OpenShift Disconnected Installs – Part 5
We have reached the final entry in this opening blog series. What we are going to be covering this time is my Ansible playbook to automate the install of an OpenShift cluster onto VMWare via the IPI install method as either an online (connected) or offline (disconnected) install. To start, you will need to clone my github repo which is available here.
There are a couple assumptions this playbook makes:
- You have a service account with the proper permissions for vCenter saved in a vault file
- You have trusted the vCenter certs on your bastion (jump) host
- You have created the two static DNS records that an IPI OpenShift install requires
- You have the openshift-install command line on your bastion (jump) host
Once you have cloned the repo, we can move into what you need to do to make it usable. First you need an inventory file that defines the static items for your deployment. The static items you need to define in the inventory are:
- The public key for the ssh key you are using to access your nodes via ssh
- The vCenter you are deploying into
- The datastore you are using
- The datacenter you are using
- The cluster you are deploying to
- The disktype you are using (if you aren’t using thin)
- The number of worker nodes you are wanting to deploy
- CPU and Memory allocations for the control plane and worker nodes
With the static items out of the way, now let’s cover the variables and how to actually run the playbook. The command to run the playbook is:
ansible-playbook playbooks/deploy-cluster.yaml \
-i <inventory file> \
-e cluster_name=<cluster name> \
-e '@./ocp_automation_vault.yaml' \
-e env=<environment> \
-e base_domain=<base domain> \
-e install_type=<install type> \
-e api_vip=<api vip> \
-e ingress_vip=<ingress vip> \
-e network=<network> \
-vvv \
--ask-vault-pass \
--ask-become-pass
You’ll notice in that command there are several variables. I will define what each one of them are for:
- <inventory file> is the name of the file that contains your inventory
- <cluster name> is what you want to name your cluster
- ocp_automation_vault is the name of the vault file that has all of your sensitive items stored in it under specific variable names
- vsphereuname – The username of the service account you are using to communicate with vSphere
- vspherepw – The password for the service account you are using to communicate with vSphere
- pullsecret – Your RedHat pull secret
- pullsecret_offline – Your base64 encoded username and password for your offline mirrored repository (Sonatype Nexus in my case)
- <env> is what environment you are deploying into (dev|tst|qal|prd)
- <base_domain> is the DNS domain you are deploying into (dev.company.com)
- <install type> is the type of install you are doing (online|offline)
- <api vip> is the IP address of your API endpoint
- <ingress vip> is the IP address of your wildcard DNS record
- <network> is the network you are deploying openshift into
The final 3 items in the ansible-playbook command are to make sure you get the return data that shows the console address and kubeadmin password, to prompt for the vault password, and to prompt for your password for sudo rights to install the required python module on your bastion (jump) host.
Once you start this playbook running, it is going to go out and build your new OpenShift cluster on your selected vCenter. So be patient, have a nice relaxing beverage, and let it run. Once it is finished you will have a brand new OpenShift cluster up and running. And you will have a slightly more Elegant Mess.