Commit 5c109fd8 authored by Mudassar Khan's avatar Mudassar Khan
Browse files

update RUNBOOK.md

parent 55973b6b

playbooks/RUNBOOK.md

+48 −3
Original line number Diff line number Diff line 
# MEC Sandbox Ansible Deployment Guide



## Prerequisites



### 1. Generate GitHub OAuth App Client ID & Secret



The MEC Sandbox uses GitHub OAuth for authentication. You need to register an OAuth App in your GitHub account's Developer Settings to obtain a **Client ID** and **Client Secret**.



**Steps:**



1. Log in to [GitHub](https://github.com) and go to your account **Settings**.

2. In the left sidebar, scroll down and click **Developer settings**.

3. Click **OAuth Apps****New OAuth App**.

4. Fill in the application details:

   - **Application name**: e.g., `MEC Sandbox`

   - **Homepage URL**: e.g., `https://<VM_IP>` (or Deployment URL or VM IP)

   - **Authorization callback URL**: e.g., `https://<VM_IP>/platform-ctrl/v1/authorize`

5. Click **Register application**.

6. On the next page, note down your **Client ID**.

7. Click **Generate a new client secret** and copy the **Client Secret** immediately (it is only shown once).



```yaml

github_oauth_client_id: "<your-client-id>"

github_oauth_client_secret: "<your-client-secret>"

```



> **Important:** You will need the GitHub OAuth credentials for the playbook so that the MEC Sandbox can be deployed and configured properly.



---



### 2. Navigate to the Playbooks Folder



All Ansible commands must be run from within the `playbooks` directory. Navigate there first:



```bash

cd /home/<your-username>/etsi-mec-sandbox/playbooks

```



> Replace `<your-username>` with your actual Linux username. All subsequent commands in this guide assume your working directory is `playbooks/`.



---



## Inventory Layout



- **k8s_masters** → Control plane (API server, etcd, scheduler, controller-manager)
@@ -19,6 +59,8 @@ ansible_become=true 
ansible_become_method=sudo

```



---



## Running Playbooks



1. Install required collections:
@@ -28,13 +70,16 @@ ansible_become_method=sudo 


2. Run site.yml (masters + optional workers):

   ```bash

   ansible-playbook -i inventories/dev/hosts.ini site.yml

   ansible-playbook -K -i inventories/dev/hosts.ini site.yml

   ```



   > `-K` prompts for the sudo password. Omit it if passwordless sudo is configured.



3. Single-node cluster: keep `k8s_workers` empty → only master node runs.



4. Multi-node cluster: add worker nodes under `[k8s_workers]` in inventory.



---



## Multi-node (Masters + Optional Workers)
@@ -62,6 +107,6 @@ If you want to add worker nodes (separate machines), follow these steps: 
   ansible-playbook -K -l k8s_workers site.yml

   ```



Notes:

- Worker nodes will only run `common`, `kernel`, `container_runtime`, and `kubernetes/worker` roles as requested.

**Notes:**

- Worker nodes will only run `common`, `kernel`, `containerd` (or `docker`), and `kubernetes/worker` roles.

- The `kubernetes/worker` role expects a join script (created on master) at `/tmp/kube_join_cmd.sh`. If you prefer, you can expose the master token & CA hash via a secure variable and run `kubeadm join` directly in the role.
 
 No newline at end of file