├── .gitattributes ├── .gitignore ├── CODE_OF_CONDUCT.md ├── CONTRIBUTING.md ├── DCO1.1.txt ├── LICENCE.txt ├── OWNERS ├── README.md ├── data └── .gitignore ├── docs ├── automation_host_prereqs.md ├── ocp4-manual-deployment-dhcp.md ├── ocp_prereqs_powervc.md ├── quickstart.md ├── rhcos-image-creation.md └── var.tfvars-doc.md ├── modules ├── 1_bastion │ ├── bastion.tf │ ├── outputs.tf │ ├── templates │ │ └── create_disk_link.sh │ ├── variables.tf │ └── versions.tf ├── 2_network │ ├── network.tf │ ├── outputs.tf │ ├── variables.tf │ └── versions.tf ├── 3_helpernode │ ├── helpernode.tf │ ├── templates │ │ ├── helpernode_inventory │ │ └── helpernode_vars.yaml │ ├── variables.tf │ └── versions.tf ├── 4_nodes │ ├── 4_1_bootstrapnode │ │ ├── bootstrapnode.tf │ │ ├── outputs.tf │ │ ├── variables.tf │ │ └── versions.tf │ ├── 4_2_masternodes │ │ ├── masternodes.tf │ │ ├── outputs.tf │ │ ├── variables.tf │ │ └── versions.tf │ └── 4_3_workernodes │ │ ├── outputs.tf │ │ ├── variables.tf │ │ ├── versions.tf │ │ └── workernodes.tf └── 5_install │ ├── 5_1_installconfig │ ├── installconfig.tf │ ├── outputs.tf │ ├── templates │ │ ├── install_inventory │ │ ├── install_vars.yaml │ │ └── installconfig_vars.yaml │ ├── variables.tf │ └── versions.tf │ ├── 5_2_bootstrapconfig │ ├── bootstrapconfig.tf │ ├── outputs.tf │ ├── variables.tf │ └── versions.tf │ ├── 5_3_bootstrapcomplete │ ├── bootstrapcomplete.tf │ ├── outputs.tf │ ├── variables.tf │ └── versions.tf │ └── 5_4_installcomplete │ ├── install.tf │ ├── outputs.tf │ ├── templates │ └── upgrade_vars.yaml │ ├── variables.tf │ └── versions.tf ├── ocp.tf ├── outputs.tf ├── var.tfvars ├── variables.tf └── versions.tf /.gitattributes: -------------------------------------------------------------------------------- 1 | * text=auto eol=lf 2 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | # Local .terraform directories 2 | **/.terraform/* 3 | 4 | # .tfstate files 5 | *.tfstate 6 | *.tfstate.* 7 | 8 | # Crash log files 9 | crash.log 10 | crash.*.log 11 | 12 | # terraform.lock.hcl 13 | .terraform.lock.hcl 14 | -------------------------------------------------------------------------------- /CODE_OF_CONDUCT.md: -------------------------------------------------------------------------------- 1 | # Contributor Covenant Code of Conduct 2 | 3 | ## Our Pledge 4 | 5 | We as members, contributors, and leaders pledge to make participation in our 6 | community a harassment-free experience for everyone, regardless of age, body 7 | size, visible or invisible disability, ethnicity, sex characteristics, gender 8 | identity and expression, level of experience, education, socio-economic status, 9 | nationality, personal appearance, race, religion, or sexual identity 10 | and orientation. 11 | 12 | We pledge to act and interact in ways that contribute to an open, welcoming, 13 | diverse, inclusive, and healthy community. 14 | 15 | ## Our Standards 16 | 17 | Examples of behavior that contributes to a positive environment for our 18 | community include: 19 | 20 | * Demonstrating empathy and kindness toward other people 21 | * Being respectful of differing opinions, viewpoints, and experiences 22 | * Giving and gracefully accepting constructive feedback 23 | * Accepting responsibility and apologizing to those affected by our mistakes, 24 | and learning from the experience 25 | * Focusing on what is best not just for us as individuals, but for the 26 | overall community 27 | 28 | Examples of unacceptable behavior include: 29 | 30 | * The use of sexualized language or imagery, and sexual attention or 31 | advances of any kind 32 | * Trolling, insulting or derogatory comments, and personal or political attacks 33 | * Public or private harassment 34 | * Publishing others' private information, such as a physical or email 35 | address, without their explicit permission 36 | * Other conduct which could reasonably be considered inappropriate in a 37 | professional setting 38 | 39 | ## Enforcement Responsibilities 40 | 41 | Community leaders are responsible for clarifying and enforcing our standards of 42 | acceptable behavior and will take appropriate and fair corrective action in 43 | response to any behavior that they deem inappropriate, threatening, offensive, 44 | or harmful. 45 | 46 | Community leaders have the right and responsibility to remove, edit, or reject 47 | comments, commits, code, wiki edits, issues, and other contributions that are 48 | not aligned to this Code of Conduct, and will communicate reasons for moderation 49 | decisions when appropriate. 50 | 51 | ## Scope 52 | 53 | This Code of Conduct applies within all community spaces, and also applies when 54 | an individual is officially representing the community in public spaces. 55 | Examples of representing our community include using an official e-mail address, 56 | posting via an official social media account, or acting as an appointed 57 | representative at an online or offline event. 58 | 59 | ## Enforcement 60 | 61 | Instances of abusive, harassing, or otherwise unacceptable behavior may be 62 | reported to the community leaders responsible for enforcement. Contact with repository owners. 63 | All complaints will be reviewed and investigated promptly and fairly. 64 | 65 | All community leaders are obligated to respect the privacy and security of the 66 | reporter of any incident. 67 | 68 | ## Enforcement Guidelines 69 | 70 | Community leaders will follow these Community Impact Guidelines in determining 71 | the consequences for any action they deem in violation of this Code of Conduct: 72 | 73 | ### 1. Correction 74 | 75 | **Community Impact**: Use of inappropriate language or other behavior deemed 76 | unprofessional or unwelcome in the community. 77 | 78 | **Consequence**: A private, written warning from community leaders, providing 79 | clarity around the nature of the violation and an explanation of why the 80 | behavior was inappropriate. A public apology may be requested. 81 | 82 | ### 2. Warning 83 | 84 | **Community Impact**: A violation through a single incident or series 85 | of actions. 86 | 87 | **Consequence**: A warning with consequences for continued behavior. No 88 | interaction with the people involved, including unsolicited interaction with 89 | those enforcing the Code of Conduct, for a specified period of time. This 90 | includes avoiding interactions in community spaces as well as external channels 91 | like social media. Violating these terms may lead to a temporary or 92 | permanent ban. 93 | 94 | ### 3. Temporary Ban 95 | 96 | **Community Impact**: A serious violation of community standards, including 97 | sustained inappropriate behavior. 98 | 99 | **Consequence**: A temporary ban from any sort of interaction or public 100 | communication with the community for a specified period of time. No public or 101 | private interaction with the people involved, including unsolicited interaction 102 | with those enforcing the Code of Conduct, is allowed during this period. 103 | Violating these terms may lead to a permanent ban. 104 | 105 | ### 4. Permanent Ban 106 | 107 | **Community Impact**: Demonstrating a pattern of violation of community 108 | standards, including sustained inappropriate behavior, harassment of an 109 | individual, or aggression toward or disparagement of classes of individuals. 110 | 111 | **Consequence**: A permanent ban from any sort of public interaction within 112 | the community. 113 | 114 | ## Attribution 115 | 116 | This Code of Conduct is adapted from the [Contributor Covenant][homepage], 117 | version 2.0, available at 118 | https://www.contributor-covenant.org/version/2/0/code_of_conduct.html. 119 | 120 | Community Impact Guidelines were inspired by [Mozilla's code of conduct 121 | enforcement ladder](https://github.com/mozilla/diversity). 122 | 123 | [homepage]: https://www.contributor-covenant.org 124 | -------------------------------------------------------------------------------- /CONTRIBUTING.md: -------------------------------------------------------------------------------- 1 | # Contributing 2 | 3 | This project is [Apache 2.0 Licenced](LICENCE.txt) and welcomes external contributions. When contributing to this repository, please first discuss the change you wish to make via an [issue](https://github.com/ocp-power-automation/ocp4-upi-powervm/issues). 4 | 5 | Please note we have a [code of conduct](CODE_OF_CONDUCT.md), please follow it in all your interactions with the project. 6 | 7 | # Issues 8 | 9 | - If you find any issue with the code or documentation please submit an [issue](https://github.com/ocp-power-automation/ocp4-upi-powervm/issues). 10 | - It is best to check out existing issues first to see if a similar one is open or has already been discussed. 11 | 12 | 13 | # Pull Request Process 14 | 15 | - To contribute code or documentation, please submit a [pull request](https://github.com/ocp-power-automation/ocp4-upi-powervm/pulls). 16 | - Always take the latest update from upstream/main before creating a pull request. 17 | - Ensure your changes work fine and have no syntax problems. Also, verify that it does not break the existing code flow. 18 | - Update the README.md or relevant documents with details of changes to the code. This includes variables change, added or updated feature, change in steps, dependencies change, etc. 19 | - Make use of proper commit message. Mention the issue# which you are planning to address eg: Fixes #38. 20 | - After creating the pull request ensure you implement all the review comments given if any. Pull request will be merged only when it has at least two approvals from the list of reviewers. 21 | - Please read [Developer Certificate of Origin](DCO1.1.txt) and sign-off your commit using command `git commit -s`. 22 | 23 | 24 | # Spec Formatting Conventions 25 | Documents in this repository will adhere to the following rules: 26 | 27 | - Lines are wrapped at 80 columns (when possible) 28 | - Use spaces to indent your code. Do not use tab character, instead can use 2/4 spaces. 29 | 30 | -------------------------------------------------------------------------------- /DCO1.1.txt: -------------------------------------------------------------------------------- 1 | Developer's Certificate of Origin 1.1 2 | 3 | By making a contribution to this project, I certify that: 4 | 5 | (a) The contribution was created in whole or in part by me and I 6 | have the right to submit it under the open source license 7 | indicated in the file; or 8 | 9 | (b) The contribution is based upon previous work that, to the best 10 | of my knowledge, is covered under an appropriate open source 11 | license and I have the right under that license to submit that 12 | work with modifications, whether created in whole or in part 13 | by me, under the same open source license (unless I am 14 | permitted to submit under a different license), as indicated 15 | in the file; or 16 | 17 | (c) The contribution was provided directly to me by some other 18 | person who certified (a), (b) or (c) and I have not modified 19 | it. 20 | 21 | (d) I understand and agree that this project and the contribution 22 | are public and that a record of the contribution (including all 23 | personal information I submit with it, including my sign-off) is 24 | maintained indefinitely and may be redistributed consistent with 25 | this project or the open source license(s) involved. 26 | 27 | -------------------------------------------------------------------------------- /LICENCE.txt: -------------------------------------------------------------------------------- 1 | Apache License 2 | Version 2.0, January 2004 3 | http://www.apache.org/licenses/ 4 | 5 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 6 | 7 | 1. Definitions. 8 | 9 | "License" shall mean the terms and conditions for use, reproduction, 10 | and distribution as defined by Sections 1 through 9 of this document. 11 | 12 | "Licensor" shall mean the copyright owner or entity authorized by 13 | the copyright owner that is granting the License. 14 | 15 | "Legal Entity" shall mean the union of the acting entity and all 16 | other entities that control, are controlled by, or are under common 17 | control with that entity. For the purposes of this definition, 18 | "control" means (i) the power, direct or indirect, to cause the 19 | direction or management of such entity, whether by contract or 20 | otherwise, or (ii) ownership of fifty percent (50%) or more of the 21 | outstanding shares, or (iii) beneficial ownership of such entity. 22 | 23 | "You" (or "Your") shall mean an individual or Legal Entity 24 | exercising permissions granted by this License. 25 | 26 | "Source" form shall mean the preferred form for making modifications, 27 | including but not limited to software source code, documentation 28 | source, and configuration files. 29 | 30 | "Object" form shall mean any form resulting from mechanical 31 | transformation or translation of a Source form, including but 32 | not limited to compiled object code, generated documentation, 33 | and conversions to other media types. 34 | 35 | "Work" shall mean the work of authorship, whether in Source or 36 | Object form, made available under the License, as indicated by a 37 | copyright notice that is included in or attached to the work 38 | (an example is provided in the Appendix below). 39 | 40 | "Derivative Works" shall mean any work, whether in Source or Object 41 | form, that is based on (or derived from) the Work and for which the 42 | editorial revisions, annotations, elaborations, or other modifications 43 | represent, as a whole, an original work of authorship. For the purposes 44 | of this License, Derivative Works shall not include works that remain 45 | separable from, or merely link (or bind by name) to the interfaces of, 46 | the Work and Derivative Works thereof. 47 | 48 | "Contribution" shall mean any work of authorship, including 49 | the original version of the Work and any modifications or additions 50 | to that Work or Derivative Works thereof, that is intentionally 51 | submitted to Licensor for inclusion in the Work by the copyright owner 52 | or by an individual or Legal Entity authorized to submit on behalf of 53 | the copyright owner. For the purposes of this definition, "submitted" 54 | means any form of electronic, verbal, or written communication sent 55 | to the Licensor or its representatives, including but not limited to 56 | communication on electronic mailing lists, source code control systems, 57 | and issue tracking systems that are managed by, or on behalf of, the 58 | Licensor for the purpose of discussing and improving the Work, but 59 | excluding communication that is conspicuously marked or otherwise 60 | designated in writing by the copyright owner as "Not a Contribution." 61 | 62 | "Contributor" shall mean Licensor and any individual or Legal Entity 63 | on behalf of whom a Contribution has been received by Licensor and 64 | subsequently incorporated within the Work. 65 | 66 | 2. Grant of Copyright License. Subject to the terms and conditions of 67 | this License, each Contributor hereby grants to You a perpetual, 68 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 69 | copyright license to reproduce, prepare Derivative Works of, 70 | publicly display, publicly perform, sublicense, and distribute the 71 | Work and such Derivative Works in Source or Object form. 72 | 73 | 3. Grant of Patent License. Subject to the terms and conditions of 74 | this License, each Contributor hereby grants to You a perpetual, 75 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 76 | (except as stated in this section) patent license to make, have made, 77 | use, offer to sell, sell, import, and otherwise transfer the Work, 78 | where such license applies only to those patent claims licensable 79 | by such Contributor that are necessarily infringed by their 80 | Contribution(s) alone or by combination of their Contribution(s) 81 | with the Work to which such Contribution(s) was submitted. If You 82 | institute patent litigation against any entity (including a 83 | cross-claim or counterclaim in a lawsuit) alleging that the Work 84 | or a Contribution incorporated within the Work constitutes direct 85 | or contributory patent infringement, then any patent licenses 86 | granted to You under this License for that Work shall terminate 87 | as of the date such litigation is filed. 88 | 89 | 4. Redistribution. You may reproduce and distribute copies of the 90 | Work or Derivative Works thereof in any medium, with or without 91 | modifications, and in Source or Object form, provided that You 92 | meet the following conditions: 93 | 94 | (a) You must give any other recipients of the Work or 95 | Derivative Works a copy of this License; and 96 | 97 | (b) You must cause any modified files to carry prominent notices 98 | stating that You changed the files; and 99 | 100 | (c) You must retain, in the Source form of any Derivative Works 101 | that You distribute, all copyright, patent, trademark, and 102 | attribution notices from the Source form of the Work, 103 | excluding those notices that do not pertain to any part of 104 | the Derivative Works; and 105 | 106 | (d) If the Work includes a "NOTICE" text file as part of its 107 | distribution, then any Derivative Works that You distribute must 108 | include a readable copy of the attribution notices contained 109 | within such NOTICE file, excluding those notices that do not 110 | pertain to any part of the Derivative Works, in at least one 111 | of the following places: within a NOTICE text file distributed 112 | as part of the Derivative Works; within the Source form or 113 | documentation, if provided along with the Derivative Works; or, 114 | within a display generated by the Derivative Works, if and 115 | wherever such third-party notices normally appear. The contents 116 | of the NOTICE file are for informational purposes only and 117 | do not modify the License. You may add Your own attribution 118 | notices within Derivative Works that You distribute, alongside 119 | or as an addendum to the NOTICE text from the Work, provided 120 | that such additional attribution notices cannot be construed 121 | as modifying the License. 