Skip to content

Add crc-cloud Ansible role #195

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
praveenkumar merged 1 commit into from
Apr 22, 2025
Merged

Add crc-cloud Ansible role #195

praveenkumar merged 1 commit into from
Apr 22, 2025

Conversation

@danpawlik
Copy link
Collaborator

@danpawlik danpawlik commented Nov 6, 2024
edited by sourcery-ai bot
Loading

The Ansible tool might handle in better way how to deploy the CRC cloud.

Summary by Sourcery

Add Ansible roles to bootstrap and deploy CRC (CodeReady Containers) cloud directly on the host

New Features:

  • Implement Ansible roles for bootstrapping and deploying CRC cloud without using the crc-cloud tool
  • Create a flexible deployment mechanism for CRC in external CI environments

Enhancements:

  • Develop modular Ansible roles for CRC cloud deployment
  • Add support for custom domain configuration
  • Implement flexible authentication and certificate management

Documentation:

  • Add README.md with detailed instructions for CRC cloud deployment
  • Provide documentation on bootstrapping CRC without using the native crc-cloud tool

@danpawlik danpawlik force-pushed the add-ansible-role branch 4 times, most recently from fe40ace to 858d3dd Compare November 6, 2024 15:41
@praveenkumar
Copy link
Member

praveenkumar commented Nov 11, 2024

Ansible is not able to programmatically set infra and then provision which pulumi provides. ( cc @adrianriobo for more info around using pulumi over ansible)

@adrianriobo
Copy link
Contributor

adrianriobo commented Nov 11, 2024
edited
Loading

@danpawlik do you mean the steps insde the VM to set and ensure the cluster is running or the provisioning?

@danpawlik
Copy link
Collaborator Author

danpawlik commented Nov 22, 2024
edited
Loading

So there can be a basic way to run the ansible to setup the cluster.
PoC command:

git clone https://github.com/crc-org/crc-cloud

PULL_SECRET=$(cat $PULL_SECRET_FILE_PATH)
HOST_IP=$(ip route get 1.2.3.4 | awk '{print $7}' | head -n1)
SYSTEM_USER=core
HOSTNAME=crc.dev

cat << EOF > /var/home/core/inventory.yaml
---
all:
  hosts:
    $HOSTNAME:
      ansible_port: 22
      ansible_host: $HOST_IP
      ansible_user: $SYSTEM_USER
  vars:
    openshift_pull_secret: |
      $PULL_SECRET
EOF

cat ~/.ssh/id_ed25519.pub >> ~/.ssh/authorized_keys

for host in localhost $HOSTNAME $HOST_IP; do
    ssh-keyscan -H $host >> ~/.ssh/known_hosts
done

podman create --name test --network host -v "/var/home/core/.kube/:/home/user/.kube:z" -v "/var/home/core/.ssh:/home/user/.ssh:z" -v "/var/home/core/inventory.yaml:/home/user/inventory.yaml" -v "/var/home/come/crc-cloud:/home/user/crc-cloud:z"   fedora:40 sleep inf

podman start test
podman exec -it test bash

# inside the container
yum install -y ansible-core sudo
useradd -U -m -s /bin/bash -u 1000 user ; echo "user ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers ; chmod 0440 /etc/sudoers ; chmod g+w /etc/passwd
chown -R user:user /home/user
sudo su - user

cd crc-cloud
ansible-playbook -i /home/user/inventory.yaml ansible/playbook.yaml

With that way, there is no need to use crc-cloud binary to spawn instance (check issue: #192). The CI would be able to take crc.qcow2 image to the cloud provider, connect to it , then run the ansible playbook.

@danpawlik danpawlik force-pushed the add-ansible-role branch 3 times, most recently from e1021fc to 0af05e5 Compare December 16, 2024 10:20
@danpawlik
Copy link
Collaborator Author

danpawlik commented Dec 16, 2024

So in the README file is early how-to deploy crc cloud using the Ansible role that will be running inside the container. With that way, we don't need to wait #192 that propably it is not a priority for you.

@danpawlik danpawlik mentioned this pull request Dec 16, 2024
Open
@danpawlik danpawlik marked this pull request as ready for review April 16, 2025 13:22
@danpawlik
Copy link
Collaborator Author

danpawlik commented Apr 16, 2025

@sourcery-ai review

@sourcery-ai
Copy link

sourcery-ai bot commented Apr 16, 2025
edited
Loading

Reviewer's Guide by Sourcery

This pull request introduces an Ansible-based deployment solution for CRC cloud, offering an alternative to the existing crc-cloud tool. It includes roles for bootstrapping the environment and deploying the cloud, along with comprehensive documentation and playbooks to automate the process.

