z From 146d2ec517e67aa8bdb1c30e9b2d186fb0174f8e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 17 Jan 2022 14:48:58 -0500 Subject: [PATCH 13/97] build(deps): bump technote-space/broken-link-checker-action (#825) Bumps [technote-space/broken-link-checker-action](https://github.com/technote-space/broken-link-checker-action) from 2.2.10 to 2.2.11. - [Release notes](https://github.com/technote-space/broken-link-checker-action/releases) - [Changelog](https://github.com/technote-space/broken-link-checker-action/blob/main/.releasegarc) - [Commits](https://github.com/technote-space/broken-link-checker-action/compare/v2.2.10...v2.2.11) --- updated-dependencies: - dependency-name: technote-space/broken-link-checker-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/broken-link-check.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/broken-link-check.yml b/.github/workflows/broken-link-check.yml index 5650612617..44b86b3fd7 100644 --- a/.github/workflows/broken-link-check.yml +++ b/.github/workflows/broken-link-check.yml @@ -13,4 +13,4 @@ jobs: runs-on: ubuntu-latest steps: - name: Broken Link Check - uses: technote-space/broken-link-checker-action@v2.2.10 + uses: technote-space/broken-link-checker-action@v2.2.11 From dbc6cedec21892559b8a390f34b14290e73f2c4e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 17 Jan 2022 14:50:59 -0500 Subject: [PATCH 14/97] build(deps): update ansible requirement from <5.2.0 to <5.3.0 (#827) Updates the requirements on [ansible](https://github.com/ansible/ansible) to permit the latest version. - [Release notes](https://github.com/ansible/ansible/releases) - [Commits](https://github.com/ansible/ansible/commits) --- updated-dependencies: - dependency-name: ansible dependency-type: direct:production ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- test-requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test-requirements.txt b/test-requirements.txt index ffeef48df3..0211eb4c05 100644 --- a/test-requirements.txt +++ b/test-requirements.txt @@ -1,2 +1,2 @@ -ansible<5.2.0 +ansible<5.3.0 ansible-lint<6.0.0 From 4410400316e717c86282c63950ef4e9908f80f36 Mon Sep 17 00:00:00 2001 From: Patrick Easters Date: Thu, 20 Jan 2022 10:31:31 -0500 Subject: [PATCH 15/97] Add defaults for async deployment timeouts (#809) Set defaults for increase_bootstrap_timeout and increase_install_timeout vars --- ansible-ipi-install/roles/installer/tasks/60_deploy_ocp.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ansible-ipi-install/roles/installer/tasks/60_deploy_ocp.yml b/ansible-ipi-install/roles/installer/tasks/60_deploy_ocp.yml index 00a9552ffa..57840ce064 100644 --- a/ansible-ipi-install/roles/installer/tasks/60_deploy_ocp.yml +++ b/ansible-ipi-install/roles/installer/tasks/60_deploy_ocp.yml @@ -40,7 +40,7 @@ /usr/local/bin/openshift-baremetal-install --dir {{ dir }} --log-level debug wait-for bootstrap-complete register: wait_for_bootstrap_result until: wait_for_bootstrap_result is succeeded - retries: "{{ increase_bootstrap_timeout|int }}" + retries: "{{ increase_bootstrap_timeout|default(1)|int }}" delay: 1 - name: Wait for Install Complete @@ -48,7 +48,7 @@ /usr/local/bin/openshift-baremetal-install --dir {{ dir }} --log-level debug wait-for install-complete register: wait_for_install_result until: wait_for_install_result is succeeded - retries: "{{ increase_install_timeout|int }}" + retries: "{{ increase_install_timeout|default(1)|int }}" delay: 1 when: increase_bootstrap_timeout is defined or increase_install_timeout is defined tags: install From 71ab87cfbaacab611061fab86f8cfc832ff128bb Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 2 Feb 2022 04:54:39 -0500 Subject: [PATCH 16/97] build(deps): bump technote-space/broken-link-checker-action (#829) Bumps [technote-space/broken-link-checker-action](https://github.com/technote-space/broken-link-checker-action) from 2.2.11 to 2.2.12. - [Release notes](https://github.com/technote-space/broken-link-checker-action/releases) - [Changelog](https://github.com/technote-space/broken-link-checker-action/blob/main/.releasegarc) - [Commits](https://github.com/technote-space/broken-link-checker-action/compare/v2.2.11...v2.2.12) --- updated-dependencies: - dependency-name: technote-space/broken-link-checker-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/broken-link-check.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/broken-link-check.yml b/.github/workflows/broken-link-check.yml index 44b86b3fd7..3c28d87638 100644 --- a/.github/workflows/broken-link-check.yml +++ b/.github/workflows/broken-link-check.yml @@ -13,4 +13,4 @@ jobs: runs-on: ubuntu-latest steps: - name: Broken Link Check - uses: technote-space/broken-link-checker-action@v2.2.11 + uses: technote-space/broken-link-checker-action@v2.2.12 From 3f89e556b35d155589d5623ee576d9692a2ceb20 Mon Sep 17 00:00:00 2001 From: Bill Peck Date: Wed, 9 Feb 2022 05:51:13 -0500 Subject: [PATCH 17/97] Add Optional support for irmc BMC (#826) This allows for irmc BMC to be used in the install-config.yaml. --- ansible-ipi-install/inventory/hosts.sample | 1 + .../roles/installer/templates/install-config.j2 | 4 ++++ 2 files changed, 5 insertions(+) diff --git a/ansible-ipi-install/inventory/hosts.sample b/ansible-ipi-install/inventory/hosts.sample index 6ad4d02c2a..02820a4f95 100644 --- a/ansible-ipi-install/inventory/hosts.sample +++ b/ansible-ipi-install/inventory/hosts.sample @@ -175,6 +175,7 @@ pullsecret="" # ipmi_port is optional for each host. 623 is the common default used if omitted # poweroff is optional. True or ommited (by default) indicates the playbook will power off the node before deploying OCP # otherwise set it to false +# (Optional) irmc_address and imrc_port can be set in addition to ipmi_* if the BMC is Fujitsu irmc # (Optional) OpenShift 4.6+, Set Root Device Hints to choose the proper device to install operating system on OpenShift nodes. # root device hint options include: ['deviceName','hctl','model','vendor','serialNumber','minSizeGigabytes','wwn','rotational'] # Root Device Hint values are case sensitive. If incorrect case given, entry omitted from install-config.yaml diff --git a/ansible-ipi-install/roles/installer/templates/install-config.j2 b/ansible-ipi-install/roles/installer/templates/install-config.j2 index de2c6f7f6e..2d0e4eb238 100644 --- a/ansible-ipi-install/roles/installer/templates/install-config.j2 +++ b/ansible-ipi-install/roles/installer/templates/install-config.j2 @@ -73,6 +73,8 @@ platform: {% elif groups['hp_hosts_redfish'] is defined and host in groups['hp_hosts_redfish'] and ((release_version.split('.')[0]|int > 4) or ((release_version.split('.')[0]|int == 4) and (release_version.split('.')[1]|int >= 5))) %} address: redfish://{{ hostvars[host]['ipmi_address']|ipwrap }}/redfish/v1/Systems/1 disableCertificateVerification: {{ disable_bmc_certificate_verification }} +{% elif hostvars[host]['irmc_address'] is defined %} + address: irmc://{{ hostvars[host]['irmc_address']|ipwrap }}:{{ hostvars[host]['irmc_port']|default(443) }} {% else %} address: ipmi://{{ hostvars[host]['ipmi_address']|ipwrap }}:{{ hostvars[host]['ipmi_port']|default(623) }} {% endif %} @@ -107,6 +109,8 @@ platform: {% elif groups['hp_hosts_redfish'] is defined and host in groups['hp_hosts_redfish'] %} address: redfish://{{ hostvars[host]['ipmi_address']|ipwrap }}/redfish/v1/Systems/1 disableCertificateVerification: {{ disable_bmc_certificate_verification }} +{% elif hostvars[host]['irmc_address'] is defined %} + address: irmc://{{ hostvars[host]['irmc_address']|ipwrap }}:{{ hostvars[host]['irmc_port']|default(443) }} {% else %} address: ipmi://{{ hostvars[host]['ipmi_address']|ipwrap }}:{{ hostvars[host]['ipmi_port']|default(623) }} {% endif %} From 85b2abdb3d1a4c27ed0501f2c2ca0274c9f18b8c Mon Sep 17 00:00:00 2001 From: Tony Garcia Date: Wed, 16 Mar 2022 05:50:30 -0500 Subject: [PATCH 18/97] Use rhcos json stream on 4.8+ (#831) * Use openshift-baremetal-install coreos print-stream-json to obtain RHCOS image paths - Starting in 4.8 the installer contains pinned images of RHCOS in the binary - Format of the stream is different so its parsing differs to older versions * Use correct conditional on rhcos facts * Use proper rhcos key --- .../installer/tasks/23_rhcos_image_paths.yml | 80 +++++++++++++------ .../installer/tasks/24_rhcos_image_cache.yml | 15 +++- 2 files changed, 69 insertions(+), 26 deletions(-) diff --git a/ansible-ipi-install/roles/installer/tasks/23_rhcos_image_paths.yml b/ansible-ipi-install/roles/installer/tasks/23_rhcos_image_paths.yml index 51fbda0207..1670668875 100644 --- a/ansible-ipi-install/roles/installer/tasks/23_rhcos_image_paths.yml +++ b/ansible-ipi-install/roles/installer/tasks/23_rhcos_image_paths.yml @@ -1,29 +1,59 @@ --- -- name: Get COMMIT_ID - shell: | - /usr/local/bin/openshift-baremetal-install version | grep '^built from commit' | awk '{print $4}' - register: commit_id - tags: rhcospath +- name: RHCOS image path (pre 4.8) + block: + - name: Get COMMIT_ID + shell: | + /usr/local/bin/openshift-baremetal-install version | grep '^built from commit' | awk '{print $4}' + register: commit_id + tags: rhcospath -- name: Get the URLs - set_fact: - offline_url: "{{ webserver_url }}/{{ version }}/rhcos.json" - online_url: "https://raw.githubusercontent.com/openshift/installer/{{ commit_id.stdout }}/data/data/rhcos.json" + - name: Get the URLs + set_fact: + offline_url: "{{ webserver_url }}/{{ version }}/rhcos.json" + online_url: "https://raw.githubusercontent.com/openshift/installer/{{ commit_id.stdout }}/data/data/rhcos.json" -- name: Get RHCOS JSON File - uri: - url: "{{ (disconnected_installer|length == 0 and the_url.status == -1) | ternary(offline_url, online_url) }}" - return_content: yes - until: rhcos_json.status == 200 - retries: 6 # 1 minute (10 * 6) - delay: 10 # Every 10 seconds - register: rhcos_json - delegate_to: "{{ disconnected_installer | ternary(groups['registry_host'][0], groups['provisioner'][0]) }}" - tags: rhcospath + - name: Get RHCOS JSON File + uri: + url: "{{ (disconnected_installer|length == 0 and the_url.status == -1) | ternary(offline_url, online_url) }}" + return_content: yes + until: rhcos_json.status == 200 + retries: 6 # 1 minute (10 * 6) + delay: 10 # Every 10 seconds + register: rhcos_json + delegate_to: "{{ disconnected_installer | ternary(groups['registry_host'][0], groups['provisioner'][0]) }}" + tags: rhcospath -- name: Set Facts for RHCOS_URI and RHCOS_PATH - set_fact: - rhcos_qemu_uri: "{{ rhcos_json.json | json_query('images.qemu.path') }}" - rhcos_uri: "{{ rhcos_json.json | json_query('images.openstack.path') }}" - rhcos_path: "{{ rhcos_json.json | json_query('baseURI') }}" - tags: rhcospath + - name: Set Facts for RHCOS_URI and RHCOS_PATH + set_fact: + rhcos_qemu_uri: "{{ rhcos_json.json | json_query('images.qemu.path') }}" + rhcos_uri: "{{ rhcos_json.json | json_query('images.openstack.path') }}" + rhcos_path: "{{ rhcos_json.json | json_query('baseURI') }}" + tags: rhcospath + when: (release_version.split('.')[0]|int == 4) and (release_version.split('.')[1]|int <= 7) + +- name: RHCOS image path (4.8+) + block: + - name: Extract rhcos.json + shell: | + /usr/local/bin/openshift-baremetal-install coreos print-stream-json + register: rhcos_json_stream + retries: 3 + delay: 10 + until: rhcos_json_stream is not failed + tags: rhcospath + + - name: Set rhcos_json fact + set_fact: + rhcos_json: "{{ rhcos_json_stream.stdout | from_json }}" + tags: rhcospath + + - name: Set Facts for RHCOS_URI and RHCOS_PATH + set_fact: + rhcos_qemu_uri: "{{ rhcos_json | json_query(rhcos_qemu_key) | basename }}" + rhcos_path: "{{ rhcos_json | json_query(rhcos_qemu_key) | dirname + '/' }}" + rhcos_uri: "{{ rhcos_json | json_query(rhcos_openstack_key) | basename }}" + vars: + rhcos_qemu_key: 'architectures.x86_64.artifacts.qemu.formats."qcow2.gz".disk.location' + rhcos_openstack_key: 'architectures.x86_64.artifacts.openstack.formats."qcow2.gz".disk.location' + tags: rhcospath + when: (release_version.split('.')[0]|int == 4) and (release_version.split('.')[1]|int >= 8) diff --git a/ansible-ipi-install/roles/installer/tasks/24_rhcos_image_cache.yml b/ansible-ipi-install/roles/installer/tasks/24_rhcos_image_cache.yml index f54156266a..459bc8321b 100644 --- a/ansible-ipi-install/roles/installer/tasks/24_rhcos_image_cache.yml +++ b/ansible-ipi-install/roles/installer/tasks/24_rhcos_image_cache.yml @@ -83,12 +83,25 @@ tags: cache # rhcos_json fact already set in 23_rhcos_image_paths.yaml -- name: Set facts for RHCOS_QEMU_SHA256 and RHCOS_SHA256 +- name: Set facts for RHCOS_QEMU_SHA256 and RHCOS_SHA256 (pre 4.8) set_fact: rhcos_qemu_sha256: "{{ rhcos_json.json | json_query('images.qemu.sha256') }}" rhcos_qemu_sha256_unzipped: '{{ rhcos_json.json | json_query(''images.qemu."uncompressed-sha256"'') }}' rhcos_sha256: "{{ rhcos_json.json | json_query('images.openstack.sha256') }}" tags: cache + when: (release_version.split('.')[0]|int == 4) and (release_version.split('.')[1]|int <= 7) + +- name: Set facts for RHCOS_QEMU_SHA256 and RHCOS_SHA256 (4.8+) + set_fact: + rhcos_qemu_sha256: "{{ rhcos_json | json_query(rhcos_qemu_sha_key) }}" + rhcos_qemu_sha256_unzipped: "{{ rhcos_json | json_query(rhcos_qemu_sha_unzip_key) }}" + rhcos_sha256: "{{ rhcos_json | json_query(rhcos_openstack_sha_key) }}" + vars: + rhcos_qemu_sha_key: 'architectures.x86_64.artifacts.qemu.formats."qcow2.gz".disk.sha256' + rhcos_qemu_sha_unzip_key: 'architectures.x86_64.artifacts.qemu.formats."qcow2.gz".disk."uncompressed-sha256"' + rhcos_openstack_sha_key: 'architectures.x86_64.artifacts.openstack.formats."qcow2.gz".disk.sha256' + tags: cache + when: (release_version.split('.')[0]|int == 4) and (release_version.split('.')[1]|int >= 8) - name: Download {{ rhcos_qemu_uri }} for cache get_url: From 30e234b5791b8b258d500cfdfddfe66270d235ae Mon Sep 17 00:00:00 2001 From: Denis Ollier Date: Sun, 24 Apr 2022 18:08:03 +0200 Subject: [PATCH 19/97] Add Optional support for FIPS enabled clusters (#841) Signed-off-by: Denis Ollier --- .../roles/installer/templates/install-config-virtualmedia.j2 | 3 +++ .../roles/installer/templates/install-config.j2 | 3 +++ 2 files changed, 6 insertions(+) diff --git a/ansible-ipi-install/roles/installer/templates/install-config-virtualmedia.j2 b/ansible-ipi-install/roles/installer/templates/install-config-virtualmedia.j2 index b468dd7077..6fcdeed6cd 100644 --- a/ansible-ipi-install/roles/installer/templates/install-config-virtualmedia.j2 +++ b/ansible-ipi-install/roles/installer/templates/install-config-virtualmedia.j2 @@ -33,6 +33,9 @@ networking: - 172.30.0.0/16 - fd03::/112 {% endif %} +{% if fips_enabled is defined and fips_enabled|bool %} +fips: true +{% endif %} compute: - name: worker replicas: {{ numworkers }} diff --git a/ansible-ipi-install/roles/installer/templates/install-config.j2 b/ansible-ipi-install/roles/installer/templates/install-config.j2 index 2d0e4eb238..57dffd4e93 100644 --- a/ansible-ipi-install/roles/installer/templates/install-config.j2 +++ b/ansible-ipi-install/roles/installer/templates/install-config.j2 @@ -33,6 +33,9 @@ networking: - 172.30.0.0/16 - fd03::/112 {% endif %} +{% if fips_enabled is defined and fips_enabled|bool %} +fips: true +{% endif %} compute: - name: worker replicas: {{ numworkers }} From 02694c23860a953ab0d595e67b164862c8315c87 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 22 Aug 2022 11:01:56 +0000 Subject: [PATCH 20/97] build(deps): bump technote-space/broken-link-checker-action Bumps [technote-space/broken-link-checker-action](https://github.com/technote-space/broken-link-checker-action) from 2.2.12 to 2.3.1. - [Release notes](https://github.com/technote-space/broken-link-checker-action/releases) - [Changelog](https://github.com/technote-space/broken-link-checker-action/blob/main/.releasegarc) - [Commits](https://github.com/technote-space/broken-link-checker-action/compare/v2.2.12...v2.3.1) --- updated-dependencies: - dependency-name: technote-space/broken-link-checker-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/broken-link-check.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/broken-link-check.yml b/.github/workflows/broken-link-check.yml index 3c28d87638..d8b6ebd1fc 100644 --- a/.github/workflows/broken-link-check.yml +++ b/.github/workflows/broken-link-check.yml @@ -13,4 +13,4 @@ jobs: runs-on: ubuntu-latest steps: - name: Broken Link Check - uses: technote-space/broken-link-checker-action@v2.2.12 + uses: technote-space/broken-link-checker-action@v2.3.1 From 1cc1bdff84a0bdc7f287d6e15fdc2c3d8371044e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 22 Sep 2022 11:04:34 +0000 Subject: [PATCH 21/97] build(deps): bump actions/stale from 4 to 6 Bumps [actions/stale](https://github.com/actions/stale) from 4 to 6. - [Release notes](https://github.com/actions/stale/releases) - [Changelog](https://github.com/actions/stale/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/stale/compare/v4...v6) --- updated-dependencies: - dependency-name: actions/stale dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/stale.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml index fe3465d00d..4b46b2d4dd 100644 --- a/.github/workflows/stale.yml +++ b/.github/workflows/stale.yml @@ -7,7 +7,7 @@ jobs: stale: runs-on: ubuntu-latest steps: - - uses: actions/stale@v4 + - uses: actions/stale@v6 with: repo-token: ${{ secrets.GITHUB_TOKEN }} stale-issue-message: 'This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 7 days' From b8585c112b81efd6d8e67399f87e6df79c0f0e55 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 14 Oct 2022 11:01:55 +0000 Subject: [PATCH 22/97] build(deps): bump actions/cache from 2.1.7 to 3.0.11 Bumps [actions/cache](https://github.com/actions/cache) from 2.1.7 to 3.0.11. - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](https://github.com/actions/cache/compare/v2.1.7...v3.0.11) --- updated-dependencies: - dependency-name: actions/cache dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/ansible-lint.yml | 2 +- .github/workflows/jekyll.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ansible-lint.yml b/.github/workflows/ansible-lint.yml index fdb1e52b66..a4cef80b91 100644 --- a/.github/workflows/ansible-lint.yml +++ b/.github/workflows/ansible-lint.yml @@ -12,7 +12,7 @@ jobs: # Important: This sets up your GITHUB_WORKSPACE environment variable - uses: actions/checkout@v2.4.0 - - uses: actions/cache@v2.1.7 + - uses: actions/cache@v3.0.11 with: path: ~/.cache/pip key: ${{ runner.os }}-pip-${{ hashFiles('**/*requirements.txt') }} diff --git a/.github/workflows/jekyll.yml b/.github/workflows/jekyll.yml index b6469208ab..1d5bc17e82 100644 --- a/.github/workflows/jekyll.yml +++ b/.github/workflows/jekyll.yml @@ -14,7 +14,7 @@ jobs: - uses: actions/checkout@v2.4.0 # Use GitHub Actions' cache to shorten build times and decrease load on servers - - uses: actions/cache@v2.1.7 + - uses: actions/cache@v3.0.11 with: path: vendor/bundle key: ${{ runner.os }}-gems-${{ hashFiles('**/Gemfile.lock') }} From 9aa4f4a20690dcd8a2c327b8d59d8db4f920a423 Mon Sep 17 00:00:00 2001 From: Avani Bhatt Date: Fri, 14 Oct 2022 19:44:17 +0100 Subject: [PATCH 23/97] Remove reference to openstack baremetal and update it to baremetal --- .../modules/ipi-install-troubleshooting-ironic-bootstrap.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/documentation/ipi-install/modules/ipi-install-troubleshooting-ironic-bootstrap.adoc b/documentation/ipi-install/modules/ipi-install-troubleshooting-ironic-bootstrap.adoc index 5c3564f937..b06b11a3da 100644 --- a/documentation/ipi-install/modules/ipi-install-troubleshooting-ironic-bootstrap.adoc +++ b/documentation/ipi-install/modules/ipi-install-troubleshooting-ironic-bootstrap.adoc @@ -94,7 +94,7 @@ Make sure in the file above you change with the value + [source,terminal] ---- -[root@1facad6bccff /]# openstack baremetal node list +[root@1facad6bccff /]# baremetal node list ---- + From e03077390ca94695a0a90287d446d524679ce736 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 8 Dec 2022 11:03:02 +0000 Subject: [PATCH 24/97] build(deps): update ansible requirement from <5.3.0 to <7.2.0 Updates the requirements on [ansible](https://github.com/ansible/ansible) to permit the latest version. - [Release notes](https://github.com/ansible/ansible/releases) - [Commits](https://github.com/ansible/ansible/commits) --- updated-dependencies: - dependency-name: ansible dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- test-requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test-requirements.txt b/test-requirements.txt index 0211eb4c05..89336a202a 100644 --- a/test-requirements.txt +++ b/test-requirements.txt @@ -1,2 +1,2 @@ -ansible<5.3.0 +ansible<7.2.0 ansible-lint<6.0.0 From 02288d4f44dcd6dbc68f8d037000d50574a43b12 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 9 Dec 2022 11:00:49 +0000 Subject: [PATCH 25/97] build(deps): bump actions/setup-python from 2.3.1 to 4.3.1 Bumps [actions/setup-python](https://github.com/actions/setup-python) from 2.3.1 to 4.3.1. - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](https://github.com/actions/setup-python/compare/v2.3.1...v4.3.1) --- updated-dependencies: - dependency-name: actions/setup-python dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/ansible-lint.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ansible-lint.yml b/.github/workflows/ansible-lint.yml index fdb1e52b66..609b215788 100644 --- a/.github/workflows/ansible-lint.yml +++ b/.github/workflows/ansible-lint.yml @@ -19,7 +19,7 @@ jobs: restore-keys: | ${{ runner.os }}-pip- - - uses: actions/setup-python@v2.3.1 + - uses: actions/setup-python@v4.3.1 - name: Install dependencies run: | From 641130623adfd87ea94620c4ae8163b2f5c90595 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 13 Dec 2022 11:00:57 +0000 Subject: [PATCH 26/97] build(deps): bump actions/checkout from 2.4.0 to 3.2.0 Bumps [actions/checkout](https://github.com/actions/checkout) from 2.4.0 to 3.2.0. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v2.4.0...v3.2.0) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/ansible-lint.yml | 2 +- .github/workflows/jekyll.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ansible-lint.yml b/.github/workflows/ansible-lint.yml index fdb1e52b66..45fdca956e 100644 --- a/.github/workflows/ansible-lint.yml +++ b/.github/workflows/ansible-lint.yml @@ -10,7 +10,7 @@ jobs: steps: # Important: This sets up your GITHUB_WORKSPACE environment variable - - uses: actions/checkout@v2.4.0 + - uses: actions/checkout@v3.2.0 - uses: actions/cache@v2.1.7 with: diff --git a/.github/workflows/jekyll.yml b/.github/workflows/jekyll.yml index b6469208ab..a904760720 100644 --- a/.github/workflows/jekyll.yml +++ b/.github/workflows/jekyll.yml @@ -11,7 +11,7 @@ jobs: jekyll: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2.4.0 + - uses: actions/checkout@v3.2.0 # Use GitHub Actions' cache to shorten build times and decrease load on servers - uses: actions/cache@v2.1.7 From 04165f22f15ed67097e78e75d4e9fa5e77983572 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pablo=20Iranzo=20G=C3=B3mez?= Date: Tue, 13 Dec 2022 15:19:39 +0100 Subject: [PATCH 27/97] Adjust owners and aliases --- OWNERS | 4 +--- OWNERS_ALIASES | 2 -- 2 files changed, 1 insertion(+), 5 deletions(-) diff --git a/OWNERS b/OWNERS index 81957bb26e..af7e2e4af7 100644 --- a/OWNERS +++ b/OWNERS @@ -2,13 +2,11 @@ filters: ".*": reviewers: - - directedsoul1 - - iranzo + - derekhiggins approvers: - derekhiggins - rlopez133 - iranzo - - directedsoul1 "^documentation/.*": labels: diff --git a/OWNERS_ALIASES b/OWNERS_ALIASES index f603eb3032..61069eabdb 100644 --- a/OWNERS_ALIASES +++ b/OWNERS_ALIASES @@ -10,7 +10,6 @@ aliases: code-reviewers: - derekhiggins - karmab - - e-minguez - davidvossel - rlopez133 - abays @@ -40,6 +39,5 @@ aliases: dit-reviewers: - derekhiggins - rlopez133 - - directedsoul1 - iranzo - johnwilkins From 927ef393e263f8f12a60cd07ed68c7543b84f80b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pablo=20Iranzo=20G=C3=B3mez?= Date: Tue, 13 Dec 2022 16:19:47 +0100 Subject: [PATCH 28/97] Delete greetings.yml --- .github/workflows/greetings.yml | 13 ------------- 1 file changed, 13 deletions(-) delete mode 100644 .github/workflows/greetings.yml diff --git a/.github/workflows/greetings.yml b/.github/workflows/greetings.yml deleted file mode 100644 index c0da5bc140..0000000000 --- a/.github/workflows/greetings.yml +++ /dev/null @@ -1,13 +0,0 @@ -name: Greetings - -on: [pull_request_target, issues] - -jobs: - greeting: - runs-on: ubuntu-latest - steps: - - uses: actions/first-interaction@v1.1.0 - with: - repo-token: ${{ secrets.GITHUB_TOKEN }} - issue-message: 'Thank you for raising this issue' - pr-message: 'Thank you for making this first PR' From 5a76c46faa67b7fd478ba52c14bf3b93d80f7ce5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pablo=20Iranzo=20G=C3=B3mez?= Date: Tue, 13 Dec 2022 16:42:01 +0100 Subject: [PATCH 29/97] Update jekyll.yml Lock to Major --- .github/workflows/jekyll.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/jekyll.yml b/.github/workflows/jekyll.yml index 49044c5977..6e475ff699 100644 --- a/.github/workflows/jekyll.yml +++ b/.github/workflows/jekyll.yml @@ -21,7 +21,7 @@ jobs: restore-keys: | ${{ runner.os }}-gems- - - uses: iranzo/gh-pages-jekyll-action@1.0.1 + - uses: iranzo/gh-pages-jekyll-action@1 env: GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}} SOURCE_FOLDER: website From eebffc32b0e8d80925ff847e0084e3e678e7696d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pablo=20Iranzo=20G=C3=B3mez?= Date: Tue, 13 Dec 2022 16:48:10 +0100 Subject: [PATCH 30/97] Delete ansible-lint.yml --- .github/workflows/ansible-lint.yml | 73 ------------------------------ 1 file changed, 73 deletions(-) delete mode 100644 .github/workflows/ansible-lint.yml diff --git a/.github/workflows/ansible-lint.yml b/.github/workflows/ansible-lint.yml deleted file mode 100644 index 8f7c67d689..0000000000 --- a/.github/workflows/ansible-lint.yml +++ /dev/null @@ -1,73 +0,0 @@ -name: Ansible Lint # feel free to pick your own name - -on: [push, pull_request] - -jobs: - build: - runs-on: ubuntu-latest - - - - steps: - # Important: This sets up your GITHUB_WORKSPACE environment variable - - uses: actions/checkout@v3.2.0 - - - uses: actions/cache@v3.0.11 - with: - path: ~/.cache/pip - key: ${{ runner.os }}-pip-${{ hashFiles('**/*requirements.txt') }} - restore-keys: | - ${{ runner.os }}-pip- - - - uses: actions/setup-python@v4.3.1 - - - name: Install dependencies - run: | - python -m pip install --upgrade pip - pip install flake8 pytest - if [ -f requirements.txt ]; then pip install -r requirements.txt; fi - if [ -f test-requirements.txt ]; then pip install -r test-requirements.txt; fi - - - - name: Lint Ansible Playbook - # replace "master" with any valid ref - uses: iranzo/ansible-lint-action@v4.1.1 - with: - # [required] - # Paths to ansible files (i.e., playbooks, tasks, handlers etc..) - # or valid Ansible directories according to the Ansible role - # directory structure. - # If you want to lint multiple ansible files, use the following syntax - # targets: | - # playbook_1.yml - # playbook_2.yml - targets: "ansible-ipi-install/playbook.yml" - override-deps: | - ansible<2.10 - # [optional] - # Arguments to override a package and its version to be set explicitly. - # Must follow the example syntax. - - # [optional] - # Arguments to be passed to the ansible-lint - - # Options: - # -q quieter, although not silent output - # -p parseable output in the format of pep8 - # --parseable-severity parseable output including severity of rule - # -r RULESDIR specify one or more rules directories using one or - # more -r arguments. Any -r flags override the default - # rules in ansiblelint/rules, unless -R is also used. - # -R Use default rules in ansiblelint/rules in addition to - # any extra - # rules directories specified with -r. There is no need - # to specify this if no -r flags are used - # -t TAGS only check rules whose id/tags match these values - # -x SKIP_LIST only check rules whose id/tags do not match these - # values - # --nocolor disable colored output - # --exclude=EXCLUDE_PATHS - # path to directories or files to skip. This option is - # repeatable. - # -c C Specify configuration file to use. Defaults to ".ansible-lint" - args: "" From 79664f2b06fe59d54449bdab888c21ab59d9f1a6 Mon Sep 17 00:00:00 2001 From: Guillaume Vincent Date: Thu, 8 Dec 2022 13:57:19 +0100 Subject: [PATCH 31/97] Prefix temp directories with baremetal-deploy to avoid permission issues baremetal-deploy download OpenShift binaries in a /tmp/ansible.xxxx folder using the tempfile ansible module. baremetal-deploy also remove all /tmp/ansible.xxxx folders before downloading those binaries. cf https://github.com/openshift-kni/baremetal-deploy/blob/47e20e26595fcf7696d7a6414cf4acb2af683a6e/ansible-ipi-install/roles/installer/tasks/10_get_oc.yml This is weird to me, but I may miss some context here. The problem is baremetal-deploy is used by other ansible code that may use the tempfile ansible module with a user different than kni. The deletion of the folders will fail because of permission issue. This patch prefix the temp folder with baremetal-deploy. Binaries will be downloaded in /tmp/baremetal-deploy.xxxx temp folder. A better approach may have been to delete those temp folder after usage, instead of before, and delete only the ones created. --- ansible-ipi-install/roles/installer/tasks/10_get_oc.yml | 4 +++- .../roles/installer/tasks/15_disconnected_registry_create.yml | 3 ++- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/ansible-ipi-install/roles/installer/tasks/10_get_oc.yml b/ansible-ipi-install/roles/installer/tasks/10_get_oc.yml index 8edd5de5f9..60e7b5a672 100644 --- a/ansible-ipi-install/roles/installer/tasks/10_get_oc.yml +++ b/ansible-ipi-install/roles/installer/tasks/10_get_oc.yml @@ -10,7 +10,7 @@ - name: Find any old tmp dirs with OpenShift related binaries find: paths: /tmp - patterns: 'ansible.*' + patterns: "baremetal-deploy.*" file_type: directory register: tmp_results tags: @@ -48,6 +48,7 @@ - name: Create tmp directory to store OpenShift binaries tempfile: state: directory + prefix: "baremetal-deploy." suffix: "{{ release_version }}" register: tempdiroutput tags: getoc @@ -60,6 +61,7 @@ - name: Create tmp directory to store OpenShift binaries on registry host tempfile: state: directory + prefix: "baremetal-deploy." suffix: "{{ release_version }}" register: registryhost_tempdir when: registry_creation|bool diff --git a/ansible-ipi-install/roles/installer/tasks/15_disconnected_registry_create.yml b/ansible-ipi-install/roles/installer/tasks/15_disconnected_registry_create.yml index ba2b68ff70..7c89a01d6f 100644 --- a/ansible-ipi-install/roles/installer/tasks/15_disconnected_registry_create.yml +++ b/ansible-ipi-install/roles/installer/tasks/15_disconnected_registry_create.yml @@ -2,7 +2,7 @@ - name: Find any old tmp dirs with OpenShift related binaries on registry host find: paths: /tmp - patterns: 'ansible.*' + patterns: "baremetal-deploy.*" file_type: directory register: registry_tmp_results when: groups['registry_host'][0] != groups['provisioner'][0] @@ -75,6 +75,7 @@ - name: Create tmp directory to store OpenShift binaries on registry host tempfile: state: directory + prefix: "baremetal-deploy." suffix: "{{ release_version }}" register: registry_tempdir delegate_to: "{{ groups['registry_host'][0] }}" From 687e20d2940b7042e915ed5a1c30e1aa70a361e2 Mon Sep 17 00:00:00 2001 From: Manuel Rodriguez Date: Fri, 21 Oct 2022 13:37:03 -0400 Subject: [PATCH 32/97] Add support to pass NMstate vars in install-config This patch allows to include NMstate network settings in the install-config.yaml file and setup custom networking at day1 --- README.md | 4 +- ansible-ipi-install/inventory/hosts.sample | 7 +- .../templates/install-config-virtualmedia.j2 | 12 +++ .../installer/templates/install-config.j2 | 12 +++ .../roles/node-prep/tasks/10_validation.yml | 20 +++++ .../ipi-install-configuration-files.adoc | 4 + ...onfig-for-nmstate-network-config-day1.adoc | 86 +++++++++++++++++++ features/kubernetes-nmstate/day1/README.md | 61 +++++++++++++ 8 files changed, 203 insertions(+), 3 deletions(-) create mode 100644 documentation/ipi-install/modules/ipi-install-modifying-install-config-for-nmstate-network-config-day1.adoc create mode 100644 features/kubernetes-nmstate/day1/README.md diff --git a/README.md b/README.md index 1eefb4cbe5..5ca1acbf1b 100644 --- a/README.md +++ b/README.md @@ -14,8 +14,8 @@ It also contains optional features focused on low-latency workloads, NFV workloa - [Performance](features/performance/). Performance-related features like Hugepages, real-time kernel, CPU Manager and Topology Manager. - [Bonding](features/bonding/). A helper script to create bonding devices with ignition and/or NMstate. - [DPDK](features/dpdk/). Example workload that uses DPDK libraries for packet processing. -- [Kubernetes NMstate](features/kubernetes-nmstate/). Node-networking configuration driven by Kubernetes and executed - by NMstate. +- [Kubernetes NMstate](features/kubernetes-nmstate/). Node-networking configuration driven by Kubernetes and executed by NMstate. +- [Kubernetes NMstate day1](features/kubernetes-nmstate/day1/). Node-networking configuration driven by Kubernetes and executed by NMstate during the deployment of a cluster, by adding settings to install-config.yaml - [PTP](features/ptp). This operator manages cluster-wide Precision Time Protocol (PTP) configuration. - [SCTP](features/sctp). These assets enable Stream Control Transmission Protocol (SCTP) in the RHCOS worker nodes. diff --git a/ansible-ipi-install/inventory/hosts.sample b/ansible-ipi-install/inventory/hosts.sample index 02820a4f95..ad860e794e 100644 --- a/ansible-ipi-install/inventory/hosts.sample +++ b/ansible-ipi-install/inventory/hosts.sample @@ -169,7 +169,7 @@ pullsecret="" # (Optional) Change the boot mode of the OpenShift cluster nodes to legacy mode (BIOS). Default is UEFI. #bootmode=legacy -# Master nodes +# Master/Worker nodes # The hardware_profile is used by the baremetal operator to match the hardware discovered on the host # See https://github.com/metal3-io/baremetal-operator/blob/master/docs/api.md#baremetalhost-status # ipmi_port is optional for each host. 623 is the common default used if omitted @@ -181,6 +181,11 @@ pullsecret="" # Root Device Hint values are case sensitive. If incorrect case given, entry omitted from install-config.yaml # root_device_hint="deviceName" # root_device_hint_value="/dev/sda" + +# (Optional) Modify the path to set custom networking configuration with NMState to the deployed nodes +# The following variable allows to pass the networkConfig settings from YAML files in NMstate format: +# master_network_config_file="/path/to/your/master_nmstate_file.yaml" +# worker_network_config_file="/path/to/your/worker_nmstate_file.yaml" [masters] master-0 name=master-0 role=master ipmi_user=admin ipmi_password=password ipmi_address=192.168.1.1 ipmi_port=623 provision_mac=ec:f4:bb:da:0c:58 hardware_profile=default poweroff=true diff --git a/ansible-ipi-install/roles/installer/templates/install-config-virtualmedia.j2 b/ansible-ipi-install/roles/installer/templates/install-config-virtualmedia.j2 index 6fcdeed6cd..c71a03e933 100644 --- a/ansible-ipi-install/roles/installer/templates/install-config-virtualmedia.j2 +++ b/ansible-ipi-install/roles/installer/templates/install-config-virtualmedia.j2 @@ -100,6 +100,12 @@ platform: {{ hostvars[host]['root_device_hint'] }}: {{ hostvars[host]['root_device_hint_value'] }} {% endif %} {% endif %} +{% if ((release_version.split('.')[0]|int == 4) and (release_version.split('.')[1]|int >= 10)) %} +{% if rendered_master_nmstate_yml is defined and rendered_master_nmstate_yml|length %} + networkConfig: +{{ rendered_master_nmstate_yml | indent(10, true) }} +{% endif %} +{% endif %} {% endfor %} {% if groups['workers'] is defined %} {% for host in groups['workers'] %} @@ -138,6 +144,12 @@ platform: {{ hostvars[host]['root_device_hint'] }}: {{ hostvars[host]['root_device_hint_value'] }} {% endif %} {% endif %} +{% if ((release_version.split('.')[0]|int == 4) and (release_version.split('.')[1]|int >= 10)) %} +{% if rendered_worker_nmstate_yml is defined and rendered_worker_nmstate_yml|length %} + networkConfig: +{{ rendered_worker_nmstate_yml | indent(10, true) }} +{% endif %} +{% endif %} {% endfor %} {% endif %} pullSecret: '{{ pullsecret }}' diff --git a/ansible-ipi-install/roles/installer/templates/install-config.j2 b/ansible-ipi-install/roles/installer/templates/install-config.j2 index c91642e63d..b35443a96c 100644 --- a/ansible-ipi-install/roles/installer/templates/install-config.j2 +++ b/ansible-ipi-install/roles/installer/templates/install-config.j2 @@ -103,6 +103,12 @@ platform: {{ hostvars[host]['root_device_hint'] }}: {{ hostvars[host]['root_device_hint_value'] }} {% endif %} {% endif %} +{% if ((release_version.split('.')[0]|int == 4) and (release_version.split('.')[1]|int >= 10)) %} +{% if rendered_master_nmstate_yml is defined and rendered_master_nmstate_yml|length %} + networkConfig: +{{ rendered_master_nmstate_yml | indent(10, true) }} +{% endif %} +{% endif %} {% endfor %} {% if groups['workers'] is defined %} {% for host in groups['workers'] %} @@ -139,6 +145,12 @@ platform: {{ hostvars[host]['root_device_hint'] }}: {{ hostvars[host]['root_device_hint_value'] }} {% endif %} {% endif %} +{% if ((release_version.split('.')[0]|int == 4) and (release_version.split('.')[1]|int >= 10)) %} +{% if rendered_worker_nmstate_yml is defined and rendered_worker_nmstate_yml|length %} + networkConfig: +{{ rendered_worker_nmstate_yml | indent(10, true) }} +{% endif %} +{% endif %} {% endfor %} {% endif %} pullSecret: '{{ pullsecret }}' diff --git a/ansible-ipi-install/roles/node-prep/tasks/10_validation.yml b/ansible-ipi-install/roles/node-prep/tasks/10_validation.yml index 0bf4c1f993..e97a29bc89 100644 --- a/ansible-ipi-install/roles/node-prep/tasks/10_validation.yml +++ b/ansible-ipi-install/roles/node-prep/tasks/10_validation.yml @@ -479,3 +479,23 @@ tags: - always - validation + +- name: "Set rendered_master_nmstate_yml from raw value for master nodes" + set_fact: + rendered_master_nmstate_yml: "{{ master_network_config_raw | to_yaml | trim }}" + when: master_network_config_raw is defined + +- name: "Set rendered_master_nmstate_yml from file for master nodes" + set_fact: + rendered_master_nmstate_yml: "{{ lookup('file', master_network_config_file) }}" + when: master_network_config_file is defined + +- name: "Set rendered_worker_nmstate_yml from raw value for worker nodes" + set_fact: + rendered_master_nmstate_yml: "{{ worker_network_config_raw | to_yaml | trim }}" + when: worker_network_config_raw is defined + +- name: "Set rendered_worker_nmstate_yml from file for worker nodes" + set_fact: + rendered_master_nmstate_yml: "{{ lookup('file', worker_network_config_file) }}" + when: worker_network_config_file is defined diff --git a/documentation/ipi-install/ipi-install-configuration-files.adoc b/documentation/ipi-install/ipi-install-configuration-files.adoc index 11224cd4fe..cd216921a4 100644 --- a/documentation/ipi-install/ipi-install-configuration-files.adoc +++ b/documentation/ipi-install/ipi-install-configuration-files.adoc @@ -41,3 +41,7 @@ endif::[] ifeval::[{product-version} > 4.7] include::modules/ipi-install-configure-network-components-to-run-on-the-control-plane.adoc[leveloffset=+1] endif::[] + +ifeval::[{product-version} > 4.9] +include::modules/ipi-install-modifying-install-config-for-nmstate-network-config-day1.adoc[leveloffset=+1] +endif::[] diff --git a/documentation/ipi-install/modules/ipi-install-modifying-install-config-for-nmstate-network-config-day1.adoc b/documentation/ipi-install/modules/ipi-install-modifying-install-config-for-nmstate-network-config-day1.adoc new file mode 100644 index 0000000000..a4eb07b263 --- /dev/null +++ b/documentation/ipi-install/modules/ipi-install-modifying-install-config-for-nmstate-network-config-day1.adoc @@ -0,0 +1,86 @@ +// This is included in the following assemblies: +// +// ipi-install-configuration-files.adoc + +[id='modifying-install-config-for-nmstate-network-config-day1_{context}'] + += Modifying the `install-config.yaml` file to add network config with NMstate at day1 (optional) + +1. To deploy an {product-title} cluster with NMstate network config, create an NMState YAML file `nmstate_yaml_file` file. + +[source,yaml] +---- +interfaces: +- name: + type: ethernet + state: up + ipv4: + address: + - ip: + prefix-length: 24 + enabled: true +dns-resolver: + config: + server: + - +routes: + config: + - destination: 0.0.0.0/0 + next-hop-address: + next-hop-interface: +---- + +NOTE: Replace , , , and with appropriate values. + +[IMPORTANT] +==== +Consider installing `nmstate` package and testing the NMState syntax with `nmstatectl gc` before including it in the install-config.yaml file, because the installer will not check the NMState YAML syntax +==== + +2. Test the configuration file by running the following command: (Replace with the configuration file name) + +[source,bash] +---- +$ nmstatectl gc +---- + +3. Use the networkConfig configuration setting by adding the NMState configuration to hosts within the install-config.yaml file: +[source,yaml] +---- + hosts: + - name: openshift-master-0 + role: master + bmc: + address: redfish+http:///redfish/v1/Systems/ + username: + password: + disableCertificateVerification: null + bootMACAddress: + bootMode: UEFI + rootDeviceHints: + deviceName: "/dev/sda" + networkConfig: + interfaces: + - name: + type: ethernet + state: up + ipv4: + address: + - ip: + prefix-length: 24 + enabled: true + dns-resolver: + config: + server: + - + routes: + config: + - destination: 0.0.0.0/0 + next-hop-address: + next-hop-interface: +---- + +[IMPORTANT] +==== +After deploying the cluster, you cannot modify the networkConfig configuration setting of install-config.yaml file to make changes to the host network interface. Use the Kubernetes NMState Operator to make changes to the host network interface after deployment. +==== diff --git a/features/kubernetes-nmstate/day1/README.md b/features/kubernetes-nmstate/day1/README.md new file mode 100644 index 0000000000..25752efcb9 --- /dev/null +++ b/features/kubernetes-nmstate/day1/README.md @@ -0,0 +1,61 @@ +When using [baremetal_repo](https://github.com/openshift-kni/baremetal-deploy) repository to deploy a cluster you can pass the `networkConfig` settings using two forms: + +a) If you wish to use your own NMState YAML file as created above, you can set `master_network_config_file` and `worker_network_config_file` variables pointing to a path to your desired configuration: + +As YAML as extra-variables in your deployment: + +```yaml +master_network_config_file: "/path/to/your/master_nmstate_file.yaml" +worker_network_config_file: "/path/to/your/worker_nmstate_file.yaml" +``` + +As JSON in your inventory file: + +``` +master_network_config_file="/path/to/your/master_nmstate_file.yaml" +worker_network_config_file="/path/to/your/worker_nmstate_file.yaml" +``` + +b) If you wish to provide the `networkConfig` settings in a raw YAML variable, you can use the `master_network_config_raw` and `worker_network_config_raw` variables and pass them as extra-variables in your deployment. + +```yaml +master_network_config_raw: + interfaces: + - name: + type: ethernet + state: up + ipv4: + address: + - ip: + prefix-length: 24 + enabled: true + dns-resolver: + config: + server: + - + routes: + config: + - destination: 0.0.0.0/0 + next-hop-address: + next-hop-interface: + +worker_network_config_raw: + interfaces: + - name: + type: ethernet + state: up + ipv4: + address: + - ip: + prefix-length: 24 + enabled: true + dns-resolver: + config: + server: + - + routes: + config: + - destination: 0.0.0.0/0 + next-hop-address: + next-hop-interface: +---- From 0eb2f1e1e76fb0c022c213bf951894814cd51ad1 Mon Sep 17 00:00:00 2001 From: Manuel Rodriguez Date: Fri, 4 Nov 2022 15:31:49 -0400 Subject: [PATCH 33/97] fix name of fact for worker when using raw config --- ansible-ipi-install/roles/node-prep/tasks/10_validation.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible-ipi-install/roles/node-prep/tasks/10_validation.yml b/ansible-ipi-install/roles/node-prep/tasks/10_validation.yml index e97a29bc89..4ca7bbc619 100644 --- a/ansible-ipi-install/roles/node-prep/tasks/10_validation.yml +++ b/ansible-ipi-install/roles/node-prep/tasks/10_validation.yml @@ -492,7 +492,7 @@ - name: "Set rendered_worker_nmstate_yml from raw value for worker nodes" set_fact: - rendered_master_nmstate_yml: "{{ worker_network_config_raw | to_yaml | trim }}" + rendered_worker_nmstate_yml: "{{ worker_network_config_raw | to_yaml | trim }}" when: worker_network_config_raw is defined - name: "Set rendered_worker_nmstate_yml from file for worker nodes" From 7958abcee8b7c93e589382200eae774e0fefc39e Mon Sep 17 00:00:00 2001 From: Manuel Rodriguez Date: Fri, 4 Nov 2022 15:32:12 -0400 Subject: [PATCH 34/97] fix name of fact for worker when using file config --- ansible-ipi-install/roles/node-prep/tasks/10_validation.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible-ipi-install/roles/node-prep/tasks/10_validation.yml b/ansible-ipi-install/roles/node-prep/tasks/10_validation.yml index 4ca7bbc619..9116773e2c 100644 --- a/ansible-ipi-install/roles/node-prep/tasks/10_validation.yml +++ b/ansible-ipi-install/roles/node-prep/tasks/10_validation.yml @@ -497,5 +497,5 @@ - name: "Set rendered_worker_nmstate_yml from file for worker nodes" set_fact: - rendered_master_nmstate_yml: "{{ lookup('file', worker_network_config_file) }}" + rendered_worker_nmstate_yml: "{{ lookup('file', worker_network_config_file) }}" when: worker_network_config_file is defined From a75459fecda5fd3471cf301399c67b61a62c1182 Mon Sep 17 00:00:00 2001 From: Manuel Rodriguez Date: Tue, 29 Nov 2022 23:38:48 -0500 Subject: [PATCH 35/97] add options to pass network varibles per node this allows to pass files with NMstate settings and have the option to include jinja expressions to be replaced with variable content from the inventory --- ansible-ipi-install/inventory/hosts.sample | 7 +- .../templates/install-config-virtualmedia.j2 | 8 +- .../installer/templates/install-config.j2 | 8 +- .../roles/node-prep/tasks/10_validation.yml | 52 +++-- ...onfig-for-nmstate-network-config-day1.adoc | 2 +- features/kubernetes-nmstate/day1/README.md | 178 +++++++++++++----- 6 files changed, 179 insertions(+), 76 deletions(-) diff --git a/ansible-ipi-install/inventory/hosts.sample b/ansible-ipi-install/inventory/hosts.sample index ad860e794e..7d0bc6bd1f 100644 --- a/ansible-ipi-install/inventory/hosts.sample +++ b/ansible-ipi-install/inventory/hosts.sample @@ -183,9 +183,10 @@ pullsecret="" # root_device_hint_value="/dev/sda" # (Optional) Modify the path to set custom networking configuration with NMState to the deployed nodes -# The following variable allows to pass the networkConfig settings from YAML files in NMstate format: -# master_network_config_file="/path/to/your/master_nmstate_file.yaml" -# worker_network_config_file="/path/to/your/worker_nmstate_file.yaml" +# The following variable allows to pass the networkConfig settings from YAML files in NMstate format +# The files can include jinja format and render defined variables from master/worker nodes +# master_network_config_template="/path/to/your/master_nmstate_file.yaml" +# worker_network_config_template="/path/to/your/worker_nmstate_file.yaml" [masters] master-0 name=master-0 role=master ipmi_user=admin ipmi_password=password ipmi_address=192.168.1.1 ipmi_port=623 provision_mac=ec:f4:bb:da:0c:58 hardware_profile=default poweroff=true diff --git a/ansible-ipi-install/roles/installer/templates/install-config-virtualmedia.j2 b/ansible-ipi-install/roles/installer/templates/install-config-virtualmedia.j2 index c71a03e933..8589d365a4 100644 --- a/ansible-ipi-install/roles/installer/templates/install-config-virtualmedia.j2 +++ b/ansible-ipi-install/roles/installer/templates/install-config-virtualmedia.j2 @@ -101,9 +101,9 @@ platform: {% endif %} {% endif %} {% if ((release_version.split('.')[0]|int == 4) and (release_version.split('.')[1]|int >= 10)) %} -{% if rendered_master_nmstate_yml is defined and rendered_master_nmstate_yml|length %} +{% if master_network_config_template is defined %} networkConfig: -{{ rendered_master_nmstate_yml | indent(10, true) }} +{{ lookup('template', master_network_config_template, template_vars=hostvars[host]) | indent(10, true) }} {% endif %} {% endif %} {% endfor %} @@ -145,9 +145,9 @@ platform: {% endif %} {% endif %} {% if ((release_version.split('.')[0]|int == 4) and (release_version.split('.')[1]|int >= 10)) %} -{% if rendered_worker_nmstate_yml is defined and rendered_worker_nmstate_yml|length %} +{% if worker_network_config_template is defined %} networkConfig: -{{ rendered_worker_nmstate_yml | indent(10, true) }} +{{ lookup('template', worker_network_config_template, template_vars=hostvars[host]) | indent(10, true) }} {% endif %} {% endif %} {% endfor %} diff --git a/ansible-ipi-install/roles/installer/templates/install-config.j2 b/ansible-ipi-install/roles/installer/templates/install-config.j2 index b35443a96c..7ffdda99ef 100644 --- a/ansible-ipi-install/roles/installer/templates/install-config.j2 +++ b/ansible-ipi-install/roles/installer/templates/install-config.j2 @@ -104,9 +104,9 @@ platform: {% endif %} {% endif %} {% if ((release_version.split('.')[0]|int == 4) and (release_version.split('.')[1]|int >= 10)) %} -{% if rendered_master_nmstate_yml is defined and rendered_master_nmstate_yml|length %} +{% if master_network_config_template is defined %} networkConfig: -{{ rendered_master_nmstate_yml | indent(10, true) }} +{{ lookup('template', master_network_config_template, template_vars=hostvars[host]) | indent(10, true) }} {% endif %} {% endif %} {% endfor %} @@ -146,9 +146,9 @@ platform: {% endif %} {% endif %} {% if ((release_version.split('.')[0]|int == 4) and (release_version.split('.')[1]|int >= 10)) %} -{% if rendered_worker_nmstate_yml is defined and rendered_worker_nmstate_yml|length %} +{% if worker_network_config_template is defined %} networkConfig: -{{ rendered_worker_nmstate_yml | indent(10, true) }} +{{ lookup('template', worker_network_config_template, template_vars=hostvars[host]) | indent(10, true) }} {% endif %} {% endif %} {% endfor %} diff --git a/ansible-ipi-install/roles/node-prep/tasks/10_validation.yml b/ansible-ipi-install/roles/node-prep/tasks/10_validation.yml index 9116773e2c..b9c4e90803 100644 --- a/ansible-ipi-install/roles/node-prep/tasks/10_validation.yml +++ b/ansible-ipi-install/roles/node-prep/tasks/10_validation.yml @@ -480,22 +480,42 @@ - always - validation -- name: "Set rendered_master_nmstate_yml from raw value for master nodes" - set_fact: - rendered_master_nmstate_yml: "{{ master_network_config_raw | to_yaml | trim }}" - when: master_network_config_raw is defined +- name: Verify if master_network_config_template is defined and exists + stat: + path: "{{ master_network_config_template }}" + get_checksum: false + register: master_nm_template + when: master_network_config_template is defined + tags: + - always + - validation -- name: "Set rendered_master_nmstate_yml from file for master nodes" - set_fact: - rendered_master_nmstate_yml: "{{ lookup('file', master_network_config_file) }}" - when: master_network_config_file is defined +- name: Fail when master_network_config_template is defined but not exists + fail: + msg: "Variable master_network_config_template is defined but path does not exists" + when: + - master_network_config_template is defined + - not master_nm_template.exists|bool + tags: + - always + - validation -- name: "Set rendered_worker_nmstate_yml from raw value for worker nodes" - set_fact: - rendered_worker_nmstate_yml: "{{ worker_network_config_raw | to_yaml | trim }}" - when: worker_network_config_raw is defined +- name: Verify if worker_network_config_template is defined and exists + stat: + path: "{{ worker_network_config_template }}" + get_checksum: false + register: worker_nm_template + when: worker_network_config_template is defined + tags: + - always + - validation -- name: "Set rendered_worker_nmstate_yml from file for worker nodes" - set_fact: - rendered_worker_nmstate_yml: "{{ lookup('file', worker_network_config_file) }}" - when: worker_network_config_file is defined +- name: Fail when worker_network_config_template is defined but not exists + fail: + msg: "Variable worker_network_config_template is defined but path does not exists" + when: + - worker_network_config_template is defined + - not worker_nm_template.exists|bool + tags: + - always + - validation diff --git a/documentation/ipi-install/modules/ipi-install-modifying-install-config-for-nmstate-network-config-day1.adoc b/documentation/ipi-install/modules/ipi-install-modifying-install-config-for-nmstate-network-config-day1.adoc index a4eb07b263..4779ddd474 100644 --- a/documentation/ipi-install/modules/ipi-install-modifying-install-config-for-nmstate-network-config-day1.adoc +++ b/documentation/ipi-install/modules/ipi-install-modifying-install-config-for-nmstate-network-config-day1.adoc @@ -6,7 +6,7 @@ = Modifying the `install-config.yaml` file to add network config with NMstate at day1 (optional) -1. To deploy an {product-title} cluster with NMstate network config, create an NMState YAML file `nmstate_yaml_file` file. +1. To deploy an {product-title} cluster with NMstate network config, create an NMState YAML file `nmstate_yaml_file`. [source,yaml] ---- diff --git a/features/kubernetes-nmstate/day1/README.md b/features/kubernetes-nmstate/day1/README.md index 25752efcb9..83b0f70cbf 100644 --- a/features/kubernetes-nmstate/day1/README.md +++ b/features/kubernetes-nmstate/day1/README.md @@ -1,61 +1,143 @@ -When using [baremetal_repo](https://github.com/openshift-kni/baremetal-deploy) repository to deploy a cluster you can pass the `networkConfig` settings using two forms: +When using [baremetal_repo](https://github.com/openshift-kni/baremetal-deploy) repository to deploy a cluster you can pass the `networkConfig` settings using YAML files per role: master and worker, such YAML files could optionally include jinja format, and in combination of variables from the respective nodes in the inventory it is possible to render settings per node as desired. The steps to prepare are the following: -a) If you wish to use your own NMState YAML file as created above, you can set `master_network_config_file` and `worker_network_config_file` variables pointing to a path to your desired configuration: +1) Set `master_network_config_template` and `worker_network_config_template` variables pointing to a path to your desired configuration: -As YAML as extra-variables in your deployment: +include the following ansible extra-variables in your deployment: ```yaml -master_network_config_file: "/path/to/your/master_nmstate_file.yaml" -worker_network_config_file: "/path/to/your/worker_nmstate_file.yaml" +master_network_config_template: "/path/to/your/master_nmstate_file.yaml" +worker_network_config_template: "/path/to/your/worker_nmstate_file.yaml" ``` -As JSON in your inventory file: +2) Include NMstate settings in YAML format for each role of nodes: master and workers, in the files of step 1. For example: +Content example of file `master_network_config_template`: +```yaml +interfaces: +- ipv4: + auto-dns: true + dhcp: true + enabled: true + ipv6: + dhcp: false + enabled: false + link-aggregation: + mode: 802.3ad + options: + miimon: 100 + mode: 802.3ad + port: + - ens1f0 + - ens1f1 + mtu: 9000 + name: bond0 + state: up + type: bond ``` -master_network_config_file="/path/to/your/master_nmstate_file.yaml" -worker_network_config_file="/path/to/your/worker_nmstate_file.yaml" + +Content example of file `worker_network_config_template`: +```yaml +interfaces: +- ipv4: + auto-dns: true + dhcp: true + enabled: true + ipv6: + dhcp: false + enabled: false + link-aggregation: + mode: 802.3ad + options: + miimon: 100 + mode: 802.3ad + port: + - ens1f0 + - ens1f1 + mtu: 9000 + name: bond0 + state: up + type: bond +- ipv4: + auto-gateway: false + auto-routes: false + dhcp: true + enabled: true + ipv6: + auto-gateway: false + dhcp: false + enabled: false + mtu: 9000 + name: bond0.100 + state: up + type: vlan + vlan: + base-iface: bond0 + id: 100 ``` -b) If you wish to provide the `networkConfig` settings in a raw YAML variable, you can use the `master_network_config_raw` and `worker_network_config_raw` variables and pass them as extra-variables in your deployment. +The same settings will be used for all nodes of the same role (masters and workers), then it is possible to use jinja format in the content of those files to customize settings per node. This is an example: + +Content example of file `master_network_config_template` with jinja expressions: +```yaml +interfaces: +- name: eno2 + type: ethernet + state: up + ipv4: + address: + - ip: {{ static_ip.split('/')[0] }} + prefix-length: {{ static_ip.split('/')[1] }} + enabled: true +dns-resolver: + config: + server: + - 192.168.0.2 +routes: + config: + - destination: 0.0.0.0/0 + next-hop-address: 192.168.0.1 + next-hop-interface: eno2 +``` +Content example of file `worker_network_config_template` with jinja expressions: ```yaml -master_network_config_raw: - interfaces: - - name: - type: ethernet - state: up - ipv4: - address: - - ip: - prefix-length: 24 - enabled: true - dns-resolver: - config: - server: - - - routes: - config: - - destination: 0.0.0.0/0 - next-hop-address: - next-hop-interface: - -worker_network_config_raw: - interfaces: - - name: - type: ethernet - state: up - ipv4: - address: - - ip: - prefix-length: 24 - enabled: true - dns-resolver: - config: - server: - - - routes: - config: - - destination: 0.0.0.0/0 - next-hop-address: - next-hop-interface: +interfaces: +- name: eno2 + type: ethernet + state: up + ipv4: + address: + - ip: {{ static_ip.split('/')[0] }} + prefix-length: {{ static_ip.split('/')[1] }} + enabled: true +- name: eno3 + type: ethernet + state: up + ipv4: + enabled: true + auto-dns: true + dhcp: true +dns-resolver: + config: + server: + - 192.168.0.2 +routes: + config: + - destination: 0.0.0.0/0 + next-hop-address: 192.168.0.1 + next-hop-interface: eno2 +``` + + +Finally in your inventory you can add variables per node, and they will be rendered from the templates provided. In this example `static_ip` variable will be rendered per node of each role, but you can include more variables if desired. +```json +[masters] +master-0 name=master-0 role=master ipmi_user=admin ipmi_password=password ipmi_address=192.168.1.1 ipmi_port=623 provision_mac=ec:f4:bb:da:0c:58 static_ip="192.168.0.11/24" +master-1 name=master-1 role=master ipmi_user=admin ipmi_password=password ipmi_address=192.168.1.2 ipmi_port=623 provision_mac=ec:f4:bb:da:32:88 static_ip="192.168.0.12/24" +master-2 name=master-2 role=master ipmi_user=admin ipmi_password=password ipmi_address=192.168.1.3 ipmi_port=623 provision_mac=ec:f4:bb:da:0d:98 static_ip="192.168.0.13/24" + +# Worker nodes +[workers] +worker-0 name=worker-0 role=worker ipmi_user=admin ipmi_password=password ipmi_address=192.168.1.4 ipmi_port=623 provision_mac=ec:f4:bb:da:0c:18 static_ip="192.168.0.14/24" +worker-1 name=worker-1 role=worker ipmi_user=admin ipmi_password=password ipmi_address=192.168.1.5 ipmi_port=623 provision_mac=ec:f4:bb:da:32:28 static_ip="192.168.0.15/24" ---- From b94613f2af9598daf48fe2fa0e89a699f8a5d89d Mon Sep 17 00:00:00 2001 From: Manuel Rodriguez Date: Tue, 29 Nov 2022 23:58:01 -0500 Subject: [PATCH 36/97] fix block code of inventory example --- features/kubernetes-nmstate/day1/README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/features/kubernetes-nmstate/day1/README.md b/features/kubernetes-nmstate/day1/README.md index 83b0f70cbf..aa00b3b0eb 100644 --- a/features/kubernetes-nmstate/day1/README.md +++ b/features/kubernetes-nmstate/day1/README.md @@ -130,7 +130,7 @@ routes: Finally in your inventory you can add variables per node, and they will be rendered from the templates provided. In this example `static_ip` variable will be rendered per node of each role, but you can include more variables if desired. -```json +``` [masters] master-0 name=master-0 role=master ipmi_user=admin ipmi_password=password ipmi_address=192.168.1.1 ipmi_port=623 provision_mac=ec:f4:bb:da:0c:58 static_ip="192.168.0.11/24" master-1 name=master-1 role=master ipmi_user=admin ipmi_password=password ipmi_address=192.168.1.2 ipmi_port=623 provision_mac=ec:f4:bb:da:32:88 static_ip="192.168.0.12/24" @@ -140,4 +140,4 @@ master-2 name=master-2 role=master ipmi_user=admin ipmi_password=password ipmi_a [workers] worker-0 name=worker-0 role=worker ipmi_user=admin ipmi_password=password ipmi_address=192.168.1.4 ipmi_port=623 provision_mac=ec:f4:bb:da:0c:18 static_ip="192.168.0.14/24" worker-1 name=worker-1 role=worker ipmi_user=admin ipmi_password=password ipmi_address=192.168.1.5 ipmi_port=623 provision_mac=ec:f4:bb:da:32:28 static_ip="192.168.0.15/24" ----- +``` From cbe5f9c36bd3e0b4defecb461480ff83c7b7882b Mon Sep 17 00:00:00 2001 From: Manuel Rodriguez Date: Wed, 30 Nov 2022 15:40:10 -0500 Subject: [PATCH 37/97] fix template verification with stat conditions --- ansible-ipi-install/roles/node-prep/tasks/10_validation.