Menu Close
8.4.15. Preparing the bootstrap Ignition files
The OpenShift Container Platform installation process relies on bootstrap machines that are created from a bootstrap Ignition configuration file.
Edit the file and upload it. Then, create a secondary bootstrap Ignition configuration file that Red Hat OpenStack Platform (RHOSP) uses to download the primary file.
Prerequisites
-
You have the bootstrap Ignition file that the installer program generates,
bootstrap.ign. The infrastructure ID from the installer’s metadata file is set as an environment variable (
$INFRA_ID).- If the variable is not set, see Creating the Kubernetes manifest and Ignition config files.
You have an HTTP(S)-accessible way to store the bootstrap Ignition file.
- The documented procedure uses the RHOSP image service (Glance), but you can also use the RHOSP storage service (Swift), Amazon S3, an internal HTTP server, or an ad hoc Nova server.
Procedure
Run the following Python script. The script modifies the bootstrap Ignition file to set the host name and, if available, CA certificate file when it runs:
import base64 import json import os with open('bootstrap.ign', 'r') as f: ignition = json.load(f) files = ignition['storage'].get('files', []) infra_id = os.environ.get('INFRA_ID', 'openshift').encode() hostname_b64 = base64.standard_b64encode(infra_id + b'-bootstrap\n').decode().strip() files.append( { 'path': '/etc/hostname', 'mode': 420, 'contents': { 'source': 'data:text/plain;charset=utf-8;base64,' + hostname_b64, 'verification': {} }, 'filesystem': 'root', }) ca_cert_path = os.environ.get('OS_CACERT', '') if ca_cert_path: with open(ca_cert_path, 'r') as f: ca_cert = f.read().encode() ca_cert_b64 = base64.standard_b64encode(ca_cert).decode().strip() files.append( { 'path': '/opt/openshift/tls/cloud-ca-cert.pem', 'mode': 420, 'contents': { 'source': 'data:text/plain;charset=utf-8;base64,' + ca_cert_b64, 'verification': {} }, 'filesystem': 'root', }) ignition['storage']['files'] = files; with open('bootstrap.ign', 'w') as f: json.dump(ignition, f)Using the RHOSP CLI, create an image that uses the bootstrap Ignition file:
$ openstack image create --disk-format=raw --container-format=bare --file bootstrap.ign <image_name>
Get the image’s details:
$ openstack image show <image_name>
Make a note of the
filevalue; it follows the patternv2/images/<image_ID>/file.注記Verify that the image you created is active.
Retrieve the image service’s public address:
$ openstack catalog show image
-
Combine the public address with the image
filevalue and save the result as the storage location. The location follows the pattern<image_service_public_URL>/v2/images/<image_ID>/file. Generate an auth token and save the token ID:
$ openstack token issue -c id -f value
Insert the following content into a file called
$INFRA_ID-bootstrap-ignition.jsonand edit the placeholders to match your own values:{ "ignition": { "config": { "append": [{ "source": "<storage_url>", 1 "verification": {}, "httpHeaders": [{ "name": "X-Auth-Token", 2 "value": "<token_ID>" 3 }] }] }, "security": { "tls": { "certificateAuthorities": [{ "source": "data:text/plain;charset=utf-8;base64,<base64_encoded_certificate>", 4 "verification": {} }] } }, "timeouts": {}, "version": "2.4.0" }, "networkd": {}, "passwd": {}, "storage": {}, "systemd": {} }- 1
- Replace the value of
ignition.config.append.sourcewith the bootstrap Ignition file storage URL. - 2
- Set
nameinhttpHeadersto"X-Auth-Token". - 3
- Set
valueinhttpHeadersto your token’s ID. - 4
- If the bootstrap Ignition file server uses a self-signed certificate, include the base64-encoded certificate.
- Save the secondary Ignition config file.
The bootstrap Ignition data will be passed to RHOSP during installation.
The bootstrap Ignition file contains sensitive information, like clouds.yaml credentials. Ensure that you store it in a secure place, and delete it after you complete the installation process.