Ansible playbooks to run ansible on a remote "openshift control" what will run `openshift-ansible`_ to deploy a cluster.
The `openshift-ansible`_ playbooks require that various tasks be run on
localhost
in order to build their internal abstracted representation of the
inventory list. Running potentially arbitrary code from external sources on a
bastion host (which is what localhost
would be as the ansible control
machine) is often frowned upon. The goal here is to allow for the deployment of
`openshift-ansible`_ via an intermediate host.
+---------------+ +-------------------+ | | | | | bastion host +----[ansible]----->| openshift control | | | | | +---------------+ +---------+---------+ | | [ansible] | | V +--------------------------------------------------------------------------+ | | | openshift cluster | | | | +-----------+ +-----------+ +-----------+ | | | | | | | | | | | openshift | ...[masters] | openshift | | openshift | ...[nodes] | | | master | | node | | node | | | | | | | | | | | +-----------+ +-----------+ +-----------+ | | | +--------------------------------------------------------------------------+
You will need to configure the inventory file inventory/inventory
to contain
the host names of the openshift control host and the various hosts for
openshift masters and openshift nodes. The group names for the masters inventory
list and the nodes inventory list needs to match the group names for
openshift_cluster_masters_group
and openshift_cluster_nodes_group
in the
file vars/variables.yml
. The inventory used on the openshift control host is
generated using the template templates/cluster-inventory.j2
and by default
the master nodes are also used for various openshift infrastructure components
of the cluster and if there are desired changes for the openshift configuration
as per the OpenShift Advanced Configuration Guide, they should be made to
that template.
Note
There is a requirement to setup the SSH keys such that the bastion host can passwordless ssh into the openshift control host and such that the openshift control host can passwordless ssh into each of the hosts in the openshift cluster. This is outside the scope of this document.
Then you can run the playbook to run the playbook:
ansible-playbook ansible-ansible-openshift-ansible.yml -i inventory/inventory