diff --git a/_topic_maps/_topic_map.yml b/_topic_maps/_topic_map.yml index 7fc1c8f564..29ac35ffa0 100644 --- a/_topic_maps/_topic_map.yml +++ b/_topic_maps/_topic_map.yml @@ -288,6 +288,8 @@ Topics: File: preparing-to-install-on-nutanix - Name: Installing a cluster on Nutanix File: installing-nutanix-installer-provisioned + - Name: Installing a cluster on Nutanix in a restricted network + File: installing-restricted-networks-nutanix-installer-provisioned - Name: Uninstalling a cluster on Nutanix File: uninstalling-cluster-nutanix - Name: Installing on bare metal diff --git a/installing/installing-preparing.adoc b/installing/installing-preparing.adoc index edb9c63e20..4d8472d410 100644 --- a/installing/installing-preparing.adoc +++ b/installing/installing-preparing.adoc @@ -75,7 +75,7 @@ If you use a user-provisioned installation method, you can configure a proxy for If you want to prevent your cluster on a public cloud from exposing endpoints externally, you can deploy a private cluster with installer-provisioned infrastructure on xref:../installing/installing_aws/installing-aws-private.adoc#installing-aws-private[AWS], xref:../installing/installing_azure/installing-azure-private.adoc#installing-azure-private[Azure], or xref:../installing/installing_gcp/installing-gcp-private.adoc#installing-gcp-private[GCP]. -If you need to install your cluster that has limited access to the internet, such as a disconnected or restricted network cluster, you can xref:../installing/disconnected_install/installing-mirroring-installation-images.adoc#installing-mirroring-installation-images[mirror the installation packages] and install the cluster from them. Follow detailed instructions for user provisioned infrastructure installations into restricted networks for xref:../installing/installing_aws/installing-restricted-networks-aws.adoc#installing-restricted-networks-aws[AWS], xref:../installing/installing_gcp/installing-restricted-networks-gcp.adoc#installing-restricted-networks-gcp[GCP], xref:../installing/installing_ibm_z/installing-restricted-networks-ibm-z.adoc#installing-restricted-networks-ibm-z[IBM Z or LinuxONE], xref:../installing/installing_ibm_z/installing-restricted-networks-ibm-z-kvm.adoc#installing-restricted-networks-ibm-z-kvm[IBM Z or LinuxONE with {op-system-base} KVM], xref:../installing/installing_ibm_power/installing-restricted-networks-ibm-power.adoc#installing-restricted-networks-ibm-power[IBM Power], xref:../installing/installing_vsphere/installing-restricted-networks-vsphere.adoc#installing-restricted-networks-vsphere[vSphere], xref:../installing/installing_vmc/installing-restricted-networks-vmc-user-infra.adoc#installing-restricted-networks-vmc-user-infra[VMC on AWS], or xref:../installing/installing_bare_metal/installing-restricted-networks-bare-metal.adoc#installing-restricted-networks-bare-metal[bare metal]. You can also install a cluster into a restricted network using installer-provisioned infrastructure by following detailed instructions for xref:../installing/installing_aws/installing-restricted-networks-aws-installer-provisioned.adoc#installing-restricted-networks-aws-installer-provisioned[AWS], xref:../installing/installing_gcp/installing-restricted-networks-gcp-installer-provisioned.adoc#installing-restricted-networks-gcp-installer-provisioned[GCP], xref:../installing/installing_vmc/installing-restricted-networks-vmc.adoc#installing-restricted-networks-vmc[VMC on AWS], xref:../installing/installing_openstack/installing-openstack-installer-restricted.adoc#installing-openstack-installer-restricted[{rh-openstack}], xref:../installing/installing_rhv/installing-rhv-restricted-network.adoc#installing-rhv-restricted-network[{rh-virtualization}], and xref:../installing/installing_vsphere/installing-restricted-networks-installer-provisioned-vsphere.adoc#installing-restricted-networks-installer-provisioned-vsphere[vSphere]. +If you need to install your cluster that has limited access to the internet, such as a disconnected or restricted network cluster, you can xref:../installing/disconnected_install/installing-mirroring-installation-images.adoc#installing-mirroring-installation-images[mirror the installation packages] and install the cluster from them. Follow detailed instructions for user provisioned infrastructure installations into restricted networks for xref:../installing/installing_aws/installing-restricted-networks-aws.adoc#installing-restricted-networks-aws[AWS], xref:../installing/installing_gcp/installing-restricted-networks-gcp.adoc#installing-restricted-networks-gcp[GCP], xref:../installing/installing_ibm_z/installing-restricted-networks-ibm-z.adoc#installing-restricted-networks-ibm-z[IBM Z or LinuxONE], xref:../installing/installing_ibm_z/installing-restricted-networks-ibm-z-kvm.adoc#installing-restricted-networks-ibm-z-kvm[IBM Z or LinuxONE with {op-system-base} KVM], xref:../installing/installing_ibm_power/installing-restricted-networks-ibm-power.adoc#installing-restricted-networks-ibm-power[IBM Power], xref:../installing/installing_vsphere/installing-restricted-networks-vsphere.adoc#installing-restricted-networks-vsphere[vSphere], xref:../installing/installing_vmc/installing-restricted-networks-vmc-user-infra.adoc#installing-restricted-networks-vmc-user-infra[VMC on AWS], or xref:../installing/installing_bare_metal/installing-restricted-networks-bare-metal.adoc#installing-restricted-networks-bare-metal[bare metal]. You can also install a cluster into a restricted network using installer-provisioned infrastructure by following detailed instructions for xref:../installing/installing_aws/installing-restricted-networks-aws-installer-provisioned.adoc#installing-restricted-networks-aws-installer-provisioned[AWS], xref:../installing/installing_gcp/installing-restricted-networks-gcp-installer-provisioned.adoc#installing-restricted-networks-gcp-installer-provisioned[GCP], xref:../installing/installing_nutanix/installing-restricted-networks-nutanix-installer-provisioned.adoc#installing-restricted-networks-nutanix-installer-provisioned[Nutanix], xref:../installing/installing_vmc/installing-restricted-networks-vmc.adoc#installing-restricted-networks-vmc[VMC on AWS], xref:../installing/installing_openstack/installing-openstack-installer-restricted.adoc#installing-openstack-installer-restricted[{rh-openstack}], xref:../installing/installing_rhv/installing-rhv-restricted-network.adoc#installing-rhv-restricted-network[{rh-virtualization}], and xref:../installing/installing_vsphere/installing-restricted-networks-installer-provisioned-vsphere.adoc#installing-restricted-networks-installer-provisioned-vsphere[vSphere]. If you need to deploy your cluster to an xref:../installing/installing_aws/installing-aws-government-region.adoc#installing-aws-government-region[AWS GovCloud region], xref:../installing/installing_aws/installing-aws-china.adoc#installing-aws-china-region[AWS China region], or xref:../installing/installing_azure/installing-azure-government-region.adoc#installing-azure-government-region[Azure government region], you can configure those custom regions during an installer-provisioned infrastructure installation. @@ -196,7 +196,7 @@ ifndef::openshift-origin[] | | |xref:../installing/installing_gcp/installing-restricted-networks-gcp-installer-provisioned.adoc#installing-restricted-networks-gcp-installer-provisioned[✓] -| +|xref:../installing/installing_nutanix/installing-restricted-networks-nutanix-installer-provisioned.adoc#installing-restricted-networks-nutanix-installer-provisioned[✓] |xref:../installing/installing_openstack/installing-openstack-installer-restricted.adoc#installing-openstack-installer-restricted[✓] |xref:../installing/installing_rhv/installing-rhv-restricted-network.adoc#installing-rhv-restricted-network[✓] |xref:../installing/installing_bare_metal_ipi/ipi-install-installation-workflow.adoc#ipi-install-installation-workflow[✓] @@ -363,7 +363,7 @@ ifdef::openshift-origin[] | | |xref:../installing/installing_gcp/installing-restricted-networks-gcp-installer-provisioned.adoc#installing-restricted-networks-gcp-installer-provisioned[✓] -| +|xref:../installing/installing_nutanix/installing-restricted-networks-nutanix-installer-provisioned.adoc#installing-restricted-networks-nutanix-installer-provisioned[✓] |xref:../installing/installing_openstack/installing-openstack-installer-restricted.adoc#installing-openstack-installer-restricted[✓] |xref:../installing/installing_rhv/installing-rhv-restricted-network.adoc#installing-rhv-restricted-network[✓] | diff --git a/installing/installing_nutanix/installing-restricted-networks-nutanix-installer-provisioned.adoc b/installing/installing_nutanix/installing-restricted-networks-nutanix-installer-provisioned.adoc new file mode 100644 index 0000000000..8dfa556dfd --- /dev/null +++ b/installing/installing_nutanix/installing-restricted-networks-nutanix-installer-provisioned.adoc @@ -0,0 +1,64 @@ +:_content-type: ASSEMBLY +[id="installing-restricted-networks-nutanix-installer-provisioned"] += Installing a cluster on Nutanix in a restricted network +include::_attributes/common-attributes.adoc[] +:context: installing-restricted-networks-nutanix-installer-provisioned + +toc::[] + +In {product-title} {product-version}, you can install a cluster on Nutanix infrastructure in a restricted network by creating an internal mirror of the installation release content. + +== Prerequisites + +* You have reviewed details about the xref:../../architecture/architecture-installation.adoc#architecture-installation[{product-title} installation and update] processes. +* If you use a firewall, you have configured it to xref:../../installing/install_config/configuring-firewall.adoc#configuring-firewall[grant access] to the sites that {product-title} requires. This includes the use of Telemetry. +* If your Nutanix environment is using the default self-signed SSL/TLS certificate, replace it with a certificate that is signed by a CA. The installation program requires a valid CA-signed certificate to access to the Prism Central API. For more information about replacing the self-signed certificate, see the https://portal.nutanix.com/page/documents/details?targetId=Nutanix-Security-Guide-v6_1:mul-security-ssl-certificate-pc-t.html[Nutanix AOS Security Guide]. ++ +[IMPORTANT] +==== +Use 2048-bit certificates. The installation fails if you use 4096-bit certificates with Prism Central 2022.x. +==== +* You have a container image registry, such as Red Hat Quay. If you do not already have a registry, you can create a mirror registry using xref:../../installing/disconnected_install/installing-mirroring-creating-registry.adoc#installing-mirroring-creating-registry[_mirror registry for Red Hat OpenShift_]. +* You have used the xref:../../installing/disconnected_install/installing-mirroring-disconnected.adoc#installing-mirroring-disconnected[oc-mirror OpenShift CLI (oc) plugin] to mirror all of the required {product-title} content and other images, including the Nutanix CSI Operator, to your mirror registry. ++ +[IMPORTANT] +==== +Because the installation media is on the mirror host, you can use that computer to complete all installation steps. +==== + +include::modules/installation-about-restricted-network.adoc[leveloffset=+1] + +include::modules/ssh-agent-using.adoc[leveloffset=+1] + +include::modules/installation-adding-nutanix-root-certificates.adoc[leveloffset=+1] + +include::modules/installation-nutanix-download-rhcos.adoc[leveloffset=+1] + +include::modules/installation-initializing.adoc[leveloffset=+1] +include::modules/installation-configuration-parameters.adoc[leveloffset=+2] +include::modules/installation-nutanix-config-yaml.adoc[leveloffset=+2] +include::modules/installation-configure-proxy.adoc[leveloffset=+2] + +include::modules/cli-installing-cli.adoc[leveloffset=+1] + +include::modules/manually-configure-iam-nutanix.adoc[leveloffset=+1] + +include::modules/installation-launching-installer.adoc[leveloffset=+1] + +== Post installation +Complete the following steps to complete the configuration of your cluster. + +include::modules/olm-restricted-networks-configuring-operatorhub.adoc[leveloffset=+2] +include::modules/oc-mirror-updating-restricted-cluster-manifests.adoc[leveloffset=+2] +include::modules/registry-configuring-storage-nutanix.adoc[leveloffset=+2] + +include::modules/cluster-telemetry.adoc[leveloffset=+1] + +[role="_additional-resources"] +== Additional resources + +* xref:../../support/remote_health_monitoring/about-remote-health-monitoring.adoc#about-remote-health-monitoring[About remote health monitoring] + +== Next steps +* xref:../../support/remote_health_monitoring/opting-out-of-remote-health-reporting.adoc#opting-out-remote-health-reporting_opting-out-remote-health-reporting[Opt out of remote health reporting] +* xref:../../post_installation_configuration/cluster-tasks.adoc#available_cluster_customizations[Customize your cluster] diff --git a/modules/cli-installing-cli.adoc b/modules/cli-installing-cli.adoc index 618b37ec71..7c5f5b8833 100644 --- a/modules/cli-installing-cli.adoc +++ b/modules/cli-installing-cli.adoc @@ -50,7 +50,9 @@ // * installing/installing_rhv/installing-rhv-default.adoc // * updating/updating-restricted-network-cluster/restricted-network-update.adoc // * microshift_cli_ref/microshift-oc-cli-install.adoc -// +// * updating/updating-restricted-network-cluster.adoc +// * installing/installing-nutanix-installer-provisioned.adoc +// * installing/installing-restricted-networks-nutanix-installer-provisioned.adoc // AMQ docs link to this; do not change anchor ifeval::["{context}" == "updating-restricted-network-cluster"] diff --git a/modules/cluster-telemetry.adoc b/modules/cluster-telemetry.adoc index f63f027ff6..1bc9a02634 100644 --- a/modules/cluster-telemetry.adoc +++ b/modules/cluster-telemetry.adoc @@ -72,6 +72,8 @@ // * installing/installing_vmc/installing-vmc.adoc // * installing/installing_ibm_power/installing-ibm-power.adoc // * installing/installing_ibm_power/installing-restricted-networks-ibm-power.adoc +// * installing/installing-nutanix-installer-provisioned.adoc +// * installing/installing-restricted-networks-nutanix-installer-provisioned.adoc :_content-type: CONCEPT [id="cluster-telemetry_{context}"] diff --git a/modules/installation-about-restricted-network.adoc b/modules/installation-about-restricted-network.adoc index 119967550b..5461a0b2a9 100644 --- a/modules/installation-about-restricted-network.adoc +++ b/modules/installation-about-restricted-network.adoc @@ -12,6 +12,7 @@ // * installing/installing_vsphere/installing-restricted-networks-installer-provisioned-vsphere.adoc // * installing/installing_openstack/installing-openstack-installer-restricted.adoc // * installing/installing-rhv-restricted-network.adoc +// * installing/installing-restricted-networks-nutanix-installer-provisioned.adoc ifeval::["{context}" == "installing-ibm-power"] :ibm-power: @@ -37,6 +38,9 @@ endif::[] ifeval::["{context}" == "installing-restricted-networks-aws-installer-provisioned"] :ipi: endif::[] +ifeval::["{context}" == "installing-restricted-networks-nutanix-installer-provisioned"] +:ipi: +endif::[] :_content-type: CONCEPT [id="installation-about-restricted-networks_{context}"] @@ -51,7 +55,7 @@ still require access to its cloud APIs. Some cloud functions, like Amazon Web Service's Route 53 DNS and IAM services, require internet access. //behind a proxy Depending on your network, you might require less internet -access for an installation on bare metal hardware or on VMware vSphere. +access for an installation on bare metal hardware, Nutanix, or on VMware vSphere. endif::ibm-power[] To complete a restricted network installation, you must create a registry that @@ -103,3 +107,6 @@ endif::[] ifeval::["{context}" == "installing-restricted-networks-aws-installer-provisioned"] :!ipi: endif::[] +ifeval::["{context}" == "installing-restricted-networks-nutanix-installer-provisioned"] +:!ipi: +endif::[] diff --git a/modules/installation-adding-nutanix-root-certificates.adoc b/modules/installation-adding-nutanix-root-certificates.adoc index 0f25a0745e..d225d28344 100644 --- a/modules/installation-adding-nutanix-root-certificates.adoc +++ b/modules/installation-adding-nutanix-root-certificates.adoc @@ -1,6 +1,7 @@ // Module included in the following assemblies: // // * installing/installing_nutanix/installing-nutanix-installer-provisioned.adoc +// * installing/installing-restricted-networks-nutanix-installer-provisioned.adoc :_content-type: PROCEDURE [id="installation-adding-nutanix-root-certificates_{context}"] diff --git a/modules/installation-configuration-parameters.adoc b/modules/installation-configuration-parameters.adoc index bc83c38be9..9c2f4ff877 100644 --- a/modules/installation-configuration-parameters.adoc +++ b/modules/installation-configuration-parameters.adoc @@ -55,6 +55,7 @@ // * installing/installing_azure_stack_hub/installing-azure-stack-hub-default.adoc // * installing/installing_azure_stack_hub/installing-azure-stack-hub-customizations.adoc // * installing/installing_nutanix/installing-nutanix-installer-provisioned.adoc +// * installing/installing-restricted-networks-nutanix-installer-provisioned.adoc ifeval::["{context}" == "installing-alibaba-customizations"] :alibabacloud: @@ -223,6 +224,9 @@ endif::[] ifeval::["{context}" == "installing-nutanix-installer-provisioned"] :nutanix: endif::[] +ifeval::["{context}" == "installing-restricted-networks-nutanix-installer-provisioned"] +:nutanix: +endif::[] :_content-type: CONCEPT [id="installation-configuration-parameters_{context}"] @@ -2052,3 +2056,6 @@ endif::[] ifeval::["{context}" == "installing-nutanix-installer-provisioned"] :!nutanix: endif::[] +ifeval::["{context}" == "installing-restricted-networks-nutanix-installer-provisioned"] +:!nutanix: +endif::[] diff --git a/modules/installation-configure-proxy.adoc b/modules/installation-configure-proxy.adoc index fe23eb56df..2d89e31d6d 100644 --- a/modules/installation-configure-proxy.adoc +++ b/modules/installation-configure-proxy.adoc @@ -57,6 +57,8 @@ // * installing/installing_platform_agnostic/installing-platform-agnostic.adoc // * networking/configuring-a-custom-pki.adoc // * installing/installing-rhv-restricted-network.adoc +// * installing/installing-nutanix-installer-provisioned.adoc +// * installing/installing-restricted-networks-nutanix-installer-provisioned.adoc ifeval::["{context}" == "installing-aws-china-region"] :aws: diff --git a/modules/installation-initializing.adoc b/modules/installation-initializing.adoc index b301676c8e..21c7ea6e69 100644 --- a/modules/installation-initializing.adoc +++ b/modules/installation-initializing.adoc @@ -37,6 +37,7 @@ // * installing/installing_vsphere/installing-vsphere-installer-provisioned-network-customizations.adoc // * installing/installing_vsphere/installing-restricted-networks-installer-provisioned-vsphere.adoc // * installing/installing_nutanix/configuring-iam-nutanix.adoc +// * installing/installing-restricted-networks-nutanix-installer-provisioned.adoc // * installing/installing_gcp/installing-openstack-installer-restricted.adoc // Consider also adding the installation-configuration-parameters.adoc module. @@ -175,6 +176,10 @@ endif::[] ifeval::["{context}" == "installing-nutanix-installer-provisioned"] :nutanix: endif::[] +ifeval::["{context}" == "installing-restricted-networks-nutanix-installer-provisioned"] +:nutanix: +:restricted: +endif::[] :_content-type: PROCEDURE [id="installation-initializing_{context}"] @@ -214,7 +219,13 @@ endif::nutanix[] * Obtain the {product-title} installation program and the pull secret for your cluster. ifdef::restricted[] For a restricted network installation, these files are on your mirror host. +ifndef::nutanix[] * Have the `imageContentSources` values that were generated during mirror registry creation. +endif::nutanix[] +ifdef::nutanix+restricted[] +* Have the `imageContentSourcePolicy.yaml` file that was created when you mirrored your registry. +* Have the location of the {op-system-first} image you download. +endif::nutanix+restricted[] * Obtain the contents of the certificate for your mirror registry. ifndef::aws,gcp[] * Retrieve a {op-system-first} image and upload it to an accessible location. @@ -540,6 +551,16 @@ platform: clusterOSImage: http://mirror.example.com/images/rhcos-43.81.201912131630.0-vmware.x86_64.ova?sha256=ffebbd68e8a1f2a245ca19522c16c86f67f9ac8e4e0c1f0a812b068b16f7265d ---- endif::vsphere+restricted[] +ifdef::nutanix+restricted[] +. In the `install-config.yaml` file, set the value of `platform.nutanix.clusterOSImage` to the image location or name. For example: ++ +[source,yaml] +---- +platform: + nutanix: + clusterOSImage: http://mirror.example.com/images/rhcos-47.83.202103221318-0-nutanix.x86_64.qcow2 +---- +endif::nutanix+restricted[] ifdef::restricted[] . Edit the `install-config.yaml` file to give the additional information that is required for an installation in a restricted network. @@ -604,10 +625,17 @@ imageContentSources: source: registry.example.com/ocp/release ---- + +ifndef::nutanix[] For these values, use the `imageContentSources` that you recorded during mirror registry creation. +endif::nutanix[] +ifdef::nutanix[] +For these values, use the `imageContentSourcePolicy.yaml` file that was created when you mirrored the registry. +endif::nutanix[] +ifndef::nutanix[] . Make any other modifications to the `install-config.yaml` file that you require. You can find more information about the available parameters in the *Installation configuration parameters* section. +endif::nutanix[] endif::restricted[] ifdef::nutanix[] @@ -760,3 +788,7 @@ endif::[] ifeval::["{context}" == "installing-nutanix-installer-provisioned"] :!nutanix: endif::[] +ifeval::["{context}" == "installing-restricted-networks-nutanix-installer-provisioned"] +:!nutanix: +:!restricted: +endif::[] diff --git a/modules/installation-launching-installer.adoc b/modules/installation-launching-installer.adoc index b5b3cf925a..7b2f0e7876 100644 --- a/modules/installation-launching-installer.adoc +++ b/modules/installation-launching-installer.adoc @@ -40,7 +40,8 @@ // * installing/installing_vsphere/installing-vsphere-installer-provisioned-network-customizations.adoc // * installing/installing_vsphere/installing-vsphere-installer-provisioned-customizations.adoc // * installing/installing_vsphere/installing-restricted-networks-installer-provisioned-vsphere.adoc -// * installing/installing_nutanix/configuring-iam-nutanix.adoc +// * installing/installing-nutanix-installer-provisioned.adoc +// * installing/installing-restricted-networks-nutanix-installer-provisioned.adoc // If you use this module in any other assembly, you must update the ifeval // statements. @@ -261,6 +262,11 @@ ifeval::["{context}" == "installing-nutanix-installer-provisioned"] :nutanix: :single-step: endif::[] +ifeval::["{context}" == "installing-restricted-networks-nutanix-installer-provisioned"] +:custom-config: +:nutanix: +:single-step: +endif::[] :_content-type: PROCEDURE [id="installation-launching-installer_{context}"] @@ -764,3 +770,8 @@ ifeval::["{context}" == "installing-nutanix-installer-provisioned"] :!nutanix: :!single-step: endif::[] +ifeval::["{context}" == "installing-restricted-networks-nutanix-installer-provisioned"] +:!custom-config: +:!nutanix: +:!single-step: +endif::[] diff --git a/modules/installation-nutanix-config-yaml.adoc b/modules/installation-nutanix-config-yaml.adoc index e906d22c0e..0d3d17882a 100644 --- a/modules/installation-nutanix-config-yaml.adoc +++ b/modules/installation-nutanix-config-yaml.adoc @@ -1,6 +1,14 @@ // Module included in the following assemblies: // // * installing/installing_nutanix/configuring-iam-nutanix.adoc +// * installing/installing-restricted-networks-nutanix-installer-provisioned.adoc + +ifeval::["{context}" == "installing-nutanix-installer-provisioned"] +:default: +endif::[] +ifeval::["{context}" == "installing-restricted-networks-nutanix-installer-provisioned"] +:restricted: +endif::[] :_content-type: REFERENCE [id="installation-nutanix-config-yaml_{context}"] @@ -13,6 +21,7 @@ You can customize the `install-config.yaml` file to specify more details about y This sample YAML file is provided for reference only. You must obtain your `install-config.yaml` file by using the installation program and modify it. ==== +ifdef::default[] [source,yaml] ---- apiVersion: v1 @@ -68,12 +77,7 @@ platform: uuid: 0005b0f1-8f43-a0f2-02b7-3cecef193712 subnetUUIDs: - c7938dc6-7659-453e-a688-e26020c68e43 -ifndef::openshift-origin[] clusterOSImage: http://example.com/images/rhcos-47.83.202103221318-0-nutanix.x86_64.qcow2 <6> -endif::openshift-origin[] -ifdef::openshift-origin[] - clusterOSImage: http://example.com/images/rhcos-47.83.202103221318-0-nutanix.x86_64.qcow2 <6> -endif::openshift-origin[] credentialsMode: Manual publish: External pullSecret: '{"auths": ...}' <1> @@ -114,3 +118,150 @@ endif::openshift-origin[] ==== For production {product-title} clusters on which you want to perform installation debugging or disaster recovery, specify an SSH key that your `ssh-agent` process uses. ==== +endif::default[] + +ifdef::restricted[] +[source,yaml] +---- +apiVersion: v1 +baseDomain: example.com <1> +compute: <2> +- hyperthreading: Enabled <3> + name: worker + replicas: 3 + platform: + nutanix: <4> + cpus: 2 + coresPerSocket: 2 + memoryMiB: 8196 + osDisk: + diskSizeGiB: 120 +controlPlane: <2> + hyperthreading: Enabled <3> + name: master + replicas: 3 + platform: + nutanix: <4> + cpus: 4 + coresPerSocket: 2 + memoryMiB: 16384 + osDisk: + diskSizeGiB: 120 +metadata: + creationTimestamp: null + name: test-cluster <1> +networking: + clusterNetwork: + - cidr: 10.128.0.0/14 + hostPrefix: 23 + machineNetwork: + - cidr: 10.0.0.0/16 + networkType: OVNKubernetes <5> + serviceNetwork: + - 172.30.0.0/16 +platform: + nutanix: + apiVIP: 10.40.142.7 <1> + ingressVIP: 10.40.142.8 <1> + prismCentral: + endpoint: + address: your.prismcentral.domainname <1> + port: 9440 <1> + password: samplepassword <1> + username: sampleadmin <1> + prismElements: + - endpoint: + address: your.prismelement.domainname + port: 9440 + uuid: 0005b0f1-8f43-a0f2-02b7-3cecef193712 + subnetUUIDs: + - c7938dc6-7659-453e-a688-e26020c68e43 + clusterOSImage: http://example.com/images/rhcos-47.83.202103221318-0-nutanix.x86_64.qcow2 <6> +credentialsMode: Manual +publish: External +pullSecret: '{"auths":{"": {"auth": "","email": "you@example.com"}}}' <7> +ifndef::openshift-origin[] +fips: false <8> +sshKey: ssh-ed25519 AAAA... <9> +endif::openshift-origin[] +ifdef::openshift-origin[] +sshKey: ssh-ed25519 AAAA... <8> +endif::openshift-origin[] +ifndef::openshift-origin[] +additionalTrustBundle: | <10> + -----BEGIN CERTIFICATE----- + ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ + -----END CERTIFICATE----- +imageContentSources: <11> +- mirrors: + - //release + source: quay.io/openshift-release-dev/ocp-release +- mirrors: + - //release + source: quay.io/openshift-release-dev/ocp-v4.0-art-dev +endif::openshift-origin[] +ifdef::openshift-origin[] +additionalTrustBundle: | <9> + -----BEGIN CERTIFICATE----- + ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ + -----END CERTIFICATE----- +imageContentSources: <10> +- mirrors: + - //release + source: quay.io/openshift-release-dev/ocp-release +- mirrors: + - //release + source: quay.io/openshift-release-dev/ocp-v4.0-art-dev +endif::openshift-origin[] +---- +<1> Required. The installation program prompts you for this value. +<2> The `controlPlane` section is a single mapping, but the compute section is a sequence of mappings. To meet the requirements of the different data structures, the first line of the `compute` section must begin with a hyphen, `-`, and the first line of the `controlPlane` section must not. Although both sections currently define a single machine pool, it is possible that future versions of {product-title} will support defining multiple compute pools during installation. Only one control plane pool is used. +<3> Whether to enable or disable simultaneous multithreading, or `hyperthreading`. By default, simultaneous multithreading is enabled to increase the performance of your machines' cores. You can disable it by setting the parameter value to `Disabled`. If you disable simultaneous multithreading in some cluster machines, you must disable it in all cluster machines. ++ +[IMPORTANT] +==== +If you disable simultaneous multithreading, ensure that your capacity planning accounts for the dramatically decreased machine performance. +==== +<4> Optional: Provide additional configuration for the machine pool parameters for the compute and control plane machines. +<5> The cluster network plugin to install. The supported values are `OVNKubernetes` and `OpenShiftSDN`. The default value is `OVNKubernetes`. +<6> Optional: By default, the installation program downloads and installs the {op-system-first} image. If Prism Central does not have internet access, you can override the default behavior by hosting the {op-system} image on any HTTP server or Nutanix Objects and pointing the installation program to the image. +<7> For ``, specify the registry domain name, and optionally the port, that your mirror registry uses to serve content. For example `registry.example.com` or `registry.example.com:5000`. For ``, +specify the base64-encoded user name and password for your mirror registry. +ifndef::openshift-origin[] +<8> Whether to enable or disable FIPS mode. By default, FIPS mode is not enabled. If FIPS mode is