Merge pull request #40896 from codyhoag/rhel-support-and-removal

codyhoag · web-flow · commit 108fa0f6963b · 2022-02-07T14:12:16.000-05:00
OSDOCS-3149 RHEL 8 compute node docs
diff --git a/installing/installing-fips.adoc b/installing/installing-fips.adoc
@@ -26,13 +26,13 @@ Because FIPS must be enabled before the operating system that your cluster uses
 |Attributes
 |Limitations
 
-|FIPS support in {op-system-base} 7, {op-system-base} 8, and {op-system} operating systems.
+|FIPS support in {op-system-base} 8 and {op-system} operating systems.
 .3+|The FIPS implementation does not offer a single function that both computes hash functions and validates the keys that are based on that hash. This limitation will continue to be evaluated and improved in future {product-title} releases.
 
 |FIPS support in CRI-O runtimes.
 |FIPS support in {product-title} services.
 
-|FIPS Validated / Modules in Process cryptographic module and algorithms that are obtained from {op-system-base} 7, {op-system-base} 8, and {op-system} binaries and images.
+|FIPS Validated / Modules in Process cryptographic module and algorithms that are obtained from {op-system-base} 8 and {op-system} binaries and images.
 |
 
 |Use of FIPS compatible golang compiler.
@@ -84,4 +84,4 @@ If you are using Azure File storage, you cannot enable FIPS mode.
 
 To apply `AES CBC` encryption to your etcd data store, follow the xref:../security/encrypting-etcd.adoc#encrypting-etcd[Encrypting etcd data] process after you install your cluster.
 
-If you add {op-system-base} nodes to your cluster, ensure that you enable FIPS mode on the machines before their initial boot. See xref:../machine_management/adding-rhel-compute.adoc#adding-rhel-compute[Adding RHEL compute machines to an {product-title} cluster] and link:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/security_guide/chap-federal_standards_and_regulations#sec-Enabling-FIPS-Mode[Enabling FIPS Mode] in the {op-system-base} 7 documentation or link:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/security_hardening/using-the-system-wide-cryptographic-policies_security-hardening#enabling-fips-mode-in-a-container_using-the-system-wide-cryptographic-policies[Enabling FIPS Mode] in the {op-system-base} 8 documentation
+If you add {op-system-base} nodes to your cluster, ensure that you enable FIPS mode on the machines before their initial boot. See xref:../machine_management/adding-rhel-compute.adoc#adding-rhel-compute[Adding RHEL compute machines to an {product-title} cluster] and link:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/security_hardening/using-the-system-wide-cryptographic-policies_security-hardening#enabling-fips-mode-in-a-container_using-the-system-wide-cryptographic-policies[Enabling FIPS Mode] in the {op-system-base} 8 documentation.
diff --git a/modules/creating-machines-bare-metal.adoc b/modules/creating-machines-bare-metal.adoc
@@ -13,7 +13,7 @@ To install {op-system} on the machines, follow either the steps to use an ISO im
 
 [NOTE]
 ====
-The compute node deployment steps included in this installation document are {op-system}-specific. If you choose instead to deploy {op-system-base}-based compute nodes, you take responsibility for all operating system life cycle management and maintenance, including performing system updates, applying patches, and completing all other required tasks. Use of {op-system-base} 7 compute machines is deprecated and planned for removal in a future release of {product-title} 4.
+The compute node deployment steps included in this installation document are {op-system}-specific. If you choose instead to deploy {op-system-base}-based compute nodes, you take responsibility for all operating system life cycle management and maintenance, including performing system updates, applying patches, and completing all other required tasks. Only {op-system-base} 8 compute machines are supported.
 ====
 
 You can configure {op-system} during ISO and PXE installations by using the following methods:
diff --git a/modules/installation-requirements-user-infra.adoc b/modules/installation-requirements-user-infra.adoc
@@ -99,7 +99,7 @@ these cluster machines.
 endif::ibm-z[]
 ====
 
-The bootstrap and control plane machines must use {op-system-first} as the operating system. However, the compute machines can choose between {op-system-first}, {op-system-base-full} 7.9, or {op-system-base} 8.4.
+The bootstrap and control plane machines must use {op-system-first} as the operating system. However, the compute machines can choose between {op-system-first}, {op-system-base} 8.4, or {op-system-base} 8.5.
 
