mirror of
https://github.com/openshift/openshift-docs.git
synced 2026-02-05 12:46:18 +01:00
76 lines
3.0 KiB
Plaintext
76 lines
3.0 KiB
Plaintext
// Module included in the following assemblies:
|
|
//
|
|
// * installing/installing_bare_metal/upi/installing-bare-metal-network-customizations.adoc
|
|
// * installing/installing_vsphere/installing-vsphere-network-customizations.adoc
|
|
|
|
ifeval::["{context}" == "installing-restricted-networks-vsphere"]
|
|
:restricted:
|
|
endif::[]
|
|
ifeval::["{context}" == "installing-restricted-networks-bare-metal"]
|
|
:restricted:
|
|
endif::[]
|
|
|
|
:_mod-docs-content-type: PROCEDURE
|
|
[id="installation-generate-ignition-configs_{context}"]
|
|
= Creating the Ignition config files
|
|
|
|
Because you must manually start the cluster machines, you must generate the
|
|
Ignition config files that the cluster needs to make its machines.
|
|
|
|
[IMPORTANT]
|
|
====
|
|
* The Ignition config files that the installation program generates contain certificates that expire after 24 hours, which are then renewed at that time. If the cluster is shut down before renewing the certificates and the cluster is later restarted after the 24 hours have elapsed, the cluster automatically recovers the expired certificates. The exception is that you must manually approve the pending `node-bootstrapper` certificate signing requests (CSRs) to recover kubelet certificates. See the documentation for _Recovering from expired control plane certificates_ for more information.
|
|
|
|
* It is recommended that you use Ignition config files within 12 hours after they are generated because the 24-hour certificate rotates from 16 to 22 hours after the cluster is installed. By using the Ignition config files within 12 hours, you can avoid installation failure if the certificate update runs during installation.
|
|
====
|
|
|
|
.Prerequisites
|
|
|
|
* Obtain the {product-title} installation program and the pull secret for your cluster.
|
|
ifdef::restricted[]
|
|
For a restricted network installation, these files are on your mirror host.
|
|
endif::restricted[]
|
|
|
|
.Procedure
|
|
|
|
* Obtain the Ignition config files:
|
|
+
|
|
[source,terminal]
|
|
----
|
|
$ ./openshift-install create ignition-configs --dir <installation_directory> <1>
|
|
----
|
|
<1> For `<installation_directory>`, specify the directory name to store the
|
|
files that the installation program creates.
|
|
+
|
|
[IMPORTANT]
|
|
====
|
|
If you created an `install-config.yaml` file, specify the directory that contains
|
|
it. Otherwise, specify an empty directory. Some installation assets, like
|
|
bootstrap X.509 certificates have short expiration intervals, so you must not
|
|
reuse an installation directory. If you want to reuse individual files from another
|
|
cluster installation, you can copy them into your directory. However, the file
|
|
names for the installation assets might change between releases. Use caution
|
|
when copying installation files from an earlier {product-title} version.
|
|
====
|
|
+
|
|
The following files are generated
|
|
in the directory:
|
|
+
|
|
----
|
|
.
|
|
├── auth
|
|
│ ├── kubeadmin-password
|
|
│ └── kubeconfig
|
|
├── bootstrap.ign
|
|
├── master.ign
|
|
├── metadata.json
|
|
└── worker.ign
|
|
----
|
|
|
|
ifeval::["{context}" == "installing-restricted-networks-vsphere"]
|
|
:!restricted:
|
|
endif::[]
|
|
ifeval::["{context}" == "installing-restricted-networks-bare-metal"]
|
|
:!restricted:
|
|
endif::[]
|