ocp_login¤
This role provides support to login to a cluster using the oc CLI by looking up cluster information from the infrastructure provider's APIs, it also supports setting ocp_server and ocp_token directly to support login to any Kubernetes cluster.
Role Variables - General¤
cluster_name¤
Cluster name for credential lookup.
- Required (unless
ocp_serverandocp_tokenare set) - Environment Variable:
CLUSTER_NAME - Default: None
Purpose: Identifies the cluster to login to by name. Used to automatically lookup login credentials from the infrastructure provider's API.
When to use:
- Use with
cluster_typefor automatic credential lookup - Alternative to manually providing
ocp_serverandocp_token - Recommended for managed clusters (ROKS, ROSA, Fyre)
Valid values: String matching your cluster name in the provider's system
Impact: Combined with cluster_type, automatically retrieves cluster server URL and login token from provider API.
Related variables:
cluster_type: Required with this variable (roks, fyre, rosa)ocp_server/ocp_token: Alternative manual login method
Note: Requires provider-specific credentials (e.g., ibmcloud_apikey for ROKS, rosa_token for ROSA, fyre_apikey for Fyre).
cluster_type¤
Infrastructure provider type for cluster.
- Required (unless
ocp_serverandocp_tokenare set) - Environment Variable:
CLUSTER_TYPE - Default: None
Purpose: Specifies the infrastructure provider type to determine which API to use for credential lookup.
When to use:
- Use with
cluster_namefor automatic credential lookup - Required for managed cluster login
- Each type requires specific provider credentials
Valid values: roks, fyre, rosa
roks: IBM Cloud Red Hat OpenShift Kubernetes Servicefyre: IBM DevIT Fyre clustersrosa: AWS Red Hat OpenShift Service on AWS
Impact: Determines which provider API is called to retrieve cluster credentials. Each type requires different authentication variables.
Related variables:
cluster_name: Cluster to lookupibmcloud_apikey: Required forroksfyre_username/fyre_apikey: Required forfyrerosa_token: Required forrosa
Note: Alternative to using ocp_server and ocp_token for direct login.
ocp_server¤
OpenShift server URL for direct login.
- Required (unless
cluster_nameandcluster_typeare set) - Environment Variable:
OCP_SERVER - Default: None
Purpose: Specifies the OpenShift API server URL for direct cluster login without provider API lookup.
When to use:
- Use with
ocp_tokenfor direct login - When cluster is not managed by supported providers
- For custom or on-premises clusters
- Alternative to
cluster_name/cluster_typeapproach
Valid values: Full OpenShift API server URL (e.g., https://api.cluster.example.com:6443)
Impact: Used directly for oc login command. Bypasses provider API credential lookup.
Related variables:
ocp_token: Required with this variablecluster_name/cluster_type: Alternative automatic lookup method
Note: Both ocp_server and ocp_token must be provided together for direct login. This method works with any Kubernetes cluster.
ocp_token¤
Authentication token for direct login.
- Required (unless
cluster_nameandcluster_typeare set) - Environment Variable:
OCP_TOKEN - Default: None
Purpose: Provides the authentication token for direct cluster login without provider API lookup.
When to use:
- Use with
ocp_serverfor direct login - When cluster is not managed by supported providers
- For service account tokens or manually obtained tokens
- Alternative to
cluster_name/cluster_typeapproach
Valid values: Valid OpenShift authentication token string
Impact: Used directly for oc login --token command. Bypasses provider API credential lookup.
Related variables:
ocp_server: Required with this variablecluster_name/cluster_type: Alternative automatic lookup method
Note: SECURITY - Both ocp_server and ocp_token must be provided together. Token should be kept secure and not committed to version control. This method works with any Kubernetes cluster.
Role Variables - IBMCloud ROKS¤
ibmcloud_apikey¤
IBM Cloud API key for ROKS authentication.
- Required (when
cluster_type=roks) - Environment Variable:
IBMCLOUD_APIKEY - Default: None
Purpose: Provides IBM Cloud API key for authenticating with IBM Cloud to retrieve ROKS cluster credentials.
When to use:
- Required when
cluster_type=roks - Used to authenticate with IBM Cloud API
- Enables automatic cluster credential lookup
Valid values: Valid IBM Cloud API key string
Impact: Used to authenticate with IBM Cloud and retrieve cluster server URL and login token for ROKS clusters.
Related variables:
cluster_type: Must berokscluster_name: ROKS cluster name to lookupibmcloud_endpoint: Optional API endpoint override
Note: SECURITY - API key should be kept secure and not committed to version control. Obtain from IBM Cloud IAM.
ibmcloud_endpoint¤
IBM Cloud API endpoint URL.
- Optional
- Environment Variable:
IBMCLOUD_ENDPOINT - Default:
https://cloud.ibm.com
Purpose: Overrides the default IBM Cloud API endpoint for ROKS cluster credential lookup.
When to use:
- Use default for public IBM Cloud
- Override for private or regional endpoints
- Only applies when
cluster_type=roks
Valid values: Valid IBM Cloud API endpoint URL
Impact: Determines which IBM Cloud API endpoint is used for authentication and cluster lookup.