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ansible-ipi-install/roles/node-prep/tasks/10_validation.yml b/ansible-ipi-install/roles/node-prep/tasks/10_validation.yml index b9c4e90803..d2d8097695 100644 --- a/ansible-ipi-install/roles/node-prep/tasks/10_validation.yml +++ b/ansible-ipi-install/roles/node-prep/tasks/10_validation.yml @@ -495,7 +495,7 @@ msg: "Variable master_network_config_template is defined but path does not exists" when: - master_network_config_template is defined - - not master_nm_template.exists|bool + - not master_nm_template.stat.exists|bool tags: - always - validation @@ -515,7 +515,7 @@ msg: "Variable worker_network_config_template is defined but path does not exists" when: - worker_network_config_template is defined - - not worker_nm_template.exists|bool + - not worker_nm_template.stat.exists|bool tags: - always - validation From 6b5c54566af08375f1721d9f52b53440a5dbcae1 Mon Sep 17 00:00:00 2001 From: Manuel Rodriguez Date: Wed, 30 Nov 2022 17:21:56 -0500 Subject: [PATCH 38/97] delegate NM template checking to ansible controller --- ansible-ipi-install/roles/node-prep/tasks/10_validation.yml | 2 ++ features/kubernetes-nmstate/day1/README.md | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/ansible-ipi-install/roles/node-prep/tasks/10_validation.yml b/ansible-ipi-install/roles/node-prep/tasks/10_validation.yml index d2d8097695..d20d53d839 100644 --- a/ansible-ipi-install/roles/node-prep/tasks/10_validation.yml +++ b/ansible-ipi-install/roles/node-prep/tasks/10_validation.yml @@ -485,6 +485,7 @@ path: "{{ master_network_config_template }}" get_checksum: false register: master_nm_template + delegate_to: localhost when: master_network_config_template is defined tags: - always @@ -505,6 +506,7 @@ path: "{{ worker_network_config_template }}" get_checksum: false register: worker_nm_template + delegate_to: localhost when: worker_network_config_template is defined tags: - always diff --git a/features/kubernetes-nmstate/day1/README.md b/features/kubernetes-nmstate/day1/README.md index aa00b3b0eb..0a3c4e4bd6 100644 --- a/features/kubernetes-nmstate/day1/README.md +++ b/features/kubernetes-nmstate/day1/README.md @@ -2,7 +2,7 @@ When using [baremetal_repo](https://github.com/openshift-kni/baremetal-deploy) r 1) Set `master_network_config_template` and `worker_network_config_template` variables pointing to a path to your desired configuration: -include the following ansible extra-variables in your deployment: +include the following ansible extra-variables in your deployment. The files need to be located in the Ansible controller server: ```yaml master_network_config_template: "/path/to/your/master_nmstate_file.yaml" From 25f962bf9c2d5e0f7b1402747fbfe9b9192d31c1 Mon Sep 17 00:00:00 2001 From: Derek Higgins Date: Fri, 16 Dec 2022 10:51:06 +0000 Subject: [PATCH 39/97] Update test container image Update this image to something that builds and is more recent then Fedora31/Go1.13.5 --- features/Dockerfile.buildimage | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/features/Dockerfile.buildimage b/features/Dockerfile.buildimage index cb3ade0903..b9ac8f20e2 100644 --- a/features/Dockerfile.buildimage +++ b/features/Dockerfile.buildimage @@ -1,11 +1,13 @@ -FROM fedora:31 +FROM fedora:37 ENV GOPATH /go ENV GOBIN /go/bin ENV GOCACHE /go/.cache -ENV GOVERSION 1.13.5 +ENV GOVERSION 1.18.3 ENV PATH=$PATH:/root/.gimme/versions/go"$GOVERSION".linux.amd64/bin:$GOBIN +RUN sleep 3600 + # rpms required for building and running test suites RUN dnf -y install \ gcc \ @@ -24,9 +26,9 @@ RUN mkdir ~/bin && \ eval "$(gimme $GOVERSION)" && \ cat $GIMME_ENV >> $HOME/.bashrc && \ # get required golang tools and OC client - go get github.com/onsi/ginkgo/ginkgo && \ - go get github.com/onsi/gomega/... && \ - go get -u golang.org/x/lint/golint && \ + go install github.com/onsi/ginkgo/ginkgo@latest && \ + go install github.com/onsi/gomega/...@latest && \ + go install golang.org/x/lint/golint@latest && \ export latest_oc_client_version=$(curl https://mirror.openshift.com/pub/openshift-v4/clients/ocp/latest/ 2>/dev/null | grep -o \"openshift-client-linux-4.*tar.gz\" | tr -d \") && \ curl -JL https://mirror.openshift.com/pub/openshift-v4/clients/ocp/latest/${latest_oc_client_version} -o oc.tar.gz && \ tar -xzvf oc.tar.gz && \ @@ -43,4 +45,4 @@ RUN export TMP_BIN=$(mktemp -d) && \ WORKDIR /src/ -ENTRYPOINT [ "/bin/bash" ] \ No newline at end of file +ENTRYPOINT [ "/bin/bash" ] From 146db5b708468cd340645a1b49710eac87673f7a Mon Sep 17 00:00:00 2001 From: Frederic Lepied Date: Thu, 8 Dec 2022 12:54:31 +0100 Subject: [PATCH 40/97] Fix CI - use latest versions of actions in .github/workflows/ansible-lint.yml - fix some reports from ansible-lint --- .ansible-lint | 2 + .github/workflows/ansible-lint.yml | 34 ++ .github/workflows/broken-link-check.yml | 5 + .github/workflows/jekyll.yml | 30 +- .github/workflows/stale.yml | 29 +- .../roles/installer/tasks/10_get_oc.yml | 42 +-- .../tasks/15_disconnected_registry_create.yml | 126 ++++---- .../15_disconnected_registry_existing.yml | 4 +- .../installer/tasks/20_extract_installer.yml | 64 ++-- .../installer/tasks/23_rhcos_image_paths.yml | 2 +- .../installer/tasks/24_rhcos_image_cache.yml | 48 +-- .../tasks/25_create-install-config.yml | 14 +- .../installer/tasks/40_create_manifest.yml | 8 +- .../installer/tasks/50_extramanifests.yml | 30 +- .../tasks/55_customize_filesystem.yml | 94 +++--- .../installer/tasks/59_cleanup_bootstrap.yml | 14 +- .../tasks/59_power_off_cluster_servers.yml | 2 +- .../roles/installer/tasks/60_deploy_ocp.yml | 2 +- .../tasks/70_cleanup_sub_man_registration.yml | 2 +- .../roles/installer/tasks/main.yml | 10 +- .../roles/node-prep/tasks/10_validation.yml | 298 +++++++++--------- .../15_validation_disconnected_registry.yml | 26 +- .../node-prep/tasks/20_sub_man_register.yml | 6 +- .../roles/node-prep/tasks/30_req_packages.yml | 4 +- .../roles/node-prep/tasks/40_bridge.yml | 46 +-- .../node-prep/tasks/45_networking_facts.yml | 14 +- .../node-prep/tasks/50_modify_sudo_user.yml | 6 +- .../node-prep/tasks/60_enabled_services.yml | 18 +- .../tasks/70_enabled_fw_services.yml | 20 +- .../roles/node-prep/tasks/80_libvirt_pool.yml | 4 +- .../tasks/90_create_config_install_dirs.yml | 4 +- .../roles/node-prep/tasks/main.yml | 8 +- 32 files changed, 538 insertions(+), 478 deletions(-) create mode 100644 .github/workflows/ansible-lint.yml diff --git a/.ansible-lint b/.ansible-lint index 37da5f523b..436b1c227a 100644 --- a/.ansible-lint +++ b/.ansible-lint @@ -8,3 +8,5 @@ skip_list: - '601' - '602' - '701' + - ignore-errors + - var-naming diff --git a/.github/workflows/ansible-lint.yml b/.github/workflows/ansible-lint.yml new file mode 100644 index 0000000000..7bd8074550 --- /dev/null +++ b/.github/workflows/ansible-lint.yml @@ -0,0 +1,34 @@ +--- +name: Ansible Lint # feel free to pick your own name + +on: pull_request + +jobs: + build: + runs-on: ubuntu-latest + + steps: + # Important: This sets up your GITHUB_WORKSPACE environment variable + - uses: actions/checkout@v3.2.0 + + - uses: actions/cache@v3.0.11 + with: + path: ~/.cache/pip + key: ${{ runner.os }}-pip-${{ hashFiles('**/*requirements.txt') }} + restore-keys: | + ${{ runner.os }}-pip- + + - uses: actions/setup-python@v4.3.1 + + - name: Install dependencies + run: | + python -m pip install --upgrade pip + pip install flake8 pytest + if [ -f requirements.txt ]; then pip install -r requirements.txt; fi + if [ -f test-requirements.txt ]; then pip install -r test-requirements.txt; fi + + - name: Lint Ansible Playbook + run: | + ansible-lint -p --force-color -c .ansible-lint ansible-ipi-install/playbook.yml + +... diff --git a/.github/workflows/broken-link-check.yml b/.github/workflows/broken-link-check.yml index d8b6ebd1fc..8caf18e6f3 100644 --- a/.github/workflows/broken-link-check.yml +++ b/.github/workflows/broken-link-check.yml @@ -1,3 +1,5 @@ +--- + on: schedule: - cron: "0 0 * * *" # daily @@ -14,3 +16,6 @@ jobs: steps: - name: Broken Link Check uses: technote-space/broken-link-checker-action@v2.3.1 + +... + diff --git a/.github/workflows/jekyll.yml b/.github/workflows/jekyll.yml index 6e475ff699..f36285e0f2 100644 --- a/.github/workflows/jekyll.yml +++ b/.github/workflows/jekyll.yml @@ -1,3 +1,5 @@ +--- + name: Deploy via Jekyll on GitHub pages on: @@ -5,23 +7,25 @@ on: branches: - master schedule: - - cron: '0 0 * * *' + - cron: '0 0 * * *' jobs: jekyll: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3.2.0 + - uses: actions/checkout@v3.2.0 + + # Use GitHub Actions' cache to shorten build times and decrease load on servers + - uses: actions/cache@v3.0.11 + with: + path: vendor/bundle + key: ${{ runner.os }}-gems-${{ hashFiles('**/Gemfile.lock') }} + restore-keys: | + ${{ runner.os }}-gems- - # Use GitHub Actions' cache to shorten build times and decrease load on servers - - uses: actions/cache@v3.0.11 - with: - path: vendor/bundle - key: ${{ runner.os }}-gems-${{ hashFiles('**/Gemfile.lock') }} - restore-keys: | - ${{ runner.os }}-gems- + - uses: iranzo/gh-pages-jekyll-action@1 + env: + GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}} + SOURCE_FOLDER: website - - uses: iranzo/gh-pages-jekyll-action@1 - env: - GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}} - SOURCE_FOLDER: website +... diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml index 4b46b2d4dd..f9991e4fa8 100644 --- a/.github/workflows/stale.yml +++ b/.github/workflows/stale.yml @@ -1,20 +1,25 @@ +--- + name: "Close stale issues" on: schedule: - - cron: "0 0 * * *" + - cron: "0 0 * * *" jobs: stale: runs-on: ubuntu-latest steps: - - uses: actions/stale@v6 - with: - repo-token: ${{ secrets.GITHUB_TOKEN }} - stale-issue-message: 'This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 7 days' - days-before-stale: 90 - days-before-close: 30 - stale-pr-message: 'This PR is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 7 days' - stale-issue-label: 'no-issue-activity' - exempt-issue-labels: 'awaiting-approval,work-in-progress' - stale-pr-label: 'no-pr-activity' - exempt-pr-labels: 'awaiting-approval,work-in-progress' + - uses: actions/stale@v6 + with: + repo-token: ${{ secrets.GITHUB_TOKEN }} + stale-issue-message: 'This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 7 days' + days-before-stale: 90 + days-before-close: 30 + stale-pr-message: 'This PR is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 7 days' + stale-issue-label: 'no-issue-activity' + exempt-issue-labels: 'awaiting-approval,work-in-progress' + stale-pr-label: 'no-pr-activity' + exempt-pr-labels: 'awaiting-approval,work-in-progress' + +... + diff --git a/ansible-ipi-install/roles/installer/tasks/10_get_oc.yml b/ansible-ipi-install/roles/installer/tasks/10_get_oc.yml index 60e7b5a672..674f9b8f74 100644 --- a/ansible-ipi-install/roles/installer/tasks/10_get_oc.yml +++ b/ansible-ipi-install/roles/installer/tasks/10_get_oc.yml @@ -14,8 +14,8 @@ file_type: directory register: tmp_results tags: - - cleanup - - getoc + - cleanup + - getoc - name: Delete any old tmp dirs with OpenShift related binaries file: @@ -23,8 +23,8 @@ state: absent loop: "{{ tmp_results['files'] }}" tags: - - cleanup - - getoc + - cleanup + - getoc - name: Find any existing /usr/local/bin OpenShift binaries find: @@ -32,18 +32,18 @@ patterns: 'oc,openshift-baremetal-install,kubectl' register: binary_results tags: - - cleanup - - getoc + - cleanup + - getoc - name: Remove any existing /usr/local/bin OpenShift binaries file: path: "{{ item['path'] }}" state: absent loop: "{{ binary_results['files'] }}" - become: yes + become: true tags: - - cleanup - - getoc + - cleanup + - getoc - name: Create tmp directory to store OpenShift binaries tempfile: @@ -67,20 +67,20 @@ when: registry_creation|bool delegate_to: "{{ groups['registry_host'][0] }}" tags: - - getoc + - getoc - name: Set fact for tmp directory on registry host set_fact: registry_host_tempdir: "{{ registryhost_tempdir.path }}" when: registry_creation|bool tags: - - getoc + - getoc - name: Setting Fact of which ansible temp file to use set_fact: temp_directory_loc: "{{ (registry_creation) | ternary(registry_host_tempdir, tempdir) }}" tags: - - getoc + - getoc - name: Get the ocp client tar gunzip file get_url: @@ -92,17 +92,17 @@ delegate_to: "{{ registry_creation | ternary(groups['registry_host'][0], groups['provisioner'][0]) }}" tags: getoc -#If the registry host got the tar, lets just copy it to the prov host +# If the registry host got the tar, lets just copy it to the prov host # 15_disconnected_registry_create.yml can handle extracting to the registry host already - name: Get the openshift-client-linux-{{ release_version }}.tar.gz from registry host into temp file on control machine fetch: dest: /tmp/ - flat: yes + flat: true src: "{{ temp_directory_loc }}/openshift-client-linux-{{ release_version }}.tar.gz" when: registry_creation|bool delegate_to: "{{ groups['registry_host'][0] }}" tags: - - getoc + - getoc - name: Copy the openshift-client-linux-{{ release_version }}.tar.gz from control machine to the provisioner host copy: @@ -111,10 +111,10 @@ owner: "{{ ansible_user }}" group: "{{ ansible_user }}" mode: 0755 - become: yes + become: true when: registry_creation|bool tags: - - getoc + - getoc - name: Remove the temporary copy of the openshift-client-linux-{{ release_version }}.tar.gz on control machine file: @@ -123,7 +123,7 @@ when: registry_creation|bool delegate_to: localhost tags: - - getoc + - getoc - name: "Untar the openshift-client-linux-{{ release_version }}.tar.gz" unarchive: @@ -132,7 +132,7 @@ owner: "{{ ansible_user }}" group: "{{ ansible_user }}" mode: '0755' - remote_src: yes + remote_src: true tags: getoc - name: Copy oc binary to /usr/local/bin @@ -142,8 +142,8 @@ owner: "{{ ansible_user }}" group: "{{ ansible_user }}" mode: '0755' - remote_src: yes - become: yes + remote_src: true + become: true loop: - kubectl - oc diff --git a/ansible-ipi-install/roles/installer/tasks/15_disconnected_registry_create.yml b/ansible-ipi-install/roles/installer/tasks/15_disconnected_registry_create.yml index 7c89a01d6f..9ff967a87f 100644 --- a/ansible-ipi-install/roles/installer/tasks/15_disconnected_registry_create.yml +++ b/ansible-ipi-install/roles/installer/tasks/15_disconnected_registry_create.yml @@ -8,7 +8,7 @@ when: groups['registry_host'][0] != groups['provisioner'][0] delegate_to: "{{ groups['registry_host'][0] }}" tags: - - create_registry + - create_registry - name: Delete any old tmp dirs with OpenShift related binaries on registry host file: @@ -18,7 +18,7 @@ when: groups['registry_host'][0] != groups['provisioner'][0] delegate_to: "{{ groups['registry_host'][0] }}" tags: - - create_registry + - create_registry - name: Find any existing /usr/local/bin OpenShift binaries on registry host find: @@ -28,7 +28,7 @@ when: groups['registry_host'][0] != groups['provisioner'][0] delegate_to: "{{ groups['registry_host'][0] }}" tags: - - create_registry + - create_registry - name: Remove any existing /usr/local/bin OpenShift binaries on registry host file: @@ -37,18 +37,18 @@ loop: "{{ binary_results['files'] }}" when: groups['registry_host'][0] != groups['provisioner'][0] delegate_to: "{{ groups['registry_host'][0] }}" - become: yes + become: true tags: - - create_registry + - create_registry - name: Get the oc command from provisioner into temp file on control machine fetch: dest: /tmp/ - flat: yes + flat: true src: /usr/local/bin/oc when: groups['registry_host'][0] != groups['provisioner'][0] tags: - - create_registry + - create_registry - name: Copy the oc command from control machine to the registry host copy: @@ -57,11 +57,11 @@ owner: "{{ ansible_user }}" group: "{{ ansible_user }}" mode: 0755 - become: yes + become: true when: groups['registry_host'][0] != groups['provisioner'][0] delegate_to: "{{ groups['registry_host'][0] }}" tags: - - create_registry + - create_registry - name: Remove the temporary copy of the oc command on control machine file: @@ -70,7 +70,7 @@ when: groups['registry_host'][0] != groups['provisioner'][0] delegate_to: localhost tags: - - create_registry + - create_registry - name: Create tmp directory to store OpenShift binaries on registry host tempfile: @@ -80,13 +80,13 @@ register: registry_tempdir delegate_to: "{{ groups['registry_host'][0] }}" tags: - - create_registry + - create_registry - name: Set fact for tmp directory on registry host set_fact: tempdir: "{{ registry_tempdir.path }}" tags: - - create_registry + - create_registry - name: Create disconnected registry block: @@ -101,12 +101,12 @@ - name: Verify the certificate variables are set fail: msg: - - "Must specify cert_country, cert_state, cert_locality, cert_organization, and cert_organizational_unit" - - "cert_country: {{ cert_country }}" - - "cert_state: {{ cert_state }}" - - "cert_locality: {{ cert_locality }}" - - "cert_organization: {{ cert_organization }}" - - "cert_organizational_unit: {{ cert_organizational_unit }}" + - "Must specify cert_country, cert_state, cert_locality, cert_organization, and cert_organizational_unit" + - "cert_country: {{ cert_country }}" + - "cert_state: {{ cert_state }}" + - "cert_locality: {{ cert_locality }}" + - "cert_organization: {{ cert_organization }}" + - "cert_organizational_unit: {{ cert_organizational_unit }}" when: ( cert_country is not defined ) or ( cert_country is none ) or ( cert_country | trim == '' ) @@ -134,14 +134,14 @@ - name: Open registry port, zone libvirt and public, for firewalld firewalld: port: "{{ registry_port }}/tcp" - permanent: yes - immediate: yes + permanent: true + immediate: true state: enabled zone: "{{ item }}" - become: yes + become: true with_items: - - libvirt - - public + - libvirt + - public when: firewall != "iptables" - name: Open registry port for iptables @@ -150,13 +150,13 @@ protocol: tcp destination_port: "{{ registry_port }}" jump: ACCEPT - become: yes + become: true when: firewall == "iptables" - name: Save iptables configuration shell: | /usr/sbin/iptables-save > /etc/sysconfig/iptables - become: yes + become: true when: firewall == "iptables" - name: Create directory to hold the registry files @@ -166,7 +166,7 @@ owner: "{{ ansible_user }}" group: "{{ ansible_user }}" mode: u=rwX,g=rX,o=rX - recurse: yes + recurse: true loop: - "{{ registry_dir_auth }}" - "{{ registry_dir_cert }}" @@ -183,8 +183,8 @@ dest: "{{ registry_dir_auth }}/htpasswd" owner: "{{ ansible_user }}" group: "{{ ansible_user }}" - backup: yes - force: yes + backup: true + force: true - name: Set disconnected_auth set_fact: @@ -198,15 +198,15 @@ copy: content: "{{ disconnected_auth }}" dest: "{{ ansible_env.HOME }}/{{ registry_auth_file }}" - backup: yes - force: yes + backup: true + force: true - name: Write auth for disconnected to localhost copy: content: "{{ disconnected_auth }}" dest: "{{ lookup ('env', 'PWD') }}/{{ registry_auth_file }}" - backup: yes - force: yes + backup: true + force: true delegate_to: localhost - name: append auth to pullsecret @@ -221,7 +221,7 @@ - name: Generate an OpenSSL private key openssl_privatekey: - path: "{{ registry_dir_cert }}/domain.key" + path: "{{ registry_dir_cert }}/domain.key" - name: Generate an OpenSSL CSR openssl_csr: @@ -233,8 +233,8 @@ locality_name: "{{ cert_locality }}" organization_name: "{{ cert_organization }}" organizational_unit_name: "{{ cert_organizational_unit }}" - basic_constraints_critical: yes - create_subject_key_identifier: yes + basic_constraints_critical: true + create_subject_key_identifier: true basic_constraints: ['CA:TRUE'] - name: Generate a selfsigned OpenSSL CA Certificate @@ -250,19 +250,19 @@ ownca_privatekey_path: "{{ registry_dir_cert }}/domain.key" csr_path: "{{ registry_dir_cert }}/domain.csr" ownca_path: "{{ registry_dir_cert }}/domainCA.crt" - ownca_create_authority_key_identifier: yes + ownca_create_authority_key_identifier: true provider: ownca - name: Copy cert to pki directory copy: src: "{{ registry_dir_cert }}/domain.crt" dest: /etc/pki/ca-trust/source/anchors/domain.crt - remote_src: yes + remote_src: true group: "{{ ansible_user }}" owner: "{{ ansible_user }}" mode: 0644 - force: yes - backup: yes + force: true + backup: true become: true - name: Update the CA trust files @@ -294,7 +294,7 @@ container_registry_pidfile: "{{ registry_container_info.container.ConmonPidFile }}" - name: Ensure user specific systemd instance are persistent - command: | + command: | /usr/bin/loginctl enable-linger {{ ansible_user }} - name: Create systemd user directory @@ -326,14 +326,14 @@ - name: Reload systemd service systemd: - daemon_reexec: yes + daemon_reexec: true scope: user environment: DBUS_SESSION_BUS_ADDRESS: "{{ ansible_env.DBUS_SESSION_BUS_ADDRESS|default('unix:path=/run/user/' + ansible_effective_user_id|string + '/bus') }}" - name: Enable container-registry.service systemd: name: container-registry - enabled: yes + enabled: true scope: user environment: DBUS_SESSION_BUS_ADDRESS: "{{ ansible_env.DBUS_SESSION_BUS_ADDRESS|default('unix:path=/run/user/' + ansible_effective_user_id|string + '/bus') }}" @@ -361,35 +361,35 @@ copy: content: "{{ install_config_appends }}" dest: "{{ ansible_env.HOME }}/{{ install_config_appends_file }}" - backup: yes - force: yes + backup: true + force: true - name: Create {{ install_config_appends_file }} on localhost copy: content: "{{ install_config_appends }}" dest: "{{ lookup ('env', 'PWD') }}/{{ install_config_appends_file }}" - backup: yes - force: yes + backup: true + force: true delegate_to: localhost - name: Information debug: msg: - - "To reuse this disconnected registry for other deployments, you must do the following:" - - "Add the authentication from either " - - " {{ ansible_env.HOME }}/{{ registry_auth_file }} on {{ inventory_hostname }}" - - " or {{ ansible_env.HOME }}/{{ registry_auth_file }} on this server to your pull secret." - - "" - - "Append the contents of either of the " - - " {{ ansible_env.HOME }}/{{ install_config_appends_file }} on {{ inventory_hostname }} " - - " or {{ ansible_env.HOME }}/{{ install_config_appends_file }} on this server to your" - - " install-config.yaml file." + - "To reuse this disconnected registry for other deployments, you must do the following:" + - "Add the authentication from either " + - " {{ ansible_env.HOME }}/{{ registry_auth_file }} on {{ inventory_hostname }}" + - " or {{ ansible_env.HOME }}/{{ registry_auth_file }} on this server to your pull secret." + - "" + - "Append the contents of either of the " + - " {{ ansible_env.HOME }}/{{ install_config_appends_file }} on {{ inventory_hostname }} " + - " or {{ ansible_env.HOME }}/{{ install_config_appends_file }} on this server to your" + - " install-config.yaml file." - name: Create temporary pullsecret file copy: content: "{{ pullsecret }}" dest: "{{ ansible_env.HOME }}/pullsecret.txt" - force: yes + force: true - name: Mirror remote registry to local command: @@ -408,23 +408,23 @@ delegate_to: "{{ groups['registry_host'][0] }}" tags: - - disconnected - - create_registry + - disconnected + - create_registry - name: Set fact to pull oc installer from disconnected registry set_fact: disconnected_installer: "{{ local_registry }}/{{ local_repo }}:{{ release_version }}" tags: - - create_registry + - create_registry - name: Fetch the domain cert from the registry host fetch: dest: /tmp/domain.crt src: "{{ registry_dir_cert }}/domain.crt" - flat: yes + flat: true delegate_to: "{{ groups['registry_host'][0] }}" tags: - - create_registry + - create_registry - name: Copy the domain cert to the provisioner host copy: @@ -435,10 +435,10 @@ mode: 0644 become: true tags: - - create_registry + - create_registry - name: Update the CA trust files on the provisioner host command: update-ca-trust extract become: true tags: - - create_registry + - create_registry diff --git a/ansible-ipi-install/roles/installer/tasks/15_disconnected_registry_existing.yml b/ansible-ipi-install/roles/installer/tasks/15_disconnected_registry_existing.yml index 5fe44ab754..fff3514009 100644 --- a/ansible-ipi-install/roles/installer/tasks/15_disconnected_registry_existing.yml +++ b/ansible-ipi-install/roles/installer/tasks/15_disconnected_registry_existing.yml @@ -11,7 +11,7 @@ - name: Check if the {{ disconnected_registry_mirrors_file }} exists fail: msg: - - "The disconnected_registry_mirrors_file is defined, but does not exist" + - "The disconnected_registry_mirrors_file is defined, but does not exist" when: drm_file.stat.exists != true - name: Read the contents of {{ disconnected_registry_mirrors_file }} @@ -33,7 +33,7 @@ - name: Check if the {{ disconnected_registry_auths_file }} exists fail: msg: - - "The disconnected_registry_auths_file is defined, but does not exist" + - "The disconnected_registry_auths_file is defined, but does not exist" when: dra_file.stat.exists != true - name: Read disconnected auths diff --git a/ansible-ipi-install/roles/installer/tasks/20_extract_installer.yml b/ansible-ipi-install/roles/installer/tasks/20_extract_installer.yml index de00afe0b5..34774e0fe4 100644 --- a/ansible-ipi-install/roles/installer/tasks/20_extract_installer.yml +++ b/ansible-ipi-install/roles/installer/tasks/20_extract_installer.yml @@ -6,21 +6,21 @@ owner: "{{ ansible_user }}" group: "{{ ansible_user }}" mode: '0644' - force: yes + force: true tags: - - pullsecret - - extract + - pullsecret + - extract - name: Get the PullSecret from provisioner into temp file on control machine fetch: dest: /tmp/ - flat: yes + flat: true src: "{{ dir }}/pull-secret.txt" when: - registry_creation|bool - groups['registry_host'][0] != groups['provisioner'][0] tags: - - extract + - extract - name: Create config dir file: @@ -34,7 +34,7 @@ - groups['registry_host'][0] != groups['provisioner'][0] delegate_to: "{{ groups['registry_host'][0] }}" tags: - - extract + - extract - name: Copy the PullSecret from control machine to the registry host copy: @@ -43,13 +43,13 @@ owner: "{{ ansible_user }}" group: "{{ ansible_user }}" mode: 0755 - become: yes + become: true when: - registry_creation|bool - groups['registry_host'][0] != groups['provisioner'][0] delegate_to: "{{ groups['registry_host'][0] }}" tags: - - extract + - extract - name: Remove the temporary copy of the PullSecret on control machine file: @@ -60,27 +60,30 @@ - groups['registry_host'][0] != groups['provisioner'][0] delegate_to: localhost tags: - - extract + - extract - name: Confirm whether or not internet connectivity on provisioner host uri: url: https://www.redhat.com - status_code: [-1,200] + status_code: [-1, 200] timeout: 1 register: the_url tags: - - extract + - extract - name: Setting Fact of which ansible temp file to use set_fact: tempdir_loc: "{{ disconnected_installer | ternary(registry_host_tempdir, tempdir) }}" tags: - - extract + - extract -#on my other system tempdir_loc required .path (in case you need to revert) +# on my other system tempdir_loc required .path (in case you need to revert) - name: Extracting the installer - command: | - /usr/local/bin/oc adm release extract --registry-config {{ pullsecret_file | quote }} --command={{ cmd |quote }} --to {{ tempdir_loc }} {{ disconnected_installer | ternary(disconnected_installer, release_image) }} + command: > + /usr/local/bin/oc adm release extract + --registry-config {{ pullsecret_file | quote }} + --command={{ cmd |quote }} + --to {{ tempdir_loc }} {{ disconnected_installer | ternary(disconnected_installer, release_image) }} args: chdir: "{{ tempdir }}" when: (disconnected_installer|length or the_url.status == 200) @@ -96,11 +99,14 @@ - groups['registry_host'][0] != groups['provisioner'][0] delegate_to: "{{ groups['registry_host'][0] }}" tags: - - extract + - extract -#- name: Extracting the installer -# shell: | -# /usr/local/bin/oc adm release extract --registry-config {{ pullsecret_file | quote }} --command={{ cmd |quote }} --to {{ tempdir | quote }} {{ disconnected_installer | ternary(disconnected_installer, release_image) }} +# - name: Extracting the installer +# shell: > +# /usr/local/bin/oc adm release extract +# --registry-config {{ pullsecret_file | quote }} +# --command={{ cmd |quote }} +# --to {{ tempdir | quote }} {{ disconnected_installer | ternary(disconnected_installer, release_image) }} # args: # chdir: "{{ tempdir }}" # executable: /bin/bash @@ -112,31 +118,31 @@ dest: "{{ tempdir }}/openshift-baremetal-install" when: (the_url.status == -1 and disconnected_installer|length == 0) tags: - - extract + - extract - name: Copy openshift-baremetal-install binary to /usr/local/bin copy: - #src: "{{ tempdir_loc.path }}/openshift-baremetal-install" + # src: "{{ tempdir_loc.path }}/openshift-baremetal-install" src: "{{ tempdir_loc }}/openshift-baremetal-install" dest: /usr/local/bin/ owner: "{{ ansible_user }}" group: "{{ ansible_user }}" mode: '0755' - remote_src: yes + remote_src: true delegate_to: "{{ disconnected_installer | ternary(groups['registry_host'][0], groups['provisioner'][0]) }}" - become: yes + become: true tags: extract - name: Get the openshift-baremetal-install from registry host into temp file on control machine fetch: dest: /tmp/ - flat: yes - #src: "{{ tempdir_loc.path }}/openshift-baremetal-install" + flat: true + # src: "{{ tempdir_loc.path }}/openshift-baremetal-install" src: "{{ tempdir_loc }}/openshift-baremetal-install" when: registry_creation|bool delegate_to: "{{ groups['registry_host'][0] }}" tags: - - extract + - extract - name: Copy the openshift-baremetal-install binary from control machine to the provisioner host copy: @@ -145,12 +151,12 @@ owner: "{{ ansible_user }}" group: "{{ ansible_user }}" mode: 0755 - become: yes + become: true when: - registry_creation|bool - groups['registry_host'][0] != groups['provisioner'][0] tags: - - extract + - extract - name: Remove the temporary copy of the openshift-baremetal-install binary on control machine file: @@ -161,4 +167,4 @@ - groups['registry_host'][0] != groups['provisioner'][0] delegate_to: localhost tags: - - extract + - extract diff --git a/ansible-ipi-install/roles/installer/tasks/23_rhcos_image_paths.yml b/ansible-ipi-install/roles/installer/tasks/23_rhcos_image_paths.yml index 1670668875..81582f3b8f 100644 --- a/ansible-ipi-install/roles/installer/tasks/23_rhcos_image_paths.yml +++ b/ansible-ipi-install/roles/installer/tasks/23_rhcos_image_paths.yml @@ -15,7 +15,7 @@ - name: Get RHCOS JSON File uri: url: "{{ (disconnected_installer|length == 0 and the_url.status == -1) | ternary(offline_url, online_url) }}" - return_content: yes + return_content: true until: rhcos_json.status == 200 retries: 6 # 1 minute (10 * 6) delay: 10 # Every 10 seconds diff --git a/ansible-ipi-install/roles/installer/tasks/24_rhcos_image_cache.yml b/ansible-ipi-install/roles/installer/tasks/24_rhcos_image_cache.yml index 459bc8321b..b2ac7745fb 100644 --- a/ansible-ipi-install/roles/installer/tasks/24_rhcos_image_cache.yml +++ b/ansible-ipi-install/roles/installer/tasks/24_rhcos_image_cache.yml @@ -6,14 +6,14 @@ - name: Confirm whether or not internet connectivity on provisioner host uri: url: https://www.redhat.com - status_code: [-1,200] + status_code: [-1, 200] timeout: 1 register: the_url tags: cache - name: Check if url status is 200 is true set_fact: - url_passed : true + url_passed: true when: - the_url.status == 200 tags: cache @@ -42,9 +42,9 @@ verbosity: 2 tags: cache -#if i made it this far to create a webserver, one of the hosts needs online access -#if disconnected_installer is true use the registry host as it indeed does have access -#if not true use the provision host but only do that when: the_url.status == 200 +# if i made it this far to create a webserver, one of the hosts needs online access +# if disconnected_installer is true use the registry host as it indeed does have access +# if not true use the provision host but only do that when: the_url.status == 200 - name: Fail when provision host no online access and registry host not creating registry (can't assume access) fail: msg: A host with online access is required to create cache webserver (provision host or a registry host) @@ -53,9 +53,9 @@ - disconnected_installer|length == 0 tags: cache -#SELinux when already has httpd_sys_content_t giving issues changing,thus leaving it the same -#for the provision_cache_store to prevent issues. Also removing ":z" from podman_container for -#provision_cache_store in the later task. +# SELinux when already has httpd_sys_content_t giving issues changing,thus leaving it the same +# for the provision_cache_store to prevent issues. Also removing ":z" from podman_container for +# provision_cache_store in the later task. - name: Create {{ provision_cache_store }} and {{ httpd_cache_files }} on host with online access file: path: "{{ item[0] }}" @@ -65,8 +65,8 @@ setype: "{{ item[1] }}" mode: '0775' with_nested: - - [ "{{ provision_cache_store }}" , "{{ httpd_cache_files }}" ] - - [ 'httpd_sys_content_t', '_default' ] + - ["{{ provision_cache_store }}", "{{ httpd_cache_files }}"] + - ['httpd_sys_content_t', '_default'] delegate_to: "{{ url_passed | ternary(groups['provisioner'][0], groups['registry_host'][0]) }}" tags: cache @@ -77,8 +77,8 @@ owner: "{{ ansible_user }}" group: "{{ ansible_user }}" with_nested: - - [ 'magic.j2', 'httpd_conf.j2' ] - - [ 'magic', 'httpd.conf' ] + - ['magic.j2', 'httpd_conf.j2'] + - ['magic', 'httpd.conf'] delegate_to: "{{ url_passed | ternary(groups['provisioner'][0], groups['registry_host'][0]) }}" tags: cache @@ -105,7 +105,7 @@ - name: Download {{ rhcos_qemu_uri }} for cache get_url: - url: "{{ rhcos_path }}{{ rhcos_qemu_uri }}" + url: "{{ rhcos_path }}{{ rhcos_qemu_uri }}" dest: "{{ provision_cache_store }}{{ rhcos_qemu_uri }}" owner: "{{ ansible_user }}" group: "{{ ansible_user }}" @@ -119,7 +119,7 @@ - name: Download {{ rhcos_uri }} for cache get_url: - url: "{{ rhcos_path }}{{ rhcos_uri }}" + url: "{{ rhcos_path }}{{ rhcos_uri }}" dest: "{{ provision_cache_store }}{{ rhcos_uri }}" owner: "{{ ansible_user }}" group: "{{ ansible_user }}" @@ -131,9 +131,9 @@ delegate_to: "{{ url_passed | ternary(groups['provisioner'][0], groups['registry_host'][0]) }}" tags: cache - #use the hostname from the inventory to groups[registry][0] or provisioner[0] as the http://URL - #use a ternary to toggle between the url status - #use a ternary for the delegate_to + # use the hostname from the inventory to groups[registry][0] or provisioner[0] as the http://URL + # use a ternary to toggle between the url status + # use a ternary for the delegate_to - name: Get URL of host providing the webserver set_fact: host_url: "{{ the_url.status == 200 | ternary(groups['provisioner'][0], groups['registry_host'][0]) }}" @@ -163,10 +163,10 @@ msg: "{{ clusterosimage }}" verbosity: 2 -#Leaving SELinux details alone and not using ":z" -#for the provision_cache_store due to issues attempting -#to revert context. Leaving behavior as it was previously -#to avoid breaking other user environments. +# Leaving SELinux details alone and not using ":z" +# for the provision_cache_store due to issues attempting +# to revert context. Leaving behavior as it was previously +# to avoid breaking other user environments. - name: Start RHCOS image cache container containers.podman.podman_container: name: rhcos_image_cache @@ -189,7 +189,7 @@ - name: Ensuring container restarts upon reboot block: - name: Ensure user specific systemd instance are persistent - command: | + command: | /usr/bin/loginctl enable-linger {{ ansible_user }} - name: Create systemd user directory @@ -221,14 +221,14 @@ - name: Reload systemd service systemd: - daemon_reexec: yes + daemon_reexec: true scope: user environment: DBUS_SESSION_BUS_ADDRESS: "{{ ansible_env.DBUS_SESSION_BUS_ADDRESS|default('unix:path=/run/user/' + ansible_effective_user_id|string + '/bus') }}" - name: Enable container-cache.service systemd: name: container-cache.service - enabled: yes + enabled: true scope: user environment: DBUS_SESSION_BUS_ADDRESS: "{{ ansible_env.DBUS_SESSION_BUS_ADDRESS|default('unix:path=/run/user/' + ansible_effective_user_id|string + '/bus') }}" diff --git a/ansible-ipi-install/roles/installer/tasks/25_create-install-config.yml b/ansible-ipi-install/roles/installer/tasks/25_create-install-config.yml index f0f61c4f38..a053d9b03a 100644 --- a/ansible-ipi-install/roles/installer/tasks/25_create-install-config.yml +++ b/ansible-ipi-install/roles/installer/tasks/25_create-install-config.yml @@ -25,9 +25,9 @@ group: "{{ ansible_user }}" mode: '0644' when: - - pullsecret is defined - - pullsecret != "" - - not enable_virtualmedia|bool + - pullsecret is defined + - pullsecret != "" + - not enable_virtualmedia|bool tags: installconfig - name: Generate virtualmedia install-config.yaml @@ -38,9 +38,9 @@ group: "{{ ansible_user }}" mode: '0644' when: - - pullsecret is defined - - pullsecret != "" - - enable_virtualmedia|bool + - pullsecret is defined + - pullsecret != "" + - enable_virtualmedia|bool tags: installconfig - name: Make a backup of the install-config.yaml file @@ -50,5 +50,5 @@ owner: "{{ ansible_user }}" group: "{{ ansible_user }}" mode: '0644' - remote_src: yes + remote_src: true tags: installconfig diff --git a/ansible-ipi-install/roles/installer/tasks/40_create_manifest.yml b/ansible-ipi-install/roles/installer/tasks/40_create_manifest.yml index 37444b9498..610d639c75 100644 --- a/ansible-ipi-install/roles/installer/tasks/40_create_manifest.yml +++ b/ansible-ipi-install/roles/installer/tasks/40_create_manifest.yml @@ -8,13 +8,13 @@ file: path: "{{ item }}" state: directory - recurse: yes + recurse: true owner: "{{ ansible_user }}" group: "{{ ansible_user }}" mode: '0755' with_items: - - "{{ dir }}/openshift" - - "{{ dir }}/manifests" + - "{{ dir }}/openshift" + - "{{ dir }}/manifests" tags: manifests - name: Copy the metal3-config.yaml to {{ dir }}/openshift directory @@ -24,6 +24,6 @@ owner: "{{ ansible_user }}" group: "{{ ansible_user }}" mode: '0644' - remote_src: yes + remote_src: true when: (release_version.split('.')[0]|int == 4) and (release_version.split('.')[1]|int <= 3) tags: manifests diff --git a/ansible-ipi-install/roles/installer/tasks/50_extramanifests.yml b/ansible-ipi-install/roles/installer/tasks/50_extramanifests.yml index b232182c4c..3c369ab51d 100644 --- a/ansible-ipi-install/roles/installer/tasks/50_extramanifests.yml +++ b/ansible-ipi-install/roles/installer/tasks/50_extramanifests.yml @@ -5,9 +5,9 @@ - name: Copy Dual-Stack related manifest copy: - src: ipv6-dual-stack-no-upgrade.yml - dest: "{{ extramanifestsopenshift_path }}/" - mode: 0644 + src: ipv6-dual-stack-no-upgrade.yml + dest: "{{ extramanifestsopenshift_path }}/" + mode: 0644 when: - ipv6_enabled|bool - dualstack_baremetal @@ -40,18 +40,18 @@ - name: Manage chrony configuration block: - - name: Create chrony.conf - set_fact: - chronyconfig: "{{ lookup('template', 'chrony.conf.j2') | b64encode }}" + - name: Create chrony.conf + set_fact: + chronyconfig: "{{ lookup('template', 'chrony.conf.j2') | b64encode }}" - - name: Inject chrony.conf in a machine-config object - template: - src: etc-chrony.conf.j2 - dest: "{{ dir }}/openshift/98-{{ item }}-etc-chrony.conf.yaml" - owner: "{{ ansible_user }}" - group: "{{ ansible_user }}" - with_items: - - master - - worker + - name: Inject chrony.conf in a machine-config object + template: + src: etc-chrony.conf.j2 + dest: "{{ dir }}/openshift/98-{{ item }}-etc-chrony.conf.yaml" + owner: "{{ ansible_user }}" + group: "{{ ansible_user }}" + with_items: + - master + - worker when: (clock_servers is defined) and (clock_servers | length > 0) tags: extramanifests diff --git a/ansible-ipi-install/roles/installer/tasks/55_customize_filesystem.yml b/ansible-ipi-install/roles/installer/tasks/55_customize_filesystem.yml index f6574b9181..cb0606cd74 100644 --- a/ansible-ipi-install/roles/installer/tasks/55_customize_filesystem.yml +++ b/ansible-ipi-install/roles/installer/tasks/55_customize_filesystem.yml @@ -6,8 +6,8 @@ - name: Verify if {{ custom_path }}/master/worker is empty find: paths: "{{ custom_path }}/{{ item }}" - recurse: yes - follow: yes + recurse: true + follow: true register: filesFound with_items: - "master" @@ -18,56 +18,56 @@ - name: Modify Ignition Configs block: - - name: Create OpenShift Ignition Configs - shell: | - /usr/local/bin/openshift-baremetal-install --dir {{ dir }} create ignition-configs + - name: Create OpenShift Ignition Configs + shell: | + /usr/local/bin/openshift-baremetal-install --dir {{ dir }} create ignition-configs - - name: Copy Ignition Config Files - copy: - src: "{{ dir }}/{{ item }}.ign" - dest: "{{ dir }}/{{ item }}.ign.orig" - remote_src: yes - with_items: - - "master" - - "worker" + - name: Copy Ignition Config Files + copy: + src: "{{ dir }}/{{ item }}.ign" + dest: "{{ dir }}/{{ item }}.ign.orig" + remote_src: true + with_items: + - "master" + - "worker" - - name: Copy customize_filesystem to tempdir - copy: - src: "{{ custom_path }}/" - dest: "{{ tempdir }}/customize_filesystem" - force: yes + - name: Copy customize_filesystem to tempdir + copy: + src: "{{ custom_path }}/" + dest: "{{ tempdir }}/customize_filesystem" + force: true - - name: Cleanup Any .gitkeep Files in the Fake Root - file: - path: "{{ tempdir }}/customize_filesystem/{{ item }}/.gitkeep" - state: absent - follow: yes - with_items: - - "master" - - "worker" - become: true + - name: Cleanup Any .gitkeep Files in the Fake Root + file: + path: "{{ tempdir }}/customize_filesystem/{{ item }}/.gitkeep" + state: absent + follow: true + with_items: + - "master" + - "worker" + become: true - - name: Augment Ignition Config Files - script: | - filetranspile-1.1.1.py -i {{ dir }}/{{ item }}.ign.orig -f {{ tempdir }}/customize_filesystem/{{ item }} -o {{ dir }}/{{ item }}.ign - args: - executable: python3 - with_items: - - "master" - - "worker" - become: true + - name: Augment Ignition Config Files + script: | + filetranspile-1.1.1.py -i {{ dir }}/{{ item }}.ign.orig -f {{ tempdir }}/customize_filesystem/{{ item }} -o {{ dir }}/{{ item }}.ign + args: + executable: python3 + with_items: + - "master" + - "worker" + become: true - - name: Create backup of ignition config files - copy: - src: "{{ dir }}/{{ item }}.ign" - dest: "{{ dir }}/{{ item }}.ign.bkup" - owner: "{{ ansible_user }}" - group: "{{ ansible_user }}" - mode: '0644' - remote_src: yes - with_items: - - "master" - - "worker" + - name: Create backup of ignition config files + copy: + src: "{{ dir }}/{{ item }}.ign" + dest: "{{ dir }}/{{ item }}.ign.bkup" + owner: "{{ ansible_user }}" + group: "{{ ansible_user }}" + mode: '0644' + remote_src: true + with_items: + - "master" + - "worker" when: (filesFound | json_query('results[*].matched') | sum) > 0 tags: customfs diff --git a/ansible-ipi-install/roles/installer/tasks/59_cleanup_bootstrap.yml b/ansible-ipi-install/roles/installer/tasks/59_cleanup_bootstrap.yml index 0f75db5219..bb6386ac7a 100644 --- a/ansible-ipi-install/roles/installer/tasks/59_cleanup_bootstrap.yml +++ b/ansible-ipi-install/roles/installer/tasks/59_cleanup_bootstrap.yml @@ -3,7 +3,7 @@ virt: command: list_vms register: all_vms - become: yes + become: true tags: cleanup - name: Get list of all running VMs @@ -11,7 +11,7 @@ command: list_vms state: running register: running_vms - become: yes + become: true tags: cleanup - name: Get list of all paused VMs @@ -19,7 +19,7 @@ command: list_vms state: paused register: paused_vms - become: yes + become: true tags: cleanup - name: Destroy old bootstrap VMs, if any @@ -30,7 +30,7 @@ - "{{ running_vms.list_vms }}" - "{{ paused_vms.list_vms }}" when: item is search("bootstrap") - become: yes + become: true tags: cleanup - name: Undefine old bootstrap VMs, if any @@ -39,7 +39,7 @@ command: undefine with_items: "{{ all_vms.list_vms }}" when: item is search("bootstrap") - become: yes + become: true tags: cleanup - name: Find old bootstrap VM Storage @@ -49,7 +49,7 @@ file_type: any register: find_results with_items: "{{ default_libvirt_pool_dir }}" - become: yes + become: true tags: cleanup - name: Create list of old paths @@ -62,5 +62,5 @@ path: "{{ item }}" state: absent loop: "{{ vm_paths }}" - become: yes + become: true tags: cleanup diff --git a/ansible-ipi-install/roles/installer/tasks/59_power_off_cluster_servers.yml b/ansible-ipi-install/roles/installer/tasks/59_power_off_cluster_servers.yml index 31d2e71eff..eb252942eb 100644 --- a/ansible-ipi-install/roles/installer/tasks/59_power_off_cluster_servers.yml +++ b/ansible-ipi-install/roles/installer/tasks/59_power_off_cluster_servers.yml @@ -18,7 +18,7 @@ user: "{{ hostvars[item]['ipmi_user'] }}" password: "{{ hostvars[item]['ipmi_password'] }}" port: "{{ hostvars[item]['ipmi_port'] | default(623) }}" - state: off + state: false register: power_off_hosts until: power_off_hosts is not failed retries: 10 diff --git a/ansible-ipi-install/roles/installer/tasks/60_deploy_ocp.yml b/ansible-ipi-install/roles/installer/tasks/60_deploy_ocp.yml index 57840ce064..53cb370455 100644 --- a/ansible-ipi-install/roles/installer/tasks/60_deploy_ocp.yml +++ b/ansible-ipi-install/roles/installer/tasks/60_deploy_ocp.yml @@ -26,7 +26,7 @@ /usr/local/bin/openshift-baremetal-install --dir {{ dir }} --log-level debug create cluster async: 3600 poll: 0 - ignore_errors: yes + ignore_errors: true register: installer_result - name: Wait for kubeconfig file diff --git a/ansible-ipi-install/roles/installer/tasks/70_cleanup_sub_man_registration.yml b/ansible-ipi-install/roles/installer/tasks/70_cleanup_sub_man_registration.yml index 8ccb197f7b..7326f02f89 100644 --- a/ansible-ipi-install/roles/installer/tasks/70_cleanup_sub_man_registration.yml +++ b/ansible-ipi-install/roles/installer/tasks/70_cleanup_sub_man_registration.yml @@ -4,5 +4,5 @@ activationkey: "{{ activation_key }}" org_id: "{{ org_id }}" state: absent - ignore_errors: yes + ignore_errors: true tags: unregister diff --git a/ansible-ipi-install/roles/installer/tasks/main.yml b/ansible-ipi-install/roles/installer/tasks/main.yml index 796a9849a1..bc42e8a73c 100644 --- a/ansible-ipi-install/roles/installer/tasks/main.yml +++ b/ansible-ipi-install/roles/installer/tasks/main.yml @@ -17,13 +17,13 @@ - disconnected_registry is defined - disconnected_registry == "create" tags: - - disconnected - - create_registry + - disconnected + - create_registry - include_tasks: 20_extract_installer.yml tags: - - pullsecret - - extract + - pullsecret + - extract - include_tasks: 23_rhcos_image_paths.yml when: ((release_version.split('.')[0]|int == 4) and (release_version.split('.')[1]|int <= 3)) or cache_enabled|bool tags: rhcospath @@ -49,5 +49,5 @@ tags: powerservers - include_tasks: 60_deploy_ocp.yml tags: install -#- include_tasks: 70_cleanup_sub_man_registration.yml +# - include_tasks: 70_cleanup_sub_man_registration.yml # tags: unregister diff --git a/ansible-ipi-install/roles/node-prep/tasks/10_validation.yml b/ansible-ipi-install/roles/node-prep/tasks/10_validation.yml index d20d53d839..9ed665e94e 100644 --- a/ansible-ipi-install/roles/node-prep/tasks/10_validation.yml +++ b/ansible-ipi-install/roles/node-prep/tasks/10_validation.yml @@ -5,20 +5,20 @@ when: ansible_version.full is version('2.9.0', '<') delegate_to: localhost tags: - - always - - validation - - fully_disconnected + - always + - validation + - fully_disconnected - name: Ensure Python libraries are installed python_requirements_info: dependencies: - - dnspython - - netaddr + - dnspython + - netaddr register: _py_facts delegate_to: localhost tags: - - always - - validation + - always + - validation - name: Fail if Python modules are missing fail: @@ -26,32 +26,36 @@ Missing python module(s) {{ _py_facts.not_found }} on localhost when: _py_facts.not_found | length > 0 tags: - - always - - validation + - always + - validation - name: Fail if version is undefined or empty. fail: msg: "The version is undefined or empty. Use a value such as 'latest-4.3' or 'latest-4.4' or an explicit version." when: (version is undefined) or (version|length == 0) tags: - - always - - validation + - always + - validation - name: Fail if build is undefined or empty fail: msg: "The build is undefined or empty. Use a value such as 'dev' or 'ga'." when: (build is undefined) or (build|length == 0) tags: - - always - - validation + - always + - validation - name: Fail if a required install-config variable is undefined or empty. fail: msg: "A variable regarding install-config.yml is undefined or empty." - when: (domain is undefined) or (domain|length == 0) or (cluster is undefined) or (cluster|length == 0) or (extcidrnet is undefined) or (extcidrnet|length == 0) or (pullsecret is undefined) or (pullsecret|length == 0) + when: > + (domain is undefined) or (domain|length == 0) or + (cluster is undefined) or (cluster|length == 0) or + (extcidrnet is undefined) or (extcidrnet|length == 0) or + (pullsecret is undefined) or (pullsecret|length == 0) tags: - - always - - validation + - always + - validation - name: Fail if both bootstraposimage and clusterosimage variables are empty. fail: @@ -60,8 +64,8 @@ - bootstraposimage is defined and bootstraposimage|length == 0 - clusterosimage is defined and clusterosimage|length == 0 tags: - - always - - validation + - always + - validation - name: Conditions to set cache_enabled to true set_fact: @@ -72,8 +76,8 @@ (clusterosimage is defined and bootstraposimage|length == 0) or (bootstraposimage is defined and clusterosimage|length == 0) tags: - - always - - validation + - always + - validation - name: Conditions to set cache_enabled to false set_fact: @@ -81,8 +85,8 @@ when: (not cache_enabled|bool) or (bootstraposimage is defined and clusterosimage is defined) tags: - - always - - validation + - always + - validation - name: Check whether caching is enabled debug: @@ -95,16 +99,16 @@ ingressvip: "{{ lookup('dig', 'foo.apps.{{ cluster |quote }}.{{ domain | quote }}.', '{{ qtype }}' ) }}" when: ((ingressvip is undefined) or (ingressvip|length == 0)) tags: - - always - - validation + - always + - validation - name: Verify DNS records for API VIP set_fact: apivip: "{{ lookup('dig', 'api.{{ cluster |quote }}.{{ domain | quote }}.', '{{ qtype }}' ) }}" when: ((apivip is undefined) or (apivip|length == 0)) tags: - - always - - validation + - always + - validation - name: Display API VIP IP debug: @@ -123,41 +127,41 @@ msg: "The API VIP IP seems to be incorrect. Value was NXDOMAIN or empty string." when: (apivip == 'NXDOMAIN') or (apivip|length == 0) tags: - - always - - validation + - always + - validation - name: Fail if incorrect Ingress VIP fail: msg: "The Ingress VIP IP seems to be incorrect. Value was NXDOMAIN or empty string." when: (ingressvip == 'NXDOMAIN') or (ingressvip|length == 0) tags: - - always - - validation + - always + - validation - name: Set release_url for development envs set_fact: release_url: "{{ (webserver_url|length) | ternary(webserver_url, 'https://mirror.openshift.com/pub/openshift-v4/clients/ocp-dev-preview') }}" when: build == 'dev' tags: - - always - - validation + - always + - validation - name: Set release_url for GA envs set_fact: release_url: "{{ (webserver_url|length) | ternary(webserver_url, 'https://mirror.openshift.com/pub/openshift-v4/clients/ocp') }}" when: build == 'ga' tags: - - always - - validation + - always + - validation - name: Confirm whether or not internet connectivity on provisioner host uri: url: https://www.redhat.com - status_code: [-1,200] + status_code: [-1, 200] timeout: 1 register: check_url tags: - - validation + - validation - name: Set fact disconnected_registry_auths_file set_fact: @@ -167,7 +171,7 @@ - groups['registry_host']|length - hostvars[groups['registry_host'][0]]['disconnected_registry_auths_file'] is defined tags: - - validation + - validation - name: Set fact disconnected_registry_mirrors_file set_fact: @@ -177,7 +181,7 @@ - groups['registry_host']|length - hostvars[groups['registry_host'][0]]['disconnected_registry_mirrors_file'] is defined tags: - - validation + - validation - name: Verify Registry host details set_fact: @@ -186,8 +190,8 @@ - groups['registry_host'] is defined - groups['registry_host']|length tags: - - validation - - create_registry + - validation + - create_registry - name: Check if disconnected_registry_auths_file is set set_fact: @@ -197,8 +201,8 @@ - disconnected_registry_auths_file is not none - disconnected_registry_auths_file | trim != '' tags: - - validation - - create_registry + - validation + - create_registry - name: Check if disconnected_registry_mirrors_file is set set_fact: @@ -208,8 +212,8 @@ - disconnected_registry_mirrors_file is not none - disconnected_registry_mirrors_file | trim != '' tags: - - validation - - create_registry + - validation + - create_registry - name: Fail when provision host no online access and registry host not creating registry (can't assume access) fail: @@ -227,28 +231,28 @@ - webserver_url|length == 0 - block: - - name: Check if Python cryptography libraries are installed - python_requirements_info: - dependencies: - - cryptography>=1.2.3 - delegate_to: localhost - register: _py_crypto - - - name: Check if Python PyOpenSSL libraries are installed - python_requirements_info: - dependencies: - - PyOpenSSL>=0.6 - delegate_to: localhost - register: _py_pyopenssl - - - name: "Fail on missing required cryptography libraries cryptography OR PyOpenSSL" - fail: - msg: "Required cryptography libraries are missing cryptography OR PyOpenSSL" - when: (_py_crypto.not_found != []) and - (_py_pyopenssl.not_found != [] ) - tags: - - create_registry - - validation + - name: Check if Python cryptography libraries are installed + python_requirements_info: + dependencies: + - cryptography>=1.2.3 + delegate_to: localhost + register: _py_crypto + + - name: Check if Python PyOpenSSL libraries are installed + python_requirements_info: + dependencies: + - PyOpenSSL>=0.6 + delegate_to: localhost + register: _py_pyopenssl + + - name: "Fail on missing required cryptography libraries cryptography OR PyOpenSSL" + fail: + msg: "Required cryptography libraries are missing cryptography OR PyOpenSSL" + when: (_py_crypto.not_found != []) and + (_py_pyopenssl.not_found != [] ) + tags: + - create_registry + - validation when: - not dra_set - not drm_set @@ -257,7 +261,7 @@ - name: Get Release.txt File uri: url: "{{ release_url }}/{{ version }}/release.txt" - return_content: yes + return_content: true register: result until: result.status == 200 retries: 6 # 1 minute (10 * 6) @@ -265,16 +269,16 @@ failed_when: result.content|length == 0 or result.status >= 400 delegate_to: "{{ (not dra_set and not drm_set and registry_host_exists) | ternary(groups['registry_host'][0], groups['provisioner'][0]) }}" tags: - - always - - validation + - always + - validation - name: Set Fact for Release Image set_fact: release_version: "{{ result.content | regex_search('Version:.*') | regex_replace('Version:\\s*(.*)', '\\1') }}" release_image: "{{ result.content | regex_search('Pull From:.*') | regex_replace('Pull From:\\s*(.*)', '\\1') }}" tags: - - always - - validation + - always + - validation - name: Get the release version debug: @@ -287,40 +291,40 @@ msg: This release {{ release_version }} does not support dual-stack deployments when: release_version.split('.')[0]|int == 4 and release_version.split('.')[1]|int < 6 and dualstack_baremetal tags: - - always - - validation + - always + - validation - name: Fail if dualstack_baremetal and ipv4_baremetal are both true fail: msg: Only one of ipv4_baremetal and dualstack_baremetal variables can be true when: ipv4_baremetal and dualstack_baremetal tags: - - always - - validation + - always + - validation - name: Check for valid extcidrnet (IPv4) fail: msg: extcidrnet should be a valid IPv4 CIDR when: not ipv6_enabled|bool and not extcidrnet|ipv4 tags: - - always - - validation + - always + - validation - name: Check for valid extcidrnet (IPv6) fail: msg: extcidrnet6 should be a valid IPv6 address when: ipv6_enabled|bool and not (ipv4_baremetal or dualstack_baremetal) and not extcidrnet6|ipv6 tags: - - always - - validation + - always + - validation - name: Check for valid extcidrnet and extcidrnet6 (Dual-Stack) fail: msg: extcidrnet should be a valid IPv4 address and extcidrnet6 should be a valid IPv6 address when: ipv6_enabled|bool and dualstack_baremetal|bool and not (extcidrnet|ipv4 and extcidrnet6|ipv6) tags: - - always - - validation + - always + - validation - name: Check if openshift-client-linux-{{ version }}.tar.gz exists uri: @@ -338,31 +342,31 @@ msg: "The masters group is not defined. Please add masters to the inventory/hosts file" when: "'masters' not in groups" tags: - - always - - validation + - always + - validation - name: Set Fact of num of workers and masters based on inventory set_fact: numworkers: "{{ groups['workers'] | default([]) | length }}" nummasters: "{{ groups['masters'] | length }}" tags: - - always - - validation + - always + - validation -- name: Gather the rpm package facts +- name: Gather the rpm package facts package_facts: manager: auto tags: - - always - - validation + - always + - validation - name: Set Fact for firewall variable set_fact: firewall: "iptables" when: "'iptables-services' in ansible_facts.packages" tags: - - always - - validation + - always + - validation - name: Set Fact for provisioning nic set_fact: @@ -371,18 +375,18 @@ - (masters_prov_nic is undefined) or (masters_prov_nic|length == 0) - not enable_virtualmedia|bool tags: - - always - - validation + - always + - validation - name: Fail if DNSVIP not set (OCP 4.4 or lower) fail: msg: "dnsvip variable is undefined or empty." when: - - ((release_version.split('.')[0]|int == 4) and (release_version.split('.')[1]|int < 5)) - - ((dnsvip is undefined) or (dnsvip|length == 0)) + - ((release_version.split('.')[0]|int == 4) and (release_version.split('.')