OLS-1903: OCP docs update, week of 2025/07/07

Author: syedriko

ocp-product-docs-plaintext/4.15/installing/installing_bare_metal/installing-bare-metal-network-customizations.txt

@@ -1790,7 +1790,7 @@ $ coreos-installer install \
 ```
 
 The desired secondary console. In this case, the graphical console. Omitting this option will disable the graphical console.
-The desired primary console. In this case the serial console. The options field defines the baud rate and other settings. A common value for this field is 11520n8. If no options are provided, the default kernel value of 9600n8 is used. For more information on the format of this option, see Linux kernel serial console documentation.
+The desired primary console. In this case the serial console. The options field defines the baud rate and other settings. A common value for this field is 115200n8. If no options are provided, the default kernel value of 9600n8 is used. For more information on the format of this option, see Linux kernel serial console documentation.
 3. Reboot into the installed system.
 
 [NOTE]

ocp-product-docs-plaintext/4.15/installing/installing_bare_metal/installing-bare-metal.txt

@@ -1779,7 +1779,7 @@ $ coreos-installer install \
 ```
 
 The desired secondary console. In this case, the graphical console. Omitting this option will disable the graphical console.
-The desired primary console. In this case the serial console. The options field defines the baud rate and other settings. A common value for this field is 11520n8. If no options are provided, the default kernel value of 9600n8 is used. For more information on the format of this option, see Linux kernel serial console documentation.
+The desired primary console. In this case the serial console. The options field defines the baud rate and other settings. A common value for this field is 115200n8. If no options are provided, the default kernel value of 9600n8 is used. For more information on the format of this option, see Linux kernel serial console documentation.
 3. Reboot into the installed system.
 
 [NOTE]

ocp-product-docs-plaintext/4.15/installing/installing_bare_metal/installing-restricted-networks-bare-metal.txt

@@ -1765,7 +1765,7 @@ $ coreos-installer install \
 ```
 
 The desired secondary console. In this case, the graphical console. Omitting this option will disable the graphical console.
-The desired primary console. In this case the serial console. The options field defines the baud rate and other settings. A common value for this field is 11520n8. If no options are provided, the default kernel value of 9600n8 is used. For more information on the format of this option, see Linux kernel serial console documentation.
+The desired primary console. In this case the serial console. The options field defines the baud rate and other settings. A common value for this field is 115200n8. If no options are provided, the default kernel value of 9600n8 is used. For more information on the format of this option, see Linux kernel serial console documentation.
 3. Reboot into the installed system.
 
 [NOTE]

ocp-product-docs-plaintext/4.15/networking/configuring_ingress_cluster_traffic/configuring-ingress-cluster-traffic-aws.txt

@@ -16,10 +16,13 @@ If the timeout period of the CLB is shorter than the route timeout or Ingress Co
 
 ## Configuring route timeouts
 
-You can configure the default timeouts for an existing route when you
-have services in need of a low timeout, which is required for Service Level
-Availability (SLA) purposes, or a high timeout, for cases with a slow
-back end.
+You can configure the default timeouts for an existing route when you have services in need of a low timeout, which is required for Service Level Availability (SLA) purposes, or a high timeout, for cases with a slow back end.
+
+
+[IMPORTANT]
+----
+If you configured a user-managed external load balancer in front of your Red Hat OpenShift Container Platform cluster, ensure that the timeout value for the user-managed external load balancer is higher than the timeout value for the route. This configuration prevents network congestion issues over the network that your cluster uses.
+----
 
 * You need a deployed Ingress Controller on a running cluster.
 
@@ -30,10 +33,9 @@ $ oc annotate route <route_name> \
     --overwrite haproxy.router.openshift.io/timeout=<timeout><time_unit> 1
 ```
 
-Supported time units are microseconds (us), milliseconds (ms), seconds (s),
-minutes (m), hours (h), or days (d).
+Supported time units are microseconds (us), milliseconds (ms), seconds (s), minutes (m), hours (h), or days (d).
 
-The following example sets  a timeout of two seconds on a route named myroute:
+The following example sets a timeout of two seconds on a route named myroute:
 
 ```terminal
 $ oc annotate route myroute --overwrite haproxy.router.openshift.io/timeout=2s

ocp-product-docs-plaintext/4.15/networking/ovn_kubernetes_network_provider/configuring-ipsec-ovn.txt

@@ -3,6 +3,15 @@
 
 By enabling IPsec, you can encrypt both internal pod-to-pod cluster traffic between nodes and external traffic between pods and IPsec endpoints external to your cluster. All pod-to-pod network traffic between nodes on the OVN-Kubernetes cluster network is encrypted with IPsec in Transport mode.
 IPsec is disabled by default. You can enable IPsec either during or after installing the cluster. For information about cluster installation, see Red Hat OpenShift Container Platform installation overview.
+
+[NOTE]
+----
+Upgrading your cluster to Red Hat OpenShift Container Platform 4.15 when the libreswan and NetworkManager-libreswan packages have different Red Hat OpenShift Container Platform versions causes two consecutive compute node reboot operations. For the first reboot, the Cluster Network Operator (CNO) applies the IPsec configuration to compute nodes. For the second reboot, the Machine Config Operator (MCO) applies the latest machine configs to the cluster.
+To combine the CNO and MCO updates into a single node reboot, complete the following tasks:
+* Before upgrading your cluster, set the paused parameter to true in the MachineConfigPools custom resource (CR) that groups compute nodes.
+* After you upgrade your cluster, set the parameter to false.
+For more information, see Performing a Control Plane Only update.
+----
 The following support limitations exist for IPsec on a Red Hat OpenShift Container Platform cluster:
 * On IBM Cloud(R), IPsec supports only NAT-T. Encapsulating Security Payload (ESP) is not supported on this platform.
 * If your cluster uses hosted control planes for Red Hat Red Hat OpenShift Container Platform, IPsec is not supported for IPsec encryption of either pod-to-pod or traffic to external hosts.
@@ -472,4 +481,4 @@ $ oc patch networks.operator.openshift.io cluster --type=merge \
 * Installing Butane
 * About the OVN-Kubernetes Container Network Interface (CNI) network plugin
 * Changing the MTU for the cluster network
-* Network [operator.openshift.io/v1] API
+* xref:../../rest_api/operator_apis/network-operator-openshift-io-v1.adoc#network-operator-openshift-io-v1[Network [operator.openshift.io/v1\] API

ocp-product-docs-plaintext/4.15/networking/ovn_kubernetes_network_provider/migrate-from-openshift-sdn.txt

@@ -3,8 +3,9 @@
 
 As a cluster administrator, you can migrate to the OVN-Kubernetes network plugin from the OpenShift software-defined networking (SDN) plugin.
 The following methods exist for migrating from the OpenShift SDN network plugin to the OVN-Kubernetes plugin:
-Limited live migration (preferred method):: This is an automated process that migrates your cluster from OpenShift SDN to OVN-Kubernetes.
+Ansible playbook:: The Ansible playbook method automates the offline migration method steps. This method has the same usage scenarios as the manual offline migration method.
 Offline migration:: This is a manual process that includes some downtime. This method is primarily used for self-managed Red Hat OpenShift Container Platform deployments, and consider using this method when you cannot perform a limited live migration to the OVN-Kubernetes network plugin.
+Limited live migration (Preferred method):: This is an automated process that migrates your cluster from OpenShift SDN to OVN-Kubernetes.
 
 [WARNING]
 ----
@@ -623,7 +624,7 @@ The following table shows you the available metrics and the label values populat
 
 # Offline migration to the OVN-Kubernetes network plugin overview
 
-The offline migration method is a manual process that includes some downtime, during which your cluster is unreachable. This method is primarily used for self-managed Red Hat OpenShift Container Platform deployments, and is an alternative to the limited live migration procedure. It should be used in the event that you cannot perform a limited live migration to the OVN-Kubernetes network plugin.
+The offline migration method is a manual process that includes some downtime, during which your cluster is unreachable. You can use an Ansible playbook that automates the offline migration steps so that you can save time. These methods are primarily used for self-managed Red Hat OpenShift Container Platform deployments, and are an alternative to the limited live migration procedure. Use these methods only when you cannot perform a limited live migration to the OVN-Kubernetes network plugin.
 
 Although a rollback procedure is provided, the offline migration is intended to be a one-way process.
 
@@ -635,13 +636,13 @@ OpenShift SDN CNI is deprecated as of Red Hat OpenShift Container Platform 4.14.
 
 The following sections provide more information about the offline migration method.
 
-## Supported platforms when using the offline migration method
+## Supported platforms when using the offline migration methods
 
-The following table provides information about the supported platforms for the offline migration type.
+The following table provides information about the supported platforms for the manual offline migration type.
 
 
 
-## Considerations for offline migration to the OVN-Kubernetes network plugin
+## Considerations for the offline migration methods to the OVN-Kubernetes network plugin
 
 If you have more than 150 nodes in your Red Hat OpenShift Container Platform cluster, then open a support case for consultation on your migration to the OVN-Kubernetes network plugin.
 
@@ -732,6 +733,101 @@ The following table summarizes the migration process by segmenting between the u
 
 
 
+## Using an Ansible playbook to migrate to the OVN-Kubernetes network plugin
+
+As a cluster administrator, you can use an Ansible collection, network.offline_migration_sdn_to_ovnk, to migrate from the OpenShift SDN Container Network Interface (CNI) network plugin to the OVN-Kubernetes plugin for your cluster. The Ansible collection includes the following playbooks:
+
+* playbooks/playbook-migration.yml: Includes playbooks that execute in a sequence where each playbook represents a step in the migration process.
+* playbooks/playbook-rollback.yml: Includes playbooks that execute in a sequence where each playbook represents a step in the rollback process.
+
+* You installed the python3 package, minimum version 3.10.
+* You installed the jmespath and jq packages.
+* You logged in to the Red Hat Hybrid Cloud Console and opened the Ansible Automation Platform web console.
+* You created a security group rule that allows User Datagram Protocol (UDP) packets on port 6081 for all nodes on all cloud platforms. If you do not do this task, your cluster might fail to schedule pods.
+* If the OpenShift-SDN plugin uses the 100.64.0.0/16 and 100.88.0.0/16 address ranges, you patched the address ranges. For more information, see "Patching OVN-Kubernetes address ranges" in the Additional resources section.
+
+1. Install the ansible-core package, minimum version 2.15. The following example command shows how to install the ansible-core package on Red Hat Enterprise Linux (RHEL):
+
+```terminal
+$ sudo dnf install -y ansible-core
+```
+
+2. Create an ansible.cfg file and add information similar to the following example to the file. Ensure that file exists in the same directory as where the ansible-galaxy commands and the playbooks run.
+
+```ini
+$ cat << EOF >> ansible.cfg
+[galaxy]
+server_list = automation_hub, validated
+
+[galaxy_server.automation_hub]
+url=https://console.redhat.com/api/automation-hub/content/published/
+auth_url=https://sso.redhat.com/auth/realms/redhat-external/protocol/openid-connect/token
+token=
+
+#[galaxy_server.release_galaxy]
+#url=https://galaxy.ansible.com/
+
+[galaxy_server.validated]
+url=https://console.redhat.com/api/automation-hub/content/validated/
+auth_url=https://sso.redhat.com/auth/realms/redhat-external/protocol/openid-connect/token
+token=
+EOF
+```
+
+3. From the Ansible Automation Platform web console, go to the Connect to Hub page and complete the following steps:
+1. In the Offline token section of the page, click the Load token button.
+2. After the token loads, click the Copy to clipboard icon.
+3. Open the ansible.cfg file and paste the API token in the token= parameter. The API token is required for authenticating against the server URL specified in the ansible.cfg file.
+4. Install the network.offline_migration_sdn_to_ovnk Ansible collection by entering the following ansible-galaxy command:
+
+```terminal
+$ ansible-galaxy collection install network.offline_migration_sdn_to_ovnk
+```
+
+5. Verify that the network.offline_migration_sdn_to_ovnk Ansible collection is installed on your system:
+
+```terminal
+$ ansible-galaxy collection list | grep network.offline_migration_sdn_to_ovnk
+```
+
+Example output
+
+```terminal
+network.offline_migration_sdn_to_ovnk   1.0.2
+```
+
+
+The network.offline_migration_sdn_to_ovnk Ansible collection is saved in the default path of ~/.ansible/collections/ansible_collections/network/offline_migration_sdn_to_ovnk/.
+6. Configure migration features in the playbooks/playbook-migration.yml file:
+
+```yaml
+# ...
+    migration_interface_name: eth0
+    migration_disable_auto_migration: true
+    migration_egress_ip: false
+    migration_egress_firewall: false
+    migration_multicast: false
+    migration_mtu: 1400
+    migration_geneve_port: 6081
+    migration_ipv4_subnet: "100.64.0.0/16"
+# ...
+```
+
+migration_interface_name:: If you use an NodeNetworkConfigurationPolicy (NNCP) resource on a primary interface, specify the interface name in the migration-playbook.yml file so that the NNCP resource gets deleted on the primary interface during the migration process.
+migration_disable_auto_migration:: Disables the auto-migration of OpenShift SDN CNI plug-in features to the OVN-Kubernetes plugin. If you disable auto-migration of features, you must also set the migration_egress_ip, migration_egress_firewall, and migration_multicast parameters to false. If you need to enable auto-migration of features, set the parameter to false.
+migration_mtu:: Optional parameter that sets a specific maximum transmission unit (MTU) to your cluster network after the migration process.
+migration_geneve_port:: Optional parameter that sets a Geneve port for OVN-Kubernetes. The default port is 6081.
+migration_ipv4_subnet:: Optional parameter that sets an IPv4 address range for internal use by OVN-Kubernetes. The default value for the parameter is 100.64.0.0/16.
+7. To run the playbooks/playbook-migration.yml file, enter the following command:
+
+```terminal
+$ ansible-playbook -v playbooks/playbook-migration.yml
+```
+
+
+* Patching OVN-Kubernetes address ranges
+* Getting started with playbooks (Red Hat Ansible Automation Platform documentation)
+
 ## Migrating to the OVN-Kubernetes network plugin by using the offline migration method
 
 As a cluster administrator, you can change the network plugin for your cluster to OVN-Kubernetes. During the migration, you must reboot every node in your cluster.
@@ -891,7 +987,8 @@ $ oc patch Network.operator.openshift.io cluster --type=merge \
         "ovnKubernetesConfig":{
           "mtu":<mtu>,
           "genevePort":<port>,
-          "v4InternalSubnet":"<ipv4_subnet>"
+          "ipv4":
+            "InternalJoinSubnet": "<ipv4_subnet>"
     }}}}'
 ```
 

