rht
/
ocp-disco-install-materials


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347
							---
# Configure the agent installation artifacts for SNO.
# Mostly the same as 55-coreos-installer.yml, but some changes.
# 
# NOTE: If you want to skip the dangerous parts, use --skip-tags=destroy
#
- name: Prepare the files required for a SNO installation using agent install.
  hosts: workstation.lab.example.com
  become: no
  gather_subset: min
  tasks:
    # NOTE: This one is actually a prep item, but it's only needed for agent installs.
    - name: Ensure nmstate is installed.
      become: yes
      ansible.builtin.yum:
        name: nmstate
        state: present

    - name: Check the dependency status.
      ansible.builtin.stat:
        path: "{{ ansible_facts['user_dir'] }}/{{ item }}"
        get_attributes: no
        get_checksum: no
        get_mime: no
      register: dependencies
      loop:
        - install-pull-secret
        - .ssh/openshift.pub
        - ca/ca-cert.pem
        - mirror/working-dir/cluster-resources/idms-oc-mirror.yaml
        - Downloads/rhcos-418.94.202501221327-0-live.x86_64.iso

    - ansible.builtin.assert:
        that:
          - dependencies.results[0].stat.exists
          - dependencies.results[1].stat.exists
          - dependencies.results[2].stat.exists
          - dependencies.results[3].stat.exists
          - dependencies.results[4].stat.exists
        fail_msg: |
          ERROR: Either pull secret, SSH keypair, CA certificate, RHCOS ISO, or mirror artifacts are missing.
          Ensure all the relevant preceding tasks have been completed:
            - Quay prerequisites,
            - Quay deployment,
            - oc-mirror prerequisites,
            - oc-mirror execution,
            - coreos-installer prerequisites
          Exiting.
        success_msg: "OK, dependencies exist."

    - name: Check whether someone fiddled with installation before.
      ansible.builtin.stat:
        path: "{{ ansible_facts['user_dir'] }}/agent/.openshift_install.log"
      register: install_log

    - name: Warn if installation log was found.
      ansible.builtin.pause:
        prompt: |
          WARNING: Found .openshift_install.log in the cluster working directory. This usually
                   means there were previous attempts of creating installation artifacts.
          
                   If you want to recreate the cluster working directory from scratch, run this
                   playbook with the variable "recreate_cluster_dir" set to any value like this:
          
                    ansible-playbook -e recreate_cluster_dir=yes ./60-agent-installation.yml
          
                   Continuing in 5 seconds unless you interrupt execution.
        seconds: 5
      when:
        - install_log.stat.exists
        - recreate_cluster_dir is not defined

    - name: Load the dependencies as facts.
      ansible.builtin.set_fact:
        pull_secret: "{{ lookup('ansible.builtin.file', ansible_facts['user_dir'] + '/install-pull-secret') }}"
        public_key: "{{ lookup('ansible.builtin.file', ansible_facts['user_dir'] + '/.ssh/openshift.pub') }}"
        lab_ca_cert: "{{ lookup('ansible.builtin.file', ansible_facts['user_dir'] + '/ca/ca-cert.pem') }}"
        content_sources: "{{ lookup('ansible.builtin.file', ansible_facts['user_dir'] + '/mirror/working-dir/cluster-resources/idms-oc-mirror.yaml')
                              | ansible.builtin.from_yaml_all }}"

    - name: Set the fact determining installation type (required for templating).
      ansible.builtin.set_fact:
        install_type: agent
        install_host: master02.ocp4.example.com

    - name: Collect facts from the target machine (must be reachable for that).
      delegate_to: "{{ install_host }}"
      delegate_facts: yes
      ansible.builtin.setup:
        gather_subset: min,interfaces

    - name: Ensure install-config is there.
      ansible.builtin.template:
        src: templates/install-config-template.yaml.j2
        dest: "{{ ansible_facts['user_dir'] }}/install-config-agent.yaml"
        mode: 0644
        owner: student
        group: student
      register: updated_install_config

    - name: Ensure agent-config is there.
      ansible.builtin.template:
        src: templates/agent-config-template.yaml.j2
        dest: "{{ ansible_facts['user_dir'] }}/agent-config-sno.yaml"
        mode: 0644
        owner: student
        group: student
      register: updated_agent_config

