Introduction
Deploying Red Hat OpenShift Data Foundation in a regular connected environment is a straightforward task. However, some clients might have the Red Hat OpenShift Container Platform cluster in a disconnected environment without internet connectivity. This blog explains the additional preparation steps required in a disconnected environment.
While the functionality of OpenShift Data Foundation and IBM Fusion Data Foundation are similar, there is a different deployment procedure. IBM Fusion comes with its own set of operators and user interface.
For the disconnected setup, a dedicated host is required where the used images of Red Hat OpenShift and Red Hat OpenShift Data Foundation are mirrored. Depending on your specific requirements for isolation, there are two types of disconnected environment:
1. Partially disconnected - When the host that is used to mirror the images is having internet connectivity as well as connectivity to the mirror registry.
2. Fully disconnected - When the host that is used to mirror the images does not have connectivity to the mirror registry. The set of images required are mirrored to a directory, copied manually, and then uploaded to the mirror registry.
- A mirror registry.
- Install oc and oc-mirror tools.
- Red Hat OpenShift cluster with storage disks on 3 compute nodes.
In this example, the Red Hat OpenShift cluster is running with bastion host m1316001, and tools and commands are executed on the same host.
A mirror registry is running on the bastion host. It can be reached either at 10.13.16.1:5000 or m1316001:5000. The mirror registry in this blog is running with a self-signed certificate, hence TLS certificate check can be ignored.
Setup instruction:
1. Prepare image set configuration file and mirror imaged to mirror-registry.
1.1. Partially disconnected environment.
-
-
- Prepare
ImageSetConfiguration.yaml file as follows:
-
-
- Execute the oc mirror command.
# oc mirror --config
ImageSetConfiguration.yaml docker://10.13.16.1:5000 --dest-skip-tls
The output will look like this:
1.2. Fully disconnected environment.
-
-
- Prepare
ImageSetConfiguration.yaml file as follows:
-
-
- Execute the oc mirror command.
# oc mirror --config
ImageSetConfiguration1.yaml file://mirror
The output
will look like this:
Copy the directory /root/mirror to the destination host and upload it to the private registry.
# oc mirror --from ./mirror
docker://10.13.16.1:5000 --dest-skip-tls
The command output will look like this:
Make sure the images are available in the private registry.
2. Patch the OperatorHub to disable all catalog sources.
# oc patch OperatorHub cluster --type json -p
'[{"op": "add", "path":
"/spec/disableAllDefaultSources", "value": true}]'
3. Create ImageContentSourcePolicy and CatalogSource resources that were generated by oc-mirror in the Red Hat OpenShift cluster. The yaml file below is present in the /root/oc-mirror-workspace/results-<xxxx> directory.
Make sure that the Red Hat OpenShift global pull secret is updated with mirror-registry credentials.
If the mirror registry uses a self-signed certificate, make sure to add it to insecure registries so that Red Hat OpenShift can pull the images.
# oc patch image.config.openshift.io cluster
--type='json' -p='[{"op": "add", "path":
"/spec/registrySources", "value":
{"insecureRegistries": ["10.13.16.1:5000",
"m1316001:5000"]}}]'
4. Deploy OpenShift Data Foundation using internal attached devices.
Proceed with the OpenShift Data Foundation deployment after completing the above procedure.
Instructions: https://access.redhat.com/documentation/en-us/red_hat_openshift_data_foundation/4.14/html/deploying_openshift_data_foundation_using_ibm_z/deploy-using-local-storage-devices-ibmz
After deploying the OpenShift Data Foundation operator, make sure the console plugin is enabled. If not, enable it and refresh the web-console once pop-up appears.
Troubleshooting:
- If operators are not appearing in the OperatorHub, check for unhealthy pods in
openshift-marketplace project and fix it.
References: