1015122, 259 Pat RedHat OpensShift Setting up the environment for an OpenShift installation Installing RHEL on the provisioner node, Preparing the provisioner nade for OpenShift Container Platform ins ‘Configuring networking Rettieving the OpenShift Container Platform installer ‘ecscucasne eens Gooriner Paster nat ‘Optional: Creating an RHCOS images cache ‘Configuring the instal-configyam! file * Configuring the install-confiayam! file * Additional. instal1-config parameters = BMC addressing * BMC addssingforDel DRAC = BMC addressing for HPE iLO 1 EM adesing for Fuga lc * Root device hints ‘Optional Setting proxy settinos ional: Deploying with ne provisioning ntional Denloving with duaestacknstwarking Ontonal Configuring the RAID ing the registry node 1 hast the miroredreqitty Following the installation \Veritving static IP address configuration Preparing to reinstall a cluster on bare metal Additional resources Installing RHEL on the provisioner node With the configuration of the prerequisites complete, the next step isto install RHEL. 8x on the provisioner node. The installer uses the provisioner node as the orchestrator while installing the OpenShift Container Platform cluster For the purposes of this document, installing RHEL on the provisioner node is out of scope. However, options include but are not limited to using a RHEL Satelite server, PXE, or installation media itpssidocs. opensht.comicontainer platform. nstalingiinstaling_bare_metal_ipipt-nstall-instalaton workflow Niml ‘Soting up the enviconment for an OpenShit installation - Deploying installr-provisioned custrs on bare metal Insaling | Open 11981015122, 2.59PM —_Seting up the environment fr an OpenShit instalation - Deploying installer provisioned clusters on bare metal | nsaling | Open. Preparing the provisioner node for OpenShift Container Platform installation Perform the following steps to prepare the environment. Procedure * Login to the provisioner node via ssh = Create a non-root user (knt ) and provide that user with sudo privileges 4 useradd kat # passwd koi # echo si ALL=(root) NOPASSW :ALL" | tee -a /ete/audoers.d/eni sudoers.d/eni = Create an ssh key for the new user: # ou ~ kal -c Meshekeysen -t 2429519 —1 /hone/kni/-ssh/id rea —¥ ' Logiinas the new user on the provisioner node: fos - et 1 Use Red Hat Subscriation Manager to register the provisioner node: $ sudo subseription-nanager regiater —-usernamercuser> --pasaword- --auto-attach sudo subscription-manager repos ~-enable=rhel-#-for~carchstecture>-appstream-zpns —enable=rhel-8- 2 TEThFermavion apous RedHat Subsrpton Monger see uno and Caniouans ec Hat Sumas ‘Manager. * Install the following packages: 1 Modify the user to add the 1ovirt group to the newiy created user: ' Restart firenalid and enable the http service: $ sudo systenct # do fLeewall-ond ~-z01 -add-serv http ~-permanent 1 Start and enable the Livintd service: § aude aystemctl enable Libvirta --now 1 Create the default storage pool and start it § sudo vires pool-define-as ~-nane default —-type dir —-target /var/1ib/Iibyirt/images $ sudo vireh pool-start default itpssidocs. opensht.comicontainer platform. nstalingiinstaling_bare_metal_ipipt-nstall-instalaton workflow Niml 21381015122, 2.59PM —_Seting up the environment fr an OpenShit instalation - Deploying installer provisioned clusters on bare metal | nsaling | Open. $ sudo vires pool-autostart default * Create a pull-secret.txt file: $ vim pall-secret. tat Ina web browser, navigate to Install OpenShift on Bare Metal with installer-provisioned infrastructure. Click Copy pull secret, Paste the contents into the pull-secret.txt fle and save the contents in the kni user's home directory Configuring networking Before installation, you must configure the networking onthe provsioner node. Installeprovisioned clusters deploy with barezetal bridge and network, and an optional provisioning bridge and network, Router DHCP_=ONS. apiviP Baremetal network Ns U ut-of Band Management fetwork (optional) ee Provisioning network (optional) €__ You canatso configure networking from the web console Procedure = Export the barenetal network NIC name: § export PUS_COMNecbacenetal_nic_nsne> * Configure the barenetal network: itpssidocs. opensht.comicontainer platform. nstalingiinstaling_bare_metal_ipipt-nstall-instalaton workflow Niml 31361016/22, 259 PM ‘Soting up the enviconment or an OperShit installation - Deploying installr-provisioned custrs on bare metal Insaling | Open § aude nonup bash -2 mel mel e ‘con down \"SPUB_CONN\™ con delete \"$Pus_conn\* 8.1 appends the word \"5 con down \"System $2UB_cOMN\" con dolete \"systom $208 CONN\" wen\" in front of the connection, delete in case it exists connection add itnane barenctal type bridge con-nane barenctal con add type Bridge-siave ‘fnane \"SPUB_CONN\" master barenetal aholient dhclient barenetat ‘The ssh connection might disconnect after executing these steps. * Optional: f you are deploying with a provisioning network, export the provisioning network NIC name: $ export PROV_con = Optional: If you are deploying with a provisioning network, configure the provisioning network: $ sudo nohup bash ~ mel pacii mel. mold con down \"$PROV_coNt\" con delete \"SPROV_CONN\ connection add fname pra ening ype bridge con-nane provisioning con add type bridge-siave ifmane \*SPROY CONN\" master provisioning connection modify provisioning ipvé.addresaes £400:1101 con down con up provisioning The ssh connection might disconnect after executing these steps. 1/64 ipv€.matnod manual The IPv6 address can be any address as long asi isnot routable via the barenetal network. Ensure that UEFI is enabled and UEFI PXE settings are set to the IPV6 protocol when using IPv6 addressing, = Optional: If you are deploying with a provisioning network, configure the IPv4 address on the provisioning network connection: 4 nmoli connection modify provisioning 4 ‘= ssh back into the provisioner node (if required): # ssh knitprovision . "Verify the connection bridges have been properly created 4 sudo nmol con show barenetal 4451 3385-€951-409-nEs6-2n2266002520 provisioning 43942605-027£-4a74-a2e2-Teb3324482ed virbro 9bca40f-e001-410b-#679-a7debb066507 bricgenslaveranol 7€a62d80-2725-4999-bété~6a9014da0812 riage slave~eno? £3103353-5407-48de-893a-0242bI404796 bridge bridge bridge ethernet ethernet addresses 172.22.0.254/24 ipv4.method mansal baremetal provisioning virbeo) eno? itpssidocs. opensht.comicontainer platform. nstalingiinstaling_bare_metal_ipipt-nstall-instalaton workflow Niml 4981015122, 2.59PM —_Seting up the environment fr an OpenShit instalation - Deploying installer provisioned clusters on bare metal | nsaling | Open. Retrieving the OpenShift Container Platform installer Use the stable-<.x version ofthe installation program and your selected architecture to deploy the generally available stable version of OpenShift Container Platform § oxport VERSIONGstabie=é.11 § export RELEASE IMAGES (curl -s https://mirror.openshift .com/pub/openshift~ \V4/9RELEASE_ARCH/c2ients/ocp/SVERSION/release.txt | grep ‘Pull From: quay.io! | awk - * * Extracting the OpenShift Container Platform installer After retrieving the installer, the next step isto extract it Procedure * Set the environment variables: 3 export endropenshi ft-bazenetal-inetal? $ export pullsecret_tile-/pull-s: _dic=$ (pd) = Get the oc binary: openshi fe con/pub/openshift-v4/elients/ocp/$VERSTON/openshi feel Lent Linox.tar.gz | tar exvf ~ 0° 1 Extract the installer: $ sudo op 02 /use/local/bin $ oc adn release oxtract --registry-config "S{pulleceret_file}" —-command=fond Lo "9 (extract_dizi" 3 sudo ep openshi ft-bazematal-install /usr/iccai/bin Optional: Creating an RHCOS images cache To employ image caching, you must download the Red Hat Enterprise Linux CoreOS (RHCOS) image used by the bootstrap VM to nal, but its especially useful when running the installation program on a network provision the cluster nodes. Image caching is 0 with limited bandwidth. @_Tiinsataten sworn nolongerneecs the clusterosimge RHCOSimage bec the conectimage inthe release payload, you are running the installation program on a network with limited bandwidth and the RHCOS images download takes more than 15 to 20 minutes, the installation program will timeout. Caching images on a web server will help in such scenarios, If you enable TLS for the HTTPD server, you must confirm the root certificate is signed by an authority trusted by the client and verify the trusted certificate chain between your OpenShift Container Platform hub and spoke Ba | ister andthe HFTPO sever Using a server configured with an untrusted certificate prevents the images from being downloaded to the image creation service. Using untrusted HTTPS servers is not supported itpssidocs. opensht.comicontainer platform. nstalingiinstaling_bare_metal_ipipt-nstall-instalaton workflow Niml 51361015122, 259PM Setting up the environment fr an OpenShit instalation - Deploying installer provisioned clusters on bare metal | nsaling | Open. Install a container that contains the images. Procedure * Install podean § eudo anf install ~y podnan * Open firewall port se8e to be used for RHCOS image caching: 4} sudo £izewall-ond ~-add-por 080/top ~-zone=public ~-permanent 3 sudo Sirewall-end --reload = Create a directory to store the sootstraposinage: 4 mkaiz /nome/int/eneos image cache ' Set the appropriate SELinux context for the newiy created directory: § sudo somanage feontext __content_t "/hone/kni/heos_image_cache(/.