Changes to handle creation of AgentServiceConfig, Hosted Control Plan…

…e and InfraEnv for agent based hypershift installation (#119)

Installs prerequisites on kvm host and will Create AgentServiceConfig,
Hosted Control Plane and InfraEnv for the
agent based hypershift installation

---------

Signed-off-by: DAMISETTI-VEERABHADRARAO <damisetti.veerabhadrarao@ibm.com>
Co-authored-by: Jacob Emery <jacob.emery@ibm.com>

docs/run-the-playbooks-for-hypershift.md

@@ -0,0 +1,75 @@
+# Run the Playbooks
+## Prerequisites
+* Running OCP Cluster ( Management Cluster ) 
+* Multi Cluster Engine (MCE) Operator installed on Management Cluster.
+* MCE instance created and hypershift-preview component enabled.
+* KVM host with root user access
+
+## Initial Setup for Hypershift
+* Navigate to the [root folder of the cloned Git repository](https://github.com/IBM/Ansible-OpenShift-Provisioning) in your terminal (`ls` should show [ansible.cfg](https://github.com/IBM/Ansible-OpenShift-Provisioning/blob/main/ansible.cfg)).
+
+* First playbook to be run is setup_for_hypershift.yaml which will create inventory file for hypershift and will add ssh key to the kvm host.
+###### Note:
+* If you are running this first time, it will prompt for the password for kvm host for the selected user.
+* Enter password of kvm host to establish SSH key-based authentication.
+* Run this shell command:
+```
+ansible-playbook playbooks/setup_for_hypershift.yaml
+```
+
+## Setup Ansible Vault for Management Cluster Credentials
+### Overview
+* Creating an encrypted file for storing Management Cluster Credentials.
+### Steps:
+* The ansible-vault create command is used to create the encrypted file.
+* Create an encrypted file in playbooks directory and set the Vault password ( Below command will prompt for setting Vault password).
+```
+ansible-vault create playbooks/secrets.yaml
+``` 
+
+* Give the credentials of Management Cluster in the encrypted file (created above) in following format.
+```
+api_server: '<api-server-url>:<port>'
+user_name: '<username>'
+password: '<password>'
+```
+
+* You can edit the encrypted file using below command
+```
+ansible-vault edit playbooks/secrets.yaml
+``` 
+* Make sure you entered Manamegement cluster credenitails properly ,incorrect credentails will cause problem while logging in to the cluster in further steps.
+
+## Create Hosted Cluster 
+* Here is the playbook which handle the creation of Hosted Cluster using Hypershift , full descriptions of each can be found further down the page.
+    * create_hosted_cluster.yaml ([code](https://github.com/veera-damisetti/Ansible-OpenShift-Provisioning/blob/main/playbooks/create_hosted_cluster.yaml))
+* Run this shell command to run the create_hosted_cluster.yaml playbook:
+```
+ansible-playbook playbooks/create_hosted_cluster.yaml
+```
+
+
+* Watch Ansible as it completes the installation, correcting errors if they arise.
+* To look at what tasks are running in detail, open the playbook or roles/role-name/tasks/main.yaml
+
+# Description for Playbooks
+
+## setup_for_hypershift Playbook
+### Overview
+* First-time setup of the Ansible Controller,the machine running Ansible.
+### Outcomes
+* Inventory file for hypershift to be created.
+* SSH key generated for Ansible passwordless authentication.
+* Ansible SSH key is copied to kvm host.
+### Notes
+* You can use an existing SSH key as your Ansible key, or have Ansible create one for you.
+
+## create_hosted_cluster Playbook
+### Overview
+* Creating AgentServiceConfig, HostedControlPlane , InfraEnv Resources
+### Outcomes
+* Log in to Management Cluster
+* Creates AgentServiceConfig resource and required configmaps.
+* Deploys HostedControlPlane and .
+* Creates InfraEnv resource and wait till ISO generation.
+

