Merge pull request #31853 from johnwilkins/TELCODOCS-115

ahardin-rh · web-flow · commit a08eac2a183a · 2021-04-23T14:45:29.000-04:00
Added modules for configuring NTP for use with disconnected clusters.
diff --git a/_topic_map.yml b/_topic_map.yml
@@ -220,6 +220,8 @@ Topics:
     File: ipi-install-prerequisites
   - Name: Setting up the environment for an OpenShift installation
     File: ipi-install-installation-workflow
+  - Name: Post-installation configuration
+    File: ipi-install-post-installation-configuration
   - Name: Expanding the cluster
     File: ipi-install-expanding-the-cluster
   - Name: Troubleshooting
diff --git a/installing/installing_bare_metal_ipi/images/152_OpenShift_Config_NTP_0421.svg b/installing/installing_bare_metal_ipi/images/152_OpenShift_Config_NTP_0421.svg
@@ -0,0 +1 @@
+<svg id="b9689a03-efeb-4d6f-9bea-8a3e30e69606" data-name="artwork" xmlns="http://www.w3.org/2000/svg" width="760" height="320.394"><defs><style>.a22994db-289b-4546-9d86-01e950191c79,.a2e6a53e-6fa6-4036-b047-8628628205ca,.a7b16e91-0345-4b19-b58c-87a3571c57e6,.bbe0634a-fdec-41ec-8eb4-4830674a5143,.bbff3ec2-11ac-4ccb-9b51-004ae65b81c2,.e886720c-6aaa-4577-babe-9072294f859a{fill:none}.e886720c-6aaa-4577-babe-9072294f859a,.f985766a-82d7-4ac9-b291-cc589cfd52ee{stroke:#06c}.a22994db-289b-4546-9d86-01e950191c79,.a2e6a53e-6fa6-4036-b047-8628628205ca,.a7b16e91-0345-4b19-b58c-87a3571c57e6,.bbe0634a-fdec-41ec-8eb4-4830674a5143,.bbff3ec2-11ac-4ccb-9b51-004ae65b81c2,.bd9e4dc6-8f67-449a-ad2a-ede3d6ae86c3,.e886720c-6aaa-4577-babe-9072294f859a,.f985766a-82d7-4ac9-b291-cc589cfd52ee{stroke-linecap:round;stroke-linejoin:round}.bbe0634a-fdec-41ec-8eb4-4830674a5143,.bbff3ec2-11ac-4ccb-9b51-004ae65b81c2,.e886720c-6aaa-4577-babe-9072294f859a,.f985766a-82d7-4ac9-b291-cc589cfd52ee{stroke-width:2px}.af1e998d-46ff-4e39-938d-c099ff6ad944,.b372db49-6618-49aa-929b-1340e4334cef{font-size:11px}.af1e998d-46ff-4e39-938d-c099ff6ad944,.b372db49-6618-49aa-929b-1340e4334cef,.b5cb3d70-9c54-480b-873e-a82c6e6980ba,.ba2cc54e-3235-48fe-8719-3a4baeffcefe{fill:#151515}.af1e998d-46ff-4e39-938d-c099ff6ad944{font-family:RedHatText,&quot;Red Hat Text&quot;,Overpass,&quot;Helvetica Neue&quot;,Arial,sans-serif;font-weight:500}.bbff3ec2-11ac-4ccb-9b51-004ae65b81c2{stroke:#4cb6d6}.a2e6a53e-6fa6-4036-b047-8628628205ca,.a7b16e91-0345-4b19-b58c-87a3571c57e6{stroke:#151515}.a7b16e91-0345-4b19-b58c-87a3571c57e6{stroke-dasharray:3.3 3.3}.a1a353d1-c4d7-4cac-a580-f31b1c364c87,.bd9e4dc6-8f67-449a-ad2a-ede3d6ae86c3,.f985766a-82d7-4ac9-b291-cc589cfd52ee{fill:#fff}.f260d0b4-2416-4bde-8908-cdc1a8975fc5{fill:#e8e8e8}.b372db49-6618-49aa-929b-1340e4334cef,.b5cb3d70-9c54-480b-873e-a82c6e6980ba{font-family:RedHatText,&quot;Red Hat Text&quot;,Overpass,&quot;Helvetica