From 7f958d18b33185cd49223c7b5b53aba1b44965ab Mon Sep 17 00:00:00 2001 From: Aishwarya Kamat Date: Fri, 25 Mar 2022 10:31:40 +0530 Subject: [PATCH 1/3] To remove the scp error with Terraform v1.1.x Signed-off-by: Aishwarya Kamat --- modules/1_prepare/prepare.tf | 6 +++--- modules/5_install/install.tf | 14 +++++++------- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/modules/1_prepare/prepare.tf b/modules/1_prepare/prepare.tf index fb0098acf..eb265a588 100644 --- a/modules/1_prepare/prepare.tf +++ b/modules/1_prepare/prepare.tf @@ -133,15 +133,15 @@ resource "null_resource" "bastion_init" { } provisioner "file" { content = var.private_key - destination = "~/.ssh/id_rsa" + destination = ".ssh/id_rsa" } provisioner "file" { content = var.public_key - destination = "~/.ssh/id_rsa.pub" + destination = ".ssh/id_rsa.pub" } provisioner "remote-exec" { inline = [ - "sudo chmod 600 ~/.ssh/id_rsa*", + "sudo chmod 600 .ssh/id_rsa*", "sudo sed -i.bak -e 's/^ - set_hostname/# - set_hostname/' -e 's/^ - update_hostname/# - update_hostname/' /etc/cloud/cloud.cfg", "sudo hostnamectl set-hostname --static ${lower(var.name_prefix)}bastion-${count.index}.${var.cluster_domain}", "echo 'HOSTNAME=${lower(var.name_prefix)}bastion-${count.index}.${var.cluster_domain}' | sudo tee -a /etc/sysconfig/network > /dev/null", diff --git a/modules/5_install/install.tf b/modules/5_install/install.tf index acf14292e..1122913bf 100644 --- a/modules/5_install/install.tf +++ b/modules/5_install/install.tf @@ -161,15 +161,15 @@ resource "null_resource" "config" { } provisioner "file" { content = templatefile("${path.module}/templates/helpernode_inventory", local.helpernode_inventory) - destination = "~/ocp4-helpernode/inventory" + destination = "ocp4-helpernode/inventory" } provisioner "file" { content = var.pull_secret - destination = "~/.openshift/pull-secret" + destination = ".openshift/pull-secret" } provisioner "file" { content = templatefile("${path.module}/templates/helpernode_vars.yaml", local.helpernode_vars) - destination = "~/ocp4-helpernode/helpernode_vars.yaml" + destination = "ocp4-helpernode/helpernode_vars.yaml" } provisioner "remote-exec" { inline = [ @@ -333,11 +333,11 @@ resource "null_resource" "install" { } provisioner "file" { content = templatefile("${path.module}/templates/install_inventory", local.install_inventory) - destination = "~/ocp4-playbooks/inventory" + destination = "ocp4-playbooks/inventory" } provisioner "file" { content = templatefile("${path.module}/templates/install_vars.yaml", local.install_vars) - destination = "~/ocp4-playbooks/install_vars.yaml" + destination = "ocp4-playbooks/install_vars.yaml" } provisioner "remote-exec" { inline = [ @@ -362,7 +362,7 @@ resource "null_resource" "powervs_config" { provisioner "file" { content = templatefile("${path.module}/templates/powervs_config_vars.yaml", local.powervs_config_vars) - destination = "~/ocp4-playbooks/powervs_config_vars.yaml" + destination = "ocp4-playbooks/powervs_config_vars.yaml" } provisioner "remote-exec" { inline = [ @@ -391,7 +391,7 @@ resource "null_resource" "upgrade" { provisioner "file" { content = templatefile("${path.module}/templates/upgrade_vars.yaml", local.upgrade_vars) - destination = "~/ocp4-playbooks/upgrade_vars.yaml" + destination = "ocp4-playbooks/upgrade_vars.yaml" } provisioner "remote-exec" { inline = [ From 56066fc1400dbc1ab0bfb64fa6ff72dfab54cd86 