OSDOCS-3435: Nutanix IPI installation

_topic_maps/_topic_map.yml

@@ -260,6 +260,16 @@ Topics:
     File: installing-ibm-cloud-network-customizations
   - Name: Uninstalling a cluster on IBM Cloud VPC
     File: uninstalling-cluster-ibm-cloud
+- Name: Installing on Nutanix
+  Dir: installing_nutanix
+  Distros: openshift-origin,openshift-enterprise
+  Topics:
+  - Name: Preparing to install on Nutanix
+    File: preparing-to-install-on-nutanix
+  - Name: Installing a cluster on Nutanix
+    File: installing-nutanix-installer-provisioned
+  - Name: Uninstalling a cluster on Nutanix
+    File: uninstalling-cluster-nutanix
 - Name: Installing on bare metal
   Dir: installing_bare_metal
   Distros: openshift-origin,openshift-enterprise

installing/installing_nutanix/attributes

@@ -0,0 +1 @@
+../../_attributes/

installing/installing_nutanix/images

@@ -0,0 +1 @@
+../../images/

installing/installing_nutanix/installing-nutanix-installer-provisioned.adoc

@@ -0,0 +1,52 @@
+:_content-type: ASSEMBLY
+[id="installing-nutanix-installer-provisioned"]
+= Installing a cluster on Nutanix
+include::_attributes/common-attributes.adoc[]
+:context: installing-nutanix-installer-provisioned
+
+toc::[]
+
+In {product-title} version {product-version}, you can install a cluster on your Nutanix instance that uses installer-provisioned infrastructure.
+
+== Prerequisites
+
+* You have reviewed details about the xref:../../architecture/architecture-installation.adoc#architecture-installation[{product-title} installation and update] processes.
+* If you use a firewall, you have configured it to xref:../../installing/install_config/configuring-firewall.adoc#configuring-firewall[grant access] to the sites that {product-title} requires. This includes the use of Telemetry.
+* If your Nutanix environment is using the default self-signed SSL certificate, replace it with a certificate that is signed by a CA. The installation program requires a valid CA-signed certificate to access to the Prism Central API. For more information about replacing the self-signed certificate, see the  https://portal.nutanix.com/page/documents/details?targetId=Nutanix-Security-Guide-v6_1:mul-security-ssl-certificate-pc-t.html[Nutanix AOS Security Guide].
+
+include::modules/cluster-entitlements.adoc[leveloffset=+1]
+
+include::modules/nutanix-entitlements.adoc[leveloffset=+1]
+
+include::modules/ssh-agent-using.adoc[leveloffset=+1]
+
+include::modules/installation-obtaining-installer.adoc[leveloffset=+1]
+
+include::modules/installation-adding-nutanix-root-certificates.adoc[leveloffset=+1]
+
+include::modules/installation-initializing.adoc[leveloffset=+1]
+include::modules/installation-configuration-parameters.adoc[leveloffset=+2]
+include::modules/installation-nutanix-config-yaml.adoc[leveloffset=+2]
+include::modules/installation-configure-proxy.adoc[leveloffset=+2]
+
+include::modules/cli-installing-cli.adoc[leveloffset=+1]
+
+include::modules/manually-configure-iam-nutanix.adoc[leveloffset=+1]
+
+include::modules/installation-launching-installer.adoc[leveloffset=+1]
+
+== Configuring the default storage container
+After you install the cluster, you must install the Nutanix CSI Operator and configure the default storage container for the cluster.
+
+For more information, see the Nutanix documentation for link:https://opendocs.nutanix.com/openshift/operators/csi/[installing the CSI Operator] and link:https://opendocs.nutanix.com/openshift/install/ipi/#openshift-image-registry-configuration[configuring registry storage].
+
+include::modules/cluster-telemetry.adoc[leveloffset=+1]
+
+[role="_additional-resources"]
+== Additional resources
+
+* xref:../../support/remote_health_monitoring/about-remote-health-monitoring.adoc#about-remote-health-monitoring[About remote health monitoring]
+
+== Next steps
+* xref:../../support/remote_health_monitoring/opting-out-of-remote-health-reporting.adoc#opting-out-remote-health-reporting_opting-out-remote-health-reporting[Opt out of remote health reporting]
+* xref:../../post_installation_configuration/cluster-tasks.adoc#available_cluster_customizations[Customize your cluster]

