diff --git a/ansible/configs/ceph5-playground/README.adoc b/ansible/configs/ceph5-playground/README.adoc new file mode 100644 index 00000000000..b366eab6057 --- /dev/null +++ b/ansible/configs/ceph5-playground/README.adoc @@ -0,0 +1,3 @@ +== Overview + +Ceph 5 Playground running on OpenShift Virtualization. Legacy demo to be decomissioned in the future. diff --git a/ansible/configs/ceph5-playground/default_vars.yml b/ansible/configs/ceph5-playground/default_vars.yml new file mode 100644 index 00000000000..6843265d505 --- /dev/null +++ b/ansible/configs/ceph5-playground/default_vars.yml @@ -0,0 +1,64 @@ +--- +output_dir: /tmp/output_dir + +## Common repositories +rhel_repos: + - "rhel-8-for-x86_64-baseos-rpms" + - "rhel-8-for-x86_64-appstream-rpms" + - "ansible-2-for-rhel-8-x86_64-rpms" + - "ansible-2.9-for-rhel-8-x86_64-rpms" + +rhel_lock_release: '8.6' + + +# Do you want to run a full yum update +update_packages: false + +# This var is used to identify stack (cloudformation, azure resourcegroup, ...) +project_tag: "{{ env_type }}-{{ guid }}" + +# This is where the ssh_config file will be created, this file is used to +# define the communication method to all the hosts in the deployment +deploy_local_ssh_config_location: "{{output_dir}}/" + +install_bastion: true +install_common: true + +set_env_authorized_key: true +env_authorized_key: "{{guid}}key" + +# ------------------------------------------------- +# Role: control-user +# ------------------------------------------------- +install_control_user: true +student_name: student +student_password: "{{ common_password }}" +control_user_name: "{{ student_name }}" +control_user_password: "{{ common_password }}" +control_user_private_group: "{{ omit }}" +control_user_ssh_config: ./files/ssh_config.j2 + +# ------------------------------------------------- +# Role: bastion-lite +# ------------------------------------------------- +install_bastion_lite: true + +# ------------------------------------------------- +# Role: set-repositories +# ------------------------------------------------- +repo_method: satellite +use_content_view: true + +# ------------------------------------------------- +# Role: common +# ------------------------------------------------- +common_packages: + - python3 + - unzip + - bash-completion + - tmux + - bind-utils + - wget + - nano + - git + - vim-enhanced diff --git a/ansible/configs/ceph5-playground/default_vars_openshift_cnv.yaml b/ansible/configs/ceph5-playground/default_vars_openshift_cnv.yaml new file mode 100644 index 00000000000..1d28ca5f34c --- /dev/null +++ b/ansible/configs/ceph5-playground/default_vars_openshift_cnv.yaml @@ -0,0 +1,513 @@ +--- +ansible_user: cloud-user +remote_user: cloud-user + +lab_instance_image: rhel-8.6 + +common_extra_packages: + - ceph-common + - lvm2 +networks: + - name: admin + - name: public + - name: storage + +instances: + - name: "workstation-{{ guid }}" + cores: 1 + memory: "2G" + unique: true + public_dns: true + dns_loadbalancer: true + floating_ip: true + image: "{{ lab_instance_image }}" + image_size: "40G" + tags: + - key: "AnsibleGroup" + value: "bastions" + - key: "ostype" + value: "linux" + - key: "instance_filter" + value: "{{ env_type }}-{{ guid }}" + - key: ansible_python_interpreter + value: /usr/libexec/platform-python + networks: + - default + - public + - admin + - storage + networkdata: | + version: 2 + ethernets: + eth1: + addresses: + - 192.168.56.252/24 + eth2: + addresses: + - 172.16.7.252/24 + eth3: + addresses: + - 192.168.99.252/24 + disks: [] + + - name: "ceph-mon01" + cores: 2 + memory: "4G" + public_dns: false + dns_loadbalancer: false + floating_ip: false + image: "{{ lab_instance_image }}" + image_size: "20G" + networks: + - default + - public + - admin + - storage + networkdata: | + version: 2 + ethernets: + eth1: + addresses: + - 192.168.56.64/24 + eth2: + addresses: + - 172.16.7.64/24 + eth3: + addresses: + - 192.168.99.64/24 + tags: + - key: "AnsibleGroup" + value: "mons" + - key: "ostype" + value: "rhel" + - key: "instance_filter" + value: "{{ env_type }}-{{ guid }}" + - key: ansible_python_interpreter + value: /usr/libexec/platform-python + disks: + - metadata: + name: "INSTANCENAME-{{ guid }}2" + spec: + source: + blank: {} + pvc: + accessModes: + - ReadWriteMany + volumeMode: Block + resources: + requests: + storage: "10Gi" + - metadata: + name: "INSTANCENAME-{{ guid }}3" + spec: + source: + blank: {} + pvc: + accessModes: + - ReadWriteMany + volumeMode: Block + resources: + requests: + storage: "10Gi" + + services: + - name: ceph-mon01-svc + ports: + - port: 443 + protocol: TCP + targetPort: 8443 + name: ceph-mon01-https + routes: + - name: ceph-mon01-https + host: ceph-mon01 + service: ceph-mon01-svc + targetPort: 443 + tls: true + + - name: "ceph-mon02" + cores: 2 + memory: "4G" + public_dns: false + dns_loadbalancer: false + floating_ip: false + image: "{{ lab_instance_image }}" + image_size: "20G" + networks: + - default + - public + - admin + - storage + networkdata: | + version: 2 + ethernets: + eth1: + addresses: + - 192.168.56.65/24 + eth2: + addresses: + - 172.16.7.65/24 + eth3: + addresses: + - 192.168.99.65/24 + tags: + - key: "AnsibleGroup" + value: "mons" + - key: "ostype" + value: "rhel" + - key: "instance_filter" + value: "{{ env_type }}-{{ guid }}" + - key: ansible_python_interpreter + value: /usr/libexec/platform-python + disks: + - metadata: + name: "INSTANCENAME-{{ guid }}2" + spec: + source: + blank: {} + pvc: + accessModes: + - ReadWriteMany + volumeMode: Block + resources: + requests: + storage: "10Gi" + - metadata: + name: "INSTANCENAME-{{ guid }}3" + spec: + source: + blank: {} + pvc: + accessModes: + - ReadWriteMany + volumeMode: Block + resources: + requests: + storage: "10Gi" + + + - name: "ceph-mon03" + cores: 2 + memory: "4G" + public_dns: false + dns_loadbalancer: false + floating_ip: false + image: "{{ lab_instance_image }}" + image_size: "20G" + networks: + - default + - public + - admin + - storage + networkdata: | + version: 2 + ethernets: + eth1: + addresses: + - 192.168.56.66/24 + eth2: + addresses: + - 172.16.7.66/24 + eth3: + addresses: + - 192.168.99.66/24 + tags: + - key: "AnsibleGroup" + value: "mons" + - key: "ostype" + value: "rhel" + - key: "instance_filter" + value: "{{ env_type }}-{{ guid }}" + - key: ansible_python_interpreter + value: /usr/libexec/platform-python + disks: + - metadata: + name: "INSTANCENAME-{{ guid }}2" + spec: + source: + blank: {} + pvc: + accessModes: + - ReadWriteMany + volumeMode: Block + resources: + requests: + storage: "10Gi" + - metadata: + name: "INSTANCENAME-{{ guid }}3" + spec: + source: + blank: {} + pvc: + accessModes: + - ReadWriteMany + volumeMode: Block + resources: + requests: + storage: "10Gi" + + + - name: "ceph-node01" + cores: 2 + memory: "4G" + public_dns: false + dns_loadbalancer: false + floating_ip: false + image: "{{ lab_instance_image }}" + image_size: "20G" + networks: + - default + - public + - admin + - storage + networkdata: | + version: 2 + ethernets: + eth1: + addresses: + - 192.168.56.61/24 + eth2: + addresses: + - 172.16.7.61/24 + eth3: + addresses: + - 192.168.99.61/24 + tags: + - key: "AnsibleGroup" + value: "osds" + - key: "ostype" + value: "rhel" + - key: "instance_filter" + value: "{{ env_type }}-{{ guid }}" + - key: ansible_python_interpreter + value: /usr/libexec/platform-python + disks: + - metadata: + name: "INSTANCENAME-{{ guid }}2" + spec: + source: + blank: {} + pvc: + accessModes: + - ReadWriteMany + volumeMode: Block + resources: + requests: + storage: "10Gi" + - metadata: + name: "INSTANCENAME-{{ guid }}3" + spec: + source: + blank: {} + pvc: + accessModes: + - ReadWriteMany + volumeMode: Block + resources: + requests: + storage: "10Gi" + - metadata: + name: "INSTANCENAME-{{ guid }}4" + spec: + source: + blank: {} + pvc: + accessModes: + - ReadWriteMany + volumeMode: Block + resources: + requests: + storage: "10Gi" + - metadata: + name: "INSTANCENAME-{{ guid }}5" + spec: + source: + blank: {} + pvc: + accessModes: + - ReadWriteMany + volumeMode: Block + resources: + requests: + storage: "10Gi" + services: + - name: ceph-node01-svc + ports: + - port: 443 + protocol: TCP + targetPort: 8443 + name: ceph-node01-https + routes: + - name: ceph-node01-https + host: ceph-node01 + service: ceph-node01-svc + targetPort: 443 + tls: true + + + - name: "ceph-node02" + cores: 2 + memory: "4G" + public_dns: false + dns_loadbalancer: false + floating_ip: false + image: "{{ lab_instance_image }}" + image_size: "20G" + networks: + - default + - public + - admin + - storage + networkdata: | + version: 2 + ethernets: + eth1: + addresses: + - 192.168.56.62/24 + eth2: + addresses: + - 172.16.7.62/24 + eth3: + addresses: + - 192.168.99.62/24 + tags: + - key: "AnsibleGroup" + value: "osds" + - key: "ostype" + value: "rhel" + - key: "instance_filter" + value: "{{ env_type }}-{{ guid }}" + - key: ansible_python_interpreter + value: /usr/libexec/platform-python + disks: + - metadata: + name: "INSTANCENAME-{{ guid }}2" + spec: + source: + blank: {} + pvc: + accessModes: + - ReadWriteMany + volumeMode: Block + resources: + requests: + storage: "10Gi" + - metadata: + name: "INSTANCENAME-{{ guid }}3" + spec: + source: + blank: {} + pvc: + accessModes: + - ReadWriteMany + volumeMode: Block + resources: + requests: + storage: "10Gi" + - metadata: + name: "INSTANCENAME-{{ guid }}4" + spec: + source: + blank: {} + pvc: + accessModes: + - ReadWriteMany + volumeMode: Block + resources: + requests: + storage: "10Gi" + - metadata: + name: "INSTANCENAME-{{ guid }}5" + spec: + source: + blank: {} + pvc: + accessModes: + - ReadWriteMany + volumeMode: Block + resources: + requests: + storage: "10Gi" + + - name: "ceph-node03" + cores: 2 + memory: "4G" + public_dns: false + dns_loadbalancer: false + floating_ip: false + image: "{{ lab_instance_image }}" + image_size: "20G" + networks: + - default + - public + - admin + - storage + networkdata: | + version: 2 + ethernets: + eth1: + addresses: + - 192.168.56.63/24 + eth2: + addresses: + - 172.16.7.63/24 + eth3: + addresses: + - 192.168.99.63/24 + tags: + - key: "AnsibleGroup" + value: "osds" + - key: "ostype" + value: "rhel" + - key: "instance_filter" + value: "{{ env_type }}-{{ guid }}" + - key: ansible_python_interpreter + value: /usr/libexec/platform-python + disks: + - metadata: + name: "INSTANCENAME-{{ guid }}2" + spec: + source: + blank: {} + pvc: + accessModes: + - ReadWriteMany + volumeMode: Block + resources: + requests: + storage: "10Gi" + - metadata: + name: "INSTANCENAME-{{ guid }}3" + spec: + source: + blank: {} + pvc: + accessModes: + - ReadWriteMany + volumeMode: Block + resources: + requests: + storage: "10Gi" + - metadata: + name: "INSTANCENAME-{{ guid }}4" + spec: + source: + blank: {} + pvc: + accessModes: + - ReadWriteMany + volumeMode: Block + resources: + requests: + storage: "10Gi" + - metadata: + name: "INSTANCENAME-{{ guid }}5" + spec: + source: + blank: {} + pvc: + accessModes: + - ReadWriteMany + volumeMode: Block + resources: + requests: + storage: "10Gi" diff --git a/ansible/configs/ceph5-playground/destroy_env.yml b/ansible/configs/ceph5-playground/destroy_env.yml new file mode 100644 index 00000000000..12e764192ac --- /dev/null +++ b/ansible/configs/ceph5-playground/destroy_env.yml @@ -0,0 +1,3 @@ +--- +- name: Import default destroy playbook + import_playbook: ../../cloud_providers/{{cloud_provider}}_destroy_env.yml diff --git a/ansible/configs/ceph5-playground/post_infra.yml b/ansible/configs/ceph5-playground/post_infra.yml new file mode 100644 index 00000000000..a3fbade8df4 --- /dev/null +++ b/ansible/configs/ceph5-playground/post_infra.yml @@ -0,0 +1,11 @@ +- name: Step 002 Post Infrastructure + hosts: localhost + connection: local + become: false + gather_facts: false + tags: + - step002 + - post_infrastructure + tasks: + - debug: + msg: "Step 002 Post Infrastructure" diff --git a/ansible/configs/ceph5-playground/post_software.yml b/ansible/configs/ceph5-playground/post_software.yml new file mode 100644 index 00000000000..b4edad42bd6 --- /dev/null +++ b/ansible/configs/ceph5-playground/post_software.yml @@ -0,0 +1,46 @@ +--- +- name: Step 00xxxxx post software + hosts: support + gather_facts: false + become: true + tasks: + - debug: + msg: "Post-Software tasks Started" + +- name: Print out information for the user to consume the lab + hosts: localhost + gather_facts: false + become: false + tasks: + - name: Print Student Information + when: + - install_student_user | bool + - cloud_provider == "openshift_cnv" + block: + - name: Store bastion hostname as a fact + set_fact: + bastion_hostname: "{{groups['bastions'].0 }}" + - name: Report user info + agnosticd_user_info: + msg: "{{ item }}" + loop: + - "You can access your bastion via SSH:" + - "ssh {{ student_name }}@{{ openshift_cnv_ssh_address }} -p {{ hostvars[groups['bastions'][0]].bastion_ssh_port }}" + - "" + - "Make sure you use the username '{{ student_name }}' and the password '{{ hostvars[bastion_hostname]['student_password'] }}' when prompted." + - "" + - "Port 6443 of ceph-mon01 is accessible from here: https://ceph-mon01.{{ guid }}.{{ sandbox_openshift_apps_domain }}" + - "" + - "Port 6443 of ceph-node01 is accessible from here: https://ceph-node01.{{ guid }}.{{ sandbox_openshift_apps_domain }}" + + +- name: PostSoftware flight-check + hosts: localhost + connection: local + gather_facts: false + become: false + tags: + - post_flight_check + tasks: + - debug: + msg: "Post-Software checks completed successfully" diff --git a/ansible/configs/ceph5-playground/pre_infra.yml b/ansible/configs/ceph5-playground/pre_infra.yml new file mode 100644 index 00000000000..02233e98997 --- /dev/null +++ b/ansible/configs/ceph5-playground/pre_infra.yml @@ -0,0 +1,30 @@ +- name: Step 000 Pre Infrastructure + hosts: localhost + connection: local + gather_facts: false + become: false + tags: + - step001 + - pre_infrastructure + - generate_env_keys + tasks: + - debug: + msg: "Step 000 Pre Infrastructure" + + - name: Generate SSH keys + shell: ssh-keygen -b 2048 -t rsa -f "{{output_dir}}/{{env_authorized_key}}" -q -N "" + args: + creates: "{{output_dir}}/{{env_authorized_key}}" + when: set_env_authorized_key | bool + + - name: fix permission + file: + path: "{{output_dir}}/{{env_authorized_key}}" + mode: 0400 + when: set_env_authorized_key | bool + + - name: Generate SSH pub key + shell: ssh-keygen -y -f "{{output_dir}}/{{env_authorized_key}}" > "{{output_dir}}/{{env_authorized_key}}.pub" + args: + creates: "{{output_dir}}/{{env_authorized_key}}.pub" + when: set_env_authorized_key | bool diff --git a/ansible/configs/ceph5-playground/pre_software.yml b/ansible/configs/ceph5-playground/pre_software.yml new file mode 100644 index 00000000000..86c55dd7d4d --- /dev/null +++ b/ansible/configs/ceph5-playground/pre_software.yml @@ -0,0 +1,100 @@ +# Cloudformation template or equivalent should tag all hosts with Project:{{ env_type }}-{{ guid }} + +- name: Configure all hosts with Repositories, Common Files and Set environment key + hosts: + - all:!windows + become: true + gather_facts: False + roles: + - { role: "set-repositories", when: 'repo_method is defined' } + tags: + - step004 + - common_tasks + +- name: Install Common packages and Set environment key + hosts: + - all:!windows + become: true + gather_facts: false + roles: + - { role: "common", when: 'install_common' } + - { role: "set_env_authorized_key", when: 