Enabling Container Provider Integration

Adding a Single Container Provider

After deploying ManageIQ on OKD as described in Running the Installer, there are two methods for enabling container provider integration. You can manually add OKD as a container provider, or you can try the playbooks included with this role.

Adding Manually

See the following ManageIQ documentation for steps on manually adding your OKD cluster as a container provider:

Adding Automatically

Automated container provider integration can be accomplished using the playbooks included with this role.

This playbook:

  1. Gathers the necessary authentication secrets.

  2. Finds the public routes to the ManageIQ application and the cluster API.

  3. Makes a REST call to add the OKD cluster as a container provider.

Change to the playbook directory and run the container provider playbook:

  1. $ cd /usr/share/ansible/openshift-ansible
  2. $ ansible-playbook -v [-i /path/to/inventory] \
  3.     openshift-management/add_container_provider.yml

Multiple Container Providers

As well as providing playbooks to integrate your current OKD cluster into your ManageIQ deployment, this role includes a script which allows you to add multiple container platforms as container providers in any arbitrary ManageIQ server. The container platforms can be OKD or OpenShift Container Platform.

Using the multiple provider script requires manual configuration and setting an EXTRA_VARS parameter on the CLI when running the playbook.

Preparing the Script

To prepare the multiple provider script, complete the following manual configuration:

  1. Copy the files/examples/container_providers.yml example somewhere, such as /tmp/cp.yml. You will be modifying this file.

  2. If you changed your ManageIQ name or password, update the hostname, user, and password parameters in the management_server key in the container_providers.yml file that you copied.

  3. Fill in an entry under the container_providers key for each container platform cluster you want to add as container providers.

    1. The following parameters must be configured:

      • auth_key - This is the token of a service account that has cluster-admin privileges.

      • hostname - This is the host name that points to the cluster API. Each container provider must have a unique host name.

      • name - This is the name of the cluster to be displayed in the ManageIQ server container providers overview page. This must be unique.

  1.     <table><tbody><tr><td><i title="Tip"></i></td><td><div><p>To obtain the <code>auth_key</code> bearer token from your clusters:</p></div><div><div><pre><code>$ oc serviceaccounts get-token -n management-infra management-admin</code></pre></div></div></td></tr></tbody></table>
  3. 2.  The following parameters may be optionally configured:
  5.     -   `port` - Update this key if your container platform cluster runs the API on a port other than `8443`.
  7.     -   `endpoint` - You may enable SSL verification (`verify_ssl`) or change the validation setting to `ssl-with-validation`. Support for custom trusted CA certificates is not currently available.

Example

As an example, consider the following scenario:

  • You copied the container_providers.yml file to /tmp/cp.yml.

  • You want to add two OpenShift Container Platform clusters.

  • Your ManageIQ server runs on mgmt.example.com

For this scenario, you would customize /tmp/cp.yml as follows:

  1. container_providers:
  2.   - connection_configurations:
  3.       - authentication: {auth_key: "<token>", authtype: bearer, type: AuthToken} (1)
  4.         endpoint: {role: default, security_protocol: ssl-without-validation, verify_ssl: 0}
  5.     hostname: "<provider_hostname1>"
  6.     name: <display_name1>
  7.     port: 8443
  8.     type: "ManageIQ::Providers::Openshift::ContainerManager"
  9.   - connection_configurations:
  10.       - authentication: {auth_key: "<token>", authtype: bearer, type: AuthToken} (1)
  11.         endpoint: {role: default, security_protocol: ssl-without-validation, verify_ssl: 0}
  12.     hostname: "<provider_hostname2>"
  13.     name: <display_name2>
  14.     port: 8443
  15.     type: "ManageIQ::Providers::Openshift::ContainerManager"
  16. management_server:
  17.   hostname: "<hostname>"
  18.   user: <user_name>
  19.   password: <password>
1Replace <token> with the management token for this cluster.

Running the Playbook

To run the multiple-providers integration script, you must provide the path to the container providers configuration file as an EXTRA_VARS parameter to the ansible-playbook command. Use the -e (or --extra-vars) parameter to set container_providers_config to the configuration file path. Change to the playbook directory and run the playbook:

  1. $ cd /usr/share/ansible/openshift-ansible
  2. $ ansible-playbook -v [-i /path/to/inventory] \
  3.     -e container_providers_config=/tmp/cp.yml \
  4.     playbooks/openshift-management/add_many_container_providers.yml

After the playbook completes, you should find two new container providers in your ManageIQ service. Navigate to the Compute → Containers → Providers page to see an overview.

Refreshing Providers

After adding either a single or multiple container providers, the new provider(s) must be refreshed in ManageIQ to get all the latest data about the container provider and the containers being managed. This involves navigating to each provider in the ManageIQ web console and clicking a refresh button for each.

See the following ManageIQ documentation for steps: