{"id":24994954,"url":"https://github.com/rguske/openshift-installer-provisioned-infrastructure","last_synced_at":"2025-03-29T14:23:39.942Z","repository":{"id":274703948,"uuid":"923421109","full_name":"rguske/openshift-installer-provisioned-infrastructure","owner":"rguske","description":"Installing Red Hat OpenShift using the installation method IPI - Installer Provisioned Infrastructure","archived":false,"fork":false,"pushed_at":"2025-01-28T21:06:50.000Z","size":540,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-01-28T22:20:45.449Z","etag":null,"topics":["kubernetes","openshift","openshift-container-platform","openshift-v4","redhat"],"latest_commit_sha":null,"homepage":"","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/rguske.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2025-01-28T07:59:02.000Z","updated_at":"2025-01-28T21:06:54.000Z","dependencies_parsed_at":"2025-01-28T22:20:47.563Z","dependency_job_id":"ab0f62ea-c08a-4614-b898-b69f78c35fea","html_url":"https://github.com/rguske/openshift-installer-provisioned-infrastructure","commit_stats":null,"previous_names":["rguske/openshift-installer-provisioned-infrastructure"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rguske%2Fopenshift-installer-provisioned-infrastructure","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rguske%2Fopenshift-installer-provisioned-infrastructure/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rguske%2Fopenshift-installer-provisioned-infrastructure/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rguske%2Fopenshift-installer-provisioned-infrastructure/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/rguske","download_url":"https://codeload.github.com/rguske/openshift-installer-provisioned-infrastructure/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":246194244,"owners_count":20738638,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["kubernetes","openshift","openshift-container-platform","openshift-v4","redhat"],"created_at":"2025-02-04T15:25:45.324Z","updated_at":"2025-03-29T14:23:39.935Z","avatar_url":"https://github.com/rguske.png","language":null,"funding_links":[],"categories":[],"sub_categories":[],"readme":"# Red Hat OpenShift Installation - Installer Provisioned Infrastructure (IPI)\n\n⚠️ WIP\n\nYou can install OpenShift Container Platform on vSphere by using installer-provisioned infrastructure. Installer-provisioned infrastructure allows the installation program to preconfigure and automate the provisioning of resources required by OpenShift Container Platform. Installer-provisioned infrastructure is useful for installing in environments with disconnected networks, where the installation program provisions the underlying infrastructure for the cluster.\n\n\n## Preperations\n\nSetup a Bastion Host using e.g RHEL9.\n\n### SSH\n\n`cat ~/.ssh/id_ed25519.pub | ssh rguske@rguske-bastion.rguske....com \"mkdir -p ~/.ssh \u0026\u0026 cat \u003e\u003e ~/.ssh/authorized_keys \u0026\u0026 chmod 600 ~/.ssh/authorized_keys \u0026\u0026 chmod 700 ~/.ssh\"`\n\n* Generating an SSH key pair on your Bastion-Host. You can use this key pair to authenticate into the OpenShift Container Platform cluster’s nodes after it is deployed.\n\n`ssh-keygen -t ed25519 -N '' -f ~/.ssh/id_ed25519`\n\n### RHEL Subscription Manager\n\n* Register the `subscription-manager`: `sudo subscription-manager register --username  --password `\n\n### vCenter Root Certificates\n\n* [Adding your vCenter’s trusted root CA certificates](https://docs.redhat.com/en/documentation/openshift_container_platform/4.17/html/installing_on_vmware_vsphere/installer-provisioned-infrastructure#installation-adding-vcenter-root-certificates_ipi-vsphere-preparing-to-install) to your system trust.\n* Downloading and adding the certificates: `curl -kLO https://vcsa-vsphere1.coe.muc.redhat.com/certs/download.zip`\n* Install `unzip` to unpack the zip file: `sudo dnf install unzip -y`.\n* Unpack the zip file: `unzip download.zip`.