Merge "High Security Vulnerability Document Updates (r6, r6ds, r7, r7ds)"
This commit is contained in:
commit
281ae61bfa
@ -1,3 +1,4 @@
|
|||||||
|
.. Greg updates required for -High Security Vulnerability Document Updates
|
||||||
|
|
||||||
.. uzk1552923967458
|
.. uzk1552923967458
|
||||||
.. _restoring-starlingx-system-data-and-storage:
|
.. _restoring-starlingx-system-data-and-storage:
|
||||||
|
@ -1,4 +1,6 @@
|
|||||||
|
|
||||||
|
.. Greg updates required for -High Security Vulnerability Document Updates
|
||||||
|
|
||||||
.. bqg1571264986191
|
.. bqg1571264986191
|
||||||
.. _running-ansible-backup-playbook-locally-on-the-controller:
|
.. _running-ansible-backup-playbook-locally-on-the-controller:
|
||||||
|
|
||||||
@ -8,28 +10,28 @@ Run Ansible Backup Playbook Locally on the Controller
|
|||||||
|
|
||||||
In this method the Ansible Backup playbook is run on the active controller.
|
In this method the Ansible Backup playbook is run on the active controller.
|
||||||
|
|
||||||
Use the following command to run the Ansible Backup playbook and back up the
|
Use one of the following commands to run the Ansible Backup playbook and back up the
|
||||||
|prod| configuration, data, and user container images in registry.local data:
|
|prod| configuration, data, and user container images in registry.local data:
|
||||||
|
|
||||||
.. code-block:: none
|
.. code-block:: none
|
||||||
|
|
||||||
~(keystone_admin)]$ ansible-playbook /usr/share/ansible/stx-ansible/playbooks/backup.yml -e "ansible_become_pass=<sysadmin password> admin_password=<sysadmin password>" -e "backup_user_local_registry=true"
|
~(keystone_admin)]$ ansible-playbook /usr/share/ansible/stx-ansible/playbooks/backup.yml -e "ansible_become_pass=<sysadmin password> admin_password=<sysadmin password>" -e "backup_user_local_registry=true"
|
||||||
|
~(keystone_admin)]$ ansible-playbook /usr/share/ansible/stx-ansible/playbooks/backup.yml --ask-vault-pass -e "override_files_dir=$HOME/override_dir"
|
||||||
|
|
||||||
The <admin_password> and <ansible_become_pass> need to be set correctly
|
The <admin_password> and <ansible_become_pass> need to be set correctly
|
||||||
using the ``-e`` option on the command line, or an override file, or in the
|
using the ``-e`` option on the command line, with an override file secured with
|
||||||
Ansible secret file.
|
ansible-vault (recommended).
|
||||||
|
|
||||||
An example of override file follows:
|
For example, create your override file with the :command:`ansible-vault create $HOME/override_dir/localhost-backup.yaml`
|
||||||
|
command and copy the following lines into the file. You will be prompted for a
|
||||||
|
password to protect/encrypt the file. Use the :command:`ansible-vault edit $HOME/override_dir/localhost-backup.yaml`
|
||||||
|
command if the file needs to be edited after it is created.
|
||||||
|
|
||||||
.. code-block:: none
|
.. code-block:: none
|
||||||
|
|
||||||
cat << EOF > localhost-backup.yaml
|
|
||||||
---
|
|
||||||
ansible_become_pass: "<admin_password>"
|
ansible_become_pass: "<admin_password>"
|
||||||
admin_password: "<admin_password>"
|
admin_password: "<admin_password>"
|
||||||
backup_user_local_registry: "true"
|
backup_user_local_registry: "true"
|
||||||
...
|
|
||||||
EOF
|
|
||||||
|
|
||||||
The output files will be named:
|
The output files will be named:
|
||||||
|
|
||||||
@ -43,8 +45,8 @@ The output files will be named:
|
|||||||
|
|
||||||
- inventory_hostname_dc_vault_backup_timestamp.tgz
|
- inventory_hostname_dc_vault_backup_timestamp.tgz
|
||||||
|
|
||||||
The variables prefix can be overridden using the ``-e`` option on the command
|
The output files' prefixes can be overridden with the following variables
|
||||||
line or by using an override file.
|
using the ``-e`` option on the command line or by using an override file.
|
||||||
|
|
||||||
.. _running-ansible-backup-playbook-locally-on-the-controller-ul-rdp-gyh-pmb:
|
.. _running-ansible-backup-playbook-locally-on-the-controller-ul-rdp-gyh-pmb:
|
||||||
|
|
||||||
|
@ -1,5 +1,8 @@
|
|||||||
|
|
||||||
|
.. Greg updates required for -High Security Vulnerability Document Updates
|
||||||
|
|
||||||
.. kpt1571265015137
|
.. kpt1571265015137
|
||||||
|
|
||||||
.. _running-ansible-backup-playbook-remotely:
|
.. _running-ansible-backup-playbook-remotely:
|
||||||
|
|
||||||
====================================
|
====================================
|
||||||
@ -59,7 +62,7 @@ and target it at controller-0.