 ifndef::openshift-origin[]
 Note that {op-system} is based on {op-system-base-full} 8 and inherits all of its hardware certifications and requirements.
@@ -169,7 +169,7 @@ endif::ibm-z[]
 ifndef::openshift-origin[]
 |Compute
 ifdef::ibm-z,ibm-power[|{op-system}]
-ifndef::ibm-z,ibm-power[|{op-system}, {op-system-base} 7.9, or {op-system-base} 8.4 ^[3]^]
+ifndef::ibm-z,ibm-power[|{op-system}, {op-system-base} 8.4, or {op-system-base} 8.5 ^[3]^]
 |2
 |8 GB
 |100 GB
@@ -208,7 +208,7 @@ ifndef::ibm-z,bare-metal[]
 endif::ibm-z,bare-metal[]
 ifndef::ibm-z[]
 2. {product-title} and Kubernetes are sensitive to disk performance, and faster storage is recommended, particularly for etcd on the control plane nodes which require a 10 ms p99 fsync duration. Note that on many cloud platforms, storage size and IOPS scale together, so you might need to over-allocate storage volume to obtain sufficient performance.
-3. As with all user-provisioned installations, if you choose to use {op-system-base} compute machines in your cluster, you take responsibility for all operating system life cycle management and maintenance, including performing system updates, applying patches, and completing all other required tasks. Use of {op-system-base} 7 compute machines is deprecated and planned for removal in a future release of {product-title} 4.
+3. As with all user-provisioned installations, if you choose to use {op-system-base} compute machines in your cluster, you take responsibility for all operating system life cycle management and maintenance, including performing system updates, applying patches, and completing all other required tasks.
 endif::ibm-z[]
 --
 
diff --git a/modules/rhel-compute-requirements.adoc b/modules/rhel-compute-requirements.adoc
@@ -19,17 +19,17 @@ ifdef::openshift-origin[]
 ** Base OS: CentOS 7.4.
 endif::[]
 ifdef::openshift-enterprise,openshift-webscale[]
-** Base OS: link:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html-single/installation_guide/index[{op-system-base} 7.9] or link:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/performing_a_standard_rhel_installation/index[{op-system-base} 8.4] with "Minimal" installation option.
+** Base OS: link:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/performing_a_standard_rhel_installation/index[{op-system-base} 8.4 or 8.5] with "Minimal" installation option.
 +
 [IMPORTANT]
 ====
-Adding {op-system-base} 7 compute machines to an {product-title} cluster is deprecated. Deprecated functionality is still included in {product-title} and continues to be supported; however, it will be removed in a future release of this product and is not recommended for new deployments.
+Adding {op-system-base} 7 compute machines to an {product-title} cluster is not supported.
 
-In addition, you cannot upgrade your {op-system-base} 7 compute machines to {op-system-base} 8. You must deploy new {op-system-base} 8 hosts, and the old {op-system-base} 7 hosts should be removed. See the "Deleting nodes" section for more information.
+If you have {op-system-base} 7 compute machines that were previously supported in a past {product-title} version, you cannot upgrade them to {op-system-base} 8. You must deploy new {op-system-base} 8 hosts, and the old {op-system-base} 7 hosts should be removed. See the "Deleting nodes" section for more information.
 
 For the most recent list of major functionality that has been deprecated or removed within {product-title}, refer to the _Deprecated and removed features_ section of the {product-title} release notes.
 ====
-** If you deployed {product-title} in FIPS mode, you must enable FIPS on the {op-system-base} machine before you boot it. See link:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/security_guide/chap-federal_standards_and_regulations#sec-Enabling-FIPS-Mode[Enabling FIPS Mode] in the {op-system-base} 7 documentation.
+** If you deployed {product-title} in FIPS mode, you must enable FIPS on the {op-system-base} machine before you boot it. See link:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/security_hardening/assembly_installing-a-rhel-8-system-with-fips-mode-enabled_security-hardening[Installing a RHEL 8 system with FIPS mode enabled] in the {op-system-base} 8 documentation.
 
