Skip to content

updating codeblocks for the rest of the installation files #24611

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Aug 13, 2020
Merged

updating codeblocks for the rest of the installation files #24611

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions modules/installation-adding-registry-pull-secret.adoc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -56,6 +56,7 @@ endif::[]

. Log in to your registry by using the following command:
+
[source,terminal]
----
$ oc registry login --to ./pull-secret.json --registry "<registry_host_and_port>" --auth-basic=<username>:<password>
----
Expand Down
88 changes: 69 additions & 19 deletions modules/installation-mirror-repository.adoc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,38 +30,84 @@ link:https://access.redhat.com/downloads/content/290/[{product-title} downloads
to determine the version of {product-title} that you want to install and determine the corresponding tag on the link:https://quay.io/repository/openshift-release-dev/ocp-release?tab=tags[Repository Tags] page.

. Set the required environment variables:
.. Export the release version:
+
[source,terminal]
----
$ export OCP_RELEASE=<release_version> <1>
$ export LOCAL_REGISTRY='<local_registry_host_name>:<local_registry_host_port>' <2>
$ export LOCAL_REPOSITORY='<local_repository_name>' <3>
$ export PRODUCT_REPO='openshift-release-dev' <4>
$ export LOCAL_SECRET_JSON='<path_to_pull_secret>' <5>
$ export RELEASE_NAME="ocp-release" <6>
$ export ARCHITECTURE=<server_architecture> <7>
$ REMOVABLE_MEDIA_PATH=<path> <8>
$ OCP_RELEASE=<release_version>
----
<1> For `<release_version>`, specify the tag that corresponds to the version of {product-title} to
+
For `<release_version>`, specify the tag that corresponds to the version of {product-title} to
install, such as `4.5.4`.
<2> For `<local_registry_host_name>`, specify the registry domain name for your mirror

.. Export the local registry name and host port:
+
[source,terminal]
----
$ LOCAL_REGISTRY='<local_registry_host_name>:<local_registry_host_port>'
----
+
For `<local_registry_host_name>`, specify the registry domain name for your mirror
repository, and for `<local_registry_host_port>`, specify the port that it
serves content on.
<3> For `<local_repository_name>`, specify the name of the repository to create in your

.. Export the local repository name:
+
[source,terminal]
----
$ LOCAL_REPOSITORY='<local_repository_name>'
----
+
For `<local_repository_name>`, specify the name of the repository to create in your
registry, such as `ocp4/openshift4`.
<4> The repository to mirror. For a production release, you must specify
`openshift-release-dev`.
<5> For `<path_to_pull_secret>`, specify the absolute path to and file name of
the pull secret for your mirror registry that you created.
<6> The release mirror. For a production release, you must specify
`ocp-release`.
<7> For `server_architecture`, specify the architecture of the server, such as `x86_64`.
<8> For `<path>`, specify the path to the directory to host the mirrored images.

.. Export the name of the repository to mirror:
+
[source,terminal]
----
$ PRODUCT_REPO='openshift-release-dev'
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@wking, will you PTAL?

----
+
For a production release, you must specify `openshift-release-dev`.

.. Export the path to your registry pull secret:
+
[source,terminal]
----
$ LOCAL_SECRET_JSON='<path_to_pull_secret>'
----
+
For `<path_to_pull_secret>`, specify the absolute path to and file name of the pull secret for your mirror registry that you created.

.. Export the release mirror:
+
[source,terminal]
----
$ RELEASE_NAME="ocp-release"
----
+
For a production release, you must specify `ocp-release`.

.. Export the type of architecture for your server, such as `x86_64`.:
+
[source,terminal]
----
$ ARCHITECTURE=<server_architecture>
----

.. Export the path to the directory to host the mirrored images:
+
[source,terminal]
----
$ REMOVABLE_MEDIA_PATH=<path>
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is there a reason why this one doesn't start with "export"? I think it should be:

$ export REMOVABLE_MEDIA_PATH=<path>

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@wking, is there a reason that we're not exporting the flash drive path when you mirror install/update content?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I still think we should only export variables that need to be consumed by sub-processes, and not the rest of these local placeholders (#22008).

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I agree. That makes sense. I just wasn't sure why the one variable was different than the others.

