| 1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
 | :warning: **WARNING** :warning: This feature is community supported and has not been tested by Red Hat. Visit [docs.openshift.com](https://docs.openshift.com) for [OpenShift Enterprise](https://docs.openshift.com/enterprise/latest/install_config/install/planning.html) or [OpenShift Origin](https://docs.openshift.org/latest/install_config/install/planning.html) supported installation docs.
AWS Setup Instructions
======================
Get AWS API credentials
-----------------------
1. [AWS credentials documentation](http://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSGettingStartedGuide/AWSCredentials.html)
Create a credentials file
-------------------------
1. Create a credentials file (eg ~/.aws_creds) that looks something like this (variables must have have these exact names).
```
   export AWS_ACCESS_KEY_ID='AKIASTUFF'
   export AWS_SECRET_ACCESS_KEY='STUFF'
```
2. source this file
```
  source ~/.aws_creds
```
Note: You must source this file before running any Ansible commands.
Alternatively, you could configure credentials in either ~/.boto or ~/.aws/credentials, see the [boto docs](http://docs.pythonboto.org/en/latest/boto_config_tut.html) for the format.
Subscribe to CentOS
-------------------
1. [CentOS on AWS](https://aws.amazon.com/marketplace/pp/B00O7WM7QW)
Set up Security Group
---------------------
By default, a cluster is launched into the `public` security group. Make sure you allow hosts to talk to each other on port `4789` for SDN.
You may also want to allow access from the outside world on the following ports:
```
• 22/TCP    - ssh
• 80/TCP    - Web Apps
• 443/TCP   - Web Apps (https)
• 4789/UDP  - SDN / VXLAN
• 8443/TCP  - OpenShift Console
• 10250/TCP - kubelet
```
Determine your subnet and setup the VPC
---------------------------------------
In the AWS VPC console, look up your subnet ID for the region you want to use and set it as such:
- export ec2_vpc_subnet='my_vpc_subnet'
Go to Your VPCs, select the VPC, and under Actions -> DNS Hostnames, set to Yes and Save.
(Optional) Setup your $HOME/.ssh/config file
-------------------------------------------
In case of a cluster creation, or any other case where you don't know the machine hostname in advance, you can use `.ssh/config`
to setup a private key file to allow ansible to connect to the created hosts.
To do so, add the the following entry to your $HOME/.ssh/config file and make it point to the private key file which allows you to login on AWS.
```
Host *.compute-1.amazonaws.com
  IdentityFile $HOME/.ssh/my_private_key.pem
```
Alternatively, you can configure your ssh-agent to hold the credentials to connect to your AWS instances.
(Optional) Choose where the cluster will be launched
----------------------------------------------------
By default, a cluster is launched with the following configuration:
- Instance type: m4.large
- AMI: ami-7a9e9812 (for online deployments, ami-61bbf104 for origin deployments and ami-10663b78 for enterprise deployments)
- Region: us-east-1
- Keypair name: libra
- Security group: public
#### Master specific defaults:
- Master root volume size: 10 (in GiBs)
- Master root volume type: gp2
- Master root volume iops: 500 (only applicable when volume type is io1)
#### Node specific defaults:
- Node root volume size: 10 (in GiBs)
- Node root volume type: gp2
- Node root volume iops: 500 (only applicable when volume type is io1)
- Docker volume size: 25 (in GiBs)
- Docker volume ephemeral: true (Whether the docker volume is ephemeral)
- Docker volume type: gp2 (only applicable if ephemeral is false)
- Docker volume iops: 500 (only applicable when volume type is io1)
### Specifying ec2 instance type.
#### All instances:
- export ec2_instance_type='m4.large'
#### Master instances:
- export ec2_master_instance_type='m4.large'
#### Infra node instances:
- export ec2_infra_instance_type='m4.large'
#### Non-infra node instances:
- export ec2_node_instance_type='m4.large'
#### etcd instances:
- export ec2_etcd_instance_type='m4.large'
If needed, these values can be changed by setting environment variables on your system.
- export ec2_image='ami-307b3658'
- export ec2_region='us-east-1'
- export ec2_keypair='libra'
- export ec2_security_groups="['public']"
- export ec2_assign_public_ip='true'
- export os_etcd_root_vol_size='20'
- export os_etcd_root_vol_type='standard'
- export os_etcd_vol_size='20'
- export os_etcd_vol_type='standard'
- export os_master_root_vol_size='20'
- export os_master_root_vol_type='standard'
- export os_node_root_vol_size='15'
- export os_docker_vol_size='50'
- export os_docker_vol_ephemeral='false'
Install Dependencies
--------------------
1. Ansible requires python-boto for aws operations:
Fedora
```
  dnf install -y ansible python-boto pyOpenSSL
```
RHEL/CentOS
```
  yum install -y ansible python-boto pyOpenSSL
```
OSX:
```
  pip install -U pyopenssl boto
```
Test The Setup
--------------
1. cd openshift-ansible
1. Try to list all instances (Passing an empty string as the cluster_id
argument will result in all ec2 instances being listed)
```
  bin/cluster list aws ''
```
Creating a cluster
------------------
1. To create a cluster with one master and two nodes
```
  bin/cluster create aws <cluster-id>
```
Updating a cluster
---------------------
1. To update the cluster
```
  bin/cluster update aws <cluster-id>
```
Terminating a cluster
---------------------
1. To terminate the cluster
```
  bin/cluster terminate aws <cluster-id>
```
Specifying a deployment type
---------------------------
The --deployment-type flag can be passed to bin/cluster to specify the deployment type
1. To launch an OpenShift Enterprise cluster (requires a valid subscription):
```
  bin/cluster create aws --deployment-type=openshift-enterprise <cluster-id>
```
Note: If no deployment type is specified, then the default is origin.
## Post-ansible steps
You should now be ready to follow the **What's Next?** section of the advanced installation guide to deploy your router, registry, and other components.
Refer to the advanced installation guide for your deployment type:
* [OpenShift Enterprise](https://docs.openshift.com/enterprise/latest/install_config/install/advanced_install.html#what-s-next)
* [OpenShift Origin](https://docs.openshift.org/latest/install_config/install/advanced_install.html#what-s-next)
 |