Merge pull request #28522 from emarcusRH/OCPRHV-416

OCPRHV-416 new chap - Cluster setup on RHV in a restricted network

Author: codyhoag

_topic_map.yml

@@ -277,6 +277,8 @@ Topics:
     File: installing-rhv-customizations
   - Name: Installing a cluster on RHV with user-provisioned infrastructure
     File: installing-rhv-user-infra
+  - Name: Installing a cluster on RHV in a restricted network
+    File: installing-rhv-restricted-network
   - Name: Uninstalling a cluster on RHV
     File: uninstalling-cluster-rhv
 - Name: Installing on oVirt
@@ -1045,7 +1047,7 @@ Topics:
     File: persistent-storage-csi-cinder
   - Name: OpenStack Manila CSI Driver Operator
     File: persistent-storage-csi-manila
-  - Name: Red Hat Virtualization (oVirt) CSI Driver Operator
+  - Name: Red Hat Virtualization CSI Driver Operator
     File: persistent-storage-csi-ovirt
 - Name: Expanding persistent volumes
   File: expanding-persistent-volumes

installing/installing_rhv/installing-rhv-restricted-network.adoc

@@ -0,0 +1,82 @@
+[id="installing-rhv-restricted-network_{context}"]
+= Installing a cluster on {rh-virtualization} in a restricted network
+include::modules/common-attributes.adoc[]
+:context: installing-rhv-restricted-network
+
+toc::[]
+
+In {product-title} version {product-version}, you can install a
+customized {product-title} cluster on {rh-virtualization-first} in a restricted network by creating an internal mirror of the installation release content.
+
+== Prerequisites
+
+The following items are required to install an {product-title} cluster on a {rh-virtualization} environment.
+
+* You have a supported combination of versions in the link:https://access.redhat.com/articles/5485861[Support Matrix for {product-title} on {rh-virtualization}].
+* You are familiar with the xref:../../architecture/architecture-installation.adoc#architecture-installation[{product-title} installation and update] processes.
+* xref:../../installing/install_config/installing-restricted-networks-preparations.adoc#installing-restricted-networks-preparations[Create a registry on your mirror host] and obtain the `imageContentSources` data for your version of {product-title}.
++
+[IMPORTANT]
+====
+Because the installation media is on the mirror host, you can use that computer
+to complete all installation steps.
+====
+* Provision
+xref:../../storage/understanding-persistent-storage.adoc#understanding-persistent-storage[persistent storage] for your cluster. To deploy a private image registry, your storage must provide ReadWriteMany access modes.
+* Review details about the xref:../../architecture/architecture-installation.adoc#architecture-installation[{product-title} installation and update] processes.
+* If you use a firewall and plan to use telemetry, you must xref:../../installing/install_config/configuring-firewall.adoc#configuring-firewall[configure the firewall to allow the sites] that your cluster requires access to.
++
+[NOTE]
+====
+Be sure to also review this site list if you are configuring a proxy.
+====
+
+include::modules/installation-about-restricted-network.adoc[leveloffset=+1]
+
+include::modules/cluster-entitlements.adoc[leveloffset=+1]
+
+include::modules/installing-rhv-requirements.adoc[leveloffset=+1]
+
+include::modules/installing-rhv-verifying-rhv-environment.adoc[leveloffset=+1]
+
+include::modules/installation-network-user-infra.adoc[leveloffset=+1]
+
+include::modules/installation-dns-user-infra.adoc[leveloffset=+1]
+
+include::modules/installing-rhv-setting-up-installation-machine.adoc[leveloffset=+1]
+
+include::modules/installing-rhv-setting-up-ca-certificate.adoc[leveloffset=+1]
+
+include::modules/ssh-agent-using.adoc[leveloffset=+1]
+
+include::modules/installation-rhv-downloading-ansible-playbooks.adoc[leveloffset=+1]
+
+include::modules/installation-rhv-about-inventory-yml.adoc[leveloffset=+1]
+
+include::modules/installation-rhv-specifying-rhcos-image-settings.adoc[leveloffset=+1]
+
+include::modules/installation-rhv-creating-install-config-file.adoc[leveloffset=+1]
+
+include::modules/installation-bare-metal-config-yaml.adoc[leveloffset=+1]
+
+include::modules/installation-configure-proxy.adoc[leveloffset=+2]
+
+include::modules/installation-rhv-customizing-install-config-yaml.adoc[leveloffset=+1]
+
+include::modules/installation-rhv-editing-manifests.adoc[leveloffset=+1]
+
+include::modules/installation-rhv-making-control-plane-nodes-non-schedulable.adoc[leveloffset=+1]
+
+include::modules/installation-rhv-building-ignition-files.adoc[leveloffset=+1]
+
+include::modules/installation-rhv-creating-templates-virtual-machines.adoc[leveloffset=+1]
+
+include::modules/installation-rhv-creating-bootstrap-machine.adoc[leveloffset=+1]
+
+include::modules/installation-rhv-creating-control-plane-nodes.adoc[leveloffset=+1]
+
+include::modules/installation-osp-verifying-cluster-status.adoc[leveloffset=+1]
+
+include::modules/installation-rhv-removing-bootstrap-machine.adoc[leveloffset=+1]
+
+include::modules/installation-rhv-creating-worker-nodes-completing-installation.adoc[leveloffset=+1]