installing/installing_nutanix/modules

@@ -0,0 +1 @@
+../../modules/

installing/installing_nutanix/preparing-to-install-on-nutanix.adoc

@@ -0,0 +1,13 @@
+:_content-type: ASSEMBLY
+[id="preparing-to-install-on-nutanix"]
+= Preparing to install on Nutanix
+include::_attributes/common-attributes.adoc[]
+:context: preparing-to-install-on-nutanix
+
+toc::[]
+
+Before you install an {product-title} cluster, be sure that your Nutanix environment meets the following requirements.
+
+include::modules/installation-nutanix-infrastructure.adoc[leveloffset=+1]
+include::modules/installation-nutanix-installer-infra-reqs.adoc[leveloffset=+1]
+include::modules/cco-ccoctl-configuring.adoc[leveloffset=+1]

installing/installing_nutanix/snippets

@@ -0,0 +1 @@
+../../snippets/

installing/installing_nutanix/uninstalling-cluster-nutanix.adoc

@@ -0,0 +1,11 @@
+:_content-type: ASSEMBLY
+[id="uninstalling-cluster-nutanix"]
+= Uninstalling a cluster on Nutanix
+include::_attributes/common-attributes.adoc[]
+:context: uninstalling-cluster-nutanix
+
+toc::[]
+
+You can remove a cluster that you deployed to Nutanix.
+
+include::modules/installation-uninstall-clouds.adoc[leveloffset=+1]

modules/cco-ccoctl-configuring.adoc

@@ -17,16 +17,24 @@ endif::[]
 ifeval::["{context}" == "cco-mode-gcp-workload-identity"]
 :google-cloud-platform:
 endif::[]
+ifeval::["{context}" == "preparing-to-install-on-nutanix"]
+:nutanix:
+endif::[]
 
 :_content-type: PROCEDURE
 [id="cco-ccoctl-configuring_{context}"]
 = Configuring the Cloud Credential Operator utility
+ifdef::nutanix[]
+The Cloud Credential Operator (CCO) manages cloud provider credentials as Kubernetes custom resource definitions (CRDs). To install a cluster on Nutanix, you must set the CCO to `manual` mode as part of the installation process.
+endif::nutanix[]
 
+ifndef::alibabacloud[]
 To create and manage cloud credentials from outside of the cluster when the Cloud Credential Operator (CCO) is operating in
+ifdef::ibm-cloud,nutanix[manual mode,]
 ifdef::aws-sts[manual mode with STS,]
-ifdef::ibm-cloud[manual mode,]
 ifdef::google-cloud-platform[manual mode with GCP Workload Identity,]
 extract and prepare the CCO utility (`ccoctl`) binary.
+endif::alibabacloud[]
 
 ifdef::alibabacloud[]
 To assign RAM users and policies that provide long-lived RAM AccessKeys (AKs) for each in-cluster component, extract and prepare the {product-title} Cloud Credential Operator (CCO) utility (`ccoctl`) binary.
@@ -81,14 +89,14 @@ endif::aws-sts[]
 
 .Procedure
 
-. Obtain the {product-title} release image:
+. Obtain the {product-title} release image by running the following command:
 +
 [source,terminal]
 ----
 $ RELEASE_IMAGE=$(./openshift-install version | awk '/release image/ {print $3}')
 ----
 
-. Get the CCO container image from the {product-title} release image:
+. Get the CCO container image from the {product-title} release image by running the following command:
 +
 [source,terminal]
 ----
@@ -100,14 +108,14 @@ $ CCO_IMAGE=$(oc adm release info --image-for='cloud-credential-operator' $RELEA
 Ensure that the architecture of the `$RELEASE_IMAGE` matches the architecture of the environment in which you will use the `ccoctl` tool.
 ====
 
-. Extract the `ccoctl` binary from the CCO container image within the {product-title} release image:
+. Extract the `ccoctl` binary from the CCO container image within the {product-title} release image by running the following command:
 +
 [source,terminal]
 ----
 $ oc image extract $CCO_IMAGE --file="/usr/bin/ccoctl" -a ~/.pull-secret
 ----
 
-. Change the permissions to make `ccoctl` executable:
+. Change the permissions to make `ccoctl` executable by running the following command:
 +
 [source,terminal]
 ----
@@ -116,7 +124,7 @@ $ chmod 775 ccoctl
 