Mon Sep 17 00:00:00 2001 From: Aishwarya Kamat Date: Mon, 18 Oct 2021 13:12:58 +0530 Subject: [PATCH 2/3] Update Terraform Version Signed-off-by: Aishwarya Kamat --- docs/automation_host_prereqs.md | 2 +- modules/1_prepare/versions.tf | 2 +- modules/4_nodes/versions.tf | 2 +- modules/5_install/versions.tf | 2 +- modules/7_ibmcloud/versions.tf | 2 +- versions.tf | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/docs/automation_host_prereqs.md b/docs/automation_host_prereqs.md index 9e1e4188b..276ff7cb8 100644 --- a/docs/automation_host_prereqs.md +++ b/docs/automation_host_prereqs.md @@ -24,7 +24,7 @@ Install the following packages on the automation host. Select the appropriate in **Terraform >= 0.13.0**: Please refer to the [link](https://learn.hashicorp.com/terraform/getting-started/install.html) for instructions on installing Terraform. For validating the version run `terraform version` command after install. Install Terraform and providers for Power environment: -1. Download the Terraform binary version 0.13.6 from https://www.power-devops.com/terraform and install it to /usr/local/bin. +1. Download and install the Terraform binary (>= 0.13.0) for Linux/ppc64le from https://www.power-devops.com/terraform. 2. Download the required Terraform providers for Power into your TF project directory: ``` $ cd diff --git a/modules/1_prepare/versions.tf b/modules/1_prepare/versions.tf index c23d16c71..1c7ae9766 100644 --- a/modules/1_prepare/versions.tf +++ b/modules/1_prepare/versions.tf @@ -29,5 +29,5 @@ terraform { version = "~> 2.1" } } - required_version = "~> 0.13.0" + required_version = ">= 0.13.0" } diff --git a/modules/4_nodes/versions.tf b/modules/4_nodes/versions.tf index 304b98d70..49c4df171 100644 --- a/modules/4_nodes/versions.tf +++ b/modules/4_nodes/versions.tf @@ -29,5 +29,5 @@ terraform { version = "~> 2.1.0" } } - required_version = "~> 0.13.0" + required_version = ">= 0.13.0" } diff --git a/modules/5_install/versions.tf b/modules/5_install/versions.tf index 5ddaa14a9..6f737100f 100644 --- a/modules/5_install/versions.tf +++ b/modules/5_install/versions.tf @@ -25,5 +25,5 @@ terraform { version = "~> 2.1" } } - required_version = "~> 0.13.0" + required_version = ">= 0.13.0" } diff --git a/modules/7_ibmcloud/versions.tf b/modules/7_ibmcloud/versions.tf index be62b3939..cf5006193 100644 --- a/modules/7_ibmcloud/versions.tf +++ b/modules/7_ibmcloud/versions.tf @@ -25,5 +25,5 @@ terraform { version = "1.39.0" } } - required_version = "~> 0.13.0" + required_version = ">= 0.13.0" } diff --git a/versions.tf b/versions.tf index 7ed56fc77..a5141d423 100644 --- a/versions.tf +++ b/versions.tf @@ -29,5 +29,5 @@ terraform { version = "~> 2.3" } } - required_version = "~> 0.13.0" + required_version = ">= 0.13.0" } From bac14691e87593413697c8233fd9451893aa8a6c Mon Sep 17 00:00:00 2001 From: Aishwarya Kamat Date: Mon, 31 Jan 2022 16:39:27 +0530 Subject: [PATCH 3/3] Accessing cluster using non-root user Signed-off-by: Aishwarya Kamat --- docs/var.tfvars-doc.md | 3 ++- modules/1_prepare/prepare.tf | 6 ++--- modules/5_install/install.tf | 26 ++++++++++--------- .../5_install/templates/helpernode_inventory | 2 +- modules/5_install/templates/install_inventory | 2 +- var.tfvars | 4 +-- 6 files changed, 23 insertions(+), 20 deletions(-) diff --git a/docs/var.tfvars-doc.md b/docs/var.tfvars-doc.md index eae8c0359..6a996acc3 100644 --- a/docs/var.tfvars-doc.md +++ b/docs/var.tfvars-doc.md @@ -136,10 +136,11 @@ system_type = "s922" #Can be either s922 or e980 These set of variables specify the username and the SSH key to be used for accessing the bastion node. ``` -rhel_username = "root" +rhel_username = "root" #Set it to an appropriate username for non-root user access public_key_file = "data/id_rsa.pub" private_key_file = "data/id_rsa" ``` +rhel_username is set to root. rhel_username can be set to an appropriate username having superuser privileges with no password prompt. Please note that only OpenSSH formatted keys are supported. Refer to the following links for instructions on creating SSH key based on your platform. - Windows 10 - https://phoenixnap.com/kb/generate-ssh-key-windows-10 - Mac OSX - https://www.techrepublic.com/article/how-to-generate-ssh-keys-on-macos-mojave/ diff --git a/modules/1_prepare/prepare.tf b/modules/1_prepare/prepare.tf index eb265a588..86af67e18 100644 --- a/modules/1_prepare/prepare.tf +++ b/modules/1_prepare/prepare.tf @@ -352,11 +352,11 @@ resource "null_resource" "setup_nfs_disk" { } provisioner "remote-exec" { inline = [ - "rm -rf mkdir ${local.storage_path}; mkdir -p ${local.storage_path}; chmod -R 755 ${local.storage_path}", + "sudo rm -rf mkdir ${local.storage_path}; sudo mkdir -p ${local.storage_path}; sudo chmod -R 755 ${local.storage_path}", "sudo chmod +x /tmp/create_disk_link.sh", # Fix for copying file from Windows OS having CR - "sed -i 's/\r//g' /tmp/create_disk_link.sh", - "/tmp/create_disk_link.sh", + "sudo sed -i 's/\r//g' /tmp/create_disk_link.sh", + "sudo /tmp/create_disk_link.sh", "sudo mkfs.ext4 -F /dev/${local.disk_config.disk_name}", "echo '/dev/${local.disk_config.disk_name} ${local.storage_path} ext4 defaults 0 0' | sudo tee -a /etc/fstab > /dev/null", "sudo mount ${local.storage_path}", diff --git a/modules/5_install/install.tf b/modules/5_install/install.tf index 1122913bf..e93464ef2 100644 --- a/modules/5_install/install.tf +++ b/modules/5_install/install.tf @@ -78,10 +78,12 @@ locals { } helpernode_inventory = { - bastion_ip = var.bastion_ip + rhel_username = var.rhel_username + bastion_ip = var.bastion_ip } install_inventory = { + rhel_username = var.rhel_username bastion_hosts = [for ix in range(length(var.bastion_ip)) : "${var.name_prefix}bastion-${ix}"] bootstrap_host = var.bootstrap_ip == "" ? "" : "${var.node_prefix}bootstrap" master_hosts = [for ix in range(length(var.master_ips)) : "${var.node_prefix}master-${ix}"] @@ -175,7 +177,7 @@ resource "null_resource" "config" { inline = [ "sed -i \"/^helper:.*/a \\ \\ networkifacename: $(ip r | grep \"${var.cidr} dev\" | awk '{print $3}')\" ocp4-helpernode/helpernode_vars.yaml", "echo 'Running ocp4-helpernode playbook...'", - "cd ocp4-helpernode && ansible-playbook -e @helpernode_vars.yaml tasks/main.yml ${var.ansible_extra_options}" + "cd ocp4-helpernode && ansible-playbook -e @helpernode_vars.yaml tasks/main.yml ${var.ansible_extra_options} --become" ] } } @@ -204,10 +206,10 @@ resource "null_resource" "configure_public_vip" { provisioner "remote-exec" { inline = [ # Set state=MASTER,priority=100 for first bastion and state=BACKUP,priority=90 for others. - "sed -i \"s/state /state ${count.index == 0 ? "MASTER" : "BACKUP"}/\" /tmp/keepalived_vrrp_instance", - "sed -i \"s/priority /priority ${count.index == 0 ? "100" : "90"}/\" /tmp/keepalived_vrrp_instance", - "sed -i \"s/interface /interface $(ip r | grep ${var.public_cidr} | awk '{print $3}')/\" /tmp/keepalived_vrrp_instance", - "cat /tmp/keepalived_vrrp_instance >> /etc/keepalived/keepalived.conf", + "sudo sed -i \"s/state /state ${count.index == 0 ? "MASTER" : "BACKUP"}/\" /tmp/keepalived_vrrp_instance", + "sudo sed -i \"s/priority /priority ${count.index == 0 ? "100" : "90"}/\" /tmp/keepalived_vrrp_instance", + "sudo sed -i \"s/interface /interface $(ip r | grep ${var.public_cidr} | awk '{print $3}')/\" /tmp/keepalived_vrrp_instance", + "sudo cat /tmp/keepalived_vrrp_instance >> /etc/keepalived/keepalived.conf", "sudo systemctl restart keepalived" ] } @@ -234,14 +236,14 @@ echo "Configuring SNAT (experimental)..." PRIVATE_INTERFACE=$(ip r | grep "${var.cidr} dev" | awk '{print $3}') -firewall-cmd --zone=public --add-masquerade --permanent +sudo firewall-cmd --zone=public --add-masquerade --permanent # Masquerade will enable ip forwarding automatically -firewall-cmd --reload +sudo firewall-cmd --reload #Checksum needs to be turned off to avoid a bug with ibmveth -PRIVATE_CONNECTION_NAME=$(nmcli -t -f NAME connection show | grep $PRIVATE_INTERFACE) -nmcli connection modify "$PRIVATE_CONNECTION_NAME" ethtool.feature-rx off -nmcli connection up "$PRIVATE_CONNECTION_NAME" +PRIVATE_CONNECTION_NAME=$(sudo nmcli -t -f NAME connection show | grep $PRIVATE_INTERFACE) +sudo nmcli connection modify "$PRIVATE_CONNECTION_NAME" ethtool.feature-rx off +sudo nmcli connection up "$PRIVATE_CONNECTION_NAME" EOF ] @@ -301,7 +303,7 @@ resource "null_resource" "pre_install" { # DHCP config for setting MTU; Since helpernode DHCP template does not support MTU setting provisioner "remote-exec" { inline = [ - "sed -i.mtubak '/option routers/i option interface-mtu ${var.private_network_mtu};' /etc/dhcp/dhcpd.conf", + "sudo sed -i.mtubak '/option routers/i option interface-mtu ${var.private_network_mtu};' /etc/dhcp/dhcpd.conf", "sudo systemctl restart dhcpd.service" ] } diff --git a/modules/5_install/templates/helpernode_inventory b/modules/5_install/templates/helpernode_inventory index ac1eaddde..d6b2ad059 100644 --- a/modules/5_install/templates/helpernode_inventory +++ b/modules/5_install/templates/helpernode_inventory @@ -1,4 +1,4 @@ [vmhost] %{ for ip in bastion_ip ~} -${ip} ansible_connection=ssh ansible_user=root +${ip} ansible_connection=ssh ansible_user=${rhel_username} %{ endfor ~} diff --git a/modules/5_install/templates/install_inventory b/modules/5_install/templates/install_inventory index aec3cd88c..5afd4aff3 100644 --- a/modules/5_install/templates/install_inventory +++ b/modules/5_install/templates/install_inventory @@ -1,6 +1,6 @@ [bastion] %{ for bastion in bastion_hosts ~} -${bastion} ansible_connection=ssh ansible_user=root +${bastion} ansible_connection=ssh ansible_user=${rhel_username} %{ endfor ~} %{ if bootstrap_host != "" ~} diff --git a/var.tfvars b/var.tfvars index 58c345c18..cb337d600 100644 --- a/var.tfvars +++ b/var.tfvars @@ -26,8 +26,8 @@ processor_type = "shared" system_type = "s922" network_name = "ocp-net" -rhel_username = "root" -connection_timeout = 30 # minutes +rhel_username = "root" #Set it to an appropriate username for non-root user access +connection_timeout = 30 # minutes public_key_file = "data/id_rsa.pub" private_key_file = "data/id_rsa" rhel_subscription_username = "" #Leave this as-is if using CentOS as bastion image