diff --git a/install-bmaas.yml b/install-bmaas.yml new file mode 100644 index 000000000..12947504b --- /dev/null +++ b/install-bmaas.yml @@ -0,0 +1,5 @@ +--- +- name: Setup Bare-Metal as a Service (BMaaS) + hosts: localhost + roles: + - bmaas \ No newline at end of file diff --git a/prepare-bmaas.sh b/prepare-bmaas.sh new file mode 100755 index 000000000..a0cf64598 --- /dev/null +++ b/prepare-bmaas.sh @@ -0,0 +1,11 @@ +#!/bin/bash + +set -euo pipefail + +SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" + +echo "Setting up bare-metal as a service (BMaaS) configuration..." + +ansible-playbook -i localhost, -c local "${SCRIPT_DIR}/install-bmaas.yml" + +echo "BMaaS setup completed successfully." \ No newline at end of file diff --git a/roles/bmaas/defaults/main.yml b/roles/bmaas/defaults/main.yml new file mode 100644 index 000000000..6fae06e12 --- /dev/null +++ b/roles/bmaas/defaults/main.yml @@ -0,0 +1,3 @@ +--- +bmaas_service_account_name: bmaas-images +bmaas_namespace: openshift-machine-api \ No newline at end of file diff --git a/roles/bmaas/meta/main.yml b/roles/bmaas/meta/main.yml new file mode 100644 index 000000000..231dfe124 --- /dev/null +++ b/roles/bmaas/meta/main.yml @@ -0,0 +1,23 @@ +--- +galaxy_info: + author: dev-scripts + description: Configure bare-metal as a service with ORAS CLI and OpenShift registry access + license: Apache-2.0 + min_ansible_version: "2.9" + platforms: + - name: EL + versions: + - 8 + - 9 + - name: Ubuntu + versions: + - focal + - jammy + - name: Fedora + versions: + - 36 + - 37 + - 38 + +dependencies: + - oras \ No newline at end of file diff --git a/roles/bmaas/tasks/main.yml b/roles/bmaas/tasks/main.yml new file mode 100644 index 000000000..3fd422047 --- /dev/null +++ b/roles/bmaas/tasks/main.yml @@ -0,0 +1,59 @@ +--- +- name: Include oras role + include_role: + name: oras + +- name: Create bmaas-images service account + kubernetes.core.k8s: + name: "{{ bmaas_service_account_name }}" + api_version: v1 + kind: ServiceAccount + namespace: "{{ bmaas_namespace }}" + state: present + +- name: Create ClusterRoleBinding for registry-viewer + kubernetes.core.k8s: + name: "{{ bmaas_service_account_name }}-registry-viewer" + api_version: rbac.authorization.k8s.io/v1 + kind: ClusterRoleBinding + state: present + definition: + subjects: + - kind: ServiceAccount + name: "{{ bmaas_service_account_name }}" + namespace: "{{ bmaas_namespace }}" + roleRef: + kind: ClusterRole + name: registry-viewer + apiGroup: rbac.authorization.k8s.io + +- name: Create ClusterRoleBinding for registry-editor + kubernetes.core.k8s: + name: "{{ bmaas_service_account_name }}-registry-editor" + api_version: rbac.authorization.k8s.io/v1 + kind: ClusterRoleBinding + state: present + definition: + subjects: + - kind: ServiceAccount + name: "{{ bmaas_service_account_name }}" + namespace: "{{ bmaas_namespace }}" + roleRef: + kind: ClusterRole + name: registry-editor + apiGroup: rbac.authorization.k8s.io + +- name: Enable default route for OpenShift image registry + kubernetes.core.k8s: + name: cluster + api_version: imageregistry.operator.openshift.io/v1 + kind: Config + state: present + merge_type: merge + definition: + spec: + defaultRoute: true + +- name: Display service account information + debug: + msg: "BMaaS service account '{{ bmaas_service_account_name }}' created with registry-viewer and registry-editor roles in namespace '{{ bmaas_namespace }}'" \ No newline at end of file diff --git a/roles/oras/defaults/main.yml b/roles/oras/defaults/main.yml new file mode 100644 index 000000000..46070f768 --- /dev/null +++ b/roles/oras/defaults/main.yml @@ -0,0 +1,5 @@ +--- +oras_version: "1.2.2" +oras_install_dir: "/usr/local/bin" +oras_download_dir: "/tmp" +oras_architecture: "{{ 'arm64' if ansible_architecture == 'aarch64' else 'amd64' }}" \ No newline at end of file diff --git a/roles/oras/meta/main.yml b/roles/oras/meta/main.yml new file mode 100644 index 000000000..1a98b8dc6 --- /dev/null +++ b/roles/oras/meta/main.yml @@ -0,0 +1,22 @@ +--- +galaxy_info: + author: dev-scripts + description: Install ORAS CLI + license: Apache-2.0 + min_ansible_version: "2.9" + platforms: + - name: EL + versions: + - 8 + - 9 + - name: Ubuntu + versions: + - focal + - jammy + - name: Fedora + versions: + - 36 + - 37 + - 38 + +dependencies: [] \ No newline at end of file diff --git a/roles/oras/tasks/main.yml b/roles/oras/tasks/main.yml new file mode 100644 index 000000000..1f6e08173 --- /dev/null +++ b/roles/oras/tasks/main.yml @@ -0,0 +1,43 @@ +--- +- name: Create temporary download directory + ansible.builtin.file: + path: "{{ oras_download_dir }}/oras-install" + state: directory + mode: '0755' + +- name: Download ORAS CLI + ansible.builtin.get_url: + url: "https://github.com/oras-project/oras/releases/download/v{{ oras_version }}/oras_{{ oras_version }}_linux_{{ oras_architecture }}.tar.gz" + dest: "{{ oras_download_dir }}/oras_{{ oras_version }}_linux_{{ oras_architecture }}.tar.gz" + mode: '0644' + +- name: Extract ORAS CLI + ansible.builtin.unarchive: + src: "{{ oras_download_dir }}/oras_{{ oras_version }}_linux_{{ oras_architecture }}.tar.gz" + dest: "{{ oras_download_dir }}/oras-install" + remote_src: yes + +- name: Install ORAS CLI binary + ansible.builtin.copy: + src: "{{ oras_download_dir }}/oras-install/oras" + dest: "{{ oras_install_dir }}/oras" + mode: '0755' + remote_src: yes + become: yes + +- name: Clean up download files + ansible.builtin.file: + path: "{{ item }}" + state: absent + loop: + - "{{ oras_download_dir }}/oras_{{ oras_version }}_linux_{{ oras_architecture }}.tar.gz" + - "{{ oras_download_dir }}/oras-install" + +- name: Verify ORAS CLI installation + ansible.builtin.command: "{{ oras_install_dir }}/oras version" + register: oras_version_output + changed_when: false + +- name: Display ORAS CLI version + ansible.builtin.debug: + msg: "ORAS CLI installed successfully: {{ oras_version_output.stdout }}" \ No newline at end of file