From 297bcc7592bc2125b5ad27aafbbd34ecbe90d5c6 Mon Sep 17 00:00:00 2001 From: Nils Koenig Date: Tue, 10 Jun 2025 08:39:05 +0200 Subject: [PATCH 1/8] Updated sap_vm_provision(kubevirt_vm) - sap_vm_provision(kubevirt_vm) - Added assert for kubeconfig - Unified storageclass to sapstorage for both trident and hpp and make configurable - trident: make parameters configurable in role - Renamed default namespace for VMs to sap - Define public ssh key explicitly - fixed network config cloudinit - added sap_vm_provision_host_specification_plan to sample var file - make disk access_modes configurable - make CPU performance settings configurable --- .../sample-sap-vm-provision-redhat-ocpv.yml | 96 +++++-------------- ...variables-sap-vm-provision-redhat-ocpv.yml | 76 ++++++--------- roles/sap_vm_provision/PLATFORM_GUIDANCE.md | 8 +- roles/sap_vm_provision/README.md | 3 +- roles/sap_vm_provision/defaults/main.yml | 93 +++++++----------- .../kubevirt_vm/execute_main.yml | 29 +----- .../kubevirt_vm/execute_provision.yml | 22 ++--- 7 files changed, 99 insertions(+), 228 deletions(-) diff --git a/playbooks/sample-sap-vm-provision-redhat-ocpv.yml b/playbooks/sample-sap-vm-provision-redhat-ocpv.yml index 279bc203..69e7cfde 100644 --- a/playbooks/sample-sap-vm-provision-redhat-ocpv.yml +++ b/playbooks/sample-sap-vm-provision-redhat-ocpv.yml @@ -8,25 +8,18 @@ sap_vm_provision_iac_platform: kubevirt_vm pre_tasks: # Alternative to executing ansible-playbook with -e for Ansible Extravars file -# - name: Include sample variables for Red Hat Openshift Virtualization -# ansible.builtin.include_vars: ./vars/sample-variables-sap-vm-provision-redhat-ocpv.yml + # - name: Include sample variables for Red Hat Openshift Virtualization + # ansible.builtin.include_vars: ./vars/sample-variables-sap-vm-provision-redhat-ocpv.yml tasks: - name: Save inventory_host as execution_host ansible.builtin.set_fact: sap_vm_provision_execution_host: "{{ inventory_hostname }}" + when: sap_vm_provision_execution_host is not defined - name: Save ansible_user as execution_host user ansible.builtin.set_fact: - __sap_vm_provision_kubevirt_vm_register_execution_host_user: "{{ ansible_user }}" - - - name: Use kubeconfig file specified in environment variable K8S_AUTH_KUBECONFIG if sap_vm_provision_kubevirt_vm_kubeconfig_path is not defined - when: > - sap_vm_provision_kubevirt_vm_kubeconfig_path is not defined or - sap_vm_provision_kubevirt_vm_kubeconfig_path == None or - sap_vm_provision_kubevirt_vm_kubeconfig_path == '' - ansible.builtin.set_fact: - sap_vm_provision_kubevirt_vm_kubeconfig_path: "{{ lookup('env', 'K8S_AUTH_KUBECONFIG') | default(None) }}" + __sap_vm_provision_kubevirt_vm_register_execution_host_user: "{{ ansible_user | default(lookup('env', 'USER')) }}" - name: Create Tempdir ansible.builtin.tempfile: @@ -34,83 +27,40 @@ suffix: "_sap_vm_provision_kubevirt_vm" register: __sap_vm_provision_kubevirt_vm_register_tmpdir - - name: Set kubeconfig file variable - ansible.builtin.set_fact: - __sap_vm_provision_kubevirt_vm_register_kubeconfig: "{{ __sap_vm_provision_kubevirt_vm_register_tmpdir.path }}/kubeconfig" - - - name: Read content of kubeconfig file - ansible.builtin.set_fact: - __sap_vm_provision_kubevirt_vm_register_kubeconfig_data: - "{{ lookup('file', sap_vm_provision_kubevirt_vm_kubeconfig_path) | from_yaml }}" - - - name: Read cluster endpoint and CA certificate from kubeconfig if either is not defined - when: sap_vm_provision_kubevirt_vm_extract_kubeconfig - block: - - - name: Set sap_vm_provision_kubevirt_vm_api_endpoint from kubeconfig - ansible.builtin.set_fact: - __sap_vm_provision_kubevirt_vm_register_api_endpoint: - "{{ __sap_vm_provision_kubevirt_vm_register_kubeconfig_data['clusters'][0]['cluster']['server'] }}" - - - name: Write the certificate-authority-data to temp dir - ansible.builtin.copy: - content: "{{ __sap_vm_provision_kubevirt_vm_register_kubeconfig_data['clusters'][0]['cluster']['certificate-authority-data'] | b64decode }}" - dest: "{{ __sap_vm_provision_kubevirt_vm_register_tmpdir.path }}/cluster-ca-cert.pem" - mode: "0600" - - - name: Set CA file variable - ansible.builtin.set_fact: - __sap_vm_provision_kubevirt_vm_register_ca_cert: "{{ __sap_vm_provision_kubevirt_vm_register_tmpdir.path }}/cluster-ca-cert.pem" - - - name: Use predefined CA cert and API endpoint - when: not sap_vm_provision_kubevirt_vm_extract_kubeconfig - block: - - name: Set predefined OCP API Endpoint - ansible.builtin.set_fact: - __sap_vm_provision_kubevirt_vm_register_api_endpoint: "{{ sap_vm_provision_kubevirt_vm_api_endpoint }}" - - - name: Set predefined CA file - ansible.builtin.set_fact: - __sap_vm_provision_kubevirt_vm_register_ca_cert: "{{ sap_vm_provision_kubevirt_vm_ca_cert }}" - - - name: Log into Red Hat OpenShift cluster (obtain access token) - community.okd.openshift_auth: - host: "{{ __sap_vm_provision_kubevirt_vm_register_api_endpoint }}" - username: "{{ sap_vm_provision_kubevirt_vm_admin_username }}" - password: "{{ sap_vm_provision_kubevirt_vm_admin_password }}" - ca_cert: "{{ __sap_vm_provision_kubevirt_vm_register_ca_cert }}" - register: __sap_vm_provision_kubevirt_vm_register_kubevirt_vm_auth_results - - - name: Set token in kubeconfig + - name: Use kubeconfig file specified in environment variable K8S_AUTH_KUBECONFIG | KUBECONFIG if sap_vm_provision_kubevirt_vm_kubeconfig_path is not defined + when: > + sap_vm_provision_kubevirt_vm_kubeconfig is not defined or + sap_vm_provision_kubevirt_vm_kubeconfig == None or + sap_vm_provision_kubevirt_vm_kubeconfig == '' ansible.builtin.set_fact: - __sap_vm_provision_kubevirt_vm_register_kubeconfig_data: >- - {{ - __sap_vm_provision_kubevirt_vm_register_kubeconfig_data | combine({ - 'users': __sap_vm_provision_kubevirt_vm_register_kubeconfig_data.users | map('combine', [{'user': {'token': __sap_vm_provision_kubevirt_vm_register_kubevirt_vm_auth_results.openshift_auth.api_key }}] ) - }, recursive=True) - }} + sap_vm_provision_kubevirt_vm_kubeconfig: "{{ lookup('env', 'K8S_AUTH_KUBECONFIG') | default(lookup('env', 'KUBECONFIG'), true) }}" - - name: Write the updated kubeconfig - ansible.builtin.copy: - content: "{{ __sap_vm_provision_kubevirt_vm_register_kubeconfig_data | to_nice_yaml }}" - dest: "{{ __sap_vm_provision_kubevirt_vm_register_kubeconfig }}" - mode: "0600" + - name: Ensure that kubeconfig is set + assert: + that: + - sap_vm_provision_kubevirt_vm_kubeconfig is defined + - sap_vm_provision_kubevirt_vm_kubeconfig is not none + - sap_vm_provision_kubevirt_vm_kubeconfig | length > 0 + fail_msg: "sap_vm_provision_kubevirt_vm_kubeconfig is required." - - name: Create dynamic inventory group for Ansible Role sap_vm_provision and provide execution_host and api token + - name: Create dynamic inventory group for Ansible Role sap_vm_provision and provide configuration such as execution_host, kubeconfig, etc. ansible.builtin.add_host: name: "{{ item }}" group: sap_vm_provision_target_inventory_group + sap_vm_provision_iac_type: ansible + sap_vm_provision_iac_platform: kubevirt_vm sap_vm_provision_execution_host: "{{ sap_vm_provision_execution_host }}" __sap_vm_provision_kubevirt_vm_register_execution_host_user: "{{ __sap_vm_provision_kubevirt_vm_register_execution_host_user }}" __sap_vm_provision_kubevirt_vm_register_tmpdir: "{{ __sap_vm_provision_kubevirt_vm_register_tmpdir }}" - __sap_vm_provision_kubevirt_vm_register_kubeconfig: "{{ __sap_vm_provision_kubevirt_vm_register_kubeconfig }}" + sap_vm_provision_kubevirt_vm_kubeconfig: "{{ sap_vm_provision_kubevirt_vm_kubeconfig }}" loop: "{{ sap_vm_provision_kubevirt_vm_host_specifications_dictionary[sap_vm_provision_host_specification_plan].keys() }}" - name: Ansible Play to provision VMs for SAP hosts: sap_vm_provision_target_inventory_group # Ansible Play target hosts pattern, use Inventory Group created by previous Ansible Task (add_host) gather_facts: false environment: - K8S_AUTH_KUBECONFIG: "{{ __sap_vm_provision_kubevirt_vm_register_kubeconfig }}" + K8S_AUTH_KUBECONFIG: "{{ sap_vm_provision_kubevirt_vm_kubeconfig }}" + KUBECONFIG: "{{ sap_vm_provision_kubevirt_vm_kubeconfig }}" tasks: - name: Execute Ansible Role sap_vm_provision diff --git a/playbooks/vars/sample-variables-sap-vm-provision-redhat-ocpv.yml b/playbooks/vars/sample-variables-sap-vm-provision-redhat-ocpv.yml index 0dd8a395..ac5b31d8 100644 --- a/playbooks/vars/sample-variables-sap-vm-provision-redhat-ocpv.yml +++ b/playbooks/vars/sample-variables-sap-vm-provision-redhat-ocpv.yml @@ -3,6 +3,11 @@ # Red Hat OpenShift Virtualization # ############################################ +# kubeconfig for Red Hat OpenShift cluster connection. +# If not provided, the kubeconfig will be read from the environment variables +# KUBECONFIG or K8S_AUTH_KUBECONFIG +# sap_vm_provision_kubevirt_vm_kubeconfig: /path/to/clusterconfigs/kubeconfig + # Namespace where the VM should be created in sap_vm_provision_kubevirt_vm_target_namespace: sap @@ -12,50 +17,18 @@ sap_vm_provision_kubevirt_vm_os_user: cloud-user # Password for the above user sap_vm_provision_kubevirt_vm_os_user_password: "" -# how to authenticate to the guest vm [password|private_key|private_key_data] -# password: uses provided password in sap_vm_provision_kubevirt_vm_os_user_password, make sure your ssh config allows password authentication -# private_key: use the private ssh key at the location defined by sap_vm_provision_ssh_host_private_key_file_path -# private_key_data: use the private ssh key provided in sap_vm_provision_ssh_host_private_key_data and write it to the location defined in sap_vm_provision_ssh_host_private_key_file_path -sap_vm_provision_kubevirt_vm_guest_ssh_auth_mechanism: private-key - -# Private SSH key file, must be accessible on the ansible controller -# sap_vm_provision_ssh_host_private_key_file_path: - -# private ssh key, make sure the indentation is correct, here it's two spaces at the beginning of every line -# sap_vm_provision_ssh_host_private_key_data: | -# < your key data> - -# Should the CA cert and the API endpoint be extracted from the kubeconfig file? -sap_vm_provision_kubevirt_vm_extract_kubeconfig: true - -# Should an existing VM be overwritten? -sap_vm_provision_kubevirt_vm_overwrite_vm: false - -# Kubeconfig file for cluster where VMs should be created -sap_vm_provision_kubevirt_vm_kubeconfig_path: /path/to/clusterconfigs/kubeconfig - -# In order to use secured communication, provide the CA cert bundle for the cluster. -# This can be extracted from the kubeconfig file with the following command from the -# kubeconfig file: -# grep certificate-authority-data ${KUBECONFIG} | awk '{ print $2 }' | base64 --decode > cluster-ca-cert.pem -# This variable will not be used if sap_vm_provision_kubevirt_vm_extract_kubeconfig = true -# sap_vm_provision_kubevirt_vm_ca_cert: /path/to/clusterconfigs/cluster-ca-cert.pem - -# API endpoint of the cluster -# This variable will not be used if sap_vm_provision_kubevirt_vm_extract_kubeconfig = true -# sap_vm_provision_kubevirt_vm_api_endpoint: https://api.cluster.domain.tld:6443 - -# Admin username for the cluster communication -sap_vm_provision_kubevirt_vm_admin_username: kubeadmin - -# Password for the above admin user -sap_vm_provision_kubevirt_vm_admin_password: AAAAA-BBBBB-CCCCC-DDDDD +# SSH key files, must be accessible on the ansible controller +sap_vm_provision_ssh_host_private_key_file_path: /path/to/id_rsa +sap_vm_provision_ssh_host_public_key_file_path: /path/to/id_rsa.pub # RAM Overhead [GiB] for virt-launcher container, this can be small for VMs < 1 TB and without SRIOV but should be increased to 16 or more for VMs > 1TB sap_vm_provision_kubevirt_vm_container_memory_overhead: 1 # hostname of the ansible controller -sap_vm_provision_kubevirt_vm_ansible_controller: localhost # on AAP, this is localhost +sap_vm_provision_execution_host: localhost # on AAP, this is localhost + +# What's the host specification plan that should be rolled out? +sap_vm_provision_host_specification_plan: example_host_specification_plan sap_vm_provision_kubevirt_vm_host_specifications_dictionary: example_host_specification_plan: @@ -69,11 +42,17 @@ sap_vm_provision_kubevirt_vm_host_specifications_dictionary: # Provide either an existing PVC or a URL for an OS image os_image: # either url or source_pvc_name have to be provided # URL for an image to be used - url: "docker://registry.redhat.io/rhel8/rhel-guest-image:8.8.0" + #url: "docker://registry.redhat.io/rhel8/rhel-guest-image:8.8.0" + #url: "docker://registry.redhat.io/rhel8/rhel-guest-image:8.10.0" + #url: "docker://registry.redhat.io/rhel9/rhel-guest-image:9.4" + url: "docker://registry.redhat.io/rhel9/rhel-guest-image:9.6" + #url: "docker://registry.redhat.io/rhel10/rhel-guest-image:10.0" # Name for a PVC to be cloned # source_pvc_name: "rhel-8.8" namespace: openshift-virtualization-os-images size: "50Gi" + access_modes: # e.g. ReadWriteMany | ReadWriteOnce + - ReadWriteMany network_definition: - name: sapbridge type: bridge @@ -84,21 +63,22 @@ sap_vm_provision_kubevirt_vm_host_specifications_dictionary: mountpoint: /hana disk_count: 1 # default: 1 disk_size: 2048 # size in GB, integer - disk_type: nas # KubeVirt Storage Class + disk_type: sapstorage # KubeVirt Storage Class + access_modes: # e.g. ReadWriteMany | ReadWriteOnce + - ReadWriteMany cloudinit: userData: |- #cloud-config timezone: Europe/Berlin - hostname: "{{ scaleout_origin_host_spec }}" + hostname: host1 user: {{ sap_vm_provision_kubevirt_vm_os_user if sap_vm_provision_kubevirt_vm_os_user is defined }} password: {{ sap_vm_provision_kubevirt_vm_os_user_password if sap_vm_provision_kubevirt_vm_os_user_password is defined }} chpasswd: expire: false ssh_authorized_keys: - - "{{ lookup('ansible.builtin.file', sap_vm_provision_ssh_host_public_key_file_path ) }}" + - "{{ lookup('ansible.builtin.file', sap_vm_provision_ssh_host_public_key_file_path ) if sap_vm_provision_ssh_host_public_key_file_path is defined }}" networkData: |- - network: - version: 2 - ethernets: - eth0: - dhcp4: true + version: 2 + ethernets: + eth0: + dhcp4: true diff --git a/roles/sap_vm_provision/PLATFORM_GUIDANCE.md b/roles/sap_vm_provision/PLATFORM_GUIDANCE.md index 4bdd8c70..f4e6f876 100644 --- a/roles/sap_vm_provision/PLATFORM_GUIDANCE.md +++ b/roles/sap_vm_provision/PLATFORM_GUIDANCE.md @@ -129,13 +129,9 @@ See below for the drop-down list of required environment resources on an Infrast } ``` -- Kubeconfig file, kubeadmin user and password for the cluster you want to deploy. Default behavior is to extract CA certificate and API endpoint from kubeconfig (`sap_vm_provision_kubevirt_vm_extract_kubeconfig: true`). Kubeconfig location will be read from `sap_vm_provision_kubevirt_vm_kubeconfig_path` and if that variable is not defined from environment variable `K8S_AUTH_KUBECONFIG`. +- Kubeconfig file, kubeadmin user and password for the cluster you want to deploy. Default behavior is to extract CA certificate and API endpoint from kubeconfig (`sap_vm_provision_kubevirt_vm_extract_kubeconfig: true`). Kubeconfig location will be read from `sap_vm_provision_kubevirt_vm_kubeconfig` and if that variable is not defined from environment variable `K8S_AUTH_KUBECONFIG` or `KUBECONFIG`. -- SSH Key Pair for VMs or provide a password - - `sap_vm_provision_ocp_guest_ssh_auth_mechanism`: Authentication mechanism to be used to connect to the guest. Possible options are: - - `password`: Make sure to set password in `sap_vm_provision_ocp_os_user_password`. - - `private_key`: Use the private ssh key at the location defined by `sap_vm_provision_ssh_host_private_key_file_path`. - - `private_key_data`: use the private ssh key provided in `sap_vm_provision_ssh_host_private_key_data` and write it to the location defined in `sap_vm_provision_ssh_host_private_key_file_path`. +- SSH Key Pair for VMs - Optional: Ansible Control Node host with access to OpenShift cluster. diff --git a/roles/sap_vm_provision/README.md b/roles/sap_vm_provision/README.md index 58ea5856..cd1d2216 100644 --- a/roles/sap_vm_provision/README.md +++ b/roles/sap_vm_provision/README.md @@ -17,7 +17,7 @@ A series of choices is provided by the Ansible Role: - Host Specification Dictionary, containing 1..n Plans - Host OS Image Dictionary -Dependent on the choices made by the end user, host/s will be provisioend to the target Infrastructure Platform. +Dependent on the choices made by the end user, host/s will be provisioned to the target Infrastructure Platform. ## Scope @@ -86,7 +86,6 @@ For a list of requirements and recommended authorizations on each Infrastructure - `openstack.cloud` - `ovirt.ovirt` - `vmware.vmware_rest` _(requires `cloud.common`)_ - - `community.okd` for Red Hat OpenShift Virtualization TODO: Split up above dependencies per platform. diff --git a/roles/sap_vm_provision/defaults/main.yml b/roles/sap_vm_provision/defaults/main.yml index 92c24797..5e9e5571 100644 --- a/roles/sap_vm_provision/defaults/main.yml +++ b/roles/sap_vm_provision/defaults/main.yml @@ -266,13 +266,8 @@ sap_vm_provision_ibmpowervm_key_pair_name_ssh_host_public_key: "" sap_vm_provision_ibmpowervm_placement_resource_name: "sap-collocation-rule-spread" sap_vm_provision_ibmpowervm_placement_strategy_spread: false -# Kubevirt -sap_vm_provision_kubevirt_api_key: "" -sap_vm_provision_kubevirt_cluster_url: "" -sap_vm_provision_kubevirt_vm_host_os_image_url: "" # e.g. docker://registry.redhat.io/rhel8/rhel-guest-image:8.6.0 -sap_vm_provision_kubevirt_os_user: "" -sap_vm_provision_kubevirt_os_user_password: "" -sap_vm_provision_kubevirt_target_namespace: "" +# Kubevirt, see below +# sap_vm_provision_kubevirt_vm_kubeconfig: /path/to/clusterconfigs/kubeconfig # OVirt sap_vm_provision_ovirt_engine_cafile: "" @@ -782,6 +777,11 @@ sap_vm_provision_ibmpowervm_vm_host_specifications_dictionary: # kubevirt / Red Hat OpenShift Virtualization # ####################################################### +# kubeconfig for Red Hat OpenShift cluster connection. +# If not provided, the kubeconfig will be read from the environment variables +# KUBECONFIG or K8S_AUTH_KUBECONFIG +# sap_vm_provision_kubevirt_vm_kubeconfig: /path/to/clusterconfigs/kubeconfig + # Namespace where the VM should be created in sap_vm_provision_kubevirt_vm_target_namespace: sap @@ -791,50 +791,22 @@ sap_vm_provision_kubevirt_vm_os_user: cloud-user # Password for the above user sap_vm_provision_kubevirt_vm_os_user_password: "" -# how to authenticate to the guest vm [password|private_key|private_key_data] -# password: uses provided password in sap_vm_provision_kubevirt_vm_os_user_password, make sure your ssh config allows password authentication -# private_key: use the private ssh key at the location defined by sap_vm_provision_ssh_host_private_key_file_path -# private_key_data: use the private ssh key provided in sap_vm_provision_ssh_host_private_key_data and write it to the location defined in sap_vm_provision_ssh_host_private_key_file_path -sap_vm_provision_kubevirt_vm_guest_ssh_auth_mechanism: private-key - -# Private SSH key file, must be accessible on the ansible controller -# sap_vm_provision_ssh_host_private_key_file_path: - -# private ssh key, make sure the indentation is correct, here it's two spaces at the beginning of every line -# sap_vm_provision_ssh_host_private_key_data: | -# < your key data> - -# Should the CA cert and the API endpoint be extracted from the kubeconfig file? -sap_vm_provision_kubevirt_vm_extract_kubeconfig: true - -# Should an existing VM be overwritten? -sap_vm_provision_kubevirt_vm_overwrite_vm: false - -# Kubeconfig file for cluster where VMs should be created -sap_vm_provision_kubevirt_vm_kubeconfig_path: /path/to/clusterconfigs/kubeconfig - -# In order to use secured communication, provide the CA cert bundle for the cluster. -# This can be extracted from the kubeconfig file with the following command from the -# kubeconfig file: -# grep certificate-authority-data ${KUBECONFIG} | awk '{ print $2 }' | base64 --decode > cluster-ca-cert.pem -# This variable will not be used if sap_vm_provision_kubevirt_vm_extract_kubeconfig = true -# sap_vm_provision_kubevirt_vm_ca_cert: /path/to/clusterconfigs/cluster-ca-cert.pem - -# API endpoint of the cluster -# This variable will not be used if sap_vm_provision_kubevirt_vm_extract_kubeconfig = true -# sap_vm_provision_kubevirt_api_vm_endpoint: https://api.cluster.domain.tld:6443 - -# Admin username for the cluster communication -sap_vm_provision_kubevirt_vm_admin_username: kubeadmin - -# Password for the above admin user -sap_vm_provision_kubevirt_vm_admin_password: AAAAA-BBBBB-CCCCC-DDDDD - # RAM Overhead [GiB] for virt-launcher container, this can be small for VMs < 1 TB and without SRIOV but should be increased to 16 or more for VMs > 1TB sap_vm_provision_kubevirt_vm_container_memory_overhead: 1 -# hostname of the ansible controller -sap_vm_provision_kubevirt_vm_ansible_controller: localhost # on AAP, this is localhost +# CPU performance settings which are applied to VM +sap_vm_provision_kubevirt_vm_performance_cpu_settings: + dedicatedCpuPlacement: true + model: host-passthrough + numa: + guestMappingPassthrough: {} + features: + - name: x2apic + policy: require + - name: rdtscp + policy: require + - name: invtsc + policy: require sap_vm_provision_kubevirt_vm_host_specifications_dictionary: example_host_specification_plan: @@ -848,11 +820,17 @@ sap_vm_provision_kubevirt_vm_host_specifications_dictionary: # Provide either an existing PVC or a URL for an OS image os_image: # either url or source_pvc_name have to be provided # URL for an image to be used - url: "docker://registry.redhat.io/rhel8/rhel-guest-image:8.8.0" + #url: "docker://registry.redhat.io/rhel8/rhel-guest-image:8.8.0" + #url: "docker://registry.redhat.io/rhel8/rhel-guest-image:8.10.0" + #url: "docker://registry.redhat.io/rhel9/rhel-guest-image:9.4" + url: "docker://registry.redhat.io/rhel9/rhel-guest-image:9.6" + #url: "docker://registry.redhat.io/rhel10/rhel-guest-image:10.0" # Name for a PVC to be cloned # source_pvc_name: "rhel-8.8" namespace: openshift-virtualization-os-images size: "50Gi" + access_modes: # e.g. ReadWriteMany | ReadWriteOnce + - ReadWriteMany network_definition: - name: sapbridge type: bridge @@ -863,24 +841,25 @@ sap_vm_provision_kubevirt_vm_host_specifications_dictionary: mountpoint: /hana disk_count: 1 # default: 1 disk_size: 2048 # size in GB, integer - disk_type: nas # KubeVirt Storage Class + disk_type: sapstorage # KubeVirt Storage Class + access_modes: # e.g. ReadWriteMany | ReadWriteOnce + - ReadWriteMany cloudinit: userData: |- #cloud-config timezone: Europe/Berlin - hostname: "{{ scaleout_origin_host_spec }}" + hostname: host1 user: {{ sap_vm_provision_kubevirt_vm_os_user if sap_vm_provision_kubevirt_vm_os_user is defined }} password: {{ sap_vm_provision_kubevirt_vm_os_user_password if sap_vm_provision_kubevirt_vm_os_user_password is defined }} chpasswd: expire: false ssh_authorized_keys: - - "{{ lookup('ansible.builtin.file', sap_vm_provision_ssh_host_public_key_file_path ) }}" + - "{{ lookup('ansible.builtin.file', sap_vm_provision_ssh_host_public_key_file ) if sap_vm_provision_ssh_host_public_key_file is defined }}" networkData: |- - network: - version: 2 - ethernets: - eth0: - dhcp4: true + version: 2 + ethernets: + eth0: + dhcp4: true # OVirt sap_vm_provision_ovirt_vm_boot_menu: false diff --git a/roles/sap_vm_provision/tasks/platform_ansible/kubevirt_vm/execute_main.yml b/roles/sap_vm_provision/tasks/platform_ansible/kubevirt_vm/execute_main.yml index 19815f62..c32b777e 100644 --- a/roles/sap_vm_provision/tasks/platform_ansible/kubevirt_vm/execute_main.yml +++ b/roles/sap_vm_provision/tasks/platform_ansible/kubevirt_vm/execute_main.yml @@ -1,11 +1,4 @@ --- -- name: Fail if sap_vm_provision_kubevirt_vm_os_user_password is not set and sap_vm_provision_kubevirt_vm_guest_ssh_auth_mechanism is set to password - ansible.builtin.fail: - msg: Password is not allowed to be empty or undefined (sap_vm_provision_kubevirt_vm_os_user_password). - when: - - sap_vm_provision_kubevirt_vm_guest_ssh_auth_mechanism == "password" - - sap_vm_provision_kubevirt_vm_os_user_password == "" or sap_vm_provision_kubevirt_vm_os_user_password == null - - name: Ansible Task block for looped provisioning of KubeVirt Virtual Machines any_errors_fatal: true # Using environment, no_log is ineffective and log will show 'EXEC /bin/sh -c 'ENV_VAR=value python3 /AnsiballZ_ansible_module_name.py && sleep 0' @@ -68,24 +61,14 @@ - not lookup('ansible.builtin.vars', loop_item, default='') is skipped - lookup('ansible.builtin.vars', loop_item, default='') is failed -- name: Write private ssh key to ansible_controller - delegate_to: "{{ sap_vm_provision_kubevirt_vm_ansible_controller }}" - no_log: true - ansible.builtin.copy: - dest: "{{ sap_vm_provision_ssh_host_private_key_file_path }}" - content: "{{ sap_vm_provision_ssh_host_private_key_data }}" - mode: "0600" - when: sap_vm_provision_kubevirt_vm_guest_ssh_auth_mechanism == "private_key_data" - - name: Ansible Task block to execute on target inventory hosts remote_user: "{{ sap_vm_provision_kubevirt_vm_os_user }}" become: true become_user: root delegate_to: "{{ inventory_hostname }}" vars: - ansible_password: "{{ sap_vm_provision_kubevirt_vm_os_user_password }}" ansible_ssh_private_key_file: "{{ sap_vm_provision_ssh_host_private_key_file_path }}" - ansible_ssh_common_args: "-o ConnectTimeout=180 -o ControlMaster=auto -o ControlPersist=3600s -o UserKnownHostsFile=/dev/null -o ForwardX11=no -o ProxyJump={{ __sap_vm_provision_kubevirt_vm_register_execution_host_user }}@{{ sap_vm_provision_execution_host }}" + ansible_ssh_common_args: "-o StrictHostKeyChecking=no -o ConnectTimeout=180 -o ControlMaster=auto -o ControlPersist=3600s -o UserKnownHostsFile=/dev/null -o ForwardX11=no -o ProxyJump={{ __sap_vm_provision_kubevirt_vm_register_execution_host_user }}@{{ sap_vm_provision_execution_host }}" block: @@ -132,13 +115,3 @@ - name: Register Package Repositories ansible.builtin.include_tasks: file: common/register_os.yml - - always: - - - name: Delete private ssh key from ansible_controller - delegate_to: "{{ sap_vm_provision_register_ansible_controller }}" - become: false - ansible.builtin.file: - path: "{{ sap_vm_provision_ssh_host_private_key_file_path }}" - state: absent - when: sap_vm_provision_kubevirt_vm_guest_ssh_auth_mechanism == "private_key_data" diff --git a/roles/sap_vm_provision/tasks/platform_ansible/kubevirt_vm/execute_provision.yml b/roles/sap_vm_provision/tasks/platform_ansible/kubevirt_vm/execute_provision.yml index 6ee29206..c79f3af9 100644 --- a/roles/sap_vm_provision/tasks/platform_ansible/kubevirt_vm/execute_provision.yml +++ b/roles/sap_vm_provision/tasks/platform_ansible/kubevirt_vm/execute_provision.yml @@ -34,7 +34,7 @@ }, }, 'storage' : { - 'accessModes': ['ReadWriteMany'], + 'accessModes': __sap_vm_provision_register_vm_config.os_image.access_modes, 'resources': { 'requests': { 'storage': __sap_vm_provision_register_vm_config.os_image.size @@ -61,7 +61,7 @@ }, }, 'storage' : { - 'accessModes': ['ReadWriteMany'], + 'accessModes': __sap_vm_provision_register_vm_config.os_image.access_modes, 'resources': { 'requests': { 'storage': __sap_vm_provision_register_vm_config.os_image.size @@ -89,7 +89,7 @@ 'blank' : {} }, 'storage' : { - 'accessModes': ['ReadWriteMany'], + 'accessModes': storage_item.access_modes, 'resources': { 'requests': { 'storage': ((storage_item.disk_size | default(0)) | string) + 'Gi' @@ -243,23 +243,17 @@ cpu: cores: "{{ __sap_vm_provision_register_vm_config.kubevirt_vm_cpu_cores }}" threads: "{{ __sap_vm_provision_register_vm_config.kubevirt_vm_cpu_smt }}" - dedicatedCpuPlacement: true - model: host-passthrough - numa: - guestMappingPassthrough: {} - features: - - name: x2apic - policy: require - - name: rdtscp - policy: require - - name: invtsc - policy: require memory: guest: "{{ __sap_vm_provision_register_vm_config.kubevirt_vm_memory_gib }}Gi" hugepages: pageSize: 1Gi +- name: Apply CPU performance settings + ansible.builtin.set_fact: + __sap_vm_provision_register_vm_deploy_config: >- + {{ __sap_vm_provision_register_vm_deploy_config | combine({'domain': { 'cpu': __sap_vm_provision_register_vm_deploy_config.domain.cpu | combine(sap_vm_provision_kubevirt_vm_performance_cpu_settings)}}, recursive=True) }} + - name: Provision KubeVirt Virtual Machine kubevirt.core.kubevirt_vm: api_version: "{{ api_version | default(omit) }}" From c707d5632c80c7fa9ad3cdcd76be4623c2ae9bf3 Mon Sep 17 00:00:00 2001 From: Nils Koenig Date: Tue, 15 Jul 2025 16:57:45 +0200 Subject: [PATCH 2/8] streamlined disk templating with disk_maps.j2 --- .../platform_ansible/kubevirt_vm/disks_map.j2 | 18 ++++ .../kubevirt_vm/execute_provision.yml | 94 +++++++------------ 2 files changed, 53 insertions(+), 59 deletions(-) create mode 100644 roles/sap_vm_provision/tasks/platform_ansible/kubevirt_vm/disks_map.j2 diff --git a/roles/sap_vm_provision/tasks/platform_ansible/kubevirt_vm/disks_map.j2 b/roles/sap_vm_provision/tasks/platform_ansible/kubevirt_vm/disks_map.j2 new file mode 100644 index 00000000..06613772 --- /dev/null +++ b/roles/sap_vm_provision/tasks/platform_ansible/kubevirt_vm/disks_map.j2 @@ -0,0 +1,18 @@ +{%- set disks_map = [ +{ + 'metadata': { 'name': ( disk_name | replace('_', '-') ) }, + 'spec' : { + 'source' : disk_source, + 'storage' : { + 'accessModes': disk_access_modes | d('[ReadWriteMany]'), + 'resources': { + 'requests': { + 'storage': disk_size + } + }, + 'storageClassName': disk_storageclass_name | d('') + } + } +} +] -%} +{{ disks_map }} diff --git a/roles/sap_vm_provision/tasks/platform_ansible/kubevirt_vm/execute_provision.yml b/roles/sap_vm_provision/tasks/platform_ansible/kubevirt_vm/execute_provision.yml index c79f3af9..599f8a54 100644 --- a/roles/sap_vm_provision/tasks/platform_ansible/kubevirt_vm/execute_provision.yml +++ b/roles/sap_vm_provision/tasks/platform_ansible/kubevirt_vm/execute_provision.yml @@ -22,56 +22,38 @@ - name: Set fact for download OS Image ansible.builtin.set_fact: - os_image: |- - {%- set disks_map = [ - { - 'metadata': { 'name': (__sap_vm_provision_register_vm_name + '-boot' | replace('_', '-')) }, - 'spec' : { - 'source' : { - 'registry' : { - 'url': __sap_vm_provision_register_vm_config.os_image.url, - 'pullMethod': 'node' - }, + os_image: | + {{ lookup('template', 'disks_map.j2', + template_vars={ + 'disk_name': __sap_vm_provision_register_vm_name + '-boot', + 'disk_access_mode': __sap_vm_provision_register_vm_config.os_image.access_modes, + 'disk_source': { + 'registry' : { + 'url': __sap_vm_provision_register_vm_config.os_image.url, + 'pullMethod': 'node' }, - 'storage' : { - 'accessModes': __sap_vm_provision_register_vm_config.os_image.access_modes, - 'resources': { - 'requests': { - 'storage': __sap_vm_provision_register_vm_config.os_image.size - } - } - } - } + }, + 'disk_size': __sap_vm_provision_register_vm_config.os_image.size, } - ] -%} - {{ disks_map }} + ), }} when: __sap_vm_provision_register_vm_config.os_image.url is defined - name: Set fact for existing OS Image