Merge pull request #80599 from ShaunaDiaz/OSDOCS-11158

OSDOCS-11158: adds image mode to MicroShift install

Author: ShaunaDiaz

_topic_maps/_topic_map_ms.yml

@@ -55,6 +55,13 @@ Topics:
 - Name: Troubleshooting installation issues
   File: microshift-installing-troubleshooting
 ---
+Name: Installing with RHEL image mode
+Dir: microshift_install_bootc
+Distros: microshift
+Topics:
+- Name: Installing with RHEL image mode
+  File: microshift-install-rhel-image-mode
+---
 Name: Updating
 Dir: microshift_updating
 Distros: microshift

microshift_install_bootc/_attributes

@@ -0,0 +1 @@
+../_attributes/

microshift_install_bootc/images

@@ -0,0 +1 @@
+../images/

microshift_install_bootc/microshift-install-rhel-image-mode.adoc

@@ -0,0 +1,43 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="microshift-install-rhel-image-mode"]
+= Using image mode for RHEL with {microshift-short}
+include::_attributes/attributes-microshift.adoc[]
+:context: microshift-install-rhel-image-mode
+
+toc::[]
+
+You can embed {microshift-short} into an operating system image using image mode for {op-system-base-full}.
+
+:FeatureName: Image mode for {op-system}
+
+include::snippets/technology-preview.adoc[]
+
+include::modules/microshift-install-rhel-image-mode-conc.adoc[leveloffset=+1]
+
+include::modules/microshift-install-rhel-image-mode-build-image.adoc[leveloffset=+1]
+
+include::modules/microshift-install-rhel-image-mode-publish-image.adoc[leveloffset=+1]
+
+[id="microshift-install-rhel-image-mode-configure-nw-s_{context}"]
+== Configuring networking and storage to run {microshift-short} in a bootc container
+
+include::modules/microshift-install-rhel-image-mode-cni.adoc[leveloffset=+2]
+
+include::modules/microshift-install-rhel-image-mode-csi-vg.adoc[leveloffset=+2]
+
+//additional resources for storage module
+[id="_additional-resources_{context}"]
+.Additional resources
+* xref:../microshift_storage/microshift-storage-plugin-overview.adoc#microshift-storage-plugin-overview[Dynamic storage using the LVMS plugin]
+
+include::modules/microshift-install-rhel-image-mode-csi-vgloop.adoc[leveloffset=+2]
+
+include::modules/microshift-install-rhel-image-mode-run-container.adoc[leveloffset=+1]
+
+include::modules/microshift-install-rhel-image-mode-csi-vgcleanup.adoc[leveloffset=+1]
+
+[id="_additional-resources_microshift-install-rhel-image-mode_{context}"]
+== Additional resources
+* link:https://developers.redhat.com/products/rhel-image-mode/getting-started[Image mode for Red Hat Enterprise Linux learning exercises]
+
+* link:https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/9/html/using_image_mode_for_rhel_to_build_deploy_and_manage_operating_systems/index[Using image mode for RHEL to build, deploy, and manage operating systems]

