diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index d95c5d40d..bf760180f 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -1,8 +1,8 @@ # Contributing -This project is [Apache 2.0 Licenced](https://github.com/ocp-power-automation/ocp4-upi-powervs/blob/master/LICENCE.txt) and welcomes external contributions. When contributing to this repository, please first discuss the change you wish to make via an [issue](https://github.com/ocp-power-automation/ocp4-upi-powervs/issues). +This project is [Apache 2.0 Licenced](LICENCE.txt) and welcomes external contributions. When contributing to this repository, please first discuss the change you wish to make via an [issue](https://github.com/ocp-power-automation/ocp4-upi-powervs/issues). -Please note we have a [code of conduct](https://github.com/ocp-power-automation/ocp4-upi-powervs/blob/master/CODE_OF_CONDUCT.md), please follow it in all your interactions with the project. +Please note we have a [code of conduct](CODE_OF_CONDUCT.md), please follow it in all your interactions with the project. # Issues @@ -18,7 +18,7 @@ Please note we have a [code of conduct](https://github.com/ocp-power-automation/ - Update the README.md or relevant documents with details of changes to the code. This includes variables change, added or updated feature, change in steps, dependencies change, etc. - Make use of proper commit message. Mention the issue# which you are planning to address eg: Fixes #38. - After creating the pull request ensure you implement all the review comments given if any. Pull request will be merged only when it has at least two approvals from the list of reviewers. - - Please read [Developer Certificate of Origin](https://github.com/ocp-power-automation/ocp4-upi-powervs/blob/master/DCO1.1.txt) and sign-off your commit using command `git commit -s`. + - Please read [Developer Certificate of Origin](DCO1.1.txt) and sign-off your commit using command `git commit -s`. # Spec Formatting Conventions diff --git a/LICENSE b/LICENCE.txt similarity index 100% rename from LICENSE rename to LICENCE.txt diff --git a/README.md b/README.md index 659671751..2923990ac 100644 --- a/README.md +++ b/README.md @@ -10,19 +10,21 @@ ## Introduction -This repo contains Terraform templates to help deployment of OpenShift Container Platform (OCP) 4.6.x releases on [IBM® Power Systems™ Virtual Server on IBM Cloud](https://www.ibm.com/cloud/power-virtual-server). +The `ocp4-upi-powervs` [project](https://github.com/ocp-power-automation/ocp4-upi-powervs) provides Terraform based automation code to help with the deployment of OpenShift Container Platform (OCP) 4.x on [IBM® Power Systems™ Virtual Server on IBM Cloud](https://www.ibm.com/cloud/power-virtual-server). This project leverages the helpernode [ansible playbook](https://github.com/RedHatOfficial/ocp4-helpernode) internally for OCP deployment on IBM Power Systems Virtual Servers (PowerVS). -:heavy_exclamation_mark: *For bugs/enhancement requests etc. please open a GitHub issue* +!!! Note + For bugs/enhancement requests etc. please open a GitHub [issue](https://github.com/ocp-power-automation/ocp4-upi-powervs/issues) For general PowerVS usage instructions please refer to the following links: -- https://cloud.ibm.com/docs/power-iaas?topic=power-iaas-getting-started -- https://www.youtube.com/watch?v=RywSfXT_LLs -- https://www.youtube.com/playlist?list=PLVrJaTKVPbKM_9HU8fm4QsklgzLGUwFpv +- [Power Systems Virtual Servers(IBM Cloud Docs)](https://cloud.ibm.com/docs/power-iaas?topic=power-iaas-getting-started) +- [IBM Power Systems in the Multicloud(Youtube video)](https://www.youtube.com/watch?v=RywSfXT_LLs) +- [PowerVS (Youtube video)](https://www.youtube.com/playlist?list=PLVrJaTKVPbKM_9HU8fm4QsklgzLGUwFpv) - :information_source: **This branch must be used with OCP 4.6.x versions only.** +!!! Warning + **This branch must be used with OCP 4.6.x versions only.** ## Automation Host Prerequisites @@ -44,5 +46,5 @@ Follow the [quickstart](docs/quickstart.md) guide for OCP installation on PowerV ## Contributing -Please see the [contributing doc](https://github.com/ocp-power-automation/ocp4-upi-powervs/blob/master/CONTRIBUTING.md) for more details. +Please see the [contributing doc](CONTRIBUTING.md) for more details. PRs are most welcome !! diff --git a/docs/automation_host_prereqs.md b/docs/automation_host_prereqs.md index fe201fb83..f1e42e855 100644 --- a/docs/automation_host_prereqs.md +++ b/docs/automation_host_prereqs.md @@ -3,6 +3,7 @@ - [Automation Host Prerequisites](#automation-host-prerequisites) - [Automation Host Setup](#automation-host-setup) + - [Firewall