From 034782030b8593fcd48e4228bf6f64059ab3042b Mon Sep 17 00:00:00 2001 From: Kathryn Alexander Date: Thu, 24 Jun 2021 16:07:12 -0400 Subject: [PATCH] BZ1923772: clarifying must-gather image stream for disconnected --- ...talling-mirroring-installation-images.adoc | 5 +++-- ...ed-networks-aws-installer-provisioned.adoc | 1 + .../installing-restricted-networks-aws.adoc | 2 ++ ...alling-restricted-networks-bare-metal.adoc | 2 ++ ...ed-networks-gcp-installer-provisioned.adoc | 1 + .../installing-restricted-networks-gcp.adoc | 2 ++ ...alling-openstack-installer-restricted.adoc | 1 + ...ng-restricted-networks-vmc-user-infra.adoc | 2 ++ .../installing-restricted-networks-vmc.adoc | 2 ++ ...tallation-adding-registry-pull-secret.adoc | 4 ++-- ...installation-creating-mirror-registry.adoc | 4 ++-- ...ricted-cluster-to-gather-support-data.adoc | 20 +++++++++++++++++-- ...stallation-restricted-network-samples.adoc | 6 +++--- .../cluster-tasks.adoc | 11 ++++++++++ 14 files changed, 52 insertions(+), 11 deletions(-) diff --git a/installing/installing-mirroring-installation-images.adoc b/installing/installing-mirroring-installation-images.adoc index 3227f61243..bc356f51ea 100644 --- a/installing/installing-mirroring-installation-images.adoc +++ b/installing/installing-mirroring-installation-images.adoc @@ -62,9 +62,10 @@ In production environments, add the required images to a registry in your restri include::modules/installation-mirror-repository.adoc[leveloffset=+1] -include::modules/installation-preparing-restricted-cluster-to-gather-support-data.adoc[leveloffset=+1] +[id="installing-preparing-samples-operator"] +== The Cluster Samples Operator in a disconnected environment -include::modules/installation-restricted-network-samples.adoc[leveloffset=+1] +In a disconnected environment, you must take additional steps after you install a cluster to configure the Cluster Samples Operator. Review the following information in preparation. include::modules/installation-images-samples-disconnected-mirroring-assist.adoc[leveloffset=+2] diff --git a/installing/installing_aws/installing-restricted-networks-aws-installer-provisioned.adoc b/installing/installing_aws/installing-restricted-networks-aws-installer-provisioned.adoc index d8dbf093c3..28b1d8bba5 100644 --- a/installing/installing_aws/installing-restricted-networks-aws-installer-provisioned.adoc +++ b/installing/installing_aws/installing-restricted-networks-aws-installer-provisioned.adoc @@ -67,6 +67,7 @@ include::modules/cli-logging-in-kubeadmin.adoc[leveloffset=+1] * xref:../../installing/validating-an-installation.adoc#validating-an-installation[Validate an installation]. * xref:../../post_installation_configuration/cluster-tasks.adoc#available_cluster_customizations[Customize your cluster]. +* xref:../../post_installation_configuration/cluster-tasks.adoc#post-install-must-gather-disconnected[Configure image streams] for the Cluster Samples Operator and the `must-gather` tool. * Learn how to xref:../../operators/admin/olm-restricted-networks.adoc#olm-restricted-networks[use Operator Lifecycle Manager (OLM) on restricted networks]. * If the mirror registry that you used to install your cluster has a trusted CA, add it to the cluster by xref:../../openshift_images/image-configuration.adoc#images-configuration-cas_image-configuration[configuring additional trust stores]. * If necessary, you can xref:../../support/remote_health_monitoring/opting-out-of-remote-health-reporting.adoc#opting-out-remote-health-reporting_opting-out-remote-health-reporting[opt out of remote health reporting]. diff --git a/installing/installing_aws/installing-restricted-networks-aws.adoc b/installing/installing_aws/installing-restricted-networks-aws.adoc index 84f52abded..481830dc28 100644 --- a/installing/installing_aws/installing-restricted-networks-aws.adoc +++ b/installing/installing_aws/installing-restricted-networks-aws.adoc @@ -171,6 +171,8 @@ include::modules/logging-in-by-using-the-web-console.adoc[leveloffset=+1] * xref:../../installing/validating-an-installation.adoc#validating-an-installation[Validate an installation]. * xref:../../post_installation_configuration/cluster-tasks.adoc#available_cluster_customizations[Customize your cluster]. +* xref:../../post_installation_configuration/cluster-tasks.adoc#post-install-must-gather-disconnected[Configure image streams] for the Cluster Samples Operator and the `must-gather` tool. +* Learn how to xref:../../operators/admin/olm-restricted-networks.adoc#olm-restricted-networks[use Operator Lifecycle Manager (OLM) on restricted networks]. * If the mirror registry that you used to install your cluster has a trusted CA, add it to the cluster by xref:../../openshift_images/image-configuration.adoc#images-configuration-cas_image-configuration[configuring additional trust stores]. * If necessary, you can xref:../../support/remote_health_monitoring/opting-out-of-remote-health-reporting.adoc#opting-out-remote-health-reporting_opting-out-remote-health-reporting[opt out of remote health reporting]. * If necessary, you can xref:../../authentication/managing_cloud_provider_credentials/cco-mode-mint.adoc#manually-removing-cloud-creds_cco-mode-mint[remove cloud provider credentials]. diff --git a/installing/installing_bare_metal/installing-restricted-networks-bare-metal.adoc b/installing/installing_bare_metal/installing-restricted-networks-bare-metal.adoc index bb6c6ab0f8..2f0cea2f34 100644 --- a/installing/installing_bare_metal/installing-restricted-networks-bare-metal.adoc +++ b/installing/installing_bare_metal/installing-restricted-networks-bare-metal.adoc @@ -187,6 +187,8 @@ include::modules/installation-complete-user-infra.adoc[leveloffset=+1] * xref:../../installing/validating-an-installation.adoc#validating-an-installation[Validating an installation]. * xref:../../post_installation_configuration/cluster-tasks.adoc#available_cluster_customizations[Customize your cluster]. +* xref:../../post_installation_configuration/cluster-tasks.adoc#post-install-must-gather-disconnected[Configure image streams] for the Cluster Samples Operator and the `must-gather` tool. +* Learn how to xref:../../operators/admin/olm-restricted-networks.adoc#olm-restricted-networks[use Operator Lifecycle Manager (OLM) on restricted networks]. * If the mirror registry that you used to install your cluster has a trusted CA, add it to the cluster by xref:../../openshift_images/image-configuration.adoc#images-configuration-cas_image-configuration[configuring additional trust stores]. * If necessary, you can xref:../../support/remote_health_monitoring/opting-out-of-remote-health-reporting.adoc#opting-out-remote-health-reporting_opting-out-remote-health-reporting[opt out of remote health reporting]. diff --git a/installing/installing_gcp/installing-restricted-networks-gcp-installer-provisioned.adoc b/installing/installing_gcp/installing-restricted-networks-gcp-installer-provisioned.adoc index e324b046e2..0779cd0c41 100644 --- a/installing/installing_gcp/installing-restricted-networks-gcp-installer-provisioned.adoc +++ b/installing/installing_gcp/installing-restricted-networks-gcp-installer-provisioned.adoc @@ -60,6 +60,7 @@ include::modules/cli-logging-in-kubeadmin.adoc[leveloffset=+1] * xref:../../installing/validating-an-installation.adoc#validating-an-installation[Validate an installation]. * xref:../../post_installation_configuration/cluster-tasks.adoc#available_cluster_customizations[Customize your cluster]. +* xref:../../post_installation_configuration/cluster-tasks.adoc#post-install-must-gather-disconnected[Configure image streams] for the Cluster Samples Operator and the `must-gather` tool. * Learn how to xref:../../operators/admin/olm-restricted-networks.adoc#olm-restricted-networks[use Operator Lifecycle Manager (OLM) on restricted networks]. * If the mirror registry that you used to install your cluster has a trusted CA, add it to the cluster by xref:../../openshift_images/image-configuration.adoc#images-configuration-cas_image-configuration[configuring additional trust stores]. * If necessary, you can xref:../../support/remote_health_monitoring/opting-out-of-remote-health-reporting.adoc#opting-out-remote-health-reporting_opting-out-remote-health-reporting[opt out of remote health reporting]. diff --git a/installing/installing_gcp/installing-restricted-networks-gcp.adoc b/installing/installing_gcp/installing-restricted-networks-gcp.adoc index 164e9f75e5..8c39ca7be0 100644 --- a/installing/installing_gcp/installing-restricted-networks-gcp.adoc +++ b/installing/installing_gcp/installing-restricted-networks-gcp.adoc @@ -105,5 +105,7 @@ include::modules/installation-gcp-user-infra-completing.adoc[leveloffset=+1] == Next steps * xref:../../post_installation_configuration/cluster-tasks.adoc#available_cluster_customizations[Customize your cluster]. +* xref:../../post_installation_configuration/cluster-tasks.adoc#post-install-must-gather-disconnected[Configure image streams] for the Cluster Samples Operator and the `must-gather` tool. +* Learn how to xref:../../operators/admin/olm-restricted-networks.adoc#olm-restricted-networks[use Operator Lifecycle Manager (OLM) on restricted networks]. * If the mirror registry that you used to install your cluster has a trusted CA, add it to the cluster by xref:../../openshift_images/image-configuration.adoc#images-configuration-cas_image-configuration[configuring additional trust stores]. * If necessary, you can xref:../../support/remote_health_monitoring/opting-out-of-remote-health-reporting.adoc#opting-out-remote-health-reporting_opting-out-remote-health-reporting[opt out of remote health reporting]. diff --git a/installing/installing_openstack/installing-openstack-installer-restricted.adoc b/installing/installing_openstack/installing-openstack-installer-restricted.adoc index f028664180..89c5377757 100644 --- a/installing/installing_openstack/installing-openstack-installer-restricted.adoc +++ b/installing/installing_openstack/installing-openstack-installer-restricted.adoc @@ -47,5 +47,6 @@ include::modules/cli-logging-in-kubeadmin.adoc[leveloffset=+1] * If the mirror registry that you used to install your cluster has a trusted CA, add it to the cluster by xref:../../openshift_images/image-configuration.adoc#images-configuration-cas_image-configuration[configuring additional trust stores]. * If necessary, you can xref:../../support/remote_health_monitoring/opting-out-of-remote-health-reporting.adoc#opting-out-remote-health-reporting_opting-out-remote-health-reporting[opt out of remote health reporting]. +* xref:../../post_installation_configuration/cluster-tasks.adoc#post-install-must-gather-disconnected[Configure image streams] for the Cluster Samples Operator and the `must-gather` tool. * Learn how to xref:../../operators/admin/olm-restricted-networks.adoc#olm-restricted-networks[use Operator Lifecycle Manager (OLM) on restricted networks]. * If you did not configure {rh-openstack} to accept application traffic over floating IP addresses, xref:../../post_installation_configuration/network-configuration.adoc#installation-osp-configuring-api-floating-ip_post-install-network-configuration[configure {rh-openstack} access with floating IP addresses]. diff --git a/installing/installing_vmc/installing-restricted-networks-vmc-user-infra.adoc b/installing/installing_vmc/installing-restricted-networks-vmc-user-infra.adoc index 6404edc81b..56faa9bb5a 100644 --- a/installing/installing_vmc/installing-restricted-networks-vmc-user-infra.adoc +++ b/installing/installing_vmc/installing-restricted-networks-vmc-user-infra.adoc @@ -102,6 +102,8 @@ include::modules/persistent-storage-vsphere-backup.adoc[leveloffset=+1] == Next steps * xref:../../post_installation_configuration/cluster-tasks.adoc#available_cluster_customizations[Customize your cluster]. +* xref:../../post_installation_configuration/cluster-tasks.adoc#post-install-must-gather-disconnected[Configure image streams] for the Cluster Samples Operator and the `must-gather` tool. +* Learn how to xref:../../operators/admin/olm-restricted-networks.adoc#olm-restricted-networks[use Operator Lifecycle Manager (OLM) on restricted networks]. * If the mirror registry that you used to install your cluster has a trusted CA, add it to the cluster by xref:../../openshift_images/image-configuration.adoc#images-configuration-cas_image-configuration[configuring additional trust stores]. * If necessary, you can xref:../../support/remote_health_monitoring/opting-out-of-remote-health-reporting.adoc#opting-out-remote-health-reporting_opting-out-remote-health-reporting[opt out of remote health reporting]. diff --git a/installing/installing_vmc/installing-restricted-networks-vmc.adoc b/installing/installing_vmc/installing-restricted-networks-vmc.adoc index c78bb79a2d..9e66ad541f 100644 --- a/installing/installing_vmc/installing-restricted-networks-vmc.adoc +++ b/installing/installing_vmc/installing-restricted-networks-vmc.adoc @@ -74,5 +74,7 @@ include::modules/registry-configuring-storage-vsphere.adoc[leveloffset=+3] == Next steps * xref:../../installing/install_config/installing-customizing.adoc#installing-customizing[Customize your cluster]. +* xref:../../post_installation_configuration/cluster-tasks.adoc#post-install-must-gather-disconnected[Configure image streams] for the Cluster Samples Operator and the `must-gather` tool. +* Learn how to xref:../../operators/admin/olm-restricted-networks.adoc#olm-restricted-networks[use Operator Lifecycle Manager (OLM) on restricted networks]. * If necessary, you can xref:../../support/remote_health_monitoring/opting-out-of-remote-health-reporting.adoc#opting-out-remote-health-reporting_opting-out-remote-health-reporting[opt out of remote health reporting]. * xref:../../registry/configuring_registry_storage/configuring-registry-storage-vsphere.adoc#configuring-registry-storage-vsphere[Set up your registry and configure registry storage]. diff --git a/modules/installation-adding-registry-pull-secret.adoc b/modules/installation-adding-registry-pull-secret.adoc index 4ce9a5df62..8752409839 100644 --- a/modules/installation-adding-registry-pull-secret.adoc +++ b/modules/installation-adding-registry-pull-secret.adoc @@ -8,7 +8,7 @@ ifeval::["{context}" == "updating-restricted-network-cluster"] :restricted: endif::[] -ifeval::["{context}" == "installing-restricted-networks-preparations"] +ifeval::["{context}" == "installing-mirroring-installation-images"] :restricted: endif::[] @@ -176,7 +176,7 @@ $ oc registry login --to ./pull-secret.json --registry " Provide both the registry details and a valid user name and password for the registry. //// -ifeval::["{context}" == "installing-restricted-networks-preparations"] +ifeval::["{context}" == "installing-mirroring-installation-images"] :!restricted: endif::[] diff --git a/modules/installation-creating-mirror-registry.adoc b/modules/installation-creating-mirror-registry.adoc index 7103839c4f..4754dbda66 100644 --- a/modules/installation-creating-mirror-registry.adoc +++ b/modules/installation-creating-mirror-registry.adoc @@ -3,7 +3,7 @@ // * installing/install_config/installing-restricted-networks-preparations.adoc // * openshift_images/samples-operator-alt-registry.adoc -ifeval::["{context}" == "installing-restricted-networks-preparations"] +ifeval::["{context}" == "installing-mirroring-installation-images"] :restricted: endif::[] @@ -165,6 +165,6 @@ If the command output displays an empty repository, your registry is