122 | 123 | You may add Your own copyright statement to Your modifications and 124 | may provide additional or different license terms and conditions 125 | for use, reproduction, or distribution of Your modifications, or 126 | for any such Derivative Works as a whole, provided Your use, 127 | reproduction, and distribution of the Work otherwise complies with 128 | the conditions stated in this License. 129 | 130 | 5. Submission of Contributions. Unless You explicitly state otherwise, 131 | any Contribution intentionally submitted for inclusion in the Work 132 | by You to the Licensor shall be under the terms and conditions of 133 | this License, without any additional terms or conditions. 134 | Notwithstanding the above, nothing herein shall supersede or modify 135 | the terms of any separate license agreement you may have executed 136 | with Licensor regarding such Contributions. 137 | 138 | 6. Trademarks. This License does not grant permission to use the trade 139 | names, trademarks, service marks, or product names of the Licensor, 140 | except as required for reasonable and customary use in describing the 141 | origin of the Work and reproducing the content of the NOTICE file. 142 | 143 | 7. Disclaimer of Warranty. Unless required by applicable law or 144 | agreed to in writing, Licensor provides the Work (and each 145 | Contributor provides its Contributions) on an "AS IS" BASIS, 146 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 147 | implied, including, without limitation, any warranties or conditions 148 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A 149 | PARTICULAR PURPOSE. You are solely responsible for determining the 150 | appropriateness of using or redistributing the Work and assume any 151 | risks associated with Your exercise of permissions under this License. 152 | 153 | 8. Limitation of Liability. In no event and under no legal theory, 154 | whether in tort (including negligence), contract, or otherwise, 155 | unless required by applicable law (such as deliberate and grossly 156 | negligent acts) or agreed to in writing, shall any Contributor be 157 | liable to You for damages, including any direct, indirect, special, 158 | incidental, or consequential damages of any character arising as a 159 | result of this License or out of the use or inability to use the 160 | Work (including but not limited to damages for loss of goodwill, 161 | work stoppage, computer failure or malfunction, or any and all 162 | other commercial damages or losses), even if such Contributor 163 | has been advised of the possibility of such damages. 164 | 165 | 9. Accepting Warranty or Additional Liability. While redistributing 166 | the Work or Derivative Works thereof, You may choose to offer, 167 | and charge a fee for, acceptance of support, warranty, indemnity, 168 | or other liability obligations and/or rights consistent with this 169 | License. However, in accepting such obligations, You may act only 170 | on Your own behalf and on Your sole responsibility, not on behalf 171 | of any other Contributor, and only if You agree to indemnify, 172 | defend, and hold each Contributor harmless for any liability 173 | incurred by, or claims asserted against, such Contributor by reason 174 | of your accepting any such warranty or additional liability. 175 | 176 | END OF TERMS AND CONDITIONS 177 | 178 | APPENDIX: How to apply the Apache License to your work. 179 | 180 | To apply the Apache License to your work, attach the following 181 | boilerplate notice, with the fields enclosed by brackets "[]" 182 | replaced with your own identifying information. (Don't include 183 | the brackets!) The text should be enclosed in the appropriate 184 | comment syntax for the file format. We also recommend that a 185 | file or class name and description of purpose be included on the 186 | same "printed page" as the copyright notice for easier 187 | identification within third-party archives. 188 | 189 | Copyright [yyyy] [name of copyright owner] 190 | 191 | Licensed under the Apache License, Version 2.0 (the "License"); 192 | you may not use this file except in compliance with the License. 193 | You may obtain a copy of the License at 194 | 195 | http://www.apache.org/licenses/LICENSE-2.0 196 | 197 | Unless required by applicable law or agreed to in writing, software 198 | distributed under the License is distributed on an "AS IS" BASIS, 199 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 200 | See the License for the specific language governing permissions and 201 | limitations under the License. 202 | -------------------------------------------------------------------------------- /OWNERS: -------------------------------------------------------------------------------- 1 | reviewers: 2 | - Prajyot-Parab 3 | - sudeeshjohn 4 | - yussufsh 5 | - aishwaryabk 6 | - pravin-dsilva 7 | - cs-zhang 8 | - sajauddin 9 | approvers: 10 | - cs-zhang 11 | - yussufsh 12 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # **Table of Contents** 2 | 3 | - [Table of Contents](#table-of-contents) 4 | - [Introduction](#introduction) 5 | - [Automation Host Prerequisites](#automation-host-prerequisites) 6 | - [PowerVC Prerequisites](#powervc-prerequisites) 7 | - [OCP Install](#ocp-install) 8 | - [Contributing](#contributing) 9 | 10 | 11 | # Introduction 12 | The `ocp4-upi-powervm` [project](https://github.com/ocp-power-automation/ocp4-upi-powervm) provides Terraform based automation code to help the deployment of OpenShift Container Platform (OCP) 4.x on PowerVM systems managed by PowerVC. 13 | 14 | If you are using standalone PowerVM please take a look at the [following quickstart guide](https://github.com/RedHatOfficial/ocp4-helpernode/blob/devel/docs/quickstart-powervm.md) 15 | which uses the [ansible playbook](https://github.com/RedHatOfficial/ocp4-helpernode) to setup a helper node (bastion) for OCP deployment. 16 | 17 | This project also leverages the same ansible playbook internally for OCP deployment on PowerVM LPARs managed via PowerVC. 18 | 19 | !!! Note 20 | For bugs/enhancement requests etc. please open a GitHub [issue](https://github.com/ocp-power-automation/ocp4-upi-powervm/issues) 21 | 22 | !!! Note 23 | **Use the [main](https://github.com/ocp-power-automation/ocp4-upi-powervm/tree/main) branch to install any versions of OCP starting from 4.6, including pre-release versions. 24 | 25 | # Automation Host Prerequisites 26 | 27 | The automation needs to run from a system with internet access. This could be your laptop or a VM with public internet connectivity. This automation code has been tested on the following 64-bit Operating Systems: 28 | - Mac OSX (Darwin) 29 | - Linux (x86_64/ppc64le) 30 | - Windows 10 31 | 32 | Follow the [guide](docs/automation_host_prereqs.md) to complete the prerequisites. 33 | 34 | 35 | # PowerVC Prerequisites 36 | 37 | Follow the [guide](docs/ocp_prereqs_powervc.md) to complete the PowerVC prerequisites. 38 | 39 | # OCP Install 40 | 41 | Follow the [quickstart](docs/quickstart.md) guide for OCP installation on PowerVM LPARs managed via PowerVC 42 | 43 | # Contributing 44 | Please see the [contributing doc](CONTRIBUTING.md) for more details. 45 | PRs are most welcome !! 46 | -------------------------------------------------------------------------------- /data/.gitignore: -------------------------------------------------------------------------------- 1 | # Ignore everything in this directory 2 | * 3 | # Except this file 4 | !.gitignore 5 | -------------------------------------------------------------------------------- /docs/automation_host_prereqs.md: -------------------------------------------------------------------------------- 1 | # Automation Host Prerequisites 2 | - [Automation Host Prerequisites](#automation-host-prerequisites) 3 | - [Configure Your Firewall](#configure-your-firewall) 4 | - [Automation Host Setup](#automation-host-setup) 5 | - [Terraform](#terraform) 6 | - [Git](#git) 7 | 8 | 9 | ## Configure Your Firewall 10 | If your system is behind a firewall, you will need to ensure the following ports are open in order to use ssh, http, and https: 11 | - 22, 443, 80 12 | 13 | These additional ports are required for the ocp cli (`oc`) post-install: 14 | - 6443 15 | 16 | ## Automation Host Setup 17 | 18 | Install the following packages on the automation host. Select the appropriate install binaries based on your automation host platform - Mac/Linux/Windows. 19 | 20 | ### Terraform 21 | 22 | **Terraform**: Please open the [link](https://www.terraform.io/downloads) for downloading the latest Terraform. For validating the version run `terraform version` command after install. Terraform version 1.2.0 and above is required. 23 | 24 | Install Terraform and providers for Power environment: 25 | 1. Download and install the latest Terraform binary for Linux/ppc64le from https://github.com/ppc64le-development/terraform-ppc64le/releases. 26 | 2. Download the required Terraform providers for Power into your TF project directory: 27 | ``` 28 | $ cd 29 | $ mkdir -p ./providers 30 | $ curl -fsSL https://github.com/ocp-power-automation/terraform-providers-power/releases/download/v0.11/archive.zip -o archive.zip 31 | $ unzip -o ./archive.zip -d ./providers 32 | $ rm -f ./archive.zip 33 | ``` 34 | 3. Initialize Terraform at your TF project directory: 35 | ``` 36 | $ terraform init --plugin-dir ./providers 37 | ``` 38 | 39 | ### Git 40 | 41 | **Git**: Please refer to the [link](https://git-scm.com/book/en/v2/Getting-Started-Installing-Git) for instructions on installing Git. 42 | -------------------------------------------------------------------------------- /docs/ocp4-manual-deployment-dhcp.md: -------------------------------------------------------------------------------- 1 | ## **Create Master/Worker/Bootstrap Nodes** 2 | 3 | Create the below PowerVM LPARS with empty disk volume attached (refer the documentation [link](https://docs.openshift.com/container-platform/4.3/installing/installing_ibm_power/installing-ibm-power.html#minimum-resource-requirements_installing-ibm-power) for resource requirements) and note the MAC ID for each of the LPARs. 4 | 5 | - bootstrap - 1 6 | - master - 3 7 | - worker - 2 8 | 9 | ## **Create and Setup Bastion Node** 10 | 11 | - Create RHEL 8.1 LPAR 12 | - Login to the RHEL 8.1 LPAR and clone the OCP4 [helpernode](https://github.com/RedHatOfficial/ocp4-helpernode) repo 13 | - Use the following vars.yaml as a template and change the IP, network and related details according to your environment. 14 | ``` 15 | --- 16 | disk: sda 17 | helper: 18 | name: "helper" 19 | ipaddr: "192.168.7.77" 20 | dns: 21 | domain: "example.com" 22 | clusterid: "ocp4" 23 | forwarder1: "8.8.8.8" 24 | forwarder2: "8.8.4.4" 25 | dhcp: 26 | router: "192.168.7.1" 27 | bcast: "192.168.7.255" 28 | netmask: "255.255.255.0" 29 | poolstart: "192.168.7.10" 30 | poolend: "192.168.7.30" 31 | ipid: "192.168.7.0" 32 | netmaskid: "255.255.255.0" 33 | bootstrap: 34 | name: "bootstrap" 35 | ipaddr: "192.168.7.20" 36 | macaddr: "52:54:00:60:72:67" 37 | masters: 38 | - name: "master0" 39 | ipaddr: "192.168.7.21" 40 | macaddr: "52:54:00:e7:9d:67" 41 | - name: "master1" 42 | ipaddr: "192.168.7.22" 43 | macaddr: "52:54:00:80:16:23" 44 | - name: "master2" 45 | ipaddr: "192.168.7.23" 46 | macaddr: "52:54:00:d5:1c:39" 47 | workers: 48 | - name: "worker0" 49 | ipaddr: "192.168.7.11" 50 | macaddr: "52:54:00:f4:26:a1" 51 | - name: "worker1" 52 | ipaddr: "192.168.7.12" 53 | macaddr: "52:54:00:82:90:00" 54 | 55 | ppc64le: true 56 | ocp_bios: "https://mirror.openshift.com/pub/openshift-v4/ppc64le/dependencies/rhcos/4.4/latest/rhcos-4.4.9-ppc64le-metal.ppc64le.raw.gz" 57 | ocp_initramfs: "https://mirror.openshift.com/pub/openshift-v4/ppc64le/dependencies/rhcos/4.4/latest/rhcos-4.4.9-ppc64le-installer-initramfs.ppc64le.img" 58 | ocp_install_kernel: "https://mirror.openshift.com/pub/openshift-v4/ppc64le/dependencies/rhcos/4.4/latest/rhcos-4.4.9-ppc64le-installer-kernel-ppc64le" 59 | ocp_client: "https://mirror.openshift.com/pub/openshift-v4/ppc64le/clients/ocp/stable-4.4/openshift-client-linux.tar.gz" 60 | ocp_installer: "https://mirror.openshift.com/pub/openshift-v4/ppc64le/clients/ocp/stable-4.4/openshift-install-linux.tar.gz" 61 | ``` 62 | - Run the playbook 63 | ``` 64 | ansible-playbook -e @vars.yaml tasks/main.yml 65 | ``` 66 | 67 | - Create ignition configs 68 | ``` 69 | mkdir ~/ocp4 70 | cd ~/ocp4 71 | ``` 72 | 73 | Create a place to store your pull-secret 74 | ``` 75 | mkdir -p ~/.openshift 76 | ``` 77 | Visit try.openshift.com and select "Bare Metal". Download your pull secret and save it under ~/.openshift/pull-secret 78 | ``` 79 | # ls -1 ~/.openshift/pull-secret 80 | /root/.openshift/pull-secret 81 | ``` 82 | This playbook creates an ssh key for you; it's under `~/.ssh/helper_rsa`. You can use this key or create/user another one if you wish. 83 | ``` 84 | # ls -1 ~/.ssh/helper_rsa 85 | /root/.ssh/helper_rsa 86 | ``` 87 | **Note** - If you want you use your own ssh key, please modify `~/.ssh/config` to reference your key instead of the one deployed by the playbook 88 | 89 | Next, create an `install-config.yaml` file. 90 | 91 | **Note** - Make sure you update if your filenames or paths are different. 92 | ``` 93 | cat < install-config.yaml 94 | apiVersion: v1 95 | baseDomain: example.com 96 | compute: 97 | - hyperthreading: Enabled 98 | name: worker 99 | replicas: 0 100 | controlPlane: 101 | hyperthreading: Enabled 102 | name: master 103 | replicas: 3 104 | metadata: 105 | name: ocp4 106 | networking: 107 | clusterNetworks: 108 | - cidr: 10.254.0.0/16 109 | hostPrefix: 24 110 | networkType: OpenShiftSDN 111 | serviceNetwork: 112 | - 172.30.0.0/16 113 | platform: 114 | none: {} 115 | pullSecret: '$(< ~/.openshift/pull-secret)' 116 | sshKey: '$(< ~/.ssh/helper_rsa.pub)' 117 | EOF 118 | ``` 119 | Create the installation manifests 120 | ``` 121 | openshift-install create manifests 122 | ``` 123 | Edit the `manifests/cluster-scheduler-02-config.yml` Kubernetes manifest file to prevent Pods from being scheduled on the control plane machines by setting `mastersSchedulable` to `false`. 124 | ``` 125 | $ sed -i 's/mastersSchedulable: true/mastersSchedulable: false/g' manifests/cluster-scheduler-02-config.yml 126 | ``` 127 | It should look something like this after you edit it. 128 | ``` 129 | $ cat manifests/cluster-scheduler-02-config.yml 130 | apiVersion: config.openshift.io/v1 131 | kind: Scheduler 132 | metadata: 133 | creationTimestamp: null 134 | name: cluster 135 | spec: 136 | mastersSchedulable: false 137 | policy: 138 | name: "" 139 | status: {} 140 | ``` 141 | Next, generate the ignition configs 142 | ``` 143 | openshift-install create ignition-configs 144 | ``` 145 | Finally, copy the ignition files in the ignition directory for the websever 146 | ``` 147 | cp ~/ocp4/*.ign /var/www/html/ignition/ 148 | restorecon -vR /var/www/html/ 149 | chmod o+r /var/www/html/ignition/*.ign 150 | ``` 151 | 152 | ## **Boot the LPARs** 153 | Boot the LPARs in the following order and ensure the LPARs perform DHCP boot 154 | 155 | 1. Bootstrap 156 | 2. Masters 157 | 3. Workers 158 | 159 | ## **Wait for Install** 160 | 161 | ``` 162 | openshift-install wait-for bootstrap-complete --log-level debug 163 | ``` 164 | 165 | ## **Finish Install** 166 | First, login to your cluster 167 | ``` 168 | export KUBECONFIG=/root/ocp4/auth/kubeconfig 169 | ``` 170 | Your install may be waiting for worker nodes to get approved. 171 | Normally it's automated. However, sometimes this needs to be done manually. Check pending CSRs with the following command. 172 | ``` 173 | oc get csr 174 | ``` 175 | You can approve all pending CSRs in "one shot" with the following command 176 | ``` 177 | oc get csr -o go-template='{{range .items}}{{if not .status}}{{.metadata.name}}{{"\n"}}{{end}}{{end}}' | xargs oc adm certificate approve 178 | ``` 179 | 180 | You may have to run the command multiple times depending on how many workers you have and in what order they come in. Keep a watch on the CSRs by running the following command 181 | ``` 182 | watch oc get csr 183 | ``` 184 | 185 | Set the registry for your cluster 186 | 187 | First, you have to set the `managementState` to `Managed` for your cluster 188 | ``` 189 | oc patch configs.imageregistry.operator.openshift.io cluster --type merge --patch '{"spec":{"managementState":"Managed"}}' 190 | ``` 191 | For PoCs, using emptyDir is ok (to use PVs follow this doc) 192 | ``` 193 | oc patch configs.imageregistry.operator.openshift.io cluster --type merge --patch '{"spec":{"storage":{"emptyDir":{}}}}' 194 | ``` 195 | If you need to expose the registry, run this command 196 | ``` 197 | oc patch configs.imageregistry.operator.openshift.io/cluster --type merge -p '{"spec":{"defaultRoute":true}}' 198 | ``` 199 | **Note** - You can watch the operators running with ```oc get clusteroperators``` 200 | 201 | 202 | ## **Login to the web console** 203 | The OpenShift 4 web console will be running at `https://console-openshift-console.apps.{{ dns.clusterid }}.