Skip to content

Latest commit

 

History

History
505 lines (404 loc) · 15.1 KB

Deploying_Using_Execution_Environments.adoc

File metadata and controls

505 lines (404 loc) · 15.1 KB
Raw

AgnosticD Development Setup using Ansible Execution Environments

Table of Contents

Mac

Prerequisties

  1. On Mac make sure you have Homebrew installed (https://brew.sh)

  2. Using Docker Desktop (right now on M1 Macs)

    1. Install Docker Desktop (https://www.docker.com/products/docker-desktop) - make sure to pick the version for your processor and operating system

    2. Once Docker Desktop is running pull the execution environment image:

      docker pull quay.io/agnosticd/ee-multicloud:latest

  3. Using Podman (you need Homebrew) (on Intel Macs)

    brew install podman

podman machine init
podman machine start

podman pull quay.io/agnosticd/ee-multicloud:latest

  4. Install Python

    brew install [email protected]

  5. Install virtualenv

    brew install virtualenv

  6. Set up your Python virtual environment

    mkdir -p ~/virtualenvs

virtualenv -p $(which python3) ~/virtualenvs/ansible-navigator

source ~/virtualenvs/ansible-navigator/bin/activate

  7. Install Ansible Navigator in your (now active) virtual environment:

    pip install -U pip ansible-navigator

  8. Create the Ansible Navigator configuration file ~/.ansible-navigator.yaml:

    ansible-navigator:
  execution-environment:
    container-engine: docker
    image: quay.io/agnosticd/ee-multicloud:latest
    volume-mounts:
    - src: /Users/wkulhane/Development/agnosticd-workdir/ansible-output
      dest: /ansible-output
  mode: stdout

  9. Set up your working environment

    # Set up AgnosticD
mkdir -p ~/Development/agnosticd-workdir

cd ~/Development/

git clone [email protected]:redhat-cop/agnosticd.git

Create an Empty AWS Account

  1. Navigate to https://demo.rhpds.com

  2. Select Open Environments

  3. Provision the AWS Blank Open Environment

Creating Input for AgnosticD

  1. Set up a file that holds your generic secrets (e.g. the OCP Pull Secret). Make sure the filename contains the word secret as to not accidentally commit it to the repo.

    ~/Development/agnosticd-workdir/secrets.yaml
    # Either use satellite
set_repositories_satellite_url: labsat-ha.opentlc.com
set_repositories_satellite_ha: true
set_repositories_satellite_org: Red_Hat_GPTE_Labs
set_repositories_satellite_activationkey: << redacted >>

# Or use your Employee subscription:
rhel_subscription_user: [email protected]
rhel_subscription_pass: << redacted >>

# OpenShift Pull Secret (get from https://console.redhat.com using your employee login)
ocp4_token: '{"auths":{"cloud.openshift.com":{"auth":"<< redacted>>","email":"<< redacted >>@redhat.com"},"quay.io":{"auth":"<< redacted >>","email":"<< redacted >>@redhat.com"},"registry.connect.redhat.com":{"auth":"<< redacted >>","email":"<< redacted >>@redhat.com"},"registry.redhat.io":{"auth":"<< redacted >>","email":"<< redacted >>@redhat.com"}}}'

ocp4_pull_secret: "{{ ocp4_token }}"

# Make sure your SSH public key is available on Github
ssh_authorized_keys:
- key: https://github.com/<< redacted >>.keys

  2. Set up a second file that contains your AWS Open Environment Credentials (from the e-mail you received when you created the open environment):

    ~/Development/agnosticd-workdir/sandbox-secrets.yaml
    aws_access_key_id: << redacted >>
aws_secret_access_key: << redacted >>

subdomain_base_suffix: .sandboxXXXX.opentlc.com

email: << redacted >>@redhat.com

agnosticd_aws_capacity_reservation_enable: false

Deploy a minimal OpenShift cluster

  1. Set up the input variables file for your OpenShift Cluster

    ~/Development/agnosticd-workdir/ocp-cluster.yaml
    ---
# -------------------------------------------------------------------
# User specific
# -------------------------------------------------------------------
subdomain_base_suffix: .{{ sandbox }}.opentlc.com
output_dir: /ansible-output/{{ guid }}
cloud_tags:
  - owner: [email protected]
  - Purpose: development
  - env_type: "{{ env_type }}"
  - guid: "{{ guid }}"
  - platform: labs

# -------------------------------------------------------------------
# Top level vars
# -------------------------------------------------------------------
cloud_provider: ec2
env_type: ocp4-cluster
software_to_deploy: openshift4

# -------------------------------------------------------------------
# Repos to use for the bastion
# -------------------------------------------------------------------
repo_method: satellite
# repo_method: rhn # for employee subscription

# -------------------------------------------------------------------
# VM configuration
# -------------------------------------------------------------------
master_instance_type: m5a.2xlarge
master_instance_count: 1
worker_instance_type: m5a.2xlarge
worker_instance_count: 2
bastion_instance_type: t3a.medium
bastion_instance_image: RHEL84GOLD-latest

# -------------------------------------------------------------------
# OpenShift installer
# -------------------------------------------------------------------
ocp4_installer_version: "4.11"

# -------------------------------------------------------------------
# Student user on bastion
# -------------------------------------------------------------------
install_student_user: false
# student_name: lab-user
# student_sudo: true
# if not set generate random password
# student_password: r3dh4t1!

# -------------------------------------------------------------------
# Workloads
# -------------------------------------------------------------------
# --- Infra Workloads (YAML List)
infra_workloads:
- ocp4_workload_authentication
- ocp4_workload_le_certificates

# -------------------------------------------------------------------
# Workload: ocp4_workload_authentication
# -------------------------------------------------------------------
ocp4_workload_authentication_idm_type: htpasswd
ocp4_workload_authentication_admin_user: admin
ocp4_workload_authentication_htpasswd_admin_password: redhat123
ocp4_workload_authentication_htpasswd_user_base: user
#ocp4_workload_authentication_htpasswd_user_password: openshift (autogenerated when not specified)
ocp4_workload_authentication_htpasswd_user_count: 1
ocp4_workload_authentication_remove_kubeadmin: true

  2. Run Ansible Navigator to deploy your cluster:

    cd ~/Development/agnosticd

ansible-navigator run ansible/main.yml -e @~/Development/ansible-workdir/ocp-cluster.yaml -e @~/Development/ansible-workdir/secrets.yaml -e @~/Development/ansible-workdir/sandbox-secrets.yaml -e guid=XXXXXX # replace with your specific GUID - e.g. wkacm

Deploy Workload on an existing Cluster

TBD

Run Navigator to deploy a workload to a cluster:

+

cd ~/Development/agnosticd

ansible-navigator run ansible/main.yml -e @ansible/workdir/ocp-workload.yaml -e guid=jm46

Linux

Note

All commands should be run as your own user account - do not take the name of root in vain!

Prerequisites

  • Install Podman (we need rootless podman)

  • Python 3.9+ installed with ansible-navigator prerequisites

Configure rootless Podman

If you haven’t configured your subuids and subgids before, this will setup the basics for your user. Follow the rest of the documents in the tutorial for configuring podman:

  1. Configure subuids and subgids for podman

    sudo bash -c "echo $(whoami):100000:65536 > /etc/subuid"
sudo bash -c "echo $(whoami):100000:65536 > /etc/subgid"

  2. Once complete, pull the multicloud-ee execution environment

    podman pull quay.io/agnosticd/ee-multicloud:latest
Note

This may take some time as the image is currently 3.02GB in size, but it has all of our cloud depenencies and libraries installed and will make your first steps much easier.

Create your virtual environment

Create a python 3.9+ virtualenv somewhere standard - ~/venvs/ or ~/virtualenvs/

mkdir ~/venvs/
cd ~/venvs/
python3 -mvenv ansible-navigator
. ~/venvs/ansible-navigator/bin/activate
(ansible-navigator) [user@localhost venvs]$ _
(ansible-navigator) [user@localhost venvs]$ pip3 install ansible-builder ansible-runner ansible-navigator
...
Requirement already satisfied: lockfile>=0.10 in ./venvs/ansible-navigator/lib64/python3.11/site-packages (from python-daemon->ansible-runner) (0.12.2)
Requirement already satisfied: types-setuptools>=57.0.0 in ./venvs/ansible-navigator/lib64/python3.11/site-packages (from requirements-parser->ansible-builder) (67.7.0.1)
Requirement already satisfied: pycparser in ./venvs/ansible-navigator/lib64/python3.11/site-packages (from cffi>=1->onigurumacffi<2,>=1.1.0->ansible-navigator) (2.21)

(ansible-navigator) [user@localhost venvs]$ _

Configure the Ansible Execution Environment

We’ll create the execution environments volume-folders next:

Note

<username> should be substituted with your own username

  1. Create the Ansible Navigator configuration file ~/.ansible-navigator.yaml:

    ansible-navigator:
  execution-environment:
    container-engine: podman
    image: quay.io/agnosticd/ee-multicloud:latest
    volume-mounts:
    - src: /home/<username>/development/tmp/
      dest: /tmp
    - src: /home/<username>/development/secrets/
      dest: /secrets
    - src: /home/<username>/development/vars/
      dest: /vars
  mode: stdout

  2. Set up the volume mounts and your agnosticd Directory

    # Set up AgnosticD
mkdir -p ~/development/{tmp,secrets,vars}

cd ~/development/
git clone [email protected]:redhat-cop/agnosticd.git
cd agnosticd

Create an Empty AWS Account

  1. Navigate to https://demo.rhpds.com

  2. Select Open Environments

  3. Provision the AWS Blank Open Environment

Creating Input for AgnosticD

  1. Set up a file that holds your generic secrets (e.g. the OCP Pull Secret). Make sure the filename contains the word secret so as to remind you not under any circumstances to accidentally commit it to the repo.