'set_env_authorized_key' } + tags: + - step004 + - common_tasks + +- name: Configure firewalld + hosts: bastions + become: true + tasks: + - name: Install firewalld + ansible.builtin.yum: + name: firewalld + state: installed + - name: 'Ensure firewalld is running' + ansible.builtin.service: + name: firewalld + state: started + enabled: true + + - ansible.posix.firewalld: + masquerade: true + state: enabled + permanent: true + immediate: true + zone: public + +- name: Configuring Bastion Hosts + hosts: bastions + become: true + roles: + - { role: "bastion", when: 'install_bastion' } + - role: bastion-student-user + when: install_student_user | bool + tags: + - step004 + - bastion_tasks + +- name: Copy SSH RSA to cloud-user + hosts: bastions + become: true + tasks: + - copy: + src: /root/.ssh/{{env_authorized_key}}.pem + dest: /home/cloud-user/.ssh/id_rsa + owner: cloud-user + group: cloud-user + mode: 0400 + remote_src: yes + when: cloud_provider == "osp" + tags: + - step004 + - bastion_tasks + +- name: Copy SSH RSA to ec2-user + hosts: bastions + become: true + tasks: + - copy: + src: /root/.ssh/{{env_authorized_key}}.pem + dest: /home/ec2-user/.ssh/id_rsa + owner: ec2-user + group: ec2-user + mode: 0400 + remote_src: yes + when: cloud_provider == "ec2" + tags: + - step004 + - bastion_tasks + + +- name: PreSoftware flight-check + hosts: localhost + connection: local + gather_facts: false + become: false + tags: + - flight_check + tasks: + - debug: + msg: "Pre-Software checks completed successfully" diff --git a/ansible/configs/ceph5-playground/requirements.yml b/ansible/configs/ceph5-playground/requirements.yml new file mode 100644 index 00000000000..ab19794c629 --- /dev/null +++ b/ansible/configs/ceph5-playground/requirements.yml @@ -0,0 +1,8 @@ +--- +collections: + - name: community.general + version: 4.6.1 + - name: ansible.posix + version: 1.3.0 + - name: kubevirt.core + version: 1.1.0 diff --git a/ansible/configs/ceph5-playground/software.yml b/ansible/configs/ceph5-playground/software.yml new file mode 100644 index 00000000000..22cfa74c279 --- /dev/null +++ b/ansible/configs/ceph5-playground/software.yml @@ -0,0 +1,64 @@ +--- +- name: Step 00xxxxx software + hosts: localhost + gather_facts: false + become: false + tasks: + - debug: + msg: "Software tasks Started" + +- name: Configure /etc/hosts for openshift_cnv + hosts: all + become: true + gather_facts: true + tasks: + - name: Configure /etc/hosts + when: cloud_provider == "openshift_cnv" + ansible.builtin.blockinfile: + path: /etc/hosts + block: | + ## Public Network -.example.com ## + 192.168.56.252 workstation.example.com workstation-{{ guid }}.example.com + #192.168.56.24 proxy01.example.com + #192.168.56.25 proxy02.example.com + 192.168.56.61 ceph-node01.example.com + 192.168.56.62 ceph-node02.example.com + 192.168.56.63 ceph-node03.example.com + 192.168.56.64 ceph-mon01.example.com + 192.168.56.65 ceph-mon02.example.com + 192.168.56.66 ceph-mon03.example.com + #192.168.56.80 haproxy01.example.com + + ## Admin Network - example.com ## + 172.16.7.252 workstation + #172.16.7.24 proxy01 + #172.16.7.25 proxy02 + 172.16.7.61 ceph-node01 + 172.16.7.62 ceph-node02 + 172.16.7.63 ceph-node03 + 172.16.7.64 ceph-mon01 + 172.16.7.65 ceph-mon02 + 172.16.7.66 ceph-mon03 + #172.16.7.80 haproxy01 + + ## Storage Network - stornet.example.com + 192.168.99.252 workstation-{{ guid }}.stornet.example.com + 192.168.99.61 ceph-node01 + 192.168.99.62 ceph-node02 + 192.168.99.63 ceph-node03 + 192.168.99.64 ceph-mon01 + 192.168.99.65 ceph-mon02 + 192.168.99.66 ceph-mon03 + #192.168.99.71 proxy01.stornet.example.com + #192.168.99.72 proxy02.stornet.example.com + +- name: Software flight-check + hosts: localhost + connection: local + gather_facts: false + become: false + tags: + - post_flight_check + tasks: + - debug: + msg: "Software checks completed successfully"