Showing posts with label Disconnected. Show all posts
Showing posts with label Disconnected. Show all posts

Monday, September 20, 2021

Deploy Single Node OpenShift via OpenShift Installer on Nvidia Jetson AGX


In a previous blog I walked through a disconnected single node OpenShift deployment using the OpenShift installer.   In this blog I will use a lot of the same steps but instead of installing on an X86 system we will try our hand at installing on a Nvidia Jetson AGX which contains an Arm processor.

Before we begin lets cover what this blog already assumes exists as prerequisites:
  • Podman, the oc binary and the openshift-install binary already exist on the system
  • A disconnected registry is already configured and has the mirrored aarch64 contents of the images for a given OpenShift release.   
  • A physical Nvidia Jetson AGX with UEFI firmware and the ability to boot an ISO image from USB
  • DNS entries for basic baremetal IPI requirements exist. My environment is below:
master-0.kni7.schmaustech.com IN A 192.168.0.47
*.apps.kni7.schmaustech.com IN A 192.168.0.47
api.kni7.schmaustech.com IN A 192.168.0.47
api-int.kni7.schmaustech.com   IN A 192.168.0.47

First lets verify the version of OpenShift we will be deploying by looking at the output of the oc version and openshift-install version:


$ oc version
Client Version: 4.9.0-rc.1
$ ./openshift-install version
./openshift-install 4.9.0-rc.1
built from commit 6b4296b0df51096b4ff03e4ec4aeedeead3425ab
release image quay.io/openshift-release-dev/ocp-release@sha256:2cce76f4dc2400d3c374f76ac0aa4e481579fce293e732f0b27775b7218f2c8d
release architecture amd64

While it looks like we will be deploying a version of 4.9.0-rc.1.  We technically will be deploying a version 4.9.0-rc.2 for aarch64.   We will set an image override for aarch64/4.9.0-rc2 a little further in our process.  Before that though, ensure the disconnected registry being used has the images for 4.9.0-rc.2 mirrored.  If not use a procedure like I have used in one of my previous blogs to mirror the 4.9.0-rc.2 images.

Now lets pull down a few files we will need for our deployment iso.   We need to pull down both the coreos-installer and the rhcos live iso:

$ wget https://mirror.openshift.com/pub/openshift-v4/clients/coreos-installer/v0.8.0-3/coreos-installer
--2021-09-16 10:10:26--  https://mirror.openshift.com/pub/openshift-v4/clients/coreos-installer/v0.8.0-3/coreos-installer
Resolving mirror.openshift.com (mirror.openshift.com)... 54.172.173.155, 54.173.18.88
Connecting to mirror.openshift.com (mirror.openshift.com)|54.172.173.155|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 7649968 (7.3M)
Saving to: ‘coreos-installer’

coreos-installer                                     100%[=====================================================================================================================>]   7.29M  8.83MB/s    in 0.8s    

2021-09-16 10:10:27 (8.83 MB/s) - ‘coreos-installer’ saved [7649968/7649968]

$ wget https://mirror.openshift.com/pub/openshift-v4/aarch64/dependencies/rhcos/pre-release/4.9.0-rc.2/rhcos-live.aarch64.iso
--2021-09-16 10:10:40--  https://mirror.openshift.com/pub/openshift-v4/aarch64/dependencies/rhcos/pre-release/4.9.0-rc.2/rhcos-live.aarch64.iso
Resolving mirror.openshift.com (mirror.openshift.com)... 54.172.173.155, 54.173.18.88
Connecting to mirror.openshift.com (mirror.openshift.com)|54.172.173.155|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 1031798784 (984M) [application/octet-stream]
Saving to: ‘rhcos-live.aarch64.iso’

rhcos-live.aarch64.iso                   100%[=====================================================================================================================>] 984.00M  11.2MB/s    in 93s     

2021-09-16 10:12:13 (10.6 MB/s) - ‘rhcos-live.aarch64.iso’ saved [1031798784/1031798784]

Set the execution bit on the coreos-installer which is a utility to embed the ignition file we will generate:

$ chmod 755 coreos-installer

Lets go ahead now and create an install-config.yaml for our single node deployment.  Notice some of the differences in this install-config.yaml.  Specifically we have no worker nodes defined, one master node defined and then we have the BootstrapInPlace section which tells us to use the nvme0n1 device in the node.  We also have our imageContentSources which tells the installer to use the local registry mirror I have already preconfigured.

$ cat << EOF > install-config.yaml
apiVersion: v1beta4
baseDomain: schmaustech.com
metadata:
  name: kni7
networking:
  networkType: OpenShiftSDN
  machineCIDR: 192.168.0.0/24
compute:
- name: worker
  replicas: 0
controlPlane:
  name: master
  replicas: 1
platform:
  none: {}
BootstrapInPlace:
  InstallationDisk: /dev/nvme0n1
pullSecret: '{ "auths": { "rhel8-ocp-auto.schmaustech.com:5000": {"auth": "ZHVtbXk6ZHVtbXk=","email": "bschmaus@schmaustech.com" } } }'
sshKey: 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDP+5QkRCiuhsYItXj7DzLcOIs2RbCgpMzDtPlt/hfLnDkLGozYIFapMp+o4l+6ornbZ3L+hYE0T8SyvyYVWfm1XpPcVgUIW6qp7yfEyTSRhpGnoY74PD33FIf6BtU2HoFLWjQcE6OrQOF0wijI3fgL0jSzvAxvYoXU/huMx/kI2jBcWEq5cADRfvpeYXhVEJLrIIOepoAZE1syaPT7jQEoLDfvxrDZPKObCOI2vzLiAQXI7gK1uc9YDb6IEA/4Ik4eV2R1+VCgKhgk5RUqn69+8a1o783g1tChKuLwA4K9lyEAbFBwlHMctfNOLeC1w+bYpDXH/3GydcYfq79/18dVd+xEUlzzC+2/qycWG36C1MxUZa2fXvSRWLnpkLcxtIes4MikFeIr3jkJlFUzITigzvFrKa2IKaJzQ53WsE++LVnKJfcFNLtWfdEOZMowG/KtgzSSac/iVEJRM2YTIJsQsqhhI4PTrqVlUy/NwcXOFfUF/NkF2deeUZ21Cdn+bKZDKtFu2x+ujyAWZKNq570YaFT3a4TrL6WmE9kdHnJOXYR61Tiq/1fU+y0fv1d0f1cYr4+mNRCGIZoQOgJraF7/YluLB23INkJgtbah/0t1xzSsQ59gzFhRlLkW9gQDekj2tOGJmZIuYCnTXGiqXHnri2yAPexgRiaFjoM3GCpsWw== bschmaus@bschmaus.remote.csb'
imageContentSources:
- mirrors:
  - rhel8-ocp-auto.schmaustech.com:5000/ocp4/openshift4
  source: quay.io/openshift-release-dev/ocp-release
- mirrors:
  - rhel8-ocp-auto.schmaustech.com:5000/ocp4/openshift4
  source: quay.io/openshift-release-dev/ocp-v4.0-art-dev
additionalTrustBundle: |
  -----BEGIN CERTIFICATE-----
  MIIF7zCCA9egAwIBAgIUeecEs+U5psgJ0aFgc4Q5dGVrAFcwDQYJKoZIhvcNAQEL
  BQAwgYYxCzAJBgNVBAYTAlVTMRYwFAYDVQQIDA1Ob3J0aENhcm9saW5hMRAwDgYD
  VQQHDAdSYWxlaWdoMRAwDgYDVQQKDAdSZWQgSGF0MRIwEAYDVQQLDAlNYXJrZXRp
  bmcxJzAlBgNVBAMMHnJoZWw4LW9jcC1hdXRvLnNjaG1hdXN0ZWNoLmNvbTAeFw0y
  MTA2MDkxMDM5MDZaFw0yMjA2MDkxMDM5MDZaMIGGMQswCQYDVQQGEwJVUzEWMBQG
  A1UECAwNTm9ydGhDYXJvbGluYTEQMA4GA1UEBwwHUmFsZWlnaDEQMA4GA1UECgwH
  UmVkIEhhdDESMBAGA1UECwwJTWFya2V0aW5nMScwJQYDVQQDDB5yaGVsOC1vY3At
  YXV0by5zY2htYXVzdGVjaC5jb20wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK
  AoICAQC9exAg3Ie3N3mkrQKseyri1VP2IPTc+pUEiVCPisIQAhRUfHhPR1HT7EF7
  SwaxrWjpfh9aYBPDEF3uLFQvzDEJWCh5PF55jwn3aABFGKEhfVBKd+es6nXnYaCS
  8CgLS2qM9x4WiuZxrntfB16JrjP+CrTvlAbE4DIMlDQLgh8+hDw9VPlbzY+MI+WC
  cYues1Ne+JZ5dZcKmCZ3zrVToPjreWZUuhSygci2xIQZxwWNmTvAgi+CAiQZS7VF
  RmKjj2H/o/d3I+XSS2261I8aXCAw4/3vaM9aci0eHeEhLIMrhv86WycOjcYL1Z6R
  n55diwDTSyrTo/B4zsQbmYUc8rP+pR2fyRJEGFVJ4ejcj2ZF5EbgUKupyU2gh/qt
  QeYtJ+6uAr9S5iQIcq9qvD9nhAtm3DnBb065X4jVPl2YL4zsbOS1gjoa6dRbFuvu
  f3SdsbQRF/YJWY/7j6cUaueCQOlXZRNhbQQHdIdBWFObw0QyyYtI831ue1MHPG0C
  nsAriPOkRzBBq+BPmS9CqcRDGqh+nd9m9UPVDoBshwaziSqaIK2hvfCAVb3BPJES
  CXKuIaP2IRzTjse58aAzsRW3W+4e/v9fwAOaE8nS7i+v8wrqcFgJ489HnVq+kRNc
  VImv5dBKg2frzXs1PpnWkE4u2VJagKn9B2zva2miRQ+LyvLLDwIDAQABo1MwUTAd
  BgNVHQ4EFgQUbcE9mpTkOK2ypIrURf+xYR08OAAwHwYDVR0jBBgwFoAUbcE9mpTk
  OK2ypIrURf+xYR08OAAwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOC
  AgEANTjx04NoiIyw9DyvszwRdrSGPO3dy1gk3jh+Du6Dpqqku3Mwr2ktaSCimeZS
  4zY4S5mRCgZRwDKu19z0tMwbVDyzHPFJx+wqBpZKkD1FvOPKjKLewtiW2z8AP/kF
  gl5UUNuwvGhOizazbvd1faQ8jMYoZKifM8On6IpFgqXCx98/GOWvnjn2t8YkMN3x
  blKVm5N7eGy9LeiGRoiCJqcyfGqdAdg+Z+J94AHEZb3OxG8uHLrtmz0BF3A+8V2H
  hofYI0spx5y9OcPin2yLm9DeCwWAA7maqdImBG/QpQCjcPW3Yzz9VytIMajPdnvd
  vbJF5GZNj7ods1AykCCJjGy6n9WCf3a4VLnZWtUTbtz0nrIjJjsdlXZqby5BCF0G
  iqWbg0j8onl6kmbMAhssRTlvL8w90F1IK3Hk+lz0Qy8rqZX2ohObtEYGMIAOdFJ1
  iPQrbksXOBpZNtm1VAved41sYt1txS2WZQgfklIXOhNOu4r32ZGKas4EJml0l0wL
  2P65PkPEa7AOeqwP0y6eGoNG9qFSl+yArycZGWudp88977H6CcdkdEcQzmjg5+TD
  9GHm3drUYGqBJDvIemQaXfnwy9Gxx+oBDpXLXOuo+edK812zh/q7s2FELfH5ZieE
  Q3dIH8UGsnjYxv8G3O23cYKZ1U0iiu9QvPRFm0F8JuFZqLQ=
  -----END CERTIFICATE-----
EOF