|
|||||||
#. Switch to the <overrides> directory created previously.
|
#. Switch to the <overrides> directory created previously.
|
||||||
|
|
||||||
#. Create a new secret file encrypted with Ansible-Vault using the
|
#. Create a new secret file encrypted with Ansible-Vault using the
|
||||||
:command:`ansible-vault create secrets.yml` command.
|
:command:`ansible-vault create $HOME/override_dir/secrets.yml` command.
|
||||||
|
|
||||||
Set and confirm a new Ansible-Vault password. Ansible will open an editing
|
Set and confirm a new Ansible-Vault password. Ansible will open an editing
|
||||||
window where you can enter your desired contents.
|
window where you can enter your desired contents.
|
||||||
@ -82,7 +85,7 @@ and target it at controller-0.
|
|||||||
|
|
||||||
Save your changes and quit the editor. If you need to make additional
|
Save your changes and quit the editor. If you need to make additional
|
||||||
changes, you can use the command :command:`ansible-vault edit
|
changes, you can use the command :command:`ansible-vault edit
|
||||||
override_dir/secrets.yml`.
|
$HOME/override_dir/secrets.yml`.
|
||||||
|
|
||||||
#. Run Ansible Backup playbook:
|
#. Run Ansible Backup playbook:
|
||||||
|
|
||||||
|
@ -1,4 +1,6 @@
|
|||||||
|
|
||||||
|
.. Greg updates required for -High Security Vulnerability Document Updates
|
||||||
|
|
||||||
.. rmy1571265233932
|
.. rmy1571265233932
|
||||||
.. _running-restore-playbook-locally-on-the-controller:
|
.. _running-restore-playbook-locally-on-the-controller:
|
||||||
|
|
||||||
|
@ -1,4 +1,6 @@
|
|||||||
|
|
||||||
|
.. Greg updates required for -High Security Vulnerability Document Updates
|
||||||
|
|
||||||
.. quy1571265365123
|
.. quy1571265365123
|
||||||
.. _system-backup-running-ansible-restore-playbook-remotely:
|
.. _system-backup-running-ansible-restore-playbook-remotely:
|
||||||
|
|
||||||
|
@ -1,4 +1,6 @@
|
|||||||
|
|
||||||
|
.. Greg updates required for -High Security Vulnerability Document Updates
|
||||||
|
|
||||||
.. _aio_duplex_install_kubernetes_r6:
|
.. _aio_duplex_install_kubernetes_r6:
|
||||||
|
|
||||||
================================================
|
================================================
|
||||||
@ -96,19 +98,30 @@ Bootstrap system on controller-0
|
|||||||
Specify the user configuration override file for the Ansible bootstrap
|
Specify the user configuration override file for the Ansible bootstrap
|
||||||
playbook using one of the following methods:
|
playbook using one of the following methods:
|
||||||
|
|
||||||
|
.. note::
|
||||||
|
|
||||||
|
This Ansible Overrides file for the Bootstrap Playbook ($HOME/localhost.yml)
|
||||||
|
contains security sensitive information, use the
|
||||||
|
:command:`ansible-vault create $HOME/localhost.yml` command to create it.
|
||||||
|
You will be prompted for a password to protect/encrypt the file.
|
||||||
|
Use the :command:`ansible-vault edit $HOME/localhost.yml` command if the
|
||||||
|
file needs to be edited after it is created.
|
||||||
|
|
||||||
#. Use a copy of the default.yml file listed above to provide your overrides.
|
#. Use a copy of the default.yml file listed above to provide your overrides.
|
||||||
|
|
||||||
The default.yml file lists all available parameters for bootstrap
|
The default.yml file lists all available parameters for bootstrap
|
||||||
configuration with a brief description for each parameter in the file
|
configuration with a brief description for each parameter in the file
|
||||||
comments.
|
comments.
|
||||||
|
|
||||||
To use this method, copy the default.yml file listed above to
|
To use this method, run the :command:`ansible-vault create $HOME/localhost.yml`
|
||||||
``$HOME/localhost.yml`` and edit the configurable values as desired.
|
command and copy the contents of the ``default.yml`` file into the
|
||||||
|
ansible-vault editor, and edit the configurable values as required.
|
||||||
|
|
||||||
#. Create a minimal user configuration override file.
|
#. Create a minimal user configuration override file.
|
||||||
|
|
||||||
To use this method, create your override file at ``$HOME/localhost.yml``
|
To use this method, create your override file with
|
||||||
and provide the minimum required parameters for the deployment
|
the :command:`ansible-vault create $HOME/localhost.yml`
|
||||||
|
command and provide the minimum required parameters for the deployment
|
||||||
configuration as shown in the example below. Use the OAM IP SUBNET and IP
|
configuration as shown in the example below. Use the OAM IP SUBNET and IP
|
||||||
ADDRESSing applicable to your deployment environment.
