acm

group_vars/all/ovirt.yaml

@@ -1,11 +1,11 @@
 ovirt:
   username: vale@internal
   ca_file: /etc/pki/ovirt-engine/ca.pem
-  password: <insert-pass-here>
+  password: valevale
   data_center: Default
   cluster: Default
-  host: ovirt.righini.local
-  engine: ovengine.righini.local
+  host: ovirt01
+  engine: ovengine01.seeweb.local
   storage:
      interface: virtio
      storage_domain: 2t_2
@@ -16,7 +16,7 @@ ovirt:
        network: vlan19
     internal:
        interface: virtio
-       profile: vlan_1
-       network: vlan_1
-       host_interface: ens786f1 #Insert oVirt host interface name
-       vlan_tag: 1
+       profile: vlan_2
+       network: vlan_2
+       host_interface: eno2 #Insert oVirt host interface name
+       vlan_tag: 2

group_vars/all/vars.yaml

@@ -2,8 +2,8 @@ networking:
   internal_network: 172.27.4.0
   internal_network_ip: 172.27.4.1
   internal_network_netmask: 255.255.255.0
-  external_dns: 172.16.0.2
-  domain_name: example1.net
+  external_dns: 172.25.0.31
+  domain_name: example2.seeweb
 
 dhcp:
   timezone: "Europe/Rome"
@@ -31,11 +31,11 @@ firewall_public_ha_proxy_port:
 