 [IMPORTANT]
 ====
diff --git a/modules/rhel-compute-updating.adoc b/modules/rhel-compute-updating.adoc
@@ -10,7 +10,7 @@ After you update your cluster, you must update the {op-system-base-full} compute
 
 [IMPORTANT]
 ====
-{op-system-base-full} version 7.9 and version 8.4 is supported for {op-system-base} worker (compute) machines.
+{op-system-base-full} versions 8.4 and 8.5 are supported for {op-system-base} compute machines.
 ====
 
 You can also update your compute machines to another minor version of {product-title} if you are using {op-system-base} as the operating system. You do not need to exclude any RPM packages from {op-system-base} when performing a minor version update.
@@ -20,8 +20,6 @@ You can also update your compute machines to another minor version of {product-t
 You cannot upgrade {op-system-base} 7 compute machines to {op-system-base} 8. You must deploy new {op-system-base} 8 hosts, and the old {op-system-base} 7 hosts should be removed.
 ====
 
-// TODO: This module needs to be updated to reflect RHEL 8 compute machines in 4.10. Because initial support for RHEL 8 starts in 4.9, and upgrading RHEL 7 -> 8 in-place is not supported, this is being left to reflect RHEL 7 upgrades.
-
 .Prerequisites
 
 * You updated your cluster.
@@ -54,10 +52,10 @@ By default, the base OS RHEL with "Minimal" installation option enables firewall
 +
 [source,terminal]
 ----
-# subscription-manager repos --disable=rhel-7-server-ose-4.8-rpms \
-                             --enable=rhel-7-server-ansible-2.9-rpms \
-                             --enable=rhel-7-server-ose-4.9-rpms
+# subscription-manager repos --disable=rhel-7-server-ose-4.9-rpms \
+                             --enable=rhel-7-server-ose-4.10-rpms
 ----
+// As of OCP 4.10 GA, there are no openshift-ansible el8 packages built for RHEL8, so QE advised that we still run the playbook on RHEL7 machines. 
 
 .. On the machine that you run the Ansible playbooks, update the required packages, including `openshift-ansible`:
 +
@@ -70,36 +68,13 @@ By default, the base OS RHEL with "Minimal" installation option enables firewall
 +
 [source,terminal]
 ----
-# subscription-manager repos --disable=rhel-7-server-ose-4.8-rpms \
-                             --enable=rhel-7-server-ose-4.9-rpms  \
-                             --enable=rhel-7-fast-datapath-rpms   \
-                             --enable=rhel-7-server-optional-rpms
+# subscription-manager repos --disable=rhocp-4.9-for-rhel-8-x86_64-rpms \
+                             --enable=rhocp-4.10-for-rhel-8-x86_64-rpms
 ----
 
 . Update a {op-system-base} worker machine:
-.. Review the current node status to determine which {op-system-base} worker to update:
-+
-[source,terminal]
-----
-# oc get node
-----
-+
-.Example output
-[source,terminal]
-----
-NAME                        STATUS                        ROLES    AGE    VERSION
-mycluster-control-plane-0   Ready                         master   145m   v1.23.0
-mycluster-control-plane-1   Ready                         master   145m   v1.23.0
-mycluster-control-plane-2   Ready                         master   145m   v1.23.0
-mycluster-rhel7-0           NotReady,SchedulingDisabled   worker   98m    v1.23.0
-mycluster-rhel7-1           Ready                         worker   98m    v1.23.0
-mycluster-rhel7-2           Ready                         worker   98m    v1.23.0
-mycluster-rhel7-3           Ready                         worker   98m    v1.23.0
-----
-+
-Note which machine has the `NotReady,SchedulingDisabled` status.
 
-.. Review your Ansible inventory file at `/<path>/inventory/hosts` and update its contents so that only the machine with the `NotReady,SchedulingDisabled` status is listed in the `[workers]` section, as shown in the following example:
+.. Review your Ansible inventory file at `/<path>/inventory/hosts` and update its contents so that the {op-system-base} 8 machines are listed in the `[workers]` section, as shown in the following example:
 +
 ----
 [all:vars]
@@ -109,7 +84,10 @@ ansible_user=root
 openshift_kubeconfig_path="~/.kube/config"
 
 [workers]
-mycluster-rhel7-0.example.com
+mycluster-rhel8-0.example.com
+mycluster-rhel8-1.example.com
+mycluster-rhel8-2.example.com
+mycluster-rhel8-3.example.com
 ----
 
 .. Change to the `openshift-ansible` directory:
@@ -131,8 +109,6 @@ $ ansible-playbook -i /<path>/inventory/hosts playbooks/upgrade.yml <1>
 ====
 The `upgrade` playbook only upgrades the {product-title} packages. It does not update the operating system packages.
 ====
-+
-. Follow the process in the previous step to update each {op-system-base} worker machine in your cluster.
 