[1]|int < 5)) + - ((dnsvip is undefined) or (dnsvip|length == 0)) tags: - - always - - validation + - always + - validation - name: Get all the chassis results from all the hosts redfish_info: @@ -396,9 +400,9 @@ retries: 3 delay: 10 with_items: - - "{{ groups.masters }}" - - "{{ groups.workers | default([]) }}" - ignore_errors: yes + - "{{ groups.masters }}" + - "{{ groups.workers | default([]) }}" + ignore_errors: true when: redfish_inspection|bool tags: validation @@ -411,53 +415,53 @@ password: "{{ hostvars[item]['ipmi_password'] }}" register: firmware_result with_items: - - "{{ groups.masters }}" - - "{{ groups.workers | default([]) }}" - ignore_errors: yes + - "{{ groups.masters }}" + - "{{ groups.workers | default([]) }}" + ignore_errors: true when: redfish_inspection|bool tags: validation - name: Adding hosts to to their dynamic Dell inventory group block: - - name: Add all the hosts that are Dell to a group with iDRAC firmware higher than 4.20.20.20 - add_host: - groups: dell_hosts_redfish - hostname: "{{ chassis_result.results[item|int].item }}" - with_sequence: start=0 end="{{ numworkers|int + nummasters|int - 1 }}" - when: - - not chassis_result.results[{{ item }}].failed|bool - - not firmware_result.results[{{ item }}].failed|bool - - "'Dell' in chassis_result.results[{{ item }}].redfish_facts.chassis.entries[0].Manufacturer" - - firmware_result.results[{{ item }}].redfish_facts.firmware.entries | json_query(query) | max >= "4.20.20.20" - vars: - query: "[?Name=='Integrated Dell Remote Access Controller'].Version" - register: dell_host_redfish_result - retries: 6 # 1 minute (10 * 6) - delay: 10 # Every 10 seconds + - name: Add all the hosts that are Dell to a group with iDRAC firmware higher than 4.20.20.20 + add_host: + groups: dell_hosts_redfish + hostname: "{{ chassis_result.results[item|int].item }}" + with_sequence: start=0 end="{{ numworkers|int + nummasters|int - 1 }}" + when: + - not chassis_result.results[{{ item }}].failed|bool + - not firmware_result.results[{{ item }}].failed|bool + - "'Dell' in chassis_result.results[{{ item }}].redfish_facts.chassis.entries[0].Manufacturer" + - firmware_result.results[{{ item }}].redfish_facts.firmware.entries | json_query(query) | max >= "4.20.20.20" + vars: + query: "[?Name=='Integrated Dell Remote Access Controller'].Version" + register: dell_host_redfish_result + retries: 6 # 1 minute (10 * 6) + delay: 10 # Every 10 seconds rescue: - - name: Attempt to add all hosts that are part of the Dell group failed - debug: - msg: 'Adding hosts to dynamic Dell group failed or redfish_inspection was set to false. All inventory systems will use IPMI.' + - name: Attempt to add all hosts that are part of the Dell group failed + debug: + msg: 'Adding hosts to dynamic Dell group failed or redfish_inspection was set to false. All inventory systems will use IPMI.' tags: validation - name: Adding hosts to to their dynamic HP inventory group block: - - name: Add all the hosts that are HP to a group - add_host: - groups: hp_hosts_redfish - hostname: "{{ chassis_result.results[item|int].item }}" - with_sequence: start=0 end="{{ numworkers|int + nummasters|int - 1 }}" - when: - - not chassis_result.results[{{ item }}].failed|bool - - not firmware_result.results[{{ item }}].failed|bool - - "'HPE' in chassis_result.results[{{ item }}].redfish_facts.chassis.entries[0].Manufacturer" - register: hp_host_redfish_result - retries: 6 # 1 minute (10 * 6) - delay: 10 # Every 10 seconds + - name: Add all the hosts that are HP to a group + add_host: + groups: hp_hosts_redfish + hostname: "{{ chassis_result.results[item|int].item }}" + with_sequence: start=0 end="{{ numworkers|int + nummasters|int - 1 }}" + when: + - not chassis_result.results[{{ item }}].failed|bool + - not firmware_result.results[{{ item }}].failed|bool + - "'HPE' in chassis_result.results[{{ item }}].redfish_facts.chassis.entries[0].Manufacturer" + register: hp_host_redfish_result + retries: 6 # 1 minute (10 * 6) + delay: 10 # Every 10 seconds rescue: - - name: Attempt to add all hosts that are part of the HP group failed - debug: - msg: 'Adding hosts to dynamic HP group failed or redfish_inspection was set to false. All inventory systems will use IPMI.' + - name: Attempt to add all hosts that are part of the HP group failed + debug: + msg: 'Adding hosts to dynamic HP group failed or redfish_inspection was set to false. All inventory systems will use IPMI.' tags: validation - name: Fail when provisioningHostIP and bootstrapProvisioningIP are not set when virtualmedia option is enabled @@ -467,8 +471,8 @@ - enable_virtualmedia|bool - provisioningHostIP is undefined tags: - - always - - validation + - always + - validation - name: Fail when bootstrapProvisioningIP are not set when virtualmedia option is enabled fail: @@ -477,8 +481,8 @@ - enable_virtualmedia|bool - bootstrapProvisioningIP is undefined tags: - - always - - validation + - always + - validation - name: Verify if master_network_config_template is defined and exists stat: @@ -488,8 +492,8 @@ delegate_to: localhost when: master_network_config_template is defined tags: - - always - - validation + - always + - validation - name: Fail when master_network_config_template is defined but not exists fail: @@ -498,8 +502,8 @@ - master_network_config_template is defined - not master_nm_template.stat.exists|bool tags: - - always - - validation + - always + - validation - name: Verify if worker_network_config_template is defined and exists stat: @@ -509,8 +513,8 @@ delegate_to: localhost when: worker_network_config_template is defined tags: - - always - - validation + - always + - validation - name: Fail when worker_network_config_template is defined but not exists fail: @@ -519,5 +523,5 @@ - worker_network_config_template is defined - not worker_nm_template.stat.exists|bool tags: - - always - - validation + - always + - validation diff --git a/ansible-ipi-install/roles/node-prep/tasks/15_validation_disconnected_registry.yml b/ansible-ipi-install/roles/node-prep/tasks/15_validation_disconnected_registry.yml index b39f2b0f94..1d56d29c5e 100644 --- a/ansible-ipi-install/roles/node-prep/tasks/15_validation_disconnected_registry.yml +++ b/ansible-ipi-install/roles/node-prep/tasks/15_validation_disconnected_registry.yml @@ -6,7 +6,7 @@ when: - hostvars[groups['registry_host'][0]]['disconnected_registry_auths_file'] is defined tags: - - create_registry + - create_registry - name: Set fact disconnected_registry_mirrors_file set_fact: @@ -14,7 +14,7 @@ when: - hostvars[groups['registry_host'][0]]['disconnected_registry_mirrors_file'] is defined tags: - - create_registry + - create_registry - name: Set fact registry_port set_fact: @@ -22,7 +22,7 @@ when: - hostvars[groups['registry_host'][0]]['registry_port'] is defined tags: - - create_registry + - create_registry - name: Set fact disconnected_registry_mirrors_file set_fact: @@ -30,7 +30,7 @@ when: - hostvars[groups['registry_host'][0]]['registry_dir'] is defined tags: - - create_registry + - create_registry - name: Check if disconnected_registry_auths_file is set set_fact: @@ -39,7 +39,7 @@ - disconnected_registry_auths_file is defined - disconnected_registry_auths_file is not none tags: - - create_registry + - create_registry - disconnected_registry_auths_file | trim != '' - name: Check if disconnected_registry_mirrors_file is set @@ -50,19 +50,19 @@ - disconnected_registry_mirrors_file is not none - disconnected_registry_mirrors_file | trim != '' tags: - - create_registry + - create_registry - name: Make sure disconnected_registry_variables are sane fail: msg: - - "Both variables must be set or unset." - - " disconnected_registry_auths_file" - - " disconnected_registry_mirrors_file" + - "Both variables must be set or unset." + - " disconnected_registry_auths_file" + - " disconnected_registry_mirrors_file" when: - not ( dra_set and drm_set ) + not ( dra_set and drm_set ) and not ( not dra_set and not drm_set ) tags: - - create_registry + - create_registry - name: Check if using existing disconnected registry. @@ -72,7 +72,7 @@ - dra_set - drm_set tags: - - create_registry + - create_registry - name: Check if creating a new disconnected registry. set_fact: @@ -81,4 +81,4 @@ - not dra_set - not drm_set tags: - - create_registry + - create_registry diff --git a/ansible-ipi-install/roles/node-prep/tasks/20_sub_man_register.yml b/ansible-ipi-install/roles/node-prep/tasks/20_sub_man_register.yml index 112a189c54..4e8d2fa327 100644 --- a/ansible-ipi-install/roles/node-prep/tasks/20_sub_man_register.yml +++ b/ansible-ipi-install/roles/node-prep/tasks/20_sub_man_register.yml @@ -5,9 +5,9 @@ org_id: "{{ org_id }}" state: present pool: '^(Red Hat Enterprise Linux Server, Standard (8 sockets) (Unlimited guests))$' - force_register: yes - ignore_errors: yes - become: yes + force_register: true + ignore_errors: true + become: true when: - activation_key != "" - org_id != "" diff --git a/ansible-ipi-install/roles/node-prep/tasks/30_req_packages.yml b/ansible-ipi-install/roles/node-prep/tasks/30_req_packages.yml index 59334a72c8..f6b23e4c53 100644 --- a/ansible-ipi-install/roles/node-prep/tasks/30_req_packages.yml +++ b/ansible-ipi-install/roles/node-prep/tasks/30_req_packages.yml @@ -11,6 +11,6 @@ name: "{{ package_list }}" state: present update_cache: true - disable_gpg_check: yes - become: yes + disable_gpg_check: true + become: true tags: packages diff --git a/ansible-ipi-install/roles/node-prep/tasks/40_bridge.yml b/ansible-ipi-install/roles/node-prep/tasks/40_bridge.yml index 53ddfe6076..46ec2f8e92 100644 --- a/ansible-ipi-install/roles/node-prep/tasks/40_bridge.yml +++ b/ansible-ipi-install/roles/node-prep/tasks/40_bridge.yml @@ -6,7 +6,7 @@ nmcli device show {{ prov_nic }} | grep GENERAL.CONNECTION | awk '{sub(/[^ ]+[ ]+/,"")}1' register: prov_con_name when: - - not enable_virtualmedia|bool + - not enable_virtualmedia|bool - name: Get the public connection name shell: | @@ -16,9 +16,9 @@ - name: Disconnect provisioning bridge connection command: | nmcli dev dis "{{ provisioning_bridge }}" - ignore_errors: yes + ignore_errors: true when: - - not enable_virtualmedia|bool + - not enable_virtualmedia|bool - name: Delete {{ prov_con_name.stdout }} due to modify nmcli bug nmcli: @@ -26,8 +26,8 @@ type: ethernet state: absent when: - - not enable_virtualmedia|bool - - prov_con_name.stdout != '--' + - not enable_virtualmedia|bool + - prov_con_name.stdout != '--' - name: Delete {{ prov_nic }} due to modify nmcli bug nmcli: @@ -38,15 +38,15 @@ - "{{ prov_nic }}" - "System {{ prov_nic }}" when: - - not enable_virtualmedia|bool - - prov_con_name.stdout != '--' + - not enable_virtualmedia|bool + - prov_con_name.stdout != '--' - name: Delete provisioning bridge if it exists nmcli: conn_name: "{{ provisioning_bridge }}" state: absent when: - - not enable_virtualmedia|bool + - not enable_virtualmedia|bool - name: set provisioning network fact set_fact: @@ -59,10 +59,10 @@ conn_name: "{{ provisioning_bridge }}" type: bridge ifname: "{{ provisioning_bridge }}" - autoconnect: yes + autoconnect: true ip4_method: manual ip6_method: disabled - stp: off + stp: false ip4: "{{ prov_bridge_ip | default('172.22.0.1/21') }}" state: present when: (not enable_virtualmedia) and @@ -73,10 +73,10 @@ nmcli: conn_name: "{{ prov_nic }}" type: bridge-slave - hairpin: no + hairpin: false ifname: "{{ prov_nic }}" master: "{{ provisioning_bridge }}" - autoconnect: yes + autoconnect: true state: present when: (not enable_virtualmedia) and ((ipv4_provisioning|bool) or (not ipv6_enabled|bool) or @@ -87,8 +87,8 @@ conn_name: "{{ provisioning_bridge }}" type: bridge ifname: "{{ provisioning_bridge }}" - autoconnect: yes - stp: off + autoconnect: true + stp: false ip6: fd00:1101::1/64 state: present ip4_method: disabled @@ -104,10 +104,10 @@ nmcli: conn_name: "{{ prov_nic }}" type: bridge-slave - hairpin: no + hairpin: false ifname: "{{ prov_nic }}" master: "{{ provisioning_bridge }}" - autoconnect: yes + autoconnect: true state: present when: - not enable_virtualmedia|bool @@ -121,8 +121,8 @@ conn_name: "{{ baremetal_bridge }}" type: bridge ifname: "{{ baremetal_bridge }}" - autoconnect: yes - stp: off + autoconnect: true + stp: false state: present when: (not ipv6_enabled|bool) or (ipv4_baremetal|bool) @@ -132,8 +132,8 @@ conn_name: "{{ baremetal_bridge }}" type: bridge ifname: "{{ baremetal_bridge }}" - autoconnect: yes - stp: off + autoconnect: true + stp: false state: present ip6_dhcp_duid: ll when: ipv6_enabled|bool and not ipv4_baremetal|bool @@ -142,11 +142,11 @@ nmcli: conn_name: "{{ pub_con_name.stdout }}" type: bridge-slave - hairpin: no + hairpin: false id: "{{ pub_nic }}" ifname: "{{ pub_nic }}" master: "{{ baremetal_bridge }}" - autoconnect: yes + autoconnect: true state: present - name: Reload {{ baremetal_bridge }} bridge and slave interfaces @@ -164,5 +164,5 @@ - "{{ prov_nic }}" when: - not enable_virtualmedia|bool - become: yes + become: true tags: network diff --git a/ansible-ipi-install/roles/node-prep/tasks/45_networking_facts.yml b/ansible-ipi-install/roles/node-prep/tasks/45_networking_facts.yml index b91fc86a17..36a83dd590 100644 --- a/ansible-ipi-install/roles/node-prep/tasks/45_networking_facts.yml +++ b/ansible-ipi-install/roles/node-prep/tasks/45_networking_facts.yml @@ -4,7 +4,7 @@ gather_subset: - network tags: - - network_facts + - network_facts - name: Set External Subnet with IPv4 set_fact: @@ -16,7 +16,7 @@ - not ipv6_enabled|bool or ipv4_baremetal|bool tags: - - network_facts + - network_facts - name: Set External Subnet with IPv6 set_fact: @@ -28,7 +28,7 @@ - ipv6_enabled|bool - not ipv4_baremetal|bool tags: - - network_facts + - network_facts - name: set provisioning subnet with IPV4 set_fact: @@ -39,7 +39,7 @@ ((ipv4_provisioning|bool) or (not ipv6_enabled|bool) or ((release_version.split('.')[0]|int == 4) and (release_version.split('.')[1]|int == 3))) tags: - - network_facts + - network_facts - name: set provisioning subnet with IPV6 set_fact: @@ -53,14 +53,14 @@ - release_version.split('.')[0]|int == 4 and release_version.split('.')[1]|int > 3 or release_version.split('.')[0]|int > 4 tags: - - network_facts + - network_facts - name: Show external subnet debug: msg: "external subnet {{ extcidrnet }}" verbosity: 2 tags: - - network_facts + - network_facts - name: Show provisioning subnet debug: @@ -68,4 +68,4 @@ verbosity: 2 when: provisioning_subnet is defined tags: - - network_facts + - network_facts diff --git a/ansible-ipi-install/roles/node-prep/tasks/50_modify_sudo_user.yml b/ansible-ipi-install/roles/node-prep/tasks/50_modify_sudo_user.yml index 2c5e47f72a..5e8ba6dc81 100644 --- a/ansible-ipi-install/roles/node-prep/tasks/50_modify_sudo_user.yml +++ b/ansible-ipi-install/roles/node-prep/tasks/50_modify_sudo_user.yml @@ -3,8 +3,8 @@ user: name: "{{ ansible_user }}" groups: libvirt - append: yes + append: true state: present - generate_ssh_key: yes - become: yes + generate_ssh_key: true + become: true tags: user diff --git a/ansible-ipi-install/roles/node-prep/tasks/60_enabled_services.yml b/ansible-ipi-install/roles/node-prep/tasks/60_enabled_services.yml index 38bde89631..3023bcd362 100644 --- a/ansible-ipi-install/roles/node-prep/tasks/60_enabled_services.yml +++ b/ansible-ipi-install/roles/node-prep/tasks/60_enabled_services.yml @@ -3,20 +3,20 @@ service: name: "{{ item }}" state: restarted - enabled: yes - become: yes + enabled: true + become: true with_items: - - libvirtd + - libvirtd tags: services - name: Enable Services (iptables) service: name: "{{ item }}" state: restarted - enabled: yes - become: yes + enabled: true + become: true with_items: - - "{{ firewall }}" + - "{{ firewall }}" tags: services when: firewall == "iptables" @@ -24,9 +24,9 @@ service: name: "{{ item }}" state: started - enabled: yes - become: yes + enabled: true + become: true with_items: - - "{{ firewall }}" + - "{{ firewall }}" tags: services when: firewall != "iptables" diff --git a/ansible-ipi-install/roles/node-prep/tasks/70_enabled_fw_services.yml b/ansible-ipi-install/roles/node-prep/tasks/70_enabled_fw_services.yml index dd665689ca..8436f4d06b 100644 --- a/ansible-ipi-install/roles/node-prep/tasks/70_enabled_fw_services.yml +++ b/ansible-ipi-install/roles/node-prep/tasks/70_enabled_fw_services.yml @@ -4,19 +4,19 @@ - name: Enable HTTP for firewalld firewalld: service: http - permanent: yes + permanent: true state: enabled - immediate: yes - become: yes + immediate: true + become: true - name: Open port {{ webserver_caching_port }}/tcp, zone public, for cache for firewalld firewalld: port: "{{ webserver_caching_port }}/tcp" - permanent: yes + permanent: true state: enabled zone: "public" - immediate: yes - become: yes + immediate: true + become: true when: cache_enabled|bool when: firewall != "iptables" tags: firewall @@ -29,7 +29,7 @@ protocol: tcp destination_port: "80" jump: ACCEPT - become: yes + become: true - name: Open port {{ webserver_caching_port }}/tcp for cache for iptables iptables: @@ -37,7 +37,7 @@ protocol: tcp destination_port: "{{ webserver_caching_port }}" jump: ACCEPT - become: yes + become: true when: cache_enabled|bool - name: Allow related and established connections for iptables @@ -45,11 +45,11 @@ chain: INPUT ctstate: ESTABLISHED,RELATED jump: ACCEPT - become: yes + become: true - name: Save iptables configuration shell: | /usr/sbin/iptables-save > /etc/sysconfig/iptables - become: yes + become: true when: firewall == "iptables" tags: firewall diff --git a/ansible-ipi-install/roles/node-prep/tasks/80_libvirt_pool.yml b/ansible-ipi-install/roles/node-prep/tasks/80_libvirt_pool.yml index abeb5266bf..1e10a554fc 100644 --- a/ansible-ipi-install/roles/node-prep/tasks/80_libvirt_pool.yml +++ b/ansible-ipi-install/roles/node-prep/tasks/80_libvirt_pool.yml @@ -14,7 +14,7 @@ - name: Autostart Storage Pool for default virt_pool: - autostart: yes + autostart: true name: default - become: yes + become: true tags: storagepool diff --git a/ansible-ipi-install/roles/node-prep/tasks/90_create_config_install_dirs.yml b/ansible-ipi-install/roles/node-prep/tasks/90_create_config_install_dirs.yml index edce3e37c1..60d9ae0965 100644 --- a/ansible-ipi-install/roles/node-prep/tasks/90_create_config_install_dirs.yml +++ b/ansible-ipi-install/roles/node-prep/tasks/90_create_config_install_dirs.yml @@ -6,7 +6,7 @@ path: "{{ item }}" state: absent with_items: - - "{{ dir }}" + - "{{ dir }}" - name: Create config dir file: @@ -16,5 +16,5 @@ group: "{{ ansible_user }}" mode: '0755' with_items: - - "{{ dir }}" + - "{{ dir }}" tags: clusterconfigs diff --git a/ansible-ipi-install/roles/node-prep/tasks/main.yml b/ansible-ipi-install/roles/node-prep/tasks/main.yml index eca0207ba2..8c060c0b3e 100644 --- a/ansible-ipi-install/roles/node-prep/tasks/main.yml +++ b/ansible-ipi-install/roles/node-prep/tasks/main.yml @@ -9,8 +9,8 @@ - "'registry_host' in groups" - "groups['registry_host']" tags: - - disconnected - - create_registry + - disconnected + - create_registry - include_tasks: 20_sub_man_register.yml tags: subscription @@ -18,10 +18,10 @@ tags: packages - include_tasks: 40_bridge.yml tags: - - network + - network - include_tasks: 45_networking_facts.yml tags: - - network_facts + - network_facts - include_tasks: 50_modify_sudo_user.yml tags: user - include_tasks: 60_enabled_services.yml From ae936402464958cdadc23fb092d68fb4a1899890 Mon Sep 17 00:00:00 2001 From: fdaencar <64908537+fdaencarrh@users.noreply.github.com> Date: Mon, 19 Dec 2022 10:36:11 -0500 Subject: [PATCH 41/97] Support externalMACAddress for bootstrapVM (#911) * Support externalMACAddress for bootstrapVM Add the ability to set the external Mac address for the bootstrap VM in the install-config.j2 template * Changing the example in the doc Put an example more generic to avoid copy paste issue --- ansible-ipi-install/inventory/hosts.sample | 3 +++ .../roles/installer/templates/install-config.j2 | 3 +++ .../ansible-playbook-modifying-the-inventoryhosts-file.adoc | 3 +++ 3 files changed, 9 insertions(+) diff --git a/ansible-ipi-install/inventory/hosts.sample b/ansible-ipi-install/inventory/hosts.sample index 7d0bc6bd1f..bffd102546 100644 --- a/ansible-ipi-install/inventory/hosts.sample +++ b/ansible-ipi-install/inventory/hosts.sample @@ -169,6 +169,9 @@ pullsecret="" # (Optional) Change the boot mode of the OpenShift cluster nodes to legacy mode (BIOS). Default is UEFI. #bootmode=legacy +# (Optional) A MAC address to use for the external NIC on the bootstrap VM. This is optional and if blank is generated by libvirt. +#externalMACAddress="52:54:00:XX:XX:XX" + # Master/Worker nodes # The hardware_profile is used by the baremetal operator to match the hardware discovered on the host # See https://github.com/metal3-io/baremetal-operator/blob/master/docs/api.md#baremetalhost-status diff --git a/ansible-ipi-install/roles/installer/templates/install-config.j2 b/ansible-ipi-install/roles/installer/templates/install-config.j2 index 7ffdda99ef..b93849c302 100644 --- a/ansible-ipi-install/roles/installer/templates/install-config.j2 +++ b/ansible-ipi-install/roles/installer/templates/install-config.j2 @@ -61,6 +61,9 @@ platform: {% if prov_dhcp_range is defined and prov_dhcp_range|length %} provisioningDHCPRange: {{ prov_dhcp_range }} {% endif %} +{% if externalMACAddress is defined and externalMACAddress|length %} + externalMACAddress: '{{ externalMACAddress }}' +{% endif %} {% endif %} {% if bootstraposimage is defined and bootstraposimage|length %} bootstrapOSImage: {{ bootstraposimage }} diff --git a/documentation/ansible-playbook/modules/ansible-playbook-modifying-the-inventoryhosts-file.adoc b/documentation/ansible-playbook/modules/ansible-playbook-modifying-the-inventoryhosts-file.adoc index 2ace77b488..c6e4fdaf48 100644 --- a/documentation/ansible-playbook/modules/ansible-playbook-modifying-the-inventoryhosts-file.adoc +++ b/documentation/ansible-playbook/modules/ansible-playbook-modifying-the-inventoryhosts-file.adoc @@ -168,6 +168,9 @@ pullsecret="" #provisioningHostIP= #bootstrapProvisioningIP= +# (Optional) A MAC address to use for the external NIC on the bootstrap VM. This is optional and if blank is generated by libvirt. +#externalMACAddress="52:54:00:XX:XX:XX" + # Master nodes # The hardware_profile is used by the baremetal operator to match the hardware discovered on the host # See https://github.com/metal3-io/baremetal-operator/blob/master/docs/api.md#baremetalhost-status From ce65d6fd72c54f1652e9a02673913f9b4453af1d Mon Sep 17 00:00:00 2001 From: Tony Garcia Date: Thu, 22 Dec 2022 14:26:42 -0600 Subject: [PATCH 42/97] Allow passing a custom release_url When release_url is defined do not set the default release URLs --- .../roles/node-prep/tasks/10_validation.yml | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/ansible-ipi-install/roles/node-prep/tasks/10_validation.yml b/ansible-ipi-install/roles/node-prep/tasks/10_validation.yml index 0bf4c1f993..7a8943a06f 100644 --- a/ansible-ipi-install/roles/node-prep/tasks/10_validation.yml +++ b/ansible-ipi-install/roles/node-prep/tasks/10_validation.yml @@ -137,7 +137,9 @@ - name: Set release_url for development envs set_fact: release_url: "{{ (webserver_url|length) | ternary(webserver_url, 'https://mirror.openshift.com/pub/openshift-v4/clients/ocp-dev-preview') }}" - when: build == 'dev' + when: + - build == 'dev' + - release_url is undefined tags: - always - validation @@ -145,7 +147,9 @@ - name: Set release_url for GA envs set_fact: release_url: "{{ (webserver_url|length) | ternary(webserver_url, 'https://mirror.openshift.com/pub/openshift-v4/clients/ocp') }}" - when: build == 'ga' + when: + - build == 'ga' + - release_url is undefined tags: - always - validation From 9dd23587ebad481c0dc2f9c5a417eac83db02fba Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 23 Dec 2022 11:01:01 +0000 Subject: [PATCH 43/97] build(deps): bump actions/setup-python from 4.3.1 to 4.4.0 Bumps [actions/setup-python](https://github.com/actions/setup-python) from 4.3.1 to 4.4.0. - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](https://github.com/actions/setup-python/compare/v4.3.1...v4.4.0) --- updated-dependencies: - dependency-name: actions/setup-python dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/ansible-lint.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ansible-lint.yml b/.github/workflows/ansible-lint.yml index 7bd8074550..d6f9e3d19b 100644 --- a/.github/workflows/ansible-lint.yml +++ b/.github/workflows/ansible-lint.yml @@ -18,7 +18,7 @@ jobs: restore-keys: | ${{ runner.os }}-pip- - - uses: actions/setup-python@v4.3.1 + - uses: actions/setup-python@v4.4.0 - name: Install dependencies run: | From 1686b09eb859bdca6bee6afb9cb655e28f3fe6f8 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 28 Dec 2022 11:00:45 +0000 Subject: [PATCH 44/97] build(deps): bump actions/cache from 3.0.11 to 3.2.2 Bumps [actions/cache](https://github.com/actions/cache) from 3.0.11 to 3.2.2. - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](https://github.com/actions/cache/compare/v3.0.11...v3.2.2) --- updated-dependencies: - dependency-name: actions/cache dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/ansible-lint.yml | 2 +- .github/workflows/jekyll.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ansible-lint.yml b/.github/workflows/ansible-lint.yml index d6f9e3d19b..6f2c338bba 100644 --- a/.github/workflows/ansible-lint.yml +++ b/.github/workflows/ansible-lint.yml @@ -11,7 +11,7 @@ jobs: # Important: This sets up your GITHUB_WORKSPACE environment variable - uses: actions/checkout@v3.2.0 - - uses: actions/cache@v3.0.11 + - uses: actions/cache@v3.2.2 with: path: ~/.cache/pip key: ${{ runner.os }}-pip-${{ hashFiles('**/*requirements.txt') }} diff --git a/.github/workflows/jekyll.yml b/.github/workflows/jekyll.yml index f36285e0f2..2f33396eaa 100644 --- a/.github/workflows/jekyll.yml +++ b/.github/workflows/jekyll.yml @@ -16,7 +16,7 @@ jobs: - uses: actions/checkout@v3.2.0 # Use GitHub Actions' cache to shorten build times and decrease load on servers - - uses: actions/cache@v3.0.11 + - uses: actions/cache@v3.2.2 with: path: vendor/bundle key: ${{ runner.os }}-gems-${{ hashFiles('**/Gemfile.lock') }} From 7a221b856f601f61cdac6b6809d3980a7981a7ac Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 21 Dec 2022 11:00:57 +0000 Subject: [PATCH 45/97] build(deps): bump actions/stale from 6 to 7 Bumps [actions/stale](https://github.com/actions/stale) from 6 to 7. - [Release notes](https://github.com/actions/stale/releases) - [Changelog](https://github.com/actions/stale/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/stale/compare/v6...v7) --- updated-dependencies: - dependency-name: actions/stale dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/stale.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml index f9991e4fa8..e0a01fd473 100644 --- a/.github/workflows/stale.yml +++ b/.github/workflows/stale.yml @@ -9,7 +9,7 @@ jobs: stale: runs-on: ubuntu-latest steps: - - uses: actions/stale@v6 + - uses: actions/stale@v7 with: repo-token: ${{ secrets.GITHUB_TOKEN }} stale-issue-message: 'This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 7 days' From 16d272ca0c79557651db2c6ccd57a9a7ae6a0073 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 6 Jan 2023 11:00:45 +0000 Subject: [PATCH 46/97] build(deps): bump actions/checkout from 3.2.0 to 3.3.0 Bumps [actions/checkout](https://github.com/actions/checkout) from 3.2.0 to 3.3.0. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v3.2.0...v3.3.0) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/ansible-lint.yml | 2 +- .github/workflows/jekyll.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ansible-lint.yml b/.github/workflows/ansible-lint.yml index 6f2c338bba..da8114a3ab 100644 --- a/.github/workflows/ansible-lint.yml +++ b/.github/workflows/ansible-lint.yml @@ -9,7 +9,7 @@ jobs: steps: # Important: This sets up your GITHUB_WORKSPACE environment variable - - uses: actions/checkout@v3.2.0 + - uses: actions/checkout@v3.3.0 - uses: actions/cache@v3.2.2 with: diff --git a/.github/workflows/jekyll.yml b/.github/workflows/jekyll.yml index 2f33396eaa..b0c268267b 100644 --- a/.github/workflows/jekyll.yml +++ b/.github/workflows/jekyll.yml @@ -13,7 +13,7 @@ jobs: jekyll: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3.2.0 + - uses: actions/checkout@v3.3.0 # Use GitHub Actions' cache to shorten build times and decrease load on servers - uses: actions/cache@v3.2.2 From b7fa714777f95ecd6c5019a73758e910bf6576c2 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 9 Jan 2023 11:01:11 +0000 Subject: [PATCH 47/97] build(deps): bump actions/cache from 3.2.2 to 3.2.3 Bumps [actions/cache](https://github.com/actions/cache) from 3.2.2 to 3.2.3. - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](https://github.com/actions/cache/compare/v3.2.2...v3.2.3) --- updated-dependencies: - dependency-name: actions/cache dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- .github/workflows/ansible-lint.yml | 2 +- .github/workflows/jekyll.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ansible-lint.yml b/.github/workflows/ansible-lint.yml index da8114a3ab..85dd3dca38 100644 --- a/.github/workflows/ansible-lint.yml +++ b/.github/workflows/ansible-lint.yml @@ -11,7 +11,7 @@ jobs: # Important: This sets up your GITHUB_WORKSPACE environment variable - uses: actions/checkout@v3.3.0 - - uses: actions/cache@v3.2.2 + - uses: actions/cache@v3.2.3 with: path: ~/.cache/pip key: ${{ runner.os }}-pip-${{ hashFiles('**/*requirements.txt') }} diff --git a/.github/workflows/jekyll.yml b/.github/workflows/jekyll.yml index b0c268267b..8b2c9bbed8 100644 --- a/.github/workflows/jekyll.yml +++ b/.github/workflows/jekyll.yml @@ -16,7 +16,7 @@ jobs: - uses: actions/checkout@v3.3.0 # Use GitHub Actions' cache to shorten build times and decrease load on servers - - uses: actions/cache@v3.2.2 + - uses: actions/cache@v3.2.3 with: path: vendor/bundle key: ${{ runner.os }}-gems-${{ hashFiles('**/Gemfile.lock') }} From e610e48254d7064b143b24707fa9da2d65ae4009 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pablo=20Iranzo=20G=C3=B3mez?= Date: Wed, 11 Jan 2023 15:08:32 +0100 Subject: [PATCH 48/97] Adjust asciidoctor version --- website/Gemfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/website/Gemfile b/website/Gemfile index 0af58252f6..46a1e2a1ae 100644 --- a/website/Gemfile +++ b/website/Gemfile @@ -4,7 +4,7 @@ Encoding.default_internal = Encoding::UTF_8 source "https://rubygems.org" gem "asciidoctor-pdf" -gem "asciidoctor" +gem "asciidoctor" "< 3.0.0" gem "bundle" gem "html-proofer" gem "jekyll-asciidoc" From bf7d4480ae4d9169d69d7004d57cb28327351724 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pablo=20Iranzo=20G=C3=B3mez?= Date: Wed, 11 Jan 2023 15:10:20 +0100 Subject: [PATCH 49/97] Adjust asciidoctor version syntax --- website/Gemfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/website/Gemfile b/website/Gemfile index 46a1e2a1ae..2479d831a8 100644 --- a/website/Gemfile +++ b/website/Gemfile @@ -4,7 +4,7 @@ Encoding.default_internal = Encoding::UTF_8 source "https://rubygems.org" gem "asciidoctor-pdf" -gem "asciidoctor" "< 3.0.0" +gem "asciidoctor", "< 3.0.0" gem "bundle" gem "html-proofer" gem "jekyll-asciidoc" From 0d15742605fe822b0bcf175e19e968cfa155739c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pablo=20Iranzo=20G=C3=B3mez?= Date: Wed, 11 Jan 2023 15:12:19 +0100 Subject: [PATCH 50/97] Adjust jekyll-ascidoc instead of asciidoctor --- website/Gemfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/website/Gemfile b/website/Gemfile index 2479d831a8..4ece6e3d66 100644 --- a/website/Gemfile +++ b/website/Gemfile @@ -4,10 +4,10 @@ Encoding.default_internal = Encoding::UTF_8 source "https://rubygems.org" gem "asciidoctor-pdf" -gem "asciidoctor", "< 3.0.0" +gem "asciidoctor" gem "bundle" gem "html-proofer" -gem "jekyll-asciidoc" +gem "jekyll-asciidoc", "< 3.0.0" gem "jekyll-feed" gem "jekyll-paginate" gem "jekyll-redirect-from" From 3c1b9dd2147c2407555904f83ec8c7cb726533df Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pablo=20Iranzo=20G=C3=B3mez?= Date: Wed, 11 Jan 2023 15:15:29 +0100 Subject: [PATCH 51/97] Adjust jekyll version --- website/Gemfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/website/Gemfile b/website/Gemfile index 4ece6e3d66..ec9c7d008c 100644 --- a/website/Gemfile +++ b/website/Gemfile @@ -14,7 +14,7 @@ gem "jekyll-redirect-from" gem "jekyll-sitemap" gem "jekyll-tagging" gem 'jekyll-seo-tag' -gem "jekyll", ">= 4.0.0" +gem "jekyll", "~> 4.0" gem "premonition", ">= 4.0.0" gem "pygments.rb" gem "rake" From 3584a8fbbbaab31ec44860fa0507b0bdf50ea218 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pablo=20Iranzo=20G=C3=B3mez?= Date: Wed, 11 Jan 2023 15:18:53 +0100 Subject: [PATCH 52/97] Adjust sass-converter version --- website/Gemfile | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/website/Gemfile b/website/Gemfile index ec9c7d008c..7fe61a77fc 100644 --- a/website/Gemfile +++ b/website/Gemfile @@ -7,14 +7,15 @@ gem "asciidoctor-pdf" gem "asciidoctor" gem "bundle" gem "html-proofer" -gem "jekyll-asciidoc", "< 3.0.0" +gem "jekyll-asciidoc", +gem "jekyll-sass-converter", "< 3.0.0" gem "jekyll-feed" gem "jekyll-paginate" gem "jekyll-redirect-from" gem "jekyll-sitemap" gem "jekyll-tagging" gem 'jekyll-seo-tag' -gem "jekyll", "~> 4.0" +gem "jekyll", ">= 4.0.0" gem "premonition", ">= 4.0.0" gem "pygments.rb" gem "rake" From 8e9584bc276d3c971b4c82d38ba0512e58d70124 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pablo=20Iranzo=20G=C3=B3mez?= Date: Wed, 11 Jan 2023 15:20:29 +0100 Subject: [PATCH 53/97] Remove trailing comma --- website/Gemfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/website/Gemfile b/website/Gemfile index 7fe61a77fc..66db7392d5 100644 --- a/website/Gemfile +++ b/website/Gemfile @@ -7,7 +7,7 @@ gem "asciidoctor-pdf" gem "asciidoctor" gem "bundle" gem "html-proofer" -gem "jekyll-asciidoc", +gem "jekyll-asciidoc" gem "jekyll-sass-converter", "< 3.0.0" gem "jekyll-feed" gem "jekyll-paginate" From 5f09e6299e100c83efc79e673b3c70f70fe7e582 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 13 Jan 2023 11:00:44 +0000 Subject: [PATCH 54/97] build(deps): bump actions/setup-python from 4.4.0 to 4.5.0 Bumps [actions/setup-python](https://github.com/actions/setup-python) from 4.4.0 to 4.5.0. - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](https://github.com/actions/setup-python/compare/v4.4.0...v4.5.0) --- updated-dependencies: - dependency-name: actions/setup-python dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/ansible-lint.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ansible-lint.yml b/.github/workflows/ansible-lint.yml index 85dd3dca38..a9710846aa 100644 --- a/.github/workflows/ansible-lint.yml +++ b/.github/workflows/ansible-lint.yml @@ -18,7 +18,7 @@ jobs: restore-keys: | ${{ runner.os }}-pip- - - uses: actions/setup-python@v4.4.0 + - uses: actions/setup-python@v4.5.0 - name: Install dependencies run: | From 6e03cc65e044d04e84f5f3991beb6d5be17a7290 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 31 Jan 2023 11:00:48 +0000 Subject: [PATCH 55/97] build(deps): bump actions/cache from 3.2.3 to 3.2.4 Bumps [actions/cache](https://github.com/actions/cache) from 3.2.3 to 3.2.4. - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](https://github.com/actions/cache/compare/v3.2.3...v3.2.4) --- updated-dependencies: - dependency-name: actions/cache dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- .github/workflows/ansible-lint.yml | 2 +- .github/workflows/jekyll.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ansible-lint.yml b/.github/workflows/ansible-lint.yml index a9710846aa..2b8cbaf95d 100644 --- a/.github/workflows/ansible-lint.yml +++ b/.github/workflows/ansible-lint.yml @@ -11,7 +11,7 @@ jobs: # Important: This sets up your GITHUB_WORKSPACE environment variable - uses: actions/checkout@v3.3.0 - - uses: actions/cache@v3.2.3 + - uses: actions/cache@v3.2.4 with: path: ~/.cache/pip key: ${{ runner.os }}-pip-${{ hashFiles('**/*requirements.txt') }} diff --git a/.github/workflows/jekyll.yml b/.github/workflows/jekyll.yml index 8b2c9bbed8..55e147def2 100644 --- a/.github/workflows/jekyll.yml +++ b/.github/workflows/jekyll.yml @@ -16,7 +16,7 @@ jobs: - uses: actions/checkout@v3.3.0 # Use GitHub Actions' cache to shorten build times and decrease load on servers - - uses: actions/cache@v3.2.3 + - uses: actions/cache@v3.2.4 with: path: vendor/bundle key: ${{ runner.os }}-gems-${{ hashFiles('**/Gemfile.lock') }} From 02d5f585e271ab744412e4f05ed6755d3a68c6ab Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 10 Feb 2023 11:56:39 +0000 Subject: [PATCH 56/97] build(deps): bump actions/cache from 3.2.4 to 3.2.5 Bumps [actions/cache](https://github.com/actions/cache) from 3.2.4 to 3.2.5. - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](https://github.com/actions/cache/compare/v3.2.4...v3.2.5) --- updated-dependencies: - dependency-name: actions/cache dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- .github/workflows/ansible-lint.yml | 2 +- .github/workflows/jekyll.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ansible-lint.yml b/.github/workflows/ansible-lint.yml index 2b8cbaf95d..5477cb6f49 100644 --- a/.github/workflows/ansible-lint.yml +++ b/.github/workflows/ansible-lint.yml @@ -11,7 +11,7 @@ jobs: # Important: This sets up your GITHUB_WORKSPACE environment variable - uses: actions/checkout@v3.3.0 - - uses: actions/cache@v3.2.4 + - uses: actions/cache@v3.2.5 with: path: ~/.cache/pip key: ${{ runner.os }}-pip-${{ hashFiles('**/*requirements.txt') }} diff --git a/.github/workflows/jekyll.yml b/.github/workflows/jekyll.yml index 55e147def2..970573504d 100644 --- a/.github/workflows/jekyll.yml +++ b/.github/workflows/jekyll.yml @@ -16,7 +16,7 @@ jobs: - uses: actions/checkout@v3.3.0 # Use GitHub Actions' cache to shorten build times and decrease load on servers - - uses: actions/cache@v3.2.4 + - uses: actions/cache@v3.2.5 with: path: vendor/bundle key: ${{ runner.os }}-gems-${{ hashFiles('**/Gemfile.lock') }} From 2a4fd753e38ab45836b8e249d4311c9e4a448c21 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 1 Feb 2023 11:01:06 +0000 Subject: [PATCH 57/97] build(deps): update ansible requirement from <7.2.0 to <7.3.0 Updates the requirements on [ansible](https://github.com/ansible/ansible) to permit the latest version. - [Release notes](https://github.com/ansible/ansible/releases) - [Commits](https://github.com/ansible/ansible/commits) --- updated-dependencies: - dependency-name: ansible dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- test-requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test-requirements.txt b/test-requirements.txt index 89336a202a..185f96c1c1 100644 --- a/test-requirements.txt +++ b/test-requirements.txt @@ -1,2 +1,2 @@ -ansible<7.2.0 +ansible<7.3.0 ansible-lint<6.0.0 From bb197f709290567f5c1201ff0eb97a4c0ab27c3f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 21 Feb 2023 11:56:37 +0000 Subject: [PATCH 58/97] build(deps): bump actions/cache from 3.2.5 to 3.2.6 Bumps [actions/cache](https://github.com/actions/cache) from 3.2.5 to 3.2.6. - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](https://github.com/actions/cache/compare/v3.2.5...v3.2.6) --- updated-dependencies: - dependency-name: actions/cache dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- .github/workflows/ansible-lint.yml | 2 +- .github/workflows/jekyll.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ansible-lint.yml b/.github/workflows/ansible-lint.yml index 5477cb6f49..6d84192b05 100644 --- a/.github/workflows/ansible-lint.yml +++ b/.github/workflows/ansible-lint.yml @@ -11,7 +11,7 @@ jobs: # Important: This sets up your GITHUB_WORKSPACE environment variable - uses: actions/checkout@v3.3.0 - - uses: actions/cache@v3.2.5 + - uses: actions/cache@v3.2.6 with: path: ~/.cache/pip key: ${{ runner.os }}-pip-${{ hashFiles('**/*requirements.txt') }} diff --git a/.github/workflows/jekyll.yml b/.github/workflows/jekyll.yml index 970573504d..82747b42dc 100644 --- a/.github/workflows/jekyll.yml +++ b/.github/workflows/jekyll.yml @@ -16,7 +16,7 @@ jobs: - uses: actions/checkout@v3.3.0 # Use GitHub Actions' cache to shorten build times and decrease load on servers - - uses: actions/cache@v3.2.5 + - uses: actions/cache@v3.2.6 with: path: vendor/bundle key: ${{ runner.os }}-gems-${{ hashFiles('**/Gemfile.lock') }} From 2277b156ffbc004575e62af1f15d865c198eea86 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 1 Mar 2023 09:39:49 +0000 Subject: [PATCH 59/97] build(deps): update ansible requirement from <7.3.0 to <7.4.0 (#948) Updates the requirements on [ansible](https://github.com/ansible/ansible) to permit the latest version. - [Release notes](https://github.com/ansible/ansible/releases) - [Commits](https://github.com/ansible/ansible/commits) --- updated-dependencies: - dependency-name: ansible dependency-type: direct:production ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- test-requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test-requirements.txt b/test-requirements.txt index 185f96c1c1..ae28e5ec4e 100644 --- a/test-requirements.txt +++ b/test-requirements.txt @@ -1,2 +1,2 @@ -ansible<7.3.0 +ansible<7.4.0 ansible-lint<6.0.0 From 4aeab3f712f74f098d0caf60fdff30035e027799 Mon Sep 17 00:00:00 2001 From: Dan Radez Date: Tue, 14 Mar 2023 12:59:13 -0400 Subject: [PATCH 60/97] Removing Ansible as a package dep. You can't run ansible without is already being installed. There are some packaging dep conflicts in installing ansible from RPMs on RHEL in the shared labs. This requirement will always hit that problem. Since ansible has to be already installed to get to this point there's no reason for it to be required here. If it's been installed by pip instead of RPM then the deploy can't continue. --- ansible-ipi-install/roles/shared-labs-prep/vars/main.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/ansible-ipi-install/roles/shared-labs-prep/vars/main.yml b/ansible-ipi-install/roles/shared-labs-prep/vars/main.yml index 8b82b2d2e3..a18f57c0c2 100644 --- a/ansible-ipi-install/roles/shared-labs-prep/vars/main.yml +++ b/ansible-ipi-install/roles/shared-labs-prep/vars/main.yml @@ -13,8 +13,7 @@ yum_packages: - python3-requests - sshpass - make - - ansible rdo_packages: - https://trunk.rdoproject.org/rhel8-master/deps/latest/Packages/python3-crypto-2.6.1-18.el8ost.x86_64.rpm - https://trunk.rdoproject.org/rhel8-master/deps/latest/Packages/python3-pyghmi-1.0.22-2.el8ost.noarch.rpm -badfish_podman_cmd: "podman run --pull=always --rm quay.io/quads/badfish -u {{ lab_ipmi_user }} -p {{ lab_ipmi_password }} -i config/idrac_interfaces.yml -H mgmt-" \ No newline at end of file +badfish_podman_cmd: "podman run --pull=always --rm quay.io/quads/badfish -u {{ lab_ipmi_user }} -p {{ lab_ipmi_password }} -i config/idrac_interfaces.yml -H mgmt-" From 0e0b45ab281a145c642e491608662f5a425bb5eb Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 16 Mar 2023 11:56:49 +0000 Subject: [PATCH 61/97] build(deps): bump actions/checkout from 3.3.0 to 3.4.0 Bumps [actions/checkout](https://github.com/actions/checkout) from 3.3.0 to 3.4.0. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v3.3.0...v3.4.0) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/ansible-lint.yml | 2 +- .github/workflows/jekyll.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ansible-lint.yml b/.github/workflows/ansible-lint.yml index 6d84192b05..d96352cd01 100644 --- a/.github/workflows/ansible-lint.yml +++ b/.github/workflows/ansible-lint.yml @@ -9,7 +9,7 @@ jobs: steps: # Important: This sets up your GITHUB_WORKSPACE environment variable - - uses: actions/checkout@v3.3.0 + - uses: actions/checkout@v3.4.0 - uses: actions/cache@v3.2.6 with: diff --git a/.github/workflows/jekyll.yml b/.github/workflows/jekyll.yml index 82747b42dc..f85ccbafd3 100644 --- a/.github/workflows/jekyll.yml +++ b/.github/workflows/jekyll.yml @@ -13,7 +13,7 @@ jobs: jekyll: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3.3.0 + - uses: actions/checkout@v3.4.0 # Use GitHub Actions' cache to shorten build times and decrease load on servers - uses: actions/cache@v3.2.6 From d978385aa7288342a2f02d8b3dc3fbee844f8f6b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 23 Mar 2023 11:56:43 +0000 Subject: [PATCH 62/97] build(deps): bump actions/stale from 7 to 8 Bumps [actions/stale](https://github.com/actions/stale) from 7 to 8. - [Release notes](https://github.com/actions/stale/releases) - [Changelog](https://github.com/actions/stale/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/stale/compare/v7...v8) --- updated-dependencies: - dependency-name: actions/stale dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/stale.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml index e0a01fd473..f903d410e7 100644 --- a/.github/workflows/stale.yml +++ b/.github/workflows/stale.yml @@ -9,7 +9,7 @@ jobs: stale: runs-on: ubuntu-latest steps: - - uses: actions/stale@v7 + - uses: actions/stale@v8 with: repo-token: ${{ secrets.GITHUB_TOKEN }} stale-issue-message: 'This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 7 days' From 6ba176ac0a58b161c5e3e972b3605f868654b956 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 16 Mar 2023 12:17:10 +0000 Subject: [PATCH 63/97] build(deps): bump actions/cache from 3.2.6 to 3.3.1 Bumps [actions/cache](https://github.com/actions/cache) from 3.2.6 to 3.3.1. - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](https://github.com/actions/cache/compare/v3.2.6...v3.3.1) --- updated-dependencies: - dependency-name: actions/cache dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/ansible-lint.yml | 2 +- .github/workflows/jekyll.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ansible-lint.yml b/.github/workflows/ansible-lint.yml index d96352cd01..b850c2539f 100644 --- a/.github/workflows/ansible-lint.yml +++ b/.github/workflows/ansible-lint.yml @@ -11,7 +11,7 @@ jobs: # Important: This sets up your GITHUB_WORKSPACE environment variable - uses: actions/checkout@v3.4.0 - - uses: actions/cache@v3.2.6 + - uses: actions/cache@v3.3.1 with: path: ~/.cache/pip key: ${{ runner.os }}-pip-${{ hashFiles('**/*requirements.txt') }} diff --git a/.github/workflows/jekyll.yml b/.github/workflows/jekyll.yml index f85ccbafd3..bc1774f10f 100644 --- a/.github/workflows/jekyll.yml +++ b/.github/workflows/jekyll.yml @@ -16,7 +16,7 @@ jobs: - uses: actions/checkout@v3.4.0 # Use GitHub Actions' cache to shorten build times and decrease load on servers - - uses: actions/cache@v3.2.6 + - uses: actions/cache@v3.3.1 with: path: vendor/bundle key: ${{ runner.os }}-gems-${{ hashFiles('**/Gemfile.lock') }} From 352d1a286d4cc5b6f1fce0e2646df06725c0f669 Mon Sep 17 00:00:00 2001 From: Pierre Blanc Date: Wed, 29 Mar 2023 09:43:53 -0400 Subject: [PATCH 64/97] Add retries to get the ocp client --- ansible-ipi-install/roles/installer/tasks/10_get_oc.yml | 4 ++++ .../roles/installer/tasks/20_extract_installer.yml | 4 ++++ 2 files changed, 8 insertions(+) diff --git a/ansible-ipi-install/roles/installer/tasks/10_get_oc.yml b/ansible-ipi-install/roles/installer/tasks/10_get_oc.yml index 674f9b8f74..566db2adc7 100644 --- a/ansible-ipi-install/roles/installer/tasks/10_get_oc.yml +++ b/ansible-ipi-install/roles/installer/tasks/10_get_oc.yml @@ -89,6 +89,10 @@ owner: "{{ ansible_user }}" group: "{{ ansible_user }}" mode: '0755' + register: result + retries: 3 + delay: 10 + until: result is not failed delegate_to: "{{ registry_creation | ternary(groups['registry_host'][0], groups['provisioner'][0]) }}" tags: getoc diff --git a/ansible-ipi-install/roles/installer/tasks/20_extract_installer.yml b/ansible-ipi-install/roles/installer/tasks/20_extract_installer.yml index 34774e0fe4..ed8f2837c4 100644 --- a/ansible-ipi-install/roles/installer/tasks/20_extract_installer.yml +++ b/ansible-ipi-install/roles/installer/tasks/20_extract_installer.yml @@ -116,6 +116,10 @@ get_url: url: "{{ webserver_url }}/{{ version }}/openshift-baremetal-install" dest: "{{ tempdir }}/openshift-baremetal-install" + register: result + retries: 3 + delay: 10 + until: result is not failed when: (the_url.status == -1 and disconnected_installer|length == 0) tags: - extract From ed39572000686470792ab75ed818ff89519342a4 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 13 Apr 2023 11:56:40 +0000 Subject: [PATCH 65/97] build(deps): bump actions/checkout from 3.4.0 to 3.5.1 Bumps [actions/checkout](https://github.com/actions/checkout) from 3.4.0 to 3.5.1. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v3.4.0...v3.5.1) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/ansible-lint.yml | 2 +- .github/workflows/jekyll.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ansible-lint.yml b/.github/workflows/ansible-lint.yml index b850c2539f..6cd779a4ab 100644 --- a/.github/workflows/ansible-lint.yml +++ b/.github/workflows/ansible-lint.yml @@ -9,7 +9,7 @@ jobs: steps: # Important: This sets up your GITHUB_WORKSPACE environment variable - - uses: actions/checkout@v3.4.0 + - uses: actions/checkout@v3.5.1 - uses: actions/cache@v3.3.1 with: diff --git a/.github/workflows/jekyll.yml b/.github/workflows/jekyll.yml index bc1774f10f..f13684782c 100644 --- a/.github/workflows/jekyll.yml +++ b/.github/workflows/jekyll.yml @@ -13,7 +13,7 @@ jobs: jekyll: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3.4.0 + - uses: actions/checkout@v3.5.1 # Use GitHub Actions' cache to shorten build times and decrease load on servers - uses: actions/cache@v3.3.1 From dcc423b60e928b93472383970c62eef138bd56db Mon Sep 17 00:00:00 2001 From: Manuel Rodriguez Date: Fri, 14 Apr 2023 10:45:21 -0400 Subject: [PATCH 66/97] Add support to dualstack vips starting in 4.12 (#953) This patch allows to specify IPv4 and IPv6 VIPs for Ingress and API using dualstack_vips boolean. Validations are included and if not specify it, then it defaults to old variables to specify a single VIP for Ingress and API. --- ansible-ipi-install/inventory/hosts.sample | 10 ++++ .../templates/install-config-virtualmedia.j2 | 17 +++++++ .../installer/templates/install-config.j2 | 17 +++++++ .../roles/node-prep/defaults/main.yml | 1 + .../roles/node-prep/tasks/10_validation.yml | 51 +++++++++++++++++++ 5 files changed, 96 insertions(+) diff --git a/ansible-ipi-install/inventory/hosts.sample b/ansible-ipi-install/inventory/hosts.sample index bffd102546..37898a7977 100644 --- a/ansible-ipi-install/inventory/hosts.sample +++ b/ansible-ipi-install/inventory/hosts.sample @@ -71,6 +71,10 @@ prov_ip=172.22.0.3 # Only one of ipv4_baremetal and dualstack_baremetal can be true #dualstack_baremetal=False +# (Optional) When ipv6_enabled and dualstack_baremetal are set to True, and want dual-stack VIPs for baremetal network +# Requires that the API and Ingress VIPs resolve both A and AAAA DNS records +#dualstack_vips=False + # (Optional) A list of clock servers to be used in chrony by the masters and workers #clock_servers=["pool.ntp.org","clock.redhat.com"] @@ -133,9 +137,15 @@ extcidrnet6="" # An IP reserved on the baremetal network for the API endpoint. # (Optional) If not set, a DNS lookup verifies that api.. provides an IP #apivip="" +# An IP reserved on the baremetal network for the API IPv6 endpoint. +# (Optional) Starting in OCP 4.12. IPv6 from DNS lookup of api.. +#apivip6="" # An IP reserved on the baremetal network for the Ingress endpoint. # (Optional) If not set, a DNS lookup verifies that *.apps.. provides an IP #ingressvip="" +# An IP reserved on the baremetal network for the Ingress IPv6 endpoint. +# (Optional) Starting in OCP 4.12. IPv6 from DNS lookup of *.apps.. +#ingressvip6="" # The master hosts provisioning nic # (Optional) If not set, the prov_nic will be used #masters_prov_nic="" diff --git a/ansible-ipi-install/roles/installer/templates/install-config-virtualmedia.j2 b/ansible-ipi-install/roles/installer/templates/install-config-virtualmedia.j2 index 8589d365a4..d9bcfe6900 100644 --- a/ansible-ipi-install/roles/installer/templates/install-config-virtualmedia.j2 +++ b/ansible-ipi-install/roles/installer/templates/install-config-virtualmedia.j2 @@ -46,8 +46,25 @@ controlPlane: baremetal: {} platform: baremetal: +{% if ((release_version.split('.')[0]|int == 4) and (release_version.split('.')[1]|int >= 12)) and dualstack_baremetal|bool and dualstack_vips|bool %} + apiVIPs: +{% if apivip is defined and apivip|ipv4 %} + - {{ apivip }} +{% endif %} +{% if ipv6_enabled|bool and apivip6 is defined and apivip6|ipv6 %} + - {{ apivip6 }} +{% endif %} + ingressVIPs: +{% if ingressvip is defined and ingressvip|ipv4 %} + - {{ ingressvip }} +{% endif %} +{% if ipv6_enabled|bool and ingressvip6 is defined and ingressvip6|ipv6 %} + - {{ ingressvip6 }} +{% endif %} +{% else %} apiVIP: {{ apivip }} ingressVIP: {{ ingressvip }} +{% endif %} {% if ((release_version.split('.')[0]|int == 4) and (release_version.split('.')[1]|int < 5)) %} dnsVIP: {{ dnsvip }} {% endif %} diff --git a/ansible-ipi-install/roles/installer/templates/install-config.j2 b/ansible-ipi-install/roles/installer/templates/install-config.j2 index b93849c302..730eb5396a 100644 --- a/ansible-ipi-install/roles/installer/templates/install-config.j2 +++ b/ansible-ipi-install/roles/installer/templates/install-config.j2 @@ -46,8 +46,25 @@ controlPlane: baremetal: {} platform: baremetal: +{% if ((release_version.split('.')[0]|int == 4) and (release_version.split('.')[1]|int >= 12)) and dualstack_baremetal|bool and dualstack_vips|bool %} + apiVIPs: +{% if apivip is defined and apivip|ipv4 %} + - {{ apivip }} +{% endif %} +{% if ipv6_enabled|bool and apivip6 is defined and apivip6|ipv6 %} + - {{ apivip6 }} +{% endif %} + ingressVIPs: +{% if ingressvip is defined and ingressvip|ipv4 %} + - {{ ingressvip }} +{% endif %} +{% if ipv6_enabled|bool and ingressvip6 is defined and ingressvip6|ipv6 %} + - {{ ingressvip6 }} +{% endif %} +{% else %} apiVIP: {{ apivip }} ingressVIP: {{ ingressvip }} +{% endif %} {% if ((release_version.split('.')[0]|int == 4) and (release_version.split('.')[1]|int < 5)) %} dnsVIP: {{ dnsvip }} {% endif %} diff --git a/ansible-ipi-install/roles/node-prep/defaults/main.yml b/ansible-ipi-install/roles/node-prep/defaults/main.yml index 391f0a86c9..8c3ae5ea79 100644 --- a/ansible-ipi-install/roles/node-prep/defaults/main.yml +++ b/ansible-ipi-install/roles/node-prep/defaults/main.yml @@ -11,6 +11,7 @@ https_proxy: "" ipv4_baremetal: false ipv4_provisioning: false dualstack_baremetal: false +dualstack_vips: false provisioning_bridge: "provisioning" webserver_url: "" baremetal_bridge: "baremetal" diff --git a/ansible-ipi-install/roles/node-prep/tasks/10_validation.yml b/ansible-ipi-install/roles/node-prep/tasks/10_validation.yml index 7bea79f629..2743574cc6 100644 --- a/ansible-ipi-install/roles/node-prep/tasks/10_validation.yml +++ b/ansible-ipi-install/roles/node-prep/tasks/10_validation.yml @@ -138,6 +138,57 @@ - always - validation +- name: Validations for IPv6 VIPs in OCP >= 4.12 + block: + - name: Verify DNS records for Wildcard (Ingress) IPv6 VIP + set_fact: + ingressvip6: "{{ lookup('dig', 'foo.apps.{{ cluster |quote }}.{{ domain | quote }}.', 'qtype=AAAA' ) }}" + when: ((ingressvip6 is undefined) or (ingressvip6|length == 0)) + tags: + - always + - validation + + - name: Verify DNS records for API IPv6 VIP + set_fact: + apivip6: "{{ lookup('dig', 'api.{{ cluster |quote }}.{{ domain | quote }}.', 'qtype=AAAA' ) }}" + when: ((apivip6 is undefined) or (apivip6|length == 0)) + tags: + - always + - validation + + - name: Display API IPv6 VIP + debug: + msg: "The API IPv6 VIP is {{ apivip6 }}" + verbosity: 2 + tags: validation + + - name: Display Ingress IPv6 VIP + debug: + msg: "The Wildcard (Ingress) IPv6 VIP is {{ ingressvip6 }}" + verbosity: 2 + tags: validation + + - name: Fail if incorrect API IPv6 VIP + fail: + msg: "The API IPv6 VIP seems to be incorrect. Value was NXDOMAIN or empty string." + when: (apivip6 == 'NXDOMAIN') or (apivip6|length == 0) + tags: + - always + - validation + + - name: Fail if incorrect Ingress IPv6 VIP + fail: + msg: "The Ingress IPv6 VIP seems to be incorrect. Value was NXDOMAIN or empty string." + when: (ingressvip6 == 'NXDOMAIN') or (ingressvip6|length == 0) + tags: + - always + - validation + when: + - version.split('.')[0]|int == 4 and version.split('.')[1]|int >= 12 + - ipv6_enabled | bool + - dualstack_baremetal | bool + - dualstack_vips | bool + - name: Set release_url for development envs set_fact: release_url: "{{ (webserver_url|length) | ternary(webserver_url, 'https://mirror.openshift.com/pub/openshift-v4/clients/ocp-dev-preview') }}" From 8d8a4fc3423090b57d8590827d2e36bf19f51d7a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 14 Apr 2023 11:56:42 +0000 Subject: [PATCH 67/97] build(deps): bump actions/checkout from 3.5.1 to 3.5.2 Bumps [actions/checkout](https://github.com/actions/checkout) from 3.5.1 to 3.5.2. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v3.5.1...v3.5.2) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- .github/workflows/ansible-lint.yml | 2 +- .github/workflows/jekyll.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ansible-lint.yml b/.github/workflows/ansible-lint.yml index 6cd779a4ab..a5868787be 100644 --- a/.github/workflows/ansible-lint.yml +++ b/.github/workflows/ansible-lint.yml @@ -9,7 +9,7 @@ jobs: steps: # Important: This sets up your GITHUB_WORKSPACE environment variable - - uses: actions/checkout@v3.5.1 + - uses: actions/checkout@v3.5.2 - uses: actions/cache@v3.3.1 with: diff --git a/.github/workflows/jekyll.yml b/.github/workflows/jekyll.yml index f13684782c..dd1e78437a 100644 --- a/.github/workflows/jekyll.yml +++ b/.github/workflows/jekyll.yml @@ -13,7 +13,7 @@ jobs: jekyll: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3.5.1 + - uses: actions/checkout@v3.5.2 # Use GitHub Actions' cache to shorten build times and decrease load on servers - uses: actions/cache@v3.3.1 From 081c3e2d2c8ec4c75eebef32cf988546d4f33c97 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 29 Mar 2023 11:56:51 +0000 Subject: [PATCH 68/97] build(deps): update ansible requirement from <7.4.0 to <7.5.0 Updates the requirements on [ansible](https://github.com/ansible/ansible) to permit the latest version. - [Release notes](https://github.com/ansible/ansible/releases) - [Commits](https://github.com/ansible/ansible/commits) --- updated-dependencies: - dependency-name: ansible dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- test-requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test-requirements.txt b/test-requirements.txt index ae28e5ec4e..f4eeb24967 100644 --- a/test-requirements.txt +++ b/test-requirements.txt @@ -1,2 +1,2 @@ -ansible<7.4.0 +ansible<7.5.0 ansible-lint<6.0.0 From 7ffc9225a3d2f258ded71af740b68a333a4de701 Mon Sep 17 00:00:00 2001 From: Rabin Yasharzadehe Date: Wed, 19 Apr 2023 17:52:38 +0300 Subject: [PATCH 69/97] Add support for wwnVendorExtension & wwnWithExtension as disk hints (#960) * Add wwnVendorExtension, wwnWithExtension to roothint_list * Update install-config templates Add quotes around disk hint value, in case the value in format of "0x1234" which Ansible will convert to integer Signed-off-by: Rabin Yasharzadehe --------- Signed-off-by: Rabin Yasharzadehe --- .../roles/installer/templates/install-config-virtualmedia.j2 | 2 +- ansible-ipi-install/roles/installer/templates/install-config.j2 | 2 +- ansible-ipi-install/roles/node-prep/vars/main.yml | 2 ++ 3 files changed, 4 insertions(+), 2 deletions(-) diff --git a/ansible-ipi-install/roles/installer/templates/install-config-virtualmedia.j2 b/ansible-ipi-install/roles/installer/templates/install-config-virtualmedia.j2 index d9bcfe6900..644707d6de 100644 --- a/ansible-ipi-install/roles/installer/templates/install-config-virtualmedia.j2 +++ b/ansible-ipi-install/roles/installer/templates/install-config-virtualmedia.j2 @@ -114,7 +114,7 @@ platform: {% endif %} {% if 'root_device_hint' in hostvars[host] and 'root_device_hint_value' in hostvars[host] and hostvars[host]['root_device_hint'] in roothint_list %} rootDeviceHints: - {{ hostvars[host]['root_device_hint'] }}: {{ hostvars[host]['root_device_hint_value'] }} + {{ hostvars[host]['root_device_hint'] }}: '{{ hostvars[host]['root_device_hint_value'] }}' {% endif %} {% endif %} {% if ((release_version.split('.')[0]|int == 4) and (release_version.split('.')[1]|int >= 10)) %} diff --git a/ansible-ipi-install/roles/installer/templates/install-config.j2 b/ansible-ipi-install/roles/installer/templates/install-config.j2 index 730eb5396a..50535d3c94 100644 --- a/ansible-ipi-install/roles/installer/templates/install-config.j2 +++ b/ansible-ipi-install/roles/installer/templates/install-config.j2 @@ -120,7 +120,7 @@ platform: {% endif %} {% if 'root_device_hint' in hostvars[host] and 'root_device_hint_value' in hostvars[host] and hostvars[host]['root_device_hint'] in roothint_list %} rootDeviceHints: - {{ hostvars[host]['root_device_hint'] }}: {{ hostvars[host]['root_device_hint_value'] }} + {{ hostvars[host]['root_device_hint'] }}: '{{ hostvars[host]['root_device_hint_value'] }}' {% endif %} {% endif %} {% if ((release_version.split('.')[0]|int == 4) and (release_version.split('.')[1]|int >= 10)) %} diff --git a/ansible-ipi-install/roles/node-prep/vars/main.yml b/ansible-ipi-install/roles/node-prep/vars/main.yml index dbe9923928..610125f9e1 100644 --- a/ansible-ipi-install/roles/node-prep/vars/main.yml +++ b/ansible-ipi-install/roles/node-prep/vars/main.yml @@ -40,5 +40,7 @@ roothint_list: - serialNumber - minSizeGigabytes - wwn + - wwnWithExtension + - wwnVendorExtension - rotational - '' From ed57607a5224060aa5e2b214d69e7557144eda81 Mon Sep 17 00:00:00 2001 From: Rabin Yasharzadehe Date: Thu, 20 Apr 2023 20:12:29 +0300 Subject: [PATCH 70/97] Add missing quotes for drive hint in workers group (#961) --- .../roles/installer/templates/install-config-virtualmedia.j2 | 2 +- ansible-ipi-install/roles/installer/templates/install-config.j2 | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/ansible-ipi-install/roles/installer/templates/install-config-virtualmedia.j2 b/ansible-ipi-install/roles/installer/templates/install-config-virtualmedia.j2 index 644707d6de..ba1e70f123 100644 --- a/ansible-ipi-install/roles/installer/templates/install-config-virtualmedia.j2 +++ b/ansible-ipi-install/roles/installer/templates/install-config-virtualmedia.j2 @@ -158,7 +158,7 @@ platform: {% endif %} {% if 'root_device_hint' in hostvars[host] and 'root_device_hint_value' in hostvars[host] %} rootDeviceHints: - {{ hostvars[host]['root_device_hint'] }}: {{ hostvars[host]['root_device_hint_value'] }} + {{ hostvars[host]['root_device_hint'] }}: '{{ hostvars[host]['root_device_hint_value'] }}' {% endif %} {% endif %} {% if ((release_version.split('.')[0]|int == 4) and (release_version.split('.')[1]|int >= 10)) %} diff --git a/ansible-ipi-install/roles/installer/templates/install-config.j2 b/ansible-ipi-install/roles/installer/templates/install-config.j2 index 50535d3c94..a3576f7179 100644 --- a/ansible-ipi-install/roles/installer/templates/install-config.j2 +++ b/ansible-ipi-install/roles/installer/templates/install-config.j2 @@ -162,7 +162,7 @@ platform: {% endif %} {% if 'root_device_hint' in hostvars[host] and 'root_device_hint_value' in hostvars[host] %} rootDeviceHints: - {{ hostvars[host]['root_device_hint'] }}: {{ hostvars[host]['root_device_hint_value'] }} + {{ hostvars[host]['root_device_hint'] }}: '{{ hostvars[host]['root_device_hint_value'] }}' {% endif %} {% endif %} {% if ((release_version.split('.')[0]|int == 4) and (release_version.split('.')[1]|int >= 10)) %} From 38b504c9f728cda144839e292c0e3649ca38f8e5 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 21 Apr 2023 11:56:44 +0000 Subject: [PATCH 71/97] build(deps): bump actions/setup-python from 4.5.0 to 4.6.0 Bumps [actions/setup-python](https://github.com/actions/setup-python) from 4.5.0 to 4.6.0. - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](https://github.com/actions/setup-python/compare/v4.5.0...v4.6.0) --- updated-dependencies: - dependency-name: actions/setup-python dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/ansible-lint.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ansible-lint.yml b/.github/workflows/ansible-lint.yml index a5868787be..6a7477d39a 100644 --- a/.github/workflows/ansible-lint.yml +++ b/.github/workflows/ansible-lint.yml @@ -18,7 +18,7 @@ jobs: restore-keys: | ${{ runner.os }}-pip- - - uses: actions/setup-python@v4.5.0 + - uses: actions/setup-python@v4.6.0 - name: Install dependencies run: | From 4308a35f70d9689f0aabf85c45849a909a84cd31 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 26 Apr 2023 11:56:52 +0000 Subject: [PATCH 72/97] build(deps): update ansible requirement from <7.5.0 to <7.6.0 Updates the requirements on [ansible](https://github.com/ansible/ansible) to permit the latest version. - [Release notes](https://github.com/ansible/ansible/releases) - [Commits](https://github.com/ansible/ansible/commits) --- updated-dependencies: - dependency-name: ansible dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- test-requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test-requirements.txt b/test-requirements.txt index f4eeb24967..f1768ab521 100644 --- a/test-requirements.txt +++ b/test-requirements.txt @@ -1,2 +1,2 @@ -ansible<7.5.0 +ansible<7.6.0 ansible-lint<6.0.0 From e84385c41621131e255c0ce46efa8226f7a75ec6 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 23 May 2023 11:56:49 +0000 Subject: [PATCH 73/97] build(deps): update ansible requirement from <7.6.0 to <7.7.0 Updates the requirements on [ansible](https://github.com/ansible/ansible) to permit the latest version. - [Release notes](https://github.com/ansible/ansible/releases) - [Commits](https://github.com/ansible/ansible/commits) --- updated-dependencies: - dependency-name: ansible dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- test-requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test-requirements.txt b/test-requirements.txt index f1768ab521..a1573cd09e 100644 --- a/test-requirements.txt +++ b/test-requirements.txt @@ -1,2 +1,2 @@ -ansible<7.6.0 +ansible<7.7.0 ansible-lint<6.0.0 From a7a18dff6e3b49839837c4ecf690849e95b00fb5 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 25 May 2023 11:56:42 +0000 Subject: [PATCH 74/97] build(deps): bump actions/setup-python from 4.6.0 to 4.6.1 Bumps [actions/setup-python](https://github.com/actions/setup-python) from 4.6.0 to 4.6.1. - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](https://github.com/actions/setup-python/compare/v4.6.0...v4.6.1) --- updated-dependencies: - dependency-name: actions/setup-python dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- .github/workflows/ansible-lint.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ansible-lint.yml b/.github/workflows/ansible-lint.yml index 6a7477d39a..3a053d100a 100644 --- a/.github/workflows/ansible-lint.yml +++ b/.github/workflows/ansible-lint.yml @@ -18,7 +18,7 @@ jobs: restore-keys: | ${{ runner.os }}-pip- - - uses: actions/setup-python@v4.6.0 + - uses: actions/setup-python@v4.6.1 - name: Install dependencies run: | From 247ad818905196ca49daecca3e8a5b4c5ed3dae8 Mon Sep 17 00:00:00 2001 From: Tony Garcia Date: Tue, 30 May 2023 03:33:39 -0500 Subject: [PATCH 75/97] Introduce the use of imageDigestSources (#965) The imageContentSources is being deprecated in the openshift-installer and imageDigestSources is replacing it. Allow the use of imageDigestSources when the disconnected registry is created. Updating docs to reflect the use of each CR depending on the OCP version --- .../roles/installer/templates/install-config-appends.j2 | 4 ++++ .../ansible-playbook-using-an-existing-registry.adoc | 8 ++++++-- .../ipi-install-creating-a-disconnected-registry.adoc | 5 ++++- .../ipi-install-troubleshooting-install-config.adoc | 2 +- 4 files changed, 15 insertions(+), 4 deletions(-) diff --git a/ansible-ipi-install/roles/installer/templates/install-config-appends.j2 b/ansible-ipi-install/roles/installer/templates/install-config-appends.j2 index 43d9148397..1798355303 100644 --- a/ansible-ipi-install/roles/installer/templates/install-config-appends.j2 +++ b/ansible-ipi-install/roles/installer/templates/install-config-appends.j2 @@ -1,6 +1,10 @@ additionalTrustBundle: | {{ trustbundle | regex_replace('\n', '\n ') }} +{% if release_version is version('4.14', '<') %} imageContentSources: +{% else %} +imageDigestSources: +{% endif %} - mirrors: - {{ local_registry }}/{{ local_repo }} source: quay.io/openshift-release-dev/ocp-v4.0-art-dev diff --git a/documentation/ansible-playbook/modules/ansible-playbook-using-an-existing-registry.adoc b/documentation/ansible-playbook/modules/ansible-playbook-using-an-existing-registry.adoc index 1c8eabedec..a49a0057d7 100644 --- a/documentation/ansible-playbook/modules/ansible-playbook-using-an-existing-registry.adoc +++ b/documentation/ansible-playbook/modules/ansible-playbook-using-an-existing-registry.adoc @@ -36,7 +36,8 @@ Example: ==== The `disconnected_registry_mirrors_file` variable should point to a file -containing the `additionalTrustBundle` and `imageContentSources` for +containing the `additionalTrustBundle` and `imageContentSources` (OpenShift +4.13 and below) or `imageDigestSources` (OpenShift 4.14 and above) for the disconnected registry. The certificate that goes within the additional trust bundle is the disconnected registry node's certificate. The `imageContentSources` adds the mirrored information of the registry. The below @@ -58,7 +59,7 @@ additionalTrustBundle: | dC5jb20wHhcNMjAwNDA3MjM1MzI2WhcNMzAwNDA1MjM1MzI2WjCBkDELMAkGA1UE -----END CERTIFICATE----- -imageContentSources: +: <1> - mirrors: - registry.example.com:5000/ocp4/openshift4 source: quay.io/openshift-release-dev/ocp-v4.0-art-dev @@ -70,5 +71,8 @@ imageContentSources: source: quay.io/openshift-release-dev/ocp-release ---- +Where: ++ +<1> `` is either `imageContentSources` for OpenShift 4.13 and below, or `imageDigestSources` for Openshift 4.14 and above. NOTE: Indentation is important in the yml file. Ensure your copy of the `install-config-appends.yml` is properly indented as in the example above. diff --git a/documentation/ipi-install/modules/ipi-install-creating-a-disconnected-registry.adoc b/documentation/ipi-install/modules/ipi-install-creating-a-disconnected-registry.adoc index 2cab721d55..d03043d7ab 100644 --- a/documentation/ipi-install/modules/ipi-install-creating-a-disconnected-registry.adoc +++ b/documentation/ipi-install/modules/ipi-install-creating-a-disconnected-registry.adoc @@ -218,7 +218,7 @@ $ sed -e 's/^/ /' /opt/registry/certs/domain.crt >> install-config.yaml [source,terminal] ---- $ cat <> install-config.yaml -imageContentSources: +: <1> - mirrors: - registry.example.com:5000/ocp4/openshift4 source: quay.io/openshift-release-dev/ocp-v4.0-art-dev @@ -230,5 +230,8 @@ imageContentSources: source: quay.io/openshift-release-dev/ocp-release EOF ---- +Where: ++ +<1> You must replace `` with `imageContentSources` for OpenShift 4.13 and below, or `imageDigestSources` for Openshift 4.14 and above. + NOTE: Replace `registry.example.com` with the registry's fully qualified domain name. diff --git a/documentation/ipi-install/modules/ipi-install-troubleshooting-install-config.adoc b/documentation/ipi-install/modules/ipi-install-troubleshooting-install-config.adoc index 8e156b0f95..25a5013587 100644 --- a/documentation/ipi-install/modules/ipi-install-troubleshooting-install-config.adoc +++ b/documentation/ipi-install/modules/ipi-install-troubleshooting-install-config.adoc @@ -5,7 +5,7 @@ = Troubleshooting `install-config.yaml` -The `install-config.yaml` configuration file represents all of the nodes that are part of the {product-title} cluster. The file contains the necessary options consisting of but not limited to `apiVersion`, `baseDomain`, `imageContentSources` and virtual IP addresses. If errors occur early in the deployment of the {product-title} cluster, the errors are likely in the `install-config.yaml` configuration file. +The `install-config.yaml` configuration file represents all of the nodes that are part of the {product-title} cluster. The file contains the necessary options consisting of but not limited to `apiVersion`, `baseDomain`, `imageContentSources` (OpenShift 4.13 and below) or `imageDigestSources` (OpenShirt 4.14 and above), and virtual IP addresses. If errors occur early in the deployment of the {product-title} cluster, the errors are likely in the `install-config.yaml` configuration file. .Procedure From ef54d0d1b0a3c6f8830ad04e8076afec3effb12d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 12 Jun 2023 11:56:42 +0000 Subject: [PATCH 76/97] build(deps): bump actions/checkout from 3.5.2 to 3.5.3 Bumps [actions/checkout](https://github.com/actions/checkout) from 3.5.2 to 3.5.3. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v3.5.2...v3.5.3) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- .github/workflows/ansible-lint.yml | 2 +- .github/workflows/jekyll.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ansible-lint.yml b/.github/workflows/ansible-lint.yml index 3a053d100a..cfe41c6393 100644 --- a/.github/workflows/ansible-lint.yml +++ b/.github/workflows/ansible-lint.yml @@ -9,7 +9,7 @@ jobs: steps: # Important: This sets up your GITHUB_WORKSPACE environment variable - - uses: actions/checkout@v3.5.2 + - uses: actions/checkout@v3.5.3 - uses: actions/cache@v3.3.1 with: diff --git a/.github/workflows/jekyll.yml b/.github/workflows/jekyll.yml index dd1e78437a..8e8cef96b2 100644 --- a/.github/workflows/jekyll.yml +++ b/.github/workflows/jekyll.yml @@ -13,7 +13,7 @@ jobs: jekyll: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3.5.2 + - uses: actions/checkout@v3.5.3 # Use GitHub Actions' cache to shorten build times and decrease load on servers - uses: actions/cache@v3.3.1 From ac4c196bf4c77ccb3508c0199f31121052c66a68 Mon Sep 17 00:00:00 2001 From: Tony Garcia Date: Mon, 4 Sep 2023 09:27:15 -0500 Subject: [PATCH 77/97] Add externalMACAddress in virtualmedia template (#974) Bringing parity with non-virtualmedia installs by adding externalMACAddress in the virtualmedia template, allowing libvirt to use a specific hwaddr in the provisioner host. Limiting the use of provisioningHostIP in virtualmedia only in the supported (4.6) version Signed-off-by: Tony Garcia --- .../roles/installer/templates/install-config-virtualmedia.j2 | 5 +++++ ansible-ipi-install/roles/node-prep/tasks/10_validation.yml | 1 + 2 files changed, 6 insertions(+) diff --git a/ansible-ipi-install/roles/installer/templates/install-config-virtualmedia.j2 b/ansible-ipi-install/roles/installer/templates/install-config-virtualmedia.j2 index ba1e70f123..0aa888f981 100644 --- a/ansible-ipi-install/roles/installer/templates/install-config-virtualmedia.j2 +++ b/ansible-ipi-install/roles/installer/templates/install-config-virtualmedia.j2 @@ -72,8 +72,13 @@ platform: externalBridge: {{ baremetal_bridge }} {% endif %} provisioningNetwork: "Disabled" +{% if ((release_version.split('.')[0]|int == 4) and (release_version.split('.')[1]|int == 6)) %} provisioningHostIP: {{ provisioningHostIP }} +{% endif %} bootstrapProvisioningIP: {{ bootstrapProvisioningIP }} +{% if externalMACAddress is defined and externalMACAddress|length %} + externalMACAddress: '{{ externalMACAddress }}' +{% endif %} {% if bootstraposimage is defined and bootstraposimage|length %} bootstrapOSImage: {{ bootstraposimage }} {% endif %} diff --git a/ansible-ipi-install/roles/node-prep/tasks/10_validation.yml b/ansible-ipi-install/roles/node-prep/tasks/10_validation.yml index 2743574cc6..0d91d76ca6 100644 --- a/ansible-ipi-install/roles/node-prep/tasks/10_validation.yml +++ b/ansible-ipi-install/roles/node-prep/tasks/10_validation.yml @@ -525,6 +525,7 @@ when: - enable_virtualmedia|bool - provisioningHostIP is undefined + - release_version.split('.')[0]|int == 4 and release_version.split('.')[1]|int == 6 tags: - always - validation From bcd2038f44cc7d6e95860d6031a39b14a7416168 Mon Sep 17 00:00:00 2001 From: fdaencar <64908537+fdaencarrh@users.noreply.github.com> Date: Wed, 6 Sep 2023 10:25:01 -0400 Subject: [PATCH 78/97] Change the RHCOS image cache container public registry (#978) * Change the RHCOS image cache container registry.centos.org seems to be done or unavailable. Changing from registry.centos.org to quay.io and add the ability to change it if needed. * Change registry.centos.org in the documentation Change the documentation to replace registry.centos.org to quay.io --- ansible-ipi-install/roles/installer/defaults/main.yml | 1 + .../roles/installer/tasks/24_rhcos_image_cache.yml | 2 +- .../modules/ipi-install-creating-an-rhcos-images-cache.adoc | 2 +- 3 files changed, 3 insertions(+), 2 deletions(-) diff --git a/ansible-ipi-install/roles/installer/defaults/main.yml b/ansible-ipi-install/roles/installer/defaults/main.yml index dbd1f1cf04..47861b766e 100644 --- a/ansible-ipi-install/roles/installer/defaults/main.yml +++ b/ansible-ipi-install/roles/installer/defaults/main.yml @@ -9,6 +9,7 @@ install_config_appends_file: install-config-appends.yml registry_auth_file: registry-auths.json disconnected_registry_user: dummy disconnected_registry_password: dummy +webserver_cache_image: "quay.io/centos7/httpd-24-centos7:latest" webserver_caching_port: "{{ webserver_caching_port_container }}" webserver_caching_port_container: 8080 registry_creation: false diff --git a/ansible-ipi-install/roles/installer/tasks/24_rhcos_image_cache.yml b/ansible-ipi-install/roles/installer/tasks/24_rhcos_image_cache.yml index b2ac7745fb..b1788f2671 100644 --- a/ansible-ipi-install/roles/installer/tasks/24_rhcos_image_cache.yml +++ b/ansible-ipi-install/roles/installer/tasks/24_rhcos_image_cache.yml @@ -170,7 +170,7 @@ - name: Start RHCOS image cache container containers.podman.podman_container: name: rhcos_image_cache - image: registry.centos.org/centos/httpd-24-centos7:latest + image: "{{ webserver_cache_image }}" state: stopped network: host volumes: diff --git a/documentation/ipi-install/modules/ipi-install-creating-an-rhcos-images-cache.adoc b/documentation/ipi-install/modules/ipi-install-creating-an-rhcos-images-cache.adoc index feeac254b4..eea849eb68 100644 --- a/documentation/ipi-install/modules/ipi-install-creating-an-rhcos-images-cache.adoc +++ b/documentation/ipi-install/modules/ipi-install-creating-an-rhcos-images-cache.adoc @@ -107,7 +107,7 @@ $ ls -Z /home/kni/rhcos_image_cache $ podman run -d --name rhcos_image_cache \ -v /home/kni/rhcos_image_cache:/var/www/html \ -p 8080:8080/tcp \ -registry.centos.org/centos/httpd-24-centos7:latest +quay.io/centos7/httpd-24-centos7:latest ---- ifndef::upstream[] + From 05eb4debc7ae4f377ba80fd2b35215c32016e6c0 Mon Sep 17 00:00:00 2001 From: Nacho Silla <84012405+nsilla@users.noreply.github.com> Date: Tue, 19 Sep 2023 18:00:24 +0200 Subject: [PATCH 79/97] Allowing status code 301 when verifying the internet connectivity (#986) Currently, when checking the connectivity to the Internet, an HTTP query is set against https://www.redhat.com. This address will respond with a 301 status code redirecting the client to https://www.redhat.com/en. The URI ansible module is able to follow redirects so, if everything is OK, the query shour result in either a 200 status code if the server is reachable, or a -1 if it's not. In this later scenario, a disconnected environment is assumed. The problem is in some labs the web server gets into an infinite redirect loop, so the resulting status code would be 301. This change allows for this status code to be accepted as evidence that the Red Hat web site was reached and, therefore, the network has Internet access. --- .../roles/installer/tasks/20_extract_installer.yml | 4 ++-- .../roles/installer/tasks/24_rhcos_image_cache.yml | 6 +++--- ansible-ipi-install/roles/node-prep/tasks/10_validation.yml | 2 +- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/ansible-ipi-install/roles/installer/tasks/20_extract_installer.yml b/ansible-ipi-install/roles/installer/tasks/20_extract_installer.yml index ed8f2837c4..c9d68adb8e 100644 --- a/ansible-ipi-install/roles/installer/tasks/20_extract_installer.yml +++ b/ansible-ipi-install/roles/installer/tasks/20_extract_installer.yml @@ -65,7 +65,7 @@ - name: Confirm whether or not internet connectivity on provisioner host uri: url: https://www.redhat.com - status_code: [-1, 200] + status_code: [-1, 200, 301] timeout: 1 register: the_url tags: @@ -86,7 +86,7 @@ --to {{ tempdir_loc }} {{ disconnected_installer | ternary(disconnected_installer, release_image) }} args: chdir: "{{ tempdir }}" - when: (disconnected_installer|length or the_url.status == 200) + when: (disconnected_installer|length or the_url.status in [200,301]) delegate_to: "{{ disconnected_installer | ternary(groups['registry_host'][0], groups['provisioner'][0]) }}" tags: extract diff --git a/ansible-ipi-install/roles/installer/tasks/24_rhcos_image_cache.yml b/ansible-ipi-install/roles/installer/tasks/24_rhcos_image_cache.yml index b1788f2671..4d00612209 100644 --- a/ansible-ipi-install/roles/installer/tasks/24_rhcos_image_cache.yml +++ b/ansible-ipi-install/roles/installer/tasks/24_rhcos_image_cache.yml @@ -6,7 +6,7 @@ - name: Confirm whether or not internet connectivity on provisioner host uri: url: https://www.redhat.com - status_code: [-1, 200] + status_code: [-1, 200, 301] timeout: 1 register: the_url tags: cache @@ -15,7 +15,7 @@ set_fact: url_passed: true when: - - the_url.status == 200 + - the_url.status in [200,301] tags: cache - name: Get URL of host providing the webserver @@ -136,7 +136,7 @@ # use a ternary for the delegate_to - name: Get URL of host providing the webserver set_fact: - host_url: "{{ the_url.status == 200 | ternary(groups['provisioner'][0], groups['registry_host'][0]) }}" + host_url: "{{ the_url.status in [200,301] | ternary(groups['provisioner'][0], groups['registry_host'][0]) }}" tags: cache - name: Set bootstrap image URL override if not provided by the user diff --git a/ansible-ipi-install/roles/node-prep/tasks/10_validation.yml b/ansible-ipi-install/roles/node-prep/tasks/10_validation.yml index 0d91d76ca6..ca9f5c7e9c 100644 --- a/ansible-ipi-install/roles/node-prep/tasks/10_validation.yml +++ b/ansible-ipi-install/roles/node-prep/tasks/10_validation.yml @@ -212,7 +212,7 @@ - name: Confirm whether or not internet connectivity on provisioner host uri: url: https://www.redhat.com - status_code: [-1, 200] + status_code: [-1, 200, 301] timeout: 1 register: check_url tags: From 861807df932597cd7fda1a8e903ee0f1881ee2ce Mon Sep 17 00:00:00 2001 From: Nacho Silla Date: Wed, 12 Jul 2023 12:58:59 +0200 Subject: [PATCH 80/97] Added support for redfish for KVM hosts Currently redfish is supported for HP and Dell systems, but none of these vendors provide settings compatible with sushy-tools based virtual BMCs. For instance, all the KVMs in the same hypervisor share the BMC address, and are differentiated by the system ID, which is part of the resource path. This change extends the install-config and install-config-virtualmedia templates to allow for sushy-tools based redfish vBMCs. --- .../templates/install-config-virtualmedia.j2 | 10 +- .../installer/templates/install-config.j2 | 6 + .../ipi-install-configuration-files.adoc | 2 + ...c-addressing-for-kvm-with-sushy-tools.adoc | 118 ++++++++++++++++++ 4 files changed, 134 insertions(+), 2 deletions(-) create mode 100644 documentation/ipi-install/modules/ipi-install-bmc-addressing-for-kvm-with-sushy-tools.adoc diff --git a/ansible-ipi-install/roles/installer/templates/install-config-virtualmedia.j2 b/ansible-ipi-install/roles/installer/templates/install-config-virtualmedia.j2 index 0aa888f981..2319a1e771 100644 --- a/ansible-ipi-install/roles/installer/templates/install-config-virtualmedia.j2 +++ b/ansible-ipi-install/roles/installer/templates/install-config-virtualmedia.j2 @@ -76,8 +76,8 @@ platform: provisioningHostIP: {{ provisioningHostIP }} {% endif %} bootstrapProvisioningIP: {{ bootstrapProvisioningIP }} -{% if externalMACAddress is defined and externalMACAddress|length %} - externalMACAddress: '{{ externalMACAddress }}' +{% if externalMACAddress is defined %} + externalMACAddress: {{ externalMACAddress }} {% endif %} {% if bootstraposimage is defined and bootstraposimage|length %} bootstrapOSImage: {{ bootstraposimage }} @@ -96,6 +96,9 @@ platform: {% elif groups['hp_hosts_redfish'] is defined and host in groups['hp_hosts_redfish'] and ((release_version.split('.')[0]|int > 4) or ((release_version.split('.')[0]|int == 4) and (release_version.split('.')[1]|int >= 6))) and enable_virtualmedia|bool %} address: redfish-virtualmedia://{{ hostvars[host]['ipmi_address']|ipwrap }}/redfish/v1/Systems/1 disableCertificateVerification: {{ disable_bmc_certificate_verification }} +{% elif groups['kvm_hosts_redfish'] is defined and host in groups['kvm_hosts_redfish'] %} + address: redfish-virtualmedia://{{ hostvars[host]['ipmi_address']|ipwrap }}:{{ hostvars[host]['redfish_port'] }}/redfish/v1/Systems/{{ hostvars[host]['kvm_uuid'] }} + disableCertificateVerification: true {% elif ansible_system_vendor == 'Dell Inc.' %} address: idrac-virtualmedia://{{ hostvars[host]['ipmi_address']|ipwrap }}/redfish/v1/Systems/System.Embedded.1 disableCertificateVerification: {{ disable_bmc_certificate_verification }} @@ -140,6 +143,9 @@ platform: {% elif groups['hp_hosts_redfish'] is defined and host in groups['hp_hosts_redfish'] and ((release_version.split('.')[0]|int > 4) or ((release_version.split('.')[0]|int == 4) and (release_version.split('.')[1]|int >= 6))) and enable_virtualmedia|bool %} address: redfish-virtualmedia://{{ hostvars[host]['ipmi_address']|ipwrap }}/redfish/v1/Systems/1 disableCertificateVerification: {{ disable_bmc_certificate_verification }} +{% elif groups['kvm_hosts_redfish'] is defined and host in groups['kvm_hosts_redfish'] %} + address: redfish-virtualmedia://{{ hostvars[host]['ipmi_address']|ipwrap }}:{{ hostvars[host]['redfish_port'] }}/redfish/v1/Systems/{{ hostvars[host]['kvm_uuid'] }} + disableCertificateVerification: true {% elif ansible_system_vendor == 'Dell Inc.' %} address: idrac-virtualmedia://{{ hostvars[host]['ipmi_address']|ipwrap }}/redfish/v1/Systems/System.Embedded.1 disableCertificateVerification: {{ disable_bmc_certificate_verification }} diff --git a/ansible-ipi-install/roles/installer/templates/install-config.j2 b/ansible-ipi-install/roles/installer/templates/install-config.j2 index a3576f7179..30c0ae2f48 100644 --- a/ansible-ipi-install/roles/installer/templates/install-config.j2 +++ b/ansible-ipi-install/roles/installer/templates/install-config.j2 @@ -99,6 +99,9 @@ platform: {% elif groups['hp_hosts_redfish'] is defined and host in groups['hp_hosts_redfish'] and ((release_version.split('.')[0]|int > 4) or ((release_version.split('.')[0]|int == 4) and (release_version.split('.')[1]|int >= 5))) %} address: redfish://{{ hostvars[host]['ipmi_address']|ipwrap }}/redfish/v1/Systems/1 disableCertificateVerification: {{ disable_bmc_certificate_verification }} +{% elif groups['kvm_hosts_redfish'] is defined and host in groups['kvm_hosts_redfish'] %} + address: redfish://{{ hostvars[host]['ipmi_address']|ipwrap }}:{{ hostvars[host]['redfish_port'] }}/redfish/v1/Systems/{{ hostvars[host]['kvm_uuid'] }} + disableCertificateVerification: true {% elif hostvars[host]['irmc_address'] is defined %} address: irmc://{{ hostvars[host]['irmc_address']|ipwrap }}:{{ hostvars[host]['irmc_port']|default(443) }} {% else %} @@ -141,6 +144,9 @@ platform: {% elif groups['hp_hosts_redfish'] is defined and host in groups['hp_hosts_redfish'] %} address: redfish://{{ hostvars[host]['ipmi_address']|ipwrap }}/redfish/v1/Systems/1 disableCertificateVerification: {{ disable_bmc_certificate_verification }} +{% elif groups['kvm_hosts_redfish'] is defined and host in groups['kvm_hosts_redfish'] %} + address: redfish://{{ hostvars[host]['ipmi_address']|ipwrap }}:{{ hostvars[host]['redfish_port'] }}/redfish/v1/Systems/{{ hostvars[host]['kvm_uuid'] }} + disableCertificateVerification: true {% elif hostvars[host]['irmc_address'] is defined %} address: irmc://{{ hostvars[host]['irmc_address']|ipwrap }}:{{ hostvars[host]['irmc_port']|default(443) }} {% else %} diff --git a/documentation/ipi-install/ipi-install-configuration-files.adoc b/documentation/ipi-install/ipi-install-configuration-files.adoc index cd216921a4..eb5897b6d5 100644 --- a/documentation/ipi-install/ipi-install-configuration-files.adoc +++ b/documentation/ipi-install/ipi-install-configuration-files.adoc @@ -30,6 +30,8 @@ ifeval::[{product-version} > 4.7] include::modules/ipi-install-bmc-addressing-for-fujitsu-irmc.adoc[leveloffset=+2] endif::[] +include::modules/ipi-install-bmc-addressing-for-kvm-with-sushy-tools.adoc[leveloffset=+2] + include::modules/ipi-install-root-device-hints.adoc[leveloffset=+1] include::modules/ipi-install-creating-the-openshift-manifests.adoc[leveloffset=+1] diff --git a/documentation/ipi-install/modules/ipi-install-bmc-addressing-for-kvm-with-sushy-tools.adoc b/documentation/ipi-install/modules/ipi-install-bmc-addressing-for-kvm-with-sushy-tools.adoc new file mode 100644 index 0000000000..72900d4fb3 --- /dev/null +++ b/documentation/ipi-install/modules/ipi-install-bmc-addressing-for-kvm-with-sushy-tools.adoc @@ -0,0 +1,118 @@ +// This is included in the following assemblies: +// +// installing/installing_bare_metal_ipi/ipi-install-configuration-files.adoc + +[id='bmc-addressing-for-hpe-ilo_{context}'] += BMC addressing for KVM with sushy-tools Redfish emulator + +The `address` field for each `bmc` entry is a URL for connecting to the {product-title} cluster nodes, including the type of controller in the URL scheme and its location on the network. + +[source,yaml] +---- +platform: + baremetal: + hosts: + - name: + role: + bmc: + address:
<1> + username: + password: +---- +<1> The `address` configuration setting specifies the protocol. + +For KVM working with sushy-tools Redfish emulator, Red Hat supports Redfish virtual media and Redfish network boot. + +.BMC address formats for KVM with sushy-tools Redfish emulator +[frame="topbot",options="header"] +|==== +|Protocol|Address Format +|Redfish virtual media| `redfish-virtualmedia://:/redfish/v1/Systems/` +|Redfish network boot| `redfish://:/redfish/v1/Systems/` +|==== + +[NOTE] +==== +The sushy-tools Redfish emulator runs from the KVM hypervisor and a single instance acts as the virtual BMC for all the guest machines. This means both the out of band IP address and port, will be same and each individual machine must be identified by its System ID. + +You may retrieve the System ID of your guest machines with the following command: + +[source,bash] +--- +$ virsh list --all --name --uuid +d8ac6bf8-3062-4954-84c3-e097faa17025 compute-0 +84971a71-3935-4a92-8d90-a9f8440dac09 compute-1 +92430f42-8805-4412-959a-2a7252c7c540 compute-2 +0fea5296-db95-41d7-9295-f57cfa50255f control-plane-0 +4986e405-fd3a-483d-9210-8cb120b98f80 control-plane-1 +26bf228c-44fd-4c49-9e6f-44f4b5968b34 control-plane-2 +--- +==== + +See the following sections for additional details. + +.Redfish virtual media for KVM with sushy-tools Redfish emulator + +To enable Redfish virtual media for KVM environments running the sushy-tools Redfish emulator, use `redfish-virtualmedia://` in the `address` setting. The following example demonstrates using Redfish virtual media within the `install-config.yaml` file. + +[source,yaml] +---- +platform: + baremetal: + hosts: + - name: openshift-master-0 + role: master + bmc: + address: redfish-virtualmedia://:/redfish/v1/Systems/ + username: + password: +---- + +While it is recommended to have a certificate of authority for the out-of-band management addresses, you must include `disableCertificateVerification: True` in the `bmc` configuration if using self-signed certificates. The following example demonstrates a Redfish configuration using the `disableCertificateVerification: True` configuration parameter within the `install-config.yaml` file. + +[source,yaml] +---- +platform: + baremetal: + hosts: + - name: openshift-master-0 + role: master + bmc: + address: redfish-virtualmedia://:/redfish/v1/Systems/ + username: + password: + disableCertificateVerification: True +---- + +.Redfish network boot for KVM with sushy-tools Redfish emulator + +To enable Redfish, use `redfish://` or `redfish+http://` to disable TLS. The installer requires the host name or the IP address, the Redfish emulator listening port and the path to the system ID. The following example demonstrates a Redfish configuration within the `install-config.yaml` file. + +[source,yaml] +---- +platform: + baremetal: + hosts: + - name: openshift-master-0 + role: master + bmc: + address: redfish://:/redfish/v1/Systems/ + username: + password: +---- + +While it is recommended to have a certificate of authority for the out-of-band management addresses, you must include `disableCertificateVerification: True` in the `bmc` configuration if using self-signed certificates. The following example demonstrates a Redfish configuration using the `disableCertificateVerification: True` configuration parameter within the `install-config.yaml` file. + +[source,yaml] +---- +platform: + baremetal: + hosts: + - name: openshift-master-0 + role: master + bmc: + address: redfish://:/redfish/v1/Systems/ + username: + password: + disableCertificateVerification: True +---- From d0c45deb644a6f45ba76e957d1c404c57f3b8d5c Mon Sep 17 00:00:00 2001 From: fdaencar <64908537+fdaencarrh@users.noreply.github.com> Date: Thu, 5 Oct 2023 11:14:10 -0400 Subject: [PATCH 81/97] Fix task Get URL of host providing the webserver (#988) Fix the issue "'in ' requires string as left operand, not int" at the task "Get URL of host providing the webserver" --- .../roles/installer/tasks/24_rhcos_image_cache.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible-ipi-install/roles/installer/tasks/24_rhcos_image_cache.yml b/ansible-ipi-install/roles/installer/tasks/24_rhcos_image_cache.yml index 4d00612209..e02283d1f2 100644 --- a/ansible-ipi-install/roles/installer/tasks/24_rhcos_image_cache.yml +++ b/ansible-ipi-install/roles/installer/tasks/24_rhcos_image_cache.yml @@ -136,7 +136,7 @@ # use a ternary for the delegate_to - name: Get URL of host providing the webserver set_fact: - host_url: "{{ the_url.status in [200,301] | ternary(groups['provisioner'][0], groups['registry_host'][0]) }}" + host_url: "{{ (the_url.status in [200,301]) | ternary(groups['provisioner'][0], groups['registry_host'][0]) }}" tags: cache - name: Set bootstrap image URL override if not provided by the user From 55aa68284f6d42603f4eb1a147fea58c6c53092c Mon Sep 17 00:00:00 2001 From: Tony Garcia Date: Tue, 10 Oct 2023 03:54:19 -0500 Subject: [PATCH 82/97] Rename node-prep role to node_prep (#987) * Rename node-prep role to node_prep This role among install is expected to be moved to ansible collections. Ansible collections requires that roles include only underscores, i.e. hyphens are not allowed * Keep a symlink to the old repo name --- ansible-ipi-install/playbook.yml | 2 +- ansible-ipi-install/roles/node-prep | 1 + ansible-ipi-install/roles/node-prep/handlers/main.yml | 2 -- .../roles/{node-prep => node_prep}/defaults/main.yml | 2 +- ansible-ipi-install/roles/node_prep/handlers/main.yml | 2 ++ .../roles/{node-prep => node_prep}/library/nmcli.py | 0 .../roles/{node-prep => node_prep}/meta/main.yml | 2 +- .../roles/{node-prep => node_prep}/tasks/10_validation.yml | 0 .../tasks/15_validation_disconnected_registry.yml | 0 .../{node-prep => node_prep}/tasks/20_sub_man_register.yml | 0 .../{node-prep => node_prep}/tasks/30_req_packages.yml | 0 .../roles/{node-prep => node_prep}/tasks/40_bridge.yml | 0 .../{node-prep => node_prep}/tasks/45_networking_facts.yml | 0 .../{node-prep => node_prep}/tasks/50_modify_sudo_user.yml | 0 .../{node-prep => node_prep}/tasks/60_enabled_services.yml | 0 .../tasks/70_enabled_fw_services.yml | 0 .../{node-prep => node_prep}/tasks/80_libvirt_pool.yml | 0 .../tasks/90_create_config_install_dirs.yml | 0 .../roles/{node-prep => node_prep}/tasks/main.yml | 0 .../roles/{node-prep => node_prep}/templates/dir.xml.j2 | 0 .../roles/{node-prep => node_prep}/tests/inventory | 0 .../roles/{node-prep => node_prep}/tests/test.yml | 2 +- .../roles/{node-prep => node_prep}/vars/main.yml | 2 +- .../ansible-playbook-appendix-python3-crypto-pyghmi.adoc | 2 +- ...ok-dig-lookup-requires-the-python-dnspython-library.adoc | 6 +++--- ...ook-failed-to-install-python3-crypto-python3-pyghmi.adoc | 2 +- .../ansible-playbook-missing-python-netaddr-library.adoc | 2 +- ...playbook-shared-connection-closed-on-provision-host.adoc | 2 +- .../modules/ansible-playbook-the-ansible-playbook.adoc | 4 ++-- .../ansible-playbook-tour-of-the-ansible-playbook.adoc | 4 ++-- 30 files changed, 19 insertions(+), 18 deletions(-) create mode 120000 ansible-ipi-install/roles/node-prep delete mode 100644 ansible-ipi-install/roles/node-prep/handlers/main.yml rename ansible-ipi-install/roles/{node-prep => node_prep}/defaults/main.yml (93%) create mode 100644 ansible-ipi-install/roles/node_prep/handlers/main.yml rename ansible-ipi-install/roles/{node-prep => node_prep}/library/nmcli.py (100%) rename ansible-ipi-install/roles/{node-prep => node_prep}/meta/main.yml (72%) rename ansible-ipi-install/roles/{node-prep => node_prep}/tasks/10_validation.yml (100%) rename ansible-ipi-install/roles/{node-prep => node_prep}/tasks/15_validation_disconnected_registry.yml (100%) rename ansible-ipi-install/roles/{node-prep => node_prep}/tasks/20_sub_man_register.yml (100%) rename ansible-ipi-install/roles/{node-prep => node_prep}/tasks/30_req_packages.yml (100%) rename ansible-ipi-install/roles/{node-prep => node_prep}/tasks/40_bridge.yml (100%) rename ansible-ipi-install/roles/{node-prep => node_prep}/tasks/45_networking_facts.yml (100%) rename ansible-ipi-install/roles/{node-prep => node_prep}/tasks/50_modify_sudo_user.yml (100%) rename ansible-ipi-install/roles/{node-prep => node_prep}/tasks/60_enabled_services.yml (100%) rename ansible-ipi-install/roles/{node-prep => node_prep}/tasks/70_enabled_fw_services.yml (100%) rename ansible-ipi-install/roles/{node-prep => node_prep}/tasks/80_libvirt_pool.yml (100%) rename ansible-ipi-install/roles/{node-prep => node_prep}/tasks/90_create_config_install_dirs.yml (100%) rename ansible-ipi-install/roles/{node-prep => node_prep}/tasks/main.yml (100%) rename ansible-ipi-install/roles/{node-prep => node_prep}/templates/dir.xml.j2 (100%) rename ansible-ipi-install/roles/{node-prep => node_prep}/tests/inventory (100%) rename ansible-ipi-install/roles/{node-prep => node_prep}/tests/test.yml (76%) rename ansible-ipi-install/roles/{node-prep => node_prep}/vars/main.yml (97%) diff --git a/ansible-ipi-install/playbook.yml b/ansible-ipi-install/playbook.yml index 039500409f..416f792b57 100644 --- a/ansible-ipi-install/playbook.yml +++ b/ansible-ipi-install/playbook.yml @@ -2,7 +2,7 @@ - name: IPI on Baremetal Installation Playbook hosts: provisioner roles: - - node-prep + - node_prep - installer environment: diff --git a/ansible-ipi-install/roles/node-prep b/ansible-ipi-install/roles/node-prep new file mode 120000 index 0000000000..01a16747a8 --- /dev/null +++ b/ansible-ipi-install/roles/node-prep @@ -0,0 +1 @@ +node_prep \ No newline at end of file diff --git a/ansible-ipi-install/roles/node-prep/handlers/main.yml b/ansible-ipi-install/roles/node-prep/handlers/main.yml deleted file mode 100644 index 190d34d9ff..0000000000 --- a/ansible-ipi-install/roles/node-prep/handlers/main.yml +++ /dev/null @@ -1,2 +0,0 @@ ---- -# handlers file for node-prep diff --git a/ansible-ipi-install/roles/node-prep/defaults/main.yml b/ansible-ipi-install/roles/node_prep/defaults/main.yml similarity index 93% rename from ansible-ipi-install/roles/node-prep/defaults/main.yml rename to ansible-ipi-install/roles/node_prep/defaults/main.yml index 8c3ae5ea79..bdd080af5f 100644 --- a/ansible-ipi-install/roles/node-prep/defaults/main.yml +++ b/ansible-ipi-install/roles/node_prep/defaults/main.yml @@ -1,5 +1,5 @@ --- -# defaults file for node-prep +# defaults file for node_prep activation_key: "" org_id: "" network_type: "OVNKubernetes" diff --git a/ansible-ipi-install/roles/node_prep/handlers/main.yml b/ansible-ipi-install/roles/node_prep/handlers/main.yml new file mode 100644 index 0000000000..5ece770727 --- /dev/null +++ b/ansible-ipi-install/roles/node_prep/handlers/main.yml @@ -0,0 +1,2 @@ +--- +# handlers file for node_prep diff --git a/ansible-ipi-install/roles/node-prep/library/nmcli.py b/ansible-ipi-install/roles/node_prep/library/nmcli.py similarity index 100% rename from ansible-ipi-install/roles/node-prep/library/nmcli.py rename to ansible-ipi-install/roles/node_prep/library/nmcli.py diff --git a/ansible-ipi-install/roles/node-prep/meta/main.yml b/ansible-ipi-install/roles/node_prep/meta/main.yml similarity index 72% rename from ansible-ipi-install/roles/node-prep/meta/main.yml rename to ansible-ipi-install/roles/node_prep/meta/main.yml index cf66c6e9dd..23e9ee59ab 100644 --- a/ansible-ipi-install/roles/node-prep/meta/main.yml +++ b/ansible-ipi-install/roles/node_prep/meta/main.yml @@ -1,6 +1,6 @@ galaxy_info: author: Roger Lopez - description: The node-prep role assists in setup of the provision host. + description: The node_prep role assists in setup of the provision host. company: Red Hat, Inc. license: Apache License, Version 2.0 min_ansible_version: 2.9 diff --git a/ansible-ipi-install/roles/node-prep/tasks/10_validation.yml b/ansible-ipi-install/roles/node_prep/tasks/10_validation.yml similarity index 100% rename from ansible-ipi-install/roles/node-prep/tasks/10_validation.yml rename to ansible-ipi-install/roles/node_prep/tasks/10_validation.yml diff --git a/ansible-ipi-install/roles/node-prep/tasks/15_validation_disconnected_registry.yml b/ansible-ipi-install/roles/node_prep/tasks/15_validation_disconnected_registry.yml similarity index 100% rename from ansible-ipi-install/roles/node-prep/tasks/15_validation_disconnected_registry.yml rename to ansible-ipi-install/roles/node_prep/tasks/15_validation_disconnected_registry.yml diff --git a/ansible-ipi-install/roles/node-prep/tasks/20_sub_man_register.yml b/ansible-ipi-install/roles/node_prep/tasks/20_sub_man_register.yml similarity index 100% rename from ansible-ipi-install/roles/node-prep/tasks/20_sub_man_register.yml rename to ansible-ipi-install/roles/node_prep/tasks/20_sub_man_register.yml diff --git a/ansible-ipi-install/roles/node-prep/tasks/30_req_packages.yml b/ansible-ipi-install/roles/node_prep/tasks/30_req_packages.yml similarity index 100% rename from ansible-ipi-install/roles/node-prep/tasks/30_req_packages.yml rename to ansible-ipi-install/roles/node_prep/tasks/30_req_packages.yml diff --git a/ansible-ipi-install/roles/node-prep/tasks/40_bridge.yml b/ansible-ipi-install/roles/node_prep/tasks/40_bridge.yml similarity index 100% rename from ansible-ipi-install/roles/node-prep/tasks/40_bridge.yml rename to ansible-ipi-install/roles/node_prep/tasks/40_bridge.yml diff --git a/ansible-ipi-install/roles/node-prep/tasks/45_networking_facts.yml b/ansible-ipi-install/roles/node_prep/tasks/45_networking_facts.yml similarity index 100% rename from ansible-ipi-install/roles/node-prep/tasks/45_networking_facts.yml rename to ansible-ipi-install/roles/node_prep/tasks/45_networking_facts.yml diff --git a/ansible-ipi-install/roles/node-prep/tasks/50_modify_sudo_user.yml b/ansible-ipi-install/roles/node_prep/tasks/50_modify_sudo_user.yml similarity index 100% rename from ansible-ipi-install/roles/node-prep/tasks/50_modify_sudo_user.yml rename to ansible-ipi-install/roles/node_prep/tasks/50_modify_sudo_user.yml diff --git a/ansible-ipi-install/roles/node-prep/tasks/60_enabled_services.yml b/ansible-ipi-install/roles/node_prep/tasks/60_enabled_services.yml similarity index 100% rename from ansible-ipi-install/roles/node-prep/tasks/60_enabled_services.yml rename to ansible-ipi-install/roles/node_prep/tasks/60_enabled_services.yml diff --git a/ansible-ipi-install/roles/node-prep/tasks/70_enabled_fw_services.yml b/ansible-ipi-install/roles/node_prep/tasks/70_enabled_fw_services.yml similarity index 100% rename from ansible-ipi-install/roles/node-prep/tasks/70_enabled_fw_services.yml rename to ansible-ipi-install/roles/node_prep/tasks/70_enabled_fw_services.yml diff --git a/ansible-ipi-install/roles/node-prep/tasks/80_libvirt_pool.yml b/ansible-ipi-install/roles/node_prep/tasks/80_libvirt_pool.yml similarity index 100% rename from ansible-ipi-install/roles/node-prep/tasks/80_libvirt_pool.yml rename to ansible-ipi-install/roles/node_prep/tasks/80_libvirt_pool.yml diff --git a/ansible-ipi-install/roles/node-prep/tasks/90_create_config_install_dirs.yml b/ansible-ipi-install/roles/node_prep/tasks/90_create_config_install_dirs.yml similarity index 100% rename from ansible-ipi-install/roles/node-prep/tasks/90_create_config_install_dirs.yml rename to ansible-ipi-install/roles/node_prep/tasks/90_create_config_install_dirs.yml diff --git a/ansible-ipi-install/roles/node-prep/tasks/main.yml b/ansible-ipi-install/roles/node_prep/tasks/main.yml similarity index 100% rename from ansible-ipi-install/roles/node-prep/tasks/main.yml rename to ansible-ipi-install/roles/node_prep/tasks/main.yml diff --git a/ansible-ipi-install/roles/node-prep/templates/dir.xml.j2 b/ansible-ipi-install/roles/node_prep/templates/dir.xml.j2 similarity index 100% rename from ansible-ipi-install/roles/node-prep/templates/dir.xml.j2 rename to ansible-ipi-install/roles/node_prep/templates/dir.xml.j2 diff --git a/ansible-ipi-install/roles/node-prep/tests/inventory b/ansible-ipi-install/roles/node_prep/tests/inventory similarity index 100% rename from ansible-ipi-install/roles/node-prep/tests/inventory rename to ansible-ipi-install/roles/node_prep/tests/inventory diff --git a/ansible-ipi-install/roles/node-prep/tests/test.yml b/ansible-ipi-install/roles/node_prep/tests/test.yml similarity index 76% rename from ansible-ipi-install/roles/node-prep/tests/test.yml rename to ansible-ipi-install/roles/node_prep/tests/test.yml index 7e8a1ae09e..a7d87c057d 100644 --- a/ansible-ipi-install/roles/node-prep/tests/test.yml +++ b/ansible-ipi-install/roles/node_prep/tests/test.yml @@ -2,4 +2,4 @@ - hosts: localhost remote_user: root roles: - - node-prep + - node_prep diff --git a/ansible-ipi-install/roles/node-prep/vars/main.yml b/ansible-ipi-install/roles/node_prep/vars/main.yml similarity index 97% rename from ansible-ipi-install/roles/node-prep/vars/main.yml rename to ansible-ipi-install/roles/node_prep/vars/main.yml index 610125f9e1..06df85ae98 100644 --- a/ansible-ipi-install/roles/node-prep/vars/main.yml +++ b/ansible-ipi-install/roles/node_prep/vars/main.yml @@ -1,5 +1,5 @@ --- -# vars file for node-prep +# vars file for node_prep # the ternary states if provision host has no online access # just verify the python3-crypto, python3-pyghmi packages are present # otherwise attempt to install them from trunk.rdoproject.org diff --git a/documentation/ansible-playbook/modules/ansible-playbook-appendix-python3-crypto-pyghmi.adoc b/documentation/ansible-playbook/modules/ansible-playbook-appendix-python3-crypto-pyghmi.adoc index e278b2d199..549e979958 100644 --- a/documentation/ansible-playbook/modules/ansible-playbook-appendix-python3-crypto-pyghmi.adoc +++ b/documentation/ansible-playbook/modules/ansible-playbook-appendix-python3-crypto-pyghmi.adoc @@ -21,7 +21,7 @@ When the provision host packages are not already installed on the system, the following error can be expected ```sh -TASK [node-prep : Install required packages] ************************************************************************************************ +TASK [node_prep : Install required packages] ************************************************************************************************ Thursday 07 May 2020 19:11:35 +0000 (0:00:00.161) 0:00:11.940 ********** fatal: [provisioner.example.com]: FAILED! => {"changed": false, "failures": ["No package python3-crypto available.", "No package python3-pyghmi available."], "msg": "Failed to install some of the specified packages", "rc": 1, "results": []} ``` diff --git a/documentation/ansible-playbook/modules/ansible-playbook-dig-lookup-requires-the-python-dnspython-library.adoc b/documentation/ansible-playbook/modules/ansible-playbook-dig-lookup-requires-the-python-dnspython-library.adoc index 649ce0ba2e..86be668d48 100644 --- a/documentation/ansible-playbook/modules/ansible-playbook-dig-lookup-requires-the-python-dnspython-library.adoc +++ b/documentation/ansible-playbook/modules/ansible-playbook-dig-lookup-requires-the-python-dnspython-library.adoc @@ -2,7 +2,7 @@ = Dig lookup requires the python '`dnspython`' library and it is not installed -One of the tasks in the `node-prep` role captures your API VIP and the +One of the tasks in the `node_prep` role captures your API VIP and the Ingress VIP of your environment using a `lookup` via `dig`. It does this https://docs.ansible.com/ansible/latest/plugins/lookup/dig.html[DNS query using the `dnspython` library]. This error is a little deceiving because the `dnspython` package @@ -12,10 +12,10 @@ your local host** that is running the Ansible playbook. [source,bash] ---- -TASK [node-prep : fail] ************************************************************************************************************ +TASK [node_prep : fail] ************************************************************************************************************ skipping: [provisioner.example.com] -TASK [node-prep : Verify DNS records for API VIP, Wildcard (Ingress) VIP] ********************************************************** +TASK [node_prep : Verify DNS records for API VIP, Wildcard (Ingress) VIP] ********************************************************** fatal: [provisioner.example.com]: FAILED! => {"msg": "An unhandled exception occurred while running the lookup plugin 'dig'. Error was a , original message: The dig lookup requires the python 'dnspython' library and it is not installed"} PLAY RECAP ************************************************************************************************************************* diff --git a/documentation/ansible-playbook/modules/ansible-playbook-failed-to-install-python3-crypto-python3-pyghmi.adoc b/documentation/ansible-playbook/modules/ansible-playbook-failed-to-install-python3-crypto-python3-pyghmi.adoc index 82d0e0b088..a51191f9b0 100644 --- a/documentation/ansible-playbook/modules/ansible-playbook-failed-to-install-python3-crypto-python3-pyghmi.adoc +++ b/documentation/ansible-playbook/modules/ansible-playbook-failed-to-install-python3-crypto-python3-pyghmi.adoc @@ -23,7 +23,7 @@ can be expected [source,bash] ---- -TASK [node-prep : Install required packages] ************************************************************************************************ +TASK [node_prep : Install required packages] ************************************************************************************************ Thursday 07 May 2020 19:11:35 +0000 (0:00:00.161) 0:00:11.940 ********** fatal: [provisioner.example.com]: FAILED! => {"changed": false, "failures": ["No package python3-crypto available.", "No package python3-pyghmi available."], "msg": "Failed to install some of the specified packages", "rc": 1, "results": []} ---- diff --git a/documentation/ansible-playbook/modules/ansible-playbook-missing-python-netaddr-library.adoc b/documentation/ansible-playbook/modules/ansible-playbook-missing-python-netaddr-library.adoc index 73f4e7a7f1..8541562019 100644 --- a/documentation/ansible-playbook/modules/ansible-playbook-missing-python-netaddr-library.adoc +++ b/documentation/ansible-playbook/modules/ansible-playbook-missing-python-netaddr-library.adoc @@ -11,7 +11,7 @@ The error when running the playbook looks like the following: [source,bash] ---- -TASK [node-prep : Fail if Python modules are missing] ****************************************************************************** +TASK [node_prep : Fail if Python modules are missing] ****************************************************************************** Tuesday 05 May 2020 19:30:19 +0000 (0:00:00.512) 0:00:13.829 *********** fatal: [localhost]: FAILED! => {"changed": false, "msg": "Missing python module(s) ['netaddr'] on localhost\n"} ---- diff --git a/documentation/ansible-playbook/modules/ansible-playbook-shared-connection-closed-on-provision-host.adoc b/documentation/ansible-playbook/modules/ansible-playbook-shared-connection-closed-on-provision-host.adoc index 44d3cc0563..ac7059f943 100644 --- a/documentation/ansible-playbook/modules/ansible-playbook-shared-connection-closed-on-provision-host.adoc +++ b/documentation/ansible-playbook/modules/ansible-playbook-shared-connection-closed-on-provision-host.adoc @@ -9,7 +9,7 @@ following error. [source,bash] ---- -TASK [node-prep : Install required packages] ************************************************************************************************ +TASK [node_prep : Install required packages] ************************************************************************************************ Thursday 07 May 2020 17:04:21 +0000 (0:00:00.152) 0:00:11.854 ********** fatal: [provisioner.example.com]: FAILED! => {"changed": false, "module_stderr": "Shared connection to provisioner.example.com closed.\r\n", "module_stdout": "[Errno 101] Network is unreachable\r\n\r\n{\"msg\": \"Nothing to do\", \"changed\": false, \"results\": [], \"rc\": 0, \"invocation\": {\"module_args\": {\"name\": [\"firewalld\", \"tar\", \"libvirt\", \"qemu-kvm\", \"python3-devel\", \"jq\", \"ipmitool\", \"python3-libvirt\", \"python3-lxml\", \"python3-yaml\", \"NetworkManager-libnm\", \"nm-connection-editor\", \"libsemanage-python3\", \"policycoreutils-python3\", \"podman\"], \"state\": \"present\", \"update_cache\": true, \"allow_downgrade\": false, \"autoremove\": false, \"bugfix\": false, \"disable_gpg_check\": false, \"disable_plugin\": [], \"disablerepo\": [], \"download_only\": false, \"enable_plugin\": [], \"enablerepo\": [], \"exclude\": [], \"installroot\": \"/\", \"install_repoquery\": true, \"install_weak_deps\": true, \"security\": false, \"skip_broken\": false, \"update_only\": false, \"validate_certs\": true, \"lock_timeout\": 30, \"conf_file\": null, \"disable_excludes\": null, \"download_dir\": null, \"list\": null, \"releasever\": null}}}\r\n", "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error", "rc": 0} ---- diff --git a/documentation/ansible-playbook/modules/ansible-playbook-the-ansible-playbook.adoc b/documentation/ansible-playbook/modules/ansible-playbook-the-ansible-playbook.adoc index 5bb0f953a9..c8de1137b7 100644 --- a/documentation/ansible-playbook/modules/ansible-playbook-the-ansible-playbook.adoc +++ b/documentation/ansible-playbook/modules/ansible-playbook-the-ansible-playbook.adoc @@ -4,7 +4,7 @@ The Ansible playbook connects to your provision host and -runs through the `node-prep` role and the `installer` role. +runs through the `node_prep` role and the `installer` role. No modification is necessary. All modifications of variables may be done within the `inventory/hosts` file. A sample file is located in this repository under `inventory/hosts.sample`. @@ -17,6 +17,6 @@ From the system that is to run the playbook, - name: IPI on Baremetal Installation Playbook hosts: provisioner roles: - - node-prep + - node_prep - installer ---- diff --git a/documentation/ansible-playbook/modules/ansible-playbook-tour-of-the-ansible-playbook.adoc b/documentation/ansible-playbook/modules/ansible-playbook-tour-of-the-ansible-playbook.adoc index b5dbdbfb18..2e9e4ece7b 100644 --- a/documentation/ansible-playbook/modules/ansible-playbook-tour-of-the-ansible-playbook.adoc +++ b/documentation/ansible-playbook/modules/ansible-playbook-tour-of-the-ansible-playbook.adoc @@ -5,7 +5,7 @@ * `inventory` - contains the file `hosts.sample` that: ** contains all the modifiable variables, their default values, and their definition. Some variables are empty ensuring users give an explicit value. ** the setting up of your provision node, master nodes, and worker nodes. Each section will require additional details (i.e. Management credentials). -* `roles` - contains two roles: `node-prep` and `installer`. `node-prep` handles all the prerequisites that the provisioner node requires prior to running the installer. The `installer` role handles extracting the installer, setting up the manifests, and running the Red Hat OpenShift installation. +* `roles` - contains two roles: `node_prep` and `installer`. `node_prep` handles all the prerequisites that the provisioner node requires prior to running the installer. The `installer` role handles extracting the installer, setting up the manifests, and running the Red Hat OpenShift installation. The tree structure is shown below: @@ -63,7 +63,7 @@ The tree structure is shown below: │ │ └── test.yml │ └── vars │ └── main.yml - └── node-prep + └── node_prep ├── defaults │ └── main.yml ├── handlers From 6efddcae895fbb52145891c5e87efee62478d23b Mon Sep 17 00:00:00 2001 From: Zhou Hao Date: Fri, 27 Oct 2023 23:29:17 +0800 Subject: [PATCH 83/97] install-config.j2: support disableCertificateVerification for irmc (#983) Signed-off-by: Zhou Hao --- ansible-ipi-install/roles/installer/templates/install-config.j2 | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ansible-ipi-install/roles/installer/templates/install-config.j2 b/ansible-ipi-install/roles/installer/templates/install-config.j2 index 30c0ae2f48..923e5aec80 100644 --- a/ansible-ipi-install/roles/installer/templates/install-config.j2 +++ b/ansible-ipi-install/roles/installer/templates/install-config.j2 @@ -104,6 +104,7 @@ platform: disableCertificateVerification: true {% elif hostvars[host]['irmc_address'] is defined %} address: irmc://{{ hostvars[host]['irmc_address']|ipwrap }}:{{ hostvars[host]['irmc_port']|default(443) }} + disableCertificateVerification: {{ disable_bmc_certificate_verification }} {% else %} address: ipmi://{{ hostvars[host]['ipmi_address']|ipwrap }}:{{ hostvars[host]['ipmi_port']|default(623) }} {% endif %} @@ -149,6 +150,7 @@ platform: disableCertificateVerification: true {% elif hostvars[host]['irmc_address'] is defined %} address: irmc://{{ hostvars[host]['irmc_address']|ipwrap }}:{{ hostvars[host]['irmc_port']|default(443) }} + disableCertificateVerification: {{ disable_bmc_certificate_verification }} {% else %} address: ipmi://{{ hostvars[host]['ipmi_address']|ipwrap }}:{{ hostvars[host]['ipmi_port']|default(623) }} {% endif %} From d433c3f41ceb7120f59075725df3c6e690a67971 Mon Sep 17 00:00:00 2001 From: Tony Garcia Date: Wed, 3 Jan 2024 10:35:29 -0600 Subject: [PATCH 84/97] Use collections (#1000) * Use collections Move to use collections, this is to conclude the migration of roles to the redhatci.ocp collection. Add the steps and changes required to consume collections. Remove the submodule for containers.podman and use a newer version. Update the docs to make clear the playbook is using collections. * Install collection dependency in GH workflow --- .github/workflows/ansible-lint.yml | 1 + .gitmodules | 4 - README.md | 2 + .../ansible_collections/containers/podman | 1 - ansible-ipi-install/playbook.yml | 2 + ansible-ipi-install/requirements.yml | 5 + .../roles/installer/defaults/main.yml | 17 - .../customize_filesystem/master/.gitkeep | 0 .../files/customize_filesystem/worker | 1 - .../installer/files/filetranspile-1.1.1.py | 359 ---- .../files/ipv6-dual-stack-no-upgrade.yml | 6 - .../roles/installer/files/manifests/.gitkeep | 0 .../roles/installer/files/openshift/.gitkeep | 0 .../roles/installer/handlers/main.yml | 2 - .../roles/installer/library/virt.py | 625 ------- .../roles/installer/meta/main.yml | 8 - .../roles/installer/tasks/10_get_oc.yml | 154 -- .../tasks/15_disconnected_registry_create.yml | 444 ----- .../15_disconnected_registry_existing.yml | 56 - .../installer/tasks/20_extract_installer.yml | 174 -- .../installer/tasks/23_rhcos_image_paths.yml | 59 - .../installer/tasks/24_rhcos_image_cache.yml | 243 --- .../tasks/25_create-install-config.yml | 54 - .../installer/tasks/30_create_metal3.yml | 9 - .../installer/tasks/40_create_manifest.yml | 29 - .../installer/tasks/50_extramanifests.yml | 57 - .../tasks/55_customize_filesystem.yml | 73 - .../installer/tasks/59_cleanup_bootstrap.yml | 66 - .../tasks/59_power_off_cluster_servers.yml | 28 - .../roles/installer/tasks/60_deploy_ocp.yml | 54 - .../tasks/70_cleanup_sub_man_registration.yml | 8 - .../roles/installer/tasks/main.yml | 53 - .../roles/installer/templates/chrony.conf.j2 | 16 - .../installer/templates/etc-chrony.conf.j2 | 42 - .../roles/installer/templates/httpd_conf.j2 | 353 ---- .../templates/install-config-appends.j2 | 16 - .../templates/install-config-virtualmedia.j2 | 187 -- .../installer/templates/install-config.j2 | 188 -- .../roles/installer/templates/magic.j2 | 384 ---- .../installer/templates/metal3-config.j2 | 20 - .../roles/installer/tests/inventory | 1 - .../roles/installer/tests/test.yml | 5 - .../roles/installer/vars/main.yml | 35 - ansible-ipi-install/roles/node-prep | 1 - .../roles/node_prep/defaults/main.yml | 20 - .../roles/node_prep/handlers/main.yml | 2 - .../roles/node_prep/library/nmcli.py | 1588 ----------------- .../roles/node_prep/meta/main.yml | 8 - .../roles/node_prep/tasks/10_validation.yml | 583 ------ .../15_validation_disconnected_registry.yml | 84 - .../node_prep/tasks/20_sub_man_register.yml | 14 - .../roles/node_prep/tasks/30_req_packages.yml | 16 - .../roles/node_prep/tasks/40_bridge.yml | 168 -- .../node_prep/tasks/45_networking_facts.yml | 71 - .../node_prep/tasks/50_modify_sudo_user.yml | 10 - .../node_prep/tasks/60_enabled_services.yml | 32 - .../tasks/70_enabled_fw_services.yml | 55 - .../roles/node_prep/tasks/80_libvirt_pool.yml | 20 - .../tasks/90_create_config_install_dirs.yml | 20 - .../roles/node_prep/tasks/main.yml | 34 - .../roles/node_prep/templates/dir.xml.j2 | 6 - .../roles/node_prep/tests/inventory | 1 - .../roles/node_prep/tests/test.yml | 5 - .../roles/node_prep/vars/main.yml | 46 - .../modules/ansible-playbook-git-clone.adoc | 4 +- .../ansible-playbook-install-collections.adoc | 11 + ...playbook-running-the-ansible-playbook.adoc | 1 + ...ansible-playbook-the-ansible-playbook.adoc | 5 +- ...playbook-tour-of-the-ansible-playbook.adoc | 83 +- 69 files changed, 30 insertions(+), 6699 deletions(-) delete mode 160000 ansible-ipi-install/collections/ansible_collections/containers/podman create mode 100644 ansible-ipi-install/requirements.yml delete mode 100644 ansible-ipi-install/roles/installer/defaults/main.yml delete mode 100644 ansible-ipi-install/roles/installer/files/customize_filesystem/master/.gitkeep delete mode 120000 ansible-ipi-install/roles/installer/files/customize_filesystem/worker delete mode 100644 ansible-ipi-install/roles/installer/files/filetranspile-1.1.1.py delete mode 100644 ansible-ipi-install/roles/installer/files/ipv6-dual-stack-no-upgrade.yml delete mode 100644 ansible-ipi-install/roles/installer/files/manifests/.gitkeep delete mode 100644 ansible-ipi-install/roles/installer/files/openshift/.gitkeep delete mode 100644 ansible-ipi-install/roles/installer/handlers/main.yml delete mode 100644 ansible-ipi-install/roles/installer/library/virt.py delete mode 100644 ansible-ipi-install/roles/installer/meta/main.yml delete mode 100644 ansible-ipi-install/roles/installer/tasks/10_get_oc.yml delete mode 100644 ansible-ipi-install/roles/installer/tasks/15_disconnected_registry_create.yml delete mode 100644 ansible-ipi-install/roles/installer/tasks/15_disconnected_registry_existing.yml delete mode 100644 ansible-ipi-install/roles/installer/tasks/20_extract_installer.yml delete mode 100644 ansible-ipi-install/roles/installer/tasks/23_rhcos_image_paths.yml delete mode 100644 ansible-ipi-install/roles/installer/tasks/24_rhcos_image_cache.yml delete mode 100644 ansible-ipi-install/roles/installer/tasks/25_create-install-config.yml delete mode 100644 ansible-ipi-install/roles/installer/tasks/30_create_metal3.yml delete mode 100644 ansible-ipi-install/roles/installer/tasks/40_create_manifest.yml delete mode 100644 ansible-ipi-install/roles/installer/tasks/50_extramanifests.yml delete mode 100644 ansible-ipi-install/roles/installer/tasks/55_customize_filesystem.yml delete mode 100644 ansible-ipi-install/roles/installer/tasks/59_cleanup_bootstrap.yml delete mode 100644 ansible-ipi-install/roles/installer/tasks/59_power_off_cluster_servers.yml delete mode 100644 ansible-ipi-install/roles/installer/tasks/60_deploy_ocp.yml delete mode 100644 ansible-ipi-install/roles/installer/tasks/70_cleanup_sub_man_registration.yml delete mode 100644 ansible-ipi-install/roles/installer/tasks/main.yml delete mode 100644 ansible-ipi-install/roles/installer/templates/chrony.conf.j2 delete mode 100644 ansible-ipi-install/roles/installer/templates/etc-chrony.conf.j2 delete mode 100644 ansible-ipi-install/roles/installer/templates/httpd_conf.j2 delete mode 100644 ansible-ipi-install/roles/installer/templates/install-config-appends.j2 delete mode 100644 ansible-ipi-install/roles/installer/templates/install-config-virtualmedia.j2 delete mode 100644 ansible-ipi-install/roles/installer/templates/install-config.j2 delete mode 100644 ansible-ipi-install/roles/installer/templates/magic.j2 delete mode 100644 ansible-ipi-install/roles/installer/templates/metal3-config.j2 delete mode 100644 ansible-ipi-install/roles/installer/tests/inventory delete mode 100644 ansible-ipi-install/roles/installer/tests/test.yml delete mode 100644 ansible-ipi-install/roles/installer/vars/main.yml delete mode 120000 ansible-ipi-install/roles/node-prep delete mode 100644 ansible-ipi-install/roles/node_prep/defaults/main.yml delete mode 100644 ansible-ipi-install/roles/node_prep/handlers/main.yml delete mode 100644 ansible-ipi-install/roles/node_prep/library/nmcli.py delete mode 100644 ansible-ipi-install/roles/node_prep/meta/main.yml delete mode 100644 ansible-ipi-install/roles/node_prep/tasks/10_validation.yml delete mode 100644 ansible-ipi-install/roles/node_prep/tasks/15_validation_disconnected_registry.yml delete mode 100644 ansible-ipi-install/roles/node_prep/tasks/20_sub_man_register.yml delete mode 100644 ansible-ipi-install/roles/node_prep/tasks/30_req_packages.yml delete mode 100644 ansible-ipi-install/roles/node_prep/tasks/40_bridge.yml delete mode 100644 ansible-ipi-install/roles/node_prep/tasks/45_networking_facts.yml delete mode 100644 ansible-ipi-install/roles/node_prep/tasks/50_modify_sudo_user.yml delete mode 100644 ansible-ipi-install/roles/node_prep/tasks/60_enabled_services.yml delete mode 100644 ansible-ipi-install/roles/node_prep/tasks/70_enabled_fw_services.yml delete mode 100644 ansible-ipi-install/roles/node_prep/tasks/80_libvirt_pool.yml delete mode 100644 ansible-ipi-install/roles/node_prep/tasks/90_create_config_install_dirs.yml delete mode 100644 ansible-ipi-install/roles/node_prep/tasks/main.yml delete mode 100644 ansible-ipi-install/roles/node_prep/templates/dir.xml.j2 delete mode 100644 ansible-ipi-install/roles/node_prep/tests/inventory delete mode 100644 ansible-ipi-install/roles/node_prep/tests/test.yml delete mode 100644 ansible-ipi-install/roles/node_prep/vars/main.yml create mode 100644 documentation/ansible-playbook/modules/ansible-playbook-install-collections.adoc diff --git a/.github/workflows/ansible-lint.yml b/.github/workflows/ansible-lint.yml index cfe41c6393..d509145c2a 100644 --- a/.github/workflows/ansible-lint.yml +++ b/.github/workflows/ansible-lint.yml @@ -26,6 +26,7 @@ jobs: pip install flake8 pytest if [ -f requirements.txt ]; then pip install -r requirements.txt; fi if [ -f test-requirements.txt ]; then pip install -r test-requirements.txt; fi + ansible-galaxy collection install -r ansible-ipi-install/requirements.yml - name: Lint Ansible Playbook run: | diff --git a/.gitmodules b/.gitmodules index c141d4d763..e69de29bb2 100644 --- a/.gitmodules +++ b/.gitmodules @@ -1,4 +0,0 @@ -[submodule "ansible-ipi-install/collections/ansible_collections/containers/podman"] - path = ansible-ipi-install/collections/ansible_collections/containers/podman - url = https://github.com/containers/ansible-podman-collections.git - shallow = true diff --git a/README.md b/README.md index 5ca1acbf1b..44b09ca116 100644 --- a/README.md +++ b/README.md @@ -4,6 +4,8 @@ This repository stores resources and deployment artifacts for [bare metal](https It also contains optional features focused on low-latency workloads, NFV workloads, etc. +For contributions to the ansible-ipi-install roles please visit the [ansible-collection-redhatci-ocp](https://github.com/redhatci/ansible-collection-redhatci-ocp) repository. + ## Installation artifacts - [Installation Steps](https://openshift-kni.github.io/baremetal-deploy/) diff --git a/ansible-ipi-install/collections/ansible_collections/containers/podman b/ansible-ipi-install/collections/ansible_collections/containers/podman deleted file mode 160000 index ed3a3dc080..0000000000 --- a/ansible-ipi-install/collections/ansible_collections/containers/podman +++ /dev/null @@ -1 +0,0 @@ -Subproject commit ed3a3dc08033e79eebfd1bb2299314c47cfe459e diff --git a/ansible-ipi-install/playbook.yml b/ansible-ipi-install/playbook.yml index 416f792b57..67a3b71515 100644 --- a/ansible-ipi-install/playbook.yml +++ b/ansible-ipi-install/playbook.yml @@ -1,6 +1,8 @@ --- - name: IPI on Baremetal Installation Playbook hosts: provisioner + collections: + - redhatci.ocp roles: - node_prep - installer diff --git a/ansible-ipi-install/requirements.yml b/ansible-ipi-install/requirements.yml new file mode 100644 index 0000000000..f910174594 --- /dev/null +++ b/ansible-ipi-install/requirements.yml @@ -0,0 +1,5 @@ +--- +collections: + - name: redhatci.ocp + - name: containers.podman + version: "1.10.1" diff --git a/ansible-ipi-install/roles/installer/defaults/main.yml b/ansible-ipi-install/roles/installer/defaults/main.yml deleted file mode 100644 index 47861b766e..0000000000 --- a/ansible-ipi-install/roles/installer/defaults/main.yml +++ /dev/null @@ -1,17 +0,0 @@ ---- -# defaults file for installer -cache_enabled: false -provision_cache_store: "{{ ansible_env.HOME }}/rhcos_image_cache/" -registry_port_container: 5000 -registry_port: "{{ registry_port_container }}" -registry_dir: /opt/registry -install_config_appends_file: install-config-appends.yml -registry_auth_file: registry-auths.json -disconnected_registry_user: dummy -disconnected_registry_password: dummy -webserver_cache_image: "quay.io/centos7/httpd-24-centos7:latest" -webserver_caching_port: "{{ webserver_caching_port_container }}" -webserver_caching_port_container: 8080 -registry_creation: false -url_passed: false -httpd_cache_files: "{{ provision_cache_store }}httpd/" diff --git a/ansible-ipi-install/roles/installer/files/customize_filesystem/master/.gitkeep b/ansible-ipi-install/roles/installer/files/customize_filesystem/master/.gitkeep deleted file mode 100644 index e69de29bb2..0000000000 diff --git a/ansible-ipi-install/roles/installer/files/customize_filesystem/worker b/ansible-ipi-install/roles/installer/files/customize_filesystem/worker deleted file mode 120000 index 8b25206ff9..0000000000 --- a/ansible-ipi-install/roles/installer/files/customize_filesystem/worker +++ /dev/null @@ -1 +0,0 @@ -master \ No newline at end of file diff --git a/ansible-ipi-install/roles/installer/files/filetranspile-1.1.1.py b/ansible-ipi-install/roles/installer/files/filetranspile-1.1.1.py deleted file mode 100644 index 4db27a5104..0000000000 --- a/ansible-ipi-install/roles/installer/files/filetranspile-1.1.1.py +++ /dev/null @@ -1,359 +0,0 @@ -#!