This project is provided as-is, and is not an official or Supported Red Hat project. We will happily accept issues and Pull Requests and provide basic OSS level community support
This project contains a set of modules for working with ROSA as well as some example playbooks.
Will create/delete ROSA clusters but if you know how to work ansible inventories, it can do multiple clusters.
The repository has a number of example scenarious that are configured as Ansible Inventories found in the environment
folder. The default
environment will provision a single-az public cluster on a BYO VPC cluster. These can be selected by using make
as such
Examples
make create
- default single-az classic cluster.make create.hcp
- hosted control plane cluster.make create.pl
- private-link classic cluster.make create.tgw
- private-link classic cluster with TransitGateway.
-
Create a Red Hat account, if you do not already have one. Then, check your email for a verification link. You will need these credentials to install ROSA.
-
Download and install the AWS cli
-
Download and install the ROSA cli
-
Enable the ROSA service in AWS.
- Sign in to your AWS account.
- Go to the ROSA service and select Enable.
To authenticate to AWS / ROSA you can use the tools directly to auth or set ansible variables and let it do it for you.
-
Configure aws cli
aws configure
-
Configure rosa
rosa login
- Clone down the repo:
git clone https://github.com/rh-mobb/ansible-rosa.git
cd ansible-rosa
- Create python virtualenv:
make virtualenv
If you encounter SSL Certificate errors with ansible-galaxy and want to bypass certificate validation. USE WITH CAUTION!
IGNORE_CERTS=true make virtualenv
This will deploy a single-az cluster with STS enabled.
See
./environment/default/group_vars/all.yaml
for the example inventory used. You can modify this file to change the cluster configuration.
- Create:
make create
- Delete:
make delete
See
./environment/transit-gatewa-egress/group_vars/all.yaml
for the example inventory used. You can modify this file to change the cluster configuration.
This will deploy a fairly complex cluster with STS enabled, Transit Gateway, and PrivateLink. Along with the ROSA VPC it will create an Egress VPC with a NAT Gateway and a Squid based proxy (configured to restrict cluster egress to just the allowed endpoints). It places a SSH Bastion in the Egress VPC in order to provide easy access to the cluster (sshuttle ftw). It also creates an infrastructure VPC which is where you might connect your Datacenter or VPN connections too, this has a DNS forwarder to help with DNS resolution.
- Create:
make create.tgw
- Delete:
make delete.tgw
See
./environment/private-link/group_vars/all.yaml
for the example inventory used.
Setting the variable 'rosa_kms_key_arn' to a kms arn, will execute the procedure found here
-
Build the docker image
make image
-
Create the cluster (do one of the following)
- If you've already logged in locally:
make docker.create
- If you want to let ansible log you in (fill out the variables):
docker run -ti -e AWS_ACCESS_KEY_ID="" \ -e AWS_SECRET_ACCESS_KEY="" -e ROSA_TOKEN="" \ quay.io/pczar/ansible-rosa \ ansible-playbook create-cluster.yaml
-
Delete the cluster
make docker.delete
or
docker run -ti -e AWS_ACCESS_KEY_ID="" \ -e AWS_SECRET_ACCESS_KEY="" -e ROSA_TOKEN="" \ quay.io/pczar/ansible-rosa \ ansible-playbook delete-cluster.yaml