Calabi Documentation

Calabi

Single-host disconnected OpenShift on nested KVM, with intent-first docs for architecture, orchestration, auth, and recovery.

PREREQUISITESDEVELOPER SUBSCRIPTIONBUILD / REBUILDORCHESTRATION PLUMBINGAUTH MODELAD / IDM POLICY MODELMANUAL PROCESSIAAS MODELRESOURCE DESIGNHOST MEMORYNETWORK DESIGNCLUSTER MATRIXCODE GUIDEINVESTIGATINGISSUES LEDGERSECRETS

Documentation Map

Start with the navigation buttons below. They are the quickest way to get to the part of the project you actually need.

The root README.md explains what the project is. This page answers:

  • where do I start for my specific task?
  • which docs explain design versus operation versus implementation?
  • where in the codebase do those documents point?

Current Validated Baseline

The docs below now reflect the current validated posture:

  • playbooks/site-bootstrap.yml has been re-proven from a zero-VM boundary
  • the current cluster/day-2 path has converged on the live lab
  • the supported auth baseline is:
    • OpenShift: HTPasswd breakglass plus Keycloak OIDC
    • AAP: Keycloak OIDC, not direct LDAP
  • AD-backed user login has been validated through:
    • Keycloak into OpenShift
    • Keycloak into AAP

The remaining certification bar is still one uninterrupted fresh playbooks/site-lab.yml run on the current codebase without live repair during that attempt.

Experimental Alternate Target

If you are not provisioning virt-01 through AWS and already have an on-prem host that can satisfy the Calabi hypervisor contract, use the experimental on-prem entry path for the divergent early steps:

  ON-PREM DOCS  

Those pages cover:

  • the on-prem host contract
  • LVM-backed guest volume provisioning
  • the on-prem bastion staging wrapper

They then hand you back to this main docs set once the bastion is built and the normal Calabi sequencing resumes.

Choose Your Path

I Want To Build Or Rebuild The Lab

  PREREQUISITES     DEVELOPER SUBSCRIPTION     AUTOMATION FLOW     ORCHESTRATION PLUMBING     AUTH MODEL     AD / IDM POLICY MODEL     MANUAL PROCESS     AWS IAAS MODEL  

Pick these when you need:

  • the input checklist before the first build
  • Red Hat Developer Subscription setup for content access
  • the operator run order
  • the internal execution and runner-state model
  • the current supported authentication and authorization architecture
  • the future AD-to-IdM authorization model
  • the manual analog of the automation
  • the outer AWS substrate model

I Want To Understand The Design

  NETWORK TOPOLOGY     RESOURCE MANAGEMENT     CLUSTER MATRIX     ODF PLAN  

Pick these when you need:

  • VLAN and routing intent
  • CPU pools, Gold/Silver/Bronze domains, and host sizing guidance
  • node identities, MACs, and install matrix data
  • storage deployment intent

I Want To Troubleshoot Or Resume Work

  INVESTIGATING     ISSUES LEDGER     MANUAL PROCESS     SECRETS AND SANITIZATION  

Pick these when you need:

  • live investigation checkpoints that are not finished yet
  • already-fixed problems with commit references
  • the manual equivalent of what automation is supposed to do
  • the current secret-handling and Git hygiene model

I Want To Change The Code

  ORCHESTRATION GUIDE     SITE-BOOTSTRAP     SITE-LAB  

Pick these when you need:

  • playbook and role boundaries
  • execution context
  • where a given workflow lives in the repo

Directory Intent

Path Purpose
cloudformation/ outer AWS tenant and host scaffolding
docs/ operator, design, and maintainer documentation
playbooks/bootstrap/ hypervisor and support-guest bring-up
playbooks/lab/ bastion-side support services for the disconnected lab
playbooks/cluster/ installer tooling, agent media, cluster VM shells, install wait
playbooks/day2/ post-install operator and platform configuration
playbooks/maintenance/ cleanup, suspend, install-media normalization
roles/ implementation details behind the playbooks
vars/global/ cross-cutting defaults and environment-wide intent
vars/guests/ support-guest and cluster-shell sizing and policy
vars/cluster/ cluster identity and installer-specific inputs
vars/day2/ day-2 feature toggles and defaults
scripts/ operator helper scripts for bastion staging and monitoring
  1. TOP README
  2. PREREQUISITES
  3. AUTOMATION FLOW
  4. ORCHESTRATION PLUMBING
  5. AUTH MODEL
  6. AD / IDM POLICY MODEL
  7. RESOURCE MANAGEMENT
  8. NETWORK TOPOLOGY
  9. ORCHESTRATION GUIDE
  10. MANUAL PROCESS
  1. TOP README
  2. PREREQUISITES
  3. AUTOMATION FLOW
  4. ORCHESTRATION PLUMBING
  5. AUTH MODEL
  6. MANUAL PROCESS
  7. AD / IDM POLICY MODEL for the planned future authorization model
  8. INVESTIGATING when things drift from the happy path

Continue