Skip to content

4.5.6

Jump to bottom
usrbinkat edited this page Sep 23, 2020 · 1 revision

Low-Side Artifact Bundle

Koffer Collector Plugins

Run on the low-side connected instance

  1. Create Platform Artifacts Staging Directory
 mkdir -p /tmp/bundle ;
  1. Build OpenShift Infrastructure, Operators, and App Bundles
sudo podman run -it --rm --pull always \
    --volume /tmp/bundle:/root/deploy/bundle:z \
  docker.io/codesparta/koffer:4.5.6 bundle \
    --repo collector-infra
  1. Paste Quay.io Image Pull Secret when prompted
  2. Review your artifacts
 du -sh /tmp/bundle/*

Airgap Artifact Walk

Valid transport strategies include:

  • S3
  • SCP
  • Rsync
  • Physical media (e.g. DVD)

Glossary:

  • keyname your AWS SSH key pair for provisioning bastion and registry
  • rhel_bastion_public_ip public IP of your RHEL bastion
  • rhcos_private_registry_node_ip your Red Hat CoreOS (RHCOS) registry node private IP
  1. Set Permissions on bundle(s)
  sudo chown -R $USER /tmp/bundle
  1. Push bastion SSH keys to RHEL bastion
  scp -i ~/.ssh/${keyname} ~/.ssh/${keyname}* ec2-user@${rhel_bastion_public_ip}:~/.ssh/
  1. Push artifact bundles to RHEL bastion
  rsync --progress -avzh /tmp/bundle -e "ssh -i ~/.ssh/${keyname}" ec2-user@${rhel_bastion_public_ip}:~
  1. SSH to the RHEL bastion
  ssh -i ~/.ssh/${keyname} ec2-user@${rhel_bastion_public_ip}
  1. Push artifact bundles to RHCOS private registry node
  rsync --progress -avzh bundle -e "ssh -i ~/.ssh/${keyname}" core@${rhcos_private_registry_node_ip}:~
  1. SSH to the RHCOS private registry node
  ssh -i ~/.ssh/${keyname} core@${rhcos_private_registry_node_ip}
  1. Extract bundles
  sudo mkdir -p /root/deploy/mirror
  sudo tar xv -f ${HOME}/bundle/koffer-bundle.openshift-*.tar         -C /root

High-Side Deployment

On the private registry node

  1. Acquire root
 sudo -i
  1. Assign variables
 vi answer.sh
  1. Run Konductor 
 ./konductor.sh
  1. Exec into Konductor
 podman exec -it one connect
  1. Watch Cluster Operators come online (may take 30-60 minutes)
 watch oc get co
  1. Patch/Disable Cloud Credential Operator
oc patch cm cloud-credential-operator-config -p '{"data":{"disabled":"true"}}' -n openshift-cloud-credential-operator
  1. Print & Load Apps ELB DNS CNAME Forwarder into apps route53 entry
oc get svc -n openshift-ingress | awk '/router-default/{print $4}'
  1. Add Apps ELB *.apps.cluster.domain.com wildcard DNS Entry

Cluster & VPC Teardown

On the private registry Konductor Container

  1. Exec into container
 sudo podman exec -it one bash
  1. Change dir into Terraform Directory
 cd /root/deploy/terraform/shaman
  1. Patch masters to make scheduleable
oc patch schedulers.config.openshift.io cluster -p '{"spec":{"mastersSchedulable":true}}' --type=merge
  1. Delete machinesets & wait for worker nodes to terminate
for i in $(oc get machinesets -A | awk '/machine-api/{print $2}'); do oc delete machineset $i -n openshift-machine-api; echo deleted $i; done
  1. Delete service router & wait for it to terminate
oc delete service router-default -n openshift-ingress &
  1. Exec control plane breakdown playbook
 chmod +x ./breakdown.yml && ./breakdown.yml

On your devkit-vpc controller

  1. change dir into devkit-vpc directory
  2. exec breakdown script
 ./devkit-destroy-vpc.sh
Clone this wiki locally