This repo contains Ansible and terraform scripts for installing openshift onto OpenStack or AWS EC2.
The repo is organized into the different deployment models. Currently tested with EC2 and OpenStack, but can be extended to Google Compute, Digital Ocean, etc. Happy to take pull requests for additional infrastructure.
There are a few pre-requisites for these scripts:
- terraform >v0.6.3
- ansible >1.9.2
- git
To get started, use git to pull down this repo. You'll also want to clone down the openshift-ansible installer as that's used to do the actual deployment of openshift (which is awesome by the way!). This project also used the [terraform.py] (https://github.com/CiscoCloud/terraform.py) to create an Ansible invetory from the Terraform files. For this getting started section, let's assume the directory structure looks like this:
./openshift-terraform-ansible/
./openshift-ansible/
./terraform.py/
You'll need to fill in some credentials for the different environments that you use. There are two files that need to be updated: the terraform credentials and the RHEL subscription credentials (NOTE: you need RHEL to install OpenShift Enterprise. If you're just installing Origin, then you don't need a subscription -- ie, can just use Fedora)
To access AWS, terraform needs to know the secret keys and access keys for AWS.
Create a file named terraform.tfvars
in the ec2
directory of this repo and assign the keys as such:
aws_access_key = "FFFFFFFFFFFFFFFFFFFFFFF"
aws_secret_key = "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
aws_region = "us-east-1"
aws_availability_zone = "us-east-1c"
security_group = "aws-sec-group"
keypair = "yourkey"
master_instance_type = "c3.2xlarge"
node_instance_type = "c3.xlarge"
num_nodes = "5"
To access OpenStack, terraform needs to know the secret keys and access keys for your OpenStack deployment.
Create a file named terraform.tfvars
in the openstack
directory of this repo and assign the keys as such:
openstack_user_name = "username"
openstack_tenant_name = "tenant anme"
openstack_tenant_id = "tentat-id"
openstack_password = "password"
openstack_auth_url = "http://youropenstack.com:5000/v2.0"
openstack_availability_zone = "nova"
openstack_region = "region"
openstack_keypair = "keypair"
num_nodes = "1"
# update these to the image IDs you want to use in your infra
master_image_id = "6b7a5472-5187-4e38-bce4-9d6d2a11a8e7"
master_instance_size = "m1.large"
node_image_id = "6b7a5472-5187-4e38-bce4-9d6d2a11a8e7"
node_instance_size = "m1.large"
To access GCE, terraform needs to know the secret keys and access keys for your GCE account.
Create a file named terraform.tfvars
in the gce
directory of this repo and assign the keys as such:
gce_access_key = "myuser: ssh-dss AAA<long string - the public key of the user you will use to connect on the server later>szSHlg== myuser@myserver"
gce_region = "us-east1"
gce_project = "<your project name on GCE (top right corner of the console)>"
num_nodes = "2"
In addition of AWS and OpenStack procedure Google require another extra file which contains the credential information. Terraform use the GCE service account to communicate with GCE and thus you need to have a GCE account file on the gce
directory (you can simply download it from GCE). You can find more information about this step directly on Teraform documentation here : https://www.terraform.io/docs/providers/google/index.html
Here is my account file as example:
[mysuer@myserver gce]$ cat account.json
{
"type": "service_account",
"project_id": "<your project id>",
"private_key_id": "b...<short string>...3",
"private_key": "-----BEGIN PRIVATE KEY-----\nMIIEvQIBADAN...<very very long string>...SFG35w=\n-----END PRIVATE KEY-----\n",
"client_email": "49...o@developer.gserviceaccount.com",
"client_id": "49...o.apps.googleusercontent.com",
"auth_uri": "https://accounts.google.com/o/oauth2/auth",
"token_uri": "https://accounts.google.com/o/oauth2/token",
"auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
"client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/4...0developer.gserviceaccount.com"
}
These scripts were tested to run on EC2 with a valid RHEL subscription. They most likely run on the AWS RHEL or CentOS7, but not tested yet.
To activate the RHEL subscription, create a file in the ./<provider>/ansible
directory named rhel-sub-vars.yml
and add these values where provider
is ec2
or openstack
username: FFFFF
password: FFFFF
pool_id: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
Once you've set up the credentials files, you'll be ready to set up openshift
Deploying involves creating the infrastructure (networks, compute instances, IPs, security groups, etc), prepping the install as advised by the openshift documentation, and then installing openshift itself.
To deploy the infrastructure, navigate to the ec2
or openstack
folder that you wish to use and check the status of the infrastructure (ie, kinda like a test run, and see the components that will be created):
terraform plan
If everything looks good, then you can go ahead and create the infrastructure:
terraform apply
If this completes successfully, then yay! You should go to the next step to prep the infrastructure
This is an optional step but recommended if you're using RHEL. Run the following ansible script to attach your RHEL subscription to all of the nodes/compute instances created above:
ansible-playbook -i ../../terraform.py/terraform.py ./ansible/rhel-sub.yml --private-key=/location/to/private/keys
To prep the environment (downnload docker, set up repos, etc) run the following playbook:
ansible-playbook -i ../../terraform.py/terraform.py ./ansible/ose3-prep-nodes.yml --private-key=/location/to/private/keys
To run the openshift installer, you'll first need to create the inventory file. Unfortunately this step is a bit manual until I hack the terraform.py scripts to generate this on the fly based on metadata/tags.
Create the inventory file; you can use this example to get an idea of what to configure. You can tweak the settings, and you MUST add the DNS/IP addresses of your servers. This is the part that's not automated yet :)
Once you've got your inventory scripts, you can run this ansible playbook:
ansible-playbook -i ./inventory --private-key=/location/to/private/keys ../../openshift-ansible/playbooks/byo/config.yml
Congrats! You've got an openshift cluster!
Now run this script to set up the registry/router/etc:
sudo su -
export INTERNAL_HOSTNAME=$(hostname -f)
sh <(curl -s -L https://gist.github.com/christian-posta/dbabd26005989bafab98/raw) $INTERNAL_HOSTNAME