*)2" 4 sudo cestoreon -Rv /noma/kni/shcos inage_cache/ Get the URI for the RHCOS image that the installation program will deploy on the bootstrap VM: $ export RHCOS_QEM_UR' warg ARCH "S{arch)" '. (/usr/local/bin/oponshift-baronetal-install coreos print-strean-json | 3q -F ~ chitectures|SARCH) -arzifacta.qemu.formata|"qcow2.g2") .disk.location') ' Get the name of the image that the installation program will deploy on the bootstrap VM. 3 export RHCOS ORM NAMEGS(RICOS_QkMU_URZH*/} Get the SHA hash for the RHCOS image that will be deployed on the bootstrap VM: 4 export RHCOS_OEMG_UNCOMPRESSED_SHAZS6~5 (/usr/local/bin/openshitt-barenetal-install corees print- strean=json | jq -r ~-arg ARCH "$(arch)" "architectures $ARCH] .artifacts.qeru. torn: [*qcow2.g2") .disk("uncompressed-sha256")") Downioad the image and place tin the /hore/knt/rheos_image_cache directory $ curl -L ${RHC05 gm URI} -o /hone/knt/zheoe_inage_cache/${RECOS_OEMU NAME) Confirm SELinux type is of htpd_sys_content_t for the new file: $ le 2 /nome/kni/eneos_inage cache Create the pod: $ podman run ~a ~-nane Ay frome/kni /zhoos_image_cachot =p 8080:8080/t=p \ fea /onne/hen Creates a caching webserver with the name rhcos_inage_cache. This pod serves the bootstraposimage image in the Anstall-config.yael file for deployment. Generate the bootstraposreage configuration: 4 export SAREMBIAL IP=5(ip addr show dev barenetal | awk ‘/inet /{print $2)" | cut -a"/" -f1) 3 export SOOTSTRAP_OS_INAGE="http://S{BAREMETAL_17)=8080/9{RICOS_OEMU_NAME) ? ‘3ha256=5 /24C05_QEMG_UNCOMPRESSED_SHAZS6}* itpssidocs. opensht.comicontainer platform. nstalingiinstaling_bare_metal_ipipt-nstall-instalaton workflow Niml 8136,1015122, 2.59PM —_Seting up the environment fr an OpenShit instalation - Deploying installer provisioned clusters on bare metal | nsaling | Open. $ echo " bootstapostnagess (HOOTSZRAP_OS_IMAGE}* ' Add the required configuration to the install-config.yan! file under platform. barenetal plattora bacenetall a bootstrapostinage: with the value of $BOOTSTRAP_oS_IHAGE See the "Configuring the install-config yam file" section for additional details. Configuring the install-configyam| file Configuring the install-configyam| file The instal1-contig.yaml fle requires some additonal details, Most of the information teaches the installation program and the resulting cluster enough about the available hardware that tis able to fully manage it. | Teflon soso longer este uterstnye RHCOS ge eset cresting ithe release payload 1 Configure install-config.yanl . Change the appropriate variables to match the environment, including puliseccet and ‘sshkey apiversion: vi basenomain: netasata ame: = cide: networktype: ovNKube = name: worker replicas: 2 (1) conteolPlane! replicas: 3 platform barenetal: () platform ‘apiviP: provisioningNetworkcIDR: bootstra addvess> (2) ap_static gateway> (3) bootstrapsxternalstaticcateway: (4) password: bootMACAddress: itpssidocs. opensht.comicontainer platform. nstalingiinstaling_bare_metal_ipipt-nstall-instalaton workflow Niml 71381015122, 2.59PM Setting up the environment fr an OpenShit instalation - Deploying installer provisioned clusters on bare metal | nsaling | Open. no addeess: ipmi:// (4) bootMACaddress: address> role: master address: ipnis// (4) ee ae = = nano: password: ? Sshtey: '! ‘Scale the worker machines based on the number of worker nodes that are part of the OpenShift Container Platform ‘cluster. Vaid options for the replicas value are @ and integers greater than or equal to 2. Set the number of replicas to 1. @ toceploy a three-node cluster, which contains only three control plane machines. three-node clusters a smaller, more resource-efficient cluster that can be used for testing, development, and production. You cannot install the cluster with only one worker. When deploying cluster with static IP addresses, you must set the bootstrapxtesnalstaticr? configuration setting to specify the static IP address of the bootstrap VM when there is no DHCP server on the barenetal network When deploying a cluster with static IP addresses, you must set the bootstrapExtemalstaticcateway configuration setting to specify the gateway IP address for the bootstrap VM when there is no DHCP server on the barenetal network. 4 See the BMC addressing sections for more options. = Create a directory to store the cluster configuration: * Copy the instail-config.yanl file to the new directory: * Ensure all bare metal nodes are powered off prior to installing the OpenShift Container Platform cluster: = Remove old bootstrap resources it any are left over from a previous deployment attempt itpssidocs. opensht.comicontainer platform. nstalingiinstaling_bare_metal_ipipt-nstall-instalaton workflow Niml 81361015122, 259PM Setting up the environment fr an OpenShit instalation - Deploying installer provisioned clusters on bare metal | nsaling | Open. for in S{eudo viesh List | atl -n 20 sudo vizen destroy $4; sudo vires undofine §4 sudo vizsh vol-delete $1 sudo virsh vol-delete $i.ign --poo? Si7 sudo virsh pool-destroy $17 ado vires pool-undefine $47 one Additional install-contig parameters grep bootetvap | awk {print $2417 See the following tables for the required parameters, the hosts parameter, and the onc parameter for the install-config.yanl file, Table t Required parameters rameters Default retadata: networking: nachineNetwork: = char: conpute: = mane: worker Deseription| “The comainname forthe ester For example, ‘The boot mode for anode. Opens are legacy ert and uertsecarotont Wf Sootede fnat onl seit while inspecting the node “The static IP adress forthe bootstrap VM. You rust et value whe depoying a eustrwith tate Padresees hon hare sno DHCP server on the borenetst network “The static IP adress ofthe gatensy forthe bootstrap VM, You must sat this ioe when ‘deploying custer wth state? adcresses wen thereis ne DHCP server on the barenctal. network The satay configuration setting contains the key inthe -/-sah/td_n.pub fe equved to access the control lane nodes and worker nodes, Typical thiskeyis rom the provistoner node ‘The pulsecret configuration setting contains 2 copy ofthe pull secret downloace fom the esta ‘QpenSnlt on Gare Wetal page when prepating the provisoner node ‘Tha name tobe given tothe Opansift Container Patlorm cuter For example, opeshirt “The public CIDR (sles Iter-Dorsin Routing) ofthe extemal network For example, 19.0,0,0/2¢ The OpenShft Container Platform ster requites a name be provided for worker (or compute) nodes ‘even fthare ae ze nodes. itpssidocs. opensht.comicontainer platform. nstalingiinstaling_bare_metal_ipipt-nstall-instalaton workflow Niml 9136,1015122, 259PM Setting up the environment fr an OpenShit instalation - Deploying installer provisioned clusters on bare metal | nsaling | Open. Parameters Default compute: replicas: 2 controlPlane: ane: master controlPlane: replicas: 3 provistonnghetorkintersoce Description Replics sets the numberof worker (or comput) rnodesin the Openshift Container Platorm cluster. ‘he OpenShft Container Platform cluster requites a name for ental plane (master) nodes Replicas set the numberof control plane (maste?) nodes inhi as put af the OpenSIit Container Pattorm cuter “Thename of the networkinterface on nodes Openshilt Container Paar 49 ard lter reiaces ure the bostmtcAdeness configuration setting to enable oie oientty the Padossof the NIC stead of sing the provistnineteruorinnertace configuration Setting to idently the name ofthe NIC. The default configuration sed fer machine poo's vino platform configuration, (©ptiona) The vel IP address or Kubernetes APL Thissttng must ether be provided inthe snseal2- config. yond fleas 2 eserves Pom the MacheNetworkorae-configuedin the DNS so thot the default name resales corti Use the ‘iu IP eddess ane not the FODN when ding ‘ale othe apvtP configuration setting inthe Snstalt-contg. yan) fl, Te P adress most fromthe primary IPv4 network when using da stack netortng Het set the installer uses ot ‘cluster_naves. cone dentin to dative the ces fom the DNS, redflsh and redfishevireuanedis needs psraneter to manage BMC aderesses. The valve shouldbe true when using asel-signe cartieate for BMC adresses (Optional) The vitual Padres or ingress afi. ‘This sting mustethrbeprovdedin the snsali- conti. yan fil 283 reserve Pom the MachineNetworkorae-confguredin the DNS so that the defautt nate resolves cvrcty. Use the ‘tua Padre ane not the FODN when aeing valu othe tngressvP configuration setting inthe ‘netal-contig.yat ie, The P address must be from the primary Pe newer when sing dl tack networting. not seth installer uses derive the Pads from the DNS. itpssidocs. opensht.comicontainer platform. nstalingiinstaling_bare_metal_ipipt-nstall-instalaton workflow Niml 101881015122, 2.59PM —_Seting up the environment fr an OpenShit instalation - Deploying installer provisioned clusters on bare metal | nsaling | Open. Table 2 Optional Parameters externas eotsteaasinase etpProwy seoroxy Hosts Default ‘The third Padres ofthe ‘The secondIP address of the provistontoghationkeoR Description Devin the IP range fornodes on he provisioning network ‘The CIDR for he network to ue for provisioning. Ths options equred whe no using the Gefault edress ange onthe provisioning network. ‘The IP aderess within the cluster where the provisioning soviesrun, Defaults tothe thd > addess ofthe provisioning subnet Fer example, 172.22. ‘The IP aderess onthe bootstrap VM where the provsoning services un whl the stale is {eploying the contol plane (master) nodes: Defaults tothe second P adress of ho provisioning subnet For example, 172.22.0.2 or 2628:52:0:1387::2 ‘Thenamectihe baresetel bridge of the hypervisor attached tthe barenetat nator ‘Thename ofthe provisioning brege onthe provistoner host attached the provisioning network Dern the host architecture fo your cst Val values ane ance of arn ‘The default conguation usd fr machine pals w thou platform configuration. [AURL te override the defaut operating system image forthe bootstrap nade. The URL must contain a SHA-286 hash ofthe image For example: Rezp/Jateror cnet cones ‘The arovisionineyetork configuration setting determines whether the cluster ves the provisioning network Fit oes, the configuration setting aso determines ithe ester ‘manages the network biasbieeSet this parmeserto Disaiag to desble the requirement or provis toning network. When set to bisabted, youmust onlyusewitual meciabased provisioning ong up the cuter sing theses instal If Gisabled and using power management, BMCs must be acessble fom the barenetal network: oisane, you must provide swoIP adresses on the bareetal network that ae used for the provioning services. ansged Set the parameter to Manage, whichis he default ly manage the provisioning network inccng DHCP, TFTP, and soon ‘rmonaged Set this parameter to Unnanaged te enable the prvsonng netorkbut take care cf manus configuration of DHCP Vitu mada provisioning i recommended but PXE stil arable required ‘Set this parameter tothe appropriate HTTP pron used wthin your envronmet ‘Set tis parameter to the appropriate HTTPS sony used within your enironment. ‘Set tis parameter tothe appropiate sof exclusions for aeay usage within your envionment. The hosts parameter is alist of separate bare metal assets used to build the cluster. Table 3. Mosts itpssidocs. opensht.comicontainer platform. nstalingiinstaling_bare_metal_ipipt-nstall-instalaton workflow Niml 110881015122, 2.59PM —_Seting up the environment fr an OpenShit instalation - Deploying installer provisioned clusters on bare metal | nsaling | Open. Name Default Description ome Thename ofthe Garetetabiost resouce to associate with the deta For we Connection deta forthe baseboard management conte. See the BMC sotnacadiress ‘The MAC adds ofthe NC thatthe he ses forthe provisioning network: Tronic revives the IP ress using the bootatcress configuration setting etree ate tac ade tam ees ou (Optional Coniguing hst network terface" fr adonsl deal BMC addressing Most vendoss support Baseboard Management Controller (BMC) addressing with the Intelligent Platform Management Interface (IPM), IPMI does not encrypt communications, Itis suitable for use within a data center over a secured or dedicated management network. Check with your vendor to see if they support Redfish network boat. Redfish delivers simple and secure managemen converge, hybrid IT and the Software Defined Data Center (SDC). Redfish is human readable and machine capable, and leverages common internet and web services standards to expose information directly to the modern tool chain. If your hardware does not support Redfish network boot, use IPM IPMI Hosts using IPMI use the pai: //: address format, which defaults to port 623 inet specified. The following example demonstrates an IPM configuration within the install-contig.yanl fle + openshift-naster-0 address: pnis// ‘The provisoning networks equied when PXE booting sing IPM for BMC adessing It int possible to PAE boothosts without provisioning network yeu deply without provistning network you must wea vita @ __recia BMC aerssng opin suchas rettsnovirtuslneia of Leracovirtuaeedis. Seeds ital med for PE "inthe "@MC addhesing fr HE LO” section or ‘Redfish etl med fr Del ]DRAC"in the “BMC accessing fr DlIORAC” section er ditional deta Redfish network boot itpssidocs. opensht.comicontainer platform. nstalingiinstaling_bare_metal_ipipt-nstall-instalaton workflow Niml 121881015122, 2.59PM —_Seting up the environment fr an OpenShit instalation - Deploying installer provisioned clusters on bare metal | nsaling | Open. To enable Redfish, use redfish:// or redfishshttp:// to disable TLS. The installer requires both the hostname or the IP address and the path to the system ID. The following example demonstrates a Redfish configuration within the install.-config.yanl file. platform nose: role: master ne address: redfish:///redfish/vl/systens/1 password: While itis recommended to have a certificate of authority for the out-of-band management addresses, you must include disablecertificateverification: True in the tne configuration if using self-signed certificates. The following example demonstrates a Redfish configuration using the disablecertificateVersfication: True configuration parameter within the install-contig.yanl file = nano: openshift-naster-0 pect address: redf{sh:///redfish/v1/systens/1 Password: disablecertficateVeritication: True Redfish APIs Severalredish APL endpoints are caled onto your BCM when using the bae-retalhstaler-provionedinrastuctre © ‘ousrsed to ensure tat your BMC supoortsal ofthe rash APlsbefore instalation List of redfish APIS = Poweron curl ~u $US88:5PASS -x POST -H*Content~2ype: application/ json’ -H'Accept: application/json" ""Action": "Reset", "ResetType": "on"! https: / /SS28V2R/ redti.sh/vl /Systens/Ssystenib/Actione/Conputersystem Reset = Poner off carl ~u SUSER:SPASS -X POST -H*Content~type: application/json' -H'Accept: application/json' -d H*Aetion™ https: / /SSE8VaR/ redti.sh/vl /Systens/Ssystenib/Actions/Conputersystem Reset jesel", "ResetType": "PoreeOft™)" = Temporary boot using pxe carl —3 SSaR:BPASS -x PATCH —H https: //$server/redfish/v1/systens/SsystemiD/ ~d *{*Boot": {*Boctsourceoverridetarget": "pxs", "BootSourceoverrideinabled": "once"}) ype: appiication/jeon™ 1 Set BIOS boot mode using Legacy or UEFT carl 3 S0S2R:9PASS -X PATCH - "ContentType: application/ zon" https://Sserver/redtish/vl/systens/SsystemID/ ~4 *{*Boot": {*BootsourceoverrideMode":*UEFI"}) itpssidocs. opensht.comicontainer platform. nstalingiinstaling_bare_metal_ipipt-nstall-instalaton workflow Niml 139881015122, 259PM Setting up the environment fr an OpenShit instalation - Deploying installer provisioned clusters on bare metal | nsaling | Open. List of redfish-virtualmedia APIs ' Set temporary boot device using cd or eve cur] -3 susea:sPa ype: application/j2on" httpsi//$Servar/redfish/v1/systons/SSystenID/ ~4 *{*Boot™: [*BootSourceoverridetarget” "Bootsourceoverridetnabled” = Mount virtual media cor) -3 $0 saa ype: application/Jaon" -it "1f-Matoh: + bttpa://$Server/reatish/vi /Manegers/sManagerID/VirtualNedia/$VaediaTé ~¢ "1 “netps://exanple.con/test.iso", "TransferPrococolType": "HTTPS", "UserName! € tHe rovern and povroft commends for redsh APs are the sme forthe efish-vitvsmedia AP | @ is ond st ate he ony supported parameter types for TrasterProtocotTypes BMC addressing for Dell iDRAC. The address field for each be entry is a URL for connecting to the OpenShift Container Platform cluster nodes, including the type (of controler in the URL scheme and its location on the network. platform: host: role: address:

(1) password: 1 The address configuration setting specifies the protocol For Deli hardware, Red Hat supports integrated Dell Remote Access Controller (IORAC) virtual media, Redfish network boot, and IPM. BMC address formats for Dell iDRAC IDRAC tual media serseovetanineda:// out-of-band tp /nettah/vasystena/ syste. nbedsed.1 Redeh network boot refs // out-of-band sp /netioh/va/systene/systen.abedded1 | 8 Serve vtreaneeia ste prone for Ran vieualeaca, reich vtrtatants nt work. on Dek hardware, Dell's idrac-virtualmedia uses the Redfish standard with Dells OEM extensions See th lowing sections for adcitional detail Redfish virtual media for Dell iDRAC itpssidocs. opensht.comicontainer platform. nstalingiinstaling_bare_metal_ipipt-nstall-instalaton workflow Niml 141881015122, 259PM Setting up the environment fr an OpenShit instalation - Deploying installer provisioned clusters on bare metal | nsaling | Open. For Redfish virtual media on Dell servers, use idrac-virtualnedia:// in the adéress setting. Using redfish-virtualnedia:// will not work. The following example demonstrates using IDRAC virtual media within the install-config.yanl fle. platform: = nana: openshift-nagter-0 address: ‘draccvirtusinedia:///redsish/vi /Systens/Systen. Bnpedded.> password: While itis eecommended to have a certificate of authority for the out-of-band management addresses, you must include disablecertificateversfication: True inthe bne configuration if using self-signed certificates, The following example demonstrates a Redfish configuration using the disablecertificateversFication: True configuration parameter within the install-contig.yanl file platform: address: ‘drac-virtualnediat ///redtish/vi/s systons/Systen -Bniedded. disablecerts fic Currently, Redfish is only supported on Dell with IDRAC firmware versions 4.28.28.2@ through @4.40.00.00 for installer-provisioned installations on bare metal deployments. There is @ known issue with version @4.48.08.08. With IDRAC 9 firmware version @4.48, 00.08, the Virtual Console plug-in defaults to eHTMLS,, which causes problems with the InsertVirtualMedia workflow. Set the plug-in to HTMLS to avoid this issue. The menu pathis: Configuration —» Virtual console + Plug-in Type > HTMLS @ _ [tHE Opens Conner Paton ster aces hve Attach Enabled ough thelORAC conle. The menu path is: Configuration —+ Virtual Media —» Attach Mode —» autoattacn Use idrac-vintualmedia:// as the protocol for Redfish virtual media, Using redfish-virtualmedta:// willnot work tathe idrac hardware type and the Redfish protocol in Ironic, Del's idrac-virtualmedia:// protocol uses the Redfish standard with Dell's OEM (on Dell hardware, because the idrac-virtualredia:// protocol correspond: ‘extensions. Ironic also supports the £drac type with the WSMAN protocol. Therefore, you must specify idrac- Virtualmedia:// to avoid unexpected behavior when electing to use Redfish with virtual media on Dell hardware. Redfish network boot for iDRAC To enable Redfish, use redfish:// or redfishshttp:// to disable transport layer security (TLS). The installer requires both the hostname or the IP address and the path to the system ID, The following example demonstrates a Redfish configuration within the install-contig.yaml file, itpssidocs. opensht.comicontainer platform. nstalingiinstaling_bare_metal_ipipt-nstall-instalaton workflow Niml 191881015122, 259PM Setting up the environment fr an OpenShit instalation - Deploying installer provisioned clusters on bare metal | nsaling | Open. hosts: adizeas: edt: hs ///red£iah/v1/systens/Syatem. Embedded. password: While itis recommended to have a certificate ofa ‘rity for the out-of-band management addresses, you must include disablecertificateverification: True inthe bne configuration if using self-signed certificates, The following example demonstrates a Redfish configuration using the disablecertificateverification: True configuration parameter within the install-config. yaml file platform host: = name: openshitt-naaver-0 bei address: redfish:///redfish/v1/systene/System.inbedded.1 password: disableCertificareveritication: True Currently, Redfish is only supported on Dell hardware with IDRAC firmware versions 4.28.20.28 through 4,40.68.09 for installer-provisioned installations on bare metal deployments, There is 2 known issue with version 4.40.69.09. With IDRAC 9 firmware version a4.4@.00.20, the Virtual Console plug-in defaults to eHT#ts,, which ‘causes problems with the InsertVirtualMedia workflow. Set the plug-in to HTMLS to avoid this issue. The menu path Ensure the OpenShift Container Platform cluster nodes have AutoAttach Enabled through the iIORAC console. The menu path is: Configuration ~> Virtual Media -> Attach Mode -> AutoAttach The redfish:// URL protocol corresponds to the redfish hardware type in Ionic. BMC addressing for HPE iLO The acdress field for each bme entry is @ URL for connecting to the OpenShift Container Platform cluster nodes, including the type ‘of controller in the URL scheme and its location on the network, baronata = name: be address: (1) password: 1 The address configuration setting specifies the protocol For HPE integrated Lights Out (iLO), Red H: upports Redfish virtual media, Rectish network boot, and IPML Table 4. BMC address formats for HPEILO itpssidocs. opensht.comicontainer platform. nstalingiinstaling_bare_metal_ipipt-nstall-instalaton workflow Niml 161381015122, 259PM Setting up the environment fr an OpenShit instalation - Deploying installer provisioned clusters on bare metal | nsaling | Open. Protocol ‘Adrors Format Reds vital media rea¢aenvtetunlnnias// out-of-band sp /oeatsah vl sytene/3 Rede network boot refs (out-of-band sp /netsah aston PM pnts feout-of-baents> See the following sections for additional details Redfish virtual media for HPE iLO To enable Redfish virtual media for HPE servers, use redfish-virtualmedia:// in the adaress setting, The following example demonstrates using Redfish virtual media within the install-contig. yan) file hot opensh be addresa: redfieh-virtualnedia:///redtisn/v1/systems/1 While itis recommended to have a certificate of authority for the out-of-band management addresses, you must include disablecertiticateverification: True inthe bac configuration if using self-signed certificates, The following example demonstrates a Redfish configuration using the disablecertificateverification: True configuration parameter within the install-config.yaml file hosts: role: master pas ‘daze! Jt

/red#isn/vl/systems/1 a @ _Bitshytustmesiaisnot suppetedon th generation systems ening LOM, because rei dese support |LO4 with virtual media, Redfish network boot for HPE iLO To enable Redfish, use redfish:// or redfishsntep:// to disable TLS. The installer requires both the hostname or the IP address and the path to the system ID. The following example demonstrates a Reciish configuration within the instal-config.yaal file. itpssidocs. opensht.comicontainer platform. nstalingiinstaling_bare_metal_ipipt-nstall-instalaton workflow Niml 171381015122, 2.59PM —_Seting up the environment fr an OpenShit instalation - Deploying installer provisioned clusters on bare metal | nsaling | Open. hosts: adizeas: edt: hs ///redfish/vl/systens/1 password: \Wihile itis recommended to have a certificate of authority for the out-of-band management addresses, you must include disablecertiticateverification: True in the bac configuration if using self-signed certificates. The following example demonstrates a Redfish configuration using the disablecertificateverification: True configuration parameter within the install-config.yaml file, openahitt-naszer-0 address: redfish:///redfish/vi/systens/1 password: disableCert:ficareVerstication: True BMC addressing for Fujitsu iRMC The acdress field for each bme entry isa URL for connecting to the OpenShift Container Platform cluster nodes, including the type (of controller in the URL scheme and its location on the network, ost: prot addcess: (1) password: 1 The address configuration setting specifies the protocol, For Fujitsu hardware, Red Hat supports integrated Remote Management Controller ()RMC) and IPM. Table & BMC address formats for Fujitsu iRMC Protocol Address Format iwc sess eout-of-bnd-tp> Pw spn//eout-of-ond-tp> inmc Fujitsu nodes can use irne:// and defaults to port 43. The following example demonstrates an iRMC configuration within the install-config.yanl file itpssidocs. opensht.comicontainer platform. nstalingiinstaling_bare_metal_ipipt-nstall-instalaton workflow Niml 181881016/22, 259 PM host: adireas: tyne:// ‘Soting up the enviconment or an OpenShit installation - Deploying installr-provisioned clusters on bare metal Insaling | Open password: | Gere sppotsiRMC SS reve 205P and above risa osoned ration on ae metal Root device hints The rootbeviceHiints parameter enables the installer to provision the Red Hat Enterprise Linux CoreOS (RHCOS) image to a particular device, The installer examines the devices in the order it discovers them, and compares the discovered values with the hint values, The installer uses the first discovered device that matches the hint value, The configuration can combine multiple hints, but 3 device must match all hints for the installer to select it. Table 6, Subfietde Subfield iosizestganytes Example usage Description /Astng containing Linux device name Ke /dew/wda.Thehint must match he sctual value act, |Asting containing SCSI bus address like 8:8:8:8. The hint must match the sctul vali exact, | sng contining a vendor-specic device identifier The hint canbe a substing of the actual value sting contsining the name ofthe vendo o manufacturer othe deve, The hire can bea sub-sting of te actual value A sving containing the device stil number Thehint must match the actual ‘An ineger representing the minimum sizeof the devicein gigabytes | srng eontining the unique storage identifier The hint mest match he actual value exact |Aseing contsining the unique strageientiir with the vendor extension appended. The hint must match he actal vale exact sting containing the unique vendor storage dente Th hint must nate ‘he actual vate exact | boolean indicating whether the device shouldbe a rotating dk (ru) or not (ase itpssidocs. opensht.comicontainer platform. nstalingiinstaling_bare_metal_ipipt-nstall-instalaton workflow Niml 91881015122, 259PM Setting up the environment fr an OpenShit instalation - Deploying installer provisioned clusters on bare metal | nsaling | Open. role: e address: spni://10.20.0.3:6203 password: redhat noot¥ACaddreas: de:ad:be:ef:00:40 devicenane: "/dev/ada" Optional: Setting proxy settings To deploy an OpenShift Container Platform cluster using a proxy, make the following changes to the instal1-config.yanl file, baseDonain: oy hetperoxy: http: //USERNAME: PASSRORDEProny. example .com: PORT ttpsProxy: etps://USERNAME: PASSHORD¢proxy example. com: PORT noProxy: , , The following isan example of noProxy with values. pobrony: -oxanple.c: sy 272.22.0.0/24,10.10.0.0/28 wi a proxy enabled, set the appropriate values ofthe proxy inthe corresponding key/value pai. Key considerations += IF the proxy does not have an HTTPS prony, change the value of nepsProxy from netps:// to hetp:// + Ifusing a provisioning network, include itn the noProny setting, otherwise the installer wl fal + Seta ofthe prony settings as environment variables within the provisioner node. For example, HTTP_PROXY,,HTTPS_PROKY, and o_PROXY @ | Benerevsenine wor yeu carmen 2 COR aden back inthe metrany stings. You ms in ech address separately Optional: Deploying with no provisioning network To deploy an Openshift Container Platform cluster without a provisioning network, make the fllowing changes to the install- config.yani fie barenetalt provisioningNetwork: "Disabled" (4) 1 Add the provistoningNetwork configuration setting, if needed, and set it to Disabled The provisioning networks required fr PXE booting fy depay without prvisoning network yourust usta vtualmeda BMC adiessing option suchas retishvirtaniedia or trac-vireasinedia See Redish © rustmedi for HPE LO" inthe BMC ates or HPELO secon of "Reh vital meda fer DeliORAC the BMC aderesing for DeliDRAC” section or adtonal etal itpssidocs. opensht.comicontainer platform. nstalingiinstaling_bare_metal_ipipt-nstall-instalaton workflow Niml 200381015122, 2.59PM —_Seting up the environment fr an OpenShit instalation - Deploying installer provisioned clusters on bare metal | nsaling | Open. Optional: Deploying with dual-stack networking PNetwork., and To deploy an OpenShift Container Platform cluster with dual-stack networking, edit the machineNetwork, clu servicevletwork configuration settings in the instal-config.yanl file, Each setting must have two CIDR er first CIDR entry is the IPv4 setting and the second CIDR entry is the IPv6 setting ies each, Ensure the (1 excetarnet = cide: (1 ox! sdenaté = cide: 10.128.0.0/24 hostPrefix: 23 = cide: £002 = #90322/112 The APIVIP IP address and the Ingress VIP address must be of the primary IP address family when using dual-stack @ | rite cure neat des nt sppertcnttck Ps or nh stacking Pe the nny IP address family, However, Red Hat does support dual-stack networking with IPv4 as the primary IP address family, Therefore, the IPv4 entries must go before the IPv6 entries, Optional: Configuring host network interfaces Before installation, you can set the netwarkconfig configuration setting in the instal1-config.yanl ile to configure host network interfaces using NMState. The most commen use case for this functionality isto specify a static IP address on the barenetal network, but you can also configure other networks such as a storage network. This functionality supports other NMState features such as VLAN, VXLAN, bridges, bonds, routes, MTU, and DNS resolver settings. Prequisites = Configure a PTR DNS record with a valid hostname for each node with a static IP address, ' Install the NMState CLI (nnstate) Procedure = Optional: Consider testing the NMState syntax with nnstatectl ge before including tin the install-confég.yanl ile, because the installer will nt check the NMState YAML syntax. Errorsin the YAML syntax might esuitina ature to apply the network configuration. Adetonaly, maintaining @ _srevaicated vAML syntaxis useful when applying changes using Kubernetes NMState after deployment o when expanding the cluster. * Create an NMState YAML fie itpssidocs. opensht.comicontainer platform. nstalingiinstaling_bare_metal_ipipt-nstall-instalaton workflow Niml 211881016/22, 259 PM ' Test the configuration file by running the following command: 1 Use the networkConfig configuration setting by adding the NMState configuration to hosts within the install-config. yan} file itpssidocs. opensht.comicontainer platform. nstalingiinstaling_bare_metal_ipipt-nstall-instalaton workflow Niml = name: (2) type: ethernet spur = sp: (1) enabled: true contig: = (1) config: = deatination: 0.0.0.0/0 next-hop-adéress: (1) next-hop-interface: (1) 1 Replace , , , and with appropriate values. 