OKD 3.11

$ mkdir files
$ cd files

$ ssh-keygen -f key
Generating public/private rsa key pair.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in key.
Your public key has been saved in key.pub.
The key fingerprint is:
SHA256:xOJlDfKsVH+ZjsZ5VaHPVQsRdabp/3LDIBLpEH0zKWA gean@kvm
The key's randomart image is:
+---[RSA 2048]----+
|      .E=   .++o*|
|      .B * = oo=+|
|      o O * *.+..|
|     o B + = oo .|
|      o S * o .o |
|         + o . . |
|          . . o .|
|              .oo|
|               oo|
+----[SHA256]-----+

Vagrantfile

# -*- mode: ruby -*-
# vi: set ft=ruby :
 
ENV['VAGRANT_DEFAULT_PROVIDER'] = 'libvirt'
 
vms = {
  'node1' => {'memory' => '4096', 'cpus' => 4, 'ip' => '20', 'host' => 'node1'},
  'node2' => {'memory' => '4096', 'cpus' => 4, 'ip' => '30', 'host' => 'node2'},
  'extras' => {'memory' => '2048', 'cpus' => 2, 'ip' => '40', 'host' => 'extras'},
  'master' => {'memory' => '8192', 'cpus' => 8, 'ip' => '10', 'host' => 'okd'}
}
 
Vagrant.configure('2') do |config|
 
  #config.vm.box = 'centos/7'
  config.vm.box = 'generic/centos7'
  config.vm.box_check_update = false
 
  vms.each do |name, conf|
    config.vm.define "#{name}" do |k|
      k.vm.hostname = "#{conf['host']}.example.com"
      k.vm.network 'private_network', ip: "172.27.11.#{conf['ip']}"
      k.vm.provider 'libvirt' do |lv|
        lv.memory = conf['memory']
        lv.cpus = conf['cpus']
        lv.cputopology :sockets => 1, :cores => conf['cpus'], :threads => '1'
      end
    end
  end
  config.vm.provision "file", source: "files", destination: "$HOME/files"
end

$ sudo yum install curl vim device-mapper-persistent-data lvm2 epel-release wget git net-tools bind-utils yum-utils iptables-services bridge-utils bash-completion kexec-tools sos psacct docker

$ sudo yum install java python-passlib pyOpenSSL PyYAML python-jinja2 python-paramiko python-setuptools python2-cryptography sshpass python-ipaddress

$ sudo systemctl start docker
$ sudo systemctl enable docker
Created symlink from /etc/systemd/system/multi-user.target.wants/docker.service to /usr/lib/systemd/system/docker.service.

$ sudo rpm -i https://releases.ansible.com/ansible/rpm/release/epel-7-x86_64/ansible-2.5.7-1.el7.ans.noarch.rpm

$ sudo cp hosts-allinone /etc/ansible/hosts

$ cat /etc/ansible/hosts
[OSEv3:children]
masters
nodes
etcd
 
[OSEv3:vars]
ansible_ssh_user=root
docker_version="ce"
openshift_enable_olm=false
openshift_deployment_type=origin
openshift_enable_service_catalog=false
openshift_metrics_install_metrics=false
openshift_logging_install_logging=false
openshift_cluster_monitoring_operator_install=false
openshift_master_default_subdomain='172-27-11-10.nip.io'
openshift_disable_check='disk_availability,memory_availability,docker_storage,package_availability'
openshift_docker_options='--selinux-enabled --log-driver=journald --signature-verification=false --insecure-registry=172.30.0.0/16 --exec-opt native.cgroupdriver=systemd'
openshift_master_identity_providers=[{'name': 'HTPASSWD', 'challenge': 'true', 'login': 'true', 'kind':'HTPasswdPasswordIdentityProvider', 'mappingMethod': 'claim'}]
 
[masters]
okd.example.com openshift_public_ip='172.27.11.10' openshift_public_hostname='okd.example.com'
 
[etcd]
okd.example.com etcd_ip='172.27.11.10'
 
[nodes]
okd.example.com openshift_node_group_name='node-config-all-in-one'

$ sudo cp ansible.cfg /etc/ansible/ansible.cfg

$ cat /etc/ansible/ansible.cfg
# config file for ansible -- http://ansible.com/
# ==============================================
 
# This config file provides examples for running
# the OpenShift playbooks with the provided
# inventory scripts.
 
[defaults]
# Set the log_path
log_path = ~/openshift-ansible.log
 
# Additional default options for OpenShift Ansible
forks = 20
host_key_checking = False
retry_files_enabled = False
retry_files_save_path = ~/ansible-installer-retries
nocows = True
remote_user = root
roles_path = roles/
gathering = smart
fact_caching = jsonfile
fact_caching_connection = $HOME/ansible/facts
fact_caching_timeout = 600
callback_whitelist = profile_tasks
inventory_ignore_extensions = secrets.py, .pyc, .cfg, .crt, .ini
# work around privilege escalation timeouts in ansible:
timeout = 30
 
# Uncomment to use the provided example inventory
#inventory = inventory/hosts.example
 
[inventory]
# fail more helpfully when the inventory file does not parse (Ansible 2.4+)
unparsed_is_failed=true
 
# Additional ssh options for OpenShift Ansible
[ssh_connection]
pipelining = True
ssh_args = -o ControlMaster=auto -o ControlPersist=600s
timeout = 10
# shorten the ControlPath which is often too long; when it is,
# ssh connection reuse silently fails, making everything slower.
control_path = %(directory)s/%%h-%%r

$ sudo mkdir -p /root/.ssh
$ sudo cp key.pub /root/.ssh/authorized_keys
$ sudo cp key /root/.ssh/id_rsa
$ sudo chmod 400 /root/.ssh/id_rsa
$ sudo cp key.pub /root/.ssh/id_rsa.pub

$ HOSTS="$(head -n2 /etc/hosts)"

$ echo -e "$HOSTS" | sudo tee /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6

$ echo -e "172.27.11.10 okd.example.com\n172.27.11.20 node1.example.com\n172.27.11.30 node2.example.com\n172.27.11.40 extras.example.com" | sudo tee -a /etc/hosts
172.27.11.10 okd.example.com
172.27.11.20 node1.example.com
172.27.11.30 node2.example.com
172.27.11.40 extras.example.com