From e1e061fb9b01c74ed41fb04dbe3bf5d761707e8a Mon Sep 17 00:00:00 2001 From: kramerro-ibm <102995992+kramerro-ibm@users.noreply.github.com> Date: Mon, 1 Apr 2024 17:41:23 -0400 Subject: [PATCH] Revert "Adam updates" --- docs/2-Deployment/2-UPI_Install.mdx | 64 +---------- docs/README.mdx | 4 +- static/scripts/Install-OCP-UPI/add_node.sh | 108 ------------------ .../bin/create_install_config.sh | 28 +++-- .../cloudformation/bootstrap-template.yaml | 6 +- .../cloudformation/sg-lb-template.yaml | 12 +- .../cloudformation/worker-template.yaml | 1 - static/scripts/Install-OCP-UPI/config.sh | 20 +--- .../Install-OCP-UPI/create_cluster_step_2.sh | 54 ++++----- yarn.lock | 5 + 10 files changed, 64 insertions(+), 238 deletions(-) delete mode 100644 static/scripts/Install-OCP-UPI/add_node.sh diff --git a/docs/2-Deployment/2-UPI_Install.mdx b/docs/2-Deployment/2-UPI_Install.mdx index b4e38ddc..b654673c 100644 --- a/docs/2-Deployment/2-UPI_Install.mdx +++ b/docs/2-Deployment/2-UPI_Install.mdx @@ -493,66 +493,4 @@ spec: requests: storage: 1Mi EOF -``` - -## Extras - -### Change Console & Oauth domain - - - - -#### Generate CA certs - -``` -openssl genrsa -out ca.key 2048 - -openssl req -new -x509 -days 365 -key ca.key -subj "/C=CN/ST=GD/L=SZ/O=Acme, Inc./CN=Acme Root CA" -out ca.crt - -``` - -#### Generate Server Certs - - - -``` -openssl req -newkey rsa:2048 -nodes -keyout server.key -subj "/C=CN/ST=GD/L=SZ/O=Acme, Inc./CN=*.{BASE_DOMAIN}" -out server.csr -``` - -#### Generate 'server.crt' - -``` -openssl x509 -req -extfile <(printf "subjectAltName=DNS:*.{BASE_DOMAIN}") -days 365 -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out server.crt -``` - - -#### Update the cluster: - -Create the new secret which will contain the cert and key: - -``` -oc create secret tls custom-cert --cert=server.crt --key=server.key -n openshift-config -``` - - -#### Update the ingress: - -``` -oc edit ingresses.config/cluster -o yaml -``` - -Add the following under 'spec:' - -``` - componentRoutes: - - hostname: console.{NEW_URL} - name: console - namespace: openshift-console - servingCertKeyPairSecret: - name: custom-cert - - hostname: oauth.{NEW_URL} - name: oauth-openshift - namespace: openshift-authentication - servingCertKeyPairSecret: - name: custom-cert -``` +``` \ No newline at end of file diff --git a/docs/README.mdx b/docs/README.mdx index 6bdcaff4..adab40e0 100644 --- a/docs/README.mdx +++ b/docs/README.mdx @@ -12,10 +12,10 @@ graph LR; C --> D(Manage); ``` -### Flight Path +#### Flight Path This is a living document for an adoption journey that synthesizes the best practices from IBM when considering and implementing **`watsonx.ai`** in AWS. -### Working In The Open +#### Working In The Open The Flight Path approach embodies IBM Client Engineering's dedication to transparency and collaboration, which is evident through the creation of this accessible repository that showcases real-life customer experiences. By sharing this knowledge, IBM aims to develop user-friendly and scalable landing zones that encourage the adoption of IBM Technology while prioritizing innovation and user experience. This repository represents IBM Client Engineering's commitment to working in the open, where stakeholders and interested parties can participate, provide feedback and benefit from collective knowledge. diff --git a/static/scripts/Install-OCP-UPI/add_node.sh b/static/scripts/Install-OCP-UPI/add_node.sh deleted file mode 100644 index 22347d36..00000000 --- a/static/scripts/Install-OCP-UPI/add_node.sh +++ /dev/null @@ -1,108 +0,0 @@ -#!/bin/bash - -starttime=$(date) - -basedir=$(dirname $(readlink -f $0)) -if [[ ! -f "${basedir}/config.sh" ]] -then - echo "ERROR: missing ${basedir}/config.sh" - echo "exitting...." - exit 1 -fi - -. "${basedir}/config.sh" - -wait_for_stack_completion() { - stack_name=$1 - echo -n "**** stack ${stack_name} running" - done=0 - rc=0 - while [[ done -ne 1 ]] - do - status=$(aws cloudformation describe-stacks --stack-name "${stack_name}" | jq '.Stacks[].StackStatus' | sed -e 's/"//g') - if [[ "${status}" == "CREATE_COMPLETE" ]] - then - done=1 - rc=0 - elif [[ "${status}" == "CREATE_IN_PROGRESS" ]] - then - sleep 5 - echo -n "." - else - echo -n "!" - done=1 - rc=1 - fi - done - echo "" - return $rc -} - -ocp_data_dir="${basedir}/${cluster_name}" -cloudformation_dir="${basedir}/cloudformation" -bin_dir="${basedir}/bin" -infra_id=$(cat ${basedir}/${cluster_name}/metadata.json | jq .infraID | tr -d '"') -echo $infra_id - -echo "**************************************************************" -echo "Using basepath: ${basedir}" -echo "Using bin directory: ${bin_dir}" -echo "Using cluster data directory: ${ocp_data_dir}" -echo "Using cloudformation directory: ${cloudformation_dir}" -echo "**************************************************************" - - -for index in $(seq $gpu_count) -do - - - - worker_ignition_url="https://api-int.${cluster_name}.${base_domain}:22623/config/worker" - certificate_authorities=$(jq '.ignition.security.tls.certificateAuthorities[].source' ${ocp_data_dir}/worker.ign | sed -e 's/\"//g') - - echo "**** Running: " ${bin_dir}/create_worker_param.sh "${cloudformation_dir}" "${infra_id}" "${aws_rhcos_ami_id}" "${gpu_subnet}" "${gpu_securitygroup}" "${worker_ignition_url}" "${certificate_authorities}" "${worker_instance_type}" - ${bin_dir}/create_worker_param.sh "${cloudformation_dir}" "${infra_id}" "${aws_rhcos_ami_id}" "${gpu_subnet}" "${gpu_securitygroup}" "${worker_ignition_url}" "${certificate_authorities}" "${worker_instance_type}" - if [[ $? -ne 0 ]] - then - echo "ERROR: create_worker_param.sh did not complete successfully" - exit 2 - fi - - stack_name="${infra_id}-gpu-${index}-stack" - aws cloudformation create-stack --stack-name ${stack_name} --template-body file://${cloudformation_dir}/worker-template.yaml --parameters file://${cloudformation_dir}/worker-param.json --tags Key=${tag1key},Value=${tag1value} Key=${tag2key},Value=${tag2value} - - wait_for_stack_completion "${stack_name}" - if [[ $? -ne 0 ]] - then - echo "ERROR: stack ${stack_name} failed to complete" - exit 2 - fi - - gpu_ip=$(aws cloudformation describe-stacks --stack-name ${stack_name} | jq '.Stacks[].Outputs[] | select(.OutputKey=="PrivateIP") | .OutputValue' | sed -e 's/\"//g') - - echo "**** worker ${index} stack returned:" - echo " worker_ip: ${gpu_ip}" - echo "**** worker ${index} stack return end" - - echo "**** add worker to load balancer" - ${bin_dir}/add_worker_to_lbs.sh "${cluster_name}-network-stack" "${stack_name}" - -done -export KUBECONFIG=${ocp_data_dir}/auth/kubeconfig - -echo "**** Watching for csrs and approve them" -echo -n "Working" -for count in $(seq 45) -do - oc get csr | grep -q Pending - if [[ $? -eq 0 ]] - then - # approve csrs - approve_count=$(oc get csr -o go-template='{{range .items}}{{if not .status}}{{.metadata.name}}{{"\n"}}{{end}}{{end}}' | xargs --no-run-if-empty oc adm certificate approve | wc -l) - echo -n "${approve_count}" - else - echo -n '.' - fi - sleep 10 -done -echo "done" \ No newline at end of file diff --git a/static/scripts/Install-OCP-UPI/bin/create_install_config.sh b/static/scripts/Install-OCP-UPI/bin/create_install_config.sh index eacf6faf..6164a687 100755 --- a/static/scripts/Install-OCP-UPI/bin/create_install_config.sh +++ b/static/scripts/Install-OCP-UPI/bin/create_install_config.sh @@ -1,23 +1,22 @@ #!/bin/bash -if [[ $# -ne 9 ]] +if [[ $# -ne 10 ]] then echo "Incorrect number of parameters" - echo "Usage: $0 " + echo "Usage: $0 " exit 1 fi output_dir=$1 base_domain=$2 cluster_name=$3 -# registry_url=$4 -# registry_creds=$5 -pull_secret=$4 -ssh_key=$5 -ca_cert=$6 -httpProxy=$7 -httpsProxy=$7 -noProxy=$9 +registry_url=$4 +registry_creds=$5 +ssh_key=$6 +ca_cert=$7 +httpProxy=$8 +httpsProxy=$9 +noProxy=${10} ssh_line="" if [[ ! -z "${ssh_key}" ]] @@ -52,8 +51,15 @@ networking: platform: none: {} fips: true -pullSecret: '${pull_secret}' +pullSecret: '{ "auths": { "${registry_url}": { "auth": "${registry_creds}" } } }' ${ssh_line} +imageContentSources: +- mirrors: + - ${registry_url}/openshift + source: quay.io/openshift-release-dev/ocp-release +- mirrors: + - ${registry_url}/openshift + source: quay.io/openshift-release-dev/ocp-v4.0-art-dev EOF if [[ -f "${ca_cert}" ]] diff --git a/static/scripts/Install-OCP-UPI/cloudformation/bootstrap-template.yaml b/static/scripts/Install-OCP-UPI/cloudformation/bootstrap-template.yaml index 059f0084..9d09dfdc 100644 --- a/static/scripts/Install-OCP-UPI/cloudformation/bootstrap-template.yaml +++ b/static/scripts/Install-OCP-UPI/cloudformation/bootstrap-template.yaml @@ -83,13 +83,13 @@ Resources: FromPort: 19531 CidrIp: 10.0.0.0/8 SecurityGroupEgress: - - IpProtocol: -1 + - IpProtocol: tcp FromPort: 0 ToPort: 65535 CidrIp: 10.0.0.0/8 - IpProtocol: icmp - FromPort: -1 - ToPort: -1 + FromPort: 0 + ToPort: 0 CidrIp: 10.0.0.0/8 VpcId: !Ref VpcId diff --git a/static/scripts/Install-OCP-UPI/cloudformation/sg-lb-template.yaml b/static/scripts/Install-OCP-UPI/cloudformation/sg-lb-template.yaml index ea1ce08c..4dcbc54c 100644 --- a/static/scripts/Install-OCP-UPI/cloudformation/sg-lb-template.yaml +++ b/static/scripts/Install-OCP-UPI/cloudformation/sg-lb-template.yaml @@ -52,8 +52,8 @@ Resources: GroupDescription: Cluster Master Security Group SecurityGroupIngress: - IpProtocol: icmp - FromPort: -1 - ToPort: -1 + FromPort: 0 + ToPort: 0 CidrIp: !Ref VpcCidr - IpProtocol: tcp FromPort: 22 @@ -68,7 +68,7 @@ Resources: ToPort: 22623 CidrIp: !Ref VpcCidr SecurityGroupEgress: - - IpProtocol: -1 + - IpProtocol: tcp FromPort: 0 ToPort: 65335 CidrIp: 10.0.0.0/8 @@ -80,8 +80,8 @@ Resources: GroupDescription: Cluster Worker Security Group SecurityGroupIngress: - IpProtocol: icmp - FromPort: -1 - ToPort: -1 + FromPort: 0 + ToPort: 0 CidrIp: !Ref VpcCidr - IpProtocol: tcp FromPort: 22 @@ -96,7 +96,7 @@ Resources: ToPort: 443 CidrIp: 10.0.0.0/8 SecurityGroupEgress: - - IpProtocol: -1 + - IpProtocol: tcp FromPort: 0 ToPort: 65535 CidrIp: 10.0.0.0/8 diff --git a/static/scripts/Install-OCP-UPI/cloudformation/worker-template.yaml b/static/scripts/Install-OCP-UPI/cloudformation/worker-template.yaml index 173716d8..b24f090b 100644 --- a/static/scripts/Install-OCP-UPI/cloudformation/worker-template.yaml +++ b/static/scripts/Install-OCP-UPI/cloudformation/worker-template.yaml @@ -72,7 +72,6 @@ Parameters: - "c5a.12xlarge" - "c5a.16xlarge" - "c5a.24xlarge" - - "p4d.24xlarge" - "r4.large" - "r4.xlarge" - "r4.2xlarge" diff --git a/static/scripts/Install-OCP-UPI/config.sh b/static/scripts/Install-OCP-UPI/config.sh index 70912040..cdcb6282 100644 --- a/static/scripts/Install-OCP-UPI/config.sh +++ b/static/scripts/Install-OCP-UPI/config.sh @@ -11,8 +11,7 @@ base_domain="ocp-cluster.com" ### registry_url="HOSTNAME:PORT" local_auth_json="/ibm/security/auth/auth.json" -#additional_trust_cert="" -pull_secret="" +additional_trust_cert="/ibm/security/certs/ca.crt" ### # AWS info ### @@ -27,9 +26,9 @@ tag1key="test" tag1value="one" tag2key="test" tag2value="two" -# httpProxy="http://proxy.example.com:PORT" -# httpsProxy="http://proxy.example.com:PORT" -# noProxy=".${base_domain},172.30.0.0/16,10.128.0.0/14,${aws_vpc_cidr},.apps.${cluster}.${base_domain},.${cluster}.${base_domain}" +httpProxy="http://proxy.example.com:PORT" +httpsProxy="http://proxy.example.com:PORT" +noProxy=".${base_domain},172.30.0.0/16,10.128.0.0/14,${aws_vpc_cidr} ### # ocp architecture @@ -43,13 +42,4 @@ master_1_subnet=$aws_private_subnets master_2_subnet=$aws_private_subnets worker_subnet_list=$aws_private_subnets #Don't Change worker_count=6 -worker_instance_type="m6i.8xlarge" - -### -# GPU Node -### -gpu_count=1 -gpu_subnet="subnet-0797e8067a532db0d" #US-EAST-2 -#gpu_instance_type="p4d.24xlarge" -gpu_instance_type="m6i.8xlarge" -gpu_securitygroup="" \ No newline at end of file +worker_instance_type="m6i.8xlarge" \ No newline at end of file diff --git a/static/scripts/Install-OCP-UPI/create_cluster_step_2.sh b/static/scripts/Install-OCP-UPI/create_cluster_step_2.sh index d567f286..92c25f55 100755 --- a/static/scripts/Install-OCP-UPI/create_cluster_step_2.sh +++ b/static/scripts/Install-OCP-UPI/create_cluster_step_2.sh @@ -71,14 +71,12 @@ echo "**** Creating install-config.yaml" ### get registry creds for AWS ###registry_creds=$(${bin_dir}/ecr_creds.sh "${aws_region}") # get registry creds for local registry -# registry_creds=$(${bin_dir}/local_creds.sh "${local_auth_json}") -# if [[ $? -ne 0 ]] -# then -# echo "ERROR: could not get registry credentials" -# exit 1 -# fi - - +registry_creds=$(${bin_dir}/local_creds.sh "${local_auth_json}") +if [[ $? -ne 0 ]] +then + echo "ERROR: could not get registry credentials" + exit 1 +fi ssh_pub_key="" if [[ -f ~/.ssh/id_rsa.pub ]] @@ -86,10 +84,8 @@ then ssh_pub_key=$(cat ~/.ssh/id_rsa.pub) fi -#echo "**** Running: " ${bin_dir}/create_install_config.sh "${ocp_data_dir}" "${base_domain}" "${cluster_name}" "${registry_url}" "${registry_creds}" "${ssh_pub_key}" "${additional_trust_cert}" "${httpProxy}" "${httpsProxy}" "${noProxy}" -#${bin_dir}/create_install_config.sh "${ocp_data_dir}" "${base_domain}" "${cluster_name}" "${pull_secret}" "${ssh_pub_key}" "${additional_trust_cert}" "${httpProxy}" "${httpsProxy}" "${noProxy}" -echo "**** Running: " ${bin_dir}/create_install_config.sh "${ocp_data_dir}" "${base_domain}" "${cluster_name}" "${pull_secret}" "${ssh_pub_key}" "${additional_trust_cert}" "${httpProxy}" "${httpsProxy}" "${noProxy}" -${bin_dir}/create_install_config.sh "${ocp_data_dir}" "${base_domain}" "${pull_secret}" "${ssh_pub_key}" "${additional_trust_cert}" "${httpProxy}" "${httpsProxy}" "${noProxy}" +echo "**** Running: " ${bin_dir}/create_install_config.sh "${ocp_data_dir}" "${base_domain}" "${cluster_name}" "${registry_url}" "${registry_creds}" "${ssh_pub_key}" "${additional_trust_cert}" "${httpProxy}" "${httpsProxy}" "${noProxy}" +${bin_dir}/create_install_config.sh "${ocp_data_dir}" "${base_domain}" "${cluster_name}" "${registry_url}" "${registry_creds}" "${ssh_pub_key}" "${additional_trust_cert}" "${httpProxy}" "${httpsProxy}" "${noProxy}" if [[ -f "${ocp_data_dir}/install-config.yaml" ]] then @@ -259,7 +255,7 @@ ${bin_dir}/add_control_plane_to_lbs.sh "${cluster_name}-network-stack" "${infra_ # step 6 wait for bootstrap complete echo "**** wait for bootstrap complete" - +openshift-install create cluster --dir=${ocp_data_dir} openshift-install wait-for bootstrap-complete --dir=${ocp_data_dir} openshift-install wait-for bootstrap-complete --dir=${ocp_data_dir} @@ -313,9 +309,9 @@ done # step 9 disable default catalogs and approve csrs export KUBECONFIG=${ocp_data_dir}/auth/kubeconfig echo "**** KUBECONFIG: ${KUBECONFIG}" -# echo "**** disabling default catalog" -# echo "**** Running: " oc patch OperatorHub cluster --type json -p '[{"op": "add", "path": "/spec/disableAllDefaultSources", "value": true}]' -# oc patch OperatorHub cluster --type json -p '[{"op": "add", "path": "/spec/disableAllDefaultSources", "value": true}]' +echo "**** disabling default catalog" +echo "**** Running: " oc patch OperatorHub cluster --type json -p '[{"op": "add", "path": "/spec/disableAllDefaultSources", "value": true}]' +oc