Config](#configure-your-firewall) - [Terraform](#terraform) - [PowerVS CLI](#powervs-cli) - [Git [*OPTIONAL*]](#git-optional) @@ -11,6 +12,13 @@ Install the following packages on the automation host. Select the appropriate install binaries based on your automation host platform - Mac/Linux/Windows. +### Configure Your Firewall +If your system is behind a firewall, you will need to ensure the following ports are open in order to use ssh, http, and https: +- 22, 443, 80 + +These additional ports are required for the ocp cli (`oc`) post-install: +- 6443 + ### Terraform **Terraform >= 0.13.0**: Please refer to the [link](https://learn.hashicorp.com/terraform/getting-started/install.html) for instructions on installing Terraform. For validating the version run `terraform version` command after install. diff --git a/docs/ocp_prereqs_powervs.md b/docs/ocp_prereqs_powervs.md index 76b41906a..1dbdc1f11 100644 --- a/docs/ocp_prereqs_powervs.md +++ b/docs/ocp_prereqs_powervs.md @@ -1,57 +1,75 @@ # **PowerVS Prerequisites** ---------------------- -## IBM Cloud Account -You'll need to have an IBM Cloud Account to be able to use Power Systems Virtual Server (PowerVS). +## Create an IBM Cloud account. -## Create Power Systems Virtual Server Service Instance +If you don’t already have one, you need a paid IBM Cloud account to create your Power Systems Virtual Server instance. +To create an account, go to: [cloud.ibm.com](https://cloud.ibm.com). -Login to [IBM Cloud Dashboard](https://cloud.ibm.com) and search for "**Power**" in the **Catalog**. -Select "**Power Systems Virtual Server**" and provide all the required inputs -to create the service instance. +## Create an IBM Cloud account API key +Please refer to the following [documentation](https://cloud.ibm.com/docs/account?topic=account-userapikey) to create an API key. -![Search for Power](./media/image1.png) -![Select Power Systems Virtual Server](./media/image2.png) +## Create Power Systems Virtual Server Service Instance +After you have an active IBM Cloud account, you can create a Power Systems Virtual Server service. To do so, perform the following steps: +1. Log in to the IBM Cloud [dashboard](https://cloud.ibm.com/) and search for **Power** in the catalog. +  +![Search for Power](./media/image1.png) +  +2. Select **Power Systems Virtual Server** +  +![Select Power Systems Virtual Server](./media/image2.png) +  +3. Fill required details +  ![Fill Details](./media/image3.png) -1. Provide a meaningful name for your instance in the **Service name** field. -2. Select the proper **resource group**. More details on resource groups is available from the following [link](https://cloud.ibm.com/docs/account?topic=account-rgs) - +  +Provide a meaningful name for your instance in the **Service name** field and select the proper **resource group**. +More details on resource groups is available from the following [link](https://cloud.ibm.com/docs/account?topic=account-rgs) +  ![Provide service name](./media/image4.png) - +  +4. Create Service +Click on "**Create**" to create the service instance. +  ![Create service](./media/image5.png) - +  ## Create Private Network -A private network is required for your OCP cluster. Choose the previously created "**Service Instance**" and create a private subnet by selecting "**Subnets**" and providing the required inputs. If you see a screen displaying CRN and GUID, then click "View full details" to access the "Subnet" creation page. - -You can create multiple OCP clusters in the same service instance using the same private network. If required you can also create multiple private networks. +A private network is required for your OpenShift cluster. Perform the following steps to create a private network for the Power Systems Virtual Server service instance created in the previous step. -Provide the required inputs for private subnet creation +1. Select the previously created "**Service Instance**" and create a private subnet by clicking "**Subnets**" and providing the required inputs. +  +**Note:** If you see a screen displaying CRN and GUID, then click "View full details" to access the "Subnet" creation page. +  ![Select subnet](./media/image6.png) - +  +2. Provide the network details and click **"Create subnet"** +  ![Provide Input](./media/image7.png) - +  +On successful network creation, the following output will be displayed in the dashboard. +  ![Create subnet](./media/image8.png) -## Raise a Service Request to enable IP communication between PowerVS instances on private network -In order for your instances to communicate within the subnet, you'll need to create a service request. - -Click on **Support** in the top bar and scroll down to **Contact Support**, then select "**Create a case**" +### Raise a Service Request to enable IP communication between PowerVS instances on private network +In order for your instances to communicate within the subnet, you'll need to create a service request. +Click on **Support** in the top bar of the dashboard and scroll down to **Contact Support**, then select "**Create a case**" +  ![Create a case](./media/image9.png) - +  Select "**Power Systems Virtual Server**" tile - +  ![Create a case Page](./media/image10.png) - +  Complete the details as shown using the following template: - +  - [Subject:] Enable communication between PowerVS instances on private network - [Body:] ``` @@ -63,15 +81,28 @@ Complete the details as shown using the following template: Location: (listed in your subnet details post-creation) Service Instance: ``` - +  +Following is a complete example of the support case content. +``` + Please enable IP communication between PowerVS instances for the following private network: + Name: ocp-net + Type: Private + CIDR: 192.168.25.0/24 + VLAN ID: 293 + Location: eu-de-2 + Service Instance: ocp-powervs-frankfurt-2 +``` +  ![Sample support request ](./media/image11.png) - +  Click "**Continue**" to accept agreements, and then Click "**Submit case**". - +  ![Submit Case](./media/image12.png) +  +This usually takes a day to get enabled. -## RHCOS and RHEL 8.2 Images for OpenShift +## RHCOS and RHEL/CentOS 8.X Images for OpenShift RHEL image is used for bastion and RHCOS is used for the OpenShift cluster nodes. You'll need to create [OVA](https://en.wikipedia.org/wiki/Open_Virtualization_Format) formatted images for RHEL and RHCOS, upload them to IBM Cloud Object storage and then import these images as boot images in your PowerVS service instance. @@ -81,31 +112,37 @@ Further, the image disk should be minimum of 120 GB in size. ### Creating OVA images - If you have PowerVC then you can follow the instructions provided in the [link](https://www.ibm.com/support/knowledgecenter/en/SSXK2N_1.4.4/com.ibm.powervc.standard.help.doc/powervc_export_image_hmc.html) to export an existing PowerVC image to OVA image. -- You can also use the following [python script](https://github.com/ocp-power-automation/infra/blob/master/scripts/images/convert_qcow2_ova.py) to convert Qcow2 image to OVA - - RHEL 8.2 Qcow2 image is available from the following [link](https://access.redhat.com/downloads/content/279/ver=/rhel---8/8.2/ppc64le/product-software) - - RHCOS Qcow2 image is available from the following [link](https://mirror.openshift.com/pub/openshift-v4/ppc64le/dependencies/rhcos/4.5/) +- You can also use the following [tool](https://github.com/ppc64le-cloud/pvsadm) to convert Qcow2 image to OVA. +- Qcow2 Image Links + - RHEL 8.3 Qcow2 image is available from the following [link](https://access.redhat.com/downloads/content/279/ver=/rhel---8/8.3/ppc64le/product-software) + - CentOS 8.3 Wcow2 image is available from the following [link](https://cloud.centos.org/centos/8/ppc64le/images/CentOS-8-GenericCloud-8.3.2011-20201204.2.ppc64le.qcow2) + - RHCOS Qcow2 image is available from the following [link](https://mirror.openshift.com/pub/openshift-v4/ppc64le/dependencies/rhcos/4.6/latest/rhcos-4.6.1-ppc64le-openstack.ppc64le.qcow2.gz) +Note: RHCOS image version is tied to the specific OCP release. For example RHCOS-4.6 image needs to be used for OCP 4.6 release. ### Uploading to IBM Cloud Object Storage - **Create IBM Cloud Object Storage service and bucket** Please refer to the following [link](https://cloud.ibm.com/docs/cloud-object-storage?topic=cloud-object-storage-getting-started-cloud-object-storage) for instructions to create IBM Cloud Object Storage service and required storage bucket to upload the OVA images. -
+  - **Create secret and access keys with Hash-based Message Authentication Code (HMAC)** Please refer to the following [link](https://cloud.ibm.com/docs/cloud-object-storage?topic=cloud-object-storage-uhc-hmac-credentials-main) for instructions to create the keys required for importing the images into your PowerVS service instance. -
