TELCODOCS-1707: Add Preparing/Generate seed image

Author: amolnar-rh

_topic_maps/_topic_map.yml

@@ -3088,8 +3088,8 @@ Topics:
       File: cnf-image-based-upgrade-shared-container-image
     - Name: Installing Operators for the image-based upgrade
       File: cnf-image-based-upgrade-install-operators
-#    - Name: Generating a seed image for the image-based upgrade with Lifecycle Agent
-#      File: cnf-image-based-upgrade-generate-seed
+    - Name: Generating a seed image for the image-based upgrade with Lifecycle Agent
+      File: cnf-image-based-upgrade-generate-seed
 #    - Name: Creating ConfigMap objects for the image-based upgrade with Lifecycle Agent
 #      File: cnf-image-based-upgrade-prep-resources
 #    - Name: Creating ConfigMap objects for the image-based upgrade with Lifecycle Agent using GitOps ZTP

edge_computing/image_based_upgrade/preparing_for_image_based_upgrade/cnf-image-based-upgrade-generate-seed.adoc

@@ -0,0 +1,25 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="cnf-image-based-upgrade-seed-image"]
+= Generating a seed image for the image-based upgrade with {lcao}
+include::_attributes/common-attributes.adoc[]
+:context: generate-seed
+
+toc::[]
+
+Use the {lcao} to generate the seed image with the `SeedGenerator` custom resource (CR).
+
+:FeatureName: The Lifecycle Agent
+
+
+include::modules/cnf-image-based-upgrade-seed-image-config.adoc[leveloffset=+1]
+
+include::modules/cnf-image-based-upgrade-generate-seed-image.adoc[leveloffset=+1]
+
+////
+[role="_additional-resources"]
+.Additional resources
+
+* xref:../../../edge_computing/image_based_upgrade/preparing_for_image_based_upgrade/cnf-image-based-upgrade-shared-container-image##cnf-image-based-upgrade-shared-container-directory_shared-container-directory[Configuring a shared container directory between ostree stateroots]
+
+* xref:../../../edge_computing/image_based_upgrade/preparing_for_image_based_upgrade/cnf-image-based-upgrade-shared-container-image#ztp-image-based-upgrade-shared-container-directory_shared-container-directory[Configuring a shared container directory between ostree stateroots when using GitOps ZTP]
+////

edge_computing/image_based_upgrade/preparing_for_image_based_upgrade/cnf-image-based-upgrade-install-operators.adoc

@@ -29,4 +29,4 @@ include::modules/cnf-image-based-upgrade-installing-lifecycle-agent-using-web-co
 
 include::modules/ztp-image-based-upgrade-installing-lcao-with-gitops.adoc[leveloffset=+1]
 
-include::modules/ztp-image-based-upgrade-installing-oadp-with-gitops.adoc[leveloffset=+1]
+include::modules/ztp-image-based-upgrade-installing-oadp-with-gitops.adoc[leveloffset=+1]

edge_computing/image_based_upgrade/preparing_for_image_based_upgrade/cnf-image-based-upgrade-shared-container-image.adoc

@@ -13,4 +13,4 @@ You can do this at install time.
 
 include::modules/cnf-image-based-upgrade-share-container-directory.adoc[leveloffset=+1]
 
-include::modules/ztp-image-based-upgrade-share-container-directory.adoc[leveloffset=+1]
+include::modules/ztp-image-based-upgrade-share-container-directory.adoc[leveloffset=+1]

