Skip to content

Instantly share code, notes, and snippets.

@rgolangh

rgolangh/create-bastion-machine-downstream.yaml

Last active March 7, 2019 14:45
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save rgolangh/445ed2cf9e2ca4c321a0e44b6638009c to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save rgolangh/445ed2cf9e2ca4c321a0e44b6638009c to your computer and use it in GitHub Desktop.
Download ZIP
ovirt and okd additional playbooks and vars
Raw
create-bastion-machine-downstream.yaml
---
# use a vault with engine_pass rhsub_pass and so on
- name: Create a bastion machine
hosts: localhost
connection: local
gather_facts: false
vars:
engine_url: https://ovirt-engine-fqdn/ovirt-engine/api
engine_user: admin@internal
engine_cafile:
qcow_url: your-url-from-the-link at the customer portal
template_cluster: Default
template_name: rhelguest76
template_memory: 4GiB
template_cpu: 2
wait_for_ip: True
vms:
- name: rhel-bastion
cluster: Default
profile:
cores: 2
template: "{{ template_name }}"
root_password: admin
ssh_key: "{{ lookup('file', '~/.ssh/id_rsa.pub') }}"
state: running
cloud_init:
custom_script: |
rh_subscription:
username: "{{ rhsub_user }}"
password: "{{ rhsub_pass }}"
auto-attach: True
add-pool: "{{ rhsub_pool }}"
enable-repo: ['rhel-7-server-rpms', 'rhel-7-server-extras-rpms', 'rhel-7-server-ansible-2.7-rpms', 'rhel-7-server-ose-3.11-rpms', 'rhel-7-server-supplementary-rpms', 'rhel-7-server-rhv-4.2-manager-rpms']
packages:
- ansible
- ovirt-ansible-roles
- openshift-ansible
- python-ovirt-engine-sdk4
roles:
- oVirt.image-template
- oVirt.vm-infra
- name: post installation tasks on the bastion machine
hosts: rhel-bastion
tasks:
- name: create ovirt-engine pki dir
file:
state: directory
dest: /etc/pki/ovirt-engine/
- name: Copy the engine ca cert to the bastion machine
copy:
src: /home/rgolan/deploy/engine43/etc/pki/ovirt-engine/ca.pem
dest: /etc/pki/ovirt-engine/ca.pem
- name: Copy the secured vars to the bastion machine
copy:
src: vault.yaml
dest: secure_vars.yam
decrypt: False
Raw
create-bastion-machine-upstream.yaml
---
- name: Create a bastion machine
hosts: localhost
connection: local
gather_facts: false
vars:
qcow_url: https://cloud.centos.org/centos/7/images/CentOS-7-x86_64-GenericCloud.qcow2c
template_cluster: Default
template_name: centos7
template_memory: 4GiB
template_cpu: 2
wait_for_ip: True
vms:
- name: centos-bastion
cluster: Default
profile:
template: "{{ template_name }}"
root_password: admin
ssh_key: "{{ lookup('file', '~/.ssh/id_rsa.pub') }}"
cores: 2
state: running
cloud_init:
custom_script: |
yum_repos:
centos-ovirt42:
baseurl: http://mirror.centos.org/centos/7/virt/x86_64/ovirt-4.2
enabled: true
gpgcheck: false
name: centosovirt42
packages:
- ovirt-guest-agent
- epel-release
- centos-release-openshift-origin311
runcmd:
- systemctl enable ovirt-guest-agent
- systemctl start ovirt-guest-agent
roles:
- oVirt.image-template
- oVirt.vm-infra
- name: post install
hosts: centos-bastion
tasks:
- name: install ovirt repo
package:
name: https://resources.ovirt.org/pub/yum-repo/ovirt-release42.rpm
- name: install install packages
package:
name: "{{ item }}"
with_list:
- python-ovirt-engine-sdk4
- ovirt-ansible-roles
- openshift-ansible
Raw
metrics-downstream-vars.yaml
---
engine_url:
engine_user: admin@internal
engine_password: CHANGEME
engine_cafile:
engine_insecure: True
public_hosted_zone: CHANEME.COM
openshift_ovirt_vm_manifest:
- name: 'master'
count: 1
profile: 'master_vm'
- name: 'node'
count: 0
profile: 'node_vm'
- name: 'lb'
count: 0
profile: 'node_vm'
openshift_ovirt_cluster: Default
openshift_ovirt_data_store: hosted_storage
openshift_ovirt_ssh_key: CHANGEME
openshift_logging_mux_namespaces:
# replace the 'engine' suffix with your ovirt_env_name value if you change ovirt_env_name under the config.yaml of the metric store.
# see this - https://github.com/oVirt/ovirt-engine-metrics/blob/059397bee0f6cec84bd75a881b7f689404f3603e/etc/config.yml.example#L13
- ovirt-metrics-engine
- ovirt-logs-engine
image_path: /var/tmp
