 Good morning. Good afternoon. Good evening. Welcome to another episode of ask an open shift admin I am Chris short host with the most producer and showrunner for the redhead live streaming channels I am happy to be joined by the one and only Andrew Sullivan and Special guests were on global today. So Andrew we're talking about the assisted install Excited I am excited, but you have some things that you want to address first which I feel like today. It's very important, you know Yeah, so no, I'm I'm I'm happy to be here as well. I'm happy to be on the stream again I feel like you know, June was a little rough June and early July because of you know holidays and PTO and Yeah, all kinds of other stuff. So it's good to be back in the stream of things are so to so to speak So yes, hello everyone. Welcome to the ask an open shift admin office hour So this is a part of the office hour series of live streams here on open shift TV Which means that we are here to answer your questions Whatever they happen to be whatever is top of mind Whatever you want to ask you're more than welcome at any point in time to ask those questions Whatever platform you're watching us on they get rebroadcast across all of them So we'll address those questions as they come up We also have a topic each day where we find something that is interesting Or something that we hope is interesting to you all and relevant to open shift and open shift administrators to talk about and today that is the assisted installer, which is the Least kept secret of a most amazing feature that is coming in I say it's a terribly kept secret because we actually covered the open shift installer about a year ago way back Yeah, so three But there's been a lot of changes and a lot of things that are happening with the assisted installer So before I get to the top of mind topics today, I wanted to introduce our guest who is moron or excuse me Moan, I'm I'm terrible at names as many many people have heard me say just ask my children I confuse their names all the time so my apologies But ma'am, please introduce yourself So hi everyone, my name is more on good boy. I'm a product manager for reddit open shifts Dealing a lot with the installation experience specifically with the system installer as well as with the edge type of deployment use cases as so You will be hearing about single load open shift, which is a solution We are issuing as a deaf preview with our coming fold of eight release So I'm meeting that one as well as kind of multi cluster type of deployment options Integrated with the reddit advanced cluster management as well Perhaps you're going to talk a bit about that one as well. Yeah, so that's me Thanks for introducing. Yeah, and there was nothing there. I didn't love, you know, a ACM You know assisted installations single load open shifts. Yeah, that's I'm I'm so excited for all of those things and particularly, you know, we've we've had Catherine on before You know to talk about the installation and the installer process We've had to char on and and I bring up to char specifically because, you know, we talked a little bit about ACM and about how We're seeing customers with this trend towards more smaller clusters And I think tools like the assisted installer And integration with ACM just make all of that that much better. So It's all of this is really exciting to me. It's one of those, you know, I joined red hat Just before open shift four was released So so it's like watching a child grow up and you know, go from crawl to walk to to run basically So as I mentioned, I and as most of you know, who have watched the stream before I do tend to have a list of topics that what I call the top of mind things And we spend the first few minutes of each show talking about these topics And they are things that I feel are relevant to you all to our audience And things that I hope are Beneficial and and useful for you to know And let me switch some tabs around here and let me share my screen We use so many video conferencing things these days that I can't I should be used to this. I know The the issue is Particularly with zoom because it makes all of the windows small and you know, we all have like 400 windows open I have to figure out which google chrome window is the right one to share. Yeah I wish they would take up the whole screen with that ui for screen sharing Yeah, so you should be seeing a v-center window at the moment. Yes, we do. All right So the first thing that I want to bring up is Oh tomorrow tomorrow is the what's new presentation. That's right So here on open shift tv. I think it's a little bit before this time. Is it 10 a.m. Tomorrow 10 a.m. So 10 a.m. Eastern tomorrow here on open shift tv The product management team will be delivering the What's next which is the roadmap presentation for open shift? So I will be here. Chris will be here I'm sure we'll have a couple of others to answer any questions that you may have so anything that You know, if you don't understand what what a particular thing means if you want to ask if something is coming If you want to ask why something isn't coming We're more than happy to answer those questions if we can or Communicate those directly over to the product management team so we can get those answered So those are always popular. They're a great way to find out what's happening in open shift in the next six to nine months So the next thing as chris alluded to Is and actually the next two things Are related to cvs. Yes, so This was uh, yeah, this was a big one. Um, you can see it came out yesterday July 20th So effectively and I haven't dug too much into this But essentially this is a vulnerability that is in system d Where and you can see here a local attacker can crash system d and the entire system Yeah Yeah, so deal big big deal As we scroll down through here, you can see it affects red hat enterprise linux 8 Both of these affect red hat enterprise linux 8. Remember rel 8 is the basis for core os Which is used by open shift, which means that if we scroll down here far enough will eventually find affected products And that will include eventually Um, it should include red hats. We shouldn't shift into here somewhere Uh, anyways be aware of this pay attention to the mitigation factors that are inside of here You can see the diagnose and all of the other things Uh, like all cvs like all security os patching things. These are