This role contains playbooks to deploy OCP SNO in a very opinionated fashion. This might not correspond to the official or recommended way to deploy SNO. For SNO on libvirt it uses a live CD image to bootstrap a VM, and for baremetal it uses dnsmasq as TFTP/DNS/DHCP server and bootstrap a physical node.
NOTE: Disconnected support only available on Baremetal SNO, virtual SNO still requires connected environment
For any type of SNO installation, these variables are always required
- pull secret # pull secret content
- domain # FQDN to use
- cluster # name of the cluster
- dir # directory to store deployment files
- extcidrnet # CIDR of the network to use
- install_type # DCI use only, options: ipi (default), sno
- pull_image # The "Pull From"
ocp_releaseimage to use from the release.txt file. In DCI this is provided in the OCP component.
| Variable | Required | Default | Description |
|---|---|---|---|
| si_cache_dir | no | /opt/cache | Path to the directory in the registry host containing every OCP version installation artifacts. |
| si_cache_server | no | null | In disconnected environments, automatically resolves to the first member of the registry_host group, otherwise resolves to the provision host. If passed as an argument, it must be set to a FQDN for an SSH accessible host containing the cache directory and serving the installation artifacts. |
| si_cache_server_major_version | no | {{ ansible_distribution_major_version }} | Distribution major version for the cache server if it's different than the version in the provision host. |
| si_cache_server_user_id | no | {{ ansible_user_id }} | User ID in the cache server if the value is different than for the provision host. |
| si_cache_server_user_gid | no | {{ ansible_user_gid }} | User GID in the cache server if the value is different than for the provision host. |
| si_cache_server_user_dir | no | {{ ansible_user_dir }} | Home directory for the cache server user if the value is different than the provision host. |
Steps and playbooks to help you setup your environment are documented here
- Install latest RHEL 8 release
- Subscribe the node to Base, Appstream, and EPEL repositories
- Create kni user and set sudo privileges without password
- Generate a ssh key for the kni user
The variables below are required in the inventory
sno_install_type == baremetal sno_extnet_ip # IP address to use on the SNO node from "extcidrnet"
- installation_disk # Disk path (default /dev/sda)
- ipmi_address # IP address of the BMC interface
- ipmi_user # User with administrator privileges
- ipmi_password # Password of the BMC user
- ipmi_port # Port of the BMC console
- baremetal_mac # MAC address of the Baremetal NIC
- extcidrrouter # define the gateway to use
- extcidrdns # IP address of the DNS server
The following DNS entries will be configured in the dnsmasq service, but if using a corporate DNS then add API, Apps and SNO records there.
- api.{{ cluster }}.{{ domain }} => {{ sno_extnet_ip }} # IP of the SNO node
- apps.{{ cluster }}.{{ domain }} => {{ sno_extnet_ip }} # IP of the SNO node
- sno.{{ cluster }}.{{ domain }} => {{ sno_extnet_ip }} # DNS Name of the SNO node
Cache can be disabled with the variable cache_enabled=false, but the following variables with their values need to be defined with the URLs where the files can be downloaded. Example:
- coreos_pxe_rootfs_url=http:///rhcos-48.84.202109241901-0-live-rootfs.x86_64.img
- coreos_sno_ignition_url=http://:8080/4.8.15/sno.ign
To specify a server for hosting the dnsmasq service, include a tftp_host group in the inventory. If not defined, the provisioner node will be chosen. See example in roles/sno_node_prep/tests/inventory-baremetal.
NOTE: if using a corporate DHCP and decide to use the SNO dnsmasq TFTP:
- blacklist MAC of SNO Baremetal interface
- make sure there is no service listening on port 53/udp in TFTP host that could interfere with dnsmasq service of the SNO baremetal deployment.
Also, if you setup dnsmasq_enabled = false (default is true) no dnsmasq service will be configure, and you can setup manually and choose the TFTP/DHCP/DNS services of your preference.
Finally if you do not want to leave the SNO deployment to download the kernel and initramfs images, you can previously downloaded them and and pass the variables of kernel and initramfs images with the path of the file in the tftp server. Example:
- coreos_pxe_kernel_path=/images/rhcos-48.84.202109241901-0-live-kernel-x86_64
- coreos_pxe_initramfs_path=/images/rhcos-48.84.202109241901-0-live-initramfs.x86_64.img
To specify a server hosting the registry include registry_host group in the inventory. Only required in disconnected mode. SNO roles do not configure a registry service, only make use of a provisioned registry. See registry variables in the inventory example in roles/sno_node_prep/tests/inventory-baremetal
Note: This applies to DCI deployments only
-
Same commands and DCI tools are used. See main DCI documentation To prepare the jumpbox
-
Examples of SNO inventories can be found in:
-
Review the doc to Start the DCI agent