Updated sap_hypervisor_node_preconfigure(redhat_ocpv)

playbooks/sample-sap-hypervisor-redhat-ocp-virt-preconfigure.yml

@@ -6,91 +6,34 @@
     sap_hypervisor_node_preconfigure_platform: redhat_ocp_virt
   tasks:
 
-    - name: Use kubeconfig file specified in environment variable K8S_AUTH_KUBECONFIG if sap_hypervisor_node_preconfigure_ocp_kubeconfig_path is not defined
+    - name: Use kubeconfig file specified in environment variable K8S_AUTH_KUBECONFIG | KUBECONFIG if sap_hypervisor_node_preconfigure_ocp_kubeconfig_path is not defined.
       when: >
-        sap_hypervisor_node_preconfigure_ocp_kubeconfig_path is not defined or
-        sap_hypervisor_node_preconfigure_ocp_kubeconfig_path == None or
-        sap_hypervisor_node_preconfigure_ocp_kubeconfig_path == ''
+        sap_hypervisor_node_preconfigure_kubeconfig is not defined or
+        sap_hypervisor_node_preconfigure_kubeconfig == None or
+        sap_hypervisor_node_preconfigure_kubeconfig == ''
       ansible.builtin.set_fact:
-        sap_hypervisor_node_preconfigure_ocp_kubeconfig_path: "{{ lookup('env', 'K8S_AUTH_KUBECONFIG') | default(None) }}"
+        sap_hypervisor_node_preconfigure_kubeconfig: "{{ lookup('env', 'K8S_AUTH_KUBECONFIG') | default(lookup('env', 'KUBECONFIG'), true) }}"
+
+    - name: Ensure that kubeconfig is set
+      assert:
+        that:
+          - sap_hypervisor_node_preconfigure_kubeconfig is defined
+          - sap_hypervisor_node_preconfigure_kubeconfig is not none
+          - sap_hypervisor_node_preconfigure_kubeconfig | length > 0
+        fail_msg: "sap_hypervisor_node_preconfigure_kubeconfig is required."
 
     - name: Create Tempdir on jumphost
       ansible.builtin.tempfile:
         state: directory
         suffix: "_sap_hypervisor_node_preconfigure"
       register: __sap_hypervisor_node_preconfigure_register_tmpdir_jumphost
 
-    - name: Set kubeconfig file variable
-      ansible.builtin.set_fact:
-        __sap_hypervisor_node_preconfigure_register_kubeconfig: "{{ __sap_hypervisor_node_preconfigure_register_tmpdir_jumphost.path }}/kubeconfig"
-
-    - name: Read content of kubeconfig file
-      ansible.builtin.set_fact:
-        sap_hypervisor_node_preconfigure_ocp_kubeconfig_data:
-          "{{ lookup('file', sap_hypervisor_node_preconfigure_ocp_kubeconfig_path) | from_yaml }}"
-
-    - name: Read cluster endpoint and CA certificate from kubeconfig if either is not defined
-      when: sap_hypervisor_node_preconfigure_ocp_extract_kubeconfig
-      block:
-
-        - name: Set sap_hypervisor_node_preconfigure_ocp_endpoint from kubeconfig
-          ansible.builtin.set_fact:
-            __sap_hypervisor_node_preconfigure_register_ocp_endpoint:
-              "{{ sap_hypervisor_node_preconfigure_ocp_kubeconfig_data['clusters'][0]['cluster']['server'] }}"
-
-        - name: Write the certificate-authority-data to temp dir on jumphost
-          ansible.builtin.copy:
-            content: "{{ sap_hypervisor_node_preconfigure_ocp_kubeconfig_data['clusters'][0]['cluster']['certificate-authority-data'] | b64decode }}"
-            dest: "{{ __sap_hypervisor_node_preconfigure_register_tmpdir_jumphost.path }}/cluster-ca-cert.pem"
-            mode: "0666"
-
-        - name: Set CA file variable
-          ansible.builtin.set_fact:
-            __sap_hypervisor_node_preconfigure_register_ca_cert: "{{ __sap_hypervisor_node_preconfigure_register_tmpdir_jumphost.path }}/cluster-ca-cert.pem"
-
-
-    - name: Use predefined CA cert and API endpoint
-      when: not sap_hypervisor_node_preconfigure_ocp_extract_kubeconfig
-
-      block:
-        - name: Set predefined OCP API Endpoint
-          ansible.builtin.set_fact:
-            __sap_hypervisor_node_preconfigure_register_ocp_endpoint: "{{ sap_hypervisor_node_preconfigure_ocp_endpoint }}"
-
-        - name: Set predefined CA file
-          ansible.builtin.set_fact:
-            __sap_hypervisor_node_preconfigure_register_ca_cert: "{{ sap_hypervisor_node_preconfigure_ocp_ca_cert }}"
-
-
-    - name: Log into Red Hat OpenShift cluster (obtain access token)
-      community.okd.openshift_auth:
-        host: "{{ __sap_hypervisor_node_preconfigure_register_ocp_endpoint }}"
-        username: "{{ sap_hypervisor_node_preconfigure_ocp_admin_username }}"
-        password: "{{ sap_hypervisor_node_preconfigure_ocp_admin_password }}"
-        ca_cert: "{{ __sap_hypervisor_node_preconfigure_register_ca_cert }}"
-      register: __sap_vm_provision_register_ocp_auth_results
-
-    - name: Set token in kubeconfig
-      ansible.builtin.set_fact:
-        sap_hypervisor_node_preconfigure_ocp_kubeconfig_data: >-
-          {{
-            sap_hypervisor_node_preconfigure_ocp_kubeconfig_data | combine({
-              'users':  sap_hypervisor_node_preconfigure_ocp_kubeconfig_data.users | map('combine', [{'user': {'token': __sap_vm_provision_register_ocp_auth_results.openshift_auth.api_key }}] )
-            }, recursive=True)
-          }}
-
-    - name: Write the updated kubeconfig
-      ansible.builtin.copy:
-        content: "{{ sap_hypervisor_node_preconfigure_ocp_kubeconfig_data | to_nice_yaml }}"
-        dest: "{{ __sap_hypervisor_node_preconfigure_register_kubeconfig }}"
-        mode: "0600"
-
     - name: Invoke role with credentials set as environment variables
       delegate_to: "{{ inventory_hostname }}"
       delegate_facts: true
       environment:
-        KUBECONFIG: "{{ __sap_hypervisor_node_preconfigure_register_kubeconfig }}"
-        K8S_AUTH_KUBECONFIG: "{{ __sap_hypervisor_node_preconfigure_register_kubeconfig }}"
+        KUBECONFIG: "{{ sap_hypervisor_node_preconfigure_kubeconfig }}"
+        K8S_AUTH_KUBECONFIG: "{{ sap_hypervisor_node_preconfigure_kubeconfig }}"
       block:
 
         - name: Include sap_hypervisor_node_preconfigure Ansible Role

playbooks/vars/sample-variables-sap-hypervisor-redhat-ocp-virt-preconfigure.yml

@@ -6,28 +6,11 @@
 # Red Hat OpenShift cluster connection details
 ###########################################################
 
-# Admin username for Red Hat OpenShift cluster connection
-sap_hypervisor_node_preconfigure_ocp_admin_username:
-
-# Admin password for Red Hat OpenShift cluster connection
-sap_hypervisor_node_preconfigure_ocp_admin_password:
-
-# Path to kubeconfig file Red Hat OpenShift cluster connection
-sap_hypervisor_node_preconfigure_ocp_kubeconfig_path:
-
-# If this is set to true, the API endpoint and the
-# CA Certificate are extracted from the kubeconfig file.
-# If set to false, sap_hypervisor_node_preconfigure_ocp_endpoint and
-# sap_hypervisor_node_preconfigure_ocp_ca_cert have to be specified.
-sap_hypervisor_node_preconfigure_ocp_extract_kubeconfig: true
-
-# URL to the API endpoint of Red Hat OpenShift cluster
-#sap_hypervisor_node_preconfigure_ocp_endpoint:
-
-# CA Certificate for Red Hat OpenShift cluster connection
-# To extract the CA Cert from the kubeconfig, you can use
-# grep certificate-authority-data ${KUBECONFIG} | awk '{ print $2 }' | base64 --decode > client-cert.pem
-#sap_hypervisor_node_preconfigure_ocp_ca_cert:
+# kubeconfig for Red Hat OpenShift cluster connection.
+# Needs to contain a valid API token for trident storage operator to work.
+# If not provided, the kubeconfig will be read from the environment variables
+# KUBECONFIG or K8S_AUTH_KUBECONFIG
+# sap_hypervisor_node_preconfigure_kubeconfig:
 
 
 ###########################################################
@@ -47,12 +30,27 @@ sap_hypervisor_node_preconfigure_install_operators: true
 sap_hypervisor_node_preconfigure_setup_worker_nodes: true
 
 
+###################################################################################
+# Individual worker nodes config details, typically no need to change anything here.
+# Requires sap_hypervisor_node_preconfigure_setup_worker_nodes to be set to true.
+###################################################################################
+
+# Should the network of the nodes be configured?
+sap_hypervisor_node_preconfigure_configure_worker_node_network: true
+
+# Should the cpumanager be enabled? This has to be set to true.
+sap_hypervisor_node_preconfigure_enable_cpumanager: true
+
+# Should the kargs be applied to the worker nodes?
+sap_hypervisor_node_preconfigure_enable_kargs: true
+
+
 ###########################################################
 # Configuration details
 ###########################################################
 