addressed through open shift updates Uh, so effectively when you update when you upgrade open shift It will also update core os inside of there. So this is rpm os tree where we've talked about this back in What was the episode we did with mark, uh, we did an episode of around core os With mark russell. So i'll dig up the link and see if we can post that one in there in case you're curious Um, but yeah, pay it. Please. Please. Please pay attention to the cvs Be sure to protect your system Against these types of things and you can see all of the details inside of this Yeah, sir, if you have system d in one of your containers hatchet Yeah, oh, that's a good point. Um, it is possible to, uh, stuff system d into a container and use that to We have a knit and knit containers with just like gdi images. So yeah, so yeah That'll be important as well to update your container images. Um, that happened if you happen to have system d in there Yeah, or if those containers are running on a box with system d, which is incredibly likely Since what rel six, yeah, wouldn't we move to system d rel six and rel seven seven, yeah so First cve addressed. Yeah, so the second one The second one which came up. Um, so you can see again, this was published get out of your menu yesterday around helm and This one is not necessarily new. Um, red hat actually published it as a cve back a month ago around A vulnerability with publishing and I'll if you haven't already chris. Um, I dropped the access to red hat.com link and I'll drop the article next. Okay, the news deck. Okay So if you haven't seen this article, it does a great job of explaining what the vulnerability is essentially The helm client sends the username and password as a part of the url to Yeah, yeah to the helm repo Even if it's not the repo that it's meant for So yeah So yeah, you can totally flub a username. Yeah bad on a few different levels Not the least of which being url encoded means that it's just out there And being sent in the wrong encode not an encrypt Um, so the fix here is and as the new stack article points out is to update to helm version 3.6.1 or later Now interestingly if you look at this cve Uh, so this cve is in the process of being updated. I expect. Um, I know there was a little bit of Back and forth internally this morning around this is only addressing a cm and the version of helm being used by a cm Yeah, we know that helm is used by the core open shift product as well So I'm expecting some more information to come out about this and in particular some updates to the helm client being used So just uh to show us here If we go to The uh client's mirror here on mirror dot open shift dot com So for reference, this is if you just go to cloud dot right at dot com, which I happen to have up actually If you go to downloads Which is and yeah, we talked about this last week So if you hover over this and it's really going to be really hard to see on the screen So I'll just right click and do a copy link address If I paste that you can see this takes us to mirror dot open shift dot com slash pub And if I remove the section here specific to the open shift installer, we have among other things helm And you can see the latest one in here is 3.5. So I'm expecting some things to change inside of here At some points. I don't have details yet because well, it's only 11 and 11 here on the on the east coast so I'm expecting some things to change here in the in the not too distant future if something changes Uh before friday morning. I will include that in the blog post So for anybody who doesn't know we follow each one of these live streams with a blog post that summarizes everything that we talked about With links directly to where in the recording we were talking about it So normally those go out friday morning. Um this week. It happened to be a little bit late Well, you know apparently the yeah The blog maintainer got stuck via air travel and some Yeah, and unusual circumstances and such. Yeah, here's an example from last week where we have everything that we talk about I can pick on any one of these and it'll take us directly to that link. So It's a great resource. I definitely encourage You know, if you missed an episode or if there's something specific you want to look at to refer to the blog post But yeah, I'm certainly not going to be upset at the open shift.com folks I know that they are busy because there are some other changes coming in the next one week and a half or so So don't be alarmed if you're open shift.com slash blog links suddenly change to red hat.com links In the near future that is planned. I should be transparent. You should notice any difference. Um, right Yeah, if you got any links bookmarked, that's all going to get handled. Yeah Yep so Just be just a heads up so moving away from slightly depressing security things Uh, let's talk a little bit about a question that I have seen come up A few times now, um, you know when we deploy ipi and You know, what happens is we rely on The machine api operator to interact with that underlying infrastructure provider So i'll i'll pick on vmware because that's actually what we're talking about or what I will be talking about here So what that means is that machine api operator Talks to vcenter and says hey create me a virtual machine that is it's a clone of the template in the case of ipi That has you know xcpu x memory, you know y network adapters so on and so forth But there is no other awareness in that Machine api provider around other features and other capabilities inside of open shift or excuse me inside of in this case vSphere Right, it isn't aware of things like drs clusters. It just says clone this template and You know, it does put it into a resource pool It can put it into a cluster, but it isn't aware of all of those other things So the question that's come up is you know, hey, I want to Have open shift and the machine api operator configure things like drs rules anti affinity rules for those nodes You know, it makes sense from a high availability perspective to configure anti affinity rules for at a minimum the control plane nodes Right, we want to be able to survive a node failing And if all three control plane nodes are on the single on the same hypervisor node, that's bad So unfortunately, that's not something that's available today so you would need to After deployment, you would need to go in as the vSphere admin and create those drs groups It's pretty straightforward. So I'll go to Settings here and from here we've got drs. So in my cluster, it's actually broken So this is my lab cluster. So I actually Deliberately break drs by turning off the vcls vms In an advanced setting because I don't want them to use those resources because I need those resources for other things anyways, you'll want to create vm slash host groups The easiest thing to do is to create a group. We'll name it Because that's the name of the cluster control plane And we will add some virtual machines inside of here Thank you for VMware for not making it obvious. Which one of these is which? We're just gonna guess So they're they're vms that are named the same but they're in different resource pools and different folders Well, which I can tell some of these are not even on because yeah, none of them are on. Yeah, okay So i'm just gonna randomly select three of these and and hit okay What we'll do is so that now puts all of these vms into the same group And then we can create these hosts or vm rules. So we'll add a rule. We'll call it the vav control plane empty affinity And we want to select to separate virtual machines here And we will then simply select our virtual machines. Oh, you're not gonna let me select a group. Are you know that figures? So I created the group for nothing but no worries I was right before you or maybe as you joined our our green room meeting I was saying how this is the the second time that I've been in an empty house with the kids like actually in school My wife is at work. It's yeah, it's very strange Uh, if that was the case until about two some two minutes ago Very big day in the short household max is officially no longer allergic to eggs. So we're very happy about that Nice congratulations One less thing to worry about. Yeah, exactly. Um, as you know eggs are in literally everything So we have to be careful with literally everything and yeah, no, that's kind of a big day for us. Yeah Um Yeah, so congratulations. Thanks So just to summarize real quick. So our vm host rules We created that anti affinity rule. We can see down here We have our three control plane nodes and we basically told it. Hey, don't put these on the same node I will say I always encourage folks to use soft anti affinity rules Um instead of hard anti affinity rule and the rationale for that is You know, in my case, I've only got two nodes, but let's say you only have three nodes Right and one of those goes down, right? Is it better to have Two open shift control plane nodes on one host With some increased risk there or is it better to have increased risk associated with only having two control plane nodes? Because the third one wouldn't be able to restart um, I tend to favor the Better to have xcd have its You know a full set of resiliency and redundancy and risk the cluster just going offline at that point, right? Fully going offline Then to run in that more more what I perceive to be a more risky scenario The other thing that you may want to consider is increasing the priority of open shift and the Nodes associated with it. So that way should you have a node or several nodes in your cluster? You would be able to write as it restarts virtual machines as as these sphere restarts virtual machines The open shift nodes get higher priority both in when they get restarted as well as in resources Now this is going to be a very individual, right? I'm biased because well It's open shift and of course. I love open shift, but this is really it's ultimately a very personal decision to your organization Uh, because Open shift is a concentrator of apps, right? Each one of those open shift virtual machines is probably going to have you know, many different applications containerized applications for your organization So it may make sense for you to then, you know Hey, there's 10 apps in open shift whereas each one of these other vms is only one app or only one portion of an app Um, so it just prioritize appropriately, you know, take into account whether or not that can affect your overall recoverability strategy And oh the last thing I've got very quick very easy one So if you weren't aware with open shifts, we now have socket based licensing So if you are using a bare metal a physical nodes, essentially anything that does not have a hypervisor between open shift and the host You can use socket based entitlements So instead of core based entitlements So what has come up a couple of times is can I deploy a virtual control plane with physical worker nodes? Or vice versa, right? So some mix of physical and virtual. Yeah, the answer to that is yes, you absolutely can so one from a a purely implementation standpoint, you just need to make sure that you deploy with the platform agnostic non-integrated method basically platform none And that's because you can't mix cloud providers. You can't have some nodes that are VMware with the cloud provider integration and some nodes that are open stack, right? That just kubernetes prevents you from doing that not open shift kubernetes, right? Uh, the second part of that is yes, you can absolutely mix entitlements inside of that same cluster as well So from a kind of logical, you know, am I adhering to the red hats, you know entitlement rules? Yep, no no issue with that whatsoever and a lot a lot of folks we found Probably a surprising number That's a something that they want to do to be able to optimize their workloads for the right type of host at the right time And one of the most frequent ones is GPUs, of course Being able to put, you know, have a physical machine with many VP or many GPUs in it And then putting containers on that machine to optimize utilization, right? Okay, that's all I got Oh Moran, moran, you're up buddy Yeah, so I wanted to and let me find the right tab here So I wanted to kind of kick this off with and I wanted to ask You know, and I can give you an answer, but I wanted to hear your answer and hear your perspective of Specifically, what is the assisted installer and what is the goal of the assisted installer? Great, so I think I think that's a great question to start with So basically assisted installer is a layer on top of OpenShift install It uses the same mechanism of OpenShift install to generate installation artifacts. It's just that It provides a kind of a nicer user experience and then end-to-end flow To