Merge devel into master - Release 2021-07-27

Merge devel into master - Release 2021-07-27

README.md

@@ -39,6 +39,8 @@ When following below instructional steps, you will end with a setup similar to
 
 ## Strongly recommend: configure Hetzner Firewall
 
+**Important:** Hetzner Firewall only support IPv4 - IPv6 must be solved via the host firewall(d)!
+
 Here an example Hetzner firewall configuration:
 
 ![](images/firewall.png)
@@ -101,12 +103,50 @@ Here is an example about [_cluster.yml_](cluster-example.yml) file that contains
 |---|---|
 |cluster_name  |Name of the cluster to be installed |
 |public_domain  |Root domain that will be used for your cluster.  |
+|ip_families|Decide whether you want IPv4, IPv6 or dual-stack, detault: "['IPv4']"|
 |public_ip  |Override for public ip entries. defaults to `hostvars['localhost']['ansible_default_ipv4']['address']`. |
-|dns_provider  |DNS provider, value can be _route53_, _cloudflare_, _gcp_, _azure_ or _none_. Check __Setup public DNS records__ for more info. |
+|public_ipv6  |Override for public ip entries. defaults to `hostvars['localhost']['ansible_default_ipv6']['address']`. |
+|dns_provider  |DNS provider, value can be _route53_, _cloudflare_, _gcp_, _azure_,_transip_ or _none_. Check __Setup public DNS records__ for more info. |
 |letsencrypt_account_email  |Email address that is used to create LetsEncrypt certs. If _cloudflare_account_email_ is not present for CloudFlare DNS recods, _letsencrypt_account_email_ is also used with CloudFlare DNS account email |
 |image_pull_secret|Token to be used to authenticate to the Red Hat image registry. You can download your pull secret from https://cloud.redhat.com/openshift/install/metal/user-provisioned |
 
-## Pre-releases
+### Cluster design (single node, compact or normal)
+
+It is possible to install three different types of cluster designes: single node, compact or normal.
+
+#### Single Node
+
+Recommended `cluster.yml` settings:
+```yaml
+master_count: 1
+compute_count: 0
+masters_schedulable: true # is default
+# It's recommended to increase the master capacity too
+# master_vcpu: 4
+# master_memory_size: 16384
+# master_memory_unit: 'MiB'
+# master_root_disk_size: '120G'
+```
+
+#### Compact
+
+Recommended `cluster.yml` settings:
+```yaml
+master_count: 3
+compute_count: 0
+masters_schedulable: true # is default
+```
+
+#### Normal
+
+Recommended `cluster.yml` settings:
+```yaml
+master_count: 3
+compute_count: 2 # at least 2 recommended
+masters_schedulable: false
+```
+
+### Pre-releases
 
 [Read this if you want to deploy pre releases](docs/ocp-pre-release.md)
 
@@ -132,13 +172,14 @@ Please configure in `cluster.yml` all necessary credentials:
 |GCP|`gcp_project: project-name `<br/>`gcp_managed_zone_name: 'zone-name'`<br/>`gcp_managed_zone_domain: 'example.com.'`<br/>`gcp_serviceaccount_file: ../gcp_service_account.json` |
 |Azure|`azure_client_id: 'client_id'`<br/>`azure_secret: 'key'`<br/>`azure_subscription_id: 'subscription_id'`<br/>`azure_tenant: 'tenant_id'`<br/>`azure_resource_group: 'dns_zone_resource_group'` |
 |Hetzner|`hetzner_account_api_token: 93543ade82AA$73.....` <br>  `hetzner_zone: domain.tld`|
+|TransIP|`transip_token: eyJ0eXAiOiJKV....` <br> `transip_zone: domain.tld`|
 |none|With `dns_provider: none` the playbooks will not create public dns entries. (It will skip letsencrypt too) Please create public dns entries if you want to access your cluster.|
 
 ### Optional configuration
 
 |Variable | Default | Description |
 |---|---|---|
-|`storage_nfs`|false|Install NFS Storage with dynamic provisioning|
+|`storage_nfs`|false|Setup a local NFS server, create a Storage Class (with [nfs-subdir-external-provisioner](https://github.com/kubernetes-sigs/nfs-subdir-external-provisioner) ) pointing to it, and use that StorageClass for the internal Registry Storage|
 |`vm_autostart`|false|Create cluster VMs with `autostart` enabled|
 |`auth_redhatsso`|empty|Install Red Hat SSO, checkout  [_cluster-example.yml_](cluster-example.yml) for an example |
 |`auth_htpasswd`|empty|Install htpasswd, checkout  [_cluster-example.yml_](cluster-example.yml) for an example |

ansible/roles/letsencrypt/tasks/main.yml

@@ -119,6 +119,26 @@
   loop: "{{ challenge_data_dns | default({}) | dict2items | subelements('value') }}"
   when: le_dns_provider == "azure" and sample_com_challenge is changed
 
+- name: Create DNS record at TransIP
+  uri:
+    url: "https://api.transip.nl/v6/domains/{{ transip_zone }}/dns"
+    method: POST
+    headers:
+      Authorization: "Bearer {{ transip_token }}"
+    body_format: json
+    body:
+      dnsEntry:
+        name: "{{ item.0.key | replace( transip_zone ,'') | regex_replace('\\.$', '') }}"
+        expire: 60
+        type: TXT
+        content: "{{ item.1 }}"
+    status_code: 201
+  register: record
+  loop: "{{ challenge_data_dns | default({}) | dict2items | subelements('value') }}"
+  when: le_dns_provider == "transip" and sample_com_challenge is changed
+
+
+
 - name: DNS record info
   debug:
     msg: "{{ item.0.key }} TXT {{ item.1 }}"
@@ -212,6 +232,26 @@
   loop: "{{ challenge_data_dns | default({}) | dict2items | subelements('value') }}"
   when: le_dns_provider == "azure" and sample_com_challenge is changed
 