docs/set-variables-group-vars.md

@@ -179,3 +179,29 @@
 **rhcos_live_kernel** | CoreOS kernel filename to be used for the bootstrap, control and compute nodes. | rhcos-4.12.3-s390x-live-kernel-s390x
 **rhcos_live_initrd** | CoreOS initramfs to be used for the bootstrap, control and compute nodes. | rhcos-4.12.3-s390x-live-initramfs.s390x.img
 **rhcos_live_rootfs** | CoreOS rootfs to be used for the bootstrap, control and compute nodes. | rhcos-4.12.3-s390x-live-rootfs.s390x.img
+
+## 16 - Hypershift
+**Variable Name** | **Description** | **Example**
+:--- | :--- | :---
+**hypershift.kvm_host** | IPv4 address of KVM host for hypershift <br /> ( kvm host where you want to run all oc commands and create VMs)| 192.168.10.1
+**hypershift.kvm_host_user** | User for KVM host | root
+**hypershift.bastion_hypershift** | IPv4 address for bastion of Hosted Cluster | 192.168.10.1
+**hypershift.bastion_hypershift_user** | User for bastion of Hosted Cluster | root
+**hypershift.mgmt_cluster_nameserver** | IP Address of Nameserver of Management Cluster | 192.168.10.1
+**hypershift.go_version** | Version of go you want to install on kvm_host <br /> ( It will replace existing go with this version ) | 1.19.5
+**hypershift.oc_url** | URL for OC Client that you want to install on the host | https://...<br /> ..openshift-client-linux-4.13.0-ec.4.tar.gz
+**hypershift.hcp.CLUSTERS_NAMESPACE** | Namespace for Creating Hosted Control Plane | clusters
+**hypershift.hcp.HOSTED_CLUSTER_NAME** | Name for the Hosted Cluster  | hosted0
+**hypershift.hcp.BASEDOMAIN** | Base domain for Hosted Cluster | example.com
+**hypershift.hcp.PULL_SECRET_FILE | Path for the pull secret <br /> No need to change this as we are copying the pullsecret to same file <br /> /root/ansible_workdir/auth_file | /root/ansible_workdir/auth_file
+**hypershift.hcp.OCP_RELEASE** | OCP Release version for Hosted Control Cluster and Nodepool | 4.13.0-rc.4-multi
+**hypershift.hcp.MACHINE_CIDR** | Machines CIDR for Hosted Cluster | 192.168.122.0/24
+**hypershift.hcp.ARCH** | Architecture for InfraEnv and AgentServiceConfig" | s390x
+**hypershift.hcp.PULL_SECRET** | Pull Secret of Management Cluster <br /> Make sure to enclose pull_secret in 'single quotes' | '{"auths":{"cloud.openshift<br />.com":{"auth":"b3Blb<br />...<br />4yQQ==","email":"redhat.<br />user@gmail.com"}}}'
+**hypershift.asc.URL_FOR_OCP_RELEASE_FILE** | Add URL for OCP release.txt File | https://... <br /> ..../release.txt
+**hypershift.asc.DB_VOLUME_SIZE** | DatabaseStorage Volume Size | 10Gi
+**hypershift.asc.FS_VOLUME_SIZE** | FileSystem Storage Volume Size | 10Gi
+**hypershift.asc.OCP_VERSION** | OCP Version for AgentServiceConfig | 4.13.0-ec.4
+**hypershift.asc.ISO_URL** | Give URL for ISO image | https://... <br /> ...s390x-live.s390x.iso
+**hypershift.asc.ROOT_FS_URL** | Give URL for rootfs image | https://... <br /> ... live-rootfs.s390x.img
+ *hypershift.asc.mce_namespace** | Namespace where your Multicluster Engine Operator is installed <br /> Recommended Namespace for MCE is 'multicluster-engine' <br /> Change this only if MCE is installed in other namespace | multicluster-engine

inventories/default/group_vars/all.yaml.template

@@ -156,6 +156,7 @@ env:
     controller: [ openssh, expect, sshuttle ]
     kvm: [ libguestfs, libvirt-client, libvirt-daemon-config-network, libvirt-daemon-kvm, cockpit-machines, libvirt-devel, virt-top, qemu-kvm, python3-lxml, cockpit, lvm2 ]
     bastion: [ haproxy, httpd, bind, bind-utils, expect, firewalld, mod_ssl, python3-policycoreutils, rsync ]
+    hypershift: [ make, jq, git, virt-install ]
 
 # Section 12 - OpenShift Settings
   openshift:
@@ -198,6 +199,7 @@ env:
     pass:
     path_to_keypair:
 
+
 # Section 15 - RHCOS (CoreOS)
 
 # rhcos_download_url with '/' at the end !
@@ -210,3 +212,42 @@ rhcos_os_variant: rhel8.6
 rhcos_live_kernel: "rhcos-4.12.3-s390x-live-kernel-s390x"
 rhcos_live_initrd: "rhcos-4.12.3-s390x-live-initramfs.s390x.img"
 rhcos_live_rootfs: "rhcos-4.12.3-s390x-live-rootfs.s390x.img"
+
+# Section 16 - Hypershift
+
+hypershift:
+  kvm_host: 
+  kvm_host_user:
+  bastion_hypershift: 
+  bastion_hypershift_user:
+  mgmt_cluster_nameserver:  
+
+  go_version: "1.19.5"  # Change this if you want to install any other version  of go
+  oc_url: 
+
+  #Hosted Control Plane Parameters
+
+  hcp:
+    clusters_namespace:
+    hosted_cluster_name: 
+    basedomain:
+    pull_secret_file: /root/ansible_workdir/auth_file
+    ocp_release: 
+    machine_cidr:  
+    arch: 
+    # Make sure to enclose pull_secret in 'single quotes'
+    pull_secret:
+
+
+
+  # AgentServiceConfig Parameters
+
+  asc:
+    url_for_ocp_release_file:
+    db_volume_size: 
+    fs_volume_size:
+    ocp_version:
+    iso_url:   
+    root_fs_url:
+    mce_namespace: "multicluster-engine" # This is the Recommended Namespace for Multicluster Engine operator
+