 . After you update all of the workers, confirm that all of your cluster nodes have updated to the new version:
 +
@@ -148,11 +124,12 @@ NAME                        STATUS                        ROLES    AGE    VERSIO
 mycluster-control-plane-0   Ready                         master   145m   v1.23.0
 mycluster-control-plane-1   Ready                         master   145m   v1.23.0
 mycluster-control-plane-2   Ready                         master   145m   v1.23.0
-mycluster-rhel7-0           NotReady,SchedulingDisabled   worker   98m    v1.23.0
-mycluster-rhel7-1           Ready                         worker   98m    v1.23.0
-mycluster-rhel7-2           Ready                         worker   98m    v1.23.0
-mycluster-rhel7-3           Ready                         worker   98m    v1.23.0
+mycluster-rhel8-0           Ready                         worker   98m    v1.23.0
+mycluster-rhel8-1           Ready                         worker   98m    v1.23.0
+mycluster-rhel8-2           Ready                         worker   98m    v1.23.0
+mycluster-rhel8-3           Ready                         worker   98m    v1.23.0
 ----
+
 . Optional: Update the operating system packages that were not updated by the `upgrade` playbook. To update packages that are not on {product-version}, use the following command:
 +
 [source,terminal]
diff --git a/modules/rhel-images-aws.adoc b/modules/rhel-images-aws.adoc
@@ -40,7 +40,7 @@ This account ID is required to display AMI IDs for images that are provided by R
 
 [NOTE]
 ====
-When creating a {op-system-base} compute machine for AWS, ensure that the AMI is {op-system-base} 8.4.
+When creating a {op-system-base} compute machine for AWS, ensure that the AMI is {op-system-base} 8.4 or 8.5.
 ====
 
 .Example output
diff --git a/modules/rhel-preparing-node.adoc b/modules/rhel-preparing-node.adoc
@@ -68,33 +68,14 @@ Alternatively, disable all repositories:
 +
 Note that this might take a few minutes if you have a large number of available repositories
 
-. Enable only the repositories required by {product-title} {product-version}.
-
-.. For {op-system-base} 7 nodes, you must enable the following repositories:
-+
-[source,terminal]
-----
-# subscription-manager repos \
-    --enable="rhel-7-server-rpms" \
-    --enable="rhel-7-fast-datapath-rpms" \
-    --enable="rhel-7-server-extras-rpms" \
-    --enable="rhel-7-server-optional-rpms" \
-    --enable="rhel-7-server-ose-4.9-rpms"
-----
-+
-[NOTE]
-====
-Use of {op-system-base} 7 nodes is deprecated and planned for removal in a future release of {product-title} 4.
-====
-
-.. For {op-system-base} 8 nodes, you must enable the following repositories:
+. Enable only the repositories required by {product-title} {product-version}:
 +
 [source,terminal]
 ----
 # subscription-manager repos \
     --enable="rhel-8-for-x86_64-baseos-rpms" \
     --enable="rhel-8-for-x86_64-appstream-rpms" \
-    --enable="rhocp-4.9-for-rhel-8-x86_64-rpms" \
+    --enable="rhocp-4.10-for-rhel-8-x86_64-rpms" \
     --enable="fast-datapath-for-rhel-8-x86_64-rpms"
 ----
 
diff --git a/modules/rhel-preparing-playbook-machine.adoc b/modules/rhel-preparing-playbook-machine.adoc
@@ -64,8 +64,9 @@ If you use SSH key-based authentication, you must manage the key with an SSH age
     --enable="rhel-7-server-rpms" \
     --enable="rhel-7-server-extras-rpms" \
     --enable="rhel-7-server-ansible-2.9-rpms" \
-    --enable="rhel-7-server-ose-4.9-rpms"
+    --enable="rhel-7-server-ose-4.10-rpms"
 ----
+// As of OCP 4.10 GA, there are no openshift-ansible el8 packages built for RHEL8, so QE advised that we still run the playbook on RHEL7 machines. 
 
 . Install the required packages, including `openshift-ansible`:
 +