+
+- name: Delete DNS record at TransIP
+  uri:
+    url: "https://api.transip.nl/v6/domains/{{ transip_zone }}/dns"
+    method: DELETE
+    headers:
+      Authorization: "Bearer {{ transip_token }}"
+    body_format: json
+    body:
+      dnsEntry:
+        name: "{{ item.0.key | replace( transip_zone , '') | regex_replace('\\.$', '') }}"
+        expire: 60
+        type: TXT
+        content: "{{ item.1 }}"
+    status_code: 204
+  register: record
+  loop: "{{ challenge_data_dns | default({}) | dict2items | subelements('value') }}"
+  when: le_dns_provider == "transip" and sample_com_challenge is changed
+
+
 - name: Include DNS provider
   include: "destroy-{{ le_dns_provider }}.yml"
   when:

ansible/roles/openshift-4-cluster/defaults/main.yml

@@ -8,7 +8,12 @@ vn_name: "openshift-4-cluster"
 vn_internal_domain: "compute.local"
 vn_public_domain: "h42.openshift.pub"
 
-listen_address: "{{ hostvars['localhost']['ansible_default_ipv4']['address'] }}"
+#
+ip_families:
+  - IPv4
+
+listen_address: "{{ hostvars['localhost']['ansible_default_ipv4']['address'] | default('') }}"
+listen_address_ipv6: "{{ hostvars['localhost']['ansible_default_ipv6']['address'] | default('') }}"
 
 master_count: 3
 master_vcpu: 4
@@ -31,7 +36,7 @@ vm_autostart: false
 # Important: OpenShift version must match to RHEL CoreOS version!
 
 # reference to OpenShift version
-openshift_version: 4.7.2
+openshift_version: 4.8.2
 openshift_install_command: "/opt/openshift-install-{{ openshift_version }}/openshift-install"
 # dev-pre:
 # {{ openshift_mirror }}/pub/openshift-v4/clients/ocp-dev-preview
@@ -43,8 +48,12 @@ openshift_mirror: "https://mirror.openshift.com"
 
 openshift_location: "{{ openshift_mirror }}/pub/openshift-v4/clients/ocp/{{openshift_client_version}}"
 
+opm_version: "{{ openshift_client_version }}"
+opm_download_url: "{{ openshift_location }}/opm-linux-{{ opm_version }}.tar.gz"
+opm_dest: "/opt/openshift-client-{{ openshift_client_version }}/"
+
 # reference to coreos qcow file
-coreos_version: 4.7.0
+coreos_version: 4.8.2
 coreos_download_url: "{{ openshift_mirror }}/pub/openshift-v4/dependencies/rhcos/{{ coreos_version.split('.')[:2]|join('.') }}/{{ coreos_version }}/rhcos-{{coreos_version}}-x86_64-qemu.x86_64.qcow2.gz"
 coreos_csum_url: "{{ openshift_mirror }}/pub/openshift-v4/dependencies/rhcos/{{ coreos_version.split('.')[:2]|join('.') }}/{{ coreos_version }}/sha256sum.txt"
 
@@ -66,6 +75,9 @@ letsencrypt_disabled: false
 # helm
 helm_cli_location: "{{ openshift_mirror }}/pub/openshift-v4/clients/helm/latest/helm-linux-amd64"
 
+butane_cli_location: "{{ openshift_mirror }}/pub/openshift-v4/clients/butane/latest/butane-amd64"
+
+
 # NFS Storage
 #  storage_nfs do not support multi cluster support, it overwrites the
 #  /etc/exports

ansible/roles/openshift-4-cluster/tasks/create-ignition.yml

@@ -28,3 +28,42 @@
 
 - name: Create ignition files
   command: "{{ openshift_install_command }} --dir={{ openshift_install_dir }} create ignition-configs"
+
+# #
+# [connection]
+# ipv6.dhcp-iaid=mac
+# ipv6.dhcp-duid=ll
+- name: Create RHCOS Config
+  copy:
+    dest: "{{ openshift_install_dir }}/{{ item }}.rcc"
+    content: |
+      variant: rhcos
+      version: 0.1.0
+      ignition:
+        config:
+          merge:
+            - local: {{ item }}.ign
+      storage:
+        files:
+          - path: /etc/NetworkManager/conf.d/01-ipv6.conf
+            contents:
+              source: data:,%5Bconnection%5D%0Aipv6.dhcp-iaid%3Dmac%0Aipv6.dhcp-duid%3Dll
+            mode: 420
+            user:
+              name: root
+            overwrite: true
+  with_items:
+  - bootstrap
+  - master
+  - worker
+
+- name: Mangle ignition config
+  command: |
+    /opt/openshift-client-{{ openshift_version }}/butane \
+      --files-dir {{ openshift_install_dir }} \
+      --output {{openshift_install_dir}}/{{ item }}-extra.ign \
+      {{openshift_install_dir}}/{{ item }}.rcc
+  with_items:
+  - bootstrap
+  - master
+  - worker