From 54e65cff76d0262d68d0836a0295768a70de9cd5 Mon Sep 17 00:00:00 2001 From: Sarvesh Pandit Date: Fri, 2 May 2025 22:06:45 +0530 Subject: [PATCH 1/2] Review Done --- README.md | 4 + modules/ROOT/pages/index.adoc | 38 +++--- modules/ch1-microshift/pages/index.adoc | 3 +- .../ch1-microshift/pages/s2-prepare-lab.adoc | 16 ++- .../pages/s3-air-gapped-lab.adoc | 34 +++--- modules/ch2-package/pages/index.adoc | 4 +- modules/ch3-image/pages/index.adoc | 3 +- .../ch3-image/pages/s1-microshift-bootc.adoc | 53 ++++++--- modules/ch3-image/pages/s2-image-lab.adoc | 109 +++++++++++------- 9 files changed, 168 insertions(+), 96 deletions(-) diff --git a/README.md b/README.md index 9618b5b..a580c55 100644 --- a/README.md +++ b/README.md @@ -10,10 +10,14 @@ Design docs from the RHEL for Edge variant are available to Red Hat employees on * [Initial course design](https://docs.google.com/document/d/1zPUVBdbdlMEUlMmlsnDLiIjOtUMPBXYe3b2TO_Xhl6M/edit?usp=sharing) +// Not sure about exposing the internal URL to GitHub repo. + Figures on this course are designed using Google Slides, and the deck is available to Red Hat employees. Individual slides are exported to SVG files and cleaned using Inkscape. Those files are in the git repository. * [Figures](https://docs.google.com/presentation/d/1VBZdZyuWiSyoq1HE6eVxgSEo2_Qc4EOM0_Fkd_uQ_zA/edit?usp=sharing) +// Not sure about exposing the internal URL to GitHub repo. + Refer to the [Red Hat Quick Courses Contributor Guide](https://redhatquickcourses.github.io/welcome/1/guide/overview.html) for instructions about collaborating in this repository. The virtual classroom environment is a ROLE classroom, which are shared by all Red Hat Device Edge quick courses and will be updated as required by future related courses: *HOL014: Red Hat Device Edge Quick Course Series*. This virtual classroom is available to Red Hatters and partners, and also customers with a Red Hat Learning Subscription. diff --git a/modules/ROOT/pages/index.adoc b/modules/ROOT/pages/index.adoc index 61860ea..4c66728 100644 --- a/modules/ROOT/pages/index.adoc +++ b/modules/ROOT/pages/index.adoc @@ -11,13 +11,15 @@ It is part of a Red Hat Device Learning path, which currently includes three cou * For customers using RHEL for Edge and RPM-OSTree based edge images: ** https://redhatquickcourses.github.io/rhde-build/[Building Red Hat Device Edge Images^] -** https://redhatquickcourses.github.io/rhde-microshift/[Deploying MicroShift on Red Hat Device Edge Quick Course] +** https://redhatquickcourses.github.io/rhde-microshift/[Deploying MicroShift on Red Hat Device Edge Quick Course,window=_blank] * For customers using RHEL image mode: ** *Deploying MicroShift on RHEL Image Mode* (this course) IMPORTANT: Red Hat employees must enroll using its [LMS entry^] to get completion credits, and Red Hat Partners must enroll using its [Partner Portal entry^]. +// Not sure about exposing the internal URL to GitHub repo. + == Audience Operations-focused customer roles, who design and implement device edge images, but are not usually in-person at edge sites: @@ -33,9 +35,9 @@ Red Hat and Partner roles that support Red Hat Device Edge on customers, such as == Prerequisites -* Attend the RHEL labs https://www.redhat.com/en/introduction-to-image-mode-for-red-hat-enterprise-linux-interactive-lab[Introduction to image mode for Red Hat Enterprise Linux] and https://www.redhat.com/en/day-2-operations-with-image-mode-for-red-hat-enterprise-linux[Day 2 operations with image mode for Red Hat Enterprise Linux], or have equivalent experience with RHEL image mode. -* Familiarity with RHEL system administration, to the level of https://www.redhat.com/en/services/certification/rhcsa[Red Hat Certified System Administrator (RHCSA)] or equivalent knowledge. -* Familiarity with OpenShift administration, to the level of https://www.redhat.com/en/services/certification/rhcs-paas[Red Hat Certified OpenShift Administrator] or equivalent knowledge. +* Attend the RHEL labs https://www.redhat.com/en/introduction-to-image-mode-for-red-hat-enterprise-linux-interactive-lab[Introduction to image mode for Red Hat Enterprise Linux,window=_blank] and https://www.redhat.com/en/day-2-operations-with-image-mode-for-red-hat-enterprise-linux[Day 2 operations with image mode for Red Hat Enterprise Linux,window=_blank], or have equivalent experience with RHEL image mode. +* Familiarity with RHEL system administration, to the level of https://www.redhat.com/en/services/certification/rhcsa[Red Hat Certified System Administrator (RHCSA),window=_blank] or equivalent knowledge. +* Familiarity with OpenShift administration, to the level of https://www.redhat.com/en/services/certification/rhcs-paas[Red Hat Certified OpenShift Administrator,window=_blank] or equivalent knowledge. * Familiarity with Ansible playbooks and the Ansible Automation Platform is useful but not required. * Familiarity with web server administration, such as Apache Web Server or NGinx, is useful but not required. * Familiarity with database server administration, such as MySQL or MariaDB, is useful but not required. @@ -44,40 +46,46 @@ Red Hat and Partner roles that support Red Hat Device Edge on customers, such as You can perform all activities in this course using the virtual classroom lab from *HOL014: Red Hat Device Edge Quick Course Series*, which is shared by all Red Hat Device Edge quick courses and will be updated as required by future related courses. -WARNING: The current released version of HOL014 does NOT contain container images required by image mode. You have to manually copy the required images to the mirror registry, if you want to try the WIP course activities. HOL014 will be updated as part of releasing this quick course for general availability. +WARNING: The current released version of HOL014 does NOT contain container images required by image mode. +You have to manually copy the required images to the mirror registry, if you want to try the WIP course activities. +HOL014 will be updated as part of releasing this quick course for general availability. Use the following links to access the virtual classroom lab on Red Hat Online Learning (ROLE): * https://role.rhu.redhat.com/rol-rhu/app/courses/hol014-9.5/pages/pr01[HOL014 for Red Hat employees^]. * https://rol.redhat.com/rol/app/courses/hol014-9.5/pages/pr01[HOL014 for Red Hat partners and customers^] with a *Red Hat Learning Subscription*. -After you enter HOL014 on ROLE, follow the instructions there to create a new course classroom lab and access its virtual machines. If you already created a HOL014 classroom for another Red Hat Device Edge quick course, you can continue using the same classroom lab. +After you enter HOL014 on ROLE, follow the instructions there to create a new course classroom lab and access its virtual machines. +If you already created a HOL014 classroom for another Red Hat Device Edge quick course, you can continue using the same classroom lab. -Beware that ROLE classrooms have timers after which classroom labs are stopped and deleted, to conserve compute resources. If you plan to use the same classroom lab for multiple Red Hat Device Edge quick courses, do not wait too long to continue. You do not need to use the same classroom for multiple courses: each course provides step-by-step instructions to start from either a new classroom lab or to continue from an existing classroom lab. +Beware that ROLE classrooms have timers after which classroom labs are stopped and deleted, to conserve compute resources. +If you plan to use the same classroom lab for multiple Red Hat Device Edge quick courses, do not wait too long to continue. +You do not need to use the same classroom for multiple courses: each course provides step-by-step instructions to start from either a new classroom lab or to continue from an existing classroom lab. You will follow this quick course by alternating between two browser windows: one to navigate quick course materials, such as this page; and another to access the virtual classroom lab, to perform hands-on activities. -If you can provision your own RHEL servers or VMs, it should be possible to configure all that is required for the hands-on activities by using a https://developers.redhat.com/products/rhel/download[free subscription] from the https://developers.redhat.com/about[Red Hat Developer Program], which gives access to RHEL installation media, RHEL package repositories, OpenShift package repositories, and OpenShift container images in Red Hat registries. +If you can provision your own RHEL servers or VMs, it should be possible to configure all that is required for the hands-on activities by using a https://developers.redhat.com/products/rhel/download[free subscription,window=_blank] from the https://developers.redhat.com/about[Red Hat Developer Program,window=_blank], which gives access to RHEL installation media, RHEL package repositories, OpenShift package repositories, and OpenShift container images in Red Hat registries. == About Red Hat Online Learning (ROLE) and Red Hat Learning Subscription -The Red Hat Online Learning (ROLE) web site provides https://www.redhat.com/en/services/training-and-certification[Red Hat Training and Certification] course materials and their virtual classrooms labs. You must be enrolled in a Red Hat Training course or subscription to have access to ROLE. +The Red Hat Online Learning (ROLE) web site provides https://www.redhat.com/en/services/training-and-certification[Red Hat Training and Certification,window=_blank] course materials and their virtual classrooms labs. +You must be enrolled in a Red Hat Training course or subscription to have access to ROLE. NOTE: The Red Hat Device Edge Quick Courses Series use ROLE for its virtual classroom labs only, and hosts courses materials outside of ROLE, as GitHub pages. -A basic https://www.redhat.com/en/services/training/learning-subscription[Red Hat Learning Subscription] offers access to a number Red Hat Training courses and virtual classroom lab time. Higher subscription tiers offer additional benefits such as Red Hat Certification Exam vouchers. +A basic https://www.redhat.com/en/services/training/learning-subscription[Red Hat Learning Subscription,window=_blank] offers access to a number Red Hat Training courses and virtual classroom lab time. Higher subscription tiers offer additional benefits such as Red Hat Certification Exam vouchers. == Other Sources of Information About MicroShift -The main source is the https://docs.redhat.com/en/documentation/red_hat_build_of_microshift/4.17[product documentation for MicroShift] in Red Hat's documentation portal. +The main source is the https://docs.redhat.com/en/documentation/red_hat_build_of_microshift/4.17[product documentation for MicroShift,window=_blank] in Red Hat's documentation portal. -We also recommend that you