diff --git a/installing/installing_ibm_z/upi/installing-ibm-z-kvm.adoc b/installing/installing_ibm_z/upi/installing-ibm-z-kvm.adoc index 1b61a72f42..c68fc9b6ae 100644 --- a/installing/installing_ibm_z/upi/installing-ibm-z-kvm.adoc +++ b/installing/installing_ibm_z/upi/installing-ibm-z-kvm.adoc @@ -51,7 +51,9 @@ include::modules/installation-user-infra-generate-k8s-manifest-ignition.adoc[lev include::modules/installation-ibm-z-kvm-user-infra-installing-rhcos.adoc[leveloffset=+1] -include::modules/ibm-z-secure-execution.adoc[leveloffset=+2] +include::modules/ibm-z-configure-encryption-kvm.adoc[leveloffset=+2] + +include::modules/ibm-z-secure-execution.adoc[leveloffset=+3] [role="_additional-resources"] .Additional resources @@ -62,7 +64,9 @@ include::modules/ibm-z-secure-execution.adoc[leveloffset=+2] * link:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/configuring_and_managing_virtualization/securing-virtual-machines-in-rhel_configuring-and-managing-virtualization#setting-up-secure-execution-on-ibm-z_securing-virtual-machines-in-rhel[Setting up {ibm-name} Secure Execution on {ibm-z-title}] -include::modules/ibm-z-configure-nbde-with-static-ip.adoc[leveloffset=+2] +include::modules/ibm-z-configure-hw-based-cex-encryption.adoc[leveloffset=+3] + +include::modules/ibm-z-configure-nbde-with-static-ip.adoc[leveloffset=+3] [role="_additional-resources"] .Additional resources @@ -100,10 +104,9 @@ include::modules/cluster-telemetry.adoc[leveloffset=+1] * link:https://access.redhat.com/solutions/4387261[How to generate SOSREPORT within {product-title} version 4 nodes without SSH] +* xref:../../../support/remote_health_monitoring/opting-out-of-remote-health-reporting.adoc#opting-out-remote-health-reporting_opting-out-remote-health-reporting[Opting out of remote health reporting] + [id="next-steps_ibm-z-kvm"] == Next steps -* xref:../../../post_installation_configuration/cluster-tasks.adoc#available_cluster_customizations[Customize your cluster]. - -* If necessary, you can -xref:../../../support/remote_health_monitoring/opting-out-of-remote-health-reporting.adoc#opting-out-remote-health-reporting_opting-out-remote-health-reporting[opt out of remote health reporting]. +* xref:../../../post_installation_configuration/cluster-tasks.adoc#available_cluster_customizations[Customize your cluster] \ No newline at end of file diff --git a/installing/installing_ibm_z/upi/installing-ibm-z-lpar.adoc b/installing/installing_ibm_z/upi/installing-ibm-z-lpar.adoc index 269b9daf47..681ee0b55c 100644 --- a/installing/installing_ibm_z/upi/installing-ibm-z-lpar.adoc +++ b/installing/installing_ibm_z/upi/installing-ibm-z-lpar.adoc @@ -47,7 +47,11 @@ include::modules/nw-operator-cr.adoc[leveloffset=+1] include::modules/installation-user-infra-generate-k8s-manifest-ignition.adoc[leveloffset=+1] -include::modules/ibm-z-configure-nbde-with-static-ip.adoc[leveloffset=+1] +include::modules/ibm-z-configure-boot-volume-encryption.adoc[leveloffset=+1] + +include::modules/ibm-z-configure-hw-based-cex-encryption.adoc[leveloffset=+2] + +include::modules/ibm-z-configure-nbde-with-static-ip.adoc[leveloffset=+2] [role="_additional-resources"] .Additional resources @@ -83,12 +87,11 @@ include::modules/cluster-telemetry.adoc[leveloffset=+1] * link:https://access.redhat.com/solutions/4387261[How to generate SOSREPORT within {product-title} version 4 nodes without SSH] -[id="next-steps_installing-ibm-z-lpar"] +* xref:../../../support/remote_health_monitoring/opting-out-of-remote-health-reporting.adoc#opting-out-remote-health-reporting_opting-out-remote-health-reporting[Opting out of remote health reporting] + +[id="next-steps_ibm-z-lpar"] == Next steps -* xref:../../../machine_configuration/machine-configs-configure.adoc#rhcos-enabling-multipath-day-2_machine-configs-configure[Enabling multipathing with kernel arguments on {op-system}]. +* xref:../../../machine_configuration/machine-configs-configure.adoc#rhcos-enabling-multipath-day-2_machine-configs-configure[Enabling multipathing with kernel arguments on {op-system}] -* xref:../../../post_installation_configuration/cluster-tasks.adoc#available_cluster_customizations[Customize your cluster]. - -* If necessary, you can -xref:../../../support/remote_health_monitoring/opting-out-of-remote-health-reporting.adoc#opting-out-remote-health-reporting_opting-out-remote-health-reporting[opt out of remote health reporting]. +* xref:../../../post_installation_configuration/cluster-tasks.adoc#available_cluster_customizations[Customize your cluster] \ No newline at end of file diff --git a/installing/installing_ibm_z/upi/installing-ibm-z.adoc b/installing/installing_ibm_z/upi/installing-ibm-z.adoc index df183a7695..bf01f7071f 100644 --- a/installing/installing_ibm_z/upi/installing-ibm-z.adoc +++ b/installing/installing_ibm_z/upi/installing-ibm-z.adoc @@ -48,7 +48,11 @@ include::modules/nw-operator-cr.adoc[leveloffset=+1] include::modules/installation-user-infra-generate-k8s-manifest-ignition.adoc[leveloffset=+1] -include::modules/ibm-z-configure-nbde-with-static-ip.adoc[leveloffset=+1] +include::modules/ibm-z-configure-boot-volume-encryption.adoc[leveloffset=+1] + +include::modules/ibm-z-configure-hw-based-cex-encryption.adoc[leveloffset=+2] + +include::modules/ibm-z-configure-nbde-with-static-ip.adoc[leveloffset=+2] [role="_additional-resources"] .Additional resources @@ -84,12 +88,12 @@ include::modules/cluster-telemetry.adoc[leveloffset=+1] * link:https://access.redhat.com/solutions/4387261[How to generate SOSREPORT within {product-title} version 4 nodes without SSH] +* xref:../../../support/remote_health_monitoring/opting-out-of-remote-health-reporting.adoc#opting-out-remote-health-reporting_opting-out-remote-health-reporting[Opting out of remote health reporting] + [id="next-steps_ibm-z-vm"] == Next steps -* xref:../../../machine_configuration/machine-configs-configure.adoc#rhcos-enabling-multipath-day-2_machine-configs-configure[Enabling multipathing with kernel arguments on {op-system}]. +* xref:../../../machine_configuration/machine-configs-configure.adoc#rhcos-enabling-multipath-day-2_machine-configs-configure[Enabling multipathing with kernel arguments on {op-system}] -* xref:../../../post_installation_configuration/cluster-tasks.adoc#available_cluster_customizations[Customize your cluster]. +* xref:../../../post_installation_configuration/cluster-tasks.adoc#available_cluster_customizations[Customize your cluster] -* If necessary, you can -xref:../../../support/remote_health_monitoring/opting-out-of-remote-health-reporting.adoc#opting-out-remote-health-reporting_opting-out-remote-health-reporting[opt out of remote health reporting]. diff --git a/installing/installing_ibm_z/upi/installing-restricted-networks-ibm-z-kvm.adoc b/installing/installing_ibm_z/upi/installing-restricted-networks-ibm-z-kvm.adoc index 74a9ad717c..245906019a 100644 --- a/installing/installing_ibm_z/upi/installing-restricted-networks-ibm-z-kvm.adoc +++ b/installing/installing_ibm_z/upi/installing-restricted-networks-ibm-z-kvm.adoc @@ -59,7 +59,9 @@ include::modules/installation-user-infra-generate-k8s-manifest-ignition.adoc[lev include::modules/installation-ibm-z-kvm-user-infra-installing-rhcos.adoc[leveloffset=+1] -include::modules/ibm-z-secure-execution.adoc[leveloffset=+2] +include::modules/ibm-z-configure-encryption-kvm.adoc[leveloffset=+2] + +include::modules/ibm-z-secure-execution.adoc[leveloffset=+3] [role="_additional-resources"] .Additional resources @@ -70,7 +72,9 @@ include::modules/ibm-z-secure-execution.adoc[leveloffset=+2] * link:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/configuring_and_managing_virtualization/securing-virtual-machines-in-rhel_configuring-and-managing-virtualization#setting-up-secure-execution-on-ibm-z_securing-virtual-machines-in-rhel[Setting up {ibm-name} Secure Execution on {ibm-z-title}] -include::modules/ibm-z-configure-nbde-with-static-ip.adoc[leveloffset=+2] +include::modules/ibm-z-configure-hw-based-cex-encryption.adoc[leveloffset=+3] + +include::modules/ibm-z-configure-nbde-with-static-ip.adoc[leveloffset=+3] [role="_additional-resources"] .Additional resources @@ -106,10 +110,12 @@ include::modules/installation-complete-user-infra.adoc[leveloffset=+1] * link:https://access.redhat.com/solutions/4387261[How to generate SOSREPORT within {product-title} version 4 nodes without SSH] +* xref:../../../openshift_images/image-configuration.adoc#images-configuration-cas_image-configuration[Image configuration resources (Classic)] + +* xref:../../../support/remote_health_monitoring/opting-out-of-remote-health-reporting.adoc#opting-out-remote-health-reporting_opting-out-remote-health-reporting[Opting out of remote health reporting] + + [id="next-steps_ibm-z-kvm-restricted"] == Next steps -* xref:../../../post_installation_configuration/cluster-tasks.adoc#available_cluster_customizations[Customize your cluster]. -* If the mirror registry that you used to install your cluster has a trusted CA, add it to the cluster by xref:../../../openshift_images/image-configuration.adoc#images-configuration-cas_image-configuration[configuring additional trust stores]. -* If necessary, you can xref:../../../support/remote_health_monitoring/opting-out-of-remote-health-reporting.adoc#opting-out-remote-health-reporting_opting-out-remote-health-reporting[opt out of remote health reporting]. -* If necessary, see xref:../../../support/remote_health_monitoring/opting-out-of-remote-health-reporting.adoc#insights-operator-register-disconnected-cluster_opting-out-remote-health-reporting[Registering your disconnected cluster] +* xref:../../../post_installation_configuration/cluster-tasks.adoc#available_cluster_customizations[Customize your cluster] diff --git a/installing/installing_ibm_z/upi/installing-restricted-networks-ibm-z-lpar.adoc b/installing/installing_ibm_z/upi/installing-restricted-networks-ibm-z-lpar.adoc index f72010c9e8..4d3409b342 100644 --- a/installing/installing_ibm_z/upi/installing-restricted-networks-ibm-z-lpar.adoc +++ b/installing/installing_ibm_z/upi/installing-restricted-networks-ibm-z-lpar.adoc @@ -55,7 +55,11 @@ include::modules/nw-operator-cr.adoc[leveloffset=+1] include::modules/installation-user-infra-generate-k8s-manifest-ignition.adoc[leveloffset=+1] -include::modules/ibm-z-configure-nbde-with-static-ip.adoc[leveloffset=+1] +include::modules/ibm-z-configure-boot-volume-encryption.adoc[leveloffset=+1] + +include::modules/ibm-z-configure-hw-based-cex-encryption.adoc[leveloffset=+2] + +include::modules/ibm-z-configure-nbde-with-static-ip.adoc[leveloffset=+2] [role="_additional-resources"] .Additional resources @@ -89,10 +93,12 @@ include::modules/installation-complete-user-infra.adoc[leveloffset=+1] * link:https://access.redhat.com/solutions/4387261[How to generate SOSREPORT within {product-title} version 4 nodes without SSH] +* xref:../../../openshift_images/image-configuration.adoc#images-configuration-cas_image-configuration[Image configuration resources (Classic)] + +* xref:../../../support/remote_health_monitoring/opting-out-of-remote-health-reporting.adoc#opting-out-remote-health-reporting_opting-out-remote-health-reporting[Opting out of remote health reporting] + + [id="next-steps_ibm-z-lpar-restricted"] == Next steps -* xref:../../../post_installation_configuration/cluster-tasks.adoc#available_cluster_customizations[Customize your cluster]. -* If the mirror registry that you used to install your cluster has a trusted CA, add it to the cluster by xref:../../../openshift_images/image-configuration.adoc#images-configuration-cas_image-configuration[configuring additional trust stores]. -* If necessary, you can xref:../../../support/remote_health_monitoring/opting-out-of-remote-health-reporting.adoc#opting-out-remote-health-reporting_opting-out-remote-health-reporting[opt out of remote health reporting]. -* If necessary, see xref:../../../support/remote_health_monitoring/opting-out-of-remote-health-reporting.adoc#insights-operator-register-disconnected-cluster_opting-out-remote-health-reporting[Registering your disconnected cluster] +* xref:../../../post_installation_configuration/cluster-tasks.adoc#available_cluster_customizations[Customize your cluster] \ No newline at end of file diff --git a/installing/installing_ibm_z/upi/installing-restricted-networks-ibm-z.adoc b/installing/installing_ibm_z/upi/installing-restricted-networks-ibm-z.adoc index 89c3a7366b..cde4ce5781 100644 --- a/installing/installing_ibm_z/upi/installing-restricted-networks-ibm-z.adoc +++ b/installing/installing_ibm_z/upi/installing-restricted-networks-ibm-z.adoc @@ -56,7 +56,11 @@ include::modules/nw-operator-cr.adoc[leveloffset=+1] include::modules/installation-user-infra-generate-k8s-manifest-ignition.adoc[leveloffset=+1] -include::modules/ibm-z-configure-nbde-with-static-ip.adoc[leveloffset=+1] +include::modules/ibm-z-configure-boot-volume-encryption.adoc[leveloffset=+1] + +include::modules/ibm-z-configure-hw-based-cex-encryption.adoc[leveloffset=+2] + +include::modules/ibm-z-configure-nbde-with-static-ip.adoc[leveloffset=+2] [role="_additional-resources"] [id="additional-resources_Configure-nbde-ibm-z-restricted"] @@ -91,10 +95,12 @@ include::modules/installation-complete-user-infra.adoc[leveloffset=+1] * link:https://access.redhat.com/solutions/4387261[How to generate SOSREPORT within {product-title} version 4 nodes without SSH] -[id="next-steps_ibm-z-restricted"] +* xref:../../../openshift_images/image-configuration.adoc#images-configuration-cas_image-configuration[Image configuration resources (Classic)] + +* xref:../../../support/remote_health_monitoring/opting-out-of-remote-health-reporting.adoc#opting-out-remote-health-reporting_opting-out-remote-health-reporting[Opting out of remote health reporting] + + +[id="next-steps_ibm-z-zvm-restricted"] == Next steps -* xref:../../../post_installation_configuration/cluster-tasks.adoc#available_cluster_customizations[Customize your cluster]. -* If the mirror registry that you used to install your cluster has a trusted CA, add it to the cluster by xref:../../../openshift_images/image-configuration.adoc#images-configuration-cas_image-configuration[configuring additional trust stores]. -* If necessary, you can xref:../../../support/remote_health_monitoring/opting-out-of-remote-health-reporting.adoc#opting-out-remote-health-reporting_opting-out-remote-health-reporting[opt out of remote health reporting]. -* If necessary, see xref:../../../support/remote_health_monitoring/opting-out-of-remote-health-reporting.adoc#insights-operator-register-disconnected-cluster_opting-out-remote-health-reporting[Registering your disconnected cluster] +* xref:../../../post_installation_configuration/cluster-tasks.adoc#available_cluster_customizations[Customize your cluster] \ No newline at end of file diff --git a/modules/ibm-z-configure-boot-volume-encryption.adoc b/modules/ibm-z-configure-boot-volume-encryption.adoc new file mode 100644 index 0000000000..fde20f2919 --- /dev/null +++ b/modules/ibm-z-configure-boot-volume-encryption.adoc @@ -0,0 +1,15 @@ +// Module included in the following assemblies: +// +// * installing/installing_ibm_z/installing-ibm-z.adoc +// * installing/installing_ibm_z/installing-restricted-networks-ibm-z.adoc +// * installing/installing_ibm_z/installing-ibm-z-lpar.adoc +// * installing/installing_ibm_z/installing-restricted-networks-ibm-z-lpar.adoc + +:_mod-docs-content-type: PROCEDURE +[id="configuring-boot-volume-encryption-ibm-z-linuxone-environment_{context}"] += Configuring boot volume encryption in an {ibm-z-title} or {ibm-linuxone-title} environment + +You can choose between two methods to optionally encrypt the boot volumes of your {product-title} control plane and compute nodes on {ibm-z-name} or {ibm-linuxone-name}: + +* Linux Unified Key Setup (LUKS) encryption via {ibm-name} Crypto Express (CEX) +* Network Bound Disk Encryption (NBDE) \ No newline at end of file diff --git a/modules/ibm-z-configure-encryption-kvm.adoc b/modules/ibm-z-configure-encryption-kvm.adoc new file mode 100644 index 0000000000..b1ed4d91d0 --- /dev/null +++ b/modules/ibm-z-configure-encryption-kvm.adoc @@ -0,0 +1,14 @@ +// Module included in the following assemblies: +// +// * installing/installing_ibm_z/installing-ibm-z-kvm.adoc +// * installing/installing_ibm_z/installing-restricted-networks-ibm-z-kvm.adoc + +:_mod-docs-content-type: PROCEDURE +[id="configuring-encryption-kvm-ibm-z-linuxone-environment_{context}"] += Configuring encryption for nodes in an {ibm-z-title} or {ibm-linuxone-title} environment + +You can choose between three methods to optionally secure your {product-title} control plane and compute nodes on {ibm-z-name} or {ibm-linuxone-name}: + +* {ibm-name} Secure Execution +* Linux Unified Key Setup (LUKS) encryption via {ibm-name} Crypto Express (CEX) +* Network Bound Disk Encryption (NBDE) \ No newline at end of file diff --git a/modules/ibm-z-configure-hw-based-cex-encryption.adoc b/modules/ibm-z-configure-hw-based-cex-encryption.adoc new file mode 100644 index 0000000000..15ce0be8fa --- /dev/null +++ b/modules/ibm-z-configure-hw-based-cex-encryption.adoc @@ -0,0 +1,163 @@ +// Module included in the following assemblies: +// +// * installing/installing_ibm_z/installing-ibm-z.adoc +// * installing/installing_ibm_z/installing-restricted-networks-ibm-z.adoc +// * installing/installing_ibm_z/installing-ibm-z-kvm.adoc +// * installing/installing_ibm_z/installing-restricted-networks-ibm-z-kvm.adoc +// * installing/installing_ibm_z/installing-ibm-z-lpar.adoc +// * installing/installing_ibm_z/installing-restricted-networks-ibm-z-lpar.adoc + +ifeval::["{context}" == "installing-ibm-z"] +:ibm-z: +endif::[] +ifeval::["{context}" == "installing-ibm-z-kvm"] +:ibm-z-kvm: +endif::[] +ifeval::["{context}" == "installing-ibm-z-lpar"] +:ibm-z-lpar: +endif::[] +ifeval::["{context}" == "installing-restricted-networks-ibm-z"] +:ibm-z: +endif::[] +ifeval::["{context}" == "installing-restricted-networks-ibm-z-kvm"] +:ibm-z-kvm: +endif::[] +ifeval::["{context}" == "installing-restricted-networks-ibm-z-lpar"] +:ibm-z-lpar: +endif::[] + +:_mod-docs-content-type: PROCEDURE +[id="configuring-luks-encryption-via-cex-ibm-z-linuxone-environment_{context}"] += LUKS encryption via CEX in an {ibm-z-title} or {ibm-linuxone-title} environment + +Enabling hardware-based Linux Unified Key Setup (LUKS) encryption via {ibm-name} Crypto Express (CEX) in an {ibm-z-name} or {ibm-linuxone-name} environment requires additional steps, which are described in detail in this section. + +.Prerequisites + +* You have installed the `butane` utility. +* You have reviewed the instructions for how to create machine configs with Butane. + +.Procedure + +. Create Butane configuration files for the control plane and compute nodes. ++ +The following example of a Butane configuration for a control plane node creates a file named `main-storage.bu` for disk encryption: ++ +[source,yaml,subs="attributes+"] +---- +variant: openshift +version: {product-version}.0 +metadata: + name: main-storage + labels: + machineconfiguration.openshift.io/role: master +storage: + luks: + - cex: + enabled: true + options: <1> + - --pbkdf + - pbkdf2 +ifndef::ibm-z-kvm[] + device: /dev/disk/by-partlabel/root <2> +endif::ibm-z-kvm[] +ifdef::ibm-z-kvm[] + device: /dev/disk/by-partlabel/root +endif::ibm-z-kvm[] + label: luks-root + name: root + wipe_volume: true + filesystems: + - device: /dev/mapper/root + format: xfs + label: root + wipe_filesystem: true +openshift: +ifndef::ibm-z-kvm[] + fips: true <3> + kernel_arguments: <4> +endif::ibm-z-kvm[] +ifdef::ibm-z-kvm[] + fips: true <2> + kernel_arguments: <3> +endif::ibm-z-kvm[] + - rd.luks.key=/etc/luks/cex.key +---- +<1> The `pbkdf` option is only required if FIPS mode is enabled. Omit the entry if FIPS is disabled. +ifndef::ibm-z-kvm[] +<2> For installations on DASD-type disks, replace with `device: /dev/disk/by-label/root`. +<3> Specifies whether to enable or disable FIPS mode. By default, FIPS mode is not enabled. If FIPS mode is enabled, the {op-system-first} machines that {product-title} runs on bypass the default Kubernetes cryptography suite and use the cryptography modules that are provided with {op-system} instead. +<4> Specifies the location of the pass key that is required to decrypt the device. +endif::ibm-z-kvm[] +ifdef::ibm-z-kvm[] +<2> Specifies whether to enable or disable FIPS mode. By default, FIPS mode is not enabled. If FIPS mode is enabled, the {op-system-first} machines that {product-title} runs on bypass the default Kubernetes cryptography suite and use the cryptography modules that are provided with {op-system} instead. +<3> Specifies the location of the pass key that is required to decrypt the device. +endif::ibm-z-kvm[] + +. Create a parameter file that includes `ignition.platform.id=metal` and `ignition.firstboot`. ++ +.Example kernel parameter file for the control plane machine ++ +ifndef::ibm-z-kvm[] +[source,terminal] +---- +cio_ignore=all,!condev rd.neednet=1 \ +console=ttysclp0 \ +coreos.inst.install_dev=/dev/disk/by-id/scsi- \// <1> +ignition.firstboot ignition.platform.id=metal \ +coreos.inst.ignition_url=http:///master.ign \// <2> +coreos.live.rootfs_url=http:///rhcos--live-rootfs..img \// <3> +ip=::::::none nameserver= \ +rd.znet=qeth,0.0.bdd0,0.0.bdd1,0.0.bdd2,layer2=1 \ +rd.zfcp=0.0.5677,0x600606680g7f0056,0x034F000000000000 // <4> +---- +ifdef::ibm-z[] +<1> Specifies a unique fully qualified path depending on disk type. This can be DASD-type or FCP-type disks. +endif::ibm-z[] +ifdef::ibm-z-lpar[] +<1> Specifies a unique fully qualified path depending on disk type. This can be DASD-type, FCP-type, or NVMe-type disks. +endif::ibm-z-lpar[] +<2> Specifies the location of the Ignition config file. Use `master.ign` or `worker.ign`. Only HTTP and HTTPS protocols are supported. +<3> Specifies the location of the `rootfs` artifact for the `kernel` and `initramfs` you are booting. Only HTTP and HTTPS protocols are supported. +<4> Specifies the root device. For installations on DASD-type disks, replace with `rd.dasd=0.0.xxxx` to specify the DASD device. +endif::ibm-z-kvm[] +ifdef::ibm-z-kvm[] +[source,terminal] +---- +cio_ignore=all,!condev rd.neednet=1 \ +console=ttysclp0 \ +ignition.firstboot ignition.platform.id=metal \ +coreos.inst.ignition_url=http:///master.ign \// <1> +coreos.live.rootfs_url=http:///rhcos--live-rootfs..img \// <2> +ip=::::::none nameserver= \ +rd.znet=qeth,0.0.bdd0,0.0.bdd1,0.0.bdd2,layer2=1 \ +rd.zfcp=0.0.5677,0x600606680g7f0056,0x034F000000000000 +---- +<1> Specifies the location of the Ignition config file. Use `master.ign` or `worker.ign`. Only HTTP and HTTPS protocols are supported. +<2> Specifies the location of the `rootfs` artifact for the `kernel` and `initramfs` you are booting. Only HTTP and HTTPS protocols are supported. + +endif::ibm-z-kvm[] ++ +[NOTE] +==== +Write all options in the parameter file as a single line and make sure you have no newline characters. +==== + +ifeval::["{context}" == "installing-ibm-z"] +:!ibm-z: +endif::[] +ifeval::["{context}" == "installing-ibm-z-kvm"] +:!ibm-z-kvm: +endif::[] +ifeval::["{context}" == "installing-ibm-z-lpar"] +:!ibm-z-lpar: +endif::[] +ifeval::["{context}" == "installing-restricted-networks-ibm-z"] +:!ibm-z: +endif::[] +ifeval::["{context}" == "installing-restricted-networks-ibm-z-kvm"] +:!ibm-z-kvm: +endif::[] +ifeval::["{context}" == "installing-restricted-networks-ibm-z-lpar"] +:!ibm-z-lpar: +endif::[]