Sequence diagram for CRC Cloud Bootstrap

sequenceDiagram
  participant Ansible Playbook
  participant crc-bootstrap Role
  participant Podman Container

  Ansible Playbook->>crc-bootstrap Role: Execute role
  crc-bootstrap Role->>Podman Container: Build container
  crc-bootstrap Role->>Podman Container: Create container
  crc-bootstrap Role->>Podman Container: Start container
  Podman Container->>Podman Container: Runs start.yaml playbook
Loading

File-Level Changes

Change Details Files
Implements an Ansible role to bootstrap the CRC cloud deployment environment.
  • Clones the crc-cloud repository from GitHub.
  • Generates an SSH keypair for secure access.
  • Adds the generated SSH key to authorized keys.
  • Creates an entrypoint script and Dockerfile for the bootstrap container.
  • Builds a bootstrap container using Podman.
  • Creates an inventory file from a Jinja2 template.
  • Creates necessary directories for Ansible logs and kubeconfig.
  • Creates and starts a Podman container for bootstrapping the CRC cloud environment.
 ansible/roles/crc-bootstrap/tasks/main.yaml
ansible/roles/crc-bootstrap/files/Dockerfile
ansible/roles/crc-bootstrap/files/entrypoint.sh
ansible/roles/crc-bootstrap/templates/inventory.yaml.j2
Implements an Ansible role to deploy CRC cloud on a CRC host.
  • Includes tasks for creating kubeconfig, setting up dnsmasq, and starting kubelet.
  • Includes tasks for replacing the default public key and setting credentials.
  • Includes tasks for replacing the default CA and logging into the OpenShift cluster.
  • Includes tasks for patching the pull secret.
  • Includes tasks for creating certificates and patching secrets for alternative domains.
  • Includes tasks for patching ingress config, API server, and default route for alternative domains.
  • Includes tasks for waiting for the cluster to become healthy after each major configuration change.
  • Includes tasks for retrieving the console route.
 ansible/roles/deploy-crc-cloud/tasks/main.yaml
ansible/roles/deploy-crc-cloud/tasks/replace_default_ca.yaml
ansible/roles/deploy-crc-cloud/tasks/dnsmasq.yaml
ansible/roles/deploy-crc-cloud/defaults/main.yaml
ansible/roles/deploy-crc-cloud/tasks/kubelet.yaml
ansible/roles/deploy-crc-cloud/tasks/get_htpasswd.yaml
ansible/roles/deploy-crc-cloud/tasks/patch_ingress_config.yaml
ansible/roles/deploy-crc-cloud/tasks/pubkey.yaml
ansible/roles/deploy-crc-cloud/tasks/set_credentials.yaml
ansible/roles/deploy-crc-cloud/tasks/wait_cluster_become_healthy.yaml
ansible/roles/deploy-crc-cloud/tasks/create_certificate_and_patch_secret.yaml
ansible/roles/deploy-crc-cloud/tasks/wait_for_resource.yaml
ansible/roles/deploy-crc-cloud/tasks/console_route.yaml
ansible/roles/deploy-crc-cloud/tasks/kubeconfig.yaml
ansible/roles/deploy-crc-cloud/tasks/login.yaml
ansible/roles/deploy-crc-cloud/tasks/patch_pull_secret.yaml
ansible/roles/deploy-crc-cloud/tasks/patch_default_route.yaml
ansible/roles/deploy-crc-cloud/tasks/patch_api_server.yaml
Adds documentation for deploying CRC cloud directly on a CRC host.
  • Provides an introduction to the new deployment method.
  • Explains how to obtain the CRC QCOW2 image.
  • Details the steps to bootstrap crc-cloud directly on the host using Ansible.
 ansible/README.md
Adds Ansible playbooks to orchestrate the bootstrap and deployment processes.
  • Creates a playbook to prepare and create a container for starting the crc-cloud deployment.
  • Creates a playbook to start crc-cloud using the deploy-crc-cloud role.
 ansible/playbooks/bootstrap.yaml
ansible/playbooks/start.yaml
Tips and commands

Interacting with Sourcery

  • Trigger a new review: Comment @sourcery-ai review on the pull request.
  • Continue discussions: Reply directly to Sourcery's review comments.
  • Generate a GitHub issue from a review comment: Ask Sourcery to create an
    issue from a review comment by replying to it. You can also reply to a
    review comment with @sourcery-ai issue to create an issue from it.
  • Generate a pull request title: Write @sourcery-ai anywhere in the pull
    request title to generate a title at any time. You can also comment
    @sourcery-ai title on the pull request to (re-)generate the title at any time.
  • Generate a pull request summary: Write @sourcery-ai summary anywhere in
    the pull request body to generate a PR summary at any time exactly where you
    want it. You can also comment @sourcery-ai summary on the pull request to
    (re-)generate the summary at any time.
  • Generate reviewer's guide: Comment @sourcery-ai guide on the pull
    request to (re-)generate the reviewer's guide at any time.
  • Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
    pull request to resolve all Sourcery comments. Useful if you've already
    addressed all the comments and don't want to see them anymore.
  • Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
    request to dismiss all existing Sourcery reviews. Especially useful if you
    want to start fresh with a new review - don't forget to comment
    @sourcery-ai review to trigger a new review!
  • Generate a plan of action for an issue: Comment @sourcery-ai plan on
    an issue to generate a plan of action for it.

