From 7752ce4721d196357e2117ef2da62a21ee4c2c4b Mon Sep 17 00:00:00 2001 From: William Graef Date: Thu, 11 Jul 2024 14:08:39 -0400 Subject: [PATCH 1/8] add vlan full steps --- ocne/default_vars.yml | 1 + ocne/deploy_ocne_vlan.yml | 145 ++++++++++++++++++++++++++++++++++++++ 2 files changed, 146 insertions(+) diff --git a/ocne/default_vars.yml b/ocne/default_vars.yml index b396d14..c369e52 100644 --- a/ocne/default_vars.yml +++ b/ocne/default_vars.yml @@ -25,6 +25,7 @@ user_default_password: "oracle" debug_enabled: false ocne_type: quick use_ocne_full: false +use_vlan_full: false use_lb: false use_int_lb: false oci_ccm_bash: false diff --git a/ocne/deploy_ocne_vlan.yml b/ocne/deploy_ocne_vlan.yml index f3696b1..4e6369d 100644 --- a/ocne/deploy_ocne_vlan.yml +++ b/ocne/deploy_ocne_vlan.yml @@ -71,6 +71,7 @@ control_nodes: "{{ groups['controlplane'] | map('extract', hostvars, ['ansible_ens5', 'ipv4', 'address']) | join(',') }}" worker_nodes: "{{ groups['worker'] | map('extract', hostvars, ['ansible_ens5', 'ipv4', 'address']) | join(',') }}" all_nodes: "{{ operator_nodes + ',' + control_nodes + ',' + worker_nodes }}" + ocne_registry_location: 'container-registry.oracle.com/olcne' tasks: @@ -361,3 +362,147 @@ become: true become_user: "{{ username }}" when: not ocne_provision.stat.exists + + - name: Create environment using manual install method + when: + - use_vlan_full + - groups['controlplane'] | length < 2 + block: + - name: Create environment + ansible.builtin.shell: | + olcnectl environment create --api-server {{ operator_nodes }}:8091 --environment-name myenvironment --secret-manager-type file --update-config + args: + chdir: ~/ + become: true + become_user: "{{ username }}" + register: create_env + changed_when: create_env.rc == 0 + + - name: Create Kubernetes Module + ansible.builtin.shell: | + olcnectl module create --environment-name myenvironment --module kubernetes --name mycluster \ + --container-registry {{ ocne_registry_location }} \ + --control-plane-nodes {{ control_nodes }} \ + --worker-nodes {{ worker_nodes }} \ + --selinux enforcing \ + --restrict-service-externalip-ca-cert ~/certificates/restrict_external_ip/ca.cert \ + --restrict-service-externalip-tls-cert ~/certificates/restrict_external_ip/node.cert \ + --restrict-service-externalip-tls-key ~/certificates/restrict_external_ip/node.key + args: + chdir: ~/ + become: true + become_user: "{{ username }}" + register: create_kubernetes + changed_when: create_kubernetes.rc == 0 + + - name: Validate Kubernetes Module + ansible.builtin.shell: | + olcnectl module validate --environment-name myenvironment --name mycluster + args: + chdir: ~/ + become: true + become_user: "{{ username }}" + register: validate_kubernetes + changed_when: validate_kubernetes.rc == 0 + + - name: Install Kubernetes Module + ansible.builtin.shell: | + olcnectl module install --environment-name myenvironment --name mycluster + args: + chdir: ~/ + become: true + become_user: "{{ username }}" + register: install_kubernetes + changed_when: install_kubernetes.rc == 0 + + - name: Create environment with lb using manual install method + when: + - use_vlan_full + - use_lb_int + - groups['controlplane'] | length > 1 + block: + - name: Create environment + ansible.builtin.shell: | + olcnectl environment create --api-server {{ operator_nodes }}:8091 --environment-name myenvironment --secret-manager-type file --update-config + args: + chdir: ~/ + become: true + become_user: "{{ username }}" + register: create_env + changed_when: create_env.rc == 0 + + - name: Create Kubernetes Module + ansible.builtin.shell: | + olcnectl module create --environment-name myenvironment --module kubernetes --name mycluster \ + --container-registry {{ ocne_registry_location }} \ + --virtual-ip 10.0.12:111 \ + --control-plane-nodes {{ control_nodes }} \ + --worker-nodes {{ worker_nodes }} \ + --selinux enforcing \ + --restrict-service-externalip-ca-cert ~/certificates/restrict_external_ip/ca.cert \ + --restrict-service-externalip-tls-cert ~/certificates/restrict_external_ip/node.cert \ + --restrict-service-externalip-tls-key ~/certificates/restrict_external_ip/node.key + args: + chdir: ~/ + become: true + become_user: "{{ username }}" + register: create_kubernetes + changed_when: create_kubernetes.rc == 0 + + - name: Validate Kubernetes Module + ansible.builtin.shell: | + olcnectl module validate --environment-name myenvironment --name mycluster + args: + chdir: ~/ + become: true + become_user: "{{ username }}" + register: validate_kubernetes + changed_when: validate_kubernetes.rc == 0 + + - name: Install Kubernetes Module + ansible.builtin.shell: | + olcnectl module install --environment-name myenvironment --name mycluster + args: + chdir: ~/ + become: true + become_user: "{{ username }}" + register: install_kubernetes + changed_when: install_kubernetes.rc == 0 + + - name: Print kubernetes provision output + ansible.builtin.debug: + var: install_kubernetes + when: debug_enabled + + - name: Tag OCNE as provisioned + ansible.builtin.file: + path: ~/.ocne-provisioned + state: touch + mode: "0644" + become: true + become_user: "{{ username }}" + when: install_kubernetes.rc == 0 + + - name: Check if OCNE provisioned + ansible.builtin.stat: + path: ~/.ocne-provisioned + become: true + become_user: "{{ username }}" + register: ocne_provision + + - name: Save out ocne config + ansible.builtin.shell: | + olcnectl module instances --api-server "{{ operator_nodes }}":8091 --environment-name myenvironment --update-config + args: + chdir: ~/ + become: true + become_user: "{{ username }}" + when: ocne_provision + register: save_ocne_config + changed_when: save_ocne_config.rc == 0 + + - name: Provision kubectl + ansible.builtin.include_tasks: "provision_kubectl.yml" + when: + - ocne_provision.stat.exists + - ocne_type != 'none' From 81f76f042ef9b87b64b1f69636848a981db82962 Mon Sep 17 00:00:00 2001 From: William Graef Date: Thu, 11 Jul 2024 16:25:12 -0400 Subject: [PATCH 2/8] fix use_int_lb var --- ocne/deploy_ocne_vlan.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ocne/deploy_ocne_vlan.yml b/ocne/deploy_ocne_vlan.yml index 4e6369d..ef02083 100644 --- a/ocne/deploy_ocne_vlan.yml +++ b/ocne/deploy_ocne_vlan.yml @@ -418,7 +418,7 @@ - name: Create environment with lb using manual install method when: - use_vlan_full - - use_lb_int + - use_int_lb - groups['controlplane'] | length > 1 block: - name: Create environment From 22e6632f66a121741c3af873e4033f92e9fbf1ea Mon Sep 17 00:00:00 2001 From: William Graef Date: Thu, 11 Jul 2024 17:22:05 -0400 Subject: [PATCH 3/8] fix typo in vip ip address --- ocne/deploy_ocne_vlan.