Add OpenShift 3.11 pre-deployment preparation script (ocp-prep)

ocp-prep/ansible.cfg

@@ -0,0 +1,4 @@
+[defaults]
+ansible_ssh_user = 
+become_user = root
+ansible_become = true

ocp-prep/files/adv-audit.yaml

@@ -0,0 +1,29 @@
+apiVersion: audit.k8s.io/v1beta1
+kind: Policy
+rules:
+
+  # Do not log node communications or from system service accounts
+  - level: None
+    userGroups: ["system:nodes", "system:serviceaccounts"]
+    resources:
+
+  # Do not log from kub-system accounts
+  - level: None
+    users:
+    - system:apiserver
+    - system:kube-scheduler
+    - system:volume-scheduler
+    - system:kube-controller-manager
+    - system:node
+    - system:openshift-master
+
+  # Do not log these read-only URLs
+  - level: None
+    nonResourceURLs:
+    - /healthz*
+    - /version
+    - /swagger*
+
+  # A catch-all rule to log all other requests at the metadata level
+  - level: Metadata
+

ocp-prep/inventories/development/group_vars/all.yml

@@ -0,0 +1,57 @@
+##SSH configuration ##
+copy_ssh_keys: false
+ansible_ssh_user: <username>
+ssh_key_size: 2048
+
+
+## Satellite configuration ##
+# Register nodes to satellite
+rhsm_register: true
+rhsm_server_hostname: "satsrv.example.com"
+# Enable/Disable gpgcheck
+disable_pkg_authenticity_verification: yes
+rhsm_org_id: "<org_id>"
+rhsm_activation_key: "<activation_key>"
+rhsm_force_register: false
+
+
+## Package installation
+package_install: true
+
+
+## Prepare OCP cluster and configs for deployment in FIPS enabled environment
+update_ocp_for_fips_env: true
+
+
+## OCP storage configuration
+##### BE CAREFUL!! ######
+##### Setting below value to "True" WILL WIPE whatever drives are specified in the subsequent variables, assuming you answer "yes" to both confirmation prompts!! #####
+configure_ocp_storage: true
+# Physical volume on which to create the sysvg volume group and the logical volumes/filesystems created therein
+sysvg_pv: "/dev/sda3"
+# Disk that will be used for docker storage on all nodes (typically "/dev/sdb" though this may be different in your environment)
+docker_storage_disk: "/dev/sdb"
+# Disk that will be used for gluster storage on storage nodes
+gluster_storage_disks:
+- /dev/sdc
+#- /dev/sdd
+# Size of ETCD logical volume created on all "etcd" nodes
+etcd_lv_size: 10G
+# Size of ORIGIN logical volume created on all nodes EXCEPT etcd nodes
+node_origin_lv_size: 50G
+# Size of ORIGIN logical volume created on all ETCD nodes
+etcd_origin_lv_size: 25G
+
+
+## Setup docker storage
+configure_docker_storage: true
+
+
+## Configure rsyslog for OCP advanced auditing
+configure_rsyslog: true
+
+
+## Generate Username/Password hash and add to (and create) local htpasswd file to be referenced by OpenShift deployment process
+configure_htpasswd: false
+# Path/Filename of OCP inventory file
+ocp_inventory_file: '/<parent_dir>/ocp-prep/inventories/<inventory_subdir>/hosts'

ocp-prep/inventories/production/group_vars/all.yml

@@ -0,0 +1,57 @@
+##SSH configuration ##
+copy_ssh_keys: false
+ansible_ssh_user: <username>
+ssh_key_size: 2048
+
+
+## Satellite configuration ##
+# Register nodes to satellite
+rhsm_register: true
+rhsm_server_hostname: "satsrv.example.com"
+# Enable/Disable gpgcheck
+disable_pkg_authenticity_verification: yes
+rhsm_org_id: "<org_id>"
+rhsm_activation_key: "<activation_key>"
+rhsm_force_register: false
+
+
+## Package installation
+package_install: true
+
+
+## Prepare OCP cluster and configs for deployment in FIPS enabled environment
+update_ocp_for_fips_env: true
+
+
+## OCP storage configuration
+##### BE CAREFUL!! ######
+##### Setting below value to "True" WILL WIPE whatever drives are specified in the subsequent variables, assuming you answer "yes" to both confirmation prompts!! #####
+configure_ocp_storage: true
+# Physical volume on which to create the sysvg volume group and the logical volumes/filesystems created therein
+sysvg_pv: "/dev/sda3"
+# Disk that will be used for docker storage on all nodes (typically "/dev/sdb" though this may be different in your environment)
+docker_storage_disk: "/dev/sdb"
+# Disk that will be used for gluster storage on storage nodes
+gluster_storage_disks:
+- /dev/sdc
+#- /dev/sdd
+# Size of ETCD logical volume created on all "etcd" nodes
+etcd_lv_size: 10G
+# Size of ORIGIN logical volume created on all nodes EXCEPT etcd nodes
+node_origin_lv_size: 50G
+# Size of ORIGIN logical volume created on all ETCD nodes
+etcd_origin_lv_size: 25G
+
+
+## Setup docker storage
+configure_docker_storage: true
+
+
+## Configure rsyslog for OCP advanced auditing
+configure_rsyslog: true
+
+
+## Generate Username/Password hash and add to (and create) local htpasswd file to be referenced by OpenShift deployment process
+configure_htpasswd: false
+# Path/Filename of OCP inventory file
+ocp_inventory_file: '/<parent_dir>/ocp-prep/inventories/<inventory_subdir>/hosts'

