devscripts_sno

Deploy a Single Node OpenShift (SNO) cluster on libvirt/KVM using the dev-scripts agent installer (make agent).

This role is a thin wrapper around the devscripts role: it prepares secrets and host prerequisites, runs the dev-scripts configuration and host-prep steps, executes make agent, and copies the resulting kubeconfig to ~/.kube/config.

It complements the full devscripts deployment path (baremetal/libvirt with make all) and the physical bare metal path documented in bm_sno (cifmw_bm_sno: true).

When used from the reproducer, set cifmw_devscripts_sno: true so the devscripts configuration template exports SNO-specific variables (see dev-scripts AGENTS.md). That flag is separate from including this role by name; reproducer scenarios such as scenarios/reproducers/va-hci-minimal-sno.yml combine the flag with cifmw_devscripts_config_overrides for a one-master layout.

Parameters

Role-specific

Parameter	Type	Default	Description
`cifmw_devscripts_sno_installer_timeout`	int	`7200`	Seconds before `make agent` is killed by `timeout` (2 hours)
`cifmw_devscripts_sno_repo_dir`	str	`~/src/github.com/openshift-metal3/dev-scripts`	Path to the dev-scripts repository
`cifmw_devscripts_sno_data_dir`	str	`~/ci-framework-data`	Base directory for CI Framework data on the host
`cifmw_devscripts_sno_artifacts_dir`	str	`{{ cifmw_devscripts_sno_data_dir }}/artifacts`	Directory for role script artifacts and logs

Required for standalone use

When running this role outside the reproducer playbook, provide secret content (the role writes files from these variables in pre.yml):

Parameter	Description
`cifmw_manage_secrets_citoken_content`	CI token string written to `cifmw_manage_secrets_citoken_file`
`cifmw_manage_secrets_pullsecret_content`	Pull secret JSON written to `cifmw_manage_secrets_pullsecret_file`

Default secret file paths (from defaults/main.yml):

Parameter	Default
`cifmw_manage_secrets_citoken_file`	`{{ ansible_user_dir }}/secrets/ci_token`
`cifmw_manage_secrets_pullsecret_file`	`{{ ansible_user_dir }}/secrets/pull_secret.json`

Alternatively, use the file-based variables documented in the devscripts role README if you integrate with manage_secrets directly.

SNO and dev-scripts configuration

Set cifmw_devscripts_sno: true so conf_ciuser.j2 exports the reduced SNO variable set (NUM_MASTERS=1, NUM_WORKERS=0, and agent-related keys).

Cluster version, networking, and VM sizing are controlled through cifmw_devscripts_config_overrides (and optional cifmw_devscripts_config_overrides_patch.* keys), same as the devscripts role. See devscripts README and Supported keys in cifmw_devscripts_config_overrides.

Common SNO overrides (also used in scenarios/reproducers/va-hci-minimal-sno.yml):

Key	Example	Description
`num_masters`	`1`	Single control-plane node
`master_memory`	`16384`	Memory (MiB) for the master VM
`master_disk`	`120`	Root disk size (GiB)
`master_vcpu`	`12`	vCPUs for the master VM
`agent_e2e_test_scenario`	`SNO_IPV4`	Agent installer test scenario
`agent_platform_type`	`none`	Agent platform type
`openshift_version`	`stable-4.18`	OpenShift version (minor or `stable-X.Y`)
`openshift_release_type`	`ga`	Release type (`nightly`, `ga`, `okd`)
`external_subnet_v4`	`192.168.111.0/24`	External network for the cluster
`ip_stack`	`v4`	IP stack (`v4`, `v6`, `v6v4`)

Additional dev-scripts variables (for example cifmw_devscripts_cpu_passthrough, cifmw_devscripts_host_bm_net_ip_addr) follow the devscripts role documentation.

Task files

Task file	Description
`main.yml`	Orchestrates pre, QEMU ACL, setup, and post phases
`pre.yml`	Maps role vars to `devscripts`, writes secrets, installs packages
`prepare_qemu_home_access.yml`	Installs `acl`/`qemu-kvm` and grants `qemu` traverse on the user home
`setup.yml`	Runs `devscripts` `build_config.yml` and `100_pre.yml`, then `make agent`
`post.yml`	Copies cluster kubeconfig to `~/.kube/config`

Examples

Standalone playbook

See example-playbook.yaml in this role directory:

ansible-playbook \
  -e @secrets.yaml \
  -e @scenarios/reproducers/va-hci-minimal-sno.yml \
  -i inventory.yaml \
  roles/devscripts_sno/example-playbook.yaml

Minimal secrets.yaml for standalone runs:

cifmw_devscripts_sno: true
cifmw_manage_secrets_citoken_content: "{{ lookup('env', 'CI_TOKEN') }}"
cifmw_manage_secrets_pullsecret_content: |
  {{ lookup('file', lookup('env', 'HOME') ~ '/pull-secret') }}

cifmw_devscripts_config_overrides:
  openshift_version: "stable-4.18"
  openshift_release_type: ga
  num_masters: 1
  master_memory: 16384
  master_disk: 120
  master_vcpu: 12
  external_subnet_v4: 192.168.111.0/24
  ip_stack: v4
  agent_e2e_test_scenario: SNO_IPV4
  agent_platform_type: none

Reproducer scenario (libvirt SNO)

From scenarios/reproducers/va-hci-minimal-sno.yml:

cifmw_devscripts_sno: true
cifmw_reproducer_allow_one_ocp: true
cifmw_devscripts_cpu_passthrough: true
cifmw_devscripts_host_bm_net_ip_addr: "192.168.111.1"

cifmw_devscripts_config_overrides:
  num_masters: 1
  master_memory: 16384
  master_disk: 120
  master_vcpu: 12
  external_subnet_v4: 192.168.111.0/24
  ip_stack: v4
  agent_e2e_test_scenario: SNO_IPV4
  agent_platform_type: none
  openshift_release_type: ga
  openshift_version: stable-4.18

After deployment, credentials are under the dev-scripts auth directory:

export KUBECONFIG=~/src/github.com/openshift-metal3/dev-scripts/ocp/ocp/auth/kubeconfig
oc login -u kubeadmin \
  -p "$(cat ~/src/github.com/openshift-metal3/dev-scripts/ocp/ocp/auth/kubeadmin-password)"

SNO deployment methods in CI Framework

Flag	Role / method	Environment
`cifmw_devscripts_sno: true`	dev-scripts agent (`make agent`) on libvirt/KVM	Virtual machine on the hypervisor
`cifmw_bm_sno: true`	`bm_sno` (agent-based, iDRAC Redfish)	Physical bare metal host

See reproducer README for how these paths fit into full reproducer jobs.