use the product documentation for https://docs.redhat.com/en/documentation/openshift_container_platform/4.17[Red Hat OpenShift Container Platform] for general Kubernetes topics, OpenShift extension APIs, and add-on operators which may be supported in MicroShift. +We also recommend that you use the product documentation for https://docs.redhat.com/en/documentation/openshift_container_platform/4.17[Red Hat OpenShift Container Platform,window=_blank] for general Kubernetes topics, OpenShift extension APIs, and add-on operators which may be supported in MicroShift. -The Red Hat Build of MicroShift is supported as part of Red Hat Device Edge, check its https://docs.redhat.com/en/documentation/red_hat_device_edge/4/html/overview/index[overview document] for pointers to MicroShift, RHEL for Edge, and other components of Red Hat Device Edge. +The Red Hat Build of MicroShift is supported as part of Red Hat Device Edge, check its https://docs.redhat.com/en/documentation/red_hat_device_edge/4/html/overview/index[overview document,window=_blank] for pointers to MicroShift, RHEL for Edge, and other components of Red Hat Device Edge. -For documentation about RHEL image mode, see the https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/9/html-single/using_image_mode_for_rhel_to_build_deploy_and_manage_operating_systems/index[RHEL product documentation]. +For documentation about RHEL image mode, see the https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/9/html-single/using_image_mode_for_rhel_to_build_deploy_and_manage_operating_systems/index[RHEL product documentation,window=_blank]. -It is not expected that you need to use the https://microshift.io/[open source upstream] of MicroShift and its community documentation for day to day use of the Red Hat Build of MicroShift. +It is not expected that you need to use the https://microshift.io/[open source upstream,window=_blank] of MicroShift and its community documentation for day to day use of the Red Hat Build of MicroShift. == Author diff --git a/modules/ch1-microshift/pages/index.adoc b/modules/ch1-microshift/pages/index.adoc index 255b0c5..efae89c 100644 --- a/modules/ch1-microshift/pages/index.adoc +++ b/modules/ch1-microshift/pages/index.adoc @@ -9,6 +9,7 @@ IMPORTANT: Pending review of content that is specific to RHEL for Edge. == Introduction -This chapter introduces MicroShift as part of both Red Hat Device Edge and Red Hat OpenShift families of products. It offers an overview of which components are shared between MicroShift and OpenShift, which components are unique to MicroShift, and which components of OpenShift are not supported in MicroShift. +This chapter introduces MicroShift as part of both Red Hat Device Edge and Red Hat OpenShift families of products. +It offers an overview of which components are shared between MicroShift and OpenShift, which components are unique to MicroShift, and which components of OpenShift are not supported in MicroShift. The hands-on activities prepare a virtual labs environment with all prerequisites required to deploy MicroShift on either traditional RHEL, also known as package-based RHEL and RHEL for Edge systems. diff --git a/modules/ch1-microshift/pages/s2-prepare-lab.adoc b/modules/ch1-microshift/pages/s2-prepare-lab.adoc index e6a95d2..e4fbe0f 100644 --- a/modules/ch1-microshift/pages/s2-prepare-lab.adoc +++ b/modules/ch1-microshift/pages/s2-prepare-lab.adoc @@ -14,7 +14,7 @@ WARNING: Pending Review // Minimally changed from rhde-microshift to remove references to ostree -You need a few machines to perform the hands-on activities in this course. +You need a few machines to perform the hands-on activities in this course. * A _development machine_ with RHEL and unrestricted `sudo`, where you will create test VMs using Libvirt, and also run the OpenShift client to access your MicroShift instances in other machines. @@ -24,17 +24,21 @@ You need a few machines to perform the hands-on activities in this course. * A _web server machine_ with RHEL and unrestricted `sudo`, to share files such as public keys. -* A _mirror registry machine_ with RHEL and unrestricted `sudo`, to host a https://www.redhat.com/en/blog/introducing-mirror-registry-for-red-hat-openshift[mirror registry for Red Hat OpenShift]. +* A _mirror registry machine_ with RHEL and unrestricted `sudo`, to host a https://www.redhat.com/en/blog/introducing-mirror-registry-for-red-hat-openshift[mirror registry for Red Hat OpenShift,window=_blank]. These instructions were tested on RHEL 9.5 but should work with minimal or no change on newer and older RHEL 9.x releases. -If you are using the course environment, you will log in to the `workstation` VM as the user `student` with password `student`. The `workstation` VM is your _development machine_. You will start SSH sessions from the `workstation` VM to the `servera` VM, which is your _web server machine_ and also your _mirror registry machine_, using the same user. +If you are using the course environment, you will log in to the `workstation` VM as the user `student` with password `student`. +The `workstation` VM is your _development machine_. +You will start SSH sessions from the `workstation` VM to the `servera` VM, which is your _web server machine_ and also your _mirror registry machine_, using the same user. -IMPORTANT: Be sure you execute each step on the correct machine. If a step is not explicit about the machine it should be performed, it is using the same machine as its previous step. +IMPORTANT: Be sure you execute each step on the correct machine. +If a step is not explicit about the machine it should be performed, it is using the same machine as its previous step. In the course environment, the `classroom` VM, with the `materials` alias, is your _package server machine_ but you are _not_ expected to start SSH sessions nor perform any activity on it. -NOTE: It should be possible to perform all activities in this course using a https://developers.redhat.com/products/rhel/download[free Red Hat Developers free subscription], which gives you access to installation media, RPM packages, and container images for RHEL and Red Hat OpenShift. If you ignore the requirements for air-gaped installation of MicroShift, you could use a single RHEL VM and adapt the steps to your own environment. +NOTE: It should be possible to perform all activities in this course using a https://developers.redhat.com/products/rhel/download[free Red Hat Developers free subscription,window=_blank], which gives you access to installation media, RPM packages, and container images for RHEL and Red Hat OpenShift. +If you ignore the requirements for air-gaped installation of MicroShift, you could use a single RHEL VM and adapt the steps to your own environment. == Instructions @@ -44,7 +48,7 @@ include::rhde-microshift:ch1-microshift:partial$s2-prepare-lab-libvirt.adoc[] include::rhde-microshift:ch1-microshift:partial$s2-prepare-lab-apache.adoc[] -You now have your _development machine_ ready to test bootc containers using Libvirt VMs, and your _web server machine_ ready to store and distribute files for your edge devices. +You now have your _development machine_ ready to test bootc containers using Libvirt VMs, and your _web server machine_ ready to store and distribute files for your edge devices. == What's Next diff --git a/modules/ch1-microshift/pages/s3-air-gapped-lab.adoc b/modules/ch1-microshift/pages/s3-air-gapped-lab.adoc index c0bf1cc..15b9254 100644 --- a/modules/ch1-microshift/pages/s3-air-gapped-lab.adoc +++ b/modules/ch1-microshift/pages/s3-air-gapped-lab.adoc @@ -12,7 +12,7 @@ WARNING: Work In Progress. == Before you Begin -You need a few machines to perform the hands-on activities in this course. +You need a few machines to perform the hands-on activities in this course. * A _development machine_ with RHEL and unrestricted `sudo`, where you will create test VMs using Libvirt, and also run the OpenShift client to access your MicroShift instances in other machines. @@ -22,17 +22,21 @@ You need a few machines to perform the hands-on activities in this course. * A _web server machine_ with RHEL and unrestricted `sudo`, to share files such as public keys. -* A _mirror registry machine_ with RHEL and unrestricted `sudo`, to host a https://www.redhat.com/en/blog/introducing-mirror-registry-for-red-hat-openshift[mirror registry for Red Hat OpenShift]. +* A _mirror registry machine_ with RHEL and unrestricted `sudo`, to host a https://www.redhat.com/en/blog/introducing-mirror-registry-for-red-hat-openshift[mirror registry for Red Hat OpenShift,window=_blank]. These instructions were tested on RHEL 9.5 but should work with minimal or no change on newer and older RHEL 9.x releases. -If you are using the course environment, you will log in to the `workstation` VM as the user `student` with password `student`. The `workstation` VM is your _development machine_. You will start SSH sessions from the `workstation` VM to the `servera` VM, which is your _web server machine_ and also your _mirror registry machine_, using the same user. +If you are using the course environment, you will log in to the `workstation` VM as the user `student` with password `student`. +The `workstation` VM is your _development machine_. +You will start SSH sessions from the `workstation` VM to the `servera` VM, which is your _web server machine_ and also your _mirror registry machine_, using the same user. -IMPORTANT: Be sure you execute each step on the correct machine. If a step is not explicit about the machine it should be performed, it is using the same machine as its previous step. +IMPORTANT: Be sure you execute each step on the correct machine. +If a step is not explicit about the machine it should be performed, it is using the same machine as its previous step. In the course environment, the `classroom` VM, with the `materials` alias, is your _package server machine_ but you are _not_ expected to start SSH sessions nor perform any activity on it. -NOTE: It should be possible to perform all activities in this course using a https://developers.redhat.com/products/rhel/download[free Red Hat Developers free subscrition], which gives you access to installation media, RPM packages, and container images for RHEL and Red Hat OpenShift. If you ignore the requirements for air-gaped installation of MicroShift, you could use a single RHEL VM and adapt the steps to your own environment. +NOTE: It should be possible to perform all activities in this course using a https://developers.redhat.com/products/rhel/download[free Red Hat Developers free subscrition,window=_blank], which gives you access to installation media, RPM packages, and container images for RHEL and Red Hat OpenShift. +If you ignore the requirements for air-gaped installation of MicroShift, you could use a single RHEL VM and adapt the steps to your