    - name: Remove the installation directory if so required.
      ansible.builtin.file:
        path: "{{ ansible_facts['user_dir'] }}/agent"
        state: absent
      when:
        - recreate_cluster_dir is defined
        - recreate_cluster_dir

    - name: Ensure the presence of installation directory.
      ansible.builtin.file:
        path: "{{ ansible_facts['user_dir'] }}/agent"
        state: directory
        mode: 0755

    - name: Also, ensure that the right install-config.yaml file is in there.
      ansible.builtin.copy:
        src: "{{ ansible_facts['user_dir'] }}/install-config-agent.yaml"
        remote_src: yes
        dest: "{{ ansible_facts['user_dir'] }}/agent/install-config.yaml"
        mode: 0644
      register: published_install_config
      when:
        - (not install_log.stat.exists) or (recreate_cluster_dir is defined) or updated_install_config.changed or updated_agent_config.changed

    - name: The same, but for agent-config.yaml.
      ansible.builtin.copy:
        src: "{{ ansible_facts['user_dir'] }}/agent-config-sno.yaml"
        remote_src: yes
        dest: "{{ ansible_facts['user_dir'] }}/agent/agent-config.yaml"
        mode: 0644
      register: published_agent_config
      when:
        - (not install_log.stat.exists) or (recreate_cluster_dir is defined) or updated_install_config.changed or updated_agent_config.changed

    - name: This block will only execute if install-config or agent-config files were published.
      block:

        - name: Ensure the presence of customization directory.
          ansible.builtin.file:
            path: "{{ ansible_facts['user_dir'] }}/agent/openshift"
            state: directory
            mode: 0755

        - name: Render chrony customizations in home directory.
          ansible.builtin.template:
            src: templates/chrony-customization.bu.j2
            dest: "{{ ansible_facts['user_dir'] }}/chrony-{{ item }}.bu"
            mode: 0644
            owner: student
            group: student
          loop:
            - master
            - worker

        - name: Publish chrony customizations in manifests directory.
          ansible.builtin.command:
            cmd: butane ./chrony-{{ item }}.bu -o ./agent/openshift/99_chrony_{{ item }}.yaml
            chdir: "{{ ansible_facts['user_dir'] }}"
            creates: agent/openshift/99_chrony_{{ item }}.yaml
          loop:
            - master
            - worker

        - name: Ensure the agent image cache directory exists.
          ansible.builtin.file:
            path: "{{ ansible_facts['user_dir'] }}/.cache/agent/image_cache"
            state: directory
            mode: 0755

        - name: Ensure that the agent ISO and all other artifacts are gone if anything was updated.
          ansible.builtin.file:
            path: "{{ ansible_facts['user_dir'] }}/agent/{{ item }}"
            state: absent
          loop:
            - agent.x86_64.iso
            - auth
            - rendezvousIP
            - .openshift_install.log
            - .openshift_install_state.json

      when: published_install_config.changed or published_agent_config.changed

    - name: Check whether the ISO is there.
      ansible.builtin.stat:
        path: "{{ ansible_facts['user_dir'] }}/agent/agent.x86_64.iso"
        get_attributes: no
        get_checksum: no
        get_mime: no
      register: agent_iso

    - name: Ensure that CoreOS ISO is a link to the downloaded one in Downloads.
      ansible.builtin.file:
        path: "{{ ansible_facts['user_dir'] }}/.cache/agent/image_cache/coreos-x86_64.iso"
        state: hard
        src: "{{ ansible_facts['user_dir'] }}/Downloads/rhcos-418.94.202501221327-0-live.x86_64.iso"

    - name: Create agent installation ISO.
      ansible.builtin.command:
        cmd: openshift-install-fips agent create image
        chdir: "{{ ansible_facts['user_dir'] }}/agent"
      when: not agent_iso.stat.exists