Before we can create the ignition file from the install-config.yaml we need to set the image release override variable.  We do this because all of this work is currently done on a X86 host but we are trying to generate a ignition file for an aarch64 host.   To set the image release override we will simply curl the aarch64 4.9.0-rc.2 release text and grab the quay release line:

$ export OPENSHIFT_INSTALL_RELEASE_IMAGE_OVERRIDE=$(curl -s https://mirror.openshift.com/pub/openshift-v4/aarch64/clients/ocp/4.9.0-rc.2/release.txt| grep 'Pull From: quay.io' | awk -F ' ' '{print $3}' | xargs)
$ echo $OPENSHIFT_INSTALL_RELEASE_IMAGE_OVERRIDE
quay.io/openshift-release-dev/ocp-release@sha256:edd47e590c6320b158a6a4894ca804618d3b1e774988c89cd988e8a841cb5f3c

Once we have the install-config.yaml and the image release override variable set we can use the openshift-install binary to generate a singe node openshift ignition config:

$ ./openshift-install --dir=./ create single-node-ignition-config
INFO Consuming Install Config from target directory 
WARNING Making control-plane schedulable by setting MastersSchedulable to true for Scheduler cluster settings 
WARNING Found override for release image. Please be warned, this is not advised 
INFO Single-Node-Ignition-Config created in: . and auth 
$ ls -lart
total 1017468
-rwxr-xr-x.  1 bschmaus bschmaus    7649968 Apr 27 00:49 coreos-installer
-rw-rw-r--.  1 bschmaus bschmaus 1031798784 Jul 22 13:10 rhcos-live.aarch64.iso
-rw-r--r--.  1 bschmaus bschmaus       3667 Sep 15 10:35 install-config.yaml.save
drwx------. 27 bschmaus bschmaus       8192 Sep 15 10:39 ..
drwxr-x---.  2 bschmaus bschmaus         50 Sep 15 10:45 auth
-rw-r-----.  1 bschmaus bschmaus     284253 Sep 15 10:45 bootstrap-in-place-for-live-iso.ign
-rw-r-----.  1 bschmaus bschmaus    1865601 Sep 15 10:45 .openshift_install_state.json
-rw-rw-r--.  1 bschmaus bschmaus     213442 Sep 15 10:45 .openshift_install.log
-rw-r-----.  1 bschmaus bschmaus         98 Sep 15 10:45 metadata.json
drwxrwxr-x.  3 bschmaus bschmaus        247 Sep 15 10:45 .

Now lets take that bootstrap-in-place-for-live-iso.ign config we generated and use the coreos-installer to embed it into the rhcos live iso image.  There will be no output upon completion so I usually echo the $? to confirm it ended with a good exit status.

$ ./coreos-installer iso ignition embed -fi bootstrap-in-place-for-live-iso.ign rhcos-live.aarch64.iso
$ echo $?
0

Now that the rhcos live iso image has the ignition file embedded we can write the image to a USB device: 

$ sudo dd if=./rhcos-live.aarch64.iso of=/dev/sda bs=8M status=progress oflag=direct
[sudo] password for bschmaus: 
948783104 bytes (949 MB, 905 MiB) copied, 216 s, 4.4 MB/s
113+1 records in
113+1 records out
948783104 bytes (949 MB, 905 MiB) copied, 215.922 s, 4.4 MB/s

Once the USB device is written take the USB and connect it to the Nvidia Jetson AGX and boot from it.  Keep in mind during the first boot of the Jetson I had to hit the ESC key to get access to the device manager to tell it to boot from the ISO.  Then once the system reboots again I had to go back into the device manager to boot from my NVMe device.  After that the system will boot from the NMVe until the next time I want to install from the ISO again.  This is more a Jetson nuance then OCP issue.

Once the system has rebooted the first time and if the ignition file was embedded without errors we should be able to login using the core user and associated key that was set in the install-config.yaml we used.   Once inside the node we should be able to use crictl ps to confirm containers are being started:

$ ssh core@192.168.0.47
Red Hat Enterprise Linux CoreOS 49.84.202109152147-0
  Part of OpenShift 4.9, RHCOS is a Kubernetes native operating system
  managed by the Machine Config Operator (`clusteroperator/machine-config`).

WARNING: Direct SSH access to machines is not recommended; instead,
make configuration changes via `machineconfig` objects:
  https://docs.openshift.com/container-platform/4.9/architecture/architecture-rhcos.html

---
Last login: Fri Sep 17 20:26:28 2021 from 10.0.0.152
[core@master-0 ~]$ sudo crictl ps
CONTAINER           IMAGE                                                                                                                    CREATED              STATE               NAME                             ATTEMPT             POD ID
f022aab7d2bd2       4e462838cdd7a580f875714d898aa392db63aefa2201141eca41c49d976f0965                                                         3 seconds ago        Running             network-operator                 0                   b89d47c2e53c9
c65fe3bd5a27c       quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:8ad7f6aa04f25db941d5364fe2826cc0ed8c78b0f6ecba2cff660fab2b9327c7   About a minute ago   Running             cluster-policy-controller        0                   0df63b1ad8da3
7c5ea2f9f3ce0       quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:efec74e2c00bca3688268eca7a256d865935c73b0ad0da4d5a9ceb126411ee1e   About a minute ago   Running             kube-apiserver-insecure-readyz   0                   f19feea00d442
c8665a708e33c       055d6dcd87c13fc04afd196253127c33cd86e4e0202e6798ce5b7136de56b206                                                         About a minute ago   Running             kube-apiserver                   0                   f19feea00d442
af8c8be71a74f       quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0d496e5f28b2d9f9bb507eb6b2a0544e46f973720bc98511bf4d05e9c81dc07a   About a minute ago   Running             kube-controller-manager          0                   0df63b1ad8da3
5c7fc277712f9       quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0d496e5f28b2d9f9bb507eb6b2a0544e46f973720bc98511bf4d05e9c81dc07a   About a minute ago   Running             kube-scheduler                   0                   41d530f654838
98b0faec9e0cd       quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:81262ae10274989475617ac492361c3bc8853304fb409057e75d94c3eba18e48   About a minute ago   Running             etcd                             0                   f553fa481d714
[core@master-0 ~]$ uname -a
Linux master-0.kni7.schmaustech.com 4.18.0-305.19.1.el8_4.aarch64 #1 SMP Mon Aug 30 07:17:58 EDT 2021 aarch64 aarch64 aarch64 GNU/Linux

Further once we have confirmed containers are starting we can also use the kubeconfig and show the node state:

$ export KUBECONFIG=~/ocp/auth/kubeconfig 
$ ./oc get nodes -o wide
NAME                           STATUS ROLES         AGE   VERSION                INTERNAL-IP    EXTERNAL-IP   OS-IMAGE                                                       KERNEL-VERSION                  CONTAINER-RUNTIME
master-0.kni7.schmaustech.com  Ready  master,worker 12m   v1.22.0-rc.0+75ee307   192.168.0.47   <none>        Red Hat Enterprise Linux CoreOS 49.84.202109152147-0 (Ootpa)   4.18.0-305.19.1.el8_4.aarch64   cri-o://1.22.0-71.rhaos4.9.gitd54f8e1.el8
Now we can get the cluster operator states with the oc command to confirm when installation has completed.  If there are still False's under AVAILABLE then the installation is still progressing:

$ ./oc get co
NAME                                       VERSION      AVAILABLE   PROGRESSING   DEGRADED   SINCE   MESSAGE
authentication                             4.9.0-rc.2   False       False         True       12m     OAuthServerRouteEndpointAccessibleControllerAvailable: route.route.openshift.io "oauth-openshift" not found...
baremetal                                  4.9.0-rc.2   True        False         False      34s     
cloud-controller-manager                   4.9.0-rc.2   True        False         False      31s     
cloud-credential                           4.9.0-rc.2   True        False         False      11m     
cluster-autoscaler                                                                                   
config-operator                            4.9.0-rc.2   True        False         False      12m     
console                                    4.9.0-rc.2   Unknown     False         False      8s      
csi-snapshot-controller                    4.9.0-rc.2   True        False         False      12m     
dns                                        4.9.0-rc.2   True        False         False      109s    
etcd                                       4.9.0-rc.2   True        False         False      6m20s   
image-registry                                                                                       
ingress                                                 Unknown     True          Unknown    15s     Not all ingress controllers are available.
insights                                   4.9.0-rc.2   True        True          False      32s     Initializing the operator
kube-apiserver                             4.9.0-rc.2   True        False         False      96s     
kube-controller-manager                    4.9.0-rc.2   True        False         False      5m3s    
kube-scheduler                             4.9.0-rc.2   True        False         False      6m14s   
kube-storage-version-migrator              4.9.0-rc.2   True        False         False      12m     
machine-api                                4.9.0-rc.2   True        False         False      1s      
machine-approver                           4.9.0-rc.2   True        False         False      55s     
machine-config                             4.9.0-rc.2   True        False         False      38s     
marketplace                                4.9.0-rc.2   True        False         False      11m     
monitoring                                              Unknown     True          Unknown    12m     Rolling out the stack.
network                                    4.9.0-rc.2   True        False         False      13m     
node-tuning                                4.9.0-rc.2   True        False         False      11s     
openshift-apiserver                        4.9.0-rc.2   False       False         False      105s    APIServerDeploymentAvailable: no apiserver.openshift-apiserver pods available on any node....
openshift-controller-manager               4.9.0-rc.2   True        False         False      75s     
openshift-samples                                                                                    
operator-lifecycle-manager                 4.9.0-rc.2   True        False         False      24s     
operator-lifecycle-manager-catalog         4.9.0-rc.2   True        True          False      21s     Deployed 0.18.3
operator-lifecycle-manager-packageserver                False       True          False      26s     
service-ca                                 4.9.0-rc.2   True        False         False      12m     
storage                                    4.9.0-rc.2   True        False         False      30s

Finally though after about 30 - 60 minutes we can finally see our single node cluster has completed installation:

$ ./oc get co
NAME                                       VERSION      AVAILABLE   PROGRESSING   DEGRADED   SINCE   MESSAGE
authentication                             4.9.0-rc.2   True        False         False      5m3s    
baremetal                                  4.9.0-rc.2   True        False         False      8m24s   
cloud-controller-manager                   4.9.0-rc.2   True        False         False      8m21s   
cloud-credential                           4.9.0-rc.2   True        False         False      19m     
cluster-autoscaler                         4.9.0-rc.2   True        False         False      7m35s   
config-operator                            4.9.0-rc.2   True        False         False      20m     
console                                    4.9.0-rc.2   True        False         False      4m54s   
csi-snapshot-controller                    4.9.0-rc.2   True        False         False      19m     
dns                                        4.9.0-rc.2   True        False         False      9m39s   
etcd                                       4.9.0-rc.2   True        False         False      14m     
image-registry                             4.9.0-rc.2   True        False         False      4m52s   
ingress                                    4.9.0-rc.2   True        False         False      7m4s    
insights                                   4.9.0-rc.2   True        False         False      8m22s   
kube-apiserver                             4.9.0-rc.2   True        False         False      9m26s   
kube-controller-manager                    4.9.0-rc.2   True        False         False      12m     
kube-scheduler                             4.9.0-rc.2   True        False         False      14m     
kube-storage-version-migrator              4.9.0-rc.2   True        False         False      20m     
machine-api                                4.9.0-rc.2   True        False         False      7m51s   
machine-approver                           4.9.0-rc.2   True        False         False      8m45s   
machine-config                             4.9.0-rc.2   True        False         False      8m28s   
marketplace                                4.9.0-rc.2   True        False         False      19m     
monitoring                                 4.9.0-rc.2   True        False         False      2m24s   
network                                    4.9.0-rc.2   True        False         False      21m     
node-tuning                                4.9.0-rc.2   True        False         False      8m1s    
openshift-apiserver                        4.9.0-rc.2   True        False         False      5m9s    
openshift-controller-manager               4.9.0-rc.2   True        False         False      9m5s    
openshift-samples                          4.9.0-rc.2   True        False         False      6m57s   
operator-lifecycle-manager                 4.9.0-rc.2   True        False         False      8m14s   
operator-lifecycle-manager-catalog         4.9.0-rc.2   True        False         False      8m11s   
operator-lifecycle-manager-packageserver   4.9.0-rc.2   True        False         False      7m49s   
service-ca                                 4.9.0-rc.2   True        False         False      20m     
storage                                    4.9.0-rc.2   True        False         False      8m20s

And from the web console:



at
Labels: , , , , , ,

Sunday, November 17, 2019

Deploying OpenShift IPI Baremetal Disconnected


The following blog is a write up of the steps I used to generate a OpenShift IPI disconnected baremetal install. In this configuration we first mirror down the images to a local repository. Then deploy the Openshift cluster onto virtual machines that are mimicking a baremetal environment with vBMC being used as the IPMI interface into the virtual machines.  Please note that while this was demonstrated in a virtual setting these steps should also work with physical hardware.

Lab Setup:

Physical node specification:

Processors: i7 - 8 vcpus
Memory: 32gb
Disk: 512gb M2 SSD
Single NIC with 2 vlans (external and provisioning) tagged in
Nested virtualization should be enabled

Virtual machine Node specification:

Processor: Passthrough from physical node - 4 vcpus
Memory: 16gb
Disk: 60gb raw image
Two NICs ens3 (provisioning) ens4 (external) - no tags - dhcp interfaces
IPMI: Provided via centralized Virtual BMC controller

Lab Diagram:


Predefined DNS records:

*.apps.kni5  IN A 192.168.0.197
ns1.kni5  IN A 192.168.0.198
api.kni5  IN A 192.168.0.199
master-0.kni5         IN A 192.168.0.200
master-1.kni5         IN A 192.168.0.201
master-2.kni5         IN A 192.168.0.202

Cluster and user definitions:

Cluster Name: kni5
Domain Name: schmaustech.com
Username for installation: bschmaus

Preparing Provisioning Node:

The first step in preparing the provisioning node is to install, kickstart or image the provisioning node with RHEL8 and register the host.  I leverage an ISO image local on NUC-1 with an embedded kickstart file that way I can rebuild my provisioning node on the fly and start off with a fresh install.

