diff --git a/content/patterns/federated-edge-observability/_index.adoc b/content/patterns/federated-edge-observability/_index.adoc new file mode 100644 index 000000000..97d2f5423 --- /dev/null +++ b/content/patterns/federated-edge-observability/_index.adoc @@ -0,0 +1,61 @@ +--- +title: Federated Edge Observability +date: 2025-02-01 +tier: sandbox +summary: This pattern uses OpenShift Virtualization to simulate an edge environment for VMs which then report metrics via OpenTelemetry. +rh_products: +- Red Hat OpenShift Container Platform +- Red Hat Ansible Automation Platform +- Red Hat OpenShift Virtualization +- Red Hat Enterprise Linux +- Red Hat OpenShift Data Foundation +industries: +aliases: /federated-edge-observability +links: + install: getting-started + help: https://groups.google.com/g/validatedpatterns + bugs: https://github.com/validatedpatterns-sandbox/federated-edge-observability/issues +ci: federatedobservability +--- + +:toc: +:imagesdir: /images +:_content-type: ASSEMBLY +include::modules/comm-attributes.adoc[] + +== Federated Edge Observability + +=== Background + +Organizations are interested in accelerating their deployment speeds and improving delivery quality in their Edge environments, where many devices may not fully or even partially embrace the GitOps philosophy. +Further, there are VMs and other devices that can and should be managed with Ansible. This pattern explores some of the possibilities of using an OpenShift-based Ansible Automated Platform deployment and managing Edge devices, based on work done with a partner in the Chemical space. + +This pattern uses OpenShift Virtualization to simulate the Edge environment for VMs. + +==== Solution elements + +* How to use a GitOps approach to manage virtual machines, either in public clouds (limited to AWS for technical reasons) or on-prem OpenShift installations +* How to integrate AAP into OpenShift +* How to manage Edge devices using AAP hosted in OpenShift + +==== Red Hat Technologies + +* Red Hat OpenShift Container Platform (Kubernetes) +* Red Hat Ansible Automation Platform (formerly known as "`Ansible Tower`") +* Red Hat OpenShift GitOps (ArgoCD) +* OpenShift Virtualization (Kubevirt) +* Red Hat Enterprise Linux 9 + +==== Other Technologies this Pattern Uses + +* Hashicorp Vault +* External Secrets Operator +* OpenTelemetry +* Grafana +* Mimir + +=== Architecture + +Similar to other patterns, this pattern starts with a central management hub, which hosts the AAP and Vault components, and the observability +collection and visualization components. + diff --git a/content/patterns/federated-edge-observability/_index.md b/content/patterns/federated-edge-observability/_index.md deleted file mode 100644 index 9b5d33a03..000000000 --- a/content/patterns/federated-edge-observability/_index.md +++ /dev/null @@ -1,57 +0,0 @@ ---- -title: Federated Edge Observability -date: 2025-02-01 -tier: sandbox -summary: This pattern uses OpenShift Virtualization to simulate an edge environment for VMs which then report metrics via OpenTelemetry. -rh_products: -- Red Hat OpenShift Container Platform -- Red Hat Ansible Automation Platform -- Red Hat OpenShift Virtualization -- Red Hat Enterprise Linux -- Red Hat OpenShift Data Foundation -industries: -aliases: /federated-edge-observability -links: - install: getting-started - help: https://groups.google.com/g/validatedpatterns - bugs: https://github.com/validatedpatterns-sandbox/federated-edge-observability/issues -ci: federatedobservability ---- - -# Federated Edge Observability - -## Background - -Organizations are interested in accelerating their deployment speeds and improving delivery quality in their Edge environments, where many devices may not fully or even partially embrace the GitOps philosophy. Further, there are VMs and other devices that can and should be managed with Ansible. This pattern explores some of the possibilities of using an OpenShift-based Ansible Automated Platform deployment and managing Edge devices, based on work done with a partner in the Chemical space. - -This pattern uses OpenShift Virtualization (the productization of Kubevirt) to simulate the Edge environment for VMs. - -### Solution elements - -- How to use a GitOps approach to manage virtual machines, either in public clouds (limited to AWS for technical reasons) or on-prem OpenShift installations -- How to integrate AAP into OpenShift -- How to manage Edge devices using AAP hosted in OpenShift - -### Red Hat Technologies - -- Red Hat OpenShift Container Platform (Kubernetes) -- Red Hat Ansible Automation Platform (formerly known as "Ansible Tower") -- Red Hat OpenShift GitOps (ArgoCD) -- OpenShift Virtualization (Kubevirt) -- Red Hat Enterprise Linux 9 - -### Other Technologies this Pattern Uses - -- Hashicorp Vault -- External Secrets Operator -- OpenTelemetry -- Grafana -- Mimir - -## Architecture - -Similar to other patterns, this pattern starts with a central management hub, which hosts the AAP and Vault components, and the observability collection and visualization components. - -## What Next - -- [Getting Started: Deploying and Validating the Pattern](getting-started) diff --git a/content/patterns/federated-edge-observability/ansible-automation-platform.adoc b/content/patterns/federated-edge-observability/ansible-automation-platform.adoc new file mode 100644 index 000000000..2c4db78cd --- /dev/null +++ b/content/patterns/federated-edge-observability/ansible-automation-platform.adoc @@ -0,0 +1,93 @@ +--- +title: Ansible Automation Platform +weight: 20 +aliases: /federated-edge-observability/aap/ +--- + +:toc: +:imagesdir: /images +:_content-type: ASSEMBLY +include::modules/comm-attributes.adoc[] + +[id="ansible-automation-pattern"] +== Logging in to the Ansible Automation Platform + +The default login user for the AAP interface is `admin`, and the password is randomly generated during installation. This password is required to access the interface. +However, logging into the interface is not necessary, as the pattern automatically configures the AAP instance. The pattern retrieves the password by using the same method as the `ansible_get_credentials.sh` script (described below). + +If you need to inspect the AAP instance or change its configuration, there are two ways to log in. Both methods give access to the same instance using the same password. + +[id="logging-in-using-a-secret-retrieved-from-the-openshift-console"] +=== Logging in using a secret retrieved from the OpenShift Console + +Follow these steps to log in to the Ansible Automation Platform using the OpenShift console: + +. In the OpenShift console, go to *Workloads* > *Secrets* and select the `ansible-automation-platform` project if you want to limit the number of secrets you can see. ++ +.AAP secret +image::/images/federated-edge-observability/ocp-console-secrets-aap-admin-password.png[federated-edge-observability-operators,title="AAP secret"] + +.. Select the `aap-admin-password`. + +.. In the Data field click *Reveal values* to display the password. ++ +.AAP secret detail +image::/images/federated-edge-observability/ocp-console-aap-admin-password-detail.png[federated-edge-observability-operators,title="AAP secret details"] + +. Under *Networking* > *Routes*, click the URL for the `aap` route to open the Ansible Automation Platform interface. + +.. Log in using the `admin` user and the password you retrieved from the `aap-admin-password` secret. The following image shows the screen that appears after logging in. ++ +.AAP screen +image::/images/federated-edge-observability/app-login.png[federated-edge-observability-operators,title="AAP screen"] + +[id="logging-in-using-secret-retrieved-using-script-ansible_get_credentials"] +=== Logging in using a secret retrieved with ansible_get_credentials.sh + +Follow this procedure to log in to the Ansible Automation Platform using the `ansible_get_credentials.sh` script: + +. From the top-level pattern directory (ensuring you have set `KUBECONFIG`), run the following command: ++ +[source,terminal] +---- +$ ./pattern.sh ./scripts/ansible_get_credentials.sh +---- ++ +This script retrieves the URL for your Ansible Automation Platform instance and the password for its `admin` user. The password is auto-generated by the AAP operator by default. The output of the command looks like this (your password will be different): ++ +[source,text] +---- +[WARNING]: No inventory was parsed, only implicit localhost is available + +PLAY [Retrieve Credentials for AAP on OpenShift] ******************************************************************* + +TASK [Retrieve API hostname for AAP] ******************************************************************* +ok: [localhost] + +TASK [Set ansible_host] ***************************************************************** +ok: [localhost] + +TASK [Retrieve admin password for AAP] ***************************************************************************** +ok: [localhost] + +TASK [Set admin_password fact] **************************************************************************************** +ok: [localhost] + +TASK [Report AAP Endpoint] ***************************************************************************************** +ok: [localhost] => { + "msg": "AAP Endpoint: https://aap-ansible-automation-platform.apps.kevstestcluster.aws.validatedpatterns.io" +} + +TASK [Report AAP User] ****************************************************************************** +ok: [localhost] => { + "msg": "AAP Admin User: admin" +} + +TASK [Report AAP Admin Password] ******************************************************************* +ok: [localhost] => { + "msg": "AAP Admin Password: XoQ2MoU88ibAwUZI8tHu194DP304UEqz" +} + +PLAY RECAP ******************************************************************************* +localhost : ok=7 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 +---- \ No newline at end of file diff --git a/content/patterns/federated-edge-observability/ansible-automation-platform.md b/content/patterns/federated-edge-observability/ansible-automation-platform.md deleted file mode 100644 index 64a675255..000000000 --- a/content/patterns/federated-edge-observability/ansible-automation-platform.md +++ /dev/null @@ -1,63 +0,0 @@ ---- -title: Ansible Automation Platform -weight: 40 -aliases: /federated-edge-observability/ansible-automation-platform/ ---- - -# Ansible Automation Platform - -## How to Log In - -The default login user is `admin` and the password is generated randomly at install time; you will need the password to login in to the AAP interface. You do not have to log in to the interface - the pattern will configure the AAP instance; the pattern retrieves the password using the same technique as the `ansible_get_credentials.sh` script described below. If you want to inspect the AAP instance, or change any aspects of its configuration, there are two ways to login and look at it. Both mechanisms are equivalent; you get the same password to the same instance using either technique. - -## Via the OpenShift Console - -In the OpenShift console, navigate to Workloads > Secrets and select the "ansible-automation-platform" project if you want to limit the number of Secrets you can see. - -[![secrets-navigation](/images/ansible-edge-gitops/ocp-console-secrets-aap-admin-password.png)](/images/ansible-edge-gitops/ocp-console-secrets-aap-admin-password.png) - -The Secret you are looking for is in the `ansible-automation-platform` project and is named `controller-admin-password`. If you click on it, you can see the Data.password field. It is shown revealed below to show that it is the same as what is shown by the script method of retrieving it below: - -[![secrets-detail](/images/ansible-edge-gitops/ocp-console-aap-admin-password-detail.png)](/images/ansible-edge-gitops/ocp-console-aap-admin-password-detail.png) - -## Via [ansible_get_credentials.sh](https://github.com/validatedpatterns/ansible-edge-gitops/blob/main/scripts/ansible_get_credentials.sh) - -With your KUBECONFIG set, you can run `./scripts/ansible-get-credentials.sh` from your top-level pattern directory. This will use your OpenShift cluster admin credentials to retrieve the URL for your Ansible Automation Platform instance, as well as the password for its `admin` user, which is auto-generated by the AAP operator by default. The output of the command looks like this (your password will be different): - -```text -./scripts/ansible_get_credentials.sh -[WARNING]: provided hosts list is empty, only localhost is available. Note that the implicit localhost does not match -'all' - -PLAY [Install manifest on AAP controller] ****************************************************************************** - -TASK [Retrieve API hostname for AAP] *********************************************************************************** -ok: [localhost] - -TASK [Set ansible_host] ************************************************************************************************ -ok: [localhost] - -TASK [Retrieve admin password for AAP] ********************************************************************************* -ok: [localhost] - -TASK [Set admin_password fact] ***************************************************************************************** -ok: [localhost] - -TASK [Report AAP Endpoint] ********************************************************************************************* -ok: [localhost] => { - "msg": "AAP Endpoint: https://controller-ansible-automation-platform.apps.mhjacks-aeg.blueprints.rhecoeng.com" -} - -TASK [Report AAP User] ************************************************************************************************* -ok: [localhost] => { - "msg": "AAP Admin User: admin" -} - -TASK [Report AAP Admin Password] *************************************************************************************** -ok: [localhost] => { - "msg": "AAP Admin Password: CKollUjlir0EfrQuRrKuOJRLSQhi4a9E" -} - -PLAY RECAP ************************************************************************************************************* -localhost : ok=7 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 -``` diff --git a/content/patterns/federated-edge-observability/cluster-sizing.adoc b/content/patterns/federated-edge-observability/cluster-sizing.adoc new file mode 100644 index 000000000..481ea4d3d --- /dev/null +++ b/content/patterns/federated-edge-observability/cluster-sizing.adoc @@ -0,0 +1,15 @@ +--- +title: Cluster Sizing +weight: 30 +aliases: /federated-edge-observability/federated-edge-observability-cluster-sizing/ +--- + + +:toc: +:imagesdir: /images +:_content-type: ASSEMBLY + +include::modules/comm-attributes.adoc[] +include::modules/federated-edge-observability/metadata-federated-edge-observability.adoc[] + +include::modules/cluster-sizing-template.adoc[] \ No newline at end of file diff --git a/content/patterns/federated-edge-observability/getting-started.adoc b/content/patterns/federated-edge-observability/getting-started.adoc new file mode 100644 index 000000000..8e8d23f64 --- /dev/null +++ b/content/patterns/federated-edge-observability/getting-started.adoc @@ -0,0 +1,303 @@ +--- +title: Getting Started +weight: 10 +aliases: /federated-edge-observability/getting-started/ +--- + +:toc: +:imagesdir: /images +:_content-type: ASSEMBLY +include::modules/comm-attributes.adoc[] + +[id="deploying-fe-pattern"] +== Deploying the {fe-pattern} + +.Prerequisites + +* An OpenShift cluster + ** To create an OpenShift cluster, go to the https://console.redhat.com/[Red Hat Hybrid Cloud console]. + ** Select *OpenShift \-> Red Hat OpenShift Container Platform \-> Create cluster*. +* A GitHub account and a token for it with repositories permissions, to read from and write to your forks. +* The Helm binary, see link:https://helm.sh/docs/intro/install/[Installing Helm] +For installation tool dependencies, see link:https://validatedpatterns.io/learn/quickstart/[Patterns quick start]. + +[id="preparing-for-deployment"] +== Preparing for deployment +.Procedure + +. Fork the link:https://github.com/validatedpatterns-sandbox/federated-edge-observability[federated-edge-observability] repository on GitHub. You must fork the repository because your fork is updated as part of the GitOps and DevOps processes. + +. Clone the forked copy of this repository. ++ +[source,terminal] +---- +$ git clone git@github.com:/federated-edge-observability.git +---- + +. Go to your repository: Ensure you are in the root directory of your Git repository by using: ++ +[source,terminal] +---- +$ cd /path/to/your/repository +---- + +. Run the following command to set the upstream repository: ++ +[source,terminal] +---- +$ git remote add -f upstream git@github.com:validatedpatterns-sandbox/federated-edge-observability.git +---- + +. Verify the setup of your remote repositories by running the following command: ++ +[source,terminal] +---- +$ git remote -v +---- ++ +.Example output ++ +[source,terminal] +---- +origin git@github.com:kquinn1204/federated-edge-observability.git (fetch) +origin git@github.com:kquinn1204/federated-edge-observability.git (push) +upstream git@github.com:validatedpatterns-sandbox/federated-edge-observability.git (fetch) +upstream git@github.com:validatedpatterns-sandbox/federated-edge-observability.git (push) +---- + +. Make a local copy of secrets template outside of your repository to hold credentials for the pattern. ++ +[WARNING] +==== +Do not place this file in your repository, and do not commit or push it. This would risk pushing personal credentials to GitHub. +==== ++ +Run the following commands: ++ +[source,terminal] +---- +$ cp values-secret.yaml.template ~/values-secret.yaml +---- + +. Populate this file with secrets, or credentials, that are needed to deploy the pattern successfully: ++ +[source,terminal] +---- +$ vi ~/values-secret.yaml +---- + +.. Edit the `vm-ssh` section to include the username, private key, and public key. To ensure the seamless flow of the pattern, the value associated with the `privatekey` and `publickey` has been updated with `path`. For example: ++ +[source,yaml] +---- + - name: vm-ssh + fields: + - name: username + value: 'cloud-user' + - name: privatekey + path: '/path/to/private-ssh-key' + - name: publickey + path: '/path/to/public-ssh-key' +---- ++ +Paste the path to your locally stored private and public keys. If you do not have a key pair, generate one using `ssh-keygen`. + +.. Edit the `rhsm` section to include the Red Hat Subscription Management username and password. For example: ++ +[source,yaml] +---- + - name: rhsm + fields: + - name: username + value: 'username of user to register RHEL VMs' + - name: password + value: 'password of rhsm user in plaintext' +---- ++ +This is the username and password that you use to log in to link:https://catalog.redhat.com/[registry.redhat.io.]. + +.. Edit the `cloud-init` section to include the `userData` block to use with cloud-init. For example: ++ +[source,yaml] +---- + - name: cloud-init + fields: + - name: userData + value: |- + #cloud-config + user: 'cloud-user' + password: 'cloud-user' + chpasswd: { expire: False } +---- + +.. Edit the `aap-manifest` section to include the path to the downloaded manifest zip file that gives an entitlement to run Ansible Automation Platform. Create a subscription manifest by following the guidance at link:https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.4/html-single/red_hat_ansible_automation_platform_operations_guide/index#proc-create-subscription-allocation_obtain-manifest[Obtaining a manifest file]. For example add the following: ++ +[source,yaml] +---- + - name: aap-manifest + fields: + - name: + path: '~/Downloads/.zip' + base64: true +---- + +.. Edit the `automation-hub-token` section to include the token generated at . Click the *Load token* link at link:https://console.redhat.com/ansible/automation-hub/token[Automation Hub Token] to generate a token. For example: ++ +[source,yaml] +---- + - name: automation-hub-token + fields: + - name: token + path: '/path/to/automation-hub-token' +---- + +.. Optionally: Edit the `agof-vault-file` section to use the following (you do not need additional secrets for this pattern): ++ +[source,yaml] +---- + - name: agof-vault-file + fields: + - name: agof-vault-file + value: '---' + base64: true +---- + +.. Edit the `otel-cert` section to include the path to a pre-existing TLS key and certificate. Populate