RedHatTraining/agnosticd.git

Set of fixes to make the provisioning of DO999 and DO280 courses compatible...

Razique Mahroua

2020-03-18 b85c91a8192593f6b62f93e11c971868964343a9

commit \| author \| age
eab74b	1
454b0a	2	:toc2:
GC	3
eab74b	4	== Preparing your Workstation to use Ansible Playbooks
454b0a	5
eab74b	6	=== Less prerequisites: Dockerfiles
454b0a	7
GC	8	It is possible to run agnosticd with docker. This way you don't have to install anything (except Docker).
	9
	10	If you want to use docker to deploy, look at the link:../tools/builds[tools/builds] Readme.
6f95e1	11
eab74b	12	=== Less prerequistes: python virtualenvs
b8e642	13
GC	14	It is now encouraged to use python virtualenvs to develop from your laptop.
	15
	16	Please have a look at link:../tools/virtualenvs[tools/virtualenvs].
	17
eab74b	18	==== OSP cloud-provider
b8e642	19
GC	20	.In your home directory
	21	----
	22	# Create the virtualenv
	23	$ virtualenv virtualenvs/openstack-ansible-2.9
	24	Using base prefix '/usr'
	25	New python executable in /home/fridim/virtualenvs/openstack-ansible-2.9/bin/python
	26	Installing setuptools, pip, wheel...
	27	done.
	28
	29	# Activate the virtualenv
	30	$ . virtualenvs/openstack-ansible-2.9/bin/activate
	31	(openstack-ansible-2.9) $
	32
	33	# Install the modules
	34
	35	# python 2:
	36	(openstack-ansible-2.9) $ pip install -r https://raw.githubusercontent.com/redhat-cop/agnosticd/development/tools/virtualenvs/openstack-ansible-2.9-python2.txt
	37
	38
	39	# python 3:
	40	(openstack-ansible-2.9) $ pip install -r https://raw.githubusercontent.com/redhat-cop/agnosticd/development/tools/virtualenvs/openstack-ansible-2.9-python3.txt
	41
	42
	43	# latest modules (should work with both python2 and python3)
	44	(openstack-ansible-2.9) $ pip install -r https://raw.githubusercontent.com/redhat-cop/agnosticd/development/tools/virtualenvs/openstack-ansible-latest.txt
	45	----
	46
eab74b	47	=== Prerequisites
6f95e1	48	In order to use these playbooks, you will need to set a few things up.
S	49
eab74b	50	=== Workstation dependencies
6f95e1	51
S	52	* Some deployments would require a Red Hat Customer Portal account that has
	53	appropriate subscriptions. This is not required for the playbook themselves.
	54	+
	55	NOTE: Red Hat employee subscriptions can be used
	56
	57
eab74b	58	==== Software required for deployment
6f95e1	59
d0e3e8	60	* https://www.python.org[Python]
EL	61	* http://docs.pythonboto.org[Python Boto] version 2.41 or greater
	62	* http://github.com[Git] any version would do.
	63	* https://github.com/ansible/ansible[Ansible] version 2.1.2 or greater
	64	* https://s3.amazonaws.com/aws-cli/awscli-bundle.zip[awscli bundle] tested with version 1.11.32
6f95e1	65	Python and the Python dependencies may be installed via your OS' package manager
d0e3e8	66	(eg: python2-boto on Fedora/CentOS/RHEL) or via https://pypi.python.org/pypi/pip[pip]. https://pypi.python.org/pypi/virtualenv[Python virtualenv] can also work.
EL	67
	68	NOTE: on Fedora, all dependencies are packaged and can be easily installed via
	69	`dnf install wget git awscli python3-boto3 ansible ansible-lint yamllint`
	70	(botocore and python will be pulled automatically through dependencies).
