Skip to content

Changes to enable IPSEC Network Configuration #395

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 11 commits into from
Apr 29, 2025
Merged

Changes to enable IPSEC Network Configuration #395

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
11 commits
Select commit Hold shift + click to select a range
c3e86cc
Changes for enabling IPSEC Network Config
Mar 14, 2025
e76d0a0
Changes for enabling IPSEC Network Config
Mar 14, 2025
6472e99
Retries updation of hcp pods (#394)
jpattara Mar 13, 2025
ad80b9a
Update main.yaml to handle the netset_network_dev
suman-jainkeri Apr 3, 2025
4d0318e
Update main.yaml
suman-jainkeri Apr 3, 2025
651eb56
Update cluster-network-03-config.yml
suman-jainkeri Apr 29, 2025
d4f2dfe
Update main.yaml
suman-jainkeri Apr 29, 2025
292df62
Update all.yaml.template
suman-jainkeri Apr 29, 2025
b77eb54
Update main.yaml
suman-jainkeri Apr 29, 2025
7f3d22d
Update set-variables-group-vars.md
suman-jainkeri Apr 29, 2025
dda9321
Merge branch 'main' into main
suman-jainkeri Apr 29, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions docs/set-variables-group-vars.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -166,6 +166,7 @@
**env.jumphost.user** | (Optional) The user name to login to the jumphost. | admin
**env.jumphost.pass** | (Optional) The password for user to login to the jumphost. | ch4ngeMe!
**env.jumphost.path_to_keypair** | (Optional) The absolute path to the public key file on the jumphost to be copied to the bastion. | /home/admin/.ssh/id_rsa.pub
**env.ipsec_enabled** | (Optional) If IPSEC network configuration has to be enabled, this flag should be set to true |

## 12 - OCP and RHCOS (CoreOS)
* These parameters are responsible which version of OCP, RHCOS and os variant AOP is using. The default value is 'latest' for s390x architecture. I you want to install a different version or a different architecture you need to specify specify the following parameters in all.yaml file:
Expand Down
3 changes: 3 additions & 0 deletions inventories/default/group_vars/all.yaml.template
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -201,6 +201,9 @@ env:
use_dhcp: False
setup_openvpn: False

# Uncomment the line below to enable IPSec network configuration.
# ipsec_enabled: true

#jumphost if network mode is NAT
jumphost:
name:
Expand Down
9 changes: 9 additions & 0 deletions roles/get_ocp/files/cluster-network-03-config.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
apiVersion: operator.openshift.io/v1
kind: Network
metadata:
name: cluster
spec:
defaultNetwork:
ovnKubernetesConfig:
ipsecConfig:
mode: Full
18 changes: 18 additions & 0 deletions roles/get_ocp/tasks/main.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -92,6 +92,24 @@
/root/ocpinst/openshift-install create manifests --dir=/root/ocpinst/
become: true

- name: Copy the file when ipsec flag is enabled
tags: get_ocp
become: true
copy:
src: cluster-network-03-config.yml
dest: /root/ocpinst/manifests/cluster-network-03-config.yml
when: env.ipsec_enabled is defined and env.ipsec_enabled != None and env.ipsec_enabled

- name: List the files in the manifests directory
tags: get_ocp
become: true
command: "ls -lrt /root/ocpinst/manifests/"
register: manifests_list

- debug:
msg: "{{ manifests_list }}"


- name: Set masters schedulable parameter to false
tags: get_ocp
become: true
Expand Down