networking module for CNF-1500 ZTP

Author: aireilly

_topic_map.yml

@@ -2015,8 +2015,8 @@ Topics:
 - Name: Provisioning and deploying a distributed unit (DU)
   File: cnf-provisioning-and-deploying-a-distributed-unit
   Distros: openshift-webscale
-- Name: Zero Touch Provisioning
-  File: ztp-zero-touch-provisioning
+- Name: Deploying distributed units at scale in a disconnected environment
+  File: ztp-deploying-disconnected
   Distros: openshift-webscale
 ---
 Name: Backup and restore

modules/common-attributes.adoc

@@ -26,6 +26,8 @@ endif::[]
 :cloud-redhat-com: Red Hat OpenShift Cluster Manager
 :rh-storage-first: Red Hat OpenShift Container Storage
 :rh-storage: OpenShift Container Storage
+:rh-rhacm-first: Red Hat Advanced Cluster Management (RHACM)
+:rh-rhacm: RHACM
 :sandboxed-containers-first: OpenShift sandboxed containers
 :sandboxed-containers-operator: OpenShift sandboxed containers Operator
 :rh-virtualization-first: Red Hat Virtualization (RHV)

modules/installation-creating-mirror-registry.adoc

@@ -13,6 +13,11 @@ endif::[]
 Create a registry to host the mirrored content that you require for installing
 {product-title}.
 
+[IMPORTANT]
+====
+Deploying a disconnected registry host based on the `docker.io/library/registry:2` API for {product-title} is not officially supported by Red Hat. You can create a mirror host based on the `docker.io/library/registry:2` API with the following unsupported procedure.
+====
+
 ifdef::restricted[]
 For installation in a restricted network, you can place the mirror
 registry on a host that can be accessed from both the your network and

modules/ztp-acm-adding-images-to-mirror-registry.adoc

@@ -0,0 +1,73 @@
+// CNF-1500 ZTP - preparing to install ACM
+// Module included in the following assemblies:
+//
+// scalability_and_performance/ztp-deploying-disconnected.adoc
+[id="ztp-acm-adding-images-to-mirror-registry_{context}"]
+= Adding {op-system} ISO and RootFS images to a disconnected mirror host
+
+Before you install a cluster on infrastructure that you provision, you must create {op-system-first} machines for it to use. Use a disconnected mirror to host the {op-system} images you require to provision your distributed unit (DU) bare-metal hosts.
+
+.Prerequisites
+
+* Deploy and configure a HTTP server to host the {op-system} image resources on the network. You must be able to access the HTTP server from your computer, and from the machines that you create.
+
+[IMPORTANT]
+====
+The {op-system} images might not change with every release of {product-title}. You must download images with the highest version that is less than or equal to the {product-title} version that you install. Use the image versions that match your {product-title} version if they are available. You require ISO and RootFS images to install {op-system} on the DU hosts. {op-system} qcow2 images are not supported for this installation type.
+====
+
+.Procedure
+
+. Log in to the mirror host.
+. Obtain the {op-system} ISO and RootFS images from link:https://mirror.openshift.com/pub/openshift-v4/dependencies/rhcos/pre-release/[mirror.openshift.com], for example:
+
+.. Export the required image names and {product-title} version as environment variables:
++
+[source,terminal]
+----
+$ export ISO_IMAGE_NAME=<iso_image_name> <1>
+----
++
+[source,terminal]
+----
+$ export ROOTFS_IMAGE_NAME=<rootfs_image_name> <2>
+----
++
+[source,terminal]
+----
+$ export OCP_VERSION=<ocp_version> <3>
+----
+<1> ISO image name, for example, `rhcos-4.8.0-fc.9-x86_64-live.x86_64.iso`
+<2> RootFS image name, for example, `rhcos-4.8.0-fc.9-x86_64-live-rootfs.x86_64.img`
+<3> {product-title} version, for example, `latest-4.8`
+
+.. Download the required images:
++
+[source,terminal]
+----
+$ sudo wget https://mirror.openshift.com/pub/openshift-v4/dependencies/rhcos/pre-release/${OCP_VERSION}/${ISO_IMAGE_NAME} -O /var/www/html/${ISO_IMAGE_NAME}
+----
++
+[source,terminal]
+----
+$ sudo wget https://mirror.openshift.com/pub/openshift-v4/dependencies/rhcos/pre-release/${OCP_VERSION}/${ROOTFS_IMAGE_NAME} -O /var/www/html/${ROOTFS_IMAGE_NAME}
+----
+
+.Verification steps
+
+* Verify that the images downloaded successfully and are being served on the disconnected mirror host, for example:
++
+[source,terminal]
+----
+$ wget http://$(hostname)/${ISO_IMAGE_NAME}
+----
++
+.Expected output
++
+[source,terminal]
+----
+...
+Saving to: rhcos-4.8.0-fc.9-x86_64-live.x86_64.iso
+rhcos-4.8.0-fc.8-x86_64-  11%[====>    ]  10.01M  4.71MB/s
+...
+----