|
ADDRESSing applicable to your deployment environment.
|
||||||
|
|
||||||
@ -189,7 +202,7 @@ Bootstrap system on controller-0
|
|||||||
|
|
||||||
::
|
::
|
||||||
|
|
||||||
ansible-playbook /usr/share/ansible/stx-ansible/playbooks/bootstrap.yml
|
ansible-playbook --ask-vault-pass /usr/share/ansible/stx-ansible/playbooks/bootstrap.yml
|
||||||
|
|
||||||
Wait for Ansible bootstrap playbook to complete. This can take 5-10 minutes,
|
Wait for Ansible bootstrap playbook to complete. This can take 5-10 minutes,
|
||||||
depending on the performance of the host machine.
|
depending on the performance of the host machine.
|
||||||
|
@ -1,6 +1,9 @@
|
|||||||
|
|
||||||
|
.. Greg updates required for High Security Vulnerability Document Updates
|
||||||
|
|
||||||
.. _aio_simplex_install_kubernetes_r6:
|
.. _aio_simplex_install_kubernetes_r6:
|
||||||
|
|
||||||
|
|
||||||
=================================================
|
=================================================
|
||||||
Install Kubernetes Platform on All-in-one Simplex
|
Install Kubernetes Platform on All-in-one Simplex
|
||||||
=================================================
|
=================================================
|
||||||
@ -96,21 +99,32 @@ Bootstrap system on controller-0
|
|||||||
Specify the user configuration override file for the Ansible bootstrap
|
Specify the user configuration override file for the Ansible bootstrap
|
||||||
playbook using one of the following methods:
|
playbook using one of the following methods:
|
||||||
|
|
||||||
|
.. note::
|
||||||
|
|
||||||
|
This Ansible Overrides file for the Bootstrap Playbook ($HOME/localhost.yml)
|
||||||
|
contains security sensitive information, use the
|
||||||
|
:command:`ansible-vault create $HOME/localhost.yml` command to create it.
|
||||||
|
You will be prompted for a password to protect/encrypt the file.
|
||||||
|
Use the :command:`ansible-vault edit $HOME/localhost.yml` command if the
|
||||||
|
file needs to be edited after it is created.
|
||||||
|
|
||||||
#. Use a copy of the default.yml file listed above to provide your overrides.
|
#. Use a copy of the default.yml file listed above to provide your overrides.
|
||||||
|
|
||||||
The default.yml file lists all available parameters for bootstrap
|
The default.yml file lists all available parameters for bootstrap
|
||||||
configuration with a brief description for each parameter in the file
|
configuration with a brief description for each parameter in the file
|
||||||
comments.
|
comments.
|
||||||
|
|
||||||
To use this method, copy the default.yml file listed above to
|
To use this method, run the :command:`ansible-vault create $HOME/localhost.yml`
|
||||||
``$HOME/localhost.yml`` and edit the configurable values as desired.
|
command and copy the contents of the ``default.yml`` file into the
|
||||||
|
ansible-vault editor, and edit the configurable values as required.
|
||||||
|
|
||||||
#. Create a minimal user configuration override file.
|
#. Create a minimal user configuration override file.
|
||||||
|
|
||||||
To use this method, create your override file at ``$HOME/localhost.yml``
|
To use this method, create your override file with
|
||||||
and provide the minimum required parameters for the deployment
|
the :command:`ansible-vault create $HOME/localhost.yml`
|
||||||
configuration as shown in the example below. Use the |OAM| IP SUBNET and
|
command and provide the minimum required parameters for the deployment
|
||||||
IP ADDRESSing applicable to your deployment environment.
|
configuration as shown in the example below. Use the OAM IP SUBNET and IP
|
||||||
|
ADDRESSing applicable to your deployment environment.
|
||||||
|
|
||||||
.. include:: /_includes/min-bootstrap-overrides-simplex.rest
|
.. include:: /_includes/min-bootstrap-overrides-simplex.rest
|
||||||
|
|
||||||
@ -190,7 +204,7 @@ Bootstrap system on controller-0
|
|||||||
|
|
||||||
::
|
::
|
||||||
|
|
||||||
ansible-playbook /usr/share/ansible/stx-ansible/playbooks/bootstrap.yml
|
ansible-playbook --ask-vault-pass /usr/share/ansible/stx-ansible/playbooks/bootstrap.yml
|
||||||
|
|
||||||
Wait for Ansible bootstrap playbook to complete. This can take 5-10 minutes,
|
Wait for Ansible bootstrap playbook to complete. This can take 5-10 minutes,
|
||||||
depending on the performance of the host machine.
|
depending on the performance of the host machine.
