Red Hat SummitChapter 17. Airgapped environment
An air-gapped environment ensures security by physically isolating it from other networks and systems. You can install director Operator in an air-gapped environment to ensure security and provides certain regulatory requirements.
17.1. Configuring an airgapped environment
To configure an airgapped environment, you must have access to both registry.redhat.io and the registry for airgapped environment. For more information on how to access both registries, see Mirroring catalog contents to airgapped registries.
Prerequisites
- You have installed an Openshift Container Platform LTS release (OCP) 4.10 or later cluster, with an enabled baremetal cluster operator, and a provisioning network.
- You have installed the Kubevirt-Hyperconvered (OCP Virtualization Operator) and SR-IOV operator in the cluster.
- You have a disconnected registry adhering to docker v2 schema. For more information, see Mirroring images for a disconnected installation.
- You have access to a Satellite server or any other repository used to register the overcloud nodes and install packages.
- You have access to a local git repository to store deployment artifacts.
-
You have installed the
occommand line tool on your workstation. -
You have installed the
podmanandskopeocommand line tools on your workstation.
Procedure
Create the openstack namespace:
$ oc new-project openstackCreate the index image and push it to your registry:
$ podman login registry.redhat.io $ podman login your.registry.local $ BUNDLE_IMG="registry.redhat.io/rhosp-rhel8/osp-director-operator-bundle@sha256:c19099ac3340d364307a43e0ae2be949a588fefe8fcb17663049342e7587f055"NoteYou can get the latest bundle image from: Certified container images. Search for
osp-director-operator-bundle.Mirror the relevant images based on the operator index image:
$ oc adm catalog mirror ${INDEX_IMG} your.registry.local --insecure --index-filter-by-os='Linux/x86_64'After mirroring is complete, a
manifestsdirectory is generated in your current directory calledmanifests-osp-director-operator-index-<random_number>. Apply the created ImageContentSourcePolicy to your cluster:$ os apply -f manifests-osp-director-operator-index-<random_number>/imageContentSourcePolicy.yaml- Replace <random_number> with the randomly generated number.
Create a file named
osp-director-operator.yamland include the following YAML content to configure the three resources required to install director Operator:apiVersion: operators.coreos.com/v1alpha1 kind: CatalogSource metadata: name: osp-director-operator-index namespace: openstack spec: sourceType: grpc image: your.registry.local/osp-director-operator-index:1.3.x-y --- apiVersion: operators.coreos.com/v1 kind: OperatorGroup metadata: name: "osp-director-operator-group" namespace: openstack spec: targetNamespaces: - openstack --- apiVersion: operators.coreos.com/v1alpha1 kind: Subscription metadata: name: osp-director-operator-subscription namespace: openstack spec: config: env: - name: WATCH_NAMESPACE value: openstack,openshift-machine-api,openshift-sriov-network-operator source: osp-director-operator-index sourceNamespace: openstack name: osp-director-operatorCreate the new resources in the openstack namespace:
$ oc applycreate -f osp-director-operator.yamlCopy the required overcloud images to the respository:
$ for i in $(podman search --limit 1000 "registry.redhat.io/rhosp-rhel8/openstack" --format="{{ .Name }}" | awk '{print $1 ":" "16.2.4"}' | awk -F "/" '{print $2 "/" $3}'); do skopeo copy --all docker://registry.redhat.io/$i docker://your.registry.local/$i;doneNoteYou can refer to Preparing a Satellite server for container images if Red Hat Satellite is used as the local registry.
- You can now proceed with Preparing the overcloud deployment with the director Operator.
Verification
Confirm that you have successfully installed the director Operator:
$ oc get operators NAME AGE osp-director-operator.openstack 5m
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}