From 05dfeb56bddaa9c25cd86913441d6bde6596675f Mon Sep 17 00:00:00 2001 From: Dmitry Tantsur Date: Wed, 20 Aug 2025 16:03:14 +0200 Subject: [PATCH 1/2] Add a role and a script to install ORAS Generated-By: Claude Code Signed-off-by: Dmitry Tantsur --- install-oras.yml | 6 +++++ prepare-bmaas.sh | 11 +++++++++ roles/oras/defaults/main.yml | 5 +++++ roles/oras/meta/main.yml | 22 ++++++++++++++++++ roles/oras/tasks/main.yml | 43 ++++++++++++++++++++++++++++++++++++ 5 files changed, 87 insertions(+) create mode 100644 install-oras.yml create mode 100755 prepare-bmaas.sh create mode 100644 roles/oras/defaults/main.yml create mode 100644 roles/oras/meta/main.yml create mode 100644 roles/oras/tasks/main.yml diff --git a/install-oras.yml b/install-oras.yml new file mode 100644 index 000000000..bf9fe632d --- /dev/null +++ b/install-oras.yml @@ -0,0 +1,6 @@ +--- +- name: Install ORAS CLI + hosts: localhost + become: yes + roles: + - oras \ No newline at end of file diff --git a/prepare-bmaas.sh b/prepare-bmaas.sh new file mode 100755 index 000000000..48155ab99 --- /dev/null +++ b/prepare-bmaas.sh @@ -0,0 +1,11 @@ +#!/bin/bash + +set -euo pipefail + +SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" + +echo "Installing ORAS CLI for bare-metal as a service preparation..." + +ansible-playbook -i localhost, -c local "${SCRIPT_DIR}/install-oras.yml" + +echo "ORAS CLI installation completed." \ No newline at end of file diff --git a/roles/oras/defaults/main.yml b/roles/oras/defaults/main.yml new file mode 100644 index 000000000..46070f768 --- /dev/null +++ b/roles/oras/defaults/main.yml @@ -0,0 +1,5 @@ +--- +oras_version: "1.2.2" +oras_install_dir: "/usr/local/bin" +oras_download_dir: "/tmp" +oras_architecture: "{{ 'arm64' if ansible_architecture == 'aarch64' else 'amd64' }}" \ No newline at end of file diff --git a/roles/oras/meta/main.yml b/roles/oras/meta/main.yml new file mode 100644 index 000000000..1a98b8dc6 --- /dev/null +++ b/roles/oras/meta/main.yml @@ -0,0 +1,22 @@ +--- +galaxy_info: + author: dev-scripts + description: Install ORAS CLI + license: Apache-2.0 + min_ansible_version: "2.9" + platforms: + - name: EL + versions: + - 8 + - 9 + - name: Ubuntu + versions: + - focal + - jammy + - name: Fedora + versions: + - 36 + - 37 + - 38 + +dependencies: [] \ No newline at end of file diff --git a/roles/oras/tasks/main.yml b/roles/oras/tasks/main.yml new file mode 100644 index 000000000..1f6e08173 --- /dev/null +++ b/roles/oras/tasks/main.yml @@ -0,0 +1,43 @@ +--- +- name: Create temporary download directory + ansible.builtin.file: + path: "{{ oras_download_dir }}/oras-install" + state: directory + mode: '0755' + +- name: Download ORAS CLI + ansible.builtin.get_url: + url: "https://github.com/oras-project/oras/releases/download/v{{ oras_version }}/oras_{{ oras_version }}_linux_{{ oras_architecture }}.tar.gz" + dest: "{{ oras_download_dir }}/oras_{{ oras_version }}_linux_{{ oras_architecture }}.tar.gz" + mode: '0644' + +- name: Extract ORAS CLI + ansible.builtin.unarchive: + src: "{{ oras_download_dir }}/oras_{{ oras_version }}_linux_{{ oras_architecture }}.tar.gz" + dest: "{{ oras_download_dir }}/oras-install" + remote_src: yes + +- name: Install ORAS CLI binary + ansible.builtin.copy: + src: "{{ oras_download_dir }}/oras-install/oras" + dest: "{{ oras_install_dir }}/oras" + mode: '0755' + remote_src: yes + become: yes + +- name: Clean up download files + ansible.builtin.file: + path: "{{ item }}" + state: absent + loop: + - "{{ oras_download_dir }}/oras_{{ oras_version }}_linux_{{ oras_architecture }}.tar.gz" + - "{{ oras_download_dir }}/oras-install" + +- name: Verify ORAS CLI installation + ansible.builtin.command: "{{ oras_install_dir }}/oras version" + register: oras_version_output + changed_when: false + +- name: Display ORAS CLI version + ansible.builtin.debug: + msg: "ORAS CLI installed successfully: {{ oras_version_output.stdout }}" \ No newline at end of file From a10f0e5e57a0559119792af598841d9a42108c74 Mon Sep 17 00:00:00 2001 From: Dmitry Tantsur Date: Wed, 20 Aug 2025 17:54:01 +0200 Subject: [PATCH 2/2] Configure the OCI registry for BMaaS Generated-By: Claude Code Signed-off-by: Dmitry Tantsur --- install-bmaas.yml | 5 +++ install-oras.yml | 6 ---- prepare-bmaas.sh | 6 ++-- roles/bmaas/defaults/main.yml | 3 ++ roles/bmaas/meta/main.yml | 23 ++++++++++++++ roles/bmaas/tasks/main.yml | 59 +++++++++++++++++++++++++++++++++++ 6 files changed, 93 insertions(+), 9 deletions(-) create mode 100644 install-bmaas.yml delete mode 100644 install-oras.yml create mode 100644 roles/bmaas/defaults/main.yml create mode 100644 roles/bmaas/meta/main.yml create mode 100644 roles/bmaas/tasks/main.yml diff --git a/install-bmaas.yml b/install-bmaas.yml new file mode 100644 index 000000000..12947504b --- /dev/null +++ b/install-bmaas.yml @@ -0,0 +1,5 @@ +--- +- name: Setup Bare-Metal as a Service (BMaaS) + hosts: localhost + roles: + - bmaas \ No newline at end of file diff --git a/install-oras.yml b/install-oras.yml deleted file mode 100644 index bf9fe632d..000000000 --- a/install-oras.yml +++ /dev/null @@ -1,6 +0,0 @@ ---- -- name: Install ORAS CLI - hosts: localhost - become: yes - roles: - - oras \ No newline at end of file diff --git a/prepare-bmaas.sh b/prepare-bmaas.sh index 48155ab99..a0cf64598 100755 --- a/prepare-bmaas.sh +++ b/prepare-bmaas.sh @@ -4,8 +4,8 @@ set -euo pipefail SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" -echo "Installing ORAS CLI for bare-metal as a service preparation..." +echo "Setting up bare-metal as a service (BMaaS) configuration..." -ansible-playbook -i localhost, -c local "${SCRIPT_DIR}/install-oras.yml" +ansible-playbook -i localhost, -c local "${SCRIPT_DIR}/install-bmaas.yml" -echo "ORAS CLI installation completed." \ No newline at end of file +echo "BMaaS setup completed successfully." \ No newline at end of file diff --git a/roles/bmaas/defaults/main.yml b/roles/bmaas/defaults/main.yml new file mode 100644 index 000000000..6fae06e12 --- /dev/null +++ b/roles/bmaas/defaults/main.yml @@ -0,0 +1,3 @@ +--- +bmaas_service_account_name: bmaas-images +bmaas_namespace: openshift-machine-api \ No newline at end of file diff --git a/roles/bmaas/meta/main.yml b/roles/bmaas/meta/main.yml new file mode 100644 index 000000000..231dfe124 --- /dev/null +++ b/roles/bmaas/meta/main.yml @@ -0,0 +1,23 @@ +--- +galaxy_info: + author: dev-scripts + description: Configure bare-metal as a service with ORAS CLI and OpenShift registry access + license: Apache-2.0 + min_ansible_version: "2.9" + platforms: + - name: EL + versions: + - 8 + - 9 + - name: Ubuntu + versions: + - focal + - jammy + - name: Fedora + versions: + - 36 + - 37 + - 38 + +dependencies: + - oras \ No newline at end of file diff --git a/roles/bmaas/tasks/main.yml b/roles/bmaas/tasks/main.yml new file mode 100644 index 000000000..3fd422047 --- /dev/null +++ b/roles/bmaas/tasks/main.yml @@ -0,0 +1,59 @@ +--- +- name: Include oras role + include_role: + name: oras + +- name: Create bmaas-images service account + kubernetes.core.k8s: + name: "{{ bmaas_service_account_name }}" + api_version: v1 + kind: ServiceAccount + namespace: "{{ bmaas_namespace }}" + state: present + +- name: Create ClusterRoleBinding for registry-viewer + kubernetes.core.k8s: + name: "{{ bmaas_service_account_name }}-registry-viewer" + api_version: rbac.authorization.k8s.io/v1 + kind: ClusterRoleBinding + state: present + definition: + subjects: + - kind: ServiceAccount + name: "{{ bmaas_service_account_name }}" + namespace: "{{ bmaas_namespace }}" + roleRef: + kind: ClusterRole + name: registry-viewer + apiGroup: rbac.authorization.k8s.io + +- name: Create ClusterRoleBinding for registry-editor + kubernetes.core.k8s: + name: "{{ bmaas_service_account_name }}-registry-editor" + api_version: rbac.authorization.k8s.io/v1 + kind: ClusterRoleBinding + state: present + definition: + subjects: + - kind: ServiceAccount + name: "{{ bmaas_service_account_name }}" + namespace: "{{ bmaas_namespace }}" + roleRef: + kind: ClusterRole + name: registry-editor + apiGroup: rbac.authorization.k8s.io + +- name: Enable default route for OpenShift image registry + kubernetes.core.k8s: + name: cluster + api_version: imageregistry.operator.openshift.io/v1 + kind: Config + state: present + merge_type: merge + definition: + spec: + defaultRoute: true + +- name: Display service account information + debug: + msg: "BMaaS service account '{{ bmaas_service_account_name }}' created with registry-viewer and registry-editor roles in namespace '{{ bmaas_namespace }}'" \ No newline at end of file