\n* Move the certificates to the system trust: `cp certs/lin/* /etc/pki/ca-trust/source/anchors`\n* Update your system trust: `update-ca-trust extract`\n\n### Installing necessary CLIs\n\nOn the bastion host, download the necessary cli's:\n\n`curl -LO \u003curl\u003e`\n\n* [openshift-install-rhel9](https://mirror.openshift.com/pub/openshift-v4/clients/ocp/4.17.6/openshift-install-rhel9-amd64.tar.gz)\n* [openshift-client-linux-amd64](https://mirror.openshift.com/pub/openshift-v4/clients/ocp/4.17.6/openshift-client-linux-amd64-rhel9-4.17.6.tar.gz)\n\nUnpack the `.gz`files and copy them into your path:\n\nIf /usr/local/bin isn't included in the $PATH, run\n`export PATH=/usr/local/bin:$PATH`\n\n```shell\ncp openshift-install /usr/local/bin/\ncp oc /usr/local/bin/\ncp kubectl /usr/local/bin/\n```\n\n### Create local config - IPI\n\nCreate the installation configuration for OCP interactively by executing: `openshift-install create install-config --dir .`\n\n```shell\nopenshift-install create install-config --dir .\n? SSH Public Key /home/rguske/.ssh/id_rsa.pub\n? Platform vsphere\n? vCenter vcsa-....com\n? Username administrator@vsphere...\n? Password [? for help] ********\nINFO Connecting to vCenter vcsa-...com\nINFO Defaulting to only available datacenter: coe\nINFO Defaulting to only available cluster: /coe/host/cluster\n? Default Datastore /coe/datastore/shared-netapp\nINFO Defaulting to only available network: VM Network\n? Virtual IP Address for API 10.32.96.120\n? Virtual IP Address for Ingress 10.32.96.121\n? Base Domain rguske......com\n? Cluster Name ocp1\n? Pull Secret [? for help] ****************************************************************************************************************************************************************************************\nINFO Install-Config created in: .\n```\n\nOutput `install-config.yaml`:\n\n```yaml\nadditionalTrustBundlePolicy: Proxyonly\napiVersion: v1\nbaseDomain: rguske....com\ncompute:\n- architecture: amd64\n  hyperthreading: Enabled\n  name: worker\n  platform: {}\n  replicas: 3\ncontrolPlane:\n  architecture: amd64\n  hyperthreading: Enabled\n  name: master\n  platform: {}\n  replicas: 3\nmetadata:\n  creationTimestamp: null\n  name: ocp1\nnetworking:\n  clusterNetwork:\n  - cidr: 10.128.0.0/14\n    hostPrefix: 23\n  machineNetwork:\n  - cidr: 10.0.0.0/16\n  networkType: OVNKubernetes\n  serviceNetwork:\n  - 172.30.0.0/16\nplatform:\n  vsphere:\n    apiVIPs:\n    - 10.32.96.120\n    failureDomains:\n    - name: generated-failure-domain\n      region: generated-region\n      server: vcsa-vsphere1.coe.muc.redhat.com\n      topology:\n        computeCluster: /coe/host/cluster\n        datacenter: coe\n        datastore: /coe/datastore/shared-netapp\n        networks:\n        - VM Network\n        resourcePool: /coe/host/cluster/Resources\n      zone: generated-zone\n    ingressVIPs:\n    - 10.32.96.121\n    vcenters:\n    - datacenters:\n      - coe\n      password: ...\n      port: 443\n      server: vcsa-....\n      user: administrator@vsphere....\npublish: External\npullSecret: '{\"auths\":{\"cloud.openshift.com\":{\"auth\":\"b3BlbnNoaWZ0LXJlbG...'\nsshKey: |\n  ssh-rsa AAAAB3N...\n```\n\nThis is pretty similiar to what you've might know from the [Agent-Based-Installer](https://github.com/rguske/openshift-agent-based-installer?tab=readme-ov-file#configurations), except the part `failureDomains`. Furthermore, the output expects a DHCP supported environment. I'd like to configure it with static IPs.\n\nSamle configuration with static IP assignments:\n\n```yaml\ncat \u003e install-config.yaml \u003c\u003cEOF\nadditionalTrustBundlePolicy: Proxyonly\napiVersion: v1\nbaseDomain: rguske.....com\ncompute:\n- architecture: amd64\n  hyperthreading: Enabled\n  name: worker\n  platform: {}\n  replicas: 2\ncontrolPlane:\n  architecture: amd64\n  hyperthreading: Enabled\n  name: master\n  platform: {}\n  replicas: 3\nmetadata:\n  creationTimestamp: null\n  name: ocp1\nnetworking:\n  clusterNetwork:\n  - cidr: 10.128.0.0/14\n    hostPrefix: 23\n  machineNetwork:\n  - cidr: 10.32.96.0/20\n  networkType: OVNKubernetes\n  serviceNetwork:\n  - 172.30.0.0/16\nplatform:\n  vsphere:\n    hosts:\n    - role: bootstrap\n      networkDevice:\n        ipAddrs:\n        - 10.32.96.127/20\n        gateway: 10.32.111.254\n        nameservers:\n        - 10.32.96.1\n    - role: control-plane\n      networkDevice:\n        ipAddrs:\n        - 10.32.96.122/20\n        gateway: 10.32.111.254\n        nameservers:\n        - 10.32.96.1\n    - role: control-plane\n      networkDevice:\n        ipAddrs:\n        - 10.32.96.123/20\n        gateway: 10.32.111.254\n        nameservers:\n        - 10.32.96.1\n    - role: control-plane\n      networkDevice:\n        ipAddrs:\n        - 10.32.96.124/20\n        gateway: 10.32.111.254\n        nameservers:\n        - 10.32.96.1\n    - role: compute\n      networkDevice:\n        ipAddrs:\n        - 10.32.96.125/20\n        gateway: 10.32.111.254\n        nameservers:\n        - 10.32.96.1\n    - role: compute\n      networkDevice:\n        ipAddrs:\n        - 10.32.96.126/20\n        gateway: 10.32.111.254\n        nameservers:\n        - 10.32.96.1\n    apiVIPs:\n    - 10.32.96.120\n    failureDomains:\n    - name: failure-domain-1\n      region: coe-muc\n      server: 'vcsa-....'\n      topology:\n        computeCluster: /coe/host/cluster\n        datacenter: coe\n        datastore: /coe/datastore/shared-netapp\n        networks:\n        - VM Network\n        folder: /coe/vm/rguske-ocp1\n      zone: coe-muc-zone\n    ingressVIPs:\n    - 10.32.96.121\n    vcenters:\n    - datacenters:\n      - coe\n      password: ''\n      port: 443\n      server: 'vcsa...'\n      user: 'administrator@vsphere....'\npublish: External\npullSecret: '{\"auths\":{\"cloud.openshift.com\":{\"auth\":\"b3BlbnNoaWZ0LXJlbGVhc2UtZ...'\nsshKey: |\n  ssh-rsa AAAAB3Nza...\nEOF\n```\n\n`openshift-install create cluster --dir . --log-level=debug`\n\nVirtual Machines deployment based on an automatically created VM-template.\n\n![ocp-ipi-bootstrap](assets/ocp-ipi-bootstrap.png)\n\nBootstrap VM will be removed during the cluster bootstrap progress.\n\n![ocp-ipi-bootstrap-vm-remove](assets/ocp-ipi-destroy-bootstrap-vm.png)\n\nThe installation log messages are in $FOLDER/.openshift_install.log. If the installation fails, check the log for error messages and make changes to the environment accordingly. Then re-run the installation with the following command:\n\n`openshift-install wait-for install-complete`\n\n## Install complete\n\nThe installer will display the following lines if the installation finishes successfully:\n\n```shell\n[...]\nINFO All cluster operators have completed progressing\nINFO Checking to see if there is a route at openshift-console/console...\nDEBUG Route found in openshift-console namespace: console\nDEBUG OpenShift console route is admitted\nINFO Install complete!\nINFO To access the cluster as the system:admin user when using 'oc', run 'export KUBECONFIG=/home/rguske/ocp/ipi/auth/kubeconfig'\nINFO Access the OpenShift web-console here: https://console-openshift-console.apps.ocp1.rguske.....com\nINFO Login to the console with user: \"kubeadmin\", and password: \"74BY4...\"\nDEBUG Time elapsed per stage:\nDEBUG     Infrastructure Pre-provisioning: 1m11s\nDEBUG Network-infrastructure Provisioning: 44s\nDEBUG                Machine Provisioning: 8m16s\nDEBUG                  Bootstrap Complete: 19m29s\nDEBUG                   Bootstrap Destroy: 25s\nDEBUG         Cluster Operators Available: 25m24s\nDEBUG            Cluster Operators Stable: 41s\nINFO Time elapsed: 56m21s\n```\n\nLogin into the cluster using the created `kubeconfig` file within your installation folder.\n\n`export KUBECONFIG=auth/kubeconfig`\n\n`oc whoami`\n\n`kubectl get nodes`\n\n`openshift-install destroy cluster --dir=\u003cinstallation_directory\u003e --log-level=debug`\n\n`openshift-install wait-for install-complete --log-level debug`\n\n```shell\nl\ntotal 32\ndrwxr-x---@ 4 rguske  staff   128B Sep 12 08:44 .\ndrwxr-xr-x@ 9 rguske  staff   288B Sep 12 09:29 ..\n-rw-r-----@ 1 rguske  staff    23B Sep 12 08:44 kubeadmin-password\n-rw-r-----@ 1 rguske  staff   8.8K Sep 12 08:44 kubeconfig\n```\n\n## Troubleshooting\n\n`oc adm node-logs ocp-mk1-nbhk5-master-0 -u crio`\n\n`oc get clusterversion`\n\n`oc describe clusterversion`\n\n`oc adm upgrade`","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frguske%2Fopenshift-installer-provisioned-infrastructure","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Frguske%2Fopenshift-installer-provisioned-infrastructure","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frguske%2Fopenshift-installer-provisioned-infrastructure/lists"}