f13c680bc5
Update documentation regarding bootstrap overrides. Include new sub-section for Platform Issuer (system-local-ca) overrides in Ansible Bootstrap Configurations doc. Story: 2009811 Task: 50152 Change-Id: I765d9c8c4bc1a9b031ce1d69283265119819895a Signed-off-by: Elisamara Aoki Goncalves <elisamaraaoki.goncalves@windriver.com>
177 lines
6.5 KiB
ReStructuredText
177 lines
6.5 KiB
ReStructuredText
.. incl-bootstrap-sys-controller-0-standard-start
|
||
|
||
#. Login using the username / password of "sysadmin" / "sysadmin".
|
||
|
||
When logging in for the first time, you will be forced to change the
|
||
password.
|
||
|
||
::
|
||
|
||
Login: sysadmin
|
||
Password:
|
||
Changing password for sysadmin.
|
||
(current) UNIX Password: sysadmin
|
||
New Password:
|
||
(repeat) New Password:
|
||
|
||
#. Verify and/or configure IP connectivity.
|
||
|
||
External connectivity is required to run the Ansible bootstrap
|
||
playbook. The StarlingX boot image will |DHCP| out all interfaces so
|
||
the server may have obtained an IP address and have external IP
|
||
connectivity if a |DHCP| server is present in your environment. Verify
|
||
this using the :command:`ip addr` and :command:`ping 8.8.8.8`
|
||
commands.
|
||
|
||
Otherwise, manually configure an IP address and default IP route. Use
|
||
the PORT, IP-ADDRESS/SUBNET-LENGTH and GATEWAY-IP-ADDRESS applicable
|
||
to your deployment environment.
|
||
|
||
.. code-block:: bash
|
||
|
||
sudo ip address add <IP-ADDRESS>/<SUBNET-LENGTH> dev <PORT>
|
||
sudo ip link set up dev <PORT>
|
||
sudo ip route add default via <GATEWAY-IP-ADDRESS> dev <PORT>
|
||
ping 8.8.8.8
|
||
|
||
#. Specify user configuration overrides for the Ansible bootstrap
|
||
playbook.
|
||
|
||
Ansible is used to bootstrap StarlingX on controller-0. Key files for
|
||
Ansible configuration are:
|
||
|
||
``/etc/ansible/hosts``
|
||
The default Ansible inventory file. Contains a single host:
|
||
localhost.
|
||
|
||
``/usr/share/ansible/stx-ansible/playbooks/bootstrap.yml``
|
||
The Ansible bootstrap playbook.
|
||
|
||
``/usr/share/ansible/stx-ansible/playbooks/host_vars/bootstrap/default.yml``
|
||
The default configuration values for the bootstrap playbook.
|
||
|
||
``sysadmin home directory ($HOME)``
|
||
The default location where Ansible looks for and imports user
|
||
configuration override files for hosts. For example:
|
||
``$HOME/<hostname>.yml``.
|
||
|
||
.. only:: starlingx
|
||
|
||
.. include:: /shared/_includes/ansible_install_time_only.txt
|
||
|
||
Specify the user configuration override file for the Ansible bootstrap
|
||
playbook using one of the following methods:
|
||
|
||
.. note::
|
||
|
||
This Ansible Overrides file for the Bootstrap Playbook
|
||
($HOME/localhost.yml) contains security sensitive information, use
|
||
the :command:`ansible-vault create $HOME/localhost.yml` command to
|
||
create it. You will be prompted for a password to protect/encrypt
|
||
the file. Use the :command:`ansible-vault edit $HOME/localhost.yml`
|
||
command if the file needs to be edited after it is created.
|
||
|
||
#. Use a copy of the default.yml file listed above to provide your
|
||
overrides.
|
||
|
||
The ``default.yml`` file lists all available parameters for
|
||
bootstrap configuration with a brief description for each parameter
|
||
in the file comments.
|
||
|
||
To use this method, run the :command:`ansible-vault create
|
||
$HOME/localhost.yml` command and copy the contents of the
|
||
``default.yml`` file into the ansible-vault editor, and edit the
|
||
configurable values as required.