available. ---- //// -ifeval::["{context}" == "installing-restricted-networks-preparations"] +ifeval::["{context}" == "installing-mirroring-installation-images"] :!restricted: endif::[] diff --git a/modules/installation-preparing-restricted-cluster-to-gather-support-data.adoc b/modules/installation-preparing-restricted-cluster-to-gather-support-data.adoc index c0a47bc29e..580245b324 100644 --- a/modules/installation-preparing-restricted-cluster-to-gather-support-data.adoc +++ b/modules/installation-preparing-restricted-cluster-to-gather-support-data.adoc @@ -1,6 +1,6 @@ // Module included in the following assemblies: // -// * installing/install_config/installing-restricted-networks-preparations.adoc +// * post_installation_configuration/cluster-tasks.adoc [id="installation-preparing-restricted-cluster-to-gather-support-data_{context}"] = Preparing your cluster to gather support data @@ -9,7 +9,23 @@ Clusters using a restricted network must import the default must-gather image to .Procedure -* Import the default must-gather image from your installation payload: +. If you have not added your mirror registry's trusted CA to your cluster's image configuration object as part of the Cluster Samples Operator configuration, perform the following steps: +.. Create the cluster’s image configuration object: ++ +[source,terminal] +---- +$ oc create configmap registry-config --from-file=${MIRROR_ADDR_HOSTNAME}..5000=$path/ca.crt -n openshift-config +---- + +.. Add the required trusted CAs for the mirror in the cluster’s image +configuration object: ++ +[source,terminal] +---- +$ oc patch image.config.openshift.io/cluster --patch '{"spec":{"additionalTrustedCA":{"name":"registry-config"}}}' --type=merge +---- + +. Import the default must-gather image from your installation payload: + [source,terminal] ---- diff --git a/modules/installation-restricted-network-samples.adoc b/modules/installation-restricted-network-samples.adoc index 7494b75ead..5b4855db08 100644 --- a/modules/installation-restricted-network-samples.adoc +++ b/modules/installation-restricted-network-samples.adoc @@ -1,9 +1,9 @@ // Module included in the following assemblies: // -// * installing/install_config/installing-restricted-networks-preparations.adoc +// * post_installation_configuration/cluster-tasks.adoc // * openshift_images/samples-operator-alt-registry.adoc -ifeval::["{context}" == "installing-restricted-networks-preparations"] +ifeval::["{context}" == "post-install-cluster-tasks"] :restrictednetwork: endif::[] @@ -121,7 +121,7 @@ reference the image streams. So using `Removed` to purge both the image streams and templates will eliminate the possibility of attempts to use them if they are not functional because of any missing image streams. -ifeval::["{context}" == "installing-restricted-networks-preparations"] +ifeval::["{context}" == "post-install-cluster-tasks"] :!restrictednetwork: endif::[] diff --git a/post_installation_configuration/cluster-tasks.adoc b/post_installation_configuration/cluster-tasks.adoc index e967596f55..c47fb8ea9f 100644 --- a/post_installation_configuration/cluster-tasks.adoc +++ b/post_installation_configuration/cluster-tasks.adoc @@ -598,6 +598,17 @@ include::modules/manually-rotating-cloud-creds.adoc[leveloffset=+2] include::modules/manually-removing-cloud-creds.adoc[leveloffset=+2] +[id="post-install-must-gather-disconnected"] +== Configuring image streams for a disconnected cluster + +After installing {product-title} in a disconnected environment, configure the image streams for the Cluster Samples Operator and the `must-gather` image stream. + +include::modules/installation-images-samples-disconnected-mirroring-assist.adoc[leveloffset=+2] + +include::modules/installation-restricted-network-samples.adoc[leveloffset=+2] + +include::modules/installation-preparing-restricted-cluster-to-gather-support-data.adoc[leveloffset=+2] + [discrete] [id="manually-rotating-cloud-creds-addtl-resources"] === Additional resources