Issue 150#151
Conversation
|
🚀 Preview Deployment Success! View your live changes here: https://edeb0a3e.openshift-examples.pages.dev\n\nUploading... (352/507) 🌎 Deploying... |
rbo
left a comment
rbo
left a comment
There was a problem hiding this comment.
That's an awesome overview. Some tiny changes. ;-)
| - [Disconnected Agent-Based Cluster Installation](#disconnected-agent-based-cluster-installation) | ||
| - [How it works](#how-it-works) | ||
| - [Connected Mirroring vs Disconnected Mirroring](#connected-mirroring-vs-disconnected-mirroring) | ||
| - [Lab Environment Setup](#lab-environment-setup) | ||
| - [Bastion Host Preperation](#bastion-host-preperation) | ||
| - [Hostname](#hostname) | ||
| - [RHEL Subscription Manager](#rhel-subscription-manager) | ||
| - [Networking Bastion-Host](#networking-bastion-host) | ||
| - [SSH](#ssh) | ||
| - [Command Line Interfaces (CLIs)](#command-line-interfaces-clis) | ||
| - [Install Podman and Nmstate](#install-podman-and-nmstate) | ||
| - [Installing Podman Offline](#installing-podman-offline) | ||
| - [Installing the Mirror Registry on the Bastion Host](#installing-the-mirror-registry-on-the-bastion-host) | ||
| - [Prerequisites](#prerequisites) | ||
| - [Validating the installation](#validating-the-installation) | ||
| - [Login into the Mirror Registry](#login-into-the-mirror-registry) | ||
| - [Uninstalling the Mirror Registry](#uninstalling-the-mirror-registry) | ||
| - [Mirroring Images](#mirroring-images) | ||
| - [Creating the image set configuration](#creating-the-image-set-configuration) | ||
| - [Unexpected status code 413 Request Entity Too Large](#unexpected-status-code-413-request-entity-too-large) | ||
| - [Installing a disconnected Cluster using the Agent Based Installer](#installing-a-disconnected-cluster-using-the-agent-based-installer) | ||
| - [Cluster Preperations](#cluster-preperations) | ||
| - [Configurations](#configurations) | ||
| - [Create Agent iso](#create-agent-iso) | ||
| - [Run a `httpd` webserver on the bastion to share the iso](#run-a-httpd-webserver-on-the-bastion-to-share-the-iso) | ||
| - [Post Cluster Installation](#post-cluster-installation) | ||
| - [Using Operator Lifecycle Manager in disconnected environments](#using-operator-lifecycle-manager-in-disconnected-environments) | ||
| - [Troubleshooting](#troubleshooting) | ||
| - [Networking](#networking) | ||
| - [Logs](#logs) | ||
| - [Cluster Status validations](#cluster-status-validations) | ||
| - [Firewall is blocking images from pulling](#firewall-is-blocking-images-from-pulling) |
There was a problem hiding this comment.
IMHO we can remove the TOC because we have it on the right side of the page.
|
|
||
| Configure `ssh`: | ||
|
|
||
| `cat ~/.ssh/id_ed25519.pub | ssh rguske@rguske-rhel9-disco-bastion.rguske.coe.muc.redhat.com "mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys && chmod 600 ~/.ssh/authorized_keys && chmod 700 ~/.ssh"` |
There was a problem hiding this comment.
ssh-copy-id -f ~/.ssh/id_ed25519 rguske@rguske-rhel9-disco-bastion.rguske.coe.muc.redhat.com
Does all the necessary steps.
| In this scenario it is important to use the DNS record which points to the IP in the disco subnet. | ||
|
|
||
| ```code | ||
| [root@bastion-rguske mirror-registry]# mirror-registry install --quayHostname rguske-rhel9-disco-bastion.disco.local --quayRoot '/home/$USER/downloads/mirror-registry/root' --initPassword 'r3dh4t1!' --verbose |
There was a problem hiding this comment.
