This change includes various simplifications

- Only support RHEL 9.4 and Microshift 4.16 - The ramdisk support is for the full /var/lib/microshift - Remove the trick for /var/lib/microshift/version - Delete no longer needed files
openstack-k8s-operators · Jan 16, 2025 · 0cc6e00 · 0cc6e00
1 parent 031c0fa
commit 0cc6e00
Show file tree

Hide file tree

Showing 16 changed files with 52 additions and 215 deletions.
diff --git a/README.md b/README.md
@@ -5,17 +5,12 @@
 The main goal of that project is to deploy the Microshift service by using
 Ansible tool.
 
-On top of the MicroShift [getting started](https://microshift.io/docs/getting-started/) instructions,
-this role performs the following actions:
-
-* Disable IPv6 as it is a source of problem in cloud environment.
-* Give you possibility to disable the swap on the host.
-* Can install the Operator SDK framework.
-* Create the PV (Persistent Volumes) base on local storage.
-* Setup topolvm storage for persistent volume.
-* Create an additional user in OpenShift.
-* Overwrite the container policy.
-* Others.
+On top of the MicroShift [getting started](https://microshift.io/docs/getting-started/) instructions, this role performs the following actions deploy Microshift.
+
+Optionally, the role allow to:
+* Create a 'rhel' LVM Volume group on a flat file
+* Deploy OLM
+* Setup DNSMasq to ensure that Pods can resolv domain to the MicroShift deployment
 
 ## Role requirements
 

diff --git a/defaults/main.yaml b/defaults/main.yaml
@@ -10,10 +10,6 @@ fqdn: microshift.dev
 # It can be generated here: https://cloud.redhat.com/openshift/create/local
 openshift_pull_secret: ""
 
-# Enable RHOCP subscription repo to install MicroShift rpm packages
-# on RHEL systems
-enable_rhocp_subscription: true
-
 # Set the location, where the pull-secret.txt content will be stored,
 # Later it will be used by cri-o runtime environment.
 registry_secret_path: /etc/crio/openshift-pull-secret
@@ -25,14 +21,8 @@ hide_sensitive_logs: true
 # For example `oc` binary.
 setup_tools: true
 
-# Keep the firewalld rules after reboot
-firewalld_rules_permament: true
-
 ### Microshift ###
 
-# The Microshift version that is available in the repository.
-microshift_version: 4.16
-
 # Default settings from /etc/microshift/config.yaml.default
 # https://github.com/openshift/microshift/blob/release-4.14/packaging/microshift/config.yaml
 microshift_config:
@@ -84,11 +74,6 @@ microshift_lmvd:
 #     lvcreate-options:
 #       - ""
 
-# Default settings from /etc/microshift/ovn.yaml.default
-# https://github.com/openshift/microshift/blob/release-4.14/packaging/microshift/ovn.yaml
-microshift_ovn: {}
-# mtu: 1500
-
 #######################################
 ###              OLM                ###
 #######################################
@@ -144,13 +129,9 @@ microshift_frontend_address: ""
 # loadbalancer or Openshift router.
 microshift_additional_addresses: []
 
-# Set the cri-o registry policy to pull images even from untrasted registries.
-overwrite_container_policy: false
-
-# Experimental features: you should not use it on the production!
+# Do not use it on the production!
 # That feature might be useful for the CI, especially when the disk is slow.
-etcd_on_ramdisk: false
-# Path for the etcd directory used by the microshift-etcd service.
-ramdisk_path: /var/lib/microshift/etcd
-# Ramdisk size for etcd service
+# This does not support host restart
+enable_ramdisk: false
+# Ramdisk size
 ramdisk_size: 512m
diff --git a/files/policy.json b/files/policy.json
diff --git a/files/wait-for-microshift.sh b/files/wait-for-microshift.sh
@@ -23,7 +23,7 @@ done
 # Normally, the script should finished in the for loop, but if it's not
 # it should exit with an error. Before that, describe all pods that
 # are not running correctly.
-echo -e "\nSomthing is not deployed in Microshift!\n"
+echo -e "\nSomething is not deployed in Microshift!\n"
 oc get pods --all-namespaces --no-headers | grep -Evi 'running|completed' | while read -r ns pod rest; do
     echo -e "\nChecking ${pod} in namespace ${ns}"
     kubectl -n "${ns}" describe pod "${pod}";

diff --git a/handlers/main.yaml b/handlers/main.yaml
@@ -13,20 +13,6 @@
     state: reloaded
     enabled: true
 