- name: Fix DNS server data.
  hosts: utility.lab.example.com
  gather_subset: min
  become: yes
  tasks:
    - name: Ensure forward DNS records are there.
      become: yes
      ansible.builtin.lineinfile:
        path: /var/named/ocp4.example.com.db
        regexp: "{{ item.regex }}"
        line: "{{ item.line }}"
        insertafter: "{{ item.after | default(omit) }}"
        insertbefore: "{{ item.before | default(omit) }}"
      loop:
        - regex: '^master02\.agent '
          line: "master02.agent IN A 192.168.50.11"
          after: '^master02 '
        - regex: '^api\.agent '
          line: "api.agent IN A 192.168.50.8"
          before: '^master02\.agent '
        - regex: '^api-int\.agent '
          line: "api-int.agent IN A 192.168.50.8"
          after: '^api\.agent '
        - regex: '^\*\.apps\.agent '
          line: "*.apps.agent IN A 192.168.50.9"
          after: '^api-int\.agent '
      register: dnsfw_fix
      notify:
        - reload dns

    - name: Increase the serial number of the forward zone if changed.
      block:

        - name: Load the zone file.
          become: yes
          ansible.builtin.slurp:
            src: /var/named/ocp4.example.com.db
          register: zonefile_fw

        - name: Read the serial number from the zone file and increase it by one.
          ansible.builtin.set_fact:
            new_fw_serial: "{{ (zonefile_fw.content | ansible.builtin.b64decode() | ansible.builtin.regex_search('^.*; serial', ignorecase=True, multiline=True) | ansible.builtin.regex_replace('; serial.*$', '') | trim | int) + 1 }}"

        - name: Insert the new serial number instead of the old one.
          become: yes
          ansible.builtin.lineinfile:
            path: /var/named/ocp4.example.com.db
            regexp: "; serial"
            line: "                {{ new_fw_serial }} ; serial"

      when: dnsfw_fix.changed

    - name: Ensure reverse DNS records are there.
      become: yes
      ansible.builtin.lineinfile:
        path: /var/named/ocp4.example.com.reverse.db
        regexp: '^11\s+IN\s+PTR'
        line: "11  IN PTR master02.agent.ocp4.example.com."
        insertbefore: "^40  IN PTR idm"
      register: dnsre_fix
      notify:
        - reload dns

    - name: Increase the serial number of the reverse zone if changed.
      block:

        - name: Load the zone file.
          become: yes
          ansible.builtin.slurp:
            src: /var/named/ocp4.example.com.reverse.db
          register: zonefile_re

        - name: Read the serial number from the zone file and increase it by one.
          ansible.builtin.set_fact:
            new_re_serial: "{{ (zonefile_re.content | ansible.builtin.b64decode() | ansible.builtin.regex_search('^.*; serial', ignorecase=True, multiline=True) | ansible.builtin.regex_replace('; serial.*$', '') | trim | int) + 1 }}"

        - name: Insert the new serial number instead of the old one.
          become: yes
          ansible.builtin.lineinfile:
            path: /var/named/ocp4.example.com.reverse.db
            regexp: "; serial"
            line: "                {{ new_re_serial }} ; serial"

      when: dnsre_fix.changed

  handlers:
    - name: restart dhcpd
      become: yes
      ansible.builtin.systemd_service:
        name: dhcpd
        state: restarted

    - name: reload dns
      become: yes
      ansible.builtin.systemd_service:
        name: named
        state: reloaded

- name: Copy the ISO file to target machine and write it to /dev/sdb
  hosts: master02.ocp4.example.com
  gather_subset: min
  become: yes
  tasks:
    - name: Copy the ISO file to master01.
      ansible.builtin.copy:
        src: /home/student/agent/agent.x86_64.iso
        dest: /root/agent.x86_64.iso
        mode: 0644
      register: copied_iso

    # TODO: ensure /dev/sdb1 exists and is bootable

    - name: Write the ISO to /dev/sdb1 if it was changed.
      ansible.builtin.command:
        cmd: dd if=/root/agent.x86_64.iso of=/dev/sdb1 conv=sync bs=4k
      when: copied_iso.changed
      register: wrote_iso
      tags:
        - destroy

    - name: Wipe the filesystem of /dev/sda if ISO was written to /dev/sdb1.
      ansible.builtin.command:
        cmd: wipefs -af /dev/sda
      when: wrote_iso.changed
      register: wiped_fs
      tags:
        - destroy

    - name: Reboot the machine if filesystem was wiped.
      ansible.builtin.command:
        cmd: reboot
      ignore_errors: yes
      when: wiped_fs.changed
      tags:
        - destroy
...