microshift-io · eslutsky · Jun 19, 2025 · Jun 2, 2025 · pmtk · Jun 3, 2025
@@ -0,0 +1 @@
+output/
@@ -0,0 +1,34 @@
+# Ansible Roles for MicroShift/OKD Bootc Installation
+
+This repository contains Ansible roles for provisioning and managing MicroShift or OKD Bootc installations.
+
+## Roles
+### `microshift-okd-download`
+This role downloads MicroShift released assets (RPMs) from `microshift-io` GitHub [repository](https://github.com/microshift-io/microshift/releases).
+#### Variables
+* `download_path`: (String) The local path where artifacts should be downloaded.
+### `microshift-okd-bootc`
+This role is responsible for building and running MicroShift okd inside a bootc podman container , based on the downloaded artifacts from `microshift-okd-download` role.
+
+
+## Usage Example downloading and building container with the downloaded RPMs
+  - create example inventory file (inventory.ini)
+
+    ```
+    microshift-vm ansible_user=ec2-user ansible_ssh_private_key_file=~/.ssh/id_rsa
+    ```
+
+  - create a playbook (build-microshift.yaml)
+    ```yaml
+    - hosts: microshift-vm
+      roles:
+        - role: microshift-okd-download
+          download_path: "/var/tmp/microshift_rpms"
+        - role: microshift-okd-bootc
+          microshift_download_dir: "/var/tmp/microshift_rpms"
+
+    ```
+  - run the playbook
+    ```bash
+    ansible-playbook build-microshift.yaml -i inventory.ini
+    ```
@@ -0,0 +1,27 @@
+#!/bin/bash
+
+
+repo_path=$1
+
+USHIFT_LOCAL_REPO_FILE=/etc/yum.repos.d/microshift-local.repo
+OCP_MIRROR_REPO_FILE=/etc/yum.repos.d/openshift-mirror-beta.repo
+
+    cat > "${USHIFT_LOCAL_REPO_FILE}" <<EOF
+[microshift-local]
+name=MicroShift Local Repository
+baseurl=${repo_path}
+enabled=1
+gpgcheck=0
+skip_if_unavailable=0
+EOF
+
+    cat > "${OCP_MIRROR_REPO_FILE}" <<EOF
+[openshift-mirror-beta]
+name=OpenShift Mirror Beta Repository
+baseurl=https://mirror.openshift.com/pub/openshift-v4/$(uname -m)/dependencies/rpms/4.19-el9-beta/
+enabled=1
+gpgcheck=0
+skip_if_unavailable=0
+EOF
+
+
@@ -0,0 +1,38 @@
+---
+# --- Tasks to build a container image with the downloaded asset ---
+
+- name: Define MicroShift image name and tag
+  ansible.builtin.set_fact:
+    _microshift_image_name: "microshift-asset-image"
+    _microshift_image_tag: "{{ (_microshift_release_info.tag | default(microshift_version) | replace('v', '')) if _microshift_release_info is defined and _microshift_release_info.tag is defined else (microshift_version | replace('v', '')) }}"
+  when: microshift_asset_filename is defined # Ensure download tasks were intended to run
+
+- name: Ensure podman is installed
+  ansible.builtin.package:
+    name: podman
+    state: present
+  become: true
+  when: microshift_asset_filename is defined # Only if we are building an image
+
+- name: Create Containerfile in the download directory for the image build
+  ansible.builtin.template:
+    dest: "{{ microshift_download_dir }}/Containerfile"
+    src: "templates/Containerfile.template"
+    mode: '0644'
+  when: microshift_asset_filename is defined and _microshift_image_tag is defined
+
+- name: copy create_repos.sh
+  ansible.builtin.copy:
+    dest: "{{ microshift_download_dir }}/create_repos.sh"
+    src: "files/create_repos.sh"
+
+- name: Build MicroShift asset image using podman
+  containers.podman.podman_image:
+    name: "{{ _microshift_image_name }}"