Related variables:
cluster_type: Must beroksibmcloud_apikey: Required for authentication
Note: The default public endpoint works for most deployments. Override only for specific regional or private cloud requirements.
Role Variables - IBM DevIT Fyre¤
fyre_username¤
IBM DevIT Fyre username.
- Required (when
cluster_type=fyre) - Environment Variable:
FYRE_USERNAME - Default: None
Purpose: Provides Fyre username for authenticating with IBM DevIT Fyre to retrieve cluster credentials.
When to use:
- Required when
cluster_type=fyre - Used with
fyre_apikeyfor Fyre authentication - Enables automatic cluster credential lookup
Valid values: Valid Fyre username string
Impact: Used to authenticate with Fyre API and retrieve cluster server URL and login token.
Related variables:
cluster_type: Must befyrefyre_apikey: Required for authenticationcluster_name: Fyre cluster name to lookupfyre_site: Fyre site location
Note: Fyre is IBM's internal development and test infrastructure. Requires IBM internal credentials.
fyre_apikey¤
IBM DevIT Fyre API key.
- Required (when
cluster_type=fyre) - Environment Variable:
FYRE_APIKEY - Default: None
Purpose: Provides Fyre API key for authenticating with IBM DevIT Fyre to retrieve cluster credentials.
When to use:
- Required when
cluster_type=fyre - Used with
fyre_usernamefor Fyre authentication - Enables automatic cluster credential lookup
Valid values: Valid Fyre API key string
Impact: Used to authenticate with Fyre API and retrieve cluster server URL and login token.
Related variables:
cluster_type: Must befyrefyre_username: Required for authenticationcluster_name: Fyre cluster name to lookupfyre_site: Fyre site location
Note: SECURITY - API key should be kept secure. Fyre is IBM's internal development and test infrastructure.
fyre_site¤
Fyre site location for cluster.
- Optional
- Environment Variable:
FYRE_SITE - Default:
svl
Purpose: Specifies which Fyre site the cluster was provisioned in for proper API routing.
When to use:
- Use default (
svl) for most Fyre clusters - Override for clusters in other sites (e.g.,
rtp) - Only applies when
cluster_type=fyre
Valid values: Fyre site codes (e.g., svl, rtp)
Impact: Determines which Fyre site API endpoint is used for cluster lookup.
Related variables:
cluster_type: Must befyre
Role Variables - AWS ROSA¤
rosa_token¤
AWS ROSA authentication token.
- Required (when
cluster_type=rosa) - Environment Variable:
ROSA_TOKEN - Default: None
Purpose: Provides ROSA (Red Hat OpenShift Service on AWS) authentication token for retrieving cluster credentials.
When to use:
- Required when
cluster_type=rosa - Used to authenticate with ROSA API
- Enables automatic cluster credential lookup
Valid values: Valid ROSA authentication token string
Impact: Used to authenticate with ROSA API and retrieve cluster server URL and login credentials.
Related variables:
cluster_type: Must berosacluster_name: ROSA cluster name to lookuprosa_cluster_admin_password: Required for cluster-admin login
Note: SECURITY - Token should be kept secure and not committed to version control. Obtain from Red Hat Hybrid Cloud Console.
rosa_cluster_admin_password¤
ROSA cluster-admin account password.
- Required (when
cluster_type=rosa) - Environment Variable:
ROSA_CLUSTER_ADMIN_PASSWORD - Default: None
Purpose: Provides the password for the cluster-admin account to login to ROSA clusters.
When to use:
- Required when
cluster_type=rosa - Password created during cluster provisioning
- Used for cluster-admin level access
Valid values: Valid cluster-admin password string
Impact: Used to authenticate as cluster-admin user on ROSA clusters.
Related variables:
cluster_type: Must berosarosa_token: Required for ROSA API authenticationcluster_name: ROSA cluster name to login to
Note: SECURITY - Password should be kept secure and not committed to version control. This is the cluster-admin account password set during ROSA cluster provisioning.
Example Playbooks
Direct Login¤
- hosts: localhost
vars:
ocp_server: xxxxx
ocp_token: xxxxx
roles:
- ibm.mas_devops.ocp_login
IBMCloud ROKS¤
- hosts: localhost
vars:
cluster_name: mycluster
cluster_type: roks
ibmcloud_apikey: xxxxx
ibmcloud_resourcegroup: mygroup
roles:
- ibm.mas_devops.ocp_login
AWS ROSA¤
- hosts: localhost
vars:
cluster_name: mycluster
cluster_type: rosa
rosa_token: xxxxx
rosa_cluster_admin_password: xxxxx
roles:
- ibm.mas_devops.ocp_login
IBM DevIT Fyre¤
- hosts: localhost
vars:
cluster_name: mycluster
cluster_type: fyre
fyre_username: xxxxx
fyre_password: xxxxx
roles:
- ibm.mas_devops.ocp_login
Example Playbook¤
- hosts: localhost
vars:
# Add required variables here
roles:
- ibm.mas_devops.ocp_login
License¤
EPL-2.0