From 746afc6e30984c34295c65f4b9803ffb0abe9e99 Mon Sep 17 00:00:00 2001 From: David Kirwan Date: Wed, 15 Sep 2021 12:31:25 +0900 Subject: [PATCH] SOP OCP4 configure UEFI boot Signed-off-by: David Kirwan --- ...sop_configure_baremetal_pxe_uefi_boot.adoc | 51 +++++++++++++++++++ modules/ocp4/pages/sops.adoc | 28 +--------- 2 files changed, 52 insertions(+), 27 deletions(-) create mode 100644 modules/ocp4/pages/sop_configure_baremetal_pxe_uefi_boot.adoc diff --git a/modules/ocp4/pages/sop_configure_baremetal_pxe_uefi_boot.adoc b/modules/ocp4/pages/sop_configure_baremetal_pxe_uefi_boot.adoc new file mode 100644 index 0000000..0356f9f --- /dev/null +++ b/modules/ocp4/pages/sop_configure_baremetal_pxe_uefi_boot.adoc @@ -0,0 +1,51 @@ +== Configure Baremetal PXE-UEFI Boot +A high level overview of how a baremetal node in the Fedora Infra gets booted via UEFI is as follows. + +- Server powered on +- Gets ip via dhcp +- DHCP server uses `next-server` command to point the Server to next contact the tftpboot server and retrieve `grub.cfg` +- tftpboot serves `grub.cfg` +- Sysadmin manually chooses the correct UEFI menu to boot +- tftpboot serves kernal and initramfs to the server +- Server boots with kernal and initramfs, and retrieves ingition file from `os-control01` + +=== Resources + +- [1] https://pagure.io/fedora-infra/ansible/blob/main/f/roles/dhcp_server[Ansible Role DHCP Server] +- [2] https://pagure.io/fedora-infra/ansible/blob/main/f/roles/tftp_server[Ansible Role tftpboot server] + +=== UEFI Configuration +The configuration for UEFI booting is contained in the `grub.cfg` config which is not currently under source control. It is located on the `batcave01` at: `/srv/web/infra/bigfiles/tftpboot2/uefi/grub.cfg`. + +The following is a sample configuration to install a baremetal OCP4 worker in the Staging cluster. + +---- +menuentry 'RHCOS 4.8 worker staging' { + linuxefi images/RHCOS/4.8/x86_64/rhcos-4.8.2-x86_64-live-kernel-x86_64 ip=dhcp nameserver=10.3.163.33 coreos.inst.install_dev=/dev/sda coreos.live.rootfs_url=http://10.3.166.50/rhcos/rhcos-4.8.2-x86_64-live-rootfs.x86_64.img coreos.inst.ignition_url=http://10.3.166.50/rhcos/worker.ign + initrdefi images/RHCOS/4.8/x86_64/rhcos-4.8.2-x86_64-live-initramfs.x86_64.img +} +---- + +Any new changes must be made here. Writing to this file requires one to be a member of the `sysadmin-main` group, so best to instead create a ticket in the Fedora Infra issue tracker with patch request. See the following https://pagure.io/fedora-infrastructure/issue/10213[PR] for inspiration. + +=== Pushing new changes out to the tftpboot server +To push out changes made to the `grub.cfg` the following playbook should be run, which requires `sysadmin-noc` group permissions: + +---- +sudo rbac-playbook groups/noc.yml -t 'tftp_server,dhcp_server' +---- + +On the `noc01` instance the `grub.cfg` file is located at `/var/lib/tftpboot/uefi/grub.cfg` + +If particular changes to OS images for example, are required, they should be made on the `noc01` instance directly at `/var/lib/tftpboot/images/`. This will require users to be in the `sysadmin-noc` group. + + + + + + + + + + + diff --git a/modules/ocp4/pages/sops.adoc b/modules/ocp4/pages/sops.adoc index 0da08bb..38dabc8 100644 --- a/modules/ocp4/pages/sops.adoc +++ b/modules/ocp4/pages/sops.adoc @@ -1,30 +1,4 @@ == SOPs - xref:sop_installation.adoc[SOP Openshift 4 Installation on Fedora Infra] - -=== Configure the baremetal nodes to pxeboot with UEFI into RHCOS - -=== Create MachineConfigs to configure RHCOS - -=== Retrieve the OCP4 Cluster's CA Cert to configure haproxy - -=== Configure the Image Registry Operator to use NFS Storage - -=== Configure OIDC for Noggin/IPA in OCP4 - -=== Disable self provisioners role - -=== Installation/Configuration of the Local Storage Operator - -=== Installation/Configuration of the Openshift Container Storage Operator - -=== Configure the OCP4 User Workload Monitoring Stack - - - - - - - - - +- xref:sop_configure_baremetal_pxe_uefi_boot.adoc[SOP Configure Baremetal PXE-UEFI Boot]