as shown below: ++ +[source,yaml] +---- + - name: otel-cert + fields: + - name: tls.key + path: '~/federated-edge-observability-otel-collector-edge-observability-stack.key' + + - name: tls.crt + path: '~/federated-edge-observability-otel-collector-edge-observability-stack.crt' +---- ++ +Certificates for the OpenTelemetry collector infrastructure. `Snakeoil` that is, self-signed certificates are automatically generated by the `makefile` as follows by the `make snakeoil-certs` target, which is automatically run by `make install`. + +. Create and switch to a new branch named my-branch, by running the following command: ++ +[source,terminal] +---- +$ git checkout -b my-branch +---- + +. Edit the `values-global.yaml` file to customize the deployment for your cluster. The defaults in `values-global.yaml` are designed to work in AWS. For example: ++ +[source,terminal] +---- +$ vi values-global.yaml +---- + +. Add the changes to the staging area by running the following command: ++ +[source,terminal] +---- +$ git add values-global.yaml +---- + +. Commit the changes by running the following command: ++ +[source,terminal] +---- +$ git commit -m "No updates" +---- + +. Push the changes to your forked repository: ++ +[source,terminal] +---- +$ git push origin my-branch +---- + +The preferred way to install this pattern is You can proceed to install the {fe-pattern} pattern by using the web console or from command line by using the script `./pattern.sh` script. + +To install the {fe-pattern} pattern by using the web console you must first install the Validated Patterns Operator. The Validated Patterns Operator installs and manages Validated Patterns. + +[id="deploying-cluster-using-patternsh-file"] +== Deploying the cluster by using the pattern.sh file + +To deploy the cluster by using the `pattern.sh` file, complete the following steps: + +. Log in to your cluster by running the following this procedure: + +.. Obtain an API token by visiting link:https://oauth-openshift.apps../oauth/token/request[https://oauth-openshift.apps../oauth/token/request]. + +.. Log in to the cluster by running the following command: ++ +[source,terminal] +---- +$ $ oc login --token= --server=https://api..:6443 +---- ++ +Alternatively log in by running the following command: ++ +[source,terminal] +---- +$ export KUBECONFIG=~/ +---- + +. Deploy the pattern to your cluster. Run the following command: ++ +[source,terminal] +---- +$ ./pattern.sh make install +---- + +.Verification + +. Verify that the Operators have been installed. + + .. To verify, in the OpenShift Container Platform web console, navigate to *Operators → Installed Operators* page. + + +.federated-edge-observability-operators +image::/images/federated-edge-observability/FEO-operators.png[federated-edge-observability-operators,title="Federated Edge Observability Operators"] + +. Wait some time for everything to deploy. You can track the progress through the `Hub ArgoCD` UI from the nines menu. ++ +.federated-edge-observability-applications +image::/images/federated-edge-observability/FEO-applications.png[federated-edge-observability-applications,title="Federated Edge Observability Applications"] + +As part of installing by using the script `pattern.sh` pattern, HashiCorp Vault is installed. Running `./pattern.sh make install` also calls the `load-secrets` makefile target. This `load-secrets` target looks for a YAML file describing the secrets to be loaded into vault and in case it cannot find one it will use the `values-secret.yaml.template` file in the git repository to try to generate random secrets. + +For more information, see section on https://validatedpatterns.io/secrets/vault/[Vault]. + +. Under *Virtualization* > *VirtualMachines*, the virtual machines show as `Running`. Once they are in `Running` state the +Provisioning workflow will run on them, install the OpenTelemetry collector, and start reporting metrics to the Edge Observability Stack +in the hub cluster. ++ +.federated-edge-observability-vms +image::/images/federated-edge-observability/FEO-vms.png[federated-edge-observability-vms,title="Federated Edge Observability Virtual Machines"] + +. Log in to the Grafana dashboard in the nines menu under *Grafana Observability*. Log in username and password is `admin`. ++ +.federated-edge-observability-grafana +image::/images/federated-edge-observability/FEO-grafana.png[federated-edge-observability-grafana,title="Federated Edge Observability Graphs"] + +. Under *Dashboards* select *OpenTelemetry Collector HostMetrics (Node Exporter)* should be receiving data and drawing graphs for each of the nodes: ++ +.federated-edge-observability-grafana +image::/images/federated-edge-observability/FEO-grafana-plotted.png[federated-edge-observability-grafana,title="Federated Edge Observability displayed Graphs"] + +See link:/federated-edge-observability/ansible-automation-platform/[AnsibleAutomation Platform] for more information on how this pattern uses the Ansible Automation Platform Operator for OpenShift. + +== Infrastructure Elements of this Pattern + +=== https://www.redhat.com/en/technologies/management/ansible[Ansible Automation Platform] + +A fully functional installation of the Ansible Automation Platform operator is installed on your OpenShift cluster to configure and +maintain the VMs for this demo. AAP maintains a dynamic inventory of kiosk machines and can configure a VM from template to fully functional +kiosk in about 10 minutes. + +=== OpenShift https://docs.openshift.com/container-platform/latest/virt/about_virt/about-virt.html[Virtualization] + +OpenShift Virtualization is a Kubernetes-native way to run virtual machine workloads. It is used in this pattern to host VMs simulating an +Edge environment; the chart that configures the VMs is designed to be flexible to allow easy customization to model different VM sizes, mixes, +versions and profiles for future pattern development. + +=== HashiCorp https://www.vaultproject.io/[Vault] + +Vault is used as the authoritative source for the Kiosk ssh pubkey via the External Secrets Operator. As part of this pattern HashiCorp Vault +has been installed. Refer to the section on https://validatedpatterns.io/secrets/vault/[Vault]. diff --git a/content/patterns/federated-edge-observability/getting-started.md b/content/patterns/federated-edge-observability/getting-started.md deleted file mode 100644 index c6fab410b..000000000 --- a/content/patterns/federated-edge-observability/getting-started.md +++ /dev/null @@ -1,242 +0,0 @@ ---- -title: Getting Started -weight: 10 -aliases: /federated-edge-observability/getting-started/ ---- - -# Deploying the Federated Edge Observability Pattern - -# General Prerequisites - -1. An OpenShift cluster ( Go to [the OpenShift console](https://console.redhat.com/openshift/create)). Currently this pattern only supports AWS. It could also run on a baremetal OpenShift cluster, because OpenShift Virtualization supports that; there would need to be some customizations made to support it as the default is AWS. We hope that GCP and Azure will support provisioning metal workers in due course so this can be a more clearly multicloud pattern. -1. A GitHub account (and, optionally, a token for it with repositories permissions, to read from and write to your forks) -1. The helm binary, see [here](https://helm.sh/docs/intro/install/) -1. Ansible, which is used in the bootstrap and provisioning phases of the pattern install (and to configure Ansible Automation Platform). -1. Please note that when run on AWS, this pattern will provision an additional worker node, which will be a metal instance (c5n.metal) to run the Edge Virtual Machines. This worker is provisioned through the OpenShift MachineAPI and will be automatically cleaned up when the cluster is destroyed. - -The use of this pattern depends on having a running Red Hat -OpenShift cluster. It is desirable to have a cluster for deploying the GitOps -management hub assets and a separate cluster(s) for the managed cluster(s). - -If you do not have a running Red Hat OpenShift cluster you can start one on a -public or private cloud by using [Red Hat's cloud service](https://console.redhat.com/openshift/create). - -# Credentials Required in Pattern - -In addition to the openshift cluster, you will need to prepare a number of secrets, or credentials, which will be used -in the pattern in various ways. To do this, copy the [values-secret.yaml template](https://github.com/validatedpatterns-sandbox/federated-edge-observability/blob/main/values-secret.yaml.template) to your home directory as `values-secret.yaml` and replace the explanatory text as follows: - -* AWS Credentials (an access key and a secret key). These are used to provision the metal worker in AWS (which hosts -the VMs). If the portworx variant of the pattern is used, these credentials will be used to modify IAM rules to allow -portworx to run correctly. - -```yaml ---- -# NEVER COMMIT THESE VALUES TO GIT -version: "2.0" -secrets: -``` -* A username and SSH Keypair (private key and public key). These will be used to provide access to the Kiosk VMs in the demo. - -```yaml - - name: vm-ssh - fields: - - name: username - value: 'Username of user to attach privatekey and publickey to - cloud-user is a typical value' - - - name: privatekey - value: 'Private ssh key of the user who will be able to elevate to root to provision kiosks' - - - name: publickey - value: 'Public ssh key of the user who will be able to elevate to root to provision kiosks' -``` - -* A Red Hat Subscription Management username and password. These will be used to register Kiosk VM templates to the Red Hat Content Delivery Network and install content on the VMs and to install the Otel collector. - -```yaml - - name: rhsm - fields: - - name: username - value: 'username of user to register RHEL VMs' - - name: password - value: 'password of rhsm user in plaintext' -``` - -* A userData block to use with cloud-init. This will allow console login as the user you specify (traditionally cloud-user) with the password you specify. The value in cloud-init is used as the default; roles in the edge-gitops-vms chart can also specify other secrets to use by