You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
. Register your cluster on the link:https://console.redhat.com/openshift/register[Cluster registration] page.
178
178
endif::restricted[]
179
179
180
+
ifdef::ibm-z,ibm-z-lpar[]
181
+
.Verification
182
+
183
+
If you have enabled secure boot during the {product-title} bootstrap process, the following verification steps are required:
184
+
185
+
. Debug the node by running the following command:
186
+
+
187
+
[source,terminal]
188
+
----
189
+
$ oc debug node/<node_name>
190
+
chroot /host
191
+
----
192
+
+
193
+
. Confirm that secure boot is enabled by running the following command:
194
+
+
195
+
[source,terminal]
196
+
----
197
+
$ cat /sys/firmware/ipl/secure
198
+
----
199
+
+
200
+
.Example output
201
+
[source,terminal]
202
+
----
203
+
1 <1>
204
+
----
205
+
<1> The value is `1` if secure boot is enabled and `0` if secure boot is not enabled.
206
+
endif::ibm-z,ibm-z-lpar[]
207
+
ifdef::ibm-z-lpar[]
208
+
. List the re-IPL configuration by running the following command:
209
+
+
210
+
[source,terminal]
211
+
----
212
+
# lsreipl
213
+
----
214
+
+
215
+
.Example output for an FCP disk
216
+
[source,terminal]
217
+
----
218
+
Re-IPL type: fcp
219
+
WWPN: 0x500507630400d1e3
220
+
LUN: 0x4001400e00000000
221
+
Device: 0.0.810e
222
+
bootprog: 0
223
+
br_lba: 0
224
+
Loadparm: ""
225
+
Bootparms: ""
226
+
clear: 0
227
+
----
228
+
+
229
+
.Example output for a DASD disk
230
+
[source,terminal]
231
+
----
232
+
for DASD output:
233
+
Re-IPL type: ccw
234
+
Device: 0.0.525d
235
+
Loadparm: ""
236
+
clear: 0
237
+
----
238
+
239
+
. Shut down the node by running the following command:
240
+
+
241
+
[source,terminal]
242
+
----
243
+
sudo shutdown -h
244
+
----
245
+
246
+
. Initiate a boot from LPAR from the Hardware Management Console (HMC). See link:https://www.ibm.com/docs/en/linux-on-systems?topic=boot-lpar[Initiating a secure boot from an LPAR] in IBM documentation.
247
+
248
+
. When the node is back, check the secure boot status again.
Copy file name to clipboardExpand all lines: modules/installation-ibm-z-user-infra-machines-iso.adoc
+12-5Lines changed: 12 additions & 5 deletions
Original file line number
Diff line number
Diff line change
@@ -35,6 +35,7 @@ Complete the following steps to create the machines.
35
35
.Prerequisites
36
36
37
37
* An HTTP or HTTPS server running on your provisioning machine that is accessible to the machines you create.
38
+
* If you want to enable secure boot, you have obtained the appropriate Red Hat Product Signing Key and read link:https://www.ibm.com/docs/en/linux-on-systems?topic=security-secure-boot-linux-onibm-z-linuxone[Secure boot on IBM Z and IBM LinuxONE] in IBM documentation.
38
39
39
40
.Procedure
40
41
@@ -61,6 +62,7 @@ The rootfs image is the same for FCP and DASD.
61
62
====
62
63
+
63
64
. Create parameter files. The following parameters are specific for a particular virtual machine:
65
+
64
66
** For `ip=`, specify the following seven entries:
65
67
... The IP address for the machine.
66
68
... An empty string.
@@ -71,6 +73,7 @@ The rootfs image is the same for FCP and DASD.
71
73
... If you use static IP addresses, specify `none`.
72
74
** For `coreos.inst.ignition_url=`, specify the Ignition file for the machine role. Use `bootstrap.ign`, `master.ign`, or `worker.ign`. Only HTTP and HTTPS protocols are supported.
73
75
** For `coreos.live.rootfs_url=`, specify the matching rootfs artifact for the kernel and initramfs you are booting. Only HTTP and HTTPS protocols are supported.
76
+
** Optional: To enable secure boot, add `coreos.inst.secure_ipl`
74
77
75
78
** For installations on DASD-type disks, complete the following tasks:
76
79
... For `coreos.inst.install_dev=`, specify `/dev/dasda`.
@@ -84,13 +87,17 @@ Example parameter file, `bootstrap-0.parm`, for the bootstrap machine:
0 commit comments