 ocp:
   user: vale
-  pass: <insert-pass-here>
+  pass: toor
   reserved_ip:
     api: 172.27.4.2
     apps: 172.27.4.3
-  cluster_name: ocp1
-  pull_secret: ''
+  cluster_name: ocp
+  pull_secret: '{"auths":{"cloud.openshift.com":{"auth":"b3BlbnNoaWZ0LXJlbGVhc2UtZGV2K3ZhbGV1YmUxZWRnczVvdHppeGlxYnJtbjNuamR0YXp3dHc6SUQxNFJOTUEyOVM4S1JMNFI3R0IzWTYxVVpRNjhOUzg4T0pXTU9KWEVJNkVCUlJSRENLVktBVUZHTklVVU8wSA==","email":"vuberti@extraordy.com"},"quay.io":{"auth":"b3BlbnNoaWZ0LXJlbGVhc2UtZGV2K3ZhbGV1YmUxZWRnczVvdHppeGlxYnJtbjNuamR0YXp3dHc6SUQxNFJOTUEyOVM4S1JMNFI3R0IzWTYxVVpRNjhOUzg4T0pXTU9KWEVJNkVCUlJSRENLVktBVUZHTklVVU8wSA==","email":"vuberti@extraordy.com"},"registry.connect.redhat.com":{"auth":"NTE0OTI0MTl8dWhjLTFFRGdzNU90ekl4SXFCUm1OM05qZHRBWnd0dzpleUpoYkdjaU9pSlNVelV4TWlKOS5leUp6ZFdJaU9pSTJaR1ExWm1JNU1UQmtaVGMwWkdJMU9EZGlNREUxTWpnek5EUXhOekJrTVNKOS52SW1Vak9LRy1heTYxc2FKNmlvaEltR1Y3NFdfNms4R25YUV9yMkNSdFVIYnlGODVQRkQyLUszZ3FsOXU1d3AxSWFfbDlPaDRJLTBTQ1hPQTZBdjN4TnVZTVlIeHZoVS1GanViVGYzQ1FvWGdkZzc1R3VWS1ZiRTZHb1RYZTliZUFqaXdtRFRmc1VGa2k5ZHd6RkVoUUtZang0VXYzc1puZy1hQk1kSVB3cVNoZHltU0k5MFlaSmJpdE5xUmd2NEV0YW9nWFZ3OVN2WmJXQ2dXNW1zZTlSMnpxM2tGZ2FjYkwwT1lMQmFtTFhxVG9BT0JRWDNJMDZNTTR3eDNsOU1VOTBZaDYxQll2VHVqcmJSd05NWFVPdEpmaW54VEFCbUhfaVBPYXMyRlhuX2xuNlJJaEQxaTBjVm1CWXctN3E1OG9xODRROFg5M2ZQZFhhLVRwcEpDLTNhaDR1aTJOakIwY0hLNVFKa2k4ZTE3ck1BdVhwdkVKTHVVM0FFazh1Y2hEbnhhTmE1UVk4UF85blp1dWZYZUNGZHVWXzRoNHdwMjJWN3dKZklSdnhlTjVuSmEzREFTQWdTb1h2VHFQSjQwcmpCZWxqQmdsMkpyeFdsb2hldnpfNUdFMEE3dTZwbGh4RjFMamlqY1ZuSDZBWi1vc3lTSWxqY244NVl1bk15blJ1cnBqd1gwOFZFNUpnMkVLclZKNTB6UURSQk1EM2RkTGw0c1BEbVJIY1dlMVRGYXhRZUlfSDlBd2QydUkxR05RclkyU0ZONWp4ZmEyaTliT0VEclFKTktZQ1RMY0NlT1pwSFJyeWJzdE8zU0IzODBoVXByaVdlNGZYOVJweWFwRE1JeXU0dmstOU9vYXBwelQyMUs1ZW9EWUFoLVBnMjZ3YVBzTEh5R0xqSQ==","email":"vuberti@extraordy.com"},"registry.redhat.io":{"auth":"NTE0OTI0MTl8dWhjLTFFRGdzNU90ekl4SXFCUm1OM05qZHRBWnd0dzpleUpoYkdjaU9pSlNVelV4TWlKOS5leUp6ZFdJaU9pSTJaR1ExWm1JNU1UQmtaVGMwWkdJMU9EZGlNREUxTWpnek5EUXhOekJrTVNKOS52SW1Vak9LRy1heTYxc2FKNmlvaEltR1Y3NFdfNms4R25YUV9yMkNSdFVIYnlGODVQRkQyLUszZ3FsOXU1d3AxSWFfbDlPaDRJLTBTQ1hPQTZBdjN4TnVZTVlIeHZoVS1GanViVGYzQ1FvWGdkZzc1R3VWS1ZiRTZHb1RYZTliZUFqaXdtRFRmc1VGa2k5ZHd6RkVoUUtZang0VXYzc1puZy1hQk1kSVB3cVNoZHltU0k5MFlaSmJpdE5xUmd2NEV0YW9nWFZ3OVN2WmJXQ2dXNW1zZTlSMnpxM2tGZ2FjYkwwT1lMQmFtTFhxVG9BT0JRWDNJMDZNTTR3eDNsOU1VOTBZaDYxQll2VHVqcmJSd05NWFVPdEpmaW54VEFCbUhfaVBPYXMyRlhuX2xuNlJJaEQxaTBjVm1CWXctN3E1OG9xODRROFg5M2ZQZFhhLVRwcEpDLTNhaDR1aTJOakIwY0hLNVFKa2k4ZTE3ck1BdVhwdkVKTHVVM0FFazh1Y2hEbnhhTmE1UVk4UF85blp1dWZYZUNGZHVWXzRoNHdwMjJWN3dKZklSdnhlTjVuSmEzREFTQWdTb1h2VHFQSjQwcmpCZWxqQmdsMkpyeFdsb2hldnpfNUdFMEE3dTZwbGh4RjFMamlqY1ZuSDZBWi1vc3lTSWxqY244NVl1bk15blJ1cnBqd1gwOFZFNUpnMkVLclZKNTB6UURSQk1EM2RkTGw0c1BEbVJIY1dlMVRGYXhRZUlfSDlBd2QydUkxR05RclkyU0ZONWp4ZmEyaTliT0VEclFKTktZQ1RMY0NlT1pwSFJyeWJzdE8zU0IzODBoVXByaVdlNGZYOVJweWFwRE1JeXU0dmstOU9vYXBwelQyMUs1ZW9EWUFoLVBnMjZ3YVBzTEh5R0xqSQ==","email":"vuberti@extraordy.com"}}}'
 
 

include/007_bastion_services.yaml

@@ -28,7 +28,7 @@
             dest: /etc/haproxy/haproxy.cfg
 
         - name: Configure {{ ansible_local.external_connection.conname }} to use {{ networking.internal_network_ip }} as DNS server
-          command: nmcli con mod '{{ ansible_local.external_connection.conname }}' ipv4.dns "{{ networking.internal_network_ip }}" 
+          command: nmcli con mod '{{ ansible_local.external_connection.conname }}' ipv4.dns "{{ networking.internal_network_ip }}" autoconnect yes
 
         - name: Refreshing {{ ansible_local.external_connection.conname }}
           shell: nmcli con down "{{ ansible_local.external_connection.conname }}"; nmcli con up "{{ ansible_local.external_connection.conname }}"

include/008_install_ocp_utilis.yaml

@@ -60,10 +60,15 @@
     - debug:
          msg: "{{  hostvars['DUMMY'].vnicProfileID }}"
 
+    - name: Creating install dir
+      file:
+        path: /root/install
+        state: directory
+
     - name: Creating install-config.yaml
       template:
         src: ../templates/install-config.j2
-        dest: /root/install-config.yaml
+        dest: /root/install/install-config.yaml
 
     - name: Extract and install ovirt CA
       shell: "{{ item }}"
@@ -106,12 +111,12 @@
       loop:
         - https://mirror.openshift.com/pub/openshift-v4/clients/ocp/latest/openshift-install-linux.tar.gz
         - https://mirror.openshift.com/pub/openshift-v4/clients/ocp/latest/openshift-client-linux.tar.gz
-
+      retries: 10
 
 
 
     - name: Waiting for install to complete (TAKE A COFFEE)
-      command: openshift-install create cluster --dir /root
+      command: openshift-install create cluster --dir /root/install
       #retries: 2000
       #delay: 30
       #register: result

include/010_add_default_admin_user.yaml

@@ -21,7 +21,7 @@
     - name: Creating yaml configuration for htpasswd identity provider
       template:
         src: ../templates/htpasswd_provider.j2
-        dest: "/root/htpasswd_provider.yaml"
+        dest: "/root/install/htpasswd_provider.yaml"
 
     - template:
         src: ../templates/ocp_user_script.j2
@@ -63,7 +63,7 @@
     - name: Try to login with admin
       command: > 
                /usr/bin/oc login -u {{ ocp.user }} -p {{ ocp.pass }} 
-               https://api.{{ ocp.cluster_name }}.{{ networking.domain_name }}:6443 --config /root/auth/kubeconfig
+               https://api.{{ ocp.cluster_name }}.{{ networking.domain_name }}:6443 --kubeconfig /root/install/auth/kubeconfig
       retries: 30
       register: command
       until: command.rc == 0   

inventory

@@ -1,5 +1,5 @@
 [ovirt_engine]
-ovengine.righini.local
+ovengine01.seeweb.local
 
 [bastion]
-bastion.example1.net
+bastion.example.seeweb

templates/dnsmasq.j2

@@ -3,6 +3,9 @@ server={{ networking.external_dns }}
 ## External dns end ##
 
 
+address=/ovengine01.seeweb.local/172.25.0.36
+
+
 ## Required fqdn and wildcard for OCP ##
 address=/{{ 'api.' +  ocp.cluster_name  + '.' +  networking.domain_name }}/{{ ocp.reserved_ip.api }}
 address=/{{ 'apps.' +  ocp.cluster_name  + '.' +  networking.domain_name }}/{{ ocp.reserved_ip.apps }}

templates/ocp_user_script.j2

@@ -1,6 +1,8 @@
 #!/bin/bash
-export KUBECONFIG=/root/auth/kubeconfig
+export KUBECONFIG=/root/install/auth/kubeconfig
 htpasswd -c -B -b /tmp/user.htpasswd {{ ocp.user }} {{ ocp.pass }}
+htpasswd -B -b /tmp/user.htpasswd marco balu
 /usr/bin/oc create secret generic htpass-secret --from-file=htpasswd=/tmp/user.htpasswd -n openshift-config
-/usr/bin/oc apply -f /root/htpasswd_provider.yaml
-/usr/bin/oc adm policy add-cluster-role-to-user cluster-admin {{ ocp.user }}
+/usr/bin/oc apply -f /root/install/htpasswd_provider.yaml
+/usr/bin/oc adm policy add-cluster-role-to-user cluster-admin {{ ocp.user }}
+/usr/bin/oc adm policy add-cluster-role-to-user cluster-admin marco