- Deploying the Ansible Edge GitOps Pattern
- General Prerequisites
- Credentials Required in Pattern
- Prerequisites for deployment via
- How to deploy
- Installation Validation
- Infrastructure Elements of this Pattern
- Next Steps
- An OpenShift cluster ( Go to the OpenShift console). See also sizing your cluster. Currently this pattern only supports AWS. It could also run on a baremetal OpenShift cluster, because OpenShift Virtualization supports that; there would need to be some customizations made to support it as the default is AWS. We hope that GCP and Azure will support provisioning metal workers in due course so this can be a more clearly multicloud pattern.
- A GitHub account (and, optionally, a token for it with repositories permissions, to read from and write to your forks)
- The helm binary, see here
- Ansible, which is used in the bootstrap and provisioning phases of the pattern install (and to configure Ansible Automation Platform).
- Please note that when run on AWS, this pattern will provision an additional worker node, which will be a metal instance (c5n.metal) to run the Edge Virtual Machines. This worker is provisioned through the OpenShift MachineAPI and will be automatically cleaned up when the cluster is destroyed.
The use of this pattern depends on having a running Red Hat OpenShift cluster. It is desirable to have a cluster for deploying the GitOps management hub assets and a separate cluster(s) for the managed cluster(s).
If you do not have a running Red Hat OpenShift cluster you can start one on a public or private cloud by using Red Hat’s cloud service.
In addition to the openshift cluster, you will need to prepare a number of secrets, or credentials, which will be used
in the pattern in various ways. To do this, copy the values-secret.yaml template to your home directory as
values-secret.yaml and replace the explanatory text as follows:
- A username and SSH Keypair (private key and public key). These will be used to provide access to the Kiosk VMs in the demo.
--- secrets: # NEVER COMMIT THESE VALUES TO GIT kiosk-ssh: username: 'Username of user to attach privatekey and publickey to - cloud-user is a typical value' privatekey: 'Private ssh key of the user who will be able to elevate to root to provision kiosks' publickey: 'Public ssh key of the user who will be able to elevate to root to provision kiosks'
- A Red Hat Subscription Management username and password. These will be used to register Kiosk VM templates to the Red Hat Content Delivery Network and install content on the Kiosk VMs to run the demo.
rhsm: username: 'username of user to register RHEL VMs' password: 'password of rhsm user in plaintext'
- Container “extra” arguments which will set the admin password for the ignition application when it’s running.
kiosk-extra: # Default: '--privileged -e GATEWAY_ADMIN_PASSWORD=redhat' container_extra_params: "Optional extra params to pass to kiosk ignition container, including admin password"
- A manifest file with an entitlement to run Ansible Automation Platform. This file (which will be a .zip file) will be posted to to Ansible Automation Platform instance to enable its use. Instructions for creating a manifest file can be found here
files: # Secret used for licensing Ansible Automation Platform aap-manifest: 'full pathname of file containing Manfiest for entitling Ansible Automation Platform'
If you are going to install via
make install from your workstation, you will need the following tools and packages:
make- the well-known software build tool
sh- a POSIX-compatible shell
sed- the “stream editor”, commonly used in shell scripting
oc- the OpenShift client
git- The well known version control utility
helm- The Helm binary, see here
ansible- The well-known automation tool
kubernetes.corecollection for ansible
And additionally, the following ansible collections:
To see what collections are installed:
ansible-galaxy collection list
To install a collection that is not currently installed:
ansible-galaxy collection install <collection>
Login to your cluster using oc login or exporting the KUBECONFIG
or set KUBECONFIG to the path to your
kubeconfigfile. For example:
Fork the ansible-edge-gitops repo on GitHub. It is necessary to fork to preserve customizations you make to the default configuration files.
Clone the forked copy of this repository.
git clone firstname.lastname@example.org:your-username/ansible-edge-gitops.git
Create a local copy of the Helm values file that can safely include credentials
WARNING: DO NOT COMMIT THIS FILE
You do not want to push personal credentials to GitHub.
cp values-secret.yaml.template ~/values-secret.yaml vi ~/values-secret.yaml
Customize the deployment for your cluster (Optional - the defaults in values-global.yaml are designed to work in AWS):
git checkout -b my-branch vi values-global.yaml git add values-global.yaml git commit values-global.yaml git push origin my-branch
(Optional) Preview the changes
Apply the changes to your cluster. This will install the pattern via the Validated Patterns Operator, and then run any necessary follow-up steps.
The installation process will take between 45-60 minutes to complete. If you want to know the details of what is happening during that time, the entire process is documented here.
Check the operators have been installed using the OpenShift console
OpenShift Console Web UI -> Installed Operators
The screen should like this when installed via
- Check all applications are synchronised
Under the project
ansible-edge-gitops-hub click on the URL for the
server. All applications will sync, but this takes time as ODF has to completely install, and OpenShift Virtualization cannot provision VMs until the metal node has been fully provisioned and ready. Additionally, the Dynamic Provision Kiosk Template in AAP must complete; it can only start once the VMs have provisioned and are running:
- While the metal node is building, the VMs in OpenShift console will show as “Unschedulable.” This is normal and expected, as the VMs themselves cannot run until the metal node completes provisioning and is ready.
- Under Virtualization > Virtual Machines, the virtual machines will eventually show as “Running.” Once they are in “Running” state the Provisioning workflow will run on them, and install Firefox, Kiosk mode, and the Ignition application on them:
- Finally, the VM Consoles will show the Ignition introduction screen. You can choose any of these options; this tutorial assumes you chose “Ignition”:
- You should be able to login to the application with the userid “admin” and the password you specified as the GATEWAY_ADMIN_PASSWORD in
container_extra_paramsin your values-secret.yaml file.
Please see Installation Details for more information on the steps of installation.
Please see Ansible Automation Platform for more information on how this pattern uses the Ansible Automation Platform Operator for OpenShift.
Please see OpenShift Virtualization for more information on how this pattern uses OpenShift Virtualization.
A fully functional installation of the Ansible Automation Platform operator is installed on your OpenShift cluster to configure and maintain the VMs for this demo. AAP maintains a dynamic inventory of kiosk machines and can configure a VM from template to fully functional kiosk in about 10 minutes.
OpenShift Virtualization is a Kubernetes-native way to run virtual machine workloads. It is used in this pattern to host VMs simulating an Edge environment; the chart that configures the VMs is designed to be flexible to allow easy customization to model different VM sizes, mixes, versions and profiles for future pattern development.
Inductive Automation Ignition
The goal of this pattern is to configure 2 VMs running Firefox in Kiosk mode displaying the demo version of the Ignition application running in a podman container. Ignition is a popular tool in use with Oil and Gas companies; it is included as a real-world example and as an item to spark imagination about what other applications could be installed and managed this way.
The container used for this pattern is the container image published by Inductive Automation.
Vault is used as the authoritative source for the Kiosk ssh pubkey via the External Secrets Operator. As part of this pattern HashiCorp Vault has been installed. Refer to the section on Vault.