README.md

Ansible Role jm1.cloudy.openshift_ipi

This role helps with using OpenShift Installer-provisioned installation (IPI) or ODK Installer-provisioned installation (IPI) to create OpenShift clusters and OKD clusters.

First, a directory for all installer related files such as install-config.yaml and manifests will be created, defined in variable openshift_ipi_config_dir. Files insides this directory such as install-config.yaml will be created from variable openshift_ipi_config which defines a list of tasks to be run by this role. Each task calls an Ansible module similar to tasks in roles or playbooks except that only few keywords such as become and when are supported.

When a pull secret has been defined in variable openshift_ipi_pullsecret, then it will be written to file openshift_ipi_pullsecret_file.

Next, the openshift-baremetal-install binary will be extracted from container image defined in openshift_ipi_release_image to directory openshift_ipi_install_dir which defaults to /usr/local/bin. To aid debugging, the version of openshift-baremetal-install will be printed. Afterwards openshift-baremetal-install will generate the manifests for OpenShift Installer-provisioned installation (IPI) from install-config.yaml and other manifests and then create the cluster.

Finally, the role will wait until:

1. the cluster has been bootstrapped,
2. the installation has been completed,
3. the number of nodes matches the number of machines,
4. all nodes are ready, because follow-up roles might require workload capacity, and
5. cluster operators have finished progressing to ensure that the configuration which had been specified at installation time has been achieved.

Tested OS images

• Cloud image (amd64) of Debian 10 (Buster)
• Cloud image (amd64) of Debian 11 (Bullseye)
• Cloud image (amd64) of Debian 12 (Bookworm)
• Cloud image (amd64) of Debian 13 (Trixie)
• Cloud image (amd64) of CentOS 7 (Core)
• Cloud image (amd64) of CentOS 8 (Stream)
• Cloud image (amd64) of CentOS 9 (Stream)
• Cloud image (amd64) of Fedora Cloud Base 40
• Cloud image (amd64) of Ubuntu 18.04 LTS (Bionic Beaver)
• Cloud image (amd64) of Ubuntu 20.04 LTS (Focal Fossa)
• Cloud image (amd64) of Ubuntu 22.04 LTS (Jammy Jellyfish)
• Cloud image (amd64) of Ubuntu 24.04 LTS (Noble Numbat)

Available on Ansible Galaxy in Collection jm1.cloudy.

Requirements

OpenShift Client aka oc is required for extracting openshift-baremetal-install from the release image and managing Kubernetes resources. You may use role jm1.cloudy.openshift_client to install it.

This role uses module(s) from collection jm1.ansible and collection jm1.pkg. To install these collections you may follow the steps described in README.md using the provided requirements.yml.

Variables

Name	Default value	Required	Description
openshift_ipi_config	undefined	true	List of tasks to run in order to create install-config.yaml and other manifests for openshift-baremetal-install in openshift_ipi_config_dir 1 2 3
openshift_ipi_config_dir	~/clusterconfigs	false	Directory where install-config.yaml file will be created. Defaults to clusterconfigs in ansible_user's home
openshift_ipi_install_dir	/usr/local/bin	false	Directory where openshift-baremetal-install will be installed to
openshift_ipi_pullsecret	undefined	false	Pull secret downloaded from Red Hat Cloud Console which will be used to authenticate with Container registries Quay.io and registry.redhat.io, which serve the container images for OpenShift Container Platform components. A pull secret is required for OpenShift deployments only, but not for OKD deployments.
openshift_ipi_pullsecret_file	~/pull-secret.txt	false	Path to pull secret file
openshift_ipi_release_image	undefined	true	Container image from which openshift-baremetal-install will be extracted, e.g. 'quay.io/okd/scos-release:4.13.0-0.okd-scos-2023-07-20-165025'

Dependencies

Name	Description
jm1.libvirt.setup	Installs libvirtd service which will be used to launch IPI's bootstrap virtual machine. This role is optional.
jm1.pkg.setup	Installs necessary software for module jm1.pkg.meta_pkg from collection jm1.pkg. This role is called automatically, manual execution is NOT required.

OpenShift Installer-provisioned installation (IPI) uses libvirt (esp. libvirtd) to [launch a bootstrap virtual machine][ipi-install-overview]. You can use role jm1.libvirt.setup from collection jm1.libvirt to install necessary software packages.

Example Playbook

- hosts: all
  become: true
  roles:
  - name: Create an OpenShift cluster with Installer-provisioned installation (IPI)
    role: jm1.cloudy.openshift_ipi
    tags: ["jm1.cloudy.openshift_ipi"]

For a complete example on how to use this role and jm1.libvirt.setup, refer to hosts lvrt-lcl-session-srv-400-okd-ipi-router up to lvrt-lcl-session-srv-430-okd-ipi-provisioner from the provided examples inventory. The top-level README.md describes how these hosts can be provisioned with playbook playbooks/site.yml.

If you want to deploy OpenShift instead of OKD, download a pull secret from Red Hat Cloud Console. It is required to authenticate with Container registries Quay.io and registry.redhat.io, which serve the container images for OpenShift Container Platform components. Next, change the following host_vars of Ansible host lvrt-lcl-session-srv-430-okd-ipi-provisioner:

openshift_ipi_pullsecret: |
  {"auths":{"xxxxxxx": {"auth": "xxxxxx","email": "xxxxxx"}}}

# Or read pull secret from file ~/pull-secret.txt residing at the Ansible controller
#openshift_ipi_pullsecret: |
#  {{ lookup('ansible.builtin.file', lookup('ansible.builtin.env', 'HOME') + '/pull-secret.txt') }}

openshift_ipi_release_image: "{{ lookup('ansible.builtin.pipe', openshift_ipi_release_image_query) }}"

openshift_ipi_release_image_query: |
  curl -s https://mirror.openshift.com/pub/openshift-v4/amd64/clients/ocp/stable-4.13/release.txt \
    | grep 'Pull From: quay.io' \
    | awk -F ' ' '{print $3}'

For instructions on how to run Ansible playbooks have look at Ansible's Getting Started Guide.

License

GNU General Public License v3.0 or later

See LICENSE.md to see the full text.

Author

Jakob Meng @jm1 (github, galaxy, web)

Footnotes

1. Useful Ansible modules in this context could be blockinfile, command, copy, file, lineinfile and template. ↩

2. Tasks will be executed with jm1.ansible.execute_module which supports keywords become, become_exe, become_flags, become_method, become_user, environment and when only. NOTE: Keywords related to become will not inherit values from the role's caller. For example, when become is defined in a playbook it will not be passed on to a task here. ↩

3. Tasks will be executed with jm1.ansible.execute_module which supports modules and action plugins only. Some Ansible modules such as ansible.builtin.meta and ansible.builtin.{include,import}_{playbook,role,tasks} are core features of Ansible, in fact not implemented as modules and thus cannot be called from jm1.ansible.execute_module. Doing so causes Ansible to raise errors such as MODULE FAILURE\nSee stdout/stderr for the exact error. In addition, Ansible does not support free-form parameters for arbitrary modules, so for example, change from - debug: msg="" to - debug: { msg: "" }. ↩