Merge pull request #221 from yussufsh/release-4.6

Backport PRs to Release 4.6

CONTRIBUTING.md

@@ -1,8 +1,8 @@
 # Contributing
 
-This project is [Apache 2.0 Licenced](https://github.com/ocp-power-automation/ocp4-upi-powervs/blob/master/LICENCE.txt) and welcomes external contributions. When contributing to this repository, please first discuss the change you wish to make via an [issue](https://github.com/ocp-power-automation/ocp4-upi-powervs/issues).
+This project is [Apache 2.0 Licenced](LICENCE.txt) and welcomes external contributions. When contributing to this repository, please first discuss the change you wish to make via an [issue](https://github.com/ocp-power-automation/ocp4-upi-powervs/issues).
 
-Please note we have a [code of conduct](https://github.com/ocp-power-automation/ocp4-upi-powervs/blob/master/CODE_OF_CONDUCT.md), please follow it in all your interactions with the project.
+Please note we have a [code of conduct](CODE_OF_CONDUCT.md), please follow it in all your interactions with the project.
 
 # Issues
 
@@ -18,7 +18,7 @@ Please note we have a [code of conduct](https://github.com/ocp-power-automation/
  - Update the README.md or relevant documents with details of changes to the code. This includes variables change, added or updated feature, change in steps, dependencies change, etc.
  - Make use of proper commit message. Mention the issue# which you are planning to address eg: Fixes #38.
  - After creating the pull request ensure you implement all the review comments given if any. Pull request will be merged only when it has at least two approvals from the list of reviewers.
- - Please read [Developer Certificate of Origin](https://github.com/ocp-power-automation/ocp4-upi-powervs/blob/master/DCO1.1.txt) and sign-off your commit using command `git commit -s`.
+ - Please read [Developer Certificate of Origin](DCO1.1.txt) and sign-off your commit using command `git commit -s`.
 
 
 # Spec Formatting Conventions

README.md

@@ -10,19 +10,21 @@
 
 ## Introduction
 
-This repo contains Terraform templates to help deployment of OpenShift Container Platform (OCP) 4.6.x releases on [IBM® Power Systems™ Virtual Server on IBM Cloud](https://www.ibm.com/cloud/power-virtual-server).
+The `ocp4-upi-powervs` [project](https://github.com/ocp-power-automation/ocp4-upi-powervs) provides Terraform based automation code to help with the deployment of OpenShift Container Platform (OCP) 4.x on [IBM® Power Systems™ Virtual Server on IBM Cloud](https://www.ibm.com/cloud/power-virtual-server).
 
 This project leverages the helpernode [ansible playbook](https://github.com/RedHatOfficial/ocp4-helpernode) internally for OCP deployment on IBM Power Systems Virtual Servers (PowerVS).
 
-:heavy_exclamation_mark: *For bugs/enhancement requests etc. please open a GitHub issue*
+!!! Note
+	For bugs/enhancement requests etc. please open a GitHub [issue](https://github.com/ocp-power-automation/ocp4-upi-powervs/issues)
 
 For general PowerVS usage instructions please refer to the following links:
-- https://cloud.ibm.com/docs/power-iaas?topic=power-iaas-getting-started
-- https://www.youtube.com/watch?v=RywSfXT_LLs
-- https://www.youtube.com/playlist?list=PLVrJaTKVPbKM_9HU8fm4QsklgzLGUwFpv
 
+- [Power Systems Virtual Servers(IBM Cloud Docs)](https://cloud.ibm.com/docs/power-iaas?topic=power-iaas-getting-started)
+- [IBM Power Systems in the Multicloud(Youtube video)](https://www.youtube.com/watch?v=RywSfXT_LLs)
+- [PowerVS (Youtube video)](https://www.youtube.com/playlist?list=PLVrJaTKVPbKM_9HU8fm4QsklgzLGUwFpv)
 
- :information_source: **This branch must be used with OCP 4.6.x versions only.**
+!!! Warning
+	**This branch must be used with OCP 4.6.x versions only.**
 
 
 ## Automation Host Prerequisites
@@ -44,5 +46,5 @@ Follow the [quickstart](docs/quickstart.md) guide for OCP installation on PowerV
 
