Deploy openshift 3.7 via ansible on fedora-atomic 27 with calico network

Requements(node configuration)
– 3 node fedora atomic 27
– debian node with python3,docker,docker-compose packages
– ssh-login without password on all nodes from deploying node(from
– dns records(by dns server or wildcard domains )
– python3 on ansible-deploy-node
Node settings
– ansible,dns node 10.12.4.37 – Debian with python3,docker,docker-compose packages
– fedora atomic 10.12.4.58 – resolved by name master.cluster.dev
– fedora atomic 10.12.4.59 – resolved by name node1.cluster.dev
– fedora atomic 10.12.4.60 – resolved by name node2.cluster.dev
– dns nameserver after build and up compose file must be changed on 10.12.4.37

1. Configure ansible, dns node

Install requirements

nano /etc/apt/sources.list

Add line

deb http://ppa.launchpad.net/ansible/ansible/ubuntu trusty main

add key

 apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 93C4A3FD7BB9C367

Install

 apt-get update
 apt-get install ansible git  -y

Clone bind9 docker-compose

mkdir /docker-compose
cd /docker-compose
git clone git@github.com:galushkoav/bind9.git
cd bind9
docker-compose build
docker-compose up -d

Change dns-nameserver

nano /etc/resolv.conf

edit

nameserver 10.12.4.37

1. Configure fedora-atomic nodes

cd /docker-compose/bind/configs/bind/

Edit dns config

nano named.conf

########################
## options
########################
acl mynetwork { 0.0.0.0/0; };
    options {
        directory "/var/bind";
        auth-nxdomain no;
        forwarders {8.8.4.4; 8.8.8.8; };
        listen-on-v6 { none; };
        allow-query { mynetwork; };
    };
########################
## zones
########################
zone "cluster.dev" IN {
    type master;
    file "/etc/bind/cluster.dev.zone";
};

Edit zone config

nano cluster.dev.zone

$TTL 30
$ORIGIN cluster.dev.
@ IN SOA cluster.dev. admin.cluster.dev. (
    2015020301 ; Serial
            1d ; Refresh
            1h ; Retry
            1w ; Expire
            2h ; Negative Cache TTL
    )
@   IN   NS   cluster.dev.
@   IN   A    10.12.4.58
*   IN   A    10.12.4.58
master   IN   A    10.12.4.58
node1   IN   A    10.12.4.59
node2   IN   A    10.12.4.60

Restart docker dns server

cd /docker-compose/bind9/
docker-compose restart

Change dns-nameserver

vi /etc/resolv.conf

edit

nameserver 10.12.4.37

3. Deploy openshift from ansible node

Git clone

git clone https://github.com/openshift/openshift-ansible.git

cd openshift-ansible

COnfigure openshift_inventory file

nano openshift_inventory

paste

# Create an OSEv3 group that contains the masters and nodes groups
[OSEv3:children]
masters
nodes
etcd
[OSEv3:vars]
# SSH user, this user should allow ssh based auth without requiring a password
ansible_ssh_user=root
ansible_ssh_port=22
openshift_deployment_type=origin
deployment_type=origin
##Openshift version
openshift_release=v3.7
openshift_pkg_version=-3.7.0
openshift_image_tag=v3.7.0
#Debug level
debug_level=2
#Disable check
openshift_disable_check=disk_availability,memory_availability,docker_storage,docker_image_availability
##Default master domain
openshift_master_default_subdomain=apps.cluster.dev
###Deploy calico network
os_sdn_network_plugin_name=cni
openshift_use_calico=true
openshift_use_openshift_sdn=false
##Deploing nodes for services
osm_default_node_selector='region=lab'
openshift_hosted_router_selector='region=infra'
openshift_hosted_registry_selector='region=infra'
###access by admin admin
openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', 'challenge': 'true', 'kind': 'HTPasswdPasswordIdentityProvider', 'filename': '/etc/origin/htpasswd'}]
openshift_master_htpasswd_users={'admin': '$apr1$hyn7QTrL$pDxNvYGvwsY98P6kPPuQK/'}
[masters]
master.cluster.dev
[etcd]
master.cluster.dev
[nodes]
master.cluster.dev openshift_node_labels="{'region': 'infra', 'zone': 'baremetal'}" openshift_schedulable=true
node1.cluster.dev  openshift_node_labels="{'region': 'lab', 'zone': 'baremetal'}" openshift_schedulable=true
node2.cluster.dev  openshift_node_labels="{'region': 'lab', 'zone': 'baremetal'}" openshift_schedulable=true

Check

ansible -i myinventory nodes -a '/usr/bin/rpm-ostree status'

Predeployment

ansible-playbook -i openshift-ansible/openshift_inventory openshift-ansible/playbooks/prerequisites.yml

Deploy

ansible-playbook -i openshift-ansible/openshift_inventory openshift-ansible/playbooks/deploy_cluster.yml

It’s time to coffee brake. 15-20 min.

PLAY RECAP ********************************************************************************************************************************************************************
localhost                  : ok=15   changed=0    unreachable=0    failed=0
master.cluster.dev     : ok=743  changed=148  unreachable=0    failed=0
node1.cluster.dev      : ok=263  changed=47   unreachable=0    failed=0
node2.cluster.dev      : ok=260  changed=45   unreachable=0    failed=0

Go to

https://10.12.4.58:8443

The password for the admin user is admin

Done

Snippets

Remove openshift from nodes

ansible-playbook -i openshift_inventory  ./playbooks/adhoc/uninstall.yml

Materials
#http://www.randomlyexpressed.com/open-shift-origin-ansible/
#https://developer.fedoraproject.org/deployment/openshift/about.html
#https://dustymabe.com/2016/12/07/installing-an-openshift-origin-cluster-on-fedora-25-atomic-host-part-1/
#https://dustymabe.com/2016/12/12/installing-an-openshift-origin-cluster-on-fedora-25-atomic-host-part-2/
#https://blog.zencoffee.org/2016/07/deploying-openshift-origin-centos-atomic/
#http://farshidmirza.blogspot.ru/2017/12/advance-installation-of-openshift.html