(I wound up updating this with a reference from this "the source" article in Sept 2021)
You'll want to create a text file with the contents of the secret from the openshift trial portal. Copy that, and then edit a text file, and paste the contents into it.
vi /tmp/dougsecret
NOTE This should be the same filename you use for the secret following this, that is, do the oc registry login
on top of this file.
Then you get your registry login here from clicking your name (upper right) and choosing "copy login command"
Use it, and oc login.
Then registry login to a temp file so you can get the secret...
oc registry login --to=/tmp/dougsecret
jq -c . < /tmp/dougsecret
Copy that minified JSON.
Initialize an install config... And use the copied text for the pull secret.
mkdir /tmp/ocpinstall
openshift-install --dir=/tmp/ocpinstall create install-config
You might also want to change the networkType
, if that interests your situation.
networkType: OVNKubernetes
Or change the number of compute nodes if that fits your scenario, like:
compute:
- architecture: amd64
hyperthreading: Enabled
name: worker
platform: {}
replicas: 10
Now go and pick a release from openshift-release.apps.ci
Download it or run the oc adm release extract
command they give you and then extract the tarballs, and use the installer like so:
./openshift-install create cluster --dir /tmp/ocpinstall
Here be dragons.
From Salley O'Malley on #4-dev-triage...
Posting this all again, bc people are still asking about the updated pull-secret, installing non-interactive:
1. go to https://api.ci.openshift.org/ and upper right corner you'll see the ? dropdown to Command Line Tools that'll give you an oc login command to cp/paste in your terminal (edited)
2. after you're oc logged in, then run the
oc registry login --to=/path/to/somewhere-doesn't matter where you drop this, you'll have to cut/paste from it anyways bc it's not a 1-liner
3. make the pull-secret line in your install-config.yaml look like this:
pullSecret: '{"auths": {"registry.svc.ci.openshift.org": {"auth": "BLahBLAHblahBLAH"}}}'
4. NOW go to https://openshift-release.svc.ci.openshift.org/ and choose a green 4.1.0-0.ci version, when you click on one you'll be given the oc adm release extract --tools registry.svc.ci.openshift.org/ocp/release:4.1.0-0.ci-2019-04-2something cmd. Run that to get the tarred openshift-installer.gz file (I usually run from my /tmp dir, bc this is now a 1-time use installer).
5. tar xvf that openshift-install-blah.gz file, then you'll finally have the installer binary.
6. run /path/to/new/openshift-install create cluster --dir ~/install-dir-with-install-config-w-registry-pull-secret-yaml
So after that, whenever you need a new cluster, you'll have to do steps 4-6. (And I'm assuming the pull-secret will expire after some time so occasionally will have to update that, also)
You can init the install-config.yaml with:
openshift-install --dir=initial create install-config
From these docs.
Login to https://api.ci.openshift.org/console/catalog. In top right you will see your username and you can get your token from there.
Create a file with your token:
$ cat ocp_pull_secret.json
{"auths": { "registry.svc.ci.openshift.org": { "auth": "redacted" }}}
Identify which build you want to use by going here: https://openshift-release.svc.ci.openshift.org/
Login to docker. This will make sure you are able to pull release image from api.ci:
docker login -u <api-ci-id> -p <api.ci login token> registry.svc.ci.openshift.org
Get the latest OC client:
export ID=$(docker create registry.svc.ci.openshift.org/ocp/4.0-art-latest-2019-01-15-064327:cli) && docker cp $ID:/usr/bin/oc .
Download the corresponding installer:
export ID=$(docker create registry.svc.ci.openshift.org/ocp/4.0-art-latest-2019-01-15-064327:installer) && docker cp $ID:/usr/bin/openshift-install .
Login to api.ci:
oc login https://api.ci.openshift.org --token <api.ci login token>
export OPENSHIFT_INSTALL_RELEASE_IMAGE_OVERRIDE=registry.svc.ci.openshift.org/ocp/release:<nightly-version>
(you can get nightly version from here https://openshift-release.svc.ci.openshift.org/) for example 4.0-art-latest-2019-01-15-064327
Run installer:
time ./openshift-install create cluster --log-level=debug --dir=/tmp/dougbtv01
When using this version specifically...
export OPENSHIFT_INSTALL_RELEASE_IMAGE_OVERRIDE=registry.svc.ci.openshift.org/ocp/release:4.0.0-0.nightly-2019-01-30-145955
export ID=$(docker create registry.svc.ci.openshift.org/ocp/4.0-art-latest-2019-01-30-145955:installer) && docker cp $ID:/usr/bin/openshift-install .
export ID=$(docker create registry.svc.ci.openshift.org/ocp/4.0-art-latest-2019-01-30-145955:cli) && docker cp $ID:/usr/bin/oc .
When it looks for the api, login to the bootstrap node and login to the registry...
sudo podman login -u dougbtv -p the-key-here registry.svc.ci.openshift.org
Then during bootstrap complete, look for the failing version operator pod...
watch -n5 "oc --config=/tmp/dougbtv14/auth/kubeconfig get pods --all-namespaces -o wide"
watch -n5 "oc --config=/tmp/dougbtv14/auth/kubeconfig describe pod cluster-version-operator-69ff8f8774-2bzl9 --namespace=openshift-cluster-version | tail -n 50"
Describe the pod and get its image id.
Figure out which box it's on, ssh to it, and manually download the image...
sudo podman pull registry.svc.ci.openshift.org/ocp/release@sha256:d03ce0ef85540a1fff8bfc1c408253404aaecb2b958d7c3f24896f3597c371
Not as straight forward, gotta figure out the podman login from the bootstrap node...
Cat the kubeconfig from install machine (/tmp/dougbtv14/auth/kubeconfig
), and create the kubeconfig on the bootstrap node. Also cat your local ssh key and put it on the bootstrap machine.
Get the pods in the cluster using that:
[core@ip-10-0-7-170 ~]$ oc --config=kubeconfig get pods --all-namespaces
Figure out what host the version operator is on...
[core@ip-10-0-7-170 ~]$ oc --config=kubeconfig get pods --all-namespaces -o wide | grep -i version
Or specifically the IP...
[core@ip-10-0-7-170 ~]$ oc --config=kubeconfig get pods --all-namespaces -o wide | grep -i version | awk '{print $7}'
Then ssh to that node...
[core@ip-10-0-7-170 ~]$ ssh -i .ssh/idkey ip-10-0-132-215.us-west-2.compute.internal
Then podman login to it.
sudo podman login -u dougbtv -p the-key-here registry.svc.ci.openshift.org
You can also just set the kubeconfig env variable...
[core@ip-10-0-7-170 ~]$ export KUBECONFIG=kubeconfig
[core@ip-10-0-7-170 ~]$ oc get nodes