Add flow for using agent subcommand of openshift installer

deploy_cluster.yml

@@ -1,19 +1,6 @@
 ---
-- import_playbook: playbooks/generate_ssh_key_pair.yml
-  when: generate_ssh_keys | default(True) == True
+- import_playbook: playbooks/deploy_cluster_agent_based_installer.yml
+  when: (use_agent_based_installer | default(false)) | bool
 
-- import_playbook: playbooks/create_cluster.yml
-
-- import_playbook: playbooks/generate_discovery_iso.yml
-
-- import_playbook: playbooks/mount_discovery_iso_for_pxe.yml
-
-- import_playbook: playbooks/boot_iso.yml
-  vars:
-    boot_iso_hosts: masters,workers
-
-- import_playbook: playbooks/install_cluster.yml
-
-- import_playbook: playbooks/monitor_hosts.yml
-
-- import_playbook: playbooks/monitor_cluster.yml
+- import_playbook: playbooks/deploy_cluster_assisted_installer.yml
+  when: not ((use_agent_based_installer | default(false)) | bool)

deploy_prerequisites.yml

@@ -21,5 +21,6 @@
 - import_playbook: playbooks/deploy_registry.yml
 
 - import_playbook: playbooks/deploy_assisted_installer_onprem.yml
+  when: not ((use_agent_based_installer | default(false)) | bool)
 
 - import_playbook: playbooks/deploy_sushy_tools.yml

docs/crucible_installer_features_comparison.md

@@ -0,0 +1,29 @@
+# Crucible Features
+
+This is a comparison of the features available through crucible depending on which installer is used
+
+| Feature                                            | Assisted installer (on-prem)  | Agent based installer    |
+| -------------------------------------------------- | ----------------------------- | ------------------------ |
+| Compact cluster                                    | Y                             | Y                        |
+| Workers                                            | Y                             | Y                        |
+| SNO                                                | Y                             | Y                        |
+| 2 day workers                                      | Y                             | N[1]                     |
+| Set Network type                                   | Y                             | Y                        |
+| DHCP                                               | Y                             | Y[2]                     |
+| IPV6                                               | Y                             | Y                        |
+| Dual Stack                                         | Y                             | Y                        |
+| NMState network config                             | Y                             | Y                        |
+| Mirror Registry support                            | Y                             | Y                        |
+| Set hostname                                       | Y                             | Y                        |
+| Set role                                           | Y                             | Y                        |
+| Proxy                                              | Y                             | Y                        |
+| Install OLM Operators (LSO, ODF, CNV)              | Y                             | N[3]                     |
+| Partitions                                         | Y                             | N[4]                     |
+| Discovery iso password                             | Y                             | N[4]                     |
+| -                                                  | -                             | -                        |
+
+Footnotes:
+[1] There are plans for the agent based method to install the [multicluster engine operator](https://docs.openshift.com/container-platform/4.12/architecture/mce-overview-ocp.html) which crucible could then leverage to add day2 workers.
+[2] A `network_config` is still required however you could provide a raw nmstate, which configures the interfaces for dhcp and the corresponding `mac_interface_map`. If you are not using the DHCP provided by crucible you would need to provide the correct IP for the bootstrap node (by default the first node in the masters group).
+[3] It is possible to apply extra manifests to deploy those operators as part of the install. The MCE deploy ment mentioned in [1] will likely expose this feature as well.
+[4] This feature of crucible is done by modifing an iginition file which is not currently possible in the agent based flow.

playbooks/deploy_cluster_agent_based_installer.yml

@@ -0,0 +1,15 @@
+---
+- import_playbook: extract_agent_based_installer.yml
+  when: agent_based_installer_path is not defined
+
+- import_playbook: generate_ssh_key_pair.yml
+  when: generate_ssh_keys | default(True) == True
+
+- import_playbook: generate_manifests.yml
+- import_playbook: generate_agent_iso.yml
+
+- import_playbook: boot_iso.yml
+  vars:
+    boot_iso_hosts: masters,workers
+
+- import_playbook: monitor_agent_based_installer.yml