{{ dns.domain }} (e.g. https://console-openshift-console.apps.ocp4.example.com)` 204 | 205 | - Username: kubeadmin 206 | - Password: the output of `cat /root/ocp4/auth/kubeadmin-password` 207 | 208 | **Note** - You'll need to update your `/etc/hosts` settings if using private dhcp server running on the bastion node 209 | 210 | References: 211 | - [Quickstart Guide](https://github.com/RedHatOfficial/ocp4-helpernode/blob/master/docs/quickstart.md) 212 | - [Power QuickStart Guide](https://github.com/RedHatOfficial/ocp4-helpernode/blob/master/docs/quickstart-ppc64le.md) 213 | 214 | -------------------------------------------------------------------------------- /docs/ocp_prereqs_powervc.md: -------------------------------------------------------------------------------- 1 | # **PowerVC Prerequisites** 2 | 3 | ## RHCOS and RHEL 8.X Images for OpenShift 4 | You'll need to create RedHat CoreOS (RHCOS) and RHEL 8.2 (or later) image in PowerVC. RHEL 8.x image is used by bastion node, and RHCOS image is used for boostrap, master and worker nodes. 5 | 6 | 7 | For RHCOS image creation, follow the steps mentioned 8 | in the following [doc](./rhcos-image-creation.md). 9 | 10 | For RHEL image creation follow the steps mentioned in the following [doc](https://www.ibm.com/docs/en/powervc/2.0.3?topic=working-images 11 | ) , you may either create a new image from ISO, or use a similar method like CoreOS with a qcow2 image. 12 | 13 | 14 | ## Compute Templates 15 | 16 | You'll need to create [compute templates](https://www.ibm.com/support/knowledgecenter/en/SSXK2N_1.4.4/com.ibm.powervc.standard.help.doc/powervc_compute_template_hmc.html 17 | ) for bastion, bootstrap, master and worker nodes. 18 | 19 | Following are the recommended LPAR configs that you can use when creating the compute templates for different type of nodes 20 | 21 | - Bootstrap - 2 vCPUs, 16GB RAM, 120 GB Disk. 22 | 23 | - Master - 2 vCPUs, 32GB RAM, 120 GB Disk. 24 | 25 | PowerVM LPARs by default uses SMT=8. So with 2vCPUs, the number of logical CPUs as seen by the Operating System will be **16** (`2 vCPUs x 8 SMT`) 26 | 27 | **_This config is suitable for majority of the scenarios_** 28 | 29 | - Worker - 2 vCPUs, 32GB RAM, 120 GB Disk 30 | 31 | **_Increase worker vCPUs, RAM and Disk based on application requirements_** 32 | 33 | - Bastion - 2vCPUs, 16GB RAM, 200 GB Disk 34 | 35 | **_Increase bastion vCPUs, RAM and Disk based on application requirements_** 36 | -------------------------------------------------------------------------------- /docs/quickstart.md: -------------------------------------------------------------------------------- 1 | # Installation Quickstart 2 | 3 | - [Installation Quickstart](#installation-quickstart) 4 | - [Download the Automation Code](#download-the-automation-code) 5 | - [Setup Terraform Variables](#setup-terraform-variables) 6 | - [Start Install](#start-install) 7 | - [Post Install](#post-install) 8 | - [Delete Bootstrap Node](#delete-bootstrap-node) 9 | - [Create API and Ingress DNS Records](#create-api-and-ingress-dns-records) 10 | - [Cluster Access](#cluster-access) 11 | - [Using CLI](#using-cli) 12 | - [Using Web UI](#using-web-ui) 13 | - [Clean up](#clean-up) 14 | 15 | 16 | ## Download the Automation Code 17 | 18 | You'll need to use git to clone the deployment code when working off the main branch 19 | ``` 20 | $ git clone https://github.com/ocp-power-automation/ocp4-upi-powervm.git 21 | $ cd ocp4_upi_powervm 22 | ``` 23 | 24 | All further instructions assumes you are in the code directory eg. `ocp4-upi-powervm` 25 | 26 | ## Setup Terraform Variables 27 | 28 | Update the [var.tfvars](../var.tfvars) based on your environment. Description of the variables are available in [var.tfvars-doc](./var.tfvars-doc.md). 29 | You can use environment variables for sensitive data that should not be saved to disk. 30 | 31 | ``` 32 | $ set +o history 33 | $ export POWERVC_USERNAME=xxxxxxxxxxxxxxx 34 | $ export POWERVC_PASSWORD=xxxxxxxxxxxxxxx 35 | $ export RHEL_SUBS_USERNAME=xxxxxxxxxxxxxxx 36 | $ export RHEL_SUBS_PASSWORD=xxxxxxxxxxxxxxx 37 | $ set -o history 38 | ``` 39 | 40 | ## Start Install 41 | 42 | Run the following commands from within the directory. 43 | 44 | ``` 45 | $ terraform init 46 | $ terraform apply -var-file var.tfvars 47 | ``` 48 | If using environment variables for sensitive data, then do the following, instead. 49 | ``` 50 | $ terraform init 51 | $ terraform apply -var-file var.tfvars -var user_name="$POWERVC_USERNAME" -var password="$POWERVC_PASSWORD" -var rhel_subscription_username="$RHEL_SUBS_USERNAME" -var rhel_subscription_password="$RHEL_SUBS_PASSWORD" 52 | 53 | ``` 54 | Now wait for the installation to complete. It may take around 40 mins to complete provisioning. 55 | 56 | On successful install cluster details will be printed as shown below. 57 | ``` 58 | bastion_private_ip = 192.168.25.171 59 | bastion_public_ip = 16.20.34.5 60 | bastion_ssh_command = ssh -i data/id_rsa root@16.20.34.5 61 | bootstrap_ip = 192.168.25.182 62 | cluster_authentication_details = Cluster authentication details are available in 16.20.34.5 under ~/openstack-upi/auth 63 | cluster_id = test-cluster-9a4f 64 | etc_hosts_entries = 65 | 16.20.34.5 api.test-cluster-9a4f.mydomain.com console-openshift-console.apps.test-cluster-9a4f.mydomain.com integrated-oauth-server-openshift-authentication.apps.test-cluster-9a4f.mydomain.com oauth-openshift.apps.test-cluster-9a4f.mydomain.com prometheus-k8s-openshift-monitoring.apps.test-cluster-9a4f.mydomain.com grafana-openshift-monitoring.apps.test-cluster-9a4f.mydomain.com example.apps.test-cluster-9a4f.mydomain.com 66 | 67 | install_status = COMPLETED 68 | master_ips = [ 69 | "192.168.25.147", 70 | "192.168.25.176", 71 | ] 72 | oc_server_url = https://test-cluster-9a4f.mydomain.com:6443 73 | storageclass_name = nfs-storage-provisioner 74 | web_console_url = https://console-openshift-console.apps.test-cluster-9a4f.mydomain.com 75 | worker_ips = [ 76 | "192.168.25.220", 77 | "192.168.25.134", 78 | ] 79 | 80 | ``` 81 | 82 | When using wildcard domain like nip.io or xip.io then `etc_host_entries` is empty 83 | 84 | ``` 85 | bastion_private_ip = 192.168.25.171 86 | bastion_public_ip = 16.20.34.5 87 | bastion_ssh_command = ssh -i data/id_rsa root@16.20.34.5 88 | bootstrap_ip = 192.168.25.182 89 | cluster_authentication_details = Cluster authentication details are available in 16.20.34.5 under ~/openstack-upi/auth 90 | cluster_id = test-cluster-9a4f 91 | etc_hosts_entries = 92 | install_status = COMPLETED 93 | master_ips = [ 94 | "192.168.25.147", 95 | "192.168.25.176", 96 | ] 97 | oc_server_url = https://test-cluster-9a4f.16.20.34.5.nip.io:6443 98 | storageclass_name = nfs-storage-provisioner 99 | web_console_url = https://console-openshift-console.apps.test-cluster-9a4f.16.20.34.5.nip.io 100 | worker_ips = [ 101 | "192.168.25.220", 102 | "192.168.25.134", 103 | ] 104 | 105 | ``` 106 | These details can be retrieved anytime by running the following command from the root folder of the code 107 | ``` 108 | $ terraform output 109 | ``` 110 | 111 | In case of any errors, you'll have to re-apply. Please refer to [known issues](./known_issues.md) to get more details on potential issues and workarounds. 112 | 113 | ## Post Install 114 | 115 | 116 | #### Delete Bootstrap Node 117 | 118 | Once the deployment is completed successfully, you can safely delete the bootstrap node. This step is optional but recommended so as to free up the resources used. 119 | 120 | 1. Change the `count` value to 0 in `bootstrap` map variable and re-run the apply command. Eg: `bootstrap = {instance_type = "medium", image_id = "468863e6-4b33-4e8b-b2c5-c9ef9e6eedf4", "count" = 0}` 121 | 122 | 2. Run command `terraform apply -var-file var.tfvars` 123 | 124 | 125 | #### Create API and Ingress DNS Records 126 | 127 | Please skip this section if your `cluster_domain` is one of the online wildcard DNS domains: nip.io, xip.io and sslip.io. 128 | 129 | For all other domains, you can use one of the following options. 130 | 131 | 1. **Add entries to your DNS server** 132 | 133 | The general format is shown below: 134 | ``` 135 | api.. IN A 136 | *.apps.. IN A 137 | ``` 138 | You'll need `bastion_public_ip` and `cluster_id`. This is printed at the end of a successful install. Or you can retrieve it anytime by running `terraform output` from the install directory. 139 | For example, if `bastion_public_ip = 16.20.34.5` and `cluster_id = test-cluster-9a4f` then the following DNS records will need to be added. 140 | ``` 141 | api.test-cluster-9a4f. IN A 16.20.34.5 142 | *.apps.test-cluster-9a4f. IN A 16.20.34.5 143 | ``` 144 | 145 | 2. **Add entries to your client system `hosts` file** 146 | 147 | For Linux and Mac `hosts` file is located at `/etc/hosts` and for Windows it's located at `c:\Windows\System32\Drivers\etc\hosts`. 148 | 149 | The general format is shown below: 150 | ``` 151 | api. 152 | console-openshift-console.apps. 153 | integrated-oauth-server-openshift-authentication.apps. 154 | oauth-openshift.apps. 155 | prometheus-k8s-openshift-monitoring.apps. 156 | grafana-openshift-monitoring.apps. 157 | .apps. 158 | ``` 159 | 160 | You'll need `etc_host_entries`. This is printed at the end of a successful install. 161 | Alternatively you can retrieve it anytime by running `terraform output` from the install directory. 162 | 163 | As an example, for the following `etc_hosts_entries` 164 | ``` 165 | etc_hosts_entries = 166 | 16.20.34.5 api.test-cluster-9a4f.mydomain.com console-openshift-console.apps.test-cluster-9a4f.mydomain.com integrated-oauth-server-openshift-authentication.apps.test-cluster-9a4f.mydomain.com oauth-openshift.apps.test-cluster-9a4f.mydomain.com prometheus-k8s-openshift-monitoring.apps.test-cluster-9a4f.mydomain.com grafana-openshift-monitoring.apps.test-cluster-9a4f.mydomain.com example.apps.test-cluster-9a4f.mydomain.com 167 | ``` 168 | just add the following entry to the `hosts` file 169 | ``` 170 | [existing entries in hosts file] 171 | 172 | 16.20.34.5 api.test-cluster-9a4f.mydomain.com console-openshift-console.apps.test-cluster-9a4f.mydomain.com integrated-oauth-server-openshift-authentication.apps.test-cluster-9a4f.mydomain.com oauth-openshift.apps.test-cluster-9a4f.mydomain.com prometheus-k8s-openshift-monitoring.apps.test-cluster-9a4f.mydomain.com grafana-openshift-monitoring.apps.test-cluster-9a4f.mydomain.com example.apps.test-cluster-9a4f.mydomain.com 173 | ``` 174 | 175 | ## Cluster Access 176 | 177 | OpenShift login credentials are in the bastion host and the location will be printed at the end of a successful install. 178 | Alternatively you can retrieve it anytime by running `terraform output` from the install directory. 179 | ``` 180 | [...] 181 | bastion_public_ip = 16.20.34.5 182 | bastion_ssh_command = ssh -i data/id_rsa root@16.20.34.5 183 | cluster_authentication_details = Cluster authentication details are available in 16.20.34.5 under ~/openstack-upi/auth 184 | [...] 185 | ``` 186 | There are two files under `~/openstack-upi/auth` 187 | - **kubeconfig**: can be used for CLI access 188 | - **kubeadmin-password**: Password for `kubeadmin` user which can be used for CLI, UI access 189 | 190 | >**Note**: Ensure you securely store the OpenShift cluster access credentials. If desired delete the access details from the bastion node after securely storing the same. 191 | 192 | You can copy the access details to your local system 193 | ``` 194 | $ scp -r -i data/id_rsa root@158.175.161.118:~/openstack-upi/auth/\* . 195 | ``` 196 | 197 | ### Using CLI 198 | 199 | OpenShift CLI `oc` can be downloaded from the following links. Use the one specific to your client system architecture. 200 | 201 | For latest stable: 202 | 203 | - [Mac OSX](https://mirror.openshift.com/pub/openshift-v4/x86_64/clients/ocp/stable/openshift-client-mac.tar.gz) 204 | - [Linux (x86_64)](https://mirror.openshift.com/pub/openshift-v4/x86_64/clients/ocp/stable/openshift-client-linux.tar.gz) 205 | - [Linux (ppc64le)](https://mirror.openshift.com/pub/openshift-v4/ppc64le/clients/ocp/stable/openshift-client-linux.tar.gz) 206 | - [Windows](https://mirror.openshift.com/pub/openshift-v4/x86_64/clients/ocp/stable/openshift-client-windows.zip) 207 | 208 | For pre-release: 209 | 210 | - [Mac OSX](https://mirror.openshift.com/pub/openshift-v4/x86_64/clients/ocp-dev-preview/pre-release/openshift-client-mac.tar.gz) 211 | - [Linux (x86_64)](https://mirror.openshift.com/pub/openshift-v4/x86_64/clients/ocp-dev-preview/pre-release/openshift-client-linux.tar.gz) 212 | - [Linux (ppc64le)](https://mirror.openshift.com/pub/openshift-v4/ppc64le/clients/ocp-dev-preview/pre-release/openshift-client-linux.tar.gz) 213 | - [Windows](https://mirror.openshift.com/pub/openshift-v4/x86_64/clients/ocp-dev-preview/pre-release/openshift-client-windows.zip) 214 | 215 | 216 | Download the specific file, extract it and place the binary in a directory that is on your `PATH` 217 | For more details check the following [link](https://docs.openshift.com/container-platform/latest/cli_reference/openshift_cli/getting-started-cli.html) 218 | 219 | The CLI login URL `oc_server_url` will be printed at the end of successful install. 220 | Alternatively you can retrieve it anytime by running `terraform output` from the install directory. 221 | ``` 222 | [...] 223 | oc_server_url = https://test-cluster-9a4f.mydomain.com:6443 224 | [...] 225 | ``` 226 | In order to login the cluster you can use the `oc login -u kubeadmin -p ` 227 | Example: 228 | ``` 229 | $ oc login https://test-cluster-9a4f.mydomain.com:6443 -u kubeadmin -p $(cat kubeadmin-password) 230 | ``` 231 | 232 | You can also use the `kubeconfig` file 233 | ``` 234 | $ export KUBECONFIG=$(pwd)/kubeconfig 235 | $ oc cluster-info 236 | Kubernetes master is running at https://test-cluster-9a4f.mydomain.com:6443 237 | 238 | To further debug and diagnose cluster problems, use 'kubectl cluster-info dump' 239 | 240 | $ oc get nodes 241 | NAME STATUS ROLES AGE VERSION 242 | master-0 Ready master 13h v1.18.3+b74c5ed 243 | master-1 Ready master 13h v1.18.3+b74c5ed 244 | master-2 Ready master 13h v1.18.3+b74c5ed 245 | worker-0 Ready worker 13h v1.18.3+b74c5ed 246 | worker-1 Ready worker 13h v1.18.3+b74c5ed 247 | ``` 248 | 249 | >**Note:** The OpenShift command-line client `oc` is already configured on the bastion node with kubeconfig placed at `~/.kube/config`. 250 | 251 | ### Using Web UI 252 | 253 | The web console URL will be printed at the end of a successful install. 254 | Alternatively you can retrieve it anytime by running `terraform output` from the install directory. 255 | ``` 256 | [...] 257 | web_console_url = https://console-openshift-console.apps.test-cluster-9a4f.mydomain.com 258 | [...] 259 | ``` 260 | 261 | Open this URL in your browser and login with user `kubeadmin` and password mentioned in the `kubeadmin-password` file. 262 | 263 | 264 | ## Clean up 265 | 266 | To destroy after you are done using the cluster you can run command `terraform destroy -var-file var.tfvars` to make sure that all resources are properly cleaned up. 267 | Do not manually clean up your environment unless both of the following are true: 268 | 269 | 1. You know what you are doing 270 | 2. Something went wrong with an automated deletion. 271 | -------------------------------------------------------------------------------- /docs/rhcos-image-creation.md: -------------------------------------------------------------------------------- 1 | - [Introduction](#introduction) 2 | - [Option-1](#option-1) 3 | - [Option-2](#option-2) 4 | 5 | # Introduction 6 | Depending on your environment you can follow one of the options to create RHCOS (CoreOS) image in PowerVC 7 | 8 | ## Option-1 9 | 10 | 1. Download the RHCOS image from [latest stable](https://mirror.openshift.com/pub/openshift-v4/ppc64le/dependencies/rhcos/latest/rhcos-openstack.ppc64le.qcow2.gz) OR [pre-release](https://mirror.openshift.com/pub/openshift-v4/ppc64le/dependencies/rhcos/pre-release/latest/rhcos-openstack.ppc64le.qcow2.gz) on a system with public internet access. 11 | You'll need a way to transfer this image to a RHEL VM that you'll create in the next step. 12 | 2. Login to PowerVC and create a RHEL 8.x VM having an additional empty volume with minimum size of 120G. **Please make a note of the new volume name**. 13 | 3. Login to the VM and execute the following steps 14 | 1. Install `wget`, `qemu-img`, `parted` and `gzip` packages 15 | 2. Transfer the downloaded RHCOS image to this VM 16 | 3. Extract the image 17 | ``` 18 | $ gunzip rhcos-openstack.ppc64le.qcow2.gz 19 | ``` 20 | 4. Convert the CoreOS qcow2 image to raw image 21 | ``` 22 | $ qemu-img convert -f qcow2 -O raw rhcos-openstack.ppc64le.qcow2 rhcos-latest.raw 23 | ``` 24 | 5. Identify the disk device representing the additional empty volume attached to the VM 25 | ``` 26 | $ disk_device_list=$(sudo parted -l 2>&1 | grep -E -v "$readonly" | grep -E -i "ERROR:" |cut -f2 -d: | grep -v "Can't" | xargs -i echo "Disk.{}:|" | xargs echo | tr -d ' ' | rev | cut -c2- | rev) 27 | $ empty_disk_device=$(sudo fdisk -l | grep -E "$disk_list" | sort -k5nr | head -n 1 | tail -n1 | cut -f1 -d: | cut -f2 -d' ') 28 | $ echo "$empty_disk_device"' 29 | ``` 30 | 6. Dump the raw image to the newly added disk 31 | ``` 32 | $ dd if=rhcos-latest.raw of=${empty_disk_device} bs=4M 33 | ``` 34 | where `${empty_disk_device}` is the device representing the attached volume 35 | 36 | 4. Detach the volume, from the VM 37 | 38 | 5. Go to PowerVC UI->images and select **create** for creating a new image 39 | 40 | 6. Specify `image name` and choose `PowerVM` for Hypervisor type, `RHEL` for Operating system and `littleEndian` for Endianness 41 | 42 | 7. Select **Add Volume** and search for the specific volume name (where you dd-ed the RHCOS image ) and set **Boot set** to yes. 43 | 44 | 8. Create the image by clicking on **create** 45 | 46 | ## Option-2 47 | 48 | Creating and importing RHCOS OVA image 49 | 50 | 1. Download the RHCOS image from [latest stable](https://mirror.openshift.com/pub/openshift-v4/ppc64le/dependencies/rhcos/latest/rhcos-openstack.ppc64le.qcow2.gz) OR [pre-release](https://mirror.openshift.com/pub/openshift-v4/ppc64le/dependencies/rhcos/pre-release/latest/rhcos-openstack.ppc64le.qcow2.gz) on a system with public internet access. 