 # URL of the trident installer package to use
-sap_hypervisor_node_preconfigure_install_trident_url: https://github.com/NetApp/trident/releases/download/v24.06.0/trident-installer-24.06.0.tar.gz
+sap_hypervisor_node_preconfigure_install_trident_url: https://github.com/NetApp/trident/releases/download/v25.02.1/trident-installer-25.02.1.tar.gz
 
 # Allow unsupported NICs to be used for SR-IOV?
 sap_hypervisor_node_preconfigure_sriov_enable_unsupported_nics: false
@@ -72,6 +70,12 @@ sap_hypervisor_node_preconfigure_ocpv_namespace: openshift-cnv
 # Channel to be used for the Red Hat Openshift Virtualization Operator
 sap_hypervisor_node_preconfigure_ocpv_subscription_channel: stable
 
+# Namespace to be used for the Red Hat Openshift Nmstate Operator
+sap_hypervisor_node_preconfigure_nmstate_namespace: openshift-nmstate
+
+# Mountpoint for hostpath provisioner
+sap_hypervisor_node_preconfigure_hpp_mountpoint: /var/localstorage
+
 
 ###########################################################
 # Red Hat OpenShift cluster configuration details
@@ -96,13 +100,23 @@ sap_hypervisor_node_preconfigure_cluster_config:
     password: xxxxx
     storage_driver: ontap-nas
     storage_prefix: ocpv_sap_
+    nfs_mount_options: nfsvers=3
+    export_policy: default
+    storageclass_name: sapstorage  # Name of the storage class (careful, there can only be one SC with this name)
+    default_storageclass: true     # Should this storage class be default?
 
   # CPU cores which will be reserved for kubernetes
   worker_kubernetes_reserved_cpus: "0,1"
 
   # Storage device used for host path provisioner as local storage.
   worker_localstorage_device: /dev/vdb
 
+  # Name of the storage class for locastorage
+  worker_localstorage_storageclass_name: sapstorage
+
+  # Should the local storage class be default?
+  worker_localstorage_default_storageclass: true
+
   # detailed configuration for every worker that should be configured
   workers:
 
@@ -124,39 +138,41 @@ sap_hypervisor_node_preconfigure_cluster_config:
             port:
               - name: ens1f0           # network IF name
 
-        - name: storage                # an SR-IOV device
-          interface: ens2f0            # network IF name
-          type: sriov
-
-        - name: ens2f0                 # Set elevated MTU of 9000
-          type: ethernet               # on parent interface of
-          state: up                    # storagebridge
-          ipv4:
-            dhcp: false
-            enabled: false
-          mtu: 9000
-
-        - name: storagebridge          # using a bridge
-          bridge:                      # another bridge
-            options:
-              stp:
-                enabled: false
-            port:
-              - name: ens2f0           # network IF name
-          description: storage
-          mtu: 9000
-          ipv4:
-            address:
-              - ip: 192.168.1.10       # IP config
-                prefix-length: 24
-            auto-dns: false
-            auto-gateway: false
-          state: up
-          type: linux-bridge
-
-        - name: multi                  # another SR-IOV device
-          interface: ens2f1            # network IF name
-          type: sriov
+# Additional network interfaces, just shown here for reference
+#        - name: storage                # an SR-IOV device
+#          interface: ens2f0            # network IF name
+#          type: sriov
+
+#        - name: ens2f0                 # Set elevated MTU of 9000
+#          type: ethernet               # on parent interface of
+#          state: up                    # storagebridge
+#          ipv4:
+#            dhcp: false
+#            enabled: false
+#          mtu: 9000
+
+#        - name: storagebridge          # using a bridge
+#          bridge:                      # another bridge
+#            options:
+#              stp:
+#                enabled: false
+#            port:
+#              - name: ens2f0           # network IF name
+#          description: storage
+#          mtu: 9000
+#          ipv4:
+#            address:
+#              - ip: 192.168.1.10       # IP config
+#                prefix-length: 24
+#            auto-dns: false
+#            auto-gateway: false
+#          enabled: true
+#          state: up
+#          type: linux-bridge
+#
+#        - name: multi                  # another SR-IOV device
+#          interface: ens2f1            # network IF name
+#          type: sriov
 
 
     - name: worker-1                   # second worker configuration
@@ -177,36 +193,38 @@ sap_hypervisor_node_preconfigure_cluster_config:
             port:
               - name: ens1f0           # network IF name
 