microshift_install_bootc/modules

@@ -0,0 +1 @@
+../modules/

microshift_install_bootc/snippets

@@ -0,0 +1 @@
+../snippets/

modules/microshift-install-rhel-image-mode-build-image.adoc

@@ -0,0 +1,110 @@
+// Module included in the following assemblies:
+//
+// microshift_install_bootc/microshift-install-rhel-image-mode.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="microshift-rhel-image-mode-build-image_{context}"]
+= Building the bootc image
+
+Build your {op-system-base-full} that contains {microshift-short} as a bootable container image by using a Containerfile.
+
+[IMPORTANT]
+====
+Image mode for {op-system} is Technology Preview. Using a bootc image in production environments is not supported.
+====
+
+.Prerequisites
+* A {op-system-base-full} 9.4 host with an active Red Hat subscription for building {microshift-short} bootc images and running containers.
+* You are logged into the {op-system} 9.4 host using the user credentials that have `sudo` permissions.
+* The `rhocp` and `fast-datapath` repositories are accessible in the host subscription. The repositories do not necessarily need to be enabled on the host.
+* You have a remote registry such as link:https://quay.io[Red Hat quay] for storing and accessing bootc images.
+
+.Procedure
+
+. Create a Containerfile that includes the following instructions:
++
+.Example Containerfile for {op-system} image mode
+[source,text]
+----
+FROM registry.redhat.io/rhel9/rhel-bootc:9.4
+
+ARG USHIFT_VER=4.16
+RUN dnf config-manager \
+        --set-enabled rhocp-${USHIFT_VER}-for-rhel-9-$(uname -m)-rpms \
+        --set-enabled fast-datapath-for-rhel-9-$(uname -m)-rpms
+RUN dnf install -y firewalld microshift && \
+    systemctl enable microshift && \
+    dnf clean all
+
+# Create a default 'redhat' user with the specified password.
+# Add it to the 'wheel' group to allow for running sudo commands.
+ARG USER_PASSWD
+RUN if [ -z "${USER_PASSWD}" ] ; then \
+        echo USER_PASSWD is a mandatory build argument && exit 1 ; \
+    fi
+RUN useradd -m -d /var/home/redhat -G wheel redhat && \
+    echo "redhat:${USER_PASSWD}" | chpasswd
+
+# Mandatory firewall configuration
+RUN firewall-offline-cmd --zone=public --add-port=22/tcp && \
+    firewall-offline-cmd --zone=trusted --add-source=10.42.0.0/16 && \
+    firewall-offline-cmd --zone=trusted --add-source=169.254.169.1
+
+# Create a systemd unit to recursively make the root filesystem subtree
+# shared as required by OVN images
+RUN cat > /etc/systemd/system/microshift-make-rshared.service <<'EOF'
+[Unit]
+Description=Make root filesystem shared
+Before=microshift.service
+ConditionVirtualization=container
+[Service]
+Type=oneshot
+ExecStart=/usr/bin/mount --make-rshared /
+[Install]
+WantedBy=multi-user.target
+EOF
+RUN systemctl enable microshift-make-rshared.service
+----
++
+[IMPORTANT]
+====
+Podman uses the host subscription information and repositories inside the container when building the container image. If the `rhocp` and `fast-datapath` repositories are not available on the host, the build fails.
+====
+
+. Create a local bootc image by running the following image build command:
++
+[source,terminal]
+----
+PULL_SECRET=~/.pull-secret.json
+USER_PASSWD=<your_redhat_user_password> # <1>
+IMAGE_NAME=microshift-4.16-bootc
+
+$ sudo podman build --authfile "${PULL_SECRET}" -t "${IMAGE_NAME}" \
+    --build-arg USER_PASSWD="${USER_PASSWD}" \
+    -f Containerfile
+----
+<1> Replace _<your_redhat_user_password>_ with your password.
++
+[NOTE]
+====
+How secrets are used during the image build:
+
+* The podman `--authfile` argument is required to pull the base `rhel-bootc:9.4` image from the `registry.redhat.io` registry.
+* The build `USER_PASSWD` argument is used to set a password for the `redhat` user.
+====
+
+.Verification
+
+. Verify that the local {microshift} bootc image was created by running the following command:
++
+[source,terminal]
+----
+$ sudo podman images "${IMAGE_NAME}"
+----
++
+.Example output
+[source,text]
+----
+REPOSITORY                       TAG         IMAGE ID      CREATED        SIZE
+localhost/microshift-4.16-bootc  latest      193425283c00  2 minutes ago  2.31 GB
+----

modules/microshift-install-rhel-image-mode-cni.adoc

@@ -0,0 +1,63 @@
+// Module included in the following assemblies:
+//
+// microshift_install_bootc/microshift-install-rhel-image-mode.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="microshift-rhel-image-mode-run-image-cni_{context}"]
+= Configuring the {microshift-short} bootc image for the CNI
+
+Configure a workaround for a kernel mismatch to enable the {microshift-short} OVN-Kubernetes (OVN-K) Container Network Interface (CNI).
+
+[IMPORTANT]
+====
+The {microshift-short} OVN-K CNI requires the `openvswitch` kernel module to be available in the bootc image. A bootc image is started as a container that uses the host kernel. The host kernel might be different from the one used for building the image, resulting in a mismatch. A kernel version mismatch with the modules present in the `/lib/modules` directory means that the `openvswitch` module cannot be loaded in the container and the container fails to run. You can work around this problem by pre-loading the `openvswitch` module on the host.
+====
+
+.Prerequisites
+
+* A {op-system-base-full} 9.4 host with an active Red Hat subscription for building {microshift-short} bootc images and running containers.
+* You are logged into the {op-system} 9.4 host using the user credentials that have `sudo` permissions.
+
+.Procedure
+
+. Check if the `openvswitch` module is available for the current host kernel version by running the following command:
++
+[source,terminal]
+----
+$ find /lib/modules/$(uname -r) -name "openvswitch*"
+----
++
+.Example output
+[source,terminal]
+----
+/lib/modules/5.14.0-427.28.1.el9_4.x86_64/kernel/net/openvswitch
+/lib/modules/5.14.0-427.28.1.el9_4.x86_64/kernel/net/openvswitch/openvswitch.ko.xz
+----
+
+. Set the `IMAGE_NAME` environment variable by running the following command:
++
+[source,termimal]
+----
+$ IMAGE_NAME=microshift-4.16-bootc
+----
+
+. Check the version of the kernel-core `package` used in the bootc image by running the following command:
++
+[source,terminal]
+----
+$ sudo podman inspect "${IMAGE_NAME}" | grep kernel-core
+----
++
+.Example output
+[source,terminal]
+----
+"created_by": "kernel-core-5.14.0-427.26.1.el9_4.x86_64" # <1>
+----
+<1> The kernel version does not match the output of the `/lib/modules` directory.
++
+. Preinstall the `openvswitch` module on the host as a workaround by running the following command:
++
+[source,terminal]
+----
+$ sudo modprobe openvswitch
+----

modules/microshift-install-rhel-image-mode-conc.adoc

@@ -0,0 +1,39 @@
+// Module included in the following assemblies:
+//
+// microshift_install_bootc/microshift-install-rhel-image-mode.adoc
+
+:_mod-docs-content-type: CONCEPT
+[id="microshift-rhel-image-mode-conc_{context}"]
+= Image mode for {op-system-base-full}
+
+Image mode for {op-system-base-full} is a Technology Preview deployment method that uses a container-native approach to build, deploy, and manage the operating system as a bootc image. By using bootc, you can build, deploy, and manage the operating system as if it is any other container.
+
+* This container image uses standard OCI or Docker containers as a transport and delivery format for base operating system updates.
+* A bootc image includes a Linux kernel that is used to start the operating system.
+* By using bootc containers, developers, operations administrators, and solution providers can all use the same container-native tools and techniques.
+
+Image mode splits the creation and installation of software changes into two steps: one on a build system and one on a running target system.
+
+* In the build-system step, a Podman build inspects the RPM files available for installation, determines any dependencies, and creates an ordered list of chained steps to complete, with the end result being a new operating system available to install.
+
+* In the running-target-system step, a bootc update downloads, unpacks, and makes the new operating system bootable alongside the currently running system. Local configuration changes are carried forward to the new operating system, but do not take effect until the system is rebooted and the new operating system image replaces the running image.
+
+[id="microshift-install-rhel-image-mode-conc_{context}"]
+== Using image mode for {op-system} with {microshift-short}
+
+To use image mode for {op-system}, ensure that the following resources are available:
+
+* A {op-system} 9.4 host with an active Red Hat subscription for building {microshift-short} bootc images.
+* A remote registry for storing and accessing bootc images.
+* You can use image mode for RHEL with a {microshift-short} cluster on AArch64 or x86_64 system architectures.
+
+The workflow for using image mode with {microshift-short} includes the following steps:
+
+. Build the {microshift-short} bootc image.
+. Publish the image.
+. Run the image. This step includes configuring {microshift-short} networking and storage.
+
+[IMPORTANT]
+====
+The `rpm-ostree` file system is not supported in image mode and must not be used to make changes to deployments that use image mode.
+====

modules/microshift-install-rhel-image-mode-csi-vg.adoc

@@ -0,0 +1,41 @@
+// Module included in the following assemblies:
+//
+// microshift_install_bootc/microshift-install-rhel-image-mode.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="microshift-rhel-image-mode-csi-vg_{context}"]
+= Checking the host configuration for the {microshift-short} CSI
+
+If the host is already configured to have a volume group with free space, this configuration is inherited by the container. It can be used by the {microshift-short} Logical Volume Manager (LVM) Container Storage Interface (CSI) to allocate storage.
+
+.Prerequisites
+
+* A {op-system-base-full} 9.4 host with an active Red Hat subscription for building {microshift-short} bootc images and running containers.
+* You are logged into the {op-system} 9.4 host using the user credentials that have `sudo` permissions.
+
+.Procedure
+
+. Determine if the volume group exists and it has the necessary free space by running the following command:
++
+[source,terminal]
+----
+$ sudo vgs
+----
++
+.Example output for existing volume group
+[source,terminal]
+----
+  VG   #PV #LV #SN Attr   VSize   VFree # <1>
+  rhel   1   1   0 wz--n- <91.02g <2.02g
+----
+<1> If no free volume group is present, the output is either empty or the `VFree` value is 0.
++
+[NOTE]
+====
+If the host has a volume group with the available needed storage, you can run your container now. You do not need to configure the {microshift-short} CSI further.
+====
++
+[IMPORTANT]
+====
+If you do not have a volume group, you must set one up for the LVM CSI to allocate storage in bootc {microshift-short} containers. See the additional resources for more information.
+====