Deploy openshift via ansible on fedora-atomic 27

Run openshift via ansible on fedora-atomic 27

Requements(node configuration)
– 3 node fedora atomic 27
– debian node with python3,docker,docker-compose packages,ansible(>= 2.3)
– ssh-login without password on all nodes from deploying node(from
– Functional DNS server, with all hosts configured by appropriate domain names (ensure nslookup of the hostnames is successful in resolving the machine’s IP addresses
– Setup passwordless SSH between the Ansible host and other hosts.

Node settings
– ansible,dns node 10.12.4.37 – Debian with python3,docker,docker-compose packages
– fedora atomic 10.12.4.49 – resolved by name master.openshift.local
– fedora atomic 10.12.4.50 – resolved by name node1.openshift.local
– fedora atomic 10.12.4.51 – resolved by name node2.openshift.local
– dns nameserver after build and up compose file must be changed on 10.12.4.37

1. Configure ansible, dns node

Install requirements

nano /etc/apt/sources.list

Add line

deb http://ppa.launchpad.net/ansible/ansible/ubuntu trusty main

add key

 apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 93C4A3FD7BB9C367

Install

 apt-get update
 apt-get install ansible git  -y

Clone bind9 docker-compose

mkdir /docker-compose
cd /docker-compose
git clone git@github.com:galushkoav/bind9.git
cd bind9
docker-compose build
docker-compose up -d

Change dns-nameserver

nano /etc/resolv.conf

edit

nameserver 10.12.4.37

1. Configure fedora-atomic nodes

Change dns-nameserver

vi /etc/resolv.conf

edit

nameserver 10.12.4.37

3. Deploy openshift from ansible node

Git clone

git clone https://github.com/openshift/openshift-ansible.git

cd openshift-ansible

Change branch

git checkout remotes/origin/release-3.6

COnfigure myinventory file

nano myinventory

paste

# Create an OSEv3 group that contains the masters and nodes groups
[OSEv3:children]
masters
nodes
etcd
# Set variables common for all OSEv3 hosts
[OSEv3:vars]
ansible_ssh_user=root
ansible_ssh_port=22
deployment_type=origin
containerized=true
openshift_release=v3.7
openshift_image_tag=v3.7.0
openshift_router_selector='router=true'
openshift_registry_selector='registry=true'
#osm_default_node_selector='region=lab'
openshift_master_default_subdomain=cluster.openshift.local
debug_level=2
#Disable check for options
openshift_disable_check=['disk_availability','memory_availability','docker_storage','docker_image_availability']
# enable htpasswd auth
openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', 'challenge': 'true', 'kind': 'HTPasswdPasswordIdentityProvider', 'filename': '/etc/origin/master/htpasswd'}]
openshift_master_htpasswd_users={'admin': '$apr1$zgSjCrLt$1KSuj66CggeWSv.D.BXOA1', 'user': '$apr1$.gw8w9i1$ln9bfTRiD6OwuNTG5LvW50'}
[masters]
master.openshift.local
[etcd]
master.openshift.local
[nodes]
master.openshift.local openshift_node_labels="{'region': 'infra', 'zone': 'baremetal'}" openshift_schedulable=true
node1.openshift.local openshift_node_labels="{'region': 'lab', 'zone': 'baremetal'}" openshift_schedulable=true
node2.openshift.local  openshift_node_labels="{'region': 'lab', 'zone': 'baremetal'}" openshift_schedulable=true

Check

ansible -i myinventory nodes -a '/usr/bin/rpm-ostree status'

Deploy

ansible-playbook -i myinventory playbooks/byo/config.yml -e 'ansible_python_interpreter=/usr/bin/python3'

It’s time to coffee brake. 15-20 min.

PLAY RECAP ********************************************************************************************************************************************************************
localhost                  : ok=15   changed=0    unreachable=0    failed=0
master.openshift.local     : ok=743  changed=148  unreachable=0    failed=0
node1.openshift.local      : ok=263  changed=47   unreachable=0    failed=0
node2.openshift.local      : ok=260  changed=45   unreachable=0    failed=0

Add user admin

ansible -i myinventory masters -a '/usr/local/bin/oadm policy add-cluster-role-to-user cluster-admin admin'

master.openshift.local | SUCCESS | rc=0 >>
cluster role "cluster-admin" added: "admin"

Go to

https://10.12.4.49:8443

The password for the admin user is OriginAdmin, while the password for the user user is OriginUser.