ocp-prep/inventories/sbx/group_vars/all.yml

@@ -0,0 +1,57 @@
+##SSH configuration ##
+copy_ssh_keys: false
+ansible_ssh_user: <username>
+ssh_key_size: 2048
+
+
+## Satellite configuration ##
+# Register nodes to satellite
+rhsm_register: true
+rhsm_server_hostname: "satsrv.example.com"
+# Enable/Disable gpgcheck
+disable_pkg_authenticity_verification: yes
+rhsm_org_id: "<org_id>"
+rhsm_activation_key: "<activation_key>"
+rhsm_force_register: false
+
+
+## Package installation
+package_install: true
+
+
+## Prepare OCP cluster and configs for deployment in FIPS enabled environment
+update_ocp_for_fips_env: true
+
+
+## OCP storage configuration
+##### BE CAREFUL!! ######
+##### Setting below value to "True" WILL WIPE whatever drives are specified in the subsequent variables, assuming you answer "yes" to both confirmation prompts!! #####
+configure_ocp_storage: true
+# Physical volume on which to create the sysvg volume group and the logical volumes/filesystems created therein
+sysvg_pv: "/dev/sda3"
+# Disk that will be used for docker storage on all nodes (typically "/dev/sdb" though this may be different in your environment)
+docker_storage_disk: "/dev/sdb"
+# Disk that will be used for gluster storage on storage nodes
+gluster_storage_disks:
+- /dev/sdc
+#- /dev/sdd
+# Size of ETCD logical volume created on all "etcd" nodes
+etcd_lv_size: 10G
+# Size of ORIGIN logical volume created on all nodes EXCEPT etcd nodes
+node_origin_lv_size: 50G
+# Size of ORIGIN logical volume created on all ETCD nodes
+etcd_origin_lv_size: 25G
+
+
+## Setup docker storage
+configure_docker_storage: true
+
+
+## Configure rsyslog for OCP advanced auditing
+configure_rsyslog: true
+
+
+## Generate Username/Password hash and add to (and create) local htpasswd file to be referenced by OpenShift deployment process
+configure_htpasswd: false
+# Path/Filename of OCP inventory file
+ocp_inventory_file: '/<parent_dir>/ocp-prep/inventories/<inventory_subdir>/hosts'

ocp-prep/playbooks/FIPS_env_preparation/main.yml

@@ -0,0 +1,10 @@
+---
+
+- name: Prepare for OCP deploy in FIPS environment
+  hosts: nodes
+  roles:
+  - role: FIPS_env_preparation
+    when:
+    - update_ocp_for_fips_env|default(false)
+  tags:
+  - fips_env

ocp-prep/playbooks/FIPS_env_preparation/roles

@@ -0,0 +1 @@
+../../roles/

ocp-prep/playbooks/configure_docker_storage/main.yml

@@ -0,0 +1,10 @@
+---
+
+- name: Configure Docker storage
+  hosts: nodes
+  roles:
+  - role: configure_docker_storage
+    when:
+    - configure_docker_storage|default(false)
+  tags:
+  - docker_storage_config

ocp-prep/playbooks/configure_docker_storage/roles

@@ -0,0 +1 @@
+../../roles/

ocp-prep/playbooks/configure_htpasswd/main.yml

@@ -0,0 +1,28 @@
+---
+
+- name: Generate htpasswd username/password - Prompt
+  gather_facts: false
+  hosts: localhost
+  tags:
+  - configure_htpasswd
+  tasks:
+
+  - name: Username prompt
+    pause:
+      prompt: "Please enter your htpasswd username(s) (comma separated)"
+      echo: true
+    register: username
+    when: configure_htpasswd|default(false)
+
+  - name: Password prompt
+    pause:
+      prompt: "Please enter your htpasswd password for user {{ item }}"
+      echo: false
+    register: passwords
+    with_items: "{{ username.user_input.split(',') }}"
+    when: configure_htpasswd|default(false)
+
+  - name: Create and configure local htpasswd file
+    include_role:
+      name: configure_htpasswd
+    when: configure_htpasswd|default(false)

ocp-prep/playbooks/configure_htpasswd/roles

@@ -0,0 +1 @@
+../../roles/

ocp-prep/playbooks/configure_ocp_storage/main.yml

@@ -0,0 +1,42 @@
+---
+
+- name: Prepare storage for OCP installation - Prompt
+  gather_facts: false
+  hosts: localhost
+  tags:
+  - configure_ocp_storage
+  tasks:
+
+  - name: Confirm storage wipe
+    pause:
+      prompt: "Do you want to wipe the Docker and Gluster storage partitions? (yes/no)"
+    register: wipe_prompt
+    when: configure_ocp_storage|default(false)
+
+  - name: Re-confirm storage wipe
+    pause:
+      prompt: "Please confirm that you want to wipe the Docker and Gluster storage partitions - NOTE: this WILL delete the existing data on these partitions and can NOT be undone!! (yes/no)"
+    register: confirm_prompt
+    when: configure_ocp_storage|default(false) and hostvars['localhost'].wipe_prompt.user_input | bool
+
+  - debug: msg="Storage will NOT be wiped"
+    when: 
+    - configure_ocp_storage|default(false)
+    - not hostvars['localhost'].wipe_prompt.user_input | bool or not hostvars['localhost'].confirm_prompt.user_input | bool
+
+- name: Prepare storage for OCP installation
+  hosts: nodes,etcd,storage
+  tags:
+  - configure_ocp_storage
+  tasks:
+
+  - name: Wipe storage partitions
+    include_role:
+      name: configure_ocp_storage
+      tasks_from: wipe_storage.yml
+    when: configure_ocp_storage|default(false) and hostvars['localhost'].wipe_prompt.user_input | bool and hostvars['localhost'].confirm_prompt.user_input | bool
+
+  - name: Configure storage
+    include_role:
+      name: configure_ocp_storage
+    when: configure_ocp_storage|default(false)

ocp-prep/playbooks/configure_ocp_storage/roles

@@ -0,0 +1 @@
+../../roles/

ocp-prep/playbooks/configure_rsyslog/main.yml

@@ -0,0 +1,10 @@
+---
+
+- name: Configure rsyslog for ocp advanced auditing
+  hosts: masters
+  roles:
+  - role: configure_rsyslog
+    when:
+    - configure_rsyslog|default(false)
+  tags:
+  - rsyslog

ocp-prep/playbooks/configure_rsyslog/roles

@@ -0,0 +1 @@
+../../roles/

ocp-prep/playbooks/configure_satellite/main.yml

@@ -0,0 +1,10 @@
+---
+
+- name: Configure satellite
+  hosts: nodes
+  roles:
+  - role: configure_satellite
+    when:
+    - rhsm_register|default(false)
+  tags:
+  - configure_rhsm

ocp-prep/playbooks/configure_satellite/roles

@@ -0,0 +1 @@
+../../roles/

ocp-prep/playbooks/configure_ssh/main.yml

@@ -0,0 +1,10 @@
+---
+
+- name: Generate and Distribute SSH keys
+  hosts: nodes
+  roles:
+  - role: configure_ssh
+    when:
+    - copy_ssh_keys|default(false)
+  tags:
+  - configure_ssh

ocp-prep/playbooks/configure_ssh/roles

@@ -0,0 +1 @@
+../../roles/

ocp-prep/playbooks/openshift_deploy_prep.yml

@@ -0,0 +1,17 @@
+---
+
+- import_playbook: configure_ssh/main.yml
+
+- import_playbook: configure_satellite/main.yml
+
+- import_playbook: package_install/main.yml
+
+- import_playbook: FIPS_env_preparation/main.yml
+
+- import_playbook: configure_ocp_storage/main.yml
+
+- import_playbook: configure_docker_storage/main.yml
+
+- import_playbook: configure_rsyslog/main.yml
+
+- import_playbook: configure_htpasswd/main.yml

ocp-prep/playbooks/package_install/main.yml

@@ -0,0 +1,10 @@
+---
+
+- name: Ensure required packages are installed
+  hosts: nodes
+  roles:
+  - role: package_install
+    when:
+    - package_install|default(false)
+  tags:
+  - package_install

ocp-prep/playbooks/package_install/roles

@@ -0,0 +1 @@
+../../roles/