patch OperatorHub cluster --type json -p '[{"op": "add", "path": "/spec/disableAllDefaultSources", "value": true}]' echo "**** Watching for csrs and approve them" echo -n "Working" @@ -339,19 +335,19 @@ echo "**** wait for install complete" openshift-install wait-for install-complete --dir=${ocp_data_dir} # step 11 install operator catalog -# echo "**** Set up operator catalog" -# if [[ -f ${basedir}/catalog/imageContentSourcePolicy.yaml ]] -# then -# oc create -f ${basedir}/catalog/imageContentSourcePolicy.yaml -# else -# echo "**** WARNING: could not find ${basedir}/catalog/imageContentSourcePolicy.yaml" -# fi -# if [[ -f ${basedir}/catalog/catalogSource.yaml ]] -# then -# oc create -f ${basedir}/catalog/catalogSource.yaml -# else -# echo "**** WARNING: could not find ${basedir}/catalog/catalogSource.yaml" -# fi +echo "**** Set up operator catalog" +if [[ -f ${basedir}/catalog/imageContentSourcePolicy.yaml ]] +then + oc create -f ${basedir}/catalog/imageContentSourcePolicy.yaml +else + echo "**** WARNING: could not find ${basedir}/catalog/imageContentSourcePolicy.yaml" +fi +if [[ -f ${basedir}/catalog/catalogSource.yaml ]] +then + oc create -f ${basedir}/catalog/catalogSource.yaml +else + echo "**** WARNING: could not find ${basedir}/catalog/catalogSource.yaml" +fi echo "**** run complete" diff --git a/yarn.lock b/yarn.lock index a753a40b..333037c8 100644 --- a/yarn.lock +++ b/yarn.lock @@ -1733,6 +1733,7 @@ version "3.1.0" resolved "https://registry.npmjs.org/@docusaurus/utils-common/-/utils-common-3.1.0.tgz" integrity sha512-SfvnRLHoZ9bwTw67knkSs7IcUR0GY2SaGkpdB/J9pChrDiGhwzKNUhcieoPyPYrOWGRPk3rVNYtoy+Bc7psPAw== + dependencies: tslib "^2.6.0" "@docusaurus/utils-validation@3.1.0": @@ -5371,6 +5372,7 @@ html-webpack-plugin@^5.5.3: version "5.5.4" resolved "https://registry.npmjs.org/html-webpack-plugin/-/html-webpack-plugin-5.5.4.tgz" integrity sha512-3wNSaVVxdxcu0jd4FpQFoICdqgxs4zIQQvj+2yQKFfBOnLETQ6X5CDWdeasuGlSsooFlMkEioWDTqBv1wvw5Iw== + dependencies: "@types/html-minifier-terser" "^6.0.0" html-minifier-terser "^6.0.2" lodash "^4.17.21" @@ -6307,6 +6309,7 @@ mdast-util-mdx-jsx@^3.0.0: version "3.0.0" resolved "https://registry.npmjs.org/mdast-util-mdx-jsx/-/mdast-util-mdx-jsx-3.0.0.tgz" integrity sha512-XZuPPzQNBPAlaqsTTgRrcJnyFbSOBovSadFgbFu8SnuNgm+6Bdx1K+IWoitsmj6Lq6MNtI+ytOqwN70n//NaBA== + dependencies: "@types/estree-jsx" "^1.0.0" "@types/hast" "^3.0.0" "@types/mdast" "^4.0.0" @@ -8133,10 +8136,12 @@ react-json-view-lite@^1.2.0: version "1.2.1" resolved "https://registry.npmjs.org/react-json-view-lite/-/react-json-view-lite-1.2.1.tgz" integrity sha512-Itc0g86fytOmKZoIoJyGgvNqohWSbh3NXIKNgH6W6FT9PC1ck4xas1tT3Rr/b3UlFXyA9Jjaw9QSXdZy2JwGMQ== + react-live@^4.1.5: version "4.1.5" resolved "https://registry.npmjs.org/react-live/-/react-live-4.1.5.tgz" integrity sha512-ul3Zwvqvh6KTg8j7xGCT26+c8J9vQ+LFUrZCbrrrzEExuVB/39s1GKG3NsywnL+aGAjpfnUTaVCe7KlKIvVPiw== + dependencies: prism-react-renderer "^2.0.6" sucrase "^3.31.0" use-editable "^2.3.3"