search

RedHatOfficial / ocp4-vsphere-upi-automation

Automates most of the manual steps of deploying OCP4.x cluster on vSphere
MIT License
131 stars 107 forks source link

Added CA and Proxy support #16

Closed fsbano closed 4 years ago

fsbano commented 4 years ago

Sample template output

[root@vegeta ~]# cat install-config.yaml 
apiVersion: v1
baseDomain: example.com
proxy:
  httpProxy: http://user:passwd@proxy.example.com:3128
  httpsProxy: http://user:passwd@proxy.example.com:3128
  noProxy: example.com
additionalTrustBundle: |
   -----BEGIN CERTIFICATE-----
   <MY_TRUSTED_CA_CERT>
   -----END CERTIFICATE-----
compute:
- hyperthreading: Enabled   
  name: worker
  replicas: 0 
controlPlane:
  hyperthreading: Enabled   
  name: master
  replicas: 3 
metadata:
  name: ocp4
platform:
  vsphere:
    vcenter: 192.168.86.100
    username: administrator@vsphere.local
    password: something
    datacenter: dc
    defaultDatastore: datastore1
pullSecret: '{"auths": "..."}'
sshKey: 'ssh-rsa '
fsbano commented 4 years ago

You can validate the output with this external playbook

cat > install-config-proxy.yaml<<EOF

ansible-playbook install-config-proxy.yaml

Regards, Fábio Sbano

vchintal commented 4 years ago

This is addressed in the latest PR. To pick up the cert correctly, I have transformed the install-config.yml into a dictionary, used Ansible to add additionalTrustBundle to the dictionary and then converted it back to YAML. This places the certificate content as per YAML syntax and doesn't use temporary files.

I ran several tests on your PR and couldn't make it to work. With changes on the HEAD, one can add a proxy section to the group_vars/all.yml and choose the enabled field that you desired to toggle inclusion/exclusion of proxy information upon deployment. Please refer to README.md for more details.

Thanks for all of your work. You motivated me to look into this and address this promptly.

fsbano commented 4 years ago

@vchintal

Great ! 💯

Regards, Fábio Sbano