ocp-product-docs-plaintext/4.15/networking/ovn_kubernetes_network_provider/rollback-to-openshift-sdn.txt

@@ -316,6 +316,92 @@ $ oc delete namespace openshift-ovn-kubernetes
 ```
 
 
+# Using an Ansible playbook to roll back to the OpenShift SDN network plugin
+
+As a cluster administrator, you can use the playbooks/playbook-rollback.yml from the network.offline_migration_sdn_to_ovnk Ansible collection to roll back from the OVN-Kubernetes plugin to the OpenShift SDN Container Network Interface (CNI) network plugin.
+
+* You installed the python3 package, minimum version 3.10.
+* You installed the jmespath and jq packages.
+* You logged in to the Red Hat Hybrid Cloud Console and opened the Ansible Automation Platform web console.
+* You created a security group rule that allows User Datagram Protocol (UDP) packets on port 6081 for all nodes on all cloud platforms. If you do not do this task, your cluster might fail to schedule pods.
+
+1. Install the ansible-core package, minimum version 2.15. The following example command shows how to install the ansible-core package on Red Hat Enterprise Linux (RHEL):
+
+```terminal
+$ sudo dnf install -y ansible-core
+```
+
+2. Create an ansible.cfg file and add information similar to the following example to the file. Ensure that file exists in the same directory as where the ansible-galaxy commands and the playbooks run.
+
+```ini
+$ cat << EOF >> ansible.cfg
+[galaxy]
+server_list = automation_hub, validated
+
+[galaxy_server.automation_hub]
+url=https://console.redhat.com/api/automation-hub/content/published/
+auth_url=https://sso.redhat.com/auth/realms/redhat-external/protocol/openid-connect/token
+token=
+
+#[galaxy_server.release_galaxy]
+#url=https://galaxy.ansible.com/
+
+[galaxy_server.validated]
+url=https://console.redhat.com/api/automation-hub/content/validated/
+auth_url=https://sso.redhat.com/auth/realms/redhat-external/protocol/openid-connect/token
+token=
+EOF
+```
+
+3. From the Ansible Automation Platform web console, go to the Connect to Hub page and complete the following steps:
+1. In the Offline token section of the page, click the Load token button.
+2. After the token loads, click the Copy to clipboard icon.
+3. Open the ansible.cfg file and paste the API token in the token= parameter. The API token is required for authenticating against the server URL specified in the ansible.cfg file.
+4. Install the network.offline_migration_sdn_to_ovnk Ansible collection by entering the following ansible-galaxy command:
+
+```terminal
+$ ansible-galaxy collection install network.offline_migration_sdn_to_ovnk
+```
+
+5. Verify that the network.offline_migration_sdn_to_ovnk Ansible collection is installed on your system:
+
+```terminal
+$ ansible-galaxy collection list | grep network.offline_migration_sdn_to_ovnk
+```
+
+Example output
+
+```terminal
+network.offline_migration_sdn_to_ovnk   1.0.2
+```
+
+
+The network.offline_migration_sdn_to_ovnk Ansible collection is saved in the default path of ~/.ansible/collections/ansible_collections/network/offline_migration_sdn_to_ovnk/.
+6. Configure rollback features in the playbooks/playbook-migration.yml file:
+
+```terminal
+# ...
+    rollback_disable_auto_migration: true
+    rollback_egress_ip: false
+    rollback_egress_firewall: false
+    rollback_multicast: false
+    rollback_mtu: 1400
+    rollback_vxlanPort: 4790
+# ...
+```
+
+rollback_disable_auto_migration:: Disables the auto-migration of OVN-Kubernetes plug-in features to the OpenShift SDN CNI plug-in. If you disable auto-migration of features, you must also set the rollback_egress_ip, rollback_egress_firewall, and rollback_multicast parameters to false. If you need to enable auto-migration of features, set the parameter to false.
+rollback_mtu:: Optional parameter that sets a specific maximum transmission unit (MTU) to your cluster network after the migration process.
+rollback_vxlanPort:: Optional parameter that sets a VXLAN (Virtual Extensible LAN) port for use by OpenShift SDN CNI plug-in. The default value for the parameter is 4790.
+7. To run the playbooks/playbook-rollback.yml file, enter the following command:
+
+```terminal
+$ ansible-playbook -v playbooks/playbook-rollback.yml
+```
+
+
+* Patching OVN-Kubernetes address ranges
+
 # Using the limited live migration method to roll back to the OpenShift SDN network plugin
 
 As a cluster administrator, you can roll back to the OpenShift SDN Container Network Interface (CNI) network plugin by using the limited live migration method. During the migration with this method, nodes are automatically rebooted and service to the cluster is not interrupted.