5 nmatatect! go Replace with the configuration file name. ‘Soting up the enviconment or an OperShit installation - Deploying installr-provisioned custrs on bare metal Insaling | Open 221881015122, 2.59PM —_Seting up the environment fr an OpenShit instalation - Deploying installer provisioned clusters on bare metal | nsaling | Open. = nano: openshift-naster-0 role: master addeess: redfishthutp:///redfish/vi/syatene password: = name: (2) type: ethe: ipvt adres: = ip: (2) next-hop-interface: (2) 1 Add the NMState YAML syntax to configure the host interfaces, Replace , , cnext_hop_ip_address> and with ‘appropriate values. Alter deploying the cluster you cannot madty te networkcontig configuration setting of intal2- © conrig.yamt fe to make changes to the host network interface. Use the Kubermetes NMState Operator to make changes to the host network interface after deployment Configuring multiple cluster nodes You can simultaneously configure OpenShift Container Platform cluster nodes with identical settings. Configuring multiple cluster nodes avoids adding redundant information for each node to the install contig. yan. file. This file contains specific parameters to apply an identical configuration to multiple nodes in the cluster. Compute nodes are configured separately from the controller node, However, configurations for both node types use the highlighted parameters in the install-config.yanl file to enable multi-node configuration. Set the networkconfig parameters to 80\0 a5 shown in the following example: itpssidocs. opensht.comicontainer platform. nstalingiinstaling_bare_metal_ipipt-nstall-instalaton workflow Niml 231381015122, 2.59PM —_Seting up the environment fr an OpenShit instalation - Deploying installer provisioned clusters on bare metal | nsaling | Open. ipvar hep: true enabled: true rode: active-backup port = onp2s0 = enp390 bel notworkConfigs “BOND = name: ostest-master-2 lionel | @__ (1) ootacaddces: rootDevicellints: doviceName: "/dov/sda" hoatMade: UEFISecureBoot (2) Ensure the bec.address setting uses redfish, redfish-virtualmedia, or idrac-virtualnedia as the protocol. See "BMC addressing for HPE iLO" or “BMC addressing for Dell IDRAC" for adcitional details. 2 The bootHode setting is UEFE by default, Change it to UEFZSecureBoot to enable managed Secure Boot See ‘Configuring nodes" inthe Prerequisites” to ensure the nodes can support managed Secure Boot. the nodes © | 600% suopart managed Secure Boo, se “Configuring nodes for Secure Boot manly” in the “Contiguing nodes section. Configuring Secure Bot manual requires Redfh vital med, foes not support Secure Boot with IPMI, because PMI does not provide Secure Boot management e = facilities. itpssidocs. opensht.comicontainer platform. nstalingiinstaling_bare_metal_ipipt-nstall-instalaton workflow Niml 240381015122, 2.59PM —_Seting up the environment fr an OpenShit instalation - Deploying installer provisioned clusters on bare metal | nsaling | Open. Manifest configuration files Creating the OpenShift Container Platform manifests 1 Create the OpenShift Container Platform manifests. 5 -/opensni ft-baronetal-install ~-dir ~/elustercontige create manifests Info Consuming Install config from target directory ArT alin te pane for iets Taba) byl cPEitg | Mentors Gcteselariel so) eenel zor] Semeceteet el settings Gependancies are dirty and it needs to be regenerated Optional: Configuring NTP for disconnected clusters COpenshift Container Platform installs the ehrony Network Time Protocol (NTP) service on the cluster nodes, ‘Openshift Container Platform nodes must agree on a date and time to run properly, When worker nodes retrieve the date and time from the NTP servers on the control plane nodes, it enables the installation and operation of clusters that are not connected to a routable network and thereby de not have access to a higher stratum NTP server. Procedure 1 Create a Butane config, 99-raster-chrony-conf-overrige. bu including the contents of the chrony.conf file for the contro! plane nodes. € | see"cieatng machine configs with Butane" for information about Butane Butane config example itpssidocs. opensht.comicontainer platform. nstalingiinstaling_bare_metal_ipipt-nstall-instalaton workflow Niml 251381015122, 2.59PM Setting up the environment fr an OpenShit instalation - Deploying installer provisioned clusters on bare metal | nsaling | Open. variant: opensnite version: 4.11.0 ame: 99-mastor-o machineconfiguration.openshift. 40/7: storage: = path: /eto/chrony.cant ny-conf-overside inline: # Use public seevers from the pool.atp.org project. # Please consider joining the pool (https://mwr.pool ntp.org/join.html} # the Machine Config Operator manages this £16 server openshift-maater-0.. sburat (2) vor openshift-naster-I.ceinster-nane>- sburst server openshift-naster-2.. sburst steatumieiont 0 geisctile /vaz/ite/ehvony/aett: rtosyne akestep 19 3 bindondaddzess 127.0.0.1 keyfile /ete/chrony. keys ccommanakey 1 generatecomnandkey nocltentlog logchange 0.5 logair /vaz/log/ehrony # Configure the control plane nodes to serve as local NIP servers # for all worker nodes, even Lf they are not in ayne with an 4# upstream NTP server. 4 Allow NIP client access from che local network: allow all # Serve tine even if not synchronized to a tine source, oval stratum 3 axphan 1 You must replace with the name of the cluster and replace with the fully qualified domain name 1 Use Butane to generate a Machineconfig object file, 99-raster-chrony-conf-override. yan] , containing the configuration to be delivered to the control plane nodes: § butane 9s-master-chrony-conf-override.bu -o 99-naater-chrony-cont-overrie. yam: = Create a Butane config, 99-worker-chrony-conf-overige. bu, including the contents of the chrony-cont file for the worker nodes that references the NTP servers on the control plane nodes, Butane config example itpssidocs. opensht.comicontainer platform. nstalingiinstaling_bare_metal_ipipt-nstall-instalaton workflow Niml 260381015122, 2.59PM —_Seting up the environment fr an OpenShit instalation - Deploying installer provisioned clusters on bare metal | nsaling | Open. variant: openshite version: 4.11.0 machineconfiguration.openshift.io/roie: worker = path: /ete/chrony.cant inline: | onain> burst (2) # the Machine contig oF server openshift-naster-0..< seever openshift-naster-1.. sburat ratumioicht 0 tb/eheony/aes makestep 10 3 es til bindondaa: keyfile /ete/ehrony. keys ‘commanakey 1 generatecommandkey logchange 0 logair /var/iog/chrony 1 You must replace with the name of the cluster and replace with the fully qualfied domain name. 1 Use Butane to generate a MachineConfig object file, 99-warker=chrony-conf-override.yaml , containing the configuration to be delivered to the worker nodes: § butane 99-worker-chrony-conf-override.bu 0 99-orker-chrony-cont-override. yam Optional: Configuring network components to run on the control plane You can configure networking components to un exclusively on the control plane nodes. By defaut, OpenShift Container Platform allows any node in the machine canfig pool to host the ingressvzP vitual|P address, However, some environments deploy worker nodes n separate subnets rom the contol plane nodes. When deploying remote workers in separate subnets, you must place the AngressvIP virtual P address exclusively withthe control plane nodes. itpssidocs. opensht.comicontainer platform. nstalingiinstaling_bare_metal_ipipt-nstall-instalaton workflow Niml 271381015122, 2.59PM —_Seting up the environment fr an OpenShit instalation - Deploying installer provisioned clusters on bare metal | nsaling | Open. i Sores T Lp Procedure * Change to the directory storing the install-config.yanl file: 4 ed ~/olusteroontiss 1 Switch to the manifests subdirectory: * Create a fle named cluster-network-avoid-workers-99-config. yam 4 touch clusternetwork-avosd-workers-99-contig. yan 1 Open the cluster-networksavoideworkers-39-config.yasl. file in an editor and enter a custom resource (CR) that describes ‘the Operator configuration: apiversion: machineconfiguration.openshif=.i0/vi kind: Machinecontis labels: nachinecontiguration.openshife.to/zoie: worke spec: ignition storage prtees = path: /ete/kubernetes/manif s/xoopalived.yani source: datat, ‘This manifest places the ingressVIP virtual IP address on the control plane nodes. Additionally, this manifest deploys the following processes on the control plane nodes only 1 openshift-ingress-operator keepalives ' Save the cluster-network-avold-workers-88-config. yam) file itpssidocs. opensht.comicontainer platform. nstalingiinstaling_bare_metal_ipipt-nstall-instalaton workflow Niml 200381015122, 2.59PM —_Seting up the environment fr an OpenShit instalation - Deploying installer provisioned clusters on bare metal | nsaling | Open. = Create a manifests/cluster-ingress-default-Ingresscontroller.yael fie: apiversion: operator openshife.to/¥i Kind: IngzessController netasata namespace: openshift~ineress-operator spec osleselector: node~role.kubeznates.to/master: " ' Consider backing up the nanifests directory. The installer deletes the manifests/ directory when creating the cluster. config.ym1 manifest to make the control plane nodes schedulable by setting the 1 Modify the cluster-scheduler- astersSchedulable field to true , Control plane nodes are not schedulable by default, For example: 1 -seheduler-02-conf $ sed -4 “sinastersSchedulable: false;nastersSchedulable: true;g” clusterconfigs/manifests/clust @ conta plane nodes are not schedulable ater completing ths procedure, deploying te ster wi al Optional: Deploying routers on worker nodes During installation, the installer deploys router pods on worker nodes. By default, the installer installs two router pods. If deployed cluster requires addtional routers to handle external traffic loads destined fr services within the OpenShift Container Platform Cluster, you can create a yaml file to set an appropriate number of router replicas, Deploying a cluster with only one worker node snot supported. While modifying the router replicas wil adéress @ issues withthe degraea state when depioyig wth one worker the cise loss high avaabity forthe ingress API hich is not suitable for production environments. forouters 2st she instal depos wo outers the castes has no worker nodes, the stalls deploys th (on the control plane nodes by default Procedure = Create a router-replicas.yant fie: apiversion: operator opanshift.io/vl kind: IngreesControl ler namespace: openchift-ingress-operator apee: replicas! endpelntPablishingst: type: sostNatwork nodesellector: natenlabels: node-role.kubernetesio/worker: ** Replace with an appropriate value. If working with ust one worker node, set replicas: 1s: irwerking with more than 3 worker nodes, you can ictease replicas: fom the default value 2 a8, appropriate, itpssidocs. opensht.comicontainer platform. nstalingiinstaling_bare_metal_ipipt-nstall-instalaton workflow Niml 200381015122, 2.59PM —_Seting up the environment fr an OpenShit instalation - Deploying installer provisioned clusters on bare metal | nsaling | Open. 1 Save and copy the router-replicas.yaml file to the clusterconfigs/openshift directory $ op ~/roster-replic: ‘yom clusterconfigs/openshift/99_router-replicas.yaml Optional: Configuring the BIOS ‘The following procedure configures the BIOS during the installation process Procedure = Create the manifests 1 Modify the Baretetaliiost resource file corresponding to the node § vim clustercontigs/ope: 4.f¢/99_openshift-cluster-api_hosts-*-yaml 1 Add the BIOS configuration to the spec section of the BareMetalHost resource: simsitanco gorse adingBnabled: true eeiovinabled: true @ | att spore tiree 8105 configurations On servers wih BMC te me ae supported. Cer ypes of servers are currently aot supported = Create the cluster. Additional resources * Bare metal configuration Optional: Configuring the RAID ‘The following procedure configures a redundant array of independent disks (RAID) during the installation process + Onlynodes with baseboard management controller (BMC) type nse are supported. Other types of nodes are e currently not supported. + Ifyou want to configure a hardware RAID forthe node, make sure the node has RAID controler. Procedure * Create the manifests 1 Modify the Saretetaliiost resource corresponding to the node: § vim clustercontigs/openshi f¢/99_openshifc~cluster-aps_hosts-*.yami e pe irae do not support software RAID, the following RAID configuration uses hardware RAID as an example. * Ifyou added a specific RAID configuration to the spec section, this causes the node to delete the original RAID configuration in the preparing phase and perform a specified configuration on the RAID. For example: itpssidocs. opensht.comicontainer platform. nstalingiinstaling_bare_metal_ipipt-nstall-instalaton workflow Niml 301381015122, 259PM Setting up the environment fr an OpenShit instalation - Deploying installer provisioned clusters on bare metal | nsaling | Open. spec hagdwarenazavelumes: = ever: "0" (a) nunberofPhysicalDisks: 1 gotational: true sizeoibibyter: 0 1 evel isa required field, and the others are optional fields. * If you added an empty RAID configuration to the spec section, the empty configuration causes the node to delete the original RAID configuration during the preparing phase, but does not perform a new configuration. For example: apee: hardwaresaibvels * Ifyou donot adda raid fieldin the spec section, the original RAID configuration is not deleted, and no new uration will be performed, 1 Create the cluster, Additional resources = Bate metal configuration Creating a disconnected registry Insome cases, you might want to install an OpenShift Container Platform cluster using a local copy of the installation registry. This could be for enhancing network efficiency because the clust nodes ate on a network that does not have access tothe internet Alocal, or mirrored, copy of the registry requires the following + Acertficate for the registry node, This can bea self-signed certificate = Avweb server that a container on a system will serve. = An updated pull secret that contains the certificate and local repository information. @ _ “isha tsconnectedregtiy on aregsty noe aptonsl you need to create a decometed egy ona registry node, you must complete al of the following sub-sections, Prerequisites f you have already prepared a mirror registry for Mirroring images for a disconnected installation, you can skip directly to Modify the install-config yam file to use the disconnected registry. Preparing the registry node to host the mirrored registry The following steps must be completed prior to hosting a mirored registry on bare metal Procedure = Open the firewall port on the registry node: sudo firewsll-ond —add-por: 000/tcp Aabyirt permanent $ sudo tirewall-cna .dd-port=5000/¢: je-public~-permanent reload itpssidocs. opensht.comicontainer platform. nstalingiinstaling_bare_metal_ipipt-nstall-instalaton workflow Niml 311381015122, 2.59PM —_Seting up the environment fr an OpenShit instalation - Deploying installer provisioned clusters on bare metal | nsaling | Open. * Install the required packages for the registry node: $ sudo yan -y install python3 podman httpd netpd-t: is 3a 1 Create the directory structure where the repository information will be hel 4 soto mkair =p /opt, egistry/ (auth, certs,daca) Mirroring the OpenShift Container Platform image repository for a disconnected registry Complete the following steps to mirror the OpenShift Container Platform image repository fora disconnected regis Prerequisites * Your mirror host has access to the internet. + You configured a mirror registry to use in your restricted network and can access the certificate and credentials that you configured 1 You downloaded the pull secret from the Red Hat OnenShift Cluster Manager and modified it to include authentication to your mirror repository, Procedure 1 Review the OnenShift Container Platform downloads page to determine the version of OpenShift Container Platform that you ‘want to install and determine the corresponding tag on the Repository Tags page. ' Set the required environment variables: = Export the release version: 5 Oc? _RELEASE-crelease_vereso For , specify the tag that corresponds to the version of OpenShift Container Platform to install, such as 4.5.4 = Export the local registry name and host port Local, RES: ST8¥=":" For , specify the registry domain name for your mirror repository, and for , specify the port that it serves content on. ' Export the focal repository name: 1 REFOSITORY-'' For , specify the name of the repository to create in your regist y, Such as eca4/openshirts 1 Export the name of the repository to mirror: openshist-release-dev! Fora production release, you must specify openshift-release-dev "= Export the path to your registry pull secret: § LOCAL SECRET ssoN-'! For specify the absolute path to and file name of the pull secret for your mirror registry that you ated = Export the release miror: itpssidocs. opensht.comicontainer platform. nstalingiinstaling_bare_metal_ipipt-nstall-instalaton workflow Niml 321881015122, 2.59PM Setting up the environment fr an OpenShit instalation - Deploying installer provisioned clusters on bare metal | nsaling | Open. 5 RELEASE_NAND- locpetelease” For aproduction release, you must specify ocp-release = Export the type of architecture for your server, such as x86_68 § ARCHITECTURE“cserver_aronitecture> + Export the path to the directory to host the mirrored images: 5 REMOVABLE MEDIA pam patn> (ay 1 Specify the full path including the initial forward slash (/) character. '= Mirror the version images to the mirror registry: + If your mirror hast does nat have internet access, take the following actions: * Connect the removable media to 3 system that is connected to the internet. 