From f38d7783bc3ffa54904a671fc79feaafec22468f Mon Sep 17 00:00:00 2001 From: Tony Mulqueen Date: Tue, 27 Sep 2022 11:45:04 +0100 Subject: [PATCH] TELCODOCS-597: Adding new files to assembly --- .../ztp-add-local-reg-for-sno-duprofile.adoc | 21 ++++ .../ztp-configuring-disk-partitioning.adoc | 38 ++++++ .../ztp-configuring-pgt-image-registry.adoc | 112 ++++++++++++++++++ .../ztp-advanced-policy-config.adoc | 13 ++ 4 files changed, 184 insertions(+) create mode 100644 modules/ztp-add-local-reg-for-sno-duprofile.adoc create mode 100644 modules/ztp-configuring-disk-partitioning.adoc create mode 100644 modules/ztp-configuring-pgt-image-registry.adoc diff --git a/modules/ztp-add-local-reg-for-sno-duprofile.adoc b/modules/ztp-add-local-reg-for-sno-duprofile.adoc new file mode 100644 index 0000000000..6d01c00c74 --- /dev/null +++ b/modules/ztp-add-local-reg-for-sno-duprofile.adoc @@ -0,0 +1,21 @@ +// Module included in the following assemblies: +// +// scalability_and_performance/ztp-advanced-policy-config.adoc + +:_module-type: CONCEPT +[id="ztp-add-local-reg-for-sno-duprofile_{context}"] += Configuring the Image Registry Operator for local caching of images + +{product-title} manages image caching using a local registry. In edge computing use cases, clusters are often subject to bandwidth restrictions when communicating with centralized image registries, which might result in long image download times. + +Long download times are unavoidable during initial deployment. Over time, there is a risk that CRI-O will erase the `/var/lib/containers/storage` directory in the case of an unexpected shutdown. + +To address long image download times, you can create a local image registry on the remote managed cluster using GitOps ZTP. This is useful in Edge computing scenarios where clusters are deployed on the far edge of the network. + +[NOTE] +==== +The local image registry can only be used for user application images and cannot be used for the {product-title} or Operator Lifecycle Manager operator images. For information about working with these, see Topology Aware Lifecycle Manager (TALM) in Additional resources. +==== + +The first phase of setting up a local image registry is configuring disk partitioning using a `SiteConfig` CR. You can use the `SiteConfig` CR to generate the `MachineConfig` CR used for disk partitioning. +The next phase is to configure the image registry using `PolicyGenTemplate` CRs. The ZTP pipeline uses `PolicyGenTemplate` CRs to create Persistent Volumes (PV) and Persistent Volume Claim (PVC) CRs and patch the `imageregistry` configuration. diff --git a/modules/ztp-configuring-disk-partitioning.adoc b/modules/ztp-configuring-disk-partitioning.adoc new file mode 100644 index 0000000000..7630a4901e --- /dev/null +++ b/modules/ztp-configuring-disk-partitioning.adoc @@ -0,0 +1,38 @@ +// Module included in the following assemblies: +// +// scalability_and_performance/ztp-deploying-disconnected.adoc + +:_module-type: PROCEDURE +[id="ztp-configuring-disk-partitioning_{context}"] += Configuring disk partitioning with SiteConfig + +Use a `SiteConfig` CR to generate the `MachineConfig` CR used for disk partitioning. Prior to installation, you need to modify values in the `SiteConfig` CR to reflect dependencies on the underlying disk. + +[NOTE] +==== +You must use persistent naming for devices to avoid device names such as `/dev/sda` and `/dev/sdb` being switched at every reboot. You can use `rootDeviceHints` to choose the bootable device and then use same device for further partitioning: in this case, for Image registry. +==== + +.Prerequisites + +* You have installed and configured Zero Touch Provisioning (ZTP). For information about this, see the topic on ZTP in Additional resources. + +.Procedure + +. Add the following YAML to the `SiteConfig` CR that you use to generate the `MachineConfig` CR for disk partitioning: ++ +[source,yaml] +---- +nodes: + - rootDeviceHints: + wwn: "0x62cea7f05c98c2002708a0a22ff480ea" + diskPartition: + - device: /dev/disk/by-id/wwn-0x62cea7f05c98c2002708a0a22ff480ea <1> + partitions: + - mount_point: /var/imageregistry + size: 102500 <2> + start: 344844 <3> +---- +<1> This setting depends on the hardware. The setting can be a serial number or device name. The value must match the entry for `rootDeviceHint`. +<2> The minimum value for `size` is 102500 MiB. +<3> The minimum value for `start` is 25000 MiB. The total value of `size` and `start` must not exceed the disk size, or the installation will fail. diff --git a/modules/ztp-configuring-pgt-image-registry.adoc b/modules/ztp-configuring-pgt-image-registry.adoc new file mode 100644 index 0000000000..19fc143f5f --- /dev/null +++ b/modules/ztp-configuring-pgt-image-registry.adoc @@ -0,0 +1,112 @@ +// Module included in the following assemblies: +// +// scalability_and_performance/ztp-advanced-policy-config.adoc + +:_module-type: PROCEDURE +[id="ztp-configuring-pgt-image-registry_{context}"] += Configuring the image registry using PolicyGenTemplate CRs + +You can use `PolicyGenTemplate` to apply to create the PV and PVC and patch `imageregistry` configuration. Select the appropriate `PolicyGenTemplate` for each `source-cr`. See Additional Resources for more help. + +.Prerequisites + +* You have installed and configured Zero Touch Provisioning (ZTP). For information about this, see the topic on ZTP in Additional resources. + +.Procedure + +. Configure the storage class, persistent volume claim, persistent volume, and image registry configuration in the appropriate `PolicyGenTemplate` CR. For example, to configure an individual site, use the following YAML: ++ +[source,yaml] +---- +sourceFiles: + # storage class + - fileName: StorageClass.yaml + policyName: "sc-for-image-registry" + metadata: + name: image-registry-sc + annotations: + ran.openshift.io/ztp-deploy-wave: "100" <1> + # persistent volume claim + - fileName: StoragePVC.yaml + policyName: "pvc-for-image-registry" + metadata: + name: image-registry-pvc + namespace: openshift-image-registry + annotations: + ran.openshift.io/ztp-deploy-wave: "100" <2> + spec: + accessModes: + ReadWriteMany + resources: + requests: + storage: 100Gi + storageClassName: image-registry-sc + volumeMode: Filesystem + # persistent volume + - fileName: ImageRegistryPV.yaml <3> + policyName: "pv-for-image-registry" + metadata: + annotations: + ran.openshift.io/ztp-deploy-wave: "100" <4> + # image registry config + - fileName: ImageRegistryConfig.yaml <5> + policyName: "config-for-image-registry" + complianceType: musthave <5> + metadata: + annotations: + ran.openshift.io/ztp-deploy-wave: "100" <6> + spec: + storage: + pvc: + claim: "image-registry-pvc" +---- +<1> Set the appropriate value for `ztp-deploy-wave` depending on whether you are configuring image registries at the site, common, or group level. `ztp-deploy-wave: "100"` is appropriate for an individual site. ZTP deploy waves are used to order how policies are applied to the spoke cluster. All policies created by `PolicyGen` have a ztp deploy wave by default. +<2> Set the appropriate value for `ztp-deploy-wave` as in note 1. +<3> This assumes that `mount_point` is set to `/var/imageregistry` in `SiteConfig` using StorageClass `image-registry-sc` (see the topic on configuring disk partitioning with `SiteConfig`). +<4> Set the appropriate value for `ztp-deploy-wave` as in note 1. +<5> Configure registry to point to the PVC created above. +<6> Set the appropriate value for `ztp-deploy-wave` as in note 1. + +.Verification + +. Check that the `Config` CRD of the group `imageregistry.operator.openshift.io` instance is not reporting errors. Run the following command: + +. Check that the `PersistentVolumeClaim` on the managed cluster is populated with data. Run the following command: + +. Check that the `registry*` pod is up correctly located under the `openshift-image-registry` namespace. + +. Verify successful login to the registry with `podman`: ++ +[source,terminal] +---- +$ oc login -u kubeadmin -p https://api-int..:6443 +---- ++ +[source,terminal] +---- +$ podman login -u kubeadmin -p $(oc whoami -t) image-registry.openshift-image-registry.svc:5000 +---- + +. Check for disk partitioning using `lsblk` to list your blocks: ++ +[source,terminal] +---- +$ oc debug node/sno-1.example.com +---- + +. When you enter the node, run the following command: + +[source,terminal] +---- +sh-4.4# lsblk +NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT +sda 8:0 0 446.6G 0 disk + |-sda1 8:1 0 1M 0 part + |-sda2 8:2 0 127M 0 part + |-sda3 8:3 0 384M 0 part /boot + |-sda4 8:4 0 336.3G 0 part /sysroot + `-sda5 8:5 0 100.1G 0 part /var/imageregistry <1> +sdb 8:16 0 446.6G 0 disk +sr0 11:0 1 104M 0 rom +---- +<1> This setting will appear if you have successfully listed your block. diff --git a/scalability_and_performance/ztp_far_edge/ztp-advanced-policy-config.adoc b/scalability_and_performance/ztp_far_edge/ztp-advanced-policy-config.adoc index 28e27549e9..a5cce067af 100644 --- a/scalability_and_performance/ztp_far_edge/ztp-advanced-policy-config.adoc +++ b/scalability_and_performance/ztp_far_edge/ztp-advanced-policy-config.adoc @@ -40,6 +40,19 @@ include::modules/ztp-configuring-ptp-fast-events.adoc[leveloffset=+1] * For more information about how to install the AMQ Interconnect Operator, see xref:../../monitoring/using-rfhe.adoc#hw-installing-amq-interconnect-messaging-bus_using-rfhe[Installing the AMQ messaging bus]. +include::modules/ztp-add-local-reg-for-sno-duprofile.adoc[leveloffset=+1] + +include::modules/ztp-configuring-disk-partitioning.adoc[leveloffset=+2] + +include::modules/ztp-configuring-pgt-image-registry.adoc[leveloffset=+2] + +[role="_additional-resources"] +.Additional resources + +* For more information about configuring GitOps ZTP on the hub cluster, see xref:../../scalability_and_performance/ztp_far_edge/ztp-preparing-the-hub-cluster.adoc#ztp-preparing-the-hub-cluster[Preparing the hub cluster for ZTP] + +* For more information about container image registries, see xref:../../registry/index.adoc#registry-overview[{product-title} registry overview]. + include::modules/ztp-configuring-hwevents-using-pgt.adoc[leveloffset=+1] [role="_additional-resources"]