# Openshift native install Note: Some of this may be obvious to those skilled in the craft. It was not obvious to me so I'm writing down instructions for myself and others who may be in my camp. * Install is available for various clouds, baremetal and various types of OpenShift e.g. SNO, OKD. ## Release Status pages: * OpenShift proper: https://openshift-release.apps.ci.l2s4.p1.openshiftapps.com/ * OKD: https://amd64.origin.releases.ci.openshift.org/ * SNO: looking ### One will find instructions on authenticating to container registries to enable the install. "authenticating to the app.ci cluster" #### The authentication was not successful for me, and resulted in failed installs * example error ``` INFO Error: initializing source docker://registry.ci.openshift.org/ocp/release@sha256:d93db95ec59b2f51ff45fdecd54b4dd9144521e3d099fef151c189598200cf24: reading manifest sha256:d93db95ec59b2f51ff45fdecd54b4dd9144521e3d099fef151c189598200cf24 in registry.ci.openshift.org/ocp/release: authentication required ``` * Even though I could pull the container from my local ``` podman pull registry.ci.openshift.org/ocp/release@sha256:d93db95ec59b2f51ff45fdecd54b4dd9144521e3d099fef151c189598200cf24 Trying to pull registry.ci.openshift.org/ocp/release@sha256:d93db95ec59b2f51ff45fdecd54b4dd9144521e3d099fef151c189598200cf24... Getting image source signatures Copying blob ddd3bc4179bc done | Copying blob 019f3c6668f3 done | Copying blob 499e78ffb842 done | Copying blob ca1636478fe5 done | Copying blob 7dfd042390b0 done | ``` # Authentication steps that worked for me ## OpenShift4 pull-secret: 1. Download your pull-secret from [console.redhat.com](https://console.redhat.com/openshift/install/aws/installer-provisioned) - click on “Download Pull Secret”. Save it somewhere, e.g. ~/some-dir/pull-secret 2. Add the apps.ci auth to pull-secret! _internal OpenShift developers only_ - Obtain an API token by visiting https://oauth-openshift.apps.ci.l2s4.p1.openshiftapps.com/oauth/token/request copy the oc login cmd and paste in terminal to login to the ci cluster, then run this: - `$ oc registry login --to ~/some-dir/pull-secret` This will append the auth from registry.ci.openshift.org to your cloud.openshift.com pull-secret but it will also make the pull-secret multi-line. 3. Repeat step 2, except this time, authenticate to the cluster-bot image registry (for cluster-bot image builds, if you are using cluster-bot to build your release image. API token request here: https://oauth-openshift.apps.build01.ci.devcluster.openshift.com/oauth/token/request This will append the auth from cluster-bot registry to the above pull-secret but it will also make the pull-secret multi-line. 4. Repeat step 3 to authenticate to build05 cluster registry: https://oauth-openshift.apps.build05.l9oh.p1.openshiftapps.com/oauth/token/request This will append the auth from cluster-bot registry to the above pull-secret but it will also make the pull-secret multi-line. The install-config requires a single-line pull-secret. That can be obtained with step 5. 5. `$ jq -c < ~/some-dir/pull-secret` - run this jq cmd to get the single-line pull-secret to pass to openshift-installer and/or to create an install-config.yaml # Update for ARM64 / Graviton * Manually create a ARM bastion host in the aws region where you will be installing openshift. * Amazon Linux * Instance image: ARM # you'll find amd and arm as a drop down * Instance type: I used t4g.xlarge * Before installing openshift you'll need to * Create or upload an SSH key, suggest creating ``` ssh-keygen -t ed25519 -N '' -f ${HOME}/.ssh/ocp4-aws-key ``` * export your AWS key and secret key * Getting the installer bits ``` mkdir my-install-dir cd my-install-dir wget https://mirror.openshift.com/pub/openshift-v4/arm64/clients/ocp/stable/openshift-client-linux.tar.gz wget https://mirror.openshift.com/pub/openshift-v4/arm64/clients/ocp/stable/openshift-install-linux.tar.gz ``` * untar and export ``` tar -zxvf foo export PATH=$PATH:$PWD ``` # Now you are ready to install * optional - ```mkdir -p ~/OCP/install/4.16-rc2; cd ~/OCP/install/4.16-rc2``` * Download pre-release the installer and oc tar.gz (at the time of writing it's 4.16-rc2) ``` wget https://mirror.openshift.com/pub/openshift-v4/x86_64/clients/ocp-dev-preview/pre-release/openshift-install-linux.tar.gz wget https://mirror.openshift.com/pub/openshift-v4/x86_64/clients/ocp-dev-preview/pre-release/openshift-client-linux.tar.gz ``` EDIT `https://openshift-release-artifacts.apps.ci.l2s4.p1.openshiftapps.com/4.16.0-rc.2/` * `tar -xvf` the files ``` tar -xvf openshift-client-linux.tar.gz oc tar -xvf openshift-install-linux.tar.gz openshift-install ``` * Execute the install ``` ./openshift-install create cluster --log-level=debug ``` * During the interactive install, use the pull secret string from `jq -c < ~/some-dir/pull-secret` * Example prompts (chaange as needed). The domain selected may impact name resolution. (not 100% sure yet.) ``` ? SSH Public Key /home/whayutin/.ssh/id_ed25519.pub ? Platform aws INFO Credentials loaded from the "default" profile in file "/home/whayutin/.aws/credentials" ? Region us-west-2 ? Base Domain migration.redhat.com ? Cluster Name wdh416rc2a ? The container registry pull secret for this cluster, as a single line of JSON (e.g. {"auths": {...}}). ``` ## sit back relax and let the rhymes flow