|
||||||
|
@ -1,4 +1,6 @@
|
|||||||
|
|
||||||
|
.. Greg updates required for -High Security Vulnerability Document Updates
|
||||||
|
|
||||||
.. _controller_storage_install_kubernetes_r6:
|
.. _controller_storage_install_kubernetes_r6:
|
||||||
|
|
||||||
===============================================================
|
===============================================================
|
||||||
@ -95,19 +97,30 @@ Bootstrap system on controller-0
|
|||||||
Specify the user configuration override file for the Ansible bootstrap
|
Specify the user configuration override file for the Ansible bootstrap
|
||||||
playbook using one of the following methods:
|
playbook using one of the following methods:
|
||||||
|
|
||||||
|
.. note::
|
||||||
|
|
||||||
|
This Ansible Overrides file for the Bootstrap Playbook ($HOME/localhost.yml)
|
||||||
|
contains security sensitive information, use the
|
||||||
|
:command:`ansible-vault create $HOME/localhost.yml` command to create it.
|
||||||
|
You will be prompted for a password to protect/encrypt the file.
|
||||||
|
Use the :command:`ansible-vault edit $HOME/localhost.yml` command if the
|
||||||
|
file needs to be edited after it is created.
|
||||||
|
|
||||||
#. Use a copy of the default.yml file listed above to provide your overrides.
|
#. Use a copy of the default.yml file listed above to provide your overrides.
|
||||||
|
|
||||||
The default.yml file lists all available parameters for bootstrap
|
The default.yml file lists all available parameters for bootstrap
|
||||||
configuration with a brief description for each parameter in the file
|
configuration with a brief description for each parameter in the file
|
||||||
comments.
|
comments.
|
||||||
|
|
||||||
To use this method, copy the default.yml file listed above to
|
To use this method, run the :command:`ansible-vault create $HOME/localhost.yml`
|
||||||
``$HOME/localhost.yml`` and edit the configurable values as desired.
|
command and copy the contents of the ``default.yml`` file into the
|
||||||
|
ansible-vault editor, and edit the configurable values as required.
|
||||||
|
|
||||||
#. Create a minimal user configuration override file.
|
#. Create a minimal user configuration override file.
|
||||||
|
|
||||||
To use this method, create your override file at ``$HOME/localhost.yml``
|
To use this method, create your override file with
|
||||||
and provide the minimum required parameters for the deployment
|
the :command:`ansible-vault create $HOME/localhost.yml`
|
||||||
|
command and provide the minimum required parameters for the deployment
|
||||||
configuration as shown in the example below. Use the OAM IP SUBNET and IP
|
configuration as shown in the example below. Use the OAM IP SUBNET and IP
|
||||||
ADDRESSing applicable to your deployment environment.
|
ADDRESSing applicable to your deployment environment.
|
||||||
|
|
||||||
@ -187,7 +200,7 @@ Bootstrap system on controller-0
|
|||||||
|
|
||||||
::
|
::
|
||||||
|
|
||||||
ansible-playbook /usr/share/ansible/stx-ansible/playbooks/bootstrap.yml
|
ansible-playbook --ask-vault-pass /usr/share/ansible/stx-ansible/playbooks/bootstrap.yml
|
||||||
|
|
||||||
Wait for Ansible bootstrap playbook to complete.
|
Wait for Ansible bootstrap playbook to complete.
|
||||||
This can take 5-10 minutes, depending on the performance of the host machine.
|
This can take 5-10 minutes, depending on the performance of the host machine.
|
||||||
|
@ -1,4 +1,5 @@
|
|||||||
|
|
||||||
|
.. Greg updates required for -High Security Vulnerability Document Updates
|
||||||
|
|
||||||
.. _dedicated_storage_install_kubernetes_r6:
|
.. _dedicated_storage_install_kubernetes_r6:
|
||||||
|
|
||||||
|
@ -1,4 +1,6 @@
|
|||||||
|
|
||||||
|
.. Greg updates required for -High Security Vulnerability Document Updates
|
||||||
|
|
||||||
.. _aio_duplex_install_kubernetes_r7:
|
.. _aio_duplex_install_kubernetes_r7:
|
||||||
|
|
||||||
================================================
|
================================================
|
||||||
@ -222,19 +224,30 @@ Bootstrap system on controller-0
|
|||||||
Specify the user configuration override file for the Ansible bootstrap
|
Specify the user configuration override file for the Ansible bootstrap
|
||||||
playbook using one of the following methods:
|
playbook using one of the following methods:
|
||||||
|
|
||||||
|
.. note::
|
||||||
|
|
||||||
|
This Ansible Overrides file for the Bootstrap Playbook ($HOME/localhost.yml)
|
||||||
|
contains security sensitive information, use the
|
||||||
|
:command:`ansible-vault create $HOME/localhost.yml` command to create it.
|
||||||
|
You will be prompted for a password to protect/encrypt the file.
|
||||||
|
Use the :command:`ansible-vault edit $HOME/localhost.yml` command if the
|
||||||
|
file needs to be edited after it is created.
|
||||||
|
|
||||||
#. Use a copy of the default.yml file listed above to provide your overrides.