    ~/development/secrets/secrets.yaml
    # Either use satellite
set_repositories_satellite_url: labsat-ha.opentlc.com
set_repositories_satellite_ha: true
set_repositories_satellite_org: Red_Hat_GPTE_Labs
set_repositories_satellite_activationkey: << redacted >>

# Or use your Employee subscription:
rhel_subscription_user: [email protected]
rhel_subscription_pass: << redacted >>

# OpenShift Pull Secret (get from https://console.redhat.com using your employee login)
ocp4_token: '{"auths":{"cloud.openshift.com":{"auth":"username","email":"[email protected]"},"quay.io":{"auth":"username","email":"[email protected]"},"registry.connect.redhat.com":{"auth":"username","email":"[email protected]"},"registry.redhat.io":{"auth":"username","email":"[email protected]"}}}'

ocp4_pull_secret: "{{ ocp4_token }}"

# Make sure your SSH public key is available on Github
ssh_authorized_keys:
- key: https://github.com/username/repository/usernames_cryptographicallysecure_ed25519.pub

  2. Set up a second file that contains your AWS Open Environment Credentials (from the e-mail you received when you created the open environment):

    ~/development/secrets/sandbox-secrets.yaml
    aws_access_key_id: << redacted >>
aws_secret_access_key: << redacted >>

subdomain_base_suffix: .sandboxXXXX.opentlc.com

email: [email protected]

agnosticd_aws_capacity_reservation_enable: false

Deploy a minimal OpenShift cluster

  1. Set up the input variables file for your OpenShift Cluster

    ~/development/vars/ocp-cluster.yaml
    ---
# -------------------------------------------------------------------
# User specific
# -------------------------------------------------------------------
subdomain_base_suffix: .{{ sandbox }}.opentlc.com
output_dir: /ansible-output/{{ guid }}
cloud_tags:
  - owner: [email protected]
  - Purpose: development
  - env_type: "{{ env_type }}"
  - guid: "{{ guid }}"
  - platform: labs

# -------------------------------------------------------------------
# Top level vars
# -------------------------------------------------------------------
cloud_provider: ec2
env_type: ocp4-cluster
software_to_deploy: openshift4

# -------------------------------------------------------------------
# Repos to use for the bastion
# -------------------------------------------------------------------
repo_method: satellite
# repo_method: rhn # for employee subscription

# -------------------------------------------------------------------
# VM configuration
# -------------------------------------------------------------------
master_instance_type: m5a.2xlarge
master_instance_count: 1
worker_instance_type: m5a.2xlarge
worker_instance_count: 2
bastion_instance_type: t3a.medium
bastion_instance_image: RHEL84GOLD-latest

# -------------------------------------------------------------------
# OpenShift installer
# -------------------------------------------------------------------
ocp4_installer_version: "4.12"

# -------------------------------------------------------------------
# Student user on bastion
# -------------------------------------------------------------------
install_student_user: false
# student_name: lab-user
# student_sudo: true
# if not set generate random password
# student_password: 1_r3411Y-H4t3_h4Rdc0D3d-p4$$w0rDs_0

# -------------------------------------------------------------------
# Workloads
# -------------------------------------------------------------------
# --- Infra Workloads (YAML List)
infra_workloads:
- ocp4_workload_authentication
- ocp4_workload_le_certificates

# -------------------------------------------------------------------
# Workload: ocp4_workload_authentication
# -------------------------------------------------------------------
ocp4_workload_authentication_idm_type: htpasswd
ocp4_workload_authentication_admin_user: admin
ocp4_workload_authentication_htpasswd_admin_password: 1_r3511Y-H4t3_hArdc0d3_-p4$$w0rDs_1
ocp4_workload_authentication_htpasswd_user_base: user
#ocp4_workload_authentication_htpasswd_user_password: 1_r3A11Y-H4t3_cl34Rt3X7-p4$$w0rDs_2 (autogenerated when not specified)
ocp4_workload_authentication_htpasswd_user_count: 1
ocp4_workload_authentication_remove_kubeadmin: true

  2. Run Ansible Navigator to deploy your cluster:

    Note

    Outside of the playbook immediately after run, all -e options must be specified relative to their mountpoint inside the execution environment’s container. See ~/.ansible-navigator.yaml for what you previously set

    		 
cd ~/development/agnosticd

ansible-navigator run ansible/main.yml \
-e @/vars/ocp-cluster.yaml \
-e @/secrets/secrets.yaml \
-e @/secrets/sandbox-secrets.yaml \
-e guid=XXXXXX # replace with your specific GUID - e.g. 7hbpt

Deploy Workload on an existing Cluster

TBD

Run Navigator to deploy a workload to a cluster:

cd ~/development/agnosticd

ansible-navigator run ansible/main.yml \
-e @/vars/ocp-cluster.yaml \
-e guid=7hbpt