 
 ## Contributing
-Please see the [contributing doc](https://github.com/ocp-power-automation/ocp4-upi-powervs/blob/master/CONTRIBUTING.md) for more details.
+Please see the [contributing doc](CONTRIBUTING.md) for more details.
 PRs are most welcome !!

docs/automation_host_prereqs.md

@@ -3,6 +3,7 @@
 
 - [Automation Host Prerequisites](#automation-host-prerequisites)
   - [Automation Host Setup](#automation-host-setup)
+    - [Firewall Config](#configure-your-firewall)
     - [Terraform](#terraform)
     - [PowerVS CLI](#powervs-cli)
     - [Git [*OPTIONAL*]](#git-optional)
@@ -11,6 +12,13 @@
 
 Install the following packages on the automation host. Select the appropriate install binaries based on your automation host platform - Mac/Linux/Windows.
 
+### Configure Your Firewall
+If your system is behind a firewall, you will need to ensure the following ports are open in order to use ssh, http, and https:
+- 22, 443, 80
+
+These additional ports are required for the ocp cli (`oc`) post-install:
+- 6443
+
 ### Terraform
 
 **Terraform >= 0.13.0**: Please refer to the [link](https://learn.hashicorp.com/terraform/getting-started/install.html) for instructions on installing Terraform. For validating the version run `terraform version` command after install.

docs/ocp_prereqs_powervs.md

@@ -1,57 +1,75 @@
 # **PowerVS Prerequisites**
 ----------------------
 
-## IBM Cloud Account
-You'll need to have an IBM Cloud Account to be able to use Power Systems Virtual Server (PowerVS).
+##	Create an IBM Cloud account.
 
-## Create Power Systems Virtual Server Service Instance
+If you don’t already have one, you need a paid IBM Cloud account to create your Power Systems Virtual Server instance.
+To create an account, go to: [cloud.ibm.com](https://cloud.ibm.com).
 
-Login to [IBM Cloud Dashboard](https://cloud.ibm.com) and search for "**Power**" in the **Catalog**.
-Select "**Power Systems Virtual Server**" and provide all the required inputs
-to create the service instance.
+##	Create an IBM Cloud account API key
 
+Please refer to the following [documentation](https://cloud.ibm.com/docs/account?topic=account-userapikey) to create an API key.
 
-![Search for Power](./media/image1.png)
 
-![Select Power Systems Virtual Server](./media/image2.png)
+## Create Power Systems Virtual Server Service Instance
 
+After you have an active IBM Cloud account, you can create a Power Systems Virtual Server service. To do so, perform the following steps:
 
+1. Log in to the IBM Cloud [dashboard](https://cloud.ibm.com/) and search for **Power** in the catalog.
+ 
+![Search for Power](./media/image1.png)
+ 
+2. Select **Power Systems Virtual Server**
+ 
+![Select Power Systems Virtual Server](./media/image2.png)
+ 
+3. Fill required details
+ 
 ![Fill Details](./media/image3.png)
-1. Provide a meaningful name for your instance in the **Service name** field.
-2. Select the proper **resource group**. More details on resource groups is available from the following [link](https://cloud.ibm.com/docs/account?topic=account-rgs)
-
+ 
+Provide a meaningful name for your instance in the **Service name** field and select the proper **resource group**.
+More details on resource groups is available from the following [link](https://cloud.ibm.com/docs/account?topic=account-rgs)
+ 
 ![Provide service name](./media/image4.png)
-
+ 
+4. Create Service
+Click on "**Create**" to create the service instance.
+ 
 ![Create service](./media/image5.png)
-
+ 
 ## Create Private Network
 
-A private network is required for your OCP cluster. Choose the previously created "**Service Instance**" and create a private subnet by selecting "**Subnets**" and providing the required inputs. If you see a screen displaying CRN and GUID, then click "View full details" to access the "Subnet" creation page.
-
-You can create multiple OCP clusters in the same service instance using the same private network. If required you can also create multiple private networks.
+A private network is required for your OpenShift cluster. Perform the following steps to create a private network for the Power Systems Virtual Server service instance created in the previous step.
 
