mirror of
https://github.com/openshift/openshift-docs.git
synced 2026-02-07 09:46:53 +01:00
add missing paramater and verification
This commit is contained in:
SNiemann15
@@ -97,6 +97,8 @@ include::modules/ibm-z-secure-execution.adoc[leveloffset=+2]
|
||||
|
||||
* link:https://www.ibm.com/docs/en/linux-on-systems?topic=ibmz-secure-execution[Linux as an {ibm-name} Secure Execution host or guest]
|
||||
|
||||
* link:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/configuring_and_managing_virtualization/securing-virtual-machines-in-rhel_configuring-and-managing-virtualization#setting-up-secure-execution-on-ibm-z_securing-virtual-machines-in-rhel[Setting up {ibm-name} Secure Execution on {ibm-z-title}]
|
||||
|
||||
include::modules/ibmz-configure-nbde-with-static-ip.adoc[leveloffset=+2]
|
||||
|
||||
[role="_additional-resources"]
|
||||
|
||||
@@ -104,6 +104,8 @@ include::modules/ibm-z-secure-execution.adoc[leveloffset=+2]
|
||||
|
||||
* link:https://www.ibm.com/docs/en/linux-on-systems?topic=ibmz-secure-execution[Linux as an {ibm-name} Secure Execution host or guest]
|
||||
|
||||
* link:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/configuring_and_managing_virtualization/securing-virtual-machines-in-rhel_configuring-and-managing-virtualization#setting-up-secure-execution-on-ibm-z_securing-virtual-machines-in-rhel[Setting up {ibm-name} Secure Execution on {ibm-z-title}]
|
||||
|
||||
include::modules/ibmz-configure-nbde-with-static-ip.adoc[leveloffset=+2]
|
||||
|
||||
[role="_additional-resources"]
|
||||
|
||||
@@ -112,13 +112,19 @@ To achieve the desired security, Ignition logging and local login are disabled b
|
||||
----
|
||||
gpg --recipient-file /path/to/ignition.gpg.pub --yes --output /path/to/config.ign.gpg --verbose --armor --encrypt /path/to/config.ign
|
||||
----
|
||||
|
||||
. Follow the fast-track installation of {op-system} to install nodes by using the {ibm-name} Secure Execution QCOW image.
|
||||
+
|
||||
[NOTE]
|
||||
====
|
||||
Before starting the VM, replace `serial=ignition` with `serial=ignition_crypted` when mounting the Ignition file.
|
||||
Before you start the VM, replace `serial=ignition` with `serial=ignition_crypted`, and add the `launchSecurity` parameter.
|
||||
====
|
||||
+
|
||||
When Ignition runs on the first boot, and the decryption is successful, you will see an output like the following example:
|
||||
|
||||
.Verification
|
||||
|
||||
When you have completed the fast-track installation of {op-system} and Ignition runs at the first boot, verify if decryption is successful.
|
||||
|
||||
** If the decryption is successful, you can expect an output similar to the following example:
|
||||
+
|
||||
.Example output
|
||||
[source,terminal]
|
||||
@@ -129,8 +135,8 @@ When Ignition runs on the first boot, and the decryption is successful, you will
|
||||
[ 2.808874] coreos-secex-ignition-decrypt[740]: gpg: encrypted with rsa4096 key, ID <key_name>, created <yyyy-mm-dd>
|
||||
[ OK ] Finished coreos-secex-igni…S Secex Ignition Config Decryptor.
|
||||
----
|
||||
+
|
||||
If the decryption fails, you will see an output like the following example:
|
||||
|
||||
** If the decryption fails, you can expect an output similar to the following example:
|
||||
+
|
||||
.Example output
|
||||
[source,terminal]
|
||||
@@ -141,6 +147,5 @@ Starting coreos-ignition-s…reOS Ignition User Config Setup...
|
||||
[ 2.870347] coreos-secex-ignition-decrypt[738]: gpg: public key decryption failed: No secret key
|
||||
[ 2.870371] coreos-secex-ignition-decrypt[738]: gpg: decryption failed: No secret key
|
||||
----
|
||||
+
|
||||
|
||||
. Follow the fast-track installation procedure to install nodes using the {ibm-name} Secure Exection QCOW image.
|
||||
|
||||
|
||||
@@ -48,14 +48,14 @@ The Ignition files are generated by the {product-title} installer.
|
||||
----
|
||||
$ virt-install \
|
||||
--connect qemu:///system \
|
||||
--name {vn_name} \
|
||||
--name {vm_name} \
|
||||
--vcpus {vcpus} \
|
||||
--memory {memory_mb} \
|
||||
--disk {vn_name}.qcow2,size={image_size| default(10,true)} \
|
||||
--disk {vm_name}.qcow2,size={image_size| default(10,true)} \
|
||||
--network network={virt_network_parm} \
|
||||
--boot hd \
|
||||
--location {media_location},kernel={rhcos_kernel},initrd={rhcos_initrd} \
|
||||
--extra-args "rd.neednet=1 coreos.inst.install_dev=/dev/vda coreos.live.rootfs_url={rhcos_liveos} ip={ip}::{default_gateway}:{subnet_mask_length}:{vn_name}:enc1:none:{MTU} nameserver={dns} coreos.inst.ignition_url={rhcos_ign}" \
|
||||
--extra-args "rd.neednet=1 coreos.inst.install_dev=/dev/vda coreos.live.rootfs_url={rhcos_liveos} ip={ip}::{default_gateway}:{subnet_mask_length}:{vm_name}:enc1:none:{MTU} nameserver={dns} coreos.inst.ignition_url={rhcos_ign}" \
|
||||
--noautoconsole \
|
||||
--wait
|
||||
----
|
||||
|
||||
@@ -48,12 +48,14 @@ $ qemu-img create -f qcow2 -F qcow2 -b /var/lib/libvirt/images/{source_rhcos_qem
|
||||
----
|
||||
$ virt-install --noautoconsole \
|
||||
--connect qemu:///system \
|
||||
--name {vn_name} \
|
||||
--name {vm_name} \
|
||||
--memory {memory} \
|
||||
--vcpus {vcpus} \
|
||||
--disk {disk} \
|
||||
--launchSecurity type="s390-pv" \ <1>
|
||||
--import \
|
||||
--network network={network},mac={mac} \
|
||||
--disk path={ign_file},format=raw,readonly=on,serial=ignition,startup_policy=optional <1>
|
||||
--disk path={ign_file},format=raw,readonly=on,serial=ignition,startup_policy=optional <2>
|
||||
----
|
||||
<1> If {ibm-name} Secure Execution is enabled, replace `serial=ignition` with `serial=ignition_crypted`.
|
||||
<1> If {ibm-name} Secure Execution is enabled, add the `launchSecurity type="s390-pv"` parameter.
|
||||
<2> If {ibm-name} Secure Execution is enabled, replace `serial=ignition` with `serial=ignition_crypted`.
|
||||
|
||||
@@ -87,20 +87,20 @@ $ curl -LO $(oc -n openshift-machine-config-operator get configmap/coreos-bootim
|
||||
----
|
||||
$ virt-install \
|
||||
--connect qemu:///system \
|
||||
--name {vn_name} \
|
||||
--name {vm_name} \
|
||||
--autostart \
|
||||
--os-variant rhel9.2 \ <1>
|
||||
--cpu host \
|
||||
--vcpus {vcpus} \
|
||||
--memory {memory_mb} \
|
||||
--disk {vn_name}.qcow2,size={image_size | default(100,true)} \
|
||||
--disk {vm_name}.qcow2,size={image_size | default(100,true)} \
|
||||
--network network={virt_network_parm} \
|
||||
--location {media_location},kernel={rhcos_kernel},initrd={rhcos_initrd} \ <2>
|
||||
--extra-args "rd.neednet=1" \
|
||||
--extra-args "coreos.inst.install_dev=/dev/vda" \
|
||||
--extra-args "coreos.inst.ignition_url={worker_ign}" \ <3>
|
||||
--extra-args "coreos.live.rootfs_url={rhcos_rootfs}" \ <4>
|
||||
--extra-args "ip={ip}::{default_gateway}:{subnet_mask_length}:{vn_name}::none:{MTU}" \
|
||||
--extra-args "ip={ip}::{default_gateway}:{subnet_mask_length}:{vm_name}::none:{MTU}" \
|
||||
--extra-args "nameserver={dns}" \
|
||||
--extra-args "console=ttysclp0" \
|
||||
--noautoconsole \
|
||||
|
||||
Reference in New Issue
Block a user