Done

Snippets

Remove openshift from nodes

ansible-playbook -i myinventory ./playbooks/adhoc/uninstall.yml

Openshift multimaster config

[OSEv3:children]
masters
nodes
etcd
lb
[OSEv3:vars]
ansible_ssh_user=root
openshift_uninstall_images=False
deployment_type=origin
openshift_release=v3.8
openshift_image_tag=v3.8.0
openshift_uninstall_images=False
#enable log agregation
openshift_hosted_logging_deploy=true
#The namespace that Aggregated Logging will be installed in. Defaults to 'logging'.
openshift_logging_namespace=booyah
#The number of ES cluster members. Defaults to '1'.
openshift_logging_es_cluster_size=3
# The amount of RAM that should be assigned to ES. Defaults to '8Gi'.
openshift_logging_es_memory_limit=1G
#Default node selector for automatically deploying router pods.
openshift_router_selector='region=infra'
#Default node selector for automatically deploying registry pods
openshift_registry_selector='region=infra'
#Optional. This variable defines the HA method when deploying multiple masters. Supports the native method.
openshift_master_cluster_method=native
#Default master hostname
openshift_master_cluster_hostname=ip-172-18-6-117.ec2.internal
#This variable overrides the public host name for the cluster, which defaults to the host name of the master.
openshift_master_cluster_public_hostname=ec2-54-163-115-241.compute-1.amazonaws.com
[masters]
master1.openshift.local
master2.openshift.local
master3.openshift.local
#ec2-54-82-147-181.compute-1.amazonaws.com openshift_ip=172.18.7.249 openshift_public_ip=54.82.147.181 openshift_hostname=ip-172-18-7-249.ec2.internal openshift_public_hostname=ec2-54-82-147-181.compute-1.amazonaws.com
#ec2-52-90-80-178.compute-1.amazonaws.com openshift_ip=172.18.15.190 openshift_public_ip=52.90.80.178 openshift_hostname=ip-172-18-15-190.ec2.internal openshift_public_hostname=ec2-52-90-80-178.compute-1.amazonaws.com
#ec2-52-90-181-119.compute-1.amazonaws.com openshift_ip=172.18.1.223 openshift_public_ip=52.90.181.119 openshift_hostname=ip-172-18-1-223.ec2.internal openshift_public_hostname=ec2-52-90-181-119.compute-1.amazonaws.com
[nodes]
master1.openshift.local openshift_schedulable=false
master2.openshift.local openshift_schedulable=false
master3.openshift.local openshift_schedulable=false
node1.openshift.local  openshift_node_labels="{'router':'true','registry':'true'}"
node2.openshift.local openshift_node_labels="{'router':'true','registry':'true'}"
#openshift_node_labels="{'region':'infra','zone':'default'}"
[etcd]
master1.openshift.local openshift_schedulable=false
master2.openshift.local openshift_schedulable=false
master3.openshift.local openshift_schedulable=false
[lb]
lb.openshift.local

Materials

Официальная документация на версию 3.7

#https://access.redhat.com/documentation/en-us/openshift_container_platform/3.7/pdf/installation_and_configuration/OpenShift_Container_Platform-3.7-Installation_and_Configuration-en-US.pdf

#Инфа по переменным при инстале
https://docs.openshift.org/latest/install_config/install/advanced_install.html
#http://www.randomlyexpressed.com/open-shift-origin-ansible/
#https://developer.fedoraproject.org/deployment/openshift/about.html
#https://dustymabe.com/2016/12/07/installing-an-openshift-origin-cluster-on-fedora-25-atomic-host-part-1/
#https://dustymabe.com/2016/12/12/installing-an-openshift-origin-cluster-on-fedora-25-atomic-host-part-2/
#https://dzone.com/articles/deploying-docker-images-to-openshift
#http://openebs.readthedocs.io/en/latest/install/openshift.html