make sure you're taking the right choices and those are making sense from an installation perspective so making sure that we are increasing the success rates of the installation Due to elements like validation And making sure that the installation can can actually be deployed successfully from the get-go And kind of saving all the little mistakes that can be done when using YAML-based formatting and such and so The layer of validation and easier layer of customization So say that you want just to tweak the hostname or Different sider or add an NTP or provide static IPs for the configuration We're just making sure that You can simply change that aspect, not the entire end-to-end deployment configuration In addition to that it's it's really important for us to do the overall monitoring of the process making sure that from the get-go You've got a clear view of where do you stand with regards to the installation and also like all the events All the events and and monitors that comes up And to be able to see that your cluster actually deployed successfully so not just from an installation perspective also that the Cluster validation operators, which are the core fundamental operators to run the OpenShift platform Are up and running and all the needed configuration that you've put in is applicable so That was one of the main aspects of usability and and the Success percentage ratio to increase that in addition to that We were mostly focused to begin with on bare metal and this is where it was important for us to kind of Reduce the minimal requirements for installing a cluster So if for example for any OpenShift deployment, you need a bootstrap node an additional bootstrap node on the side to do all the installation manifest generation And we it was really important for us to encapsulate that within The nodes that are targeted for the installation So you don't need an additional computer resource that with bare metal cases. It is very Precious one to to include and Yeah, so I think I think that covers most of the reasoning To be able to provide an installation experience That are that is also applicable for a persona, which is not a cube cube admin type of Yammel based persona but more for the traditional it Persona that is comfortable with GUI and restful API to to perform the installation process Yeah, so so there's a number of things I want to unpack there So first there's a ton of great questions here in the chat Yeah, starting with starting to defer here. Yeah, so so starting with sun zero. Um, yes, this we are real We are a life. So you are absolutely. Um, please ask questions as they occur to you So I am going to I want to show kicking off and installing a single node OpenShift cluster and because that'll take probably 25 to 30 minutes. I want to go ahead and get that started now and then we'll we'll address those questions So just kind of real quickly here You can click the create cluster button. There's also this assisted installer clusters. Um, so I'll just show the Create cluster and then if we switch over to data center up here at the top, we have assisted installer We'll hit create cluster So I don't have any clusters, right? So there's none that show up in the list here So we'll just go ahead and create a new cluster I'm going to very creatively name this snow single node OpenShift Wow, so creative. I hey, you know, I may have marketing in my title, but that doesn't that doesn't mean that I Doesn't mean you're good at it. What? so Uh, so I my internal network name domain name is work dot lan I do want to install assisted or a single node OpenShift So as far as I know, this is the only way to install single node OpenShift today Uh, it is also by far the easiest. I think I think you can do it with the regular installer, but it's Um, it's not as easy. I'll I'll put it that way installation which requires an Arcus live generation it's similar to any other upi installation long and tedious So that's I I agree that would be a great way to write out So I do see that this is uh, this was updated. This is now an rc3. So that's good So OpenShift 4.8 is the only option with single node. Otherwise, you would have the option of uh, 4.6 and 4.7 So we'll go with that I hit next So this next phase is mostly the same for all of the install options of whether I chose to do Single node or a regular node. Let me close that so that way it's a little bigger so what we want to do is Generate a discovery ISO and what this is going to do is effectively It will create a core os boot media that can then be attached to the machine And it will then boot up and then it will reach out and we'll see it pop into the interface here Um, let's see if you've seen if you've seen this new option Andrew by the way, I have not I was just now noticing that Yeah, so you've got like we have added the option to Basically generate an entire ISO like we did in the past which is more fitted to a usb drive installation method But we also introduced a new way of installing which including a minimal iso that includes only the initiality And to be consumed for the service. So it reduces the download from 900 megabytes to something like 100. So it's much faster to download And we are actually serving the iso Via https so The machine comes up and it reaches out to the service and the iso is being served from there Via https it it is more fitted into virtual media, which is more sensitive To those type of flows, but you can work with it and try it out now as well Yeah, I'll uh I'll I'll test it out just to see let's give it a little so very quickly just posted my public key in here I don't need a cluster to access the outside world if I did you can put that directly in here The proxy me. Yeah. Yep proxy config. So proxy host username password all of that And then I'm going to download the iso So I do like this that it gives you the uh the urls here directly to download and I think yeah super handy That's what I usually use and mawn you mentioned that there's an api for this So I I've seen some folks use ansible and I'd have to dig up. It's it's scattered all over github Like ansible playbooks to use the api to generate The new cluster and assisted installer to pull down the iso to then attach it to You know virtual machines or whatever it happens to be all in an entirely automated fashion. So yeah, like one thing to To remind everyone api is there like that's the way that