Re-organized OpenStack documentation #7398
Conversation
openshift-ci-robot
added
do-not-merge/work-in-progress
|
@tomassedovic This does not yet contain any content updates; just a re-organization to see if it works for you. Besides the additions we talked about, I have the following comments. Let me know what you think!
|
|
/ok-to-test |
openshift-ci-robot
removed
the
needs-ok-to-test
tomassedovic
left a comment
tomassedovic
left a comment
There was a problem hiding this comment.
Thanks! I like the direction you've taken with it, with the slight exception of some of the optiona post-deployment stuff.
I've only done a rough read through so there's going to be more coming later, but I've pointed a few things inline.
Regarding your questions:
- yes, let's remove flannel for now
- we kinda sorta do provide lb servers in the case of more than one master. It's okay to drop that and I'll add the docs in #7209
- wrt access control we can link this doc: https://docs.openshift.org/latest/install_config/configuring_authentication.html
- yea manage_packages can be removed
- yes please, let's move post-install to its own doc -- or at least the optional bicts
- we can address dns, cinder and openshift_master_defaultt_subdomain in followup patches. If you want to do it here, I can guide you
playbooks/openstack/README.md
Outdated
| for production | ||
| * The keypair for SSH must be available in OpenStack | ||
| * `keystonerc` file that lets you talk to the OpenStack services | ||
| * NOTE: only Keystone V2 is currently supported |
There was a problem hiding this comment.
This is no longer true. I've been using Keystone v3 for a couple of months now.
playbooks/openstack/README.md
Outdated
| * `keystonerc` file that lets you talk to the OpenStack services | ||
| * NOTE: only Keystone V2 is currently supported | ||
|
|
||
| You may also optionally want: |
There was a problem hiding this comment.
I mean, it is technically optional, but I'd word it a little more strongly perhaps? Something like "you'll very likely also want these, but they're not strictly speaking necessary" but more concise.
If you can't figure out a way to say that nicely, just leave what you've got.
There was a problem hiding this comment.
Changed to 'Strongly recommended'
playbooks/openstack/README.md
Outdated
| ansible-playbook -i <inventory> openshift-ansible-contrib/playbooks/provisioning/openstack/custom-actions/add-cas.yml --extra-vars '{"ca_files": [<absolute path to ca1 file>, <absolute path to ca2 file>]}' | ||
| ``` | ||
| Please consider contributing your custom playbook back to openshift-ansible-contrib! |
There was a problem hiding this comment.
it's openshift-ansible now
There was a problem hiding this comment.
Fixed. Should we move the custom playbooks that are all still in openshift-ansible-contrib over here at some point?
playbooks/openstack/README.md
Outdated
| ### Logging in Using the Command Line | ||
|
|
||
| ``` | ||
| oc login --insecure-skip-tls-verify=true https://master-0.openshift.example.com:8443 -u user -p password |
There was a problem hiding this comment.
This must match the value in /etc/hosts so console.openshift.example.com.
playbooks/openstack/README.md
Outdated
| You can also create your own custom playbook. Here are a few examples: | ||
| #### Adding additional YUM repositories |
There was a problem hiding this comment.
I get why the DNS, oc client, UI etc. are back in the README, but this is really something I don't expect most users to be doing.
Maybe we could add a post-deployment document and put this stuff there? If push comes to shove, we can leave it here, but I'd prefer the README to be straightforward and just showing the steps you absolutely need ("look, openshift on opesntakc is easy") and putting all the optional bits elsewhere.
There was a problem hiding this comment.
100% agree! Just wanted to make sure people were okay with the configuration doc structure before doing something similar with the post-install stuff.
playbooks/openstack/configuration.md
Outdated
| * `openshift_openstack_etcd_flavor` | ||
|
|
||
| * `openshift_openstack_external_network_name` OpenStack network providing external connectivity. | ||
| * `openshift_openstack_private_network_name` OpenStack network providing admin/control access for Ansible. It can be merged with other |
There was a problem hiding this comment.
openshift_openstack_private_network_name is no longer being used anywhere. Feel free to delete this line.
| In `inventory/group_vars/OSEv3.yml`: | ||
|
|
||
| * `openshift_disable_check` List of checks to disable. | ||
| * `openshift_master_cluster_public_hostname` Custom entrypoint; for example, `api.openshift.example.com`. Note than an empty hostname does not work, so if your domain is `openshift.example.com` you cannot set this value to simply `openshift.example.com`. |
There was a problem hiding this comment.
