From c5720b3d709c38296c6a9bf00cf1127af4bab927 Mon Sep 17 00:00:00 2001 From: Mike Pytlak Date: Tue, 12 Apr 2022 16:38:52 -0400 Subject: [PATCH] OSDOCS-3435 Nutanix IPI installation --- _topic_maps/_topic_map.yml | 10 ++ installing/installing-preparing.adoc | 39 ++++- installing/installing_nutanix/attributes | 1 + installing/installing_nutanix/images | 1 + ...talling-nutanix-installer-provisioned.adoc | 52 +++++++ installing/installing_nutanix/modules | 1 + .../preparing-to-install-on-nutanix.adoc | 13 ++ installing/installing_nutanix/snippets | 1 + .../uninstalling-cluster-nutanix.adoc | 11 ++ modules/cco-ccoctl-configuring.adoc | 24 ++- modules/cluster-entitlements.adoc | 1 + ...tion-adding-nutanix-root-certificates.adoc | 27 ++++ ...installation-configuration-parameters.adoc | 80 +++++++++- modules/installation-initializing.adoc | 48 +++++- modules/installation-launching-installer.adoc | 11 +- modules/installation-nutanix-config-yaml.adoc | 120 +++++++++++++++ .../installation-nutanix-infrastructure.adoc | 18 +++ ...allation-nutanix-installer-infra-reqs.adoc | 85 +++++++++++ modules/installation-obtaining-installer.adoc | 1 + modules/installation-uninstall-clouds.adoc | 10 +- modules/manually-configure-iam-nutanix.adoc | 140 ++++++++++++++++++ modules/nutanix-entitlements.adoc | 8 + modules/ssh-agent-using.adoc | 1 + ...rted-platforms-for-openshift-clusters.adoc | 5 +- 24 files changed, 681 insertions(+), 27 deletions(-) create mode 120000 installing/installing_nutanix/attributes create mode 120000 installing/installing_nutanix/images create mode 100644 installing/installing_nutanix/installing-nutanix-installer-provisioned.adoc create mode 120000 installing/installing_nutanix/modules create mode 100644 installing/installing_nutanix/preparing-to-install-on-nutanix.adoc create mode 120000 installing/installing_nutanix/snippets create mode 100644 installing/installing_nutanix/uninstalling-cluster-nutanix.adoc create mode 100644 modules/installation-adding-nutanix-root-certificates.adoc create mode 100644 modules/installation-nutanix-config-yaml.adoc create mode 100644 modules/installation-nutanix-infrastructure.adoc create mode 100644 modules/installation-nutanix-installer-infra-reqs.adoc create mode 100644 modules/manually-configure-iam-nutanix.adoc create mode 100644 modules/nutanix-entitlements.adoc diff --git a/_topic_maps/_topic_map.yml b/_topic_maps/_topic_map.yml index ef18fec22f4e..26e44792f630 100644 --- a/_topic_maps/_topic_map.yml +++ b/_topic_maps/_topic_map.yml @@ -260,6 +260,16 @@ Topics: File: installing-ibm-cloud-network-customizations - Name: Uninstalling a cluster on IBM Cloud VPC File: uninstalling-cluster-ibm-cloud +- Name: Installing on Nutanix + Dir: installing_nutanix + Distros: openshift-origin,openshift-enterprise + Topics: + - Name: Preparing to install on Nutanix + File: preparing-to-install-on-nutanix + - Name: Installing a cluster on Nutanix + File: installing-nutanix-installer-provisioned + - Name: Uninstalling a cluster on Nutanix + File: uninstalling-cluster-nutanix - Name: Installing on bare metal Dir: installing_bare_metal Distros: openshift-origin,openshift-enterprise diff --git a/installing/installing-preparing.adoc b/installing/installing-preparing.adoc index 5b24e823fdac..750b3a82fcf4 100644 --- a/installing/installing-preparing.adoc +++ b/installing/installing-preparing.adoc @@ -31,6 +31,7 @@ endif::openshift-origin[] * IBM Z and LinuxONE * IBM Z and LinuxONE for {op-system-base-full} KVM * IBM Power +* Nutanix * VMware vSphere * VMware Cloud (VMC) on AWS * Bare metal or other platform agnostic infrastructure @@ -52,9 +53,9 @@ Because you need to provision machines as part of the {product-title} cluster in Because the operating system is integral to {product-title}, it is easier to let the installation program for {product-title} stand up all of the infrastructure. These are called _installer provisioned infrastructure_ installations. In this type of installation, you can provide some existing infrastructure to the cluster, but the installation program deploys all of the machines that your cluster initially needs. -You can deploy an installer-provisioned infrastructure cluster without specifying any customizations to the cluster or its underlying machines to xref:../installing/installing_alibaba/installing-alibaba-default.adoc#installing-alibaba-default[Alibaba Cloud], xref:../installing/installing_aws/installing-aws-default.adoc#installing-aws-default[AWS], xref:../installing/installing_azure/installing-azure-default.adoc#installing-azure-default[Azure], xref:../installing/installing_azure_stack_hub/installing-azure-stack-hub-default.adoc#installing-azure-stack-hub-default[Azure Stack Hub], xref:../installing/installing_gcp/installing-gcp-default.adoc#installing-gcp-default[GCP], or xref:../installing/installing_vmc/installing-vmc.adoc#installing-vmc[VMC on AWS]. These installation methods are the fastest way to deploy a production-capable {product-title} cluster. +You can deploy an installer-provisioned infrastructure cluster without specifying any customizations to the cluster or its underlying machines to xref:../installing/installing_alibaba/installing-alibaba-default.adoc#installing-alibaba-default[Alibaba Cloud], xref:../installing/installing_aws/installing-aws-default.adoc#installing-aws-default[AWS], xref:../installing/installing_azure/installing-azure-default.adoc#installing-azure-default[Azure], xref:../installing/installing_azure_stack_hub/installing-azure-stack-hub-default.adoc#installing-azure-stack-hub-default[Azure Stack Hub], xref:../installing/installing_gcp/installing-gcp-default.adoc#installing-gcp-default[GCP], xref:../installing/installing_nutanix/installing-nutanix-installer-provisioned.adoc#installing-nutanix-installer-provisioned[Nutanix], or xref:../installing/installing_vmc/installing-vmc.adoc#installing-vmc[VMC on AWS]. These installation methods are the fastest way to deploy a production-capable {product-title} cluster. -If you need to perform basic configuration for your installer-provisioned infrastructure cluster, such as the instance type for the cluster machines, you can customize an installation for xref:../installing/installing_alibaba/installing-alibaba-customizations.adoc#installing-alibaba-customizations[Alibaba Cloud], xref:../installing/installing_aws/installing-aws-customizations.adoc#installing-aws-customizations[AWS], xref:../installing/installing_azure/installing-azure-customizations.adoc#installing-azure-customizations[Azure], xref:../installing/installing_gcp/installing-gcp-customizations.adoc#installing-gcp-customizations[GCP], or xref:../installing/installing_vmc/installing-vmc-customizations.adoc#installing-vmc-customizations[VMC on AWS]. +If you need to perform basic configuration for your installer-provisioned infrastructure cluster, such as the instance type for the cluster machines, you can customize an installation for xref:../installing/installing_alibaba/installing-alibaba-customizations.adoc#installing-alibaba-customizations[Alibaba Cloud], xref:../installing/installing_aws/installing-aws-customizations.adoc#installing-aws-customizations[AWS], xref:../installing/installing_azure/installing-azure-customizations.adoc#installing-azure-customizations[Azure], xref:../installing/installing_gcp/installing-gcp-customizations.adoc#installing-gcp-customizations[GCP], xref:../installing/installing_nutanix/installing-nutanix-installer-provisioned.adoc#installing-nutanix-installer-provisioned[Nutanix], or xref:../installing/installing_vmc/installing-vmc-customizations.adoc#installing-vmc-customizations[VMC on AWS]. For installer-provisioned infrastructure installations, you can use an existing xref:../installing/installing_aws/installing-aws-vpc.adoc#installing-aws-vpc[VPC in AWS], xref:../installing/installing_azure/installing-azure-vnet.adoc#installing-azure-vnet[vNet in Azure], or xref:../installing/installing_gcp/installing-gcp-vpc.adoc#installing-gcp-vpc[VPC in GCP]. You can also reuse part of your networking infrastructure so that your cluster in