diff --git a/hosted_control_planes/hcp-disconnected/hcp-deploy-dc-bm.adoc b/hosted_control_planes/hcp-disconnected/hcp-deploy-dc-bm.adoc index 194e8a3b9a42..db1936b52e23 100644 --- a/hosted_control_planes/hcp-disconnected/hcp-deploy-dc-bm.adoc +++ b/hosted_control_planes/hcp-disconnected/hcp-deploy-dc-bm.adoc @@ -1,15 +1,30 @@ :_mod-docs-content-type: ASSEMBLY [id="hcp-deploy-dc-bm"] -include::_attributes/common-attributes.adoc[] = Deploying {hcp} on bare metal in a disconnected environment +include::_attributes/common-attributes.adoc[] :context: hcp-deploy-dc-bm toc::[] -When you provision {hcp} on bare metal, you use the Agent platform. The Agent platform and {mce} work together to enable disconnected deployments. The Agent platform uses the central infrastructure management service to add worker nodes to a hosted cluster. For an introduction to the central infrastructure management service, see link:https://docs.redhat.com/en/documentation/red_hat_advanced_cluster_management_for_kubernetes/2.16/html/clusters/cluster_mce_overview#enable-cim[Enabling the central infrastructure management service]. +[role="_abstract"] +In the context of {hcp}, a disconnected environment is an {product-title} deployment that is not connected to the internet and that uses {hcp} as a base. You can deploy {hcp} in a disconnected environment on bare metal. + +When you provision {hcp} on bare metal, you use the Agent platform. The Agent platform and {mce} work together to enable disconnected deployments. The Agent platform uses the central infrastructure management service to add worker nodes to a hosted cluster. For an introduction to the central infrastructure management service, see "Enabling the central infrastructure management service". + +[role="_additional-resources"] +.Additional resources + +* link:https://docs.redhat.com/en/documentation/red_hat_advanced_cluster_management_for_kubernetes/2.16/html/clusters/cluster_mce_overview#enable-cim[Enabling the central infrastructure management service] include::modules/hcp-dc-bm-arch.adoc[leveloffset=+1] +[role="_additional-resources"] +.Additional resources + +* xref:../../hosted_control_planes/hcp-disconnected/hcp-deploy-dc-bm.adoc#hcp-dc-tls-mgmt_hcp-deploy-dc-bm[Adding the registry CA to the management cluster] + +* xref:../../hosted_control_planes/hcp-disconnected/hcp-deploy-dc-bm.adoc#hcp-dc-tls-hosted_hcp-deploy-dc-bm[Adding the registry CA to the compute nodes for the hosted cluster] + include::modules/hcp-dc-bm-reqs.adoc[leveloffset=+1] include::modules/hcp-dc-extract.adoc[leveloffset=+1] @@ -23,8 +38,7 @@ include::modules/hcp-dc-mgmt-cluster.adoc[leveloffset=+1] [role="_additional-resources"] .Additional resources * link:https://docs.redhat.com/en/documentation/red_hat_advanced_cluster_management_for_kubernetes/2.16/html/clusters/cluster_mce_overview#mce-install-intro[Installing and upgrading multicluster engine operator] -* xref:../../hosted_control_planes/hcp-prepare/hcp-enable-disable.html#hcp-enable-manual-addon_hcp-enable-disable[Manually enabling the hypershift-addon managed cluster add-on for local-cluster] -* link:https://docs.redhat.com/en/documentation/red_hat_advanced_cluster_management_for_kubernetes/2.16/html/clusters/cluster_mce_overview#mce-intro[About cluster lifecycle with multicluster engine operator] +* xref:../../hosted_control_planes/hcp-prepare/hcp-enable-disable.adoc#hcp-enable-manual-addon_hcp-enable-disable[Manually enabling the hypershift-addon managed cluster add-on for local-cluster] include::modules/hcp-dc-web-server.adoc[leveloffset=+1] @@ -34,6 +48,7 @@ include::modules/hcp-dc-image-mirror.adoc[leveloffset=+1] .Additional resources * xref:../../disconnected/about-installing-oc-mirror-v2.adoc#oc-mirror-workflows-partially-disconnected-v2_about-installing-oc-mirror-v2[Mirroring an image set in a partially disconnected environment] * xref:../../disconnected/about-installing-oc-mirror-v2.adoc#oc-mirror-workflows-fully-disconnected-v2_about-installing-oc-mirror-v2[Mirroring an image set in a fully disconnected environment] +* link:https://docs.redhat.com/en/documentation/red_hat_advanced_cluster_management_for_kubernetes/2.16/html/clusters/cluster_mce_overview#install-on-disconnected-networks[Install on disconnected networks] include::modules/hcp-dc-apply-objects.adoc[leveloffset=+1] @@ -43,19 +58,11 @@ include::modules/hcp-dc-apply-objects.adoc[leveloffset=+1] include::modules/hcp-agentserviceconfig.adoc[leveloffset=+1] -[id="hcp-dc-tls-bm"] -== Configuring TLS certificates for a disconnected installation of {hcp} - -To ensure proper function in a disconnected deployment, you need to configure the registry CA certificates in the management cluster and the worker nodes for the hosted cluster. - -include::modules/hcp-dc-tls-mgmt.adoc[leveloffset=+2] - -include::modules/hcp-dc-tls-hosted.adoc[leveloffset=+2] +include::modules/hcp-dc-tls-mgmt.adoc[leveloffset=+1] -[id="hcp-dc-bm-hosted"] -== Creating a hosted cluster on bare metal +include::modules/hcp-dc-tls-hosted.adoc[leveloffset=+1] -A hosted cluster is an {product-title} cluster with its control plane and API endpoint hosted on a management cluster. The hosted cluster includes the control plane and its corresponding data plane. +include::modules/hcp-dc-bm-hosted.adoc[leveloffset=+1] include::modules/hcp-hc-objects.adoc[leveloffset=+2] diff --git a/modules/hcp-agentserviceconfig.adoc b/modules/hcp-agentserviceconfig.adoc index 38f6cd9e246b..4f009c070ab2 100644 --- a/modules/hcp-agentserviceconfig.adoc +++ b/modules/hcp-agentserviceconfig.adoc @@ -6,13 +6,14 @@ [id="hcp-agentserviceconfig_{context}"] = Deploying AgentServiceConfig resources -The `AgentServiceConfig` custom resource is an essential component of the Assisted Service add-on that is part of {mce-short}. It is responsible for bare metal cluster deployment. When the add-on is enabled, you deploy the `AgentServiceConfig` resource to configure the add-on. +[role="_abstract"] +The `AgentServiceConfig` custom resource is an essential component of the Assisted Service add-on that is part of {mce-short}. It is responsible for bare-metal cluster deployment. When the add-on is enabled, you deploy the `AgentServiceConfig` resource to configure the add-on. In addition to configuring the `AgentServiceConfig` resource, you need to include additional config maps to ensure that {mce-short} functions properly in a disconnected environment. .Procedure -. Configure the custom registries by adding the following config map, which contains the disconnected details to customize the deployment: +. Configure the custom registries by adding the following config map, which includes the disconnected details to customize the deployment: + [source,yaml] ---- @@ -36,7 +37,7 @@ data: mirror-by-digest-only = true [[registry.mirror]] - location = "registry.dns.base.domain.name:5000/openshift4" <1> + location = "registry.dns.base.domain.name:5000/openshift4" [[registry]] prefix = "" @@ -46,12 +47,12 @@ data: # ... ---- + -<1> Replace `dns.base.domain.name` with the DNS base domain name. +Replace `dns.base.domain.name` with the DNS base domain name. + -The object contains two fields: +The object has two fields: -* Custom CAs: This field contains the Certificate Authorities (CAs) that are loaded into the various processes of the deployment. -* Registries: The `Registries.conf` field contains information about images and namespaces that need to be consumed from a mirror registry rather than the original source registry. +* Custom CAs: This field has the Certificate Authorities (CAs) that are loaded into the various processes of the deployment. +* Registries: The `Registries.conf` field has information about images and namespaces that need to be consumed from a mirror registry rather than the original source registry. . Configure the Assisted Service by adding the `AssistedServiceConfig` object, as shown in the following example: + @@ -61,12 +62,12 @@ apiVersion: agent-install.openshift.io/v1beta1 kind: AgentServiceConfig metadata: annotations: - unsupported.agent-install.openshift.io/assisted-service-configmap: assisted-service-config <1> + unsupported.agent-install.openshift.io/assisted-service-configmap: assisted-service-config name: agent namespace: multicluster-engine spec: mirrorRegistryRef: - name: custom-registries <2> + name: custom-registries databaseStorage: storageClassName: lvms-vg1 accessModes: @@ -81,24 +82,25 @@ spec: resources: requests: storage: 20Gi - osImages: <3> - - cpuArchitecture: x86_64 <4> + osImages: + - cpuArchitecture: x86_64 openshiftVersion: "4.14" - rootFSUrl: http://registry.dns.base.domain.name:8080/images/rhcos-414.92.202308281054-0-live-rootfs.x86_64.img <5> + rootFSUrl: http://registry.dns.base.domain.name:8080/images/rhcos-414.92.202308281054-0-live-rootfs.x86_64.img url: http://registry.dns.base.domain.name:8080/images/rhcos-414.92.202308281054-0-live.x86_64.iso version: 414.92.202308281054-0 - cpuArchitecture: x86_64 - openshiftVersion: "4.15" - rootFSUrl: http://registry.dns.base.domain.name:8080/images/rhcos-415.92.202403270524-0-live-rootfs.x86_64.img - url: http://registry.dns.base.domain.name:8080/images/rhcos-415.92.202403270524-0-live.x86_64.iso - version: 415.92.202403270524-0 + openshiftVersion: "4.15" + rootFSUrl: http://registry.dns.base.domain.name:8080/images/rhcos-415.92.202403270524-0-live-rootfs.x86_64.img + url: http://registry.dns.base.domain.name:8080/images/rhcos-415.92.202403270524-0-live.x86_64.iso + version: 415.92.202403270524-0 ---- + -<1> The `metadata.annotations["unsupported.agent-install.openshift.io/assisted-service-configmap"]` annotation references the config map name that the Operator consumes to customize behavior. -<2> The `spec.mirrorRegistryRef.name` annotation points to the config map that contains disconnected registry information that the Assisted Service Operator consumes. This config map adds those resources during the deployment process. -<3> The `spec.osImages` field contains different versions available for deployment by this Operator. This field is mandatory. This example assumes that you already downloaded the `RootFS` and `LiveISO` files. -<4> Add a `cpuArchitecture` subsection for every {product-title} release that you want to deploy. In this example, `cpuArchitecture` subsections are included for 4.14 and 4.15. -<5> In the `rootFSUrl` and `url` fields, replace `dns.base.domain.name` with the DNS base domain name. +* `metadata.annotations["unsupported.agent-install.openshift.io/assisted-service-configmap"]` references the config map name that the Operator consumes to customize behavior. +* `spec.mirrorRegistryRef.name` points to the config map that has disconnected registry information that the Assisted Service Operator consumes. This config map adds those resources during the deployment process. +* `spec.osImages` contains different versions available for deployment by this Operator. This field is mandatory. This example assumes that you already downloaded the `RootFS` and `LiveISO` files. +* `cpuArchitecture` is added for every {product-title} release that you want to deploy. In this example, `cpuArchitecture` subsections are included for 4.14 and 4.15. +* `osImages.rootFSUrl` includes `dns.base.domain.name`. Replace that value with the DNS base domain name. +* `osImages.url` includes `dns.base.domain.name`. Replace that value with the DNS base domain name. . Deploy all of the objects by concatenating them into a single file and applying them to the management cluster. To do so, enter the following command: + @@ -112,12 +114,12 @@ The command triggers two pods. .Example output [source,terminal] ---- -assisted-image-service-0 1/1 Running 2 11d <1> -assisted-service-668b49548-9m7xw 2/2 Running 5 11d <2> +assisted-image-service-0 1/1 Running 2 11d +assisted-service-668b49548-9m7xw 2/2 Running 5 11d ---- + -<1> The `assisted-image-service` pod is responsible for creating the Red Hat Enterprise Linux CoreOS (RHCOS) boot image template, which is customized for each cluster that you deploy. -<2> The `assisted-service` refers to the Operator. +* The `assisted-image-service` pod is responsible for creating the {op-system-first} boot image template, which is customized for each cluster that you deploy. +* The `assisted-service` refers to the Operator. .Next steps diff --git a/modules/hcp-bm-dns.adoc b/modules/hcp-bm-dns.adoc index 7fe7c8b886fc..d0556d509caa 100644 --- a/modules/hcp-bm-dns.adoc +++ b/modules/hcp-bm-dns.adoc @@ -1,6 +1,7 @@ // Module included in the following assemblies: // // * hosted_control_planes/hcp-deploy-bm.adoc +// * hosted_control_planes/hcp-disconnected/hcp-deploy-dc-bm.adoc :_mod-docs-content-type: CONCEPT [id="hcp-bm-dns_{context}"] diff --git a/modules/hcp-dc-apply-objects.adoc b/modules/hcp-dc-apply-objects.adoc index cb5e7be60e49..101399314350 100644 --- a/modules/hcp-dc-apply-objects.adoc +++ b/modules/hcp-dc-apply-objects.adoc @@ -7,7 +7,10 @@ [id="hcp-dc-apply-objects_{context}"] = Applying objects in the management cluster -After the mirroring process is complete, you need to apply two objects in the management cluster: +[role="_abstract"] +After the mirroring process is complete, you need to apply two objects in the management cluster. + +You apply the following objects: * `ImageContentSourcePolicy` (ICSP) or `ImageDigestMirrorSet` (IDMS) * Catalog sources @@ -55,9 +58,9 @@ When you use the `management` (default) OLMCatalogPlacement mode, the image stre ** `hypershift.openshift.io/community-operators-catalog-image` ** `hypershift.openshift.io/redhat-marketplace-catalog-image` ** `hypershift.openshift.io/redhat-operators-catalog-image` - ++ In this case, the image stream is not created, and you must update the value of the annotations when the internal mirror is refreshed to pull in Operator updates. .Next steps -Deploy the {mce-short} by completing the steps in _Deploying {mce-short} for a disconnected installation of {hcp}_. \ No newline at end of file +Deploy the {mce-short} by completing the steps in "Deploying {mce-short} for a disconnected installation of {hcp}". \ No newline at end of file diff --git a/modules/hcp-dc-bm-arch.adoc b/modules/hcp-dc-bm-arch.adoc index a39b669d116e..b7f4b86cadf5 100644 --- a/modules/hcp-dc-bm-arch.adoc +++ b/modules/hcp-dc-bm-arch.adoc @@ -2,10 +2,13 @@ // // * hosted_control_planes/hcp-disconnected/hcp-deploy-dc-bm.adoc -:_mod-docs-content-type: CONCEPT +:_mod-docs-content-type: REFERENCE [id="hcp-dc-bm-arch_{context}"] = Disconnected environment architecture for bare metal +[role="_abstract"] +Get familiar with the architecture for a deployment of {hcp} on bare metal in a disconnected environment. + The following diagram illustrates an example architecture of a disconnected environment: image:../images/489_RHACM_HyperShift_on_bare_metal_1223.png[Disconnected architecture diagram] @@ -16,7 +19,7 @@ image:../images/489_RHACM_HyperShift_on_bare_metal_1223.png[Disconnected archite * Key: `..`, for example, `registry.hypershiftdomain.lab..5000:`. Ensure that you place `..` after the registry DNS domain name when you specify a port. * Value: The certificate content + -For more information about creating a config map, see _Configuring TLS certificates for a disconnected installation of {hcp}_. +For more information about creating a config map, see "Adding the registry CA to the management cluster" and "Adding the registry CA to the compute nodes for the hosted cluster". . Modify the `images.config.openshift.io` custom resource (CR) specification and adds a new field named `additionalTrustedCA` with a value of `name: registry-config`. . Create a config map that contains two data fields. One field contains the `registries.conf` file in `RAW` format, and the other field contains the Registry CA and is named `ca-bundle.crt`. The config map belongs to the `multicluster-engine` namespace, and the config map name is referenced in other objects. For an example of a config map, see the following sample configuration: + diff --git a/modules/hcp-dc-bm-hosted.adoc b/modules/hcp-dc-bm-hosted.adoc new file mode 100644 index 000000000000..03c981d7116d --- /dev/null +++ b/modules/hcp-dc-bm-hosted.adoc @@ -0,0 +1,12 @@ +// Module included in the following assemblies: +// +// * hosted_control_planes/hcp-disconnected/hcp-deploy-dc-bm.adoc + +:_mod-docs-content-type: CONCEPT +[id="hcp-dc-bm-hosted_{context}"] += Hosted clusters on bare metal in a disconnected environment + +[role="_abstract"] +In a disconnected environment, creating a hosted cluster involves deploying hosted cluster objects, creating node pools, creating an `InfraEnv` resource, creating bare-metal hosts, and scaling the node pools as needed. + +A hosted cluster is an {product-title} cluster with its control plane and API endpoint hosted on a management cluster. The hosted cluster includes the corresponding data plane. diff --git a/modules/hcp-dc-bm-reqs.adoc b/modules/hcp-dc-bm-reqs.adoc index c175ec3846f1..e54aa9c053df 100644 --- a/modules/hcp-dc-bm-reqs.adoc +++ b/modules/hcp-dc-bm-reqs.adoc @@ -6,15 +6,16 @@ [id="hcp-dc-bm-reqs_{context}"] = Requirements to deploy {hcp} on bare metal in a disconnected environment -To configure {hcp} in a disconnected environment, you must meet the following prerequisites: +[role="_abstract"] +To configure {hcp} in a disconnected environment, you must meet several prerequisites. -- CPU: The number of CPUs provided determines how many hosted clusters can run concurrently. In general, use 16 CPUs for each node for 3 