mirror of
https://github.com/openshift/openshift-docs.git
synced 2026-02-05 12:46:18 +01:00
152 lines
5.1 KiB
Plaintext
152 lines
5.1 KiB
Plaintext
// Module included in the following assemblies:
|
|
//
|
|
// * installing/installing_nutanix/installing-nutanix-installer-provisioned.adoc
|
|
// * installing/installing-restricted-networks-nutanix-installer-provisioned.adoc
|
|
|
|
:_mod-docs-content-type: PROCEDURE
|
|
[id="manually-create-iam-nutanix_{context}"]
|
|
= Configuring IAM for Nutanix
|
|
|
|
Installing the cluster requires that the Cloud Credential Operator (CCO) operate in manual mode. While the installation program configures the CCO for manual mode, you must specify the identity and access management secrets.
|
|
|
|
.Prerequisites
|
|
|
|
* You have configured the `ccoctl` binary.
|
|
|
|
* You have an `install-config.yaml` file.
|
|
|
|
.Procedure
|
|
|
|
. Create a YAML file that contains the credentials data in the following format:
|
|
+
|
|
.Credentials data format
|
|
[source,yaml]
|
|
----
|
|
credentials:
|
|
- type: basic_auth <1>
|
|
data:
|
|
prismCentral: <2>
|
|
username: <username_for_prism_central>
|
|
password: <password_for_prism_central>
|
|
prismElements: <3>
|
|
- name: <name_of_prism_element>
|
|
username: <username_for_prism_element>
|
|
password: <password_for_prism_element>
|
|
----
|
|
<1> Specify the authentication type. Only basic authentication is supported.
|
|
<2> Specify the Prism Central credentials.
|
|
<3> Optional: Specify the Prism Element credentials.
|
|
|
|
. Set a `$RELEASE_IMAGE` variable with the release image from your installation file by running the following command:
|
|
+
|
|
[source,terminal]
|
|
----
|
|
$ RELEASE_IMAGE=$(./openshift-install version | awk '/release image/ {print $3}')
|
|
----
|
|
|
|
. Extract the list of `CredentialsRequest` custom resources (CRs) from the {product-title} release image by running the following command:
|
|
+
|
|
[source,terminal]
|
|
----
|
|
$ oc adm release extract \
|
|
--from=$RELEASE_IMAGE \
|
|
--credentials-requests \
|
|
--included \// <1>
|
|
--install-config=<path_to_directory_with_installation_configuration>/install-config.yaml \// <2>
|
|
--to=<path_to_directory_for_credentials_requests> <3>
|
|
----
|
|
<1> The `--included` parameter includes only the manifests that your specific cluster configuration requires.
|
|
<2> Specify the location of the `install-config.yaml` file.
|
|
<3> Specify the path to the directory where you want to store the `CredentialsRequest` objects. If the specified directory does not exist, this command creates it.
|
|
+
|
|
.Sample `CredentialsRequest` object
|
|
[source,yaml]
|
|
----
|
|
apiVersion: cloudcredential.openshift.io/v1
|
|
kind: CredentialsRequest
|
|
metadata:
|
|
annotations:
|
|
include.release.openshift.io/self-managed-high-availability: "true"
|
|
labels:
|
|
controller-tools.k8s.io: "1.0"
|
|
name: openshift-machine-api-nutanix
|
|
namespace: openshift-cloud-credential-operator
|
|
spec:
|
|
providerSpec:
|
|
apiVersion: cloudcredential.openshift.io/v1
|
|
kind: NutanixProviderSpec
|
|
secretRef:
|
|
name: nutanix-credentials
|
|
namespace: openshift-machine-api
|
|
----
|
|
|
|
. Use the `ccoctl` tool to process all `CredentialsRequest` objects by running the following command:
|
|
+
|
|
[source,terminal]
|
|
----
|
|
$ ccoctl nutanix create-shared-secrets \
|
|
--credentials-requests-dir=<path_to_credentials_requests_directory> \// <1>
|
|
--output-dir=<ccoctl_output_dir> \// <2>
|
|
--credentials-source-filepath=<path_to_credentials_file> <3>
|
|
----
|
|
+
|
|
<1> Specify the path to the directory that contains the files for the component `CredentialsRequests` objects.
|
|
<2> Optional: Specify the directory in which you want the `ccoctl` utility to create objects. By default, the utility creates objects in the directory in which the commands are run.
|
|
<3> Optional: Specify the directory that contains the credentials data YAML file. By default, `ccoctl` expects this file to be in `<home_directory>/.nutanix/credentials`.
|
|
|
|
. Edit the `install-config.yaml` configuration file so that the `credentialsMode` parameter is set to `Manual`.
|
|
+
|
|
.Example `install-config.yaml` configuration file
|
|
[source,yaml]
|
|
----
|
|
apiVersion: v1
|
|
baseDomain: cluster1.example.com
|
|
credentialsMode: Manual <1>
|
|
...
|
|
----
|
|
<1> Add this line to set the `credentialsMode` parameter to `Manual`.
|
|
|
|
. Create the installation manifests by running the following command:
|
|
+
|
|
[source,terminal]
|
|
----
|
|
$ openshift-install create manifests --dir <installation_directory> <1>
|
|
----
|
|
<1> Specify the path to the directory that contains the `install-config.yaml` file for your cluster.
|
|
|
|
. Copy the generated credential files to the target manifests directory by running the following command:
|
|
+
|
|
[source,terminal]
|
|
----
|
|
$ cp <ccoctl_output_dir>/manifests/*credentials.yaml ./<installation_directory>/manifests
|
|
----
|
|
|
|
.Verification
|
|
|
|
* Ensure that the appropriate secrets exist in the `manifests` directory.
|
|
+
|
|
[source,terminal]
|
|
----
|
|
$ ls ./<installation_directory>/manifests
|
|
----
|
|
+
|
|
.Example output
|
|
[source,text]
|
|
----
|
|
cluster-config.yaml
|
|
cluster-dns-02-config.yml
|
|
cluster-infrastructure-02-config.yml
|
|
cluster-ingress-02-config.yml
|
|
cluster-network-01-crd.yml
|
|
cluster-network-02-config.yml
|
|
cluster-proxy-01-config.yaml
|
|
cluster-scheduler-02-config.yml
|
|
cvo-overrides.yaml
|
|
kube-cloud-config.yaml
|
|
kube-system-configmap-root-ca.yaml
|
|
machine-config-server-tls-secret.yaml
|
|
openshift-config-secret-pull-secret.yaml
|
|
openshift-cloud-controller-manager-nutanix-credentials-credentials.yaml
|
|
openshift-machine-api-nutanix-credentials-credentials.yaml
|
|
----
|