ansible.builtin.set_fact: os_image: | - {%- set disks_map = [ - { - 'metadata': { 'name': (__sap_vm_provision_register_vm_name + '-boot' | replace('_', '-')) }, - 'spec' : { - 'source' : { - 'pvc' : { - 'name': __sap_vm_provision_register_vm_config.os_image.source_pvc_name, - 'namespace': __sap_vm_provision_register_vm_config.os_image.namespace - }, + {{ lookup('template', 'disks_map.j2', + template_vars={ + 'disk_name': __sap_vm_provision_register_vm_name + '-boot', + 'disk_access_mode': __sap_vm_provision_register_vm_config.os_image.access_modes, + 'disk_source': { + 'pvc' : { + 'name': __sap_vm_provision_register_vm_config.os_image.source_pvc_name, + 'namespace': __sap_vm_provision_register_vm_config.os_image.namespace }, - 'storage' : { - 'accessModes': __sap_vm_provision_register_vm_config.os_image.access_modes, - 'resources': { - 'requests': { - 'storage': __sap_vm_provision_register_vm_config.os_image.size - } - } - } - } + }, + 'disk_size': __sap_vm_provision_register_vm_config.os_image.size, } - ] -%} - {{ disks_map }} + ), }} when: - __sap_vm_provision_register_vm_config.os_image.source_pvc_name is defined - __sap_vm_provision_register_vm_config.os_image.namespace is defined @@ -81,24 +63,18 @@ storage_disks_map: |- {% set disks_map = [] -%} {% for storage_item in __sap_vm_provision_register_vm_config.storage_definition -%} - {% set vol = disks_map.extend([ - { - 'metadata': { 'name': (__sap_vm_provision_register_vm_name + '-' + storage_item.name | replace('_', '-')) }, - 'spec' : { - 'source' : { - 'blank' : {} - }, - 'storage' : { - 'accessModes': storage_item.access_modes, - 'resources': { - 'requests': { - 'storage': ((storage_item.disk_size | default(0)) | string) + 'Gi' - } - }, - 'storageClassName': storage_item.disk_type | default('') - } - } - }]) %} + {% set vol = disks_map.extend([ + lookup('template', 'disks_map.j2', + template_vars={ + 'disk_name': __sap_vm_provision_register_vm_name + '-' + storage_item.name, + 'disk_access_mode': storage_item.access_modes, + 'disk_source': { + 'blank' : {} + }, + 'disk_size': ((storage_item.disk_size | default(0)) | string) + 'Gi' + 'disk_storageclass_name': storage_item.disk_type + }), + }]) %} {%- endfor %} {{ disks_map }} From 2e6697aa5120cbecfb399a7f19c9895d1aa8f557 Mon Sep 17 00:00:00 2001 From: Nils Koenig Date: Wed, 16 Jul 2025 08:56:14 +0200 Subject: [PATCH 3/8] Restored default disk_access_mode d['ReadWriteMany'] --- .../tasks/platform_ansible/kubevirt_vm/disks_map.j2 | 2 +- .../kubevirt_vm/execute_provision.yml | 12 ++++++------ 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/roles/sap_vm_provision/tasks/platform_ansible/kubevirt_vm/disks_map.j2 b/roles/sap_vm_provision/tasks/platform_ansible/kubevirt_vm/disks_map.j2 index 06613772..6d8b507b 100644 --- a/roles/sap_vm_provision/tasks/platform_ansible/kubevirt_vm/disks_map.j2 +++ b/roles/sap_vm_provision/tasks/platform_ansible/kubevirt_vm/disks_map.j2 @@ -4,7 +4,7 @@ 'spec' : { 'source' : disk_source, 'storage' : { - 'accessModes': disk_access_modes | d('[ReadWriteMany]'), + 'accessModes': disk_access_modes | d(['ReadWriteMany']), 'resources': { 'requests': { 'storage': disk_size diff --git a/roles/sap_vm_provision/tasks/platform_ansible/kubevirt_vm/execute_provision.yml b/roles/sap_vm_provision/tasks/platform_ansible/kubevirt_vm/execute_provision.yml index 599f8a54..ff848ff2 100644 --- a/roles/sap_vm_provision/tasks/platform_ansible/kubevirt_vm/execute_provision.yml +++ b/roles/sap_vm_provision/tasks/platform_ansible/kubevirt_vm/execute_provision.yml @@ -26,7 +26,7 @@ {{ lookup('template', 'disks_map.j2', template_vars={ 'disk_name': __sap_vm_provision_register_vm_name + '-boot', - 'disk_access_mode': __sap_vm_provision_register_vm_config.os_image.access_modes, + 'disk_access_mode': __sap_vm_provision_register_vm_config.os_image.access_modes | d(['ReadWriteMany']), 'disk_source': { 'registry' : { 'url': __sap_vm_provision_register_vm_config.os_image.url, @@ -44,7 +44,7 @@ {{ lookup('template', 'disks_map.j2', template_vars={ 'disk_name': __sap_vm_provision_register_vm_name + '-boot', - 'disk_access_mode': __sap_vm_provision_register_vm_config.os_image.access_modes, + 'disk_access_mode': __sap_vm_provision_register_vm_config.os_image.access_modes | d(['ReadWriteMany']), 'disk_source': { 'pvc' : { 'name': __sap_vm_provision_register_vm_config.os_image.source_pvc_name, @@ -67,14 +67,14 @@ lookup('template', 'disks_map.j2', template_vars={ 'disk_name': __sap_vm_provision_register_vm_name + '-' + storage_item.name, - 'disk_access_mode': storage_item.access_modes, + 'disk_access_mode': storage_item.access_modes | d(['ReadWriteMany']), 'disk_source': { 'blank' : {} }, - 'disk_size': ((storage_item.disk_size | default(0)) | string) + 'Gi' + 'disk_size': ((storage_item.disk_size | default(0)) | string) + 'Gi', 'disk_storageclass_name': storage_item.disk_type - }), - }]) %} + }), + ]) %} {%- endfor %} {{ disks_map }} From 289ff3f904d9002ced4f22309e52279cbec490c6 Mon Sep 17 00:00:00 2001 From: Nils Koenig Date: Wed, 16 Jul 2025 11:39:13 +0200 Subject: [PATCH 4/8] Revert "Restored default disk_access_mode d['ReadWriteMany']" This reverts commit 2e6697aa5120cbecfb399a7f19c9895d1aa8f557. --- .../tasks/platform_ansible/kubevirt_vm/disks_map.j2 | 2 +- .../kubevirt_vm/execute_provision.yml | 12 ++++++------ 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/roles/sap_vm_provision/tasks/platform_ansible/kubevirt_vm/disks_map.j2 b/roles/sap_vm_provision/tasks/platform_ansible/kubevirt_vm/disks_map.j2 index 6d8b507b..06613772 100644 --- a/roles/sap_vm_provision/tasks/platform_ansible/kubevirt_vm/disks_map.j2 +++ b/roles/sap_vm_provision/tasks/platform_ansible/kubevirt_vm/disks_map.j2 @@ -4,7 +4,7 @@ 'spec' : { 'source' : disk_source, 'storage' : { - 'accessModes': disk_access_modes | d(['ReadWriteMany']), + 'accessModes': disk_access_modes | d('[ReadWriteMany]'), 'resources': { 'requests': { 'storage': disk_size diff --git a/roles/sap_vm_provision/tasks/platform_ansible/kubevirt_vm/execute_provision.yml b/roles/sap_vm_provision/tasks/platform_ansible/kubevirt_vm/execute_provision.yml index ff848ff2..599f8a54 100644 --- a/roles/sap_vm_provision/tasks/platform_ansible/kubevirt_vm/execute_provision.yml +++ b/roles/sap_vm_provision/tasks/platform_ansible/kubevirt_vm/execute_provision.yml @@ -26,7 +26,7 @@ {{ lookup('template', 'disks_map.j2', template_vars={ 'disk_name': __sap_vm_provision_register_vm_name + '-boot', - 'disk_access_mode': __sap_vm_provision_register_vm_config.os_image.access_modes | d(['ReadWriteMany']), + 'disk_access_mode': __sap_vm_provision_register_vm_config.os_image.access_modes, 'disk_source': { 'registry' : { 'url': __sap_vm_provision_register_vm_config.os_image.url, @@ -44,7 +44,7 @@ {{ lookup('template', 'disks_map.j2', template_vars={ 'disk_name': __sap_vm_provision_register_vm_name + '-boot', - 'disk_access_mode': __sap_vm_provision_register_vm_config.os_image.access_modes | d(['ReadWriteMany']), + 'disk_access_mode': __sap_vm_provision_register_vm_config.os_image.access_modes, 'disk_source': { 'pvc' : { 'name': __sap_vm_provision_register_vm_config.os_image.source_pvc_name, @@ -67,14 +67,14 @@ lookup('template', 'disks_map.j2', template_vars={ 'disk_name': __sap_vm_provision_register_vm_name + '-' + storage_item.name, - 'disk_access_mode': storage_item.access_modes | d(['ReadWriteMany']), + 'disk_access_mode': storage_item.access_modes, 'disk_source': { 'blank' : {} }, - 'disk_size': ((storage_item.disk_size | default(0)) | string) + 'Gi', + 'disk_size': ((storage_item.disk_size | default(0)) | string) + 'Gi' 'disk_storageclass_name': storage_item.disk_type - }), - ]) %} + }), + }]) %} {%- endfor %} {{ disks_map }} From 5887c317afa074c409c8cf72d4bce09b13fd2240 Mon Sep 17 00:00:00 2001 From: Nils Koenig Date: Wed, 16 Jul 2025 11:39:28 +0200 Subject: [PATCH 5/8] Revert "streamlined disk templating with disk_maps.j2" This reverts commit c707d5632c80c7fa9ad3cdcd76be4623c2ae9bf3. --- .../platform_ansible/kubevirt_vm/disks_map.j2 | 18 ---- .../kubevirt_vm/execute_provision.yml | 94 ++++++++++++------- 2 files changed, 59 insertions(+), 53 deletions(-) delete mode 100644 roles/sap_vm_provision/tasks/platform_ansible/kubevirt_vm/disks_map.j2 diff --git a/roles/sap_vm_provision/tasks/platform_ansible/kubevirt_vm/disks_map.j2 b/roles/sap_vm_provision/tasks/platform_ansible/kubevirt_vm/disks_map.j2 deleted file mode 100644 index 06613772..00000000 --- a/roles/sap_vm_provision/tasks/platform_ansible/kubevirt_vm/disks_map.j2 +++ /dev/null @@ -1,18 +0,0 @@ -{%- set disks_map = [ -{ - 'metadata': { 'name': ( disk_name | replace('_', '-') ) }, - 'spec' : { - 'source' : disk_source, - 'storage' : { - 'accessModes': disk_access_modes | d('[ReadWriteMany]'), - 'resources': { - 'requests': { - 'storage': disk_size - } - }, - 'storageClassName': disk_storageclass_name | d('') - } - } -} -] -%} -{{ disks_map }} diff --git a/roles/sap_vm_provision/tasks/platform_ansible/kubevirt_vm/execute_provision.yml b/roles/sap_vm_provision/tasks/platform_ansible/kubevirt_vm/execute_provision.yml index 599f8a54..c79f3af9 100644 --- a/roles/sap_vm_provision/tasks/platform_ansible/kubevirt_vm/execute_provision.yml +++ b/roles/sap_vm_provision/tasks/platform_ansible/kubevirt_vm/execute_provision.yml @@ -22,38 +22,56 @@ - name: Set fact for download OS Image ansible.builtin.set_fact: - os_image: | - {{ lookup('template', 'disks_map.j2', - template_vars={ - 'disk_name': __sap_vm_provision_register_vm_name + '-boot', - 'disk_access_mode': __sap_vm_provision_register_vm_config.os_image.access_modes, - 'disk_source': { - 'registry' : { - 'url': __sap_vm_provision_register_vm_config.os_image.url, - 'pullMethod': 'node' + os_image: |- + {%- set disks_map = [ + { + 'metadata': { 'name': (__sap_vm_provision_register_vm_name + '-boot' | replace('_', '-')) }, + 'spec' : { + 'source' : { + 'registry' : { + 'url': __sap_vm_provision_register_vm_config.os_image.url, + 'pullMethod': 'node' + }, }, - }, - 'disk_size': __sap_vm_provision_register_vm_config.os_image.size, + 'storage' : { + 'accessModes': __sap_vm_provision_register_vm_config.os_image.access_modes, + 'resources': { + 'requests': { + 'storage': __sap_vm_provision_register_vm_config.os_image.size + } + } + } + } } - ), }} + ] -%} + {{ disks_map }} when: __sap_vm_provision_register_vm_config.os_image.url is defined - name: Set fact for existing OS Image ansible.builtin.set_fact: os_image: | - {{ lookup('template', 'disks_map.j2', - template_vars={ - 'disk_name': __sap_vm_provision_register_vm_name + '-boot', - 'disk_access_mode': __sap_vm_provision_register_vm_config.os_image.access_modes, - 'disk_source': { - 'pvc' : { - 'name': __sap_vm_provision_register_vm_config.os_image.source_pvc_name, - 'namespace': __sap_vm_provision_register_vm_config.os_image.namespace + {%- set disks_map = [ + { + 'metadata': { 'name': (__sap_vm_provision_register_vm_name + '-boot' | replace('_', '-')) }, + 'spec' : { + 'source' : { + 'pvc' : { + 'name': __sap_vm_provision_register_vm_config.os_image.source_pvc_name, + 'namespace': __sap_vm_provision_register_vm_config.os_image.namespace + }, }, - }, - 'disk_size': __sap_vm_provision_register_vm_config.os_image.size, + 'storage' : { + 'accessModes': __sap_vm_provision_register_vm_config.os_image.access_modes, + 'resources': { + 'requests': { + 'storage': __sap_vm_provision_register_vm_config.os_image.size + } + } + } + } } - ), }} + ] -%} + {{ disks_map }} when: - __sap_vm_provision_register_vm_config.os_image.source_pvc_name is defined - __sap_vm_provision_register_vm_config.os_image.namespace is defined @@ -63,18 +81,24 @@ storage_disks_map: |- {% set disks_map = [] -%} {% for storage_item in __sap_vm_provision_register_vm_config.storage_definition -%} - {% set vol = disks_map.extend([ - lookup('template', 'disks_map.j2', - template_vars={ - 'disk_name': __sap_vm_provision_register_vm_name + '-' + storage_item.name, - 'disk_access_mode': storage_item.access_modes, - 'disk_source': { - 'blank' : {} - }, - 'disk_size': ((storage_item.disk_size | default(0)) | string) + 'Gi' - 'disk_storageclass_name': storage_item.disk_type - }), - }]) %} + {% set vol = disks_map.extend([ + { + 'metadata': { 'name': (__sap_vm_provision_register_vm_name + '-' + storage_item.name | replace('_', '-')) }, + 'spec' : { + 'source' : { + 'blank' : {} + }, + 'storage' : { + 'accessModes': storage_item.access_modes, + 'resources': { + 'requests': { + 'storage': ((storage_item.disk_size | default(0)) | string) + 'Gi' + } + }, + 'storageClassName': storage_item.disk_type | default('') + } + } + }]) %} {%- endfor %} {{ disks_map }} From 228361b7da4e0cff6c797ceb6c0effba8696e78a Mon Sep 17 00:00:00 2001 From: Nils Koenig Date: Wed, 16 Jul 2025 11:42:20 +0200 Subject: [PATCH 6/8] added default access_mode d['ReadWriteMany'] --- .../platform_ansible/kubevirt_vm/execute_provision.