nodes. For minimal development, you can use 12 CPUs for each node for 3 nodes. -- Memory: The amount of RAM affects how many hosted clusters can be hosted. Use 48 GB of RAM for each node. For minimal development, 18 GB of RAM might be sufficient. -- Storage: Use SSD storage for {mce-short}. +* CPU: The number of CPUs provided determines how many hosted clusters can run concurrently. In general, use 16 CPUs for each node for 3 nodes. For minimal development, you can use 12 CPUs for each node for 3 nodes. +* Memory: The amount of RAM affects how many hosted clusters can be hosted. Use 48 GB of RAM for each node. For minimal development, 18 GB of RAM might be sufficient. +* Storage: Use SSD storage for {mce-short}. * Management cluster: 250 GB. * Registry: The storage needed depends on the number of releases, operators, and images that are hosted. An acceptable number might be 500 GB, preferably separated from the disk that hosts the hosted cluster. * Web server: The storage needed depends on the number of ISOs and images that are hosted. An acceptable number might be 500 GB. -- Production: For a production environment, separate the management cluster, the registry, and the web server on different disks. This example illustrates a possible configuration for production: +* Production: For a production environment, separate the management cluster, the registry, and the web server on different disks. This example illustrates a possible configuration for production: * Registry: 2 TB * Management cluster: 500 GB * Web server: 2 TB \ No newline at end of file diff --git a/modules/hcp-dc-extract.adoc b/modules/hcp-dc-extract.adoc index 33c4e49d0c9b..29c7d7859ae2 100644 --- a/modules/hcp-dc-extract.adoc +++ b/modules/hcp-dc-extract.adoc @@ -2,11 +2,12 @@ // // * hosted_control_planes/hcp-disconnected/hcp-deploy-dc-bm.adoc -:_mod-docs-content-type: CONCEPT +:_mod-docs-content-type: PROCEDURE [id="hcp-dc-extract_{context}"] = Extracting the release image digest -You can extract the {product-title} release image digest by using the tagged image. +[role="_abstract"] +To deploy {hcp} on bare metal in a disconnected environment, you need the {product-title} release image. You can extract the release image digest by using the tagged image. .Procedure @@ -20,7 +21,7 @@ $ oc adm release info | grep "Pull From" Replace `` with the tagged image for the supported {product-title} version, for example, `quay.io/openshift-release-dev/ocp-release:4.14.0-x8_64`. + .Example output -+ +[source,terminal] ---- Pull From: quay.io/openshift-release-dev/ocp-release@sha256:69d1292f64a2b67227c5592c1a7d499c7d00376e498634ff8e1946bc9ccdddfe ---- \ No newline at end of file diff --git a/modules/hcp-dc-image-mirror.adoc b/modules/hcp-dc-image-mirror.adoc index 40edb50cfe2c..80a6357d9148 100644 --- a/modules/hcp-dc-image-mirror.adoc +++ b/modules/hcp-dc-image-mirror.adoc @@ -7,9 +7,10 @@ [id="hcp-dc-image-mirror_{context}"] = Configuring image mirroring for {hcp} in a disconnected environment +[role="_abstract"] Image mirroring is the process of fetching images from external registries, such as `registry.redhat.com` or `quay.io`, and storing them in your private registry. -In the following procedures, the `oc-mirror` tool is used, which is a binary that uses the `ImageSetConfiguration` object. In the file, you can specify the following information: +In the following procedure, the `oc-mirror` tool is used, which is a binary that uses the `ImageSetConfiguration` object. In the file, you can specify the following information: * The {product-title} versions to mirror. The versions are in `quay.io`. * The additional Operators to mirror. Select packages individually. @@ -21,8 +22,6 @@ In the following procedures, the `oc-mirror` tool is used, which is a binary tha .Procedure -To configure image mirroring, complete the following steps: - . Ensure that your `${HOME}/.docker/config.json` file is updated with the registries that you are going to mirror from and with the private registry that you plan to push the images to. . By using the following example, create an `ImageSetConfiguration` object to use for mirroring. Replace values as needed to match your environment: @@ -35,10 +34,10 @@ mirror: platform: channels: - name: candidate-{product-version} - minVersion: <4.x.y-build> <1> - maxVersion: <4.x.y-build> <1> + minVersion: <4.x.y-build> + maxVersion: <4.x.y-build> type: ocp - kubeVirtContainer: true <2> + kubeVirtContainer: true graph: true operators: - catalog: registry.redhat.io/redhat/redhat-operator-index:v{product-version} @@ -50,12 +49,13 @@ mirror: - name: mcg-operator - name: ocs-operator - name: metallb-operator - - name: kubevirt-hyperconverged <3> + - name: kubevirt-hyperconverged ---- + -<1> Replace `<4.x.y-build>` with the supported {product-title} version you want to use. -<2> Set this optional flag to `true` if you want to also mirror the container disk image for the {op-system-first} boot image for the KubeVirt provider. This flag is available with oc-mirror v2 only. -<3> For deployments that use the KubeVirt provider, include this line. +* `mirror.platform.channels.minVersion` specifies the supported {product-title} version you want to use. +* `mirror.platform.channels.maxVersion` specifies the supported (product-title) version you want to use. +* `kubeVirtContainer` specifies whether you want to also mirror to the container disk image for the {op-system-first} boot image for the KubeVirt provider. This flag is optional. It is available with oc-mirror v2 only. +* `mirror.operators.packages.name: kubevirt-hyperconverged` must be included for deployments that use the KubeVirt provider. . Start the mirroring process by entering the following command: + @@ -76,13 +76,13 @@ kind: ImageSetConfiguration mirror: platform: graph: true - release: registry.ci.openshift.org/ocp/release:<4.x.y-build> <1> - kubeVirtContainer: true <2> + release: registry.ci.openshift.org/ocp/release:<4.x.y-build> + kubeVirtContainer: true # ... ---- + -<1> Replace `<4.x.y-build>` with the supported {product-title} version you want to use. -<2> Set this optional flag to `true` if you want to also mirror the container disk image for the {op-system-first} boot image for the KubeVirt provider. This flag is available with oc-mirror v2 only. +* `mirror.platform.release` specifies the supported {product-title} version you want to use. +* `mirror.platform.kubeVirtContainer` specifies that you want to also mirror the container disk image for the {op-system-first} boot image for the KubeVirt provider. This flag is available with oc-mirror v2 only. . If you have a partially disconnected environment, mirror the images from the image set configuration to a registry by entering the following command: + @@ -94,7 +94,7 @@ $ oc mirror -c imagesetconfig.yaml \ + For more information, see "Mirroring an image set in a partially disconnected environment". -. If you have a fully disconnected environment, perform the following steps: +. If you have a fully disconnected environment, complete the following steps: .. Mirror the images from the specified image set configuration to the disk by entering the following command: + @@ -113,4 +113,4 @@ $ oc mirror -c imagesetconfig.yaml \ --from file:// docker:// --v2 ---- -. Mirror the latest {mce-short} images by following the steps in link:https://docs.redhat.com/en/documentation/red_hat_advanced_cluster_management_for_kubernetes/2.16/html/clusters/cluster_mce_overview#install-on-disconnected-networks[Install on disconnected networks]. +. Mirror the latest {mce-short} images by following the steps in "Install on disconnected networks". diff --git a/modules/hcp-dc-mgmt-cluster.adoc b/modules/hcp-dc-mgmt-cluster.adoc index 4e2bd73b54d7..44220afab688 100644 --- a/modules/hcp-dc-mgmt-cluster.adoc +++ b/modules/hcp-dc-mgmt-cluster.adoc @@ -6,7 +6,8 @@ [id="hcp-dc-mgmt-cluster_{context}"] = Setting up a management cluster for {hcp} in a disconnected environment -To set up an {product-title} management cluster, you need to ensure that the {mce} is installed. The {mce-short} plays a crucial role in deploying clusters across providers. +[role="_abstract"] +An important part of a {hcp} deployment is the {product-title} management cluster. To set up an management cluster for a disconnected environment, you install {mce} on it. The {mce-short} plays a crucial role in deploying clusters across providers. .Prerequisites @@ -24,7 +25,7 @@ To set up an {product-title} management cluster, you need to ensure that the {mc .Procedure -. Install {mce-short} 2.4 or later on an {product-title} cluster. You can install {mce-short} as an Operator from the {product-title} software catalog. The HyperShift Operator is included with {mce-short}. For more