docs/doc/source/shared/_includes/incl-bootstrap-sys-controller-0-standard.rest
Elisamara Aoki Goncalves f13c680bc5 Bootstrap overrides
Update documentation regarding bootstrap overrides.
Include new sub-section for Platform Issuer (system-local-ca) overrides in Ansible Bootstrap Configurations doc.

Story: 2009811
Task: 50152

Change-Id: I765d9c8c4bc1a9b031ce1d69283265119819895a
Signed-off-by: Elisamara Aoki Goncalves <elisamaraaoki.goncalves@windriver.com>
2024-09-13 17:46:21 +00:00

177 lines
6.5 KiB
ReStructuredText
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

.. incl-bootstrap-sys-controller-0-standard-start
#. Login using the username / password of "sysadmin" / "sysadmin".
When logging in for the first time, you will be forced to change the
password.
::
Login: sysadmin
Password:
Changing password for sysadmin.
(current) UNIX Password: sysadmin
New Password:
(repeat) New Password:
#. Verify and/or configure IP connectivity.
External connectivity is required to run the Ansible bootstrap
playbook. The StarlingX boot image will |DHCP| out all interfaces so
the server may have obtained an IP address and have external IP
connectivity if a |DHCP| server is present in your environment. Verify
this using the :command:`ip addr` and :command:`ping 8.8.8.8`
commands.
Otherwise, manually configure an IP address and default IP route. Use
the PORT, IP-ADDRESS/SUBNET-LENGTH and GATEWAY-IP-ADDRESS applicable
to your deployment environment.
.. code-block:: bash
sudo ip address add <IP-ADDRESS>/<SUBNET-LENGTH> dev <PORT>
sudo ip link set up dev <PORT>
sudo ip route add default via <GATEWAY-IP-ADDRESS> dev <PORT>
ping 8.8.8.8
#. Specify user configuration overrides for the Ansible bootstrap
playbook.
Ansible is used to bootstrap StarlingX on controller-0. Key files for
Ansible configuration are:
``/etc/ansible/hosts``
The default Ansible inventory file. Contains a single host:
localhost.
``/usr/share/ansible/stx-ansible/playbooks/bootstrap.yml``
The Ansible bootstrap playbook.
``/usr/share/ansible/stx-ansible/playbooks/host_vars/bootstrap/default.yml``
The default configuration values for the bootstrap playbook.
``sysadmin home directory ($HOME)``
The default location where Ansible looks for and imports user
configuration override files for hosts. For example:
``$HOME/<hostname>.yml``.
.. only:: starlingx
.. include:: /shared/_includes/ansible_install_time_only.txt
Specify the user configuration override file for the Ansible bootstrap
playbook using one of the following methods:
.. note::
This Ansible Overrides file for the Bootstrap Playbook
($HOME/localhost.yml) contains security sensitive information, use
the :command:`ansible-vault create $HOME/localhost.yml` command to
create it. You will be prompted for a password to protect/encrypt
the file. Use the :command:`ansible-vault edit $HOME/localhost.yml`
command if the file needs to be edited after it is created.
#. Use a copy of the default.yml file listed above to provide your
overrides.
The ``default.yml`` file lists all available parameters for
bootstrap configuration with a brief description for each parameter
in the file comments.
To use this method, run the :command:`ansible-vault create
$HOME/localhost.yml` command and copy the contents of the
``default.yml`` file into the ansible-vault editor, and edit the
configurable values as required.
#. Create a minimal user configuration override file.
To use this method, create your override file with the
:command:`ansible-vault create $HOME/localhost.yml` command and
provide the minimum required parameters for the deployment
configuration as shown in the example below. Use the OAM IP SUBNET
and IP ADDRESSing applicable to your deployment environment.
.. include:: /shared/_includes/quotation-marks-in-keystone-password.rest
.. include:: /_includes/min-bootstrap-overrides-non-simplex.rest
.. only:: starlingx
In either of the above options, the bootstrap playbooks default
values will pull all container images required for the |prod-p|
from Docker hub.
If you have setup a private Docker registry to use for
bootstrapping then you will need to add the following lines in
$HOME/localhost.yml:
.. only:: partner
.. include:: /_includes/install-kubernetes-bootstrap-playbook.rest
:start-after: docker-reg-begin
:end-before: docker-reg-end
.. code-block:: yaml
docker_registries:
quay.io:
url: myprivateregistry.abc.com:9001/quay.io
docker.elastic.co:
url: myprivateregistry.abc.com:9001/docker.elastic.co
gcr.io:
url: myprivateregistry.abc.com:9001/gcr.io
ghcr.io:
url: myprivateregistry.abc.com:9001/gcr.io
k8s.gcr.io:
url: myprivateregistry.abc.com:9001/k8s.ghcr.io
docker.io:
url: myprivateregistry.abc.com:9001/docker.io
registry.k8s.io:
url: myprivateregistry.abc.com:9001/registry.k8s.io
icr.io:
url: myprivateregistry.abc.com:9001/icr.io
defaults:
type: docker
username: <your_myprivateregistry.abc.com_username>
password: <your_myprivateregistry.abc.com_password>
# Add the CA Certificate that signed myprivateregistry.abc.coms
# certificate as a Trusted CA
ssl_ca_cert: /home/sysadmin/myprivateregistry.abc.com-ca-cert.pem
See :ref:`Use a Private Docker Registry <use-private-docker-registry-r7>`
for more information.
.. only:: starlingx
If a firewall is blocking access to Docker hub or your private
registry from your StarlingX deployment, you will need to add the
following lines in ``$HOME/localhost.yml`` (see |docker_proxy_config|
for more details about Docker proxy settings):
.. only:: partner
.. include:: /_includes/install-kubernetes-bootstrap-playbook.rest
:start-after: firewall-begin
:end-before: firewall-end
.. code-block:: bash
# Add these lines to configure Docker to use a proxy server
docker_http_proxy: http://my.proxy.com:1080
docker_https_proxy: https://my.proxy.com:1443
docker_no_proxy:
- 1.2.3.4
Configure ``system_local_ca_cert``, ``system_local_ca_key`` and
``system_root_ca_cert`` to setup a local intermediate |CA| (signed by an
external Root |CA|) for managing / signing all of the |prod|
Certificates. See :ref:`ansible_bootstrap_configs_platform_issuer` for
more details.
Refer to :ref:`Ansible Bootstrap Configurations
<ansible_bootstrap_configs_r7>` for information on additional
Ansible bootstrap configurations for advanced Ansible bootstrap
scenarios.
.. incl-bootstrap-sys-controller-0-standard-end