xref:../installing/installing_aws/installing-aws-network-customizations.adoc#installing-aws-network-customizations[AWS], xref:../installing/installing_azure/installing-azure-network-customizations.adoc#installing-azure-network-customizations[Azure], xref:../installing/installing_gcp/installing-gcp-network-customizations.adoc#installing-gcp-network-customizations[GCP], or xref:../installing/installing_vmc/installing-vmc-network-customizations.adoc#installing-vmc-network-customizations[VMC on AWS] can coexist with existing IP address allocations in your environment and integrate with existing MTU and VXLAN configurations. If you have existing accounts and credentials on these clouds, you can re-use them, but you might need to modify the accounts to have the required permissions to install {product-title} clusters on them. @@ -126,7 +127,7 @@ Not all installation options are supported for all platforms, as shown in the fo //This table is for all flavors of OpenShift, except OKD. A separate table is required because OKD does not support multiple AWS architecture types. Trying to maintain one table using conditions, while convenient, is very fragile and prone to publishing errors. ifndef::openshift-origin[] |=== -||Alibaba |AWS (x86_64) |AWS (arm64) |Azure |Azure Stack Hub |GCP |{rh-openstack} |{rh-openstack} on SR-IOV |RHV |Bare metal (x86_64) |Bare metal (arm64) |vSphere |VMC |IBM Cloud VPC |IBM Z |IBM Power +||Alibaba |AWS (x86_64) |AWS (arm64) |Azure |Azure Stack Hub |GCP |Nutanix |{rh-openstack} |{rh-openstack} on SR-IOV |RHV |Bare metal (x86_64) |Bare metal (arm64) |vSphere |VMC |IBM Cloud VPC |IBM Z |IBM Power |Default |xref:../installing/installing_alibaba/installing-alibaba-default.adoc#installing-alibaba-default[X] @@ -135,6 +136,7 @@ ifndef::openshift-origin[] |xref:../installing/installing_azure/installing-azure-default.adoc#installing-azure-default[X] |xref:../installing/installing_azure_stack_hub/installing-azure-stack-hub-default.adoc#installing-azure-stack-hub-default[X] |xref:../installing/installing_gcp/installing-gcp-default.adoc#installing-gcp-default[X] +|xref:../installing/installing_nutanix/installing-nutanix-installer-provisioned.adoc#installing-nutanix-installer-provisioned[X] | | |xref:../installing/installing_rhv/installing-rhv-default.adoc#installing-rhv-default[X] @@ -153,6 +155,7 @@ ifndef::openshift-origin[] |xref:../installing/installing_azure/installing-azure-customizations.adoc#installing-azure-customizations[X] |xref:../installing/installing_azure_stack_hub/installing-azure-stack-hub-default.adoc#installing-azure-stack-hub-default[X] |xref:../installing/installing_gcp/installing-gcp-customizations.adoc#installing-gcp-customizations[X] +|xref:../installing/installing_nutanix/installing-nutanix-installer-provisioned.adoc#installing-nutanix-installer-provisioned[X] |xref:../installing/installing_openstack/installing-openstack-installer-custom.adoc#installing-openstack-installer-custom[X] |xref:../installing/installing_openstack/installing-openstack-installer-sr-iov.adoc#installing-openstack-installer-sr-iov[X] |xref:../installing/installing_rhv/installing-rhv-customizations.adoc#installing-rhv-customizations[X] @@ -171,6 +174,7 @@ ifndef::openshift-origin[] |xref:../installing/installing_azure/installing-azure-network-customizations.adoc#installing-azure-network-customizations[X] |xref:../installing/installing_azure_stack_hub/installing-azure-stack-hub-network-customizations.adoc#installing-azure-stack-hub-network-customizations[X] |xref:../installing/installing_gcp/installing-gcp-network-customizations.adoc#installing-gcp-network-customizations[X] +| |xref:../installing/installing_openstack/installing-openstack-installer-kuryr.adoc#installing-openstack-installer-kuryr[X] | | @@ -189,6 +193,7 @@ ifndef::openshift-origin[] | | |xref:../installing/installing_gcp/installing-restricted-networks-gcp-installer-provisioned.adoc#installing-restricted-networks-gcp-installer-provisioned[X] +| |xref:../installing/installing_openstack/installing-openstack-installer-restricted.adoc#installing-openstack-installer-restricted[X] | |xref:../installing/installing_rhv/installing-rhv-restricted-network.adoc#installing-rhv-restricted-network[X] @@ -217,6 +222,7 @@ ifndef::openshift-origin[] | | | +| |Existing virtual private networks | @@ -235,6 +241,7 @@ ifndef::openshift-origin[] | | | +| |Government regions | @@ -253,6 +260,7 @@ ifndef::openshift-origin[] | | | +| |Secret regions | @@ -271,6 +279,7 @@ ifndef::openshift-origin[] | | | +| |China regions | @@ -289,13 +298,14 @@ ifndef::openshift-origin[] | | | +| |=== endif::openshift-origin[] //This table is for OKD only. A separate table is required because OKD does not support multiple AWS architecture types. Trying to maintain one table using conditions, while convenient, is very fragile and prone to publishing errors. ifdef::openshift-origin[] |=== -||Alibaba |AWS |Azure |Azure Stack Hub |GCP |{rh-openstack} |{rh-openstack} on SR-IOV |oVirt |Bare metal |vSphere |VMC |IBM Cloud VPC |IBM Z |IBM Power +||Alibaba |AWS |Azure |Azure Stack Hub |GCP |Nutanix |{rh-openstack} |{rh-openstack} on SR-IOV |oVirt |Bare metal |vSphere |VMC |IBM Cloud VPC |IBM Z |IBM Power |Default |xref:../installing/installing_alibaba/installing-alibaba-default.adoc#installing-alibaba-default[X] @@ -303,6 +313,7 @@ ifdef::openshift-origin[] |xref:../installing/installing_azure/installing-azure-default.adoc#installing-azure-default[X] |xref:../installing/installing_azure/installing-azure-default.adoc#installing-azure-default[X] |xref:../installing/installing_gcp/installing-gcp-default.adoc#installing-gcp-default[X] +|xref:../installing/installing_nutanix/installing-nutanix-installer-provisioned.adoc#installing-nutanix-installer-provisioned[X] | | |xref:../installing/installing_rhv/installing-rhv-default.adoc#installing-rhv-default[X] @@ -319,6 +330,7 @@ ifdef::openshift-origin[] |xref:../installing/installing_azure/installing-azure-customizations.adoc#installing-azure-customizations[X] |xref:../installing/installing_azure/installing-azure-default.adoc#installing-azure-default[X] |xref:../installing/installing_gcp/installing-gcp-customizations.adoc#installing-gcp-customizations[X] +|xref:../installing/installing_nutanix/installing-nutanix-installer-provisioned.adoc#installing-nutanix-installer-provisioned[X] |xref:../installing/installing_openstack/installing-openstack-installer-custom.adoc#installing-openstack-installer-custom[X] |xref:../installing/installing_openstack/installing-openstack-installer-sr-iov.adoc#installing-openstack-installer-sr-iov[X] |xref:../installing/installing_rhv/installing-rhv-customizations.adoc#installing-rhv-customizations[X] @@ -335,6 +347,7 @@ ifdef::openshift-origin[] |xref:../installing/installing_azure/installing-azure-network-customizations.adoc#installing-azure-network-customizations[X] |xref:../installing/installing_azure_stack_hub/installing-azure-stack-hub-network-customizations.adoc#installing-azure-stack-hub-network-customizations[X] |xref:../installing/installing_gcp/installing-gcp-network-customizations.adoc#installing-gcp-network-customizations[X] +| |xref:../installing/installing_openstack/installing-openstack-installer-kuryr.adoc#installing-openstack-installer-kuryr[X] | | @@ -351,6 +364,7 @@ ifdef::openshift-origin[] | | |xref:../installing/installing_gcp/installing-restricted-networks-gcp-installer-provisioned.adoc#installing-restricted-networks-gcp-installer-provisioned[X] +| |xref:../installing/installing_openstack/installing-openstack-installer-restricted.adoc#installing-openstack-installer-restricted[X] | |xref:../installing/installing_rhv/installing-rhv-restricted-network.adoc#installing-rhv-restricted-network[X] @@ -376,6 +390,7 @@ ifdef::openshift-origin[] | | | +| |Existing virtual private networks | @@ -392,6 +407,7 @@ ifdef::openshift-origin[] | | | +| |Government regions | @@ -408,6 +424,7 @@ ifdef::openshift-origin[] | | | +| |Secret regions | @@ -424,6 +441,7 @@ ifdef::openshift-origin[] | | | +| |China regions | @@ -440,6 +458,7 @@ ifdef::openshift-origin[] | | | +| |=== endif::openshift-origin[] @@ -447,7 +466,7 @@ endif::openshift-origin[] //This table is for all flavors of OpenShift, except OKD. A separate table is required because OKD does not support multiple AWS architecture types. Trying to maintain one table using conditions, while convenient, is very fragile and prone to publishing errors. ifndef::openshift-origin[] |=== -||Alibaba |AWS (x86_64) |AWS (arm64) |Azure |Azure Stack Hub |GCP |{rh-openstack} |{rh-openstack} on SR-IOV |RHV |Bare metal (x86_64) |Bare metal (arm64) |vSphere |VMC |IBM Cloud VPC |IBM Z |IBM Z with {op-system-base} KVM |IBM Power |Platform agnostic +||Alibaba |AWS (x86_64) |AWS (arm64) |Azure |Azure Stack Hub |GCP |Nutanix |{rh-openstack} |{rh-openstack} on SR-IOV |RHV |Bare metal (x86_64) |Bare metal (arm64) |vSphere |VMC |IBM Cloud VPC |IBM Z |IBM Z with {op-system-base} KVM |IBM Power |Platform agnostic |Custom | @@ -456,6 +475,7 @@ ifndef::openshift-origin[] |xref:../installing/installing_azure/installing-azure-user-infra.adoc#installing-azure-user-infra[X] |xref:../installing/installing_azure_stack_hub/installing-azure-stack-hub-user-infra.adoc#installing-azure-stack-hub-user-infra[X] |xref:../installing/installing_gcp/installing-gcp-user-infra.adoc#installing-gcp-user-infra[X] +| |xref:../installing/installing_openstack/installing-openstack-user.adoc#installing-openstack-user[X] |xref:../installing/installing_openstack/installing-openstack-user-sr-iov.adoc#installing-openstack-user-sr-iov[X] |xref:../installing/installing_rhv/installing-rhv-user-infra.adoc#installing-rhv-user-infra[X] @@ -478,6 +498,7 @@ ifndef::openshift-origin[] | | | +| |xref:../installing/installing_openstack/installing-openstack-user-kuryr.adoc#installing-openstack-user-kuryr[X] | | @@ -501,6 +522,7 @@ ifndef::openshift-origin[] | | | +| |xref:../installing/installing_bare_metal/installing-restricted-networks-bare-metal.adoc#installing-restricted-networks-bare-metal[X] | |xref:../installing/installing_vsphere/installing-restricted-networks-vsphere.adoc#installing-restricted-networks-vsphere[X] @@ -530,13 +552,14 @@ ifndef::openshift-origin[] | | | +| |=== endif::openshift-origin[] //This table is for OKD only. A separate table is required because OKD does not support multiple AWS architecture types. Trying to maintain one table using conditions, while convenient, is very fragile and prone to publishing errors. ifdef::openshift-origin[] |=== -||Alibaba |AWS |Azure |Azure Stack Hub |GCP |{rh-openstack} |{rh-openstack} on SR-IOV |oVirt |Bare metal |vSphere |VMC |IBM Cloud VPC |IBM Z |IBM Z with {op-system-base} KVM |IBM Power |Platform agnostic +||Alibaba |AWS |Azure |Azure Stack Hub |GCP |Nutanix |{rh-openstack} |{rh-openstack} on SR-IOV |oVirt |Bare metal |vSphere |VMC |IBM Cloud VPC |IBM Z |IBM Z with {op-system-base} KVM |IBM Power |Platform agnostic |Custom | @@ -544,6 +567,7 @@ ifdef::openshift-origin[] |xref:../installing/installing_azure/installing-azure-user-infra.adoc#installing-azure-user-infra[X] |xref:../installing/installing_azure_stack_hub/installing-azure-stack-hub-user-infra.adoc#installing-azure-stack-hub-user-infra[X] |xref:../installing/installing_gcp/installing-gcp-user-infra.adoc#installing-gcp-user-infra[X] +| |xref:../installing/installing_openstack/installing-openstack-user.adoc#installing-openstack-user[X] |xref:../installing/installing_openstack/installing-openstack-user-sr-iov.adoc#installing-openstack-user-sr-iov[X] |xref:../installing/installing_rhv/installing-rhv-user-infra.adoc#installing-rhv-user-infra[X] @@ -564,6 +588,7 @@ ifdef::openshift-origin[] | | | +| |xref:../installing/installing_openstack/installing-openstack-user-kuryr.adoc#installing-openstack-user-kuryr[X] | | @@ -585,6 +610,7 @@ ifdef::openshift-origin[] | | | +| |xref:../installing/installing_bare_metal/installing-restricted-networks-bare-metal.adoc#installing-restricted-networks-bare-metal[X] |xref:../installing/installing_vsphere/installing-restricted-networks-vsphere.adoc#installing-restricted-networks-vsphere[X] |xref:../installing/installing_vmc/installing-restricted-networks-vmc-user-infra.adoc#installing-restricted-networks-vmc-user-infra[X] @@ -611,6 +637,7 @@ ifdef::openshift-origin[] | | | +| |=== endif::openshift-origin[] diff --git a/installing/installing_nutanix/attributes b/installing/installing_nutanix/attributes new file mode 120000 index 000000000000..20cc1dcb77bf --- /dev/null +++ b/installing/installing_nutanix/attributes @@ -0,0 +1 @@ +../../_attributes/ \ No newline at end of file diff --git a/installing/installing_nutanix/images b/installing/installing_nutanix/images new file mode 120000 index 000000000000..847b03ed0541 --- /dev/null +++ b/installing/installing_nutanix/images @@ -0,0 +1 @@ +../../images/ \ No newline at end of file diff --git a/installing/installing_nutanix/installing-nutanix-installer-provisioned.adoc b/installing/installing_nutanix/installing-nutanix-installer-provisioned.adoc new file mode 100644 index 000000000000..cdaf7aefc284 --- /dev/null +++ b/installing/installing_nutanix/installing-nutanix-installer-provisioned.adoc @@ -0,0 +1,52 @@ +:_content-type: ASSEMBLY +[id="installing-nutanix-installer-provisioned"] += Installing a cluster on Nutanix +include::_attributes/common-attributes.adoc[] +:context: installing-nutanix-installer-provisioned + +toc::[] + +In {product-title} version {product-version}, you can install a cluster on your Nutanix instance that uses installer-provisioned infrastructure. + +== Prerequisites + +* You have reviewed details about the xref:../../architecture/architecture-installation.adoc#architecture-installation[{product-title} installation and update] processes. +* If you use a firewall, you have configured it to xref:../../installing/install_config/configuring-firewall.adoc#configuring-firewall[grant access] to the sites that {product-title} requires. This includes the use of Telemetry. +* If your Nutanix environment is using the default self-signed SSL certificate, replace it with a certificate that is signed by a CA. The installation program requires a valid CA-signed certificate to access to the Prism Central API. For more information about replacing the self-signed certificate, see the https://portal.nutanix.com/page/documents/details?targetId=Nutanix-Security-Guide-v6_1:mul-security-ssl-certificate-pc-t.html[Nutanix AOS Security Guide]. + +include::modules/cluster-entitlements.adoc[leveloffset=+1] + +include::modules/nutanix-entitlements.adoc[leveloffset=+1] + +include::modules/ssh-agent-using.adoc[leveloffset=+1] + +include::modules/installation-obtaining-installer.adoc[leveloffset=+1] + +include::modules/installation-adding-nutanix-root-certificates.adoc[leveloffset=+1] + +include::modules/installation-initializing.adoc[leveloffset=+1] +include::modules/installation-configuration-parameters.adoc[leveloffset=+2] +include::modules/installation-nutanix-config-yaml.adoc[leveloffset=+2] +include::modules/installation-configure-proxy.adoc[leveloffset=+2] + +include::modules/cli-installing-cli.adoc[leveloffset=+1] + +include::modules/manually-configure-iam-nutanix.adoc[leveloffset=+1] + +include::modules/installation-launching-installer.adoc[leveloffset=+1] + +== Configuring the default storage container +After you install the cluster, you must install the Nutanix CSI Operator and configure the default storage container for the cluster. + +For more information, see the Nutanix documentation for link:https://opendocs.nutanix.com/openshift/operators/csi/[installing the CSI Operator] and link:https://opendocs.nutanix.com/openshift/install/ipi/#openshift-image-registry-configuration[configuring registry storage]. + +include::modules/cluster-telemetry.adoc[leveloffset=+1] + +[role="_additional-resources"] +== Additional resources + +* xref:../../support/remote_health_monitoring/about-remote-health-monitoring.adoc#about-remote-health-monitoring[About remote health monitoring] + +== Next steps +* xref:../../support/remote_health_monitoring/opting-out-of-remote-health-reporting.adoc#opting-out-remote-health-reporting_opting-out-remote-health-reporting[Opt out of remote health reporting] +* xref:../../post_installation_configuration/cluster-tasks.adoc#available_cluster_customizations[Customize your cluster] diff --git a/installing/installing_nutanix/modules b/installing/installing_nutanix/modules new file mode 120000 index 000000000000..36719b9de743 --- /dev/null +++ b/installing/installing_nutanix/modules @@ -0,0 +1 @@ +../../modules/ \ No newline at end of file diff --git a/installing/installing_nutanix/preparing-to-install-on-nutanix.adoc b/installing/installing_nutanix/preparing-to-install-on-nutanix.adoc new file mode 100644 index 000000000000..056e9be9c04d --- /dev/null +++ b/installing/installing_nutanix/preparing-to-install-on-nutanix.adoc @@ -0,0 +1,13 @@ +:_content-type: ASSEMBLY +[id="preparing-to-install-on-nutanix"] += Preparing to install on Nutanix +include::_attributes/common-attributes.adoc[] +:context: preparing-to-install-on-nutanix + +toc::[] + +Before you install an {product-title} cluster, be sure that your Nutanix environment meets the following requirements. + +include::modules/installation-nutanix-infrastructure.adoc[leveloffset=+1] +include::modules/installation-nutanix-installer-infra-reqs.adoc[leveloffset=+1] +include::modules/cco-ccoctl-configuring.adoc[leveloffset=+1] diff --git a/installing/installing_nutanix/snippets b/installing/installing_nutanix/snippets new file mode 120000 index 000000000000..5a3f5add140e --- /dev/null +++ b/installing/installing_nutanix/snippets @@ -0,0 +1 @@ +../../snippets/ \ No newline at end of file diff --git a/installing/installing_nutanix/uninstalling-cluster-nutanix.adoc b/installing/installing_nutanix/uninstalling-cluster-nutanix.adoc new file mode 100644 index 000000000000..c06ce809a46b --- /dev/null +++ b/installing/installing_nutanix/uninstalling-cluster-nutanix.adoc @@ -0,0 +1,11 @@ +:_content-type: ASSEMBLY +[id="uninstalling-cluster-nutanix"] += Uninstalling a cluster on Nutanix +include::_attributes/common-attributes.adoc[] +:context: uninstalling-cluster-nutanix + +toc::[] + +You can remove a cluster that you deployed to Nutanix. + +include::modules/installation-uninstall-clouds.adoc[leveloffset=+1] diff --git a/modules/cco-ccoctl-configuring.adoc b/modules/cco-ccoctl-configuring.adoc index 3daf9af4dbb6..62dfeec3845c 100644 --- a/modules/cco-ccoctl-configuring.adoc +++ b/modules/cco-ccoctl-configuring.adoc @@ -17,16 +17,24 @@ endif::[] ifeval::["{context}" == "cco-mode-gcp-workload-identity"] :google-cloud-platform: endif::[] +ifeval::["{context}" == "preparing-to-install-on-nutanix"] +:nutanix: +endif::[] :_content-type: PROCEDURE [id="cco-ccoctl-configuring_{context}"] = Configuring the Cloud Credential Operator utility +ifdef::nutanix[] +The Cloud Credential Operator (CCO) manages cloud provider credentials as Kubernetes custom resource definitions (CRDs). To install a cluster on Nutanix, you must set the CCO to `manual` mode as part of the installation process. +endif::nutanix[] +ifndef::alibabacloud[] To create and manage cloud credentials from outside of the cluster when the Cloud Credential Operator (CCO) is operating in +ifdef::ibm-cloud,nutanix[manual mode,] ifdef::aws-sts[manual mode with STS,] -ifdef::ibm-cloud[manual mode,] ifdef::google-cloud-platform[manual mode with GCP Workload Identity,] extract and prepare the CCO utility (`ccoctl`) binary. +endif::alibabacloud[] ifdef::alibabacloud[] To assign RAM users and policies that provide long-lived RAM AccessKeys (AKs) for each in-cluster component, extract and prepare the {product-title} Cloud Credential Operator (CCO) utility (`ccoctl`) binary. @@ -81,14 +89,14 @@ endif::aws-sts[] .Procedure -. Obtain the {product-title} release image: +. Obtain the {product-title} release image by running the following command: + [source,terminal] ---- $ RELEASE_IMAGE=$(./openshift-install version | awk '/release image/ {print $3}') ---- -. Get the CCO container image from the {product-title} release image: +. Get the CCO container image from the {product-title} release image by running the following command: + [source,terminal] ---- @@ -100,14 +108,14 @@ $ CCO_IMAGE=$(oc adm release info --image-for='cloud-credential-operator' $RELEA Ensure that the architecture of the `$RELEASE_IMAGE` matches the architecture of the environment in which you will use the `ccoctl` tool. ==== -. Extract the `ccoctl` binary from the CCO container image within the {product-title} release image: +. Extract the `ccoctl` binary from the CCO container image within the {product-title} release image by running the following command: + [source,terminal] ---- $ oc image extract $CCO_IMAGE --file="/usr/bin/ccoctl" -a ~/.pull-secret ---- -. Change the permissions to make `ccoctl` executable: +. Change the permissions to make `ccoctl` executable by running the following command: + [source,terminal] ---- @@ -116,7 +124,7 @@ $ chmod 775 ccoctl .Verification -* To verify that `ccoctl` is ready to use, display the help file: +* To verify that `ccoctl` is ready to use, display the help file by running the following command: + [source,terminal] ---- @@ -138,6 +146,7 @@ Available Commands: gcp Manage credentials objects for Google cloud help Help about any command ibmcloud Manage credentials objects for IBM Cloud + nutanix Manage credentials objects for Nutanix Flags: -h, --help help for ccoctl @@ -157,3 +166,6 @@ endif::[] ifeval::["{context}" == "cco-mode-gcp-workload-identity"] :!google-cloud-platform: endif::[] +ifeval::["{context}" == "preparing-to-install-on-nutanix"] +:!nutanix: +endif::[] diff --git a/modules/cluster-entitlements.adoc b/modules/cluster-entitlements.adoc index df2bd31e8c72..43c72e962c98 100644 --- a/modules/cluster-entitlements.adoc +++ b/modules/cluster-entitlements.adoc @@ -71,6 +71,7 @@ // * installing/installing_ibm_power/installing-restricted-networks-ibm-power.adoc // * installing/installing_azure_stack_hub/installing-azure-stack-hub-network-customizations.adoc // * architecture/architecture.adoc +// * installing/installing_nutanix/installing-nutanix-installer-provisioned.adoc ifeval::["{context}" == "installing-restricted-networks-bare-metal"] :restricted: diff --git a/modules/installation-adding-nutanix-root-certificates.adoc b/modules/installation-adding-nutanix-root-certificates.adoc new file mode 100644 index 000000000000..0f25a0745e1e --- /dev/null +++ b/modules/installation-adding-nutanix-root-certificates.adoc @@ -0,0 +1,27 @@ +// Module included in the following assemblies: +// +// * installing/installing_nutanix/installing-nutanix-installer-provisioned.adoc + +:_content-type: PROCEDURE +[id="installation-adding-nutanix-root-certificates_{context}"] += Adding Nutanix root CA certificates to your system trust + +Because the installation program requires access to the Prism Central API, you must add your Nutanix trusted root CA certificates to your system trust before you install an {product-title} cluster. + +.Procedure + +. From the Prism Central web console, download the Nutanix root CA certificates. +. Extract the compressed file that contains the Nutanix root CA certificates. +. Add the files for your operating system to the system trust. For example, on a Fedora operating system, run the following command: ++ +[source,terminal] +---- +# cp certs/lin/* /etc/pki/ca-trust/source/anchors +---- + +. Update your system trust. For example, on a Fedora operating system, run the following command: ++ +[source,terminal] +---- +# update-ca-trust extract +---- diff --git a/modules/installation-configuration-parameters.adoc b/modules/installation-configuration-parameters.adoc index 472ffecd5ab0..f549a6863228 100644 --- a/modules/installation-configuration-parameters.adoc +++ b/modules/installation-configuration-parameters.adoc @@ -49,6 +49,7 @@ // * installing/installing_vsphere/installing-vsphere-installer-provisioned-network-customizations.adoc // * installing/installing_azure_stack_hub/installing-azure-stack-hub-default.adoc // * installing/installing_azure_stack_hub/installing-azure-stack-hub-customizations.adoc +// * installing/installing_nutanix/installing-nutanix-installer-provisioned.adoc ifeval::["{context}" == "installing-alibaba-customizations"] :alibabacloud: @@ -197,6 +198,9 @@ endif::[] ifeval::["{context}" == "installing-azure-stack-hub-network-customizations"] :ash: endif::[] +ifeval::["{context}" == "installing-nutanix-installer-provisioned"] +:nutanix: +endif::[] :_content-type: CONCEPT [id="installation-configuration-parameters_{context}"] @@ -241,13 +245,18 @@ Required installation configuration parameters are described in the following ta |`metadata.name` |The name of the cluster. DNS records for the cluster are all subdomains of `{{.metadata.name}}.{{.baseDomain}}`. +ifndef::nutanix[] |String of lowercase letters, hyphens (`-`), and periods (`.`), such as `dev`. +endif::nutanix[] +ifdef::nutanix[] +|String of lowercase letters and hyphens (`-`), such as `dev`. +endif::nutanix[] ifdef::osp[] The string must be 14 characters or fewer long. endif::osp[] |`platform` -|The configuration for the specific platform upon which to perform the installation: `alibabacloud`, `aws`, `baremetal`, `azure`, `ibmcloud`, `openstack`, `ovirt`, `vsphere`, or `{}`. For additional information about `platform.` parameters, consult the table for your specific platform that follows. +|The configuration for the specific platform upon which to perform the installation: `alibabacloud`, `aws`, `baremetal`, `azure`, `ibmcloud`, `nutanix`, `openstack`, `ovirt`, `vsphere`, or `{}`. For additional information about `platform.` parameters, consult the table for your specific platform that follows. |Object ifndef::openshift-origin[] @@ -553,7 +562,7 @@ accounts for the dramatically decreased machine performance. |`compute.platform` |Required if you use `compute`. Use this parameter to specify the cloud provider to host the worker machines. This parameter value must match the `controlPlane.platform` parameter value. -|`alibaba`, `aws`, `azure`, `gcp`, `ibmcloud`, `openstack`, `ovirt`, `vsphere`, or `{}` +|`alibaba`, `aws`, `azure`, `gcp`, `ibmcloud`, `nutanix`, `openstack`, `ovirt`, `vsphere`, or `{}` |`compute.replicas` |The number of compute machines, which are also known as worker machines, to provision. @@ -622,7 +631,7 @@ accounts for the dramatically decreased machine performance. |`controlPlane.platform` |Required if you use `controlPlane`. Use this parameter to specify the cloud provider that hosts the control plane machines. This parameter value must match the `compute.platform` parameter value. -|`alibaba`, `aws`, `azure`, `gcp`, `ibmcloud`, `openstack`, `ovirt`, `vsphere`, or `{}` +|`alibaba`, `aws`, `azure`, `gcp`, `ibmcloud`, `nutanix`, `openstack`, `ovirt`, `vsphere`, or `{}` |`controlPlane.replicas` |The number of control plane machines to provision. @@ -1552,6 +1561,68 @@ Additional Alibaba Cloud configuration parameters are described in the following endif::alibabacloud[] +ifdef::nutanix[] +[id="installation-configuration-parameters-additional-vsphere_{context}"] +== Additional Nutanix configuration parameters + +Additional Nutanix configuration parameters are described in the following table: + +.Additional Nutanix cluster parameters +[cols=".^2,.^3a,.^3a",options="header"] +|==== +|Parameter|Description|Values + +|`platform.nutanix.apiVIP` +|The virtual IP (VIP) address that you configured for control plane API access. +|IP address + +|`platform.nutanix.ingressVIP` +|The virtual IP (VIP) address that you configured for cluster ingress. +|IP address + +|`platform.nutanix.prismCentral.endpoint.address` +|The Prism Central domain name or IP address. +|String + +|`platform.nutanix.prismCentral.endpoint.port` +|The port that is used to log into Prism Central. +|String + +|`platform.nutanix.prismCentral.password` +|The password for the Prism Central user name. +|String + +|`platform.nutanix.prismCentral.username` +|The user name that is used to log into Prism Central. +|String + +|`platform.nutanix.prismElments.endpoint.address` +|The Prism Element domain name or IP address. [^1^] +|String + +|`platform.nutanix.prismElments.endpoint.port` +|The port that is used to log into Prism Element. +|String + +|`platform.nutanix.prismElements.uuid` +|The universally unique identifier (UUID) for Prism Element. +|String + +|`platform.nutanix.subnetUUIDs` +|The UUID of the Prism Element network that contains the virtual IP addresses and DNS records that you configured. [^2^] +|String + +|`platform.nutanix.clusterOSImage` +|Optional: By default, the installation program downloads and installs the {op-system-first} image. If Prism Central does not have internet access, you can override the default behavior by hosting the {op-system} image on any HTTP server and pointing the installation program to the image. +|An HTTP or HTTPS URL, optionally with a SHA-256 checksum. For example, \http://example.com/images/rhcos-47.83.202103221318-0-nutanix.x86_64.ova +|==== +[.small] +-- +1. The `prismElements` section holds a list of Prism Elements (clusters). A Prism Element encompasses all of the Nutanix resources, for example virtual machines and subnets, that are used to host the {product-title} cluster. Only a single Prism Element is supported. +2. Only one subnet per {product-title} cluster is supported. +-- +endif::nutanix[] + ifdef::bare[] :!bare: endif::bare[] @@ -1691,3 +1762,6 @@ endif::[] ifeval::["{context}" == "installing-azure-stack-hub-network-customizations"] :!ash: endif::[] +ifeval::["{context}" == "installing-nutanix-installer-provisioned"] +:!nutanix: +endif::[] diff --git a/modules/installation-initializing.adoc b/modules/installation-initializing.adoc index 3b6c434c6b13..d34e2ea3acc6 100644 --- a/modules/installation-initializing.adoc +++ b/modules/installation-initializing.adoc @@ -31,6 +31,7 @@ // * installing/installing_vsphere/installing-vsphere-installer-provisioned-customizations.adoc // * installing/installing_vsphere/installing-vsphere-installer-provisioned-network-customizations.adoc // * installing/installing_vsphere/installing-restricted-networks-installer-provisioned-vsphere.adoc +// * installing/installing_nutanix/configuring-iam-nutanix.adoc // * installing/installing_gcp/installing-openstack-installer-restricted.adoc // Consider also adding the installation-configuration-parameters.adoc module. @@ -150,6 +151,9 @@ ifeval::["{context}" == "installing-restricted-networks-vmc"] :vsphere: :restricted: endif::[] +ifeval::["{context}" == "installing-nutanix-installer-provisioned"] +:nutanix: +endif::[] :_content-type: PROCEDURE [id="installation-initializing_{context}"] @@ -180,6 +184,9 @@ endif::vsphere,vmc[] ifdef::rhv[] {rh-virtualization-first}. endif::rhv[] +ifdef::nutanix[] +Nutanix. +endif::nutanix[] .Prerequisites @@ -192,7 +199,16 @@ ifndef::aws,gcp[] * Retrieve a {op-system-first} image and upload it to an accessible location. endif::aws,gcp[] endif::restricted[] +ifndef::nutanix[] * Obtain service principal permissions at the subscription level. +endif::nutanix[] +ifdef::nutanix[] +* Verify that you have met the Nutanix networking requirements. + +[role="_additional-resources"] +.Additional resources +* xref:preparing-to-install-on-nutanix.adoc#preparing-to-install-on-nutanix[Nutanix networking requirements]. +endif::nutanix[] .Procedure @@ -290,12 +306,25 @@ The installation program connects to your vCenter instance. ... Enter the virtual IP address that you configured for cluster ingress. ... Enter the base domain. This base domain must be the same one that you used in the DNS records that you configured. endif::vsphere,vmc[] +ifdef::nutanix[] +... Select *nutanix* as the platform to target. +... Enter the Prism Central domain name or IP address. +... Enter the port that is used to log into Prism Central. +... Enter the credentials that are used to log into Prism Central. ++ +The installation program connects to Prism Central. +... Select the Prism Element that will manage the {product-title} cluster. +... Select the network subnet to use. +... Enter the virtual IP address that you configured for control plane API access. +... Enter the virtual IP address that you configured for cluster ingress. +... Enter the base domain. This base domain must be the same one that you configured