information about installing {mce-short}, see "Installing and upgrading multicluster engine operator" in the Red{nbsp}Hat Advanced Cluster Management documentation. +. Install {mce-short} 2.7 or later on an {product-title} cluster. You can install {mce-short} as an Operator from the {product-title} software catalog. The HyperShift Operator is included with {mce-short}. For more information about installing {mce-short}, see "Installing and upgrading multicluster engine operator" in the Red{nbsp}Hat Advanced Cluster Management documentation. . Ensure that the HyperShift Operator is installed. The HyperShift Operator is automatically included with {mce-short}, but if you need to manually install it, follow the steps in "Manually enabling the hypershift-addon managed cluster add-on for local-cluster". diff --git a/modules/hcp-dc-registry.adoc b/modules/hcp-dc-registry.adoc index e09958620701..be4e65af71e8 100644 --- a/modules/hcp-dc-registry.adoc +++ b/modules/hcp-dc-registry.adoc @@ -6,11 +6,12 @@ [id="hcp-dc-registry_{context}"] = Deploying a registry for {hcp} in a disconnected environment +[role="_abstract"] For development environments, deploy a small, self-hosted registry by using a Podman container. For production environments, deploy an enterprise-hosted registry, such as {quay}, Nexus, or Artifactory. -.Procedure +To deploy a small registry by using Podman, complete the following steps. -To deploy a small registry by using Podman, complete the following steps: +.Procedure . As a privileged user, access the `${HOME}` directory and create the following script: + @@ -22,7 +23,7 @@ set -euo pipefail PRIMARY_NIC=$(ls -1 /sys/class/net | grep -v podman | head -1) export PATH=/root/bin:$PATH -export PULL_SECRET="/root/baremetal/hub/openshift_pull.json" <1> +export PULL_SECRET="/root/baremetal/hub/openshift_pull.json" if [[ ! -f $PULL_SECRET ]];then echo "Pull Secret not found, exiting..." @@ -73,7 +74,7 @@ podman create --name registry --net host --security-opt label=disable --replace systemctl enable --now registry ---- + -<1> Replace the location of the `PULL_SECRET` with the appropriate location for your setup. +Replace the location of the `PULL_SECRET` with the appropriate location for your setup. . Name the script file `registry.sh` and save it. When you run the script, it pulls in the following information: + @@ -96,23 +97,29 @@ $ ${HOME}/registry.sh + The script starts the server. The script uses a `systemd` service for management purposes. -. If you need to manage the script, you can use the following commands: +. If you need to manage the script, you can use the following commands. ++ +.. To view the status, enter the following command: + [source,terminal] ---- $ systemctl status ---- + +.. To start the script, enter the following command: ++ [source,terminal] ---- $ systemctl start ---- + +.. To stop the script, enter the following command: ++ [source,terminal] ---- $ systemctl stop ---- - ++ The root folder for the registry is in the `/opt/registry` directory and contains the following subdirectories: * `certs` contains the TLS certificates. diff --git a/modules/hcp-dc-tls-hosted.adoc b/modules/hcp-dc-tls-hosted.adoc index 53734e20dea4..910be7122f49 100644 --- a/modules/hcp-dc-tls-hosted.adoc +++ b/modules/hcp-dc-tls-hosted.adoc @@ -5,9 +5,10 @@ :_mod-docs-content-type: PROCEDURE [id="hcp-dc-tls-hosted_{context}"] -= Adding the registry CA to the worker nodes for the hosted cluster += Adding the registry CA to the compute nodes for the hosted cluster -In order for the data plane workers in the hosted cluster to be able to retrieve images from the private registry, you need to add the registry CA to the worker nodes. +[role="_abstract"] +In order for the data plane compute nodes in the hosted cluster to be able to retrieve images from the private registry, you need to add the registry CA to the compute nodes. .Procedure @@ -17,10 +18,10 @@ In order for the data plane workers in the hosted cluster to be able to retrieve ---- spec: additionalTrustBundle: - name: user-ca-bundle <1> + name: user-ca-bundle ---- + -<1> The `user-ca-bundle` entry is a config map that you create in the next step. +The `user-ca-bundle` entry is a config map that you create in the next step. . In the same namespace where the `HostedCluster` object is created, create the `user-ca-bundle` config map. The config map resembles