mirror of
https://github.com/openshift/openshift-docs.git
synced 2026-02-05 12:46:18 +01:00
154 lines
4.8 KiB
Plaintext
154 lines
4.8 KiB
Plaintext
// Module included in the following assemblies:
|
|
// * edge_computing/ztp-image-based-upgrade.adoc
|
|
// * edge_computing/factory-image-based-install.adoc
|
|
|
|
:_mod-docs-content-type: PROCEDURE
|
|
[id="ztp-image-based-upgrade-seed-generation_{context}"]
|
|
= Generating a seed image with the {lcao}
|
|
|
|
Use the {lcao} to generate the seed image with the `SeedGenerator` CR. The Operator checks for required system configurations, performs any necessary system cleanup before generating the seed image, and launches the image generation. The seed image generation includes the following tasks:
|
|
|
|
* Stopping cluster operators
|
|
* Preparing the seed image configuration
|
|
* Generating and pushing the seed image to the image repository specified in the `SeedGenerator` CR
|
|
* Restoring cluster operators
|
|
* Expiring seed cluster certificates
|
|
* Generating new certificates for the seed cluster
|
|
* Restoring and updates the `SeedGenerator` CR on the seed cluster
|
|
|
|
[NOTE]
|
|
====
|
|
The generated seed image does not include any site-specific data.
|
|
|
|
To avoid including any {rh-rhacm-first} resources in your seed image, you need to disable all optional {rh-rhacm} add-ons for seed image generation.
|
|
====
|
|
|
|
.Prerequisites
|
|
|
|
* You have deployed a managed {sno} cluster with a DU profile.
|
|
* Install the {lcao} in the {sno} cluster.
|
|
* Log in as a user with `cluster-admin` privileges.
|
|
* Review the required versions of software components in the section _Software prerequisites for an image-based installation_.
|
|
* If you use {rh-rhacm-first}, review the hub cluster guidelines in the section _Hub cluster guidelines_.
|
|
* You created an extra partition in the seed cluster. See _Configuring a shared container directory between `ostree` stateroots_ for further information.
|
|
|
|
.Procedure
|
|
|
|
. If the cluster is a managed cluster, detach the cluster from the hub to delete any cluster-specific resources from the seed cluster that must not be in the seed image:
|
|
+
|
|
.. Manually detach the seed cluster by running the following command:
|
|
+
|
|
[source,terminal]
|
|
----
|
|
$ oc delete managedcluster sno-worker-example
|
|
----
|
|
+
|
|
... Wait until the `ManagedCluster` CR is removed. After the CR is removed, create the proper `SeedGenerator` CR. The {lcao} cleans up the {rh-rhacm} artifacts.
|
|
|
|
. Create the `Secret` object so that you can push the seed image to your registry.
|
|
+
|
|
.. Create the authentication file by running the following command:
|
|
+
|
|
[source,terminal]
|
|
----
|
|
$ MY_USER=myuserid
|
|
----
|
|
+
|
|
[source,terminal]
|
|
----
|
|
$ AUTHFILE=/tmp/my-auth.json
|
|
----
|
|
+
|
|
[source,terminal]
|
|
----
|
|
$ podman login --authfile ${AUTHFILE} -u ${MY_USER} quay.io/${MY_USER}
|
|
----
|
|
+
|
|
[source,terminal]
|
|
----
|
|
$ base64 -w 0 ${AUTHFILE} ; echo
|
|
----
|
|
+
|
|
.. Copy the output into the `seedAuth` field in the `Secret` YAML file named `seedgen` in the `openshift-lifecycle-agent` namespace:
|
|
+
|
|
[source,yaml]
|
|
----
|
|
apiVersion: v1
|
|
kind: Secret
|
|
metadata:
|
|
name: seedgen <1>
|
|
namespace: openshift-lifecycle-agent
|
|
type: Opaque
|
|
data:
|
|
seedAuth: <encoded_AUTHFILE> <2>
|
|
----
|
|
<1> The `Secret` resource must have the `name: seedgen` and `namespace: openshift-lifecycle-agent` fields.
|
|
<2> Specifies a base64-encoded authfile for write-access to the registry for pushing the generated seed images.
|
|
+
|
|
.. Apply the `Secret` by running the following command:
|
|
+
|
|
[source,terminal]
|
|
----
|
|
$ oc apply -f secretseedgenerator.yaml
|
|
----
|
|
|
|
. Create the `SeedGenerator` CR:
|
|
+
|
|
[source,yaml]
|
|
----
|
|
apiVersion: lca.openshift.io/v1
|
|
kind: SeedGenerator
|
|
metadata:
|
|
name: seedimage <1>
|
|
spec:
|
|
seedImage: <seed_container_image> <2>
|
|
----
|
|
<1> The `SeedGenerator` CR must be named `seedimage`.
|
|
<2> Specify the container image URL, for example, `quay.io/example/seed-container-image:<tag>`. It is recommended to use the `<seed_cluster_name>:<ocp_version>` format.
|
|
|
|
|
|
. Generate the seed image by running the following command:
|
|
+
|
|
[source,terminal]
|
|
----
|
|
$ oc apply -f seedgenerator.yaml
|
|
----
|
|
+
|
|
[IMPORTANT]
|
|
====
|
|
During the seed generation process, the cluster temporarily loses API capabilities because {lcao} stops {product-title} and shuts down all running Operators and pods. When the process completes, {lcao} restarts {product-title}, which triggers the recovery of the Operators.
|
|
====
|
|
|
|
If you want to generate further seed images, you must provision a new seed cluster with the version you want to generate a seed image from.
|
|
|
|
.Verification
|
|
|
|
* After the cluster recovers and it is available, you can check the status of the `SeedGenerator` CR:
|
|
+
|
|
[source,terminal]
|
|
----
|
|
$ oc get seedgenerator -oyaml
|
|
----
|
|
+
|
|
.Example output
|
|
[source,yaml]
|
|
----
|
|
status:
|
|
conditions:
|
|
- lastTransitionTime: "2024-02-13T21:24:26Z"
|
|
message: Seed Generation completed
|
|
observedGeneration: 1
|
|
reason: Completed
|
|
status: "False"
|
|
type: SeedGenInProgress
|
|
- lastTransitionTime: "2024-02-13T21:24:26Z"
|
|
message: Seed Generation completed
|
|
observedGeneration: 1
|
|
reason: Completed
|
|
status: "True"
|
|
type: SeedGenCompleted <1>
|
|
observedGeneration: 1
|
|
----
|
|
<1> The seed image generation is complete.
|
|
|