1 Review the images and configuration manifests to mirror: $90 adn reieane mirror -a ${LOCAI_SECRET_JS08} \ ~feom=quay. 10/3 {2RODUCT_8#P0)/$ {RELEASS_NAMS) :$(OCP_RELEASE)~5 (ARCHITECTURE) \ ~to~$ {LOCAL REGISTRY) /$ {LOCAL REPOSITORY} \ ~to-rezease-inage=3 {LOCAL REGISTRY) /${LOCAL # ‘SPOSITORY) :${OCP_RBLEASE)~5 (ARCHITECTURE) ~ ' Record the entire imagecontentSources section from the output of the previous command, The information about your mirrors is unique to your mirrored repository, and you must add the inageContentsources section to the Anstall-config.yan file during installation. 1 Mireor the images to a directory on the removable media: § 0c atin release mirror ~a ${LOCAL SECRET_JsOW) quay. 10/8 PRODUC?_S#P0}/3 {RELEASE NAME) :$/0CP_ABL2s ovdir-$ (REMOVABLE MEDIA PATH} /nirror J=$ (ARCHITECTURE) '= Take the media to the restricted network environment and upload the images to the local container registry. $ oc image mirror >a 3{LOCAL_S8CRET_JSON) —-from-dir=$ (REMOVABLE MEDIA PATH) /mirror "tile://opensnits/release:${0CP RELEASE) +" §{LOCAL AEGISTRY}/$(LOCAL REEOSITORY} (1) 1 For REMOVABLE_MEDTA_PATH., you must use the same path that you specified when you mirrored the images. 1 Ifthe local container registry is connected to the mirror host, take the following actions: * Directly push the release images to the local registry by using folloning command: $ oc adin release mirror ~a ${LOCAL SECREY_JSON) \ ~froemquay. 10/3 {PRODUCT REPO} /§{RELEASE_NAt LOCKL_REGISTRY} /$|LOCAL_ REPOSITORY) ~-to-ralease-‘nage~${LOCAL, REGISTRY} /$ {LOCAL $(0CP_RELEASE} {ARCHITECTURE} \ -OSTTORY} :§(OCE_RELEASE}~$ (ARCHITECTURE) This command pulls the release information as a digest, and its output includes the imageContentSources data that you require when you install your caster. ' Record the entire imagecontentSources section from the output of the previous command, The information about your mirrors is unique to your mirrored repository, and you must add the inageContentsources section to the install-config.yanl file during installation. @_Tilase name gets patches to Quayle dusing he miroing proses, ane he padman ages wi ‘show Quayio in the registry on the bootstrap virtual machine, itpssidocs. opensht.comicontainer platform. nstalingiinstaling_bare_metal_ipipt-nstall-instalaton workflow Niml 331381015122, 2.59PM —_Seting up the environment fr an OpenShit instalation - Deploying installer provisioned clusters on bare metal | nsaling | Open. ' To create the installation program that is based on the content that you mirrored, extract it and pin it to the release: * IF your mitror host does net have internet access, run the following command: 3 ec adn release extract -a ${LOCAL # "$|uocaL_ REGISTRY) /$ LOCAL, REPOSITORY parenetal-inatall s onnand-openght $(0GP_RELEASE)" *= Ifthe local container registry is connected to the mirror host, run the following command: 3 oc adn release extract -a S(LOCAL SECRET JSON) re smnand-opensh: £:-barenetal-inetall "AL, REGISTRY} /${LOCAL, REPOSITORY} :$(OCP_RELEASE}-~$(ARCHITECTURE}” To ensure that you use the correct images for the version of OpenShift Container Platform that you selected, you must extract the installation program from the mirrored content. @_ Yours perfor this step ona machine wih an active intemet connection, Ifyou are in a disconnected environment, use the --image flag as part of must-gather and point to the payload image + For clusters using installer provisioned infrastucture, rn the following command Modify the install-configyam! file to use the disconnected registry (On the provisioner node, the install-config.yanl file should use the newly created pull-secret from the pull-secret-update.txt file. The instal1-config.yanl file must also contain the disconnected registry node's certificate and registry information. Procedure 1 Add the disconnected registry node's certificate to the install-config. yan! fie § echo “additionalteustRundle: |" >> inetall-contig. yam. ‘The certificate should follow the “additional Trustsundie: |" line and be properly indented, usually by two spaces. § sede '2/*/ /* fopt/zegistry/certs/donain.ert >> install-config.yaml ' Add the mirror information forthe registry to the install-config.yaml ile: § echo "inageContentsourees:” >> inatali-config. yam $ echo "= mirrors: >> install-config.yant $ echo " ~ zegistry.example.com:5000/ocp4/openahitt4* >> install-config.yaml Replace registry.exanple.con with the registry’s fully qualified domain name. 4S echo " source: quay. to/openshi fe-release-dev/oep-reiease” >> inetall-contig.yanl 4} echo" mizmorsi" >> install-config. yan $ echo " ~ registry exanple.com:5000/acp4/apenshitt4* >> install-contig.yam) Replace registry.exanple.con with the registry’s fully qualified domain name, $ echo " source: quay.1o/opanshift-release-dev/oop-vé.d-art-dev" >> inatall-config. yam) itpssidocs. opensht.comicontainer platform. nstalingiinstaling_bare_metal_ipipt-nstall-instalaton workflow Niml 341381015122, 259PM Setting up the environment fr an OpenShit instalation - Deploying installer provisioned clusters on bare metal | nsaling | Open. Validation checklist for installation = Copenshitt Container Platform installer has been retrieved, = GOpenshift Container Platform installer has been extracted. = CiRequited parameters for the install -confég.yasl have been configured. = Q The hosts parameter for the install-config.yaml. has been configured. = O The be parameter for the install-conéig.yam has bee figure. * CConventions forthe values configured in the te adress field have been applied = created the OpenShitt Container Platform manifest + Optional) Deployed routers on worker nodes. + Optional) Created a disconnected resistry = Q (Optional Validate disconnected registry settings ifn use. Deploying the cluster via the OpenShift Container Platform installer Run the OpenShift Container Platform instal: § -/openshi f.-barenetal-inavall ~-dir ~/elusterconfige ~-log-level debug create cluster Following the installation During the deployment process, you can check the installations overall status by issuing the tai command to the lopenshift_install 1og log fle in the install directory folder: § tall -£ /path/to/inetati-dir/-openshift_inatall.leg Verifying static IP address configuration I the DHCP reservation for a cluster node specifies an infinite lease, after the installer successfully provisions the node, the dispatcher script checks the node's network configuration. Ifthe script determines that the network configuration contains an infinite DHCP lease, it creates a new connection using the IP address of the DHCP lease as a static IP address, Te eReeher sent miantrn on secessflyprovsloned noses white provisioning of other nodesin he lusteris ongoing, Verify the network configuration is working properly. Procedure 1 Check the network interface configuration on the node, ‘= Turn off the DHCP server and reboot the OpenShift Container Platform node and ensure that the network configuration works Proper. Preparing to reinstall a cluster on bare metal Before you reinstall a cluster on bare metal, you must perform cleanup operations Procedure 1 Remove of reformat the disks fo environment, you must add any disks you removed. bootstrap, control plane node, and worker nodes. If you are working in a hypervisor itpssidocs. opensht.comicontainer platform. nstalingiinstaling_bare_metal_ipipt-nstall-instalaton workflow Niml 351381015122, 2.59PM —_Seting up the environment fr an OpenShit instalation - Deploying installer provisioned clusters on bare metal | nsaling | Open. * Delete the artifacts that the previous installation generated: oa} fbin/em “2 avth/ pooteteap.ign master.sgn worker.ign metadata.json \ json openshift_install.log .openshift_tnsta = Generate new manifests and Ignition config files. See "Creating the Kubernetes manifest and Ignition config files" for more information. '= Upload the new bootstrap, contro plane, and compute node Ignition contig files that the installation program created to your HTTP server. This will overwrite the previous Ignition fies Additional resources Shift Container Platform Creating the Kubernetes manifest and Ignition co ade channels and releases files = OpenShift Container Platform u itpssidocs. opensht.comicontainer platform. nstalingiinstaling_bare_metal_ipipt-nstall-instalaton workflow Niml 36138