Skip to content

Commit

Permalink
add full deployment using vlan and internal lb
Browse files Browse the repository at this point in the history
  • Loading branch information
@bgraef
bgraef committed Jul 13, 2024
2 parents 4d0d0b4 + 7da78d6 commit ec4d9dd
Show file tree
Hide file tree
Showing 2 changed files with 171 additions and 7 deletions.
1 change: 1 addition & 0 deletions ocne/default_vars.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,7 @@ user_default_password: "oracle"
debug_enabled: false
ocne_type: quick
use_ocne_full: false
use_vlan_full: false
use_lb: false
use_int_lb: false
oci_ccm_bash: false
Expand Down
177 changes: 170 additions & 7 deletions ocne/deploy_ocne_vlan.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -68,9 +68,12 @@

vars:
operator_nodes: "{{ groups['operator'] | map('extract', hostvars, ['ansible_ens5', 'ipv4', 'address']) | join(',') }}"
control_nodes: "{{ groups['controlplane'] | map('extract', hostvars, ['ansible_ens5', 'ipv4', 'address']) | join(',') }}"
worker_nodes: "{{ groups['worker'] | map('extract', hostvars, ['ansible_ens5', 'ipv4', 'address']) | join(',') }}"
all_nodes: "{{ operator_nodes + ',' + control_nodes + ',' + worker_nodes }}"
cp_nodes: "{{ groups['controlplane'] | map('extract', hostvars, ['ansible_ens5', 'ipv4', 'address']) | join(',') }}"
wrk_nodes: "{{ groups['worker'] | map('extract', hostvars, ['ansible_ens5', 'ipv4', 'address']) | join(',') }}"
all_nodes: "{{ operator_nodes + ',' + cp_nodes + ',' + wrk_nodes }}"
control_nodes: "{{ groups['controlplane'] | map('extract', hostvars, ['ansible_ens5', 'ipv4', 'address']) | map('regex_replace', '^(.*)$', '\\1' + ':8090' ) | join(',') }}"
worker_nodes: "{{ groups['worker'] | map('extract', hostvars, ['ansible_ens5', 'ipv4', 'address']) | map('regex_replace', '^(.*)$', '\\1' + ':8090' ) | join(',') }}"
ocne_registry_location: 'container-registry.oracle.com/olcne'

tasks:

Expand Down Expand Up @@ -162,22 +165,24 @@
delegate_to: "{{ item[0] }}"
loop: "{{ groups['controlplane'] | product(['2379/tcp', '2380/tcp', '6443/tcp', '8090/tcp', '8472/udp', '10250/tcp', '10255/tcp', '10251/tcp', '10252/tcp']) | list }}"

- name: Add firewall rules for internal lb
- name: Add firewall rules for internal lb on control plane
when: use_int_lb
block:
- name: Add internal lb firewall rule
ansible.posix.firewalld:
port: "{{ item }}"
port: "6444/tcp"
permanent: true
state: enabled
immediate: true
with_items:
- 6444/tcp
delegate_to: "{{ item }}"
loop: "{{ groups['controlplane'] }}"

- name: Add vrrp firewall rule
ansible.builtin.shell: |
firewall-cmd --add-protocol=vrrp --zone=public --permanent
firewall-cmd --reload
delegate_to: "{{ item }}"
loop: "{{ groups['controlplane'] }}"
register: vrrp_firewall
changed_when: vrrp_firewall.rc == 0

Expand Down Expand Up @@ -361,3 +366,161 @@
become: true
become_user: "{{ username }}"
when: not ocne_provision.stat.exists

- name: Create environment using manual install method
when:
- use_vlan_full
- groups['controlplane'] | length < 2
block:
- name: Create environment
ansible.builtin.shell: |
olcnectl environment create --api-server {{ operator_nodes }}:8091 --environment-name myenvironment --secret-manager-type file --update-config
args:
chdir: ~/
become: true
become_user: "{{ username }}"
register: create_env
changed_when: create_env.rc == 0

- name: Create Kubernetes Module
ansible.builtin.shell: |
olcnectl module create --environment-name myenvironment --module kubernetes --name mycluster \
--container-registry {{ ocne_registry_location }} \
--control-plane-nodes {{ control_nodes }} \
--worker-nodes {{ worker_nodes }} \
--selinux enforcing \
--restrict-service-externalip-ca-cert ~/certificates/restrict_external_ip/ca.cert \
--restrict-service-externalip-tls-cert ~/certificates/restrict_external_ip/node.cert \
--restrict-service-externalip-tls-key ~/certificates/restrict_external_ip/node.key
args:
chdir: ~/
become: true
become_user: "{{ username }}"
register: create_kubernetes
changed_when: create_kubernetes.rc == 0

- name: Validate Kubernetes Module
ansible.builtin.shell: |
olcnectl module validate --environment-name myenvironment --name mycluster
args:
chdir: ~/
become: true
become_user: "{{ username }}"
register: validate_kubernetes
changed_when: validate_kubernetes.rc == 0

- name: Install Kubernetes Module
ansible.builtin.shell: |
olcnectl module install --environment-name myenvironment --name mycluster
args:
chdir: ~/
become: true
become_user: "{{ username }}"
register: install_kubernetes
changed_when: install_kubernetes.rc == 0

- name: Print kubernetes provision output
ansible.builtin.debug:
var: install_kubernetes
when: debug_enabled

- name: Tag OCNE as provisioned
ansible.builtin.file:
path: ~/.ocne-provisioned
state: touch
mode: "0644"
become: true
become_user: "{{ username }}"
when: install_kubernetes.rc == 0

- name: Create environment with lb using manual install method
when:
- use_vlan_full
- use_int_lb
- groups['controlplane'] | length > 1
block:
- name: Create environment
ansible.builtin.shell: |
olcnectl environment create --api-server {{ operator_nodes }}:8091 --environment-name myenvironment --secret-manager-type file --update-config
args:
chdir: ~/
become: true
become_user: "{{ username }}"
register: create_env
changed_when: create_env.rc == 0

- name: Create Kubernetes Module
ansible.builtin.shell: |
olcnectl module create --environment-name myenvironment --module kubernetes --name mycluster \
--container-registry {{ ocne_registry_location }} \
--virtual-ip 10.0.12.111 \
--control-plane-nodes {{ control_nodes }} \
--worker-nodes {{ worker_nodes }} \
--selinux enforcing \
--restrict-service-externalip-ca-cert ~/certificates/restrict_external_ip/ca.cert \
--restrict-service-externalip-tls-cert ~/certificates/restrict_external_ip/node.cert \
--restrict-service-externalip-tls-key ~/certificates/restrict_external_ip/node.key
args:
chdir: ~/
become: true
become_user: "{{ username }}"
register: create_kubernetes
changed_when: create_kubernetes.rc == 0

- name: Validate Kubernetes Module
ansible.builtin.shell: |
olcnectl module validate --environment-name myenvironment --name mycluster
args:
chdir: ~/
become: true
become_user: "{{ username }}"
register: validate_kubernetes
changed_when: validate_kubernetes.rc == 0

- name: Install Kubernetes Module
ansible.builtin.shell: |
olcnectl module install --environment-name myenvironment --name mycluster
args:
chdir: ~/
become: true
become_user: "{{ username }}"
register: install_kubernetes
changed_when: install_kubernetes.rc == 0

- name: Print kubernetes provision output
ansible.builtin.debug:
var: install_kubernetes
when: debug_enabled

- name: Tag OCNE as provisioned
ansible.builtin.file:
path: ~/.ocne-provisioned
state: touch
mode: "0644"
become: true
become_user: "{{ username }}"
when: install_kubernetes.rc == 0

- name: Check if OCNE provisioned
ansible.builtin.stat:
path: ~/.ocne-provisioned
become: true
become_user: "{{ username }}"
register: ocne_provision

- name: Save out ocne config
ansible.builtin.shell: |
olcnectl module instances --api-server "{{ operator_nodes }}":8091 --environment-name myenvironment --update-config
args:
chdir: ~/
become: true
become_user: "{{ username }}"
when: ocne_provision
register: save_ocne_config
changed_when: save_ocne_config.rc == 0

- name: Provision kubectl
ansible.builtin.include_tasks: "provision_kubectl.yml"
when:
- ocne_provision.stat.exists
- ocne_type != 'none'

0 comments on commit ec4d9dd

Please sign in to comment.