|
#. Use a copy of the default.yml file listed above to provide your overrides.
|
||||||
|
|
||||||
The default.yml file lists all available parameters for bootstrap
|
The default.yml file lists all available parameters for bootstrap
|
||||||
configuration with a brief description for each parameter in the file
|
configuration with a brief description for each parameter in the file
|
||||||
comments.
|
comments.
|
||||||
|
|
||||||
To use this method, copy the default.yml file listed above to
|
To use this method, run the :command:`ansible-vault create $HOME/localhost.yml`
|
||||||
``$HOME/localhost.yml`` and edit the configurable values as desired.
|
command and copy the contents of the ``default.yml`` file into the
|
||||||
|
ansible-vault editor, and edit the configurable values as required.
|
||||||
|
|
||||||
#. Create a minimal user configuration override file.
|
#. Create a minimal user configuration override file.
|
||||||
|
|
||||||
To use this method, create your override file at ``$HOME/localhost.yml``
|
To use this method, create your override file with
|
||||||
and provide the minimum required parameters for the deployment
|
the :command:`ansible-vault create $HOME/localhost.yml`
|
||||||
|
command and provide the minimum required parameters for the deployment
|
||||||
configuration as shown in the example below. Use the OAM IP SUBNET and IP
|
configuration as shown in the example below. Use the OAM IP SUBNET and IP
|
||||||
ADDRESSing applicable to your deployment environment.
|
ADDRESSing applicable to your deployment environment.
|
||||||
|
|
||||||
@ -315,7 +328,7 @@ Bootstrap system on controller-0
|
|||||||
|
|
||||||
::
|
::
|
||||||
|
|
||||||
ansible-playbook /usr/share/ansible/stx-ansible/playbooks/bootstrap.yml
|
ansible-playbook --ask-vault-pass /usr/share/ansible/stx-ansible/playbooks/bootstrap.yml
|
||||||
|
|
||||||
Wait for Ansible bootstrap playbook to complete. This can take 5-10 minutes,
|
Wait for Ansible bootstrap playbook to complete. This can take 5-10 minutes,
|
||||||
depending on the performance of the host machine.
|
depending on the performance of the host machine.
|
||||||
|
@ -1,4 +1,6 @@
|
|||||||
|
|
||||||
|
.. Greg updates required for -High Security Vulnerability Document Updates
|
||||||
|
|
||||||
.. _aio_simplex_install_kubernetes_r7:
|
.. _aio_simplex_install_kubernetes_r7:
|
||||||
|
|
||||||
=================================================
|
=================================================
|
||||||
@ -117,21 +119,32 @@ Bootstrap system on controller-0
|
|||||||
Specify the user configuration override file for the Ansible bootstrap
|
Specify the user configuration override file for the Ansible bootstrap
|
||||||
playbook using one of the following methods:
|
playbook using one of the following methods:
|
||||||
|
|
||||||
|
.. note::
|
||||||
|
|
||||||
|
This Ansible Overrides file for the Bootstrap Playbook ($HOME/localhost.yml)
|
||||||
|
contains security sensitive information, use the
|
||||||
|
:command:`ansible-vault create $HOME/localhost.yml` command to create it.
|
||||||
|
You will be prompted for a password to protect/encrypt the file.
|
||||||
|
Use the :command:`ansible-vault edit $HOME/localhost.yml` command if the
|
||||||
|
file needs to be edited after it is created.
|
||||||
|
|
||||||
#. Use a copy of the default.yml file listed above to provide your overrides.
|
#. Use a copy of the default.yml file listed above to provide your overrides.
|
||||||
|
|
||||||
The default.yml file lists all available parameters for bootstrap
|
The default.yml file lists all available parameters for bootstrap
|
||||||
configuration with a brief description for each parameter in the file
|
configuration with a brief description for each parameter in the file
|
||||||
comments.
|
comments.
|
||||||
|
|
||||||
To use this method, copy the default.yml file listed above to
|
To use this method, run the :command:`ansible-vault create $HOME/localhost.yml`
|
||||||
``$HOME/localhost.yml`` and edit the configurable values as desired.
|
command and copy the contents of the ``default.yml`` file into the
|
||||||
|
ansible-vault editor, and edit the configurable values as required.
|
||||||
|
|
||||||
#. Create a minimal user configuration override file.
|
#. Create a minimal user configuration override file.
|
||||||
|
|
||||||
To use this method, create your override file at ``$HOME/localhost.yml``
|
To use this method, create your override file with
|
||||||
and provide the minimum required parameters for the deployment
|
the :command:`ansible-vault create $HOME/localhost.yml`
|
||||||
configuration as shown in the example below. Use the |OAM| IP SUBNET and
|
command and provide the minimum required parameters for the deployment
|
||||||
IP ADDRESSing applicable to your deployment environment.
|
configuration as shown in the example below. Use the OAM IP SUBNET and IP
|
||||||
|
ADDRESSing applicable to your deployment environment.