modules/ztp-acm-installing-disconnected-rhacm.adoc

@@ -0,0 +1,19 @@
+// Module included in the following assemblies:
+//
+// scalability_and_performance/ztp-deploying-disconnected.adoc
+
+[id="installing-disconnected-rhacm_{context}"]
+= Installing Red Hat Advanced Cluster Management in a disconnected environment
+
+You use {rh-rhacm-first} on a hub cluster in the disconnected environment to manage the deployment of distributed unit (DU) profiles on multiple managed spoke clusters.
+
+.Prerequisites
+
+* Install the {product-title} CLI (`oc`).
+* Log in as a user with `cluster-admin` privileges.
+* Configure a disconnected mirror registry for use in the cluster.
+* Enable the disconnected Operator Lifecycle Manager (OLM). {rh-rhacm} is included in the OLM Red Hat Operator catalog. Follow the steps in xref:../operators/admin/olm-restricted-networks.adoc[Using Operator Lifecycle Manager on restricted networks].
+
+.Procedure
+
+* Install {rh-rhacm} on the hub cluster in the disconnected environment. See link:https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.2/html/install/installing#installing-in-a-disconnected-environment[Installing {rh-rhacm} in a disconnected environment].

modules/ztp-acm-preparing-to-install-disconnected-acm.adoc

@@ -0,0 +1,13 @@
+// CNF-1500 ZTP - preparing to install ACM
+// Module included in the following assemblies:
+//
+// scalability_and_performance/ztp-deploying-disconnected.adoc
+[id="ztp-acm-preparing-to-install-disconnected-acm_{context}"]
+= Preparing the disconnected environment
+
+Before you can provision distributed units (DU) at scale, you must install {rh-rhacm-first}, which handles the provisioning of the DUs.
+
+{rh-rhacm} is deployed as an Operator on the {product-title} hub cluster. It controls clusters and applications from a single console with built-in security policies. {rh-rhacm} provisions and manage your DU hosts. To install {rh-rhacm} in a disconnected environment, you create a mirror registry that mirrors the Operator Lifecycle Manager (OLM) catalog that contains the required Operator images. OLM manages, installs, and upgrades Operators and their dependencies in the cluster.
+
+You also use a disconnected mirror host to serve the {op-system} ISO and RootFS disk images that provision the DU bare-metal host operating system.
+

