/ansible-rosa

POC Ansible wrapper around ROSA

Primary LanguagePythonApache License 2.0Apache-2.0

ansible-rosa

This project is provided as-is, and is not an official or Supported Red Hat project. We will happily accept issues and Pull Requests and provide basic OSS level community support


This project contains a set of modules for working with ROSA as well as some example playbooks.

Will create/delete ROSA clusters but if you know how to work ansible inventories, it can do multiple clusters.

The repository has a number of example scenarious that are configured as Ansible Inventories found in the environment folder. The default environment will provision a single-az public cluster on a BYO VPC cluster. These can be selected by using make as such

Examples

  • make create - default single-az classic cluster.
  • make create.hcp - hosted control plane cluster.
  • make create.pl - private-link classic cluster.
  • make create.tgw - private-link classic cluster with TransitGateway.

Examples using ROSA Ansible Modules

Prerequisites

  1. Create a Red Hat account, if you do not already have one. Then, check your email for a verification link. You will need these credentials to install ROSA.

  2. Download and install the AWS cli

  3. Download and install the ROSA cli

  4. Enable the ROSA service in AWS.

    1. Sign in to your AWS account.
    2. Go to the ROSA service and select Enable.

Log in to AWS and ROSA

To authenticate to AWS / ROSA you can use the tools directly to auth or set ansible variables and let it do it for you.

Login First

  1. Configure aws cli

    aws configure
  2. Configure rosa

    rosa login

Prepare Ansible

  • Clone down the repo:
git clone https://github.com/rh-mobb/ansible-rosa.git
cd ansible-rosa
  • Create python virtualenv:
make virtualenv

If you encounter SSL Certificate errors with ansible-galaxy and want to bypass certificate validation. USE WITH CAUTION!

IGNORE_CERTS=true make virtualenv

Deploy a Cluster

Basic STS single AZ cluster

This will deploy a single-az cluster with STS enabled.

See ./environment/default/group_vars/all.yaml for the example inventory used. You can modify this file to change the cluster configuration.

  • Create:
make create
  • Delete:
make delete

PrivateLink Cluster with Transit Gateway

See ./environment/transit-gatewa-egress/group_vars/all.yaml for the example inventory used. You can modify this file to change the cluster configuration.

This will deploy a fairly complex cluster with STS enabled, Transit Gateway, and PrivateLink. Along with the ROSA VPC it will create an Egress VPC with a NAT Gateway and a Squid based proxy (configured to restrict cluster egress to just the allowed endpoints). It places a SSH Bastion in the Egress VPC in order to provide easy access to the cluster (sshuttle ftw). It also creates an infrastructure VPC which is where you might connect your Datacenter or VPN connections too, this has a DNS forwarder to help with DNS resolution.

image showing private-link architecture

  • Create:
make create.tgw
  • Delete:
make delete.tgw

PrivateLink Cluster with BYOK (KMS)

See ./environment/private-link/group_vars/all.yaml for the example inventory used.

Setting the variable 'rosa_kms_key_arn' to a kms arn, will execute the procedure found here

Other

Deploy a Cluster with ansible in a docker image

  1. Build the docker image

    make image
  2. Create the cluster (do one of the following)

    • If you've already logged in locally:
    make docker.create
    • If you want to let ansible log you in (fill out the variables):
    docker run -ti -e AWS_ACCESS_KEY_ID="" \
       -e AWS_SECRET_ACCESS_KEY="" -e ROSA_TOKEN="" \
       quay.io/pczar/ansible-rosa \
       ansible-playbook create-cluster.yaml
  3. Delete the cluster

    make docker.delete

    or

    docker run -ti -e AWS_ACCESS_KEY_ID="" \
       -e AWS_SECRET_ACCESS_KEY="" -e ROSA_TOKEN="" \
       quay.io/pczar/ansible-rosa \
       ansible-playbook delete-cluster.yaml

ToDos

Add custom domain support