Neue&quot;,Arial,sans-serif}.b5cb3d70-9c54-480b-873e-a82c6e6980ba{font-size:12px;font-weight:700}.b372db49-6618-49aa-929b-1340e4334cef{font-style:italic}.a22994db-289b-4546-9d86-01e950191c79,.bbe0634a-fdec-41ec-8eb4-4830674a5143,.bd9e4dc6-8f67-449a-ad2a-ede3d6ae86c3{stroke:#5b5b5b}.a22994db-289b-4546-9d86-01e950191c79,.bd9e4dc6-8f67-449a-ad2a-ede3d6ae86c3{stroke-width:1.5px}</style></defs><path class="e886720c-6aaa-4577-babe-9072294f859a" d="M0 164.017h760"/><text class="af1e998d-46ff-4e39-938d-c099ff6ad944" transform="translate(0 156.849)">Baremetal network</text><path class="e886720c-6aaa-4577-babe-9072294f859a" d="M145.736 119.017v45"/><path class="bbff3ec2-11ac-4ccb-9b51-004ae65b81c2" d="M145.736 38.672v45"/><path class="e886720c-6aaa-4577-babe-9072294f859a" d="M495.553 119.017v2"/><path stroke-dasharray="3.727 3.727" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" stroke="#06c" fill="none" d="M495.553 124.745v35.409"/><path class="e886720c-6aaa-4577-babe-9072294f859a" d="M495.553 162.017v2"/><path class="bbff3ec2-11ac-4ccb-9b51-004ae65b81c2" d="M495.553 39.493v2"/><path stroke-dasharray="3.727 3.727" stroke="#4cb6d6" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" fill="none" d="M495.553 45.22v35.409"/><path class="bbff3ec2-11ac-4ccb-9b51-004ae65b81c2" d="M495.553 82.493v2M0 38.672h760"/><text class="af1e998d-46ff-4e39-938d-c099ff6ad944" transform="translate(.5 31.504)">Internet access</text><path stroke="#fff" stroke-width="8" stroke-linecap="round" stroke-linejoin="round" fill="none" d="M290.986 173.726V207"/><path class="a2e6a53e-6fa6-4036-b047-8628628205ca" d="M290.986 173.726v1.5"/><path class="a7b16e91-0345-4b19-b58c-87a3571c57e6" d="M290.986 178.526v18.148"/><path class="a2e6a53e-6fa6-4036-b047-8628628205ca" d="M290.986 198.324v1.5"/><path class="ba2cc54e-3235-48fe-8719-3a4baeffcefe" d="M285.999 198.365l4.987 8.635 4.986-8.635h-9.973z"/><circle class="f985766a-82d7-4ac9-b291-cc589cfd52ee" cx="290.986" cy="163.371" r="9.355"/><text class="af1e998d-46ff-4e39-938d-c099ff6ad944" transform="translate(262.001 148.016)">Ingress VIP</text><path class="a2e6a53e-6fa6-4036-b047-8628628205ca" d="M220.986 173.726v1.5"/><path class="a7b16e91-0345-4b19-b58c-87a3571c57e6" d="M220.986 178.526v18.148"/><path class="a2e6a53e-6fa6-4036-b047-8628628205ca" d="M220.986 198.324v1.5"/><path class="ba2cc54e-3235-48fe-8719-3a4baeffcefe" d="M215.999 198.365l4.987 8.635 4.986-8.635h-9.973z"/><circle class="f985766a-82d7-4ac9-b291-cc589cfd52ee" cx="220.986" cy="163.371" r="9.355"/><text class="af1e998d-46ff-4e39-938d-c099ff6ad944" transform="translate(201.566 148.016)">API VIP</text><path class="e886720c-6aaa-4577-babe-9072294f859a" d="M495.486 164.017V209.5"/><path class="f260d0b4-2416-4bde-8908-cdc1a8975fc5" d="M145.486 209.5h221V303h-221z"/><text class="b5cb3d70-9c54-480b-873e-a82c6e6980ba" transform="translate(160.486 234.604)"><tspan>Control plane nodes x3</tspan></text><path class="f260d0b4-2416-4bde-8908-cdc1a8975fc5" d="M384.986 209.5h221V303h-221z"/><text class="b5cb3d70-9c54-480b-873e-a82c6e6980ba" transform="translate(399.986 234.604)"><tspan>Worker nodes xN</tspan></text><path class="a1a353d1-c4d7-4cac-a580-f31b1c364c87" d="M160.486 250h191v38h-191z"/><text class="af1e998d-46ff-4e39-938d-c099ff6ad944" transform="translate(225.835 272.047)">NTP server</text><g><path class="a1a353d1-c4d7-4cac-a580-f31b1c364c87" d="M399.986 250h191v38h-191z"/><text class="af1e998d-46ff-4e39-938d-c099ff6ad944" transform="translate(468.536 272.047)">NTP client</text></g><text class="b372db49-6618-49aa-929b-1340e4334cef" transform="translate(519.106 63.988)">Optional</text><path class="a2e6a53e-6fa6-4036-b047-8628628205ca" d="M516.65 60.446l-19.097 9.749"/><text class="b372db49-6618-49aa-929b-1340e4334cef" transform="translate(519.106 142.488)">Optional</text><path class="a2e6a53e-6fa6-4036-b047-8628628205ca" d="M516.65 138.946l-19.097 9.749"/><g><text transform="translate(668.802 303.411)" font-size="10" fill="#f3f3f3" font-family="RedHatText,&quot;Red Hat Text&quot;,Overpass,&quot;Helvetica Neue&quot;,Arial,sans-serif">152_OpenShift_0421</text><path fill="none" d="M0 280.394h760v40H0z"/></g><g><text class="af1e998d-46ff-4e39-938d-c099ff6ad944" transform="translate(443.739 114.838)">External NTP server</text><path class="bd9e4dc6-8f67-449a-ad2a-ede3d6ae86c3" d="M477.036 83.993h36.898v14.25h-36.898z"/><path class="bbe0634a-fdec-41ec-8eb4-4830674a5143" d="M508.048 90.975"/><path class="a22994db-289b-4546-9d86-01e950191c79" d="M482.673 91.1h8.716"/></g><g><text class="af1e998d-46ff-4e39-938d-c099ff6ad944" transform="translate(127.96 114.017)">Router</text><path class="bd9e4dc6-8f67-449a-ad2a-ede3d6ae86c3" d="M127.287 83.172h36.898v14.25h-36.898z"/><path class="bbe0634a-fdec-41ec-8eb4-4830674a5143" d="M158.298 90.154"/><path class="a22994db-289b-4546-9d86-01e950191c79" d="M137.281 93.137v-5.841M133.054 93.137v-5.841M141.509 93.137v-5.841M145.736 93.137v-5.841"/></g></svg>
diff --git a/installing/installing_bare_metal_ipi/ipi-install-post-installation-configuration.adoc b/installing/installing_bare_metal_ipi/ipi-install-post-installation-configuration.adoc
@@ -0,0 +1,8 @@
+[id="ipi-install-post-installation-configuration"]
+= Installer-provisioned post-installation configuration
+include::modules/common-attributes.adoc[]
+:context: ipi-install-post-installation-configuration
+
+After successfully deploying an installer-provisioned cluster, consider the following post-installation procedures.