+    tag: "{{ _microshift_image_tag }}"
+    path: "{{ microshift_download_dir }}"  # Build context (contains Containerfile and asset)
+    build:
+      file: "{{ microshift_download_dir }}/Containerfile"
+    state: build # Ensures the image is built
+  when: microshift_asset_filename is defined and _microshift_image_tag is defined
+  become: true
@@ -0,0 +1,46 @@
+
+# --- Tasks to download kubeconfig from the MicroShift container ---
+---
+- name: Define kubeconfig paths
+  ansible.builtin.set_fact:
+    _kubeconfig_container_src_path: "/var/lib/microshift/resources/kubeadmin/{{ ansible_host }}/kubeconfig"
+    _kubeconfig_remote_tmp_path: "/tmp/kubeconfig_{{ ansible_host }}"
+    _kubeconfig_local_dest_dir: "{{ playbook_dir | default('.') }}/fetched_kubeconfigs" # Default to current dir if playbook_dir is not set
+
+- name: Ensure local destination directory for kubeconfig exists
+  ansible.builtin.file:
+    path: "{{ _kubeconfig_local_dest_dir }}"
+    state: directory
+    mode: '0755'
+  delegate_to: localhost
+  become: false # Ensure this runs as the original user on localhost
+  run_once: true # Only create the directory once if running against multiple hosts
+
+- name: Copy kubeconfig from container to remote host's temporary location
+  ansible.builtin.command:
+    cmd: "podman cp microshift-okd:{{ _kubeconfig_container_src_path }} {{ _kubeconfig_remote_tmp_path }}"
+  become: true
+  register: _podman_cp_result
+  changed_when: _podman_cp_result.rc == 0
+  failed_when: _podman_cp_result.rc != 0 and "No such container" not in _podman_cp_result.stderr and "No such file or directory" not in _podman_cp_result.stderr
+  # Allow to proceed if file/container not found, but fetch will fail later if so.
+  # More robust error handling might be needed based on exact requirements.
+
+- name: Fetch kubeconfig from remote host to localhost
+  ansible.builtin.fetch:
+    src: "{{ _kubeconfig_remote_tmp_path }}"
+    dest: "{{ _kubeconfig_local_dest_dir }}/kubeconfig"
+    flat: yes
+  become: true # May be needed if the tmp file requires root to read
+  when: _podman_cp_result.rc == 0 # Only attempt fetch if copy succeeded
+
+- name: Print KUBECONFIG
+  debug:
+    msg: "export KUBECONFIG={{ _kubeconfig_local_dest_dir }}/kubeconfig"
+
+- name: Remove temporary kubeconfig from remote host
+  ansible.builtin.file:
+    path: "{{ _kubeconfig_remote_tmp_path }}"
+    state: absent
+  become: true
+  when: _podman_cp_result.rc == 0 # Only attempt delete if copy succeeded
@@ -0,0 +1,13 @@
+---
+
+- name: prepare topolvm backend
+  ansible.builtin.include_tasks: topolvm.yaml
+
+- name: build microshift bootc containers from released rpms
+  ansible.builtin.include_tasks: build.yaml
+
+- name: run microshift bootc container
+  ansible.builtin.include_tasks: run.yaml
+
+- name: fetch kubeconfig from bootc container
+  ansible.builtin.include_tasks: fetch-kubeconfig.yaml
@@ -0,0 +1,23 @@
+---
+
+- name: Run a bootc container
+  containers.podman.podman_container:
+    name: "microshift-okd"
+    image: "{{ _microshift_image_name }}:{{ _microshift_image_tag }}"
+    state: started
+    privileged: true
+    hostname: "{{ ansible_host }}"
+    network: host
+    volume:
+      - /dev:/dev:rslave
+    ports:
+      - "6443:6443"
+
+  become: true
+
+- name: waiting for the healthcheck to be completed
+  containers.podman.podman_container_exec:
+    name: microshift-okd
+    command: "microshift healthcheck --namespace topolvm-system --deployments topolvm-controller"
+    workdir: /
+  become: true
@@ -0,0 +1,72 @@
+---
+- name: Ensure lvm2 package is present
+  ansible.builtin.package:
+    name: lvm2
+    state: present
+  become: true
+
+- name: Define target size for lvmdisk
+  ansible.builtin.set_fact:
+    _lvmdisk_target_size_str: "{{ lvm_disk_size_in_giga }}G"
+    _lvmdisk_target_size_bytes: "{{ lvm_disk_size_in_giga * 1024 * 1024 * 1024 }}"
+
+- name: check /tmp/lvmdisk  file exists
+  ansible.builtin.stat:
+    path: /tmp/lvmdisk
+  register: _lvmdisk_stat
+
+- name: Create/truncate /tmp/lvmdisk to {{ _lvmdisk_target_size_str }}
+  ansible.builtin.command:
+    cmd: "truncate --size={{ _lvmdisk_target_size_str }} /tmp/lvmdisk"
+  when: not _lvmdisk_stat.stat.exists or _lvmdisk_stat.stat.size != _lvmdisk_target_size_bytes
+  become: true
+  changed_when: true 
+
+- name: Check if /tmp/lvmdisk is already associated with a loop device
+  ansible.builtin.shell:
+    cmd: "losetup -j /tmp/lvmdisk | head -n1 | cut -d: -f1 | tr -d '\n'"
+  register: _associated_loop_device
+  changed_when: false
+  failed_when: false # rc!=0 if not associated, stdout will be empty
+  become: true
+
+- name: Set up loop device for /tmp/lvmdisk if not already associated
+  ansible.builtin.command:
+    cmd: "losetup --show -f /tmp/lvmdisk"  # --show prints the device name
+  when: _associated_loop_device.stdout == ""
+  register: _losetup_output # Contains stdout with device name if run
+  changed_when: true # This command makes a change
+  become: true
+
+- name: Determine the loop device path
+  ansible.builtin.set_fact:
+    loop_device_path: >-
+      {% if _associated_loop_device.stdout | trim != "" -%}
+      {{ _associated_loop_device.stdout | trim }}
+      {%- elif _losetup_output is defined and _losetup_output.stdout is defined and _losetup_output.stdout | trim != "" -%}
+      {{ _losetup_output.stdout | trim }}
+      {%- else -%}
+      ""
+      {%- endif %}
+- name: Setup VG
+  block:
+  - name: Debug loop device path
+    ansible.builtin.debug:
+      var: loop_device_path
+  - name: Create volume group 'myvg1' on {{ loop_device_path }}
+    community.general.lvg:
+      vg: myvg1
+      pvs: "{{ loop_device_path }}"
+      state: present
+      force: true # Corresponds to vgcreate -f. Use with care if PVs might be in use by other VGs.
+    become: true
+
+  - name: Create {{ lvm_thinpool_size_giga }}G thin pool 'thinpool' in volume group 'myvg1'
+    community.general.lvol:
+      vg: myvg1
+      lv: thinpool
+      size: "{{ lvm_thinpool_size_giga }}G"
+      opts: "--type thin-pool" # This creates a thin pool
+    become: true
+  # when belongs to block
+  when: loop_device_path != "" # Ensures VG creation was attempted
@@ -0,0 +1,16 @@
+      # Containerfile to package the downloaded MicroShift asset
+      FROM quay.io/centos-bootc/centos-bootc:stream9
+
+      COPY . /opt/
+      ENV KUBECONFIG=/var/lib/microshift/resources/kubeadmin/kubeconfig
+
+      LABEL name="{{ _microshift_image_name }}"
+      LABEL version="{{ _microshift_image_tag }}"
+      LABEL description="Image containing MicroShift {{ _microshift_image_tag }}"
+      RUN dnf -y install createrepo unzip
+      RUN cd /opt && unzip {{ microshift_asset_filename }} && createrepo .