-Provide the required inputs for private subnet creation
+1. Select the previously created "**Service Instance**" and create a private subnet by clicking "**Subnets**" and providing the required inputs.
+ 
+**Note:** If you see a screen displaying CRN and GUID, then click "View full details" to access the "Subnet" creation page.
+ 
 ![Select subnet](./media/image6.png)
-
+ 
+2. Provide the network details and click **"Create subnet"**
+ 
 ![Provide Input](./media/image7.png)
-
+ 
+On successful network creation, the following output will be displayed in the dashboard.
+ 
 ![Create subnet](./media/image8.png)
 
 
-## Raise a Service Request to enable IP communication between PowerVS instances on private network
-In order for your instances to communicate within the subnet, you'll need to create a service request.
-
-Click on **Support** in the top bar and scroll down to **Contact Support**, then select "**Create a case**"
+### Raise a Service Request to enable IP communication between PowerVS instances on private network
 
+In order for your instances to communicate within the subnet, you'll need to create a service request.
 
+Click on **Support** in the top bar of the dashboard and scroll down to **Contact Support**, then select "**Create a case**"
+ 
 ![Create a case](./media/image9.png)
-
+ 
 Select "**Power Systems Virtual Server**" tile
-
+ 
 ![Create a case Page](./media/image10.png)
-
+ 
 Complete the details as shown using the following template:
-
+ 
 - [Subject:] Enable communication between PowerVS instances on private network
 - [Body:]
   ```
@@ -63,15 +81,28 @@ Complete the details as shown using the following template:
     Location: <your-location> (listed in your subnet details post-creation)
     Service Instance: <your-service-name>
   ```
-
+&nbsp;
+Following is a complete example of the support case content.
+```
+  Please enable IP communication between PowerVS instances for the following private network:
+  Name: ocp-net
+  Type: Private
+  CIDR: 192.168.25.0/24
+  VLAN ID: 293
+  Location: eu-de-2
+  Service Instance: ocp-powervs-frankfurt-2
+```
+&nbsp;
 ![Sample support request ](./media/image11.png)
-
+&nbsp;
 Click "**Continue**" to accept agreements, and then Click "**Submit case**".
-
+&nbsp;
 ![Submit Case](./media/image12.png)
+&nbsp;
 
+This usually takes a day to get enabled.
 
-## RHCOS and RHEL 8.2 Images for OpenShift
+## RHCOS and RHEL/CentOS 8.X Images for OpenShift
 RHEL image is used for bastion and RHCOS is used for the OpenShift cluster nodes.
 
 You'll need to create [OVA](https://en.wikipedia.org/wiki/Open_Virtualization_Format) formatted images for RHEL and RHCOS, upload them to IBM Cloud Object storage and then import these images as boot images in your PowerVS service instance.
@@ -81,31 +112,37 @@ Further, the image disk should be minimum of 120 GB in size.
 ### Creating OVA images
 
 - If you have PowerVC then you can follow the instructions provided in the [link](https://www.ibm.com/support/knowledgecenter/en/SSXK2N_1.4.4/com.ibm.powervc.standard.help.doc/powervc_export_image_hmc.html) to export an existing PowerVC image to OVA image.
-- You can also use the following [python script](https://github.com/ocp-power-automation/infra/blob/master/scripts/images/convert_qcow2_ova.py) to convert Qcow2 image to OVA
-  - RHEL 8.2 Qcow2 image is available from the following [link](https://access.redhat.com/downloads/content/279/ver=/rhel---8/8.2/ppc64le/product-software)
-  - RHCOS Qcow2 image is available from the following [link](https://mirror.openshift.com/pub/openshift-v4/ppc64le/dependencies/rhcos/4.5/)
+- You can also use the following [tool](https://github.com/ppc64le-cloud/pvsadm) to convert Qcow2 image to OVA.
+- Qcow2 Image Links
+  - RHEL 8.3 Qcow2 image is available from the following [link](https://access.redhat.com/downloads/content/279/ver=/rhel---8/8.3/ppc64le/product-software)
+  - CentOS 8.3 Wcow2 image is available from the following [link](https://cloud.centos.org/centos/8/ppc64le/images/CentOS-8-GenericCloud-8.3.2011-20201204.2.ppc64le.qcow2)
+  - RHCOS Qcow2 image is available from the following [link](https://mirror.openshift.com/pub/openshift-v4/ppc64le/dependencies/rhcos/4.6/latest/rhcos-4.6.1-ppc64le-openstack.ppc64le.qcow2.gz)
 