modules/cnf-image-based-upgrade-generate-seed-image.adoc

@@ -0,0 +1,160 @@
+// Module included in the following assemblies:
+// * edge_computing/image-based-upgrade/cnf-preparing-for-image-based-upgrade.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="ztp-image-based-upgrade-seed-generation_{context}"]
+= Generating a seed image with the {lcao}
+
+Use the {lcao} to generate the seed image with the `SeedGenerator` CR. The Operator checks for required system configurations, performs any necessary system cleanup before generating the seed image, and launches the image generation. The seed image generation includes the following tasks:
+
+* Stopping cluster Operators
+* Preparing the seed image configuration
+* Generating and pushing the seed image to the image repository specified in the `SeedGenerator` CR
+* Restoring cluster Operators
+* Expiring seed cluster certificates
+* Generating new certificates for the seed cluster
+* Restoring and updating the `SeedGenerator` CR on the seed cluster
+
+.Prerequisites
+
+* Configure a shared container directory on the seed cluster.
+* Install the OADP Operator and the {lcao} on the seed cluster.
+
+.Procedure
+
+. Detach the cluster from the hub to delete any cluster-specific resources from the seed cluster that must not be in the seed image:
+
+.. If you are using {rh-rhacm}, manually detach the seed cluster by running the following command:
++
+[source,terminal]
+----
+$ oc delete managedcluster sno-worker-example
+----
+
+... Wait until the `ManagedCluster` CR is removed. After the CR is removed, create the proper `SeedGenerator` CR. The {lcao} cleans up the {rh-rhacm} artifacts.
+
+.. If you are using {ztp}, detach your cluster by removing the seed cluster's `SiteConfig` CR from the `kustomization.yaml`:
+
+... Remove your seed cluster's `SiteConfig` CR from the `kustomization.yaml`.
++
+[source,yaml]
+----
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+generators:
+#- example-seed-sno1.yaml
+- example-target-sno2.yaml
+- example-target-sno3.yaml
+----
+
+... Commit the `kustomization.yaml` changes in your Git repository and push the changes.
++
+The ArgoCD pipeline detects the changes and removes the managed cluster.
+
+. Create the `Secret`:
+
+.. Create the authentication file by running the following commands:
++
+--
+[source,terminal]
+----
+$ MY_USER=myuserid
+$ AUTHFILE=/tmp/my-auth.json
+$ podman login --authfile ${AUTHFILE} -u ${MY_USER} quay.io/${MY_USER}
+----
+
+[source,terminal]
+----
+$ base64 -w 0 ${AUTHFILE} ; echo
+----
+--
+
+.. Copy the output into the `seedAuth` field in the `Secret` YAML file named `seedgen` in the `openshift-lifecycle-agent` namespace:
++
+--
+[source,yaml]
+----
+apiVersion: v1
+kind: Secret
+metadata:
+  name: seedgen <1>
+  namespace: openshift-lifecycle-agent
+type: Opaque
+data:
+  seedAuth: <encoded_AUTHFILE> <2>
+----
+<1> The `Secret` resource must have the `name: seedgen` and `namespace: openshift-lifecycle-agent` fields.
+<2> Specifies a base64-encoded authfile for write-access to the registry for pushing the generated seed images.
+--
+
+.. Apply the `Secret` by running the following command:
++
+[source,terminal]
+----
+$ oc apply -f secretseedgenerator.yaml
+----
+
+. Create the `SeedGenerator` CR:
++
+--
+[source,yaml]
+----
+apiVersion: lca.openshift.io/v1
+kind: SeedGenerator
+metadata:
+  name: seedimage <1>
+spec:
+  seedImage: <seed_container_image> <2>
+----
+<1> The `SeedGenerator` CR must be named `seedimage`.
+<2> Specify the container image URL, for example, `quay.io/example/seed-container-image:<tag>`. It is recommended to use the `<seed_cluster_name>:<ocp_version>` format.
+--
+
+. Generate the seed image by running the following command:
++
+[source,terminal]
+----
+$ oc apply -f seedgenerator.yaml
+----
+
++
+[IMPORTANT]
+====
+The cluster reboots and loses API capabilities while the {lcao} generates the seed image.
+Applying the `SeedGenerator` CR stops the `kubelet` and the CRI-O operations, then it starts the image generation.
+====
+
+If you want to generate more seed images, you must provision a new seed cluster with the version that you want to generate a seed image from.
+
+.Verification
+
+. After the cluster recovers and it is available, you can check the status of the `SeedGenerator` CR by running the following command:
++
+--
+[source,terminal]
+----
+$ oc get seedgenerator -o yaml
+----
+
+.Example output
+[source,yaml]
+----
+status:
+  conditions:
+  - lastTransitionTime: "2024-02-13T21:24:26Z"
+    message: Seed Generation completed
+    observedGeneration: 1
+    reason: Completed
+    status: "False"
+    type: SeedGenInProgress
+  - lastTransitionTime: "2024-02-13T21:24:26Z"
+    message: Seed Generation completed
+    observedGeneration: 1
+    reason: Completed
+    status: "True"
+    type: SeedGenCompleted <1>
+  observedGeneration: 1
+----
+<1> The seed image generation is complete.
+--

modules/cnf-image-based-upgrade-installing-lifecycle-agent-using-cli.adoc

@@ -79,7 +79,7 @@ $ oc create -f lcao-subscription.yaml
 
 .Verification
 
-. To verify that the installation succeeded, inspect the CSV resource by running the following command::
+. To verify that the installation succeeded, inspect the CSV resource by running the following command:
 +
 [source,terminal]
 ----

modules/cnf-image-based-upgrade-installing-lifecycle-agent-using-web-console.adoc

@@ -13,7 +13,7 @@ You can use the {product-title} web console to install the {lcao}.
 
 .Procedure
 
-. In the {product-title} web console, navigate to *Operators* → *OperatorHub*.
+. In the {product-title} web console, navigate to *Operators* -> *OperatorHub*.
 . Search for the *{lcao}* from the list of available Operators, and then click *Install*.
 . On the *Install Operator* page, under *A specific namespace on the cluster* select *openshift-lifecycle-agent*.
 . Click *Install*.
@@ -22,7 +22,7 @@ You can use the {product-title} web console to install the {lcao}.
 