+      RUN bash /opt/create_repos.sh /opt
+      RUN dnf -y install microshift microshift-topolvm ; \
+        dnf install -y microshift-flannel ; \
+        systemctl disable openvswitch ; \
+        systemctl enable microshift ; \
@@ -0,0 +1,17 @@
+# Example for defaults/main.yml or vars/main.yml
+microshift_version: "latest"  # Use "latest" or specify a tag like "4.19.0"
+microshift_github_owner: "microshift-io"
+microshift_github_repository: "microshift"
+# The filename of the asset you want to download from the release.
+# You can make this dynamic, e.g., using ansible_facts.architecture:
+# microshift_asset_filename: "microshift-{{ ansible_facts.architecture }}.zip"
+microshift_asset_filename: "microshift-x86_64.zip" # Matching your original example
+# Directory where the asset will be downloaded.
+microshift_download_dir: "./cache/microshift_assets"
+# size of the lvm loopback disk
+lvm_disk_size_in_giga: 20
+
+# logical volume group name
+# WARNING: the name is default for the topolvm driver,it shouldn't be changed.
+lvm_vg_name: myvg1
+lvm_thinpool_size_giga: 6
@@ -0,0 +1,37 @@
+---
+# Variables for these tasks would typically be in roles/your_role_name/defaults/main.yml or vars/main.yml
+# Example variables:
+
+- name: Ensure download directory exists
+  ansible.builtin.file:
+    path: "{{ microshift_download_dir }}"
+    state: directory
+    mode: '0755'
+
+- name: Define MicroShift download destination path
+  ansible.builtin.set_fact:
+    _microshift_download_dest_path: "{{ microshift_download_dir }}/{{ microshift_asset_filename }}"
+
+- name: Get MicroShift release information
+  vars:
+    _gh_action: "{{ 'latest_release' if microshift_version == 'latest' else 'release_for_tag' }}"
+    # omit tag parameter if we are fetching the latest release, as it's not applicable
+    _gh_tag: "{{ microshift_version if microshift_version != 'latest' else omit }}"
+  community.general.github_release:
+    user: "{{ microshift_github_owner }}"
+    repo: "{{ microshift_github_repository }}"
+    action: "{{ _gh_action }}"
+    tag: "{{ _gh_tag }}"
+  register: _microshift_release_info
+  delegate_to: localhost
+
+- name: Extract MicroShift asset download URL
+  ansible.builtin.set_fact:
+    _microshift_asset_url: "{{ release_base_url }}/{{ _microshift_release_info.tag }}/{{ microshift_asset_filename }}"
+
+- name: "Download MicroShift '{{ microshift_version }}' release asset: {{ _microshift_release_info.tag }}"
+  ansible.builtin.get_url:
+    url: "{{ _microshift_asset_url }}"
+    dest: "{{ _microshift_download_dest_path }}"
+    mode: '0644'  # Permissions for the downloaded file (e.g., a zip file)
+  when: _microshift_asset_url is not none
@@ -0,0 +1,11 @@
+# Example for defaults/main.yml or vars/main.yml
+microshift_version: "latest"  # Use "latest" or specify a tag like "4.19.0"
+microshift_github_owner: "microshift-io"
+microshift_github_repository: "microshift"
+# The filename of the asset you want to download from the release.
+# You can make this dynamic, e.g., using ansible_facts.architecture:
+# microshift_asset_filename: "microshift-{{ ansible_facts.architecture }}.zip"
+microshift_asset_filename: "microshift-x86_64.zip" # Matching your original example
+# Directory where the asset will be downloaded.
+microshift_download_dir: "./cache/microshift_assets"
+release_base_url: "https://github.com/microshift-io/microshift/releases/download/"