openshift/openshift-docs
1
0
Fork 0
mirror of https://github.com/openshift/openshift-docs.git synced 2026-02-05 12:46:18 +01:00
Code Issues Releases Activity
Files
cd8bbd6a35437793ea8230c633ee933baa430e89
openshift-docs/modules/installing-ocp-agent-encrypt.adoc
Sebastian Kopacz 9170c7d06f OCPBUGS-59346: Agent encryption note
2025-07-24 13:52:53 +00:00

62 lines
2.2 KiB
Plaintext
Raw Blame History

// Module included in the following assemblies:
//
// * installing/installing-with-agent-based-installer/installing-with-agent-based-installer.adoc
:_mod-docs-content-type: PROCEDURE
[id="installing-ocp-agent-encrypt_{context}"]
= Encrypting the disk
As an optional task, you can use this procedure to encrypt your disk or partition while installing {product-title} with the Agent-based Installer.
[IMPORTANT]
====
If there are leftover TPM encryption keys from a previous operating system on the bare-metal host, the cluster deployment can get stuck.
To avoid this situation, it is highly recommended to reset the TPM chip in the BIOS before booting the ISO.
====
.Prerequisites
* You have created and configured the `install-config.yaml` and `agent-config.yaml` files, unless you are using ZTP manifests.
* You have placed the `openshift-install` binary in a directory that is on your `PATH`.
.Procedure
. Generate ZTP cluster manifests by running the following command:
+
[source,terminal]
----
$ openshift-install agent create cluster-manifests --dir <installation_directory>
----
+
[IMPORTANT]
====
If you have created the `install-config.yaml` and `agent-config.yaml` files, those files are deleted and replaced by the cluster manifests generated through this command.
Any configurations made to the `install-config.yaml` and `agent-config.yaml` files are imported to the ZTP cluster manifests when you run the `openshift-install agent create cluster-manifests` command.
====
+
[NOTE]
====
If you have already generated ZTP manifests, skip this step.
====
. Navigate to the `cluster-manifests` directory by running the following command:
+
[source,terminal]
----
$ cd <installation_directory>/cluster-manifests
----
. Add the following section to the `agent-cluster-install.yaml` file:
+
[source,yaml]
----
diskEncryption:
enableOn: all <1>
mode: tang <2>
tangServers: "server1": "http://tang-server-1.example.com:7500" <3>
----
<1> Specify which nodes to enable disk encryption on. Valid values are `none`, `all`, `masters`, and `workers`.
<2> Specify which disk encryption mode to use. Valid values are `tpmv2` and `tang`.
<3> Optional: If you are using Tang, specify the Tang servers.
View Git Blame Copy Permalink