Once the provisioning node is installed make sure the following packages are installed:

kexec-tools
@development (package group)
git
usbredir
golang
libXv
virt-install
libvirt
libvirt-devel
libselinux-utils
qemu-kvm
mkisofs

Next lets make sure the username used for installation has passwordless sudo access.  This is more about convenience give a lot of the commands require root and or sudo access:

# cat << EOF > /etc/sudoers.d/openshift
Defaults:bschmaus !requiretty
bschmaus ALL = (root) NOPASSWD:ALL
EOF
# chmod 600 /etc/sudoers.d/openshift

Unfortunately at this time selinux does need to be set to permissive so we will do that now:

# sudo setenforce permissive
# sudo sed -i "s/=enforcing/=permissive/g" /etc/selinux/config

For the bootstrap node to boot on this virtual machine we need to ensure a default storage pool exists.  On a RHEL8 installation this pool does not seem to exist out of the box so lets create it:

# sudo virsh pool-define-as --name default --type dir --target /var/lib/libvirt/images
# sudo virsh pool-start default
# sudo virsh pool-autostart default
# sudo usermod --append --groups libvirt bschmaus

The Openshift installer expects there to be a baremetal and provisioning interface on the provisioning node so lets configure them with the following:

# export PROV_CONN=ens3
# export MAIN_CONN=ens4
# sudo nmcli connection add ifname provisioning type bridge con-name provisioning
# sudo nmcli con add type bridge-slave ifname "$PROV_CONN" master provisioning
# sudo nmcli connection add ifname baremetal type bridge con-name baremetal
# sudo nmcli con add type bridge-slave ifname "$MAIN_CONN" master baremetal
# sudo nmcli con down "System $MAIN_CONN"; sudo pkill dhclient; sudo dhclient baremetal
# sudo nmcli connection modify provisioning ipv4.addresses 172.22.0.1/24 ipv4.method manual
# sudo nmcli con down provisioning
# sudo nmcli con up provisioning
# sudo ip a show $PROV_CONN;ip a show $MAIN_CONN; ip a show provisioning; ip a show baremetal
2: ens3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel master provisioning state UP group default qlen 1000
    link/ether 52:54:00:9e:01:ec brd ff:ff:ff:ff:ff:ff
3: ens4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel master baremetal state UP group default qlen 1000
    link/ether 52:54:00:07:98:b1 brd ff:ff:ff:ff:ff:ff
8: provisioning: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 52:54:00:9e:01:ec brd ff:ff:ff:ff:ff:ff
    inet 172.22.0.1/24 brd 172.22.0.255 scope global noprefixroute provisioning
       valid_lft forever preferred_lft forever
    inet6 fe80::b189:6c77:d795:57dc/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever
7: baremetal: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 52:54:00:07:98:b1 brd ff:ff:ff:ff:ff:ff
    inet 192.168.0.246/24 brd 192.168.0.255 scope global dynamic noprefixroute baremetal
       valid_lft 366sec preferred_lft 366sec
    inet6 fe80::495e:1100:2ad3:851e/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever

At this time we should also pull the latest oc binary and openshift-baremetal-install binary.  The oc command will be used to mirror the repository and also validate the cluster is up once installation is complete:

# export VERSION=$(curl -s https://mirror.openshift.com/pub/openshift-v4/clients/ocp-dev-preview/latest/release.txt | grep 'Name:' | awk -F: '{print $2}' | xargs)
# export RELEASE_IMAGE=$(curl -s https://mirror.openshift.com/pub/openshift-v4/clients/ocp-dev-preview/latest/release.txt | grep 'Pull From: quay.io' | awk -F ' ' '{print $3}' | xargs)
# export pullsecret_file=/home/bschmaus/pull-secret.json
# export cmd=openshift-baremetal-install
# export extract_dir=$(pwd)
# curl -s https://mirror.openshift.com/pub/openshift-v4/clients/ocp-dev-preview/latest/openshift-client-linux-$VERSION.tar.gz | tar zxvf - oc
# sudo cp /home/bschmaus/oc /usr/local/bin/oc
# /usr/local/bin/oc adm release extract --registry-config "${pullsecret_file}" --command=$cmd --to "${extract_dir}" ${RELEASE_IMAGE}
# sudo cp /home/bschmaus/openshift-baremetal-install /usr/local/bin/openshift-baremetal-install

Create Initial Install-Config.yaml and Local Image Repository:

 Now that we have prepared the provisioning host, we need to first create our initial install-config.yaml file.   The file should look similar to the sample below but adjusted for your environment (Note: RELEASEVERSION should be typed as in example as we will change that in later step):

apiVersion: v1
baseDomain: schmaustech.com
metadata:
  name: kni5
networking:
  machineCIDR: 192.168.0.0/24
compute:
- name: worker
  replicas: 0
controlPlane:
  name: master
  replicas: 3
  platform:
    baremetal: {}
platform:
  baremetal:
    apiVIP: 192.168.0.199
    ingressVIP: 192.168.0.197
    dnsVIP: 192.168.0.198
    hosts:
      - name: master-0
        role: master
        bmc:
          address: ipmi://192.168.0.11:6241
          username: admin
          password: password
        bootMACAddress: 52:54:00:3d:04:ae
        hardwareProfile: default
      - name: master-1
        role: master
        bmc:
          address: ipmi://192.168.0.11:6242
          username: admin
          password: password
        bootMACAddress: 52:54:00:0f:91:f3
        hardwareProfile: default
      - name: master-2
        role: master
        bmc:
          address: ipmi://192.168.0.11:6243
          username: admin
          password: password
        bootMACAddress: 52:54:00:ee:d2:f2
        hardwareProfile: default
sshKey: 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDP+5QkRCiuhsYItXj7DzLcOIs2RbCgpMzDtPlt/hfLnDkLGozYIFapMp+o4l+6ornbZ3L+hYE0T8SyvyYVWfm1XpPcVgUIW6qp7yfEyTSRhpGnoY74PD33FIf6BtU2HoFLWjQcE6OrQOF0wijI3fgL0jSzvAxvYoXU/huMx/kI2jBcWEq5cADRfvpeYXhVEJLrIIOepoAZE1syaPT7jQEoLDfvxrDZPKObCOI2vzLiAQXI7gK1uc9YDb6IEA/4Ik4eV2R1+VCgKhgk5RUqn69+8a1o783g1tChKuLwA4K9lyEAbFBwlHMctfNOLeC1w+bYpDXH/3GydcYfq79/18dVd+xEUlzzC+2/qycWG36C1MxUZa2fXvSRWLnpkLcxtIes4MikFeIr3jkJlFUzITigzvFrKa2IKaJzQ53WsE++LVnKJfcFNLtWfdEOZMowG/KtgzSSac/iVEJRM2YTIJsQsqhhI4PTrqVlUy/NwcXOFfUF/NkF2deeUZ21Cdn+bKZDKtFu2x+ujyAWZKNq570YaFT3a4TrL6WmE9kdHnJOXYR61Tiq/1fU+y0fv1d0f1cYr4+mNRCGIZoQOgJraF7/YluLB23INkJgtbah/0t1xzSsQ59gzFhRlLkW9gQDekj2tOGJmZIuYCnTXGiqXHnri2yAPexgRiaFjoM3GCpsWw== bschmaus@lap1.schmaustech.com'
imageContentSources:
- mirrors:
  - rhel8-ocp-auto.schmaustech.com:5000/ocp4/openshift4
  source: registry.svc.ci.openshift.org/ocp/RELEASEVERSION
- mirrors:
  - rhel8-ocp-auto.schmaustech.com:5000/ocp4/openshift4
  source: registry.svc.ci.openshift.org/ocp/release
pullSecret: 'PULL SECRET HERE'

Lets also create a pull-secret.json file that has the OpenShift pull-secret credentials so we can access the Openshift repository (Note: PULL-SECRET-JSON needs to be the actual pull-secret one gets from OpenShift):

# echo 'PULL-SECRET-JSON' > /home/bschmaus/pull-secret-json

Now that we have the initial install-config.yaml that we will use to deploy the OpenShift cluster lets change gears and configure the local image repository on the provisioning node.   The steps below outline what is needed to configure the repository:

# sudo yum -y install podman httpd httpd-tools
# sudo mkdir -p /opt/registry/{auth,certs,data}
# sudo openssl req -newkey rsa:4096 -nodes -sha256 -keyout /opt/registry/certs/domain.key -x509 -days 365 -out /opt/registry/certs/domain.crt -subj "/C=US/ST=Minnesota/L=Brooklyn Park/O=Red Hat/OU=Engineering/CN=rhel8-ocp-auto.schmaustech.com"
# sudo cp /opt/registry/certs/domain.crt /etc/pki/ca-trust/source/anchors/
# sudo update-ca-trust extract
# sudo htpasswd -bBc /opt/registry/auth/htpasswd dummy dummy
# sudo firewall-cmd --add-port=5000/tcp --zone=libvirt  --permanent
# sudo firewall-cmd --add-port=5000/tcp --zone=public   --permanent
# sudo firewall-cmd --add-service=http  --permanent
# sudo firewall-cmd --reload
# sudo podman create --name poc-registry -p 5000:5000 -v /opt/registry/data:/var/lib/registry:z -v /opt/registry/auth:/auth:z -e "REGISTRY_AUTH=htpasswd" -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry" -e "REGISTRY_HTTP_SECRET=ALongRandomSecretForRegistry" -e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd -v /opt/registry/certs:/certs:z -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt -e REGISTRY_HTTP_TLS_KEY=/certs/domain.key docker.io/library/registry:2
# sudo podman start poc-registry

Test that the repository is working with the following test:

# curl -u dummy:dummy -k https://rhel8-ocp-auto.schmaustech.com:5000/v2/_catalog


Update Install-Config.yaml Pull Secret & Certificate:

Now we need to update the pull-secret in our install-config.yaml file to reference the local repository credentials we used above.  To do this we first need to capture the base64 output for the user/password we configured for the local mirror which was dummy and dummy:

# echo -n 'dummy:dummy' | base64 -w0
ZHVtbXk6ZHVtbXk=

With the output above place it into a string like the sample below making sure to update the repository hostname as well to match the environment.  Save the contents to a file called local_pull_secret:

# cat << 'EOF' > /home/bschmaus/local_pull_secret
pullSecret: '{ "auths": { "rhel8-ocp-auto.schmaustech.com:5000": {"auth": "ZHVtbXk6ZHVtbXk=","email": "bschmaus@redhat.com"} } }'
EOF

Now lets inject that local_pull_secret into our install-config.yaml file:

# sed  -i '/^pullSecret/d' /home/bschmaus/install-config.yaml
# cat /home/bschmaus/local_pull_secret >> /home/bschmaus/install-config.yaml

Since we also created a cert above and our install-config.yaml file will need to connect to the local repository lets go ahead and add that cert to the install-config.yaml:

# sudo cp /opt/registry/certs/domain.crt /home/bschmaus/domain.crt
# sed -i -e 's/^/  /' /home/bschmaus/domain.crt
# echo "additionalTrustBundle: |" >> /home/bschmaus/install-config.yaml
# cat /home/bschmaus/domain.crt >> /home/bschmaus/install-config.yaml

Once the install-config.yaml file is updated with both the local repository pull-secret and domain cert our install-config.yaml will look something like the following:

apiVersion: v1
baseDomain: schmaustech.com
metadata:
  name: kni5
networking:
  machineCIDR: 192.168.0.0/24
compute:
- name: worker
  replicas: 0
controlPlane:
  name: master
  replicas: 3
  platform:
    baremetal: {}
platform:
  baremetal:
    apiVIP: 192.168.0.199
    ingressVIP: 192.168.0.197
    dnsVIP: 192.168.0.198
    hosts:
      - name: master-0
        role: master
        bmc:
          address: ipmi://192.168.0.11:6241
          username: admin
          password: password
        bootMACAddress: 52:54:00:3d:04:ae
        hardwareProfile: default
      - name: master-1
        role: master
        bmc:
          address: ipmi://192.168.0.11:6242
          username: admin
          password: password
        bootMACAddress: 52:54:00:0f:91:f3
        hardwareProfile: default
      - name: master-2
        role: master
        bmc:
          address: ipmi://192.168.0.11:6243
          username: admin
          password: password
        bootMACAddress: 52:54:00:ee:d2:f2
        hardwareProfile: default
sshKey: 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDP+5QkRCiuhsYItXj7DzLcOIs2RbCgpMzDtPlt/hfLnDkLGozYIFapMp+o4l+6ornbZ3L+hYE0T8SyvyYVWfm1XpPcVgUIW6qp7yfEyTSRhpGnoY74PD33FIf6BtU2HoFLWjQcE6OrQOF0wijI3fgL0jSzvAxvYoXU/huMx/kI2jBcWEq5cADRfvpeYXhVEJLrIIOepoAZE1syaPT7jQEoLDfvxrDZPKObCOI2vzLiAQXI7gK1uc9YDb6IEA/4Ik4eV2R1+VCgKhgk5RUqn69+8a1o783g1tChKuLwA4K9lyEAbFBwlHMctfNOLeC1w+bYpDXH/3GydcYfq79/18dVd+xEUlzzC+2/qycWG36C1MxUZa2fXvSRWLnpkLcxtIes4MikFeIr3jkJlFUzITigzvFrKa2IKaJzQ53WsE++LVnKJfcFNLtWfdEOZMowG/KtgzSSac/iVEJRM2YTIJsQsqhhI4PTrqVlUy/NwcXOFfUF/NkF2deeUZ21Cdn+bKZDKtFu2x+ujyAWZKNq570YaFT3a4TrL6WmE9kdHnJOXYR61Tiq/1fU+y0fv1d0f1cYr4+mNRCGIZoQOgJraF7/YluLB23INkJgtbah/0t1xzSsQ59gzFhRlLkW9gQDekj2tOGJmZIuYCnTXGiqXHnri2yAPexgRiaFjoM3GCpsWw== bschmaus@bschmaus.remote.csb'
imageContentSources:
- mirrors:
  - rhel8-ocp-auto.schmaustech.com:5000/ocp4/openshift4
  source: registry.svc.ci.openshift.org/ocp/RELEASEVERSION
- mirrors:
  - rhel8-ocp-auto.schmaustech.com:5000/ocp4/openshift4
  source: registry.svc.ci.openshift.org/ocp/release
pullSecret: '{ "auths": { "rhel8-ocp-auto.schmaustech.com:5000": {"auth": "ZHVtbXk6ZHVtbXk=","email": "bschmaus@redhat.com"} } }'
additionalTrustBundle: |
  -----BEGIN CERTIFICATE-----
  MIIF9zCCA9+gAwIBAgIUJhBYhR40iyQOEWifRhKAjwupm4gwDQYJKoZIhvcNAQEL
  BQAwgYoxCzAJBgNVBAYTAlVTMRIwEAYDVQQIDAlNaW5uZXNvdGExFjAUBgNVBAcM
  DUJyb29rbHluIFBhcmsxEDAOBgNVBAoMB1JlZCBIYXQxFDASBgNVBAsMC0VuZ2lu
  ZWVyaW5nMScwJQYDVQQDDB5yaGVsOC1vY3AtYXV0by5zY2htYXVzdGVjaC5jb20w
  HhcNMTkxMTE3MjEwNjEzWhcNMjAxMTE2MjEwNjEzWjCBijELMAkGA1UEBhMCVVMx
  EjAQBgNVBAgMCU1pbm5lc290YTEWMBQGA1UEBwwNQnJvb2tseW4gUGFyazEQMA4G
  A1UECgwHUmVkIEhhdDEUMBIGA1UECwwLRW5naW5lZXJpbmcxJzAlBgNVBAMMHnJo
  ZWw4LW9jcC1hdXRvLnNjaG1hdXN0ZWNoLmNvbTCCAiIwDQYJKoZIhvcNAQEBBQAD
  ggIPADCCAgoCggIBAMiiLRYITGwaOXext9cTOpemfwBjfKx0eREEpqww9nz5qRPn
  a0NK9Q5zgpieQvGWAN8y9c6wK0aUS4SRcFSx8RVbjP2L4p3ii0UsH6xP6JqHtfIg
  ynbqco6CyfSq7k+GwmoMLFx0Tki3Ta6syVQ9pN/YctTPIeIBMOXkSeOxNkn8dtdG
  oiCXS2OB0cW+wf3INp48Cc2zbbc+QmMw/LQlJIZcrP/C/Luh+fGiOt5XbrFD2Ain
  FYkKHOEzGucuEHDC7f/wLqLkwUf6iN4aB0fVU7kdYn1C1aZJhmlY5tSzR3eRvNsL
  QgFPfkHI647OTbDA8R4VNRRgkza+dEgEvLUbAyeQ7JztcFfnncWlDuvZdj6MCstR
  MND4lw3Ig0AK9PYXb5ui5g57ms7tInmqVJKb/9Xp9DKSWEUEOe+TQBeZ6spWmQjg
  GcPwuX5g+9RHh4iYmClxclDrZ6k6o6NQY9ldXQeI6kNVHacvg2S7iaWXFrshDtk4
  ss5Lvlag4/+yLJUIiWeIyG8yBkDlH7d+OV8F9rhf86J7tgbcA+pxms0v11Ot0I4n
  GibtZDmU0SPpsdAQzv798jhRiwJJMjh7Gw3EnnwxC/3GIK0LqqcKxMd3VmLRQYtb
  VFKYJyK6LBml/iONAmCIcaLMc7CcoaalM7pmWAdyis3FFdIsYDFOQP7pWPHlAgMB
  AAGjUzBRMB0GA1UdDgQWBBSVX7d9U2nc5LgiF7CFYABdTvEn8DAfBgNVHSMEGDAW
  gBSVX7d9U2nc5LgiF7CFYABdTvEn8DAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3
  DQEBCwUAA4ICAQCOzQ5oPbfAAinjhGRXuBPjlkm0bfKxW3sd+ExFOopVRYlCepzg
  CQ3iiMkD2ygI6Ga1B8NhQ1kHkvZ9vISAG3R1Ew65Od/qoZ0vuCUlo9fG761Yp1i6
  w/hR1MmcE0PL2EkyVz+GwNYjq445YD0aI3m3El9VPKoJPB6VHCBmII0qcCCTpag2
  Uq77vzk4M8HYV/1lqRKH601pkaZOUul7KuS2a4GzNUNr90Fps1I0s45CE9NpyS0s
  6cDd3RITlTHoNRBTeXWy5I5lWTqeJx5lwiGc+lkXQYCY/sVOtATwTSp6EqzvS08r
  Q/4sZDxmcmGwig+afBa8Of71ndhzd5MxJHyOrhsfsGfwH6ThB8SaCliyvC/160MT
  3LuXLn6OzGLcoLMcOhlJhhy7H7DnJeellVlSc/FHVr17IKInBd7viF4Sw5NGjH/d
  q5peosB2tDkaGgOtgIMsuA7aYrilV+3ZZ3nx1Yipwju+9hU4ncCcO16OGC/bgRym
  Bg6W8b9HZ+v1dvmh7aYHKDdZCXcNX6W/bWVC/rBpo4Cq+0jJso77CQYj95EdooSQ
  kqc6bj8BpHfxU6o6nZ1Aqtfw17yPeqh6sfByn1yfLuhPBUGuU0mZQAmFGkwSP+HH
  ZqLMKxvpJe5ufLz97O8gjCh38XV6mt3VUfVEn4Yrx5M2RtEMeuEtbYMCvw==
  -----END CERTIFICATE-----