+  - **Upload the OVA image to Cloud Object storage bucket** -Please refer to the following [link](https://cloud.ibm.com/docs/cloud-object-storage?topic=cloud-object-storage-upload) for uploading the OVA image to the respective bucket. Alternatively you can also use the following [python script](https://github.com/ocp-power-automation/infra/blob/master/scripts/images/upload_image.py). +Please refer to the following [link](https://cloud.ibm.com/docs/cloud-object-storage?topic=cloud-object-storage-upload) for uploading the OVA image to the respective bucket. Alternatively you can also use the following [tool](https://github.com/ppc64le-cloud/pvsadm). ### Importing the images in PowerVS -Choose the previously created PowerVS "Service Instance", click "View full details" and select "Boot images". -Click the "Importing image" option and fill the requisite details like image name, storage type and cloud object storage details. + +Choose the previously created PowerVS **"Service Instance"**, click **"View full details"** and select **"Boot images"**. +Click the **"Import image"** option and fill the requisite details like image name, storage type and cloud object storage details. Example screenshot showing import of RHEL image that is used for bastion +  ![Image Import-RHEL](./media/image-import1.png) - +  Example screenshot showing import of RHCOS image used for OCP +  ![Image Import-RHCOS](./media/image-import2.png) - +  Your PowerVS service instance is now ready for OpenShift clusters. diff --git a/docs/quickstart.md b/docs/quickstart.md index f6bd33690..87bc618cd 100644 --- a/docs/quickstart.md +++ b/docs/quickstart.md @@ -212,9 +212,9 @@ $ scp -r -i data/id_rsa root@158.175.161.118:~/openstack-upi/auth/\* . OpenShift CLI `oc` can be downloaded from the following links. Use the one specific to your client system architecture. -- [Mac OSX](https://mirror.openshift.com/pub/openshift-v4/x86_64/clients/oc/4.6/macosx/oc.tar.gz) -- [Linux (x86_64)](https://mirror.openshift.com/pub/openshift-v4/x86_64/clients/oc/4.6/linux/oc.tar.gz) -- [Windows](https://mirror.openshift.com/pub/openshift-v4/x86_64/clients/oc/4.6/windows/oc.zip) +- [Mac OSX](https://mirror.openshift.com/pub/openshift-v4/x86_64/clients/ocp/stable-4.6/openshift-client-mac.tar.gz) +- [Linux (x86_64)](https://mirror.openshift.com/pub/openshift-v4/x86_64/clients/ocp/stable-4.6/openshift-client-linux.tar.gz) +- [Windows](https://mirror.openshift.com/pub/openshift-v4/x86_64/clients/ocp/stable-4.6/openshift-client-windows.zip) Download the specific file, extract it and place the binary in a directory that is on your `PATH` For more details check the following [link](https://docs.openshift.com/container-platform/4.6/cli_reference/openshift_cli/getting-started-cli.html) @@ -240,11 +240,11 @@ To further debug and diagnose cluster problems, use 'kubectl cluster-info dump' $ oc get nodes NAME STATUS ROLES AGE VERSION -master-0 Ready master 13h v1.19.0+d59ce34 -master-1 Ready master 13h v1.19.0+d59ce34 -master-2 Ready master 13h v1.19.0+d59ce34 -worker-0 Ready worker 13h v1.19.0+d59ce34 -worker-1 Ready worker 13h v1.19.0+d59ce34 +master-0 Ready master 11h v1.19.0+43983cd +master-1 Ready master 11h v1.19.0+43983cd +master-2 Ready master 11h v1.19.0+43983cd +worker-0 Ready worker 11h v1.19.0+43983cd +worker-1 Ready worker 11h v1.19.0+43983cd ``` >**Note:** The OpenShift command-line client `oc` is already configured on the bastion node with kubeconfig placed at `~/.kube/config`. diff --git a/docs/var.tfvars-doc.md b/docs/var.tfvars-doc.md index a668d719b..1d83eb4d2 100644 --- a/docs/var.tfvars-doc.md +++ b/docs/var.tfvars-doc.md @@ -42,8 +42,17 @@ In order to retrieve the PowerVS region, zone and instance specific details plea | ibmcloud_region | ibmcloud_zone | |-----------------|----------------| | eu-de | eu-de-1 | - | lon | lon0 | + | eu-de | eu-de-2 | + | dal | dal12 | + | lon | lon04 | + | lon | lon06 | + | syd | syd04 | + | sao | sao01 | | tor | tor01 | + | tok | tok04 | + | us-east | us-east | + + NOTE: us-east is Washington, DC datacenter. Tieing all these, the values to be used will be as shown below: ``` @@ -76,11 +85,11 @@ The default flavors present under the compute-vars folder: `memory` is in `GBs` and `count` specifies the number of VMs that should be created for each type. -To enable high availability (HA) for the bastion node set the bastion `count` value to `2`. -Note that when HA is enabled, the automation will not setup NFS storage on bastion. Value `1` for bastion `count` implies the default non-HA bastion setup. +To enable high availability (HA) for cluster services running on the bastion set the bastion `count` value to 2. +Note that in case of HA, the automation will not setup NFS storage. `count` of 1 for bastion implies the default non-HA bastion setup. -You can optionally set worker `count` value to `0` in which case all the cluster pods will be running on the master/supervisor nodes. -Ensure that you use proper sizing for master/supervisor nodes to avoid resource starvation for containers. +You can optionally set the worker `count` value to 0 in which case all the cluster pods will be running on the master/supervisor nodes. +Ensure