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ocne/deploy_ocne_vlan.yml b/ocne/deploy_ocne_vlan.yml index ef02083..ae3b65b 100644 --- a/ocne/deploy_ocne_vlan.yml +++ b/ocne/deploy_ocne_vlan.yml @@ -435,7 +435,7 @@ ansible.builtin.shell: | olcnectl module create --environment-name myenvironment --module kubernetes --name mycluster \ --container-registry {{ ocne_registry_location }} \ - --virtual-ip 10.0.12:111 \ + --virtual-ip 10.0.12.111 \ --control-plane-nodes {{ control_nodes }} \ --worker-nodes {{ worker_nodes }} \ --selinux enforcing \ From cfd688fb79f61615133281cfdfc1f5f5a4423cd0 Mon Sep 17 00:00:00 2001 From: William Graef Date: Thu, 11 Jul 2024 18:20:31 -0400 Subject: [PATCH 4/8] add port for cp and wrk nodes in k8s module --- ocne/deploy_ocne_vlan.yml | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/ocne/deploy_ocne_vlan.yml b/ocne/deploy_ocne_vlan.yml index ae3b65b..b10bf18 100644 --- a/ocne/deploy_ocne_vlan.yml +++ b/ocne/deploy_ocne_vlan.yml @@ -68,9 +68,11 @@ vars: operator_nodes: "{{ groups['operator'] | map('extract', hostvars, ['ansible_ens5', 'ipv4', 'address']) | join(',') }}" - control_nodes: "{{ groups['controlplane'] | map('extract', hostvars, ['ansible_ens5', 'ipv4', 'address']) | join(',') }}" - worker_nodes: "{{ groups['worker'] | map('extract', hostvars, ['ansible_ens5', 'ipv4', 'address']) | join(',') }}" - all_nodes: "{{ operator_nodes + ',' + control_nodes + ',' + worker_nodes }}" + cp_nodes: "{{ groups['controlplane'] | map('extract', hostvars, ['ansible_ens5', 'ipv4', 'address']) | join(',') }}" + wrk_nodes: "{{ groups['worker'] | map('extract', hostvars, ['ansible_ens5', 'ipv4', 'address']) | join(',') }}" + all_nodes: "{{ operator_nodes + ',' + cp_nodes + ',' + wrk_nodes }}" + control_nodes: "{{ groups['controlplane'] | map('extract', hostvars, ['ansible_ens5', 'ipv4', 'address']) | map('regex_replace', '^(.*)$', '\\1' + ':8090' ) | join(',') }}" + worker_nodes: "{{ groups['worker'] | map('extract', hostvars, ['ansible_ens5', 'ipv4', 'address']) | map('regex_replace', '^(.*)$', '\\1' + ':8090' ) | join(',') }}" ocne_registry_location: 'container-registry.oracle.com/olcne' tasks: From a7eeb56040ba74c2043d89424e598ea48751611b Mon Sep 17 00:00:00 2001 From: William Graef Date: Thu, 11 Jul 2024 20:08:03 -0400 Subject: [PATCH 5/8] fix int lb firewall for control plane --- ocne/deploy_ocne_vlan.yml | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/ocne/deploy_ocne_vlan.yml b/ocne/deploy_ocne_vlan.yml index b10bf18..aa4172a 100644 --- a/ocne/deploy_ocne_vlan.yml +++ b/ocne/deploy_ocne_vlan.yml @@ -165,7 +165,7 @@ delegate_to: "{{ item[0] }}" loop: "{{ groups['controlplane'] | product(['2379/tcp', '2380/tcp', '6443/tcp', '8090/tcp', '8472/udp', '10250/tcp', '10255/tcp', '10251/tcp', '10252/tcp']) | list }}" - - name: Add firewall rules for internal lb + - name: Add firewall rules for internal lb on control plane when: use_int_lb block: - name: Add internal lb firewall rule @@ -174,13 +174,15 @@ permanent: true state: enabled immediate: true - with_items: - - 6444/tcp + delegate_to: "{{ item[0] }}" + loop: "{{ groups['controlplane'] | product(['6444/tcp']) | list }}" - name: Add vrrp firewall rule ansible.builtin.shell: | firewall-cmd --add-protocol=vrrp --zone=public --permanent firewall-cmd --reload + delegate_to: "{{ item }}" + loop: "{{ groups['controlplane'] }}" register: vrrp_firewall changed_when: vrrp_firewall.rc == 0 From e50f4a5069bebc8b547e8566060d67ad783195e3 Mon Sep 17 00:00:00 2001 From: William Graef Date: Thu, 11 Jul 2024 20:52:13 -0400 Subject: [PATCH 6/8] fix int lb firewall rule --- ocne/deploy_ocne_vlan.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/ocne/deploy_ocne_vlan.yml b/ocne/deploy_ocne_vlan.yml index aa4172a..b4c45d8 100644 --- a/ocne/deploy_ocne_vlan.yml +++ b/ocne/deploy_ocne_vlan.yml @@ -170,19 +170,19 @@ block: - name: Add internal lb firewall rule ansible.posix.firewalld: - port: "{{ item }}" + port: "6444/tcp" permanent: true state: enabled immediate: true - delegate_to: "{{ item[0] }}" - loop: "{{ groups['controlplane'] | product(['6444/tcp']) | list }}" + delegate_to: "{{ item }}" + loop: "{{ groups['controlplane'] }}" - name: Add vrrp firewall rule ansible.builtin.shell: | firewall-cmd --add-protocol=vrrp --zone=public --permanent firewall-cmd --reload delegate_to: "{{ item }}" - loop: "{{ groups['controlplane'] }}" + loop: "{{ groups['controlplane'] }}" register: vrrp_firewall changed_when: vrrp_firewall.rc == 0 From f45c1776e2196a97c333fee3401874eb7466c71c Mon Sep 17 00:00:00 2001 From: William Graef Date: Fri, 12 Jul 2024 06:56:34 -0400 Subject: [PATCH 7/8] move provision check inside block --- ocne/deploy_ocne_vlan.yml | 38 ++++++++++++++++++++++++++------------ 1 file changed, 26 insertions(+), 12 deletions(-) diff --git a/ocne/deploy_ocne_vlan.yml b/ocne/deploy_ocne_vlan.yml index b4c45d8..fede4b5 100644 --- a/ocne/deploy_ocne_vlan.yml +++ b/ocne/deploy_ocne_vlan.yml @@ -419,6 +419,20 @@ register: install_kubernetes changed_when: install_kubernetes.rc == 0 + - name: Print kubernetes provision output + ansible.builtin.debug: + var: install_kubernetes + when: debug_enabled + + - name: Tag OCNE as provisioned + ansible.builtin.file: + path: ~/.ocne-provisioned + state: touch + mode: "0644" + become: true + become_user: "{{ username }}" + when: install_kubernetes.rc == 0 + - name: Create environment with lb using manual install method when: - use_vlan_full @@ -473,19 +487,19 @@ register: install_kubernetes changed_when: install_kubernetes.rc == 0 - - name: Print kubernetes provision output - ansible.builtin.debug: - var: install_kubernetes - when: debug_enabled + - name: Print kubernetes provision output + ansible.builtin.debug: + var: install_kubernetes + when: debug_enabled - - name: Tag OCNE as provisioned - ansible.builtin.file: - path: ~/.ocne-provisioned - state: touch - mode: "0644" - become: true - become_user: "{{ username }}" - when: install_kubernetes.rc == 0 + - name: Tag OCNE as provisioned + ansible.builtin.file: + path: ~/.ocne-provisioned + state: touch + mode: "0644" + become: true + become_user: "{{ username }}" + when: install_kubernetes.rc == 0 - name: Check if OCNE provisioned ansible.builtin.stat: From 7da78d6ba71f18f16a9f68993736caa4d31fe4c1 Mon Sep 17 00:00:00 2001 From: William Graef Date: Fri, 12 Jul 2024 21:17:56 -0400 Subject: [PATCH 8/8] add conditional for vlan in oci vars --- ocne/templates/oci_vars.j2 | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/ocne/templates/oci_vars.j2 b/ocne/templates/oci_vars.j2 index 99b13b3..09ffb29 100644 --- a/ocne/templates/oci_vars.j2 +++ b/ocne/templates/oci_vars.j2 @@ -8,4 +8,6 @@ my_compartment_id: {{ my_compartment_id }} my_vcn_id: {{ my_vcn_id }} my_subnet_id: {{ my_subnet_id }} my_subnet_domain_name: {{ my_subnet_domain_name }} -my_vlan_id: {{ my_vlan_id }} \ No newline at end of file +{% if use_vlan %} +my_vlan_id: {{ my_vlan_id }} +{% endif %} \ No newline at end of file