modules/ztp-du-host-bios-requirements.adoc

@@ -0,0 +1,73 @@
+// CNF-1500 ZTP
+// Module included in the following assemblies:
+//
+// scalability_and_performance/ztp-deploying-disconnected.adoc
+
+[id="configuring_bios_for_du_hosts_{context}"]
+= Configuring BIOS for distributed unit bare-metal hosts
+
+Distributed unit (DU) hosts require the BIOS to be configured before the host can be provisioned. The BIOS configuration is dependent on the specific hardware that runs your DUs and the particular requirements of your installation.
+
+[IMPORTANT]
+====
+In this Developer Preview release, configuration and tuning of BIOS for DU bare-metal host machines is the responsibility of the customer. Automatic setting of BIOS is not handled by the zero touch provisioning workflow.
+====
+
+.Procedure
+
+. Set the *UEFI/BIOS Boot Mode* to `UEFI`.
+. In the host boot sequence order, set *Hard drive first*.
+. Apply the specific BIOS configuration for your hardware. The following table describes a representative BIOS configuration for an Intel Xeon Skylake or Intel Cascade Lake server, based on the Intel FlexRAN 4G and 5G baseband PHY reference design.
++
+[IMPORTANT]
+====
+The exact BIOS configuration depends on your specific hardware and network requirements. The following sample configuration is for illustrative purposes only.
+====
++
+.Sample BIOS configuration for an Intel Xeon Skylake or Cascade Lake server
+[cols=2*, width="90%", options="header"]
+|====
+|BIOS Setting
+|Configuration
+
+|CPU Power and Performance Policy
+|Performance
+
+|Uncore Frequency Scaling
+|Disabled
+
+|Performance P-limit
+|Disabled
+
+|Enhanced Intel SpeedStep (R) Tech
+|Enabled
+
+|Intel Configurable TDP
+|Enabled
+
+|Configurable TDP Level
+|Level 2
+
+|Intel(R) Turbo Boost Technology
+|Enabled
+
+|Energy Efficient Turbo
+|Disabled
+
+|Hardware P-States
+|Disabled
+
+|Package C-State
+|C0/C1 state
+
+|C1E
+|Disabled
+
+|Processor C6
+|Disabled
+|====
+
+[NOTE]
+====
+Enable global SR-IOV and VT-d settings in the BIOS for the host. These settings are relevant to bare-metal environments.
+====

modules/ztp-du-host-networking-requirements.adoc

@@ -0,0 +1,125 @@
+// CNF-1500 ZTP
+// Module included in the following assemblies:
+//
+// scalability_and_performance/ztp-deploying-disconnected.adoc
+
+[id="ztp-du-host-networking-requirements_{context}"]
+= Distributed unit host networking requirements
+
+The following tables provide a high level overview of the networking information and custom resources required by {rh-rhacm-first} to provision a DU bare-metal host:
+
+.Required `AgentClusterInstall` networking fields
+[cols="2,4", width="90%", options="header"]
+|====
+|Field
+|Description
+
+|`imageSetRef`
+| Installer image used to install {product-title} on the DU.
+
+|`clusterNetwork`
+| Used to allocate an IPv4 or IPv6 IP address to each node. Ensure there is no overlap with `serviceNetwork`.
+
+|`serviceNetwork`
+| Block of IPv4 or IPv6 IP addresses used for cluster services internal communication in {product-title}.  Ensure there is no overlap with `clusterNetwork`.
+
+|`machineNetwork`
+| Represents the network range for external communication. Also used to determine the API and Ingress VIP addresses for provisioning the cluster.
+|====
+
+[NOTE]
+====
+Do not specify API and Ingress VIP addresses for DU single node clusters. Instead, when the host is provisioned by the assisted installer service, the `machineNetwork` field in the `AgentClusterInstall` CR is used to determine the API and Ingress VIP addresses.
+====
+
+.Required `ClusterDeployment` networking fields
+[cols="2,4", width="90%", options="header"]
+|====
+|Field
+|Description
+
+|`baseDomain`
+|Base domain for the hub cluster managing the individual DU single node clusters.
+
+|`sshPrivateKeySecretRef`
+|SSH private key for secure transactions with the single node cluster DU.
+
+|`pullSecretRef`
+|Pull secret for secure installation on the DU host.
+|====
+
+.Required `BareMetalHost` networking fields
+[cols="2,4", width="90%", options="header"]
+|====
+|Field
+|Description
+
+|`bmc`
+|BMC address and BMC username and password credentials.
+
+|`bootMACAddress`
+|Boot MAC address for the bare-metal host.
+
+|`bmac.agent-install.openshift.io/hostname`
+|Optional: Configures the cluster hostname. If this field is not used, a hostname is allocated by the cluster DHCP server.
+
+|`spec.bmc.address`
+|Location of the installation ISO.
+
+|`spec.bmc.credentialsName`
+|Name of the `bmcCredentials` secret used to access the ISO image.
+
+|`userData.bootkey`
+|Reference to the `Secret` containing the user data to be passed to the host before it boots from the ISO image.
+
+|====
+
+.Required `InfraEnv` networking fields
+[cols="2,4", width="90%", options="header"]
+|====
+|Field
+|Description
+
+|`additionalNTPSources`
+|IP address for a Network Time Protocol (NTP) server. NTP is required to ensure that the certificates are installed correctly on the DU host. The NTP server is only required during provisioning.
+
+|`pullSecretRef`
+|Name of the pull secret created for the DU host.
+
+|====
+
+.Required `NMStateConfig` networking fields
+[cols="2,4", width="90%", options="header"]
+|====
+|Field
+|Description
+
+|`dns-resolver`
+|Target cluster DNS server.
+
+|`interfaces`
+|Configures `eno1` for IPv4 and IPv6 connectivity.
+
+|`Routes`
+|Configures the default route for the target cluster.
+
+|`mac-address`
+|Target bare-metal host MAC address. Must match the MAC address specified in the `BareMetalHost` custom resource (CR).
+
+|`ip-address`
+|Target bare-metal host static IP address.
+
+|`public-network-prefix`
+|Bare-metal host static IP address subnet.
+
+|`gateway`
+|Target bare-metal host gateway.
+
+|`Interfaces`
+|Target bare-metal host interface name and MAC address.
+|====
+
+[NOTE]
+====
+`NMStateConfig` is an optional resource. Use `NMStateConfig` to configure network bonding for a pair of NICs, use a concrete VLAN, or to declare a static IP for the DU host. Each `NMState` profile has a one-to-one relationship with a related `InfraEnv` ISO profile used for installing {product-title} on the host. If used, the `NMStateConfig` resource must be created before the `ClusterDeployment` resource. The `NMStateConfig` resource is not required if DHCP is enabled for the cluster network.
+====