playbooks/create_hosted_cluster.yaml

@@ -0,0 +1,20 @@
+---
+
+- name: Install Prerequisites on kvm_host
+  hosts: kvm_host_hypershift
+  vars_files:
+    - "{{playbook_dir}}/secrets.yaml"
+
+  roles:
+  - install_prerequisites_host_hypershift
+
+
+
+- name: Create AgentServiceConfig Hosted Control Plane and InfraEnv
+  hosts: kvm_host_hypershift
+  vars_files:
+    - "{{playbook_dir}}/secrets.yaml"
+  roles:
+  - create_agentserviceconfig_hypershift
+  - create_hcp_InfraEnv_hypershift
+

playbooks/setup_for_hypershift.yaml

@@ -0,0 +1,8 @@
+---
+
+#----------------------------------------------------------
+
+- name: Setup on localhost
+  hosts: localhost
+  roles:
+  - create_inventory_setup_hypershift

roles/create_agentserviceconfig_hypershift/tasks/main.yaml

@@ -0,0 +1,49 @@
+---
+
+- name: Get OCP Release Version
+  shell: curl -s {{ hypershift.asc.url_for_ocp_release_file }}  | awk '/machine-os / { print $2 }'
+  register: ocp_release_version
+
+
+- name: Create Config map mirror-config ( For updating AgentServiceConfig with the brew mirror information )
+  template: 
+    src: mirror-config.yml.j2
+    dest: /root/ansible_workdir/mirror-config.yaml
+
+- name: Deploy Config map - mirror config
+  shell: oc apply -f /root/ansible_workdir/mirror-config.yaml
+
+- name: Create agenterviceconfig.yaml
+  template: 
+    src: agent_service_config.yaml.j2
+    dest: /root/ansible_workdir/agentserviceconfig.yaml
+
+- name: Deploy AgentServiceConfig
+  command: oc apply -f /root/ansible_workdir/agentserviceconfig.yaml
+
+
+- name: Create Config map for ISO_IMAGE_TYPE 
+  k8s:
+    definition:
+      apiVersion: v1
+      kind: ConfigMap
+      metadata:
+        name: my-assisted-service-config
+        namespace: "{{ hypershift.asc.mce_namespace }}"
+      data:
+        ISO_IMAGE_TYPE: 'full'
+
+- name: Add the annotation to the AgentServiceConfig
+  shell: oc annotate --overwrite AgentServiceConfig agent unsupported.agent-install.openshift.io/assisted-service-configmap=my-assisted-service-config
+
+- name: Rollout new deployment for assisted-service
+  command: oc rollout restart deployment/assisted-service -n {{ hypershift.asc.mce_namespace }}
+
+
+
+- name: Wait for Agent Service Deployment to be Succeeded
+  shell: oc get AgentServiceConfig agent -o json | jq -r '.status|.conditions[]|.status' | grep False | wc -l
+  register: asc
+  until: asc.stdout == '0'
+  retries: 60
+  delay: 20

roles/create_agentserviceconfig_hypershift/templates/agent_service_config.yaml.j2

@@ -0,0 +1,25 @@
+apiVersion: agent-install.openshift.io/v1beta1
+kind: AgentServiceConfig
+metadata:
+  name: agent
+spec:
+  mirrorRegistryRef:
+    name: mirror-config
+  databaseStorage:
+    accessModes:
+    - ReadWriteOnce
+    resources:
+      requests:
+        storage: "{{ hypershift.asc.db_volume_size}}"
+  filesystemStorage:
+    accessModes:
+    - ReadWriteOnce
+    resources:
+      requests:
+        storage: "{{ hypershift.asc.fs_volume_size }}"
+  osImages:
+    - openshiftVersion: "{{ hypershift.asc.ocp_version }}"
+      version: "{{ ocp_release_version.stdout_lines[0] }}"
+      url: "{{ hypershift.asc.iso_url }}"
+      rootFSUrl: "{{ hypershift.asc.root_fs_url }}"
+      cpuArchitecture: "{{ hypershift.hcp.arch }}"