+Note: RHCOS image version is tied to the specific OCP release. For example RHCOS-4.6 image needs to be used for OCP 4.6 release.
 ### Uploading to IBM Cloud Object Storage
 
 - **Create IBM Cloud Object Storage service and bucket**
 Please refer to the following [link](https://cloud.ibm.com/docs/cloud-object-storage?topic=cloud-object-storage-getting-started-cloud-object-storage) for instructions to create IBM Cloud Object Storage service and required storage bucket to upload the OVA images.
-<br>
+&nbsp;
 - **Create secret and access keys with Hash-based Message Authentication Code (HMAC)**
 Please refer to the following [link](https://cloud.ibm.com/docs/cloud-object-storage?topic=cloud-object-storage-uhc-hmac-credentials-main) for instructions to create the keys required for importing the images into your PowerVS service instance.
-<br>
+&nbsp;
 - **Upload the OVA image to Cloud Object storage bucket**
-Please refer to the following [link](https://cloud.ibm.com/docs/cloud-object-storage?topic=cloud-object-storage-upload) for uploading the OVA image to the respective bucket. Alternatively you can also use the following [python script](https://github.com/ocp-power-automation/infra/blob/master/scripts/images/upload_image.py).
+Please refer to the following [link](https://cloud.ibm.com/docs/cloud-object-storage?topic=cloud-object-storage-upload) for uploading the OVA image to the respective bucket. Alternatively you can also use the following [tool](https://github.com/ppc64le-cloud/pvsadm).
 
 
 ### Importing the images in PowerVS
-Choose the previously created PowerVS "Service Instance", click "View full details" and select "Boot images".
-Click the "Importing image" option and fill the requisite details like image name, storage type and cloud object storage details.
+
+Choose the previously created PowerVS **"Service Instance"**, click **"View full details"** and select **"Boot images"**.
+Click the **"Import image"** option and fill the requisite details like image name, storage type and cloud object storage details.
 
 Example screenshot showing import of RHEL image that is used for bastion
+&nbsp;
 ![Image Import-RHEL](./media/image-import1.png)
-
+&nbsp;
 Example screenshot showing import of RHCOS image used for OCP
+&nbsp;
 ![Image Import-RHCOS](./media/image-import2.png)
-
+&nbsp;
 
 Your PowerVS service instance is now ready for OpenShift clusters.

docs/quickstart.md

@@ -212,9 +212,9 @@ $ scp -r -i data/id_rsa [email protected]:~/openstack-upi/auth/\* .
 
 OpenShift CLI `oc` can be downloaded from the following links. Use the one specific to your client system architecture.
 
-- [Mac OSX](https://mirror.openshift.com/pub/openshift-v4/x86_64/clients/oc/4.6/macosx/oc.tar.gz)
-- [Linux (x86_64)](https://mirror.openshift.com/pub/openshift-v4/x86_64/clients/oc/4.6/linux/oc.tar.gz)
-- [Windows](https://mirror.openshift.com/pub/openshift-v4/x86_64/clients/oc/4.6/windows/oc.zip)
+- [Mac OSX](https://mirror.openshift.com/pub/openshift-v4/x86_64/clients/ocp/stable-4.6/openshift-client-mac.tar.gz)
+- [Linux (x86_64)](https://mirror.openshift.com/pub/openshift-v4/x86_64/clients/ocp/stable-4.6/openshift-client-linux.tar.gz)
+- [Windows](https://mirror.openshift.com/pub/openshift-v4/x86_64/clients/ocp/stable-4.6/openshift-client-windows.zip)
 
 Download the specific file, extract it and place the binary in a directory that is on your `PATH`
 For more details check the following [link](https://docs.openshift.com/container-platform/4.6/cli_reference/openshift_cli/getting-started-cli.html)
@@ -240,11 +240,11 @@ To further debug and diagnose cluster problems, use 'kubectl cluster-info dump'
 
