export KUBECONFIG=<path-to-kubeconfig-on-ansible-controller>
Passwordless sudo for package install
echo "username ALL=(root) NOPASSWD:ALL" | tee -a /etc/sudoers.d/username
chmod 0440 /etc/sudoers.d/username
ansible-galaxy collection install amazon.aws
ansible-galaxy collection install community.aws
Ansible >= 2.9
Populate the inventory file in inventory
[orchestration]
localhost ansible_connection=local
Create your variables
$ cp ansible/group_vars/all.yml.sample ansible/group_vars/all.yml
$ vi ansible/group_vars/all.yml # Adjust any vars to your environment
Then run playbooks
ansible-playbook -i inventory/hosts webscale.yml
Tested for - OCP 4.5.11, 4.6.3
- OVN hybrid plugin is required, it has to be manually patched via cluster manifest file during intial deployment, JetSki would take care of this patch. https://github.com/mukrishn/labf5-setup/blob/main/00-network-manifest.yaml
- Need at least 1 worker node to host bigip Virtual machines
- Install SRIOV and OSV operators in the cluster, so obviously Hardware must support SRIOV and enable BIOs configuration. script for shared lab - https://github.com/mukrishn/sriov-prep
- Procure Licenses and update details in
ansible/group_vars/all.yml
- Assign Worker and Interface names under
BigIP playbook vars
section - This playbook must be executed from cluster provisioner node, as it creates VLAN sub-interface with private network to connect to VMs.
ansible-playbook -i inventory/hosts bigip-setup.yml
Red Hat procured BigIP Licenses for Dev/Test can be re-used, it has to be revoked properly from existing environment before the expiry date.
You can use this playbook to do that,
hosts
file
bigip:
hosts:
bigip0.apps.test722.myocp4.com:
ansible_host: "192.168.223.100"
license_key: "SQWEVQ-MWRFS-UXSWU-NFKCX-NEDFFF"
bigip_user: "admin"
bigip_password: "password"
bigip1.apps.test722.myocp4.com:
ansible_host: "192.168.223.101"
license_key: "UDUMT-RVTVT-NAWEX-DPIVS-LNIOPLB"
bigip_user: "admin"
bigip_password: "password"
playbook.yml
file
---
- name: Revoke License
hosts: [bigip]
gather_facts: false
environment:
F5_SERVER: "{{ ansible_host }}"
F5_USER: "admin"
F5_PASSWORD: "password"
F5_VALIDATE_CERTS: "false"
F5_SERVER_PORT: 443
connection: local
tasks:
- name: Revoke License
bigip_device_license:
accept_eula: true
license_key: "{{ license_key }}"
state: revoked
Execute - ansible-playbook -i hosts playbook.yml
to revoke licenses.
Detailed explaination about nightly operator and installation can be found here and here
Vars required to be set in group_vars/all.yml for a nightly build are below, comment/uncomment to update iib_id
for nightly operators. Script only installs nightly version for provided operators and installs OCP release version for others.
# Set to true to install nightly Operators and it is effective only for dev-preview builds,
# if set make sure to provide brew registry password and Index Image Build IDs
nightly_operator: true
# Required only for nightly operator installtion
brew_reg_password: ""
# Required only for nightly operator installtion
iib_id:
sriov: 25944 #openshift-sriov-network-operator
osv: 26761 #openshift-virtualization
# clo: 26761 #cluster-logging-operator
# amq: 26761 #amq-operator
# pao: 26761 #performance-addon-operator
# eso: 26761 #elastic-search-operator
# lso: 26761 #local-storage-operator
To get your access to Brew registry, you must email [email protected] w/ your email address and GPG key. You will receive an encrypted file which contains your password, use that as brew_reg_password
IIB - Index Image Builder is an api based platform used to add and remove operator bundles from index images, details here
To get the right IIB IDs, find the operator version from this link(takes longer to load) and navigate to index_image.txt
file to get the ID or navigate to cvp-test-report.html file and look for Index Image Location section.
Example file for SRIOV Operator 4.7 - here
All latest opertators possibly be available in same IIB build, in that case provide that ID to all operators in iib_id
.
To check included operator and version try this
$ podman login brew.registry.redhat.io --tls-verify=false
Username: |shared-qe-temp.zmns.153b77
Password: <YOUR BREW REG PASS>
Login Succeeded!
$ podman run --name indeximage --rm -p 50051:50051 brew.registry.redhat.io/rh-osbs/iib-pub-pending:26761
And GRPCURL it to find the available version,
$ grpcurl -plaintext -d '{"name":"sriov-network-operator"}' localhost:50051 api.Registry/GetPackage
{
"name": "sriov-network-operator",
"channels": [
{
"name": "4.6",
"csvName": "sriov-network-operator.4.6.0-202010311441.p0"
}
],
"defaultChannelName": "4.6"
}