diff --git a/content/modules/ROOT/pages/lab04.adoc b/content/modules/ROOT/pages/lab04.adoc index 3b401a4..f496d9d 100644 --- a/content/modules/ROOT/pages/lab04.adoc +++ b/content/modules/ROOT/pages/lab04.adoc @@ -18,27 +18,7 @@ mkdir /mnt/high-side-data/install cd /mnt/high-side-data/install ---- -{counter:install}. Then generate an SSH key pair for access to cluster nodes: - -[.highside,source,bash,role=execute,subs="attributes"] ----- -ssh-keygen -N "" ----- - -{counter:install}. Use `jq` to minify your container registry pull secret. -Copy this output to your clipboard, since you'll need it in a moment: - -[.highside,source,bash,role=execute,subs="attributes"] ----- -jq -c . $XDG_RUNTIME_DIR/containers/auth.json ----- - -[NOTE] --- -For connected installations, you would use the secret from the Hybrid Cloud Console, but for our use case, the mirror registry is the only one OpenShift will need to authenticate to. --- - -Then generate `install-config.yaml`: +Create an initial `install-config.yaml`: [.highside,source,yaml,role=execute,subs="attributes"] ---- @@ -79,47 +59,28 @@ publish: Internal EOF ---- -//TODO add pull secret and ssh key -// pullSecret: '{"auths":{"ip-10-0-62-109.us-east-2.compute.internal:8443":{"auth":"aW5pdDpkaXNjb3Bhc3M="}}}' -// sshKey: | -// ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC8oUGmdh9c2NNg9F4dAdmkE9jlJD5BCNkbvOPBfHL1Lvgqwbk081R1y9TylxV64DMXzVjrfJWudB8qHZA7jfTwP6HW5ZfBNPLao5DrxQBtKQrMAN2vfQY4NIbYfHu8d7K9oJkTklqC4L/mt9XA0CPq7uQ/jya41DI1hMvuKCGnWcvEwtL/4sRz8csBXVbgfEw6JIs+jknc4mX405TOF/VZE/RKeQVAz+s8oR8tVxL81H3auRVaIIAxzkegbhUrmaidtmSnimZLwQsW9wndKAeYqmvFKc8+dMDBXoS2t3gcZo0ngu3oJnx8tyP3HYe/sReuU/M9aY9A7OhMqWIVhmbzpsU5WkTSM7W9LTtAufOtNY4X+YnA/HcnnugJFXm0f3Yw/qvv5DT/nbqCl2DhWTlkScce/Lta93qcccTmkZvnEub1qwndnUM1m3unlXxS5QpeaniywGZoEBJe8EI9Cfh/Uv5fPT6B5kdyitGCOtE5brm/FFdMbUGM7/bO4Gn7TKM= lab-user@ip-10-0-62-109.us-east-2.compute.internal - -// The installer will generate `install-config.yaml` and drop it in `/mnt/high-side-data/install` for you. +{counter:install}. Generate an SSH key pair for access to cluster nodes and add it to the `install-config.yaml` -// We need to make a couple changes to this config before we kick off the install: - -// ** Change `publish` from *External* to *Internal*. We're using a private subnet to house the cluster, so it won't be publicly accessible. -// ** Add the subnet ID for the private subnet to `platform.aws.subnets`. Otherwise, the installer will create its own VPC and subnets. - -// Private subnet ID: `{PrivateSubnet1}` +[.highside,source,bash,role=execute,subs="attributes"] +---- +ssh-keygen -C "Cluster Debug Key" -N "" -f /mnt/high-side-data/id_rsa +echo "sshKey: $(cat /mnt/high-side-data/id_rsa.pub)" >> /mnt/high-side-data/install/install-config.yaml +---- -// Then add to `platform.aws.subnets` in your `install-config.yaml` so that they look something like this: +[NOTE] +The SSH key will be installed on all cluster nodes but is primarily for troubleshooting. -// [source,yaml,role=execute,subs="attributes"] -// ---- -// platform: -// aws: -// region: {aws_default_region} -// subnets: -// - {PrivateSubnet1} -// ---- +{counter:install}. Use `jq` to minify your container registry pull secret and add it to the `install-config.yaml` -// ** Modify the `machineNetwork` to match the IPv4 CIDR blocks from the private subnets. -// Otherwise your control plane and compute nodes will be assigned IP addresses that are out of range and break the install. -// You can retrieve them by running this command from your workstation: -// + -// [source,bash,role=execute,subs="attributes"] -// ---- -// aws ec2 describe-subnets | jq '[.Subnets[] | select(.Tags[].Value | contains ("Private")).CidrBlock] | unique | map("cidr: " + .)' | yq read -P - | sed "s/'//g" -// ---- -// + -// Then use them to *replace the existing* `networking.machineNetwork` *entry* in your `install-config.yaml` so that they look something like this: ```bash ... -// networking: clusterNetwork: +[.highside,source,bash,role=execute,subs="attributes"] +---- +echo "pullSecret: '$(jq -c . $XDG_RUNTIME_DIR/containers/auth.json)'" >> /mnt/high-side-data/install/install-config.yaml +---- -// *** cidr: 10.128.0.0/14 hostPrefix: 23 machineNetwork: -// *** cidr: 10.0.48.0/20 -// *** cidr: 10.0.64.0/20 -// *** cidr: 10.0.80.0/20 ... +[NOTE] +-- +For connected installations, you would use the secret from the Hybrid Cloud Console, but for our use case, the mirror registry is the only one OpenShift will need to authenticate to. +-- === Add the `imageContentSources` that `oc mirror` produced to ensure image mappings happen correctly. @@ -156,10 +117,7 @@ imageContentSources: source: quay.io/openshift-release-dev/ocp-v4.0-art-dev ---- -// [NOTE] -// Instead of adding this field to the `install-config.yaml` you could drop the `imageContentSourcePolicy.yaml` file in the manifests directory after running `openshift-install create manifests` to achieve the same result. - -** Add the root CA of our mirror registry (`/mnt/high-side-data/quay/quay-install/quay-rootCA/rootCA.pem`) to the trust bundle using the `additionalTrustBundle` field by running this command: +** Add the root CA of our mirror registry to the trust bundle using the `additionalTrustBundle` field by running this command: [.highside,source,bash,role=execute] ---- @@ -186,10 +144,6 @@ cd /mnt/high-side-data/install cp install-config.yaml install-config.yaml.backup ---- -== Check your work - -TODO add complete install-config.yaml - == Running the Installation We're ready to run the install! @@ -218,5 +172,5 @@ INFO Time elapsed: 30m49s The installation process should take about 30 minutes. [IMPORTANT] -This disco.lab cluster will take about 30 minutes to install but if you do not want to wait proceed to the next section -to work on the pre-built salsa.lab cluster! +This `disco.lab` cluster will take about 30 minutes to install but if you do not want to wait *proceed to the next section +to work on the pre-built salsa.lab cluster*!