playbooks/deploy_cluster_assisted_installer.yml

@@ -0,0 +1,19 @@
+---
+- import_playbook: generate_ssh_key_pair.yml
+  when: generate_ssh_keys | default(True) == True
+
+- import_playbook: create_cluster.yml
+
+- import_playbook: generate_discovery_iso.yml
+
+- import_playbook: mount_discovery_iso_for_pxe.yml
+
+- import_playbook: boot_iso.yml
+  vars:
+    boot_iso_hosts: masters,workers
+
+- import_playbook: install_cluster.yml
+
+- import_playbook: monitor_hosts.yml
+
+- import_playbook: monitor_cluster.yml

playbooks/extract_agent_based_installer.yml

@@ -0,0 +1,15 @@
+---
+- name: Extract openshift installer
+  hosts: bastion
+  gather_facts: false
+  vars:
+    destination_hosts:
+      - bastion
+  pre_tasks:
+    - name: pre-compute need to get hashes
+      set_fact:
+        run_get_hash: "{{ assisted_installer_release_images | default({}) | length == 0  }}"
+  roles:
+    - role: get_image_hash
+      when: run_get_hash | bool
+    - extract_openshift_installer

playbooks/generate_agent_iso.yml

@@ -0,0 +1,5 @@
+---
+- name:  Generate agent iso using agent_based_installer
+  hosts: bastion
+  roles:
+    - generate_agent_iso

playbooks/generate_manifests.yml

@@ -0,0 +1,14 @@
+---
+- name: Generate manfiests for agent_based_installer
+  hosts: bastion
+  vars:
+    destination_hosts:
+      - bastion
+  pre_tasks:
+    - name: Pre-compute need to get hashes
+      ansible.builtin.set_fact:
+        run_get_hash: "{{ assisted_installer_release_images | default({}) | length == 0 }}"
+  roles:
+    - role: get_image_hash
+      when: run_get_hash
+    - generate_manifests

playbooks/monitor_agent_based_installer.yml

@@ -0,0 +1,5 @@
+- name: Monitor install process of agent_based_installer
+  hosts: bastion
+  gather_facts: False
+  roles:
+    - monitor_agent_based_installer

roles/extract_openshift_installer/defaults/main.yml

@@ -0,0 +1,6 @@
+arch: x86_64
+version_filter: "[?(openshift_version == '{{ openshift_version }}') && (cpu_architecture == '{{ arch }}')]"
+release_image: "{{ (assisted_installer_release_images | json_query(version_filter))[0].url }}"
+extract_dest_path: /tmp/wip/extract/
+pull_secret_file: "{{ extract_dest_path }}/pull_secret.txt"
+openshift_installer_path: "{{ extract_dest_path }}/openshift-install"

roles/extract_openshift_installer/tasks/main.yml

@@ -0,0 +1,40 @@
+---
+- name: "Create {{ extract_dest_path }}"
+  ansible.builtin.file:
+    path: "{{ extract_dest_path }}"
+    state: directory
+    mode: 0755
+    recurse: true
+
+- name: Create pull_secret_file
+  ansible.builtin.copy:
+    content: "{{ pull_secret }}"
+    dest: "{{ pull_secret_file }}"
+    mode: "0600"
+
+- name: Extract openshift_installer
+  ansible.builtin.shell:
+    cmd: >
+      oc adm
+      -a {{ pull_secret_file }}
+      release extract
+      --command=openshift-install
+      {{ release_image }}
+      --to={{ extract_dest_path }}
+
+- name: Check extracted installer has agent subcommand
+  ansible.builtin.shell:
+    cmd: "{{ openshift_installer_path }} agent --help"
+  register: res
+  failed_when: false
+
+- name: Check agent sub-commmand output
+  ansible.builtin.fail:
+    msg: >
+      Version of openshift install extracted from
+      release image does not have agent subcommand
+  when: "'unknown command' in res.stderr"
+
+- name: Set agent_based_installer_path
+  ansible.builtin.set_fact:
+    agent_based_installer_path: "{{ openshift_installer_path }}"