51 | You'll need a way to transfer this image to a RHEL VM that you'll create in the next step. 52 | 2. Login to PowerVC and create a RHEL 8.x VM 53 | 3. Use the script [convert_qcow2_ova.py](https://github.com/ocp-power-automation/infra/blob/master/scripts/images/convert_qcow2_ova.py) and 54 | convert the RHCOS qcow2 image to an OVA formatted image. 55 | 4. Follow the steps mentioned in [PowerVC docs](https://www.ibm.com/support/knowledgecenter/SSVSPA_1.4.4/com.ibm.powervc.cloud.help.doc/powervc_import_image_cloud.html) to 56 | import the OVA image. 57 | -------------------------------------------------------------------------------- /docs/var.tfvars-doc.md: -------------------------------------------------------------------------------- 1 | # How to use var.tfvars 2 | 3 | - [How to use var.tfvars](#how-to-use-vartfvars) 4 | - [Introduction](#introduction) 5 | - [PowerVC Details](#powervc-details) 6 | - [OpenShift Cluster Details](#openshift-cluster-details) 7 | - [OpenShift Installation Details](#openshift-installation-details) 8 | - [Misc Customizations](#misc-customizations) 9 | 10 | 11 | ## Introduction 12 | 13 | This guide gives an overview of the various terraform variables that are used for the deployment. 14 | The default values are set in [variables.tf](../variables.tf) 15 | 16 | ### PowerVC Details 17 | 18 | These set of variables specify the PowerVC details. 19 | 20 | ``` 21 | auth_url = ":5000/v3/>" 22 | user_name = "" 23 | password = "" 24 | tenant_name = "" 25 | domain_name = "Default" 26 | ``` 27 | 28 | This variable specifies the network that will be used by the VMs 29 | ``` 30 | network_name = "" 31 | ``` 32 | 33 | This variable specifies the availability zone (PowerVC Host Group) in which to create the VMs. Leave it empty to use the "default" availability zone. 34 | ``` 35 | openstack_availability_zone = "" 36 | ``` 37 | 38 | ### OpenShift Cluster Details 39 | 40 | These set of variables specify the cluster capacity. 41 | 42 | ``` 43 | bastion = {instance_type = "", image_id = "", "count" = 1} 44 | bootstrap = {instance_type = "", image_id = "", "count" = 1} 45 | master = {instance_type = "", image_id = "", "count" = 3} 46 | worker = {instance_type = "", image_id = "", "count" = 2} 47 | ``` 48 | 49 | `instance_type` is the compute template to be used and `image_id` is the image UUID. `count` specifies the number of VMs that should be created for each type. 50 | 51 | To enable high availability (HA) for cluster services running on the bastion set the bastion `count` value to 2. Note that in case of HA, the automation will not setup NFS storage. `count` of 1 for bastion implies the default non-HA bastion setup. 52 | 53 | You can optionally set worker `count` value to 0 in which case all the cluster pods will be running on the master/supervisor nodes. 54 | Ensure you use proper sizing for master/supervisor nodes to avoid resource starvation for containers. 55 | 56 | `availability_zone` is an optional attribute for bastion, bootstrap, master and worker. If it is specified, the VM will be created in the specified `availability_zone`, otherwise value of `openstack_availability_zone` will be used. 57 | ``` 58 | bastion = {instance_type = "", image_id = "", "count" = 1} 59 | bootstrap = {instance_type = "", image_id = "", availability_zone = "", "count" = 1} 60 | master = {instance_type = "", image_id = "", availability_zone = "master-zone", "count" = 3} 61 | worker = {instance_type = "", image_id = "", availability_zone = "worker-zone", "count" = 2} 62 | ``` 63 | Above will create the bastion in `openstack_availability_zone`, bootstrap in default availability zone, masters in `master-zone`, and workers in `worker-zone`. 64 | 65 | To set a pre-defined IPv4 address for the bastion node, make use of the optional `fixed_ip_v4` in bastion variable as shown below. Ensure this address is within the given network subnet range and not already in use. 66 | ``` 67 | bastion = {instance_type = "", image_id = "", "count" = 1, fixed_ip_v4 = ""} 68 | ``` 69 | For bastion HA with pre-defined IPs, here the `fixed_ip_v4` will be the VIP for bastions: 70 | ``` 71 | bastion = {instance_type = "", image_id = "", "count" = 2, fixed_ip_v4 = "", fixed_ips = ["", ""]} 72 | ``` 73 | To use predefined IPs for bootstrap, master and worker node, use the optional `fixed_ips` in bootstrap, master and worker variables, number of IPs have to match the count number as shown below: 74 | ``` 75 | bootstrap = {instance_type = "", image_id = "", "count" = 1, fixed_ips = [""]} 76 | master = {instance_type = "", image_id = "", "count" = 3, fixed_ips = ["", "", ""]} 77 | worker = {instance_type = "", image_id = "", "count" = 2, fixed_ips = ["", ""]} 78 | ``` 79 | To attach additional volumes to master or worker nodes, set the optional `data_volume_count` key to the number of volumes that is to be attached and the `data_volume_size` to the size (in GB) for each volume. 80 | ``` 81 | master = {instance_type = "", image_id = "", "count" = 3, data_volume_count = 0, data_volume_size = 100} 82 | worker = {instance_type = "", image_id = "", "count" = 2, data_volume_count = 0, data_volume_size = 100} 83 | ``` 84 | These set of variables specify the username and the SSH key to be used for accessing the bastion node. 85 | ``` 86 | rhel_username = "root" #Set it to an appropriate username for non-root user access 87 | public_key_file = "data/id_rsa.pub" 88 | private_key_file = "data/id_rsa" 89 | ``` 90 | rhel_username is set to root. rhel_username can be set to an appropriate username having superuser privileges with no password prompt. 91 | Please note that only OpenSSH formatted keys are supported. Refer to the following links for instructions on creating SSH key based on your platform. 92 | - Windows 10 - https://phoenixnap.com/kb/generate-ssh-key-windows-10 93 | - Mac OSX - https://www.techrepublic.com/article/how-to-generate-ssh-keys-on-macos-mojave/ 94 | - Linux - https://www.siteground.com/kb/generate_ssh_key_in_linux/ 95 | 96 | Create the SSH key-pair and keep it under the `data` directory 97 | 98 | These set of variables specify the RHEL subscription details, RHEL subscription supports two methods: one is using username and password, the other is using activation key. 99 | This is sensitive data, and if you don't want to save it on disk, use environment variables `RHEL_SUBS_USERNAME` and `RHEL_SUBS_PASSWORD` and pass them to `terraform apply` command as shown in the [Quickstart guide](./quickstart.md#setup-terraform-variables). 100 | 101 | ``` 102 | rhel_subscription_username = "user@test.com" 103 | rhel_subscription_password = "mypassword" 104 | ``` 105 | Or define following variables to use activation key for RHEL subscription: 106 | ``` 107 | rhel_subscription_org = "org-id" 108 | rhel_subscription_activationkey = "activation-key" 109 | ``` 110 | ### OpenShift Installation Details 111 | 112 | These variables specify the URL for the OpenShift installer and client binaries. 113 | Change the URL to the specific stable or pre-release version that you want to install on PowerVS. 114 | Reference link - `https://mirror.openshift.com/pub/openshift-v4/ppc64le/clients/` 115 | 116 | For latest stable: 117 | ``` 118 | openshift_install_tarball = "https://mirror.openshift.com/pub/openshift-v4/ppc64le/clients/ocp/stable/openshift-install-linux.tar.gz" 119 | openshift_client_tarball = "https://mirror.openshift.com/pub/openshift-v4/ppc64le/clients/ocp/stable/openshift-client-linux.tar.gz" 120 | ``` 121 | For specific stable version: 122 | ``` 123 | openshift_install_tarball = "https://mirror.openshift.com/pub/openshift-v4/ppc64le/clients/ocp/stable-4.11/openshift-install-linux.tar.gz" 124 | openshift_client_tarball = "https://mirror.openshift.com/pub/openshift-v4/ppc64le/clients/ocp/stable-4.11/openshift-client-linux.tar.gz" 125 | ``` 126 | For pre-release: 127 | ``` 128 | openshift_install_tarball = "https://mirror.openshift.com/pub/openshift-v4/ppc64le/clients/ocp-dev-preview/latest/openshift-install-linux.tar.gz" 129 | openshift_client_tarball = "https://mirror.openshift.com/pub/openshift-v4/ppc64le/clients/ocp-dev-preview/latest/openshift-client-linux.tar.gz" 130 | ``` 131 | 132 | This variable specifies the OpenShift pull secret. This is available from the following link - https://cloud.redhat.com/openshift/install/power/user-provisioned 133 | Download the secret and copy it to `data/pull-secret.txt`. 134 | ``` 135 | pull_secret_file = "data/pull-secret.txt" 136 | ``` 137 | 138 | These variables specifies the OpenShift cluster domain details. 139 | Edit it as per your requirements. 140 | ``` 141 | cluster_domain = "ibm.com" 142 | cluster_id_prefix = "test-ocp" 143 | cluster_id = "" 144 | ``` 145 | Set the `cluster_domain` to `nip.io`, `xip.io` or `sslip.io` if you prefer using online wildcard domains. 146 | Default is `ibm.com`. 147 | The `cluster_id_prefix` should not be more than 8 characters. Nodes are pre-fixed with this value. 148 | Default value is `test-ocp` 149 | If `cluster_if_prefix` is not set, the `cluster_id` will be used only without prefix. 150 | 151 | A random value will be used for `cluster_id` if not set. 152 | The total length of `cluster_id_prefix`.`cluster_id` should not exceed 14 characters. 153 | 154 | ### FIPS Variable for OpenShift deployment 155 | 156 | These variables will be used for deploying OCP in FIPS mode. 157 | Change the values as per your requirement. 158 | ``` 159 | fips_compliant = false 160 | ``` 161 | 162 | ### Misc Customizations 163 | 164 | These variables provides miscellaneous customizations. For common usage scenarios these are not required and should be left unchanged. 165 | 166 | The following variables are used to define the IP address for the preconfigured external DNS and the Load-balancer. 167 | ``` 168 | lb_ipaddr = "" 169 | ext_dns = "" 170 | ``` 171 | 172 | The following variable is used to set the network adapter type for the VMs. By default the VMs will use SEA. If SRIOV is required then uncomment the variable 173 | ``` 174 | network_type = "SRIOV" 175 | ``` 176 | 177 | The following variable is used to define the amount of SR-IOV Virtual Functions used for VNIC failover of the network adapter for the VMs. By default the VMs will use 1, which defines `no VNIC failover`. Any setting higher then 1 creates additional virtual functions and configures them in a VNIC failover setup. `Be aware of the fact, that RHCOS and some Linux releases might not handle VNIC failover with more then 2 SR-IOV Virtual Functions properly. The recommended value is 2 for VNIC failover.` 178 | Valid options are: Any number supported for VNIC failover from 1 to 6 179 | ``` 180 | sriov_vnic_failover_vfs = 1 181 | ``` 182 | 183 | The following variable is used to define the capacity of SR-IOV Logical Ports of the 1st network adapter for the VMs. By default the VMs will use 2%. 184 | Valid options are: Any number which can be devided by 2 and results in an integer. 100% = 1.0; 80% = 0.80; 60% = 0.60; etc 185 | ``` 186 | sriov_capacity = 0.02 187 | ``` 188 | 189 | The following variable is used to specify the PowerVC [Storage Connectivity Group](https://www.ibm.com/support/knowledgecenter/SSVSPA_1.4.4/com.ibm.powervc.cloud.help.doc/powervc_storage_connectivity_groups_cloud.html) (SCG). Empty value will use the default SCG 190 | ``` 191 | scg_id = "" 192 | ``` 193 | This variable determines the visibility of a dynamically created compute template (flavor) in Terraform when `scg_id` is specified. By default, its value is set to `false` meaning the compute template remains private and is not displayed in the UI. 194 | ``` 195 | 196 | scg_flavor_is_public = false 197 | ``` 198 | The following variables can be used for disconnected install by using a local mirror registry on the bastion node. 199 | 200 | ``` 201 | enable_local_registry = false #Set to true to enable usage of local registry for restricted network install. 202 | local_registry_image = "docker.io/library/registry:2" 203 | ocp_release_tag = "4.4.9-ppc64le" 204 | ocp_release_name = "ocp-release" 205 | ``` 206 | 207 | This variable can be used for trying out custom OpenShift install image for development use. 208 | ``` 209 | release_image_override = "" 210 | ``` 211 | 212 | These variables specify the ansible playbooks that are used for OpenShift install and post-install customizations. 213 | ``` 214 | helpernode_repo = "https://github.com/RedHatOfficial/ocp4-helpernode" 215 | helpernode_tag = "bf7842ec240f1d9ba5b5f9897bb72e7c86500faa" 216 | install_playbook_repo = "https://github.com/ocp-power-automation/ocp4-playbooks" 217 | install_playbook_tag = "main" 218 | ``` 219 | 220 | This variable specify the MTU value for the private network interface on RHEL and RHCOS nodes. The CNI network will have - 50 for OpenshiftSDN and - 100 for OVNKubernetes network provider. 221 | ``` 222 | private_network_mtu = 1450 223 | ``` 224 | 225 | These variables can be used when debugging ansible playbooks 226 | ``` 227 | installer_log_level = "info" 228 | ansible_extra_options = "-v" 229 | ``` 230 | 231 | This variable specifies the external DNS servers to forward DNS queries that cannot be resolved locally. 232 | ``` 233 | dns_forwarders = "1.1.1.1; 9.9.9.9" 234 | ``` 235 | 236 | List of [day-1 kernel arguments](https://docs.openshift.com/container-platform/latest/installing/install_config/installing-customizing.html#installation-special-config-kargs_installing-customizing) for the cluster nodes. 237 | To add kernel arguments to master or worker nodes, using MachineConfig object and inject that object into the set of manifest files used by Ignition during cluster setup. 238 | ``` 239 | rhcos_pre_kernel_options = [] 240 | ``` 241 | - Example 1 242 | ``` 243 | rhcos_pre_kernel_options = ["rd.multipath=default","root=/dev/disk/by-label/dm-mpath-root"] 244 | ``` 245 | 246 | List of [kernel arguments](https://docs.openshift.com/container-platform/4.4/nodes/nodes/nodes-nodes-working.html#nodes-nodes-kernel-arguments_nodes-nodes-working) for the cluster nodes. 247 | Note that this will be applied after the cluster is installed and all the nodes are in `Ready` status. 248 | ``` 249 | rhcos_kernel_options = [] 250 | ``` 251 | - Example 1 252 | ``` 253 | rhcos_kernel_options = ["slub_max_order=0","loglevel=7"] 254 | ``` 255 | 256 | These variables are used to apply sysctl options via [Node Tuning Operator](https://docs.openshift.com/container-platform/latest/scalability_and_performance/using-node-tuning-operator.html) in the OpenShift cluster. 257 | ``` 258 | sysctl_tuned_options = true 259 | sysctl_options = ["kernel.shmmni=16384","net.ipv4.tcp_tw_reuse=1"] 260 | match_array = < /dev/null", 139 | "sudo hostname -F /etc/hostname", 140 | "echo 'vm.max_map_count = 262144' | sudo tee --append /etc/sysctl.conf > /dev/null", 141 | ] 142 | } 143 | } 144 | 145 | resource "null_resource" "setup_proxy_info" { 146 | depends_on = [null_resource.bastion_init] 147 | count = !var.setup_squid_proxy && local.proxy.server != "" ? local.bastion_count : 0 148 | connection { 149 | type = "ssh" 150 | user = var.rhel_username 151 | host = openstack_compute_instance_v2.bastion[count.index].access_ip_v4 152 | private_key = var.private_key 153 | agent = var.ssh_agent 154 | timeout = "${var.connection_timeout}m" 155 | bastion_host = var.jump_host 156 | } 157 | # Setup proxy 158 | provisioner "remote-exec" { 159 | inline = [< /dev/null 168 | echo "export https_proxy=\"http://${local.proxy.user_pass}${local.proxy.server}:${local.proxy.port}\"" | sudo tee -a /etc/profile.d/http_proxy.sh > /dev/null 169 | echo "export no_proxy=\"${local.proxy.no_proxy}\"" | sudo tee -a /etc/profile.d/http_proxy.sh > /dev/null 170 | 171 | # RHSM 172 | sudo sed -i -e 's/^proxy_hostname =.*/proxy_hostname = ${local.proxy.server}/' /etc/rhsm/rhsm.conf 173 | sudo sed -i -e 's/^proxy_port =.*/proxy_port = ${local.proxy.port}/' /etc/rhsm/rhsm.conf 174 | sudo sed -i -e 's/^proxy_user =.*/proxy_user = ${local.proxy.user}/' /etc/rhsm/rhsm.conf 175 | sudo sed -i -e 's/^proxy_password =.*/proxy_password = ${local.proxy.password}/' /etc/rhsm/rhsm.conf 176 | 177 | # YUM/DNF 178 | # Incase /etc/yum.conf is a symlink to /etc/dnf/dnf.conf we try to update the original file 179 | yum_dnf_conf=$(readlink -f -q /etc/yum.conf) 180 | sudo sed -i -e '/^proxy.*/d' $yum_dnf_conf 181 | echo "proxy=http://${local.proxy.server}:${local.proxy.port}" | sudo tee -a $yum_dnf_conf > /dev/null 182 | echo "proxy_username=${local.proxy.user}" | sudo tee -a $yum_dnf_conf > /dev/null 183 | echo "proxy_password=${local.proxy.password}" | sudo tee -a $yum_dnf_conf > /dev/null 184 | 185 | EOF 186 | ] 187 | } 188 | 189 | } 190 | 191 | resource "null_resource" "bastion_register" { 192 | count = (var.rhel_subscription_username == "" || var.rhel_subscription_username == "") && var.rhel_subscription_org == "" ? 