mirror of
https://github.com/openshift/openshift-docs.git
synced 2026-02-05 12:46:18 +01:00
CCXDEV-4071 CCXDEV-4434 new chapter for restricted networks
This commit is contained in:
Justin Nixon
committed by
openshift-cherrypick-robot
openshift-cherrypick-robot
parent
0a9de74655
commit
b722787d01
@@ -415,6 +415,8 @@ Topics:
|
||||
File: opting-out-of-remote-health-reporting
|
||||
- Name: Using Insights to identify issues with your cluster
|
||||
File: using-insights-to-identify-issues-with-your-cluster
|
||||
- Name: Using remote health reporting in a restricted network
|
||||
File: remote-health-reporting-from-restricted-network
|
||||
- Name: Gathering data about your cluster
|
||||
File: gathering-cluster-data
|
||||
Distros: openshift-enterprise,openshift-origin
|
||||
|
||||
35
modules/insights-operator-enable-obfuscation.adoc
Normal file
35
modules/insights-operator-enable-obfuscation.adoc
Normal file
@@ -0,0 +1,35 @@
|
||||
// Module included in the following assemblies:
|
||||
//
|
||||
// * support/remote_health_monitoring/remote-health-reporting-from-restricted-network.adoc
|
||||
|
||||
|
||||
|
||||
[id="insights-operator-enable-obfuscation_{context}"]
|
||||
= Enabling Insights Operator data obfuscation
|
||||
|
||||
You can enable obfuscation to mask sensitive and identifiable IPv4 addresses and cluster base domains that the Insights Operator sends to link:https://cloud.redhat.com[cloud.redhat.com].
|
||||
|
||||
[WARNING]
|
||||
====
|
||||
Although this feature is available, Red Hat recommends keeping obfuscation disabled for a more effective support experience.
|
||||
====
|
||||
|
||||
Obfuscation assigns non-identifying values to cluster IPv4 addresses, and uses a translation table that is retained in memory to change IP addresses to their obfuscated versions throughout the Insights Operator archive before uploading the data to link:https://cloud.redhat.com[cloud.redhat.com].
|
||||
|
||||
For cluster base domains, obfuscation changes the base domain to a hardcoded substring. For example, `cluster-api.openshift.example.com` becomes `cluster-api.<CLUSTER_BASE_DOMAIN>`.
|
||||
|
||||
.Prerequisites
|
||||
|
||||
* You are logged in to the {product-title} web console as `cluster-admin`.
|
||||
|
||||
.Procedure
|
||||
|
||||
. Navigate to *Workloads* -> *Secrets*.
|
||||
. Search for the *support* secret using the *Search by name* field. If it does not exist, click *Create* -> *Key/value secret* to create it.
|
||||
. Click the *Options* menu {kebab}, and then click *Edit Secret*.
|
||||
. Click *Add Key/Value*.
|
||||
. Create a key named `enableGlobalObfuscation` with a value of `true`, and click *Save*.
|
||||
. Navigate to *Workloads* -> *Pods*
|
||||
. Select the `openshift-insights` project.
|
||||
. Find the `insights-operator` pod.
|
||||
. To restart the `insights-operator` pod, click the *Options* menu {kebab}, and then click *Delete Pod*.
|
||||
72
modules/insights-operator-manual-upload.adoc
Normal file
72
modules/insights-operator-manual-upload.adoc
Normal file
@@ -0,0 +1,72 @@
|
||||
// Module included in the following assemblies:
|
||||
//
|
||||
// * support/remote_health_monitoring/remote-health-reporting-from-restricted-network.adoc
|
||||
|
||||
|
||||
|
||||
[id="insights-operator-manual-upload_{context}"]
|
||||
= Uploading an Insights Operator archive
|
||||
|
||||
You can manually upload an Insights Operator archive to link:https://cloud.redhat.com[cloud.redhat.com] to diagnose potential issues.
|
||||
|
||||
.Prerequisites
|
||||
|
||||
* You are logged in to {product-title} as `cluster-admin`.
|
||||
* You have a workstation with unrestricted internet access.
|
||||
* You have created a copy of the Insights Operator archive.
|
||||
|
||||
.Procedure
|
||||
|
||||
. Download the `dockerconfig.json` file:
|
||||
+
|
||||
[source,terminal]
|
||||
----
|
||||
$ oc extract secret/pull-secret -n openshift-config --to=.
|
||||
----
|
||||
. Copy your `"cloud.openshift.com"` `"auth"` token from the `dockerconfig.json` file:
|
||||
+
|
||||
[source,json,subs="+quotes"]
|
||||
----
|
||||
{
|
||||
"auths": {
|
||||
"cloud.openshift.com": {
|
||||
"auth": "_<your_token>_",
|
||||
"email": "asd@redhat.com"
|
||||
}
|
||||
}
|
||||
----
|
||||
|
||||
|
||||
. Upload the archive to link:https://cloud.redhat.com[cloud.redhat.com]:
|
||||
+
|
||||
[source,terminal,subs="+quotes"]
|
||||
----
|
||||
$ curl -v -H "User-Agent: insights-operator/one10time200gather184a34f6a168926d93c330 cluster/_<cluster_id>_" -H "Authorization: Bearer _<your_token>_" -F "upload=@_<path_to_archive>_; type=application/vnd.redhat.openshift.periodic+tar" https://cloud.redhat.com/api/ingress/v1/upload
|
||||
----
|
||||
where `_<cluster_id>_` is your cluster ID, `_<your_token>_` is the token from your pull secret, and `_<path_to_archive>_` is the path to the Insights Operator archive.
|
||||
+
|
||||
If the operation is successful, the command returns a `"request_id"` and `"account_number"`:
|
||||
+
|
||||
.Example output
|
||||
+
|
||||
[source,terminal]
|
||||
----
|
||||
* Connection #0 to host cloud.redhat.com left intact
|
||||
{"request_id":"393a7cf1093e434ea8dd4ab3eb28884c","upload":{"account_number":"6274079"}}%
|
||||
----
|
||||
|
||||
.Verification steps
|
||||
|
||||
. Log in to link:https://cloud.redhat.com/openshift[].
|
||||
|
||||
. Click the *Clusters* menu in the left pane.
|
||||
|
||||
. To display the details of the cluster, click the cluster name.
|
||||
|
||||
. Open the *Insights Advisor* tab of the cluster.
|
||||
+
|
||||
If the upload was successful, the tab displays one of the following:
|
||||
+
|
||||
* *Your cluster passed all recommendations*, if Insights Advisor did not identify any issues.
|
||||
|
||||
* A list of issues that Insights Advisor has detected, prioritized by risk (low, moderate, important, and critical).
|
||||
87
modules/insights-operator-one-time-gather.adoc
Normal file
87
modules/insights-operator-one-time-gather.adoc
Normal file
@@ -0,0 +1,87 @@
|
||||
// Module included in the following assemblies:
|
||||
//
|
||||
// * support/remote_health_monitoring/remote-health-reporting-from-restricted-network.adoc
|
||||
|
||||
|
||||
|
||||
[id="insights-operator-one-time-gather_{context}"]
|
||||
= Running an Insights Operator gather operation
|
||||
|
||||
You must run a gather operation to create an Insights Operator archive.
|
||||
|
||||
.Prerequisites
|
||||
|
||||
* You are logged in to {product-title} as `cluster-admin`.
|
||||
|
||||
.Procedure
|
||||
|
||||
. Create a file named `gather-job.yaml` using this template:
|
||||
+
|
||||
[source,yaml]
|
||||
----
|
||||
include::https://raw.githubusercontent.com/openshift/insights-operator/release-4.8/docs/gather-job.yaml[]
|
||||
----
|
||||
. Copy your `insights-operator` image version:
|
||||
+
|
||||
[source,terminal]
|
||||
----
|
||||
$ oc get -n openshift-insights deployment insights-operator -o yaml
|
||||
----
|
||||
. Paste your image version in `gather-job.yaml`:
|
||||
+
|
||||
[source,yaml,subs="+quotes"]
|
||||
----
|
||||
initContainers:
|
||||
- name: insights-operator
|
||||
image: _<your_insights_operator_image_version>_
|
||||
terminationMessagePolicy: FallbackToLogsOnError
|
||||
volumeMounts:
|
||||
----
|
||||
. Create the gather job:
|
||||
+
|
||||
[source,terminal]
|
||||
----
|
||||
$ oc apply -n openshift-insights -f gather-job.yaml
|
||||
----
|
||||
. Find the name of the job pod:
|
||||
+
|
||||
[source,terminal]
|
||||
----
|
||||
$ oc describe -n openshift-insights job/insights-operator-job
|
||||
----
|
||||
+
|
||||
.Example output
|
||||
[source,terminal,subs="+quotes"]
|
||||
----
|
||||
Events:
|
||||
Type Reason Age From Message
|
||||
---- ------ ---- ---- -------
|
||||
Normal SuccessfulCreate 7m18s job-controller Created pod: insights-operator-job-_<your_job>_
|
||||
----
|
||||
where `insights-operator-job-_<your_job>_` is the name of the pod.
|
||||
|
||||
. Verify that the operation has finished:
|
||||
+
|
||||
[source,terminal,subs="+quotes"]
|
||||
----
|
||||
$ oc logs -n openshift-insights insights-operator-job-_<your_job>_ insights-operator
|
||||
----
|
||||
+
|
||||
.Example output
|
||||
[source,terminal]
|
||||
----
|
||||
I0407 11:55:38.192084 1 diskrecorder.go:34] Wrote 108 records to disk in 33ms
|
||||
----
|
||||
. Save the created archive:
|
||||
+
|
||||
[source,terminal,subs="+quotes"]
|
||||
----
|
||||
$ oc cp openshift-insights/insights-operator-job-_<your_job>_:/var/lib/insights-operator ./insights-data
|
||||
----
|
||||
. Clean up the job:
|
||||
+
|
||||
[source,terminal]
|
||||
----
|
||||
$ oc delete -n openshift-insights job insights-operator-job
|
||||
----
|
||||
|
||||
@@ -0,0 +1,23 @@
|
||||
[id="remote-health-reporting-from-restricted-network"]
|
||||
= Using remote health reporting in a restricted network
|
||||
include::modules/common-attributes.adoc[]
|
||||
:context: remote-health-reporting-from-restricted-network
|
||||
|
||||
toc::[]
|
||||
|
||||
You can manually gather and upload Insights Operator archives to diagnose issues from a restricted network.
|
||||
|
||||
To use the Insights Operator in a restricted network, you must:
|
||||
|
||||
* Create a copy of your Insights Operator archive.
|
||||
* Upload the Insights Operator archive to link:https://cloud.redhat.com[cloud.redhat.com].
|
||||
|
||||
Additionally, you can choose to xref:../../support/remote_health_monitoring/remote-health-reporting-from-restricted-network.adoc#insights-operator-enable-obfuscation_remote-health-reporting-from-restricted-network[obfuscate] the Insights Operator data before upload.
|
||||
|
||||
|
||||
include::modules/insights-operator-one-time-gather.adoc[leveloffset=+1]
|
||||
|
||||
include::modules/insights-operator-manual-upload.adoc[leveloffset=+1]
|
||||
|
||||
include::modules/insights-operator-enable-obfuscation.adoc[leveloffset=+1]
|
||||
|
||||
Reference in New Issue
Block a user