modules/ztp-provisioning-edge-sites-at-scale.adoc

@@ -0,0 +1,14 @@
+// Module included in the following assemblies:
+//
+// scalability_and_performance/ztp-deploying-disconnected.adoc
+
+[id="provisioning-edge-sites-at-scale_{context}"]
+= Provisioning edge sites at scale
+
+Telco edge computing presents extraordinary challenges with managing hundreds to tens of thousands of clusters in hundreds of thousands of locations. These challenges require fully-automated management solutions with, as closely as possible, zero human interaction.
+
+Zero touch provisioning (ZTP) allows you to provision new edge sites with declarative configurations of bare-metal equipment at remote sites. Template or overlay configurations install {product-title} features that are required for CNF workloads. End-to-end functional test suites are used to verify CNF related features. All configurations are declarative in nature.
+
+You start the workflow by creating declarative configurations for ISO images that are delivered to the edge nodes to begin the installation process. The images are used to repeatedly provision large numbers of nodes efficiently and quickly, allowing you keep up with requirements from the field for far edge nodes.
+
+Service providers are deploying a more distributed mobile network architecture allowed by the modular functional framework defined for 5G. This allows service providers to move from appliance-based radio access networks (RAN) to open cloud RAN architecture, gaining flexibility and agility in delivering services to end users.

modules/ztp-site-planning-for-du-deployments.adoc

@@ -0,0 +1,20 @@
+// Module included in the following assemblies:
+//
+// scalability_and_performance/ztp-deploying-disconnected.adoc
+
+[id="ztp-site-planning-for-du-deployments_{context}"]
+= Site planning considerations for distributed unit deployments
+
+Site planning for distributed units (DU) deployments is complex. The following is an overview of the tasks that you complete before the DU hosts are brought online in the production environment.
+
+* Develop a network model. The network model depends on various factors such as the size of the area of coverage, number of hosts, projected traffic load, DNS, and DHCP requirements.
+* Decide how many DU radio nodes are required to provide sufficient coverage and redundancy for your network.
+* Develop mechanical and electrical specifications for the DU host hardware.
+* Develop a construction plan for individual DU site installations.
+* Tune host BIOS settings for production, and deploy the BIOS configuration to the hosts.
+* Install the equipment on-site, connect hosts to the network, and apply power.
+* Configure on-site switches and routers.
+* Perform basic connectivity tests for the host machines.
+* Establish production network connectivity, and verify host connections to the network.
+* Provision and deploy on-site DU hosts at scale.
+* Test and verify on-site operations, performing load and scale testing of the DU hosts before finally bringing the DU infrastructure online in the live production environment.