in the DNS records. +endif::nutanix[] ifndef::osp[] ifndef::rhv,alibabacloud-default,alibabacloud-custom[] ... Enter a descriptive name for your cluster. -ifdef::vsphere,vmc[] -The cluster name must be the same one that you used in the DNS records that you configured. -endif::vsphere,vmc[] +ifdef::vsphere,vmc,nutanix[] +The cluster name you enter must match the cluster name you specified when configuring the DNS records. +endif::vsphere,vmc,nutanix[] endif::rhv,alibabacloud-default,alibabacloud-custom[] endif::osp[] ifdef::osp[] @@ -402,10 +431,10 @@ compute: <1> Set to `0`. endif::[] -ifndef::restricted,alibabacloud-default,alibabacloud-custom[] +ifndef::restricted,alibabacloud-default,alibabacloud-custom,nutanix[] . Modify the `install-config.yaml` file. You can find more information about the available parameters in the "Installation configuration parameters" section. -endif::restricted,alibabacloud-default,alibabacloud-custom[] +endif::restricted,alibabacloud-default,alibabacloud-custom,nutanix[] ifdef::alibabacloud-default,alibabacloud-custom[] . Installing the cluster into Alibaba Cloud requires that the Cloud Credential Operator (CCO) operate in manual mode. Modify the `install-config.yaml` file to set the `credentialsMode` parameter to `Manual`: @@ -554,6 +583,12 @@ For these values, use the `imageContentSources` that you recorded during mirror the available parameters in the *Installation configuration parameters* section. endif::restricted[] +ifdef::nutanix[] +. Optional: Update one or more of the default configuration parameters in the `install.config.yaml` file to customize the installation. ++ +For more information about the parameters, see "Installation configuration parameters". +endif::nutanix[] + . Back up the `install-config.yaml` file so that you can use it to install multiple clusters. + @@ -679,3 +714,6 @@ ifeval::["{context}" == "installing-restricted-networks-vmc"] :!vsphere: :!restricted: endif::[] +ifeval::["{context}" == "installing-nutanix-installer-provisioned"] +:!nutanix: +endif::[] diff --git a/modules/installation-launching-installer.adoc b/modules/installation-launching-installer.adoc index 74b0a1f2e0de..92459ac6af74 100644 --- a/modules/installation-launching-installer.adoc +++ b/modules/installation-launching-installer.adoc @@ -34,6 +34,7 @@ // * installing/installing_vsphere/installing-vsphere-installer-provisioned-network-customizations.adoc // * installing/installing_vsphere/installing-vsphere-installer-provisioned-customizations.adoc // * installing/installing_vsphere/installing-restricted-networks-installer-provisioned-vsphere.adoc +// * installing/installing_nutanix/configuring-iam-nutanix.adoc // If you use this module in any other assembly, you must update the ifeval // statements. @@ -174,6 +175,10 @@ ifeval::["{context}" == "installing-ibm-cloud-customizations"] :custom-config: :ibm-cloud: endif::[] +ifeval::["{context}" == "installing-nutanix-installer-provisioned"] +:custom-config: +:nutanix: +endif::[] :_content-type: PROCEDURE [id="installation-launching-installer_{context}"] @@ -188,7 +193,7 @@ You can run the `create cluster` command of the installation program only once, .Prerequisites -ifndef::osp,rhv,vsphere[* Configure an account with the cloud platform that hosts your cluster.] +ifndef::osp,rhv,vsphere,nutanix[* Configure an account with the cloud platform that hosts your cluster.] ifdef::rhv[* Open the `ovirt-imageio` port to the {rh-virtualization-engine-name} from the machine running the installer. By default, the port is `54322`.] @@ -589,3 +594,7 @@ ifeval::["{context}" == "installing-ibm-cloud-customizations"] :custom-config: :ibm-cloud: endif::[] +ifeval::["{context}" == "installing-nutanix-installer-provisioned"] +:!custom-config: +:!nutanix: +endif::[] diff --git a/modules/installation-nutanix-config-yaml.adoc b/modules/installation-nutanix-config-yaml.adoc new file mode 100644 index 000000000000..593b4baf9a69 --- /dev/null +++ b/modules/installation-nutanix-config-yaml.adoc @@ -0,0 +1,120 @@ +// Module included in the following assemblies: +// +// * installing/installing_nutanix/configuring-iam-nutanix.adoc + +:_content-type: REFERENCE +[id="installation-nutanix-config-yaml_{context}"] += Sample customized install-config.yaml file for Nutanix + +You can customize the `install-config.yaml` file to specify more details about your {product-title} cluster's platform or modify the values of the required parameters. + +[IMPORTANT] +==== +This sample YAML file is provided for reference only. You must obtain your `install-config.yaml` file by using the installation program and modify it. +==== + +[source,yaml] +---- +apiVersion: v1 +baseDomain: example.com <1> +compute: <2> +- hyperthreading: Enabled <3> + name: worker + replicas: 3 + platform: + nutanix: <4> + cpus: 2 + coresPerSocket: 2 + memoryMiB: 8196 + osDisk: + diskSizeGiB: 120 +controlPlane: <2> + hyperthreading: Enabled <3> + name: master + replicas: 3 + platform: + nutanix: <4> + cpus: 4 + coresPerSocket: 2 + memoryMiB: 16384 + osDisk: + diskSizeGiB: 120 +metadata: + creationTimestamp: null + name: test-cluster <1> +networking: + clusterNetwork: + - cidr: 10.128.0.0/14 + hostPrefix: 23 + machineNetwork: + - cidr: 10.0.0.0/16 +ifndef::openshift-origin[] + networkType: OpenShiftSDN +endif::openshift-origin[] +ifdef::openshift-origin[] + networkType: OVNKubernetes +endif::openshift-origin[] + serviceNetwork: + - 172.30.0.0/16 +platform: + nutanix: + apiVIP: 10.40.142.7 <1> + ingressVIP: 10.40.142.8 <1> + prismCentral: + endpoint: + address: your.prismcentral.domainname <1> + port: 9440 <1> + password: samplepassword <1> + username: sampleadmin <1> + prismElements: + - endpoint: + address: your.prismelement.domainname + port: 9440 + uuid: 0005b0f1-8f43-a0f2-02b7-3cecef193712 + subnetUUIDs: + - c7938dc6-7659-453e-a688-e26020c68e43 +ifndef::openshift-origin[] + clusterOSImage: http://example.com/images/rhcos-47.83.202103221318-0-nutanix.x86_64.ova <5> +endif::openshift-origin[] +ifdef::openshift-origin[] + clusterOSImage: http://example.com/images/rhcos-47.83.202103221318-0-nutanix.x86_64.ova <5> +endif::openshift-origin[] +credentialsMode: Manual +publish: External +pullSecret: '{"auths": ...}' <1> +ifndef::openshift-origin[] +fips: false <6> +sshKey: ssh-ed25519 AAAA... <7> +endif::openshift-origin[] +ifdef::openshift-origin[] +sshKey: ssh-ed25519 AAAA... <6> +endif::openshift-origin[] +---- +<1> Required. The installation program prompts you for this value. +<2> The `controlPlane` section is a single mapping, but the compute section is a sequence of mappings. To meet the requirements of the different data structures, the first line of the `compute` section must begin with a hyphen, `-`, and the first line of the `controlPlane` section must not. Although both sections currently define a single machine pool, it is possible that future versions of {product-title} will support defining multiple compute pools during installation. Only one control plane pool is used. +<3> Whether to enable or disable simultaneous multithreading, or `hyperthreading`. By default, simultaneous multithreading is enabled to increase the performance of your machines' cores. You can disable it by setting the parameter value to `Disabled`. If you disable simultaneous multithreading in some cluster machines, you must disable it in all cluster machines. ++ +[IMPORTANT] +==== +If you disable simultaneous multithreading, ensure that your capacity planning accounts for the dramatically decreased machine performance. +==== +<4> Optional: Provide additional configuration for the machine pool parameters for the compute and control plane machines. +ifndef::openshift-origin[] +<5> Optional: By default, the installation program downloads and installs the {op-system-first} image. If Prism Central does not have internet access, you can override the default behavior by hosting the {op-system} image on any HTTP server and pointing the installation program to the image. +<6> Whether to enable or disable FIPS mode. By default, FIPS mode is not enabled. If FIPS mode is enabled, the {op-system-first} machines that {product-title} runs on bypass the default Kubernetes cryptography suite and use the cryptography modules that are provided with {op-system} instead. ++ +[IMPORTANT] +==== +The use of FIPS Validated or Modules in Process cryptographic libraries is only supported on {product-title} deployments on the `x86_64` architecture. +==== +<7> Optional: You can provide the `sshKey` value that you use to access the machines in your cluster. +endif::openshift-origin[] +ifdef::openshift-origin[] +<5> Optional: By default, the installation program downloads and installs the {op-system-first} image. If Prism Central does not have internet access, you can override the default behavior by hosting the {op-system} image on any HTTP server and pointing the installation program to the image. +<6> Optional: You can provide the `sshKey` value that you use to access the machines in your cluster. +endif::openshift-origin[] ++ +[NOTE] +==== +For production {product-title} clusters on which you want to perform installation debugging or disaster recovery, specify an SSH key that your `ssh-agent` process uses. +==== diff --git a/modules/installation-nutanix-infrastructure.adoc b/modules/installation-nutanix-infrastructure.adoc new file mode 100644 index 000000000000..cd1b075c372e --- /dev/null +++ b/modules/installation-nutanix-infrastructure.adoc @@ -0,0 +1,18 @@ +// Module included in the following assemblies: +// +// * installing/installing_nutanix/preparing-to-install-nutanix.adoc + +:_content-type: CONCEPT +[id="installation-nutanix-infrastructure_{context}"] += Nutanix version requirements + +You must install the {product-title} cluster to a Nutanix environment that meets the following requirements. + + +.Version requirements for Nutanix virtual environments +[cols=2, options="header"] +|=== +|Component |Required version +|Nutanix AOS | 5.20.4 or 6.1.1 +|Prism Central | 2022.4 +|=== diff --git a/modules/installation-nutanix-installer-infra-reqs.adoc b/modules/installation-nutanix-installer-infra-reqs.adoc new file mode 100644 index 000000000000..b47aeaadc089 --- /dev/null +++ b/modules/installation-nutanix-installer-infra-reqs.adoc @@ -0,0 +1,85 @@ +// Module included in the following assemblies: +// +// * installing/installing_nutanix/preparing-to-install-on-nutanix.adoc + +:_content-type: CONCEPT +[id="installation-nutanix-installer-infra-reqs_{context}"] += Environment requirements + +Before you install an {product-title} cluster, review the following Nutanix AOS environment requirements. + +[id="installation-nutanix-installer-infra-reqs-account_{context}"] +== Required account privileges + +Installing a cluster to Nutanix requires an account with administrative privileges to read and create the required resources. + +[id="installation-nutanix-installer-infra-reqs-limits_{context}"] +== Cluster limits + +Available resources vary between clusters. The number of possible clusters within a Nutanix environment is limited primarily by available storage space and any limitations associated with the resources that the cluster creates, and resources that you require to deploy the cluster, such a IP addresses and networks. + +[id="installation-nutanix-installer-infra-reqs-resources_{context}"] +== Cluster resources + +A minimum of 800 GB of storage is required to use a standard cluster. + +When you deploy a {product-title} cluster that uses installer-provisioned infrastruture, the installation program must be able to create several resources in your Nutanix instance. Although these resources use 856 GB of storage, the bootstrap node is destroyed as part of the installation process. + +A standard {product-title} installation creates the following resources: + +* 1 label +* Virtual machines: +** 1 disk image +** 1 temporary bootstrap node +** 3 control plane nodes +** 3 compute machines + +[id="installation-nutanix-installer-infra-requirements-networking_{context}"] +== Networking requirements + +You must use AHV IP Address Management (IPAM) for the network and ensure that it is configured to provide persistent IP addresses to the cluster machines. Additionally, create the following networking resources before you install the {product-title} cluster: + +* IP addresses +* DNS records + +[NOTE] +==== +It is recommended that each {product-title} node in the cluster have access to a Network Time Protocol (NTP) server that is discoverable via DHCP. Installation is possible without an NTP server. However, an NTP server prevents errors typically assoicated with asynchronous server clocks. +==== + +[id="installation-nutanix-installer-infra-reqs-_{context}"] +=== Required IP Addresses +An installer-provisioned installation requires two static virtual IP (VIP) addresses: + +* A VIP address for the API is required. This address is used to access the cluster API. +* A VIP address for ingress is required. This address is used for cluster ingress traffic. + +You specify these IP addresses when you install the {product-title} cluster. + +[id="installation-nutanix-installer-infra-reqs-dns-records_{context}"] +=== DNS records +You must create DNS records for two static IP addresses in the appropriate DNS server for the Nutanix instance that hosts your {product-title} cluster. In each record, `` is the cluster name and `` is the cluster base domain that you specify when you install the cluster. + +A complete DNS record takes the form: `...`. + +.Required DNS records +[cols="1a,5a,3a",options="header"] +|=== + +|Component +|Record +|Description + +|API VIP +|`api...` +|This DNS A/AAAA or CNAME record must point to the load balancer +for the control plane machines. This record must be resolvable by both clients +external to the cluster and from all the nodes within the cluster. + +|Ingress VIP +|`*.apps...` +|A wildcard DNS A/AAAA or CNAME record that points to the load balancer that targets the +machines that run the Ingress router pods, which are the worker nodes by +default. This record must be resolvable by both clients external to the cluster +and from all the nodes within the cluster. +|=== diff --git a/modules/installation-obtaining-installer.adoc b/modules/installation-obtaining-installer.adoc index 647980d7b81a..8af6b1e384ed 100644 --- a/modules/installation-obtaining-installer.adoc +++ b/modules/installation-obtaining-installer.adoc @@ -43,6 +43,7 @@ // * installing/installing_rhv/installing-rhv-default.adoc // * installing/installing_rhv/installing-rhv-customizations.adoc // * installing/installing_rhv/installing-rhv-user-infra.adoc +// * installing/installing_nutanix/installing-nutanix-installer-provisioned.adoc ifeval::["{context}" == "installing-ibm-z"] diff --git a/modules/installation-uninstall-clouds.adoc b/modules/installation-uninstall-clouds.adoc index e35fd68a74f5..abbbc902670e 100644 --- a/modules/installation-uninstall-clouds.adoc +++ b/modules/installation-uninstall-clouds.adoc @@ -9,6 +9,7 @@ // * installing/installing_rhv/uninstalling-cluster-rhv.adoc // * installing/installing_vmc/uninstalling-cluster-vmc.adoc // * installing/installing_vsphere/uninstalling-cluster-vsphere-installer-provisioned.adoc +// * installing/installing_nutanix/uninstalling-cluster-nutanix.adoc ifeval::["{context}" == "uninstalling-cluster-aws"] :aws: @@ -43,8 +44,8 @@ endif::gcp[] .Prerequisites -* Have a copy of the installation program that you used to deploy the cluster. -* Have the files that the installation program generated when you created your +* You have a copy of the installation program that you used to deploy the cluster. +* You have the files that the installation program generated when you created your cluster. ifdef::ibm-cloud[] * You have configured the `ccoctl` binary. @@ -91,7 +92,7 @@ $ export IC_API_KEY= You must set the variable name exactly as specified. The installation program expects the variable name to be present to remove the service IDs that were created when the cluster was installed. ==== endif::ibm-cloud[] -. From the directory that contains the installation program on the computer that you used to install the cluster, run the following command: +. On