the ui talks to the service So using the same api mechanism. It's just important for us to know that The tooling is not fully supported yet meaning that the api is not also fully supported yet we are walking towards that but Uh, that's the one thing to To make sure that everyone understand In addition to the ansible playbooks you were mentioning there is also a cli based soon for assisted installer that has been written And on python Which is very useful if people find it very useful as well again kind of an open source development on top of the api um So yeah, those are the options available to interact with the service Let's see why it's not allowing me to It won't allow me to upload the iso. Oh vmware. Why why are you? really Oh certificates the browser doesn't trust. Okay. Ah, well, that'll do Um, can I accept you now? trust Always trust always trust, okay Um, could it be because I need to go to the host Ah, there we go. That's why if you didn't know, um If chrome throws that issue you can, uh Type where it doesn't allow you to say yeah Yeah, you can type uh, this is unsafe and it'll move on past it So let me go ahead and do that right along Both of my nodes here. Oops. Come on There it goes So advanced this is unsafe all over case. No spaces And we'll do the same thing with our certificate Here's a question for you ma'am on what while we're waiting here. Can we install the Can we use the assisted installer to install via ipv6 yet? So, um ipv6 Is a No, it's a capability that we've added to assisted installer Uh, cool To basically address some of the on-prem disconnected type of deployment I would say that on the service side, it's less relevant. So since we don't have the mechanism yet on plow dot reddit dot com Uh, to provide support for ipv6 routing as well on the website. And so that's mostly the limitation When starting to address ipv6 in their connected environment for the disconnected option When we get if we get to that to talk about the asm integration, we do support ipv6 Okay, cool So all i'm doing here you saw I uploaded the iso. Uh, I attached it to the vm. I told it to uh to boot It is now booting And after it goes through this process, uh, it's downloading as moan said it is downloading the uh root fs image here from mirror dot open shift dot com So instead of that initial iso download of 900 megabytes. It was an initial iso download of Who's 90 something? I think 100 ish And now it downloads just the parts that it needs here Exactly So another question. Um, well it's downloading all the things Matthew bach asked let's say we don't want to host dns because all we have are three ocp nodes How what can you do in that regard like can you Somehow answer this question of like would you use a managed dns product at that point or what would you say to somebody that was like I really just want the cluster. I don't want to host the dns. Yeah, so in in the context of Let's let's say for example signaled open shift as well as the regular cluster department The dns for the installation portion is already embedded within the cluster installation. So And we are uh adding a service called core dns that handles the clusters dns name resolution And that works perfectly on on signaled open shift as well as on regular clusters And so like in this example for for for instance For the internal routing in within the cluster, you don't need any dns service Obviously, if you want external access to the cluster This is something that you need to resolve either either via a kind of static routing host type of manipulation You need to take care of the outside communication going into the cluster somehow if you don't have Okay, general dns service running And to be clear, I I'm not doing that inside of my lab. I've I've already I created dns entries in my lab for these nodes. So so Using the installer disconnected like we're getting asked a few times now. I think about disconnected installs How would you go about doing that along So one thing that we are like we are looking at it from two perspectives One is how do I install multiple cluster when I already have a kubernetes essence and This is where the acm integration All that we've done with between assisted and acm coming into play This is going to be a tech a depth preview in the acm 2.3 release, which is coming soon And that's kind of addressing the the multicluster installation from an actual kubernetes essence that I already have The one gap that we got left To basically proceed with is the cluster zero installation. Like I've got nothing. I don't have any Now I need to install some like the first cluster and how do I do that? And so one thing that we are trying to articulate and walk Towards now is the open-shift appliance. We call it or open-shift installer appliance Which will be this type of similar experience. I I download some iso. I boot it up and I get Ui and an api to do cluster deployment This is on our roadmap and something that we're going to continue to explore towards fold of 10 and we need to see how that Is progressing but definitely and we we've got the understanding that This is currently an area that we haven't addressed yet and we are planning to do that Cool. All right. Good to know it's on the roadmap. Go ahead, Andrew. Yeah, real real quickly I'm just gonna cover this so we can kick off the install So I'll actually go back. So we have this option install an open-shift virtualization if this was a Traditional full cluster. We'd also have the option to install open-shift container storage or open-shift data foundation So directly from inside of here. I can choose to install those different features of open-shift Including the configuration option. So I know it'll look for the disks and stuff like that with ocs So we're not going to do that. You can see it detects the node. It gives us some details about that node Including I can come here and say Edit host. So if I want to do something like change the hostname that it's using You can also change the installation disk. I'm not sure if you've seen the bad option already like I have the game Because I use local storage on my notes. So sometimes I do have to say like install here Yeah, I have seen it. I just don't have it on this one because it's only got one one disk that's available. So If we hit next here, um, it detected the subnet that it's on and it asked me which one it wanted to use So essentially