referencing them in the role block. - -```yaml - - name: cloud-init - fields: - - name: userData - value: |- - #cloud-config - user: 'username of user for console, probably cloud-user' - password: 'a suitable password to use on the console' - chpasswd: { expire: False } -``` - -* A manifest file with an entitlement to run Ansible Automation Platform. This file (which will be a .zip file) will be posted to to Ansible Automation Platform instance to enable its use. Instructions for creating a manifest file can be found [here](https://www.redhat.com/en/blog/how-create-and-use-red-hat-satellite-manifest) - -```yaml - - name: aap-manifest - fields: - - name: b64content - path: 'full pathname of file containing Satellite Manifest for entitling Ansible Automation Platform' - base64: true -``` - -```yaml -- name: automation-hub-token - fields: - - name: token - value: 'An automation hub token for retrieving Certified and Validated Ansible content' -``` - -* An automation hub token generated at . This is needed for -the Ansible Configuration-as-Code tools. - -```yaml - - name: agof-vault-file - fields: - - name: agof-vault-file - path: 'full pathname of a valid agof_vault file for secrets to overlay the iac config' - base64: true -``` - -* An (optional) AGOF vault file. For this pattern, use the following (you do not need additional secrets for this -pattern): - -```yaml -- name: agof-vault-file - fields: - - name: agof-vault-file - value: '---' - base64: true -``` - -```yaml - - name: otel-cert - fields: - - name: tls.key - path: 'full pathname to a pre-existing tls key' - - - name: tls.crt - path: 'full pathname to a pre-existing tls certificate' -``` - -Certificates for the open telemetry collector infrastructure. "Snakeoil" (that is, self-signed) certs will automatically be generated by the makefile as follows by the `make snakeoil-certs` target, which is automatically run by `make install`: - -```yaml -- name: otel-cert - fields: - - name: tls.key - path: ~/federated-edge-observability-otel-collector-edge-observability-stack.key - - - name: tls.crt - path: ~/federated-edge-observability-otel-collector-edge-observability-stack.crt -``` - -# How to deploy - -1. Login to your cluster using oc login or exporting the KUBECONFIG - - ```sh - oc login - ``` - - or set KUBECONFIG to the path to your `kubeconfig` file. For example: - - ```sh - export KUBECONFIG=~/my-ocp-env/hub/auth/kubeconfig - ``` - -1. Fork the [federated-edge-observability](https://github.com/validatedpatterns-sandbox/federated-edge-observability) repo on GitHub. It is necessary to fork to preserve customizations you make to the default configuration files. - -1. Clone the forked copy of this repository. - - ```sh - git clone git@github.com:your-username/ansible-edge-gitops.git - ``` - -1. Create a local copy of the Helm values file that can safely include credentials - - WARNING: DO NOT COMMIT THIS FILE - - You do not want to push personal credentials to GitHub. - - ```sh - cp values-secret.yaml.template ~/values-secret.yaml - vi ~/values-secret.yaml - ``` - -1. Customize the deployment for your cluster (Optional - the defaults in values-global.yaml are designed to work in AWS): - - ```sh - git checkout -b my-branch - vi values-global.yaml - git add values-global.yaml - git commit values-global.yaml - git push origin my-branch - ``` - -Please review the [Patterns quick start](/learn/quickstart/) page. This section describes deploying the pattern using `pattern.sh`. You can deploy the pattern using the [validated pattern operator](/infrastructure/using-validated-pattern-operator/). If you do use the operator then skip to Validating the Environment below. - -1. (Optional) Preview the changes. If you'd like to review what is been deployed with the pattern, `pattern.sh` provides a way to show what will be deployed. - - ```sh - ./pattern.sh make show - ``` - -1. Apply the changes to your cluster. This will install the pattern via the Validated Patterns Operator, and then run any necessary follow-up steps. - - ```sh - ./pattern.sh make install - ``` - -The installation process will take between 45-60 minutes to complete. - -# Installation Validation - -* Check the operators have been installed using the OpenShift console - - ```text - OpenShift Console Web UI -> Installed Operators - ``` - -![federated-edge-observability-operators](/images/federated-edge-observability/FEO-operators.png "Federated Edge Observability Operators") - -* Check all applications are synchronised - -Under the project `federated-edge-observability-hub` click on the URL for the `hub`gitops`server`. All applications will sync, but this takes time as ODF has to completely install, and OpenShift Virtualization cannot provision VMs until the metal node has been fully provisioned and ready. - -![federated-edge-observability-applications](/images/federated-edge-observability/FEO-applications.png "Federated Edge Observability Applications") - -* Under Virtualization > Virtual Machines, the virtual machines will eventually show as "Running." Once they are in "Running" state the Provisioning workflow