/usr/bin/env python3 -# -*- coding: utf-8 -*- -""" -Takes a fake root and appends them into a provided ignition configuration. -""" - -import abc -import argparse -import json -import os -import pathlib -import stat -import yaml - -from urllib.parse import quote - -__version__ = "1.1.1" - - -class FileTranspilerError(Exception): - """ - Base exception for FileTranspiler errors. - """ - - pass - - -class IgnitionSpec(abc.ABC): - """ - Base class for IgnitionSpec classes. - """ - - def __init__(self, ignition_cfg, cli_args): - """ - Initialize a spec merger. - - :param ignition_cfg: loaded ignition config json - :type ignition_cfg: dict - :param cli_args: Command line arguments - :type cli_args: argparse.Namespace - """ - self.ignition_cfg = ignition_cfg - self.fake_root = cli_args.fake_root - self.dereference_symlinks = cli_args.dereference_symlinks - - @abc.abstractmethod - def file_to_ignition(self, file_path, file_contents, mode): - """ - Turns a file into an ignition snippet. - - :param file_path: Path to where the file should be placed. - :type file_path: str - :param file_contents: The raw contents of the file - :type file_contents: str - :param mode: Octal mode to use (will translate to decimal) - :type mode: int - :returns: Ignition config snippet - :rtype: dict - """ - raise NotImplementedError("Must be implemented in a subclass") - - @abc.abstractmethod - def link_to_ignition(self, file_path, target_path): - """ - Turns a symbolic link into an ignition snippet. - - :param file_path: Path to where the file should be placed. - :type file_path: str - :param target_path: The target path of the symbolic link - :type target_path: str - :returns: Ignition config snippet - :rtype: dict - """ - raise NotImplementedError("Must be implemented in a subclass") - - def merge_with_ignition(self, ignition_cfg, files, links): - """ - Merge file snippets into the ignition config. - - :param ignition_cfg: Ignition structure to append to - :type ignition_cfg: dict - :param files: List of Ignition file snippets - :type files: list - :returns: Merged ignition dict - :rtype: dict - """ - # Check that the storage exists - storage_check = ignition_cfg.get("storage") - if storage_check is None: - ignition_cfg["storage"] = {} - - if files: - # Check that files entry exists - files_check = ignition_cfg["storage"].get("files") - if files_check is None: - ignition_cfg["storage"]["files"] = [] - - for a_file in files: - ignition_cfg["storage"]["files"].append(a_file) - - if links: - # Check that links entry exists - links_check = ignition_cfg["storage"].get("links") - if links_check is None: - ignition_cfg["storage"]["links"] = [] - - for a_link in links: - ignition_cfg["storage"]["links"].append(a_link) - - return ignition_cfg - - def merge(self): - """ - Merges the fakeroot into the ignition config. - - :returns: The merged ignition config - :rtype: dict - """ - # Walk through the files and append them for merging - all_files = [] - all_links = [] - for root, _, files in os.walk(self.fake_root): - for file in files: - path = os.path.sep.join([root, file]) - host_path = path.replace(self.fake_root, "") - if not host_path.startswith(os.path.sep): - host_path = os.path.sep + host_path - if os.path.islink(path): - # If we are dereferencing symlinks then treat it as - # a file - if self.dereference_symlinks: - source_path = str(pathlib.Path(path).resolve()) - # Ensure the path is within the fakeroot - if not source_path.startswith(os.path.realpath(self.fake_root)): - raise FileTranspilerError( - "link: {} is not in the fake root: {}".format( - source_path, self.fake_root - ) - ) - mode = oct(stat.S_IMODE(os.stat(source_path).st_mode)) - with open(source_path, "r") as file_obj: - snippet = self.file_to_ignition( - host_path, file_obj.read(), mode - ) - all_files.append(snippet) - else: - target_path = os.readlink(path) - snippet = self.link_to_ignition(host_path, target_path) - all_links.append(snippet) - else: - mode = oct(stat.S_IMODE(os.stat(path).st_mode)) - with open(path, "r") as file_obj: - snippet = self.file_to_ignition( - host_path, file_obj.read(), mode - ) - all_files.append(snippet) - - # Merge the and output the results - merged_ignition = self.merge_with_ignition( - self.ignition_cfg, all_files, all_links - ) - return merged_ignition - - -class SpecV2(IgnitionSpec): - """ - Spec v2 implementation for merging files. - """ - - def file_to_ignition(self, file_path, file_contents, mode): - """ - Turns a file into an ignition snippet. - - :param file_path: Path to where the file should be placed. - :type file_path: str - :param file_contents: The raw contents of the file - :type file_contents: str - :param mode: Octal mode to use (will translate to decimal) - :type mode: int - :returns: Ignition config snippet - :rtype: dict - """ - return { - "path": file_path, - "filesystem": "root", - "mode": int(mode, 8), - "contents": {"source": "data:,{}".format(quote(file_contents))}, - } - - def link_to_ignition(self, file_path, target_path): - """ - Turns a symbolic link into an ignition snippet. - - :param file_path: Path to where the file should be placed. - :type file_path: str - :param target_path: The target path of the symbolic link - :type target_path: str - :returns: Ignition config snippet - :rtype: dict - """ - return { - "path": file_path, - "filesystem": "root", - "target": target_path, - "hard": False, - } - - -class SpecV3(IgnitionSpec): - """ - Spec v3 implementation for merging files. - """ - - def file_to_ignition(self, file_path, file_contents, mode): - """ - Turns a file into an ignition snippet. - - :param file_path: Path to where the file should be placed. - :type file_path: str - :param file_contents: The raw contents of the file - :type file_contents: str - :param mode: Octal mode to use (will translate to decimal) - :type mode: int - :returns: Ignition config snippet - :rtype: dict - """ - return { - "path": file_path, - "mode": int(mode, 8), - "overwrite": True, - "contents": {"source": "data:,{}".format(quote(file_contents))}, - } - - def link_to_ignition(self, file_path, target_path): - """ - Turns a symbolic link into an ignition snippet. - - :param file_path: Path to where the file should be placed. - :type file_path: str - :param target_path: The target path of the symbolic link - :type target_path: str - :returns: Ignition config snippet - :rtype: dict - """ - return { - "path": file_path, - "overwrite": True, - "target": target_path, - "hard": False, - } - - -def loader(ignition_file): - """ - Loads the ignition json into a structure, senses the ignition - spec version, and returns the structure and it's spec class. - - :param ignition_file: Path to the ignition file to parse - :type ignition_file: str - :returns: The ignition structure and spec class - :rtype: tuple - :raises: FileTranspilerError - """ - try: - with open(ignition_file, "r") as f: - ignition_cfg = json.load(f) - ignition_version = ignition_cfg["ignition"]["version"] - version_tpl = ignition_version.split(".") - - if version_tpl[0] == "2": - return ignition_cfg, SpecV2 - elif version_tpl[0] == "3": - return ignition_cfg, SpecV3 - raise FileTranspilerError("Unkown ignition spec: {}".format(ignition_version)) - except (KeyError, IndexError) as err: - raise FileTranspilerError("Unable to find version in spec: {}".format(err)) - except json.JSONDecodeError as err: - raise FileTranspilerError("Unable to read JSON: {}".format(err)) - - -def main(): - """ - Main entry point - """ - parser = argparse.ArgumentParser() - parser.add_argument( - "-i", "--ignition", help="Path to ignition file to use as the base" - ) - parser.add_argument( - "-f", "--fake-root", help="Path to the fake root", required=True - ) - parser.add_argument( - "-o", - "--output", - help="Where to output the file. If empty, will print to stdout", - ) - parser.add_argument( - "-p", - "--pretty", - default=False, - action="store_true", - help="Make the output pretty", - ) - parser.add_argument( - "--dereference-symlinks", - default=False, - action="store_true", - help=( - "Write out file contents instead of making symlinks " - "NOTE: Target files must exist in the fakeroot" - ), - ) - parser.add_argument( - "--format", - default="json", - choices=["json", "yaml"], - help="What format of file to write out. `yaml` or `json` (default)", - ) - parser.add_argument( - "--version", action="version", version="%(prog)s {}".format(__version__) - ) - - args = parser.parse_args() - - # Open the base ignition file and load it - if args.ignition is not None: - # Get the ignition config - try: - ignition_cfg, spec_cls = loader(args.ignition) - ignition_spec = spec_cls(ignition_cfg, args) - - except FileTranspilerError as err: - parser.error(err) - else: - # Default to empty spec 2.3.0 - ignition_cfg = {"ignition": {"version": "2.3.0"}} - ignition_spec = SpecV2(ignition_cfg, args) - - # Merge the and output the results - merged_ignition = ignition_spec.merge() - - if args.format == "json": - if args.pretty: - ignition_out = json.dumps( - merged_ignition, sort_keys=True, indent=4, separators=(",", ": ") - ) - else: - ignition_out = json.dumps(merged_ignition) - else: - ignition_out = yaml.safe_dump(merged_ignition) - if args.output: - with open(args.output, "w") as out_f: - out_f.write(ignition_out) - else: - print(ignition_out) - - -if __name__ == "__main__": - main() diff --git a/ansible-ipi-install/roles/installer/files/ipv6-dual-stack-no-upgrade.yml b/ansible-ipi-install/roles/installer/files/ipv6-dual-stack-no-upgrade.yml deleted file mode 100644 index 828cd29c7f..0000000000 --- a/ansible-ipi-install/roles/installer/files/ipv6-dual-stack-no-upgrade.yml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: config.openshift.io/v1 -kind: FeatureGate -metadata: - name: cluster -spec: - featureSet: IPv6DualStackNoUpgrade diff --git a/ansible-ipi-install/roles/installer/files/manifests/.gitkeep b/ansible-ipi-install/roles/installer/files/manifests/.gitkeep deleted file mode 100644 index e69de29bb2..0000000000 diff --git a/ansible-ipi-install/roles/installer/files/openshift/.gitkeep b/ansible-ipi-install/roles/installer/files/openshift/.gitkeep deleted file mode 100644 index e69de29bb2..0000000000 diff --git a/ansible-ipi-install/roles/installer/handlers/main.yml b/ansible-ipi-install/roles/installer/handlers/main.yml deleted file mode 100644 index 487d4c0b11..0000000000 --- a/ansible-ipi-install/roles/installer/handlers/main.yml +++ /dev/null @@ -1,2 +0,0 @@ ---- -# handlers file for installer diff --git a/ansible-ipi-install/roles/installer/library/virt.py b/ansible-ipi-install/roles/installer/library/virt.py deleted file mode 100644 index da861dfaff..0000000000 --- a/ansible-ipi-install/roles/installer/library/virt.py +++ /dev/null @@ -1,625 +0,0 @@ -#!/usr/bin/python -# -*- coding: utf-8 -*- - -# Copyright: (c) 2007, 2012 Red Hat, Inc -# Michael DeHaan -# Seth Vidal -# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) - -from __future__ import absolute_import, division, print_function - -__metaclass__ = type - - -DOCUMENTATION = """ ---- -module: virt -short_description: Manages virtual machines supported by libvirt -description: - - Manages virtual machines supported by I(libvirt). -options: - name: - description: - - name of the guest VM being managed. Note that VM must be previously - defined with xml. - - This option is required unless I(command) is C(list_vms) or C(info). - type: str - aliases: - - guest - state: - description: - - Note that there may be some lag for state requests like C(shutdown) - since these refer only to VM states. After starting a guest, it may not - be immediately accessible. - state and command are mutually exclusive except when command=list_vms. In - this case all VMs in specified state will be listed. - choices: [ destroyed, paused, running, shutdown ] - type: str - command: - description: - - In addition to state management, various non-idempotent commands are available. - choices: [ create, define, destroy, freemem, get_xml, info, list_vms, nodeinfo, pause, shutdown, start, status, stop, undefine, unpause, virttype ] - type: str - autostart: - description: - - start VM at host startup. - type: bool - uri: - description: - - libvirt connection uri. - default: qemu:///system - type: str - xml: - description: - - XML document used with the define command. - - Must be raw XML content using C(lookup). XML cannot be reference to a file. - type: str -requirements: - - python >= 2.6 - - libvirt-python -author: - - Ansible Core Team - - Michael DeHaan - - Seth Vidal (@skvidal) -""" - -EXAMPLES = """ -# a playbook task line: -- community.libvirt.virt: - name: alpha - state: running - -# /usr/bin/ansible invocations -# ansible host -m virt -a "name=alpha command=status" -# ansible host -m virt -a "name=alpha command=get_xml" -# ansible host -m virt -a "name=alpha command=create uri=lxc:///" - -# defining and launching an LXC guest -- name: define vm - community.libvirt.virt: - command: define - xml: "{{ lookup('template', 'container-template.xml.j2') }}" - uri: 'lxc:///' -- name: start vm - community.libvirt.virt: - name: foo - state: running - uri: 'lxc:///' - -# setting autostart on a qemu VM (default uri) -- name: set autostart for a VM - community.libvirt.virt: - name: foo - autostart: yes - -# Defining a VM and making is autostart with host. VM will be off after this task -- name: define vm from xml and set autostart - community.libvirt.virt: - command: define - xml: "{{ lookup('template', 'vm_template.xml.j2') }}" - autostart: yes - -# Listing VMs -- name: list all VMs - community.libvirt.virt: - command: list_vms - register: all_vms - -- name: list only running VMs - community.libvirt.virt: - command: list_vms - state: running - register: running_vms -""" - -RETURN = """ -# for list_vms command -list_vms: - description: The list of vms defined on the remote system - type: list - returned: success - sample: [ - "build.example.org", - "dev.example.org" - ] -# for status command -status: - description: The status of the VM, among running, crashed, paused and shutdown - type: str - sample: "success" - returned: success -""" - -import traceback - -try: - import libvirt - from libvirt import libvirtError -except ImportError: - HAS_VIRT = False -else: - HAS_VIRT = True - -import re - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils._text import to_native - - -VIRT_FAILED = 1 -VIRT_SUCCESS = 0 -VIRT_UNAVAILABLE = 2 - -ALL_COMMANDS = [] -VM_COMMANDS = [ - "create", - "define", - "destroy", - "get_xml", - "pause", - "shutdown", - "status", - "start", - "stop", - "undefine", - "unpause", -] -HOST_COMMANDS = ["freemem", "info", "list_vms", "nodeinfo", "virttype"] -ALL_COMMANDS.extend(VM_COMMANDS) -ALL_COMMANDS.extend(HOST_COMMANDS) - -VIRT_STATE_NAME_MAP = { - 0: "running", - 1: "running", - 2: "running", - 3: "paused", - 4: "shutdown", - 5: "shutdown", - 6: "crashed", -} - - -class VMNotFound(Exception): - pass - - -class LibvirtConnection(object): - def __init__(self, uri, module): - - self.module = module - - cmd = "uname -r" - rc, stdout, stderr = self.module.run_command(cmd) - - if "xen" in stdout: - conn = libvirt.open(None) - elif "esx" in uri: - auth = [ - [libvirt.VIR_CRED_AUTHNAME, libvirt.VIR_CRED_NOECHOPROMPT], - [], - None, - ] - conn = libvirt.openAuth(uri, auth) - else: - conn = libvirt.open(uri) - - if not conn: - raise Exception("hypervisor connection failure") - - self.conn = conn - - def find_vm(self, vmid): - """ - Extra bonus feature: vmid = -1 returns a list of everything - """ - conn = self.conn - - vms = [] - - # this block of code borrowed from virt-manager: - # get working domain's name - ids = conn.listDomainsID() - for id in ids: - vm = conn.lookupByID(id) - vms.append(vm) - # get defined domain - names = conn.listDefinedDomains() - for name in names: - vm = conn.lookupByName(name) - vms.append(vm) - - if vmid == -1: - return vms - - for vm in vms: - if vm.name() == vmid: - return vm - - raise VMNotFound("virtual machine %s not found" % vmid) - - def shutdown(self, vmid): - return self.find_vm(vmid).shutdown() - - def pause(self, vmid): - return self.suspend(vmid) - - def unpause(self, vmid): - return self.resume(vmid) - - def suspend(self, vmid): - return self.find_vm(vmid).suspend() - - def resume(self, vmid): - return self.find_vm(vmid).resume() - - def create(self, vmid): - return self.find_vm(vmid).create() - - def destroy(self, vmid): - return self.find_vm(vmid).destroy() - - def undefine(self, vmid): - return self.find_vm(vmid).undefine() - - def get_status2(self, vm): - state = vm.info()[0] - return VIRT_STATE_NAME_MAP.get(state, "unknown") - - def get_status(self, vmid): - state = self.find_vm(vmid).info()[0] - return VIRT_STATE_NAME_MAP.get(state, "unknown") - - def nodeinfo(self): - return self.conn.getInfo() - - def get_type(self): - return self.conn.getType() - - def get_xml(self, vmid): - vm = self.conn.lookupByName(vmid) - return vm.XMLDesc(0) - - def get_maxVcpus(self, vmid): - vm = self.conn.lookupByName(vmid) - return vm.maxVcpus() - - def get_maxMemory(self, vmid): - vm = self.conn.lookupByName(vmid) - return vm.maxMemory() - - def getFreeMemory(self): - return self.conn.getFreeMemory() - - def get_autostart(self, vmid): - vm = self.conn.lookupByName(vmid) - return vm.autostart() - - def set_autostart(self, vmid, val): - vm = self.conn.lookupByName(vmid) - return vm.setAutostart(val) - - def define_from_xml(self, xml): - return self.conn.defineXML(xml) - - -class Virt(object): - def __init__(self, uri, module): - self.module = module - self.uri = uri - - def __get_conn(self): - self.conn = LibvirtConnection(self.uri, self.module) - return self.conn - - def get_vm(self, vmid): - self.__get_conn() - return self.conn.find_vm(vmid) - - def state(self): - vms = self.list_vms() - state = [] - for vm in vms: - state_blurb = self.conn.get_status(vm) - state.append("%s %s" % (vm, state_blurb)) - return state - - def info(self): - vms = self.list_vms() - info = dict() - for vm in vms: - data = self.conn.find_vm(vm).info() - # libvirt returns maxMem, memory, and cpuTime as long()'s, which - # xmlrpclib tries to convert to regular int's during serialization. - # This throws exceptions, so convert them to strings here and - # assume the other end of the xmlrpc connection can figure things - # out or doesn't care. - info[vm] = dict( - state=VIRT_STATE_NAME_MAP.get(data[0], "unknown"), - maxMem=str(data[1]), - memory=str(data[2]), - nrVirtCpu=data[3], - cpuTime=str(data[4]), - autostart=self.conn.get_autostart(vm), - ) - - return info - - def nodeinfo(self): - self.__get_conn() - data = self.conn.nodeinfo() - info = dict( - cpumodel=str(data[0]), - phymemory=str(data[1]), - cpus=str(data[2]), - cpumhz=str(data[3]), - numanodes=str(data[4]), - sockets=str(data[5]), - cpucores=str(data[6]), - cputhreads=str(data[7]), - ) - return info - - def list_vms(self, state=None): - self.conn = self.__get_conn() - vms = self.conn.find_vm(-1) - results = [] - for x in vms: - try: - if state: - vmstate = self.conn.get_status2(x) - if vmstate == state: - results.append(x.name()) - else: - results.append(x.name()) - except Exception: - pass - return results - - def virttype(self): - return self.__get_conn().get_type() - - def autostart(self, vmid, as_flag): - self.conn = self.__get_conn() - # Change autostart flag only if needed - if self.conn.get_autostart(vmid) != as_flag: - self.conn.set_autostart(vmid, as_flag) - return True - - return False - - def freemem(self): - self.conn = self.__get_conn() - return self.conn.getFreeMemory() - - def shutdown(self, vmid): - """ Make the machine with the given vmid stop running. Whatever that takes. """ - self.__get_conn() - self.conn.shutdown(vmid) - return 0 - - def pause(self, vmid): - """ Pause the machine with the given vmid. """ - - self.__get_conn() - return self.conn.suspend(vmid) - - def unpause(self, vmid): - """ Unpause the machine with the given vmid. """ - - self.__get_conn() - return self.conn.resume(vmid) - - def create(self, vmid): - """ Start the machine via the given vmid """ - - self.__get_conn() - return self.conn.create(vmid) - - def start(self, vmid): - """ Start the machine via the given id/name """ - - self.__get_conn() - return self.conn.create(vmid) - - def destroy(self, vmid): - """ Pull the virtual power from the virtual domain, giving it virtually no time to virtually shut down. """ - self.__get_conn() - return self.conn.destroy(vmid) - - def undefine(self, vmid): - """ Stop a domain, and then wipe it from the face of the earth. (delete disk/config file) """ - - self.__get_conn() - return self.conn.undefine(vmid) - - def status(self, vmid): - """ - Return a state suitable for server consumption. Aka, codes.py values, not XM output. - """ - self.__get_conn() - return self.conn.get_status(vmid) - - def get_xml(self, vmid): - """ - Receive a Vm id as input - Return an xml describing vm config returned by a libvirt call - """ - - self.__get_conn() - return self.conn.get_xml(vmid) - - def get_maxVcpus(self, vmid): - """ - Gets the max number of VCPUs on a guest - """ - - self.__get_conn() - return self.conn.get_maxVcpus(vmid) - - def get_max_memory(self, vmid): - """ - Gets the max memory on a guest - """ - - self.__get_conn() - return self.conn.get_MaxMemory(vmid) - - def define(self, xml): - """ - Define a guest with the given xml - """ - self.__get_conn() - return self.conn.define_from_xml(xml) - - -def core(module): - - state = module.params.get("state", None) - autostart = module.params.get("autostart", None) - guest = module.params.get("name", None) - command = module.params.get("command", None) - uri = module.params.get("uri", None) - xml = module.params.get("xml", None) - - v = Virt(uri, module) - res = dict() - - if state and command == "list_vms": - res = v.list_vms(state=state) - if not isinstance(res, dict): - res = {command: res} - return VIRT_SUCCESS, res - - if autostart is not None and command != "define": - if not guest: - module.fail_json(msg="autostart requires 1 argument: name") - try: - v.get_vm(guest) - except VMNotFound: - module.fail_json(msg="domain %s not found" % guest) - res["changed"] = v.autostart(guest, autostart) - if not command and not state: - return VIRT_SUCCESS, res - - if state: - if not guest: - module.fail_json(msg="state change requires a guest specified") - - if state == "running": - if v.status(guest) == "paused": - res["changed"] = True - res["msg"] = v.unpause(guest) - elif v.status(guest) != "running": - res["changed"] = True - res["msg"] = v.start(guest) - elif state == "shutdown": - if v.status(guest) != "shutdown": - res["changed"] = True - res["msg"] = v.shutdown(guest) - elif state == "destroyed": - if v.status(guest) != "shutdown": - res["changed"] = True - res["msg"] = v.destroy(guest) - elif state == "paused": - if v.status(guest) == "running": - res["changed"] = True - res["msg"] = v.pause(guest) - else: - module.fail_json(msg="unexpected state") - - return VIRT_SUCCESS, res - - if command: - if command in VM_COMMANDS: - if command == "define": - if not xml: - module.fail_json(msg="define requires xml argument") - if guest: - # there might be a mismatch between quest 'name' in the module and in the xml - module.warn("'xml' is given - ignoring 'name'") - found_name = re.search("(.*)", xml).groups() - if found_name: - domain_name = found_name[0] - else: - module.fail_json(msg="Could not find domain 'name' in xml") - - # From libvirt docs (https://libvirt.org/html/libvirt-libvirt-domain.html#virDomainDefineXML): - # -- A previous definition for this domain would be overridden if it already exists. - # - # In real world testing with libvirt versions 1.2.17-13, 2.0.0-10 and 3.9.0-14 - # on qemu and lxc domains results in: - # operation failed: domain '' already exists with - # - # In case a domain would be indeed overwritten, we should protect idempotency: - try: - existing_domain = v.get_vm(domain_name) - except VMNotFound: - existing_domain = None - try: - domain = v.define(xml) - if existing_domain: - # if we are here, then libvirt redefined existing domain as the doc promised - if existing_domain.XMLDesc() != domain.XMLDesc(): - res = {"changed": True, "change_reason": "config changed"} - else: - res = {"changed": True, "created": domain.name()} - except libvirtError as e: - if e.get_error_code() != 9: # 9 means 'domain already exists' error - module.fail_json(msg="libvirtError: %s" % e.message) - if autostart is not None and v.autostart(domain_name, autostart): - res = {"changed": True, "change_reason": "autostart"} - - elif not guest: - module.fail_json(msg="%s requires 1 argument: guest" % command) - else: - res = getattr(v, command)(guest) - if not isinstance(res, dict): - res = {command: res} - - return VIRT_SUCCESS, res - - elif hasattr(v, command): - res = getattr(v, command)() - if not isinstance(res, dict): - res = {command: res} - return VIRT_SUCCESS, res - - else: - module.fail_json(msg="Command %s not recognized" % command) - - module.fail_json(msg="expected state or command parameter to be specified") - - -def main(): - module = AnsibleModule( - argument_spec=dict( - name=dict(type="str", aliases=["guest"]), - state=dict( - type="str", choices=["destroyed", "paused", "running", "shutdown"] - ), - autostart=dict(type="bool"), - command=dict(type="str", choices=ALL_COMMANDS), - uri=dict(type="str", default="qemu:///system"), - xml=dict(type="str"), - ), - ) - - if not HAS_VIRT: - module.fail_json( - msg="The `libvirt` module is not importable. Check the requirements." - ) - - rc = VIRT_SUCCESS - try: - rc, result = core(module) - except Exception as e: - module.fail_json(msg=to_native(e), exception=traceback.format_exc()) - - if rc != 0: # something went wrong emit the msg - module.fail_json(rc=rc, msg=result) - else: - module.exit_json(**result) - - -if __name__ == "__main__": - main() diff --git a/ansible-ipi-install/roles/installer/meta/main.yml b/ansible-ipi-install/roles/installer/meta/main.yml deleted file mode 100644 index 66443555d6..0000000000 --- a/ansible-ipi-install/roles/installer/meta/main.yml +++ /dev/null @@ -1,8 +0,0 @@ -galaxy_info: - author: Roger Lopez - description: The installer role assists in installing Red Hat OpenShift - company: Red Hat, Inc. - license: Apache License, Version 2.0 - min_ansible_version: 2.9 - galaxy_tags: [] -dependencies: [] diff --git a/ansible-ipi-install/roles/installer/tasks/10_get_oc.yml b/ansible-ipi-install/roles/installer/tasks/10_get_oc.yml deleted file mode 100644 index 566db2adc7..0000000000 --- a/ansible-ipi-install/roles/installer/tasks/10_get_oc.yml +++ /dev/null @@ -1,154 +0,0 @@ ---- -- name: Check if creating a new disconnected registry and registry exists - set_fact: - registry_creation: true - when: - - not dra_set - - not drm_set - - registry_host_exists - -- name: Find any old tmp dirs with OpenShift related binaries - find: - paths: /tmp - patterns: "baremetal-deploy.*" - file_type: directory - register: tmp_results - tags: - - cleanup - - getoc - -- name: Delete any old tmp dirs with OpenShift related binaries - file: - path: "{{ item['path'] }}" - state: absent - loop: "{{ tmp_results['files'] }}" - tags: - - cleanup - - getoc - -- name: Find any existing /usr/local/bin OpenShift binaries - find: - paths: /usr/local/bin - patterns: 'oc,openshift-baremetal-install,kubectl' - register: binary_results - tags: - - cleanup - - getoc - -- name: Remove any existing /usr/local/bin OpenShift binaries - file: - path: "{{ item['path'] }}" - state: absent - loop: "{{ binary_results['files'] }}" - become: true - tags: - - cleanup - - getoc - -- name: Create tmp directory to store OpenShift binaries - tempfile: - state: directory - prefix: "baremetal-deploy." - suffix: "{{ release_version }}" - register: tempdiroutput - tags: getoc - -- name: Set fact for tmp directory - set_fact: - tempdir: "{{ tempdiroutput.path }}" - tags: getoc - -- name: Create tmp directory to store OpenShift binaries on registry host - tempfile: - state: directory - prefix: "baremetal-deploy." - suffix: "{{ release_version }}" - register: registryhost_tempdir - when: registry_creation|bool - delegate_to: "{{ groups['registry_host'][0] }}" - tags: - - getoc - -- name: Set fact for tmp directory on registry host - set_fact: - registry_host_tempdir: "{{ registryhost_tempdir.path }}" - when: registry_creation|bool - tags: - - getoc - -- name: Setting Fact of which ansible temp file to use - set_fact: - temp_directory_loc: "{{ (registry_creation) | ternary(registry_host_tempdir, tempdir) }}" - tags: - - getoc - -- name: Get the ocp client tar gunzip file - get_url: - url: "{{ release_url }}/{{ version }}/openshift-client-linux-{{ release_version }}.tar.gz" - dest: "{{ temp_directory_loc }}" - owner: "{{ ansible_user }}" - group: "{{ ansible_user }}" - mode: '0755' - register: result - retries: 3 - delay: 10 - until: result is not failed - delegate_to: "{{ registry_creation | ternary(groups['registry_host'][0], groups['provisioner'][0]) }}" - tags: getoc - -# If the registry host got the tar, lets just copy it to the prov host -# 15_disconnected_registry_create.yml can handle extracting to the registry host already -- name: Get the openshift-client-linux-{{ release_version }}.tar.gz from registry host into temp file on control machine - fetch: - dest: /tmp/ - flat: true - src: "{{ temp_directory_loc }}/openshift-client-linux-{{ release_version }}.tar.gz" - when: registry_creation|bool - delegate_to: "{{ groups['registry_host'][0] }}" - tags: - - getoc - -- name: Copy the openshift-client-linux-{{ release_version }}.tar.gz from control machine to the provisioner host - copy: - src: "/tmp/openshift-client-linux-{{ release_version }}.tar.gz" - dest: "{{ tempdir }}/openshift-client-linux-{{ release_version }}.tar.gz" - owner: "{{ ansible_user }}" - group: "{{ ansible_user }}" - mode: 0755 - become: true - when: registry_creation|bool - tags: - - getoc - -- name: Remove the temporary copy of the openshift-client-linux-{{ release_version }}.tar.gz on control machine - file: - path: "/tmp/openshift-client-linux-{{ release_version }}.tar.gz" - state: absent - when: registry_creation|bool - delegate_to: localhost - tags: - - getoc - -- name: "Untar the openshift-client-linux-{{ release_version }}.tar.gz" - unarchive: - src: "{{ tempdir }}/openshift-client-linux-{{ release_version }}.tar.gz" - dest: "{{ tempdir }}" - owner: "{{ ansible_user }}" - group: "{{ ansible_user }}" - mode: '0755' - remote_src: true - tags: getoc - -- name: Copy oc binary to /usr/local/bin - copy: - src: "{{ tempdir }}/{{ item }}" - dest: /usr/local/bin/ - owner: "{{ ansible_user }}" - group: "{{ ansible_user }}" - mode: '0755' - remote_src: true - become: true - loop: - - kubectl - - oc - tags: getoc diff --git a/ansible-ipi-install/roles/installer/tasks/15_disconnected_registry_create.yml b/ansible-ipi-install/roles/installer/tasks/15_disconnected_registry_create.yml deleted file mode 100644 index 9ff967a87f..0000000000 --- a/ansible-ipi-install/roles/installer/tasks/15_disconnected_registry_create.yml +++ /dev/null @@ -1,444 +0,0 @@ ---- -- name: Find any old tmp dirs with OpenShift related binaries on registry host - find: - paths: /tmp - patterns: "baremetal-deploy.*" - file_type: directory - register: registry_tmp_results - when: groups['registry_host'][0] != groups['provisioner'][0] - delegate_to: "{{ groups['registry_host'][0] }}" - tags: - - create_registry - -- name: Delete any old tmp dirs with OpenShift related binaries on registry host - file: - path: "{{ item['path'] }}" - state: absent - loop: "{{ registry_tmp_results['files'] }}" - when: groups['registry_host'][0] != groups['provisioner'][0] - delegate_to: "{{ groups['registry_host'][0] }}" - tags: - - create_registry - -- name: Find any existing /usr/local/bin OpenShift binaries on registry host - find: - paths: /usr/local/bin - patterns: 'oc,openshift-baremetal-install,kubectl' - register: binary_results - when: groups['registry_host'][0] != groups['provisioner'][0] - delegate_to: "{{ groups['registry_host'][0] }}" - tags: - - create_registry - -- name: Remove any existing /usr/local/bin OpenShift binaries on registry host - file: - path: "{{ item['path'] }}" - state: absent - loop: "{{ binary_results['files'] }}" - when: groups['registry_host'][0] != groups['provisioner'][0] - delegate_to: "{{ groups['registry_host'][0] }}" - become: true - tags: - - create_registry - -- name: Get the oc command from provisioner into temp file on control machine - fetch: - dest: /tmp/ - flat: true - src: /usr/local/bin/oc - when: groups['registry_host'][0] != groups['provisioner'][0] - tags: - - create_registry - -- name: Copy the oc command from control machine to the registry host - copy: - src: /tmp/oc - dest: "/usr/local/bin/oc" - owner: "{{ ansible_user }}" - group: "{{ ansible_user }}" - mode: 0755 - become: true - when: groups['registry_host'][0] != groups['provisioner'][0] - delegate_to: "{{ groups['registry_host'][0] }}" - tags: - - create_registry - -- name: Remove the temporary copy of the oc command on control machine - file: - path: /tmp/oc - state: absent - when: groups['registry_host'][0] != groups['provisioner'][0] - delegate_to: localhost - tags: - - create_registry - -- name: Create tmp directory to store OpenShift binaries on registry host - tempfile: - state: directory - prefix: "baremetal-deploy." - suffix: "{{ release_version }}" - register: registry_tempdir - delegate_to: "{{ groups['registry_host'][0] }}" - tags: - - create_registry - -- name: Set fact for tmp directory on registry host - set_fact: - tempdir: "{{ registry_tempdir.path }}" - tags: - - create_registry - -- name: Create disconnected registry - block: - - name: set cert facts to be easier - set_fact: - cert_country: "{{ hostvars[groups['registry_host'][0]]['cert_country'] }}" - cert_state: "{{ hostvars[groups['registry_host'][0]]['cert_state'] }}" - cert_locality: "{{ hostvars[groups['registry_host'][0]]['cert_locality'] }}" - cert_organization: "{{ hostvars[groups['registry_host'][0]]['cert_organization'] }}" - cert_organizational_unit: "{{ hostvars[groups['registry_host'][0]]['cert_organizational_unit'] }}" - - - name: Verify the certificate variables are set - fail: - msg: - - "Must specify cert_country, cert_state, cert_locality, cert_organization, and cert_organizational_unit" - - "cert_country: {{ cert_country }}" - - "cert_state: {{ cert_state }}" - - "cert_locality: {{ cert_locality }}" - - "cert_organization: {{ cert_organization }}" - - "cert_organizational_unit: {{ cert_organizational_unit }}" - when: ( cert_country is not defined ) - or ( cert_country is none ) - or ( cert_country | trim == '' ) - or ( cert_state is not defined ) - or ( cert_state is none ) - or ( cert_state | trim == '' ) - or ( cert_locality is not defined ) - or ( cert_locality is none ) - or ( cert_locality | trim == '' ) - or ( cert_organization is not defined ) - or ( cert_organization is none ) - or ( cert_organization | trim == '' ) - or ( cert_organizational_unit is not defined ) - or ( cert_organizational_unit is none ) - or ( cert_organizational_unit | trim == '' ) - - - name: Make sure needed packages are installed - package: - state: present - name: "{{ item }}" - loop: - - "{{ packages_registry | default([]) }}" - become: true - - - name: Open registry port, zone libvirt and public, for firewalld - firewalld: - port: "{{ registry_port }}/tcp" - permanent: true - immediate: true - state: enabled - zone: "{{ item }}" - become: true - with_items: - - libvirt - - public - when: firewall != "iptables" - - - name: Open registry port for iptables - iptables: - chain: INPUT - protocol: tcp - destination_port: "{{ registry_port }}" - jump: ACCEPT - become: true - when: firewall == "iptables" - - - name: Save iptables configuration - shell: | - /usr/sbin/iptables-save > /etc/sysconfig/iptables - become: true - when: firewall == "iptables" - - - name: Create directory to hold the registry files - file: - path: "{{ item }}" - state: directory - owner: "{{ ansible_user }}" - group: "{{ ansible_user }}" - mode: u=rwX,g=rX,o=rX - recurse: true - loop: - - "{{ registry_dir_auth }}" - - "{{ registry_dir_cert }}" - - "{{ registry_dir_data }}" - become: true - - - name: Generate htpasswd entry - command: htpasswd -bBn {{ disconnected_registry_user }} {{ disconnected_registry_password }} - register: htpass_entry - - - name: Write htpasswd file - copy: - content: '{{ htpass_entry.stdout }}' - dest: "{{ registry_dir_auth }}/htpasswd" - owner: "{{ ansible_user }}" - group: "{{ ansible_user }}" - backup: true - force: true - - - name: Set disconnected_auth - set_fact: - disconnected_registry_up: "{{ disconnected_registry_user }}:{{ disconnected_registry_password }}" - - - name: Create registry auth for pullsecret - set_fact: - disconnected_auth: ' {"{{ local_registry }}": {"auth": "{{ disconnected_registry_up | b64encode }}", "email": "{{ ansible_user }}@redhat.com" } }' - - - name: Write auth for disconnected to registry host - copy: - content: "{{ disconnected_auth }}" - dest: "{{ ansible_env.HOME }}/{{ registry_auth_file }}" - backup: true - force: true - - - name: Write auth for disconnected to localhost - copy: - content: "{{ disconnected_auth }}" - dest: "{{ lookup ('env', 'PWD') }}/{{ registry_auth_file }}" - backup: true - force: true - delegate_to: localhost - - - name: append auth to pullsecret - shell: | - echo '{{ pullsecret }}' | jq -c \ - '.auths += {{ disconnected_auth }}' - register: new_pullsecret - - - name: set pullsecret with new auth - set_fact: - pullsecret: " {{ new_pullsecret.stdout }}" - - - name: Generate an OpenSSL private key - openssl_privatekey: - path: "{{ registry_dir_cert }}/domain.key" - - - name: Generate an OpenSSL CSR - openssl_csr: - path: "{{ registry_dir_cert }}/domain.csr" - privatekey_path: "{{ registry_dir_cert }}/domain.key" - common_name: "{{ groups['registry_host'][0] }}" - country_name: "{{ cert_country }}" - state_or_province_name: "{{ cert_state }}" - locality_name: "{{ cert_locality }}" - organization_name: "{{ cert_organization }}" - organizational_unit_name: "{{ cert_organizational_unit }}" - basic_constraints_critical: true - create_subject_key_identifier: true - basic_constraints: ['CA:TRUE'] - - - name: Generate a selfsigned OpenSSL CA Certificate - openssl_certificate: - path: "{{ registry_dir_cert }}/domainCA.crt" - privatekey_path: "{{ registry_dir_cert }}/domain.key" - csr_path: "{{ registry_dir_cert }}/domain.csr" - provider: selfsigned - - - name: Generate an ownca OpenSSL Certificate - openssl_certificate: - path: "{{ registry_dir_cert }}/domain.crt" - ownca_privatekey_path: "{{ registry_dir_cert }}/domain.key" - csr_path: "{{ registry_dir_cert }}/domain.csr" - ownca_path: "{{ registry_dir_cert }}/domainCA.crt" - ownca_create_authority_key_identifier: true - provider: ownca - - - name: Copy cert to pki directory - copy: - src: "{{ registry_dir_cert }}/domain.crt" - dest: /etc/pki/ca-trust/source/anchors/domain.crt - remote_src: true - group: "{{ ansible_user }}" - owner: "{{ ansible_user }}" - mode: 0644 - force: true - backup: true - become: true - - - name: Update the CA trust files - command: update-ca-trust extract - become: true - - - name: Create container to serve the registry - containers.podman.podman_container: - name: "{{ pod_name_registry }}" - image: docker.io/library/registry:2 - state: stopped - network: host - volumes: - - "{{ registry_dir_data }}:/var/lib/registry:z" - - "{{ registry_dir_auth }}:/auth:z" - - "{{ registry_dir_cert }}:/certs:z" - env: - REGISTRY_AUTH: htpasswd - REGISTRY_AUTH_HTPASSWD_REALM: Registry - REGISTRY_HTTP_SECRET: ALongRandomSecretForRegistry - REGISTRY_AUTH_HTPASSWD_PATH: auth/htpasswd - REGISTRY_HTTP_TLS_CERTIFICATE: certs/domain.crt - REGISTRY_HTTP_TLS_KEY: certs/domain.key - register: registry_container_info - - - name: Setting facts about container - set_fact: - container_registry_name: "{{ registry_container_info.container.Name }}" - container_registry_pidfile: "{{ registry_container_info.container.ConmonPidFile }}" - - - name: Ensure user specific systemd instance are persistent - command: | - /usr/bin/loginctl enable-linger {{ ansible_user }} - - - name: Create systemd user directory - file: - path: "{{ ansible_user_dir }}/.config/systemd/user" - state: directory - owner: "{{ ansible_user }}" - group: "{{ ansible_user }}" - mode: '0775' - - - name: Copy the systemd service file - copy: - content: | - [Unit] - Description=Podman container-registry.service - [Service] - Restart=on-failure - ExecStart=/usr/bin/podman start {{ container_registry_name }} - ExecStop=/usr/bin/podman stop -t 10 {{ container_registry_name }} - KillMode=none - Type=forking - PIDFile={{ container_registry_pidfile }} - [Install] - WantedBy=default.target - dest: "{{ ansible_user_dir }}/.config/systemd/user/container-registry.service" - owner: "{{ ansible_user }}" - group: "{{ ansible_user }}" - mode: '0644' - - - name: Reload systemd service - systemd: - daemon_reexec: true - scope: user - environment: - DBUS_SESSION_BUS_ADDRESS: "{{ ansible_env.DBUS_SESSION_BUS_ADDRESS|default('unix:path=/run/user/' + ansible_effective_user_id|string + '/bus') }}" - - name: Enable container-registry.service - systemd: - name: container-registry - enabled: true - scope: user - environment: - DBUS_SESSION_BUS_ADDRESS: "{{ ansible_env.DBUS_SESSION_BUS_ADDRESS|default('unix:path=/run/user/' + ansible_effective_user_id|string + '/bus') }}" - - name: Start container-registry.service - systemd: - name: container-registry - state: started - scope: user - environment: - DBUS_SESSION_BUS_ADDRESS: "{{ ansible_env.DBUS_SESSION_BUS_ADDRESS|default('unix:path=/run/user/' + ansible_effective_user_id|string + '/bus') }}" - - name: Read in the contents of domain.crt - slurp: - src: "{{ registry_dir_cert }}/domain.crt" - register: domain_cert_b64 - - - name: Set trustbundle fact to contents of domain.crt - set_fact: - trustbundle: "{{ domain_cert_b64.content | string | b64decode }}" - - - name: Create mirrorred registry information - set_fact: - install_config_appends: "{{ lookup('template', 'install-config-appends.j2') }}" - - - name: Create {{ install_config_appends_file }} - copy: - content: "{{ install_config_appends }}" - dest: "{{ ansible_env.HOME }}/{{ install_config_appends_file }}" - backup: true - force: true - - - name: Create {{ install_config_appends_file }} on localhost - copy: - content: "{{ install_config_appends }}" - dest: "{{ lookup ('env', 'PWD') }}/{{ install_config_appends_file }}" - backup: true - force: true - delegate_to: localhost - - - name: Information - debug: - msg: - - "To reuse this disconnected registry for other deployments, you must do the following:" - - "Add the authentication from either " - - " {{ ansible_env.HOME }}/{{ registry_auth_file }} on {{ inventory_hostname }}" - - " or {{ ansible_env.HOME }}/{{ registry_auth_file }} on this server to your pull secret." - - "" - - "Append the contents of either of the " - - " {{ ansible_env.HOME }}/{{ install_config_appends_file }} on {{ inventory_hostname }} " - - " or {{ ansible_env.HOME }}/{{ install_config_appends_file }} on this server to your" - - " install-config.yaml file." - - - name: Create temporary pullsecret file - copy: - content: "{{ pullsecret }}" - dest: "{{ ansible_env.HOME }}/pullsecret.txt" - force: true - - - name: Mirror remote registry to local - command: - ' - /usr/local/bin/oc adm release mirror - -a "{{ ansible_env.HOME }}/pullsecret.txt" - --from="{{ release_image | quote }}" - --to-release-image="{{ local_registry | quote }}/{{ local_repo | quote }}:{{ release_version | quote }}" - --to="{{ local_registry | quote }}/{{ local_repo | quote }}" - ' - - - name: Remove temporary pullsecret file - file: - path: "{{ ansible_env.HOME }}/pullsecret.txt" - state: absent - - delegate_to: "{{ groups['registry_host'][0] }}" - tags: - - disconnected - - create_registry - -- name: Set fact to pull oc installer from disconnected registry - set_fact: - disconnected_installer: "{{ local_registry }}/{{ local_repo }}:{{ release_version }}" - tags: - - create_registry - -- name: Fetch the domain cert from the registry host - fetch: - dest: /tmp/domain.crt - src: "{{ registry_dir_cert }}/domain.crt" - flat: true - delegate_to: "{{ groups['registry_host'][0] }}" - tags: - - create_registry - -- name: Copy the domain cert to the provisioner host - copy: - src: /tmp/domain.crt - dest: "/etc/pki/ca-trust/source/anchors/{{ groups['registry_host'][0] }}-domain.crt" - owner: "{{ ansible_user }}" - group: "{{ ansible_user }}" - mode: 0644 - become: true - tags: - - create_registry - -- name: Update the CA trust files on the provisioner host - command: update-ca-trust extract - become: true - tags: - - create_registry diff --git a/ansible-ipi-install/roles/installer/tasks/15_disconnected_registry_existing.yml b/ansible-ipi-install/roles/installer/tasks/15_disconnected_registry_existing.yml deleted file mode 100644 index fff3514009..0000000000 --- a/ansible-ipi-install/roles/installer/tasks/15_disconnected_registry_existing.yml +++ /dev/null @@ -1,56 +0,0 @@ ---- - -- name: Configure to use existing disconnected registry - block: - - - name: Get stats of {{ disconnected_registry_mirrors_file }} - stat: - path: "{{ disconnected_registry_mirrors_file }}" - register: drm_file - - - name: Check if the {{ disconnected_registry_mirrors_file }} exists - fail: - msg: - - "The disconnected_registry_mirrors_file is defined, but does not exist" - when: drm_file.stat.exists != true - - - name: Read the contents of {{ disconnected_registry_mirrors_file }} - slurp: - src: "{{ disconnected_registry_mirrors_file }}" - register: disconnected_registry_trustbundle - no_log: true - - - name: Set the install_config_appends fact - set_fact: - install_config_appends: "{{ disconnected_registry_trustbundle.content | string | b64decode }}" - no_log: true - - - name: Get stats of {{ disconnected_registry_auths_file }} - stat: - path: "{{ disconnected_registry_auths_file }}" - register: dra_file - - - name: Check if the {{ disconnected_registry_auths_file }} exists - fail: - msg: - - "The disconnected_registry_auths_file is defined, but does not exist" - when: dra_file.stat.exists != true - - - name: Read disconnected auths - slurp: - src: "{{ disconnected_registry_auths_file }}" - register: disconnected_auths_b64 - no_log: true - - - name: append auth to pullsecret - shell: | - echo '{{ pullsecret }}' | jq -c \ - '.auths += {{ disconnected_auths_b64.content | string | b64decode }}' - register: new_pullsecret - no_log: true - - - name: set pullsecret with new auth - set_fact: - pullsecret: " {{ new_pullsecret.stdout }}" - no_log: true - delegate_to: localhost diff --git a/ansible-ipi-install/roles/installer/tasks/20_extract_installer.yml b/ansible-ipi-install/roles/installer/tasks/20_extract_installer.yml deleted file mode 100644 index c9d68adb8e..0000000000 --- a/ansible-ipi-install/roles/installer/tasks/20_extract_installer.yml +++ /dev/null @@ -1,174 +0,0 @@ ---- -- name: Copy PullSecret into {{ pullsecret_file }} - copy: - content: "{{ pullsecret }}" - dest: "{{ pullsecret_file }}" - owner: "{{ ansible_user }}" - group: "{{ ansible_user }}" - mode: '0644' - force: true - tags: - - pullsecret - - extract - -- name: Get the PullSecret from provisioner into temp file on control machine - fetch: - dest: /tmp/ - flat: true - src: "{{ dir }}/pull-secret.txt" - when: - - registry_creation|bool - - groups['registry_host'][0] != groups['provisioner'][0] - tags: - - extract - -- name: Create config dir - file: - path: "{{ dir }}" - state: directory - owner: "{{ ansible_user }}" - group: "{{ ansible_user }}" - mode: '0755' - when: - - registry_creation|bool - - groups['registry_host'][0] != groups['provisioner'][0] - delegate_to: "{{ groups['registry_host'][0] }}" - tags: - - extract - -- name: Copy the PullSecret from control machine to the registry host - copy: - src: /tmp/pull-secret.txt - dest: "{{ dir }}/pull-secret.txt" - owner: "{{ ansible_user }}" - group: "{{ ansible_user }}" - mode: 0755 - become: true - when: - - registry_creation|bool - - groups['registry_host'][0] != groups['provisioner'][0] - delegate_to: "{{ groups['registry_host'][0] }}" - tags: - - extract - -- name: Remove the temporary copy of the PullSecret on control machine - file: - path: /tmp/pull-secret.txt - state: absent - when: - - registry_creation|bool - - groups['registry_host'][0] != groups['provisioner'][0] - delegate_to: localhost - tags: - - extract - -- name: Confirm whether or not internet connectivity on provisioner host - uri: - url: https://www.redhat.com - status_code: [-1, 200, 301] - timeout: 1 - register: the_url - tags: - - extract - -- name: Setting Fact of which ansible temp file to use - set_fact: - tempdir_loc: "{{ disconnected_installer | ternary(registry_host_tempdir, tempdir) }}" - tags: - - extract - -# on my other system tempdir_loc required .path (in case you need to revert) -- name: Extracting the installer - command: > - /usr/local/bin/oc adm release extract - --registry-config {{ pullsecret_file | quote }} - --command={{ cmd |quote }} - --to {{ tempdir_loc }} {{ disconnected_installer | ternary(disconnected_installer, release_image) }} - args: - chdir: "{{ tempdir }}" - when: (disconnected_installer|length or the_url.status in [200,301]) - delegate_to: "{{ disconnected_installer | ternary(groups['registry_host'][0], groups['provisioner'][0]) }}" - tags: extract - -- name: Remove the temporary copy of the PullSecret on registry host - file: - path: "{{ dir }}" - state: absent - when: - - registry_creation|bool - - groups['registry_host'][0] != groups['provisioner'][0] - delegate_to: "{{ groups['registry_host'][0] }}" - tags: - - extract - -# - name: Extracting the installer -# shell: > -# /usr/local/bin/oc adm release extract -# --registry-config {{ pullsecret_file | quote }} -# --command={{ cmd |quote }} -# --to {{ tempdir | quote }} {{ disconnected_installer | ternary(disconnected_installer, release_image) }} -# args: -# chdir: "{{ tempdir }}" -# executable: /bin/bash -# tags: extract - -- name: OFFLINE mode requires openshift-baremetal-install pre-extracted - get_url: - url: "{{ webserver_url }}/{{ version }}/openshift-baremetal-install" - dest: "{{ tempdir }}/openshift-baremetal-install" - register: result - retries: 3 - delay: 10 - until: result is not failed - when: (the_url.status == -1 and disconnected_installer|length == 0) - tags: - - extract - -- name: Copy openshift-baremetal-install binary to /usr/local/bin - copy: - # src: "{{ tempdir_loc.path }}/openshift-baremetal-install" - src: "{{ tempdir_loc }}/openshift-baremetal-install" - dest: /usr/local/bin/ - owner: "{{ ansible_user }}" - group: "{{ ansible_user }}" - mode: '0755' - remote_src: true - delegate_to: "{{ disconnected_installer | ternary(groups['registry_host'][0], groups['provisioner'][0]) }}" - become: true - tags: extract - -- name: Get the openshift-baremetal-install from registry host into temp file on control machine - fetch: - dest: /tmp/ - flat: true - # src: "{{ tempdir_loc.path }}/openshift-baremetal-install" - src: "{{ tempdir_loc }}/openshift-baremetal-install" - when: registry_creation|bool - delegate_to: "{{ groups['registry_host'][0] }}" - tags: - - extract - -- name: Copy the openshift-baremetal-install binary from control machine to the provisioner host - copy: - src: /tmp/openshift-baremetal-install - dest: "/usr/local/bin/openshift-baremetal-install" - owner: "{{ ansible_user }}" - group: "{{ ansible_user }}" - mode: 0755 - become: true - when: - - registry_creation|bool - - groups['registry_host'][0] != groups['provisioner'][0] - tags: - - extract - -- name: Remove the temporary copy of the openshift-baremetal-install binary on control machine - file: - path: "/tmp/openshift-baremetal-install" - state: absent - when: - - registry_creation|bool - - groups['registry_host'][0] != groups['provisioner'][0] - delegate_to: localhost - tags: - - extract diff --git a/ansible-ipi-install/roles/installer/tasks/23_rhcos_image_paths.yml b/ansible-ipi-install/roles/installer/tasks/23_rhcos_image_paths.yml deleted file mode 100644 index 81582f3b8f..0000000000 --- a/ansible-ipi-install/roles/installer/tasks/23_rhcos_image_paths.yml +++ /dev/null @@ -1,59 +0,0 @@ ---- -- name: RHCOS image path (pre 4.8) - block: - - name: Get COMMIT_ID - shell: | - /usr/local/bin/openshift-baremetal-install version | grep '^built from commit' | awk '{print $4}' - register: commit_id - tags: rhcospath - - - name: Get the URLs - set_fact: - offline_url: "{{ webserver_url }}/{{ version }}/rhcos.json" - online_url: "https://raw.githubusercontent.com/openshift/installer/{{ commit_id.stdout }}/data/data/rhcos.json" - - - name: Get RHCOS JSON File - uri: - url: "{{ (disconnected_installer|length == 0 and the_url.status == -1) | ternary(offline_url, online_url) }}" - return_content: true - until: rhcos_json.status == 200 - retries: 6 # 1 minute (10 * 6) - delay: 10 # Every 10 seconds - register: rhcos_json - delegate_to: "{{ disconnected_installer | ternary(groups['registry_host'][0], groups['provisioner'][0]) }}" - tags: rhcospath - - - name: Set Facts for RHCOS_URI and RHCOS_PATH - set_fact: - rhcos_qemu_uri: "{{ rhcos_json.json | json_query('images.qemu.path') }}" - rhcos_uri: "{{ rhcos_json.json | json_query('images.openstack.path') }}" - rhcos_path: "{{ rhcos_json.json | json_query('baseURI') }}" - tags: rhcospath - when: (release_version.split('.')[0]|int == 4) and (release_version.split('.')[1]|int <= 7) - -- name: RHCOS image path (4.8+) - block: - - name: Extract rhcos.json - shell: | - /usr/local/bin/openshift-baremetal-install coreos print-stream-json - register: rhcos_json_stream - retries: 3 - delay: 10 - until: rhcos_json_stream is not failed - tags: rhcospath - - - name: Set rhcos_json fact - set_fact: - rhcos_json: "{{ rhcos_json_stream.stdout | from_json }}" - tags: rhcospath - - - name: Set Facts for RHCOS_URI and RHCOS_PATH - set_fact: - rhcos_qemu_uri: "{{ rhcos_json | json_query(rhcos_qemu_key) | basename }}" - rhcos_path: "{{ rhcos_json | json_query(rhcos_qemu_key) | dirname + '/' }}" - rhcos_uri: "{{ rhcos_json | json_query(rhcos_openstack_key) | basename }}" - vars: - rhcos_qemu_key: 'architectures.x86_64.artifacts.qemu.formats."qcow2.gz".disk.location' - rhcos_openstack_key: 'architectures.x86_64.artifacts.openstack.formats."qcow2.gz".disk.location' - tags: rhcospath - when: (release_version.split('.')[0]|int == 4) and (release_version.split('.')[1]|int >= 8) diff --git a/ansible-ipi-install/roles/installer/tasks/24_rhcos_image_cache.yml b/ansible-ipi-install/roles/installer/tasks/24_rhcos_image_cache.yml deleted file mode 100644 index e02283d1f2..0000000000 --- a/ansible-ipi-install/roles/installer/tasks/24_rhcos_image_cache.yml +++ /dev/null @@ -1,243 +0,0 @@ ---- -# If we're executing these plays, then: -# 1. cache_enabled is true -# 2. Either one or both bootstraposimage/clusterosimage variables are unset - -- name: Confirm whether or not internet connectivity on provisioner host - uri: - url: https://www.redhat.com - status_code: [-1, 200, 301] - timeout: 1 - register: the_url - tags: cache - -- name: Check if url status is 200 is true - set_fact: - url_passed: true - when: - - the_url.status in [200,301] - tags: cache - -- name: Get URL of host providing the webserver - set_fact: - host_url: "{{ url_passed | ternary(groups['provisioner'][0], groups['registry_host'][0]) }}" - tags: cache - -# Ansible didn't like me putting these facts in same task -# separating to get correct value -- name: the host url - set_fact: - the_host_url: "{{ host_url }}" - tags: cache - -- name: the_host url - debug: - msg: "{{ the_host_url }}" - verbosity: 2 - tags: cache - -- name: Show url_passed value - debug: - msg: "{{ url_passed }}" - verbosity: 2 - tags: cache - -# if i made it this far to create a webserver, one of the hosts needs online access -# if disconnected_installer is true use the registry host as it indeed does have access -# if not true use the provision host but only do that when: the_url.status == 200 -- name: Fail when provision host no online access and registry host not creating registry (can't assume access) - fail: - msg: A host with online access is required to create cache webserver (provision host or a registry host) - when: - - the_url.status == -1 - - disconnected_installer|length == 0 - tags: cache - -# SELinux when already has httpd_sys_content_t giving issues changing,thus leaving it the same -# for the provision_cache_store to prevent issues. Also removing ":z" from podman_container for -# provision_cache_store in the later task. -- name: Create {{ provision_cache_store }} and {{ httpd_cache_files }} on host with online access - file: - path: "{{ item[0] }}" - state: directory - owner: "{{ ansible_user }}" - group: "{{ ansible_user }}" - setype: "{{ item[1] }}" - mode: '0775' - with_nested: - - ["{{ provision_cache_store }}", "{{ httpd_cache_files }}"] - - ['httpd_sys_content_t', '_default'] - delegate_to: "{{ url_passed | ternary(groups['provisioner'][0], groups['registry_host'][0]) }}" - tags: cache - -- name: Add magic and httpd.conf file to {{ httpd_cache_files }} dir - template: - src: "{{ item[0] }}" - dest: "{{ httpd_cache_files }}/{{ item[1] }}" - owner: "{{ ansible_user }}" - group: "{{ ansible_user }}" - with_nested: - - ['magic.j2', 'httpd_conf.j2'] - - ['magic', 'httpd.conf'] - delegate_to: "{{ url_passed | ternary(groups['provisioner'][0], groups['registry_host'][0]) }}" - tags: cache - -# rhcos_json fact already set in 23_rhcos_image_paths.yaml -- name: Set facts for RHCOS_QEMU_SHA256 and RHCOS_SHA256 (pre 4.8) - set_fact: - rhcos_qemu_sha256: "{{ rhcos_json.json | json_query('images.qemu.sha256') }}" - rhcos_qemu_sha256_unzipped: '{{ rhcos_json.json | json_query(''images.qemu."uncompressed-sha256"'') }}' - rhcos_sha256: "{{ rhcos_json.json | json_query('images.openstack.sha256') }}" - tags: cache - when: (release_version.split('.')[0]|int == 4) and (release_version.split('.')[1]|int <= 7) - -- name: Set facts for RHCOS_QEMU_SHA256 and RHCOS_SHA256 (4.8+) - set_fact: - rhcos_qemu_sha256: "{{ rhcos_json | json_query(rhcos_qemu_sha_key) }}" - rhcos_qemu_sha256_unzipped: "{{ rhcos_json | json_query(rhcos_qemu_sha_unzip_key) }}" - rhcos_sha256: "{{ rhcos_json | json_query(rhcos_openstack_sha_key) }}" - vars: - rhcos_qemu_sha_key: 'architectures.x86_64.artifacts.qemu.formats."qcow2.gz".disk.sha256' - rhcos_qemu_sha_unzip_key: 'architectures.x86_64.artifacts.qemu.formats."qcow2.gz".disk."uncompressed-sha256"' - rhcos_openstack_sha_key: 'architectures.x86_64.artifacts.openstack.formats."qcow2.gz".disk.sha256' - tags: cache - when: (release_version.split('.')[0]|int == 4) and (release_version.split('.')[1]|int >= 8) - -- name: Download {{ rhcos_qemu_uri }} for cache - get_url: - url: "{{ rhcos_path }}{{ rhcos_qemu_uri }}" - dest: "{{ provision_cache_store }}{{ rhcos_qemu_uri }}" - owner: "{{ ansible_user }}" - group: "{{ ansible_user }}" - mode: '0644' - setype: httpd_sys_content_t - checksum: "sha256:{{ rhcos_qemu_sha256 }}" - timeout: 3600 - when: (bootstraposimage is not defined or bootstraposimage|length < 1) - delegate_to: "{{ url_passed | ternary(groups['provisioner'][0], groups['registry_host'][0]) }}" - tags: cache - -- name: Download {{ rhcos_uri }} for cache - get_url: - url: "{{ rhcos_path }}{{ rhcos_uri }}" - dest: "{{ provision_cache_store }}{{ rhcos_uri }}" - owner: "{{ ansible_user }}" - group: "{{ ansible_user }}" - mode: '0644' - setype: httpd_sys_content_t - checksum: "sha256:{{ rhcos_sha256 }}" - timeout: 3600 - when: (clusterosimage is not defined or clusterosimage|length < 1) - delegate_to: "{{ url_passed | ternary(groups['provisioner'][0], groups['registry_host'][0]) }}" - tags: cache - - # use the hostname from the inventory to groups[registry][0] or provisioner[0] as the http://URL - # use a ternary to toggle between the url status - # use a ternary for the delegate_to -- name: Get URL of host providing the webserver - set_fact: - host_url: "{{ (the_url.status in [200,301]) | ternary(groups['provisioner'][0], groups['registry_host'][0]) }}" - tags: cache - -- name: Set bootstrap image URL override if not provided by the user - set_fact: - bootstraposimage: "http://{{ the_host_url }}:{{ webserver_caching_port }}/{{ rhcos_qemu_uri }}?sha256={{ rhcos_qemu_sha256_unzipped }}" - when: bootstraposimage is not defined or bootstraposimage|length < 1 - delegate_to: "{{ url_passed | ternary(groups['provisioner'][0], groups['registry_host'][0]) }}" - tags: cache - -- name: Set cluster image URL override if not provided by the user - set_fact: - clusterosimage: "http://{{ the_host_url }}:{{ webserver_caching_port }}/{{ rhcos_uri }}?sha256={{ rhcos_sha256 }}" - when: clusterosimage is not defined or clusterosimage|length < 1 - delegate_to: "{{ url_passed | ternary(groups['provisioner'][0], groups['registry_host'][0]) }}" - tags: cache - -- name: BootstrapOSImage Details - debug: - msg: "{{ bootstraposimage }}" - verbosity: 2 - -- name: ClusterOSImage Details - debug: - msg: "{{ clusterosimage }}" - verbosity: 2 - -# Leaving SELinux details alone and not using ":z" -# for the provision_cache_store due to issues attempting -# to revert context. Leaving behavior as it was previously -# to avoid breaking other user environments. -- name: Start RHCOS image cache container - containers.podman.podman_container: - name: rhcos_image_cache - image: "{{ webserver_cache_image }}" - state: stopped - network: host - volumes: - - "{{ provision_cache_store }}:/var/www/html" - - "{{ httpd_cache_files }}:/opt/rh/httpd24/root/etc/httpd/conf:z" - delegate_to: "{{ url_passed | ternary(groups['provisioner'][0], groups['registry_host'][0]) }}" - tags: cache - register: rhcos_image_cache_info - -- name: Setting facts about container - set_fact: - rhcos_image_cache_name: "{{ rhcos_image_cache_info.container.Name }}" - rhcos_image_cache_pidfile: "{{ rhcos_image_cache_info.container.ConmonPidFile }}" - tags: cache - -- name: Ensuring container restarts upon reboot - block: - - name: Ensure user specific systemd instance are persistent - command: | - /usr/bin/loginctl enable-linger {{ ansible_user }} - - - name: Create systemd user directory - file: - path: "{{ ansible_user_dir }}/.config/systemd/user" - state: directory - owner: "{{ ansible_user }}" - group: "{{ ansible_user }}" - mode: '0775' - - - name: Copy the systemd service file - copy: - content: | - [Unit] - Description=Podman container-cache.service - [Service] - Restart=on-failure - ExecStart=/usr/bin/podman start {{ rhcos_image_cache_name }} - ExecStop=/usr/bin/podman stop -t 10 {{ rhcos_image_cache_name }} - KillMode=none - Type=forking - PIDFile={{ rhcos_image_cache_pidfile }} - [Install] - WantedBy=default.target - dest: "{{ ansible_user_dir }}/.config/systemd/user/container-cache.service" - owner: "{{ ansible_user }}" - group: "{{ ansible_user }}" - mode: '0644' - - - name: Reload systemd service - systemd: - daemon_reexec: true - scope: user - environment: - DBUS_SESSION_BUS_ADDRESS: "{{ ansible_env.DBUS_SESSION_BUS_ADDRESS|default('unix:path=/run/user/' + ansible_effective_user_id|string + '/bus') }}" - - name: Enable container-cache.service - systemd: - name: container-cache.service - enabled: true - scope: user - environment: - DBUS_SESSION_BUS_ADDRESS: "{{ ansible_env.DBUS_SESSION_BUS_ADDRESS|default('unix:path=/run/user/' + ansible_effective_user_id|string + '/bus') }}" - - name: Start container-cache.service - systemd: - name: container-cache.service - state: started - scope: user - environment: - DBUS_SESSION_BUS_ADDRESS: "{{ ansible_env.DBUS_SESSION_BUS_ADDRESS|default('unix:path=/run/user/' + ansible_effective_user_id|string + '/bus') }}" - tags: cache - delegate_to: "{{ url_passed | ternary(groups['provisioner'][0], groups['registry_host'][0]) }}" diff --git a/ansible-ipi-install/roles/installer/tasks/25_create-install-config.yml b/ansible-ipi-install/roles/installer/tasks/25_create-install-config.yml deleted file mode 100644 index a053d9b03a..0000000000 --- a/ansible-ipi-install/roles/installer/tasks/25_create-install-config.yml +++ /dev/null @@ -1,54 +0,0 @@ ---- -- name: Verify that SSH key for {{ ansible_user }} exists - stat: - path: "{{ ansible_user_dir }}/.ssh/id_rsa.pub" - register: sshkeypath - tags: installconfig - -- name: Get the contents of the ssh key for {{ ansible_user }} - slurp: - src: "{{ ansible_user_dir }}/.ssh/id_rsa.pub" - register: sshkey - when: sshkeypath.stat.exists == true - tags: installconfig - -- name: Set Fact for the ssh key of {{ ansible_user }} - set_fact: - key: "{{ sshkey['content'] | b64decode }}" - tags: installconfig - -- name: Generate install-config.yaml - template: - src: install-config.j2 - dest: "{{ dir }}/install-config.yaml" - owner: "{{ ansible_user }}" - group: "{{ ansible_user }}" - mode: '0644' - when: - - pullsecret is defined - - pullsecret != "" - - not enable_virtualmedia|bool - tags: installconfig - -- name: Generate virtualmedia install-config.yaml - template: - src: install-config-virtualmedia.j2 - dest: "{{ dir }}/install-config.yaml" - owner: "{{ ansible_user }}" - group: "{{ ansible_user }}" - mode: '0644' - when: - - pullsecret is defined - - pullsecret != "" - - enable_virtualmedia|bool - tags: installconfig - -- name: Make a backup of the install-config.yaml file - copy: - src: "{{ dir }}/install-config.yaml" - dest: "{{ dir }}/install-config.yaml.bkup" - owner: "{{ ansible_user }}" - group: "{{ ansible_user }}" - mode: '0644' - remote_src: true - tags: installconfig diff --git a/ansible-ipi-install/roles/installer/tasks/30_create_metal3.yml b/ansible-ipi-install/roles/installer/tasks/30_create_metal3.yml deleted file mode 100644 index c3200a99dd..0000000000 --- a/ansible-ipi-install/roles/installer/tasks/30_create_metal3.