IPI Install Notes
Using IPI with redfish has some automation benefits. Here’s the install-config.yaml I used with KVM.
Important
When doing dual-stack both machineNetworks need to be routable. The install will NOT proceed unless the bootstrap VM recieves an IPv6 address from DHCP6. In my example below I’m manually adding the IPv4 address but doing the same for IPv6 is currently NOT possible.
Warning
By default two bridged networks are used, provisioner and
baremetal. I’m disabling the provisioner bridge with the parameter
provisioningNetwork: Disabled. The baremetal network is required
and must be be a bridged interface. By default its name is baremetal. Use
the externalBridge: <name> parameter to change the default name.
Note
This is a dual stack example.
The hosts section is truncated, be sure to add and identify all the required hosts.
Download the latest openshift-install utility found here: OpenShift mirror site
Extract install utility
tar -xzvf openshift-install-linux.tar.gz -C ~/.local/bin
Create a work subdir
mkdir ./workdirCreate “install-config.yaml” and save in ./workdir
1apiVersion: v1 2basedomain: lab.local 3metadata: 4 name: ocp5 5networking: 6 machineNetwork: 7 - cidr: 192.168.1.0/24 8 - cidr: 2600:1702:4c73:f111::0/64 9 clusterNetwork: 10 - cidr: 10.128.0.0/14 11 hostPrefix: 23 12 - cidr: fd02::/48 13 hostPrefix: 64 14 networkType: OVNKubernetes 15 serviceNetwork: 16 - 172.30.0.0/16 17 - fd03::/112 18compute: 19- name: worker 20 replicas: 2 21controlPlane: 22 name: master 23 replicas: 3 24 platform: 25 baremetal: {} 26platform: 27 baremetal: 28 provisioningNetwork: Disabled 29 externalBridge: br-enp4s0f0 30 bootstrapExternalStaticIP: 192.168.1.222 31 bootstrapExternalStaticGateway: 192.168.1.1 32 bootstrapExternalStaticDNS: 192.168.1.68 33 apiVIPs: 34 - 192.168.1.150 35 - 2600:1702:4c73:f111::150 36 ingressVIPs: 37 - 192.168.1.151 38 - 2600:1702:4c73:f111::151 39 hosts: 40 - name: host51.lab.local 41 role: master 42 bmc: 43 address: redfish-virtualmedia+http://192.168.1.72:8000/redfish/v1/Systems/940a6eaa-4b4f-4297-8182-e24cbfc64460 44 username: kni 45 password: kni 46 disableCertificateVerification: True 47 bootMACAddress: 52:54:00:f4:16:51 48 rootDeviceHints: 49 deviceName: "/dev/vda" 50 networkConfig: 51 interfaces: 52 - name: enp1s0 53 type: ethernet 54 state: up 55 mtu: 1500 56 ipv4: 57 enabled: true 58 dhcp: false 59 address: 60 - ip: 192.168.1.51 61 prefix-length: 24 62 ipv6: 63 enabled: true 64 dhcp: false 65 address: 66 - ip: 2600:1702:4c73:f111::51 67 prefix-length: 64 68 dns-resolver: 69 config: 70 search: 71 - lab.local 72 server: 73 - 192.168.1.68 74 - 2600:1702:4c73:f111::68 75 routes: 76 config: 77 - destination: 0.0.0.0/0 78 next-hop-address: 192.168.1.1 79 next-hop-interface: enp1s0 80 - destination: '::/0' 81 next-hop-address: '2600:1702:4c73:f111::1' 82 next-hop-interface: enp1s0 83 84pullSecret: '{"auths":{"mirror.lab.local:8443":{"auth":"aW5pdDpwYXNzd29yZA=="}}}' 85sshKey: | 86 ssh-rsa AAAAB3NzaC1yc2EAAAADAQA... 87imageContentSources: 88- mirrors: 89 - mirror.lab.local:8443/openshift/release 90 source: quay.io/openshift-release-dev/ocp-v4.0-art-dev 91- mirrors: 92 - mirror.lab.local:8443/openshift/release-images 93 source: quay.io/openshift-release-dev/ocp-release 94additionalTrustBundle: | 95 -----BEGIN CERTIFICATE----- 96 <Use rootCA.pem for mirror registry here> 97 -----END CERTIFICATE-----
With “openshift-install” downloaded in step 1, run the following command to create the cluster.
openshift-install create cluster --dir ./workdir --log-level debug
Remote Worker Node Example
1apiVersion: v1
2basedomain: lab.local
3metadata:
4 name: ocp5
5networking:
6 machineNetwork:
7 - cidr: 192.168.122.0/24
8 - cidr: 192.168.132.0/24
9 clusterNetwork:
10 - cidr: 10.128.0.0/14
11 hostPrefix: 23
12 networkType: OVNKubernetes
13 serviceNetwork:
14 - 172.30.0.0/16
15compute:
16- name: worker
17 replicas: 2
18controlPlane:
19 name: master
20 replicas: 3
21 platform:
22 baremetal: {}
23platform:
24 baremetal:
25 apiVIPs:
26 - 192.168.122.150
27 ingressVIPs:
28 - 192.168.122.151
29 provisioningNetwork: "Disabled"
30 externalBridge: "bridge0"
31 hosts:
32 - name: host51.lab.local
33 role: master
34 bmc:
35 address: redfish-virtualmedia+http://192.168.1.72:8000/redfish/v1/Systems/06c5182a-7599-42bf-8e2d-395f3aeab1b5
36 username: kni
37 password: kni
38 disableCertificateVerification: True
39 bootMACAddress: 52:54:00:f4:16:51
40 rootDeviceHints:
41 deviceName: "/dev/vda"
42 networkConfig:
43 interfaces:
44 - name: enp1s0
45 type: ethernet
46 state: up
47 mtu: 1500
48 - name: enp1s0.122
49 type: vlan
50 state: up
51 vlan:
52 base-iface: enp1s0
53 id: 122
54 ipv4:
55 enabled: true
56 dhcp: false
57 address:
58 - ip: 192.168.122.51
59 prefix-length: 24
60 ipv6:
61 enabled: false
62 dns-resolver:
63 config:
64 search:
65 - lab.local
66 server:
67 - 192.168.1.68
68 routes:
69 config:
70 - destination: 0.0.0.0/0
71 next-hop-address: 192.168.122.1
72 next-hop-interface: enp1s0.122
73 table-id: 254
74 - name: host52.lab.local
75 role: master
76 bmc:
77 address: redfish-virtualmedia+http://192.168.1.72:8000/redfish/v1/Systems/0662cc00-1c67-4519-b7d2-67c3f8ba9ea2
78 username: kni
79 password: kni
80 disableCertificateVerification: True
81 bootMACAddress: 52:54:00:f4:16:52
82 rootDeviceHints:
83 deviceName: "/dev/vda"
84 networkConfig:
85 interfaces:
86 - name: enp1s0
87 type: ethernet
88 state: up
89 mtu: 1500
90 - name: enp1s0.122
91 type: vlan
92 state: up
93 vlan:
94 base-iface: enp1s0
95 id: 122
96 ipv4:
97 enabled: true
98 dhcp: false
99 address:
100 - ip: 192.168.122.52
101 prefix-length: 24
102 ipv6:
103 enabled: false
104 dns-resolver:
105 config:
106 search:
107 - lab.local
108 server:
109 - 192.168.1.68
110 routes:
111 config:
112 - destination: 0.0.0.0/0
113 next-hop-address: 192.168.122.1
114 next-hop-interface: enp1s0.122
115 table-id: 254
116 - name: host53.lab.local
117 role: master
118 bmc:
119 address: redfish-virtualmedia+http://192.168.1.72:8000/redfish/v1/Systems/26c8d1cb-5340-42c9-a6e0-b680585ae6bb
120 username: kni
121 password: kni
122 disableCertificateVerification: True
123 bootMACAddress: 52:54:00:f4:16:53
124 rootDeviceHints:
125 deviceName: "/dev/vda"
126 networkConfig:
127 interfaces:
128 - name: enp1s0
129 type: ethernet
130 state: up
131 mtu: 1500