-- name: Restart crio
-  become: true
-  ansible.builtin.systemd:
-    name: crio
-    state: restarted
-    enabled: true
-
-- name: Restart Microshift
-  become: true
-  ansible.builtin.systemd:
-    name: microshift
-    state: started
-    enabled: true
-
 - name: Restart Openshift DNS
   ansible.builtin.shell: |
     kubectl -n openshift-dns rollout restart daemonsets dns-default
diff --git a/tasks/crio.yaml b/tasks/crio.yaml
diff --git a/tasks/firewall.yaml b/tasks/firewall.yaml
@@ -9,7 +9,7 @@
       become: true
       ansible.posix.firewalld:
         port: "{{ zj_rule_details }}"
-        permanent: "{{ firewalld_rules_permament }}"
+        permanent: true
         state: enabled
       loop:
         - 80/tcp
@@ -23,13 +23,13 @@
       ansible.posix.firewalld:
         source: 10.42.0.0/16
         zone: trusted
-        permanent: "{{ firewalld_rules_permament }}"
+        permanent: true
         state: enabled
 
     - name: Add exception to source - 169.254.169.251.1
       become: true
       ansible.posix.firewalld:
         source: 169.254.169.1/32
         zone: trusted
-        permanent: "{{ firewalld_rules_permament }}"
+        permanent: true
         state: enabled
diff --git a/tasks/main.yaml b/tasks/main.yaml
@@ -2,23 +2,15 @@
 - name: Check if pull-secret is provided
   ansible.builtin.fail:
     msg: "You need to provide pull-secret.txt content into the var!"
-  when: not openshift_pull_secret
+  when: openshift_pull_secret | length < 100
 
-- name: Configure required resources for non RHEL distro
-  when: ansible_distribution | lower != 'redhat' or not enable_rhocp_subscription
-  block:
-    - name: Setup Microshift repository
-      ansible.builtin.include_tasks: repo.yaml
-
-    - name: Setup tools
-      ansible.builtin.include_tasks: tools.yaml
-      when: setup_tools
-
-    - name: Prepare cri-o
-      ansible.builtin.include_tasks: crio.yaml
+- name: Check system version compatibility
+  ansible.builtin.fail:
+    msg: "The system is not compatible"
+  when: (ansible_distribution_version != '9.4') or
+        (ansible_distribution | lower != 'redhat')
 
 - name: Configure RHEL subscription
-  when: ansible_distribution | lower == 'redhat' and enable_rhocp_subscription
   ansible.builtin.include_tasks: subscription.yaml
 
 - name: Prepare host
@@ -27,9 +19,9 @@
 - name: Prepare firewall
   ansible.builtin.include_tasks: firewall.yaml
 
-- name: Use ramdisk for etcd service
-  ansible.builtin.include_tasks: etcd_ramdisk.yaml
-  when: etcd_on_ramdisk
+- name: Use ramdisk for /var/lib/microshift
+  ansible.builtin.include_tasks: ramdisk.yaml
+  when: ramdisk
 
 - name: Create VG and LVM for openshift-storage topolvm
   ansible.builtin.include_tasks: openshift-storage.yaml
@@ -40,9 +32,6 @@
 - name: Post setup Microshift steps
   ansible.builtin.include_tasks: post.yaml
 
-- name: Provide credentials for restricted regitries
-  ansible.builtin.include_tasks: registry_login.yaml
-
 - name: Verify that Microshift deployment is finished
   ansible.builtin.include_tasks: wait-for-microshift.yaml
 

diff --git a/tasks/microshift.yaml b/tasks/microshift.yaml
@@ -1,53 +1,19 @@
 ---
-- name: Install Microshift when distro is not RHEL
-  when: ansible_distribution | lower != 'redhat' or not enable_rhocp_subscription
-  block:
-    - name: Install CentOS NFV repository to enable Open vSwitch
-      become: true
-      ansible.builtin.yum:
-        name: centos-release-nfv-openvswitch
-        state: present
-
-    - name: Install microshift package
-      become: true
-      ansible.builtin.yum:
-        name: microshift
-        state: present
-        enablerepo: microshift-rpms,microshift-deps-rpms
-      notify: Restart Microshift
-
-- name: Install Microshift when distro is RHEL
-  when: ansible_distribution | lower == 'redhat' and enable_rhocp_subscription
+- name: Install Microshift
   become: true
   ansible.builtin.yum:
     name: microshift
     state: present
-  notify: Restart Microshift
-
-###############################################################################
-# NOTE: A workaround for upgrading Microshift 4.13 to 4.14 or 4.14 to 4.15.   #
-# That would be removed in the future.                                        #
-###############################################################################
-- name: Ensure microshift lib dir exists
-  become: true
-  ansible.builtin.file:
-    path: /var/lib/microshift
-    state: directory
 
-- name: Check if version file exists
+- name: Copy pull-secret to node
   become: true
-  ansible.builtin.stat:
-    path: /var/lib/microshift/version
-  register: _microshift_version_file
-
-- name: "Create a version file if does not exists with version {{ microshift_version }}.0"
-  become: true
-  when: not _microshift_version_file.stat.exists
   ansible.builtin.copy:
-    content: |
-      {{ microshift_version }}.0
-    dest: /var/lib/microshift/version
-###############################################################################
+    content: "{{ openshift_pull_secret }}"
+    dest: "{{ registry_secret_path }}"
+    owner: root
+    group: root
+    mode: '0600'
+  no_log: "{{ hide_sensitive_logs }}"
 
 - name: Change Microshift configuration files
   become: true
@@ -63,9 +29,19 @@
       dest: config.yaml
     - var_name: microshift_lmvd
       dest: lvmd.yaml
-    - var_name: microshift_ovn
-      dest: ovn.yaml
   when: vars[item.var_name]
+  register: microshift_config
 
-- name: Flush handlers
-  ansible.builtin.meta: flush_handlers
+- name: Restart Microshift if config changed
+  become: true
+  ansible.builtin.systemd:
+    name: microshift
+    state: restarted
+  when: microshift_config is changed
+
+- name: Ensure Microshift started and enabled
+  become: true
+  ansible.builtin.systemd:
+    name: microshift
+    state: started
+    enabled: true
diff --git a/tasks/etcd_ramdisk.yaml → tasks/ramdisk.yaml b/tasks/etcd_ramdisk.yaml → tasks/ramdisk.yaml
@@ -1,8 +1,8 @@
 ---
-- name: Create directory for etcd
+- name: Create directory for /var/lib/microshift
   become: true
   ansible.builtin.file:
-    path: "{{ ramdisk_path }}"
+    path: /var/lib/microshift
     state: directory
     mode: 0700
     owner: root
@@ -12,20 +12,20 @@
   become: true
   ansible.posix.mount:
     src: tmpfs
-    name: "{{ ramdisk_path }}"
+    name: /var/lib/microshift
     fstype: tmpfs
     state: mounted
     opts: "defaults,size={{ ramdisk_size }}"
 
 - name: Set proper permissions after mount
   become: true
   ansible.builtin.file:
-    path: "{{ ramdisk_path }}"
+    path: /var/lib/microshift
     state: directory
     mode: 0700
     owner: root
     group: root
 
 - name: Set proper SELinux context
   become: true
-  ansible.builtin.command: restorecon -F {{ ramdisk_path }}
+  ansible.builtin.command: restorecon -F /var/lib/microshift
diff --git a/tasks/registry_login.yaml b/tasks/registry_login.yaml
diff --git a/tasks/repo.yaml b/tasks/repo.yaml
diff --git a/tasks/subscription.yaml b/tasks/subscription.yaml
@@ -1,12 +1,12 @@
 ---
 # https://docs.redhat.com/en/documentation/red_hat_build_of_microshift/4.16/html/installing/microshift-install-rpm#installing-microshift-from-rpm-package_microshift-install-rpm
-- name: Enable RHOCP repso
+- name: Enable RHOCP repository
   become: true
   community.general.rhsm_repository:
     name: "rhocp-4.16-for-rhel-9-{{ ansible_architecture }}-rpms"
     state: enabled
 
-- name: Enable fast datapath
+- name: Enable fast datapath repository
   become: true
   community.general.rhsm_repository:
     name: "fast-datapath-for-rhel-9-{{ ansible_architecture }}-rpms"