Skip to content

Following the OpenShift Reference Architecture using ansible to automate installtion of Infra and OCP

License

Notifications You must be signed in to change notification settings

spicoli9000/ansible-ocp-azure

 
 

Repository files navigation

OpenShift on Azure (2019-05 : Work-in-Progress)

This project automates the installation of OpenShift on Azure using ansible. It follows the OpenShift + Azure Reference Architecture closely. By default the following is deployed, 3 masters, 3 Infra nodes, 3 app nodes, Logging (EFK), Metrics. If deploying OpenShift Container Storage (Formerly CNS), this automation will follow best practices and depending on how many app nodes being deployed will create 1 OCS cluster for all storage is less than 3 app nodes and 2 OCS clusters if greater than or equal to 3 app nodes. SSH access is restricted into the cluster by allowing only the bastion to reach each Node, ssh is then proxied from the ansible control host via the bastion accesing nodes by hostname. ssh ocp-master-1

Topology

enter image description here

Virtual Machine Sizing

The following table outlines the sizes used to better understand the vCpu and Memory quotas needed to successfully deploy OpenShift on Azure. Verify your current subscription quotas meet the below requirements.

Instance Hostname # VM Size vCpu's Memory
Master Nodes ocp-master-# 3 Standard_D4s_v3 4 16
Infra Nodes ocp-infra-# 3 Standard_D4s_v3 4 16
App Nodes ocp-app-# 3 Standard_D2S_v3 2 8
Bastion bastion 1 Standard_D1 1 3.5
Total 10 31 123.5Gb

VM sizes can be configured from defaults by changing the following variables, if the sizes chosen are below minimum OpenShift requirements deployment checks will fail.

Variable VM Size
vm_size_master: Standard_D4s_v3
vm_size_infra: Standard_D4s_v3
vm_size_node: Standard_D2s_v3
vm_size_bastion: Standard_D1

After installing and setting up Azure CLI the following command can be used to show available VM Resources in a location.

az vm list-usage --location westus --output table

Pre-Reqs

Reqs A few Pre-Reqs need to be met and are documented in the Reference Architecture already. Ansible 2.6 is required, the ansible control host running the deployment needs to be registered and subscribed to rhel-7-server-ansible-2.6-rpms. Creating a Service Principal is documented as well as setting up the Azure CLI. Currently the Azure CLI is setup on the ansible control host running the deployment using the playbook azure_cli.yml or by following instructions here, Azure CLI Setup.

  1. Ansible control host setup: Register the ansible control host used for this deployment with valid RedHat subscription thats able to pull down ansible 2.6 or manually install ansible 2.6 along with atomic-openshift-utils.
    sudo subscription-manager register --username < username > --password < password >
    sudo subscription-manager attach --pool < pool_id >
    sudo subscription-manager repos --disable=*
    sudo subscription-manager repos \
    --enable="rhel-7-server-rpms" \
    --enable="rhel-7-server-extras-rpms" \
    --enable="rhel-7-server-ose-3.11-rpms" \
    --enable="rhel-7-fast-datapath-rpms" \
    --enable="rhel-7-server-ansible-2.6-rpms"

    sudo yum -y install ansible openshift-ansible git wget net-tools bind-utils yum-utils bash-completion kexec-tools sos psacct

  1. Clone this repository
git clone https://github.com/spicoli9000/ansible-ocp-azure.git; cd ansible-ocp-azure
  1. Install Azure CLI, using playbook included or manually following above directions.
ansible-playbook azure-cli.yml
  1. Authenticate with Azure, az login described here, Azure Authentication.
  2. Create a Service Principal outlined here, Creating SP. and 3.9 Reference Architecture
az ad sp create-for-rbac --name ServicePrincipalName --password PASSWORD
  1. Copy vars.yml.example to vars.yml
cp vars.yml.example vars.yml 
  1. Fill out required variables below.
  2. Due to bug ansible/ansible#40332 if the ansible control host used to deploy from has LANG set to something other than en then you must unset LANG

Required Variables

Most defaults are specified in role/azure/defaults/main.yml, Sensitive information is left out and should be entered in vars.yml. Below are required variables that should be filled in before deploying.