 .Verification
 
-* To verify that `ccoctl` is ready to use, display the help file:
+* To verify that `ccoctl` is ready to use, display the help file by running the following command:
 +
 [source,terminal]
 ----
@@ -138,6 +146,7 @@ Available Commands:
   gcp          Manage credentials objects for Google cloud
   help         Help about any command
   ibmcloud     Manage credentials objects for IBM Cloud
+  nutanix      Manage credentials objects for Nutanix
 
 Flags:
   -h, --help   help for ccoctl
@@ -157,3 +166,6 @@ endif::[]
 ifeval::["{context}" == "cco-mode-gcp-workload-identity"]
 :!google-cloud-platform:
 endif::[]
+ifeval::["{context}" == "preparing-to-install-on-nutanix"]
+:!nutanix:
+endif::[]

modules/cluster-entitlements.adoc

@@ -71,6 +71,7 @@
 // * installing/installing_ibm_power/installing-restricted-networks-ibm-power.adoc
 // * installing/installing_azure_stack_hub/installing-azure-stack-hub-network-customizations.adoc
 // * architecture/architecture.adoc
+// * installing/installing_nutanix/installing-nutanix-installer-provisioned.adoc
 
 ifeval::["{context}" == "installing-restricted-networks-bare-metal"]
 :restricted:

modules/installation-adding-nutanix-root-certificates.adoc

@@ -0,0 +1,27 @@
+// Module included in the following assemblies:
+//
+// * installing/installing_nutanix/installing-nutanix-installer-provisioned.adoc
+
+:_content-type: PROCEDURE
+[id="installation-adding-nutanix-root-certificates_{context}"]
+= Adding Nutanix root CA certificates to your system trust
+
+Because the installation program requires access to the Prism Central API, you must add your Nutanix trusted root CA certificates to your system trust before you install an {product-title} cluster.
+
+.Procedure
+
+. From the Prism Central web console, download the Nutanix root CA certificates.
+. Extract the compressed file that contains the Nutanix root CA certificates.
+. Add the files for your operating system to the system trust. For example, on a Fedora operating system, run the following command:
++
+[source,terminal]
+----
+# cp certs/lin/* /etc/pki/ca-trust/source/anchors
+----
+
+. Update your system trust. For example, on a Fedora operating system, run the following command:
++
+[source,terminal]
+----
+# update-ca-trust extract
+----

modules/installation-configuration-parameters.adoc

@@ -49,6 +49,7 @@
 // * installing/installing_vsphere/installing-vsphere-installer-provisioned-network-customizations.adoc
 // * installing/installing_azure_stack_hub/installing-azure-stack-hub-default.adoc
 // * installing/installing_azure_stack_hub/installing-azure-stack-hub-customizations.adoc
+// * installing/installing_nutanix/installing-nutanix-installer-provisioned.adoc
 
 ifeval::["{context}" == "installing-alibaba-customizations"]
 :alibabacloud:
@@ -197,6 +198,9 @@ endif::[]
 ifeval::["{context}" == "installing-azure-stack-hub-network-customizations"]
 :ash:
 endif::[]
+ifeval::["{context}" == "installing-nutanix-installer-provisioned"]
+:nutanix:
+endif::[]
 
 :_content-type: CONCEPT
 [id="installation-configuration-parameters_{context}"]
@@ -241,13 +245,18 @@ Required installation configuration parameters are described in the following ta
 
 |`metadata.name`
 |The name of the cluster. DNS records for the cluster are all subdomains of `{{.metadata.name}}.{{.baseDomain}}`.
+ifndef::nutanix[]
 |String of lowercase letters, hyphens (`-`), and periods (`.`), such as `dev`.
+endif::nutanix[]
+ifdef::nutanix[]
+|String of lowercase letters and hyphens (`-`), such as `dev`.
+endif::nutanix[]
 ifdef::osp[]
 The string must be 14 characters or fewer long.
 endif::osp[]
 
 |`platform`
-|The configuration for the specific platform upon which to perform the installation: `alibabacloud`, `aws`, `baremetal`, `azure`, `ibmcloud`, `openstack`, `ovirt`, `vsphere`, or `{}`. For additional information about `platform.<platform>` parameters, consult the table for your specific platform that follows.
+|The configuration for the specific platform upon which to perform the installation: `alibabacloud`, `aws`, `baremetal`, `azure`, `ibmcloud`, `nutanix`, `openstack`, `ovirt`, `vsphere`, or `{}`. For additional information about `platform.<platform>` parameters, consult the table for your specific platform that follows.
 |Object
 
 ifndef::openshift-origin[]
@@ -553,7 +562,7 @@ accounts for the dramatically decreased machine performance.
 