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -- name: Generate metal3-config.yaml - template: - src: metal3-config.j2 - dest: "{{ dir }}/metal3-config.yaml" - owner: "{{ ansible_user }}" - group: "{{ ansible_user }}" - mode: '0644' - tags: metal3config diff --git a/ansible-ipi-install/roles/installer/tasks/40_create_manifest.yml b/ansible-ipi-install/roles/installer/tasks/40_create_manifest.yml deleted file mode 100644 index 610d639c75..0000000000 --- a/ansible-ipi-install/roles/installer/tasks/40_create_manifest.yml +++ /dev/null @@ -1,29 +0,0 @@ ---- -- name: Create OpenShift Manifest - shell: | - /usr/local/bin/openshift-baremetal-install --dir {{ dir }} create manifests - tags: manifests - -- name: Ensure the manifests dir is owned by {{ ansible_user }} - file: - path: "{{ item }}" - state: directory - recurse: true - owner: "{{ ansible_user }}" - group: "{{ ansible_user }}" - mode: '0755' - with_items: - - "{{ dir }}/openshift" - - "{{ dir }}/manifests" - tags: manifests - -- name: Copy the metal3-config.yaml to {{ dir }}/openshift directory - copy: - src: "{{ dir }}/metal3-config.yaml" - dest: "{{ dir }}/openshift/98_metal3-config.yaml" - owner: "{{ ansible_user }}" - group: "{{ ansible_user }}" - mode: '0644' - remote_src: true - when: (release_version.split('.')[0]|int == 4) and (release_version.split('.')[1]|int <= 3) - tags: manifests diff --git a/ansible-ipi-install/roles/installer/tasks/50_extramanifests.yml b/ansible-ipi-install/roles/installer/tasks/50_extramanifests.yml deleted file mode 100644 index 3c369ab51d..0000000000 --- a/ansible-ipi-install/roles/installer/tasks/50_extramanifests.yml +++ /dev/null @@ -1,57 +0,0 @@ ---- -- name: Check if override path is defined for extra openshift manifests - set_fact: - extramanifestsopenshift_path: "{{ customize_extramanifestsopenshift_path | default( 'roles/installer/files/openshift/' ) }}" - -- name: Copy Dual-Stack related manifest - copy: - src: ipv6-dual-stack-no-upgrade.yml - dest: "{{ extramanifestsopenshift_path }}/" - mode: 0644 - when: - - ipv6_enabled|bool - - dualstack_baremetal - - release_version.split('.')[0]|int == 4 and release_version.split('.')[1]|int < 8 - delegate_to: localhost - -- name: Add Manifests from files dir - copy: - src: "{{ item }}" - dest: "{{ dir }}/openshift/" - owner: "{{ ansible_user }}" - group: "{{ ansible_user }}" - with_fileglob: - - "{{ extramanifestsopenshift_path }}/*" - tags: extramanifests - -- name: Check if override path is defined for extramanifests - set_fact: - extramanifests_path: "{{ customize_extramanifests_path | default( 'roles/installer/files/manifests/' ) }}" - -- name: Add Manifests from files dir - copy: - src: "{{ item }}" - dest: "{{ dir }}/manifests/" - owner: "{{ ansible_user }}" - group: "{{ ansible_user }}" - with_fileglob: - - "{{ extramanifests_path }}/*" - tags: extramanifests - -- name: Manage chrony configuration - block: - - name: Create chrony.conf - set_fact: - chronyconfig: "{{ lookup('template', 'chrony.conf.j2') | b64encode }}" - - - name: Inject chrony.conf in a machine-config object - template: - src: etc-chrony.conf.j2 - dest: "{{ dir }}/openshift/98-{{ item }}-etc-chrony.conf.yaml" - owner: "{{ ansible_user }}" - group: "{{ ansible_user }}" - with_items: - - master - - worker - when: (clock_servers is defined) and (clock_servers | length > 0) - tags: extramanifests diff --git a/ansible-ipi-install/roles/installer/tasks/55_customize_filesystem.yml b/ansible-ipi-install/roles/installer/tasks/55_customize_filesystem.yml deleted file mode 100644 index cb0606cd74..0000000000 --- a/ansible-ipi-install/roles/installer/tasks/55_customize_filesystem.yml +++ /dev/null @@ -1,73 +0,0 @@ ---- -- name: Check if override path is defined for customize_filesystem - set_fact: - custom_path: "{{ customize_node_filesystems | default( role_path + '/files/customize_filesystem' ) }}" - -- name: Verify if {{ custom_path }}/master/worker is empty - find: - paths: "{{ custom_path }}/{{ item }}" - recurse: true - follow: true - register: filesFound - with_items: - - "master" - - "worker" - delegate_to: localhost - tags: customfs - -- name: Modify Ignition Configs - block: - - - name: Create OpenShift Ignition Configs - shell: | - /usr/local/bin/openshift-baremetal-install --dir {{ dir }} create ignition-configs - - - name: Copy Ignition Config Files - copy: - src: "{{ dir }}/{{ item }}.ign" - dest: "{{ dir }}/{{ item }}.ign.orig" - remote_src: true - with_items: - - "master" - - "worker" - - - name: Copy customize_filesystem to tempdir - copy: - src: "{{ custom_path }}/" - dest: "{{ tempdir }}/customize_filesystem" - force: true - - - name: Cleanup Any .gitkeep Files in the Fake Root - file: - path: "{{ tempdir }}/customize_filesystem/{{ item }}/.gitkeep" - state: absent - follow: true - with_items: - - "master" - - "worker" - become: true - - - name: Augment Ignition Config Files - script: | - filetranspile-1.1.1.py -i {{ dir }}/{{ item }}.ign.orig -f {{ tempdir }}/customize_filesystem/{{ item }} -o {{ dir }}/{{ item }}.ign - args: - executable: python3 - with_items: - - "master" - - "worker" - become: true - - - name: Create backup of ignition config files - copy: - src: "{{ dir }}/{{ item }}.ign" - dest: "{{ dir }}/{{ item }}.ign.bkup" - owner: "{{ ansible_user }}" - group: "{{ ansible_user }}" - mode: '0644' - remote_src: true - with_items: - - "master" - - "worker" - - when: (filesFound | json_query('results[*].matched') | sum) > 0 - tags: customfs diff --git a/ansible-ipi-install/roles/installer/tasks/59_cleanup_bootstrap.yml b/ansible-ipi-install/roles/installer/tasks/59_cleanup_bootstrap.yml deleted file mode 100644 index bb6386ac7a..0000000000 --- a/ansible-ipi-install/roles/installer/tasks/59_cleanup_bootstrap.yml +++ /dev/null @@ -1,66 +0,0 @@ ---- -- name: Get list of all VMs - virt: - command: list_vms - register: all_vms - become: true - tags: cleanup - -- name: Get list of all running VMs - virt: - command: list_vms - state: running - register: running_vms - become: true - tags: cleanup - -- name: Get list of all paused VMs - virt: - command: list_vms - state: paused - register: paused_vms - become: true - tags: cleanup - -- name: Destroy old bootstrap VMs, if any - virt: - name: "{{ item }}" - command: destroy - with_items: - - "{{ running_vms.list_vms }}" - - "{{ paused_vms.list_vms }}" - when: item is search("bootstrap") - become: true - tags: cleanup - -- name: Undefine old bootstrap VMs, if any - virt: - name: "{{ item }}" - command: undefine - with_items: "{{ all_vms.list_vms }}" - when: item is search("bootstrap") - become: true - tags: cleanup - -- name: Find old bootstrap VM Storage - find: - paths: "{{ item }}" - patterns: '*-bootstrap,*-bootstrap.ign' - file_type: any - register: find_results - with_items: "{{ default_libvirt_pool_dir }}" - become: true - tags: cleanup - -- name: Create list of old paths - set_fact: - vm_paths: "{{ vm_paths | default([]) + find_results.results[item|int] | json_query('files[*].path') }}" - with_sequence: start=0 count={{ default_libvirt_pool_dir | length }} - -- name: Delete old bootstrap VMs Storage - file: - path: "{{ item }}" - state: absent - loop: "{{ vm_paths }}" - become: true - tags: cleanup diff --git a/ansible-ipi-install/roles/installer/tasks/59_power_off_cluster_servers.yml b/ansible-ipi-install/roles/installer/tasks/59_power_off_cluster_servers.yml deleted file mode 100644 index eb252942eb..0000000000 --- a/ansible-ipi-install/roles/installer/tasks/59_power_off_cluster_servers.yml +++ /dev/null @@ -1,28 +0,0 @@ ---- -- name: Power OFF nodes - block: - - name: Create list of hosts that are going to be powered off - add_host: - groups: poweroff_hosts - hostname: "{{ item }}" - inventory_dir: "{{ hostvars[item].inventory_dir }}" - when: ( hostvars[item]['poweroff'] is not defined ) - or ( hostvars[item]['poweroff']|bool | default(True) ) - with_items: - - "{{ groups.masters }}" - - "{{ groups.workers | default([]) }}" - - - name: Power off hosts - ipmi_power: - name: "{{ hostvars[item]['ipmi_address'] }}" - user: "{{ hostvars[item]['ipmi_user'] }}" - password: "{{ hostvars[item]['ipmi_password'] }}" - port: "{{ hostvars[item]['ipmi_port'] | default(623) }}" - state: false - register: power_off_hosts - until: power_off_hosts is not failed - retries: 10 - delay: 5 - with_items: "{{ groups['poweroff_hosts'] }}" - when: groups['poweroff_hosts'] is defined - tags: powerservers diff --git a/ansible-ipi-install/roles/installer/tasks/60_deploy_ocp.yml b/ansible-ipi-install/roles/installer/tasks/60_deploy_ocp.yml deleted file mode 100644 index 53cb370455..0000000000 --- a/ansible-ipi-install/roles/installer/tasks/60_deploy_ocp.yml +++ /dev/null @@ -1,54 +0,0 @@ ---- -- name: Add Kubeconfig to Ansible User .bashrc - lineinfile: - path: "{{ ansible_user_dir }}/.bashrc" - line: "export KUBECONFIG={{ dir }}/auth/kubeconfig" - tags: install - -- name: Show File to monitor for installation status - debug: - msg: - - "Preparing to deploy the OpenShift cluster." - - "You can tail the logs at {{ dir }}/.openshift_install.log on {{ groups['provisioner'][0] }} to monitor the progress." - -- name: Deploy OpenShift Cluster - shell: | - /usr/local/bin/openshift-baremetal-install --dir {{ dir }} --log-level debug create cluster - when: - - increase_bootstrap_timeout is not defined - - increase_install_timeout is not defined - tags: install - -- name: Deploy OpenShift Cluster with extended timeouts - block: - - name: Run OpenShift Cluster install as async task - shell: | - /usr/local/bin/openshift-baremetal-install --dir {{ dir }} --log-level debug create cluster - async: 3600 - poll: 0 - ignore_errors: true - register: installer_result - - - name: Wait for kubeconfig file - wait_for: - path: "{{ dir }}/auth/kubeconfig" - timeout: 90 - msg: Timeout waiting for kubeconfig file - - - name: Wait for Bootstrap Complete - shell: | - /usr/local/bin/openshift-baremetal-install --dir {{ dir }} --log-level debug wait-for bootstrap-complete - register: wait_for_bootstrap_result - until: wait_for_bootstrap_result is succeeded - retries: "{{ increase_bootstrap_timeout|default(1)|int }}" - delay: 1 - - - name: Wait for Install Complete - shell: | - /usr/local/bin/openshift-baremetal-install --dir {{ dir }} --log-level debug wait-for install-complete - register: wait_for_install_result - until: wait_for_install_result is succeeded - retries: "{{ increase_install_timeout|default(1)|int }}" - delay: 1 - when: increase_bootstrap_timeout is defined or increase_install_timeout is defined - tags: install diff --git a/ansible-ipi-install/roles/installer/tasks/70_cleanup_sub_man_registration.yml b/ansible-ipi-install/roles/installer/tasks/70_cleanup_sub_man_registration.yml deleted file mode 100644 index 7326f02f89..0000000000 --- a/ansible-ipi-install/roles/installer/tasks/70_cleanup_sub_man_registration.yml +++ /dev/null @@ -1,8 +0,0 @@ ---- -- name: Unregister host via subscription-manager - redhat_subscription: - activationkey: "{{ activation_key }}" - org_id: "{{ org_id }}" - state: absent - ignore_errors: true - tags: unregister diff --git a/ansible-ipi-install/roles/installer/tasks/main.yml b/ansible-ipi-install/roles/installer/tasks/main.yml deleted file mode 100644 index bc42e8a73c..0000000000 --- a/ansible-ipi-install/roles/installer/tasks/main.yml +++ /dev/null @@ -1,53 +0,0 @@ ---- -# tasks file for installer -- include_tasks: 10_get_oc.yml - tags: - - cleanup - - getoc - - create_registry - -- include_tasks: 15_disconnected_registry_existing.yml - when: - - disconnected_registry is defined - - disconnected_registry == "existing" - tags: disconnected - -- include_tasks: 15_disconnected_registry_create.yml - when: - - disconnected_registry is defined - - disconnected_registry == "create" - tags: - - disconnected - - create_registry - -- include_tasks: 20_extract_installer.yml - tags: - - pullsecret - - extract -- include_tasks: 23_rhcos_image_paths.yml - when: ((release_version.split('.')[0]|int == 4) and (release_version.split('.')[1]|int <= 3)) or cache_enabled|bool - tags: rhcospath -- include_tasks: 24_rhcos_image_cache.yml - when: cache_enabled|bool - tags: cache - - -- include_tasks: 25_create-install-config.yml - tags: installconfig -- include_tasks: 30_create_metal3.yml - when: (release_version.split('.')[0]|int == 4) and (release_version.split('.')[1]|int <= 3) - tags: metal3config -- include_tasks: 40_create_manifest.yml - tags: manifests -- include_tasks: 50_extramanifests.yml - tags: extramanifests -- include_tasks: 55_customize_filesystem.yml - tags: customfs -- include_tasks: 59_cleanup_bootstrap.yml - tags: cleanup -- include_tasks: 59_power_off_cluster_servers.yml - tags: powerservers -- include_tasks: 60_deploy_ocp.yml - tags: install -# - include_tasks: 70_cleanup_sub_man_registration.yml -# tags: unregister diff --git a/ansible-ipi-install/roles/installer/templates/chrony.conf.j2 b/ansible-ipi-install/roles/installer/templates/chrony.conf.j2 deleted file mode 100644 index eea3d5010c..0000000000 --- a/ansible-ipi-install/roles/installer/templates/chrony.conf.j2 +++ /dev/null @@ -1,16 +0,0 @@ -# This file is managed by the machine config operator -{% for server in clock_servers %} -server {{ server }} iburst -{% endfor %} -stratumweight 0 -driftfile /var/lib/chrony/drift -rtcsync -makestep 10 3 -bindcmdaddress 127.0.0.1 -bindcmdaddress ::1 -keyfile /etc/chrony.keys -commandkey 1 -generatecommandkey -noclientlog -logchange 0.5 -logdir /var/log/chrony diff --git a/ansible-ipi-install/roles/installer/templates/etc-chrony.conf.j2 b/ansible-ipi-install/roles/installer/templates/etc-chrony.conf.j2 deleted file mode 100644 index a0410e35b4..0000000000 --- a/ansible-ipi-install/roles/installer/templates/etc-chrony.conf.j2 +++ /dev/null @@ -1,42 +0,0 @@ -apiVersion: machineconfiguration.openshift.io/v1 -kind: MachineConfig -metadata: - labels: - machineconfiguration.openshift.io/role: {{ item }} - name: 98-{{ item }}-etc-chrony-conf -spec: - config: - ignition: - config: {} - security: - tls: {} - timeouts: {} -{% if ((release_version.split('.')[0]|int == 4) and (release_version.split('.')[1]|int > 5)) %} - version: 3.1.0 -{% endif %} -{% if ((release_version.split('.')[0]|int == 4) and (release_version.split('.')[1]|int < 6)) %} - version: 2.2.0 -{% endif %} - networkd: {} - passwd: {} - storage: - files: - - contents: - source: data:text/plain;charset=utf-8;base64,{{ chronyconfig }} -{% if ((release_version.split('.')[0]|int == 4) and (release_version.split('.')[1]|int < 6)) %} - verification: {} - filesystem: root -{% endif %} - group: - name: root - mode: 420 -{% if ((release_version.split('.')[0]|int == 4) and (release_version.split('.')[1]|int > 5)) %} - overwrite: true -{% endif %} - path: /etc/chrony.conf - user: - name: root -{% if ((release_version.split('.')[0]|int == 4) and (release_version.split('.')[1]|int < 6)) %} - systemd: {} -{% endif %} - osImageURL: "" diff --git a/ansible-ipi-install/roles/installer/templates/httpd_conf.j2 b/ansible-ipi-install/roles/installer/templates/httpd_conf.j2 deleted file mode 100644 index 5a8687adae..0000000000 --- a/ansible-ipi-install/roles/installer/templates/httpd_conf.j2 +++ /dev/null @@ -1,353 +0,0 @@ -# This is the main Apache HTTP server configuration file. It contains the -# configuration directives that give the server its instructions. -# See for detailed information. -# In particular, see -# -# for a discussion of each configuration directive. -# -# Do NOT simply read the instructions in here without understanding -# what they do. They're here only as hints or reminders. If you are unsure -# consult the online docs. You have been warned. -# -# Configuration and logfile names: If the filenames you specify for many -# of the server's control files begin with "/" (or "drive:/" for Win32), the -# server will use that explicit path. If the filenames do *not* begin -# with "/", the value of ServerRoot is prepended -- so 'log/access_log' -# with ServerRoot set to '/www' will be interpreted by the -# server as '/www/log/access_log', where as '/log/access_log' will be -# interpreted as '/log/access_log'. - -# -# ServerRoot: The top of the directory tree under which the server's -# configuration, error, and log files are kept. -# -# Do not add a slash at the end of the directory path. If you point -# ServerRoot at a non-local disk, be sure to specify a local disk on the -# Mutex directive, if file-based mutexes are used. If you wish to share the -# same ServerRoot for multiple httpd daemons, you will need to change at -# least PidFile. -# -ServerRoot "/opt/rh/httpd24/root/etc/httpd" - -# -# Listen: Allows you to bind Apache to specific IP addresses and/or -# ports, instead of the default. See also the -# directive. -# -# Change this to Listen on specific IP addresses as shown below to -# prevent Apache from glomming onto all bound IP addresses. -# -#Listen 12.34.56.78:80 -Listen 0.0.0.0:{{ webserver_caching_port_container }} -Listen [::]:{{ webserver_caching_port_container }} - -# -# Dynamic Shared Object (DSO) Support -# -# To be able to use the functionality of a module which was built as a DSO you -# have to place corresponding `LoadModule' lines at this location so the -# directives contained in it are actually available _before_ they are used. -# Statically compiled modules (those listed by `httpd -l') do not need -# to be loaded here. -# -# Example: -# LoadModule foo_module modules/mod_foo.so -# -Include conf.modules.d/*.conf - -# -# If you wish httpd to run as a different user or group, you must run -# httpd as root initially and it will switch. -# -# User/Group: The name (or #number) of the user/group to run httpd as. -# It is usually good practice to create a dedicated user and group for -# running httpd, as with most system services. -# -User default -Group root - -# 'Main' server configuration -# -# The directives in this section set up the values used by the 'main' -# server, which responds to any requests that aren't handled by a -# definition. These values also provide defaults for -# any containers you may define later in the file. -# -# All of these directives may appear inside containers, -# in which case these default settings will be overridden for the -# virtual host being defined. -# - -# -# ServerAdmin: Your address, where problems with the server should be -# e-mailed. This address appears on some server-generated pages, such -# as error documents. e.g. admin@your-domain.com -# -ServerAdmin root@localhost - -# -# ServerName gives the name and port that the server uses to identify itself. -# This can often be determined automatically, but we recommend you specify -# it explicitly to prevent problems during startup. -# -# If your host doesn't have a registered DNS name, enter its IP address here. -# -#ServerName www.example.com:80 - -# -# Deny access to the entirety of your server's filesystem. You must -# explicitly permit access to web content directories in other -# blocks below. -# - - AllowOverride none - Require all denied - - -# -# Note that from this point forward you must specifically allow -# particular features to be enabled - so if something's not working as -# you might expect, make sure that you have specifically enabled it -# below. -# - -# -# DocumentRoot: The directory out of which you will serve your -# documents. By default, all requests are taken from this directory, but -# symbolic links and aliases may be used to point to other locations. -# -DocumentRoot "/opt/rh/httpd24/root/var/www/html" - -# -# Relax access to content within /opt/rh/httpd24/root/var/www. -# - - AllowOverride None - # Allow open access: - Require all granted - - -# Further relax access to the default document root: - - # - # Possible values for the Options directive are "None", "All", - # or any combination of: - # Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews - # - # Note that "MultiViews" must be named *explicitly* --- "Options All" - # doesn't give it to you. - # - # The Options directive is both complicated and important. Please see - # http://httpd.apache.org/docs/2.4/mod/core.html#options - # for more information. - # - Options Indexes FollowSymLinks - - # - # AllowOverride controls what directives may be placed in .htaccess files. - # It can be "All", "None", or any combination of the keywords: - # Options FileInfo AuthConfig Limit - # - AllowOverride All - - # - # Controls who can get stuff from this server. - # - Require all granted - - -# -# DirectoryIndex: sets the file that Apache will serve if a directory -# is requested. -# - - DirectoryIndex index.html - - -# -# The following lines prevent .htaccess and .htpasswd files from being -# viewed by Web clients. -# - - Require all denied - - -# -# ErrorLog: The location of the error log file. -# If you do not specify an ErrorLog directive within a -# container, error messages relating to that virtual host will be -# logged here. If you *do* define an error logfile for a -# container, that host's errors will be logged there and not here. -# -ErrorLog |/usr/bin/cat - -# -# LogLevel: Control the number of messages logged to the error_log. -# Possible values include: debug, info, notice, warn, error, crit, -# alert, emerg. -# -LogLevel warn - - - # - # The following directives define some format nicknames for use with - # a CustomLog directive (see below). - # - LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined - LogFormat "%h %l %u %t \"%r\" %>s %b" common - - - # You need to enable mod_logio.c to use %I and %O - LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio - - - # - # The location and format of the access logfile (Common Logfile Format). - # If you do not define any access logfiles within a - # container, they will be logged here. Contrariwise, if you *do* - # define per- access logfiles, transactions will be - # logged therein and *not* in this file. - # - #CustomLog "logs/access_log" common - - # - # If you prefer a logfile with access, agent, and referer information - # (Combined Logfile Format) you can use the following directive. - # - CustomLog |/usr/bin/cat combined - - - - # - # Redirect: Allows you to tell clients about documents that used to - # exist in your server's namespace, but do not anymore. The client - # will make a new request for the document at its new location. - # Example: - # Redirect permanent /foo http://www.example.com/bar - - # - # Alias: Maps web paths into filesystem paths and is used to - # access content that does not live under the DocumentRoot. - # Example: - # Alias /webpath /full/filesystem/path - # - # If you include a trailing / on /webpath then the server will - # require it to be present in the URL. You will also likely - # need to provide a section to allow access to - # the filesystem path. - - # - # ScriptAlias: This controls which directories contain server scripts. - # ScriptAliases are essentially the same as Aliases, except that - # documents in the target directory are treated as applications and - # run by the server when requested rather than as documents sent to the - # client. The same rules about trailing "/" apply to ScriptAlias - # directives as to Alias. - # - ScriptAlias /cgi-bin/ "/opt/rh/httpd24/root/var/www/cgi-bin/" - - - -# -# "/opt/rh/httpd24/root/var/www/cgi-bin" should be changed to whatever your ScriptAliased -# CGI directory exists, if you have that configured. -# - - AllowOverride None - Options None - Require all granted - - - - # - # TypesConfig points to the file containing the list of mappings from - # filename extension to MIME-type. - # - TypesConfig /etc/mime.types - - # - # AddType allows you to add to or override the MIME configuration - # file specified in TypesConfig for specific file types. - # - #AddType application/x-gzip .tgz - # - # AddEncoding allows you to have certain browsers uncompress - # information on the fly. Note: Not all browsers support this. - # - #AddEncoding x-compress .Z - #AddEncoding x-gzip .gz .tgz - # - # If the AddEncoding directives above are commented-out, then you - # probably should define those extensions to indicate media types: - # - AddType application/x-compress .Z - AddType application/x-gzip .gz .tgz - - # - # AddHandler allows you to map certain file extensions to "handlers": - # actions unrelated to filetype. These can be either built into the server - # or added with the Action directive (see below) - # - # To use CGI scripts outside of ScriptAliased directories: - # (You will also need to add "ExecCGI" to the "Options" directive.) - # - #AddHandler cgi-script .cgi - - # For type maps (negotiated resources): - #AddHandler type-map var - - # - # Filters allow you to process content before it is sent to the client. - # - # To parse .shtml files for server-side includes (SSI): - # (You will also need to add "Includes" to the "Options" directive.) - # - AddType text/html .shtml - AddOutputFilter INCLUDES .shtml - - -# -# Specify a default charset for all content served; this enables -# interpretation of all content as UTF-8 by default. To use the -# default browser choice (ISO-8859-1), or to allow the META tags -# in HTML content to override this choice, comment out this -# directive: -# -AddDefaultCharset UTF-8 - - - # - # The mod_mime_magic module allows the server to use various hints from the - # contents of the file itself to determine its type. The MIMEMagicFile - # directive tells the module where the hint definitions are located. - # - MIMEMagicFile conf/magic - - -# -# Customizable error responses come in three flavors: -# 1) plain text 2) local redirects 3) external redirects -# -# Some examples: -#ErrorDocument 500 "The server made a boo boo." -#ErrorDocument 404 /missing.html -#ErrorDocument 404 "/cgi-bin/missing_handler.pl" -#ErrorDocument 402 http://www.example.com/subscription_info.html -# - -# -# EnableMMAP and EnableSendfile: On systems that support it, -# memory-mapping or the sendfile syscall may be used to deliver -# files. This usually improves server performance, but must -# be turned off when serving from networked-mounted -# filesystems or if support for these functions is otherwise -# broken on your system. -# Defaults if commented: EnableMMAP On, EnableSendfile Off -# -#EnableMMAP off -EnableSendfile on - -# Supplemental configuration -# -# Load config files in the "/etc/httpd/conf.d" directory, if any. -IncludeOptional conf.d/*.conf diff --git a/ansible-ipi-install/roles/installer/templates/install-config-appends.j2 b/ansible-ipi-install/roles/installer/templates/install-config-appends.j2 deleted file mode 100644 index 1798355303..0000000000 --- a/ansible-ipi-install/roles/installer/templates/install-config-appends.j2 +++ /dev/null @@ -1,16 +0,0 @@ -additionalTrustBundle: | - {{ trustbundle | regex_replace('\n', '\n ') }} -{% if release_version is version('4.14', '<') %} -imageContentSources: -{% else %} -imageDigestSources: -{% endif %} -- mirrors: - - {{ local_registry }}/{{ local_repo }} - source: quay.io/openshift-release-dev/ocp-v4.0-art-dev -- mirrors: - - {{ local_registry }}/{{ local_repo }} - source: registry.svc.ci.openshift.org/ocp/release -- mirrors: - - {{ local_registry }}/{{ local_repo }} - source: quay.io/openshift-release-dev/ocp-release diff --git a/ansible-ipi-install/roles/installer/templates/install-config-virtualmedia.j2 b/ansible-ipi-install/roles/installer/templates/install-config-virtualmedia.j2 deleted file mode 100644 index 2319a1e771..0000000000 --- a/ansible-ipi-install/roles/installer/templates/install-config-virtualmedia.j2 +++ /dev/null @@ -1,187 +0,0 @@ -apiVersion: v1 -baseDomain: {{ domain }} -{%if (http_proxy|length or https_proxy|length) %} -proxy: - httpProxy: {{ http_proxy }} - httpsProxy: {{ https_proxy }} - noProxy: {{ (no_proxy_list|length) | ternary(no_proxy_list + ',' + provisioning_subnet, provisioning_subnet) }} -{% endif %} -metadata: - name: {{ cluster }} -networking: -{% if not dualstack_baremetal|bool %} - machineCIDR: {{ extcidrnet }} -{% endif %} - networkType: {{ network_type }} -{% if ipv6_enabled|bool and not (ipv4_baremetal|bool or dualstack_baremetal|bool) %} - clusterNetwork: - - cidr: fd01::/48 - hostPrefix: 64 - serviceNetwork: - - fd02::/112 -{% endif %} -{% if ipv6_enabled|bool and dualstack_baremetal|bool %} - machineNetwork: - - cidr: {{ extcidrnet }} - - cidr: {{ extcidrnet6 }} - clusterNetwork: - - cidr: 10.128.0.0/14 - hostPrefix: 23 - - cidr: fd02::/48 - hostPrefix: 64 - serviceNetwork: - - 172.30.0.0/16 - - fd03::/112 -{% endif %} -{% if fips_enabled is defined and fips_enabled|bool %} -fips: true -{% endif %} -compute: -- name: worker - replicas: {{ numworkers }} -controlPlane: - name: master - replicas: {{ nummasters }} - platform: - baremetal: {} -platform: - baremetal: -{% if ((release_version.split('.')[0]|int == 4) and (release_version.split('.')[1]|int >= 12)) and dualstack_baremetal|bool and dualstack_vips|bool %} - apiVIPs: -{% if apivip is defined and apivip|ipv4 %} - - {{ apivip }} -{% endif %} -{% if ipv6_enabled|bool and apivip6 is defined and apivip6|ipv6 %} - - {{ apivip6 }} -{% endif %} - ingressVIPs: -{% if ingressvip is defined and ingressvip|ipv4 %} - - {{ ingressvip }} -{% endif %} -{% if ipv6_enabled|bool and ingressvip6 is defined and ingressvip6|ipv6 %} - - {{ ingressvip6 }} -{% endif %} -{% else %} - apiVIP: {{ apivip }} - ingressVIP: {{ ingressvip }} -{% endif %} -{% if ((release_version.split('.')[0]|int == 4) and (release_version.split('.')[1]|int < 5)) %} - dnsVIP: {{ dnsvip }} -{% endif %} -{% if baremetal_bridge != 'baremetal' %} - externalBridge: {{ baremetal_bridge }} -{% endif %} - provisioningNetwork: "Disabled" -{% if ((release_version.split('.')[0]|int == 4) and (release_version.split('.')[1]|int == 6)) %} - provisioningHostIP: {{ provisioningHostIP }} -{% endif %} - bootstrapProvisioningIP: {{ bootstrapProvisioningIP }} -{% if externalMACAddress is defined %} - externalMACAddress: {{ externalMACAddress }} -{% endif %} -{% if bootstraposimage is defined and bootstraposimage|length %} - bootstrapOSImage: {{ bootstraposimage }} -{% endif %} -{% if clusterosimage is defined and clusterosimage|length %} - clusterOSImage: {{ clusterosimage }} -{% endif %} - hosts: -{% for host in groups['masters'] %} - - name: {{ hostvars[host]['inventory_hostname'] }} - role: {{ hostvars[host]['role'] }} - bmc: -{% if groups['dell_hosts_redfish'] is defined and host in groups['dell_hosts_redfish'] and ((release_version.split('.')[0]|int > 4) or ((release_version.split('.')[0]|int == 4) and (release_version.split('.')[1]|int >= 6))) and enable_virtualmedia|bool %} - address: idrac-virtualmedia://{{ hostvars[host]['ipmi_address']|ipwrap }}/redfish/v1/Systems/System.Embedded.1 - disableCertificateVerification: {{ disable_bmc_certificate_verification }} -{% elif groups['hp_hosts_redfish'] is defined and host in groups['hp_hosts_redfish'] and ((release_version.split('.')[0]|int > 4) or ((release_version.split('.')[0]|int == 4) and (release_version.split('.')[1]|int >= 6))) and enable_virtualmedia|bool %} - address: redfish-virtualmedia://{{ hostvars[host]['ipmi_address']|ipwrap }}/redfish/v1/Systems/1 - disableCertificateVerification: {{ disable_bmc_certificate_verification }} -{% elif groups['kvm_hosts_redfish'] is defined and host in groups['kvm_hosts_redfish'] %} - address: redfish-virtualmedia://{{ hostvars[host]['ipmi_address']|ipwrap }}:{{ hostvars[host]['redfish_port'] }}/redfish/v1/Systems/{{ hostvars[host]['kvm_uuid'] }} - disableCertificateVerification: true -{% elif ansible_system_vendor == 'Dell Inc.' %} - address: idrac-virtualmedia://{{ hostvars[host]['ipmi_address']|ipwrap }}/redfish/v1/Systems/System.Embedded.1 - disableCertificateVerification: {{ disable_bmc_certificate_verification }} -{% else %} - address: redfish-virtualmedia://{{ hostvars[host]['ipmi_address']|ipwrap }}:{{ hostvars[host]['ipmi_port']|default(623) }} - disableCertificateVerification: {{ disable_bmc_certificate_verification }} -{% endif %} - username: {{ hostvars[host]['ipmi_user'] }} - password: {{ hostvars[host]['ipmi_password'] }} - bootMACAddress: {{ hostvars[host]['provision_mac'] }} -{% if ((release_version.split('.')[0]|int == 4) and (release_version.split('.')[1]|int < 6)) %} -{% if 'hardware_profile' in hostvars[host] %} - hardwareProfile: {{ hostvars[host]['hardware_profile'] }} -{% else %} - hardwareProfile: default -{% endif %} -{% endif %} -{% if ((release_version.split('.')[0]|int == 4) and (release_version.split('.')[1]|int >= 6)) %} -{% if bootmode is defined and bootmode == 'legacy' %} - bootMode: legacy -{% endif %} -{% if 'root_device_hint' in hostvars[host] and 'root_device_hint_value' in hostvars[host] and hostvars[host]['root_device_hint'] in roothint_list %} - rootDeviceHints: - {{ hostvars[host]['root_device_hint'] }}: '{{ hostvars[host]['root_device_hint_value'] }}' -{% endif %} -{% endif %} -{% if ((release_version.split('.')[0]|int == 4) and (release_version.split('.')[1]|int >= 10)) %} -{% if master_network_config_template is defined %} - networkConfig: -{{ lookup('template', master_network_config_template, template_vars=hostvars[host]) | indent(10, true) }} -{% endif %} -{% endif %} -{% endfor %} -{% if groups['workers'] is defined %} -{% for host in groups['workers'] %} - - name: {{ hostvars[host]['inventory_hostname'] }} - role: {{ hostvars[host]['role'] }} - bmc: -{% if groups['dell_hosts_redfish'] is defined and host in groups['dell_hosts_redfish'] and ((release_version.split('.')[0]|int > 4) or ((release_version.split('.')[0]|int == 4) and (release_version.split('.')[1]|int >= 6))) and enable_virtualmedia|bool %} - address: idrac-virtualmedia://{{ hostvars[host]['ipmi_address']|ipwrap }}/redfish/v1/Systems/System.Embedded.1 - disableCertificateVerification: {{ disable_bmc_certificate_verification }} -{% elif groups['hp_hosts_redfish'] is defined and host in groups['hp_hosts_redfish'] and ((release_version.split('.')[0]|int > 4) or ((release_version.split('.')[0]|int == 4) and (release_version.split('.')[1]|int >= 6))) and enable_virtualmedia|bool %} - address: redfish-virtualmedia://{{ hostvars[host]['ipmi_address']|ipwrap }}/redfish/v1/Systems/1 - disableCertificateVerification: {{ disable_bmc_certificate_verification }} -{% elif groups['kvm_hosts_redfish'] is defined and host in groups['kvm_hosts_redfish'] %} - address: redfish-virtualmedia://{{ hostvars[host]['ipmi_address']|ipwrap }}:{{ hostvars[host]['redfish_port'] }}/redfish/v1/Systems/{{ hostvars[host]['kvm_uuid'] }} - disableCertificateVerification: true -{% elif ansible_system_vendor == 'Dell Inc.' %} - address: idrac-virtualmedia://{{ hostvars[host]['ipmi_address']|ipwrap }}/redfish/v1/Systems/System.Embedded.1 - disableCertificateVerification: {{ disable_bmc_certificate_verification }} -{% else %} - address: redfish-virtualmedia://{{ hostvars[host]['ipmi_address']|ipwrap }}:{{ hostvars[host]['ipmi_port']|default(623) }} - disableCertificateVerification: {{ disable_bmc_certificate_verification }} -{% endif %} - username: {{ hostvars[host]['ipmi_user'] }} - password: {{ hostvars[host]['ipmi_password'] }} - bootMACAddress: {{ hostvars[host]['provision_mac'] }} -{% if ((release_version.split('.')[0]|int == 4) and (release_version.split('.')[1]|int < 6)) %} -{% if 'hardware_profile' in hostvars[host] %} - hardwareProfile: {{ hostvars[host]['hardware_profile'] }} -{% else %} - hardwareProfile: unknown -{% endif %} -{% endif %} -{% if ((release_version.split('.')[0]|int == 4) and (release_version.split('.')[1]|int >= 6)) %} -{% if bootmode is defined and bootmode == 'legacy' %} - bootMode: legacy -{% endif %} -{% if 'root_device_hint' in hostvars[host] and 'root_device_hint_value' in hostvars[host] %} - rootDeviceHints: - {{ hostvars[host]['root_device_hint'] }}: '{{ hostvars[host]['root_device_hint_value'] }}' -{% endif %} -{% endif %} -{% if ((release_version.split('.')[0]|int == 4) and (release_version.split('.')[1]|int >= 10)) %} -{% if worker_network_config_template is defined %} - networkConfig: -{{ lookup('template', worker_network_config_template, template_vars=hostvars[host]) | indent(10, true) }} -{% endif %} -{% endif %} -{% endfor %} -{% endif %} -pullSecret: '{{ pullsecret }}' -sshKey: '{{ key }}' -{% if install_config_appends is defined and install_config_appends|length %} -{{ install_config_appends }} -{% endif %} diff --git a/ansible-ipi-install/roles/installer/templates/install-config.j2 b/ansible-ipi-install/roles/installer/templates/install-config.j2 deleted file mode 100644 index 923e5aec80..0000000000 --- a/ansible-ipi-install/roles/installer/templates/install-config.j2 +++ /dev/null @@ -1,188 +0,0 @@ -apiVersion: v1 -baseDomain: {{ domain }} -{%if (http_proxy|length or https_proxy|length) %} -proxy: - httpProxy: {{ http_proxy }} - httpsProxy: {{ https_proxy }} - noProxy: {{ (no_proxy_list|length) | ternary(no_proxy_list + ',' + provisioning_subnet, provisioning_subnet) }} -{% endif %} -metadata: - name: {{ cluster }} -networking: -{% if not dualstack_baremetal|bool %} - machineCIDR: {{ extcidrnet }} -{% endif %} - networkType: {{ network_type }} -{% if ipv6_enabled|bool and not (ipv4_baremetal|bool or dualstack_baremetal|bool) %} - clusterNetwork: - - cidr: fd01::/48 - hostPrefix: 64 - serviceNetwork: - - fd02::/112 -{% endif %} -{% if ipv6_enabled|bool and dualstack_baremetal|bool %} - machineNetwork: - - cidr: {{ extcidrnet }} - - cidr: {{ extcidrnet6 }} - clusterNetwork: - - cidr: 10.128.0.0/14 - hostPrefix: 23 - - cidr: fd02::/48 - hostPrefix: 64 - serviceNetwork: - - 172.30.0.0/16 - - fd03::/112 -{% endif %} -{% if fips_enabled is defined and fips_enabled|bool %} -fips: true -{% endif %} -compute: -- name: worker - replicas: {{ numworkers }} -controlPlane: - name: master - replicas: {{ nummasters }} - platform: - baremetal: {} -platform: - baremetal: -{% if ((release_version.split('.')[0]|int == 4) and (release_version.split('.')[1]|int >= 12)) and dualstack_baremetal|bool and dualstack_vips|bool %} - apiVIPs: -{% if apivip is defined and apivip|ipv4 %} - - {{ apivip }} -{% endif %} -{% if ipv6_enabled|bool and apivip6 is defined and apivip6|ipv6 %} - - {{ apivip6 }} -{% endif %} - ingressVIPs: -{% if ingressvip is defined and ingressvip|ipv4 %} - - {{ ingressvip }} -{% endif %} -{% if ipv6_enabled|bool and ingressvip6 is defined and ingressvip6|ipv6 %} - - {{ ingressvip6 }} -{% endif %} -{% else %} - apiVIP: {{ apivip }} - ingressVIP: {{ ingressvip }} -{% endif %} -{% if ((release_version.split('.')[0]|int == 4) and (release_version.split('.')[1]|int < 5)) %} - dnsVIP: {{ dnsvip }} -{% endif %} - provisioningBridge: {{ provisioning_bridge }} -{% if baremetal_bridge != 'baremetal' %} - externalBridge: {{ baremetal_bridge }} -{% endif %} -{% if (release_version.split('.')[0]|int > 4) or ((release_version.split('.')[0]|int == 4) and (release_version.split('.')[1]|int > 3)) %} - provisioningNetworkInterface: {{ masters_prov_nic }} - provisioningNetworkCIDR: {{ provisioning_subnet }} -{% if prov_dhcp_range is defined and prov_dhcp_range|length %} - provisioningDHCPRange: {{ prov_dhcp_range }} -{% endif %} -{% if externalMACAddress is defined and externalMACAddress|length %} - externalMACAddress: '{{ externalMACAddress }}' -{% endif %} -{% endif %} -{% if bootstraposimage is defined and bootstraposimage|length %} - bootstrapOSImage: {{ bootstraposimage }} -{% endif %} -{% if clusterosimage is defined and clusterosimage|length %} - clusterOSImage: {{ clusterosimage }} -{% endif %} - hosts: -{% for host in groups['masters'] %} - - name: {{ hostvars[host]['inventory_hostname'] }} - role: {{ hostvars[host]['role'] }} - bmc: -{% if groups['dell_hosts_redfish'] is defined and host in groups['dell_hosts_redfish'] and ((release_version.split('.')[0]|int > 4) or ((release_version.split('.')[0]|int == 4) and (release_version.split('.')[1]|int >= 5))) %} - address: redfish://{{ hostvars[host]['ipmi_address']|ipwrap }}/redfish/v1/Systems/System.Embedded.1 - disableCertificateVerification: {{ disable_bmc_certificate_verification }} -{% elif groups['hp_hosts_redfish'] is defined and host in groups['hp_hosts_redfish'] and ((release_version.split('.')[0]|int > 4) or ((release_version.split('.')[0]|int == 4) and (release_version.split('.')[1]|int >= 5))) %} - address: redfish://{{ hostvars[host]['ipmi_address']|ipwrap }}/redfish/v1/Systems/1 - disableCertificateVerification: {{ disable_bmc_certificate_verification }} -{% elif groups['kvm_hosts_redfish'] is defined and host in groups['kvm_hosts_redfish'] %} - address: redfish://{{ hostvars[host]['ipmi_address']|ipwrap }}:{{ hostvars[host]['redfish_port'] }}/redfish/v1/Systems/{{ hostvars[host]['kvm_uuid'] }} - disableCertificateVerification: true -{% elif hostvars[host]['irmc_address'] is defined %} - address: irmc://{{ hostvars[host]['irmc_address']|ipwrap }}:{{ hostvars[host]['irmc_port']|default(443) }} - disableCertificateVerification: {{ disable_bmc_certificate_verification }} -{% else %} - address: ipmi://{{ hostvars[host]['ipmi_address']|ipwrap }}:{{ hostvars[host]['ipmi_port']|default(623) }} -{% endif %} - username: {{ hostvars[host]['ipmi_user'] }} - password: {{ hostvars[host]['ipmi_password'] }} - bootMACAddress: {{ hostvars[host]['provision_mac'] }} -{% if ((release_version.split('.')[0]|int == 4) and (release_version.split('.')[1]|int < 6)) %} -{% if 'hardware_profile' in hostvars[host] %} - hardwareProfile: {{ hostvars[host]['hardware_profile'] }} -{% else %} - hardwareProfile: default -{% endif %} -{% endif %} -{% if ((release_version.split('.')[0]|int == 4) and (release_version.split('.')[1]|int >= 6)) %} -{% if bootmode is defined and bootmode == 'legacy' %} - bootMode: legacy -{% endif %} -{% if 'root_device_hint' in hostvars[host] and 'root_device_hint_value' in hostvars[host] and hostvars[host]['root_device_hint'] in roothint_list %} - rootDeviceHints: - {{ hostvars[host]['root_device_hint'] }}: '{{ hostvars[host]['root_device_hint_value'] }}' -{% endif %} -{% endif %} -{% if ((release_version.split('.')[0]|int == 4) and (release_version.split('.')[1]|int >= 10)) %} -{% if master_network_config_template is defined %} - networkConfig: -{{ lookup('template', master_network_config_template, template_vars=hostvars[host]) | indent(10, true) }} -{% endif %} -{% endif %} -{% endfor %} -{% if groups['workers'] is defined %} -{% for host in groups['workers'] %} - - name: {{ hostvars[host]['inventory_hostname'] }} - role: {{ hostvars[host]['role'] }} - bmc: -{% if groups['dell_hosts_redfish'] is defined and host in groups['dell_hosts_redfish'] %} - address: redfish://{{ hostvars[host]['ipmi_address']|ipwrap }}/redfish/v1/Systems/System.Embedded.1 - disableCertificateVerification: {{ disable_bmc_certificate_verification }} -{% elif groups['hp_hosts_redfish'] is defined and host in groups['hp_hosts_redfish'] %} - address: redfish://{{ hostvars[host]['ipmi_address']|ipwrap }}/redfish/v1/Systems/1 - disableCertificateVerification: {{ disable_bmc_certificate_verification }} -{% elif groups['kvm_hosts_redfish'] is defined and host in groups['kvm_hosts_redfish'] %} - address: redfish://{{ hostvars[host]['ipmi_address']|ipwrap }}:{{ hostvars[host]['redfish_port'] }}/redfish/v1/Systems/{{ hostvars[host]['kvm_uuid'] }} - disableCertificateVerification: true -{% elif hostvars[host]['irmc_address'] is defined %} - address: irmc://{{ hostvars[host]['irmc_address']|ipwrap }}:{{ hostvars[host]['irmc_port']|default(443) }} - disableCertificateVerification: {{ disable_bmc_certificate_verification }} -{% else %} - address: ipmi://{{ hostvars[host]['ipmi_address']|ipwrap }}:{{ hostvars[host]['ipmi_port']|default(623) }} -{% endif %} - username: {{ hostvars[host]['ipmi_user'] }} - password: {{ hostvars[host]['ipmi_password'] }} - bootMACAddress: {{ hostvars[host]['provision_mac'] }} -{% if ((release_version.split('.')[0]|int == 4) and (release_version.split('.')[1]|int < 6)) %} -{% if 'hardware_profile' in hostvars[host] %} - hardwareProfile: {{ hostvars[host]['hardware_profile'] }} -{% else %} - hardwareProfile: unknown -{% endif %} -{% endif %} -{% if ((release_version.split('.')[0]|int == 4) and (release_version.split('.')[1]|int >= 6)) %} -{% if bootmode is defined and bootmode == 'legacy' %} - bootMode: legacy -{% endif %} -{% if 'root_device_hint' in hostvars[host] and 'root_device_hint_value' in hostvars[host] %} - rootDeviceHints: - {{ hostvars[host]['root_device_hint'] }}: '{{ hostvars[host]['root_device_hint_value'] }}' -{% endif %} -{% endif %} -{% if ((release_version.split('.')[0]|int == 4) and (release_version.split('.')[1]|int >= 10)) %} -{% if worker_network_config_template is defined %} - networkConfig: -{{ lookup('template', worker_network_config_template, template_vars=hostvars[host]) | indent(10, true) }} -{% endif %} -{% endif %} -{% endfor %} -{% endif %} -pullSecret: '{{ pullsecret }}' -sshKey: '{{ key }}' -{% if install_config_appends is defined and install_config_appends|length %} -{{ install_config_appends }} -{% endif %} diff --git a/ansible-ipi-install/roles/installer/templates/magic.j2 b/ansible-ipi-install/roles/installer/templates/magic.j2 deleted file mode 100644 index 77aa3a30e7..0000000000 --- a/ansible-ipi-install/roles/installer/templates/magic.j2 +++ /dev/null @@ -1,384 +0,0 @@ -# Magic data for mod_mime_magic Apache module (originally for file(1) command) -# The module is described in /manual/mod/mod_mime_magic.html -# -# The format is 4-5 columns: -# Column #1: byte number to begin checking from, ">" indicates continuation -# Column #2: type of data to match -# Column #3: contents of data to match -# Column #4: MIME type of result -# Column #5: MIME encoding of result (optional) - -#------------------------------------------------------------------------------ -# Localstuff: file(1) magic for locally observed files -# Add any locally observed files here. - -#------------------------------------------------------------------------------ -# end local stuff -#------------------------------------------------------------------------------ - -#------------------------------------------------------------------------------ -# Java - -0 short 0xcafe ->2 short 0xbabe application/java - -#------------------------------------------------------------------------------ -# audio: file(1) magic for sound formats -# -# from Jan Nicolai Langfeldt , -# - -# Sun/NeXT audio data -0 string .snd ->12 belong 1 audio/basic ->12 belong 2 audio/basic ->12 belong 3 audio/basic ->12 belong 4 audio/basic ->12 belong 5 audio/basic ->12 belong 6 audio/basic ->12 belong 7 audio/basic - ->12 belong 23 audio/x-adpcm - -# DEC systems (e.g. DECstation 5000) use a variant of the Sun/NeXT format -# that uses little-endian encoding and has a different magic number -# (0x0064732E in little-endian encoding). -0 lelong 0x0064732E ->12 lelong 1 audio/x-dec-basic ->12 lelong 2 audio/x-dec-basic ->12 lelong 3 audio/x-dec-basic ->12 lelong 4 audio/x-dec-basic ->12 lelong 5 audio/x-dec-basic ->12 lelong 6 audio/x-dec-basic ->12 lelong 7 audio/x-dec-basic -# compressed (G.721 ADPCM) ->12 lelong 23 audio/x-dec-adpcm - -# Bytes 0-3 of AIFF, AIFF-C, & 8SVX audio files are "FORM" -# AIFF audio data -8 string AIFF audio/x-aiff -# AIFF-C audio data -8 string AIFC audio/x-aiff -# IFF/8SVX audio data -8 string 8SVX audio/x-aiff - -# Creative Labs AUDIO stuff -# Standard MIDI data -0 string MThd audio/unknown -#>9 byte >0 (format %d) -#>11 byte >1 using %d channels -# Creative Music (CMF) data -0 string CTMF audio/unknown -# SoundBlaster instrument data -0 string SBI audio/unknown -# Creative Labs voice data -0 string Creative\ Voice\ File audio/unknown -## is this next line right? it came this way... -#>19 byte 0x1A -#>23 byte >0 - version %d -#>22 byte >0 \b.%d - -# [GRR 950115: is this also Creative Labs? Guessing that first line -# should be string instead of unknown-endian long...] -#0 long 0x4e54524b MultiTrack sound data -#0 string NTRK MultiTrack sound data -#>4 long x - version %ld - -# Microsoft WAVE format (*.wav) -# [GRR 950115: probably all of the shorts and longs should be leshort/lelong] -# Microsoft RIFF -0 string RIFF audio/unknown -# - WAVE format ->8 string WAVE audio/x-wav -# MPEG audio. -0 beshort&0xfff0 0xfff0 audio/mpeg -# C64 SID Music files, from Linus Walleij -0 string PSID audio/prs.sid - -#------------------------------------------------------------------------------ -# c-lang: file(1) magic for C programs or various scripts -# - -# XPM icons (Greg Roelofs, newt@uchicago.edu) -# ideally should go into "images", but entries below would tag XPM as C source -0 string /*\ XPM image/x-xbm 7bit - -# this first will upset you if you're a PL/1 shop... (are there any left?) -# in which case rm it; ascmagic will catch real C programs -# C or REXX program text -0 string /* text/plain -# C++ program text -0 string // text/plain - -#------------------------------------------------------------------------------ -# compress: file(1) magic for pure-compression formats (no archives) -# -# compress, gzip, pack, compact, huf, squeeze, crunch, freeze, yabba, whap, etc. -# -# Formats for various forms of compressed data -# Formats for "compress" proper have been moved into "compress.c", -# because it tries to uncompress it to figure out what's inside. - -# standard unix compress -0 string \037\235 application/octet-stream x-compress - -# gzip (GNU zip, not to be confused with [Info-ZIP/PKWARE] zip archiver) -0 string \037\213 application/octet-stream x-gzip - -# According to gzip.h, this is the correct byte order for packed data. -0 string \037\036 application/octet-stream -# -# This magic number is byte-order-independent. -# -0 short 017437 application/octet-stream - -# XXX - why *two* entries for "compacted data", one of which is -# byte-order independent, and one of which is byte-order dependent? -# -# compacted data -0 short 0x1fff application/octet-stream -0 string \377\037 application/octet-stream -# huf output -0 short 0145405 application/octet-stream - -# Squeeze and Crunch... -# These numbers were gleaned from the Unix versions of the programs to -# handle these formats. Note that I can only uncrunch, not crunch, and -# I didn't have a crunched file handy, so the crunch number is untested. -# Keith Waclena -#0 leshort 0x76FF squeezed data (CP/M, DOS) -#0 leshort 0x76FE crunched data (CP/M, DOS) - -# Freeze -#0 string \037\237 Frozen file 2.1 -#0 string \037\236 Frozen file 1.0 (or gzip 0.5) - -# lzh? -#0 string \037\240 LZH compressed data - -#------------------------------------------------------------------------------ -# frame: file(1) magic for FrameMaker files -# -# This stuff came on a FrameMaker demo tape, most of which is -# copyright, but this file is "published" as witness the following: -# -0 string \ -# and Anna Shergold -# -0 string \ -0 string \14 byte 12 (OS/2 1.x format) -#>14 byte 64 (OS/2 2.x format) -#>14 byte 40 (Windows 3.x format) -#0 string IC icon -#0 string PI pointer -#0 string CI color icon -#0 string CP color pointer -#0 string BA bitmap array - -0 string \x89PNG image/png -0 string FWS application/x-shockwave-flash -0 string CWS application/x-shockwave-flash - -#------------------------------------------------------------------------------ -# lisp: file(1) magic for lisp programs -# -# various lisp types, from Daniel Quinlan (quinlan@yggdrasil.com) -0 string ;; text/plain 8bit -# Emacs 18 - this is always correct, but not very magical. -0 string \012( application/x-elc -# Emacs 19 -0 string ;ELC\023\000\000\000 application/x-elc - -#------------------------------------------------------------------------------ -# mail.news: file(1) magic for mail and news -# -# There are tests to ascmagic.c to cope with mail and news. -0 string Relay-Version: message/rfc822 7bit -0 string #!\ rnews message/rfc822 7bit -0 string N#!\ rnews message/rfc822 7bit -0 string Forward\ to message/rfc822 7bit -0 string Pipe\ to message/rfc822 7bit -0 string Return-Path: message/rfc822 7bit -0 string Path: message/news 8bit -0 string Xref: message/news 8bit -0 string From: message/rfc822 7bit -0 string Article message/news 8bit -#------------------------------------------------------------------------------ -# msword: file(1) magic for MS Word files -# -# Contributor claims: -# Reversed-engineered MS Word magic numbers -# - -0 string \376\067\0\043 application/msword -0 string \333\245-\0\0\0 application/msword - -# disable this one because it applies also to other -# Office/OLE documents for which msword is not correct. See PR#2608. -#0 string \320\317\021\340\241\261 application/msword - - - -#------------------------------------------------------------------------------ -# printer: file(1) magic for printer-formatted files -# - -# PostScript -0 string %! application/postscript -0 string \004%! application/postscript - -# Acrobat -# (due to clamen@cs.cmu.edu) -0 string %PDF- application/pdf - -#------------------------------------------------------------------------------ -# sc: file(1) magic for "sc" spreadsheet -# -38 string Spreadsheet application/x-sc - -#------------------------------------------------------------------------------ -# tex: file(1) magic for TeX files -# -# XXX - needs byte-endian stuff (big-endian and little-endian DVI?) -# -# From - -# Although we may know the offset of certain text fields in TeX DVI -# and font files, we can't use them reliably because they are not -# zero terminated. [but we do anyway, christos] -0 string \367\002 application/x-dvi -#0 string \367\203 TeX generic font data -#0 string \367\131 TeX packed font data -#0 string \367\312 TeX virtual font data -#0 string This\ is\ TeX, TeX transcript text -#0 string This\ is\ METAFONT, METAFONT transcript text - -# There is no way to detect TeX Font Metric (*.tfm) files without -# breaking them apart and reading the data. The following patterns -# match most *.tfm files generated by METAFONT or afm2tfm. -#2 string \000\021 TeX font metric data -#2 string \000\022 TeX font metric data -#>34 string >\0 (%s) - -# Texinfo and GNU Info, from Daniel Quinlan (quinlan@yggdrasil.com) -#0 string \\input\ texinfo Texinfo source text -#0 string This\ is\ Info\ file GNU Info text - -# correct TeX magic for Linux (and maybe more) -# from Peter Tobias (tobias@server.et-inf.fho-emden.de) -# -0 leshort 0x02f7 application/x-dvi - -# RTF - Rich Text Format -0 string {\\rtf application/rtf - -#------------------------------------------------------------------------------ -# animation: file(1) magic for animation/movie formats -# -# animation formats, originally from vax@ccwf.cc.utexas.edu (VaX#n8) -# MPEG file -0 string \000\000\001\263 video/mpeg -# -# The contributor claims: -# I couldn't find a real magic number for these, however, this -# -appears- to work. Note that it might catch other files, too, -# so BE CAREFUL! -# -# Note that title and author appear in the two 20-byte chunks -# at decimal offsets 2 and 22, respectively, but they are XOR'ed with -# 255 (hex FF)! DL format SUCKS BIG ROCKS. -# -# DL file version 1 , medium format (160x100, 4 images/screen) -0 byte 1 video/unknown -0 byte 2 video/unknown -# Quicktime video, from Linus Walleij -# from Apple quicktime file format documentation. -4 string moov video/quicktime -4 string mdat video/quicktime diff --git a/ansible-ipi-install/roles/installer/templates/metal3-config.j2 b/ansible-ipi-install/roles/installer/templates/metal3-config.j2 deleted file mode 100644 index 35d8632f76..0000000000 --- a/ansible-ipi-install/roles/installer/templates/metal3-config.j2 +++ /dev/null @@ -1,20 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: metal3-config - namespace: openshift-machine-api -data: - cache_url: '' - deploy_kernel_url: http://{{ prov_ip|ipwrap }}:6180/images/ironic-python-agent.kernel - deploy_ramdisk_url: http://{{ prov_ip|ipwrap }}:6180/images/ironic-python-agent.initramfs - dhcp_range: {{ prov_dhcp_range | default('172.22.0.10,172.22.0.100') }} - http_port: "6180" - ironic_endpoint: http://{{ prov_ip|ipwrap }}:6385/v1/ - ironic_inspector_endpoint: http://{{ prov_ip|ipwrap }}:5050/v1/ - provisioning_interface: {{ masters_prov_nic }} - provisioning_ip: {{ prov_ip }}/24 -{% if clusterosimage is defined and clusterosimage|length %} - rhcos_image_url: {{ clusterosimage }} -{% else %} - rhcos_image_url: {{ rhcos_path }}{{ rhcos_uri }} -{% endif %} diff --git a/ansible-ipi-install/roles/installer/tests/inventory b/ansible-ipi-install/roles/installer/tests/inventory deleted file mode 100644 index 2fbb50c4a8..0000000000 --- a/ansible-ipi-install/roles/installer/tests/inventory +++ /dev/null @@ -1 +0,0 @@ -localhost diff --git a/ansible-ipi-install/roles/installer/tests/test.yml b/ansible-ipi-install/roles/installer/tests/test.yml deleted file mode 100644 index 4d8b09a398..0000000000 --- a/ansible-ipi-install/roles/installer/tests/test.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -- hosts: localhost - remote_user: root - roles: - - installer diff --git a/ansible-ipi-install/roles/installer/vars/main.yml b/ansible-ipi-install/roles/installer/vars/main.yml deleted file mode 100644 index cb2432c996..0000000000 --- a/ansible-ipi-install/roles/installer/vars/main.yml +++ /dev/null @@ -1,35 +0,0 @@ ---- -# vars file for installer -pullsecret_file: "{{ dir }}/pull-secret.txt" -cmd: openshift-baremetal-install -default_libvirt_pool_dir: - - /var/lib/libvirt/images/ - - /var/lib/libvirt/openshift-images/ - -# packages needed for the disconnected registry tasks -packages_registry: - - podman - - libvirt - - python3 - - jq - - httpd - - httpd-tools - - python3-dns - -# Format for podman query when creating disconnected registry -podman_format_name: !unsafe "{{.Names}}" - -# Registry directories to be created -registry_dir_auth: "{{ registry_dir }}/auth" -registry_dir_cert: "{{ registry_dir }}/certs" -registry_dir_data: "{{ registry_dir }}/data" - -# Name of the pod running as the registry. -pod_name_registry: ocpdiscon-registry - -# The information for the locally created registry -local_registry: "{{ groups['registry_host'][0] }}:{{ registry_port }}" -local_repo: ocp4/openshift4 -disconnected_installer: "" -registry_creation: false -url_passed: false diff --git a/ansible-ipi-install/roles/node-prep b/ansible-ipi-install/roles/node-prep deleted file mode 120000 index 01a16747a8..0000000000 --- a/ansible-ipi-install/roles/node-prep +++ /dev/null @@ -1 +0,0 @@ -node_prep \ No newline at end of file diff --git a/ansible-ipi-install/roles/node_prep/defaults/main.yml b/ansible-ipi-install/roles/node_prep/defaults/main.yml deleted file mode 100644 index bdd080af5f..0000000000 --- a/ansible-ipi-install/roles/node_prep/defaults/main.yml +++ /dev/null @@ -1,20 +0,0 @@ ---- -# defaults file for node_prep -activation_key: "" -org_id: "" -network_type: "OVNKubernetes" -firewall: "firewalld" -ipv6_enabled: false -no_proxy_list: "" -http_proxy: "" -https_proxy: "" -ipv4_baremetal: false -ipv4_provisioning: false -dualstack_baremetal: false -dualstack_vips: false -provisioning_bridge: "provisioning" -webserver_url: "" -baremetal_bridge: "baremetal" -disable_bmc_certificate_verification: false -redfish_inspection: true -enable_virtualmedia: false diff --git a/ansible-ipi-install/roles/node_prep/handlers/main.yml b/ansible-ipi-install/roles/node_prep/handlers/main.yml deleted file mode 100644 index 5ece770727..0000000000 --- a/ansible-ipi-install/roles/node_prep/handlers/main.yml +++ /dev/null @@ -1,2 +0,0 @@ ---- -# handlers file for node_prep diff --git a/ansible-ipi-install/roles/node_prep/library/nmcli.py b/ansible-ipi-install/roles/node_prep/library/nmcli.py deleted file mode 100644 index b1a4600f00..0000000000 --- a/ansible-ipi-install/roles/node_prep/library/nmcli.py +++ /dev/null @@ -1,1588 +0,0 @@ -#!