you use proper sizing for master/supervisor nodes to avoid resource starvation for containers. For PowerVS, processors are equal to entitled physical count. So **N** processors == **N** physical core entitlements == **ceil[N]** vCPUs. Here are some examples to help you understand the relationship. @@ -131,7 +140,7 @@ Please note that only OpenSSH formatted keys are supported. Refer to the followi Create the SSH key-pair and keep it under the `data` directory -These set of variables specify the RHEL subscription details. +These set of variables specify the RHEL subscription details, RHEL subscription supports two methods: one is using username and password, the other is using activation key. This is sensitive data, and if you don't want to save it on disk, use environment variables `RHEL_SUBS_USERNAME` and `RHEL_SUBS_PASSWORD` and pass them to `terraform apply` command as shown in the [Quickstart guide](./quickstart.md#setup-terraform-variables). If you are using CentOS as the bastion image, then leave these variables as-is. @@ -139,6 +148,11 @@ If you are using CentOS as the bastion image, then leave these variables as-is. rhel_subscription_username = "user@test.com" rhel_subscription_password = "mypassword" ``` +Or define following variables to use activation key for RHEL subscription: +``` +rhel_subscription_org = "org-id" +rhel_subscription_activationkey = "activation-key" +``` This variable specifies the number of hardware threads (SMT) that's used for the bastion node. Default setting should be fine for majority of the use-cases. diff --git a/modules/1_prepare/prepare.tf b/modules/1_prepare/prepare.tf index cebecb1f9..3c4095182 100644 --- a/modules/1_prepare/prepare.tf +++ b/modules/1_prepare/prepare.tf @@ -184,7 +184,7 @@ EOF } resource "null_resource" "bastion_register" { - count = var.rhel_subscription_username == "" || var.rhel_subscription_username == "" ? 0 : local.bastion_count + count = ( var.rhel_subscription_username == "" || var.rhel_subscription_username == "" ) && var.rhel_subscription_org == "" ? 0 : local.bastion_count depends_on = [null_resource.bastion_init, null_resource.setup_proxy_info] triggers = { external_ip = data.ibm_pi_instance_ip.bastion_public_ip[count.index].external_ip @@ -208,7 +208,11 @@ resource "null_resource" "bastion_register" { # Give some more time to subscription-manager sudo subscription-manager config --server.server_timeout=600 sudo subscription-manager clean -sudo subscription-manager register --username='${var.rhel_subscription_username}' --password='${var.rhel_subscription_password}' --force +if [[ '${var.rhel_subscription_username}' != '' && '${var.rhel_subscription_username}' != '' ]]; then + sudo subscription-manager register --username='${var.rhel_subscription_username}' --password='${var.rhel_subscription_password}' --force +else + sudo subscription-manager register --org='${var.rhel_subscription_org}' --activationkey='${var.rhel_subscription_activationkey}' --force +fi sudo subscription-manager refresh sudo subscription-manager attach --auto EOF @@ -254,7 +258,7 @@ resource "null_resource" "enable_repos" { provisioner "remote-exec" { inline = [<" ]]; then +if ( [[ -z "${var.rhel_subscription_username}" ]] || [[ "${var.rhel_subscription_username}" == "" ]] ) && [[ -z "${var.rhel_subscription_org}" ]]; then sudo yum install -y epel-release else sudo subscription-manager repos --enable ${var.ansible_repo_name} diff --git a/modules/1_prepare/variables.tf b/modules/1_prepare/variables.tf index aa2e32d99..a9f59b25f 100644 --- a/modules/1_prepare/variables.tf +++ b/modules/1_prepare/variables.tf @@ -19,7 +19,14 @@ ################################################################ variable "cluster_domain" {} -variable "cluster_id" {} +variable "cluster_id" { + type = string + + validation { + condition = length(var.cluster_id) <= 14 + error_message = "Length cannot exceed 14 characters when combined with cluster_id_prefix." + } +} variable "bastion" {} variable "service_instance_id" {} @@ -38,6 +45,8 @@ variable "ssh_agent" {} variable "rhel_subscription_username" {} variable "rhel_subscription_password" {} +variable "rhel_subscription_org" {} +variable "rhel_subscription_activationkey" {} variable "ansible_repo_name" {} variable "rhel_smt" {} diff --git a/modules/5_install/templates/install_vars.yaml b/modules/5_install/templates/install_vars.yaml index 0c6b43113..dc8e560ea 100644 --- a/modules/5_install/templates/install_vars.yaml +++ b/modules/5_install/templates/install_vars.yaml @@ -23,7 +23,7 @@ chronyconfig: enabled: true allow: - ${chrony_allow_range} -%{ if chrony_config_servers != [] ~} +%{ if