0 : local.bastion_count 193 | depends_on = [null_resource.bastion_init, null_resource.setup_proxy_info] 194 | triggers = { 195 | bastion_ip = openstack_compute_instance_v2.bastion[count.index].access_ip_v4 196 | rhel_username = var.rhel_username 197 | private_key = var.private_key 198 | ssh_agent = var.ssh_agent 199 | jump_host = var.jump_host 200 | connection_timeout = var.connection_timeout 201 | } 202 | 203 | connection { 204 | type = "ssh" 205 | user = self.triggers.rhel_username 206 | host = self.triggers.bastion_ip 207 | private_key = self.triggers.private_key 208 | agent = self.triggers.ssh_agent 209 | timeout = "${self.triggers.connection_timeout}m" 210 | bastion_host = self.triggers.jump_host 211 | } 212 | 213 | provisioner "remote-exec" { 214 | inline = [<" ]] ) && [[ -z "${var.rhel_subscription_org}" ]]; then 274 | sudo yum install -y epel-release 275 | sudo yum install -y ansible 276 | elif [[ "$(printf '%s\n' "8.5" "$(cat /etc/redhat-release | sed 's/[^0-9.]*//g')" | sort -V | head -n1)" == "8.5" ]]; then 277 | # Compared release version with 8.5 (eg: 8.10 > 8.5) 278 | sudo yum install -y ansible-core 279 | else 280 | sudo subscription-manager repos --enable ${var.ansible_repo_name} 281 | sudo yum install -y ansible 282 | fi 283 | EOF 284 | ] 285 | } 286 | } 287 | 288 | resource "null_resource" "bastion_packages" { 289 | count = local.bastion_count 290 | depends_on = [null_resource.bastion_init, null_resource.setup_proxy_info, null_resource.bastion_register, null_resource.enable_repos] 291 | 292 | connection { 293 | type = "ssh" 294 | user = var.rhel_username 295 | host = openstack_compute_instance_v2.bastion[count.index].access_ip_v4 296 | private_key = var.private_key 297 | agent = var.ssh_agent 298 | timeout = "${var.connection_timeout}m" 299 | bastion_host = var.jump_host 300 | } 301 | provisioner "remote-exec" { 302 | inline = [ 303 | "#sudo yum update -y --skip-broken", 304 | "sudo yum install -y wget jq git net-tools vim python3 tar" 305 | ] 306 | } 307 | provisioner "remote-exec" { 308 | inline = [ 309 | "ansible-galaxy collection install community.crypto", 310 | "ansible-galaxy collection install ansible.posix", 311 | "ansible-galaxy collection install kubernetes.core" 312 | ] 313 | } 314 | provisioner "remote-exec" { 315 | inline = [ 316 | "sudo systemctl unmask NetworkManager", 317 | "sudo systemctl start NetworkManager", 318 | "for i in $(nmcli device | grep unmanaged | awk '{print $1}'); do echo NM_CONTROLLED=yes | sudo tee -a /etc/sysconfig/network-scripts/ifcfg-$i; done", 319 | "sudo systemctl restart NetworkManager", 320 | "sudo systemctl enable NetworkManager" 321 | ] 322 | } 323 | } 324 | 325 | resource "openstack_blockstorage_volume_v3" "storage_volume" { 326 | count = var.storage_type == "nfs" ? 1 : 0 327 | 328 | name = "${var.cluster_id}-${var.storage_type}-storage-vol" 329 | size = var.volume_size 330 | volume_type = var.volume_storage_template 331 | } 332 | 333 | resource "openstack_compute_volume_attach_v2" "storage_v_attach" { 334 | depends_on = [null_resource.bastion_init] 335 | count = var.storage_type == "nfs" ? 1 : 0 336 | 337 | volume_id = openstack_blockstorage_volume_v3.storage_volume[count.index].id 338 | instance_id = openstack_compute_instance_v2.bastion[count.index].id 339 | } 340 | 341 | locals { 342 | disk_config = { 343 | volume_size = var.volume_size 344 | disk_name = "disk/pv-storage-disk" 345 | } 346 | storage_path = "/export" 347 | } 348 | 349 | resource "null_resource" "setup_nfs_disk" { 350 | count = var.storage_type == "nfs" ? 1 : 0 351 | depends_on = [openstack_compute_volume_attach_v2.storage_v_attach] 352 | 353 | connection { 354 | type = "ssh" 355 | user = var.rhel_username 356 | host = openstack_compute_instance_v2.bastion[count.index].access_ip_v4 357 | private_key = var.private_key 358 | agent = var.ssh_agent 359 | timeout = "${var.connection_timeout}m" 360 | bastion_host = var.jump_host 361 | } 362 | provisioner "file" { 363 | content = templatefile("${path.module}/templates/create_disk_link.sh", local.disk_config) 364 | destination = "/tmp/create_disk_link.sh" 365 | } 366 | provisioner "remote-exec" { 367 | inline = [ 368 | "sudo rm -rf mkdir ${local.storage_path}; sudo mkdir -p ${local.storage_path}; sudo chmod -R 755 ${local.storage_path}", 369 | "sudo chmod +x /tmp/create_disk_link.sh", 370 | # Fix for copying file from Windows OS having CR, 371 | "sudo sed -i 's/\r//g' /tmp/create_disk_link.sh", 372 | "sudo /tmp/create_disk_link.sh", 373 | "sudo mkfs.xfs /dev/${local.disk_config.disk_name}", 374 | "MY_DEV_UUID=$(sudo blkid -o export /dev/${local.disk_config.disk_name} | awk '/UUID/{ print }')", 375 | "echo \"$MY_DEV_UUID ${local.storage_path} xfs defaults 0 0\" | sudo tee -a /etc/fstab > /dev/null", 376 | "sudo mount ${local.storage_path}", 377 | ] 378 | } 379 | } 380 | -------------------------------------------------------------------------------- /modules/1_bastion/outputs.tf: -------------------------------------------------------------------------------- 1 | ################################################################ 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Licensed Materials - Property of IBM 10 | # 11 | # ©Copyright IBM Corp. 2020 12 | # 13 | # Unless required by applicable law or agreed to in writing, software 14 | # distributed under the License is distributed on an "AS IS" BASIS, 15 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 | # See the License for the specific language governing permissions and 17 | # limitations under the License. 18 | # 19 | ################################################################ 20 | 21 | output "bastion_ip" { 22 | depends_on = [null_resource.bastion_packages, null_resource.setup_nfs_disk] 23 | value = openstack_compute_instance_v2.bastion.*.access_ip_v4 24 | } 25 | -------------------------------------------------------------------------------- /modules/1_bastion/templates/create_disk_link.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | #Scan devices 4 | sudo rescan-scsi-bus.sh -a -m -r 5 | 6 | storage_device="" 7 | storage_disk_name=${disk_name} 8 | 9 | if [[ -z $(ls -l /dev/mapper/mpath*) ]];then 10 | disk_path=/dev/sd* 11 | echo "Disk path is /dev/sd*" 12 | else 13 | disk_path=/dev/mapper/mpath* 14 | echo "Disk path is /dev/mapper/mpath*" 15 | fi 16 | 17 | for device in $(ls -1 $disk_path|egrep -v "[0-9]$"); do 18 | if [[ ! -b $device"1" ]]; then 19 | # Convert disk size to GB 20 | device_size=$(lsblk -b -dn -o SIZE $device | awk '{print $1/1073741824}') 21 | if [[ -z $storage_device && $device_size == ${volume_size} ]]; then 22 | storage_device=$device 23 | echo "Storage disk is $device" 24 | # This symbolic link is used in openshift config 25 | echo "ENV{DEVTYPE}==\"disk\", ENV{SUBSYSTEM}==\"block\", ENV{DEVPATH}==\"$(sudo udevadm info --root --name="$storage_device" | sudo grep DEVPATH | sudo cut -f2 -d'=')\" SYMLINK+=\"$storage_disk_name\"" | sudo tee /lib/udev/rules.d/10-custom-ocp.rules; 26 | sudo udevadm control --reload-rules; 27 | sudo udevadm trigger --type=devices --action=change 28 | break 29 | fi 30 | fi 31 | done 32 | 33 | # Verify the disk link exist 34 | timeout 10 bash -c -- " 35 | while [ ! -L /dev/$storage_disk_name ]; do 36 | echo 'Disk not ready, sleeping for 2s..'; 37 | sleep 2; 38 | done 39 | " 40 | -------------------------------------------------------------------------------- /modules/1_bastion/variables.tf: -------------------------------------------------------------------------------- 1 | ################################################################ 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Licensed Materials - Property of IBM 10 | # 11 | # ©Copyright IBM Corp. 2020 12 | # 13 | # Unless required by applicable law or agreed to in writing, software 14 | # distributed under the License is distributed on an "AS IS" BASIS, 15 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 | # See the License for the specific language governing permissions and 17 | # limitations under the License. 18 | # 19 | ################################################################ 20 | 21 | variable "cluster_domain" { 22 | default = "example.com" 23 | } 24 | variable "cluster_id" { 25 | default = "test-ocp" 26 | } 27 | variable "bastion" {} 28 | variable "bastion_port_ids" {} 29 | 30 | variable "scg_id" {} 31 | variable "scg_flavor_is_public" {} 32 | variable "openstack_availability_zone" {} 33 | 34 | variable "rhel_username" {} 35 | variable "private_key" {} 36 | variable "public_key" {} 37 | variable "create_keypair" {} 38 | variable "keypair_name" {} 39 | variable "ssh_agent" {} 40 | variable "connection_timeout" {} 41 | variable "jump_host" {} 42 | 43 | variable "rhel_subscription_username" {} 44 | variable "rhel_subscription_password" {} 45 | variable "rhel_subscription_org" {} 46 | variable "rhel_subscription_activationkey" {} 47 | variable "ansible_repo_name" {} 48 | 49 | variable "storage_type" {} 50 | variable "volume_size" {} 51 | variable "volume_storage_template" {} 52 | 53 | variable "setup_squid_proxy" {} 54 | variable "proxy" {} 55 | variable "fips_compliant" {} -------------------------------------------------------------------------------- /modules/1_bastion/versions.tf: -------------------------------------------------------------------------------- 1 | ################################################################ 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Licensed Materials - Property of IBM 10 | # 11 | # ©Copyright IBM Corp. 2020 12 | # 13 | # Unless required by applicable law or agreed to in writing, software 14 | # distributed under the License is distributed on an "AS IS" BASIS, 15 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 | # See the License for the specific language governing permissions and 17 | # limitations under the License. 18 | # 19 | ################################################################ 20 | 21 | terraform { 22 | required_providers { 23 | null = { 24 | source = "hashicorp/null" 25 | version = "~> 3.2" 26 | } 27 | openstack = { 28 | source = "terraform-provider-openstack/openstack" 29 | version = "~> 1.32" 30 | } 31 | random = { 32 | source = "hashicorp/random" 33 | version = "~> 3.4" 34 | } 35 | time = { 36 | source = "hashicorp/time" 37 | version = "~> 0.10.0" 38 | } 39 | } 40 | required_version = ">= 1.2.0" 41 | } 42 | -------------------------------------------------------------------------------- /modules/2_network/network.tf: -------------------------------------------------------------------------------- 1 | ################################################################ 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Licensed Materials - Property of IBM 10 | # 11 | # ©Copyright IBM Corp. 2020 12 | # 13 | # Unless required by applicable law or agreed to in writing, software 14 | # distributed under the License is distributed on an "AS IS" BASIS, 15 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 | # See the License for the specific language governing permissions and 17 | # limitations under the License. 18 | # 19 | ################################################################ 20 | 21 | data "openstack_networking_network_v2" "network" { 22 | name = var.network_name 23 | } 24 | 25 | data "openstack_networking_subnet_v2" "subnet" { 26 | network_id = data.openstack_networking_network_v2.network.id 27 | } 28 | 29 | resource "openstack_networking_port_v2" "bastion_vip" { 30 | count = local.bastion_count > 1 ? 1 : 0 31 | 32 | name = "${var.cluster_id}-bastion-vip" 33 | network_id = data.openstack_networking_network_v2.network.id 34 | admin_state_up = "true" 35 | fixed_ip { 36 | subnet_id = data.openstack_networking_subnet_v2.subnet.id 37 | ip_address = local.fixed_ip_v4 38 | } 39 | dynamic "binding" { 40 | for_each = local.bindings 41 | content { 42 | vnic_type = binding.value["vnic_type"] 43 | profile = binding.value["profile"] 44 | } 45 | } 46 | } 47 | 48 | resource "openstack_networking_port_v2" "bastion_port" { 49 | count = local.bastion_count 50 | depends_on = [openstack_networking_port_v2.bastion_vip] 51 | 52 | name = "${var.cluster_id}-bastion-port-${count.index}" 53 | network_id = data.openstack_networking_network_v2.network.id 54 | admin_state_up = "true" 55 | fixed_ip { 56 | subnet_id = data.openstack_networking_subnet_v2.subnet.id 57 | ip_address = local.bastion_count == 1 ? local.fixed_ip_v4 : (length(local.bastion_ips) == 0 ? "" : local.bastion_ips[count.index]) 58 | } 59 | dynamic "binding" { 60 | for_each = local.bindings 61 | content { 62 | vnic_type = binding.value["vnic_type"] 63 | profile = binding.value["profile"] 64 | } 65 | } 66 | } 67 | 68 | resource "openstack_networking_port_v2" "bootstrap_port" { 69 | depends_on = [openstack_networking_port_v2.bastion_port, openstack_networking_port_v2.bastion_vip] 70 | count = local.bootstrap_count 71 | name = "${var.cluster_id}-bootstrap-port" 72 | network_id = data.openstack_networking_network_v2.network.id 73 | admin_state_up = "true" 74 | fixed_ip { 75 | subnet_id = data.openstack_networking_subnet_v2.subnet.id 76 | ip_address = length(local.bootstrap_ips) == 0 ? "" : local.bootstrap_ips[count.index] 77 | } 78 | dynamic "binding" { 79 | for_each = local.bindings 80 | content { 81 | vnic_type = binding.value["vnic_type"] 82 | profile = binding.value["profile"] 83 | } 84 | } 85 | } 86 | 87 | resource "openstack_networking_port_v2" "master_port" { 88 | depends_on = [openstack_networking_port_v2.bastion_port, openstack_networking_port_v2.bastion_vip, openstack_networking_port_v2.bootstrap_port] 89 | count = local.master_count 90 | name = "${var.cluster_id}-master-port-${count.index}" 91 | network_id = data.openstack_networking_network_v2.network.id 92 | admin_state_up = "true" 93 | fixed_ip { 94 | subnet_id = data.openstack_networking_subnet_v2.subnet.id 95 | ip_address = length(local.master_ips) == 0 ? "" : local.master_ips[count.index] 96 | } 97 | dynamic "binding" { 98 | for_each = local.bindings 99 | content { 100 | vnic_type = binding.value["vnic_type"] 101 | profile = binding.value["profile"] 102 | } 103 | } 104 | } 105 | 106 | resource "openstack_networking_port_v2" "worker_port" { 107 | depends_on = [openstack_networking_port_v2.bastion_port, openstack_networking_port_v2.bastion_vip, openstack_networking_port_v2.bootstrap_port, openstack_networking_port_v2.master_port] 108 | count = local.worker_count 109 | name = "${var.cluster_id}-worker-port-${count.index}" 110 | network_id = data.openstack_networking_network_v2.network.id 111 | admin_state_up = "true" 112 | fixed_ip { 113 | subnet_id = data.openstack_networking_subnet_v2.subnet.id 114 | ip_address = length(local.worker_ips) == 0 ? "" : local.worker_ips[count.index] 115 | } 116 | dynamic "binding" { 117 | for_each = local.bindings 118 | content { 119 | vnic_type = binding.value["vnic_type"] 120 | profile = binding.value["profile"] 121 | } 122 | } 123 | } 124 | 125 | locals { 126 | sriov = < 1 ? slice(var.bastion_ip, 1, length(var.bastion_ip)) : [] 40 | forwarders = var.dns_forwarders 41 | lb_ipaddr = var.lb_ipaddr 42 | ext_dns = var.ext_dns 43 | gateway_ip = var.gateway_ip 44 | netmask = cidrnetmask(var.cidr) 45 | broadcast = cidrhost(var.cidr, -1) 46 | ipid = cidrhost(var.cidr, 0) 47 | pool = var.allocation_pools[0] 48 | chrony_config = var.chrony_config 49 | chrony_config_servers = var.chrony_config_servers 50 | secure_named = var.secure_named 51 | secure_http = var.secure_http 52 | secure_nfs = var.secure_nfs 53 | 54 | bootstrap_info = { 55 | ip = var.bootstrap_port_ip, 56 | mac = var.bootstrap_mac, 57 | name = "bootstrap" 58 | } 59 | master_info = [for ix in range(length(var.master_port_ips)) : 60 | { 61 | ip = var.master_port_ips[ix], 62 | mac = var.master_macs[ix], 63 | name = "master-${ix}" 64 | } 65 | ] 66 | worker_info = [for ix in range(length(var.worker_port_ips)) : 67 | { 68 | ip = var.worker_port_ips[ix], 69 | mac = var.worker_macs[ix], 70 | name = "worker-${ix}" 71 | } 72 | ] 73 | 74 | local_registry = local.local_registry 75 | client_tarball = var.openshift_client_tarball 76 | install_tarball = var.openshift_install_tarball 77 | fips = var.fips_compliant 78 | } 79 | helpernode_inventory = { 80 | rhel_username = var.rhel_username 81 | bastion_ip = var.bastion_ip 82 | } 83 | } 84 | 85 | resource "null_resource" "config" { 86 | 87 | triggers = { 88 | bootstrap_count = var.bootstrap_port_ip == "" ? 0 : 1 89 | worker_count = length(var.worker_port_ips) 90 | master_count = length(var.master_port_ips) 91 | } 92 | 93 | connection { 94 | type = "ssh" 95 | user = var.rhel_username 96 | host = var.bastion_ip[0] 97 | private_key = var.private_key 98 | agent = var.ssh_agent 99 | timeout = "${var.connection_timeout}m" 100 | bastion_host = var.jump_host 101 | } 102 | 103 | provisioner "remote-exec" { 104 | inline = [ 105 | "mkdir -p .openshift", 106 | "rm -rf ocp4-helpernode", 107 | "echo 'Cloning into ocp4-helpernode...'", 108 | "git clone ${var.helpernode_repo} --quiet", 109 | "cd ocp4-helpernode && git checkout ${var.helpernode_tag}" 110 | ] 111 | } 112 | provisioner "file" { 113 | content = templatefile("${path.module}/templates/helpernode_inventory", local.helpernode_inventory) 114 | destination = "ocp4-helpernode/inventory" 115 | } 116 | provisioner "file" { 117 | content = var.pull_secret 118 | destination = ".openshift/pull-secret" 119 | } 120 | provisioner "file" { 121 | content = templatefile("${path.module}/templates/helpernode_vars.yaml", local.helpernode_vars) 122 | destination = "ocp4-helpernode/helpernode_vars.yaml" 123 | } 124 | provisioner "remote-exec" { 125 | inline = [ 126 | "sed -i \"/^helper:.*/a \\ \\ networkifacename: $(ip r | grep \"${var.cidr} dev\" | awk '{print $3}')\" ocp4-helpernode/helpernode_vars.yaml", 127 | "echo 'Running ocp4-helpernode playbook...'", 128 | "cd ocp4-helpernode && ansible-playbook -i inventory -e @helpernode_vars.yaml tasks/main.yml ${var.ansible_extra_options} --become" 129 | ] 130 | } 131 | } 132 | -------------------------------------------------------------------------------- /modules/3_helpernode/templates/helpernode_inventory: -------------------------------------------------------------------------------- 1 | [vmhost] 2 | %{ for ip in bastion_ip ~} 3 | ${ip} ansible_connection=ssh ansible_user=${rhel_username} 4 | %{ endfor ~} 5 | -------------------------------------------------------------------------------- /modules/3_helpernode/templates/helpernode_vars.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | disk: vda 3 | helper: 4 | name: "${bastion_name}" 5 | ipaddr: "${bastion_ip}" 6 | %{ if isHA } 7 | high_availability: 8 | helpernodes: 9 | - name: "${cluster_id}-bastion-0" 10 | ipaddr: "${bastion_master_ip}" 11 | state: MASTER 12 | priority: 100 13 | %{ for idx,b in bastion_backup_ip ~} 14 | - name: "${cluster_id}-bastion-${idx + 1}" 15 | ipaddr: "${b}" 16 | state: BACKUP 17 | priority: 90 18 | %{ endfor ~} 19 | %{ endif } 20 | dns: 21 | domain: "${cluster_domain}" 22 | clusterid: "${cluster_id}" 23 | forwarder1: "${forwarders}" 24 | %{ if lb_ipaddr != "" } 25 | lb_ipaddr: "${lb_ipaddr}" 26 | %{ endif } 27 | dhcp: 28 | router: "${gateway_ip}" 29 | bcast: "${broadcast}" 30 | netmask: "${netmask}" 31 | %{ if ext_dns != "" } 32 | dns: "${ext_dns}" 33 | %{ endif } 34 | ipid: "${ipid}" 35 | netmaskid: "${netmask}" 36 | poolstart: "${pool.start}" 37 | poolend: "${pool.end}" 38 | %{ if bootstrap_info.ip != "" && bootstrap_info.mac != "" } 39 | bootstrap: 40 | name: "${bootstrap_info.name}" 41 | ipaddr: "${bootstrap_info.ip}" 42 | macaddr: "${bootstrap_info.mac}" 43 | %{ endif } 44 | masters: 45 | %{ for m in master_info ~} 46 | - name: "${m.name}" 47 | ipaddr: "${m.ip}" 48 | macaddr: "${m.mac}" 49 | %{ endfor ~} 50 | %{ if length(worker_info) > 0 } 51 | workers: 52 | %{ for w in worker_info ~} 53 | - name: "${w.name}" 54 | ipaddr: "${w.ip}" 55 | macaddr: "${w.mac}" 56 | %{ endfor ~} 57 | %{ endif } 58 | 59 | baremetal: false 60 | ppc64le: true 61 | ssh_gen_key: false 62 | 63 | %{ if local_registry.enable_local_registry } 64 | setup_registry: 65 | deploy: true 66 | autosync_registry: true 67 | registry_image: "${local_registry.registry_image}" 68 | local_repo: "${local_registry.ocp_release_repo}" 69 | product_repo: "openshift-release-dev" 70 | release_name: "ocp-release" 71 | release_tag: "${local_registry.ocp_release_tag}" 72 | %{ endif } 73 | 74 | %{ if chrony_config ~} 75 | chronyconfig: 76 | enabled: true 77 | content: 78 | %{ for item in chrony_config_servers ~} 79 | - server: ${item.server} 80 | options: ${item.options} 81 | %{ endfor ~} 82 | - server: "${bastion_ip}" 83 | options: iburst 84 | %{ endif ~} 85 | ocp_client: "${client_tarball}" 86 | ocp_installer: "${install_tarball}" 87 | 88 | # Pointing it to local files since it is not required atm 89 | ocp_bios: "file:///dev/null" 90 | ocp_initramfs: "file:///dev/null" 91 | ocp_install_kernel: "file:///dev/null" 92 | 93 | # This is required for latest helpernode. TODO: Remove when https://github.com/RedHatOfficial/ocp4-helpernode/pull/140 is merged 94 | helm_source: "https://get.helm.sh/helm-v3.4.0-linux-ppc64le.tar.gz" 95 | fips: ${fips} 96 | secure_named: ${secure_named} 97 | secure_http: ${secure_http} 98 | secure_nfs: ${secure_nfs} 99 | -------------------------------------------------------------------------------- /modules/3_helpernode/variables.tf: -------------------------------------------------------------------------------- 1 | ################################################################ 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Licensed Materials - Property of IBM 10 | # 11 | # ©Copyright IBM Corp. 2020 12 | # 13 | # Unless required by applicable law or agreed to in writing, software 14 | # distributed under the License is distributed on an "AS IS" BASIS, 15 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 | # See the License for the specific language governing permissions and 17 | # limitations under the License. 18 | # 19 | ################################################################ 20 | 21 | variable "cluster_domain" { 22 | default = "example.com" 23 | } 24 | variable "cluster_id" { 25 | default = "test-ocp" 26 | } 27 | 28 | variable "dns_forwarders" { 29 | default = "8.8.8.8; 9.9.9.9" 30 | } 31 | 32 | variable "lb_ipaddr" {} 33 | variable "ext_dns" {} 34 | variable "gateway_ip" {} 35 | variable "cidr" {} 36 | variable "allocation_pools" {} 37 | 38 | variable "bastion_vip" {} 39 | variable "bastion_ip" {} 40 | variable "rhel_username" {} 41 | variable "private_key" {} 42 | variable "ssh_agent" {} 43 | variable "connection_timeout" {} 44 | variable "jump_host" {} 45 | 46 | variable "bootstrap_port_ip" {} 47 | variable "master_port_ips" {} 48 | variable "worker_port_ips" {} 49 | 50 | variable "bootstrap_mac" {} 51 | variable "master_macs" {} 52 | variable "worker_macs" {} 53 | 54 | variable "openshift_client_tarball" {} 55 | variable "openshift_install_tarball" {} 56 | 57 | variable "enable_local_registry" {} 58 | variable "local_registry_image" {} 59 | variable "ocp_release_tag" {} 60 | 61 | variable "helpernode_repo" {} 62 | variable "helpernode_tag" {} 63 | 64 | variable "ansible_extra_options" {} 65 | 66 | variable "chrony_config" { default = true } 67 | variable "chrony_config_servers" {} 68 | 69 | variable "pull_secret" {} 70 | variable "fips_compliant" {} 71 | 72 | variable "secure_named" {} 73 | variable "secure_http" {} 74 | variable "secure_nfs" {} 75 | -------------------------------------------------------------------------------- /modules/3_helpernode/versions.tf: -------------------------------------------------------------------------------- 1 | ################################################################ 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Licensed Materials - Property of IBM 10 | # 11 | # ©Copyright IBM Corp. 2020 12 | # 13 | # Unless required by applicable law or agreed to in writing, software 14 | # distributed under the License is distributed on an "AS IS" BASIS, 15 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 | # See the License for the specific language governing permissions and 17 | # limitations under the License. 18 | # 19 | ################################################################ 20 | 21 | terraform { 22 | required_providers { 23 | null = { 24 | source = "hashicorp/null" 25 | version = "~> 3.2" 26 | } 27 | } 28 | required_version = ">= 1.2.0" 29 | } 30 | -------------------------------------------------------------------------------- /modules/4_nodes/4_1_bootstrapnode/bootstrapnode.tf: -------------------------------------------------------------------------------- 1 | ################################################################ 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Licensed Materials - Property of IBM 10 | # 11 | # ©Copyright IBM Corp. 2022 12 | # 13 | # Unless required by applicable law or agreed to in writing, software 14 | # distributed under the License is distributed on an "AS IS" BASIS, 15 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 | # See the License for the specific language governing permissions and 17 | # limitations under the License. 18 | # 19 | ################################################################ 20 | 21 | resource "random_id" "label" { 22 | count = var.scg_id == "" ? 0 : 1 23 | byte_length = "2" 24 | } 25 | 26 | #bootstrap 27 | data "ignition_config" "bootstrap" { 28 | merge { 29 | source = "http://${var.bastion_ip}:8080/ignition/bootstrap.ign" 30 | } 31 | files = [data.ignition_file.b_hostname.rendered] 32 | } 33 | 34 | data "ignition_file" "b_hostname" { 35 | overwrite = true 36 | mode = "420" // 0644 37 | path = "/etc/hostname" 38 | content { 39 | mime = "text/plain" 40 | content = < 0 ~} 37 | content: 38 | %{ endif ~} 39 | %{ for item in chrony_config_servers ~} 40 | - server: ${item.server} 41 | options: ${item.options} 42 | %{ endfor ~} 43 | %{ endif ~} 44 | 45 | setup_squid_proxy : ${setup_squid_proxy} 46 | squid_acl_localnet: 47 | - acl localnet src ${squid_source_range} 48 | 49 | proxy_url: "${proxy_url}" 50 | no_proxy: "${no_proxy}" 51 | 52 | # This flag when true/yes will allow sharing same network for multiple dhcp servers 53 | dhcp_shared_network: true 54 | 55 | %{ if bastion_vip != "" } 56 | bastion_vip: "${bastion_vip}" 57 | %{ endif ~} 58 | 59 | cni_network_provider: "${cni_network_provider}" 60 | 61 | cluster_network_cidr: "${cluster_network_cidr}" 62 | cluster_network_hostprefix: "${cluster_network_hostprefix}" 63 | service_network: "${service_network}" 64 | cni_network_mtu: "${cni_network_mtu}" 65 | 66 | %{ if luks_compliant && length(luks_config) > 0 ~} 67 | luks: 68 | enabled: true 69 | config: 70 | %{ for item in luks_config ~} 71 | - thumbprint: ${item.thumbprint} 72 | url: ${item.url} 73 | %{ endfor ~} 74 | filesystem_device: ${luks_filesystem_device} 75 | format: ${luks_format} 76 | wipeFileSystem: "${luks_wipe_filesystem}" 77 | device: ${luks_device} 78 | label: ${luks_label} 79 | %{ if length(luks_options) > 0 ~} 80 | options: 81 | %{ for item in luks_options ~} 82 | - ${item} 83 | %{ endfor ~} 84 | %{ endif ~} 85 | wipeVolume: "${luks_wipe_volume}" 86 | name: ${luks_name} 87 | %{ endif ~} 88 | 89 | %{ if kdump_enable ~} 90 | kdump: 91 | enabled: true 92 | commandline_remove: "${kdump_commandline_remove}" 93 | commandline_append: "${kdump_commandline_append}" 94 | kexec_args: "${kdump_kexec_args}" 95 | kdump_img: "${kdump_img}" 96 | log_path: "${kdump_log_path}" 97 | crash_kernel_memory: "${kdump_crash_kernel_memory}" 98 | %{ endif ~} 99 | -------------------------------------------------------------------------------- /modules/5_install/5_1_installconfig/templates/installconfig_vars.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | install_config: 3 | cluster_domain: ${cluster_domain} 4 | cluster_id: ${cluster_id} 5 | pull_secret: '${pull_secret}' 6 | public_ssh_key: '${public_ssh_key}' 7 | 8 | workdir: ~/openstack-upi 9 | log_level: ${log_level} 10 | 11 | release_image_override: '${release_image_override}' 12 | enable_local_registry: ${enable_local_registry} 13 | fips_compliant: "${fips_compliant}" 14 | 15 | 16 | rhcos_pre_kernel_options: [%{ for opt in rhcos_pre_kernel_options ~}"${opt}",%{ endfor ~}] 17 | 18 | 19 | %{ if chrony_config ~} 20 | chronyconfig: 21 | enabled: true 22 | allow: 23 | - ${chrony_allow_range} 24 | %{ if length(chrony_config_servers) > 0 ~} 25 | content: 26 | %{ endif ~} 27 | %{ for item in chrony_config_servers ~} 28 | - server: ${item.server} 29 | options: ${item.options} 30 | %{ endfor ~} 31 | %{ endif ~} 32 | 33 | setup_squid_proxy : ${setup_squid_proxy} 34 | squid_acl_localnet: 35 | - acl localnet src ${squid_source_range} 36 | 37 | proxy_url: "${proxy_url}" 38 | no_proxy: "${no_proxy}" 39 | 40 | # This flag when true/yes will allow sharing same network for multiple dhcp servers 41 | dhcp_shared_network: true 42 | 43 | %{ if bastion_vip != "" } 44 | bastion_vip: "${bastion_vip}" 45 | %{ endif ~} 46 | 47 | cni_network_provider: "${cni_network_provider}" 48 | 49 | cluster_network_cidr: "${cluster_network_cidr}" 50 | cluster_network_hostprefix: "${cluster_network_hostprefix}" 51 | service_network: "${service_network}" 52 | cni_network_mtu: "${cni_network_mtu}" 53 | -------------------------------------------------------------------------------- /modules/5_install/5_1_installconfig/variables.tf: -------------------------------------------------------------------------------- 1 | ##################v############################################## 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Licensed Materials - Property of IBM 10 | # 11 | # ©Copyright IBM Corp. 2022 12 | # 13 | # Unless required by applicable law or agreed to in writing, software 14 | # distributed under the License is distributed on an "AS IS" BASIS, 15 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 | # See the License for the specific language governing permissions and 17 | # limitations under the License. 18 | # 19 | ################################################################ 20 | 21 | variable "cluster_domain" { 22 | default = "example.com" 23 | } 24 | variable "cluster_id" { 25 | default = "test-ocp" 26 | } 27 | 28 | variable "cidr" {} 29 | 30 | variable "bastion_vip" {} 31 | variable "bastion_ip" {} 32 | variable "rhel_username" {} 33 | variable "private_key" {} 34 | variable "ssh_agent" {} 35 | variable "connection_timeout" {} 36 | variable "jump_host" {} 37 | 38 | variable "bastion" {} 39 | variable "bootstrap_ip" {} 40 | variable "master_ips" {} 41 | variable "worker_ips" {} 42 | 43 | variable "public_key" {} 44 | variable "pull_secret" {} 45 | variable "release_image_override" {} 46 | variable "fips_compliant" {} 47 | 48 | variable "private_network_mtu" {} 49 | 50 | variable "enable_local_registry" {} 51 | variable "local_registry_image" {} 52 | variable "ocp_release_tag" {} 53 | 54 | variable "install_playbook_repo" {} 55 | variable "install_playbook_tag" {} 56 | 57 | variable "storage_type" {} 58 | variable "log_level" {} 59 | 60 | variable "ansible_extra_options" {} 61 | variable "rhcos_pre_kernel_options" {} 62 | variable "rhcos_kernel_options" {} 63 | 64 | variable "sysctl_tuned_options" {} 65 | variable "sysctl_options" {} 66 | variable "match_array" {} 67 | variable "chrony_config" { default = true } 68 | variable "chrony_config_servers" {} 69 | 70 | variable "setup_squid_proxy" {} 71 | variable "proxy" {} 72 | 73 | variable "upgrade_version" {} 74 | variable "upgrade_channel" {} 75 | variable "upgrade_image" {} 76 | variable "upgrade_pause_time" {} 77 | variable "upgrade_delay_time" {} 78 | 79 | variable "eus_upgrade_version" {} 80 | variable "eus_upgrade_channel" {} 81 | variable "eus_upgrade_image" {} 82 | variable "eus_upstream" {} 83 | 84 | variable "cni_network_provider" {} 85 | variable "cluster_network_cidr" {} 86 | variable "cluster_network_hostprefix" {} 87 | variable "service_network" {} 88 | 89 | variable "luks_compliant" { default = false } 90 | variable "luks_config" {} 91 | variable "luks_filesystem_device" {} 92 | variable "luks_format" {} 93 | variable "luks_wipe_filesystem" {} 94 | variable "luks_device" {} 95 | variable "luks_label" {} 96 | variable "luks_options" {} 97 | variable "luks_wipe_volume" {} 98 | variable "luks_name" {} 99 | 100 | variable "kdump_enable" { default = false } 101 | variable "kdump_commandline_remove" {} 102 | variable "kdump_commandline_append" {} 103 | variable "kdump_kexec_args" {} 104 | variable "kdump_img" {} 105 | variable "kdump_log_path" {} 106 | variable "kdump_crash_kernel_memory" {} 107 | -------------------------------------------------------------------------------- /modules/5_install/5_1_installconfig/versions.tf: -------------------------------------------------------------------------------- 1 | ################################################################ 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Licensed Materials - Property of IBM 10 | # 11 | # ©Copyright IBM Corp. 2022 12 | # 13 | # Unless required by applicable law or agreed to in writing, software 14 | # distributed under the License is distributed on an "AS IS" BASIS, 15 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 | # See the License for the specific language governing permissions and 17 | # limitations under the License. 18 | # 19 | ################################################################ 20 | 21 | terraform { 22 | required_providers { 23 | null = { 24 | source = "hashicorp/null" 25 | version = "~> 3.2" 26 | } 27 | } 28 | required_version = ">= 1.2.0" 29 | } 30 | -------------------------------------------------------------------------------- /modules/5_install/5_2_bootstrapconfig/bootstrapconfig.tf: -------------------------------------------------------------------------------- 1 | ################################################################ 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Licensed Materials - Property of IBM 10 | # 11 | # ©Copyright IBM Corp. 2022 12 | # 13 | # Unless required by applicable law or agreed to in writing, software 14 | # distributed under the License is distributed on an "AS IS" BASIS, 15 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 | # See the License for the specific language governing permissions and 17 | # limitations under the License. 18 | # 19 | ################################################################ 20 | 21 | 22 | resource "null_resource" "bootstrap_config" { 23 | connection { 24 | type = "ssh" 25 | user = var.rhel_username 26 | host = var.bastion_ip[0] 27 | private_key = var.private_key 28 | agent = var.ssh_agent 29 | timeout = "${var.connection_timeout}m" 30 | bastion_host = var.jump_host 31 | } 32 | 33 | provisioner "remote-exec" { 34 | inline = [ 35 | "echo 'Running ocp install playbook...'", 36 | "cd ocp4-playbooks && ansible-playbook -i inventory -e @install_vars.yaml playbooks/bootstrap-config.yaml ${var.ansible_extra_options}" 37 | ] 38 | } 39 | } 40 | -------------------------------------------------------------------------------- /modules/5_install/5_2_bootstrapconfig/outputs.tf: -------------------------------------------------------------------------------- 1 | ################################################################ 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Licensed Materials - Property of IBM 10 | # 11 | # ©Copyright IBM Corp. 2022 12 | # 13 | # Unless required by applicable law or agreed to in writing, software 14 | # distributed under the License is distributed on an "AS IS" BASIS, 15 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 | # See the License for the specific language governing permissions and 17 | # limitations under the License. 