the computer that you used to install the cluster, go to the directory that contains the installation program, and run the following command: + [source,terminal] ---- @@ -126,7 +127,6 @@ If your cluster uses Technology Preview features that are enabled by the `TechPr ==== -- endif::ibm-cloud[] -// The above CCO credential removal for IBM Cloud is only necessary for manual mode. Future releases that support other credential methods will not require this step. . Optional: Delete the `` directory and the {product-title} installation program. @@ -140,3 +140,5 @@ endif::[] ifeval::["{context}" == "uninstalling-cluster-ibm-cloud"] :!ibm-cloud: endif::[] + +// The above CCO credential removal for IBM Cloud is only necessary for manual mode. Future releases that support other credential methods will not require this step. diff --git a/modules/manually-configure-iam-nutanix.adoc b/modules/manually-configure-iam-nutanix.adoc new file mode 100644 index 000000000000..eefe6569673b --- /dev/null +++ b/modules/manually-configure-iam-nutanix.adoc @@ -0,0 +1,140 @@ +// Module included in the following assemblies: +// +// * installing/installing_nutanix/configuring-iam-nutanix.adoc + +:_content-type: PROCEDURE +[id="manually-create-iam-nutanix_{context}"] += Configuring IAM for Nutanix + +Installing the cluster requires that the Cloud Credential Operator (CCO) operate in manual mode. While the installation program configures the CCO for manual mode, you must specify the identity and access management secrets. + +.Prerequisites + +* You have configured the `ccoctl` binary. + +* You have an `install-config.yaml` file. + +.Procedure + +. Create a YAML file that contains the credentials data in the following format: ++ +.Credentials data format +[source,yaml] +---- +credentials: +- type: basic_auth <1> + data: + prismCentral: <2> + username: + password: + prismElements: <3> + - name: + username: + password: +---- +<1> Specify the authentication type. Only basic authentication is supported. +<2> Specify the Prism Central credentials. +<3> Optional: Specify the Prism Element credentials. + +. Extract the list of `CredentialsRequest` custom resources (CRs) from the {product-title} release image by running the following command: ++ +[source,terminal] +---- +$ oc adm release extract --credentials-requests --cloud=nutanix \// +--to=/credrequests \ <1> +quay.io//ocp-release: +---- ++ +<1> Specify the path to the directory that contains the files for the component `CredentialsRequests` objects. If the specified directory does not exist, this command creates it. ++ +.Sample `CredentialsRequest` object +[source,yaml] +---- + apiVersion: cloudcredential.openshift.io/v1 + kind: CredentialsRequest + metadata: + annotations: + include.release.openshift.io/self-managed-high-availability: "true" + labels: + controller-tools.k8s.io: "1.0" + name: openshift-machine-api-nutanix + namespace: openshift-cloud-credential-operator + spec: + providerSpec: + apiVersion: cloudcredential.openshift.io/v1 + kind: NutanixProviderSpec + secretRef: + name: nutanix-credentials + namespace: openshift-machine-api +---- + +. Use the `ccoctl` tool to process all of the `CredentialsRequest` objects in the `credrequests` directory by running the following command: ++ +[source,terminal] +---- +$ ccoctl nutanix create-shared-secrets \ +--credentials-requests-dir=/credrequests \// <1> +--output-dir= \// <2> +--credentials-source-filepath= <3> +---- ++ +<1> Specify the path to the directory that contains the files for the component `CredentialsRequests` objects. +<2> Specify the directory that contains the files of the component credentials secrets, under the `manifests` directory. By default, the `ccoctl` tool creates objects in the directory in which the commands are run. To create the objects in a different directory, use the `--output-dir` flag. +<3> Optional: Specify the directory that contains the credentials data YAML file. By default, `ccoctl` expects this file to be in `/.nutanix/credentials`. To specify a different directory, use the `--credentials-source-filepath` flag. + +. Edit the `install-config.yaml` configuration file so that the `credentialsMode` parameter is set to `Manual`. ++ +.Example `install-config.yaml` configuration file +[source,yaml] +---- +apiVersion: v1 +baseDomain: cluster1.example.com +credentialsMode: Manual <1> +... +---- +<1> Add this line to set the `credentialsMode` parameter to `Manual`. + +. Create the installation manifests by running the following command: ++ +[source,terminal] +---- +$ openshift-install create manifests --dir <1> +---- +<1> Specify the path to the directory that contains the `install-config.yaml` file for your cluster. + +. Copy the generated credential files to the target manifests directory by running the following command: ++ +[source,terminal] +---- +$ cp /manifests/*credentials.yaml .//manifests +---- + +.Verification + +* Ensure that the appropriate secrets exist in the `manifests` directory. ++ +[source,terminal] +---- +$ ls .//manifests +---- ++ +.Example output ++ +[source,terminal] +---- +total 64 +-rw-r----- 1 2335 Jul 8 12:22 cluster-config.yaml +-rw-r----- 1 161 Jul 8 12:22 cluster-dns-02-config.yml +-rw-r----- 1 864 Jul 8 12:22 cluster-infrastructure-02-config.yml +-rw-r----- 1 191 Jul 8 12:22 cluster-ingress-02-config.yml +-rw-r----- 1 9607 Jul 8 12:22 cluster-network-01-crd.yml +-rw-r----- 1 272 Jul 8 12:22 cluster-network-02-config.yml +-rw-r----- 1 142 Jul 8 12:22 cluster-proxy-01-config.yaml +-rw-r----- 1 171 Jul 8 12:22 cluster-scheduler-02-config.yml +-rw-r----- 1 200 Jul 8 12:22 cvo-overrides.yaml +-rw-r----- 1 118 Jul 8 12:22 kube-cloud-config.yaml +-rw-r----- 1 1304 Jul 8 12:22 kube-system-configmap-root-ca.yaml +-rw-r----- 1 4090 Jul 8 12:22 machine-config-server-tls-secret.yaml +-rw-r----- 1 3961 Jul 8 12:22 openshift-config-secret-pull-secret.yaml +-rw------- 1 283 Jul 8 12:24 openshift-machine-api-nutanix-credentials-credentials.yaml +---- diff --git a/modules/nutanix-entitlements.adoc b/modules/nutanix-entitlements.adoc new file mode 100644 index 000000000000..2274f98850a8 --- /dev/null +++ b/modules/nutanix-entitlements.adoc @@ -0,0 +1,8 @@ +// Module included in the following assemblies: +// * installing/installing_nutanix/installing-nutanix-installer-provisioned.adoc + +:_content-type: CONCEPT +[id="nutanix-entitlements_{context}"] += Internet access for Prism Central + +Prism Central requires internet access to obtain the {op-system-first} image that is required to install the cluster. The {op-system} image for Nutanix is available at `rhcosredirector.apps.art.xq1c.p1.openshiftapps.com`. diff --git a/modules/ssh-agent-using.adoc b/modules/ssh-agent-using.adoc index 9f9311432824..329465b82a79 100644 --- a/modules/ssh-agent-using.adoc +++ b/modules/ssh-agent-using.adoc @@ -51,6 +51,7 @@ // * installing/installing_ibm_z/installing-ibm-z-kvm.adoc // * installing/installing_ibm_z/installing-ibm-power.adoc // * installing/installing-rhv-restricted-network.adoc +// * installing/installing_nutanix/installing-nutanix-installer-provisioned.adoc ifeval::["{context}" == "installing-restricted-networks-vsphere"] diff --git a/modules/supported-platforms-for-openshift-clusters.adoc b/modules/supported-platforms-for-openshift-clusters.adoc index 9f4027b620fd..f21e828d530e 100644 --- a/modules/supported-platforms-for-openshift-clusters.adoc +++ b/modules/supported-platforms-for-openshift-clusters.adoc @@ -13,9 +13,10 @@ In {product-title} {product-version}, you can install a cluster that uses instal * Google Cloud Platform (GCP) * Microsoft Azure * Microsoft Azure Stack Hub -* {rh-openstack-first} versions 16.1 and 16.2 +* {rh-openstack-first} versions 16.1 and 16.2 ** The latest {product-title} release supports both the latest {rh-openstack} long-life release and intermediate release. For complete {rh-openstack} release compatibility, see the link:https://access.redhat.com/articles/4679401[{product-title} on {rh-openstack} support matrix]. -* IBM Cloud +* IBM Cloud VPC +* Nutanix * {rh-virtualization-first} * VMware vSphere * VMware Cloud (VMC) on AWS