length(chrony_config_servers) > 0 ~} content: %{ endif ~} %{ for item in chrony_config_servers ~} diff --git a/ocp.tf b/ocp.tf index b3c727cfd..be1425278 100644 --- a/ocp.tf +++ b/ocp.tf @@ -35,6 +35,8 @@ module "prepare" { ssh_agent = var.ssh_agent rhel_subscription_username = var.rhel_subscription_username rhel_subscription_password = var.rhel_subscription_password + rhel_subscription_org = var.rhel_subscription_org + rhel_subscription_activationkey = var.rhel_subscription_activationkey ansible_repo_name = var.ansible_repo_name rhel_smt = var.rhel_smt storage_type = local.storage_type diff --git a/var.tfvars b/var.tfvars index 0f2bb76f9..8a011f74c 100644 --- a/var.tfvars +++ b/var.tfvars @@ -34,6 +34,8 @@ public_key_file = "data/id_rsa.pub" private_key_file = "data/id_rsa" rhel_subscription_username = "" #Leave this as-is if using CentOS as bastion image rhel_subscription_password = "" #Leave this as-is if using CentOS as bastion image +rhel_subscription_org = "" # Define it only when using activationkey for RHEL subscription +rhel_subscription_activationkey = "" # Define it only when using activationkey for RHEL subscription rhel_smt = 4 ### OpenShift Installation Details diff --git a/variables.tf b/variables.tf index e4e3ccdd7..b735fd6c8 100644 --- a/variables.tf +++ b/variables.tf @@ -22,23 +22,47 @@ # Configure the IBM Cloud provider ################################################################ variable "ibmcloud_api_key" { + type = string description = "IBM Cloud API key associated with user's identity" - default = "" + default = "" + + validation{ + condition = var.ibmcloud_api_key != "" && lower(var.ibmcloud_api_key) != "" + error_message = "The ibmcloud_api_key is required and cannot be empty." + } } variable "service_instance_id" { + type = string description = "The cloud instance ID of your account" - default = "" + default = "" + + validation{ + condition = var.service_instance_id != "" && lower(var.service_instance_id) != "" + error_message = "The service_instance_id is required and cannot be empty." + } } variable "ibmcloud_region" { + type = string description = "The IBM Cloud region where you want to create the resources" - default = "" + default = "" + + validation{ + condition = var.ibmcloud_region != "" && lower(var.ibmcloud_region) != "" + error_message = "The ibmcloud_region is required and cannot be empty." + } } variable "ibmcloud_zone" { + type = string description = "The zone of an IBM Cloud region where you want to create Power System resources" - default = "" + default = "" + + validation{ + condition = var.ibmcloud_zone != "" && lower(var.ibmcloud_zone) != "" + error_message = "The ibmcloud_zone is required and cannot be empty." + } } ################################################################ @@ -46,6 +70,7 @@ variable "ibmcloud_zone" { ################################################################ variable "bastion" { + type = object({ count = number, memory = string, processors = string }) # only one node is supported default = { count = 1 @@ -59,6 +84,7 @@ variable "bastion" { } variable "bootstrap" { + type = object({ count = number, memory = string, processors = string }) default = { count = 1 memory = "32" @@ -71,14 +97,20 @@ variable "bootstrap" { } variable "master" { + type = object({ count = number, memory = string, processors = string }) default = { count = 3 memory = "32" processors = "0.5" } + validation { + condition = var.master["count"] == 3 + error_message = "The master.count value should be 3." + } } variable "worker" { + type = object({ count = number, memory = string, processors = string }) default = { count = 2 memory = "32" @@ -87,109 +119,143 @@ variable "worker" { } variable "rhel_image_name" { + type = string description = "Name of the RHEL image that you want to use for the bastion node" - default = "rhel-8.3" + default = "rhel-8.3" } variable "rhcos_image_name" { + type = string description = "Name of the RHCOS image that you want to use for OCP nodes" - default = "rhcos-4.6" + default = "rhcos-4.6" } variable "processor_type" { + type = string description = "The type of processor mode (shared/dedicated)" - default = "shared" + default = "shared" } variable "system_type" { + type = string description = "The type of system (s922/e980)" - default = "s922" + default = "s922" } variable "network_name" { + type = string description = "The name of the network to be used for deploy operations" - default = "my_network_name" + default = "ocp-net" + + validation{ + condition = var.network_name != "" + error_message = "The network_name is required and cannot be empty." + } } variable "rhel_username" { + type = string default = "root" } variable "public_key_file" { + type = string description = "Path to public key file" # if empty, will default to ${path.cwd}/data/id_rsa.pub default = "data/id_rsa.pub" } variable "private_key_file" { + type = string description = "Path to private key file" # if empty, will default to ${path.cwd}/data/id_rsa default = "data/id_rsa" } variable "private_key" { + type = string description = "content of private ssh key" # if empty string will read contents of file at var.private_key_file - default = "" + default = "" } variable "public_key" { + type = string description = "Public key" # if empty string will read contents of file at var.public_key_file default = "" } variable "rhel_subscription_username" { + type = string default = "" } variable "rhel_subscription_password" { + type = string default = "" } +variable "rhel_subscription_org" { + type = string + default = "" +} + +variable "rhel_subscription_activationkey" { + type = string + default = "" +} variable "rhel_smt" { + type = number description = "SMT value to set on the bastion node. Eg: on,off,2,4,8" - default = 4 + default = 4 } ################################################################ ### Instrumentation ################################################################ variable "ssh_agent" { + type = bool description = "Enable or disable SSH Agent. Can correct some connectivity issues. Default: false" default = false } variable "installer_log_level" { + type = string description = "Set the log level required for openshift-install commands" - default = "info" + default = "info" } variable "helpernode_repo" { + type = string description = "Set the repo URL for using ocp4-helpernode" # Repo for running ocp4 installations steps. - default = "https://github.com/RedHatOfficial/ocp4-helpernode" + default = "https://github.com/RedHatOfficial/ocp4-helpernode" } variable "helpernode_tag" { + type = string description = "Set the branch/tag name or commit# for using ocp4-helpernode repo" # Checkout level for https://github.com/RedHatOfficial/ocp4-helpernode which is used for setting up services required on bastion node default = "1ac7f276b537cd734240eda9ed554a254ba80629" } variable "install_playbook_repo" { + type = string description = "Set the repo URL for using ocp4-playbooks" # Repo for running ocp4 installations steps. - default = "https://github.com/ocp-power-automation/ocp4-playbooks" + default = "https://github.com/ocp-power-automation/ocp4-playbooks" } variable "install_playbook_tag" { + type = string description = "Set the branch/tag name or commit# for using ocp4-playbooks repo" # Checkout level for https://github.com/ocp-power-automation/ocp4-playbooks which is used for running ocp4 installations steps - default = "473383c07c19616acbfccbf729c77b226ce0163b" + default = "473383c07c19616acbfccbf729c77b226ce0163b" } variable "ansible_extra_options" { + type = string description = "Extra options string to append to ansible-playbook commands" default = "-v" } @@ -199,38 +265,63 @@ variable "ansible_repo_name" { } variable "pull_secret_file" { + type = string default = "data/pull-secret.txt" + + validation{ + condition = var.pull_secret_file != "" + error_message = "The pull_secret_file is required and cannot be empty." + } + + validation{ + condition = fileexists(var.pull_secret_file) + error_message = "The pull secret file doesn't exist." + } + + validation{ + condition = file(var.pull_secret_file) != "" + error_message = "The pull secret file shouldn't be empty." + } } variable "dns_forwarders" { + type = string default = "8.8.8.8; 8.8.4.4" } variable "rhcos_kernel_options" { + type = list(string) description = "List of kernel arguments for the cluster nodes" default = [] } variable "chrony_config" { + type = bool description = "Set to true to setup time synchronization and setup chrony. Default: true" default = true } variable "chrony_config_servers" { + type = list(object({ + server = string, + options = string + })) description = "List of ntp servers and options to apply" default = [] # example: chrony_config_servers = [ {server = "10.3.21.254", options = "iburst"}, {server = "10.5.21.254", options = "iburst"} ] } variable "setup_squid_proxy" { + type = bool description = "Flag to install and configure squid proxy server on bastion node" default = true } # Applicable only when `setup_squid_proxy = false` variable proxy { + type = object({}) description = "External Proxy server details in a map" - default = {} + default = {} # default = { # server = "10.10.1.166", # port = "3128" @@ -250,102 +341,145 @@ locals { ### OpenShift variables ################################################################ variable "openshift_install_tarball" { + type = string default = "https://mirror.openshift.com/pub/openshift-v4/ppc64le/clients/ocp/stable-4.6/openshift-install-linux.tar.gz" } variable "openshift_client_tarball" { + type = string default = "https://mirror.openshift.com/pub/openshift-v4/ppc64le/clients/ocp/stable-4.6/openshift-client-linux.tar.gz" } variable "release_image_override" { + type = string default = "" } # Must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character variable "cluster_domain" { - default = "ibm.com" + type = string + default = "ibm.com" + + validation { + condition = can(regex("^[a-z0-9]+[a-zA-Z0-9_\\-.]*[a-z0-9]+$", var.cluster_domain)) + error_message = "The cluster_domain value must be a lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character." + } } # Must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character # Should not be more than 14 characters variable "cluster_id_prefix" { - default = "test-ocp" + type = string + default = "test-ocp" + + validation { + condition = can(regex("^[a-z0-9]+[a-zA-Z0-9_\\-.]*[a-z0-9]+$", var.cluster_id_prefix)) + error_message = "The cluster_id_prefix value must be a lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character." + } + + validation { + condition = length(var.cluster_id_prefix) <= 14 + error_message = "The cluster_id_prefix value shouldn't be greater than 14 characters." + } } # Must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character # Length cannot exceed 14 characters when combined with cluster_id_prefix variable "cluster_id" { - default = "" + type = string + default = "" + + validation { + condition = can(regex("^$|^[a-z0-9]+[a-zA-Z0-9_\\-.]*[a-z0-9]+$", var.cluster_id)) + error_message = "The cluster_id value must be a lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character." + } + + validation { + condition = length(var.cluster_id) <= 14 + error_message = "The cluster_id value shouldn't be greater than 14 characters." + } } variable "storage_type" { #Supported values: nfs (other value won't setup a storageclass) + type = string default = "nfs" } variable "volume_size" { # If storage_type = nfs, a new volume of this size will be attached to the bastion node. # Value in GB + type = string default = "300" } variable "volume_type" { - description = "The volume type (ssd, standard, tier1, tier3)" - default = "tier3" + type = string + description = "The volume type (ssd, standard, tier1, tier3)" + default = "tier3" } variable "volume_shareable" { + type = bool description = "If the volumes can be shared or not (true/false)" - default = false + default = false } variable "master_volume_size" { + type = string description = "Volume size to attach to the master nodes. If you don't need extra volume to be attached then keep the value empty" # Value in GB - default = "" + default = "" } variable "worker_volume_size" { + type = string description = "Volume size to attach to the worker nodes. If you don't need extra volume to be attached then keep the value empty" # Value in GB - default = "" + default = "" } variable "upgrade_version" { + type = string description = "OCP upgrade version" - default = "" + default = "" } variable "upgrade_pause_time" { + type = string description = "Number of minutes to pause the playbook execution before starting to check the upgrade status once the upgrade command is executed." - default = "70" + default = "70" } variable "upgrade_delay_time" { + type = string description = "Number of seconds to wait before re-checking the upgrade status once the playbook execution resumes." - default = "600" + default = "600" } ################################################################ # Local registry variables ( used only for restricted network install ) ################################################################ variable "enable_local_registry" { - type = bool + type = bool description = "Set to true to enable usage of local registry for restricted network install." - default = false + default = false } variable "local_registry_image" { + type = string description = "Name of the image used for creating local registry container." - default = "docker.io/ibmcom/registry-ppc64le:2.6.2.5" + default = "docker.io/ibmcom/registry-ppc64le:2.6.2.5" } variable "ocp_release_tag" { + type = string description = "The version of OpenShift you want to sync." - default = "4.4.9-ppc64le" + default = "4.4.9-ppc64le" } variable "ocp_release_name" { + type = string description = "The release name of OpenShift you want to sync." - default = "ocp-release" + default = "ocp-release" } ################################################################