	71	The lint tools are optional but are recommended tools to check the quality of your code.
6f95e1	72
S	73	.Example script to install required software
	74	[source,bash]
	75	----
	76
	77	# Install basic packages
a275ab	78	yum install -y wget python python-boto unzip python2-boto3.noarch tmux git ansible
6f95e1	79
S	80	# Another option to configure python boto is:
	81	git clone git://github.com/boto/boto.git
	82	cd boto
	83	python setup.py install
	84
a984e7	85	#Install boto3
PS	86	pip install boto3
6f95e1	87
f8ed73	88	#Install pywinrm if you plan to deploy windows VMs
GC	89	#pip install pywinrm
	90
6f95e1	91	# Enable epel repositories for Ansible
S	92	cd /tmp
	93	wget https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
	94	sudo yum -y install `ls epel.rpm`
	95
	96	# Install ansible and checked install version (required 2.2.0.0)
	97	yum install -y ansible
	98	ansible --version
	99
	100
	101	## Install aws cli
	102	curl "https://s3.amazonaws.com/aws-cli/awscli-bundle.zip" -o "awscli-bundle.zip"
	103	unzip awscli-bundle.zip
	104	sudo ./awscli-bundle/install -i /usr/local/aws -b /bin/aws
	105	aws --version
	106
	107	----
	108
0183c9	109	.Mac OS installation steps:
739698	110
0183c9	111	[source,bash]
N	112	----
	113	# Install Python3
b8e642	114	brew install python
0183c9	115
N	116	# For python2 do
	117	brew install python@2
	118
	119	# Depending on whether you did python3 or python2, use the pip3 or pip command
	120	pip3 install boto3
	121
	122	#Install pywinrm if you plan to deploy windows VMs
	123	#pip3 install pywinrm
	124
	125	# Install Ansible
	126	pip3 install ansible
	127
	128	# Install awscli
	129	brew install awscli
	130
	131	----
739698	132
eab74b	133	=== Configuring your workstation
6f95e1	134
eab74b	135	==== Configure the EC2 Credentials
6f95e1	136
S	137	* You will need to place your EC2 credentials in the ~/.aws/credentials file:
	138	[source, shell]
	139	----
	140	mkdir ~/.aws
	141	cat << EOF >> ~/.aws/credentials
	142	[default]
	143	aws_access_key_id = AKIAJAAYOURACCESSKEY
	144	aws_secret_access_key = rT54UYOURSECRETACCESSKEY
	145
	146	EOF
	147	----
	148
	149	* Add the SSH Key to the SSH Agent (optional)
	150	If your operating system has an SSH agent and you are not using your default
	151	configured SSH key, you will need to add the private key you use with your EC2
	152	instances to your SSH agent:
	153	+
	154	----
	155	ssh-add <path to key file>
	156	----
	157
	158	NOTE: If you use an SSH config that specifies what keys to use for what
	159	hosts this step may not be necessary.
ce1606	160
S	161
	162	=== AWS Permissions and Policies
	163
	164	AWS credentials for the account above must be used with the AWS command line
	165	tool (detailed below)
	166
	167	* An AWS IAM account with the following permissions:
	168	- Policies can be defined for Users, Groups or Roles
	169	- Navigate to: AWS Dashboard -> Identity & Access Management -> Select Users or Groups or Roles -> Permissions -> Inline Policies -> Create Policy -> Custom Policy
	170	- Policy Name: openshift (your preference)
	171	- Policy Document:
	172	+
	173	[source,json]
	174	----
	175	{
	176	"Version": "2012-10-17",
	177	"Statement": [
	178	{
	179	"Sid": "Stmt1459269951000",
	180	"Effect": "Allow",
	181	"Action": [
	182	"cloudformation:*",
	183	"iam:*",
	184	"route53:*",
	185	"elasticloadbalancing:*",
	186	"ec2:*",
	187	"cloudwatch:*",
	188	"autoscaling:*",
	189	"s3:*"
	190	],
	191	"Resource": [
	192	"*"
	193	]
	194	}
	195	]
	196	}
	197	----
	198
	199	NOTE: Finer-grained permissions are possible, and pull requests are welcome.
	200
	201
eab74b	202	==== AWS existing resources
ce1606	203
S	204	* A route53
	205	link:http://docs.aws.amazon.com/Route53/latest/DeveloperGuide/CreatingHostedZone.html[public hosted zone]
	206	is required for the scripts to create the various DNS entries for the
	207	resources it creates. Two DNS entries will be created for workshops:
	208	- `master.guid.domain.tld` - a DNS entry pointing to the master
	209	- `*.cloudapps.guid.domain.tld` - a wildcard DNS entry pointing to the
	210	router/infrastructure node
	211	* An EC2 SSH keypair should be created in advance and you should save the key
	212	file to your system.
