Welcome to the IBM TechXchange Community, a place to collaborate, share knowledge, & support one another in everyday challenges. Connect with your fellow members through forums, blogs, files, & face-to-face networking.
Join / sign up
Author: Jan Schintag <jan.schintag@de.ibm.com> Abstract After a lot of work, Secure Execution inside Red Hat ® Enterprise Linux CoreOS is available, making Red Hat OpenShift ® on IBM ® Z ® and IBM ® LinuxONE more secure, with a feature that is only available on the IBM Z and IBM ® LinuxONE platforms
It came from the merging of CoreOS Container Linux and Fedora Atomic Host...One does not just run “yum install” or "dnf install" on a Fedora CoreOS system. These commands are not available
Folgende Voraussetzungen sind dazu notwendig: IBM zCX APAR OA65756 Red Hat CoreOS s390x binaries version 4.14.0 and above Existing x86 Red Hat OpenShift cluster with version 4.14.0 and above Ignition file for x86 Red Hat OpenShift cluster compute node (worker.ign) – Refer to step 4 below for the dynamic retrieval process Ability to update existing DNS and Load Balancer entries for an additional zCX for OpenShift compute instance. A file server (HTTP/HTTPs) hosting Red Hat CoreOS binaries and the ignition file, accessible by the zCX compute instances
2 Comments - no search term matches found in comments.
What’s new in Cloud Infrastructure Center 1.1.4 Enhancements to IaaS capability on IBM Z include: Resizing of z/VM- and KVM-based VMs using the user interface Support of the shared-disk model Monitoring which can then be consumed by chargeback tools Enhancement of the healthy report status feature Fabric zoning support for Red Hat KVM-based VMs Provisioning of z/VM-based VMs using persistent storage-based boot volumes, building on LVM volume groups and leveraging FCP storage Network teaming support for KVM-based VMs Provisioning of z/VM-based VMs from a network with multiple subnets using the user interface Creation of z/VM-based VMs with PROFILE and ACCOUNT statements for fine granularity customization via the user interface and enhancements to the support provided to Red Hat OpenShift on IBM Z includ Extended onboarding capabilities and onboarding of z/VM-based VMs running Red Hat CoreOS RHEL 8.4 and Red Hat CoreOS 4.8 as guest operating systems and RHEL 8.4 as hosting environment Improved performance and robustness of boot support for RHEL and Red Hat CoreOS on z/VM-based VMs Example – IBM CIO Office integrates IBM Z into the hybrid cloud A great example of IBM Cloud Infrastructure Center is its use by the IBM CIO Office for provisioning and managing virtual machines on IBM Z
Objective Cloud Infrastructure Center 1.1.3 and 1.1.4 support the provisioning of Red Hat Enterprise Linux CoreOS and users can leverage this function to install Red Hat OpenShift 4.6, 4.7, 4.8, 4.9, and 4.10
Create a podman machine using the x86 64 image of Fedora CoreOS. You can get an up to date version of the image from here (Fedora CoreOS) or use the version in the command below. Copy the link from the download button for QEMU (qcow2.xz) podman machine init --image-path https://builds.coreos.fedoraproject.org/prod/streams/stable/builds/36.20220703.3.1/x86 64/fedora-coreos-36.20220703.3.1-qemu.x86 64.qcow2.xz intel Don't start your VM yet, it won't work!
We need to install following software packages to support all required services: dnsmasq -- support DNS, DHCP and PXE httpd -- to provide ignition and RHCOS rootfs image, the listen port set to 8000 haproxy -- for OCP load balancer coreos-installer -- for ISO operation Here are some values used in sample configurations: 9.114.98.8 -- Bastion's IP 9.114.96.1 -- Network route or gateway assisted.ibm.com -- OCP's domain name p9-ha -- OCP's cluster id 9.114.97.x -- OCP node IPs Setup dnsmasq Here is a sample configuration file for /etc/dnsmasq.conf : ################################# # DNS ################################## #domain-needed # don't send bogus requests out on the internets bogus-priv # enable IPv6 Route Advertisements enable-ra bind-dynamic no-hosts # have your simple hosts expanded to domain expand-hosts interface=env32 # set your domain for expand-hosts domain=p9-ha.assisted.ibm.com local=/p9-ha.assisted.ibm.com/ address=/apps.p9-ha.assisted.ibm.com/9.114.98.8 server=9.9.9.9 addn-hosts=/etc/dnsmasq.d/addnhosts ################################## # DHCP ################################## dhcp-ignore=tag:!known dhcp-leasefile=/var/lib/dnsmasq/dnsmasq.leases dhcp-range=9.114.97.242,static dhcp-option=option:router,9.114.96.1 dhcp-option=option:netmask,255.255.252.0 dhcp-option=option:dns-server,9.114.98.8 dhcp-host=fa:1d:67:35:13:20,master-1,9.114.97.242,infinite dhcp-host=fa:41:fb:ed:77:20,master-2,9.114.97.231,infinite dhcp-host=fa:31:cd:db:a5:20,master-3,9.114.97.225,infinite ############################### # PXE ############################### enable-tftp tftp-root=/var/lib/tftpboot dhcp-boot=boot/grub2/powerpc-ieee1275/core.elf and /etc/dnsmasq.d/addnhosts file: 9.114.98.8 api api-int 9.114.97.242 master-1 9.114.97.231 master-2 9.114.97.225 master-3 PXE setup To enable PXE support for PowerVM, we need to install grub2 with: grub2-mknetdir --net-directory=/var/lib/tftpboot Here is the sample /var/lib/tftpboot/boot/grub2/grub.cfg : default=0 fallback=1 timeout=1 if [ $(net default mac) == fa:1d:67:35:13:20 ]; then default=0 fallback=1 timeout=1 menuentry "CoreOS (BIOS)" ( echo "Loading kernel" linux "/rhcos/kernel" ip=dhcp rd.neednet=1 ignition.platform.id=metal ignition.firstboot coreos.live.rootfs url=http://9.114.98.8:8000/install/rootfs.img ignition.config.url=http://9.114.98.8:8000/ignition/assisted.ign echo "Loading initrd" initrd "/rhcos/initramfs.img" ) fi if [ $(net default mac) == fa:41:fb:ed:77:20 ]; then default=0 fallback=1 timeout=1 menuentry "CoreOS (BIOS)" ( echo "Loading kernel" linux "/rhcos/kernel" ip=dhcp rd.neednet=1 ignition.platform.id=metal ignition.firstboot coreos.live.rootfs url=http://9.114.98.8:8000/install/rootfs.img ignition.config.url=http://9.114.98.8:8000/ignition/assisted.ign echo "Loading initrd" initrd "/rhcos/initramfs.img" ) fi if [ $(net default mac) == fa:31:cd:db:a5:20 ]; then default=0 fallback=1 timeout=1 menuentry "CoreOS (BIOS)" ( echo "Loading kernel" linux "/rhcos/kernel" ip=dhcp rd.neednet=1 ignition.platform.id=metal ignition.firstboot coreos.live.rootfs url=http://9.114.98.8:8000/install/rootfs.img ignition.config.url=http://9.114.98.8:8000/ignition/assisted.ign echo "Loading initrd" initrd "/rhcos/initramfs.img" ) fi Setup haproxy Here is the configuration file /etc/haproxy/haproxy.cfg for haproxy: #-- # Example configuration for a possible web application
- Cloning the image Name: IBM OS Image for Red Hat Enterprise Linux CoreOS - 120G - Waiting for clone to finish - Image import completed for IBM OS Image for Red Hat Enterprise Linux CoreOS 16G 4 3 0.ova - Working with image Name: IBM OS Image for Red Hat Enterprise Linux CoreOS - 16G Version: 4.4.3 - Virtual Image will be imported from IBM OS Image for Red Hat Enterprise Linux CoreOS - 16G.ova - Waiting for import to finish
Und nun, die Installationsanweisungen sind ziemlich unkompliziert: macOS: brew install podman Fedora: dnf install podman Fedora-CoreOS & Silverblue: miteingebaut :) Ubuntu: sudo apt-get install podman Nach erfolgreicher Installation kann Podman fast wie Docker verwendet werden