this is the equivalent of in the install config dot yaml the networking dot machine network dot sider If I do need to change things inside of here, I don't want to customize the cluster network or the service network And aside from that, that's that's that's it, right? Here's the summary everything that i'm going to be doing or that it's going to be doing And we hit the button and now we just wait Uh, so there's a couple of interesting things that I think uh are available here So first and foremost is view cluster events, right? It'll tell me what's going on It gets that feed of logs coming out. So this is essentially the same as uh When you're running open shift install wait for, you know bootstrap complete, etc Another interesting thing to note here. This is single node open shift so it is all one node both bootstrap and control plane and worker nodes and There's some magic that happens in the background to flip from bootstrap to, you know control plane slash worker But with a regular cluster deployments, whether it's a compact three node or five plus node It doesn't need a dedicated bootstrap node, which is something that I think is awesome Basically, it's smart enough to say i'm just going to choose one of these nodes I think it usually uses a control plane node if i'm not mistaken And it says i'm going to use you as the bootstrap node and i'm going to bootstrap the cluster And then just turn that node into whatever it's supposed to be at the end of it, which is really cool really cool Um question and chat here, which I think is interesting If I did this as a connected install And then disconnected it and put it in a standalone environment would it come back online gracefully? Yeah, that should be that's what I was thinking that should be the the procedure you can make it disconnected Obviously would lose the ability to update it or upgrade it Yeah, you'd have to have a function for that, but yes So that that brings up a couple of interesting questions for me So one I haven't we haven't talked about this yet, but I wanted to point out that the open shift installer Excuse me the assisted installer and that iso that it hands us for the nodes It does a little bit extra Right in particular like if I declare that it's you know, this is a control plane node It'll do things like it'll do An fio on the storage to see if it meets the requirements that have been declared in the open shift to the kcs Right, there's a number of of checks that will run to basically say hey There's a good chance of succeeding or something's not not right here. So I think that's really cool But the the question that I had was is there When Catherine was on the show she was saying that essentially at the end of the day after you deploy an ipi or upi or bare metal cluster There's very little difference between them, right? By doing a a non integrated not bare metal a non integrated cluster versus ipi upi You don't have the cloud provider, but otherwise they're effectively the same. Is that true with assisted installer as well? Yeah, the output the cluster output that you get is It should be the same as you get with the bare metal ipi. So so today with With sno, we are basically deploying it as a non platform because it doesn't need it doesn't really need The cluster or machine api because it's a single node to begin with so we you're kind of saving all the extra memory or and compute when it comes to a integrated load balancer or HAProxy and and so on as well as the machine api And so we are in we are deploying it with platform none. We are adding some manipulation to that but It's effectively the same thing as you get with regular ipi or upi install. Got it. So it's using the It doesn't count as a load balancer when there's only one node because there's nothing to load balance But so effectively that api in point that start out apps in point. They're just coming into the standards You know, it's it's ha proxy with the The ingress controller that's used by open shifts, right with single node We are using the the machine interface to do that since we don't need the ha proxy and and those type of configuration I think I think it would also be valuable to talk a bit about Open shifts single node open shifts and and why did we come up with that deployment option? and so Originally, we kind of targeted the towards edge and and production edge telco 5g type of deployments and it was really important for us with Seeing the marketable turnkey on the edge side Getting bigger that we have an open shift that doesn't have a dependency on a centralized control plane So we had in the past the option to deploy a remote walker node now This remote walker node has a dependency on what we call a supervisor cluster cluster which manages The workload scheduling and such and many organizations came to us and basically said we need this type of workload autonomy We need this type of cluster to be independent and not dependent on any other cluster specifically in rural areas and Put it on a submarine or put it on a ship or we need this type of independence and this is why we came up with Single node open shift. So first of all, it's the dependency aspect. Another aspect is the To provide a consistent application platform from data center to the edge. So basically keeping Open shift as much as open shift as we can on a single node. So we came up with the slogan It works like open shift. It works like open shift on a single node Because if you think about it like from a scheduling perspective, you don't need you don't really actually need Kubernetes kind of advanced scheduling system on a single node But what really matters to our customers is to have this type of consistent application platform So a developer that develops Software in the data center can push it all the way to the edge using the same tooling same operational model and and this is where we see lots of value on on on the consistency of the platform behavior and The main thing is that it fits within the constraints of a physical footprint of a single server. So The ability to start bringing open shifts to Areas that it couldn't Live before so whether it's retail store or all these type of mess type of edge deployment were Every physical box matters. So Those were the main reasons and for that also as Andrew was saying we We have been invested in in what we call bootstop in place for this deployment option So specifically for edge deployment. It was really important for us not to Kind of eliminating the need to provide additional compute resources next to the Target that you want to deploy This is where we came with bootstop in place. It's a mechanism that allows you to generate all the installation manifests that happening during bootstop process on the live Alcos iso which is running now The the the tricky thing Was there that we are kind of saving all the meaningful artifacts that we need and For later installation on the machine hub, right? Well, we keep all the things that we don't need on the live iso and this is where we we when we pivot this machine to to start from the From the original disc we've got all the artifacts ready and we just need to put the right ignition and and the machine is coming up And this is what sorry coincidentally. That's the phase that we're in right now with our single load install. Yeah Perfectly timed Go ahead. So right now that the machine is actually rebooting and and igniting with the target ignition To start the cluster to start the initialization phase of the cluster So like it is still in rebooting and probably would be there in a couple of minutes while doing all the Doing all the generation Exactly and then It will come up and starting to to act like a regular cluster So there's a a few questions that I wanted to yeah Hopefully we'll be able to get the cluster up and running and we can show it but with 13 minutes left It's a it's borderline So I can show I was I've been using single load open shift for the last few shows So if you've seen me show a cluster, it's probably been snow in the last few weeks So we can always a link to that to see an example But as you would expect it's it's open shift just with only one machine So a couple of questions here So is static IP assignment supported with assisted installer or is dhcp required? So currently the default is dhcp static ip allocation is there on the api level We are going to build a spot of the roadmap plan is to build the support for static ip allocation as well It is actually there in the api level It is using nm state format to define the different interfaces So it's a roadmap item and it is coming. Hopefully soon enough Very cool. I do love me some nm state Um, you do. Yeah, I know it does take some getting used to write the You know expressing your network configuration as yaml You know and desired state through nmcli or the the network manager Yeah, so yeah, it does take a little bit of getting used to but I find it to be pretty convenient And it's it's used in a couple of different places in red hat. So for example red hat virtualization uses it Can we deploy using or does it require and I can't see the I'm just remembering this one. I don't I'm not finding it in the chat of Does it require the disk to be blank or empty or can you use an already used disk and it will wipe the disk for you You can use already Already use disk and it will wipe the disk for you one Aspect that we are not covering yet on that regard is the when we integrate it with cnv And therefore we're going to use the extra disk for lso This is where we don't do the cleanup yet, but that's kind of an additional improvement that we want to put To incorporate also lso under the same experience local storage operator okay, and just To explain the acronyms there. So cnv is container native virtualization, which is The old name and the name still used by the engineering folks for open shift virtualization And lso local storage operator as you said is what allows you to consume local disks for whatever you need to use them for on an open shift node So and I didn't know that I didn't know that with open shift first through The assistant seller it was using lso That's that's interesting. I didn't realize that either, but yeah Makes sense It's basically using the same mechanism for ocs for open shift container storage So open shift container storage needs lso at the underlying infrastructure to plumb the The hard drives to the kubernetes level and this is where ocs gets on top So we kind of use the same mechanism to do it with cnv and lso since cnv usually needs kind of persistent storage and Preferably a block device So this is where we found lso to be very efficient and Can provide a kind of a minimal needs not sure storage right but At least the the minimal requirements to operate with cnv Um, I see and I just responded to uh cragger here in the uh In the tracks Craig works here right now. Oh, okay. Um, I for some reason that username makes me think of craggle from the the lego movie Oh, I don't know if you remember that. Yeah, definitely Anyways, um, so I don't I don't know if we ask the question that he asked way up here at the top about whether or not anybody is working with Introducing or supporting okd and support. I think is a loose term here But whether or not okd will work with assisted installer at any point I think there were some conversations around that in the past We we haven't got into the state of of actually Moving it forward, but Might be an interesting topic to to explore Yeah, I'm I'm in the kubernetes Um slack So I see a lot of questions about okd that are happening in there So I know the community is interested in that I don't know and I assume that you and the engineering team are probably focused on just getting to ga with open shift Never mind okd at this point. So Um, was there I'm I'm trying to look back up in chat here. I think you got them Started installation for one node. Yes, you can do that. Can you use it with only three masters? Yes, we answered that Um, yeah one thing to note about So resource requirements So the minimum for single load open shift right now is uh eight cpus and 32 gigs of memory, which is what I have allocated here Right, uh, if you're doing a compact cluster or a three node cluster where it's three control plane nodes that are also workers The minimum is effectively the combination of the minimums for control plane and worker nodes So control plane is for cpus 16 gigabytes of ram Worker node is two cpus and eight gigabytes of ram. So combined it's six cpus and 24 gigs of ram The other thing to be aware of is and we've talked about this a number of times here on the stream storage Make sure you allocate enough storage. I think I gave this one. Yeah, you can see 260 gigabytes ish Yeah, so make sure you allocate enough storage for it to be able to pull all of the images that it needs and everything that Will be necessary and I think it was the open stack installation docs. Um, I suppose I could look here So at one point the open stack docs Had a good open. No, well I good was relative. It said something Oh What what it what it had was like the minimum was 25 gigabytes or something Um, which yes, it it will install But it won't run for very long because it'll quickly run out of capacity It'll run out of disk. Um, and then the nodes will go offline and that's not good So generally the the minimum is 120 gigabytes of disk for any One worker type or one. Yeah role playing worker node. Uh, if you're combining roles I tend to use 200 gigabytes for a compact cluster and you can see 240 plus for a single mode cluster Um, oh look it it installed just like that. Hey, it's done. Maybe uh, so initialization time Yeah, so See where we're at And view cluster events so it's in the finalizing process Okay, um, so what I'm gonna do is download this kube config file and Behind the scenes. I'm going to move that over to my bastion host And then we can hopefully connect over to it. Cool. All right. This is your five minute warning Thank you All right, let me share this window Woo-hoo new share I turn go Hopefully you're seeing a lovely I turn window now. Yes All right, so uh inside of my directory here. I thought I had oh no, I didn't It helps if I put the colon afterwards. Otherwise it just renames it to that You wouldn't believe the number of times I do that to myself So we now have this kube config no ingress. So if I do a Export There you go Just $2 Yeah, I can't talk and type at the same time. Yeah, I just have to yeah And now if I do an oc get node It works. We've got our our one cluster node here. I can do an oc get route dash a Oh, it's still initializing so Oc get co Yeah, so we can see our Our oc get co is a bit of a mess here as it's finishing up the install. So But everything will eventually come up over time like like I said 13 minutes is pushing it a little bit especially because I'm I'm scraping by with the bare minimum requirements here So it'll take a little extra time, but the point is Yeah, it it works it it does works and it works very well and Mawn, thank you for that Yeah, I love and sometimes I'll give demos of like open shift things and I Peter Lauterbach is great because he he sometimes calls me out Because he's I tend to say this is not meant to be an exciting demo Right. This isn't meant to be a big flashy thing, right? It's just it it works exactly as you wanted to exactly as you expect It's not surprising. It's not You know alarming when it works the way that it's supposed to so I feel like something like single node open shift falls into that category It deploys a cluster to one node It's it's really cool. And I'm really happy we can do that, but it shouldn't be exciting It should be predictable because that's what we want, you know, especially as you were saying on edge deployments It it could be thousands of miles away. You don't want to have to you know call somebody to figure out like Hey, can you go out and figure out what happened here? Right? You want it to be predictable Yeah, and more than that to be honest with you, we kind of track the the success ratio as of the Installation and and we see kind of a higher success ratio And when doing it with single node open shift, it's simpler How do you deploy it and and the Engineering efforts around, you know, bringing up a cluster from a single node is is much Easier than than three nodes. So we definitely see a good A good success ratio with those types of deployments. Yeah Yeah, you can see I definitely jumped the gun trying to connect to the cluster So while while kubernetes is up and running not all of the open shift components are we can see it's still Got a question here though. Can you use the assisted installer to add a node? Long after a cluster's deployment So actually we actually had this feature for a long time now And you can do it from the ocm view when you go to ocm and click on the cluster And that has been registered back to ocm You should be able to To add a node to that cluster in that specific in this specific case is s and o because it's Exactly. So probably not an option there But for any other cluster that we're doing you can click on the cluster from not from the assisted installer of you But from the ocm view which by the way, we've integrated The assisted installer of views into those into that as well um And you should be able to uh to add a node from that from that pod Oh, that's really cool. I hadn't realized that all of this was in here. So It's showing me so I if you saw I switched from the installation view So if I go right if I were to click create cluster and then go back I would be able to see my single layout open shift here But this is the regular ocm view as you pointed out and I can get get details in here Yeah, yeah, lots of lots of work has been done on integrating those portions and on the multi node cluster you would also have the option to add an host and For that you generate a new iso And to bring up your new host to the cluster And yeah, it should be working cool All right. Well, we are For better or for worse out of time for today. So Uh, thank you mon really really appreciate you coming on. I know you're just coming back off of pto. So, you know, what very much out of the uh Off of the beach maybe and into the frying pan so to speak You know, whatever it happens to be so really appreciate you you're accommodating I know you took some time while you were away to uh coordinate all of this. So thank you so much Your audience, thank you for joining us today If you have any questions if we didn't answer anything, please don't hesitate to reach out You can reach me at andrew.sullivan at redhat.com. You can also reach me on twitter It's practical andrew all one word just like you've seen me In the chat here in the on the streams Nice, so please don't hesitate to reach out at any time with any of those questions Happy to follow up and get all of those answered and keep an eye out for the blog post to come out Hopefully friday morning. Uh, if not, it'll it'll come out in the following days And now we will switch over to the open shift commons briefing about dev sec ops. So Hang on tight folks. Thank you mon. Appreciate it guys. Bye. Bye