enabled, the {op-system-first} machines that {product-title} runs on bypass the default Kubernetes cryptography suite and use the cryptography modules that are provided with {op-system} instead. ++ +[IMPORTANT] +==== +The use of FIPS Validated or Modules in Process cryptographic libraries is only supported on {product-title} deployments on the `x86_64` architecture. +==== +<9> Optional: You can provide the `sshKey` value that you use to access the machines in your cluster. ++ +[NOTE] +==== +For production {product-title} clusters on which you want to perform installation debugging or disaster recovery, specify an SSH key that your `ssh-agent` process uses. +==== +endif::openshift-origin[] +ifdef::openshift-origin[] +<8> Optional: You can provide the `sshKey` value that you use to access the machines in your cluster. ++ +[NOTE] +==== +For production {product-title} clusters on which you want to perform installation debugging or disaster recovery, specify an SSH key that your `ssh-agent` process uses. +==== +endif::openshift-origin[] +ifndef::openshift-origin[] +<10> Provide the contents of the certificate file that you used for your mirror registry. +<11> Provide these values from the `metadata.name: release-0` section of the `imageContentSourcePolicy.yaml` file that was created when you mirrored the registry. +endif::openshift-origin[] +ifdef::openshift-origin[] +<9> Provide the contents of the certificate file that you used for your mirror registry. +<10> Provide these values from the `metadata.name: release-0` section of the `imageContentSourcePolicy.yaml` file that was created when you mirrored the registry. +endif::openshift-origin[] +endif::restricted[] + +ifeval::["{context}" == "installing-nutanix-installer-provisioned"] +:!default: +endif::[] +ifeval::["{context}" == "installing-restricted-networks-nutanix-installer-provisioned"] +:!restricted: +endif::[] diff --git a/modules/installation-nutanix-download-rhcos.adoc b/modules/installation-nutanix-download-rhcos.adoc new file mode 100644 index 0000000000..8e8088fa2a --- /dev/null +++ b/modules/installation-nutanix-download-rhcos.adoc @@ -0,0 +1,48 @@ +// Module included in the following assemblies: +// * installing/installing-restricted-networks-nutanix-installer-provisioned.adoc + +:_content-type: PROCEDURE +[id="installation-nutanix-download-rhcos_{context}"] += Downloading the RHCOS cluster image + +Prism Central requires access to the {op-system-first} image to install the cluster. You can use the installation program to locate and download the {op-system} image and make it available through an internal HTTP server or Nutanix Objects. + +.Prerequisites + +* Obtain the {product-title} installation program and the pull secret for your cluster. For a restricted network installation, these files are on your mirror host. + +.Procedure + +. Change to the directory that contains the installation program and run the following command: ++ +[source,terminal] +---- +$ ./openshift-install coreos print-stream-json +---- + +. Use the output of the command to find the location of the Nutanix image, and click the link to download it. ++ +.Example output +[source, terminal] +---- +"nutanix": { + "release": "411.86.202210041459-0", + "formats": { + "qcow2": { + "disk": { + "location": "https://rhcos.mirror.openshift.com/art/storage/releases/rhcos-4.11/411.86.202210041459-0/x86_64/rhcos-411.86.202210041459-0-nutanix.x86_64.qcow2", + "sha256": "42e227cac6f11ac37ee8a2f9528bb3665146566890577fd55f9b950949e5a54b" +---- + +. Make the image available through an internal HTTP server or Nutanix Objects. + +. Note the location of the downloaded image. You update the `platform` section in the installation configuration file (`install-config.yaml`) with the image's location before deploying the cluster. + +.Snippet of an `install-config.yaml` file that specifies the {op-system} image + +[source,yaml] +---- +platform: + nutanix: + clusterOSImage: http://example.com/images/rhcos-411.86.202210041459-0-nutanix.x86_64.qcow2 +---- diff --git a/modules/manually-configure-iam-nutanix.adoc b/modules/manually-configure-iam-nutanix.adoc index be7c892c70..24cc6c7297 100644 --- a/modules/manually-configure-iam-nutanix.adoc +++ b/modules/manually-configure-iam-nutanix.adoc @@ -1,6 +1,7 @@ // Module included in the following assemblies: // // * installing/installing_nutanix/configuring-iam-nutanix.adoc +// * installing/installing-restricted-networks-nutanix-installer-provisioned.adoc :_content-type: PROCEDURE [id="manually-create-iam-nutanix_{context}"] diff --git a/modules/oc-mirror-image-set-config-examples.adoc b/modules/oc-mirror-image-set-config-examples.adoc index 89c1b0d4ef..6629c3f0a3 100644 --- a/modules/oc-mirror-image-set-config-examples.adoc +++ b/modules/oc-mirror-image-set-config-examples.adoc @@ -140,3 +140,33 @@ mirror: minVersion: '1.0.0' maxVersion: '2.0.0' ---- + +[discrete] +[id="oc-mirror-image-set-examples-nutanix-operator_{context}"] +== Use case: Including the Nutanix CSI Operator +The following `ImageSetConfiguration` file uses a local storage backend and includes the Nutanix CSI Operator, the OpenShift Update Service (OSUS) graph image, and an additional Red Hat Universal Base Image (UBI). + +.Example `ImageSetConfiguration` file +[source,yaml] +---- + kind: ImageSetConfiguration + apiVersion: mirror.openshift.io/v1alpha2 + storageConfig: + registry: + imageURL: mylocalregistry/ocp-mirror/openshift4 + skipTLS: false + mirror: + platform: + channels: + - name: stable-4.11 + type: ocp + graph: true + operators: + - catalog: registry.redhat.io/redhat/certified-operator-index:v4.11 + packages: + - name: nutanixcsioperator + channels: + - name: stable + additionalImages: + - name: registry.redhat.io/ubi8/ubi:latest +---- diff --git a/modules/oc-mirror-updating-restricted-cluster-manifests.adoc b/modules/oc-mirror-updating-restricted-cluster-manifests.adoc new file mode 100644 index 0000000000..6deb4835be --- /dev/null +++ b/modules/oc-mirror-updating-restricted-cluster-manifests.adoc @@ -0,0 +1,46 @@ +// Module included in the following assemblies: +// +// * installing/installing-restricted-networks-nutanix-installer-provisioned.adoc + +:_content-type: PROCEDURE +[id="oc-mirror-updating-cluster-manifests_{context}"] += Installing the policy resources into the cluster + +Mirroring the {product-title} content using the oc-mirror OpenShift CLI (oc) plugin creates resources, which include `catalogSource-certified-operator-index.yaml` and `imageContentSourcePolicy.yaml`. + +* The `ImageContentSourcePolicy` resource associates the mirror registry with the source registry and redirects image pull requests from the online registries to the mirror registry. +* The `CatalogSource` resource is used by Operator Lifecycle Manager (OLM) to retrieve information about the available Operators in the mirror registry, which lets users discover and install Operators. + +After you install the cluster, you must install these resources into the cluster. + +.Prerequisites + +* You have mirrored the image set to the registry mirror in the disconnected environment. +* You have access to the cluster as a user with the `cluster-admin` role. + +.Procedure + +. Log in to the OpenShift CLI as a user with the `cluster-admin` role. + +. Apply the YAML files from the results directory to the cluster: ++ +[source,terminal] +---- +$ oc apply -f ./oc-mirror-workspace/results-/ +---- + +.Verification + +. Verify that the `ImageContentSourcePolicy` resources were successfully installed: ++ +[source,terminal] +---- +$ oc get imagecontentsourcepolicy --all-namespaces +---- + +. Verify that the `CatalogSource` resources were successfully installed: ++ +[source,terminal] +---- +$ oc get catalogsource --all-namespaces +---- diff --git a/modules/olm-restricted-networks-configuring-operatorhub.adoc b/modules/olm-restricted-networks-configuring-operatorhub.adoc index 94413e34e8..c3c4da8732 100644 --- a/modules/olm-restricted-networks-configuring-operatorhub.adoc +++ b/modules/olm-restricted-networks-configuring-operatorhub.adoc @@ -17,6 +17,7 @@ // * installing/installing_vsphere/installing-restricted-networks-vsphere.adoc // * operators/admin/olm-restricted-networks.adoc // * operators/admin/olm-managing-custom-catalogs.adoc +// * installing/installing-restricted-networks-nutanix-installer-provisioned.adoc ifeval::["{context}" == "olm-restricted-networks"] :olm-restricted-networks: diff --git a/modules/registry-configuring-storage-nutanix.adoc b/modules/registry-configuring-storage-nutanix.adoc new file mode 100644 index 0000000000..c3426eff44 --- /dev/null +++ b/modules/registry-configuring-storage-nutanix.adoc @@ -0,0 +1,9 @@ +// * installing/installing-restricted-networks-nutanix-installer-provisioned.adoc + +:_content-type: PROCEDURE +[id="registry-configuring-storage-nutanix_{context}"] += Configuring the default storage container + +After you install the cluster, you must install the Nutanix CSI Operator and configure the default storage container for the cluster. + +For more information, see the Nutanix documentation for link:https://opendocs.nutanix.com/openshift/operators/csi/[installing the CSI Operator] and link:https://opendocs.nutanix.com/openshift/install/ipi/#openshift-image-registry-configuration[configuring registry storage]. diff --git a/modules/ssh-agent-using.adoc b/modules/ssh-agent-using.adoc index 6ac8a09eab..d157042fec 100644 --- a/modules/ssh-agent-using.adoc +++ b/modules/ssh-agent-using.adoc @@ -56,6 +56,7 @@ // * installing/installing_ibm_z/installing-ibm-power.adoc // * installing/installing-rhv-restricted-network.adoc // * installing/installing_nutanix/installing-nutanix-installer-provisioned.adoc +// * installing/installing-restricted-networks-nutanix-installer-provisioned.adoc ifeval::["{context}" == "installing-restricted-networks-vsphere"]