18 | # 19 | ################################################################ 20 | 21 | output "install_status" { 22 | depends_on = [null_resource.bootstrap_config] 23 | value = "BOOTSTRAP_CONFIGURED" 24 | } 25 | -------------------------------------------------------------------------------- /modules/5_install/5_2_bootstrapconfig/variables.tf: -------------------------------------------------------------------------------- 1 | ##################v############################################## 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Licensed Materials - Property of IBM 10 | # 11 | # ©Copyright IBM Corp. 2022 12 | # 13 | # Unless required by applicable law or agreed to in writing, software 14 | # distributed under the License is distributed on an "AS IS" BASIS, 15 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 | # See the License for the specific language governing permissions and 17 | # limitations under the License. 18 | # 19 | ################################################################ 20 | 21 | 22 | variable "bastion_ip" {} 23 | variable "rhel_username" {} 24 | variable "private_key" {} 25 | variable "ssh_agent" {} 26 | variable "connection_timeout" {} 27 | variable "jump_host" {} 28 | 29 | 30 | variable "ansible_extra_options" {} 31 | -------------------------------------------------------------------------------- /modules/5_install/5_2_bootstrapconfig/versions.tf: -------------------------------------------------------------------------------- 1 | ################################################################ 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Licensed Materials - Property of IBM 10 | # 11 | # ©Copyright IBM Corp. 2022 12 | # 13 | # Unless required by applicable law or agreed to in writing, software 14 | # distributed under the License is distributed on an "AS IS" BASIS, 15 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 | # See the License for the specific language governing permissions and 17 | # limitations under the License. 18 | # 19 | ################################################################ 20 | 21 | terraform { 22 | required_providers { 23 | null = { 24 | source = "hashicorp/null" 25 | version = "~> 3.2" 26 | } 27 | } 28 | required_version = ">= 1.2.0" 29 | } 30 | -------------------------------------------------------------------------------- /modules/5_install/5_3_bootstrapcomplete/bootstrapcomplete.tf: -------------------------------------------------------------------------------- 1 | ################################################################ 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Licensed Materials - Property of IBM 10 | # 11 | # ©Copyright IBM Corp. 2022 12 | # 13 | # Unless required by applicable law or agreed to in writing, software 14 | # distributed under the License is distributed on an "AS IS" BASIS, 15 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 | # See the License for the specific language governing permissions and 17 | # limitations under the License. 18 | # 19 | ################################################################ 20 | 21 | 22 | resource "null_resource" "bootstrap_complete" { 23 | connection { 24 | type = "ssh" 25 | user = var.rhel_username 26 | host = var.bastion_ip[0] 27 | private_key = var.private_key 28 | agent = var.ssh_agent 29 | timeout = "${var.connection_timeout}m" 30 | bastion_host = var.jump_host 31 | } 32 | 33 | provisioner "remote-exec" { 34 | inline = [ 35 | "echo 'Running ocp install playbook...'", 36 | "cd ocp4-playbooks && ansible-playbook -i inventory -e @install_vars.yaml playbooks/bootstrap-complete.yaml ${var.ansible_extra_options}" 37 | ] 38 | } 39 | } 40 | -------------------------------------------------------------------------------- /modules/5_install/5_3_bootstrapcomplete/outputs.tf: -------------------------------------------------------------------------------- 1 | ################################################################ 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Licensed Materials - Property of IBM 10 | # 11 | # ©Copyright IBM Corp. 2022 12 | # 13 | # Unless required by applicable law or agreed to in writing, software 14 | # distributed under the License is distributed on an "AS IS" BASIS, 15 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 | # See the License for the specific language governing permissions and 17 | # limitations under the License. 18 | # 19 | ################################################################ 20 | 21 | output "install_status" { 22 | depends_on = [null_resource.bootstrap_complete] 23 | value = "BOOTSTRAP_COMPLETED" 24 | } 25 | -------------------------------------------------------------------------------- /modules/5_install/5_3_bootstrapcomplete/variables.tf: -------------------------------------------------------------------------------- 1 | ##################v############################################## 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Licensed Materials - Property of IBM 10 | # 11 | # ©Copyright IBM Corp. 2022 12 | # 13 | # Unless required by applicable law or agreed to in writing, software 14 | # distributed under the License is distributed on an "AS IS" BASIS, 15 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 | # See the License for the specific language governing permissions and 17 | # limitations under the License. 18 | # 19 | ################################################################ 20 | 21 | 22 | variable "bastion_ip" {} 23 | variable "rhel_username" {} 24 | variable "private_key" {} 25 | variable "ssh_agent" {} 26 | variable "connection_timeout" {} 27 | variable "jump_host" {} 28 | 29 | 30 | variable "ansible_extra_options" {} 31 | -------------------------------------------------------------------------------- /modules/5_install/5_3_bootstrapcomplete/versions.tf: -------------------------------------------------------------------------------- 1 | ################################################################ 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Licensed Materials - Property of IBM 10 | # 11 | # ©Copyright IBM Corp. 2022 12 | # 13 | # Unless required by applicable law or agreed to in writing, software 14 | # distributed under the License is distributed on an "AS IS" BASIS, 15 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 | # See the License for the specific language governing permissions and 17 | # limitations under the License. 18 | # 19 | ################################################################ 20 | 21 | terraform { 22 | required_providers { 23 | null = { 24 | source = "hashicorp/null" 25 | version = "~> 3.2" 26 | } 27 | } 28 | required_version = ">= 1.2.0" 29 | } 30 | -------------------------------------------------------------------------------- /modules/5_install/5_4_installcomplete/install.tf: -------------------------------------------------------------------------------- 1 | ################################################################ 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Licensed Materials - Property of IBM 10 | # 11 | # ©Copyright IBM Corp. 2022 12 | # 13 | # Unless required by applicable law or agreed to in writing, software 14 | # distributed under the License is distributed on an "AS IS" BASIS, 15 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 | # See the License for the specific language governing permissions and 17 | # limitations under the License. 18 | # 19 | ################################################################ 20 | 21 | locals { 22 | wildcard_dns = ["nip.io", "xip.io", "sslip.io"] 23 | cluster_domain = contains(local.wildcard_dns, var.cluster_domain) ? "${var.bastion_vip != "" ? var.bastion_vip : var.bastion_ip[0]}.${var.cluster_domain}" : var.cluster_domain 24 | 25 | upgrade_vars = { 26 | upgrade_version = var.upgrade_version 27 | upgrade_channel = var.upgrade_channel 28 | upgrade_image = var.upgrade_image 29 | eus_upgrade_version = var.eus_upgrade_version 30 | eus_upgrade_channel = var.eus_upgrade_channel 31 | eus_upgrade_image = var.eus_upgrade_image 32 | eus_upstream = var.eus_upstream 33 | pause_time = var.upgrade_pause_time 34 | delay_time = var.upgrade_delay_time 35 | } 36 | } 37 | 38 | 39 | 40 | resource "null_resource" "install" { 41 | triggers = { 42 | worker_count = length(var.worker_ips) 43 | } 44 | 45 | connection { 46 | type = "ssh" 47 | user = var.rhel_username 48 | host = var.bastion_ip[0] 49 | private_key = var.private_key 50 | agent = var.ssh_agent 51 | timeout = "${var.connection_timeout}m" 52 | bastion_host = var.jump_host 53 | } 54 | 55 | provisioner "remote-exec" { 56 | inline = [ 57 | "echo 'Running ocp install playbook...'", 58 | "cd ocp4-playbooks && ansible-playbook -i inventory -e @install_vars.yaml playbooks/install-complete.yaml ${var.ansible_extra_options}" 59 | ] 60 | } 61 | } 62 | 63 | resource "null_resource" "upgrade" { 64 | depends_on = [null_resource.install] 65 | count = (var.upgrade_version != "" || var.upgrade_image != "" || var.eus_upgrade_version != "" || var.eus_upgrade_image != "") != "" ? 1 : 0 66 | 67 | connection { 68 | type = "ssh" 69 | user = var.rhel_username 70 | host = var.bastion_ip[0] 71 | private_key = var.private_key 72 | agent = var.ssh_agent 73 | timeout = "${var.connection_timeout}m" 74 | bastion_host = var.jump_host 75 | } 76 | 77 | provisioner "file" { 78 | content = templatefile("${path.module}/templates/upgrade_vars.yaml", local.upgrade_vars) 79 | destination = "ocp4-playbooks/upgrade_vars.yaml" 80 | } 81 | provisioner "remote-exec" { 82 | inline = [ 83 | "echo 'Running ocp upgrade playbook...'", 84 | "cd ocp4-playbooks && ansible-playbook -i inventory -e @upgrade_vars.yaml playbooks/upgrade.yaml ${var.ansible_extra_options}" 85 | ] 86 | } 87 | } 88 | 89 | -------------------------------------------------------------------------------- /modules/5_install/5_4_installcomplete/outputs.tf: -------------------------------------------------------------------------------- 1 | ################################################################ 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Licensed Materials - Property of IBM 10 | # 11 | # ©Copyright IBM Corp. 2022 12 | # 13 | # Unless required by applicable law or agreed to in writing, software 14 | # distributed under the License is distributed on an "AS IS" BASIS, 15 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 | # See the License for the specific language governing permissions and 17 | # limitations under the License. 18 | # 19 | ################################################################ 20 | 21 | output "install_status" { 22 | depends_on = [null_resource.install] 23 | value = "COMPLETED" 24 | } 25 | 26 | output "oc_server_url" { 27 | depends_on = [null_resource.install] 28 | value = "https://api.${var.cluster_id}.${local.cluster_domain}:6443" 29 | } 30 | 31 | output "web_console_url" { 32 | depends_on = [null_resource.install] 33 | value = "https://console-openshift-console.apps.${var.cluster_id}.${local.cluster_domain}" 34 | } 35 | -------------------------------------------------------------------------------- /modules/5_install/5_4_installcomplete/templates/upgrade_vars.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | upgrade_version: "${upgrade_version}" 3 | upgrade_channel: "${upgrade_channel}" 4 | upgrade_image: "${upgrade_image}" 5 | eus_upgrade_version: "${eus_upgrade_version}" 6 | eus_upgrade_channel: "${eus_upgrade_channel}" 7 | eus_upgrade_image: "${eus_upgrade_image}" 8 | eus_upstream: "${eus_upstream}" 9 | pause_time: ${pause_time} 10 | delay_time: ${delay_time} 11 | 12 | -------------------------------------------------------------------------------- /modules/5_install/5_4_installcomplete/variables.tf: -------------------------------------------------------------------------------- 1 | ##################v############################################## 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Licensed Materials - Property of IBM 10 | # 11 | # ©Copyright IBM Corp. 2022 12 | # 13 | # Unless required by applicable law or agreed to in writing, software 14 | # distributed under the License is distributed on an "AS IS" BASIS, 15 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 | # See the License for the specific language governing permissions and 17 | # limitations under the License. 18 | # 19 | ################################################################ 20 | 21 | variable "cluster_domain" { 22 | default = "example.com" 23 | } 24 | variable "cluster_id" { 25 | default = "test-ocp" 26 | } 27 | 28 | variable "bastion_vip" {} 29 | variable "bastion_ip" {} 30 | variable "rhel_username" {} 31 | variable "private_key" {} 32 | variable "ssh_agent" {} 33 | variable "connection_timeout" {} 34 | variable "jump_host" {} 35 | 36 | variable "worker_ips" {} 37 | 38 | 39 | variable "ansible_extra_options" {} 40 | 41 | 42 | variable "upgrade_version" {} 43 | variable "upgrade_channel" {} 44 | variable "upgrade_image" {} 45 | variable "upgrade_pause_time" {} 46 | variable "upgrade_delay_time" {} 47 | 48 | variable "eus_upgrade_version" {} 49 | variable "eus_upgrade_channel" {} 50 | variable "eus_upgrade_image" {} 51 | variable "eus_upstream" {} 52 | -------------------------------------------------------------------------------- /modules/5_install/5_4_installcomplete/versions.tf: -------------------------------------------------------------------------------- 1 | ################################################################ 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Licensed Materials - Property of IBM 10 | # 11 | # ©Copyright IBM Corp. 2022 12 | # 13 | # Unless required by applicable law or agreed to in writing, software 14 | # distributed under the License is distributed on an "AS IS" BASIS, 15 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 | # See the License for the specific language governing permissions and 17 | # limitations under the License. 18 | # 19 | ################################################################ 20 | 21 | terraform { 22 | required_providers { 23 | null = { 24 | source = "hashicorp/null" 25 | version = "~> 3.2" 26 | } 27 | } 28 | required_version = ">= 1.2.0" 29 | } 30 | -------------------------------------------------------------------------------- /ocp.tf: -------------------------------------------------------------------------------- 1 | ################################################################ 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Licensed Materials - Property of IBM 10 | # 11 | # ©Copyright IBM Corp. 2022 12 | # 13 | # Unless required by applicable law or agreed to in writing, software 14 | # distributed under the License is distributed on an "AS IS" BASIS, 15 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 | # See the License for the specific language governing permissions and 17 | # limitations under the License. 18 | # 19 | ################################################################ 20 | 21 | provider "openstack" { 22 | user_name = var.user_name 23 | password = var.password 24 | tenant_name = var.tenant_name 25 | domain_name = var.domain_name 26 | auth_url = var.auth_url 27 | insecure = var.insecure 28 | } 29 | 30 | resource "random_id" "label" { 31 | count = var.cluster_id == "" ? 1 : 0 32 | byte_length = "2" # Since we use the hex, the word lenght would double 33 | prefix = "${var.cluster_id_prefix}-" 34 | } 35 | 36 | locals { 37 | # Generates cluster_id as combination of cluster_id_prefix + (random_id or user-defined cluster_id) 38 | cluster_id = var.cluster_id == "" ? random_id.label[0].hex : (var.cluster_id_prefix == "" ? var.cluster_id : "${var.cluster_id_prefix}-${var.cluster_id}") 39 | storage_type = lookup(var.bastion, "count", 1) > 1 ? "none" : var.storage_type 40 | } 41 | 42 | module "bastion" { 43 | source = "./modules/1_bastion" 44 | 45 | cluster_domain = var.cluster_domain 46 | cluster_id = local.cluster_id 47 | bastion = var.bastion 48 | bastion_port_ids = module.network.bastion_port_ids 49 | scg_id = var.scg_id 50 | openstack_availability_zone = var.openstack_availability_zone 51 | rhel_username = var.rhel_username 52 | private_key = local.private_key 53 | public_key = local.public_key 54 | create_keypair = local.create_keypair 55 | keypair_name = "${local.cluster_id}-keypair" 56 | ssh_agent = var.ssh_agent 57 | connection_timeout = var.connection_timeout 58 | jump_host = var.jump_host 59 | rhel_subscription_username = var.rhel_subscription_username 60 | rhel_subscription_password = var.rhel_subscription_password 61 | rhel_subscription_org = var.rhel_subscription_org 62 | rhel_subscription_activationkey = var.rhel_subscription_activationkey 63 | ansible_repo_name = var.ansible_repo_name 64 | storage_type = local.storage_type 65 | volume_size = var.volume_size 66 | volume_storage_template = var.volume_storage_template 67 | setup_squid_proxy = var.setup_squid_proxy 68 | proxy = var.proxy 69 | fips_compliant = var.fips_compliant 70 | scg_flavor_is_public = var.scg_flavor_is_public 71 | } 72 | 73 | module "network" { 74 | source = "./modules/2_network" 75 | 76 | cluster_id = local.cluster_id 77 | network_name = var.network_name 78 | bastion = var.bastion 79 | bootstrap = var.bootstrap 80 | master = var.master 81 | worker = var.worker 82 | network_type = var.network_type 83 | sriov_vnic_failover_vfs = var.sriov_vnic_failover_vfs 84 | sriov_capacity = var.sriov_capacity 85 | } 86 | 87 | module "helpernode" { 88 | source = "./modules/3_helpernode" 89 | 90 | cluster_domain = var.cluster_domain 91 | cluster_id = local.cluster_id 92 | dns_forwarders = var.dns_forwarders 93 | lb_ipaddr = var.lb_ipaddr 94 | ext_dns = var.ext_dns 95 | gateway_ip = module.network.gateway_ip 96 | cidr = module.network.cidr 97 | allocation_pools = module.network.allocation_pools 98 | bastion_vip = module.network.bastion_vip 99 | bastion_ip = module.bastion.bastion_ip 100 | rhel_username = var.rhel_username 101 | private_key = local.private_key 102 | ssh_agent = var.ssh_agent 103 | connection_timeout = var.connection_timeout 104 | jump_host = var.jump_host 105 | bootstrap_port_ip = module.network.bootstrap_port_ip 106 | master_port_ips = module.network.master_port_ips 107 | worker_port_ips = module.network.worker_port_ips 108 | bootstrap_mac = module.network.bootstrap_mac 109 | master_macs = module.network.master_macs 110 | worker_macs = module.network.worker_macs 111 | openshift_install_tarball = var.openshift_install_tarball 112 | openshift_client_tarball = var.openshift_client_tarball 113 | enable_local_registry = var.enable_local_registry 114 | local_registry_image = var.local_registry_image 115 | ocp_release_tag = var.ocp_release_tag 116 | helpernode_repo = var.helpernode_repo 117 | helpernode_tag = var.helpernode_tag 118 | ansible_extra_options = var.ansible_extra_options 119 | chrony_config = var.chrony_config 120 | chrony_config_servers = var.chrony_config_servers 121 | pull_secret = file(coalesce(var.pull_secret_file, "/dev/null")) 122 | fips_compliant = var.fips_compliant 123 | secure_named = var.secure_named 124 | secure_http = var.secure_http 125 | secure_nfs = var.secure_nfs 126 | } 127 | 128 | module "installconfig" { 129 | depends_on = [module.helpernode] 130 | source = "./modules/5_install/5_1_installconfig" 131 | 132 | cluster_domain = var.cluster_domain 133 | cluster_id = local.cluster_id 134 | cidr = module.network.cidr 135 | bastion = var.bastion 136 | bastion_vip = module.network.bastion_vip 137 | bastion_ip = module.bastion.bastion_ip 138 | rhel_username = var.rhel_username 139 | private_key = local.private_key 140 | ssh_agent = var.ssh_agent 141 | connection_timeout = var.connection_timeout 142 | jump_host = var.jump_host 143 | bootstrap_ip = module.network.bootstrap_port_ip 144 | master_ips = module.network.master_port_ips 145 | worker_ips = module.network.worker_port_ips 146 | public_key = local.public_key 147 | pull_secret = file(coalesce(var.pull_secret_file, "/dev/null")) 148 | storage_type = local.storage_type 149 | release_image_override = var.release_image_override 150 | private_network_mtu = var.private_network_mtu 151 | enable_local_registry = var.enable_local_registry 152 | fips_compliant = var.fips_compliant 153 | local_registry_image = var.local_registry_image 154 | ocp_release_tag = var.ocp_release_tag 155 | install_playbook_repo = var.install_playbook_repo 156 | install_playbook_tag = var.install_playbook_tag 157 | log_level = var.installer_log_level 158 | ansible_extra_options = var.ansible_extra_options 159 | rhcos_pre_kernel_options = var.rhcos_pre_kernel_options 160 | rhcos_kernel_options = var.rhcos_kernel_options 161 | sysctl_tuned_options = var.sysctl_tuned_options 162 | sysctl_options = var.sysctl_options 163 | match_array = var.match_array 164 | setup_squid_proxy = var.setup_squid_proxy 165 | proxy = var.proxy 166 | upgrade_version = var.upgrade_version 167 | upgrade_channel = var.upgrade_channel 168 | upgrade_image = var.upgrade_image 169 | upgrade_pause_time = var.upgrade_pause_time 170 | upgrade_delay_time = var.upgrade_delay_time 171 | eus_upgrade_version = var.eus_upgrade_version 172 | eus_upgrade_channel = var.eus_upgrade_channel 173 | eus_upgrade_image = var.eus_upgrade_image 174 | eus_upstream = var.eus_upstream 175 | chrony_config = var.chrony_config 176 | chrony_config_servers = var.chrony_config_servers 177 | cni_network_provider = var.cni_network_provider 178 | cluster_network_cidr = var.cluster_network_cidr 179 | cluster_network_hostprefix = var.cluster_network_hostprefix 180 | service_network = var.service_network 181 | luks_compliant = var.luks_compliant 182 | luks_config = var.luks_config 183 | luks_filesystem_device = var.luks_filesystem_device 184 | luks_format = var.luks_format 185 | luks_wipe_filesystem = var.luks_wipe_filesystem 186 | luks_device = var.luks_device 187 | luks_label = var.luks_label 188 | luks_options = var.luks_options 189 | luks_wipe_volume = var.luks_wipe_volume 190 | luks_name = var.luks_name 191 | kdump_enable = var.kdump_enable 192 | kdump_commandline_remove = var.kdump_commandline_remove 193 | kdump_commandline_append = var.kdump_commandline_append 194 | kdump_kexec_args = var.kdump_kexec_args 195 | kdump_img = var.kdump_img 196 | kdump_log_path = var.kdump_log_path 197 | kdump_crash_kernel_memory = var.kdump_crash_kernel_memory 198 | } 199 | 200 | module "bootstrapnode" { 201 | source = "./modules/4_nodes/4_1_bootstrapnode" 202 | 203 | bastion_ip = module.network.bastion_vip == "" ? module.bastion.bastion_ip[0] : module.network.bastion_vip 204 | cluster_id = local.cluster_id 205 | bootstrap = var.bootstrap 206 | scg_id = var.scg_id 207 | openstack_availability_zone = var.openstack_availability_zone 208 | bootstrap_port_id = module.network.bootstrap_port_id 209 | install_status = module.installconfig.install_status 210 | scg_flavor_is_public = var.scg_flavor_is_public 211 | } 212 | 213 | module "bootstrapconfig" { 214 | depends_on = [module.bootstrapnode] 215 | source = "./modules/5_install/5_2_bootstrapconfig" 216 | 217 | bastion_ip = module.bastion.bastion_ip 218 | rhel_username = var.rhel_username 219 | private_key = local.private_key 220 | ssh_agent = var.ssh_agent 221 | connection_timeout = var.connection_timeout 222 | jump_host = var.jump_host 223 | ansible_extra_options = var.ansible_extra_options 224 | } 225 | 226 | 227 | module "masternodes" { 228 | source = "./modules/4_nodes/4_2_masternodes" 229 | 230 | bastion_ip = module.network.bastion_vip == "" ? module.bastion.bastion_ip[0] : module.network.bastion_vip 231 | cluster_id = local.cluster_id 232 | master = var.master 233 | scg_id = var.scg_id 234 | openstack_availability_zone = var.openstack_availability_zone 235 | master_port_ids = module.network.master_port_ids 236 | mount_etcd_ramdisk = var.mount_etcd_ramdisk 237 | install_status = module.bootstrapconfig.install_status 238 | scg_flavor_is_public = var.scg_flavor_is_public 239 | } 240 | 241 | module "bootstrapcomplete" { 242 | depends_on = [module.masternodes] 243 | source = "./modules/5_install/5_3_bootstrapcomplete" 244 | 245 | bastion_ip = module.bastion.bastion_ip 246 | rhel_username = var.rhel_username 247 | private_key = local.private_key 248 | ssh_agent = var.ssh_agent 249 | connection_timeout = var.connection_timeout 250 | jump_host = var.jump_host 251 | ansible_extra_options = var.ansible_extra_options 252 | } 253 | 254 | module "workernodes" { 255 | source = "./modules/4_nodes/4_3_workernodes" 256 | 257 | bastion_ip = module.network.bastion_vip == "" ? module.bastion.bastion_ip[0] : module.network.bastion_vip 258 | cluster_id = local.cluster_id 259 | worker = var.worker 260 | scg_id = var.scg_id 261 | openstack_availability_zone = var.openstack_availability_zone 262 | worker_port_ids = module.network.worker_port_ids 263 | rhel_username = var.rhel_username 264 | private_key = local.private_key 265 | ssh_agent = var.ssh_agent 266 | connection_timeout = var.connection_timeout 267 | jump_host = var.jump_host 268 | installconfig_status = module.installconfig.install_status 269 | bootstrapcomplete_status = module.bootstrapcomplete.install_status 270 | scg_flavor_is_public = var.scg_flavor_is_public 271 | } 272 | module "install" { 273 | depends_on = [module.helpernode, module.installconfig, module.workernodes] 274 | source = "./modules/5_install/5_4_installcomplete" 275 | 276 | cluster_domain = var.cluster_domain 277 | cluster_id = local.cluster_id 278 | bastion_vip = module.network.bastion_vip 279 | bastion_ip = module.bastion.bastion_ip 280 | rhel_username = var.rhel_username 281 | private_key = local.private_key 282 | ssh_agent = var.ssh_agent 283 | connection_timeout = var.connection_timeout 284 | jump_host = var.jump_host 285 | worker_ips = module.network.worker_port_ips 286 | ansible_extra_options = var.ansible_extra_options 287 | upgrade_version = var.upgrade_version 288 | upgrade_channel = var.upgrade_channel 289 | upgrade_image = var.upgrade_image 290 | upgrade_pause_time = var.upgrade_pause_time 291 | upgrade_delay_time = var.upgrade_delay_time 292 | eus_upgrade_version = var.eus_upgrade_version 293 | eus_upgrade_channel = var.eus_upgrade_channel 294 | eus_upgrade_image = var.eus_upgrade_image 295 | eus_upstream = var.eus_upstream 296 | } 297 | -------------------------------------------------------------------------------- /outputs.tf: -------------------------------------------------------------------------------- 1 | ################################################################ 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Licensed Materials - Property of IBM 10 | # 11 | # ©Copyright IBM Corp. 2022 12 | # 13 | # Unless required by applicable law or agreed to in writing, software 14 | # distributed under the License is distributed on an "AS IS" BASIS, 15 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 | # See the License for the specific language governing permissions and 17 | # limitations under the License. 18 | # 19 | ################################################################ 20 | 21 | output "cluster_id" { 22 | value = local.cluster_id 23 | } 24 | 25 | output "bastion_ip" { 26 | value = join(", ", module.bastion.bastion_ip) 27 | } 28 | 29 | output "bastion_vip" { 30 | value = module.network.bastion_vip == "" ? null : module.network.bastion_vip 31 | } 32 | 33 | output "bastion_ssh_command" { 34 | value = "ssh -i ${var.private_key_file} ${var.rhel_username}@${module.network.bastion_vip == "" ? module.bastion.bastion_ip[0] : module.network.bastion_vip}" 35 | } 36 | 37 | output "bootstrap_ip" { 38 | value = module.bootstrapnode.bootstrap_ip 39 | } 40 | 41 | output "master_ips" { 42 | value = module.masternodes.master_ips 43 | } 44 | 45 | output "worker_ips" { 46 | value = module.workernodes.worker_ips 47 | } 48 | 49 | output "etc_hosts_entries" { 50 | value = var.cluster_domain == "nip.io" || var.cluster_domain == "xip.io" || var.cluster_domain == "sslip.io" ? null : <<-EOF 51 | 52 | ${module.network.bastion_vip == "" ? module.bastion.bastion_ip[0] : module.network.bastion_vip} api.${local.cluster_id}.${var.cluster_domain} console-openshift-console.apps.${local.cluster_id}.${var.cluster_domain} integrated-oauth-server-openshift-authentication.apps.${local.cluster_id}.${var.cluster_domain} oauth-openshift.apps.${local.cluster_id}.${var.cluster_domain} prometheus-k8s-openshift-monitoring.apps.${local.cluster_id}.${var.cluster_domain} grafana-openshift-monitoring.apps.${local.cluster_id}.${var.cluster_domain} example.apps.${local.cluster_id}.${var.cluster_domain} 53 | EOF 54 | } 55 | 56 | output "oc_server_url" { 57 | value = module.install.oc_server_url 58 | } 59 | 60 | output "web_console_url" { 61 | value = module.install.web_console_url 62 | } 63 | 64 | output "storageclass_name" { 65 | value = "nfs-storage-provisioner" 66 | } 67 | 68 | output "install_status" { 69 | value = module.install.install_status 70 | } 71 | -------------------------------------------------------------------------------- /var.tfvars: -------------------------------------------------------------------------------- 1 | ### PowerVC Details 2 | auth_url = ":5000/v3/>" 3 | user_name = "" 4 | password = "" 5 | tenant_name = "" 6 | domain_name = "Default" 7 | openstack_availability_zone = "" 8 | 9 | network_name = "" 10 | 11 | ### OpenShift Cluster Details 12 | 13 | bastion = { instance_type = "", image_id = "", "count" = 1 } 14 | bootstrap = { instance_type = "", image_id = "", "count" = 1 } 15 | master = { instance_type = "", image_id = "", "count" = 3 } 16 | worker = { instance_type = "", image_id = "", "count" = 2 } 17 | # With all optional attributes 18 | # bastion = {instance_type = "", image_id = "", availability_zone = "", "count" = 1, fixed_ip_v4 = ""} 19 | # bootstrap = {instance_type = "", image_id = "", availability_zone = "", "count" = 1} 20 | # master = {instance_type = "", image_id = "", availability_zone = "", "count" = 3, data_volume_count = 0, data_volume_size = 100} 21 | # worker = {instance_type = "", image_id = "", availability_zone = "", "count" = 2, data_volume_count = 0, data_volume_size = 100} 22 | 23 | 24 | rhel_username = "root" #Set it to an appropriate username for non-root user access 25 | public_key_file = "data/id_rsa.pub" 26 | private_key_file = "data/id_rsa" 27 | rhel_subscription_username = "" #Leave this as-is if using CentOS as bastion image 28 | rhel_subscription_password = "" #Leave this as-is if using CentOS as bastion image 29 | rhel_subscription_org = "" # Define it only when using activationkey for RHEL subscription 30 | rhel_subscription_activationkey = "" # Define it only when using activationkey for RHEL subscription 31 | 32 | connection_timeout = 45 33 | jump_host = "" 34 | 35 | ### OpenShift Installation Details 36 | 37 | openshift_install_tarball = "https://mirror.openshift.com/pub/openshift-v4/ppc64le/clients/ocp/stable/openshift-install-linux.tar.gz" 38 | openshift_client_tarball = "https://mirror.openshift.com/pub/openshift-v4/ppc64le/clients/ocp/stable/openshift-client-linux.tar.gz" 39 | pull_secret_file = "data/pull-secret.txt" 40 | 41 | cluster_domain = "ibm.com" # Set domain to nip.io or xip.io if you prefer using online wildcard domain and avoid modifying /etc/hosts 42 | cluster_id_prefix = "test-ocp" # Set it to empty if just want to use cluster_id without prefix 43 | cluster_id = "" # It will use random generated id with cluster_id_prefix if this is not set 44 | #fips_compliant = false # Set it true if you prefer to use FIPS enable in ocp deployment 45 | 46 | ### Misc Customizations 47 | 48 | #network_type = "SRIOV" 49 | #scg_id = "df21cec9-c244-4d3d-b927-df1518672e87" 50 | #sriov_vnic_failover_vfs = 1 51 | #sriov_capacity = 0.02 52 | 53 | #enable_local_registry = false #Set to true to enable usage of local registry for restricted network install. 54 | #local_registry_image = "docker.io/library/registry:2" 55 | #ocp_release_tag = "4.4.9-ppc64le" 56 | #ocp_release_name = "ocp-release" 57 | #release_image_override = "" 58 | 59 | 60 | #helpernode_repo = "https://github.com/RedHatOfficial/ocp4-helpernode" 61 | #helpernode_tag = "" 62 | #install_playbook_repo = "https://github.com/ocp-power-automation/ocp4-playbooks" 63 | #install_playbook_tag = "" 64 | 65 | #installer_log_level = "info" 66 | #ansible_extra_options = "-v" 67 | #ansible_repo_name = "ansible-2.9-for-rhel-8-ppc64le-rpms" 68 | #dns_forwarders = "1.1.1.1; 9.9.9.9" 69 | #rhcos_pre_kernel_options = [] 70 | #rhcos_kernel_options = [] 71 | 72 | # sysctl_tuned_options = true 73 | # sysctl_options = ["kernel.shmmni=16384","net.ipv4.tcp_tw_reuse=1"] 74 | # match_array = < 0 && var.sriov_vnic_failover_vfs < 7 138 | error_message = "The number of virtual functions for the parameter sriov_vnic_failover_vfs must be min. 1 and cannot exceed 6." 139 | } 140 | } 141 | 142 | variable "sriov_capacity" { 143 | # Eg: 0.02 = 2%; 0.20 = 20%; 1.00 = 100% 144 | default = 0.02 145 | description = "Specifies the SR-IOV LP capacity" 146 | } 147 | 148 | variable "scg_id" { 149 | description = "The id of PowerVC Storage Connectivity Group to use for all nodes" 150 | default = "" 151 | } 152 | 153 | variable "scg_flavor_is_public" { 154 | description = "Newly created compute template will be private by default. User can set this to true to make it visible in UI" 155 | default = false 156 | } 157 | 158 | variable "rhel_username" { 159 | default = "root" 160 | } 161 | 162 | variable "keypair_name" { 163 | # Set this variable to the name of an already generated 164 | # keypair to use it instead of creating a new one. 165 | default = "" 166 | } 167 | 168 | variable "public_key_file" { 169 | description = "Path to public key file" 170 | # if empty, will default to ${path.cwd}/data/id_rsa.pub 171 | default = "" 172 | } 173 | 174 | variable "private_key_file" { 175 | description = "Path to private key file" 176 | # if empty, will default to ${path.cwd}/data/id_rsa 177 | default = "" 178 | } 179 | 180 | variable "private_key" { 181 | description = "content of private ssh key" 182 | # if empty string will read contents of file at var.private_key_file 183 | default = "" 184 | } 185 | 186 | variable "public_key" { 187 | description = "Public key" 188 | # if empty string will read contents of file at var.public_key_file 189 | default = "" 190 | } 191 | 192 | variable "rhel_subscription_username" { 193 | default = "" 194 | } 195 | 196 | variable "rhel_subscription_password" { 197 | default = "" 198 | } 199 | 200 | variable "rhel_subscription_org" { 201 | default = "" 202 | } 203 | 204 | variable "rhel_subscription_activationkey" { 205 | default = "" 206 | } 207 | 208 | variable "rhcos_pre_kernel_options" { 209 | description = "List of kernel arguments for the cluster nodes for pre-installation" 210 | default = [] 211 | } 212 | 213 | variable "rhcos_kernel_options" { 214 | description = "List of kernel arguments for the cluster nodes" 215 | default = [] 216 | } 217 | 218 | variable "sysctl_tuned_options" { 219 | description = "Set to true to apply sysctl options via tuned operator. Default: false" 220 | default = false 221 | } 222 | 223 | variable "sysctl_options" { 224 | description = "List of sysctl options to apply." 225 | default = [] 226 | } 227 | 228 | variable "match_array" { 229 | description = "Criteria for node/pod selection." 230 | default = <