  • location: - Azure location for deployment ex. eastus
  • rg: - Azure Resource Group ex. test-rg
  • admin_user: - SSH user that will be created on each VM ex. cloud-user
  • admin_pubkey: - Copy paste the Public SSH key that will be added to authorized_keys on each VM ex. ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAB
  • admin_privkey: - Path to the private ssh key associated with the public key above. ex. '~/.ssh/id_rsa
  • sp_name: - Service Principal name created in step 5.
  • sp_secret: - Service Principal secret
  • sp_app_id: - Service Principal APPID

added 201905

  • tenant_id: - Azure tenant id (from cli: # az login)
  • subscripton_id: Azure subscription id (from cli: # az account show -o tsv --query 'id')
  • registry_io_user: Red Hat container catalog user id
  • registry_io_user_pswd: Red Hat container catalog user password

  • rhsm_user: - If subscribing to RHSM using username / password, fill in username
  • rhsm_pass: - If subscribing to RHSM using username / password, fill in passowrd for RHSM
  • rhsm_key: - If subscribing to RHSM using activation key and orgId fill in activation key here.
  • rhsm_org: - If subscribing to RHSM using activation key and orgId fill in orgId here.
  • rhsm_broker_pool: - If you have a broker pool id for masters / infra nodes fill it in here. This will be used to for all masters/infra nodes. If you only have one pool id to use make this the same as rhsm_node_pool.
  • rhsm_node_pool: - If you have a application pool id for app nodes fill it in here. This will be used for all application nodes. If you only have one pool id to use make this the same as rhsm_broker_pool
  • ocs_infra_cluster_usable_storage: How much usable storage on the INFRA OCS Cluster, This will create bricks of this size on each Infra Node.
  • ocs_app_cluster_usable_storage: How much usable storage on the Application OCS Cluster, This will create bricks of this size on each APP Node. Number of Nodes
  • master_nodes: Defaults to 3 -> [1,2,3]
  • infra_nodes: Defaults to 3 -> [1,2,3]
  • app_nodes: Defaults to 3 -> [1,2,3] add additional nodes here.

Optional Variables:

  • vnet_cidr: - Can customize as needed, ex "10.0.0.0/16" By Default the HTPasswdPasswordIdentityProvider is used but can be customized, this will be templated out to the ansible hosts file. By default htpasswd user is added.
  • openshift_master_htpasswd_users: - Contains the user: < passwd hash generated from htpasswd -n user >
  • deploy_cns: true
  • deploy_cns_to_infra: true - This should always be 'True' if depoy_cns is 'True', no longer create separate CNS nodes
  • deploy_metrics: true
  • deploy_logging: true
  • metrics_volume_size: '20Gi'
  • logging_volume_size: '100Gi'

2019-05 additional notes

On the machine running ansible, will need to ensure the following items are installed:

#sudo yum install epel-release-latest-7.noarch.rpm
#sudo yum -y install python2-pip
#sudo pip install packaging
#sudo pip install msrestazure
#sudo pip install ansible[azure]

Deployment

After all pre-reqs are met and required variables have been filled out the deployment consists of running the following: ansible-playbook deploy.yml -e @vars.yml

To deploy individual segments use tags:

  • Azure infrastructure only: ansible-playbook deploy.yml -e @vars.yml --tags=infra
  • OCP Prerequisites: ansible-playbook deploy.yml -e @vars.yml --tags=ocp-pre
  • OCP components: ansible-playbook deploy.yml -e @vars.yml --tags=ocp-deploy
  • OCP post-install: ansible-playbook deploy.yml -e @vars.yml --tags=ocp-post

The ansible control host running the deployment will be setup to use ssh proxy through the bastion in order to reach all nodes. The openshift inventory hosts file will be templated into the project root directory and used for the Installation.

Destroy

ansible-playbook destroy.yml [email protected]

About

Following the OpenShift Reference Architecture using ansible to automate installtion of Infra and OCP

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published