132 - name: enp1s0.122
133 type: vlan
134 state: up
135 vlan:
136 base-iface: enp1s0
137 id: 122
138 ipv4:
139 enabled: true
140 dhcp: false
141 address:
142 - ip: 192.168.122.53
143 prefix-length: 24
144 ipv6:
145 enabled: false
146 dns-resolver:
147 config:
148 search:
149 - lab.local
150 server:
151 - 192.168.1.68
152 routes:
153 config:
154 - destination: 0.0.0.0/0
155 next-hop-address: 192.168.122.1
156 next-hop-interface: enp1s0.122
157 table-id: 254
158 - name: host54.lab.local
159 role: worker
160 bmc:
161 address: redfish-virtualmedia+http://192.168.1.72:8000/redfish/v1/Systems/93cda952-42ee-424e-9977-76a2d652a6c0
162 username: kni
163 password: kni
164 disableCertificateVerification: True
165 bootMACAddress: 52:54:00:f4:16:54
166 rootDeviceHints:
167 deviceName: "/dev/vda"
168 networkConfig:
169 interfaces:
170 - name: enp1s0
171 type: ethernet
172 state: up
173 mtu: 1500
174 - name: enp1s0.132
175 type: vlan
176 state: up
177 vlan:
178 base-iface: enp1s0
179 id: 132
180 ipv4:
181 enabled: true
182 dhcp: false
183 address:
184 - ip: 192.168.132.54
185 prefix-length: 24
186 ipv6:
187 enabled: false
188 dns-resolver:
189 config:
190 search:
191 - lab.local
192 server:
193 - 192.168.1.68
194 routes:
195 config:
196 - destination: 0.0.0.0/0
197 next-hop-address: 192.168.132.1
198 next-hop-interface: enp1s0.132
199 table-id: 254
200 - name: host55.lab.local
201 role: worker
202 bmc:
203 address: redfish-virtualmedia+http://192.168.1.72:8000/redfish/v1/Systems/05057ca0-094d-4e8f-9eea-1bd95b4e88d5
204 username: kni
205 password: kni
206 disableCertificateVerification: True
207 bootMACAddress: 52:54:00:f4:16:55
208 rootDeviceHints:
209 deviceName: "/dev/vda"
210 networkConfig:
211 interfaces:
212 - name: enp1s0
213 type: ethernet
214 state: up
215 mtu: 1500
216 - name: enp1s0.132
217 type: vlan
218 state: up
219 vlan:
220 base-iface: enp1s0
221 id: 132
222 ipv4:
223 enabled: true
224 dhcp: false
225 address:
226 - ip: 192.168.132.55
227 prefix-length: 24
228 ipv6:
229 enabled: false
230 dns-resolver:
231 config:
232 search:
233 - lab.local
234 server:
235 - 192.168.1.68
236 routes:
237 config:
238 - destination: 0.0.0.0/0
239 next-hop-address: 192.168.132.1
240 next-hop-interface: enp1s0.132
241 table-id: 254
242
243pullSecret: '{"auths":{"mirror.lab.local:8443":{"auth":"aW5pdDpwYXNzd29yZA=="}}}'
244sshKey: |
245 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDE
246imageContentSources:
247- mirrors:
248 - mirror.lab.local:8443/openshift/release
249 source: quay.io/openshift-release-dev/ocp-v4.0-art-dev
250- mirrors:
251 - mirror.lab.local:8443/openshift/release-images
252 source: quay.io/openshift-release-dev/ocp-release
253additionalTrustBundle: |
254 -----BEGIN CERTIFICATE-----
255 <Use rootCA.pem for mirror registry here>
256 -----END CERTIFICATE-----