This repository provides automation for deploying the following components:
- a hub cluster using Agent Based Install
- spokes using ZTP
Kcli is leveraged to deploy a plan which creates an "installer vm" to drive deployment via the following steps:
- Virtual nodes for both the hub and spokes are created (or combined with baremetal nodes). Note this is optional
- Client packages such as openshift-install are downloaded with any specified version and tag.
- Stop the nodes to deploy through redfish.
- Launch hub install against them
- Install ZTP requirements such as assisted service, openshift-gitops, a git server, ...
- Launch spoke deployments
Parameters allow to customize the installation
The installer vm (and additional virtual nodes) can run on any platform supported by kcli with support for iso deployment. So far it was tested on:
- kvm
- vsphere and esx
- kcli installed (for rhel8/cento8/fedora, look here)
- An openshift pull secret (stored by default in openshift_pull.json)
- a physical bridge typically named baremetal with a nic from the external network
Here's a script you can run on the provisioning node for that (adjust the NIC variable as per your environment)
export NIC=eno2
sudo nmcli connection add ifname baremetal type bridge con-name baremetal
sudo nmcli con add type bridge-slave ifname $NIC master baremetal
sudo nmcli con down $NIC; sudo pkill dhclient; sudo dhclient baremetal
Prepare a valid parameter file with the information needed. At least, you need to specify the following elements:
- api_ip
- ingress_ip
- bmc_user/bmc_password (for real baremetal)
- an array of your ctlplanes (if thet are not virtual). Each entry in this array needs at least the mac and redfish_address. Optionally you can indicate for each entry a specific bmc_user, bmc_password and disk (to be used as rootdevice hint) either as /dev/XXX or simply XXX
- an array of your workers (can be left empty if you only want to deploy ctlplanes). The format of those entries follow the one indicated for ctlplanes.
Here's a snippet what the workers variable might look like:
workers:
- redfish_address: 192.168.1.5
- redfish_address: 192.168.1.6
Call the resulting file kcli_parameters.yml
to avoid having to specify it in the creation command.
Then you can launch deployment with:
kcli create plan
kcli ssh
Note that you can use the baseplan kcli_plan_infra.yml
to deploy the infrastructure only
Parameter | Default Value |
---|---|
KUBECONFIG | None |
acm | True |
apps | [] |
apps_install_cr | False |
baremetal_cidr | None |
baseplan | kcli_plan_infra.yml |
bmc_password | calvin |
bmc_reset | False |
bmc_user | root |
cas | [] |
cluster_network_ipv4 | 10.132.0.0/14 |
cluster_network_ipv6 | fd01::/48 |
converged_flow | False |
cpu_partitioning | False |
deploy_hub | True |
disable_validations | True |
disconnected | False |
disconnected_certified_operators | [] |
disconnected_certified_operators_version | None |
disconnected_clean_pull_secret | False |
disconnected_community_operators | [] |
disconnected_community_operators_version | None |
disconnected_extra_catalogs | [] |
disconnected_extra_images | [] |
disconnected_extra_releases | [] |
disconnected_marketplace_operators | [] |
disconnected_marketplace_operators_version | None |
disconnected_operators | [] |
disconnected_operators_version | None |
disconnected_password | dummy |
disconnected_url | None |
disconnected_user | dummy |
dns | False |
dualstack | False |
dualstack_cidr | None |
dualstack_isolated | False |
fips | False |
gitops_clusters_app_path | site-configs |
gitops_password | dummy |
gitops_policies_app_path | site-policies |
gitops_repo_branch | main |
gitops_repo_url | None |
gitops_user | dummy |
go_version | 1.13.8 |
http_proxy | None |
image | centos9stream |
imagecontentsources | [] |
imageregistry | False |
installer_disk_size | None |
installer_ip | None |
installer_mac | None |
installer_memory | None |
installer_numcpus | None |
installer_wait | False |
keys | [] |
launch_steps | True |
manifests_dir | manifests |
monitoring_retention | None |
motd | None |
nbde | False |
network_type | OVNKubernetes |
nfs | False |
no_proxy | None |
notify | False |
notifyscript | scripts/notify.sh |
ntp | False |
ntp_server | 0.rhel.pool.ntp.org |
numcpus | 16 |
openshift_image | None |
prs | [] |
pull_secret | openshift_pull.json |
registry_image | quay.io/karmab/registry:amd64 |
rhnregister | True |
rhnwait | 30 |
schedulable_ctlplanes | False |
service_network_ipv4 | 172.30.0.0/16 |
service_network_ipv6 | fd02::/112 |
spoke_deploy | True |
spoke_domain | None |
spoke_network_type | OVNKubernetes |
spoke_policies_dir | spoke_policies_dir |
spoke_static_network | False |
spoke_wait | True |
spoke_wait_time | 3600 |
static_baremetal_dns | None |
static_baremetal_gateway | None |
static_ips | [] |
static_network | False |
tag | 4.17 |
users_admin | admin |
users_adminpassword | admin |
users_dev | dev |
users_devpassword | dev |
version | stable |
wait_for_workers | True |
wait_for_workers_number | None |
wait_for_workers_timeout | 3600 |
workflow_installer | False |
when specifying baremetal_ctlplanes or baremetal_workers as an array, the specification can be created with something like this
- redfish_address: 192.168.123.45
mac: 98:03:9b:62:81:49
The following parameters can be used in this case:
- redfish_address. Redfish url
- boot_mode (optional). Should either be set to Legacy, UEFI or UEFISecureBoot
- bmc_user. If not specified, global bmc_password variable is used
- bmc_password. If not specified, global bmc_password variable is used
- disk. Optional rootDeviceHint disk device
- ip, nic, gateway. Those attributes can be provided to set static networking using nmstate. Nic can be omitted. If gateway isn't provided, the static_gateway is used or gateway is guessed from baremetal_cidr
The following sample parameter files are available for you to deploy:
- lab.yml This deploys 3 ctlplanes in a dedicated ipv4 network
- lab_ipv6.yml This deploys 3 ctlplanes in a dedicated ipv6 network (hence in a disconnected manner) and a SNO spoke on top