|
||
|
||
#. Create a minimal user configuration override file.
|
||
|
||
To use this method, create your override file with the
|
||
:command:`ansible-vault create $HOME/localhost.yml` command and
|
||
provide the minimum required parameters for the deployment
|
||
configuration as shown in the example below. Use the OAM IP SUBNET
|
||
and IP ADDRESSing applicable to your deployment environment.
|
||
|
||
.. include:: /shared/_includes/quotation-marks-in-keystone-password.rest
|
||
|
||
.. include:: /_includes/min-bootstrap-overrides-non-simplex.rest
|
||
|
||
.. only:: starlingx
|
||
|
||
In either of the above options, the bootstrap playbook’s default
|
||
values will pull all container images required for the |prod-p|
|
||
from Docker hub.
|
||
|
||
If you have setup a private Docker registry to use for
|
||
bootstrapping then you will need to add the following lines in
|
||
$HOME/localhost.yml:
|
||
|
||
.. only:: partner
|
||
|
||
.. include:: /_includes/install-kubernetes-bootstrap-playbook.rest
|
||
:start-after: docker-reg-begin
|
||
:end-before: docker-reg-end
|
||
|
||
.. code-block:: yaml
|
||
|
||
docker_registries:
|
||
quay.io:
|
||
url: myprivateregistry.abc.com:9001/quay.io
|
||
docker.elastic.co:
|
||
url: myprivateregistry.abc.com:9001/docker.elastic.co
|
||
gcr.io:
|
||
url: myprivateregistry.abc.com:9001/gcr.io
|
||
ghcr.io:
|
||
url: myprivateregistry.abc.com:9001/gcr.io
|
||
k8s.gcr.io:
|
||
url: myprivateregistry.abc.com:9001/k8s.ghcr.io
|
||
docker.io:
|
||
url: myprivateregistry.abc.com:9001/docker.io
|
||
registry.k8s.io:
|
||
url: myprivateregistry.abc.com:9001/registry.k8s.io
|
||
icr.io:
|
||
url: myprivateregistry.abc.com:9001/icr.io
|
||
defaults:
|
||
type: docker
|
||
username: <your_myprivateregistry.abc.com_username>
|
||
password: <your_myprivateregistry.abc.com_password>
|
||
|
||
# Add the CA Certificate that signed myprivateregistry.abc.com’s
|
||
# certificate as a Trusted CA
|
||
ssl_ca_cert: /home/sysadmin/myprivateregistry.abc.com-ca-cert.pem
|
||
|
||
See :ref:`Use a Private Docker Registry <use-private-docker-registry-r7>`
|
||
for more information.
|
||
|
||
.. only:: starlingx
|
||
|
||
If a firewall is blocking access to Docker hub or your private
|
||
registry from your StarlingX deployment, you will need to add the
|
||
following lines in ``$HOME/localhost.yml`` (see |docker_proxy_config|
|
||
for more details about Docker proxy settings):
|
||
|
||
.. only:: partner
|
||
|
||
.. include:: /_includes/install-kubernetes-bootstrap-playbook.rest
|
||
:start-after: firewall-begin
|
||
:end-before: firewall-end
|
||
|
||
.. code-block:: bash
|
||
|
||
# Add these lines to configure Docker to use a proxy server
|
||
docker_http_proxy: http://my.proxy.com:1080
|
||
docker_https_proxy: https://my.proxy.com:1443
|
||
docker_no_proxy:
|
||
- 1.2.3.4
|
||
|
||
Configure ``system_local_ca_cert``, ``system_local_ca_key`` and
|
||
``system_root_ca_cert`` to setup a local intermediate |CA| (signed by an
|
||
external Root |CA|) for managing / signing all of the |prod|
|
||
Certificates. See :ref:`ansible_bootstrap_configs_platform_issuer` for
|
||
more details.
|
||
|
||
Refer to :ref:`Ansible Bootstrap Configurations
|
||
<ansible_bootstrap_configs_r7>` for information on additional
|
||
Ansible bootstrap configurations for advanced Ansible bootstrap
|
||
scenarios.
|
||
|
||
.. incl-bootstrap-sys-controller-0-standard-end |