 . To confirm that the installation is successful:
 
-.. Click *Operators* → *Installed Operators*.
+.. Click *Operators* -> *Installed Operators*.
 .. Ensure that the {lcao} is listed in the *openshift-lifecycle-agent* project with a *Status* of *InstallSucceeded*.
 +
 [NOTE]
@@ -32,5 +32,5 @@ During installation an Operator might display a *Failed* status. If the installa
 
 If the Operator is not installed successfully:
 
-. Click the *Operators* → *Installed Operators*, and inspect the *Operator Subscriptions* and *Install Plans* tabs for any failure or errors under *Status*.
-. Click the *Workloads* → *Pods*, and check the logs for pods in the *openshift-lifecycle-agent* project.
+. Click *Operators* -> *Installed Operators*, and inspect the *Operator Subscriptions* and *Install Plans* tabs for any failure or errors under *Status*.
+. Click *Workloads* -> *Pods*, and check the logs for pods in the *openshift-lifecycle-agent* project.

modules/cnf-image-based-upgrade-seed-image-config.adoc

@@ -0,0 +1,129 @@
+// Module included in the following assemblies:
+// * edge_computing/image-based-upgrade/cnf-preparing-for-image-based-upgrade.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="ztp-image-based-seed-image-config_{context}"]
+= Seed image configuration
+
+The seed image targets a set of {sno} clusters with similar configuration.
+This means that the seed image must have all of the components and configuration that the seed cluster shares with the target clusters.
+Therefore, the seed image generated from the seed cluster cannot contain any cluster-specific configuration.
+
+The following table lists the components, resources, and configurations that you must and must not include in your seed image:
+
+.Seed image configuration
+[cols=2*, width="80%", options="header"]
+|====
+|Cluster configuration
+|Include in seed image
+
+|Performance profile
+|Yes
+
+|`MachineConfig` resources for the target cluster
+|Yes
+
+|IP version ^[1]^
+|Yes
+
+|Set of Day 2 Operators, including the {lcao} and the OADP Operator
+|Yes
+
+|Disconnected registry configuration
+|Yes
+
+|Valid proxy configuration ^[2]^
+|Yes
+
+|FIPS configuration
+|Yes
+
+|Dedicated partition on the primary disk for container storage that matches the size of the target clusters
+|Yes
+
+a|Local volumes
+
+* `StorageClass` used in `LocalVolume` for LSO
+* `LocalVolume` for LSO
+* `LVMCluster` CR for LVMS
+|No
+
+|OADP `DataProtectionApplication` CR
+|No
+|====
+. Dual-stack networking is not supported in this release.
+. The proxy configuration does not have to be the same.
+
+[id="ztp-image-based-upgrade-seed-image-config-ran_{context}"]
+== Seed image configuration using the RAN DU profile
+
+The following table lists the components, resources, and configurations that you must and must not include in the seed image when using the RAN DU profile:
+
+.Seed image configuration with RAN DU profile
+[cols=2*, width="80%", options="header"]
+|====
+|Resource
+|Include in seed image
+
+|All extra manifests that are applied as part of Day 0 installation
+|Yes
+
+|All Day 2 Operator subscriptions
+|Yes
+
+|`ClusterLogging.yaml`
+|Yes
+
+|`DisableOLMPprof.yaml`
+|Yes
+
+|`TunedPerformancePatch.yaml`
+|Yes
+
+|`PerformanceProfile.yaml`
+|Yes
+
+|`SriovOperatorConfig.yaml`
+|Yes
+
+|`DisableSnoNetworkDiag.yaml`
+|Yes
+
+|`StorageClass.yaml`
+|No, if it is used in `StorageLV.yaml`
+
+|`StorageLV.yaml`
+|No
+
+|`StorageLVMCluster.yaml`
+|No
+|====
+
+.Seed image configuration with RAN DU profile for extra manifests
+[cols=2*, width="80%", options="header"]
+|====
+|Resource
+|Apply as extra manifest
+
+|`ClusterLogForwarder.yaml`
+|Yes
+
+|`ReduceMonitoringFootprint.yaml`
+|Yes
+
+|`SriovFecClusterConfig.yaml`
+|Yes
+
+|`PtpOperatorConfigForEvent.yaml`
+|Yes
+
+|`DefaultCatsrc.yaml`
+|Yes
+
+|`PtpConfig.yaml`
+|If the interfaces of the target cluster are common with the seed cluster, you can include them in the seed image. Otherwise, apply it as extra manifests.
+
+a|`SriovNetwork.yaml`
+`SriovNetworkNodePolicy.yaml`
+|If the configuration, including namespaces, is exactly the same on both the seed and target cluster, you can include them in the seed image. Otherwise, apply them as extra manifests.
+|====