|
||||||
|
|
||||||
.. include:: /_includes/min-bootstrap-overrides-simplex.rest
|
.. include:: /_includes/min-bootstrap-overrides-simplex.rest
|
||||||
|
|
||||||
@ -211,7 +224,7 @@ Bootstrap system on controller-0
|
|||||||
|
|
||||||
::
|
::
|
||||||
|
|
||||||
ansible-playbook /usr/share/ansible/stx-ansible/playbooks/bootstrap.yml
|
ansible-playbook --ask-vault-pass /usr/share/ansible/stx-ansible/playbooks/bootstrap.yml
|
||||||
|
|
||||||
Wait for Ansible bootstrap playbook to complete. This can take 5-10 minutes,
|
Wait for Ansible bootstrap playbook to complete. This can take 5-10 minutes,
|
||||||
depending on the performance of the host machine.
|
depending on the performance of the host machine.
|
||||||
|
@ -1,5 +1,7 @@
|
|||||||
|hideable|
|
|hideable|
|
||||||
|
|
||||||
|
.. Greg updates required for -High Security Vulnerability Document Updates
|
||||||
|
|
||||||
.. _controller_storage_install_kubernetes_r7:
|
.. _controller_storage_install_kubernetes_r7:
|
||||||
|
|
||||||
===============================================================
|
===============================================================
|
||||||
@ -182,19 +184,30 @@ Bootstrap system on controller-0
|
|||||||
Specify the user configuration override file for the Ansible bootstrap
|
Specify the user configuration override file for the Ansible bootstrap
|
||||||
playbook using one of the following methods:
|
playbook using one of the following methods:
|
||||||
|
|
||||||
|
.. note::
|
||||||
|
|
||||||
|
This Ansible Overrides file for the Bootstrap Playbook ($HOME/localhost.yml)
|
||||||
|
contains security sensitive information, use the
|
||||||
|
:command:`ansible-vault create $HOME/localhost.yml` command to create it.
|
||||||
|
You will be prompted for a password to protect/encrypt the file.
|
||||||
|
Use the :command:`ansible-vault edit $HOME/localhost.yml` command if the
|
||||||
|
file needs to be edited after it is created.
|
||||||
|
|
||||||
#. Use a copy of the default.yml file listed above to provide your overrides.
|
#. Use a copy of the default.yml file listed above to provide your overrides.
|
||||||
|
|
||||||
The default.yml file lists all available parameters for bootstrap
|
The default.yml file lists all available parameters for bootstrap
|
||||||
configuration with a brief description for each parameter in the file
|
configuration with a brief description for each parameter in the file
|
||||||
comments.
|
comments.
|
||||||
|
|
||||||
To use this method, copy the default.yml file listed above to
|
To use this method, run the :command:`ansible-vault create $HOME/localhost.yml`
|
||||||
``$HOME/localhost.yml`` and edit the configurable values as desired.
|
command and copy the contents of the ``default.yml`` file into the
|
||||||
|
ansible-vault editor, and edit the configurable values as required.
|
||||||
|
|
||||||
#. Create a minimal user configuration override file.
|
#. Create a minimal user configuration override file.
|
||||||
|
|
||||||
To use this method, create your override file at ``$HOME/localhost.yml``
|
To use this method, create your override file with
|
||||||
and provide the minimum required parameters for the deployment
|
the :command:`ansible-vault create $HOME/localhost.yml`
|
||||||
|
command and provide the minimum required parameters for the deployment
|
||||||
configuration as shown in the example below. Use the OAM IP SUBNET and IP
|
configuration as shown in the example below. Use the OAM IP SUBNET and IP
|
||||||
ADDRESSing applicable to your deployment environment.
|
ADDRESSing applicable to your deployment environment.
|
||||||
|
|
||||||
@ -274,7 +287,7 @@ Bootstrap system on controller-0
|
|||||||
|
|
||||||
::
|
::
|
||||||
|
|
||||||
ansible-playbook /usr/share/ansible/stx-ansible/playbooks/bootstrap.yml
|
ansible-playbook --ask-vault-pass /usr/share/ansible/stx-ansible/playbooks/bootstrap.yml
|
||||||
|
|
||||||
Wait for Ansible bootstrap playbook to complete.
|
Wait for Ansible bootstrap playbook to complete.
|
||||||
This can take 5-10 minutes, depending on the performance of the host machine.
|
This can take 5-10 minutes, depending on the performance of the host machine.
