DevSecOps with disconnected Red Hat OpenShiftImproving mission agility for the US Air Force
5/9/18
Chris Grimm Architect
Cameron WyattArchitect
Mike BattlesSenior Architect
Stuart BainSecurity Architect
Jeremy SontagDOD Sales Manager
Installer Primary Capabilities● Automated Installation & Configuration Management
● Disconnected Environment on physical DVD Media (DVD)
● Standardized Application Deployment Concepts
● Security Lockdowns / Automated IA Controls & STIGs
Architecture Logical Overview
Red Hat Enterprise Linux
OpenShift Container Platform
Shared
AnsibleImage Registry
Physical Infrastructure (Provided by Host Environment)
Virtualization Infrastructure (Provided by Host Environment)
RHEL Container
PostgresSQL
App 1DB
RHEL Container
JBoss EAP
App 3
RHEL Container
JBoss EAP
App 2
RHEL Container
JBoss EAP
App 1
RHEL Container
JBoss AMQ
App 1Broker
RHEL Container
PostgresSQL
App 3DB
RHEL Container
PostgresSQL
App 2DB
Blank VMs or bare metal blades are created by the site administrator per system requirements
Installation ProcessProvision Servers
JumpHost
Delivered as a single DVD that includes an automated RHEL kickstart installation and disconnected media for OCP, Ansible, JBoss, Postgres, etc.
Installation ProcessAutomated installation of JumpHost
Installation ProcessConfiguration Files
A series of YAML files that define various parameters. Also, the server host inventory is defined in a CSV file.
Installation ProcessExecute the skunk configure command
JumpHost OCPMaster #1
Registry VM
Extra Services VM
OCPMaster #2
OCPMaster #3
OCPInfra #2
OCPInfra #2
OCPInfra #3
OCPNode #1
OCPNode #2
OCPNode #3
Installation ProcessKickstart Servers
Each VM is then installed using a kickstart script, these can be installed using PXE boot.
Installation ProcessExecute the skunk install command
JumpHost OCPMaster #1
Registry VM
Extra Services VM
OCPMaster #2
OCPMaster #3
OCPInfra #2
OCPInfra #2
OCPInfra #3
OCPNode #1
OCPNode #2
OCPNode #3
The stack is now fully deployed ready for the client applications.
Installation ProcessProvision Servers
THANK YOUplus.google.com/+RedHat
linkedin.com/company/red-hat
youtube.com/user/RedHatVideos
facebook.com/redhatinc
twitter.com/RedHat
Top Related