own environment. == Instructions @@ -52,7 +56,8 @@ $ *ls bootc-containers/rhel9/* bootc-image-builder:9.5 rhel-bootc:9.5 -- -.. Download the bootc images upload script. It is very similar to the application images upload script. +.. Download the bootc images upload script. +It is very similar to the application images upload script. + [source,subs="verbatim,quotes"] @@ -60,7 +65,8 @@ bootc-image-builder:9.5 rhel-bootc:9.5 $ *wget -q https://raw.githubusercontent.com/RedHatQuickCourses/rhde-build-samples/refs/heads/main/sh/upload-bootc.sh* -- -.. Run the application images upload script. Check carefully that its output does not indicate any errors. +.. Run the application images upload script. +Review carefully that its output does not indicate any errors. + [source,subs="verbatim,quotes"] @@ -74,13 +80,13 @@ $ *sh upload-bootc.sh* -- $ *podman search servera.lab.example.com:8443/* NAME DESCRIPTION -servera.lab.example.com:8443/lvms4/lvms-rhel9-operator -servera.lab.example.com:8443/openshift-release-dev/ocp-v4.0-art-dev -servera.lab.example.com:8443/flozanorht/php-ubi -servera.lab.example.com:8443/rhel9/mysql-80 -servera.lab.example.com:8443/ubi9/ubi -servera.lab.example.com:8443/rhel9/rhel-bootc -servera.lab.example.com:8443/rhel9/bootc-image-builder +servera.lab.example.com:8443/lvms4/lvms-rhel9-operator +servera.lab.example.com:8443/openshift-release-dev/ocp-v4.0-art-dev +servera.lab.example.com:8443/flozanorht/php-ubi +servera.lab.example.com:8443/rhel9/mysql-80 +servera.lab.example.com:8443/ubi9/ubi +servera.lab.example.com:8443/rhel9/rhel-bootc +servera.lab.example.com:8443/rhel9/bootc-image-builder -- include::rhde-microshift:ch1-microshift:partial$s3-air-gapped-lab-dnf.adoc[] diff --git a/modules/ch2-package/pages/index.adoc b/modules/ch2-package/pages/index.adoc index 155048e..e816230 100644 --- a/modules/ch2-package/pages/index.adoc +++ b/modules/ch2-package/pages/index.adoc @@ -13,7 +13,9 @@ This chapter explores the installation requirements and essential configuration The hands-on activities cover installing and configuring MicroShift in a RHEL virtual machine (VM), ensuring it's healthy, and configuring it for unprivileged developer access. -IMPORTANT: If you plan to deploy MicroShift as part of a RHEL image mode system, do *NOT* skip this chapter. You must understand the requirements and configurations introduced here to be able to automate them using Containerfiles and boot image builder. You also need the skills you learn here to troubleshoot your bootc container images that include MicroShift. +IMPORTANT: If you plan to deploy MicroShift as part of a RHEL image mode system, do *NOT* skip this chapter. +You must understand the requirements and configurations introduced here to be able to automate them using Containerfiles and boot image builder. +You also need the skills you learn here to troubleshoot your bootc container images that include MicroShift. diff --git a/modules/ch3-image/pages/index.adoc b/modules/ch3-image/pages/index.adoc index ba3d03a..71ce253 100644 --- a/modules/ch3-image/pages/index.adoc +++ b/modules/ch3-image/pages/index.adoc @@ -11,4 +11,5 @@ This chapter explores the requirements for building and deploying bootc containe The hands-on activities also build an installation ISO for disconnected environment. -IMPORTANT: Most details about installing and configuring MicroShift are explained in the xref:ch2-package[previous chapter]. While you could perform all hands-on activities here without doing the previous chapter, you may lack essential concepts and troubleshooting guidance for managing MicroShift instances. \ No newline at end of file +IMPORTANT: Most details about installing and configuring MicroShift are explained in the xref:ch2-package[previous chapter]. +While you could perform all hands-on activities here without doing the previous chapter, you may lack essential concepts and troubleshooting guidance for managing MicroShift instances. \ No newline at end of file diff --git a/modules/ch3-image/pages/s1-microshift-bootc.adoc b/modules/ch3-image/pages/s1-microshift-bootc.adoc index f6db752..c556ea1 100644 --- a/modules/ch3-image/pages/s1-microshift-bootc.adoc +++ b/modules/ch3-image/pages/s1-microshift-bootc.adoc @@ -12,7 +12,8 @@ WARNING: Work In Progress == MicroShift on Bootc Container Images -Deploying MicroShift using image mode is not different than adding any other application to a bootc container image. You could include MicroShift with a complete set of configuration files already embedded in an edge commit image; or you could include just MicroShift packages and add configuration files after installation, as part of an on-boarding process or other day-2 activity. +Deploying MicroShift using image mode is not different than adding any other application to a bootc container image. +You could include MicroShift with a complete set of configuration files already embedded in an edge commit image; or you could include just MicroShift packages and add configuration files after installation, as part of an on-boarding process or other day-2 activity. But, before we drive into the specifics of including MicroShift in bootc container images for air-gapped environments, let's consider how image mode deployments differ than traditional package mode deployments and the most common ways that organizations use approach image mode deployments. @@ -21,32 +22,43 @@ include::rhde-microshift:ch3-image:partial$s1-shift-left.adoc[] == RHEL Image Mode Image Building and Deployment Workflow -In any case (shift left or not), there are benefits in building bootc container images which include pre-configured MicroShift instances. You decide how much you will preconfigure, from offering an empty MicroShift instance, which is ready for remote access as a cluster administrator, to offering a MicroShift instance with multiple workloads already deployed. +In any case (shift left or not), there are benefits in building bootc container images which include pre-configured MicroShift instances. +You decide how much you will preconfigure, from offering an empty MicroShift instance, which is ready for remote access as a cluster administrator, to offering a MicroShift instance with multiple workloads already deployed. As a reminder, the following figure depicts the overall workflow for building bootc container images and deploying them on edge devices, using RHEL image mode. image::s1-edge-fig-3.svg[title="Workflow for building and deploying bootc container images on edge devices"] -If your edge deployment is air-gapped, it is recommended that you use an custom installation ISO, which you can write to USB media or serve from a network boot server. If that image already embeds all your applications and configurations, it can provision devices without access to other network services, such as container image registries. +If your edge deployment is air-gapped, it is recommended that you use an custom installation ISO, which you can write to USB media or serve from a network boot server. +If that image already embeds all your applications and configurations, it can provision devices without access to other network services, such as container image registries. To build an custom installation ISO, you must first build a bootc container image, using Podman or any tool capable of creating OCI container images, and then use the *bootc image builder* tool, which creates the installation ISO from a bootc container image stored locally plus an image builder blueprint, which provides Kickstart instructions for installation time. If you need a refresher on the finer details or troubleshooting hints for building bootc container images and using bootc image builder, please review the following RHEL labs: -* https://www.redhat.com/en/introduction-to-image-mode-for-red-hat-enterprise-linux-interactive-lab[Introduction to image mode for Red Hat Enterprise Linux] -* https://www.redhat.com/en/day-2-operations-with-image-mode-for-red-hat-enterprise-linux[Day 2 operations with image mode for Red Hat Enterprise Linux] +* https://www.redhat.com/en/introduction-to-image-mode-for-red-hat-enterprise-linux-interactive-lab[Introduction to image mode for Red Hat Enterprise Linux,window=_blank] +* https://www.redhat.com/en/day-2-operations-with-image-mode-for-red-hat-enterprise-linux[Day 2 operations with image mode for Red Hat Enterprise Linux,window=_blank] == Air-Gapped Builds With Private Container Registries -Many organizations do not allow edge devices to download content, especially software, from the Internet. They must download all content from secure internal servers. That means all software, such as RPM packages and container images, must be provided by servers owned by your organization. This is commonly referred to as air-gapped operations. +Many organizations do not allow edge devices to download content, especially software, from the Internet. +They must download all content from secure internal servers. +That means all software, such as RPM packages and container images, must be provided by servers owned by your organization. +This is commonly referred to as air-gapped operations. -Such organizations usually place similar constraints on corporate servers and development systems. You would be required to configure your developer workstations and CI/CD servers to fetch all software from internal servers instead of from the Internet, that is, to build bootc container images while operating air-gapped. +Such organizations usually place similar constraints on corporate servers and development systems. +You would be required to configure your developer workstations and CI/CD servers to fetch all software from internal servers instead of from the Internet, that is, to build bootc container images while operating air-gapped. -Notice that supporting air-gapped bootc container image builds and air-gapped edge device provisioning present different caveats. Developer workstations and CI/CD servers usually runs at a corporate site, with high speed and reliable access to package servers and container registries. Sometimes edge devices have good network connectivity to these corporate services, or they can rely on a local mirrors at their edge sites. But your edge devices might not have good enough connectivity to those services and would consequently require that you include all artifacts, including all application container images, in their bootc container images. +Notice that supporting air-gapped bootc container image builds and air-gapped edge device provisioning present different caveats. +Developer workstations and CI/CD servers usually runs at a corporate site, with high speed and reliable access to package servers and container registries. +Sometimes edge devices have good network connectivity to these corporate services, or they can rely on a local mirrors at their edge sites. +But your edge devices might not have good enough connectivity to those services and would consequently require that you include all artifacts, including all application container images, in their bootc container images. -Most Linux system administrators are used to the process of configuring RPM package servers and package repository mirrors, either using supported software such as Red Hat Satellite or by configuring their own web servers and using the `rpmsync` command. However many system administrators are not used to configure container image registries and container image mirrors. +Most Linux system administrators are used to the process of configuring RPM package servers and package repository mirrors, either using supported software such as Red Hat Satellite or by configuring their own web servers and using the `rpmsync` command. +However many system administrators are not used to configure container image registries and container image mirrors. -When you build OCI containers using Podman it takes subscription entitlements from the host system, so they can download RPM packages from Red Hat servers, but they do not inherit the DNF configuration from their host system to access corporate package repository servers. In that case, you must copy DNF repository configuration files to your OCI container image, before you include any `RUN` statement that installs RPM packages on your containerfile. +When you build OCI containers using Podman it takes subscription entitlements from the host system, so they can download RPM packages from Red Hat servers, but they do not inherit the DNF configuration from their host system to access corporate package repository servers. +In that case, you must copy DNF repository configuration files to your OCI container image, before you include any `RUN` statement that installs RPM packages on your containerfile. Similarly, you can copy registry configuration files for the local container engine, as part of your containerfile, and them use those configurations to pull container images from corporate image registry servers, during your container image build, and embed those application container images inside a bootc container image. @@ -54,25 +66,32 @@ Similarly, you can copy registry configuration files for the local container eng What RHEL image mode documentation call *physically bound containers* are just container image layers that are stored, as regular files, in a bootc container image. -If you run your application containers directly from Podman, or using Quadlets, you can specify the read-only directory storing those layers as an alternate container image storage for your containers. Unfortunately Kubernetes pod cannot specify their own container storage. +If you run your application containers directly from Podman, or using Quadlets, you can specify the read-only directory storing those layers as an alternate container image storage for your containers. +Unfortunately Kubernetes pod cannot specify their own container storage. -If all pods you run would be embedded in your boot container image, considering both pods required my MicroShift itself and also your application pods, you could theoretically configure CRI-O to use an alternate, read-only location for its container storage. That would prevent running additional pods, which are commonly required for troubleshooting, such as must-gather containers, unless you also add such containers to your bootc container image. +If all pods you run would be embedded in your boot container image, considering both pods required my MicroShift itself and also your application pods, you could theoretically configure CRI-O to use an alternate, read-only location for its container storage. +That would prevent running additional pods, which are commonly required for troubleshooting, such as must-gather containers, unless you also add such containers to your bootc container image. -It would theoretically be possible to configure an alternate read-only container storage only for Kubernetes static pods, and thus include only MicroShift pods in your bootc container images, but pull application containers dynamically, from a remote container registry, to writable container storage. That won't work if any of your application containers share any layers with any of your static pods, which is quite common when containers share base images and programming language runtimes from RHEL. +It would theoretically be possible to configure an alternate read-only container storage only for Kubernetes static pods, and thus include only MicroShift pods in your bootc container images, but pull application containers dynamically, from a remote container registry, to writable container storage. +That won't work if any of your application containers share any layers with any of your static pods, which is quite common when containers share base images and programming language runtimes from RHEL. -Using additional (or alternate) container storage for containers also presents issues regarding system updates: you must ensure you destroy old containers and start new containers, to prevent any dangling references to outdated image layers that would not exist in the new system image anymore. MicroShift, as any other Kubernetes, would not recreate application pods (and their containers) on reboot and updates. +Using additional (or alternate) container storage for containers also presents issues regarding system updates: you must ensure you destroy old containers and start new containers, to prevent any dangling references to outdated image layers that would not exist in the new system image anymore. +MicroShift, as any other Kubernetes, would not recreate application pods (and their containers) on reboot and updates. The recommended approach, to avoid any issues with physically bound containers, is a two-step process: -1. Copy container image layers to your bootc container image, at build time. Notice this is NOT a pull operation, because you don't want to save those layers to the ephemeral container storage of your image build. +1. Copy container image layers to your bootc container image, at build time. +Notice this is NOT a pull operation, because you don't want to save those layers to the ephemeral container storage of your image build. 2. Copy your container image layers from the read-only system image to the writable system container storage, at boot time, so they look like layers that are already pulled when you start containers using them. -The first step becomes an `skopeo copy` command in your containerfile. The second step becomes either a first-boot Systemd unit or a Systemd drop-in file for the MicroShift service unit, any of which you create as part of your containerfile. +The first step becomes an `skopeo copy` command in your containerfile. +The second step becomes either a first-boot Systemd unit or a Systemd drop-in file for the MicroShift service unit, any of which you create as part of your containerfile. This approach enables maximum flexibility: it gives you freedom to include just MicroShift container images, add selected application images, or even all container images you could possibly need for troubleshooting in your bootc container, at day-0; and still keep the ability of pulling new container images on day-1 and day-2, for additional troubleshooting tools or to test application updates, without having to build new bootc container images. == What's Next -The next and final activity of this course shows a containerfile which configures a MicroShift instance and embeds all required configuration files and container images, and builds an installer ISO with a custom kickstart file for unattended installation. At image build time, you use local RPM repositories and a mirror registry, without requiring access to Red Hat servers over the Internet, and then you provision an edge device from your installation ISO without accessing any RPM repository nor container registry server. +The next and final activity of this course shows a containerfile which configures a MicroShift instance and embeds all required configuration files and container images, and builds an installer ISO with a custom kickstart file for unattended installation. +At image build time, you use local RPM repositories and a mirror registry, without requiring access to Red Hat servers over the Internet, and then you provision an edge device from your installation ISO without accessing any RPM repository nor container registry server. diff --git a/modules/ch3-image/pages/s2-image-lab.adoc b/modules/ch3-image/pages/s2-image-lab.adoc index 4988ddd..c21fa2c 100644 --- a/modules/ch3-image/pages/s2-image-lab.adoc +++ b/modules/ch3-image/pages/s2-image-lab.adoc @@ -12,7 +12,7 @@ WARNING: Work In Progress == Before you Begin -You need a few machines to perform the hands-on activities in this course. +You need a few machines to perform the hands-on activities in this course. * A _development machine_ with RHEL and unrestricted `sudo`, where you will create KVM VMs using Libvirt, build bootc container iamges, run bootc image builder to build installation images, and also run the OpenShift client to access your MicroShift instances. @@ -26,7 +26,9 @@ Make sure that your _package server machine_ and _mirror registry machine_ are p These instructions were tested on RHEL 9.5 but should work with minimal or no change on newer and older RHEL 9.x releases. -If you are using the course environment, you will log in to the `workstation` VM as the user `student` with password `student`. The `workstation` VM is your _development machine_. You will start SSH sessions from the `workstation` VM to the `servera` VM, which is your _web server machine_ and also your _mirror registry machine_, using the same user. +If you are using the course environment, you will log in to the `workstation` VM as the user `student` with password `student`. +The `workstation` VM is your _development machine_. +You will start SSH sessions from the `workstation` VM to the `servera` VM, which is your _web server machine_ and also your _mirror registry machine_, using the same user. You will also create a local KVM virtual machine on your _development machine_, and we refer to that VM as your _edge machine_. @@ -36,7 +38,7 @@ IMPORTANT: Be sure you execute each step on the correct machine. If a step is no 1. On your _development machine_, verify that you have all prerequisites from previous labs. -.. Check that you can access your _web server machine_. +.. Verify that you can access your _web server machine_. + [source,subs="verbatim,quotes"] -- @@ -48,7 +50,7 @@ $ *curl -s http://servera.lab.example.com | head -n 5* Test Page for the HTTP Server on Red Hat Enterprise Linux -- -.. Check that your unprivileged user has access to Libvirt session VMs. +.. Verify that your unprivileged user has access to Libvirt session VMs. + [source,subs="verbatim,quotes"] -- @@ -59,24 +61,24 @@ CPU model: x86_64 ... -- -.. Check that you have a valid pull secret for your your _mirror registry machine_ and that you can access it with TLS validation enabled. +.. Verify that you have a valid pull secret for your your _mirror registry machine_ and that you can access it with TLS validation enabled. + [source,subs="verbatim,quotes"] -- $ *podman search --authfile mirror-pull-secret servera.lab.example.com:8443/* NAME DESCRIPTION -servera.lab.example.com:8443/lvms4/lvms-rhel9-operator -servera.lab.example.com:8443/openshift-release-dev/ocp-v4.0-art-dev -servera.lab.example.com:8443/flozanorht/php-ubi -servera.lab.example.com:8443/rhel9/mysql-80 -servera.lab.example.com:8443/ubi9/ubi -servera.lab.example.com:8443/rhel9/rhel-bootc +servera.lab.example.com:8443/lvms4/lvms-rhel9-operator +servera.lab.example.com:8443/openshift-release-dev/ocp-v4.0-art-dev +servera.lab.example.com:8443/flozanorht/php-ubi +servera.lab.example.com:8443/rhel9/mysql-80 +servera.lab.example.com:8443/ubi9/ubi +servera.lab.example.com:8443/rhel9/rhel-bootc servera.lab.example.com:8443/rhel9/bootc-image-builder -- -.. Check that output from the previous command shows that the mirror registry is already populated with MicroShift release images (`openshift-release-dev/ocp-v4.0-art-dev`) and LVM Storage operator images (`lvms4/lvms-rhel9-operator`). +.. Review that output from the previous command shows that the mirror registry is already populated with MicroShift release images (`openshift-release-dev/ocp-v4.0-art-dev`) and LVM Storage operator images (`lvms4/lvms-rhel9-operator`). -.. Check that you have the CA certificate for the mirror registry on your home directory. +.. Verify that you have the CA certificate for the mirror registry on your home directory. + [source,subs="verbatim,quotes"] -- @@ -95,7 +97,8 @@ Login Succeeded! 2. Configure the _development machine_ to use the mirror registry, so it can build bootc container images without internet access and without credentails to Red Hat container registries. + -You will also use these configuration files for the bootc container image you are about to build in this lab. These are the same files you might have already used in a xref:ch2-package:s2-install-lab[previous lab]. +You will also use these configuration files for the bootc container image you are about to build in this lab. +These are the same files you might have already used in a xref:ch2-package:s2-install-lab[previous lab]. .. Configure the container runtime to get MicroShift release images from the mirror registry. + @@ -105,7 +108,7 @@ $ *wget -q https://raw.githubusercontent.com/RedHatQuickCourses/rhde-build-sampl $ *sudo cp 999-microshift-mirror.conf /etc/containers/registries.conf.d* -- -.. Disable signature verification on container images required by MicroShift by downloading a https://github.com/RedHatQuickCourses/rhde-build-samples/blob/main/microshift/containers-policy.json.nosigs[container image policy file] from the course samples git repository. +.. Disable signature verification on container images required by MicroShift by downloading a https://github.com/RedHatQuickCourses/rhde-build-samples/blob/main/microshift/containers-policy.json.nosigs[container image policy file,window=_blank] from the course samples git repository. + [source,subs="verbatim,quotes"] -- @@ -113,18 +116,22 @@ $ *wget -q https://raw.githubusercontent.com/RedHatQuickCourses/rhde-build-sampl $ *sudo cp containers-policy.json.nosigs /etc/containers/policy.json* -- -3. Download and inspect a containerfile for a preconfigured MicroShift instance. That container file requires the files downloaded during the previous step, and a few more files you will download right now. +3. Download and inspect a containerfile for a preconfigured MicroShift instance. +This container file requires the files downloaded during the previous step, and a few more files you will download right now. -.. Download the https://raw.githubusercontent.com/RedHatQuickCourses/rhde-build-samples/refs/heads/main/microshift/Containerfile-embedded[sample containerfile] from the course samples git repository. It is a long Containerfile but, assuming that you performed all activities from the the xref:ch2-package[previous chapter] of this course, there should be no surprises. +.. Download the https://raw.githubusercontent.com/RedHatQuickCourses/rhde-build-samples/refs/heads/main/microshift/Containerfile-embedded[sample containerfile,window=_blank] from the course samples git repository. +It is a long Containerfile but, assuming that you performed all activities from the the xref:ch2-package[previous chapter] of this course, there should be no surprises. + [source,subs="verbatim,quotes"] -- $ *wget -q https://raw.githubusercontent.com/RedHatQuickCourses/rhde-build-samples/refs/heads/main/microshift/Containerfile-embedded* -- -.. Review the `Containerfile-embedded` file and make sure you understand its instructions. It contains many `RUN` instructions with shell heredocs to minize the number of layers and for increased legibility. +.. Review the `Containerfile-embedded` file and make sure you understand its instructions. +It contains many `RUN` instructions with shell heredocs to minize the number of layers and for increased legibility. + -NOTE: The code snippets here help you locate the relevant sections in the Containerfile, but they do not list the entirety of most sections. Follow along with a text editor and navigate through the blueprint file. +NOTE: The code snippets here help you locate the relevant sections in the Containerfile, but they do not list the entirety of most sections. +Follow along with a text editor and navigate through the blueprint file. ... Use the base RHEL 9 bootc container as the base image. + @@ -135,7 +142,8 @@ include::1@samples:microshift:example$Containerfile-embedded[lines=5] ... -- + -WARNING: This containerfile uses RHEL 9.5, which is NOT a supported version for MicroShift 4.17. Check the https://docs.redhat.com/en/documentation/red_hat_device_edge/4/html/overview/device-edge-overview#device-edge-compatibility_device-edge-overview[Red Hat Device Edge product documentation] for the supported combinations of RHEL and MicroShift releases. It may be necessary to use an EUS version of RHEL base bootc container images and package repositories to get the latest RHEL security and bug fixes. +WARNING: This containerfile uses RHEL 9.5, which is NOT a supported version for MicroShift 4.17. +Review the https://docs.redhat.com/en/documentation/red_hat_device_edge/4/html/overview/device-edge-overview#device-edge-compatibility_device-edge-overview[Red Hat Device Edge product documentation,window=_blank] for the supported combinations of RHEL and MicroShift releases. It may be necessary to use an EUS version of RHEL base bootc container images and package repositories to get the latest RHEL security and bug fixes. + IMPORTANT: Different RHEL releases are expected to work most of the times, but if you have issues and create support tickets, you may be asked to reproduce the issue using a supported version of RHEL. @@ -148,7 +156,8 @@ include::1@samples:microshift:example$Containerfile-embedded[lines=7] ... -- -... Install the MicroShift packages and dependencies. You need the optional `microshift-release-info` package because it provides the list of MicroShift container images to embed in the bootc container image. +... Install the MicroShift packages and dependencies. +You need the optional `microshift-release-info` package because it provides the list of MicroShift container images to embed in the bootc container image. + [source,subs="verbatim"] -- @@ -193,7 +202,8 @@ include::1@samples:microshift:example$Containerfile-embedded[lines=55] ... -- -... Add a CA certificate for the mirror registry. Remember that you download that CA file in the xref:ch1-microshift:s3-air-gapped-lab.adoc[first chapter]. +... Add a CA certificate for the mirror registry. +Remember that you download that CA file in the xref:ch1-microshift:s3-air-gapped-lab.adoc[first chapter]. + [source,subs="verbatim"] -- @@ -204,7 +214,8 @@ include::1@samples:microshift:example$Containerfile-embedded[lines=56..57] ... Embed the MicroShift release container images in the system image and also container images for the applications pods that will run on that MicroShift cluster. + -A copy of image Red Hat Universal Base Image (UBI) `registry.redhat.io/ubi9/ubi:latest` in the mirror registry at `servera.lab.example.com:8443` stands in for an application image. You can add more application images to the `appimage` shell variable, if you wish, and also add https://docs.redhat.com/it/documentation/red_hat_build_of_microshift/4.17/html-single/running_applications/index#microshift-manifests-overview_applications-microshift[Kustomize manifests] to directories such as `/usr/lib/microshift/` on your bootc container image. +A copy of image Red Hat Universal Base Image (UBI) `registry.redhat.io/ubi9/ubi:latest` in the mirror registry at `servera.lab.example.com:8443` stands in for an application image. +You can add more application images to the `appimage` shell variable, if you wish, and also add https://docs.redhat.com/it/documentation/red_hat_build_of_microshift/4.17/html-single/running_applications/index#microshift-manifests-overview_applications-microshift[Kustomize manifests,window=_blank] to directories such as `/usr/lib/microshift/` on your bootc container image. + [source,subs="verbatim"] -- @@ -246,9 +257,10 @@ $ *wget -qP yum.d https://raw.githubusercontent.com/RedHatQuickCourses/rhde-buil 4. Download and inspect a blueprint for a customized installation ISO. + -This blueprint contains only kickstart file customizations that, among other things, provide secrets for SSH and mirror registry access. Alternatively, such secrets could be provided after installation, by an onboarding process, managed by Ansible or other automation technology. +This blueprint contains only kickstart file customizations that, among other things, provide secrets for SSH and mirror registry access. +Alternatively, such secrets could be provided after installation, by an onboarding process, managed by Ansible or other automation technology. -.. Download the https://raw.githubusercontent.com/RedHatQuickCourses/rhde-build-samples/refs/heads/main/microshift/config.toml[sample installer blueprint] from the course samples git repository. It basically contains a customized kickstart file. +.. Download the https://raw.githubusercontent.com/RedHatQuickCourses/rhde-build-samples/refs/heads/main/microshift/config.toml[sample installer blueprint,window=_blank] from the course samples git repository. It basically contains a customized kickstart file. + [source,subs="verbatim,quotes"] -- @@ -257,7 +269,8 @@ $ *wget -q https://raw.githubusercontent.com/RedHatQuickCourses/rhde-build-sampl .. Review the blueprint and make sure you understand it's kickstart instructions. + -NOTE: The code snippets here help you locate the relevant sections in the kickstart file, but they do not list the entirety of the blueprint file. Follow along with a text editor and navigate through the kickstart file. +NOTE: The code snippets here help you locate the relevant sections in the kickstart file, but they do not list the entirety of the blueprint file. +Follow along with a text editor and navigate through the kickstart file. ... Set a text-mode installation and preconfigure language and keyboard, so Anaconda can proceed unattended, and reboot at the end of the installation. + @@ -277,7 +290,7 @@ include::1@samples:microshift:example$config.toml[lines=13..19] ... -- -... In a post install script, create an initial user with a known password, unlimited sudo, and SSH key. +... In a post install script, create an initial user with a known password, unlimited sudo, and SSH key. + [source,subs="verbatim"] -- @@ -286,7 +299,8 @@ include::1@samples:microshift:example$config.toml[lines=26..31] ... -- + -NOTE: Production systems would NOT enable password login and would leave the user without any password. We left it here as a convenience for the learner, so you can later log in at the console of your _edge machine_ for troubleshooting, if you wish. +NOTE: Production systems would NOT enable password login and would leave the user without any password. +We left it here as a convenience for the learner, so you can later log in at the console of your _edge machine_ for troubleshooting, if you wish. ... Also in the post install script, add a pull secret for the mirror registry. + @@ -327,7 +341,9 @@ $ *SSH_PUB_KEY=$( cat edge-key.pub )* $ *sed -i "s|REPLACE_WITH_SSH_PUB_KEY|$SSH_PUB_KEY|" config.toml* -- -.. Embed your pull secret in the blueprint. You have to use the `jq` command to ensure that your pull secret is formatted as a single-line JSON string. You already generated the pull secret file in a xref:ch1-microshift:s3-air-gapped-lab.adoc[previous lab]. +.. Embed your pull secret in the blueprint. +You have to use the `jq` command to ensure that your pull secret is formatted as a single-line JSON string. +You already generated the pull secret file in a xref:ch1-microshift:s3-air-gapped-lab.adoc[previous lab]. + [source,subs="verbatim,quotes"] -- @@ -339,7 +355,8 @@ $ *sed -i "s|REPLACE_WITH_PULL_SECRET|$PULL_SECRET|" config.toml* .. Build a bootc container image. + -The Containerfile contains instructions which access the mirror container registry, so we must pass credentials using the `--secret` option. Remember that secret was NOT embedded into the Containerfile, but only in the blueprint for the installation ISO. +The Containerfile contains instructions which access the mirror container registry, so we must pass credentials using the `--secret` option. +Remember that secret was NOT embedded into the Containerfile, but only in the blueprint for the installation ISO. + Try to identify, as part of the build messages, the output of the `skopeo copy` commands which copy MicroShift and application container images to the bootc container image. + @@ -355,11 +372,12 @@ b28ad90a8552d6b0009baf6c854bdcbc85650bfd28aed1ff18040697963cfd2 + WARNING: If, by some reason, you meed to build your bootc container image again with small changes, we recommend that you add the `--no-cache` option to the `podman build` command above. -.. Test your bootc container image as a regular container. Check for the presense of systemd units, their scripts, and container engine configuration files. +.. Test your bootc container image as a regular container. +Check for the presense of systemd units, their scripts, and container engine configuration files. + Many bootc container images are not designed to be run as regular container, and this is the case of bootc images including MicroShift, because they depend on the kernel, system services, and other configurations embeded into its bootc image that won't be available on the container host. + -Testing bootc images from a regular container is useful to check if files are created and changed as expected, and sometimes for testing scripts that you would run at boot. +Testing bootc images from a regular container is useful to verify if files are created and changed as expected, and sometimes for testing scripts that you would run at boot. + [source,subs="verbatim,quotes"] -- @@ -395,7 +413,8 @@ b28ad90a8552d6b0009baf6c854bdcbc85650bfd28aed1ff18040697963cfd21 .. Create an installable ISO containing your bootc container image and your custom kickstart file. + -Be patient, it takes a while to create the ISO. You will see many error messages, related to Grub, disk devices, and `/dev/log` which you safely ignore. +Be patient, it takes a while to create the ISO. +You will see many error messages, related to Grub, disk devices, and `/dev/log` which you safely ignore. + [source,subs="verbatim,quotes"] -- @@ -414,7 +433,8 @@ Results saved in . -- -.. Copy the installable ISO from the bootc image builder temporary output directory to a more permanent localtion, and give it an easily identifiable name. That file would be distributed to personel responsible for installing actual edge devices. +.. Copy the installable ISO from the bootc image builder temporary output directory to a more permanent localtion, and give it an easily identifiable name. +That file would be distributed to personel responsible for installing actual edge devices. + [source,subs="verbatim,quotes"] -- @@ -454,11 +474,13 @@ No Joliet extensions $ *LABEL=RHEL-9-5-BaseOS-x86_64* -- -.. Create a KVM virtual machine from your installer image. The installation should proceed unattended until you get a login prompt. +.. Create a KVM virtual machine from your installer image. +The installation should proceed unattended until you get a login prompt. + You could use different variations of the `virt-install` command or the Cockpit web UI. + -The use of `--location` and `--extra-arg` in the following command enables the VM to run with a serial console, so you don't need to leave your shell and don't need to open a graphical console for your _edge machine_. It also makes it easier to scroll up for boot messages and copy-and-paste them if you have issues during operating system installation. +The use of `--location` and `--extra-arg` in the following command enables the VM to run with a serial console, so you don't need to leave your shell and don't need to open a graphical console for your _edge machine_. +It also makes it easier to scroll up for boot messages and copy-and-paste them if you have issues during operating system installation. + [source,subs="verbatim,quotes"] -- @@ -497,7 +519,8 @@ Volume 'vda'(/home/student/.local/share/libvirt/images/edge-microshift-1.qcow2) 8. On your _edge machine_, verify that MicroShift is fully initialized. -.. MicroShift will ony start after all its container images are copied to the system container storage, which takes a few moments. You may log in BEFORE this process finishes, and see that MicroShift is still initializing, and there are no kubeconfig files on the home directory of the `core` user. +.. MicroShift will ony start after all its container images are copied to the system container storage, which takes a few moments. +You may log in BEFORE this process finishes, and see that MicroShift is still initializing, and there are no kubeconfig files on the home directory of the `core` user. + [source,subs="verbatim,quotes"] -- @@ -524,7 +547,8 @@ Notice, on the previous output, that the service is still activating, but alread + If your output shows that the microshift service is already active, just move forward. -.. If you wish, you can monitor the image copy process using Podman, because CRI-O shares the same system container storage with Podman. When the process is finished, you will see a full list of MicroShift container images and also application container images. +.. If you wish, you can monitor the image copy process using Podman, because CRI-O shares the same system container storage with Podman. +When the process is finished, you will see a full list of MicroShift container images and also application container images. + IMPORTANT: You will NOT be able to see running containers from CRI-O using Podman, for that you must use the `crictl` command. + @@ -570,7 +594,8 @@ $ *echo $KUBECONFIG* /var/home/core/local-admin -- -.. Check that MicroShift is healthy and all its pods are ready and running. Beware it may take a while for MicroShift to finish starting all its pods. +.. Ensure that MicroShift is healthy and all its pods are ready and running. +Beware it may take a while for MicroShift to finish starting all its pods. + [source,subs="verbatim,quotes"] -- @@ -591,7 +616,8 @@ openshift-storage lvms-operator-7f544467bc-94227 1/1 Ru openshift-storage vg-manager-5n494 1/1 Running 0 3m55s -- + -NOTE: If you are too quick, and skip the previous steps of checking the MicroShift system service status, you may get a `NotReady` state from `oc get node`, or a "no resources found" error from `oc get pod`. If any of this happens, just wait a few seconds and try again. +NOTE: If you are too quick, and skip the previous steps of reviewing the MicroShift system service status, you may get a `NotReady` state from `oc get node`, or a "no resources found" error from `oc get pod`. +If any of this happens, just wait a few seconds and try again. .. As a final check, create a test pod from the sample application image we included in the bootc container image. + @@ -612,5 +638,6 @@ You succeed in provisioning an edge device, from an installable ISO, in an air-g == What's Next -This was the final activity of this course. If you wish, you can create service accounts and kubeconfig files for developer access using the same steps from ch2-package:s3-access-lab.adoc[previous labs] already demonstrated on RHEL package mode. +This was the final activity of this course. +If you wish, you can create service accounts and kubeconfig files for developer access using the same steps from ch2-package:s3-access-lab.adoc[previous labs] already demonstrated on RHEL package mode. From 0f1fb5331b42b03c7c3b88ede795d6a994b90782 Mon Sep 17 00:00:00 2001 From: Fernando Lozano Date: Fri, 2 May 2025 17:29:29 -0300 Subject: [PATCH 2/2] Use a carret for links that open new browser window --- README.md | 4 --- modules/ROOT/pages/index.adoc | 26 +++++++++---------- .../ch1-microshift/pages/s2-prepare-lab.adoc | 4 +-- .../pages/s3-air-gapped-lab.adoc | 4 +-- modules/ch2-package/pages/index.adoc | 2 +- .../ch3-image/pages/s1-microshift-bootc.adoc | 6 ++--- modules/ch3-image/pages/s2-image-lab.adoc | 10 +++---- 7 files changed, 25 insertions(+), 31 deletions(-) diff --git a/README.md b/README.md index a580c55..9618b5b 100644 --- a/README.md +++ b/README.md @@ -10,14 +10,10 @@ Design docs from the RHEL for Edge variant are available to Red Hat employees on * [Initial course design](https://docs.google.com/document/d/1zPUVBdbdlMEUlMmlsnDLiIjOtUMPBXYe3b2TO_Xhl6M/edit?usp=sharing) -// Not sure about exposing the internal URL to GitHub repo. - Figures on this course are designed using Google Slides, and the deck is available to Red Hat employees. Individual slides are exported to SVG files and cleaned using Inkscape. Those files are in the git repository. * [Figures](https://docs.google.com/presentation/d/1VBZdZyuWiSyoq1HE6eVxgSEo2_Qc4EOM0_Fkd_uQ_zA/edit?usp=sharing) -// Not sure about exposing the internal URL to GitHub repo. - Refer to the [Red Hat Quick Courses Contributor Guide](https://redhatquickcourses.github.io/welcome/1/guide/overview.html) for instructions about collaborating in this repository. The virtual classroom environment is a ROLE classroom, which are shared by all Red Hat Device Edge quick courses and will be updated as required by future related courses: *HOL014: Red Hat Device Edge Quick Course Series*. This virtual classroom is available to Red Hatters and partners, and also customers with a Red Hat Learning Subscription. diff --git a/modules/ROOT/pages/index.adoc b/modules/ROOT/pages/index.adoc index 4c66728..a5dc7fd 100644 --- a/modules/ROOT/pages/index.adoc +++ b/modules/ROOT/pages/index.adoc @@ -11,15 +11,13 @@ It is part of a Red Hat Device Learning path, which currently includes three cou * For customers using RHEL for Edge and RPM-OSTree based edge images: ** https://redhatquickcourses.github.io/rhde-build/[Building Red Hat Device Edge Images^] -** https://redhatquickcourses.github.io/rhde-microshift/[Deploying MicroShift on Red Hat Device Edge Quick Course,window=_blank] +** https://redhatquickcourses.github.io/rhde-microshift/[Deploying MicroShift on Red Hat Device Edge Quick Course^] * For customers using RHEL image mode: ** *Deploying MicroShift on RHEL Image Mode* (this course) IMPORTANT: Red Hat employees must enroll using its [LMS entry^] to get completion credits, and Red Hat Partners must enroll using its [Partner Portal entry^]. -// Not sure about exposing the internal URL to GitHub repo. - == Audience Operations-focused customer roles, who design and implement device edge images, but are not usually in-person at edge sites: @@ -35,9 +33,9 @@ Red Hat and Partner roles that support Red Hat Device Edge on customers, such as == Prerequisites -* Attend the RHEL labs https://www.redhat.com/en/introduction-to-image-mode-for-red-hat-enterprise-linux-interactive-lab[Introduction to image mode for Red Hat Enterprise Linux,window=_blank] and https://www.redhat.com/en/day-2-operations-with-image-mode-for-red-hat-enterprise-linux[Day 2 operations with image mode for Red Hat Enterprise Linux,window=_blank], or have equivalent experience with RHEL image mode. -* Familiarity with RHEL system administration, to the level of https://www.redhat.com/en/services/certification/rhcsa[Red Hat Certified System Administrator (RHCSA),window=_blank] or equivalent knowledge. -* Familiarity with OpenShift administration, to the level of https://www.redhat.com/en/services/certification/rhcs-paas[Red Hat Certified OpenShift Administrator,window=_blank] or equivalent knowledge. +* Attend the RHEL labs https://www.redhat.com/en/introduction-to-image-mode-for-red-hat-enterprise-linux-interactive-lab[Introduction to image mode for Red Hat Enterprise Linux^] and https://www.redhat.com/en/day-2-operations-with-image-mode-for-red-hat-enterprise-linux[Day 2 operations with image mode for Red Hat Enterprise Linux^], or have equivalent experience with RHEL image mode. +* Familiarity with RHEL system administration, to the level of https://www.redhat.com/en/services/certification/rhcsa[Red Hat Certified System Administrator (RHCSA)^] or equivalent knowledge. +* Familiarity with OpenShift administration, to the level of https://www.redhat.com/en/services/certification/rhcs-paas[Red Hat Certified OpenShift Administrator^] or equivalent knowledge. * Familiarity with Ansible playbooks and the Ansible Automation Platform is useful but not required. * Familiarity with web server administration, such as Apache Web Server or NGinx, is useful but not required. * Familiarity with database server administration, such as MySQL or MariaDB, is useful but not required. @@ -64,28 +62,28 @@ You do not need to use the same classroom for multiple courses: each course prov You will follow this quick course by alternating between two browser windows: one to navigate quick course materials, such as this page; and another to access the virtual classroom lab, to perform hands-on activities. -If you can provision your own RHEL servers or VMs, it should be possible to configure all that is required for the hands-on activities by using a https://developers.redhat.com/products/rhel/download[free subscription,window=_blank] from the https://developers.redhat.com/about[Red Hat Developer Program,window=_blank], which gives access to RHEL installation media, RHEL package repositories, OpenShift package repositories, and OpenShift container images in Red Hat registries. +If you can provision your own RHEL servers or VMs, it should be possible to configure all that is required for the hands-on activities by using a https://developers.redhat.com/products/rhel/download[free subscription^] from the https://developers.redhat.com/about[Red Hat Developer Program^], which gives access to RHEL installation media, RHEL package repositories, OpenShift package repositories, and OpenShift container images in Red Hat registries. == About Red Hat Online Learning (ROLE) and Red Hat Learning Subscription -The Red Hat Online Learning (ROLE) web site provides https://www.redhat.com/en/services/training-and-certification[Red Hat Training and Certification,window=_blank] course materials and their virtual classrooms labs. +The Red Hat Online Learning (ROLE) web site provides https://www.redhat.com/en/services/training-and-certification[Red Hat Training and Certification^] course materials and their virtual classrooms labs. You must be enrolled in a Red Hat Training course or subscription to have access to ROLE. NOTE: The Red Hat Device Edge Quick Courses Series use ROLE for its virtual classroom labs only, and hosts courses materials outside of ROLE, as GitHub pages. -A basic https://www.redhat.com/en/services/training/learning-subscription[Red Hat Learning Subscription,window=_blank] offers access to a number Red Hat Training courses and virtual classroom lab time. Higher subscription tiers offer additional benefits such as Red Hat Certification Exam vouchers. +A basic https://www.redhat.com/en/services/training/learning-subscription[Red Hat Learning Subscription^] offers access to a number Red Hat Training courses and virtual classroom lab time. Higher subscription tiers offer additional benefits such as Red Hat Certification Exam vouchers. == Other Sources of Information About MicroShift -The main source is the https://docs.redhat.com/en/documentation/red_hat_build_of_microshift/4.17[product documentation for MicroShift,window=_blank] in Red Hat's documentation portal. +The main source is the https://docs.redhat.com/en/documentation/red_hat_build_of_microshift/4.17[product documentation for MicroShift^] in Red Hat's documentation portal. -We also recommend that you use the product documentation for https://docs.redhat.com/en/documentation/openshift_container_platform/4.17[Red Hat OpenShift Container Platform,window=_blank] for general Kubernetes topics, OpenShift extension APIs, and add-on operators which may be supported in MicroShift. +We also recommend that you use the product documentation for https://docs.redhat.com/en/documentation/openshift_container_platform/4.17[Red Hat OpenShift Container Platform^] for general Kubernetes topics, OpenShift extension APIs, and add-on operators which may be supported in MicroShift. -The Red Hat Build of MicroShift is supported as part of Red Hat Device Edge, check its https://docs.redhat.com/en/documentation/red_hat_device_edge/4/html/overview/index[overview document,window=_blank] for pointers to MicroShift, RHEL for Edge, and other components of Red Hat Device Edge. +The Red Hat Build of MicroShift is supported as part of Red Hat Device Edge, check its https://docs.redhat.com/en/documentation/red_hat_device_edge/4/html/overview/index[overview document^] for pointers to MicroShift, RHEL for Edge, and other components of Red Hat Device Edge. -For documentation about RHEL image mode, see the https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/9/html-single/using_image_mode_for_rhel_to_build_deploy_and_manage_operating_systems/index[RHEL product documentation,window=_blank]. +For documentation about RHEL image mode, see the https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/9/html-single/using_image_mode_for_rhel_to_build_deploy_and_manage_operating_systems/index[RHEL product documentation^]. -It is not expected that you need to use the https://microshift.io/[open source upstream,window=_blank] of MicroShift and its community documentation for day to day use of the Red Hat Build of MicroShift. +It is not expected that you need to use the https://microshift.io/[open source upstream^] of MicroShift and its community documentation for day to day use of the Red Hat Build of MicroShift. == Author diff --git a/modules/ch1-microshift/pages/s2-prepare-lab.adoc b/modules/ch1-microshift/pages/s2-prepare-lab.adoc index e4fbe0f..9b649ab 100644 --- a/modules/ch1-microshift/pages/s2-prepare-lab.adoc +++ b/modules/ch1-microshift/pages/s2-prepare-lab.adoc @@ -24,7 +24,7 @@ You need a few machines to perform the hands-on activities in this course. * A _web server machine_ with RHEL and unrestricted `sudo`, to share files such as public keys. -* A _mirror registry machine_ with RHEL and unrestricted `sudo`, to host a https://www.redhat.com/en/blog/introducing-mirror-registry-for-red-hat-openshift[mirror registry for Red Hat OpenShift,window=_blank]. +* A _mirror registry machine_ with RHEL and unrestricted `sudo`, to host a https://www.redhat.com/en/blog/introducing-mirror-registry-for-red-hat-openshift[mirror registry for Red Hat OpenShift^]. These instructions were tested on RHEL 9.5 but should work with minimal or no change on newer and older RHEL 9.x releases. @@ -37,7 +37,7 @@ If a step is not explicit about the machine it should be performed, it is using In the course environment, the `classroom` VM, with the `materials` alias, is your _package server machine_ but you are _not_ expected to start SSH sessions nor perform any activity on it. -NOTE: It should be possible to perform all activities in this course using a https://developers.redhat.com/products/rhel/download[free Red Hat Developers free subscription,window=_blank], which gives you access to installation media, RPM packages, and container images for RHEL and Red Hat OpenShift. +NOTE: It should be possible to perform all activities in this course using a https://developers.redhat.com/products/rhel/download[free Red Hat Developers free subscription^], which gives you access to installation media, RPM packages, and container images for RHEL and Red Hat OpenShift. If you ignore the requirements for air-gaped installation of MicroShift, you could use a single RHEL VM and adapt the steps to your own environment. == Instructions diff --git a/modules/ch1-microshift/pages/s3-air-gapped-lab.adoc b/modules/ch1-microshift/pages/s3-air-gapped-lab.adoc index 15b9254..998c30b 100644 --- a/modules/ch1-microshift/pages/s3-air-gapped-lab.adoc +++ b/modules/ch1-microshift/pages/s3-air-gapped-lab.adoc @@ -22,7 +22,7 @@ You need a few machines to perform the hands-on activities in this course. * A _web server machine_ with RHEL and unrestricted `sudo`, to share files such as public keys. -* A _mirror registry machine_ with RHEL and unrestricted `sudo`, to host a https://www.redhat.com/en/blog/introducing-mirror-registry-for-red-hat-openshift[mirror registry for Red Hat OpenShift,window=_blank]. +* A _mirror registry machine_ with RHEL and unrestricted `sudo`, to host a https://www.redhat.com/en/blog/introducing-mirror-registry-for-red-hat-openshift[mirror registry for Red Hat OpenShift^]. These instructions were tested on RHEL 9.5 but should work with minimal or no change on newer and older RHEL 9.x releases. @@ -35,7 +35,7 @@ If a step is not explicit about the machine it should be performed, it is using In the course environment, the `classroom` VM, with the `materials` alias, is your _package server machine_ but you are _not_ expected to start SSH sessions nor perform any activity on it. -NOTE: It should be possible to perform all activities in this course using a https://developers.redhat.com/products/rhel/download[free Red Hat Developers free subscrition,window=_blank], which gives you access to installation media, RPM packages, and container images for RHEL and Red Hat OpenShift. +NOTE: It should be possible to perform all activities in this course using a https://developers.redhat.com/products/rhel/download[free Red Hat Developers free subscrition^], which gives you access to installation media, RPM packages, and container images for RHEL and Red Hat OpenShift. If you ignore the requirements for air-gaped installation of MicroShift, you could use a single RHEL VM and adapt the steps to your own environment. == Instructions diff --git a/modules/ch2-package/pages/index.adoc b/modules/ch2-package/pages/index.adoc index e816230..efe8830 100644 --- a/modules/ch2-package/pages/index.adoc +++ b/modules/ch2-package/pages/index.adoc @@ -14,7 +14,7 @@ This chapter explores the installation requirements and essential configuration The hands-on activities cover installing and configuring MicroShift in a RHEL virtual machine (VM), ensuring it's healthy, and configuring it for unprivileged developer access. IMPORTANT: If you plan to deploy MicroShift as part of a RHEL image mode system, do *NOT* skip this chapter. -You must understand the requirements and configurations introduced here to be able to automate them using Containerfiles and boot image builder. +You must understand the requirements and configurations introduced here to be able to automate them using Containerfiles and bootc image builder. You also need the skills you learn here to troubleshoot your bootc container images that include MicroShift. diff --git a/modules/ch3-image/pages/s1-microshift-bootc.adoc b/modules/ch3-image/pages/s1-microshift-bootc.adoc index c556ea1..d9f1430 100644 --- a/modules/ch3-image/pages/s1-microshift-bootc.adoc +++ b/modules/ch3-image/pages/s1-microshift-bootc.adoc @@ -36,14 +36,14 @@ To build an custom installation ISO, you must first build a bootc container imag If you need a refresher on the finer details or troubleshooting hints for building bootc container images and using bootc image builder, please review the following RHEL labs: -* https://www.redhat.com/en/introduction-to-image-mode-for-red-hat-enterprise-linux-interactive-lab[Introduction to image mode for Red Hat Enterprise Linux,window=_blank] -* https://www.redhat.com/en/day-2-operations-with-image-mode-for-red-hat-enterprise-linux[Day 2 operations with image mode for Red Hat Enterprise Linux,window=_blank] +* https://www.redhat.com/en/introduction-to-image-mode-for-red-hat-enterprise-linux-interactive-lab[Introduction to image mode for Red Hat Enterprise Linux^] +* https://www.redhat.com/en/day-2-operations-with-image-mode-for-red-hat-enterprise-linux[Day 2 operations with image mode for Red Hat Enterprise Linux^] == Air-Gapped Builds With Private Container Registries Many organizations do not allow edge devices to download content, especially software, from the Internet. They must download all content from secure internal servers. -That means all software, such as RPM packages and container images, must be provided by servers owned by your organization. +That means all software, such as RPM packages and container images, must be provided by servers owned by your organization. This is commonly referred to as air-gapped operations. Such organizations usually place similar constraints on corporate servers and development systems. diff --git a/modules/ch3-image/pages/s2-image-lab.adoc b/modules/ch3-image/pages/s2-image-lab.adoc index c21fa2c..9b24fae 100644 --- a/modules/ch3-image/pages/s2-image-lab.adoc +++ b/modules/ch3-image/pages/s2-image-lab.adoc @@ -108,7 +108,7 @@ $ *wget -q https://raw.githubusercontent.com/RedHatQuickCourses/rhde-build-sampl $ *sudo cp 999-microshift-mirror.conf /etc/containers/registries.conf.d* -- -.. Disable signature verification on container images required by MicroShift by downloading a https://github.com/RedHatQuickCourses/rhde-build-samples/blob/main/microshift/containers-policy.json.nosigs[container image policy file,window=_blank] from the course samples git repository. +.. Disable signature verification on container images required by MicroShift by downloading a https://github.com/RedHatQuickCourses/rhde-build-samples/blob/main/microshift/containers-policy.json.nosigs[container image policy file^] from the course samples git repository. + [source,subs="verbatim,quotes"] -- @@ -119,7 +119,7 @@ $ *sudo cp containers-policy.json.nosigs /etc/containers/policy.json* 3. Download and inspect a containerfile for a preconfigured MicroShift instance. This container file requires the files downloaded during the previous step, and a few more files you will download right now. -.. Download the https://raw.githubusercontent.com/RedHatQuickCourses/rhde-build-samples/refs/heads/main/microshift/Containerfile-embedded[sample containerfile,window=_blank] from the course samples git repository. +.. Download the https://raw.githubusercontent.com/RedHatQuickCourses/rhde-build-samples/refs/heads/main/microshift/Containerfile-embedded[sample containerfile^] from the course samples git repository. It is a long Containerfile but, assuming that you performed all activities from the the xref:ch2-package[previous chapter] of this course, there should be no surprises. + [source,subs="verbatim,quotes"] @@ -143,7 +143,7 @@ include::1@samples:microshift:example$Containerfile-embedded[lines=5] -- + WARNING: This containerfile uses RHEL 9.5, which is NOT a supported version for MicroShift 4.17. -Review the https://docs.redhat.com/en/documentation/red_hat_device_edge/4/html/overview/device-edge-overview#device-edge-compatibility_device-edge-overview[Red Hat Device Edge product documentation,window=_blank] for the supported combinations of RHEL and MicroShift releases. It may be necessary to use an EUS version of RHEL base bootc container images and package repositories to get the latest RHEL security and bug fixes. +Review the https://docs.redhat.com/en/documentation/red_hat_device_edge/4/html/overview/device-edge-overview#device-edge-compatibility_device-edge-overview[Red Hat Device Edge product documentation^] for the supported combinations of RHEL and MicroShift releases. It may be necessary to use an EUS version of RHEL base bootc container images and package repositories to get the latest RHEL security and bug fixes. + IMPORTANT: Different RHEL releases are expected to work most of the times, but if you have issues and create support tickets, you may be asked to reproduce the issue using a supported version of RHEL. @@ -215,7 +215,7 @@ include::1@samples:microshift:example$Containerfile-embedded[lines=56..57] ... Embed the MicroShift release container images in the system image and also container images for the applications pods that will run on that MicroShift cluster. + A copy of image Red Hat Universal Base Image (UBI) `registry.redhat.io/ubi9/ubi:latest` in the mirror registry at `servera.lab.example.com:8443` stands in for an application image. -You can add more application images to the `appimage` shell variable, if you wish, and also add https://docs.redhat.com/it/documentation/red_hat_build_of_microshift/4.17/html-single/running_applications/index#microshift-manifests-overview_applications-microshift[Kustomize manifests,window=_blank] to directories such as `/usr/lib/microshift/` on your bootc container image. +You can add more application images to the `appimage` shell variable, if you wish, and also add https://docs.redhat.com/it/documentation/red_hat_build_of_microshift/4.17/html-single/running_applications/index#microshift-manifests-overview_applications-microshift[Kustomize manifests^] to directories such as `/usr/lib/microshift/` on your bootc container image. + [source,subs="verbatim"] -- @@ -260,7 +260,7 @@ $ *wget -qP yum.d https://raw.githubusercontent.com/RedHatQuickCourses/rhde-buil This blueprint contains only kickstart file customizations that, among other things, provide secrets for SSH and mirror registry access. Alternatively, such secrets could be provided after installation, by an onboarding process, managed by Ansible or other automation technology. -.. Download the https://raw.githubusercontent.com/RedHatQuickCourses/rhde-build-samples/refs/heads/main/microshift/config.toml[sample installer blueprint,window=_blank] from the course samples git repository. It basically contains a customized kickstart file. +.. Download the https://raw.githubusercontent.com/RedHatQuickCourses/rhde-build-samples/refs/heads/main/microshift/config.toml[sample installer blueprint^] from the course samples git repository. It basically contains a customized kickstart file. + [source,subs="verbatim,quotes"] --