|
||||||
|
@ -1,4 +1,6 @@
|
|||||||
|
|
||||||
|
.. Greg updates required for -High Security Vulnerability Document Updates
|
||||||
|
|
||||||
.. xvn1592596490325
|
.. xvn1592596490325
|
||||||
.. _changing-the-admin-password-on-distributed-cloud:
|
.. _changing-the-admin-password-on-distributed-cloud:
|
||||||
|
|
||||||
|
@ -1,3 +1,4 @@
|
|||||||
|
.. Greg updates required for -High Security Vulnerability Document Updates
|
||||||
|
|
||||||
.. pek1594745988225
|
.. pek1594745988225
|
||||||
.. _distributed-upgrade-orchestration-process-using-the-cli:
|
.. _distributed-upgrade-orchestration-process-using-the-cli:
|
||||||
|
@ -69,6 +69,8 @@ subcloud, the subcloud installation has these phases:
|
|||||||
files that are referenced in the ``bootstrap.yml`` file must exist on both
|
files that are referenced in the ``bootstrap.yml`` file must exist on both
|
||||||
controllers (for example, ``/home/sysadmin/docker-registry-ca-cert.pem``).
|
controllers (for example, ``/home/sysadmin/docker-registry-ca-cert.pem``).
|
||||||
|
|
||||||
|
.. Greg updates required for -High Security Vulnerability Document Updates
|
||||||
|
|
||||||
.. _increase-subcloud-platform-backup-size:
|
.. _increase-subcloud-platform-backup-size:
|
||||||
|
|
||||||
----------------------------------------------------
|
----------------------------------------------------
|
||||||
|
@ -1,4 +1,6 @@
|
|||||||
|
|
||||||
|
.. Greg updates required for -High Security Vulnerability Document Updates
|
||||||
|
|
||||||
.. pja1558616715987
|
.. pja1558616715987
|
||||||
|
|
||||||
|hideable|
|
|hideable|
|
||||||
|
@ -64,6 +64,8 @@ Manually Migrate a Subcloud from AIO-SX to AIO-DX.
|
|||||||
|
|
||||||
.. _use-ansible-playbook-to-migrate-a-subcloud-from-AIO-SX-to-AIO-DX:
|
.. _use-ansible-playbook-to-migrate-a-subcloud-from-AIO-SX-to-AIO-DX:
|
||||||
|
|
||||||
|
.. Updates required for -High Security Vulnerability Document Updates
|
||||||
|
|
||||||
================================================================
|
================================================================
|
||||||
Use Ansible Playbook to Migrate a Subcloud from AIO-SX to AIO-DX
|
Use Ansible Playbook to Migrate a Subcloud from AIO-SX to AIO-DX
|
||||||
================================================================
|
================================================================
|
||||||
@ -80,10 +82,10 @@ using the ansible playbook.
|
|||||||
|
|
||||||
.. rubric:: |proc|
|
.. rubric:: |proc|
|
||||||
|
|
||||||
#. Create a configuration file and specify the |OAM| unit IP addresses and
|
#. Use the :command:`ansible-vault create migrate-subcloud1-overrides-EXAMPLE.yml`
|
||||||
the ansible ssh password in the **migrate-subcloud1-overrides-EXAMPLE.yml**
|
command to securely specify the |OAM| unit IP addresses and the ansible
|
||||||
file. The existing |OAM| IP address of the |AIO-SX| system will be used as
|
ssh password. The existing |OAM| IP address of the |AIO-SX| system will be
|
||||||
the |OAM| floating IP address of the new |AIO-DX| system.
|
used as the |OAM| floating IP address of the new |AIO-DX| system.
|
||||||
|
|
||||||
In the following example, 10.10.10.13 and 10.10.10.14 are the new |OAM| unit
|
In the following example, 10.10.10.13 and 10.10.10.14 are the new |OAM| unit
|
||||||
IP addresses for controller-0 and controller-1 respectively.
|
IP addresses for controller-0 and controller-1 respectively.
|
||||||
@ -96,6 +98,9 @@ using the ansible playbook.
|
|||||||
"external_oam_node_1_address": "10.10.10.14",
|
"external_oam_node_1_address": "10.10.10.14",
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Use the :command:`ansible-vault edit migrate-subcloud1-overrides-EXAMPLE.yml`
|
||||||
|
command if the file needs to be edited after it is created.
|
||||||
|
|
||||||
#. On the system controller, run the ansible playbook to migrate the |AIO-SX|
|
#. On the system controller, run the ansible playbook to migrate the |AIO-SX|
|
||||||
subcloud to an |AIO-DX|.
|
subcloud to an |AIO-DX|.
|
||||||
|
|
||||||
@ -103,7 +108,7 @@ using the ansible playbook.