+
+include::modules/ipi-install-configuring-ntp-for-disconnected-clusters.adoc[leveloffset=+1]
diff --git a/installing/installing_bare_metal_ipi/ipi-install-prerequisites.adoc b/installing/installing_bare_metal_ipi/ipi-install-prerequisites.adoc
@@ -2,7 +2,7 @@
 = Prerequisites
 include::modules/common-attributes.adoc[]
 :context: ipi-install-prerequisites
-:release: 4.7
+:release: 4.8
 
 toc::[]
 
diff --git a/modules/ipi-install-configuring-ntp-for-disconnected-clusters.adoc b/modules/ipi-install-configuring-ntp-for-disconnected-clusters.adoc
@@ -0,0 +1,227 @@
+// This is included in the following assemblies:
+//
+// ipi-install-post-installation-configuration.adoc
+[id='configuring-ntp-for-disconnected-clusters_{context}']
+
+= Configuring NTP for disconnected clusters
+
+{product-title} installs the `chrony` Network Time Protocol (NTP) service on the cluster nodes. After successfully deploying an installer-provisioned disconnected cluster, configure NTP servers on the control plane nodes, and configure worker nodes as NTP clients of the control plane nodes.
+
+image::152_OpenShift_Config_NTP_0421.svg[Configuring NTP for disconnected clusters]
+
+{product-title} nodes must agree on a date and time to run properly. When worker nodes retrieve the date and time from the NTP servers on the control plane nodes, it enables the installation and operation of clusters that are not connected to a routable network and thereby do not have access to a higher stratum NTP server.
+
+.Procedure
+
+. Create a `~/control-plane-chrony.conf` configuration file for the control plane nodes.
++
+[source,bash]
+.Configuration file example
+----
+# Use public servers from the pool.ntp.org project.
+# Please consider joining the pool (https://www.pool.ntp.org/join.html).
+
+# This file is managed by the machine config operator
+server openshift-master-0.<cluster-name>.<domain> iburst <1>
+server openshift-master-1.<cluster-name>.<domain> iburst
+server openshift-master-2.<cluster-name>.<domain> iburst
+
+stratumweight 0
+driftfile /var/lib/chrony/drift
+rtcsync
+makestep 10 3
+bindcmdaddress 127.0.0.1
+bindcmdaddress ::1
+keyfile /etc/chrony.keys
+commandkey 1
+generatecommandkey
+noclientlog
+logchange 0.5
+logdir /var/log/chrony
+
+# Configure the control plane nodes to serve as local NTP servers
+# for all worker nodes, even if they are not in sync with an
+# upstream NTP server.
+
+# Allow NTP client access from the local network.
+allow all
+# Serve time even if not synchronized to a time source.
+local stratum 3 orphan
+----
++
+Where:
++
+<1> You must replace `<cluster-name>` with the name of the cluster and replace `<domain>` with the fully qualified domain name.
+
+. Create a `~/worker-chrony.conf` configuration file for the worker nodes such that worker nodes reference the NTP servers on the control plane nodes.
++
+[source,bash]
+.Configuration file example
+----
+# This file is managed by the machine config operator
+server openshift-master-0.<cluster-name>.<domain> iburst <1>
+server openshift-master-1.<cluster-name>.<domain> iburst
+server openshift-master-2.<cluster-name>.<domain> iburst
+
+stratumweight 0
+driftfile /var/lib/chrony/drift
+rtcsync
+makestep 10 3
+bindcmdaddress 127.0.0.1
+bindcmdaddress ::1
+keyfile /etc/chrony.keys
+commandkey 1
+generatecommandkey
+noclientlog
+logchange 0.5
+logdir /var/log/chrony
+----
++
+Where:
++
+<1> You must replace `<cluster-name>` with the name of the cluster and replace `<domain>` with the fully qualified domain name.
+
+. Create a `~/ntp-server.yaml` configuration file for telling the Machine Configuration Operator to apply the `~/control-plane-chrony.conf` settings to the NTP servers on the control plane nodes.
++
+[source,bash]
+.Configuration file example
+----
+# This example MachineConfig replaces ~/control-plane-chrony.conf
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+metadata:
+  labels:
+    machineconfiguration.openshift.io/role: master
+  name: 99-master-etc-chrony-conf-override-to-server
+spec:
+  config:
+    ignition:
+      version: 2.2.0
+    storage:
+      files:
+        - contents:
+            source: data:text/plain;charset=utf-8;base64,BASE64ENCODEDCONFIGFILE<1>
+          filesystem: root
+          mode: 0644
+          path: /etc/control-plane-chrony.conf
+----
++
+Where:
++
+<1> You must replace the `BASE64ENCODEDCONFIGFILE` string with the base64-encoded string of the `~/control-plane-chrony.conf` file in the subsequent step.
+
+. Generate a base64 string of the `~/control-plane-chrony.conf` file.
++
+[source,bash]
+----
+$ base64 ~/control-plane-chrony.conf
+----
++
+[source,bash]
+.Example output
+----
+IyBVc2UgcHVibGljIHNlcnZlcnMgZnJvbSB0aGUgcG9vbC5udHAub3JnIHByb2plY3QuCiMgUGxl
+YXNlIGNvbnNpZGVyIGpvaW5pbmcgdGhlIHBvb2wgKGh0dHBzOi8vd3d3LnBvb2wubnRwLm9yZy9q
+b2luLmh0bWwpLgoKIyBUaGlzIGZpbGUgaXMgbWFuYWdlZCBieSB0aGUgbWFjaGluZSBjb25maWcg
+b3BlcmF0b3IKc2VydmVyIG9wZW5zaGlmdC1tYXN0ZXItMC48Y2x1c3Rlci1uYW1lPi48ZG9tYWlu
+PiBpYnVyc3QKc2VydmVyIG9wZW5zaGlmdC1tYXN0ZXItMS48Y2x1c3Rlci1uYW1lPi48ZG9tYWlu
+PiBpYnVyc3QKc2VydmVyIG9wZW5zaGlmdC1tYXN0ZXItMi48Y2x1c3Rlci1uYW1lPi48ZG9tYWlu
+PiBpYnVyc3QKCnN0cmF0dW13ZWlnaHQgMApkcmlmdGZpbGUgL3Zhci9saWIvY2hyb255L2RyaWZ0
+CnJ0Y3N5bmMKbWFrZXN0ZXAgMTAgMwpiaW5kY21kYWRkcmVzcyAxMjcuMC4wLjEKYmluZGNtZGFk
+ZHJlc3MgOjoxCmtleWZpbGUgL2V0Yy9jaHJvbnkua2V5cwpjb21tYW5ka2V5IDEKZ2VuZXJhdGVj
+b21tYW5ka2V5Cm5vY2xpZW50bG9nCmxvZ2NoYW5nZSAwLjUKbG9nZGlyIC92YXIvbG9nL2Nocm9u
+eQoKIyBDb25maWd1cmUgdGhlIGNvbnRyb2wgcGxhbmUgbm9kZXMgdG8gc2VydmUgYXMgbG9jYWwg
+TlRQIHNlcnZlcnMKIyBmb3IgYWxsIHdvcmtlciBub2RlcywgZXZlbiBpZiB0aGV5IGFyZSBub3Qg
+aW4gc3luYyB3aXRoIGFuCiMgdXBzdHJlYW0gTlRQIHNlcnZlci4KCiMgQWxsb3cgTlRQIGNsaWVu
+dCBhY2Nlc3MgZnJvbSB0aGUgbG9jYWwgbmV0d29yay4KYWxsb3cgYWxsCiMgU2VydmUgdGltZSBl
+dmVuIGlmIG5vdCBzeW5jaHJvbml6ZWQgdG8gYSB0aW1lIHNvdXJjZS4KbG9jYWwgc3RyYXR1bSAz
+IG9ycGhhbgo=
+----
++
+Replace the `BASE64ENCODEDCONFIGFILE` string in the `~/ntp-server.yaml` with the base64-encoded string.