	213	+
	214	[source,bash]
	215	----
	216	REGION=us-west-1
	217	KEYNAME=ocpworkshop
	218	openssl genrsa -out ~/.ssh/${KEYNAME}.pem 2048
	219	openssl rsa -in ~/.ssh/${KEYNAME}.pem -pubout > ~/.ssh/${KEYNAME}.pub
	220	chmod 400 ~/.ssh/${KEYNAME}.pub
	221	chmod 400 ~/.ssh/${KEYNAME}.pem
	222	touch ~/.ssh/config
	223	chmod 600 ~/.ssh/config
	224	aws ec2 import-key-pair --key-name ${KEYNAME} --region=$REGION --output=text --public-key-material "`cat ~/.ssh/${KEYNAME}.pub \| grep -v PUBLIC`"
	225	----
	226	+
	227	CAUTION: Key pairs are created per region, you will need to specify a different keypair for each region or duplicate the keypair into every region.
	228	+
	229	----
	230	REGIONS="ap-southeast-1 ap-southeast-2 OTHER_REGIONS..."
	231	for REGION in `echo ${REGIONS}` ;
	232	do
	233	aws ec2 import-key-pair --key-name ${KEYNAME} --region=$REGION --output=text --public-key-material "`cat ~/.ssh/${KEYNAME}.pub \| grep -v PUBLIC`"
	234	done
	235	----
928f77	236
eab74b	237	=== OpenStack
6b9f19	238
NS	239	----
	240	# Install python modules needed by ansible
	241	sudo pip install openstacksdk
	242
	243	# Install openstack CLIs
b1c0bd	244	sudo pip install python-openstackclient python-heatclient
6b9f19	245	----
NS	246
d0e3e8	247	NOTE: on Fedora `dnf install python3-openstacksdk python3-openstackclient python-openstackclient-doc python-openstackclient-lang python3-heatclient python-heatclient-doc python3-dns` will do the job (you may choose to skip doc and lang packages).
EL	248
eab74b	249	==== Azure
928f77	250
GC	251	If you want to deploy on azure you will need the Azure client.
	252
	253	https://docs.microsoft.com/en-us/cli/azure/install-azure-cli?view=azure-cli-latest[Source documentation]
	254
5224c4	255	.in a nutshell (tested on fedora 28) - Azure cli (system-wide)
928f77	256	----
5224c4	257
GC	258	# Install the azure-cli system-wide
928f77	259	sudo -i
GC	260	rpm --import https://packages.microsoft.com/keys/microsoft.asc
	261	cat >> /etc/yum.repos.d/azure-cli.repo <<EOF
	262	[azure-cli]
	263	name=Azure CLI
	264	baseurl=https://packages.microsoft.com/yumrepos/azure-cli
	265	enabled=1
	266	gpgcheck=1
	267	gpgkey=https://packages.microsoft.com/keys/microsoft.asc
	268	EOF
	269
	270	yum check-update
	271	yum install -y azure-cli
	272	----
5224c4	273
GC	274	We recommend you install the ansible module in a virtualenv.
	275
	276	.in a nutshell (tested on fedora 28) - Azure ansible module (use virtualenv)
	277	----
	278	# /!\ careful this will update ansible as well
	279	# Use a virtualenv for those:
	280	pip install --upgrade pip
	281	pip install --upgrade --force ansible[azure]
	282	----
	283
	284	NOTE: `--force` is used here, because of a known link:https://github.com/ansible/ansible/issues/38894[issue].
928f77	285
eab74b	286	===== Service principal
928f77	287
GC	288	It's better to use a service principal instead of your main credentials. Refer to the https://docs.microsoft.com/en-us/cli/azure/create-an-azure-service-principal-azure-cli?view=azure-cli-latest[official documentation].
	289
	290	.in a nutshell
	291	----
5224c4	292	az login
928f77	293	az ad sp create-for-rbac
GC	294	az login --service-principal -u <user> -p <password-or-cert> --tenant <tenant>
	295	----
	296
	297	.env_secret_vars.yml
	298	----
	299	azure_service_principal: "service principal client id"
	300	azure_password: "service principal password or cert"
	301	azure_tenant: "tenant ID"
	302	azure_region: "Azure location, ex: EuropeWest"
	303	azure_subscription_id: "Subscription id"
	304	----
b0782b	305
GC	306
eab74b	307	==== Virtualenv
b0782b	308
GC	309	If you want to use virtualenv, you can try & adapt this:
	310
	311	----
	312	cd ansible
	313	mkdir ~/virtualenv-aad
	314	virtualenv ~/virtualenv-aad -p python2.7
	315	. ~/virtualenv-aad/bin/activate
	316	export CC=gcc-5
	317	pip install -r requirements.txt
	318	----