modules/cluster-entitlements.adoc

@@ -24,6 +24,7 @@
 // * installing/installing_openstack/installing-openstack-installer.adoc
 // * installing/installing_aws/installing-restricted-networks-aws.adoc
 // * installing/installing_bare_metal/installing-restricted-networks-bare-metal.adoc
+// * installing/installing_rhv/installing-rhv-restricted-network.adoc
 // * installing/installing_vsphere/installing-restricted-networks-vsphere.adoc
 // * installing/installing_vsphere/installing-vsphere.adoc
 // * installing/installing_vsphere/installing-vsphere-installer-provisioned.adoc

modules/installation-about-restricted-network.adoc

@@ -6,6 +6,7 @@
 // * installing/installing_openstack/installing-openstack-installer-restricted.adoc
 // * installing/installing_ibm_z/installing-restricted-networks-ibm-z.adoc
 // * installing/installing_ibm_power/installing-restricted-networks-ibm-power.adoc
+// * installing/installing-rhv-restricted-network.adoc
 
 ifeval::["{context}" == "installing-ibm-power"]
 :ibm-power:
@@ -16,6 +17,9 @@ endif::[]
 ifeval::["{context}" == "installing-openstack-installer-restricted"]
 :osp:
 endif::[]
+ifeval::["{context}" == "installing-rhv-restricted-network"]
+:rhv:
+endif::[]
 
 [id="installation-about-restricted-networks_{context}"]
 = About installations in restricted networks
@@ -39,12 +43,12 @@ installation media. You can create this registry on a mirror host, which can
 access both the Internet and your closed network, or by using other methods
 that meet your restrictions.
 
-ifndef::osp[]
+ifndef::osp,rhv[]
 [IMPORTANT]
 ====
 Because of the complexity of the configuration for user-provisioned installations, consider completing a standard user-provisioned infrastructure installation before you attempt a restricted network installation using user-provisioned infrastructure. Completing this test installation might make it easier to isolate and troubleshoot any issues that might arise during your installation in a restricted network.
 ====
-endif::osp[]
+endif::osp,rhv[]
 
 [id="installation-restricted-network-limits{context}"]
 == Additional limits
@@ -67,3 +71,6 @@ endif::[]
 ifeval::["{context}" == "installing-openstack-installer-restricted"]
 :!osp:
 endif::[]
+ifeval::["{context}" == "installing-rhv-restricted-network"]
+:!rhv:
+endif::[]

modules/installation-bare-metal-config-yaml.adoc

@@ -1,12 +1,15 @@
 // Module included in the following assemblies:
 //
+// * installing/installing_bare_metal/installing-bare-metal-network-customizations.adoc
 // * installing/installing_bare_metal/installing-bare-metal.adoc
 // * installing/installing_bare_metal/installing-restricted-networks-bare-metal.adoc
 // * installing/installing_ibm_z/installing-ibm-z.adoc
-// * installing/installing_ibm_z/installing-restricted-networks-ibm-z.adoc
 // * installing/installing_ibm_z/installing-ibm-z-kvm.adoc
-// * installing/installing_ibm_z/installing-ibm-power.adoc
-// * installing/installing_ibm_z/installing-restricted-networks-ibm-power.adoc
+// * installing/installing_ibm_power/installing-ibm-power.adoc
+// * installing/installing_ibm_power/installing-restricted-networks-ibm-power.adoc
+// * installing/installing_ibm_z/installing-restricted-networks-ibm-z.adoc
+// * installing/installing_platform_agnostic/installing-platform-agnostic.adoc
+// * installing/installing-rhv-restricted-network.adoc
 
 ifeval::["{context}" == "installing-restricted-networks-bare-metal"]
 :restricted:
@@ -30,11 +33,15 @@ endif::[]
 ifeval::["{context}" == "installing-platform-agnostic"]
 :agnostic:
 endif::[]
+ifeval::["{context}" == "installing-rhv-restricted-network"]
+:rhv:
+endif::[]
+
 
 [id="installation-bare-metal-config-yaml_{context}"]
-ifndef::ibm-z,ibm-z-kvm,ibm-power,agnostic[]
+ifndef::ibm-z,ibm-z-kvm,ibm-power,agnostic,rhv[]
 = Sample `install-config.yaml` file for bare metal
-endif::ibm-z,ibm-z-kvm,ibm-power,agnostic[]
+endif::ibm-z,ibm-z-kvm,ibm-power,agnostic,rhv[]
 ifdef::ibm-z,ibm-z-kvm[]
 = Sample `install-config.yaml` file for IBM Z
 endif::ibm-z,ibm-z-kvm[]
@@ -44,6 +51,9 @@ endif::ibm-power[]
 ifdef::agnostic[]
 = Sample `install-config.yaml` file for other platforms
 endif::agnostic[]
+ifdef::rhv[]
+= Sample `install-config.yaml` file for RHV
+endif::rhv[]
 