template_name: rhelguest76
template_cluster: Default
template_memory: 4GiB
template_cpu: 1
template_disk_storage: hosted_storage
template_disk_size: 10GiB
template_nics:
- name: nic1
profile_name: ovirtmgmt
interface: virtio
debug_vm_create: true
wait_for_ip: true
vm_infra_wait_for_ip_retries: 30
vm_infra_wait_for_ip_delay: 20
openshift_ovirt_vm_profile:
master_vm:
cluster: Default
template: rhelguest76
memory: 10GiB
cores: 2
high_availability: true
disks:
- size: 10GiB
storage_domain: hosted_storage
name: docker_disk
interface: virtio
- size: 30GiB
storage_domain: hosted_storage
name: elasticsearch_disk
interface: virtio
state: running
cloud_init:
root_password: CHANGEME
authorized_ssh_keys: CHANGEME
custom_script: "{{ cloud_init_script_master }}"
cloud_init_script_master: |
rh_subscription:
username: CHANGEME
password: CHANGEME
add-pool: ['CHANGEME']
enable-repo: ['rhel-7-server-rpms', 'rhel-7-server-extras-rpms', 'rhel-7-server-ansible-2-rpms', 'rhel-7-server-ose-3.11-rpms']
packages:
- ansible
- openshift-ansible
runcmd:
- sed -i 's/# ignored_nics =.*/ignored_nics = docker0, tun0 /' etc/ovirt-guest-agent.conf
- systemctl enable ovirt-guest-agent
- systemctl start ovirt-guest-agent
- mkdir -p /var/lib/docker
- /usr/sbin/mkfs.xfs -L dockervo /dev/vdb
- mkdir -p /var/lib/elasticsearch
- /usr/sbin/mkfs.xfs -L elasticvo /dev/vdc
- chgrp 65534 /var/lib/elasticsearch
- semanage fcontext -a -t container_file_t '/var/lib/elasticsearch(/.*)?'
- restorecon -R -v /var/lib/elasticsearch
mounts:
- [ '/dev/vdb', '/var/lib/docker', 'xfs', 'defaults,gquota' ]
- [ '/dev/vdc', '/var/lib/elasticsearch', 'xfs', 'defaults,gquota' ]
power_state:
mode: reboot
message: cloud init finished - boot and install openshift
condition: True
Raw
metrics-vars.yaml
---
engine_url: https://ovirt-engine-fqdn/ovirt-engine/api
engine_user: admin@internal
engine_password: 123
engine_insecure: true
engine_cafile:
openshift_ovirt_vm_profile:
master_vm:
cluster: "{{ openshift_ovirt_cluster }}"
template: "{{ template_name }}"
memory: "{{ vm_memory | default('10GiB') }}"
cores: "{{ vm_cores | default(2) }}"
high_availability: true
disks:
- size: 10GiB
storage_domain: "{{ openshift_ovirt_data_store }}"
name: docker_disk
interface: virtio
- size: 20GiB
storage_domain: "{{ openshift_ovirt_data_store }}"
name: elasticsearch_disk
interface: virtio
state: running
cloud_init:
root_password: admin
authorized_ssh_keys: "{{ openshift_ovirt_ssh_key }}"
custom_script: "{{ cloud_init_script_master }}"
# Metrics specific cloud init script
cloud_init_script_master: |
yum_repos:
centos-ovirt42:
baseurl: http://mirror.centos.org/centos/7/virt/x86_64/ovirt-4.2
enabled: true
gpgcheck: false
packages:
- ovirt-guest-agent
- epel-release
- centos-release-openshift-origin311
runcmd:
- sed -i 's/# ignored_nics =.*/ignored_nics = docker0, tun0 /' /etc/ovirt-guest-agent.conf
- systemctl enable ovirt-guest-agent
- systemctl start ovirt-guest-agent
- mkdir -p /var/lib/docker
- /usr/sbin/mkfs.xfs -L dockervo /dev/vdb
- mkdir -p /var/lib/elasticsearch
- /usr/sbin/mkfs.xfs -L elasticvo /dev/vdc
- chgrp 65534 /var/lib/elasticsearch
- semanage fcontext -a -t container_file_t "/var/lib/elasticsearch(/.*)?"
- restorecon -R -v /var/lib/elasticsearch
mounts:
- [ '/dev/vdb', '/var/lib/docker', 'xfs', 'defaults,gquota' ]
- [ '/dev/vdc', '/var/lib/elasticsearch', 'xfs', 'defaults,gquota' ]
power_state:
mode: reboot
message: cloud init finished - boot and install openshift
condition: True
# Metrics static host storage - In the future we should use ovirt flex/csi storage provisioner
openshift_logging_es_nodeselector: {'node-role.kubernetes.io/infra': 'true'}
openshift_logging_install_logging: True
openshift_logging_es_allow_external: True
openshift_logging_mux_file_buffer_storage_type: hostmount
openshift_logging_elasticsearch_storage_type: hostmount
openshift_logging_elasticsearch_hostmount_path: /var/lib/elasticsearch
openshift_logging_mux_namespaces:
- ovirt-metrics-engine
- ovirt-logs-engine
...
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment