 about that. A little bit better. I love the t-shirt. You could just you have to show show that off a little bit. Okay, so the reason for that is I did not reach your email, Diane. I thought you might enjoy that. I was on this. This is so cool. This is actually an old think geek shirt. If folks remember think geek. Mm hmm. I'm just gonna share the whole screen. There's nothing too private. Let's see yourself for a minute. Does everyone see that? Uh, screen share. Yep. Just as you are sure there you go. There's Justin. Okay. So, just as a background, because a lot of different people, um, I've worked since the Linux to 2.0 days on various different Lennox's. Um, and currently I do work at Red Hat and I'm focused on OpenShift, but I have played with, uh, okay, Dee, just outside of my work. So that's the background here. And just to give you a background, I always like to show, you know, what who you're talking to. So we have some furry friends here. And the story I like to say is I was flying for work up to, um, Toronto. This is before COVID. And my dog thought, uh, was very jealous that I'd be flying. So she chewed my passport. And if, uh, any of you had tried to look into the details of flying with damaged, uh, IDs, um, damaged IDs are no good, at least in the US, the, um, TSA does not accept them. So I had to do a same day passport replacement, um, buyer be, uh, beware for, for pups and owners or pups to keep valuable things like photo IDs and passports away from them. Anyway, today we're going to do OKD4 on overt. So hopefully that's what you came here for. And we are going to do this live. I jokingly told Diane, um, that my overt lab was, was down, uh, last week. And so, uh, for hardware replacements. And so, uh, for a moment, I actually went to, uh, packet. If people are familiar with, um, packet.net, they're an equinox company. They have excellent bare metal. Uh, so I temporarily spun up overt in, uh, packet, because they, um, provide pretty cheap. It was about $2, uh, for the size instances you would need. So if, if you want to try this at home, you can go into packet and, um, I can just briefly show you how you can spin this up. You would need to spin up overt on OKD. You'll be looking for their M2 X large. They run about $2 an hour. I don't get paid for, for packet. I'm just letting you know. This didn't work for me, however, for overt because of the way that overt, uh, needs to do networking. Uh, there's certain, uh, packet does, um, bonded network interfaces. I can actually show you that just so you know and can be aware. So these interfaces get bonded. So I wasn't, uh, and overt needs to have a, uh, a VM guest network. So I wasn't able to go this route. I had to abandon it. So I had to go back to using and quickly spinning up my own, um, hardware lab that I have. So that's what I'm showing you here. This is not on packet. This is actually, uh, my own hardware that I use. And, uh, I'll show you the, the version that it's running and stuff like that because this is what we'll be deploying OKD to. So it's a version 4.3.10 of overt. This is a, a sent us seven based. Um, overt. So, and it's actually launched. It's actually launching OKD right now. That's what's going on in the background here. So we'll get to this in a minute. Um, but I just wanted to show you, if you want to try this, uh, see, there's a second master going up for OKD. If you want to try this, um, packet might be an option if you don't have your own hardware because packet has a pretty cheap bare metal instances. You'll want to shoot for prayer. You know, the, the minimum requirements probably shoot for at least 256. Uh, gig of memory. Um, we're going to slim it down a little bit today, but, but. Um, this lab, for example, doesn't have the minimum requirements that OKD is supposed to have. But let's get into it. Um, so I'm going to have to actually rewind. Um, because I have a deployment running. So, can you, can anyone see the, is the text large enough? On the could be, but it could be a little bit bigger for us with older. Just tired. I was not even older. That's tired. I feel you. Okay. So I made it a little bit bigger. So there's a deployment currently running, but I want to actually destroy this cluster because today. But we're supposed to be live deploying for right. And I want to destroy it also to tell you a couple caveats that you'll have to have to know about OKD. Or in order to get it running on your overt. Uh, virtualized system. So the 1st is. If you go into the documents so that the documents, let me make that screen bigger as well. The documents for OKD have, if you switch to version. Oh, see, this is already wrong. I'm on the wrong installer. That's the open shift installer. Go get to the right installation doc. There we go. I was comparing the open shift install doc to the OKD install doc and there are some differences. So. I think a duck bug is in order. So here's the latest OKD. For installing rev quickly. This is what you'll want. This is the method that I've used before for had all of this. Uh, overt lab fiasco. Um, it's under docs, OKD dot IO, the usual stuff. Uh, so we're going to step through this today. I do want to share with you the diagram of what this is. If you're familiar with. Uh, any other virtualization environment v sphere. Basically, you have multiple virtual hosts that will be running. OKD for in VMs. So that's what this is describing. Uh, there are several things that you need to do in order to set this up. And there's at least 1 doc bug. So, um. Diane talk about community. I may file the doc bug live with us here because. Because I pounded away at some issues. And I think it's just some documentation that needs to be changed. Oh, there's always documentation that needs to be updated, but thank you. Docs dot OKD dot IO for us. Thank you. Much appreciated. Yes. Yes. For sure. For sure. So let me, um. I hate to destroy a cluster, but let's, but let's do it. Uh, so I'm actually going to cancel out of this install. Now, if you're curious about what my. What I was doing there, you can see I was doing an open shift install. The installer is still called for, for OKD is called open shift. Even though we get it from the OKD. Uh, build, um, release. But that doesn't matter. I just wanted to show you what it was now. I needed to destroy this cluster. And so, um, let's see if that's actually in the doc about the specific way to destroy the cluster. I always try to go by the document because if you reference something, then people always ask, OK, so. Is it going to doc? No, it's not going to document. Oh, wait, there it is destroy. Destroy bootstrap, but not destroy cluster. Anyway, it's destroy cluster. No, no, sorry. It probably wants me to tell it the, the dirt. So I created a directory test three. And so it probably just wants me to specify. Test three. Oh, I bet I did not keep my install YAML. Did I? So I may not be able to destroy this cluster. Let's see. Okay, there it goes. So I use this directory to install because I had several different test installs running that had issues. So you can see now it's removing the VMs and whatnot. Now, just to show you that that was happening on what was happening on the overt side. You can see overt is saying removing VMs. Let me make that bigger for you. If we were to go into overt and finish removing master one. Yeah. So it's cleaning out these. VMs that okay D was created on. And it's actually leaving one around it's leaving this bootstrap. And you can destroy that with the bootstrap command. You, if you want to do it that way, sometimes I just destroy the VM. It doesn't really matter. It's just a bootstrap node. So if I stop it and do a stop shutdown, we're going to destroy it. Those of you not familiar with overt, this is basically the UI interface to it. And then we're going to remove that. We don't need it. Don't need. Okay, let's get a clean install. This temp VM is interesting. I don't recall it on a previous install. Anyway, okay, so let's go through the installation and what you need. Let's actually run through the whole document to install to overt so we can we can get to any issues that don't make sense to folks. Let's go back to the very top. Requirements member. I said that there were certain requirements to be met. For example, they recommend 230 gig on the docs of disk space. I'm running less than that, but I'm doing thin pool. So in the virtualized world for storage, you can do a thin pool back to VMs and get around some of these hefty install requirements. They also recommend 28 cores. That's pretty reasonable. They do recommend here at least 112 gig of memory. So those are the basic requirements. You can go to the main kind of dashboard of overt and you can see that we meet most of those requirements. I have 140 some gig of free memory and I have about 200 gig of storage. So we might just barely be squeezing by on this storage. Back to the doc and what's required. It gets into step four. It doesn't really make a whole lot of sense in the document, but I'm going to step through because I want you to know the whole process. If you ask questions, if you if the process doesn't make a whole essence. So this, this curl command, what they're doing is they're just trying to get a Access to this engine, this manager engine for overt. They're just trying to get a local certificate out of it. So what I'm going to do is I'm actually going to install from my local box here. So this is just my laptop is not running anything special. But you know, let's start from scratch. How about I do that? Let's let's just make a new directory or do live okay for install. Let's just go into that. And the first command it had was that. See, this is the, the docs do this wrapping. So the first command that they have is to try to get the rest API. In order for you to download the pen. Now, I don't want to show you my password. So I hope you'll understand that I already did this. But the bigger point is to understand that there's this API endpoint that you'll need to connect to. Right. That's the bigger point. So. That API endpoint is right here. And I could, I could try to do that with a curl. If I did something like get rid of this. Your URL here and append the API on the beginning. And then ignore security and then it's going to patent prompt me or a password right. And see it's going to, let's see if it will let me do it this way. I think it's going to require. You know, okay, hold on. Think it needs to have an internal. Yep. For a second, your terminal is kind of blurry. It's like you've got one thing in the background and. Oh, you don't like the, yeah, the transparency. Again, but, you know. I like the transparency because then I can see while I'm typing notes behind. No worries. I'll change it. It might be just a preferences thing. Yes. No transparent background. How about that? Is that better? The transparency is blurring things in the video. Yeah, that's much better. Thank you. No worries. Okay, so I did do the curl command, but I didn't include the password just. Security sake so you can see all this gibberish is what the API returned and that's what you want to see you want to make sure that your command works. But this is the first thing that you'll notice is that over. By default has this admin at internal. That's needed for the API in and and that's not clearly documented. So if you bump into that, just, just make sure you have the at internal. It is in our document on okay, these website, but just make sure. Now the next things and this verifies that whatever you're installing from has access to that. Over manager that you should already be able to access. Now the next steps are where you will make sure there's some free IP addresses on your network. So this is assuming that you have access to like a subnet. And you will need to have 3 IPs at minimum. Those are used for the DNS, the internal DNS that the the overt. Okay, the uses okay, the uses on overt. It is for ingress. That's the 2nd IP is for ingress and the 3rd IP is for the API, the Kubernetes API. So those are the 3 IPs you just need to make sure that they're not used and there's an ARP command to make sure that they're not used. The 2nd thing is to make sure your DNS has got the 2 entries that are required now. So there's been some changes in which DNS entries are required and this may have been talked about a little bit in the previous discussions, but it's been ramped down. We used to require, for example, in some installs still require at CD entries and DNS, but the overt install does not require that. It just requires these 2. So I put in my ones that I'm going to use are called API.okd4.lab. Let's see if that's going to return. Yes, so that's the API and I've reserved and DNS has this a record entry. So this is a nice test. Now I had some issues with the DNS server that I'm using for the apps or what's used as the ingress. I don't think it's resolving correctly. I tried to fix this earlier. So we're going to see if my DNS server is cooperating or we might have to stand up a new DNS server to complete the installation. But those are the only 2 DNS entries that are required. So that's good. The 3rd one, it makes a note that you don't actually have a DNS entry for it because it becomes the DNS server for the cluster. Next is the install dog jumbles around. So now we're back to the overt manager, the curl command that we issued before. And now we're actually going to get the certificate from it. So you'll notice that there is a certificate because this is an ACTBS connection and that API back to overt is going to be communicated by the okd installer. So we're going to have to trust that certificate somehow because it's going to be interactive. So what the installer is saying is you need to download that PEM or the certificate in a PEM format. So that's what this does here. And if I just redo my previous command, this shouldn't require a password. So I'm going to redo my curl command. Yeah, I'm going to get rid of the password. It shouldn't need a password. Yep. And I'm going to whack the API and instead we're going to get the services. And I'm going to output it to a CA.PEM. Oh, I did not close my quote. Sorry about that. There we go. And now we have the PEM file. And that's, it looks pretty normal. There it is. Now the installer will take care of injecting that into the authentication mechanism for overt. I'll get to that in just a second because that can cause you a heck of a lot of pain if it doesn't, if you don't get the PEM file correct for this self-signed cert. And then we changed some file permissions for that file. I don't know why it thinks it needs sudo. Aha! This is the first time it thinks it needs sudo. And quite frankly, I found out that anytime the install duck does use sudo, just don't. And also, I moved it to a different directory. I keep on doing sudo. I love sudo, but I'll show you in a second why it became a problem. In a couple of minutes we'll get to why it became a problem. Okay, and then I'm going to copy that PEM file that came from the overt manager into the local anchors on my box. So let me just, now this may indeed require sudo because I'm sure this is earned by root, this area down there, that Etsy directory is probably earned by root. And then to update the CA search, usually that is a super user that's required to do that. So we'll do that quickly. So now what's happened is the local search on this box that I'm going to install from my laptop locally trusts the overt manager. So that was that whole process. And you'll see, I'll explain in the installer where that fits in and why you need to do that then. The next part is an SSH key. Now the SSH keys are used mostly by folks, if you're familiar with OKD or OpenShift, it's used to log into the actual nodes. So as the core user, stuff like that. So the installer needs it to be injected. I did this process before, but we can do it again if you think that you need it. But this is a standard SSH generate a new key pair, run the agent locally, and then the installer can pick it up. I'm not going to run through that because I think most of us probably understand SSH and how to do it. But the point is either use a key or create a new key for the installer. That's all that is. And pretty sure I'm still running my agent. Yep. So just make sure. Running my agent still. Yep, I'm still running my agent. My SSH agent locally. Okay, so that's a lot of the prep work. We covered the SSH. We covered the certificate for the overt manager. We covered the DNS entries and recovered the IP addresses. That's kind of like the prep work. Now we get into the OKD installer. You'll get the installer from the standard releases. So you can go to any of them that are listed here as assets on the main OKD releases. And I already installed this. I downloaded this, but it's the 4.5 for Linux is the one I installed. So I put that down. I put that in a previous directory I was using that OKD for demo. I believe this where I dropped it. Make sure. Yep. So I'm just going to quickly move it. So we don't have to wait for my slow internet connection. Open shift install and move into the current directory. And just so folks can verify that it is what it is. Then there it is. 4.5 OKD right built on the 12th. So five days ago. All right. And you'll want the CLI, but we'll do that later. All right. So got it already got it locally. And I don't need to untar it because I already downloaded it. Now the pool secret. Now this one's a little odd. Okay. So when you click on. I'm going to click on this link in the dock in a new private. You'll be prompted for a login. That's what. Okay. So what do you do? I don't know of a way around this. Even though it redirects you to a red hat site. You're trying to install OKD. Okay. Well, the way that I have found the easiest way to get around this is go to the developers.redhat.com site. Sorry if the URL is not big enough. But press login at the developers.redhat.site and create a new login like log in with your GitHub account or something. That will create a developer account for you at red hat. And it will work with this pool secret. So again, go to the developers, create an account and log in with that account to get the pool secret. That's how to do that. Any questions about that? Because it doesn't really clearly explain how to get that pool secret. You do need an account with the red hat to do that. And there are questions. I guess since I'm a redhead, or I can go ahead and answer this question. There are questions about what do you do with that information? Well, if your cluster is disconnected, there's nothing that's being communicated between the two. You can run OKD and OpenShift Disconnected. But the way to generate a pool secret for you, we have to have an account in order to do that. If you have any more questions, just ask one of us. Okay, so I already downloaded my pool secret. I put it into a different directory. I think it was that previous directory. OKD for avert. I downloaded. Yep, I downloaded a pool secret. And that pool secret is valid for, I can't remember, 24 hours or it might be a couple of days. I can't remember. So I'm just going to reuse it from this morning. All right. So now you have the pool secret and you have the OpenShift OKD installer from OKD 4.5. Now it's the time to install. This command will not work. Let me just restate that. This command in this doc will not work. So I'm going to show you, here we go with the doc bug. I'm going to show you what does work. If you were to run this command, let's just copy and paste it. It's got a new line separator, but I'm going to get rid of that. Let's just try and it won't work. Directory. Let's do log level info. Place that. All right. Enter my duty pillages. Look at this. It's a nice little interface that prompts you for overt. Sits there. Sits there and errors. Fatal. There's something about Terraform. Can't get authentication to some admin internal. But you'll notice the admin internal again. So it makes you think, oh, it can't communicate with over. There must be something wrong with my over cluster. No. This is just a doc bug. So if I rerun the command with, let's just try it will work, rerun that command without sudo. It prompts me for my SSH key. Now why the doc has you install the agent and then still prompts you for the public secure key and not entirely clear. And then we get prompted for which platform you select overt. So it actually pulls in some information. And it automatically detected the cluster name. Now the reason I can tell it's communicating with overt is if we were to go back over to the manager. And we were to look at clusters. That is the name of the cluster. So the open shift installer is pulling information out of overt. And let's look at storage. What is the name of, oops, sorry. What is the name of my storage? Let's look at domains for storage. Aha, hosted storage. So the open, the OKD open shift installer is communicating with overt. And we can tell because it's dynamically pulling this information out. But the real question is, because I'm going to cancel out of this install, the real question is why did this failure message happen? And it's all because of this document telling you to use sudo. Don't do it. And after we get an install working, I'm going to, I think I'm just going to do a doc bug live with us. Don't do sudo. It's going to bypass it. I'm going to show you exactly what is bypassing. So here's the bug. The OKD installer needs to access overt somehow. The way that it accesses it is it creates this file under a hidden directory in your home directory dot overt and then overt. That comes from the installer, the OKD installer. It doesn't come from overt. Let me see if I've got an old one here to show you. I don't want to show you my new one because it's got a password in it. So I'll show you an old one. And just so you can see the contents of it. See if I go up a level. I'll show you an old one of those. I copied it. OKD four. Let's see if we do overt four three. Do we have an old overt? Here we go. Old. I don't care showing you the old one because it's not valid anymore. You can see in this file, it's actually literally calling that API endpoint. It's got the username and password and it has a cert bundle. All generated from the OKD OpenShift installer. And for a while, the other reason I knew this was an issue is for a while there was a separate bug where this file wasn't being created. Or people were complaining that they had multiple overt clusters and data centers and they weren't connecting to new ones. It was just using old ones. And so the way that we got around that was to delete this directory. So literally if you if you have any issues with this, you can delete this directory. And it will reprompt for all this information. So that's what I'm going to do. Oh, yeah, recursively, of course. Yeah. So if you have any issues connecting to your overt cluster for the installer, blow away that directory. And try a OpenShift install with the create instead of the create cluster. Here's what I would recommend. I would recommend the create install config. Instead of cluster. This is good anyway. I'll show you why it's not in the dock and it will still work in the dock. But here's why. So no sudo and do the install config. It will generate all of the acquired files again, select overt. And now you're being prompted for the API endpoint. Now that's where you have to enter in the overt engine. I'm having to copy and paste it because it doesn't know. It doesn't have that file anymore. It needs an API endpoint. You can say that it's trusted, but it's still going to prompt you for the certificate bundle. Again, if anyone knows why it prompts for that again, that might be an interesting thing to look at. Oh, and just second, I need to copy this. Oh, that's the pull secret. I need to copy my cert bundle. Just copy the cert bundle that it copied down. I need to get into the right directory live. Okay, the install. Now you can see that we're actually using some stuff. I need to copy and paste this cert that we downloaded. Again, I know it's part of the local trust, but this is what it needs. So two empty lines at the end. This is a little weird. You paste. Did that paste correctly? See, here we go with bad pasting. I copied the begin certificate, but I don't see the begin certificate. We'll see. We'll see if it errors out. So you got to enter in two empty lines. Okay, there's the begin certificate. Admin internal is the standard unless you've changed it. And then I'm going to enter my new password. And voila, you can see homelab cluster being accessed. So these prompts, these last five prompts are creating that overt YAML so that it can communicate with overt. Absolutely critical. And I think another thing to document maybe to help people through this process if they have issues here. Does that make sense? Any questions about how the installer is accessing overt? Did I bore everyone to tears with that? You did not bore anybody to tears. We're all just thrilled that you're enthusiasm. There was an earlier question Mike asked, and you may have answered it, but about the storage requirements that he's always seen each note should have 120 gigabytes. 120 gig per node, I think is what he's referring to, right? Yeah. So how much of that is actually used on a node? I've gone down and I think I've seen as little as maybe 30 gig actually used. So if you set up the VMs as thin pool, then you can gradually, you know, that over, you can grow that disk over time. That's the nice part of that. And you don't have to think provision 120 gig for each node. But yeah, it's a bit of a heavy, heavy requirement for those nodes. But yes, to get to get full support from Red Hat is supposed to be 120 gig. But for OKD, use what you have. We've been having emphasis today a little bit on the cheap side of things. Yes, OKD, the cheapest, whether it's digital ocean or a cheap version of AWS, it's been a running theme. So thanks. There was also a little bit of conversation about the whole secret use and Charles was mentioning that he uses quay.io account for that. And then I think Christian would say that you don't actually need full secret. You can use fake. I think we did that in one of the other demos. We just fake it out. How do you, how do you fake it out? Christian, you want to pipe in here? Because the quay.io images, you'll still have to pull them down somehow, are they entirely public? Let's see what he says. So I think the usual quay, if they're public images, they don't need a pull request, a pull secret. And the pull secret you have to add into the installer really is just for pulling the images from Rattat. And in the case of OKD, everything's on quay, so you don't need it. So you can really use a fake one. But you can use, because we haven't disabled the functionality in our installer fork, because we didn't diverge from the OCP installer too much, you can really use anything in there. There has to be a proper JSON blob with like field auth, and then one auth field. Yeah, what Charo just pasted in the chat. But it could be, you know, it could be auths, it could be, and then, you know, fake could be anything, then it has to have another field auth, and in there it could be anything again. So, yeah. I got you. So, so do you inject that pull secret into like the install config YAML, and it could be just a standard quay. Like if someone were to go in with quay.io, they just use it. Oh, yeah, yeah, definitely. You could put in your quay.io one there. And then you could even pull, if you change the payload references to a private image, you could use that with it. Okay. But you're not required to put it in or to put in a valid one for the okay to use case because all of our images are actually publicly pullable without it. Okay. Yeah. Wow. The fake secret didn't work for me for mirroring the and it's been a while since I tried it with the fake one again so maybe it does work now but that's why I started using my free quay.io account. You can actually generate a Kubernetes pull secret from your profile and your quay.io account. And those are free to set up. And that is probably because you're not using it as a pull secret then when you're mirroring your pulling but then also pushing again to quay so you need your your own valid secret to pull to your quay account that at least I would assume that. Oh, no. The push was to my sonotype nexus so so yeah I did have to include a secret for my sonotype nexus to so that it could push the images into the local registry. Okay. I yeah I'd have to investigate why that didn't work but that's actually kind of an open an open thing right now we have to clean up a little bit because it's first of all it's annoying to to have to put that in there. The fake one if it's not really used or needed if you put in the the normal red hat pull secret pull secret there. Okay, he will actually send telemetry to red hat as well. It's not a lot of data but it's like a bit of data how healthy is the cluster. There's no, you know, personal information but some people may still want this may still not want that. So we've definitely at least enabled folks to to go without any any, you know, calling back to red hat by using that we opted to not pull that functionality out completely to not diverge too much from the upstream from the installer. So, so at least on the on the red hat side I can't say entirely what what's possible but for like super secure customers who don't want any phone homing at all. One way to not do the telemetry is we have an entirely disconnected restricted cluster. So that involves not only the the install is mirrored, but then they might have a proxy that intercepts any outbound requests that the cluster is making. And then it can't go back to quay or red hat at all. So that's it, but you have to extract everything, the open shift installer and everything from the mirror, you can't. I saw some people that were doing it and they saw things still going phone phoning home it's because they didn't extract everything from their local mirror. I did notice something though, Mike. Mike Rosherford said that. I asked, would the registry red hat, I owe images. You wouldn't have access to those red hat specific images and that is, that is true. You can enable that back into an OKD cluster. You could inject a red hat username password or token back into the cluster and you would have access to the red hat images. But yeah, the registry red hat I owe images I think would would you wouldn't have access to them without a lot. Yeah, that's right. And that's also the reason we don't currently support the the bare metal IPI path, because we don't have public images for those. They're all rail based so you need that pulse secret. And yeah, we've been trying to get the the IPI the bare metal folks to to release something either on top of Santos or Fedora to make that install path work as well. But yeah, there's a few limitations you won't be able to pull any any operators from red hat or anything without the red hat pulse secret. There's another question, Diane, I don't want to take over your scanning of the chat, but there was asked about, can you just do overt insecure, and then don't have to worry about to see a cert. So, a couple months ago, back in the OKD 4.4 beta days, I did try that. And if I remember correctly, it still didn't work. The installer would still fail out. I don't remember exactly where it would fail. But it, it, I don't know if that's something to do. And maybe they changed it in the OKD 4.5 and they fixed it. So, all of it you could retry that it is an option, but it did not work for me. All right, so we have 10 minutes, which means we we must have an install. Okay, so I'm going to move forward. Okay, so we're going to select the storage. And I'm actually going to select this overt management. That's not what you're supposed to do. But I currently have an issue in this lab with the, the typical VM subnet. Anyway, we'll get it around that. Now, these are the three IPs that are need to be reserved that I talked about earlier. So I know what those are off the top of my head. They're in the 10 and API is who actually let me make sure I said I knew but I probably don't really remember. Was there, did I see this? To. It was not returning an IP for me. Oh no. Did my. My router work. Was to be there. Did I type by something. Okay, D. Word up lab. Was to be there. What about it? Is it there as well? Well, something just changed. Let me. My lab uses syntax error. Did I change? I shouldn't have changed anything. I'm using it in this lab. I just have PF since running with it with unbound as the DNS and I obviously made a change right before I went live with you all. So apologies about that. Can we send it while that restarts? Let's move forward because that's the IP that's going to have to be is the 1. The 1 9 9 is what it's supposed to be. Let's move forward 1 9 9. DNS is supposed to be the 1 9 7 is what I had reserved and the ingress is supposed to be the 1 9 8. I just bunch all three IPs together. Make it easier for myself and lab is supposed to be the base. Okay, D for supposed to be the cluster name. And here we go with the, the pull secret. I'm actually going to use my actual pull secret that I got, but nice that we have these options. That's really I want to try the quay.io option. So there's not to have to log in to red hat. Thank you for that. It was awesome. Okay, I'm going to insert that. Oh, wait. Oh, I had a typo. So we have some validation going on. Well, that's good. Did I really typo that? Oh, yeah, I did. No one caught it. I was typoing. Sorry. Sorry. That's what happens when you do things live. That's how you know that's real. And we distract you by asking questions. No, no, no, it's all good. 1 9 9. And let's type it correctly this time. If we go over a little bit, don't worry about it. Well, I'll at least get the VM starting up and overt that that should happen. That should be a problem. All right. So it generated our install config. Oops, will work. Right. Voila. So now what I want to do is just start. Now, the reason I showed you that is because I wanted you to see that it really did create this hidden directory that you'll want to just verify the contents of so that you can get your over working. Now I'm going to run the OpenShift install create cluster using our directory will work being optimistic. And I just like to set some info level. So it's consuming the install YAML. It should go a little bit faster. Okay. Ah, it's using a cache image. Okay. Good. That's from my previous attempt. So it's already using CoreOS 32. That's cached locally. That's good. All right. So now it's going to make the calls up to overt. And we should eventually start to see the manager go to VMs. It will eventually start creating VMs there and overt. And I think as soon as we'll have to wait a couple of minutes for it to start creating the VMs, but we have what six minutes left, Diane. Anything else? Any oddball? Yeah, you can, you can go a little over. Everybody's run a little bit over today. So don't worry. Well, I'm thinking if, if I've done see this error still here in my DNS server. Oh, well, that's not supposed to be there. Is that there? We do like proof of life. Living on the edge. I was futzing around with my DNS server right before the call today and I wonder what just happened. And my DNS server is going to have to stay up for the open shipped install to actually make a call out and see is it still running. Okay, good. Well, that's cached probably, but sending a request opens again. That's doing very slow. Something's going on. Well, the gerbils are running. Well, that kind of latency. Is not good. Okay, well, unless my router starts to crash, I do want to file that doc book. So I do have a question. What's the best way to file a doc back against okay these is it there in the installer. Does it say contact us somewhere in here. This ASCII binder was used. Christian, where would you like him to log this for the don't use sudo. And also how to troubleshoot overt. We've been opening most of the issues on the okay D. Yeah, I was going to say just open open any issue you find on the okay the open shift slash okay D in the okay D repository. And we'll, we'll work out how to find the proper place for it and refer it there. So you could file a live issue. I just want that a sudo removed. I don't remember it being there before. Okay, so okay D documents still referring to okay D okay so I'll tag it is kind documentation. Okay, I can do that. There you go. And you know what, that's almost a great way to end a live demo on is filing an issue because it's a wonderful community thing to do. And well, I really wanted the VMs to start coming up and before we totally signed off. So we may bring you back again to do this. Another give give me five minutes. How about that. I'll give you five minutes. Absolutely. And just tell well lead and Joseph who are logging in now that we're going to be about five minutes late. And just take a breather. Yeah, yeah, we can see. Okay, cool. Hey, Joseph will claim Justin for all demo. Yeah, for messing everything up. Well, he's doing that. I will make a pitch again in the chat. So if if you're listening in today and you want to get involved in the okay D working group. You can go to okay D dot IO and find all the links there too, but you can also just go direct to the groups Google groups for okay D working group and join in there and post any questions. That's also where I will be posting the links as the videos from today go up. So there's another reason to join there. And then the Fedora calendar is the other place you can go to find out when we are meeting to chat about stuff and to work on things collaboratively with the Fedora community and others. So please do check out and sign up for our calendar. Yeah, maybe I can say a few words on on our roadmap again right now because I'll have to drop soon. Yeah, as long as just figuring out things. So yeah, it's just hooking into we want to collaborate and we really do want to collaborate as the working group with not only the Fedora community but all the communities that are interested in or all the individuals that are interested in joining in. And so what we've planned is to work closely with the with the operator SDK team to and all the people that develop the operators to get them to release their operators in a way that it works on okay D. And also want to revive. Well, that is again Fedora, a little bit more Fedora specific revive the container special interest group in Fedora to make more Fedora based containers which will obviously run well on Fedora Coro s. And make those the basis for some operators to. And so anything any any community you can think of, please do invite them to our working group meetings, and also individuals that may want to contribute. We're really interested in growing this in a collaborative way and just in general making making what we've been showing today even more seamless. So it's, we're already at a really great point where all these platforms work very very similarly. So the installation process is almost the same on all of them. And we really want to get that even more make that even more seamless and just, yeah, improve on on on all all all the things. So that's just me saying, again, please join the working group and bring your folks as well. And, and like you were asking about the that container sig meetup I haven't seen any action on that I have been on vacation for a couple of weeks so I haven't looked but we were going to try and spin that group up again or get them to spin themselves up again so we could participate with them. So, I'll check back in with them and see if we can't get something going with the Fedora container sig group. How are we doing there, Justin? It is working. So, the VMs for the masters are coming up. There's so they're booting core West and they're starting the bootstrap had already come up. And I also found that duck bug. So, right under time. Thank you all for for giving me a couple minutes to share this with you and it really is awesome to to see the progress here I mean, we really didn't even have much to install over to four to four so this is really awesome. So there's one last question for you from Aaron. He's asking me the lab storage on SSD. Ah, so this lab storage actually has spinning rust with an SSD in front of it. So it has an LVM, a DM cache to accelerate, I guess people call it an accelerator in storage world. You can't survive any of the CD requirements if you're if you don't use at least SS these. I think that is made mention of in here in the document. You click on this CD back in performance requirements. There'll be a link to some testing that some IBM folks did and what the Kubernetes folks said for requirements. And the general consensus is you can't get to that kind of speed with without at least SSD or NVMe. Good question. Well, thanks again. Yes, thank you. I totally my hats off to you my red hat somewhere behind me is off to you taking on the challenge today. A new challenge coming up here. I'm just going to pause the recording for a second so we can have this in.