I need to figure out if we can work around that. I'd love to be able to do that.
playbooks/openstack/configuration.md
Outdated
| * `openshift_openstack_provider_network_name` Provider network name. Setting this will cause the `openshift_openstack_external_network_name` and `openshift_openstack_private_network_name` parameters to be ignored. | ||
|
|
||
|
|
||
| ## Security Configuration |
There was a problem hiding this comment.
We're no longer deploying a DNS and the ingress_cidr values are not super useful for anything else (we control access with security groups).
And manage_packages is no longer used either, so this entire section can go.
| After a successful deployment, the cluster is configured for Cinder persistent | ||
| volumes. | ||
|
|
||
| ### Validation |
There was a problem hiding this comment.
This can be greatly simplified. No need to create volume claims or any of that any more. If you deploy any OpenShift provided template with a persistent volume, it will be connected to Cinder automatically (since OpenShift 3.7).
But if you don't want to dig around, this is fine for now.
There was a problem hiding this comment.
Ah, okay - I'll probably iterate on this after the next round of updates for this PR.
| * The Cinder volume should be deleted | ||
|
|
||
|
|
||
| ## Cinder-Backed Registry Configuration |
There was a problem hiding this comment.
This is another holdout from openshift-ansible-contrib that hasn't made it into openshift-ansible yet.
This PR will add the necessary support and update the docs: #6713
So feel free to just delete this section (but keep the PV and existing registry ones!)
There was a problem hiding this comment.
Ah, gotcha. I moved the existing registry documentation under this heading.
|
Coud you please also verify this doesn't break external references given in openshift/openshift-docs#6700 and openshift/openshift-docs#6020 ? |
|
@bogdando As far as I can tell this change should not affect that documentation, so I think we're good! |
|
@tomassedovic Thanks for the review! I've updated the PR to take your suggestions into account, other than the cinder/DNS cleanup and openshift_master_default_subdomain clarification. I'll work on adding a few missing items, and then do the remaining cleanup. |
tzumainn
changed the title
openshift-ci-robot
removed
the
do-not-merge/work-in-progress
|
@tomassedovic I've made the remaining changes (in separate commits so it's easier to spot them). I think that the DNS/cinder edits may best belong in a follow-up PR to separate out any potential discussion there. Let me know what you think! |
playbooks/openstack/README.md
Outdated
| OpenShift requires two public DNS records to function fully. The first one points to | ||
| the master/load balancer and provides the UI/API access. The other one is a | ||
| wildcard domain that resolves app route requests to the infra node. A private DNS | ||
| server and records are not required and not managed here. |
There was a problem hiding this comment.
Generally speaking, they are. Though not for the scope of that guide.
playbooks/openstack/README.md
Outdated
| [get-the-oc-client]: ./post-install.md#get-the-oc-client | ||
| [log-in-using-the-command-line]: ./post-install.md#log-in-using-the-command-line | ||
| [access-the-ui]: ./post-install.md#access-the-ui | ||
| [scale-deployment]: ./post-install.md#scale-deployment |
There was a problem hiding this comment.
This refers to unsupported contrib repo. Let's please remove such references.
There was a problem hiding this comment.
Ah, missed this one - removed, thanks!
bogdando
left a comment
bogdando
left a comment
There was a problem hiding this comment.
Well Done! LGTM, but please remove all references to unsupported contrib repo and align the external links with openshift-docs in dependency patches
|
@bogdando Thanks for the review! I removed the link to the scaling actions. The only openshift-ansible-contrib links left are in the custom playbook section, and I think that's fair because it references playbooks that only exist in openshift-ansible-contrib right now. I checked the PRs you linked earlier, and I didn't see any references to 'advanced-configuration', but let me know if I missed something! |
|
/lgtm |
|
@tomassedovic I updated the DNS and cinder sections - those should be the last changes to this PR! |
tzumainn
force-pushed
the
openstack-doc-update
branch
from
29d5723 to
5319e50
Compare
… configuration section
tzumainn
force-pushed
the
openstack-doc-update
branch
from
5319e50 to
7b22f41
Compare
|
@tzumainn: The following test failed, say
Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
|
/lgtm |
|
Automatic merge from submit-queue. |
5 participants
No description provided.