Run the Playbooks#

Overview#

For installing disconnected clusters, you will mostly be following rhe same process as a standard connected cluster.

The main additional steps we would be doing is mirroring the OCP images to another registry which is accessible to the cluster and post the cluster coming up, we will be applying operator hub manifests such as image content source policy and catalog source, generated by oc-mirror, to the cluster.

Disconnected playbook are mentioned below. Please refer the 4 Run the Playbooks documentation for details of rest of the playbooks:

  • disconnected_mirror_artifacts.yaml (code) - Run before 6_create_nodes.yaml
  • disconnected_apply_operator_manifests.yaml (code) - Run after 7_ocp_verification.yaml.

Pre-requisites#

  • A running registry where the OCP and operator hub images will be mirrored. If the CA of this registry is not automatically trusted, then keep the CA cert content handy to update in inventory file. The CA cert is the file with which, do dont need to skip tls to access the registry.

  • Make sure you have required pull secrets handy. You will need 2 pull secrets, one to apply on the cluster and another which will be used for mirroring. The mirroring pull secret MUST have push access to the mirror registry as well as must give you access to Red Hat registries. A good way to create this would be take the Red Hat pull secret from Get Info page and do a podman login with creds having write access.

    cp -avrf /path/to/redhat-pull-secrets.json ./mirror-secret.json podman login -u admin -p admin <mirror_registry> --tls-verify=false --authfile=./mirror-secret.json cat ./mirror-secret.json | jq -r tostring <copy this output>

  • A mirror host. This can be any host that can access the internet (mainly the registry being mirrored from) as well as the registry being mirrored to. This registries being mirrored from would typically be the Red Hat registries (registry.redhat.io, quay.io etc)

  • The file server, configured mentioned below.
  • Appropriately updated variables in your disconnected.yaml. Refer the variables documentation.

File Server#

This configuration will take place on the file server mentioned under File Server section in overall pre-requisites documentaion. The additional configurations are mentioned over here.

  • Make sure to have a directory housing the clients

    • For FTP:

    sudo mkdir /home/<username>/clients

    • or HTTP:

    sudo mkdir /var/www/html/clients

Make sure this directory contains a pre-downloaded oc-mirror binary in tar.gz format. Currently the supported binary is available for x86_64 on Red Hat Customer portal openshift downloads page. It can also be found on mirror.openshift.com from 4.14 onwards for other architectures.

NOTE#

  • At this stage, only oc-mirror binary is fetched from File Server, so it is expected that the lpar for disconnected cluster can at least reach mirror.openshift.com to download the other artifacts for cluster installation.
  • The platform related image content source policy will be baked into the install config as part of 5 Setup Bastion Playbook.
  • For platform content, mirroring is supported both using oc-mirror plugin as well as legacy way.
  • oc-mirror is used as default alhough it is possible to switch to using the legacy way of mirroing platform seperately as well. NOTE: Only legacy way supports specifying your own org on the registry for the ocp images.
  • Manifests generated by oc-mirror will be applied to the cluster once it is up.

Disconnected Mirror Artifacts Playbook#

Overview#

Mirror the ocp platform and other necessary images to the mirror registry. Please run this playbook before you run 6 Create Nodes Playbook and after 0 Setup Playbook.

Outcomes#

  • Download oc and oc-mirror to the mirror host.
  • Template the mirror pull secret to the mirror host.
  • Add the ca cert to the mirror host anchors if ca is not trusted.
  • Mirror the platform images using oc adm release mirror if legacy mirroring is enabled.
  • Template the image set to mirror host and then mirror it using oc-mirror plogin.
  • Copy the results on the oc-mirror to ansible controller to apply to cluster in future steps.

Notes#

  • Platform can be mirrored both using oc-mirror as well as legacy way, using oc adm catalog mirror.
  • oc-mirror is default method but you can also use legacy mirroring. oc-mirror manifests will be only be applied on the cluster, post verification using below playbook.
  • This playbook can be run at any stage after the 0 Setup playbook. Make sure to run this before the cluster starts pulling at the images from the registry which typically happens where the Create Nodes Playbook is run.

Disconnected apply oc mirror manifests to cluster Playbook#

Overview#

Post cluster creation, oc-mirror manifests are applied to the cluster. Please run this playbook after 7 OCP Verification Playbook.

Outcomes#

  • Copy the oc-mirror results manifests to the bastion.
  • Apply the copied manifests to the cluster.
  • Disable default content sources.