 You can customize the `install-config.yaml` file to specify more details about
 your {product-title} cluster's platform or modify the values of the required
@@ -174,9 +184,10 @@ one IP address pool. If you need to access the services from an external network
 configure load balancers and routers to manage the traffic.
 <10> You must set the platform to `none`. You cannot provide additional platform
 configuration variables for
-ifndef::ibm-z,ibm-z-kvm,ibm-power[your platform.]
+ifndef::ibm-z,ibm-z-kvm,ibm-power,rhv[your platform.]
 ifdef::ibm-z,ibm-z-kvm[IBM Z infrastructure.]
 ifdef::ibm-power[IBM Power Systems infrastructure.]
+ifdef::rhv[RHV infrastructure.]
 <11> Whether to enable or disable FIPS mode. By default, FIPS mode is not enabled. If FIPS mode is enabled, the {op-system-first} machines that {product-title} runs on bypass the default Kubernetes cryptography suite and use the cryptography modules that are provided with {op-system} instead.
 ifndef::restricted[]
 ifdef::ibm-z,ibm-z-kvm[]
@@ -241,3 +252,6 @@ endif::[]
 ifeval::["{context}" == "installing-platform-agnostic"]
 :!agnostic:
 endif::[]
+ifeval::["{context}" == "installing-rhv-restricted-network"]
+:!rhv:
+endif::[]

modules/installation-configure-proxy.adoc

@@ -16,6 +16,7 @@
 // * installing/installing_vsphere/installing-vsphere.adoc
 // * installing/installing_ibm_z/installing-ibm-z.adoc
 // * networking/configuring-a-custom-pki.adoc
+// * installing/installing-rhv-restricted-network.adoc
 
 ifeval::["{context}" == "installing-bare-metal"]
 :bare-metal:

modules/installation-dns-user-infra.adoc

@@ -6,6 +6,8 @@
 // * installing/installing_vsphere/installing-restricted-networks-vsphere.adoc
 // * installing/installing_vsphere/installing-vsphere.adoc
 // * installing/installing_ibm_z/installing-ibm-z.adoc
+// * installing/installing-rhv-restricted-network.adoc
+
 
 
 :prewrap!:
@@ -158,3 +160,8 @@ $TTL 1W
 ;
 ;EOF
 ====
+
+[NOTE]
+====
+For clusters using installer-provisioned infrastructure, only the DNS records must be added.
+====

modules/installation-mirror-repository.adoc

@@ -2,6 +2,7 @@
 //
 // * installing/install_config/installing-restricted-networks-preparations.adoc
 // * openshift_images/samples-operator-alt-registry.adoc
+// * installing/installing-rhv-restricted-network.adoc
 
 [id="installation-mirror-repository_{context}"]
 = Mirroring the {product-title} image repository
@@ -175,7 +176,7 @@ $ oc adm release extract -a ${LOCAL_SECRET_JSON} --command=openshift-install "${
 ----
 $ oc adm release extract -a ${LOCAL_SECRET_JSON} --command=openshift-install "${LOCAL_REGISTRY}/${LOCAL_REPOSITORY}:${OCP_RELEASE}-${ARCHITECTURE}"
 ----
-
++
 [IMPORTANT]
 ====
 To ensure that you use the correct images for the version of {product-title}
@@ -184,5 +185,12 @@ content.
 
 You must perform this step on a machine with an active Internet connection.
 
-If you are in a disconnected environment, use the `--image` flag as part of must-gather and point to the payload image. 
+If you are in a disconnected environment, use the `--image` flag as part of must-gather and point to the payload image.
 ====
++
+. For clusters using installer-provisioned infrastructure, run the following command:
++
+[source,terminal]
+----
+$ openshift-install
+----

modules/installation-network-user-infra.adoc

@@ -12,6 +12,7 @@
 // * installing/installing_ibm_z/installing-ibm-z-kvm.adoc
 // * installing/installing_ibm_z/installing-ibm-power.adoc
 // * installing/installing_ibm_z/installing-restricted-networks-ibm-power.adoc
+// * installing/installing-rhv-restricted-network.adoc
 
 ifeval::["{context}" == "installing-vsphere"]
 :vsphere:

modules/installation-osp-verifying-cluster-status.adoc

@@ -7,6 +7,7 @@
 // * installing/installing_rhv/installing-rhv-default.adoc
 // * installing/installing_rhv/installing-rhv-customizations.adoc
 // * installing/installing_rhv/installing-rhv-user-infra.adoc
+// * installing/installing-rhv-restricted-network.adoc
 
 ifeval::["{context}" == "installing-rhv-user-infra"]
 :rhv-user-infra: