Calabi Documentation

Calabi

Single-host disconnected OpenShift on nested KVM, with intent-first docs for architecture, orchestration, auth, and recovery.

Docs MapGitHub
Golden Path

Navigation

Route by task into the supported AWS deployment flow and its adjacent reference material.

Documentation Map

Use this page when you know the task you need to accomplish but not yet the right Calabi document. The repository README explains what the project is; this page routes you into the correct workflow lane.

The docs below reflect the current validated posture:

  • ./scripts/run_local_playbook.sh playbooks/site-bootstrap.yml has been re-proven from a zero-VM boundary
  • the current cluster/day-2 path has converged on the live lab
  • the supported auth baseline is:
    • OpenShift: HTPasswd breakglass plus Keycloak OIDC
    • AAP: Keycloak OIDC, not direct LDAP
  • AD-backed user login has been validated through:
    • Keycloak into OpenShift
    • Keycloak into AAP

The remaining certification bar is still one uninterrupted fresh ./scripts/run_remote_bastion_playbook.sh playbooks/site-lab.yml run on the current codebase without live repair during that attempt.

Choose Your Path

If you need to... Start here Then read
build or rebuild the lab (Golden Path) Prerequisites Automation Flow, Orchestration Plumbing
learn how the automation works under the hood (Teaching Reference) Manual Process Automation Flow, Authentication Model
understand the supported auth and policy model Authentication Model AD / IdM Policy Model (Teaching Reference)
understand the underlying design (Teaching Reference) Network Topology Host Resource Management, AWS IaaS Resource Model, OpenShift Cluster Matrix, ODF Declarative Plan
troubleshoot or resume work Investigating Issues Ledger, Secrets And Sanitization
change the code (Teaching Reference) Orchestration Guide ./scripts/run_local_playbook.sh playbooks/site-bootstrap.yml, ./scripts/run_remote_bastion_playbook.sh playbooks/site-lab.yml
run the on-prem external-Ceph path On-Prem Docs On-Prem Override Mechanism, Automation Flow

AWS Golden Path Reading Order

  1. TOP README
  2. PREREQUISITES
  3. AUTOMATION FLOW
  4. ORCHESTRATION PLUMBING
  5. AUTH MODEL
  6. INVESTIGATING when recovery or drift enters the picture

Maintainer Reading Order

  1. TOP README
  2. DOCS MAP
  3. AUTH MODEL
  4. AD / IDM POLICY MODEL
  5. NETWORK TOPOLOGY
  6. RESOURCE MANAGEMENT
  7. ORCHESTRATION GUIDE
  8. MANUAL PROCESS as the teaching reference for the automated flow

Experimental Paths

If you are not provisioning virt-01 through AWS and already have an on-prem host that can satisfy the Calabi hypervisor contract, you can try the experimental on-prem entry path for the divergent early steps.

Warning

Unvalidated. This path is provided for developers who want to try the on-prem entry flow. It is not the supported deployment path.

  ON-PREM DOCS  

Those pages cover:

  • the on-prem host contract
  • LVM-backed guest volume provisioning
  • the on-prem bastion staging wrapper
  • override-driven profile selection, including the external-Ceph day-2 profile

They then hand you back to this main docs set once the bastion is built and the normal Calabi sequencing resumes.

Directory Intent

Path Purpose
cloudformation/ outer AWS tenant and host scaffolding
docs/ operator, design, and maintainer documentation
playbooks/bootstrap/ hypervisor and support-guest bring-up
playbooks/lab/ bastion-side support services for the disconnected lab
playbooks/cluster/ installer tooling, agent media, cluster VM shells, install wait
playbooks/day2/ post-install operator and platform configuration
playbooks/maintenance/ cleanup, suspend, install-media normalization
roles/ implementation details behind the playbooks
vars/global/ cross-cutting defaults and environment-wide intent
vars/guests/ support-guest and cluster-shell sizing and policy
vars/cluster/ cluster identity and installer-specific inputs
vars/day2/ day-2 feature toggles and defaults
scripts/ operator helper scripts for bastion staging and monitoring