/usr/bin/python -# -*- coding: utf-8 -*- -# Copyright: (c) 2015, Chris Long -# Copyright: (c) 2017, Ansible Project -# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) - -from __future__ import absolute_import, division, print_function - -__metaclass__ = type - - -ANSIBLE_METADATA = { - "metadata_version": "1.1", - "status": ["preview"], - "supported_by": "community", -} - - -DOCUMENTATION = """ ---- -module: nmcli -author: "Chris Long (@alcamie101)" -short_description: Manage Networking -requirements: [ nmcli, dbus, NetworkManager-libnm ] -version_added: "2.0" -description: - - Manage the network devices. Create, modify and manage various connection and device type e.g., ethernet, teams, bonds, vlans etc. - - "On CentOS and Fedora like systems, install dependencies as 'yum/dnf install -y python-gobject NetworkManager-libnm'" - - "On Ubuntu and Debian like systems, install dependencies as 'apt-get install -y libnm-glib-dev'" -options: - state: - description: - - Whether the device should exist or not, taking action if the state is different from what is stated. - required: True - choices: [ present, absent ] - autoconnect: - description: - - Whether the connection should start on boot. - - Whether the connection profile can be automatically activated - type: bool - default: True - conn_name: - description: - - 'Where conn_name will be the name used to call the connection. when not provided a default name is generated: [-][-]' - required: True - ifname: - description: - - Where IFNAME will be the what we call the interface name. - - interface to bind the connection to. The connection will only be applicable to this interface name. - - A special value of "*" can be used for interface-independent connections. - - The ifname argument is mandatory for all connection types except bond, team, bridge and vlan. - default: conn_name - type: - description: - - This is the type of device or network connection that you wish to create or modify. - - "type C(generic) is added in version 2.5." - choices: [ ethernet, team, team-slave, bond, bond-slave, bridge, bridge-slave, vlan, vxlan, ipip, generic ] - mode: - description: - - This is the type of device or network connection that you wish to create for a bond, team or bridge. - choices: [ "balance-rr", "active-backup", "balance-xor", "broadcast", "802.3ad", "balance-tlb", "balance-alb" ] - default: balance-rr - master: - description: - - master ] STP forwarding delay, in seconds - default: 15 - hellotime: - description: - - This is only used with bridge - [hello-time <1-10>] STP hello time, in seconds - default: 2 - maxage: - description: - - This is only used with bridge - [max-age <6-42>] STP maximum message age, in seconds - default: 20 - ageingtime: - description: - - This is only used with bridge - [ageing-time <0-1000000>] the Ethernet MAC address aging time, in seconds - default: 300 - mac: - description: - - > - This is only used with bridge - MAC address of the bridge - (note: this requires a recent kernel feature, originally introduced in 3.15 upstream kernel) - slavepriority: - description: - - This is only used with 'bridge-slave' - [<0-63>] - STP priority of this slave - default: 32 - path_cost: - description: - - This is only used with 'bridge-slave' - [<1-65535>] - STP port cost for destinations via this slave - default: 100 - hairpin: - description: - - This is only used with 'bridge-slave' - 'hairpin mode' for the slave, which allows frames to be sent back out through the slave the - frame was received on. - type: bool - default: 'yes' - vlanid: - description: - - This is only used with VLAN - VLAN ID in range <0-4095> - vlandev: - description: - - This is only used with VLAN - parent device this VLAN is on, can use ifname - flags: - description: - - This is only used with VLAN - flags - ingress: - description: - - This is only used with VLAN - VLAN ingress priority mapping - egress: - description: - - This is only used with VLAN - VLAN egress priority mapping - vxlan_id: - description: - - This is only used with VXLAN - VXLAN ID. - version_added: "2.8" - vxlan_remote: - description: - - This is only used with VXLAN - VXLAN destination IP address. - version_added: "2.8" - vxlan_local: - description: - - This is only used with VXLAN - VXLAN local IP address. - version_added: "2.8" - ip_tunnel_dev: - description: - - This is only used with IPIP - parent device this IPIP tunnel, can use ifname. - version_added: "2.8" - ip_tunnel_remote: - description: - - This is only used with IPIP - IPIP destination IP address. - version_added: "2.8" - ip_tunnel_local: - description: - - This is only used with IPIP - IPIP local IP address. - version_added: "2.8" -""" - -EXAMPLES = """ -# These examples are using the following inventory: -# -# ## Directory layout: -# -# |_/inventory/cloud-hosts -# | /group_vars/openstack-stage.yml -# | /host_vars/controller-01.openstack.host.com -# | /host_vars/controller-02.openstack.host.com -# |_/playbook/library/nmcli.py -# | /playbook-add.yml -# | /playbook-del.yml -# ``` -# -# ## inventory examples -# ### groups_vars -# ```yml -# --- -# #devops_os_define_network -# storage_gw: "192.0.2.254" -# external_gw: "198.51.100.254" -# tenant_gw: "203.0.113.254" -# -# #Team vars -# nmcli_team: -# - conn_name: tenant -# ip4: '{{ tenant_ip }}' -# gw4: '{{ tenant_gw }}' -# - conn_name: external -# ip4: '{{ external_ip }}' -# gw4: '{{ external_gw }}' -# - conn_name: storage -# ip4: '{{ storage_ip }}' -# gw4: '{{ storage_gw }}' -# nmcli_team_slave: -# - conn_name: em1 -# ifname: em1 -# master: tenant -# - conn_name: em2 -# ifname: em2 -# master: tenant -# - conn_name: p2p1 -# ifname: p2p1 -# master: storage -# - conn_name: p2p2 -# ifname: p2p2 -# master: external -# -# #bond vars -# nmcli_bond: -# - conn_name: tenant -# ip4: '{{ tenant_ip }}' -# gw4: '' -# mode: balance-rr -# - conn_name: external -# ip4: '{{ external_ip }}' -# gw4: '' -# mode: balance-rr -# - conn_name: storage -# ip4: '{{ storage_ip }}' -# gw4: '{{ storage_gw }}' -# mode: balance-rr -# nmcli_bond_slave: -# - conn_name: em1 -# ifname: em1 -# master: tenant -# - conn_name: em2 -# ifname: em2 -# master: tenant -# - conn_name: p2p1 -# ifname: p2p1 -# master: storage -# - conn_name: p2p2 -# ifname: p2p2 -# master: external -# -# #ethernet vars -# nmcli_ethernet: -# - conn_name: em1 -# ifname: em1 -# ip4: '{{ tenant_ip }}' -# gw4: '{{ tenant_gw }}' -# - conn_name: em2 -# ifname: em2 -# ip4: '{{ tenant_ip1 }}' -# gw4: '{{ tenant_gw }}' -# - conn_name: p2p1 -# ifname: p2p1 -# ip4: '{{ storage_ip }}' -# gw4: '{{ storage_gw }}' -# - conn_name: p2p2 -# ifname: p2p2 -# ip4: '{{ external_ip }}' -# gw4: '{{ external_gw }}' -# ``` -# -# ### host_vars -# ```yml -# --- -# storage_ip: "192.0.2.91/23" -# external_ip: "198.51.100.23/21" -# tenant_ip: "203.0.113.77/23" -# ``` - - - -## playbook-add.yml example - ---- -- hosts: openstack-stage - remote_user: root - tasks: - - - name: install needed network manager libs - yum: - name: '{{ item }}' - state: installed - with_items: - - NetworkManager-libnm - - libnm-qt-devel.x86_64 - - nm-connection-editor.x86_64 - - libsemanage-python - - policycoreutils-python - -##### Working with all cloud nodes - Teaming - - name: try nmcli add team - conn_name only & ip4 gw4 - nmcli: - type: team - conn_name: '{{ item.conn_name }}' - ip4: '{{ item.ip4 }}' - gw4: '{{ item.gw4 }}' - state: present - with_items: - - '{{ nmcli_team }}' - - - name: try nmcli add teams-slave - nmcli: - type: team-slave - conn_name: '{{ item.conn_name }}' - ifname: '{{ item.ifname }}' - master: '{{ item.master }}' - state: present - with_items: - - '{{ nmcli_team_slave }}' - -###### Working with all cloud nodes - Bonding - - name: try nmcli add bond - conn_name only & ip4 gw4 mode - nmcli: - type: bond - conn_name: '{{ item.conn_name }}' - ip4: '{{ item.ip4 }}' - gw4: '{{ item.gw4 }}' - mode: '{{ item.mode }}' - state: present - with_items: - - '{{ nmcli_bond }}' - - - name: try nmcli add bond-slave - nmcli: - type: bond-slave - conn_name: '{{ item.conn_name }}' - ifname: '{{ item.ifname }}' - master: '{{ item.master }}' - state: present - with_items: - - '{{ nmcli_bond_slave }}' - -##### Working with all cloud nodes - Ethernet - - name: nmcli add Ethernet - conn_name only & ip4 gw4 - nmcli: - type: ethernet - conn_name: '{{ item.conn_name }}' - ip4: '{{ item.ip4 }}' - gw4: '{{ item.gw4 }}' - state: present - with_items: - - '{{ nmcli_ethernet }}' - -## playbook-del.yml example -- hosts: openstack-stage - remote_user: root - tasks: - - - name: try nmcli del team - multiple - nmcli: - conn_name: '{{ item.conn_name }}' - state: absent - with_items: - - conn_name: em1 - - conn_name: em2 - - conn_name: p1p1 - - conn_name: p1p2 - - conn_name: p2p1 - - conn_name: p2p2 - - conn_name: tenant - - conn_name: storage - - conn_name: external - - conn_name: team-em1 - - conn_name: team-em2 - - conn_name: team-p1p1 - - conn_name: team-p1p2 - - conn_name: team-p2p1 - - conn_name: team-p2p2 - -# To add an Ethernet connection with static IP configuration, issue a command as follows - - nmcli: - conn_name: my-eth1 - ifname: eth1 - type: ethernet - ip4: 192.0.2.100/24 - gw4: 192.0.2.1 - state: present - -# To add an Team connection with static IP configuration, issue a command as follows - - nmcli: - conn_name: my-team1 - ifname: my-team1 - type: team - ip4: 192.0.2.100/24 - gw4: 192.0.2.1 - state: present - autoconnect: yes - -# Optionally, at the same time specify IPv6 addresses for the device as follows: - - nmcli: - conn_name: my-eth1 - ifname: eth1 - type: ethernet - ip4: 192.0.2.100/24 - gw4: 192.0.2.1 - ip6: '2001:db8::cafe' - gw6: '2001:db8::1' - state: present - -# To add two IPv4 DNS server addresses: - - nmcli: - conn_name: my-eth1 - type: ethernet - dns4: - - 192.0.2.53 - - 198.51.100.53 - state: present - -# To make a profile usable for all compatible Ethernet interfaces, issue a command as follows - - nmcli: - ctype: ethernet - name: my-eth1 - ifname: '*' - state: present - -# To change the property of a setting e.g. MTU, issue a command as follows: - - nmcli: - conn_name: my-eth1 - mtu: 9000 - type: ethernet - state: present - -# To add VxLan, issue a command as follows: - - nmcli: - type: vxlan - conn_name: vxlan_test1 - vxlan_id: 16 - vxlan_local: 192.168.1.2 - vxlan_remote: 192.168.1.5 - -# To add ipip, issue a command as follows: - - nmcli: - type: ipip - conn_name: ipip_test1 - ip_tunnel_dev: eth0 - ip_tunnel_local: 192.168.1.2 - ip_tunnel_remote: 192.168.1.5 - -# nmcli exits with status 0 if it succeeds and exits with a status greater -# than zero when there is a failure. The following list of status codes may be -# returned: -# -# - 0 Success - indicates the operation succeeded -# - 1 Unknown or unspecified error -# - 2 Invalid user input, wrong nmcli invocation -# - 3 Timeout expired (see --wait option) -# - 4 Connection activation failed -# - 5 Connection deactivation failed -# - 6 Disconnecting device failed -# - 7 Connection deletion failed -# - 8 NetworkManager is not running -# - 9 nmcli and NetworkManager versions mismatch -# - 10 Connection, device, or access point does not exist. -""" - -RETURN = r"""# -""" - -try: - import dbus - - HAVE_DBUS = True -except ImportError: - HAVE_DBUS = False - -try: - import gi - - gi.require_version("NM", "1.0") - - from gi.repository import NM - - HAVE_NM_CLIENT = True -except (ImportError, ValueError): - HAVE_NM_CLIENT = False - -from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils._text import to_native - - -class Nmcli(object): - """ - This is the generic nmcli manipulation class that is subclassed based on platform. - A subclass may wish to override the following action methods:- - - create_connection() - - delete_connection() - - modify_connection() - - show_connection() - - up_connection() - - down_connection() - All subclasses MUST define platform and distribution (which may be None). - """ - - platform = "Generic" - distribution = None - if HAVE_DBUS: - bus = dbus.SystemBus() - # The following is going to be used in dbus code - DEVTYPES = { - 1: "Ethernet", - 2: "Wi-Fi", - 5: "Bluetooth", - 6: "OLPC", - 7: "WiMAX", - 8: "Modem", - 9: "InfiniBand", - 10: "Bond", - 11: "VLAN", - 12: "ADSL", - 13: "Bridge", - 14: "Generic", - 15: "Team", - 16: "VxLan", - 17: "ipip", - } - STATES = { - 0: "Unknown", - 10: "Unmanaged", - 20: "Unavailable", - 30: "Disconnected", - 40: "Prepare", - 50: "Config", - 60: "Need Auth", - 70: "IP Config", - 80: "IP Check", - 90: "Secondaries", - 100: "Activated", - 110: "Deactivating", - 120: "Failed", - } - - def __init__(self, module): - self.module = module - self.state = module.params["state"] - self.autoconnect = module.params["autoconnect"] - self.conn_name = module.params["conn_name"] - self.master = module.params["master"] - self.ifname = module.params["ifname"] - self.type = module.params["type"] - self.ip4 = module.params["ip4"] - self.ip4_method = module.params["ip4_method"] - self.gw4 = module.params["gw4"] - self.dns4 = ( - " ".join(module.params["dns4"]) if module.params.get("dns4") else None - ) - self.dns4_search = ( - " ".join(module.params["dns4_search"]) - if module.params.get("dns4_search") - else None - ) - self.ip6 = module.params["ip6"] - self.ip6_method = module.params["ip6_method"] - self.ip6_dhcp_duid = module.params["ip6_dhcp_duid"] - self.gw6 = module.params["gw6"] - self.dns6 = module.params["dns6"] - self.dns6_search = ( - " ".join(module.params["dns6_search"]) - if module.params.get("dns6_search") - else None - ) - self.mtu = module.params["mtu"] - self.stp = module.params["stp"] - self.priority = module.params["priority"] - self.mode = module.params["mode"] - self.miimon = module.params["miimon"] - self.primary = module.params["primary"] - self.id = module.params["id"] - self.downdelay = module.params["downdelay"] - self.updelay = module.params["updelay"] - self.arp_interval = module.params["arp_interval"] - self.arp_ip_target = module.params["arp_ip_target"] - self.slavepriority = module.params["slavepriority"] - self.forwarddelay = module.params["forwarddelay"] - self.hellotime = module.params["hellotime"] - self.maxage = module.params["maxage"] - self.ageingtime = module.params["ageingtime"] - self.hairpin = module.params["hairpin"] - self.path_cost = module.params["path_cost"] - self.mac = module.params["mac"] - self.vlanid = module.params["vlanid"] - self.vlandev = module.params["vlandev"] - self.flags = module.params["flags"] - self.ingress = module.params["ingress"] - self.egress = module.params["egress"] - self.vxlan_id = module.params["vxlan_id"] - self.vxlan_local = module.params["vxlan_local"] - self.vxlan_remote = module.params["vxlan_remote"] - self.ip_tunnel_dev = module.params["ip_tunnel_dev"] - self.ip_tunnel_local = module.params["ip_tunnel_local"] - self.ip_tunnel_remote = module.params["ip_tunnel_remote"] - self.nmcli_bin = self.module.get_bin_path("nmcli", True) - self.dhcp_client_id = module.params["dhcp_client_id"] - - def execute_command(self, cmd, use_unsafe_shell=False, data=None): - return self.module.run_command( - cmd, use_unsafe_shell=use_unsafe_shell, data=data - ) - - def merge_secrets(self, proxy, config, setting_name): - try: - # returns a dict of dicts mapping name::setting, where setting is a dict - # mapping key::value. Each member of the 'setting' dict is a secret - secrets = proxy.GetSecrets(setting_name) - - # Copy the secrets into our connection config - for setting in secrets: - for key in secrets[setting]: - config[setting_name][key] = secrets[setting][key] - except: - pass - - def dict_to_string(self, d): - # Try to trivially translate a dictionary's elements into nice string - # formatting. - dstr = "" - for key in d: - val = d[key] - str_val = "" - add_string = True - if isinstance(val, dbus.Array): - for elt in val: - if isinstance(elt, dbus.Byte): - str_val += "%s " % int(elt) - elif isinstance(elt, dbus.String): - str_val += "%s" % elt - elif isinstance(val, dbus.Dictionary): - dstr += self.dict_to_string(val) - add_string = False - else: - str_val = val - if add_string: - dstr += "%s: %s\n" % (key, str_val) - return dstr - - def connection_to_string(self, config): - # dump a connection configuration to use in list_connection_info - setting_list = [] - for setting_name in config: - setting_list.append(self.dict_to_string(config[setting_name])) - return setting_list - - @staticmethod - def bool_to_string(boolean): - if boolean: - return "yes" - else: - return "no" - - def list_connection_info(self): - # Ask the settings service for the list of connections it provides - bus = dbus.SystemBus() - - service_name = "org.freedesktop.NetworkManager" - settings = None - try: - proxy = bus.get_object( - service_name, "/org/freedesktop/NetworkManager/Settings" - ) - settings = dbus.Interface(proxy, "org.freedesktop.NetworkManager.Settings") - except dbus.exceptions.DBusException as e: - self.module.fail_json( - msg="Unable to read Network Manager settings from DBus system bus: %s" - % to_native(e), - details="Please check if NetworkManager is installed and" - " service network-manager is started.", - ) - connection_paths = settings.ListConnections() - connection_list = [] - # List each connection's name, UUID, and type - for path in connection_paths: - con_proxy = bus.get_object(service_name, path) - settings_connection = dbus.Interface( - con_proxy, "org.freedesktop.NetworkManager.Settings.Connection" - ) - config = settings_connection.GetSettings() - - # Now get secrets too; we grab the secrets for each type of connection - # (since there isn't a "get all secrets" call because most of the time - # you only need 'wifi' secrets or '802.1x' secrets, not everything) and - # merge that into the configuration data - To use at a later stage - self.merge_secrets(settings_connection, config, "802-11-wireless") - self.merge_secrets(settings_connection, config, "802-11-wireless-security") - self.merge_secrets(settings_connection, config, "802-1x") - self.merge_secrets(settings_connection, config, "gsm") - self.merge_secrets(settings_connection, config, "cdma") - self.merge_secrets(settings_connection, config, "ppp") - - # Get the details of the 'connection' setting - s_con = config["connection"] - connection_list.append(s_con["id"]) - connection_list.append(s_con["uuid"]) - connection_list.append(s_con["type"]) - connection_list.append(self.connection_to_string(config)) - return connection_list - - def connection_exists(self): - # we are going to use name and type in this instance to find if that connection exists and is of type x - connections = self.list_connection_info() - - for con_item in connections: - if self.conn_name == con_item: - return True - - def down_connection(self): - cmd = [self.nmcli_bin, "con", "down", self.conn_name] - return self.execute_command(cmd) - - def up_connection(self): - cmd = [self.nmcli_bin, "con", "up", self.conn_name] - return self.execute_command(cmd) - - def create_connection_team(self): - cmd = [self.nmcli_bin, "con", "add", "type", "team", "con-name"] - # format for creating team interface - if self.conn_name is not None: - cmd.append(self.conn_name) - elif self.ifname is not None: - cmd.append(self.ifname) - cmd.append("ifname") - if self.ifname is not None: - cmd.append(self.ifname) - elif self.conn_name is not None: - cmd.append(self.conn_name) - - options = { - "ip4": self.ip4, - "ipv4.method": self.ip4_method, - "gw4": self.gw4, - "ip6": self.ip6, - "ipv6.method": self.ip6_method, - "ipv6.dhcp-duid": self.ip6_dhcp_duid, - "gw6": self.gw6, - "autoconnect": self.bool_to_string(self.autoconnect), - "ipv4.dns-search": self.dns4_search, - "ipv6.dns-search": self.dns6_search, - "ipv4.dhcp-client-id": self.dhcp_client_id, - } - - for key, value in options.items(): - if value is not None: - cmd.extend([key, value]) - - return cmd - - def modify_connection_team(self): - cmd = [self.nmcli_bin, "con", "mod", self.conn_name] - options = { - "ipv4.address": self.ip4, - "ipv4.method": self.ip4_method, - "ipv4.gateway": self.gw4, - "ipv4.dns": self.dns4, - "ipv6.address": self.ip6, - "ipv6.method": self.ip6_method, - "ipv6.dhcp-duid": self.ip6_dhcp_duid, - "ipv6.gateway": self.gw6, - "ipv6.dns": self.dns6, - "autoconnect": self.bool_to_string(self.autoconnect), - "ipv4.dns-search": self.dns4_search, - "ipv6.dns-search": self.dns6_search, - "ipv4.dhcp-client-id": self.dhcp_client_id, - } - - for key, value in options.items(): - if value is not None: - cmd.extend([key, value]) - - return cmd - - def create_connection_team_slave(self): - cmd = [self.nmcli_bin, "connection", "add", "type", self.type, "con-name"] - # format for creating team-slave interface - if self.conn_name is not None: - cmd.append(self.conn_name) - elif self.ifname is not None: - cmd.append(self.ifname) - cmd.append("ifname") - if self.ifname is not None: - cmd.append(self.ifname) - elif self.conn_name is not None: - cmd.append(self.conn_name) - cmd.append("master") - if self.conn_name is not None: - cmd.append(self.master) - return cmd - - def modify_connection_team_slave(self): - cmd = [ - self.nmcli_bin, - "con", - "mod", - self.conn_name, - "connection.master", - self.master, - ] - # format for modifying team-slave interface - if self.mtu is not None: - cmd.append("802-3-ethernet.mtu") - cmd.append(self.mtu) - return cmd - - def create_connection_bond(self): - cmd = [self.nmcli_bin, "con", "add", "type", "bond", "con-name"] - # format for creating bond interface - if self.conn_name is not None: - cmd.append(self.conn_name) - elif self.ifname is not None: - cmd.append(self.ifname) - cmd.append("ifname") - if self.ifname is not None: - cmd.append(self.ifname) - elif self.conn_name is not None: - cmd.append(self.conn_name) - options = { - "mode": self.mode, - "ip4": self.ip4, - "ipv4.method": self.ip4_method, - "gw4": self.gw4, - "ip6": self.ip6, - "ipv6.method": self.ip6_method, - "ipv6.dhcp-duid": self.ip6_dhcp_duid, - "gw6": self.gw6, - "autoconnect": self.bool_to_string(self.autoconnect), - "ipv4.dns-search": self.dns4_search, - "ipv6.dns-search": self.dns6_search, - "miimon": self.miimon, - "downdelay": self.downdelay, - "updelay": self.updelay, - "arp-interval": self.arp_interval, - "arp-ip-target": self.arp_ip_target, - "primary": self.primary, - "ipv4.dhcp-client-id": self.dhcp_client_id, - } - - for key, value in options.items(): - if value is not None: - cmd.extend([key, value]) - return cmd - - def modify_connection_bond(self): - cmd = [self.nmcli_bin, "con", "mod", self.conn_name] - # format for modifying bond interface - - options = { - "ipv4.address": self.ip4, - "ipv4.method": self.ip4_method, - "ipv4.gateway": self.gw4, - "ipv4.dns": self.dns4, - "ipv6.address": self.ip6, - "ipv6.method": self.ip6_method, - "ipv6.dhcp-duid": self.ip6_dhcp_duid, - "ipv6.gateway": self.gw6, - "ipv6.dns": self.dns6, - "autoconnect": self.bool_to_string(self.autoconnect), - "ipv4.dns-search": self.dns4_search, - "ipv6.dns-search": self.dns6_search, - "miimon": self.miimon, - "downdelay": self.downdelay, - "updelay": self.updelay, - "arp-interval": self.arp_interval, - "arp-ip-target": self.arp_ip_target, - "ipv4.dhcp-client-id": self.dhcp_client_id, - } - - for key, value in options.items(): - if value is not None: - cmd.extend([key, value]) - - return cmd - - def create_connection_bond_slave(self): - cmd = [self.nmcli_bin, "connection", "add", "type", "bond-slave", "con-name"] - # format for creating bond-slave interface - if self.conn_name is not None: - cmd.append(self.conn_name) - elif self.ifname is not None: - cmd.append(self.ifname) - cmd.append("ifname") - if self.ifname is not None: - cmd.append(self.ifname) - elif self.conn_name is not None: - cmd.append(self.conn_name) - cmd.append("master") - if self.conn_name is not None: - cmd.append(self.master) - return cmd - - def modify_connection_bond_slave(self): - cmd = [ - self.nmcli_bin, - "con", - "mod", - self.conn_name, - "connection.master", - self.master, - ] - # format for modifying bond-slave interface - return cmd - - def create_connection_ethernet(self, conn_type="ethernet"): - # format for creating ethernet interface - # To add an Ethernet connection with static IP configuration, issue a command as follows - # - nmcli: name=add conn_name=my-eth1 ifname=eth1 type=ethernet ip4=192.0.2.100/24 gw4=192.0.2.1 state=present - # nmcli con add con-name my-eth1 ifname eth1 type ethernet ip4 192.0.2.100/24 gw4 192.0.2.1 - cmd = [self.nmcli_bin, "con", "add", "type"] - if conn_type == "ethernet": - cmd.append("ethernet") - elif conn_type == "generic": - cmd.append("generic") - cmd.append("con-name") - if self.conn_name is not None: - cmd.append(self.conn_name) - elif self.ifname is not None: - cmd.append(self.ifname) - cmd.append("ifname") - if self.ifname is not None: - cmd.append(self.ifname) - elif self.conn_name is not None: - cmd.append(self.conn_name) - - options = { - "ip4": self.ip4, - "ipv4.method": self.ip4_method, - "gw4": self.gw4, - "ip6": self.ip6, - "ipv6.method": self.ip6_method, - "ipv6.dhcp-duid": self.ip6_dhcp_duid, - "gw6": self.gw6, - "autoconnect": self.bool_to_string(self.autoconnect), - "ipv4.dns-search": self.dns4_search, - "ipv6.dns-search": self.dns6_search, - "ipv4.dhcp-client-id": self.dhcp_client_id, - } - - for key, value in options.items(): - if value is not None: - cmd.extend([key, value]) - - return cmd - - def modify_connection_ethernet(self, conn_type="ethernet"): - cmd = [self.nmcli_bin, "con", "mod", self.conn_name] - # format for modifying ethernet interface - # To modify an Ethernet connection with static IP configuration, issue a command as follows - # - nmcli: conn_name=my-eth1 ifname=eth1 type=ethernet ip4=192.0.2.100/24 gw4=192.0.2.1 state=present - # nmcli con mod con-name my-eth1 ifname eth1 type ethernet ip4 192.0.2.100/24 gw4 192.0.2.1 - options = { - "ipv4.address": self.ip4, - "ipv4.method": self.ip4_method, - "ipv4.gateway": self.gw4, - "ipv4.dns": self.dns4, - "ipv6.address": self.ip6, - "ipv6.method": self.ip6_method, - "connection.id": self.id, - "ipv6.dhcp-duid": self.ip6_dhcp_duid, - "ipv6.gateway": self.gw6, - "ipv6.dns": self.dns6, - "autoconnect": self.bool_to_string(self.autoconnect), - "ipv4.dns-search": self.dns4_search, - "ipv6.dns-search": self.dns6_search, - "802-3-ethernet.mtu": self.mtu, - "ipv4.dhcp-client-id": self.dhcp_client_id, - } - - for key, value in options.items(): - if value is not None: - if key == "802-3-ethernet.mtu" and conn_type != "ethernet": - continue - cmd.extend([key, value]) - - return cmd - - def create_connection_bridge(self): - # format for creating bridge interface - # To add an Bridge connection with static IP configuration, issue a command as follows - # - nmcli: name=add conn_name=my-eth1 ifname=eth1 type=bridge ip4=192.0.2.100/24 gw4=192.0.2.1 state=present - # nmcli con add con-name my-eth1 ifname eth1 type bridge ip4 192.0.2.100/24 gw4 192.0.2.1 - cmd = [self.nmcli_bin, "con", "add", "type", "bridge", "con-name"] - if self.conn_name is not None: - cmd.append(self.conn_name) - elif self.ifname is not None: - cmd.append(self.ifname) - cmd.append("ifname") - if self.ifname is not None: - cmd.append(self.ifname) - elif self.conn_name is not None: - cmd.append(self.conn_name) - - options = { - "ipv4.addresses": self.ip4, - "ipv4.method": self.ip4_method, - "ipv4.gateway": self.gw4, - "ipv6.addresses": self.ip6, - "ipv6.method": self.ip6_method, - "ipv6.dhcp-duid": self.ip6_dhcp_duid, - "ipv6.gateway": self.gw6, - "autoconnect": self.bool_to_string(self.autoconnect), - "bridge.ageing-time": self.ageingtime, - "bridge.forward-delay": self.forwarddelay, - "bridge.hello-time": self.hellotime, - "bridge.mac-address": self.mac, - "bridge.max-age": self.maxage, - "bridge.priority": self.priority, - "bridge.stp": self.bool_to_string(self.stp), - } - - for key, value in options.items(): - if value is not None: - cmd.extend([key, value]) - - return cmd - - def modify_connection_bridge(self): - # format for modifying bridge interface - # To add an Bridge connection with static IP configuration, issue a command as follows - # - nmcli: name=mod conn_name=my-eth1 ifname=eth1 type=bridge ip4=192.0.2.100/24 gw4=192.0.2.1 state=present - # nmcli con mod my-eth1 ifname eth1 type bridge ip4 192.0.2.100/24 gw4 192.0.2.1 - cmd = [self.nmcli_bin, "con", "mod", self.conn_name] - - options = { - "ipv4.addresses": self.ip4, - "ipv4.method": self.ip4_method, - "ipv4.gateway": self.gw4, - "ipv6.addresses": self.ip6, - "ipv6.method": self.ip6_method, - "ipv6.dhcp-duid": self.ip6_dhcp_duid, - "ipv6.gateway": self.gw6, - "autoconnect": self.bool_to_string(self.autoconnect), - "bridge.ageing-time": self.ageingtime, - "bridge.forward-delay": self.forwarddelay, - "bridge.hello-time": self.hellotime, - "bridge.mac-address": self.mac, - "bridge.max-age": self.maxage, - "bridge.priority": self.priority, - "bridge.stp": self.bool_to_string(self.stp), - } - - for key, value in options.items(): - if value is not None: - cmd.extend([key, value]) - - return cmd - - def create_connection_bridge_slave(self): - # format for creating bond-slave interface - cmd = [self.nmcli_bin, "con", "add", "type", "bridge-slave", "con-name"] - if self.conn_name is not None: - cmd.append(self.conn_name) - elif self.ifname is not None: - cmd.append(self.ifname) - cmd.append("ifname") - if self.ifname is not None: - cmd.append(self.ifname) - elif self.conn_name is not None: - cmd.append(self.conn_name) - - options = { - "master": self.master, - "connection.id": self.id, - "bridge-port.path-cost": self.path_cost, - "bridge-port.hairpin": self.bool_to_string(self.hairpin), - "bridge-port.priority": self.slavepriority, - } - - for key, value in options.items(): - if value is not None: - cmd.extend([key, value]) - - return cmd - - def modify_connection_bridge_slave(self): - # format for modifying bond-slave interface - cmd = [self.nmcli_bin, "con", "mod", self.conn_name] - options = { - "master": self.master, - "connection.id": self.id, - "bridge-port.path-cost": self.path_cost, - "bridge-port.hairpin": self.bool_to_string(self.hairpin), - "bridge-port.priority": self.slavepriority, - } - - for key, value in options.items(): - if value is not None: - cmd.extend([key, value]) - - return cmd - - def create_connection_vlan(self): - cmd = [self.nmcli_bin] - cmd.append("con") - cmd.append("add") - cmd.append("type") - cmd.append("vlan") - cmd.append("con-name") - - if self.conn_name is not None: - cmd.append(self.conn_name) - elif self.ifname is not None: - cmd.append(self.ifname) - else: - cmd.append("vlan%s" % self.vlanid) - - cmd.append("ifname") - if self.ifname is not None: - cmd.append(self.ifname) - elif self.conn_name is not None: - cmd.append(self.conn_name) - else: - cmd.append("vlan%s" % self.vlanid) - - params = { - "dev": self.vlandev, - "id": self.vlanid, - "ip4": self.ip4 or "", - "ip4.method": self.ip4_method or "", - "gw4": self.gw4 or "", - "ip6": self.ip6 or "", - "ip6.method": self.ip6_method or "", - "ip6.dhcp-duid": self.ip6_dhcp_duid or "", - "gw6": self.gw6 or "", - "autoconnect": self.bool_to_string(self.autoconnect), - } - for k, v in params.items(): - cmd.extend([k, v]) - - return cmd - - def modify_connection_vlan(self): - cmd = [self.nmcli_bin] - cmd.append("con") - cmd.append("mod") - - if self.conn_name is not None: - cmd.append(self.conn_name) - elif self.ifname is not None: - cmd.append(self.ifname) - else: - cmd.append("vlan%s" % self.vlanid) - - params = { - "vlan.parent": self.vlandev, - "vlan.id": self.vlanid, - "ipv4.address": self.ip4 or "", - "ipv4.method": self.ip4_method or "", - "ipv4.gateway": self.gw4 or "", - "ipv4.dns": self.dns4 or "", - "ipv6.address": self.ip6 or "", - "ipv6.method": self.ip6_method or "", - "ipv6.dhcp-duid": self.ip6_dhcp_duid or "", - "ipv6.gateway": self.gw6 or "", - "ipv6.dns": self.dns6 or "", - "autoconnect": self.bool_to_string(self.autoconnect), - } - - for k, v in params.items(): - cmd.extend([k, v]) - - return cmd - - def create_connection_vxlan(self): - cmd = [self.nmcli_bin, "con", "add", "type", "vxlan", "con-name"] - - if self.conn_name is not None: - cmd.append(self.conn_name) - elif self.ifname is not None: - cmd.append(self.ifname) - else: - cmd.append("vxlan%s" % self.vxlanid) - - cmd.append("ifname") - if self.ifname is not None: - cmd.append(self.ifname) - elif self.conn_name is not None: - cmd.append(self.conn_name) - else: - cmd.append("vxan%s" % self.vxlanid) - - params = { - "vxlan.id": self.vxlan_id, - "vxlan.local": self.vxlan_local, - "vxlan.remote": self.vxlan_remote, - "autoconnect": self.bool_to_string(self.autoconnect), - } - for k, v in params.items(): - cmd.extend([k, v]) - - return cmd - - def modify_connection_vxlan(self): - cmd = [self.nmcli_bin, "con", "mod"] - - if self.conn_name is not None: - cmd.append(self.conn_name) - elif self.ifname is not None: - cmd.append(self.ifname) - else: - cmd.append("vxlan%s" % self.vxlanid) - - params = { - "vxlan.id": self.vxlan_id, - "vxlan.local": self.vxlan_local, - "vxlan.remote": self.vxlan_remote, - "autoconnect": self.bool_to_string(self.autoconnect), - } - for k, v in params.items(): - cmd.extend([k, v]) - return cmd - - def create_connection_ipip(self): - cmd = [ - self.nmcli_bin, - "con", - "add", - "type", - "ip-tunnel", - "mode", - "ipip", - "con-name", - ] - - if self.conn_name is not None: - cmd.append(self.conn_name) - elif self.ifname is not None: - cmd.append(self.ifname) - elif self.ip_tunnel_dev is not None: - cmd.append("ipip%s" % self.ip_tunnel_dev) - - cmd.append("ifname") - if self.ifname is not None: - cmd.append(self.ifname) - elif self.conn_name is not None: - cmd.append(self.conn_name) - else: - cmd.append("ipip%s" % self.ipip_dev) - - if self.ip_tunnel_dev is not None: - cmd.append("dev") - cmd.append(self.ip_tunnel_dev) - - params = { - "ip-tunnel.local": self.ip_tunnel_local, - "ip-tunnel.remote": self.ip_tunnel_remote, - "autoconnect": self.bool_to_string(self.autoconnect), - } - for k, v in params.items(): - cmd.extend([k, v]) - - return cmd - - def modify_connection_ipip(self): - cmd = [self.nmcli_bin, "con", "mod"] - - if self.conn_name is not None: - cmd.append(self.conn_name) - elif self.ifname is not None: - cmd.append(self.ifname) - elif self.ip_tunnel_dev is not None: - cmd.append("ipip%s" % self.ip_tunnel_dev) - - params = { - "ip-tunnel.local": self.ip_tunnel_local, - "ip-tunnel.remote": self.ip_tunnel_remote, - "autoconnect": self.bool_to_string(self.autoconnect), - } - for k, v in params.items(): - cmd.extend([k, v]) - return cmd - - def create_connection(self): - cmd = [] - if self.type == "team": - if (self.dns4 is not None) or (self.dns6 is not None): - cmd = self.create_connection_team() - self.execute_command(cmd) - cmd = self.modify_connection_team() - self.execute_command(cmd) - return self.up_connection() - elif (self.dns4 is None) or (self.dns6 is None): - cmd = self.create_connection_team() - elif self.type == "team-slave": - if self.mtu is not None: - cmd = self.create_connection_team_slave() - self.execute_command(cmd) - cmd = self.modify_connection_team_slave() - return self.execute_command(cmd) - else: - cmd = self.create_connection_team_slave() - elif self.type == "bond": - if ( - (self.mtu is not None) - or (self.dns4 is not None) - or (self.dns6 is not None) - ): - cmd = self.create_connection_bond() - self.execute_command(cmd) - cmd = self.modify_connection_bond() - self.execute_command(cmd) - return self.up_connection() - else: - cmd = self.create_connection_bond() - elif self.type == "bond-slave": - cmd = self.create_connection_bond_slave() - elif self.type == "ethernet": - if ( - (self.mtu is not None) - or (self.dns4 is not None) - or (self.dns6 is not None) - ): - cmd = self.create_connection_ethernet() - self.execute_command(cmd) - cmd = self.modify_connection_ethernet() - self.execute_command(cmd) - return self.up_connection() - else: - cmd = self.create_connection_ethernet() - elif self.type == "bridge": - cmd = self.create_connection_bridge() - elif self.type == "bridge-slave": - cmd = self.create_connection_bridge_slave() - elif self.type == "vlan": - cmd = self.create_connection_vlan() - elif self.type == "vxlan": - cmd = self.create_connection_vxlan() - elif self.type == "ipip": - cmd = self.create_connection_ipip() - elif self.type == "generic": - cmd = self.create_connection_ethernet(conn_type="generic") - - if cmd: - return self.execute_command(cmd) - else: - self.module.fail_json( - msg="Type of device or network connection is required " - "while performing 'create' operation. Please specify 'type' as an argument." - ) - - def remove_connection(self): - # self.down_connection() - cmd = [self.nmcli_bin, "con", "del", self.conn_name] - return self.execute_command(cmd) - - def modify_connection(self): - cmd = [] - if self.type == "team": - cmd = self.modify_connection_team() - elif self.type == "team-slave": - cmd = self.modify_connection_team_slave() - elif self.type == "bond": - cmd = self.modify_connection_bond() - elif self.type == "bond-slave": - cmd = self.modify_connection_bond_slave() - elif self.type == "ethernet": - cmd = self.modify_connection_ethernet() - elif self.type == "bridge": - cmd = self.modify_connection_bridge() - elif self.type == "bridge-slave": - cmd = self.modify_connection_bridge_slave() - elif self.type == "vlan": - cmd = self.modify_connection_vlan() - elif self.type == "vxlan": - cmd = self.modify_connection_vxlan() - elif self.type == "ipip": - cmd = self.modify_connection_ipip() - elif self.type == "generic": - cmd = self.modify_connection_ethernet(conn_type="generic") - if cmd: - return self.execute_command(cmd) - else: - self.module.fail_json( - msg="Type of device or network connection is required " - "while performing 'modify' operation. Please specify 'type' as an argument." - ) - - -def main(): - # Parsing argument file - module = AnsibleModule( - argument_spec=dict( - autoconnect=dict(required=False, default=True, type="bool"), - state=dict(required=True, choices=["present", "absent"], type="str"), - conn_name=dict(required=True, type="str"), - master=dict(required=False, default=None, type="str"), - id=dict(required=False, default=None, type="str"), - ifname=dict(required=False, default=None, type="str"), - type=dict( - required=False, - default=None, - choices=[ - "ethernet", - "team", - "team-slave", - "bond", - "bond-slave", - "bridge", - "bridge-slave", - "vlan", - "vxlan", - "ipip", - "generic", - ], - type="str", - ), - ip4=dict(required=False, default=None, type="str"), - ip4_method=dict(required=False, default=None, type="str"), - gw4=dict(required=False, default=None, type="str"), - dns4=dict(required=False, default=None, type="list"), - dns4_search=dict(type="list"), - dhcp_client_id=dict(required=False, default=None, type="str"), - ip6=dict(required=False, default=None, type="str"), - ip6_method=dict(required=False, default=None, type="str"), - ip6_dhcp_duid=dict(required=False, default=None, type="str"), - gw6=dict(required=False, default=None, type="str"), - dns6=dict(required=False, default=None, type="str"), - dns6_search=dict(type="list"), - # Bond Specific vars - mode=dict( - require=False, - default="balance-rr", - type="str", - choices=[ - "balance-rr", - "active-backup", - "balance-xor", - "broadcast", - "802.3ad", - "balance-tlb", - "balance-alb", - ], - ), - miimon=dict(required=False, default=None, type="str"), - downdelay=dict(required=False, default=None, type="str"), - updelay=dict(required=False, default=None, type="str"), - arp_interval=dict(required=False, default=None, type="str"), - arp_ip_target=dict(required=False, default=None, type="str"), - primary=dict(required=False, default=None, type="str"), - # general usage - mtu=dict(required=False, default=None, type="str"), - mac=dict(required=False, default=None, type="str"), - # bridge specific vars - stp=dict(required=False, default=True, type="bool"), - priority=dict(required=False, default="128", type="str"), - slavepriority=dict(required=False, default="32", type="str"), - forwarddelay=dict(required=False, default="15", type="str"), - hellotime=dict(required=False, default="2", type="str"), - maxage=dict(required=False, default="20", type="str"), - ageingtime=dict(required=False, default="300", type="str"), - hairpin=dict(required=False, default=True, type="bool"), - path_cost=dict(required=False, default="100", type="str"), - # vlan specific vars - vlanid=dict(required=False, default=None, type="str"), - vlandev=dict(required=False, default=None, type="str"), - flags=dict(required=False, default=None, type="str"), - ingress=dict(required=False, default=None, type="str"), - egress=dict(required=False, default=None, type="str"), - # vxlan specific vars - vxlan_id=dict(required=False, default=None, type="str"), - vxlan_local=dict(required=False, default=None, type="str"), - vxlan_remote=dict(required=False, default=None, type="str"), - # ip-tunnel specific vars - ip_tunnel_dev=dict(required=False, default=None, type="str"), - ip_tunnel_local=dict(required=False, default=None, type="str"), - ip_tunnel_remote=dict(required=False, default=None, type="str"), - ), - supports_check_mode=True, - ) - - if not HAVE_DBUS: - module.fail_json(msg="This module requires dbus python bindings") - - if not HAVE_NM_CLIENT: - module.fail_json(msg="This module requires NetworkManager glib API") - - nmcli = Nmcli(module) - - (rc, out, err) = (None, "", "") - result = {"conn_name": nmcli.conn_name, "state": nmcli.state} - - # check for issues - if nmcli.conn_name is None: - nmcli.module.fail_json(msg="Please specify a name for the connection") - # team-slave checks - if nmcli.type == "team-slave" and nmcli.master is None: - nmcli.module.fail_json(msg="Please specify a name for the master") - if nmcli.type == "team-slave" and nmcli.ifname is None: - nmcli.module.fail_json( - msg="Please specify an interface name for the connection" - ) - - if nmcli.state == "absent": - if nmcli.connection_exists(): - if module.check_mode: - module.exit_json(changed=True) - (rc, out, err) = nmcli.down_connection() - (rc, out, err) = nmcli.remove_connection() - if rc != 0: - module.fail_json( - name=("No Connection named %s exists" % nmcli.conn_name), - msg=err, - rc=rc, - ) - - elif nmcli.state == "present": - if nmcli.connection_exists(): - # modify connection (note: this function is check mode aware) - # result['Connection']=('Connection %s of Type %s is not being added' % (nmcli.conn_name, nmcli.type)) - result["Exists"] = "Connections do exist so we are modifying them" - if module.check_mode: - module.exit_json(changed=True) - (rc, out, err) = nmcli.modify_connection() - if not nmcli.connection_exists(): - result["Connection"] = "Connection %s of Type %s is being added" % ( - nmcli.conn_name, - nmcli.type, - ) - if module.check_mode: - module.exit_json(changed=True) - (rc, out, err) = nmcli.create_connection() - if rc is not None and rc != 0: - module.fail_json(name=nmcli.conn_name, msg=err, rc=rc) - - if rc is None: - result["changed"] = False - else: - result["changed"] = True - if out: - result["stdout"] = out - if err: - result["stderr"] = err - - module.exit_json(**result) - - -if __name__ == "__main__": - main() diff --git a/ansible-ipi-install/roles/node_prep/meta/main.yml b/ansible-ipi-install/roles/node_prep/meta/main.yml deleted file mode 100644 index 23e9ee59ab..0000000000 --- a/ansible-ipi-install/roles/node_prep/meta/main.yml +++ /dev/null @@ -1,8 +0,0 @@ -galaxy_info: - author: Roger Lopez - description: The node_prep role assists in setup of the provision host. - company: Red Hat, Inc. - license: Apache License, Version 2.0 - min_ansible_version: 2.9 - galaxy_tags: [] -dependencies: [] diff --git a/ansible-ipi-install/roles/node_prep/tasks/10_validation.yml b/ansible-ipi-install/roles/node_prep/tasks/10_validation.yml deleted file mode 100644 index ca9f5c7e9c..0000000000 --- a/ansible-ipi-install/roles/node_prep/tasks/10_validation.yml +++ /dev/null @@ -1,583 +0,0 @@ ---- -- name: Check ansible version - fail: - msg: Use Ansible version 2.9 or greater to run this playbook - when: ansible_version.full is version('2.9.0', '<') - delegate_to: localhost - tags: - - always - - validation - - fully_disconnected - -- name: Ensure Python libraries are installed - python_requirements_info: - dependencies: - - dnspython - - netaddr - register: _py_facts - delegate_to: localhost - tags: - - always - - validation - -- name: Fail if Python modules are missing - fail: - msg: | - Missing python module(s) {{ _py_facts.not_found }} on localhost - when: _py_facts.not_found | length > 0 - tags: - - always - - validation - -- name: Fail if version is undefined or empty. - fail: - msg: "The version is undefined or empty. Use a value such as 'latest-4.3' or 'latest-4.4' or an explicit version." - when: (version is undefined) or (version|length == 0) - tags: - - always - - validation - -- name: Fail if build is undefined or empty - fail: - msg: "The build is undefined or empty. Use a value such as 'dev' or 'ga'." - when: (build is undefined) or (build|length == 0) - tags: - - always - - validation - -- name: Fail if a required install-config variable is undefined or empty. - fail: - msg: "A variable regarding install-config.yml is undefined or empty." - when: > - (domain is undefined) or (domain|length == 0) or - (cluster is undefined) or (cluster|length == 0) or - (extcidrnet is undefined) or (extcidrnet|length == 0) or - (pullsecret is undefined) or (pullsecret|length == 0) - tags: - - always - - validation - -- name: Fail if both bootstraposimage and clusterosimage variables are empty. - fail: - msg: "Both bootraposimage and clusterosimage are empty. Please provide a URL or comment out." - when: - - bootstraposimage is defined and bootstraposimage|length == 0 - - clusterosimage is defined and clusterosimage|length == 0 - tags: - - always - - validation - -- name: Conditions to set cache_enabled to true - set_fact: - cache_enabled: true - when: (cache_enabled|bool) or - (bootstraposimage is undefined and clusterosimage is defined) or - (bootstraposimage is defined and clusterosimage is undefined) or - (clusterosimage is defined and bootstraposimage|length == 0) or - (bootstraposimage is defined and clusterosimage|length == 0) - tags: - - always - - validation - -- name: Conditions to set cache_enabled to false - set_fact: - cache_enabled: false - when: (not cache_enabled|bool) or - (bootstraposimage is defined and clusterosimage is defined) - tags: - - always - - validation - -- name: Check whether caching is enabled - debug: - msg: "cache enable {{ cache_enabled }}" - verbosity: 2 - tags: validation - -- name: Verify DNS records for Wildcard (Ingress) VIP - set_fact: - ingressvip: "{{ lookup('dig', 'foo.apps.{{ cluster |quote }}.{{ domain | quote }}.', '{{ qtype }}' ) }}" - when: ((ingressvip is undefined) or (ingressvip|length == 0)) - tags: - - always - - validation - -- name: Verify DNS records for API VIP - set_fact: - apivip: "{{ lookup('dig', 'api.{{ cluster |quote }}.{{ domain | quote }}.', '{{ qtype }}' ) }}" - when: ((apivip is undefined) or (apivip|length == 0)) - tags: - - always - - validation - -- name: Display API VIP IP - debug: - msg: "The API VIP is {{ apivip }}" - verbosity: 2 - tags: validation - -- name: Display Ingress VIP IP - debug: - msg: "The Wildcard (Ingress) VIP is {{ ingressvip }}" - verbosity: 2 - tags: validation - -- name: Fail if incorrect API VIP - fail: - msg: "The API VIP IP seems to be incorrect. Value was NXDOMAIN or empty string." - when: (apivip == 'NXDOMAIN') or (apivip|length == 0) - tags: - - always - - validation - -- name: Fail if incorrect Ingress VIP - fail: - msg: "The Ingress VIP IP seems to be incorrect. Value was NXDOMAIN or empty string." - when: (ingressvip == 'NXDOMAIN') or (ingressvip|length == 0) - tags: - - always - - validation - -- name: Validations for IPv6 VIPs in OCP >= 4.12 - block: - - name: Verify DNS records for Wildcard (Ingress) IPv6 VIP - set_fact: - ingressvip6: "{{ lookup('dig', 'foo.apps.{{ cluster |quote }}.{{ domain | quote }}.', 'qtype=AAAA' ) }}" - when: ((ingressvip6 is undefined) or (ingressvip6|length == 0)) - tags: - - always - - validation - - - name: Verify DNS records for API IPv6 VIP - set_fact: - apivip6: "{{ lookup('dig', 'api.{{ cluster |quote }}.{{ domain | quote }}.', 'qtype=AAAA' ) }}" - when: ((apivip6 is undefined) or (apivip6|length == 0)) - tags: - - always - - validation - - - name: Display API IPv6 VIP - debug: - msg: "The API IPv6 VIP is {{ apivip6 }}" - verbosity: 2 - tags: validation - - - name: Display Ingress IPv6 VIP - debug: - msg: "The Wildcard (Ingress) IPv6 VIP is {{ ingressvip6 }}" - verbosity: 2 - tags: validation - - - name: Fail if incorrect API IPv6 VIP - fail: - msg: "The API IPv6 VIP seems to be incorrect. Value was NXDOMAIN or empty string." - when: (apivip6 == 'NXDOMAIN') or (apivip6|length == 0) - tags: - - always - - validation - - - name: Fail if incorrect Ingress IPv6 VIP - fail: - msg: "The Ingress IPv6 VIP seems to be incorrect. Value was NXDOMAIN or empty string." - when: (ingressvip6 == 'NXDOMAIN') or (ingressvip6|length == 0) - tags: - - always - - validation - when: - - version.split('.')[0]|int == 4 and version.split('.')[1]|int >= 12 - - ipv6_enabled | bool - - dualstack_baremetal | bool - - dualstack_vips | bool - -- name: Set release_url for development envs - set_fact: - release_url: "{{ (webserver_url|length) | ternary(webserver_url, 'https://mirror.openshift.com/pub/openshift-v4/clients/ocp-dev-preview') }}" - when: - - build == 'dev' - - release_url is undefined - tags: - - always - - validation - -- name: Set release_url for GA envs - set_fact: - release_url: "{{ (webserver_url|length) | ternary(webserver_url, 'https://mirror.openshift.com/pub/openshift-v4/clients/ocp') }}" - when: - - build == 'ga' - - release_url is undefined - tags: - - always - - validation - -- name: Confirm whether or not internet connectivity on provisioner host - uri: - url: https://www.redhat.com - status_code: [-1, 200, 301] - timeout: 1 - register: check_url - tags: - - validation - -- name: Set fact disconnected_registry_auths_file - set_fact: - disconnected_registry_auths_file: "{{ hostvars[groups['registry_host'][0]]['disconnected_registry_auths_file'] }}" - when: - - groups['registry_host'] is defined - - groups['registry_host']|length - - hostvars[groups['registry_host'][0]]['disconnected_registry_auths_file'] is defined - tags: - - validation - -- name: Set fact disconnected_registry_mirrors_file - set_fact: - disconnected_registry_mirrors_file: "{{ hostvars[groups['registry_host'][0]]['disconnected_registry_mirrors_file'] }}" - when: - - groups['registry_host'] is defined - - groups['registry_host']|length - - hostvars[groups['registry_host'][0]]['disconnected_registry_mirrors_file'] is defined - tags: - - validation - -- name: Verify Registry host details - set_fact: - registry_host_exists: true - when: - - groups['registry_host'] is defined - - groups['registry_host']|length - tags: - - validation - - create_registry - -- name: Check if disconnected_registry_auths_file is set - set_fact: - dra_set: true - when: - - disconnected_registry_auths_file is defined - - disconnected_registry_auths_file is not none - - disconnected_registry_auths_file | trim != '' - tags: - - validation - - create_registry - -- name: Check if disconnected_registry_mirrors_file is set - set_fact: - drm_set: true - when: - - disconnected_registry_mirrors_file is defined - - disconnected_registry_mirrors_file is not none - - disconnected_registry_mirrors_file | trim != '' - tags: - - validation - - create_registry - -- name: Fail when provision host no online access and registry host not creating registry (can't assume access) - fail: - msg: | - A host with online access is required to create cache webserver. - Either provision host or registry host (if creating registry) - must be online or you must set the webserver_url to a pre-existing - URL i.e. http://example.com:8080 - when: - - check_url.status == -1 - - groups['registry_host'] is defined - - groups['registry_host']|length - - dra_set - - drm_set - - webserver_url|length == 0 - -- block: - - name: Check if Python cryptography libraries are installed - python_requirements_info: - dependencies: - - cryptography>=1.2.3 - delegate_to: localhost - register: _py_crypto - - - name: Check if Python PyOpenSSL libraries are installed - python_requirements_info: - dependencies: - - PyOpenSSL>=0.6 - delegate_to: localhost - register: _py_pyopenssl - - - name: "Fail on missing required cryptography libraries cryptography OR PyOpenSSL" - fail: - msg: "Required cryptography libraries are missing cryptography OR PyOpenSSL" - when: (_py_crypto.not_found != []) and - (_py_pyopenssl.not_found != [] ) - tags: - - create_registry - - validation - when: - - not dra_set - - not drm_set - - registry_host_exists - -- name: Get Release.txt File - uri: - url: "{{ release_url }}/{{ version }}/release.txt" - return_content: true - register: result - until: result.status == 200 - retries: 6 # 1 minute (10 * 6) - delay: 10 # Every 10 seconds - failed_when: result.content|length == 0 or result.status >= 400 - delegate_to: "{{ (not dra_set and not drm_set and registry_host_exists) | ternary(groups['registry_host'][0], groups['provisioner'][0]) }}" - tags: - - always - - validation - -- name: Set Fact for Release Image - set_fact: - release_version: "{{ result.content | regex_search('Version:.*') | regex_replace('Version:\\s*(.*)', '\\1') }}" - release_image: "{{ result.content | regex_search('Pull From:.*') | regex_replace('Pull From:\\s*(.*)', '\\1') }}" - tags: - - always - - validation - -- name: Get the release version - debug: - msg: "release version {{ release_version }}" - verbosity: 2 - tags: validation - -- name: Fail if dual-stack is requested and build does not support it - fail: - msg: This release {{ release_version }} does not support dual-stack deployments - when: release_version.split('.')[0]|int == 4 and release_version.split('.')[1]|int < 6 and dualstack_baremetal - tags: - - always - - validation - -- name: Fail if dualstack_baremetal and ipv4_baremetal are both true - fail: - msg: Only one of ipv4_baremetal and dualstack_baremetal variables can be true - when: ipv4_baremetal and dualstack_baremetal - tags: - - always - - validation - -- name: Check for valid extcidrnet (IPv4) - fail: - msg: extcidrnet should be a valid IPv4 CIDR - when: not ipv6_enabled|bool and not extcidrnet|ipv4 - tags: - - always - - validation - -- name: Check for valid extcidrnet (IPv6) - fail: - msg: extcidrnet6 should be a valid IPv6 address - when: ipv6_enabled|bool and not (ipv4_baremetal or dualstack_baremetal) and not extcidrnet6|ipv6 - tags: - - always - - validation - -- name: Check for valid extcidrnet and extcidrnet6 (Dual-Stack) - fail: - msg: extcidrnet should be a valid IPv4 address and extcidrnet6 should be a valid IPv6 address - when: ipv6_enabled|bool and dualstack_baremetal|bool and not (extcidrnet|ipv4 and extcidrnet6|ipv6) - tags: - - always - - validation - -- name: Check if openshift-client-linux-{{ version }}.tar.gz exists - uri: - url: "{{ release_url }}/{{ version }}/openshift-client-linux-{{ release_version }}.tar.gz" - method: HEAD - until: ocp_client_chk.status == 200 - retries: 6 # 1 minute (10 * 6) - delay: 10 # Every 10 seconds - register: ocp_client_chk - delegate_to: "{{ (not dra_set and not drm_set and registry_host_exists) | ternary(groups['registry_host'][0], groups['provisioner'][0]) }}" - tags: validation - -- name: Fail if hostgroups not defined in inventory/hosts file - fail: - msg: "The masters group is not defined. Please add masters to the inventory/hosts file" - when: "'masters' not in groups" - tags: - - always - - validation - -- name: Set Fact of num of workers and masters based on inventory - set_fact: - numworkers: "{{ groups['workers'] | default([]) | length }}" - nummasters: "{{ groups['masters'] | length }}" - tags: - - always - - validation - -- name: Gather the rpm package facts - package_facts: - manager: auto - tags: - - always - - validation - -- name: Set Fact for firewall variable - set_fact: - firewall: "iptables" - when: "'iptables-services' in ansible_facts.packages" - tags: - - always - - validation - -- name: Set Fact for provisioning nic - set_fact: - masters_prov_nic: "{{ prov_nic }}" - when: - - (masters_prov_nic is undefined) or (masters_prov_nic|length == 0) - - not enable_virtualmedia|bool - tags: - - always - - validation - -- name: Fail if DNSVIP not set (OCP 4.4 or lower) - fail: - msg: "dnsvip variable is undefined or empty." - when: - - ((release_version.split('.')[0]|int == 4) and (release_version.split('.')[1]|int < 5)) - - ((dnsvip is undefined) or (dnsvip|length == 0)) - tags: - - always - - validation - -- name: Get all the chassis results from all the hosts - redfish_info: - category: Chassis - command: GetChassisInventory - baseuri: "{{ hostvars[item]['ipmi_address']|ipwrap }}" - username: "{{ hostvars[item]['ipmi_user'] }}" - password: "{{ hostvars[item]['ipmi_password'] }}" - register: chassis_result - until: chassis_result is succeeded - retries: 3 - delay: 10 - with_items: - - "{{ groups.masters }}" - - "{{ groups.workers | default([]) }}" - ignore_errors: true - when: redfish_inspection|bool - tags: validation - -- name: Get all the firmware results from all the hosts - redfish_info: - category: Update - command: GetFirmwareInventory - baseuri: "{{ hostvars[item]['ipmi_address']|ipwrap }}" - username: "{{ hostvars[item]['ipmi_user'] }}" - password: "{{ hostvars[item]['ipmi_password'] }}" - register: firmware_result - with_items: - - "{{ groups.masters }}" - - "{{ groups.workers | default([]) }}" - ignore_errors: true - when: redfish_inspection|bool - tags: validation - -- name: Adding hosts to to their dynamic Dell inventory group - block: - - name: Add all the hosts that are Dell to a group with iDRAC firmware higher than 4.20.20.20 - add_host: - groups: dell_hosts_redfish - hostname: "{{ chassis_result.results[item|int].item }}" - with_sequence: start=0 end="{{ numworkers|int + nummasters|int - 1 }}" - when: - - not chassis_result.results[{{ item }}].failed|bool - - not firmware_result.results[{{ item }}].failed|bool - - "'Dell' in chassis_result.results[{{ item }}].redfish_facts.chassis.entries[0].Manufacturer" - - firmware_result.results[{{ item }}].redfish_facts.firmware.entries | json_query(query) | max >= "4.20.20.20" - vars: - query: "[?Name=='Integrated Dell Remote Access Controller'].Version" - register: dell_host_redfish_result - retries: 6 # 1 minute (10 * 6) - delay: 10 # Every 10 seconds - rescue: - - name: Attempt to add all hosts that are part of the Dell group failed - debug: - msg: 'Adding hosts to dynamic Dell group failed or redfish_inspection was set to false. All inventory systems will use IPMI.' - tags: validation - -- name: Adding hosts to to their dynamic HP inventory group - block: - - name: Add all the hosts that are HP to a group - add_host: - groups: hp_hosts_redfish - hostname: "{{ chassis_result.results[item|int].item }}" - with_sequence: start=0 end="{{ numworkers|int + nummasters|int - 1 }}" - when: - - not chassis_result.results[{{ item }}].failed|bool - - not firmware_result.results[{{ item }}].failed|bool - - "'HPE' in chassis_result.results[{{ item }}].redfish_facts.chassis.entries[0].Manufacturer" - register: hp_host_redfish_result - retries: 6 # 1 minute (10 * 6) - delay: 10 # Every 10 seconds - rescue: - - name: Attempt to add all hosts that are part of the HP group failed - debug: - msg: 'Adding hosts to dynamic HP group failed or redfish_inspection was set to false. All inventory systems will use IPMI.' - tags: validation - -- name: Fail when provisioningHostIP and bootstrapProvisioningIP are not set when virtualmedia option is enabled - fail: - msg: "provisioningHostIP must be set when enable_virtualmedia is set" - when: - - enable_virtualmedia|bool - - provisioningHostIP is undefined - - release_version.split('.')[0]|int == 4 and release_version.split('.')[1]|int == 6 - tags: - - always - - validation - -- name: Fail when bootstrapProvisioningIP are not set when virtualmedia option is enabled - fail: - msg: "bootstrapProvisioningIP must be set when enable_virtualmedia is set" - when: - - enable_virtualmedia|bool - - bootstrapProvisioningIP is undefined - tags: - - always - - validation - -- name: Verify if master_network_config_template is defined and exists - stat: - path: "{{ master_network_config_template }}" - get_checksum: false - register: master_nm_template - delegate_to: localhost - when: master_network_config_template is defined - tags: - - always - - validation - -- name: Fail when master_network_config_template is defined but not exists - fail: - msg: "Variable master_network_config_template is defined but path does not exists" - when: - - master_network_config_template is defined - - not master_nm_template.stat.exists|bool - tags: - - always - - validation - -- name: Verify if worker_network_config_template is defined and exists - stat: - path: "{{ worker_network_config_template }}" - get_checksum: false - register: worker_nm_template - delegate_to: localhost - when: worker_network_config_template is defined - tags: - - always - - validation - -- name: Fail when worker_network_config_template is defined but not exists - fail: - msg: "Variable worker_network_config_template is defined but path does not exists" - when: - - worker_network_config_template is defined - - not worker_nm_template.stat.exists|bool - tags: - - always - - validation diff --git a/ansible-ipi-install/roles/node_prep/tasks/15_validation_disconnected_registry.yml b/ansible-ipi-install/roles/node_prep/tasks/15_validation_disconnected_registry.yml deleted file mode 100644 index 1d56d29c5e..0000000000 --- a/ansible-ipi-install/roles/node_prep/tasks/15_validation_disconnected_registry.yml +++ /dev/null @@ -1,84 +0,0 @@ ---- - -- name: Set fact disconnected_registry_auths_file - set_fact: - disconnected_registry_auths_file: "{{ hostvars[groups['registry_host'][0]]['disconnected_registry_auths_file'] }}" - when: - - hostvars[groups['registry_host'][0]]['disconnected_registry_auths_file'] is defined - tags: - - create_registry - -- name: Set fact disconnected_registry_mirrors_file - set_fact: - disconnected_registry_mirrors_file: "{{ hostvars[groups['registry_host'][0]]['disconnected_registry_mirrors_file'] }}" - when: - - hostvars[groups['registry_host'][0]]['disconnected_registry_mirrors_file'] is defined - tags: - - create_registry - -- name: Set fact registry_port - set_fact: - registry_port: "{{ hostvars[groups['registry_host'][0]]['registry_port'] }}" - when: - - hostvars[groups['registry_host'][0]]['registry_port'] is defined - tags: - - create_registry - -- name: Set fact disconnected_registry_mirrors_file - set_fact: - registry_dir: "{{ hostvars[groups['registry_host'][0]]['registry_dir'] }}" - when: - - hostvars[groups['registry_host'][0]]['registry_dir'] is defined - tags: - - create_registry - -- name: Check if disconnected_registry_auths_file is set - set_fact: - dra_set: true - when: - - disconnected_registry_auths_file is defined - - disconnected_registry_auths_file is not none - tags: - - create_registry - - disconnected_registry_auths_file | trim != '' - -- name: Check if disconnected_registry_mirrors_file is set - set_fact: - drm_set: true - when: - - disconnected_registry_mirrors_file is defined - - disconnected_registry_mirrors_file is not none - - disconnected_registry_mirrors_file | trim != '' - tags: - - create_registry - -- name: Make sure disconnected_registry_variables are sane - fail: - msg: - - "Both variables must be set or unset." - - " disconnected_registry_auths_file" - - " disconnected_registry_mirrors_file" - when: - not ( dra_set and drm_set ) - and not ( not dra_set and not drm_set ) - tags: - - create_registry - - -- name: Check if using existing disconnected registry. - set_fact: - disconnected_registry: existing - when: - - dra_set - - drm_set - tags: - - create_registry - -- name: Check if creating a new disconnected registry. - set_fact: - disconnected_registry: create - when: - - not dra_set - - not drm_set - tags: - - create_registry diff --git a/ansible-ipi-install/roles/node_prep/tasks/20_sub_man_register.yml b/ansible-ipi-install/roles/node_prep/tasks/20_sub_man_register.yml deleted file mode 100644 index 4e8d2fa327..0000000000 --- a/ansible-ipi-install/roles/node_prep/tasks/20_sub_man_register.yml +++ /dev/null @@ -1,14 +0,0 @@ ---- -- name: Register host via Activation key - redhat_subscription: - activationkey: "{{ activation_key }}" - org_id: "{{ org_id }}" - state: present - pool: '^(Red Hat Enterprise Linux Server, Standard (8 sockets) (Unlimited guests))$' - force_register: true - ignore_errors: true - become: true - when: - - activation_key != "" - - org_id != "" - tags: subscription diff --git a/ansible-ipi-install/roles/node_prep/tasks/30_req_packages.yml b/ansible-ipi-install/roles/node_prep/tasks/30_req_packages.yml deleted file mode 100644 index f6b23e4c53..0000000000 --- a/ansible-ipi-install/roles/node_prep/tasks/30_req_packages.yml +++ /dev/null @@ -1,16 +0,0 @@ ---- -- name: Install packages - block: - - name: Create list of packages to be installed - set_fact: - package_list: "{{ package_list + cache_package_list }}" - when: cache_enabled|bool - - - name: Install required packages - yum: - name: "{{ package_list }}" - state: present - update_cache: true - disable_gpg_check: true - become: true - tags: packages diff --git a/ansible-ipi-install/roles/node_prep/tasks/40_bridge.yml b/ansible-ipi-install/roles/node_prep/tasks/40_bridge.yml deleted file mode 100644 index 46ec2f8e92..0000000000 --- a/ansible-ipi-install/roles/node_prep/tasks/40_bridge.yml +++ /dev/null @@ -1,168 +0,0 @@ ---- -- name: Setup Bridge Creation - block: - - name: Get the provision connection name - shell: | - nmcli device show {{ prov_nic }} | grep GENERAL.CONNECTION | awk '{sub(/[^ ]+[ ]+/,"")}1' - register: prov_con_name - when: - - not enable_virtualmedia|bool - - - name: Get the public connection name - shell: | - nmcli device show {{ pub_nic }} | grep GENERAL.CONNECTION | awk '{sub(/[^ ]+[ ]+/,"")}1' - register: pub_con_name - - - name: Disconnect provisioning bridge connection - command: | - nmcli dev dis "{{ provisioning_bridge }}" - ignore_errors: true - when: - - not enable_virtualmedia|bool - - - name: Delete {{ prov_con_name.stdout }} due to modify nmcli bug - nmcli: - conn_name: "{{ prov_con_name.stdout }}" - type: ethernet - state: absent - when: - - not enable_virtualmedia|bool - - prov_con_name.stdout != '--' - - - name: Delete {{ prov_nic }} due to modify nmcli bug - nmcli: - conn_name: "{{ item }}" - type: ethernet - state: absent - with_items: - - "{{ prov_nic }}" - - "System {{ prov_nic }}" - when: - - not enable_virtualmedia|bool - - prov_con_name.stdout != '--' - - - name: Delete provisioning bridge if it exists - nmcli: - conn_name: "{{ provisioning_bridge }}" - state: absent - when: - - not enable_virtualmedia|bool - - - name: set provisioning network fact - set_fact: - prov_bridge_ip: "{{ prov_network | next_nth_usable(1) }}/{{ prov_network | ipaddr('prefix') }}" - when: - - prov_network is defined and prov_network - - - name: Create Bridge labeled provisioning bridge ipv4 - nmcli: - conn_name: "{{ provisioning_bridge }}" - type: bridge - ifname: "{{ provisioning_bridge }}" - autoconnect: true - ip4_method: manual - ip6_method: disabled - stp: false - ip4: "{{ prov_bridge_ip | default('172.22.0.1/21') }}" - state: present - when: (not enable_virtualmedia) and - ((ipv4_provisioning|bool) or (not ipv6_enabled|bool) or - ((release_version.split('.')[0]|int == 4) and (release_version.split('.')[1]|int == 3))) - - - name: Create Bridge slave on provisioning nic ipv4 - nmcli: - conn_name: "{{ prov_nic }}" - type: bridge-slave - hairpin: false - ifname: "{{ prov_nic }}" - master: "{{ provisioning_bridge }}" - autoconnect: true - state: present - when: (not enable_virtualmedia) and - ((ipv4_provisioning|bool) or (not ipv6_enabled|bool) or - ((release_version.split('.')[0]|int == 4) and (release_version.split('.')[1]|int == 3))) - - - name: Create Bridge labeled provisioning bridge ipv6 - nmcli: - conn_name: "{{ provisioning_bridge }}" - type: bridge - ifname: "{{ provisioning_bridge }}" - autoconnect: true - stp: false - ip6: fd00:1101::1/64 - state: present - ip4_method: disabled - ip6_method: manual - when: - - not enable_virtualmedia|bool - - ipv6_enabled|bool - - release_version.split('.')[0]|int == 4 and release_version.split('.')[1]|int > 3 or - release_version.split('.')[0]|int > 4 - - not ipv4_provisioning|bool - - - name: Create Bridge slave on provisioning nic ipv6 - nmcli: - conn_name: "{{ prov_nic }}" - type: bridge-slave - hairpin: false - ifname: "{{ prov_nic }}" - master: "{{ provisioning_bridge }}" - autoconnect: true - state: present - when: - - not enable_virtualmedia|bool - - ipv6_enabled|bool - - release_version.split('.')[0]|int == 4 and release_version.split('.')[1]|int > 3 or - release_version.split('.')[0]|int > 4 - - not ipv4_provisioning|bool - - - name: Create Bridge labeled {{ baremetal_bridge }} for ipv4 - nmcli: - conn_name: "{{ baremetal_bridge }}" - type: bridge - ifname: "{{ baremetal_bridge }}" - autoconnect: true - stp: false - state: present - when: (not ipv6_enabled|bool) or - (ipv4_baremetal|bool) - - - name: Create Bridge labeled {{ baremetal_bridge }} for ipv6/dual-stack - nmcli: - conn_name: "{{ baremetal_bridge }}" - type: bridge - ifname: "{{ baremetal_bridge }}" - autoconnect: true - stp: false - state: present - ip6_dhcp_duid: ll - when: ipv6_enabled|bool and not ipv4_baremetal|bool - - - name: Create Bridge slave on {{ pub_nic }} - nmcli: - conn_name: "{{ pub_con_name.stdout }}" - type: bridge-slave - hairpin: false - id: "{{ pub_nic }}" - ifname: "{{ pub_nic }}" - master: "{{ baremetal_bridge }}" - autoconnect: true - state: present - - - name: Reload {{ baremetal_bridge }} bridge and slave interfaces - shell: | - /usr/bin/nmcli con reload {{ item }}; /usr/bin/nmcli con up {{ item }} - with_items: - - "{{ baremetal_bridge }}" - - "{{ pub_nic }}" - - - name: Reload provisioning bridge and slave interfaces - shell: | - /usr/bin/nmcli con reload {{ item }}; /usr/bin/nmcli con up {{ item }} - with_items: - - "{{ provisioning_bridge }}" - - "{{ prov_nic }}" - when: - - not enable_virtualmedia|bool - become: true - tags: network diff --git a/ansible-ipi-install/roles/node_prep/tasks/45_networking_facts.yml b/ansible-ipi-install/roles/node_prep/tasks/45_networking_facts.yml deleted file mode 100644 index 36a83dd590..0000000000 --- a/ansible-ipi-install/roles/node_prep/tasks/45_networking_facts.yml +++ /dev/null @@ -1,71 +0,0 @@ ---- -- name: Regather Network Facts - setup: - gather_subset: - - network - tags: - - network_facts - -- name: Set External Subnet with IPv4 - set_fact: - extcidrnet: "{{ ip | ipaddr('network') }}/{{ ip | ipaddr('prefix') }}" - vars: - ip: "{{ ansible_default_ipv4.address }}/{{ ansible_default_ipv4.netmask }}" - when: - - (extcidrnet is not defined or extcidrnet|length < 1) - - not ipv6_enabled|bool or - ipv4_baremetal|bool - tags: - - network_facts - -- name: Set External Subnet with IPv6 - set_fact: - extcidrnet: "{{ ip | ipaddr('network') }}/{{ ip | ipaddr('prefix') }}" - vars: - ip: "{{ ansible_default_ipv6.address }}/64" - when: - - (extcidrnet is not defined or extcidrnet|length < 1) - - ipv6_enabled|bool - - not ipv4_baremetal|bool - tags: - - network_facts - -- name: set provisioning subnet with IPV4 - set_fact: - provisioning_subnet: "{{ ip | ipaddr('network') }}/{{ ip | ipaddr('prefix') }}" - vars: - ip: "{{ ansible_facts[provisioning_bridge]['ipv4']['address'] }}/{{ ansible_facts[provisioning_bridge]['ipv4']['netmask'] }}" - when: (not enable_virtualmedia) and - ((ipv4_provisioning|bool) or (not ipv6_enabled|bool) or - ((release_version.split('.')[0]|int == 4) and (release_version.split('.')[1]|int == 3))) - tags: - - network_facts - -- name: set provisioning subnet with IPV6 - set_fact: - provisioning_subnet: "{{ ip | ipaddr('network') }}/{{ ip | ipaddr('prefix') }}" - vars: - ip: "{{ ansible_facts[provisioning_bridge]['ipv6'][0]['address'] }}/{{ ansible_facts[provisioning_bridge]['ipv6'][0]['prefix'] }}" - when: - - not enable_virtualmedia|bool - - ipv6_enabled|bool - - not ipv4_provisioning|bool - - release_version.split('.')[0]|int == 4 and release_version.split('.')[1]|int > 3 or - release_version.split('.')[0]|int > 4 - tags: - - network_facts - -- name: Show external subnet - debug: - msg: "external subnet {{ extcidrnet }}" - verbosity: 2 - tags: - - network_facts - -- name: Show provisioning subnet - debug: - msg: "provisioning subnet {{ provisioning_subnet }}" - verbosity: 2 - when: provisioning_subnet is defined - tags: - - network_facts diff --git a/ansible-ipi-install/roles/node_prep/tasks/50_modify_sudo_user.yml b/ansible-ipi-install/roles/node_prep/tasks/50_modify_sudo_user.yml deleted file mode 100644 index 5e8ba6dc81..0000000000 --- a/ansible-ipi-install/roles/node_prep/tasks/50_modify_sudo_user.yml +++ /dev/null @@ -1,10 +0,0 @@ ---- -- name: Add "{{ ansible_user }}" user to libvirt group and get ssh key setup - user: - name: "{{ ansible_user }}" - groups: libvirt - append: true - state: present - generate_ssh_key: true - become: true - tags: user diff --git a/ansible-ipi-install/roles/node_prep/tasks/60_enabled_services.yml b/ansible-ipi-install/roles/node_prep/tasks/60_enabled_services.yml deleted file mode 100644 index 3023bcd362..0000000000 --- a/ansible-ipi-install/roles/node_prep/tasks/60_enabled_services.yml +++ /dev/null @@ -1,32 +0,0 @@ ---- -- name: Enable and restart Services - service: - name: "{{ item }}" - state: restarted - enabled: true - become: true - with_items: - - libvirtd - tags: services - -- name: Enable Services (iptables) - service: - name: "{{ item }}" - state: restarted - enabled: true - become: true - with_items: - - "{{ firewall }}" - tags: services - when: firewall == "iptables" - -- name: Enable Services (firewalld) - service: - name: "{{ item }}" - state: started - enabled: true - become: true - with_items: - - "{{ firewall }}" - tags: services - when: firewall != "iptables" diff --git a/ansible-ipi-install/roles/node_prep/tasks/70_enabled_fw_services.yml b/ansible-ipi-install/roles/node_prep/tasks/70_enabled_fw_services.yml deleted file mode 100644 index 8436f4d06b..0000000000 --- a/ansible-ipi-install/roles/node_prep/tasks/70_enabled_fw_services.yml +++ /dev/null @@ -1,55 +0,0 @@ ---- -- name: Configure firewalld - block: - - name: Enable HTTP for firewalld - firewalld: - service: http - permanent: true - state: enabled - immediate: true - become: true - - - name: Open port {{ webserver_caching_port }}/tcp, zone public, for cache for firewalld - firewalld: - port: "{{ webserver_caching_port }}/tcp" - permanent: true - state: enabled - zone: "public" - immediate: true - become: true - when: cache_enabled|bool - when: firewall != "iptables" - tags: firewall - -- name: Configure iptables - block: - - name: Enable HTTP for iptables - iptables: - chain: INPUT - protocol: tcp - destination_port: "80" - jump: ACCEPT - become: true - - - name: Open port {{ webserver_caching_port }}/tcp for cache for iptables - iptables: - chain: INPUT - protocol: tcp - destination_port: "{{ webserver_caching_port }}" - jump: ACCEPT - become: true - when: cache_enabled|bool - - - name: Allow related and established connections for iptables - iptables: - chain: INPUT - ctstate: ESTABLISHED,RELATED - jump: ACCEPT - become: true - - - name: Save iptables configuration - shell: | - /usr/sbin/iptables-save > /etc/sysconfig/iptables - become: true - when: firewall == "iptables" - tags: firewall diff --git a/ansible-ipi-install/roles/node_prep/tasks/80_libvirt_pool.yml b/ansible-ipi-install/roles/node_prep/tasks/80_libvirt_pool.yml deleted file mode 100644 index 1e10a554fc..0000000000 --- a/ansible-ipi-install/roles/node_prep/tasks/80_libvirt_pool.yml +++ /dev/null @@ -1,20 +0,0 @@ ---- -- name: Define, Start, Autostart Storage Pool - block: - - name: Define Storage Pool for default - virt_pool: - command: define - name: default - xml: '{{ lookup("template", "dir.xml.j2") }}' - - - name: Start Storage Pool for default - virt_pool: - state: active - name: default - - - name: Autostart Storage Pool for default - virt_pool: - autostart: true - name: default - become: true - tags: storagepool diff --git a/ansible-ipi-install/roles/node_prep/tasks/90_create_config_install_dirs.yml b/ansible-ipi-install/roles/node_prep/tasks/90_create_config_install_dirs.yml deleted file mode 100644 index 60d9ae0965..0000000000 --- a/ansible-ipi-install/roles/node_prep/tasks/90_create_config_install_dirs.yml +++ /dev/null @@ -1,20 +0,0 @@ ---- -- name: Setup clusterconfigs dir - block: - - name: Clear config dir (if any, in case this is a re-run) - file: - path: "{{ item }}" - state: absent - with_items: - - "{{ dir }}" - - - name: Create config dir - file: - path: "{{ item }}" - state: directory - owner: "{{ ansible_user }}" - group: "{{ ansible_user }}" - mode: '0755' - with_items: - - "{{ dir }}" - tags: clusterconfigs diff --git a/ansible-ipi-install/roles/node_prep/tasks/main.yml b/ansible-ipi-install/roles/node_prep/tasks/main.yml deleted file mode 100644 index 8c060c0b3e..0000000000 --- a/ansible-ipi-install/roles/node_prep/tasks/main.yml +++ /dev/null @@ -1,34 +0,0 @@ ---- -- include_tasks: 10_validation.yml - tags: - - validation - - create_registry - -- include_tasks: 15_validation_disconnected_registry.yml - when: - - "'registry_host' in groups" - - "groups['registry_host']" - tags: - - disconnected - - create_registry - -- include_tasks: 20_sub_man_register.yml - tags: subscription -- include_tasks: 30_req_packages.yml - tags: packages -- include_tasks: 40_bridge.yml - tags: - - network -- include_tasks: 45_networking_facts.yml - tags: - - network_facts -- include_tasks: 50_modify_sudo_user.yml - tags: user -- include_tasks: 60_enabled_services.yml - tags: services -- include_tasks: 70_enabled_fw_services.yml - tags: firewall -- include_tasks: 80_libvirt_pool.yml - tags: storagepool -- include_tasks: 90_create_config_install_dirs.yml - tags: clusterconfigs diff --git a/ansible-ipi-install/roles/node_prep/templates/dir.xml.j2 b/ansible-ipi-install/roles/node_prep/templates/dir.xml.j2 deleted file mode 100644 index aa9f6a95ce..0000000000 --- a/ansible-ipi-install/roles/node_prep/templates/dir.xml.j2 +++ /dev/null @@ -1,6 +0,0 @@ - - default - - /var/lib/libvirt/images - - diff --git a/ansible-ipi-install/roles/node_prep/tests/inventory b/ansible-ipi-install/roles/node_prep/tests/inventory deleted file mode 100644 index 2fbb50c4a8..0000000000 --- a/ansible-ipi-install/roles/node_prep/tests/inventory +++ /dev/null @@ -1 +0,0 @@ -localhost diff --git a/ansible-ipi-install/roles/node_prep/tests/test.yml b/ansible-ipi-install/roles/node_prep/tests/test.yml deleted file mode 100644 index a7d87c057d..0000000000 --- a/ansible-ipi-install/roles/node_prep/tests/test.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -- hosts: localhost - remote_user: root - roles: - - node_prep diff --git a/ansible-ipi-install/roles/node_prep/vars/main.yml b/ansible-ipi-install/roles/node_prep/vars/main.yml deleted file mode 100644 index 06df85ae98..0000000000 --- a/ansible-ipi-install/roles/node_prep/vars/main.yml +++ /dev/null @@ -1,46 +0,0 @@ ---- -# vars file for node_prep -# the ternary states if provision host has no online access -# just verify the python3-crypto, python3-pyghmi packages are present -# otherwise attempt to install them from trunk.rdoproject.org -package_list: - - "{{ firewall }}" - - tar - - libvirt - - qemu-kvm - - python3-devel - - jq - - ipmitool - - python3-libvirt - - python3-lxml - - python3-yaml - - NetworkManager-libnm - - nm-connection-editor - - libsemanage-python3 - - policycoreutils-python3 - - "{{ (check_url.status == -1) | ternary('python3-crypto','https://trunk.rdoproject.org/rhel8-master/deps/latest/Packages/python3-crypto-2.6.1-18.el8ost.x86_64.rpm') }}" - - "{{ (check_url.status == -1) | ternary('python3-pyghmi','https://trunk.rdoproject.org/rhel8-master/deps/latest/Packages/python3-pyghmi-1.0.22-2.el8ost.noarch.rpm') }}" - -cache_package_list: - - podman - -qtype: "{{ ((ipv6_enabled|bool and (ipv4_baremetal|bool or dualstack_baremetal)) or (not ipv6_enabled|bool)) | ternary('qtype=A', 'qtype=AAAA') }}" - - -# Temporary state variables for disconnected registry -drm_set: false -dra_set: false -registry_host_exists: false - -roothint_list: - - deviceName - - hctl - - model - - vendor - - serialNumber - - minSizeGigabytes - - wwn - - wwnWithExtension - - wwnVendorExtension - - rotational - - '' diff --git a/documentation/ansible-playbook/modules/ansible-playbook-git-clone.adoc b/documentation/ansible-playbook/modules/ansible-playbook-git-clone.adoc index 966d78509e..a9a2e5bdc4 100644 --- a/documentation/ansible-playbook/modules/ansible-playbook-git-clone.adoc +++ b/documentation/ansible-playbook/modules/ansible-playbook-git-clone.adoc @@ -11,11 +11,9 @@ NOTE: This should be done on a system that can access the provision host + [source,bash] ---- -[user@laptop ~]$ git clone --recursive https://github.com/openshift-kni/baremetal-deploy.git +[user@laptop ~]$ git clone https://github.com/openshift-kni/baremetal-deploy.git ---- + -NOTE: Ensure `git` is installed on your localhost and that `--recursive` is used to initialize the git submodules. -+ . Change to the `ansible-ipi-install` directory + [source,bash] diff --git a/documentation/ansible-playbook/modules/ansible-playbook-install-collections.adoc b/documentation/ansible-playbook/modules/ansible-playbook-install-collections.adoc new file mode 100644 index 0000000000..7407e859bd --- /dev/null +++ b/documentation/ansible-playbook/modules/ansible-playbook-install-collections.adoc @@ -0,0 +1,11 @@ +[id="ansible-playbook-install-collections"] + += Install the required Ansible collections + +The Ansible playbook makes use of different collections defined in the `requirements.yml` file. Two of the main roles come from the https://github.com/redhatci/ansible-collection-redhatci-ocp[`redhatci.ocp`] collection. + +. Install required collections +[source,bash] +---- +[user@laptop ~]$ ansible-galaxy collection install -r requirements.yml +---- diff --git a/documentation/ansible-playbook/modules/ansible-playbook-running-the-ansible-playbook.adoc b/documentation/ansible-playbook/modules/ansible-playbook-running-the-ansible-playbook.adoc index 5297de9cfe..650f8e2ea3 100644 --- a/documentation/ansible-playbook/modules/ansible-playbook-running-the-ansible-playbook.adoc +++ b/documentation/ansible-playbook/modules/ansible-playbook-running-the-ansible-playbook.adoc @@ -5,6 +5,7 @@ The following are the steps to successfully run the Ansible playbook. include::ansible-playbook-git-clone.adoc[leveloffset=+1] +include::ansible-playbook-install-collections.adoc[leveloffset=+1] include::ansible-playbook-ansiblecfg-file.adoc[leveloffset=+1] include::ansible-playbook-ansible-version.adoc[leveloffset=+1] include::ansible-playbook-ssh-key.adoc[leveloffset=+1] diff --git a/documentation/ansible-playbook/modules/ansible-playbook-the-ansible-playbook.adoc b/documentation/ansible-playbook/modules/ansible-playbook-the-ansible-playbook.adoc index c8de1137b7..7617766985 100644 --- a/documentation/ansible-playbook/modules/ansible-playbook-the-ansible-playbook.adoc +++ b/documentation/ansible-playbook/modules/ansible-playbook-the-ansible-playbook.adoc @@ -4,7 +4,8 @@ The Ansible playbook connects to your provision host and -runs through the `node_prep` role and the `installer` role. +runs through the `redhatci.ocp.node_prep` role and the +`redhatci.ocp.installer` role. No modification is necessary. All modifications of variables may be done within the `inventory/hosts` file. A sample file is located in this repository under `inventory/hosts.sample`. @@ -16,6 +17,8 @@ From the system that is to run the playbook, --- - name: IPI on Baremetal Installation Playbook hosts: provisioner + collections: + - redhatci.ocp roles: - node_prep - installer diff --git a/documentation/ansible-playbook/modules/ansible-playbook-tour-of-the-ansible-playbook.adoc b/documentation/ansible-playbook/modules/ansible-playbook-tour-of-the-ansible-playbook.adoc index 2e9e4ece7b..d7ea61492f 100644 --- a/documentation/ansible-playbook/modules/ansible-playbook-tour-of-the-ansible-playbook.adoc +++ b/documentation/ansible-playbook/modules/ansible-playbook-tour-of-the-ansible-playbook.adoc @@ -5,7 +5,8 @@ * `inventory` - contains the file `hosts.sample` that: ** contains all the modifiable variables, their default values, and their definition. Some variables are empty ensuring users give an explicit value. ** the setting up of your provision node, master nodes, and worker nodes. Each section will require additional details (i.e. Management credentials). -* `roles` - contains two roles: `node_prep` and `installer`. `node_prep` handles all the prerequisites that the provisioner node requires prior to running the installer. The `installer` role handles extracting the installer, setting up the manifests, and running the Red Hat OpenShift installation. +* `requirements` - contains the list of collections required by the playbook. +** The collections include two roles: `redhatci.ocp.node_prep` and `redhatci.ocp.installer`. `redhatci.ocp.node_prep` handles all the prerequisites that the provisioner node requires prior to running the installer. The `redhatci.ocp.installer` role handles extracting the installer, setting up the manifests, and running the Red Hat OpenShift installation. The tree structure is shown below: @@ -15,83 +16,5 @@ The tree structure is shown below: ├── inventory │ └── hosts.sample ├── playbook.yml -└── roles - ├── installer - │ ├── defaults - │ │ └── main.yml - │ ├── files - │ │ ├── customize_filesystem - │ │ │ ├── master - │ │ │ └── worker -> master - │ │ ├── filetranspile-1.1.1.py - │ │ ├── ipv6-dual-stack-no-upgrade.yml - │ │ ├── manifests - │ │ └── openshift - │ ├── handlers - │ │ └── main.yml - │ ├── library - │ │ └── virt.py - │ ├── meta - │ │ └── main.yml - │ ├── tasks - │ │ ├── 10_get_oc.yml - │ │ ├── 15_disconnected_registry_create.yml - │ │ ├── 15_disconnected_registry_existing.yml - │ │ ├── 20_extract_installer.yml - │ │ ├── 23_rhcos_image_paths.yml - │ │ ├── 24_rhcos_image_cache.yml - │ │ ├── 25_create-install-config.yml - │ │ ├── 30_create_metal3.yml - │ │ ├── 40_create_manifest.yml - │ │ ├── 50_extramanifests.yml - │ │ ├── 55_customize_filesystem.yml - │ │ ├── 59_cleanup_bootstrap.yml - │ │ ├── 60_deploy_ocp.yml - │ │ ├── 70_cleanup_sub_man_registeration.yml - │ │ └── main.yml - │ ├── templates - │ │ ├── chrony.conf.j2 - │ │ ├── etc-chrony.conf.j2 - │ │ ├── httpd_conf.j2 - │ │ ├── install-config-appends.j2 - │ │ ├── install-config.j2 - │ │ ├── install-config-virtualmedia.j2 - │ │ ├── magic.j2 - │ │ └── metal3-config.j2 - │ ├── tests - │ │ ├── inventory - │ │ └── test.yml - │ └── vars - │ └── main.yml - └── node_prep - ├── defaults - │ └── main.yml - ├── handlers - │ └── main.yml - ├── library - │ └── nmcli.py - ├── meta - │ └── main.yml - ├── tasks - │ ├── 100_power_off_cluster_servers.yml - │ ├── 10_validation.yml - │ ├── 15_validation_disconnected_registry.yml - │ ├── 20_sub_man_register.yml - │ ├── 30_req_packages.yml - │ ├── 40_bridge.yml - │ ├── 45_networking_facts.yml - │ ├── 50_modify_sudo_user.yml - │ ├── 60_enabled_services.yml - │ ├── 70_enabled_fw_services.yml - │ ├── 80_libvirt_pool.yml - │ ├── 90_create_config_install_dirs.yml - │ └── main.yml - ├── templates - │ └── dir.xml.j2 - ├── tests - │ ├── inventory - │ └── test.yml - └── vars - └── main.yml - +└── requirements.yml ---- From 475178549c894c07e980242cfbe60f9a73372845 Mon Sep 17 00:00:00 2001 From: Murali Krishnasamy Date: Tue, 5 Mar 2024 15:03:09 -0500 Subject: [PATCH 85/97] updated playbook to use collections --- README.md | 83 ++----------------- ansible-ipi-install/playbook-jetski.yml | 4 +- .../roles/shared-labs-prep/library/nmcli.py | 1 - 3 files changed, 9 insertions(+), 79 deletions(-) delete mode 120000 ansible-ipi-install/roles/shared-labs-prep/library/nmcli.py diff --git a/README.md b/README.md index 6969fd5a9b..37526cb914 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,6 @@ +# MESSAGE +This repository is used by limited team who does IPI based installations, for other generic deployment [jetlag](https://github.com/redhat-performance/jetlag) is recommended. + ## JetSki JetSki inherits roles from [upstream](https://github.com/openshift-kni/baremetal-deploy) and aims to provide a consistent, seamless OpenShift installation experience on bare metal in Red Hat's Shared Labs. @@ -44,6 +47,7 @@ The playbook is intended to be run from outside the cluster of machines you wish * Python 3.6+ * Fedora/CentOS/RHEL (preferably Fedora 30+) * Passwordless sudo for user running the playbook on the ansible control node (host where the playbooks are being run from), since certain package installs are done +* Install ansible collection `ansible-galaxy collection install -r requirements.yml` on your local machine Passwordless sudo can be setup as below: ``` @@ -84,7 +88,8 @@ The `ansible-ipi-install` directory consists of three main sub-directories in a - `group_vars` - Contains the `all.yml` which holds the bare minimum variables needed for install - `inventory` - contains the file `jetski/hosts` that has advanced variables for customized installation -- `roles` - contains 11 roles: `bootstrap`, `prepare-kni`, `add-provisioner`, `network-discovery`, `set-deployment-facts`, `shared-labs-prep`,`node-prep` `installer`, `scale-bootstrap`, `scale-node-prep` and `scale-worker`. `node-prep` handles all the prerequisites that the provisioner node requires prior to running the installer. The `installer` role handles extracting the installer, setting up the manifests, and running the Red Hat OpenShift installation. +- `roles` - contains 9 roles: `bootstrap`, `prepare-kni`, `add-provisioner`, `network-discovery`, `set-deployment-facts`, `shared-labs-prep`,`node_prep` `installer`, `scale-bootstrap`, `scale-node-prep` and `scale-worker`. +- downloads 2 roles from the collectoins `redhatci.ocp` - `node_prep` and `installer`, `node_prep` handles all the prerequisites that the provisioner node requires prior to running the installer. The `installer` role handles extracting the installer, setting up the manifests, and running the Red Hat OpenShift installation. The purpose served by each role can be summarized as follows: * `bootstrap` - This role does a **lot** of heavy lifting for seamless deployment in the shared labs. On a high level, this role is responsible for installing needed packages on the `jumphost`, obtaining the list of nodes in your lab allocation dynamically, setting some variables required in inventory as ansible facts (like list of master nodes, worker nodes, mgmt interfaces), copying keys of the `jumphost` to the provisioner, rebuilding the provisioner if needed and finally adding the master and worker nodes to the in-memory dynamic inventory of ansible. This role runs on the `jumphost` aka `localhost`. @@ -93,7 +98,7 @@ The purpose served by each role can be summarized as follows: * `network-discovery` - Set several important variables for the inventory including the NICs and MACs to be used for the provisioning and baremetal networks. Some of the MAC details are obtained from an inventory automatically generated on the Lab Wiki which the network-discovery role uses to further set all variables needed for proper networking. This role runs on the provisioner host. * `set-deployment-facts` - This role is used to set some of the facts registered on the jumphost on to the provisioner host for use in future roles. This role runs on the provisioner host. * `shared-labs-prep` - Creates the BM bridge, powers on nodes, sets boot order etc. This role runs on the provisioner host. -* `node-prep` - Prepares the provisioner node for the OpenShift Installer by installing needed packages, creating necessary directories etc. This role runs on the provisioner host. +* `node_prep` - Prepares the provisioner node for the OpenShift Installer by installing needed packages, creating necessary directories etc. This role runs on the provisioner host. * `installer` - Actually drives the OpenShift Installer. This role runs on the provisioner host. Scale Up worker roles @@ -143,83 +148,9 @@ The tree structure is shown below: │   │   └── node_inv.j2 │   └── vars │   └── main.yml - ├── installer - │   ├── defaults - │   │   └── main.yml - │   ├── files - │   │   ├── customize_filesystem - │   │   │   ├── master - │   │   │   └── worker -> master - │   │   ├── filetranspile-1.1.1.py - │   │   └── manifests - │   ├── handlers - │   │   └── main.yml - │   ├── library - │   │   └── podman_container.py - │   ├── meta - │   │   └── main.yml - │   ├── tasks - │   │   ├── 10_get_oc.yml - │   │   ├── 15_disconnected_registry_create.yml - │   │   ├── 15_disconnected_registry_existing.yml - │   │   ├── 20_extract_installer.yml - │   │   ├── 23_rhcos_image_paths.yml - │   │   ├── 24_rhcos_image_cache.yml - │   │   ├── 25_create-install-config.yml - │   │   ├── 30_create_metal3.yml - │   │   ├── 40_create_manifest.yml - │   │   ├── 50_extramanifests.yml - │   │   ├── 55_customize_filesystem.yml - │   │   ├── 59_cleanup_bootstrap.yml - │   │   ├── 60_deploy_ocp.yml - │   │   ├── 70_cleanup_sub_man_registeration.yml - │   │   └── main.yml - │   ├── templates - │   │   ├── chrony.conf.j2 - │   │   ├── etc-chrony.conf.j2 - │   │   ├── httpd_conf.j2 - │   │   ├── install-config-appends.j2 - │   │   ├── install-config.j2 - │   │   ├── magic.j2 - │   │   └── metal3-config.j2 - │   ├── tests - │   │   ├── inventory - │   │   └── test.yml - │   └── vars - │   └── main.yml ├── network-discovery │   └── tasks │   └── main.yml - ├── node-prep - │   ├── defaults - │   │   └── main.yml - │   ├── handlers - │   │   └── main.yml - │   ├── library - │   │   └── nmcli.py - │   ├── meta - │   │   └── main.yml - │   ├── tasks - │   │   ├── 100_power_off_cluster_servers.yml - │   │   ├── 10_validation.yml - │   │   ├── 15_validation_disconnected_registry.yml - │   │   ├── 20_sub_man_register.yml - │   │   ├── 30_req_packages.yml - │   │   ├── 40_bridge.yml - │   │   ├── 45_networking_facts.yml - │   │   ├── 50_modify_sudo_user.yml - │   │   ├── 60_enabled_services.yml - │   │   ├── 70_enabled_fw_services.yml - │   │   ├── 80_libvirt_pool.yml - │   │   ├── 90_create_config_install_dirs.yml - │   │   └── main.yml - │   ├── templates - │   │   └── dir.xml.j2 - │   ├── tests - │   │   ├── inventory - │   │   └── test.yml - │   └── vars - │   └── main.yml ├── prepare-kni │   └── tasks │   └── main.yml diff --git a/ansible-ipi-install/playbook-jetski.yml b/ansible-ipi-install/playbook-jetski.yml index 0477e9a5b8..60481e1d93 100644 --- a/ansible-ipi-install/playbook-jetski.yml +++ b/ansible-ipi-install/playbook-jetski.yml @@ -17,8 +17,8 @@ - { role: set-deployment-facts } - { role: network-discovery } - { role: shared-labs-prep } - - { role: node-prep } - - { role: installer } + - { role: redhatci.ocp.node-prep } + - { role: redhatci.ocp.installer } - { role: post-install, when: post_install | bool } - { role: routable_api, when: routable_api | bool } post_tasks: diff --git a/ansible-ipi-install/roles/shared-labs-prep/library/nmcli.py b/ansible-ipi-install/roles/shared-labs-prep/library/nmcli.py deleted file mode 120000 index ea2c5eecb5..0000000000 --- a/ansible-ipi-install/roles/shared-labs-prep/library/nmcli.py +++ /dev/null @@ -1 +0,0 @@ -../../node-prep/library/nmcli.py \ No newline at end of file From a0eea80dfe524b84974ed0757fd24c7f7d61f52b Mon Sep 17 00:00:00 2001 From: Murali Krishnasamy Date: Mon, 11 Mar 2024 15:54:43 -0400 Subject: [PATCH 86/97] fixing playbook --- ansible-ipi-install/playbook-jetski.yml | 2 +- ansible-ipi-install/roles/bootstrap/defaults/main.yml | 2 +- ansible-ipi-install/roles/shared-labs-prep/tasks/main.yml | 4 ---- 3 files changed, 2 insertions(+), 6 deletions(-) diff --git a/ansible-ipi-install/playbook-jetski.yml b/ansible-ipi-install/playbook-jetski.yml index 60481e1d93..34ee8172a5 100644 --- a/ansible-ipi-install/playbook-jetski.yml +++ b/ansible-ipi-install/playbook-jetski.yml @@ -17,7 +17,7 @@ - { role: set-deployment-facts } - { role: network-discovery } - { role: shared-labs-prep } - - { role: redhatci.ocp.node-prep } + - { role: redhatci.ocp.node_prep } - { role: redhatci.ocp.installer } - { role: post-install, when: post_install | bool } - { role: routable_api, when: routable_api | bool } diff --git a/ansible-ipi-install/roles/bootstrap/defaults/main.yml b/ansible-ipi-install/roles/bootstrap/defaults/main.yml index bfb7aa3455..78b03088c3 100644 --- a/ansible-ipi-install/roles/bootstrap/defaults/main.yml +++ b/ansible-ipi-install/roles/bootstrap/defaults/main.yml @@ -1,5 +1,5 @@ --- -rhel_required_version: 8.4 +rhel_required_version: 8.9 rhel_foreman_version: 8.2 dns_server: "{{ '10.11.5.19' if lab_name == 'scale' else '10.19.96.1' }}" alias: diff --git a/ansible-ipi-install/roles/shared-labs-prep/tasks/main.yml b/ansible-ipi-install/roles/shared-labs-prep/tasks/main.yml index 8074a1e1e9..70cf6e90fa 100644 --- a/ansible-ipi-install/roles/shared-labs-prep/tasks/main.yml +++ b/ansible-ipi-install/roles/shared-labs-prep/tasks/main.yml @@ -73,9 +73,7 @@ ifname: baremetal autoconnect: yes stp: off - ip4_method: manual ip4: "{{ extcidrnet | next_nth_usable(1) }}/{{ extcidrnet | ipaddr('prefix') }}" - ip6_method: disabled state: present become: yes when: not ipv6_enabled|bool or ipv4_baremetal|bool @@ -87,11 +85,9 @@ ifname: baremetal autoconnect: yes stp: off - ip4_method: manual ip4: "{{ extcidrnet | next_nth_usable(1) }}/{{ extcidrnet | ipaddr('prefix') }}" state: present ip6: "{{ extcidrnet6 | next_nth_usable(1) }}/{{ extcidrnet6 | ipaddr('prefix') }}" - ip6_method: manual become: yes when: ipv6_enabled|bool and dualstack_baremetal|bool From 7d40ad879aadef5e92661b9b3f392828a954e668 Mon Sep 17 00:00:00 2001 From: Murali Krishnasamy Date: Tue, 12 Mar 2024 11:24:35 -0400 Subject: [PATCH 87/97] reading collection path custom ign file --- .../roles/shared-labs-prep/tasks/main.yml | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/ansible-ipi-install/roles/shared-labs-prep/tasks/main.yml b/ansible-ipi-install/roles/shared-labs-prep/tasks/main.yml index 70cf6e90fa..b74001a9b5 100644 --- a/ansible-ipi-install/roles/shared-labs-prep/tasks/main.yml +++ b/ansible-ipi-install/roles/shared-labs-prep/tasks/main.yml @@ -113,7 +113,7 @@ become: yes - name: Set MTU - nmcli: + redhatci.ocp.nmcli: #setting MTU using upstream nmcli library is failing so using local module conn_name: "{{ pub_nic }}" type: ethernet mtu: "{{ 9000 if jumbo_mtu else 1500 }}" @@ -274,9 +274,20 @@ - name: Create Manifest folder block: + - name: "Check ansible collection path - redhatci.ocp" + community.general.ansible_galaxy_install: + type: collection + name: redhatci.ocp + register: out + + - set_fact: + collection_dir: "{{ item.key }}" + with_dict: "{{ out.installed_collections }}" + when: "item.value != {}" + - name: Set manifest directory path set_fact: - manifest_path: "{{ playbook_dir }}/roles/installer/files/openshift/" + manifest_path: "{{ collection_dir }}/redhatci/ocp/roles/installer/files/openshift/" - name: Clean up any existing manifest content file: From f858dc06b35a70f4c4fa4fe31b568f12f6caf3f4 Mon Sep 17 00:00:00 2001 From: Murali Krishnasamy Date: Wed, 13 Mar 2024 13:54:54 -0400 Subject: [PATCH 88/97] r640 servers shift to rack f18 --- ansible-ipi-install/roles/bootstrap/defaults/main.yml | 2 +- ansible-ipi-install/roles/bootstrap/tasks/10_load_inv.yml | 6 +++--- ansible-ipi-install/roles/network-discovery/tasks/main.yml | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/ansible-ipi-install/roles/bootstrap/defaults/main.yml b/ansible-ipi-install/roles/bootstrap/defaults/main.yml index 78b03088c3..13093977c8 100644 --- a/ansible-ipi-install/roles/bootstrap/defaults/main.yml +++ b/ansible-ipi-install/roles/bootstrap/defaults/main.yml @@ -66,7 +66,7 @@ scale: r640: pub_nic: eno1np0 prov_nic: ens1f1 - prov_nic_f04: ens3f1 + prov_nic_f18: ens3f1 r650: pub_nic: eno12399np0 prov_nic: ens1f1 diff --git a/ansible-ipi-install/roles/bootstrap/tasks/10_load_inv.yml b/ansible-ipi-install/roles/bootstrap/tasks/10_load_inv.yml index 52bd1796b4..6d0c7188ad 100644 --- a/ansible-ipi-install/roles/bootstrap/tasks/10_load_inv.yml +++ b/ansible-ipi-install/roles/bootstrap/tasks/10_load_inv.yml @@ -348,12 +348,12 @@ with_items: - "{{master_fqdns }}" -- name: Fail on different rack(f04) +- name: Fail on different rack(f18) fail: - msg: If one of the master nodes is in rack f04, all of them need to be in the same rack + msg: If one of the master nodes is in rack f18, all of them need to be in the same rack when: - racks is defined - - "'f04' in racks" + - "'f18' in racks" - "racks | unique | length > 1" - name: Fail when worker nodes have R620s and R630s diff --git a/ansible-ipi-install/roles/network-discovery/tasks/main.yml b/ansible-ipi-install/roles/network-discovery/tasks/main.yml index bc8e3969d4..9a1e8aea7b 100644 --- a/ansible-ipi-install/roles/network-discovery/tasks/main.yml +++ b/ansible-ipi-install/roles/network-discovery/tasks/main.yml @@ -74,7 +74,7 @@ - block: - name: Set provisioning interface set_fact: - masters_prov_nic: "{{ lab_vars['machine_types'][item.0][item.1]['prov_nic_f04'] if 'r640' in master_fqdns[0].split('.')[0].split('-') and 'f04' in master_fqdns[0].split('.')[0].split('-') else lab_vars['machine_types'][item.0][item.1]['prov_nic'] }}" + masters_prov_nic: "{{ lab_vars['machine_types'][item.0][item.1]['prov_nic_f18'] if 'r640' in master_fqdns[0].split('.')[0].split('-') and 'f18' in master_fqdns[0].split('.')[0].split('-') else lab_vars['machine_types'][item.0][item.1]['prov_nic'] }}" with_together: - "{{ master_vendors }}" - "{{ master_types }}" From 2a2d0551ff9c0c5f94854b959b2f3785af5d7c49 Mon Sep 17 00:00:00 2001 From: Murali Krishnasamy Date: Thu, 14 Mar 2024 09:34:40 -0400 Subject: [PATCH 89/97] custom network config was not set --- ansible-ipi-install/roles/shared-labs-prep/tasks/main.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ansible-ipi-install/roles/shared-labs-prep/tasks/main.yml b/ansible-ipi-install/roles/shared-labs-prep/tasks/main.yml index b74001a9b5..94a4c0e57b 100644 --- a/ansible-ipi-install/roles/shared-labs-prep/tasks/main.yml +++ b/ansible-ipi-install/roles/shared-labs-prep/tasks/main.yml @@ -288,6 +288,8 @@ - name: Set manifest directory path set_fact: manifest_path: "{{ collection_dir }}/redhatci/ocp/roles/installer/files/openshift/" + customize_extramanifestsopenshift_path: "{{ collection_dir }}/redhatci/ocp/roles/installer/files/openshift/" + customize_extramanifests_path: "{{ collection_dir }}/redhatci/ocp/roles/installer/files/manifests/" - name: Clean up any existing manifest content file: From c4c26b91940ec0e4545b3ce9e67794b34d9f69f6 Mon Sep 17 00:00:00 2001 From: Murali Krishnasamy Date: Sat, 23 Mar 2024 12:47:49 -0400 Subject: [PATCH 90/97] fixed lab dns problem --- .../roles/bootstrap/defaults/main.yml | 33 +++++++++++++++-- .../bootstrap/tasks/55_add_ocp_masters.yml | 19 ++++++---- .../bootstrap/tasks/60_add_ocp_workers.yml | 19 ++++++---- .../roles/bootstrap/templates/node_inv.j2 | 14 ++++--- .../roles/shared-labs-prep/tasks/main.yml | 14 +++++++ .../templates/ocp4-lab.nmstate.conf.j2 | 37 +++++++++++++++++++ .../templates/ocp4-lab.udev-pubnics.rules.j2 | 2 +- 7 files changed, 115 insertions(+), 23 deletions(-) create mode 100644 ansible-ipi-install/roles/shared-labs-prep/templates/ocp4-lab.nmstate.conf.j2 diff --git a/ansible-ipi-install/roles/bootstrap/defaults/main.yml b/ansible-ipi-install/roles/bootstrap/defaults/main.yml index 13093977c8..58e419c726 100644 --- a/ansible-ipi-install/roles/bootstrap/defaults/main.yml +++ b/ansible-ipi-install/roles/bootstrap/defaults/main.yml @@ -30,43 +30,70 @@ scale: 1029p: pub_nic: eno1 prov_nic: ens2f1 + bm_nic: ens2f2 + bm_nic_2: ens2f3 1029u: pub_nic: eno1 + bm_nic: ens2f0 + bm_nic_2: ens2f1 6048r: pub_nic: eno1 prov_nic: ens4s0f1 + bm_nic: enp131s0f0 + bm_nic_2: enp131s0f1 5039ms: pub_nic: enp2s0f0 prov_nic: enp1s0f1 + bm_nic: enp2s0f1 6049p: pub_nic: ens5f0 prov_nic: ens3f1 + bm_nic: ens2f0 + bm_nic_2: ens2f0 6018r: pub_nic: eno1 prov_nic: enp4s0f1 + bm_nic: enp4s0f2 + bm_nic_2: enp4s0f3 dell: r620: pub_nic: eno3 prov_nic: enp66s0f3 + bm_nic: eno1 + bm_nic_2: eno2 r630: pub_nic: enp3s0f0 prov_nic: eno2 + bm_nic: eno3 + bm_nic_2: eno4 r730xd: pub_nic: em3 prov_nic: em2 - r720xd: - pub_nic: em3 - prov_nic: p4p2 + bm_nic: enp130s0f0 + bm_nic_2: enp130s0f1 + r750xd: + pub_nic: eno12399np0 + prov_nic: ens3f1 + bm_nic: ens6f0 + bm_nic_2: ens6f1 r930: pub_nic: em3 prov_nic: eno2 + bm_nic: enp10s0f0 + bm_nic_2: enp10s0f1 fc640: pub_nic: eno1 prov_nic: ens2f0 + bm_nic: ens2f1 + bm_nic_2: eth1 r640: pub_nic: eno1np0 prov_nic: ens1f1 + bm_nic: ens2f0np0 + bm_nic_2: eno2np1 prov_nic_f18: ens3f1 r650: pub_nic: eno12399np0 prov_nic: ens1f1 + bm_nic: ens2f0 + bm_nic_2: eno12409np1 \ No newline at end of file diff --git a/ansible-ipi-install/roles/bootstrap/tasks/55_add_ocp_masters.yml b/ansible-ipi-install/roles/bootstrap/tasks/55_add_ocp_masters.yml index 16017ff829..7c264dcf35 100644 --- a/ansible-ipi-install/roles/bootstrap/tasks/55_add_ocp_masters.yml +++ b/ansible-ipi-install/roles/bootstrap/tasks/55_add_ocp_masters.yml @@ -1,15 +1,20 @@ - name: add masters to inventory file add_host: - hostname: "master-{{ item }}" - name: master-{{ item }} + hostname: "master-{{ node_index }}" + name: master-{{ node_index }} groups: masters role: master - ipmi_user: "{{ lab_ipmi_user }}" - ipmi_password: "{{ lab_ipmi_password }}" - ipmi_address: "{{ master_mgmts[item | int] }}" + ipmi_user: "{{ node_item.pm_user }}" + ipmi_password: "{{ node_item.pm_password }}" + ipmi_address: "{{ node_item.pm_addr }}" ipmi_port: 623 - provision_mac: "{{ master_prov_macs[item | int] }}" + provision_mac: "{{ node_item.prov_mac }}" + provision_nic: "{{ node_item.prov_nic }}" + baremetal_nic: "{{ node_item.bm_nic }}" hardware_profile: "default" poweroff: true - with_sequence: start=0 end=2 + loop: "{{ deploying_master_nodes_content }}" + loop_control: + index_var: node_index + loop_var: node_item diff --git a/ansible-ipi-install/roles/bootstrap/tasks/60_add_ocp_workers.yml b/ansible-ipi-install/roles/bootstrap/tasks/60_add_ocp_workers.yml index 93eaad5aaa..a7d52f2c94 100644 --- a/ansible-ipi-install/roles/bootstrap/tasks/60_add_ocp_workers.yml +++ b/ansible-ipi-install/roles/bootstrap/tasks/60_add_ocp_workers.yml @@ -1,14 +1,19 @@ - name: add workers to inventory file add_host: - hostname: worker-{{ item }} - name: worker-{{ item }} + hostname: worker-{{ node_index }} + name: worker-{{ node_index }} groups: workers role: worker - ipmi_user: "{{ lab_ipmi_user }}" - ipmi_password: "{{ lab_ipmi_password }}" - ipmi_address: "{{ worker_mgmts[item | int] }}" + ipmi_user: "{{ node_item.pm_user }}" + ipmi_password: "{{ node_item.pm_password }}" + ipmi_address: "{{ node_item.pm_addr }}" ipmi_port: 623 - provision_mac: "{{ worker_prov_macs[item | int] }}" + provision_mac: "{{ node_item.prov_mac }}" + provision_nic: "{{ node_item.prov_nic }}" + baremetal_nic: "{{ node_item.bm_nic }}" hardware_profile: "unknown" poweroff: true - with_sequence: start=0 end={{ worker_mgmts | length - 1 if worker_mgmts|length > 0 }} + loop: "{{ deploying_worker_nodes_content }}" + loop_control: + index_var: node_index + loop_var: node_item \ No newline at end of file diff --git a/ansible-ipi-install/roles/bootstrap/templates/node_inv.j2 b/ansible-ipi-install/roles/bootstrap/templates/node_inv.j2 index f79b80dee8..54c7c360df 100644 --- a/ansible-ipi-install/roles/bootstrap/templates/node_inv.j2 +++ b/ansible-ipi-install/roles/bootstrap/templates/node_inv.j2 @@ -1,14 +1,18 @@ { "nodes": [ {% for key in ocp_node_content| json_query(query) -%} +{% set machine_type = key.pm_addr.split('.')[0].split('-')[4] if lab_name == 'scale' else key.pm_addr.split('.')[0].split('-')[3] -%} +{% if lab_name == 'scale' -%} +{% set vendor = 'supermicro' if machine_type in scale['machine_types']['supermicro'] else 'dell' -%} +{% else -%} +{% set vendor = 'supermicro' if machine_type in alias['machine_types']['supermicro'] else 'dell' -%} +{% endif %} { "ext_ip": "{{ extcidrnet | next_nth_usable(loop.index0 + 10 + ip_nth|default(0)|int) }}", "host_name": {% if node == 'worker' %}"worker{{ '%03d' % (loop.index0 + wrkr_index|default(0)|int) }}-{{ key.pm_addr.split('.')[0].split('-')[4] if lab_name == 'scale' else key.pm_addr.split('.')[0].split('-')[3] }}"{% else %}"master-{{ loop.index0 }}"{% endif %}, -{% if routable_api %} - "bm_mac": "{{ key.mac[-1] }}", -{% else %} - "bm_mac": "{{ key.mac[2] }}", -{% endif %} + "bm_mac": {% if routable_api %}"{{ key.mac[-1] }}"{% else %}"{{ key.mac[2] }}"{% endif %}, + "bm_nic": {% if routable_api %}"{{ scale['machine_types'][vendor][machine_type]['bm_nic_2'] if lab_name == 'scale' else alias['machine_types'][vendor][machine_type]['bm_nic_2'] }}"{% else %}"{{ scale['machine_types'][vendor][machine_type]['bm_nic'] if lab_name == 'scale' else alias['machine_types'][vendor][machine_type]['bm_nic'] }}"{% endif %}, + "prov_nic": "{{ scale['machine_types'][vendor][machine_type]['prov_nic'] if lab_name == 'scale' else alias['machine_types'][vendor][machine_type]['prov_nic'] }}", "prov_mac": "{{ key.mac[1] }}", "pm_addr": "{{ key.pm_addr }}", "pm_password": "{{ key.pm_password }}", diff --git a/ansible-ipi-install/roles/shared-labs-prep/tasks/main.yml b/ansible-ipi-install/roles/shared-labs-prep/tasks/main.yml index 94a4c0e57b..f4bee95bfc 100644 --- a/ansible-ipi-install/roles/shared-labs-prep/tasks/main.yml +++ b/ansible-ipi-install/roles/shared-labs-prep/tasks/main.yml @@ -290,6 +290,8 @@ manifest_path: "{{ collection_dir }}/redhatci/ocp/roles/installer/files/openshift/" customize_extramanifestsopenshift_path: "{{ collection_dir }}/redhatci/ocp/roles/installer/files/openshift/" customize_extramanifests_path: "{{ collection_dir }}/redhatci/ocp/roles/installer/files/manifests/" + master_network_config_template: "{{ collection_dir }}/redhatci/ocp/roles/installer/files/master_nmstate_file.yaml" + worker_network_config_template: "{{ collection_dir }}/redhatci/ocp/roles/installer/files/worker_nmstate_file.yaml" - name: Clean up any existing manifest content file: @@ -341,6 +343,18 @@ when: - sctp | bool + - name: Copy master nmstate file + template: + src: "ocp4-lab.nmstate.conf.j2" + dest: "{{ collection_dir }}/redhatci/ocp/roles/installer/files/{{ node_item }}_nmstate_file.yaml" + mode: 0644 + force: true + with_items: + - "master" + - "worker" + loop_control: + loop_var: node_item + delegate_to: localhost - name: Copy the approve_csr script from the local machine to the remote server diff --git a/ansible-ipi-install/roles/shared-labs-prep/templates/ocp4-lab.nmstate.conf.j2 b/ansible-ipi-install/roles/shared-labs-prep/templates/ocp4-lab.nmstate.conf.j2 new file mode 100644 index 0000000000..21bd649bbe --- /dev/null +++ b/ansible-ipi-install/roles/shared-labs-prep/templates/ocp4-lab.nmstate.conf.j2 @@ -0,0 +1,37 @@ +interfaces: +{% for nic in disable_nics %} +- name: {{ nic }} + state: down + ipv4: + enabled: false + ipv6: + enabled: false +{% endfor %} +{% raw -%} +- name: {{ provision_nic }} + state: up + type: ethernet + ipv4: + enabled: true + dhcp: true + auto-dns: true + auto-gateway: true + auto-routes: true + ipv6: + enabled: true + autoconf: false + dhcp: false +- name: {{ baremetal_nic }} + state: up + type: ethernet + ipv4: + enabled: true + dhcp: true + auto-dns: true + auto-gateway: true + auto-routes: true + ipv6: + enabled: true + autoconf: false + dhcp: false +{% endraw %} diff --git a/ansible-ipi-install/roles/shared-labs-prep/templates/ocp4-lab.udev-pubnics.rules.j2 b/ansible-ipi-install/roles/shared-labs-prep/templates/ocp4-lab.udev-pubnics.rules.j2 index cc4e1f12ae..5d5b126da9 100644 --- a/ansible-ipi-install/roles/shared-labs-prep/templates/ocp4-lab.udev-pubnics.rules.j2 +++ b/ansible-ipi-install/roles/shared-labs-prep/templates/ocp4-lab.udev-pubnics.rules.j2 @@ -1,3 +1,3 @@ {% for nic in disable_nics %} -ACTION=="add", SUBSYSTEM=="net", ENV{INTERFACE}=="{{ nic }}", RUN+="/bin/sh -c 'echo 1 > /sys$DEVPATH/device/remove'" +ACTION=="add", SUBSYSTEM=="net", ENV{INTERFACE}=="{{ nic }}", RUN+="/bin/sh -c 'echo 1 > /sys$env{DEVPATH}/device/remove'" {% endfor %} \ No newline at end of file From 4ffe6a4d1a6b509a70ee7863e23faef8ab67a325 Mon Sep 17 00:00:00 2001 From: Murali Krishnasamy Date: Sat, 23 Mar 2024 15:31:24 -0400 Subject: [PATCH 91/97] corrected variable dict --- .../roles/bootstrap/tasks/55_add_ocp_masters.yml | 2 +- .../roles/bootstrap/tasks/60_add_ocp_workers.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/ansible-ipi-install/roles/bootstrap/tasks/55_add_ocp_masters.yml b/ansible-ipi-install/roles/bootstrap/tasks/55_add_ocp_masters.yml index 7c264dcf35..6c0bc3a40b 100644 --- a/ansible-ipi-install/roles/bootstrap/tasks/55_add_ocp_masters.yml +++ b/ansible-ipi-install/roles/bootstrap/tasks/55_add_ocp_masters.yml @@ -13,7 +13,7 @@ baremetal_nic: "{{ node_item.bm_nic }}" hardware_profile: "default" poweroff: true - loop: "{{ deploying_master_nodes_content }}" + loop: "{{ deploying_master_nodes_content['nodes'] }}" loop_control: index_var: node_index loop_var: node_item diff --git a/ansible-ipi-install/roles/bootstrap/tasks/60_add_ocp_workers.yml b/ansible-ipi-install/roles/bootstrap/tasks/60_add_ocp_workers.yml index a7d52f2c94..3ee893d022 100644 --- a/ansible-ipi-install/roles/bootstrap/tasks/60_add_ocp_workers.yml +++ b/ansible-ipi-install/roles/bootstrap/tasks/60_add_ocp_workers.yml @@ -13,7 +13,7 @@ baremetal_nic: "{{ node_item.bm_nic }}" hardware_profile: "unknown" poweroff: true - loop: "{{ deploying_worker_nodes_content }}" + loop: "{{ deploying_worker_nodes_content['nodes'] }}" loop_control: index_var: node_index loop_var: node_item \ No newline at end of file From 0a5b042b759afcc54dab8c89233da1285b2837ba Mon Sep 17 00:00:00 2001 From: Murali Krishnasamy Date: Sun, 24 Mar 2024 17:10:47 -0400 Subject: [PATCH 92/97] scale worker patch --- ansible-ipi-install/playbook-jetski-scaleup.yml | 1 + .../roles/scale-bootstrap/tasks/main.yml | 15 +++++++++++++++ .../roles/scale-worker/tasks/20_create_bmh.yml | 17 +++++++++++++++++ .../templates/bare-metal-host.yaml.j2 | 7 ++++++- .../bare-metal-network-config-secret.yaml.j2 | 7 +++++++ 5 files changed, 46 insertions(+), 1 deletion(-) create mode 100644 ansible-ipi-install/roles/scale-worker/templates/bare-metal-network-config-secret.yaml.j2 diff --git a/ansible-ipi-install/playbook-jetski-scaleup.yml b/ansible-ipi-install/playbook-jetski-scaleup.yml index d18559ed9d..b27cd798b6 100644 --- a/ansible-ipi-install/playbook-jetski-scaleup.yml +++ b/ansible-ipi-install/playbook-jetski-scaleup.yml @@ -27,6 +27,7 @@ - supermicro_nodes - ocp_deploying_node_content - nondeploying_worker_nodes_content + - worker_network_config_template - quit_play - hosts: provisioner diff --git a/ansible-ipi-install/roles/scale-bootstrap/tasks/main.yml b/ansible-ipi-install/roles/scale-bootstrap/tasks/main.yml index 01e36baafa..f725876b01 100644 --- a/ansible-ipi-install/roles/scale-bootstrap/tasks/main.yml +++ b/ansible-ipi-install/roles/scale-bootstrap/tasks/main.yml @@ -213,3 +213,18 @@ - name: set ocp_nondeplopyed_node_content set_fact: nondeploying_worker_nodes_content: "{{ ocp_nondeployed_node_content | combine({'nodes': ocp_nondeployed_node_content.nodes|difference(scale_worker_node.nodes)}, recursive=True) }}" + +- name: "Check ansible collection path - redhatci.ocp" + community.general.ansible_galaxy_install: + type: collection + name: redhatci.ocp + register: out + +- set_fact: + collection_dir: "{{ item.key }}" + with_dict: "{{ out.installed_collections }}" + when: "item.value != {}" + +- name: Set manifest directory path + set_fact: + worker_network_config_template: "{{ collection_dir }}/redhatci/ocp/roles/installer/files/worker_nmstate_file.yaml" diff --git a/ansible-ipi-install/roles/scale-worker/tasks/20_create_bmh.yml b/ansible-ipi-install/roles/scale-worker/tasks/20_create_bmh.yml index 9c57579dc9..700acfddec 100644 --- a/ansible-ipi-install/roles/scale-worker/tasks/20_create_bmh.yml +++ b/ansible-ipi-install/roles/scale-worker/tasks/20_create_bmh.yml @@ -1,3 +1,20 @@ +- name: Create network config secret for workers + template: + dest: "{{ scaling_dir }}/{{ item.host_name }}-network-config-secret.yaml" + src: bare-metal-network-config-secret.yaml.j2 + loop: "{{ scale_worker_node.nodes }}" + loop_control: + extended: yes + +- name: Apply network config secret for workers + environment: + KUBECONFIG: "{{ kubeconfig_file }}" + shell: | + oc apply -f {{ scaling_dir }}/{{ item.host_name }}-network-config-secret.yaml + loop: "{{ scale_worker_node.nodes }}" + loop_control: + extended: yes + - name: Create BareMetalHost definition file for new worker template: dest: "{{ scaling_dir }}/{{ item.host_name }}-bmh.yaml" diff --git a/ansible-ipi-install/roles/scale-worker/templates/bare-metal-host.yaml.j2 b/ansible-ipi-install/roles/scale-worker/templates/bare-metal-host.yaml.j2 index 776f92051b..950ffaf537 100644 --- a/ansible-ipi-install/roles/scale-worker/templates/bare-metal-host.yaml.j2 +++ b/ansible-ipi-install/roles/scale-worker/templates/bare-metal-host.yaml.j2 @@ -13,7 +13,12 @@ spec: bootMACAddress: "{{ item.prov_mac }}" {% if bootmode is defined and bootmode == 'legacy' %} bootMode: legacy -{% endif %} +{% endif %} +{% if worker_network_config_template is defined %} + networkData: + name: "{{ item.host_name }}-network-config-secret" + namespace: "openshift-machine-api" +{% endif %} userData: name: worker-user-data namespace: openshift-machine-api diff --git a/ansible-ipi-install/roles/scale-worker/templates/bare-metal-network-config-secret.yaml.j2 b/ansible-ipi-install/roles/scale-worker/templates/bare-metal-network-config-secret.yaml.j2 new file mode 100644 index 0000000000..a21cc52679 --- /dev/null +++ b/ansible-ipi-install/roles/scale-worker/templates/bare-metal-network-config-secret.yaml.j2 @@ -0,0 +1,7 @@ +apiVersion: v1 +data: + nmstate: {{ lookup('template', worker_network_config_template, template_vars=dict(provision_nic=item.prov_nic,baremetal_nic=item.bm_nic)) | b64encode }} +kind: Secret +metadata: + name: "{{ item.host_name }}-network-config-secret" + namespace: openshift-machine-api From 8ce758c3d11fc147e4295f4a4ad067c6b2bad263 Mon Sep 17 00:00:00 2001 From: Murali Krishnasamy Date: Thu, 28 Mar 2024 16:32:18 -0400 Subject: [PATCH 93/97] updated r650 nic naming --- ansible-ipi-install/roles/bootstrap/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible-ipi-install/roles/bootstrap/defaults/main.yml b/ansible-ipi-install/roles/bootstrap/defaults/main.yml index 58e419c726..9a4f0644f7 100644 --- a/ansible-ipi-install/roles/bootstrap/defaults/main.yml +++ b/ansible-ipi-install/roles/bootstrap/defaults/main.yml @@ -95,5 +95,5 @@ scale: r650: pub_nic: eno12399np0 prov_nic: ens1f1 - bm_nic: ens2f0 + bm_nic: ens2f0np0 bm_nic_2: eno12409np1 \ No newline at end of file From 702a7fc8ab8bc4206c034a1f7698d6cc5046fde9 Mon Sep 17 00:00:00 2001 From: Murali Krishnasamy Date: Mon, 22 Apr 2024 10:47:31 -0400 Subject: [PATCH 94/97] updated public vlan nic for fc640 --- ansible-ipi-install/roles/bootstrap/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible-ipi-install/roles/bootstrap/defaults/main.yml b/ansible-ipi-install/roles/bootstrap/defaults/main.yml index 9a4f0644f7..2c094623aa 100644 --- a/ansible-ipi-install/roles/bootstrap/defaults/main.yml +++ b/ansible-ipi-install/roles/bootstrap/defaults/main.yml @@ -85,7 +85,7 @@ scale: pub_nic: eno1 prov_nic: ens2f0 bm_nic: ens2f1 - bm_nic_2: eth1 + bm_nic_2: ens2f1 r640: pub_nic: eno1np0 prov_nic: ens1f1 From dd4b953b7883e4e494b85f9308b59083a272246e Mon Sep 17 00:00:00 2001 From: Murali Krishnasamy <70236227+mukrishn@users.noreply.github.com> Date: Fri, 27 Sep 2024 10:45:19 -0400 Subject: [PATCH 95/97] removed rdo packages that are not required in rhel9 --- ansible-ipi-install/roles/shared-labs-prep/vars/main.yml | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/ansible-ipi-install/roles/shared-labs-prep/vars/main.yml b/ansible-ipi-install/roles/shared-labs-prep/vars/main.yml index a18f57c0c2..a9010f2be7 100644 --- a/ansible-ipi-install/roles/shared-labs-prep/vars/main.yml +++ b/ansible-ipi-install/roles/shared-labs-prep/vars/main.yml @@ -13,7 +13,6 @@ yum_packages: - python3-requests - sshpass - make -rdo_packages: - - https://trunk.rdoproject.org/rhel8-master/deps/latest/Packages/python3-crypto-2.6.1-18.el8ost.x86_64.rpm - - https://trunk.rdoproject.org/rhel8-master/deps/latest/Packages/python3-pyghmi-1.0.22-2.el8ost.noarch.rpm +rdo_packages: [] + badfish_podman_cmd: "podman run --pull=always --rm quay.io/quads/badfish -u {{ lab_ipmi_user }} -p {{ lab_ipmi_password }} -i config/idrac_interfaces.yml -H mgmt-" From a02d2bbf86c13683cfad61ff223bd2b801c3ad79 Mon Sep 17 00:00:00 2001 From: Murali Krishnasamy Date: Fri, 27 Sep 2024 10:53:02 -0400 Subject: [PATCH 96/97] fixed jinja templating issue --- .../roles/network-discovery/tasks/10_get_nic.yml | 13 +++++++++++++ .../roles/network-discovery/tasks/main.yml | 16 +++------------- 2 files changed, 16 insertions(+), 13 deletions(-) create mode 100644 ansible-ipi-install/roles/network-discovery/tasks/10_get_nic.yml diff --git a/ansible-ipi-install/roles/network-discovery/tasks/10_get_nic.yml b/ansible-ipi-install/roles/network-discovery/tasks/10_get_nic.yml new file mode 100644 index 0000000000..8240a387a6 --- /dev/null +++ b/ansible-ipi-install/roles/network-discovery/tasks/10_get_nic.yml @@ -0,0 +1,13 @@ +- name: set network facts + set_fact: + nic_dict: "{{ vars['ansible_' + item] }}" + +- name: Get the bm interface + set_fact: + pub_nic: "{{ item }}" + when: nic_dict.macaddress is defined and nic_dict.type == "ether" and nic_dict.macaddress == bm_mac + +- name: Get the provisioning interface + set_fact: + prov_nic: "{{ item }}" + when: nic_dict.macaddress is defined and nic_dict.type == "ether" and nic_dict.macaddress == prov_mac diff --git a/ansible-ipi-install/roles/network-discovery/tasks/main.yml b/ansible-ipi-install/roles/network-discovery/tasks/main.yml index 9a1e8aea7b..727b57a082 100644 --- a/ansible-ipi-install/roles/network-discovery/tasks/main.yml +++ b/ansible-ipi-install/roles/network-discovery/tasks/main.yml @@ -32,19 +32,9 @@ set_fact: ansible_eligible_interfaces: "{{ ansible_eligible_interfaces | reject('search', '[.]') | list }}" -- name: Get the bm interface - set_fact: - pub_nic: "{{ item }}" - when: ansible_{{ item }}.macaddress is defined and ansible_{{ item}}.type == "ether" and ansible_{{ item }}.macaddress == bm_mac - with_items: - - "{{ ansible_eligible_interfaces }}" - -- name: Get the provisioning interface - set_fact: - prov_nic: "{{ item }}" - when: ansible_{{ item }}.macaddress is defined and ansible_{{ item }}.type == "ether" and ansible_{{ item }}.macaddress == prov_mac - with_items: - - "{{ ansible_eligible_interfaces }}" +- include_tasks: 10_get_nic.yml + with_items: + - "{{ ansible_eligible_interfaces }}" - name: Set lab_pub_nics for master set_fact: From 11bc466beb7e8362c066dbd0fb8f3ca3aad3050f Mon Sep 17 00:00:00 2001 From: Murali Krishnasamy Date: Fri, 27 Sep 2024 10:53:23 -0400 Subject: [PATCH 97/97] changed scale lab api endpoint --- ansible-ipi-install/roles/bootstrap/tasks/10_load_inv.yml | 4 ++-- ansible-ipi-install/roles/scale-bootstrap/tasks/main.yml | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/ansible-ipi-install/roles/bootstrap/tasks/10_load_inv.yml b/ansible-ipi-install/roles/bootstrap/tasks/10_load_inv.yml index 6d0c7188ad..9be2d7d555 100644 --- a/ansible-ipi-install/roles/bootstrap/tasks/10_load_inv.yml +++ b/ansible-ipi-install/roles/bootstrap/tasks/10_load_inv.yml @@ -18,7 +18,7 @@ - name: Download ocpinv.json block: - uri: - url: "{{ alias.lab_url }}/cloud/{{ cloud_name }}_ocpinventory.json" + url: "{{ alias.lab_url }}/instack/{{ cloud_name }}_ocpinventory.json" return_content: yes register: response @@ -29,7 +29,7 @@ - name: Download ocpinv.json block: - uri: - url: "{{ scale.lab_url }}/cloud/{{ cloud_name }}_ocpinventory.json" + url: "{{ scale.lab_url }}/instack/{{ cloud_name }}_ocpinventory.json" return_content: yes register: response diff --git a/ansible-ipi-install/roles/scale-bootstrap/tasks/main.yml b/ansible-ipi-install/roles/scale-bootstrap/tasks/main.yml index f725876b01..33817ef6ab 100644 --- a/ansible-ipi-install/roles/scale-bootstrap/tasks/main.yml +++ b/ansible-ipi-install/roles/scale-bootstrap/tasks/main.yml @@ -22,7 +22,7 @@ - name: Download ocpinv.json block: - uri: - url: "{{ alias.lab_url }}/cloud/{{ cloud_name }}_ocpinventory.json" + url: "{{ alias.lab_url }}/instack/{{ cloud_name }}_ocpinventory.json" return_content: yes register: response @@ -33,7 +33,7 @@ - name: Download ocpinv.json block: - uri: - url: "{{ scale.lab_url }}/cloud/{{ cloud_name }}_ocpinventory.json" + url: "{{ scale.lab_url }}/instack/{{ cloud_name }}_ocpinventory.json" return_content: yes register: response