Mirror Images:

 Now that we have configured all the services and configuration files we need for our OpenShift IPI deployment we can now begin the process of mirroring the images to the local respository:

# LATEST_CI_IMAGE=$(curl https://openshift-release.svc.ci.openshift.org/api/v1/releasestream/4.3.0-0.ci/latest | grep -o 'registry.svc.ci.openshift.org[^"]\+')
# export OPENSHIFT_RELEASE_IMAGE="${OPENSHIFT_RELEASE_IMAGE:-$LATEST_CI_IMAGE}"
# export GOPATH=/home/bschmaus/go
# export OCP_RELEASE=`echo $LATEST_CI_IMAGE|cut -d: -f2`
# export UPSTREAM_REPO=$LATEST_CI_IMAGE
# export LOCAL_REG='rhel8-ocp-auto.schmaustech.com:5000'
# export LOCAL_REPO='ocp4/openshift4'
# export LOCAL_SECRET_JSON="${HOME}/pull-secret.json"
# export OPENSHIFT_INSTALL_RELEASE_IMAGE_OVERRIDE=${LOCAL_REG}/${LOCAL_REPO}:${OCP_RELEASE}
# /usr/local/bin/oc adm release mirror -a $LOCAL_SECRET_JSON --from=$UPSTREAM_REPO --to-release-image=$LOCAL_REG/$LOCAL_REPO:$OCP_RELEASE --to=$LOCAL_REG/$LOCAL_REPO

Adjust ImageContentSources in Install-Config.yaml:

 Recall we original defined the install-config.yaml with a line that had RELEASEVERSION in all caps.   Since we declared the OCP_RELEASE variable in the previous steps, we are now ready to update the install-config.yaml and replace RELEASEVERSION with the proper version defined for our local repository.  The following steps initiate that change:

# NEW_RELEASE=`echo $OCP_RELEASE|sed s/.0-0.ci//g`
# sed -i s/RELEASEVERSION/$NEW_RELEASE/g /home/bschmaus/install-config.yaml

Deploying the OpenShift Cluster:

Finally after all of the steps above, we can begin the actual deployment using the commands below:

 
# mkdir /home/bschmaus/ocp
# cp /home/bschmaus/install-config.yaml /home/bschmaus/ocp 
# /usr/local/bin/openshift-baremetal-install --dir /home/bschmaus/ocp --log-level debug create cluster

If all the steps were followed, the cluster should successfully deploy with the exception of Metal3 container as there is an issue with this that needs to be addressed.

We can check if the cluster nodes are online with the following:

# export KUBECONFIG=/home/bschmaus/ocp/auth/kubeconfig
# oc get nodes
NAME                            STATUS   ROLES           AGE   VERSION
master-0.kni5.schmaustech.com   Ready    master,worker   10h   v1.16.2
master-1.kni5.schmaustech.com   Ready    master,worker   10h   v1.16.2
master-2.kni5.schmaustech.com   Ready    master,worker   10h   v1.16.2

We can also view all the pods to validate things are online as well:

# oc get pods --all-namespaces
NAMESPACE                                               NAME                                                              READY   STATUS                            RESTARTS   AGE
openshift-apiserver-operator                            openshift-apiserver-operator-589544b58f-hpzdj                     1/1     Running                           2          10h
openshift-apiserver                                     apiserver-gq5wv                                                   1/1     Running                           0          9h
openshift-apiserver                                     apiserver-gsds9                                                   1/1     Running                           0          9h
openshift-apiserver                                     apiserver-kqw6d                                                   1/1     Running                           0          9h
openshift-authentication-operator                       authentication-operator-58d65b5d94-7s225                          1/1     Running                           0          9h
openshift-authentication                                oauth-openshift-58c95b9459-jvnx5                                  1/1     Running                           0          9h
openshift-authentication                                oauth-openshift-58c95b9459-z9cbp                                  1/1     Running                           0          9h
openshift-cloud-credential-operator                     cloud-credential-operator-8c9748878-55n7k                         1/1     Running                           3          10h
openshift-cluster-machine-approver                      machine-approver-6485cf466b-m6r9m                                 2/2     Running                           0          10h
openshift-cluster-node-tuning-operator                  cluster-node-tuning-operator-7668d5c85c-lt8vh                     1/1     Running                           0          9h
openshift-cluster-node-tuning-operator                  tuned-fssr9                                                       1/1     Running                           0          9h
openshift-cluster-node-tuning-operator                  tuned-nzq4q                                                       1/1     Running                           0          9h
openshift-cluster-node-tuning-operator                  tuned-znl95                                                       1/1     Running                           0          9h
openshift-cluster-samples-operator                      cluster-samples-operator-66fd64c57b-swnvx                         2/2     Running                           0          9h
openshift-cluster-storage-operator                      cluster-storage-operator-698c8fc449-hzbqp                         1/1     Running                           0          9h
openshift-cluster-version                               cluster-version-operator-7449dc5b9c-2kcb8                         1/1     Running                           0          10h
openshift-console-operator                              console-operator-67bdf96b5b-lgzj4                                 1/1     Running                           0          9h
openshift-console                                       console-6df4667b8c-4bw9l                                          1/1     Running                           0          9h
openshift-console                                       console-6df4667b8c-m2pl7                                          1/1     Running                           1          9h
openshift-console                                       downloads-65fdcc888-29t6m                                         1/1     Running                           0          9h
openshift-console                                       downloads-65fdcc888-vh6tj                                         1/1     Running                           0          9h
openshift-controller-manager-operator                   openshift-controller-manager-operator-69bb4c6545-m9hf4            1/1     Running                           2          10h
openshift-controller-manager                            controller-manager-drrvv                                          1/1     Running                           0          9h
openshift-controller-manager                            controller-manager-fck8g                                          1/1     Running                           0          9h
openshift-controller-manager                            controller-manager-gnj6b                                          1/1     Running                           0          9h
openshift-dns-operator                                  dns-operator-54d6dbb59b-wrjtl                                     1/1     Running                           0          10h
openshift-dns                                           dns-default-dl2lq                                                 2/2     Running                           0          9h
openshift-dns                                           dns-default-vs8xd                                                 2/2     Running                           0          9h
openshift-dns                                           dns-default-wn4px                                                 2/2     Running                           0          9h
openshift-etcd                                          etcd-member-master-0.kni5.schmaustech.com                         2/2     Running                           0          10h
openshift-etcd                                          etcd-member-master-1.kni5.schmaustech.com                         2/2     Running                           0          10h
openshift-etcd                                          etcd-member-master-2.kni5.schmaustech.com                         2/2     Running                           0          10h
openshift-image-registry                                cluster-image-registry-operator-788f556d9d-l9hrh                  2/2     Running                           0          9h
openshift-ingress-operator                              ingress-operator-6f8d45d96f-4kw7x                                 1/1     Running                           0          9h
openshift-ingress                                       router-default-5675955655-4wqw4                                   1/1     Running                           0          9h
openshift-ingress                                       router-default-5675955655-rvjmq                                   1/1     Running                           0          9h
openshift-insights                                      insights-operator-69b4497995-ltggd                                1/1     Running                           3          10h
openshift-kni-infra                                     coredns-master-0.kni5.schmaustech.com                             1/1     Running                           0          10h
openshift-kni-infra                                     coredns-master-1.kni5.schmaustech.com                             1/1     Running                           0          10h
openshift-kni-infra                                     coredns-master-2.kni5.schmaustech.com                             1/1     Running                           0          10h
openshift-kni-infra                                     haproxy-master-0.kni5.schmaustech.com                             2/2     Running                           2          10h
openshift-kni-infra                                     haproxy-master-1.kni5.schmaustech.com                             2/2     Running                           2          10h
openshift-kni-infra                                     haproxy-master-2.kni5.schmaustech.com                             2/2     Running                           2          10h
openshift-kni-infra                                     keepalived-master-0.kni5.schmaustech.com                          2/2     Running                           0          10h
openshift-kni-infra                                     keepalived-master-1.kni5.schmaustech.com                          2/2     Running                           0          10h
openshift-kni-infra                                     keepalived-master-2.kni5.schmaustech.com                          2/2     Running                           0          10h
openshift-kni-infra                                     mdns-publisher-master-0.kni5.schmaustech.com                      1/1     Running                           0          10h
openshift-kni-infra                                     mdns-publisher-master-1.kni5.schmaustech.com                      1/1     Running                           0          10h
openshift-kni-infra                                     mdns-publisher-master-2.kni5.schmaustech.com                      1/1     Running                           0          10h
openshift-kube-apiserver-operator                       kube-apiserver-operator-79cc8666bd-sbcbq                          1/1     Running                           2          10h
openshift-kube-apiserver                                installer-2-master-0.kni5.schmaustech.com                         0/1     Completed                         0          9h
openshift-kube-apiserver                                installer-2-master-1.kni5.schmaustech.com                         0/1     Completed                         0          9h
openshift-kube-apiserver                                installer-2-master-2.kni5.schmaustech.com                         0/1     Completed                         0          9h
openshift-kube-apiserver                                installer-3-master-1.kni5.schmaustech.com                         0/1     Completed                         0          9h
openshift-kube-apiserver                                installer-5-master-0.kni5.schmaustech.com                         0/1     Completed                         0          9h
openshift-kube-apiserver                                installer-5-master-1.kni5.schmaustech.com                         0/1     Completed                         0          9h
openshift-kube-apiserver                                installer-5-master-2.kni5.schmaustech.com                         0/1     Completed                         0          9h
openshift-kube-apiserver                                kube-apiserver-master-0.kni5.schmaustech.com                      3/3     Running                           0          9h
openshift-kube-apiserver                                kube-apiserver-master-1.kni5.schmaustech.com                      3/3     Running                           0          9h
openshift-kube-apiserver                                kube-apiserver-master-2.kni5.schmaustech.com                      3/3     Running                           1          9h
openshift-kube-apiserver                                revision-pruner-2-master-0.kni5.schmaustech.com                   0/1     Completed                         0          9h
openshift-kube-apiserver                                revision-pruner-2-master-1.kni5.schmaustech.com                   0/1     Completed                         0          9h
openshift-kube-apiserver                                revision-pruner-2-master-2.kni5.schmaustech.com                   0/1     Completed                         0          9h
openshift-kube-apiserver                                revision-pruner-3-master-1.kni5.schmaustech.com                   0/1     Completed                         0          9h
openshift-kube-apiserver                                revision-pruner-5-master-0.kni5.schmaustech.com                   0/1     Completed                         0          9h
openshift-kube-apiserver                                revision-pruner-5-master-1.kni5.schmaustech.com                   0/1     Completed                         0          9h
openshift-kube-apiserver                                revision-pruner-5-master-2.kni5.schmaustech.com                   0/1     Completed                         0          9h
openshift-kube-controller-manager-operator              kube-controller-manager-operator-d46bf7586-ctjcd                  1/1     Running                           2          10h
openshift-kube-controller-manager                       installer-2-master-0.kni5.schmaustech.com                         0/1     Completed                         0          9h
openshift-kube-controller-manager                       installer-3-master-0.kni5.schmaustech.com                         0/1     Completed                         0          9h
openshift-kube-controller-manager                       installer-3-master-1.kni5.schmaustech.com                         0/1     Completed                         0          9h
openshift-kube-controller-manager                       installer-3-master-2.kni5.schmaustech.com                         0/1     Completed                         0          9h
openshift-kube-controller-manager                       installer-4-master-0.kni5.schmaustech.com                         0/1     Completed                         0          9h
openshift-kube-controller-manager                       installer-4-master-1.kni5.schmaustech.com                         0/1     Completed                         0          9h
openshift-kube-controller-manager                       installer-4-master-2.kni5.schmaustech.com                         0/1     Completed                         0          9h
openshift-kube-controller-manager                       installer-5-master-0.kni5.schmaustech.com                         0/1     Completed                         0          9h
openshift-kube-controller-manager                       installer-5-master-1.kni5.schmaustech.com                         0/1     Completed                         0          9h
openshift-kube-controller-manager                       installer-5-master-2.kni5.schmaustech.com                         0/1     Completed                         0          9h
openshift-kube-controller-manager                       kube-controller-manager-master-0.kni5.schmaustech.com             3/3     Running                           0          9h
openshift-kube-controller-manager                       kube-controller-manager-master-1.kni5.schmaustech.com             3/3     Running                           1          9h
openshift-kube-controller-manager                       kube-controller-manager-master-2.kni5.schmaustech.com             3/3     Running                           1          9h
openshift-kube-controller-manager                       revision-pruner-2-master-0.kni5.schmaustech.com                   0/1     Completed                         0          9h
openshift-kube-controller-manager                       revision-pruner-3-master-0.kni5.schmaustech.com                   0/1     Completed                         0          9h
openshift-kube-controller-manager                       revision-pruner-3-master-1.kni5.schmaustech.com                   0/1     Completed                         0          9h
openshift-kube-controller-manager                       revision-pruner-3-master-2.kni5.schmaustech.com                   0/1     Completed                         0          9h
openshift-kube-controller-manager                       revision-pruner-4-master-0.kni5.schmaustech.com                   0/1     Completed                         0          9h
openshift-kube-controller-manager                       revision-pruner-4-master-1.kni5.schmaustech.com                   0/1     Completed                         0          9h
openshift-kube-controller-manager                       revision-pruner-4-master-2.kni5.schmaustech.com                   0/1     Completed                         0          9h
openshift-kube-controller-manager                       revision-pruner-5-master-0.kni5.schmaustech.com                   0/1     Completed                         0          9h
openshift-kube-controller-manager                       revision-pruner-5-master-1.kni5.schmaustech.com                   0/1     Completed                         0          9h
openshift-kube-controller-manager                       revision-pruner-5-master-2.kni5.schmaustech.com                   0/1     Completed                         0          9h
openshift-kube-scheduler-operator                       openshift-kube-scheduler-operator-6ff9678df8-8xfnv                1/1     Running                           2          10h
openshift-kube-scheduler                                installer-2-master-0.kni5.schmaustech.com                         0/1     Completed                         0          9h
openshift-kube-scheduler                                installer-3-master-1.kni5.schmaustech.com                         0/1     Completed                         0          9h
openshift-kube-scheduler                                installer-5-master-0.kni5.schmaustech.com                         0/1     Completed                         0          9h
openshift-kube-scheduler                                installer-5-master-1.kni5.schmaustech.com                         0/1     Completed                         0          9h
openshift-kube-scheduler                                installer-5-master-2.kni5.schmaustech.com                         0/1     Completed                         0          9h
openshift-kube-scheduler                                installer-6-master-0.kni5.schmaustech.com                         0/1     Completed                         0          9h
openshift-kube-scheduler                                installer-6-master-1.kni5.schmaustech.com                         0/1     Completed                         0          9h
openshift-kube-scheduler                                installer-6-master-2.kni5.schmaustech.com                         0/1     Completed                         0          9h
openshift-kube-scheduler                                openshift-kube-scheduler-master-0.kni5.schmaustech.com            1/1     Running                           1          9h
openshift-kube-scheduler                                openshift-kube-scheduler-master-1.kni5.schmaustech.com            1/1     Running                           0          9h
openshift-kube-scheduler                                openshift-kube-scheduler-master-2.kni5.schmaustech.com            1/1     Running                           1          9h
openshift-kube-scheduler                                revision-pruner-2-master-0.kni5.schmaustech.com                   0/1     Completed                         0          9h
openshift-kube-scheduler                                revision-pruner-3-master-1.kni5.schmaustech.com                   0/1     Completed                         0          9h
openshift-kube-scheduler                                revision-pruner-5-master-0.kni5.schmaustech.com                   0/1     Completed                         0          9h
openshift-kube-scheduler                                revision-pruner-5-master-1.kni5.schmaustech.com                   0/1     Completed                         0          9h
openshift-kube-scheduler                                revision-pruner-5-master-2.kni5.schmaustech.com                   0/1     Completed                         0          9h
openshift-kube-scheduler                                revision-pruner-6-master-0.kni5.schmaustech.com                   0/1     Completed                         0          9h
openshift-kube-scheduler                                revision-pruner-6-master-1.kni5.schmaustech.com                   0/1     Completed                         0          9h
openshift-kube-scheduler                                revision-pruner-6-master-2.kni5.schmaustech.com                   0/1     Completed                         0          9h
openshift-machine-api                                   cluster-autoscaler-operator-7f977b7c45-975p5                      2/2     Running                           0          9h
openshift-machine-api                                   machine-api-controllers-556b5ffc85-nvm9k                          4/4     Running                           0          9h
openshift-machine-api                                   machine-api-operator-8589cc9889-wp8k6                             2/2     Running                           1          10h
openshift-machine-api                                   metal3-68b9cf8bf-kmfw2                                            0/8     Init:CreateContainerConfigError   0          9h
openshift-machine-config-operator                       etcd-quorum-guard-6f6574bc9b-czhjz                                1/1     Running                           0          9h
openshift-machine-config-operator                       etcd-quorum-guard-6f6574bc9b-gd5ms                                1/1     Running                           0          9h
openshift-machine-config-operator                       etcd-quorum-guard-6f6574bc9b-zzjnb                                1/1     Running                           0          9h
openshift-machine-config-operator                       machine-config-controller-9d8c59488-dm74p                         1/1     Running                           1          9h
openshift-machine-config-operator                       machine-config-daemon-224vq                                       2/2     Running                           0          9h
openshift-machine-config-operator                       machine-config-daemon-hxhbc                                       2/2     Running                           0          9h
openshift-machine-config-operator                       machine-config-daemon-ngxbt                                       2/2     Running                           0          9h
openshift-machine-config-operator                       machine-config-operator-6cbbd79995-6b277                          1/1     Running                           1          10h
openshift-machine-config-operator                       machine-config-server-lswt8                                       1/1     Running                           0          9h
openshift-machine-config-operator                       machine-config-server-mrvln                                       1/1     Running                           0          9h
openshift-machine-config-operator                       machine-config-server-nshlv                                       1/1     Running                           0          9h
openshift-marketplace                                   certified-operators-7c44559446-w4bl2                              1/1     Running                           0          9h
openshift-marketplace                                   community-operators-64bfb7b678-7gs7q                              1/1     Running                           0          9h
openshift-marketplace                                   marketplace-operator-7776f6c9ff-mxls8                             1/1     Running                           0          9h
openshift-marketplace                                   redhat-operators-864d755755-49vh2                                 1/1     Running                           0          9h
openshift-monitoring                                    alertmanager-main-0                                               3/3     Running                           0          9h
openshift-monitoring                                    alertmanager-main-1                                               3/3     Running                           0          9h
openshift-monitoring                                    alertmanager-main-2                                               3/3     Running                           0          9h
openshift-monitoring                                    cluster-monitoring-operator-7c66dc45b4-8x6kl                      1/1     Running                           0          9h
openshift-monitoring                                    grafana-668586776b-dnfj7                                          2/2     Running                           0          9h
openshift-monitoring                                    kube-state-metrics-75df8cfbdf-bgfjv                               3/3     Running                           0          9h
openshift-monitoring                                    node-exporter-7b4s9                                               2/2     Running                           0          9h
openshift-monitoring                                    node-exporter-n459c                                               2/2     Running                           0          9h
openshift-monitoring                                    node-exporter-vvfh2                                               2/2     Running                           0          9h
openshift-monitoring                                    openshift-state-metrics-5b995c8497-2sv4m                          3/3     Running                           0          9h
openshift-monitoring                                    prometheus-adapter-bb778b866-cccw5                                1/1     Running                           0          9h
openshift-monitoring                                    prometheus-adapter-bb778b866-jxlwf                                1/1     Running                           0          9h
openshift-monitoring                                    prometheus-k8s-0                                                  7/7     Running                           1          9h
openshift-monitoring                                    prometheus-k8s-1                                                  7/7     Running                           1          9h
openshift-monitoring                                    prometheus-operator-6c4f54f97c-242ft                              1/1     Running                           0          9h
openshift-monitoring                                    thanos-querier-bf4f5dd76-bn8rb                                    4/4     Running                           0          9h
openshift-monitoring                                    thanos-querier-bf4f5dd76-lcs69                                    4/4     Running                           0          9h
openshift-multus                                        multus-admission-controller-899jw                                 1/1     Running                           1          9h
openshift-multus                                        multus-admission-controller-bwgcb                                 1/1     Running                           1          9h
openshift-multus                                        multus-admission-controller-s4rdl                                 1/1     Running                           1          9h
openshift-multus                                        multus-mzfjv                                                      1/1     Running                           0          10h
openshift-multus                                        multus-qxq9z                                                      1/1     Running                           0          10h
openshift-multus                                        multus-zfs6k                                                      1/1     Running                           0          10h
openshift-network-operator                              network-operator-55b786448c-fkt2l                                 1/1     Running                           0          10h
openshift-operator-lifecycle-manager                    catalog-operator-75b65486c-6xhwk                                  1/1     Running                           0          10h
openshift-operator-lifecycle-manager                    olm-operator-76cfbdc87f-cr4qm                                     1/1     Running                           0          10h
openshift-operator-lifecycle-manager                    packageserver-579759bb6d-44d84                                    1/1     Running                           1          9h
openshift-operator-lifecycle-manager                    packageserver-579759bb6d-x7srm                                    1/1     Running                           1          9h
openshift-sdn                                           ovs-8pmrz                                                         1/1     Running                           0          10h
openshift-sdn                                           ovs-npwxk                                                         1/1     Running                           0          10h
openshift-sdn                                           ovs-svmwk                                                         1/1     Running                           0          10h
openshift-sdn                                           sdn-controller-d8rd8                                              1/1     Running                           0          10h
openshift-sdn                                           sdn-controller-pjqxt                                              1/1     Running                           0          10h
openshift-sdn                                           sdn-controller-zr2kr                                              1/1     Running                           0          10h
openshift-sdn                                           sdn-q4w8d                                                         1/1     Running                           0          10h
openshift-sdn                                           sdn-v72dr                                                         1/1     Running                           0          10h
openshift-sdn                                           sdn-zjtc2                                                         1/1     Running                           0          10h
openshift-service-ca-operator                           service-ca-operator-748f8bff-r4g94                                1/1     Running                           1          10h
openshift-service-ca                                    apiservice-cabundle-injector-549875965f-2dlq9                     1/1     Running                           1          9h
openshift-service-ca                                    configmap-cabundle-injector-6c49fc5d79-k4mbg                      1/1     Running                           1          9h
openshift-service-ca                                    service-serving-cert-signer-5fc7c8df6f-rlp6v                      1/1     Running                           1          9h
openshift-service-catalog-apiserver-operator            openshift-service-catalog-apiserver-operator-c7c9d4494-rqmv5      1/1     Running                           0          9h
openshift-service-catalog-controller-manager-operator   openshift-service-catalog-controller-manager-operator-587bhqzmm   1/1     Running                           0          9h

at
Labels: , , , , , ,
Subscribe to: Comments (Atom)