roles/generate_agent_iso/defaults/main.yml

@@ -0,0 +1,9 @@
+generated_dir: "{{ repo_root_path }}/generated"
+manifests_dir: "{{ generated_dir }}/{{ cluster_name }}"
+download_agent_dest_file: "{{ discovery_iso_name }}"
+download_dest_path: "{{ iso_download_dest_path | default('/opt/http_store/data') }}"
+config_file_path: /tmp/wip/config
+arch: x86_64
+version_filter: "[?(openshift_version == '{{ openshift_version }}') && (cpu_architecture == '{{ arch }}')]"
+release_image: "{{ (assisted_installer_release_images | json_query(version_filter))[0].url }}"
+use_local_mirror_registry: false

roles/generate_agent_iso/tasks/main.yml

@@ -0,0 +1,29 @@
+- name: Create podman auth dir
+  ansible.builtin.file:
+    path: "{{ config_file_path }}/containers/"
+    state: directory
+    mode: 0755
+    recurse: true
+
+- name: Generate ISO
+  ansible.builtin.shell:
+    cmd: "{{ agent_based_installer_path }} --log-level=debug agent create image"
+    chdir: "{{ manifests_dir }}"
+  environment:
+    XDG_RUNTIME_DIR: "{{ config_file_path }}"
+
+- name: Put discovery iso in http store
+  delegate_to: http_store
+  become: true
+  block:
+    - name: Create discovery directory
+      ansible.builtin.file:
+        path: "{{ download_dest_path }}/{{ download_agent_dest_file | dirname }}"
+        recurse: true
+        state: directory
+
+    - name: Copy agent iso to discovery directory
+      ansible.builtin.copy:
+        src: "{{ manifests_dir }}/agent.{{ arch }}.iso"
+        dest: "{{ download_dest_path }}/{{ download_agent_dest_file }}"
+        mode: 0644

roles/generate_manifests/defaults/main.yml

@@ -0,0 +1,18 @@
+generated_dir: "{{ repo_root_path }}/generated"
+manifests_dir: "{{ generated_dir }}/{{ cluster_name }}"
+cluster_manifest_dir: "{{ manifests_dir }}/cluster-manifests"
+extra_manifest_dir: "{{ manifests_dir }}/openshift"
+mac_interface_default_mapping: "interfaces[?(name != null && mac != null)].{logical_nic_name: name, mac_address: mac}"
+static_network_config: {}
+arch: x86_64
+version_filter: "[?(openshift_version == '{{ openshift_version }}') && (cpu_architecture == '{{ arch }}')]"
+release_image: "{{ (assisted_installer_release_images | json_query(version_filter))[0].url }}"
+mirror_registry: "{{ hostvars['registry_host']['registry_fqdn'] }}:{{ hostvars['registry_host']['registry_port'] }}"
+agent_based_installer_bootstrap_node: "{{ groups['masters'][0] }}"
+host_ip_keyword: ansible_host
+use_local_mirror_registry: "{{ setup_registry_service | default(true) }}"
+single_node_openshift_enabled: "{{ is_valid_single_node_openshift_config | default(false) }}"
+
+manifests: true
+extra_manifests: []
+manifest_templates: "{{ extra_manifests }}"

roles/generate_manifests/tasks/main.yml

@@ -0,0 +1,55 @@
+- name: Render nmstate
+  ansible.builtin.include_tasks: static.yml
+  loop: "{{ groups['nodes'] }}"
+
+- name: Make cluster-manifests dir
+  ansible.builtin.file:
+    name: "{{ manifests_dir }}"
+    state: absent
+  ignore_errors: true
+
+- name: Make cluster-manifests dir
+  ansible.builtin.file:
+    name: "{{ cluster_manifest_dir }}"
+    mode: 0775
+    recurse: true
+    state: directory
+
+- name: Update pull_secret variable
+  ansible.builtin.set_fact:
+    local_pull_secret: "{{ pull_secret | combine({
+        'auths': pull_secret['auths'] | combine({
+            'registry.ci.openshift.org': {
+              'auth': pull_secret['auths'][mirror_registry]['auth'],
+            }
+          })
+        })
+      }}"
+  when: use_local_mirror_registry  | bool
+
+- name: Render agent-config templates
+  ansible.builtin.template:
+    src: "{{ item }}"
+    dest: "{{ manifests_dir }}/{{ item.rsplit('.', 1)[0] }}"
+    mode: 0644
+    trim_blocks: true
+    lstrip_blocks: true
+  loop:
+    - agent-config.yaml.j2
+    - install-config.yaml.j2
+
+- name: Create extra_manifest_dir dir
+  ansible.builtin.file:
+    name: "{{ extra_manifest_dir }}"
+    mode: 0775
+    recurse: true
+    state: directory
+  when:
+    - manifests | bool
+    - manifest_templates is defined
+    - manifest_templates | length >= 0
+
+- name: Render extra_manifests
+  ansible.builtin.include_tasks: manifest.yml
+  loop: "{{ manifest_templates }}"
+  when: manifests | bool

roles/generate_manifests/tasks/manifest.yml

@@ -0,0 +1,26 @@
+---
+# tasks file for manifests
+
+- name: Fail if manifest is not a mapping
+  ansible.builtin.fail:
+    msg: "Manifest item must be a dict with either template or file as the key"
+  when: item is not mapping and (("template" in item) or ("file" in item))
+
+- name: Load manifest
+  ansible.builtin.set_fact:
+    manifest_content: "{{ lookup('template', item.template) }}"
+    manifest_name: "{{ item.template.rsplit('.j2', 1)[0] | basename }}"
+  when: ("template" in item)
+
+
+- name: Load manifest
+  ansible.builtin.set_fact:
+    manifest_content: "{{ lookup('file', item.file) }}"
+    manifest_name: "{{ item.file | basename }}"
+  when: ("file" in item)
+
+- name: Save Manifest
+  ansible.builtin.copy:
+    content: "{{ manifest_content }}"
+    dest: "{{ extra_manifest_dir }}/{{ manifest_name }}"
+    mode: 0644

roles/generate_manifests/tasks/static.yml

@@ -0,0 +1,29 @@
+- name: "Set network config for {{ item }}"
+  ansible.builtin.set_fact:
+    item_network_config: "{{ hostvars[item].network_config }}"
+
+- name: "Set default value of mac_interface_map for {{ item }}"
+  ansible.builtin.set_fact:
+    mac_interface_map: "{{ hostvars[item].mac_interface_map | default([]) }}"
+
+- name: "Using query to set mac_interface_map for {{ item }}"
+  ansible.builtin.set_fact:
+    mac_interface_map: "{{ item_network_config | json_query(network_config.mapping_query | default(mac_interface_default_mapping)) }}"
+  when: hostvars[item].mac_interface_map is not defined
+
+- name: Process network_config
+  ansible.builtin.import_role:
+    name: process_nmstate
+  vars:
+    network_config: "{{ item_network_config }}"
+    target_name: "{{ item }}"
+
+- name: "Set static network config for {{ item }}"
+  ansible.builtin.set_fact:
+    static_network_config_entry:
+      network_yaml: "{{ rendered_nmstate_yml }}"
+      mac_interface_map: "{{ mac_interface_map }}"
+
+- name: Update static_network_config_items
+  ansible.builtin.set_fact:
+    static_network_config: "{{ static_network_config | combine({item: static_network_config_entry}) }}"

roles/generate_manifests/templates/agent-config.yaml.j2

@@ -0,0 +1,18 @@
+#jinja2:trim_blocks: True, lstrip_blocks: True
+apiVersion: v1alpha1
+kind: AgentConfig
+rendezvousIP: {{ hostvars[agent_based_installer_bootstrap_node][host_ip_keyword] }}
+hosts:
+{% for hostname, network_config in static_network_config.items() %}
+  - role: {{ hostvars[hostname]['role'] }}
+    hostname: {{ hostname }}
+    interfaces:
+      - name: {{ network_config.mac_interface_map[0].logical_nic_name }}
+        macAddress: {{ network_config.mac_interface_map[0].mac_address }}
+    networkConfig:
+      {{ network_config.network_yaml | indent(6) }}
+  {% if hostvars[hostname]['installation_disk_path'] is defined %}
+    rootDeviceHints:
+      deviceName: {{ hostvars[hostname]['installation_disk_path'] }}
+  {% endif %}
+{% endfor %}