will run on them, install the OpenTelemetry collector, and start reporting metrics to the Edge Observability Stack in the hub cluster. - -![federated-edge-observability-vms](/images/federated-edge-observability/FEO-vms.png "Federated Edge Observability Virtual Machines") - -* The Grafana graphs should be receiving data and drawing graphs for each of the nodes: - -![federated-edge-observability-grafana](/images/federated-edge-observability/FEO-grafana.png "Federated Edge Observability Graphs") - -Please see [Ansible Automation Platform](/federated-edge-observability/ansible-automation-platform/) for more information on how this pattern uses the Ansible Automation Platform Operator for OpenShift. - -# Infrastructure Elements of this Pattern - -## [Ansible Automation Platform](https://www.redhat.com/en/technologies/management/ansible) - -A fully functional installation of the Ansible Automation Platform operator is installed on your OpenShift cluster to configure and maintain the VMs for this demo. AAP maintains a dynamic inventory of kiosk machines and can configure a VM from template to fully functional kiosk in about 10 minutes. - -## OpenShift [Virtualization](https://docs.openshift.com/container-platform/4.16/virt/about_virt/about-virt.html) - -OpenShift Virtualization is a Kubernetes-native way to run virtual machine workloads. It is used in this pattern to host VMs simulating an Edge environment; the chart that configures the VMs is designed to be flexible to allow easy customization to model different VM sizes, mixes, versions and profiles for future pattern development. - -## HashiCorp [Vault](https://www.vaultproject.io/) - -Vault is used as the authoritative source for the Kiosk ssh pubkey via the External Secrets Operator. -As part of this pattern HashiCorp Vault has been installed. Refer to the section on [Vault](https://validatedpatterns.io/secrets/vault/). - -# Next Steps - -## [Help & Feedback](https://groups.google.com/g/validatedpatterns) -## [Report Bugs](https://github.com/validatedpatterns-sandbox/federated-edge-observability/issues) diff --git a/modules/comm-attributes.adoc b/modules/comm-attributes.adoc index 1aa2c82c2..af1a142bc 100644 --- a/modules/comm-attributes.adoc +++ b/modules/comm-attributes.adoc @@ -25,6 +25,7 @@ :hcp-pattern: HyperShift pattern :ie-pattern: Industrial Edge pattern :ie: Industrial Edge +:fe-pattern: Federated Edge Observability pattern :mcg-pattern: Multicloud GitOps pattern :amx-mcg-pattern: Intel AMX accelerated Multicloud GitOps pattern :mcg-sgx-hello-world-pattern: Intel SGX protected application in Multicloud GitOps pattern @@ -82,7 +83,7 @@ //OpenShift :rh-ocp: Red{nbsp}Hat OpenShift Container Platform :ocp: OpenShift Container Platform -:ocp-version: 4.12 +:ocp-version: 4.17 :ocp-registry: OpenShift image registry //Single node and 3-node OpenShift :sno: single-node OpenShift diff --git a/static/images/federated-edge-observability/FEO-applications.png b/static/images/federated-edge-observability/FEO-applications.png index 603bcd386..a46e91bc2 100644 Binary files a/static/images/federated-edge-observability/FEO-applications.png and b/static/images/federated-edge-observability/FEO-applications.png differ diff --git a/static/images/federated-edge-observability/FEO-grafana-plotted.png b/static/images/federated-edge-observability/FEO-grafana-plotted.png new file mode 100644 index 000000000..24833defb Binary files /dev/null and b/static/images/federated-edge-observability/FEO-grafana-plotted.png differ diff --git a/static/images/federated-edge-observability/FEO-grafana.png b/static/images/federated-edge-observability/FEO-grafana.png index e5fb10628..ed3410ac3 100644 Binary files a/static/images/federated-edge-observability/FEO-grafana.png and b/static/images/federated-edge-observability/FEO-grafana.png differ diff --git a/static/images/federated-edge-observability/FEO-vms.png b/static/images/federated-edge-observability/FEO-vms.png index 3a5da969b..014aae3eb 100644 Binary files a/static/images/federated-edge-observability/FEO-vms.png and b/static/images/federated-edge-observability/FEO-vms.png differ diff --git a/static/images/federated-edge-observability/app-login.png b/static/images/federated-edge-observability/app-login.png new file mode 100644 index 000000000..6230e1913 Binary files /dev/null and b/static/images/federated-edge-observability/app-login.png differ diff --git a/static/images/federated-edge-observability/ocp-console-aap-admin-password-detail.png b/static/images/federated-edge-observability/ocp-console-aap-admin-password-detail.png new file mode 100644 index 000000000..ec85e4f18 Binary files /dev/null and b/static/images/federated-edge-observability/ocp-console-aap-admin-password-detail.png differ diff --git a/static/images/federated-edge-observability/ocp-console-secrets-aap-admin-password.png b/static/images/federated-edge-observability/ocp-console-secrets-aap-admin-password.png new file mode 100644 index 000000000..50a1dce21 Binary files /dev/null and b/static/images/federated-edge-observability/ocp-console-secrets-aap-admin-password.png differ