 |`compute.platform`
 |Required if you use `compute`. Use this parameter to specify the cloud provider to host the worker machines. This parameter value must match the `controlPlane.platform` parameter value.
-|`alibaba`, `aws`, `azure`, `gcp`, `ibmcloud`, `openstack`, `ovirt`, `vsphere`, or `{}`
+|`alibaba`, `aws`, `azure`, `gcp`, `ibmcloud`, `nutanix`, `openstack`, `ovirt`, `vsphere`, or `{}`
 
 |`compute.replicas`
 |The number of compute machines, which are also known as worker machines, to provision.
@@ -622,7 +631,7 @@ accounts for the dramatically decreased machine performance.
 
 |`controlPlane.platform`
 |Required if you use `controlPlane`. Use this parameter to specify the cloud provider that hosts the control plane machines. This parameter value must match the `compute.platform` parameter value.
-|`alibaba`, `aws`, `azure`, `gcp`, `ibmcloud`, `openstack`, `ovirt`, `vsphere`, or `{}`
+|`alibaba`, `aws`, `azure`, `gcp`, `ibmcloud`, `nutanix`, `openstack`, `ovirt`, `vsphere`, or `{}`
 
 |`controlPlane.replicas`
 |The number of control plane machines to provision.
@@ -1552,6 +1561,68 @@ Additional Alibaba Cloud configuration parameters are described in the following
 
 endif::alibabacloud[]
 
+ifdef::nutanix[]
+[id="installation-configuration-parameters-additional-vsphere_{context}"]
+== Additional Nutanix configuration parameters
+
+Additional Nutanix configuration parameters are described in the following table:
+
+.Additional Nutanix cluster parameters
+[cols=".^2,.^3a,.^3a",options="header"]
+|====
+|Parameter|Description|Values
+
+|`platform.nutanix.apiVIP`
+|The virtual IP (VIP) address that you configured for control plane API access.
+|IP address
+
+|`platform.nutanix.ingressVIP`
+|The virtual IP (VIP) address that you configured for cluster ingress.
+|IP address
+
+|`platform.nutanix.prismCentral.endpoint.address`
+|The Prism Central domain name or IP address.
+|String
+
+|`platform.nutanix.prismCentral.endpoint.port`
+|The port that is used to log into Prism Central.
+|String
+
+|`platform.nutanix.prismCentral.password`
+|The password for the Prism Central user name.
+|String
+
+|`platform.nutanix.prismCentral.username`
+|The user name that is used to log into Prism Central.
+|String
+
+|`platform.nutanix.prismElments.endpoint.address`
+|The Prism Element domain name or IP address. [^1^]
+|String
+
+|`platform.nutanix.prismElments.endpoint.port`
+|The port that is used to log into Prism Element.
+|String
+
+|`platform.nutanix.prismElements.uuid`
+|The universally unique identifier (UUID) for Prism Element.
+|String
+
+|`platform.nutanix.subnetUUIDs`
+|The UUID of the Prism Element network that contains the virtual IP addresses and DNS records that you configured. [^2^]
+|String
+
+|`platform.nutanix.clusterOSImage`
+|Optional: By default, the installation program downloads and installs the {op-system-first} image. If Prism Central does not have internet access, you can override the default behavior by hosting the {op-system} image on any HTTP server and pointing the installation program to the image.
+|An HTTP or HTTPS URL, optionally with a SHA-256 checksum. For example, \http://example.com/images/rhcos-47.83.202103221318-0-nutanix.x86_64.ova
+|====
+[.small]
+--
+1. The `prismElements` section holds a list of Prism Elements (clusters). A Prism Element encompasses all of the Nutanix resources, for example virtual machines and subnets, that are used to host the {product-title} cluster. Only a single Prism Element is supported.
+2. Only one subnet per {product-title} cluster is supported.
+--
+endif::nutanix[]
+
 ifdef::bare[]
 :!bare:
 endif::bare[]
@@ -1691,3 +1762,6 @@ endif::[]
 ifeval::["{context}" == "installing-azure-stack-hub-network-customizations"]
 :!ash:
 endif::[]
+ifeval::["{context}" == "installing-nutanix-installer-provisioned"]
+:!nutanix:
+endif::[]