Chapter 2. Preparing for overcloud deployment with the director Operator
Before you can deploy an overcloud with the director Operator, you must create a data volume for the base operating system and add authentication details for your remote git repository. You can also set the root password for your nodes. If you do not set a root password, you can still log into nodes with the SSH keys defined in the osp-controlplane-ssh-keys
Secret.
2.1. Creating a data volume for the base operating system
You must create a data volume with the OpenShift Container Platform (OCP) cluster to store the base operating system image for your Controller virtual machines.
Prerequisites
- Download a Red Hat Enterprise Linux 8.4 QCOW2 image to your workstation. You can download this image from the Product Download section of the Red Hat Customer Portal.
Install the
virtctl
client tool on your workstation. You can install this tool on a Red Hat Enterprise Linux workstation using the following commands:$ sudo subscription-manager repos --enable=cnv-4.10-for-rhel-8-x86_64-rpms $ sudo dnf install -y kubevirt-virtctl
Install the
virt-customize
client tool on your workstation. You can install this tool on a Red Hat Enterprise Linux workstation using the following command:$ dnf install -y libguestfs-tools-c
Procedure
The default QCOW2 image that you have downloaded from access.redhat.com does not use biosdev predictable network interface names. Modify the image with
virt-customize
to use biosdev predictable network interface names:$ sudo virt-customize -a <local path to image> --run-command 'sed -i -e "s/^\(kernelopts=.*\)net.ifnames=0 \(.*\)/\1\2/" /boot/grub2/grubenv' $ sudo virt-customize -a <local path to image> --run-command 'sed -i -e "s/^\(GRUB_CMDLINE_LINUX=.*\)net.ifnames=0 \(.*\)/\1\2/" /etc/default/grub' --truncate /etc/machine-id
Upload the image to OpenShift Virtualization with
virtctl
:$ virtctl image-upload dv <datavolume_name> -n openstack \ --size=<size> --image-path=<local_path_to_image> \ --storage-class <storage_class> --access-mode <access_mode> --insecure
-
Replace
<datavolume_name>
with the name of the data volume, for example,openstack-base-img
. -
Replace
<size>
with the size of the data volume required for your environment, for example,50Gi
. The minimum size is 50GB. Replace
<storage_class>
with the required storage class from your cluster. Use the following command to retrieve the available storage classes:$ oc get storageclass
-
Replace
<access_mode>
with the access mode for the PVC. The default value isReadWriteOnce
.
-
Replace
When you create the OpenStackControlPlane resource and individual OpenStackVmSet resources, set the
baseImageVolumeName
parameter to the data volume name:... spec: ... baseImageVolumeName: openstack-base-img ...
Additional resources
2.2. Adding authentication details for your remote Git repository
The director Operator stores rendered Ansible playbooks to a remote Git repository and uses this repository to track changes to the overcloud configuration. You can use any Git repository that supports SSH authentication. You must provide details for the Git repository as an OpenShift Secret resource named git-secret
.
Prerequisites
- Ensure your OpenShift Container Platform cluster is operational and you have installed the director Operator correctly.
-
Ensure that you have installed the
oc
command line tool on your workstation. - Prepare a remote Git repository for the director Operator to store the generated configuration for your overcloud.
-
Prepare an SSH key pair. Upload the public key to the Git repository and keep the private key available to add to the
git-secret
Secret resource.
Procedure
Create the Secret resource:
$ oc create secret generic git-secret -n openstack --from-file=git_ssh_identity=<path_to_private_SSH_key> --from-literal=git_url=<git_server_URL>
The
git-secret
Secret resource contains two key-value pairs:git_ssh_identity
-
The private key to access the Git repository. The
--from-file
option stores the content of the private SSH key file. git_url
-
The SSH URL of the git repository to store the configuration. The
--from-literal
option stores the URL that you enter for this key.
Verification
View the Secret resource:
$ oc get secret/git-secret -n openstack
Additional resources
2.3. Setting the root password for nodes
To access the root
user with a password on each node, you can set a root
password in a Secret resource named userpassword
.
Setting the root password for nodes is optional. If you do not set a root
password, you can still log into nodes with the SSH keys defined in the osp-controlplane-ssh-keys
Secret.
Prerequisites
- Ensure your OpenShift Container Platform cluster is operational and you have installed the director Operator correctly.
-
Ensure that you have installed the
oc
command line tool on your workstation.
Procedure
Convert your chosen password to a base64 value:
$ echo -n "p@ssw0rd!" | base64 cEBzc3cwcmQh
NoteThe
-n
option removes the trailing newline from the echo output.Create a file named
openstack-userpassword.yaml
on your workstation. Include the following resource specification for the Secret in the file:apiVersion: v1 kind: Secret metadata: name: userpassword namespace: openstack data: NodeRootPassword: "cEBzc3cwcmQh"
Set the
NodeRootPassword
parameter to your base64 encoded password.Create the
userpassword
Secret:$ oc create -f openstack-userpassword.yaml -n openstack
Enter the userpassword
Secret in passwordSecret
when you create OpenStackControlPlane
or OpenStackBaremetalSet
:
apiVersion: osp-director.openstack.org/v1beta2 kind: OpenStackControlPlane metadata: name: overcloud namespace: openstack spec: passwordSecret: <userpassword>
-
Replace
<userpassword>
with youruserpassword
Secret.
Additional resources