Customizing Your Experience

Access your dashboard to:

  • Enable or disable review features such as the Sourcery-generated pull request
    summary, the reviewer's guide, and others.
  • Change the review language.
  • Add, remove or edit custom review instructions.
  • Adjust other review settings.

Getting Help

sourcery-ai[bot]
sourcery-ai bot reviewed Apr 16, 2025
View reviewed changes
Copy link

@sourcery-ai sourcery-ai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hey @danpawlik - I've reviewed your changes - here's some feedback:

Overall Comments:

  • Consider using Ansible modules instead of shell commands where possible for better idempotency and readability.
  • It would be helpful to add some comments to the tasks in main.yaml to explain what each task is doing.
Here's what I looked at during the review
  • 🟡 General issues: 7 issues found
  • 🟢 Security: all looks good
  • 🟢 Testing: all looks good
  • 🟢 Complexity: all looks good
  • 🟢 Documentation: all looks good
Sourcery is free for open source - if you like our reviews please consider sharing them ✨
Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.

sourcery-ai[bot]
sourcery-ai bot reviewed Apr 16, 2025
View reviewed changes
Copy link

@sourcery-ai sourcery-ai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hey @danpawlik - I've reviewed your changes - here's some feedback:

Overall Comments:

  • Consider using Ansible modules instead of shell commands where possible for better idempotency and readability.
  • It would be helpful to add some comments to the tasks in main.yaml to explain what each task is doing.
Here's what I looked at during the review
  • 🟡 General issues: 7 issues found
  • 🟡 Security: 1 issue found
  • 🟢 Testing: all looks good
  • 🟢 Complexity: all looks good
  • 🟢 Documentation: all looks good
Sourcery is free for open source - if you like our reviews please consider sharing them ✨
Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.

@danpawlik
Copy link
Collaborator Author

danpawlik commented Apr 16, 2025

@sourcery-ai dismiss

@danpawlik
Copy link
Collaborator Author

danpawlik commented Apr 16, 2025

@sourcery-ai review

sourcery-ai[bot]
sourcery-ai bot reviewed Apr 16, 2025
View reviewed changes
Copy link

@sourcery-ai sourcery-ai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hey @danpawlik - I've reviewed your changes - here's some feedback:

Overall Comments:

  • Consider using Ansible modules instead of shell commands where possible for better idempotency and error handling.
  • It might be helpful to add tags to the tasks, so it would be easier to run specific parts of the playbook.
Here's what I looked at during the review
  • 🟡 General issues: 2 issues found
  • 🟢 Security: all looks good
  • 🟢 Testing: all looks good
  • 🟢 Complexity: all looks good
  • 🟢 Documentation: all looks good
Sourcery is free for open source - if you like our reviews please consider sharing them ✨
Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.

@danpawlik danpawlik force-pushed the add-ansible-role branch 3 times, most recently from ed83c0e to 766237c Compare April 18, 2025 10:15
@danpawlik
Add deploy-crc-cloud Ansible role
9ee0499 
The Ansible tool might handle in better way how to deploy the
CRC cloud.
NOTE: The Ansible role can be optimized and it would be done
in next pull requests. This commit just adds same functionality
as it is done in clustersetup.sh script.

Signed-off-by: Daniel Pawlik <dpawlik@redhat.com>
@praveenkumar praveenkumar merged commit 238f332 into crc-org:main Apr 22, 2025
4 of 5 checks passed
rdoproject pushed a commit to rdo-infra/review.rdoproject.org-config that referenced this pull request May 19, 2025
@danpawlik
Use crc-cloud role instead of shell script
17eb87d 
After merging change [1], we are able to stop using shell script
and start using dedicated Ansible role that brings better
output what is done and better control on starting the service.

[1] crc-org/crc-cloud#195

Change-Id: I41dfb356806f9c97b64102f5f612607026d55b9b
Signed-off-by: Daniel Pawlik <dpawlik@redhat.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sourcery-ai sourcery-ai[bot] sourcery-ai[bot] left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@danpawlik @praveenkumar @adrianriobo