----

. Mirror the version images to the internal container registry:
** If your mirror host does not have internet access, take the following actions:
... Connect the removable media to a system that is connected to the internet.
... Review the images and configuration manifests to mirror:
+
[source,terminal]
----
$ oc adm -a ${LOCAL_SECRET_JSON} release mirror \
--from=quay.io/${PRODUCT_REPO}/${RELEASE_NAME}:${OCP_RELEASE}-${ARCHITECTURE} \
Expand All @@ -72,18 +118,21 @@ $ oc adm -a ${LOCAL_SECRET_JSON} release mirror \
command. The information about your mirrors is unique to your mirrored repository, and you must add the `imageContentSources` section to the `install-config.yaml` file during installation.
... Mirror the images to a directory on the removable media:
+
[source,terminal]
----
$ oc adm release mirror -a ${LOCAL_SECRET_JSON} --to-dir=${REMOVABLE_MEDIA_PATH}/mirror quay.io/${PRODUCT_REPO}/${RELEASE_NAME}:${OCP_RELEASE}-${ARCHITECTURE}
----
... Take the media to the restricted network environment and upload the images to the local container registry.
+
[source,terminal]
----
$ oc image mirror -a ${LOCAL_SECRET_JSON} --from-dir=${REMOVABLE_MEDIA_PATH}/mirror 'file://openshift/release:${OCP_RELEASE}*' ${LOCAL_REGISTRY}/${LOCAL_REPOSITORY}
----

** If the local container registry is connected to the mirror host, take the following actions:
... Directly push the release images to the local registry by using following command:
+
[source,terminal]
----
$ oc adm -a ${LOCAL_SECRET_JSON} release mirror \
--from=quay.io/${PRODUCT_REPO}/${RELEASE_NAME}:${OCP_RELEASE}-${ARCHITECTURE} \
Expand All @@ -100,6 +149,7 @@ command. The information about your mirrors is unique to your mirrored repositor
. To create the installation program that is based on the content that you
mirrored, extract it and pin it to the release:
+
[source,terminal]
----
$ oc adm -a ${LOCAL_SECRET_JSON} release extract --command=openshift-install "${LOCAL_REGISTRY}/${LOCAL_REPOSITORY}:${OCP_RELEASE}-${ARCHITECTURE}"
----
Expand Down
1 change: 1 addition & 0 deletions modules/installation-preparing-restricted-cluster-to-gather-support-data.adoc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@ Clusters using a restricted network must imporat the default must-gather image i

. Import the default must-gather image from your installation payload:
+
[source,terminal]
----
$ oc import-image is/must-gather -n openshift
----
14 changes: 12 additions & 2 deletions modules/installation-restricted-network-samples.adoc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -57,6 +57,7 @@ not addressed in this procedure.

. Access the images of a specific imagestream to mirror, for example:
+
[source,terminal]
----
$ oc get is <imagestream> -n openshift -o json | jq .spec.tags[].from.name | grep registry.redhat.io
----
Expand All @@ -69,22 +70,31 @@ ifdef::configsamplesoperator[]
into your defined preferred registry, for example:
endif::[]
+
[source,terminal]
----
$ oc image mirror registry.redhat.io/rhscl/ruby-25-rhel7:latest ${MIRROR_ADDR}/rhscl/ruby-25-rhel7:latest
----

. Create the cluster’s image configuration object:
+
[source,terminal]
----
$ oc create configmap registry-config --from-file=${MIRROR_ADDR_HOSTNAME}..5000=$path/ca.crt -n openshift-config
----

. Add the required trusted CAs for the mirror in the cluster’s image
configuration object:
+
[source,terminal]
----
$ oc create configmap registry-config --from-file=${MIRROR_ADDR_HOSTNAME}..5000=$path/ca.crt -n openshift-config
$ oc patch image.config.openshift.io/cluster --patch '{"spec":{"additionalTrustedCA":{"name":"registry-config"}}}' --type=merge
----
+

. Update the `samplesRegistry` field in the Samples Operator configuration object
to contain the `hostname` portion of the mirror location defined in the mirror
configuration:
+
[source,terminal]
----
$ oc get configs.samples.operator.openshift.io -n openshift-cluster-samples-operator
----
Expand Down
11 changes: 9 additions & 2 deletions modules/installation-special-config-crony.adoc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@ to your nodes as a MachineConfig.

. Create the contents of the `chrony.conf` file and encode it as base64. For example:
+
[source,terminal]
----
$ cat << EOF | base64
server clock.redhat.com iburst
Expand All @@ -21,7 +22,11 @@ $ cat << EOF | base64
rtcsync
logdir /var/log/chrony
EOF

----
+
.Example output
[source,terminal]
----
ICAgIHNlcnZlciBjbG9jay5yZWRoYXQuY29tIGlidXJzdAogICAgZHJpZnRmaWxlIC92YXIvbGli
L2Nocm9ueS9kcmlmdAogICAgbWFrZXN0ZXAgMS4wIDMKICAgIHJ0Y3N5bmMKICAgIGxvZ2RpciAv
dmFyL2xvZy9jaHJvbnkK
Expand All @@ -31,6 +36,7 @@ dmFyL2xvZy9jaHJvbnkK
This example adds the file to `master` nodes. You can change it to `worker` or make an
additional MachineConfig for the `worker` role:
+
[source,terminal]
----
$ cat << EOF > ./99-masters-chrony-configuration.yaml
apiVersion: machineconfiguration.openshift.io/v1
Expand Down Expand Up @@ -68,6 +74,7 @@ directory, then continue to create the cluster.

. If the cluster is already running, apply the file as follows:
+
[source,terminal]
----
$ oc apply -f ./masters-chrony-configuration.yaml
$ oc apply -f ./masters-chrony-configuration.yaml
----
42 changes: 34 additions & 8 deletions modules/installation-special-config-encrypt-disk-tang.adoc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,25 +19,43 @@ If you miss this step, the second boot will fail.
For example, to configure DHCP networking, identify `ip=dhcp`
or set static networking when you add parameters to the kernel command line.

. Generate the thumbprint. Install the clevis package, it is not already
installed, and generate a thumbprint
from the Tang server. Replace the value of `url` with the Tang server URL:
. Install the clevis package, if it is not already installed:
+
[source,terminal]
----
$ sudo yum install clevis -y
----

. Generate a thumbprint from the Tang server.

.. In the following command, replace the value of `url` with the Tang server URL:
+
[source,terminal]
----
$ echo nifty random wordwords \
| clevis-encrypt-tang \
'{"url":"https://tang.example.org"}'

----
+
.Example output
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I understand why input and output are being separated in our new style. However, the challenge here is that the "Example output" is a mix of input and output. So the "y" after the words "Do you wish to trust..." is actually something the user types.

[source,terminal]
----
The advertisement contains the following signing keys:

PLjNyRdGw03zlRoGjQYMahSZGu9
----

Do you wish to trust these keys? [ynYN] y
.. When the `Do you wish to trust these keys? [ynYN]` prompt displays, type `Y`, and the thumbprint is displayed:
+
.Example output
[source,terminal]
----
eyJhbmc3SlRyMXpPenc3ajhEQ01tZVJiTi1oM...
----

. Create a Base64 encoded file, replacing the URL of the Tang server (`url`) and thumbprint (`thp`) you just generated:
+
[source,terminal]
----
$ (cat <<EOM
{
Expand All @@ -46,12 +64,18 @@ $ (cat <<EOM
}
EOM
) | base64 -w0
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You did a good job separating the input from the output. However, I have a question about how the highlighting is supposed to work. Everything from (cat <<EOM to ) | base64 -w0 is actually typed. But the color highlighting shows the text color as being the same as the output. That applies to other cat << examples in the text below as well.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Harder to copy/past, but you could add leading > as a common continuation prompt ($PS2). Or have the input highlighted as a shell script instead of a terminal session and remove all the prompts.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@jboxman, will you PTAL at this styling?


----
+
.Example output
[source,terminal]
----
ewogInVybCI6ICJodHRwczovL3RhbmcuZXhhbXBsZS5jb20iLAogInRocCI6ICJaUk1leTFjR3cwN3psVExHYlhuUWFoUzBHdTAiCn0K
----

. Replace the “source” in the TPM2 example with the Base64 encoded file for one or both of these examples for worker and/or master nodes:
. Replace the “source” in the TPM2 example with the Base64 encoded file for the type of node to update:
** For worker nodes, use the following command:
+
[source,terminal]
----
$ cat << EOF > ./99-openshift-worker-tang-encryption.yaml
apiVersion: machineconfiguration.openshift.io/v1
Expand All @@ -75,7 +99,9 @@ spec:
EOF
----

** For master nodes, use the following command:
+
[source,terminal]
----
$ cat << EOF > ./99-openshift-master-encryption.yaml
apiVersion: machineconfiguration.openshift.io/v1
Expand All @@ -88,7 +114,7 @@ spec:
config:
ignition:
version: 2.2.0
storage:
storage:
files:
- contents:
source: data:text/plain;base64,e30K
Expand Down
7 changes: 4 additions & 3 deletions modules/installation-special-config-encrypt-disk-tpm2.adoc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,8 +18,9 @@ This is required on most Dell systems. Check the manual for your computer.
$ ./openshift-install create manifests --dir=<installation_directory>
----

. In the `openshift` directory, create a master and/or worker file to encrypt
disks for those nodes. Here are examples of those two files:
. In the `openshift` directory, create master or worker files to encrypt
disks for those nodes.
** To create a worker file, run the following command:
+
[source,terminal]
----
Expand All @@ -43,7 +44,7 @@ spec:
path: /etc/clevis.json
EOF
----

** To create a master file, run the following command:
+
[source,terminal]
----
Expand Down
Loading