Chapter 2. Preparing for overcloud deployment with the director Operator

Before you can deploy an overcloud with the director Operator, you must create a data volume for the base operating system and add authentication details for your remote git repository. You can also set the root password for your nodes. If you do not set a root password, you can still log into nodes with the SSH keys defined in the osp-controlplane-ssh-keys Secret.

2.1. Creating a data volume for the base operating system

You must create a data volume with the OpenShift Container Platform (OCP) cluster to store the base operating system image for your Controller virtual machines.

Prerequisites

  • Download a Red Hat Enterprise Linux 8.4 QCOW2 image to your workstation. You can download this image from the Product Download section of the Red Hat Customer Portal.
  • Install the virtctl client tool on your workstation. You can install this tool on a Red Hat Enterprise Linux workstation using the following commands:

    $ sudo subscription-manager repos --enable=cnv-4.10-for-rhel-8-x86_64-rpms
    $ sudo dnf install -y kubevirt-virtctl
  • Install the virt-customize client tool on your workstation. You can install this tool on a Red Hat Enterprise Linux workstation using the following command:

    $ dnf install -y libguestfs-tools-c

Procedure

  1. The default QCOW2 image that you have downloaded from access.redhat.com does not use biosdev predictable network interface names. Modify the image with virt-customize to use biosdev predictable network interface names:

    $ sudo virt-customize -a <local path to image> --run-command 'sed -i -e "s/^\(kernelopts=.*\)net.ifnames=0 \(.*\)/\1\2/" /boot/grub2/grubenv'
    $ sudo virt-customize -a <local path to image> --run-command 'sed -i -e "s/^\(GRUB_CMDLINE_LINUX=.*\)net.ifnames=0 \(.*\)/\1\2/" /etc/default/grub' --truncate /etc/machine-id
  2. Upload the image to OpenShift Virtualization with virtctl:

    $ virtctl image-upload dv <datavolume_name> -n openstack \
     --size=<size> --image-path=<local_path_to_image> \
     --storage-class <storage_class> --access-mode <access_mode> --insecure
    • Replace <datavolume_name> with the name of the data volume, for example, openstack-base-img.
    • Replace <size> with the size of the data volume required for your environment, for example, 50Gi. The minimum size is 50GB.
    • Replace <storage_class> with the required storage class from your cluster. Use the following command to retrieve the available storage classes:

      $ oc get storageclass
    • Replace <access_mode> with the access mode for the PVC. The default value is ReadWriteOnce.
  3. When you create the OpenStackControlPlane resource and individual OpenStackVmSet resources, set the baseImageVolumeName parameter to the data volume name:

    ...
    spec:
      ...
      baseImageVolumeName: openstack-base-img
    ...

2.2. Adding authentication details for your remote Git repository

The director Operator stores rendered Ansible playbooks to a remote Git repository and uses this repository to track changes to the overcloud configuration. You can use any Git repository that supports SSH authentication. You must provide details for the Git repository as an OpenShift Secret resource named git-secret.

Prerequisites

  • Ensure your OpenShift Container Platform cluster is operational and you have installed the director Operator correctly.
  • Ensure that you have installed the oc command line tool on your workstation.
  • Prepare a remote Git repository for the director Operator to store the generated configuration for your overcloud.
  • Prepare an SSH key pair. Upload the public key to the Git repository and keep the private key available to add to the git-secret Secret resource.

Procedure

  1. Create the Secret resource:

    $ oc create secret generic git-secret -n openstack --from-file=git_ssh_identity=<path_to_private_SSH_key> --from-literal=git_url=<git_server_URL>

    The git-secret Secret resource contains two key-value pairs:

    git_ssh_identity
    The private key to access the Git repository. The --from-file option stores the content of the private SSH key file.
    git_url
    The SSH URL of the git repository to store the configuration. The --from-literal option stores the URL that you enter for this key.

Verification

  1. View the Secret resource:

    $ oc get secret/git-secret -n openstack

2.3. Setting the root password for nodes

To access the root user with a password on each node, you can set a root password in a Secret resource named userpassword.

Note

Setting the root password for nodes is optional. If you do not set a root password, you can still log into nodes with the SSH keys defined in the osp-controlplane-ssh-keys Secret.

Prerequisites

  • Ensure your OpenShift Container Platform cluster is operational and you have installed the director Operator correctly.
  • Ensure that you have installed the oc command line tool on your workstation.

Procedure

  1. Convert your chosen password to a base64 value:

    $ echo -n "p@ssw0rd!" | base64
    cEBzc3cwcmQh
    Note

    The -n option removes the trailing newline from the echo output.

  2. Create a file named openstack-userpassword.yaml on your workstation. Include the following resource specification for the Secret in the file:

    apiVersion: v1
    kind: Secret
    metadata:
      name: userpassword
      namespace: openstack
    data:
      NodeRootPassword: "cEBzc3cwcmQh"

    Set the NodeRootPassword parameter to your base64 encoded password.

  3. Create the userpassword Secret:

    $ oc create -f openstack-userpassword.yaml -n openstack
Note

Enter the userpassword Secret in passwordSecret when you create OpenStackControlPlane or OpenStackBaremetalSet:

apiVersion: osp-director.openstack.org/v1beta2
kind: OpenStackControlPlane
metadata:
  name: overcloud
  namespace: openstack
spec:
  passwordSecret: <userpassword>
  • Replace <userpassword> with your userpassword Secret.