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/sap_vm_provision/tasks/platform_ansible/kubevirt_vm/execute_provision.yml b/roles/sap_vm_provision/tasks/platform_ansible/kubevirt_vm/execute_provision.yml index c79f3af9..3b301b56 100644 --- a/roles/sap_vm_provision/tasks/platform_ansible/kubevirt_vm/execute_provision.yml +++ b/roles/sap_vm_provision/tasks/platform_ansible/kubevirt_vm/execute_provision.yml @@ -34,7 +34,7 @@ }, }, 'storage' : { - 'accessModes': __sap_vm_provision_register_vm_config.os_image.access_modes, + 'accessModes': __sap_vm_provision_register_vm_config.os_image.access_modes | d['ReadWriteMany'], 'resources': { 'requests': { 'storage': __sap_vm_provision_register_vm_config.os_image.size @@ -61,7 +61,7 @@ }, }, 'storage' : { - 'accessModes': __sap_vm_provision_register_vm_config.os_image.access_modes, + 'accessModes': __sap_vm_provision_register_vm_config.os_image.access_modes | d['ReadWriteMany'], 'resources': { 'requests': { 'storage': __sap_vm_provision_register_vm_config.os_image.size @@ -89,7 +89,7 @@ 'blank' : {} }, 'storage' : { - 'accessModes': storage_item.access_modes, + 'accessModes': storage_item.access_modes | d['ReadWriteMany'], 'resources': { 'requests': { 'storage': ((storage_item.disk_size | default(0)) | string) + 'Gi' From 74aff0b7af60ee67267bb0900f931219ff4da310 Mon Sep 17 00:00:00 2001 From: Nils Koenig Date: Wed, 16 Jul 2025 12:46:05 +0200 Subject: [PATCH 7/8] fixed linter errors --- .../kubevirt_vm/execute_provision.yml | 38 +++++++++---------- 1 file changed, 19 insertions(+), 19 deletions(-) diff --git a/roles/sap_vm_provision/tasks/platform_ansible/kubevirt_vm/execute_provision.yml b/roles/sap_vm_provision/tasks/platform_ansible/kubevirt_vm/execute_provision.yml index 3b301b56..1b17553b 100644 --- a/roles/sap_vm_provision/tasks/platform_ansible/kubevirt_vm/execute_provision.yml +++ b/roles/sap_vm_provision/tasks/platform_ansible/kubevirt_vm/execute_provision.yml @@ -34,7 +34,7 @@ }, }, 'storage' : { - 'accessModes': __sap_vm_provision_register_vm_config.os_image.access_modes | d['ReadWriteMany'], + 'accessModes': __sap_vm_provision_register_vm_config.os_image.access_modes | d(['ReadWriteMany']), 'resources': { 'requests': { 'storage': __sap_vm_provision_register_vm_config.os_image.size @@ -61,7 +61,7 @@ }, }, 'storage' : { - 'accessModes': __sap_vm_provision_register_vm_config.os_image.access_modes | d['ReadWriteMany'], + 'accessModes': __sap_vm_provision_register_vm_config.os_image.access_modes | d(['ReadWriteMany']), 'resources': { 'requests': { 'storage': __sap_vm_provision_register_vm_config.os_image.size @@ -81,24 +81,24 @@ storage_disks_map: |- {% set disks_map = [] -%} {% for storage_item in __sap_vm_provision_register_vm_config.storage_definition -%} - {% set vol = disks_map.extend([ - { - 'metadata': { 'name': (__sap_vm_provision_register_vm_name + '-' + storage_item.name | replace('_', '-')) }, - 'spec' : { - 'source' : { - 'blank' : {} - }, - 'storage' : { - 'accessModes': storage_item.access_modes | d['ReadWriteMany'], - 'resources': { - 'requests': { - 'storage': ((storage_item.disk_size | default(0)) | string) + 'Gi' - } - }, - 'storageClassName': storage_item.disk_type | default('') + {% set vol = disks_map.extend([ + { + 'metadata': { 'name': (__sap_vm_provision_register_vm_name + '-' + storage_item.name | replace('_', '-')) }, + 'spec' : { + 'source' : { + 'blank' : {} + }, + 'storage' : { + 'accessModes': storage_item.access_modes | d(['ReadWriteMany']), + 'resources': { + 'requests': { + 'storage': ((storage_item.disk_size | default(0)) | string) + 'Gi', } - } - }]) %} + }, + 'storageClassName': storage_item.disk_type | default(''), + } + } + }]) %} {%- endfor %} {{ disks_map }} From 859f18133ff7f45eca2b4b7484e99acd7cd31056 Mon Sep 17 00:00:00 2001 From: Nils Koenig Date: Wed, 16 Jul 2025 14:46:41 +0200 Subject: [PATCH 8/8] fixed linter errors --- playbooks/sample-sap-vm-provision-redhat-ocpv.yml | 4 ++-- .../vars/sample-variables-sap-vm-provision-redhat-ocpv.yml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/playbooks/sample-sap-vm-provision-redhat-ocpv.yml b/playbooks/sample-sap-vm-provision-redhat-ocpv.yml index 69e7cfde..3425e4a1 100644 --- a/playbooks/sample-sap-vm-provision-redhat-ocpv.yml +++ b/playbooks/sample-sap-vm-provision-redhat-ocpv.yml @@ -33,10 +33,10 @@ sap_vm_provision_kubevirt_vm_kubeconfig == None or sap_vm_provision_kubevirt_vm_kubeconfig == '' ansible.builtin.set_fact: - sap_vm_provision_kubevirt_vm_kubeconfig: "{{ lookup('env', 'K8S_AUTH_KUBECONFIG') | default(lookup('env', 'KUBECONFIG'), true) }}" + sap_vm_provision_kubevirt_vm_kubeconfig: "{{ lookup('env', 'K8S_AUTH_KUBECONFIG') | default(lookup('env', 'KUBECONFIG'), true) }}" - name: Ensure that kubeconfig is set - assert: + ansible.builtin.assert: that: - sap_vm_provision_kubevirt_vm_kubeconfig is defined - sap_vm_provision_kubevirt_vm_kubeconfig is not none diff --git a/playbooks/vars/sample-variables-sap-vm-provision-redhat-ocpv.yml b/playbooks/vars/sample-variables-sap-vm-provision-redhat-ocpv.yml index ac5b31d8..4bc07a10 100644 --- a/playbooks/vars/sample-variables-sap-vm-provision-redhat-ocpv.yml +++ b/playbooks/vars/sample-variables-sap-vm-provision-redhat-ocpv.yml @@ -18,7 +18,7 @@ sap_vm_provision_kubevirt_vm_os_user: cloud-user sap_vm_provision_kubevirt_vm_os_user_password: "" # SSH key files, must be accessible on the ansible controller -sap_vm_provision_ssh_host_private_key_file_path: /path/to/id_rsa +sap_vm_provision_ssh_host_private_key_file_path: /path/to/id_rsa sap_vm_provision_ssh_host_public_key_file_path: /path/to/id_rsa.pub # RAM Overhead [GiB] for virt-launcher container, this can be small for VMs < 1 TB and without SRIOV but should be increased to 16 or more for VMs > 1TB