-        - name: storage                # an SR-IOV device
-          interface: ens2f0            # network IF name
-          type: sriov
-
-        - name: ens2f0                 # Set elevated MTU of 9000
-          type: ethernet               # on parent interface of
-          state: up                    # storagebridge
-          ipv4:
-            dhcp: false
-            enabled: false
-          mtu: 9000
-
-        - name: storagebridge          # create storage bridge
-          bridge:
-            options:
-              stp:
-                enabled: false
-            port:
-              - name: ens2f0           # network IF name
-          description: storage
-          mtu: 9000
-          ipv4:
-            address:
-              - ip: 192.168.1.11       # IP config
-                prefix-length: 24
-            auto-dns: false
-            auto-gateway: false
-          state: up
-          type: linux-bridge
-
-        - name: multi                  # another SR-IOV device
-          interface: ens2f1            # network IF name
-          type: sriov
+# Additional network interfaces, just shown here for reference
+#        - name: storage                # an SR-IOV device
+#          interface: ens2f0            # network IF name
+#          type: sriov
+#
+#        - name: ens2f0                 # Set elevated MTU of 9000
+#          type: ethernet               # on parent interface of
+#          state: up                    # storagebridge
+#          ipv4:
+#            dhcp: false
+#            enabled: false
+#          mtu: 9000
+#
+#        - name: storagebridge          # create storage bridge
+#          bridge:
+#            options:
+#              stp:
+#                enabled: false
+#            port:
+#              - name: ens2f0           # network IF name
+#          description: storage
+#          mtu: 9000
+#          ipv4:
+#            address:
+#              - ip: 192.168.1.11       # IP config
+#                prefix-length: 24
+#            auto-dns: false
+#            auto-gateway: false
+#          enabled: true
+#          state: up
+#          type: linux-bridge
+#
+#        - name: multi                  # another SR-IOV device
+#          interface: ens2f1            # network IF name
+#          type: sriov

roles/sap_hypervisor_node_preconfigure/README.md

@@ -103,23 +103,20 @@ Let's have a look at the most important variables you need to set.
 # Red Hat OpenShift cluster connection details
 ###########################################################
 
-# Admin username for Red Hat OpenShift cluster connection
-sap_hypervisor_node_preconfigure_ocp_admin_username:
+# kubeconfig file Red Hat OpenShift cluster connection.
+# Needs to contain a valid API token for trident storage operator to work.
+# If not provided, the kubeconfig will be read from the environment variables
+# KUBECONFIG or K8S_AUTH_KUBECONFIG
+sap_hypervisor_node_preconfigure_kubeconfig:
 
-# Admin password for Red Hat OpenShift cluster connection
-sap_hypervisor_node_preconfigure_ocp_admin_password:
-
-# Path to kubeconfig file Red Hat OpenShift cluster connection
-sap_hypervisor_node_preconfigure_ocp_kubeconfig_path:
+```
+The `kubeconfig` configuration file has to be provided by either:
 
-# If this is set to true, the API endpoint and the
-# CA Certificate are extracted from the kubeconfig file.
-# If set to false, sap_hypervisor_node_preconfigure_ocp_endpoint and
-# sap_hypervisor_node_preconfigure_ocp_ca_cert have to be specified.
-sap_hypervisor_node_preconfigure_ocp_extract_kubeconfig: true
+1. The Ansible variable `sap_hypervisor_node_kubeconfig`.
+2. The environment variable `K8S_AUTH_KUBECONFIG`.
+3. The environment variable `KUBECONFIG`.
 
-```
-You need to provide username and password for the Red Hat OpenShift Cluster. The `kubeconfig` file can be specified in `sap_hypervisor_node_preconfigure_ocp_kubeconfig_path` or if omitted, the environment variable `K8S_AUTH_KUBECONFIG` has to point to it. Default is, to use the CA certificate and Red Hat OpenShift cluster API endpoint as specified in the `kubeconfig` file (controlled by variable `sap_hypervisor_node_preconfigure_ocp_extract_kubeconfig`). Make sure to specify the username and password for the cluster: `sap_hypervisor_node_preconfigure_ocp_admin_username` and `sap_hypervisor_node_preconfigure_ocp_admin_password`.
+If using the trident storage operator, the `kubeconfig` has also to contain a valid API token.
 
 Next are variables that define what storage configuration should be configured, if the operators should be installed and the configuration of the workers should be done.
 

roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_ocp_virt/assert/main.yml

@@ -0,0 +1,5 @@
+---
+- name: Check if all trident config values are defined
+  ansible.builtin.include_tasks:
+    file: "platform/{{ sap_hypervisor_node_preconfigure_platform }}/assert/trident.yml"
+  when: sap_hypervisor_node_preconfigure_install_trident