roles/create_agentserviceconfig_hypershift/templates/mirror-config.yml.j2

@@ -0,0 +1,32 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: mirror-config
+  namespace: "{{ hypershift.asc.mce_namespace }}" # please verify that this namespace is where MCE is installed.
+  labels:
+    app: assisted-service
+data:
+  registries.conf: |
+    unqualified-search-registries = ["registry.access.redhat.com", "docker.io"]
+
+    [[registry]]
+      location = "registry.stage.redhat.io"
+      insecure = false
+      blocked = false
+      mirror-by-digest-only = true
+      prefix = ""
+
+      [[registry.mirror]]
+        location = "brew.registry.redhat.io"
+        insecure = false
+
+    [[registry]]
+      location = "registry.redhat.io/multicluster-engine"
+      insecure = false
+      blocked = false
+      mirror-by-digest-only = true
+      prefix = ""
+
+      [[registry.mirror]]
+        location = "brew.registry.redhat.io/multicluster-engine"
+        insecure = false

roles/create_hcp_InfraEnv_hypershift/tasks/main.yaml

@@ -0,0 +1,85 @@
+---
+
+- name: Getting Hosted Control Plane Namespace
+  set_fact: 
+    hosted_control_plane_namespace: "{{ hypershift.hcp.clusters_namespace }}-{{ hypershift.hcp.hosted_cluster_name }}"
+
+- name: Check if Hosted Control Plane Namespace exists 
+  k8s_info:
+    api_version: v1
+    kind: Namespace
+    name: "{{ hosted_control_plane_namespace }}"
+  register: namespace_check
+  ignore_errors: yes
+
+- name: Create Hosted Control Plane Namespace 
+  k8s:
+    api_version: v1
+    kind: Namespace
+    name: "{{ hosted_control_plane_namespace }}"
+    state: present
+  when: namespace_check.resources | length == 0 
+
+- name: Get ssh key for host
+  slurp:
+    src: "~/.ssh/{{ env.ansible_key_name }}.pub"
+  register: remote_content_encoded
+
+
+- name: Decode the ssh key 
+  set_fact:
+    ssh_key: "{{remote_content_encoded.content | b64decode |replace('\n','')}}"
+
+- name: Create a Hosted Cluster
+  command: >
+    hypershift create cluster agent 
+    --name={{ hypershift.hcp.hosted_cluster_name }} 
+    --pull-secret={{ hypershift.hcp.pull_secret_file }} 
+    --agent-namespace={{ hosted_control_plane_namespace }} 
+    --namespace={{ hypershift.hcp.clusters_namespace }} 
+    --base-domain= {{ hypershift.hcp.basedomain }} 
+    --api-server-address=api.{{ hypershift.hcp.hosted_cluster_name }}.{{ hypershift.hcp.basedomain }} 
+    --ssh-key ~/.ssh/{{ env.ansible_key_name }}.pub
+    --release-image=quay.io/openshift-release-dev/ocp-release:{{ hypershift.hcp.ocp_release }} 
+
+
+- name: Waiting for Hosted Control Plane to be available
+  command: oc wait --timeout=30m --for=condition=Available --namespace={{ hypershift.hcp.clusters_namespace }} hostedcluster/{{ hypershift.hcp.hosted_cluster_name }}
+
+- name: Wait for pods to come up in Hosted Cluster Namespace
+  shell: oc get pods -n {{ hosted_control_plane_namespace }} | wc -l
+  register: pod_count
+  until: pod_count.stdout > '25'
+  retries: 40
+  delay: 10
+
+
+- name: Wait for all pods to be in Running State in  Hosted Cluster Namespace
+  shell: oc get pods -n {{ hosted_control_plane_namespace }}  --no-headers | grep -v 'Running\|Completed\|Terminating' | wc -l
+  register: pod_status
+  until: pod_status.stdout == '0'
+  retries: 30
+  delay: 10
+
+- name: Create InfraEnv Resource
+  k8s:
+    namespace: "{{ hosted_control_plane_namespace }}"
+    definition:
+      apiVersion: agent-install.openshift.io/v1beta1
+      kind: InfraEnv
+      metadata:
+        name: "{{ hypershift.hcp.hosted_cluster_name }}"
+      spec:
+        cpuArchitecture: "{{ hypershift.hcp.arch }}"
+        pullSecretRef:
+          name: pull-secret
+        sshAuthorizedKey: "{{ssh_key}}"
+
+
+
+- name: Wait for ISO to generate in InfraEnv 
+  shell: oc get InfraEnv -n  {{ hosted_control_plane_namespace }} --no-headers
+  register: infra
+  until: infra.stdout.split(' ')[-1] != ''
+  retries: 60
+  delay: 20