mirror of
https://github.com/openshift/openshift-docs.git
synced 2026-02-05 12:46:18 +01:00
47 lines
1.6 KiB
Plaintext
47 lines
1.6 KiB
Plaintext
// Module included in the following assemblies:
|
|
//
|
|
// * virt/virtual_machines/creating_vm/virt-configuring-ibm-secure-execution-vms-ibm-z.adoc
|
|
|
|
:_mod-docs-content-type: PROCEDURE
|
|
[id="virt-enabling-vms-ibm-secure-execution-ibm-z_{context}"]
|
|
= Enabling VMs to run {ibm-title} Secure Execution on {ibm-z-title} and {ibm-linuxone-title}
|
|
|
|
[role="_abstract"]
|
|
To enable {ibm-name} Secure Execution virtual machines (VMs) on {ibm-z-name} and {ibm-linuxone-name} on the compute nodes of your cluster, you must ensure that you meet the prerequisites and complete the following steps.
|
|
|
|
.Prerequisites
|
|
|
|
* Your cluster has logical partition (LPAR) nodes running on {ibm-name} z15 or later, or {ibm-linuxone-name} III or later.
|
|
* You have {ibm-name} Secure Execution workloads available to run on the cluster.
|
|
* You have installed the {oc-first}.
|
|
|
|
.Procedure
|
|
|
|
. To run {ibm-name} Secure Execution VMs, you must add the `prot_virt=1` kernel parameter for each compute node. To enable all compute nodes, create a file named `secure-execution.yaml` that contains the following machine config manifest:
|
|
+
|
|
[source,yaml]
|
|
----
|
|
apiVersion: machineconfiguration.openshift.io/v1
|
|
kind: MachineConfig
|
|
metadata:
|
|
name: secure-execution
|
|
labels:
|
|
machineconfiguration.openshift.io/role: worker
|
|
spec:
|
|
kernelArguments:
|
|
- prot_virt=1
|
|
----
|
|
+
|
|
where:
|
|
+
|
|
`prot_virt=1`:: Specifies that the ultravisor can store memory security information.
|
|
|
|
. Apply the changes by running the following command:
|
|
+
|
|
[source,terminal]
|
|
----
|
|
$ oc apply -f secure-execution.yaml
|
|
----
|
|
+
|
|
The Machine Config Operator (MCO) applies the changes and reboots the nodes in a controlled rollout.
|