|
|||||||
|
|
||||||
.. code-block:: none
|
.. code-block:: none
|
||||||
|
|
||||||
~(keystone_admin)$ ansible-playbook /usr/share/ansible/stx-ansible/playbooks/migrate_sx_to_dx.yml -e @migrate-subcloud1-overrides-EXAMPLE.yml -i subcloud1, -v
|
~(keystone_admin)$ ansible-playbook --ask-vault-pass /usr/share/ansible/stx-ansible/playbooks/migrate_sx_to_dx.yml -e @migrate-subcloud1-overrides-EXAMPLE.yml -i subcloud1, -v
|
||||||
|
|
||||||
The ansible playbook will lock the subcloud's controller-0, if it not
|
The ansible playbook will lock the subcloud's controller-0, if it not
|
||||||
already locked, apply the configuration changes to convert the subcloud to
|
already locked, apply the configuration changes to convert the subcloud to
|
||||||
|
@ -1,3 +1,5 @@
|
|||||||
|
.. Greg updates required for -High Security Vulnerability Document Updates
|
||||||
|
|
||||||
.. _prestage-subcloud-orchestration-eb516473582f:
|
.. _prestage-subcloud-orchestration-eb516473582f:
|
||||||
|
|
||||||
===============================
|
===============================
|
||||||
|
@ -1,4 +1,6 @@
|
|||||||
|
|
||||||
|
.. Greg updates required for -High Security Vulnerability Document Updates
|
||||||
|
|
||||||
.. _rehoming-a-subcloud:
|
.. _rehoming-a-subcloud:
|
||||||
|
|
||||||
=================
|
=================
|
||||||
|
@ -1,5 +1,7 @@
|
|||||||
|
|
||||||
|
|
||||||
|
.. Greg updates required for -High Security Vulnerability Document Updates
|
||||||
|
|
||||||
.. _reinstalling-a-subcloud-with-redfish-platform-management-service:
|
.. _reinstalling-a-subcloud-with-redfish-platform-management-service:
|
||||||
|
|
||||||
=============================================================
|
=============================================================
|
||||||
|
@ -1,4 +1,6 @@
|
|||||||
|
|
||||||
|
.. Greg updates required for -High Security Vulnerability Document Updates
|
||||||
|
|
||||||
.. _restoring-subclouds-from-backupdata-using-dcmanager:
|
.. _restoring-subclouds-from-backupdata-using-dcmanager:
|
||||||
|
|
||||||
=========================================================
|
=========================================================
|
||||||
|
@ -1,3 +1,4 @@
|
|||||||
|
.. Greg updates required for -High Security Vulnerability Document Updates
|
||||||
|
|
||||||
.. vco1593176327490
|
.. vco1593176327490
|
||||||
.. _upgrading-the-systemcontroller-using-the-cli:
|
.. _upgrading-the-systemcontroller-using-the-cli:
|
||||||
|
@ -1,3 +1,7 @@
|
|||||||
|
.. Greg updates required for -High Security Vulnerability Document Updates
|
||||||
|
.. Is this the target file that the rest of the updates need to point to??
|
||||||
|
|
||||||
|
|
||||||
.. _migrate-platform-certificates-to-use-cert-manager-c0b1727e4e5d:
|
.. _migrate-platform-certificates-to-use-cert-manager-c0b1727e4e5d:
|
||||||
|
|
||||||
========================================================
|
========================================================
|
||||||
|
@ -1,3 +1,4 @@
|
|||||||
|
.. Greg updates required for -High Security Vulnerability Document Updates
|
||||||
|
|
||||||
.. rzp1584539804482
|
.. rzp1584539804482
|
||||||
.. _configure-an-external-netapp-deployment-as-the-storage-backend:
|
.. _configure-an-external-netapp-deployment-as-the-storage-backend:
|
||||||
@ -93,8 +94,10 @@ procedure.
|
|||||||
|
|
||||||
You can make changes-in-place to your existing localhost.yml file
|
You can make changes-in-place to your existing localhost.yml file
|
||||||
or create another in an alternative location. In either case, you
|
or create another in an alternative location. In either case, you
|
||||||
also have the option of using an ansible vault named secrets.yml
|
also have the option of using an ansible vault to secure/encrypt the
|
||||||
for sensitive data. The alternative must be named localhost.yaml.
|
localhost.yaml file containing sensitive data, i.e, using
|
||||||
|
:command:`ansible-vault create $HOME/localhost.yml` or :command:`ansible-vault edit $HOME/localhost.yml`
|
||||||
|
commands.
|
||||||
|
|
||||||
The following parameters are mandatory:
|
The following parameters are mandatory:
|
||||||
|
|
||||||
@ -225,7 +228,7 @@ procedure.
|
|||||||
|
|
||||||
.. code-block:: none
|
.. code-block:: none
|
||||||
|
|
||||||
ansible-playbook /usr/share/ansible/stx-ansible/playbooks/install_netapp_backend.yml -e "override_files_dir=</home/sysadmin/mynetappconfig>"
|
ansible-playbook --ask-vault-pass /usr/share/ansible/stx-ansible/playbooks/install_netapp_backend.yml -e "override_files_dir=</home/sysadmin/mynetappconfig>"
|
||||||
|
|
||||||
Upon successful launch, there will be one Trident pod running on
|
Upon successful launch, there will be one Trident pod running on
|
||||||
each node, plus an extra pod for the REST API running on one of the
|
each node, plus an extra pod for the REST API running on one of the
|
||||||
|
Loading…
x
Reference in New Issue
Block a user