+
+. Apply the `ntp-server.yaml` policy to the control plane nodes.
++
+[source,bash]
+----
+$ oc apply -f ~/ntp-server.yaml
+----
++
+[source,bash]
+.Example output
+----
+machineconfig.machineconfiguration.openshift.io/99-master-etc-chrony-conf-override-for-server created
+----
+
+. Create a `~/ntp-client.yaml` configuration file for telling the Machine Configuration Operator to apply the `~/worker-chrony.conf` settings to the NTP clients on the worker nodes.
++
+[source,bash]
+.Configuration file example
+----
+# This example MachineConfig replaces ~/worker-chrony.conf
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+metadata:
+  labels:
+    machineconfiguration.openshift.io/role: worker
+  name: 99-master-etc-chrony-conf-override-for-worker
+spec:
+  config:
+    ignition:
+      version: 2.2.0
+    storage:
+      files:
+        - contents:
+            source: data:text/plain;charset=utf-8;base64,BASE64ENCODEDCONFIGFILE<1>
+          filesystem: root
+          mode: 0644
+          path: /etc/worker-chrony.conf
+----
++
+Where:
++
+<1> You must replace the `BASE64ENCODEDCONFIGFILE` string with the base64-encoded string of the `~/worker-chrony.conf` file in the subsequent step.
+
+
+. Generate a base64-encoded string of the `~/worker-chrony.conf` file.
++
+[source,bash]
+----
+$ base64 ~/worker-chrony.conf
+----
++
+[source,bash]
+.Example output
+----
+IyBUaGlzIGZpbGUgaXMgbWFuYWdlZCBieSB0aGUgbWFjaGluZSBjb25maWcgb3BlcmF0b3IKc2Vy
+dmVyIG9wZW5zaGlmdC1tYXN0ZXItMC48Y2x1c3Rlci1uYW1lPi48ZG9tYWluPiBpYnVyc3QKc2Vy
+dmVyIG9wZW5zaGlmdC1tYXN0ZXItMS48Y2x1c3Rlci1uYW1lPi48ZG9tYWluPiBpYnVyc3QKc2Vy
+dmVyIG9wZW5zaGlmdC1tYXN0ZXItMi48Y2x1c3Rlci1uYW1lPi48ZG9tYWluPiBpYnVyc3QKCnN0
+cmF0dW13ZWlnaHQgMApkcmlmdGZpbGUgL3Zhci9saWIvY2hyb255L2RyaWZ0CnJ0Y3N5bmMKbWFr
+ZXN0ZXAgMTAgMwpiaW5kY21kYWRkcmVzcyAxMjcuMC4wLjEKYmluZGNtZGFkZHJlc3MgOjoxCmtl
+eWZpbGUgL2V0Yy9jaHJvbnkua2V5cwpjb21tYW5ka2V5IDEKZ2VuZXJhdGVjb21tYW5ka2V5Cm5v
+Y2xpZW50bG9nCmxvZ2NoYW5nZSAwLjUKbG9nZGlyIC92YXIvbG9nL2Nocm9ueQo=
+----
++
+Replace the `BASE64ENCODEDCONFIGFILE` string in the `~/ntp-client.yaml` file with the base64-encoded string.
+
+
+. Apply the `~/ntp-client.yaml` policy to the worker nodes.
++
+[source,bash]
+----
+$ oc apply -f ~/worker-chrony.conf
+----
++
+[source,bash]
+.Example output
+----
+machineconfig.machineconfiguration.openshift.io/99-master-etc-chrony-conf-override-for-worker created
+----
+
+. Check the status of the applied NTP settings.
++
+[source,bash]
+----
+$ oc describe machineconfigpool
+----
diff --git a/modules/ipi-install-network-requirements.adoc b/modules/ipi-install-network-requirements.adoc