[root@bastion-rguske mirror-registry]# mirror-registry install \
--quayHostname rguske-rhel9-disco-bastion.disco.local \
--quayRoot '/home/$USER/downloads/mirror-registry/root' \
--initPassword 'r3dh4t1!' \
--verbose
- IMHO
--verbosehas no added value. - I'm wondering
$USERif is working because of single quotes. - I usually add
--quayStorageand--sqliteStorageas well. If not, it is storage in the container storage volume.
There was a problem hiding this comment.
verbose won't harm.
You're right! Using single quotes will not expand the variable. It is a literal string. Thx
I'll add the other options but I never used them though.
|
|
||
| ## Mirroring Images | ||
|
|
||
| > You must have access to the internet to obtain the necessary container images. In this procedure, you place your mirror registry on a mirror host that has access to both your network and the internet. If you do not have access to a mirror host, use the [Mirroring Operator catalogs](https://docs.redhat.com/en/documentation/openshift_container_platform/4.17/html-single/disconnected_environments/index#olm-mirror-catalog_installing-mirroring-installation-images) for use with disconnected clusters procedure to copy images to a device you can move across network boundaries with. |
| Paste the content in the file pull-scret. Then: | ||
|
|
||
| `cat ./pull-secret | jq . > $(pwd)/pull-secret.json` | ||
|
|
||
| Replace the existing `auth.json` file in $XDG_RUNTIME_DIR/containers/ | ||
|
|
||
| ```code | ||
| sudo mv pull-secret.json $XDG_RUNTIME_DIR/containers/auth.json | ||
| ``` | ||
|
|
||
| Next up is to generate the base64-encoded user name and password or token for your mirror registry by running the following command: | ||
|
|
||
| `echo -n '<user_name>:<password>' | base64 -w0` | ||
|
|
||
| For <user_name> and <password>, specify the user name and password that you configured for your registry. | ||
|
|
||
| Example: | ||
|
|
||
| `echo -n 'init:r3dh4t1!' | base64 -w0` | ||
|
|
||
| Edit the JSON file and add a section that describes your registry to it: | ||
|
|
||
| ```json | ||
| "auths": { | ||
| "rguske-rhel9-disco-bastion.rguske.coe.muc.redhat.com:8443": { | ||
| "auth": "aW5pdDpyM2RoNHQxIQ==", | ||
| "email": "rguske@redhat.com" | ||
| }, | ||
| "cloud.openshift.com": { | ||
|
|
||
| [...] | ||
| ``` |
There was a problem hiding this comment.
🤔 oc-mirror, meanwhile, look into $XDG_RUNTIME_DIR/containers/auth.json and not in ~/.docker/config.json ?
A much easier way to adjust the auth.json
cp pull-secretc.json $XDG_RUNTIME_DIR/containers/auth.json
podman login --authfile $XDG_RUNTIME_DIR/containers/auth.json --username .. rguske-rhel9-disco-bastion.rguske.coe.muc.redhat.com:8443
I know we have this steps in the docs. I find that very error-prone, though.
There was a problem hiding this comment.
oc-mirror, meanwhile, look into $XDG_RUNTIME_DIR/containers/auth.json and not in ~/.docker/config.json ?
There's no ~/.docker/config.json in this doc. I don't know where you've seen it.
Mine is from our docs!
| If this hits you, try using the following options: | ||
|
|
||
| ```code | ||
| oc mirror -c $(pwd)/imagesetconfiguration.yaml --from file://$(pwd)/mirror/ docker://rguske-rhel9-disco-bastion. |
There was a problem hiding this comment.
In general I prefer to shorten the commands via:
oc mirror -c $(pwd)/imagesetconfiguration.yaml \
--from file://$(pwd)/mirror/ \
docker://rguske-rhel9-disco-bastion.
To avoid scrolling to the left.
There was a problem hiding this comment.
Don't forget --v2! Otherwise the cli will complain! I've shortened it.
Closes: openshift-examples#150 Signed-off-by: Robert Guske <robert.guske@gmail.com>
|
🚀 Preview Deployment Success! View your live changes here: https://bbcf36c6.openshift-examples.pages.dev\n\nUploading... (502/507) 🌎 Deploying... |
2 participants
Update Disconnected Cluster Installation.