OpenShift 3.6 Generic Guest Template: Difference between revisions
No edit summary |
|||
(37 intermediate revisions by the same user not shown) | |||
Line 2: | Line 2: | ||
* [[OpenShift_3.6_Installation#Guest_Template_Preparation|OpenShift 3.6 Installation]] | * [[OpenShift_3.6_Installation#Guest_Template_Preparation|OpenShift 3.6 Installation]] | ||
=Overview= | |||
The generic template contains all an OpenShift master or regular node, as well as the support node, need to function. It is built in top of the [[OpenShift_3.6_Basic_Guest_Template#Overview|basic template]]. | |||
=Clone the Basic Template= | =Clone the Basic Template= | ||
Use the [[OpenShift_3.6_Basic_Guest_Template|basic template]] as a base image, and clone it, as described here: | Use the [[OpenShift_3.6_Basic_Guest_Template#Overview|basic template]] as a base image, and clone it, as described here: | ||
{{Internal|Linux Virtualization Cloning a KVM Guest Virtual Machine|Cloning a Guest}} | {{Internal|Linux Virtualization Cloning a KVM Guest Virtual Machine|Cloning a Guest}} | ||
The | The process will produce a ocp36.generic-template. | ||
=Install OpenShift Binaries= | =Install OpenShift Binaries= | ||
Line 88: | Line 76: | ||
docker version | docker version | ||
==Docker Storage Setup== | |||
<font color=red>Process: https://docs.docker.com/storage/storagedriver/device-mapper-driver/#configure-direct-lvm-mode-for-production</font> | |||
Provision [[OpenShift_Concepts#Docker_Storage_in_OpenShift|storage for the Docker server]]. The [[Docker_Concepts#Loopback_Storage|default loopback storage]] is not appropriate for production, it should be replaced by a [[Linux_Logical_Volume_Management_Concepts#Thinly-Provisioned_Logical_Volumes_.28Thin_Volumes.29|thin-pool logical volume]]. Set up docker storage using Option A) described in the documentation: use an additional block device. In this case, the additional block device is provisioned as a 50GB dedicate volume group and exposed to the guest as the /dev/vdb block device. | |||
/etc/sysconfig/docker-storage-setup: | |||
<pre> | |||
CONTAINER_THINPOOL=docker-pool | |||
STORAGE_DRIVER=devicemapper | |||
DEVS=/dev/vdb | |||
CONTAINER_THINPOOL=container-thinpool | |||
VG=docker_vg | |||
ROOT_SIZE=50G | |||
DATA_SIZE=100%FREE | |||
MIN_DATA_SIZE=2G | |||
#POOL_META_SIZE=16M | |||
CHUNK_SIZE=512K | |||
GROWPART=false | |||
AUTO_EXTEND_POOL=yes | |||
POOL_AUTOEXTEND_THRESHOLD=60 | |||
POOL_AUTOEXTEND_PERCENT=20 | |||
DEVICE_WAIT_TIMEOUT=60 | |||
WIPE_SIGNATURES=true | |||
CONTAINER_ROOT_LV_SIZE=100%FREE | |||
# CONTAINER_ROOT_LV_MOUNT_PATH="/var/lib/containers/container-runtime" | |||
</pre> | |||
{{Warn|Setting DATA_SIZE too small caused nodes not being able to start and OpenShift [[OpenShift Concepts#OutOfDisk|OutOfDisk events]].}} | |||
If this is template reconfiguration, remove previous Docker metadata: | |||
rm -r /var/lib/docker | |||
cat /dev/null > /etc/sysconfig/docker-storage | |||
Execute: | |||
/usr/bin/docker-storage-setup | |||
INFO: Volume group backing root filesystem could not be determined | |||
INFO: Device node /dev/vdb1 exists. | |||
Physical volume "/dev/vdb1" successfully created. | |||
Volume group "docker_vg" successfully created | |||
Using default stripesize 64.00 KiB. | |||
Rounding up size to full physical extent 52.00 MiB | |||
Thin pool volume with chunk size 512.00 KiB can address at most 126.50 TiB of data. | |||
Logical volume "container-thinpool" created. | |||
Logical volume docker_vg/container-thinpool changed. | |||
lvs | |||
LV VG Attr LSize Pool Origin Data% Meta% Move Log Cpy%Sync Convert | |||
container-thinpool docker_vg twi-a-t--- 49.89g 0.00 0.11 | |||
After setup, disable docker-storage-setup at startup, is not needed, storage already setup. | |||
systemctl disable docker-storage-setup | |||
systemctl is-enabled docker-storage-setup | |||
==Docker and OpenShift Installation== | |||
The OpenShift advanced installation procedure is supposed to update [[Docker_Server_Configuration#RedHat.2FCentos|/etc/sysconfig/docker]] on nodes with OpenShift-specific configuration. The documentation says that the advanced installation procedure will add an "--insecure-registry" option, but that does not seem to be the case, so based on previous installation experience, we learned to add it manually in /etc/sysconfig/docker: | |||
OPTIONS=' --selinux-enabled --log-driver=journald <font color=teal>'''--insecure-registry 172.30.0.0/16'''</font>' | |||
The subnet value used to configure the insecure registry corresponds to the default value of the [[OpenShift_Concepts#The_Services_Subnet|services subnet]]. | |||
==Test Start Docker== | |||
Enable docker to start at boot: | |||
systemctl enable docker | |||
systemctl start docker | |||
Reboot the system and then check [[Docker Server Runtime]]. | |||
[ | |||
=Optimizing Docker Storage= | |||
{{External|https://docs.openshift.com/container-platform/3.6/scaling_performance/optimizing_storage.html#optimizing-storage}} | |||
==Prevent Docker to Start at Boot== | |||
We do not want the template to start docker at boot, because in some cases we may want to modify the storage depending on the node's particularities. | |||
Also we do not want to automatically start, because we may want to configure new storage manually. | |||
systemctl disable docker | |||
systemctl is-enabled docker | |||
systemctl disable docker-storage-setup | systemctl disable docker-storage-setup | ||
systemctl is-enabled docker-storage-setup | systemctl is-enabled docker-storage-setup | ||
Latest revision as of 20:37, 20 April 2018
Internal
Overview
The generic template contains all an OpenShift master or regular node, as well as the support node, need to function. It is built in top of the basic template.
Clone the Basic Template
Use the basic template as a base image, and clone it, as described here:
The process will produce a ocp36.generic-template.
Install OpenShift Binaries
Attach the Node to the OpenShift Subscription
More details about subscription management:
The node, being based on the basic template, should have been already registered with the subscription manager:
subscription-manager status
subscription-manager identity
subscription-manager list --available --matches '*OpenShift*'
Identify the OpenShift pool ID:
subscription-manager attach --pool=<pool-id>
Manage Repositories and Install Utilities
Once attached to the pool, all repositories must be first disabled, and then only select repositories are re-enabled:
subscription-manager repos --disable="*"
subscription-manager repos --list-enabled yum repolist
If there are any enabled repositories, disable them with:
yum-config-manager --disable <repo_id>
Enable only the repositories required by OpenShift Container Platform 3.6:
subscription-manager repos --enable="rhel-7-server-rpms" --enable="rhel-7-server-extras-rpms" --enable="rhel-7-server-ose-3.6-rpms" --enable="rhel-7-fast-datapath-rpms"
subscription-manager repos --list-enabled yum repolist
yum update -y
Install atomic-openshift-utils, which contains OpenShift installer utilities and other tools required by the installation process:
yum install atomic-openshift-utils
At this point, no OpenShift binaries, except installation utilities, are installed. The advanced installer knows how to override this and it will install the binaries as expected, without any further intervention.
Install Docker
Install Docker on the generic template. On the support host, it will simply not be activated. Docker is also required on masters too, but the image storage allocated to it can be made much smaller than on the nodes and infranodes. The binaries must be installed from the rhel-7-server-ose-3.*-rpms repository and have it running before installing OpenShift.
OpenShift 3.6 requires Docker 1.12.
yum install docker docker version
Docker Storage Setup
Provision storage for the Docker server. The default loopback storage is not appropriate for production, it should be replaced by a thin-pool logical volume. Set up docker storage using Option A) described in the documentation: use an additional block device. In this case, the additional block device is provisioned as a 50GB dedicate volume group and exposed to the guest as the /dev/vdb block device.
/etc/sysconfig/docker-storage-setup:
CONTAINER_THINPOOL=docker-pool STORAGE_DRIVER=devicemapper DEVS=/dev/vdb CONTAINER_THINPOOL=container-thinpool VG=docker_vg ROOT_SIZE=50G DATA_SIZE=100%FREE MIN_DATA_SIZE=2G #POOL_META_SIZE=16M CHUNK_SIZE=512K GROWPART=false AUTO_EXTEND_POOL=yes POOL_AUTOEXTEND_THRESHOLD=60 POOL_AUTOEXTEND_PERCENT=20 DEVICE_WAIT_TIMEOUT=60 WIPE_SIGNATURES=true CONTAINER_ROOT_LV_SIZE=100%FREE # CONTAINER_ROOT_LV_MOUNT_PATH="/var/lib/containers/container-runtime"
Setting DATA_SIZE too small caused nodes not being able to start and OpenShift OutOfDisk events.
If this is template reconfiguration, remove previous Docker metadata:
rm -r /var/lib/docker cat /dev/null > /etc/sysconfig/docker-storage
Execute:
/usr/bin/docker-storage-setup
INFO: Volume group backing root filesystem could not be determined INFO: Device node /dev/vdb1 exists. Physical volume "/dev/vdb1" successfully created. Volume group "docker_vg" successfully created Using default stripesize 64.00 KiB. Rounding up size to full physical extent 52.00 MiB Thin pool volume with chunk size 512.00 KiB can address at most 126.50 TiB of data. Logical volume "container-thinpool" created. Logical volume docker_vg/container-thinpool changed.
lvs LV VG Attr LSize Pool Origin Data% Meta% Move Log Cpy%Sync Convert container-thinpool docker_vg twi-a-t--- 49.89g 0.00 0.11
After setup, disable docker-storage-setup at startup, is not needed, storage already setup.
systemctl disable docker-storage-setup systemctl is-enabled docker-storage-setup
Docker and OpenShift Installation
The OpenShift advanced installation procedure is supposed to update /etc/sysconfig/docker on nodes with OpenShift-specific configuration. The documentation says that the advanced installation procedure will add an "--insecure-registry" option, but that does not seem to be the case, so based on previous installation experience, we learned to add it manually in /etc/sysconfig/docker:
OPTIONS=' --selinux-enabled --log-driver=journald --insecure-registry 172.30.0.0/16'
The subnet value used to configure the insecure registry corresponds to the default value of the services subnet.
Test Start Docker
Enable docker to start at boot:
systemctl enable docker systemctl start docker
Reboot the system and then check Docker Server Runtime.
Optimizing Docker Storage
Prevent Docker to Start at Boot
We do not want the template to start docker at boot, because in some cases we may want to modify the storage depending on the node's particularities.
Also we do not want to automatically start, because we may want to configure new storage manually.
systemctl disable docker systemctl is-enabled docker
systemctl disable docker-storage-setup systemctl is-enabled docker-storage-setup