 $ oc get nodes
 NAME       STATUS   ROLES    AGE   VERSION
-master-0   Ready    master   13h   v1.19.0+d59ce34
-master-1   Ready    master   13h   v1.19.0+d59ce34
-master-2   Ready    master   13h   v1.19.0+d59ce34
-worker-0   Ready    worker   13h   v1.19.0+d59ce34
-worker-1   Ready    worker   13h   v1.19.0+d59ce34
+master-0   Ready    master   11h   v1.19.0+43983cd
+master-1   Ready    master   11h   v1.19.0+43983cd
+master-2   Ready    master   11h   v1.19.0+43983cd
+worker-0   Ready    worker   11h   v1.19.0+43983cd
+worker-1   Ready    worker   11h   v1.19.0+43983cd
 ```
 
 >**Note:** The OpenShift command-line client `oc` is already configured on the bastion node with kubeconfig placed at `~/.kube/config`.

docs/var.tfvars-doc.md

@@ -42,8 +42,17 @@ In order to retrieve the PowerVS region, zone and instance specific details plea
    | ibmcloud_region | ibmcloud_zone  |
    |-----------------|----------------|
    | eu-de           | eu-de-1        |
-   | lon             | lon0           |
+   | eu-de           | eu-de-2        |
+   | dal             | dal12          |
+   | lon             | lon04          |
+   | lon             | lon06          |
+   | syd             | syd04          |
+   | sao             | sao01          |
    | tor             | tor01          |
+   | tok             | tok04          | 
+   | us-east         | us-east        |
+
+   NOTE:  us-east is Washington, DC datacenter.
 
    Tieing all these, the values to be used will be as shown below:
    ```
@@ -76,11 +85,11 @@ The default flavors present under the compute-vars folder:
 
 `memory` is in `GBs` and `count` specifies the number of VMs that should be created for each type.
 
-To enable high availability (HA) for the bastion node set the bastion `count` value to `2`.
-Note that when HA is enabled, the automation will not setup NFS storage on bastion. Value `1` for bastion `count` implies the default non-HA bastion setup.
+To enable high availability (HA) for cluster services running on the bastion set the bastion `count` value to 2.
+Note that in case of HA, the automation will not setup NFS storage. `count` of 1 for bastion implies the default non-HA bastion setup.
 
-You can optionally set worker `count` value to `0` in which case all the cluster pods will be running on the master/supervisor nodes. 
-Ensure that you use proper sizing for master/supervisor nodes to avoid resource starvation for containers.
+You can optionally set the worker `count` value to 0 in which case all the cluster pods will be running on the master/supervisor nodes.
+Ensure you use proper sizing for master/supervisor nodes to avoid resource starvation for containers.
 
 For PowerVS, processors are equal to entitled physical count. So **N** processors == **N** physical core entitlements == **ceil[N]** vCPUs.
 Here are some examples to help you understand the relationship.
@@ -131,14 +140,19 @@ Please note that only OpenSSH formatted keys are supported. Refer to the followi
 
 Create the SSH key-pair and keep it under the `data` directory
 
-These set of variables specify the RHEL subscription details.
+These set of variables specify the RHEL subscription details, RHEL subscription supports two methods: one is using username and password, the other is using activation key.
 This is sensitive data, and if you don't want to save it on disk, use environment variables `RHEL_SUBS_USERNAME` and `RHEL_SUBS_PASSWORD` and pass them to `terraform apply` command as shown in the [Quickstart guide](./quickstart.md#setup-terraform-variables).
 If you are using CentOS as the bastion image, then leave these variables as-is.
 
 ```
 rhel_subscription_username  = "[email protected]"
 rhel_subscription_password  = "mypassword"
 ```
+Or define following variables to use activation key for RHEL subscription:
+```
+rhel_subscription_org = "org-id"
+rhel_subscription_activationkey = "activation-key"
+```
 
 This variable specifies the number of hardware threads (SMT) that's used for the bastion node.
 Default setting should be fine for majority of the use-cases.