the following example: + @@ -44,7 +45,7 @@ data: kind: ConfigMap metadata: name: user-ca-bundle - namespace: <1> + namespace: ---- + -<1> Specify the namespace where the `HostedCluster` object is created. \ No newline at end of file +Specify the namespace where the `HostedCluster` object is created. \ No newline at end of file diff --git a/modules/hcp-dc-tls-mgmt.adoc b/modules/hcp-dc-tls-mgmt.adoc index fbd1e8325627..ebf4ee53baa7 100644 --- a/modules/hcp-dc-tls-mgmt.adoc +++ b/modules/hcp-dc-tls-mgmt.adoc @@ -7,6 +7,9 @@ [id="hcp-dc-tls-mgmt_{context}"] = Adding the registry CA to the management cluster +[role="_abstract"] +To ensure proper function in a disconnected deployment, you need to configure the registry CA certificates in the management cluster. + To add the registry CA to the management cluster, complete the following steps. .Procedure @@ -18,10 +21,10 @@ To add the registry CA to the management cluster, complete the following steps. apiVersion: v1 kind: ConfigMap metadata: - name: <1> - namespace: <2> -data: <3> - ..: | <4> + name: + namespace: +data: + ..: | -----BEGIN CERTIFICATE----- -----END CERTIFICATE----- ..: | @@ -32,10 +35,9 @@ data: <3> -----END CERTIFICATE----- ---- + -<1> Specify the name of the config map. -<2> Specify the namespace for the config map. -<3> In the `data` field, specify the registry names and the registry certificate content. Replace `` with the port where the registry server is running; for example, `5000`. -<4> Ensure that the data in the config map is defined by using `|` only instead of other methods, such as `| -`. If you use other methods, issues can occur when the pod reads the certificates. +* `metadata.name` specifies the name of the config map. +* `metadata.namespace` specifies the namespace for the config map. +* `data` specifies the registry names and the registry certificate content. Replace `` with the port where the registry server is running; for example, `5000`. Ensure that the data in the config map is defined by using `|` only instead of other methods, such as `| -`. If you use other methods, issues can occur when the pod reads the certificates. . Patch the cluster-wide object, `image.config.openshift.io` to include the following specification: + diff --git a/modules/hcp-dc-web-server.adoc b/modules/hcp-dc-web-server.adoc index 6c91d77cf858..25db93ea53b6 100644 --- a/modules/hcp-dc-web-server.adoc +++ b/modules/hcp-dc-web-server.adoc @@ -6,12 +6,11 @@ [id="hcp-dc-web-server_{context}"] = Configuring the web server for {hcp} in a disconnected environment +[role="_abstract"] You need to configure an additional web server to host the {op-system-first} images that are associated with the {product-title} release that you are deploying as a hosted cluster. .Procedure -To configure the web server, complete the following steps: - . Extract the `openshift-install` binary from the {product-title} release that you want to use by entering the following command: + [source,terminal] @@ -27,8 +26,8 @@ $ oc adm -a ${LOCAL_SECRET_JSON} release extract --command=openshift-install \ #!/bin/bash WEBSRV_FOLDER=/opt/srv -ROOTFS_IMG_URL="$(./openshift-install coreos print-stream-json | jq -r '.architectures.x86_64.artifacts.metal.formats.pxe.rootfs.location')" <1> -LIVE_ISO_URL="$(./openshift-install coreos print-stream-json | jq -r '.architectures.x86_64.artifacts.metal.formats.iso.disk.location')" <2> +ROOTFS_IMG_URL="$(./openshift-install coreos print-stream-json | jq -r '.architectures.x86_64.artifacts.metal.formats.pxe.rootfs.location')" +LIVE_ISO_URL="$(./openshift-install coreos print-stream-json | jq -r '.architectures.x86_64.artifacts.metal.formats.iso.disk.location')" mkdir -p ${WEBSRV_FOLDER}/images curl -Lk ${ROOTFS_IMG_URL} -o ${WEBSRV_FOLDER}/images/${ROOTFS_IMG_URL##*/} @@ -43,7 +42,7 @@ if [[ $? == 0 ]];then fi ---- + -<1> You can find the `ROOTFS_IMG_URL` value on the OpenShift CI Release page. -<2> You can find the `LIVE_ISO_URL` value on the OpenShift CI Release page. - +* You can find the `ROOTFS_IMG_URL` value on the OpenShift CI Release page. +* You can find the `LIVE_ISO_URL` value on the OpenShift CI Release page. ++ After the download is completed, a container runs to host the images on a web server. The container uses a variation of the official HTTPd image, which also enables it to work with IPv6 networks. \ No newline at end of file