From c88aadaa11c2ff7cb741d5c8df8df9bd3660b3d9 Mon Sep 17 00:00:00 2001 From: Brendan Shephard Date: Tue, 7 Jan 2025 14:57:17 +1000 Subject: [PATCH] Add high level documentation for disconnected envs Signed-off-by: Brendan Shephard --- ...eploying-in-disconnected-environments.adoc | 48 +++++++++++++++++++ docs/dataplane.adoc | 2 + 2 files changed, 50 insertions(+) create mode 100644 docs/assemblies/proc_deploying-in-disconnected-environments.adoc diff --git a/docs/assemblies/proc_deploying-in-disconnected-environments.adoc b/docs/assemblies/proc_deploying-in-disconnected-environments.adoc new file mode 100644 index 000000000..32df343fa --- /dev/null +++ b/docs/assemblies/proc_deploying-in-disconnected-environments.adoc @@ -0,0 +1,48 @@ +[id="proc_deploying-in-disconnected-environments"] += Deploying OpenStack in a disconnected environment + +[role="_abstract"] +== Process +Deploying in disconnected environments can be achieved largely by following the OpenShift documentation for mirroring OLM Operators: https://docs.openshift.com/container-platform/4.17/disconnected/mirroring/installing-mirroring-installation-images.html#olm-mirror-catalog_installing-mirroring-installation-images + +== Technical Overview +The `openstack-operator` contains a list of related images that will ensure all required images for the deployment are mirrored following the above OpenShift process. Once images are mirrored, the `ImageContentSourcePolicy` custom resource (CR) is created. This process results in a `MachineConfig` called `99-master-genereted-registries` being updated in the cluster. The `99-master-generated-registries` `MachineConfig` contains a `registries.conf` file that is applied to all of the OpenShift nodes in the cluster. + +In order to integrate cleanly with this process. The dataplane controller will check for the existence of an `ImageContentSourcePolicy`. If one is found, we will read the `registries.conf` file from the `99-master-generated-registries` `MachineConfig`. The dataplane controller will then set two variables in the Ansible inventory for the nodes. + +[,yaml] +---- +edpm_podman_disconnected_ocp +edpm_podman_registries_conf +---- + +`edpm_podman_disconnected_ocp` is a boolean variable that is used to conditionally render `registries.conf` on the dataplane nodes during the deployment. While `edpm_podman_registries_conf` contains the contents of the `registries.conf` that we acquired from the `MachineConfig` in the cluster. The contents of this file will be written to `/etc/containers/registries.conf` on each of the dataplane nodes. This ensures that our dataplane nodes are configured in a consistent manner with the OpenShift nodes. + +Since we pull this configuration file directly from OpenShift, we also have the same requirements as OpenShift for our images - such as using image digests instead of image tags. +We can see this configured in the Ansible inventory secret for each of the `OpenStackDataPlaneNodeSet` objects in the cluster. Using `multipathd` as an example: + +[,yaml] +---- + edpm_podman_registries_conf: | + [...] + [[registry]] + prefix = "" + location = "registry.redhat.io/rhoso/openstack-multipathd-rhel9" + + [[registry.mirror]] + location = "quay-mirror-registry.example.net:8443/olm/rhoso-openstack-multipathd-rhel9" + pull-from-mirror = "digest-only" + [...] +---- + +We can see that the `pull-from-mirror` parameter is set to `digest-only`. This means that any attempt by podman to pull an image by a digest will result in the image being pulled from the specified mirror. + +Accordingly, we can see that image references in the `OpenStackVersion` CR are provided in the digest format, for example the multipathd image: + +[,bash] +---- +$ oc get openstackversion -o jsonpath='{.items[].status.containerImages.edpmMultipathdImage}' +"registry.redhat.io/rhoso/openstack-multipathd-rhel9@sha256:7df2e1ebe4ec6815173e49157848a63d28a64ffb0db8de6562c4633c0fbcdf3f" +---- + +Since we provide all images in digest format for the `OpenStackVersion` resource, there is no additional action required by users to work in a disconnected environment. diff --git a/docs/dataplane.adoc b/docs/dataplane.adoc index 633105aea..49a28c7e8 100644 --- a/docs/dataplane.adoc +++ b/docs/dataplane.adoc @@ -29,4 +29,6 @@ include::assemblies/design.adoc[leveloffset=+1] include::assemblies/creating-the-data-plane.adoc[leveloffset=+1] +include::assemblies/proc_deploying-in-disconnected-environments.adoc[leveloffset=+1] + include::assemblies/dataplane_resources.adoc[leveloffset=-1]