OpenShift 3.6 Basic Guest Template: Difference between revisions
Jump to navigation
Jump to search
No edit summary |
|||
| (39 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
=Internal= | =Internal= | ||
* [[OpenShift_3.6_Installation# | * [[OpenShift_3.6_Installation#Guest_Template_Preparation|OpenShift 3.6 Installation]] | ||
=Overview= | =Overview= | ||
This is the simplest possible guest template, which will be used as a base for various other types of guests or more complex templates. | This is the simplest possible guest template, which will be used as a base for various other types of guests or more complex templates. The basic template can be used to generate the ingress node directly. | ||
= | =Virtual Machine Creation= | ||
==KVM Virtual Machine | ==KVM Virtual Machine Creation== | ||
Make sure the required storage pools have been configured as described in the [[OpenShift_3.6_Virtualization_Host_Preparation|Virtualization Host Preparation]] page. | Make sure the required storage pools have been configured as described in the [[OpenShift_3.6_Virtualization_Host_Preparation|Virtualization Host Preparation]] page. | ||
| Line 31: | Line 31: | ||
The command will enter in text interactive mode. | The command will enter in text interactive mode. | ||
==VMware Fusion Virtual Machine== | ==VMware Fusion Virtual Machine Creation== | ||
{{Internal| | {{Internal|VMware Fusion Virtual Machine Provisioning#Procedure|VMware Fusion Virtual Machine Provisioning}} | ||
==VirtualBox Virtual Machine== | ==VirtualBox Virtual Machine Creation== | ||
{{Internal|VirtualBox_Virtual_Machine_Creation#Display|VirtualBox VMs}} | {{Internal|VirtualBox_Virtual_Machine_Creation#Display|VirtualBox VMs}} | ||
=First-Boot Configuration= | |||
* English/American | * English/American | ||
| Line 45: | Line 45: | ||
** Host name: basic-template.ocp36.local | ** Host name: basic-template.ocp36.local | ||
** eth0: 192.168.122.21/255.255.255.0/192.168.1.1, IPV6 ignore, nameservers: 8.8.8.8, connect automatically after reboot, apply configuration in installer. | ** eth0: 192.168.122.21/255.255.255.0/192.168.1.1, IPV6 ignore, nameservers: 8.8.8.8, connect automatically after reboot, apply configuration in installer. | ||
{{Warn|Use a neutral address. The static IP address will be changed when the template is cloned into actual virtual machine instances.}} | |||
* Timezone 3 82, NTP server 129.6.15.28 | * Timezone 3 82, NTP server 129.6.15.28 | ||
* Software selection: minimal install | * Software selection: minimal install | ||
| Line 55: | Line 58: | ||
{{Internal|RHEL_7/Centos_7_Installation#Overview|RHEL 7 Installation}} | {{Internal|RHEL_7/Centos_7_Installation#Overview|RHEL 7 Installation}} | ||
= | =Configuration and Validation= | ||
==IP Address== | |||
ip addr | ip addr | ||
| Line 66: | Line 69: | ||
valid_lft forever preferred_lft forever | valid_lft forever preferred_lft forever | ||
... | ... | ||
==NetworkManager== | |||
OpenShift requires [[NetworkManager]] to be operational on all nodes (see https://docs.openshift.com/container-platform/3.6/install_config/install/prerequisites.html#prereq-networkmanager). Verify it works: | |||
nmcli g | |||
==Attach the Node to a RHEL Subscription== | |||
Follow the procedure described here: | |||
{{Internal|Red_Hat_Subscription_Manager#Register_a_Linux_System|Register a Linux System}} | |||
and | |||
{{Internal|Red_Hat_Subscription_Manager#Register_a_Standard_RHEL_Subscription|Register a Standard RHEL Subscription}} | |||
The summary is available below: | |||
subscription-manager register | |||
subscription-manager refresh | |||
subscription-manager list --available --all | |||
subscription-manager attach --pool=<''pool-id''> --quantity=1 | |||
==Install Required Base Packages== | |||
yum install wget git net-tools bind-utils iptables-services bridge-utils bash-completion kexec kexec-tools sos psacct zip unzip rpcbind nfs-utils haproxy | |||
Also see https://docs.openshift.com/container-platform/3.6/install_config/install/host_preparation.html#installing-base-packages | |||
==Update the Entire System== | |||
yum update -y | |||
==Reboot== | |||
systemctl reboot | |||
==Configure DNS== | |||
Configure the DNS client with [[NetworkManager_Operations#Configure_DNS_with_nmcli|with nmcli]]: | |||
nmcli dev status | |||
# get the connection name | |||
nmcli con mod <''connection-name''> ipv4.dns-search "ocp36.local" | |||
nmcli con mod <''connection-name''> ipv4.dns "''<ip-address-of-the-support-DNS-server>'' 8.8.8.8" | |||
{{Warn|Note that the support may not be up at times while the environment is being setup, so the network operations may be slow.}} | |||
==Turn Off ssh Client Name DNS Verification== | |||
{{Internal|Sshd_Configuration#Turn_Off_Client_Name_DNS_Verification|Turn off sshd client name DNS verification}} | |||
==Authorize Virtualization Host root's Public Key== | |||
cd | |||
mkdir .ssh | |||
echo "..." > .ssh/authorized_keys | |||
chmod -R go-rwx .ssh | |||
==SELinux== | |||
Make sure SELinux [[SELinux_Operations#How_to_Find_Out_Whether_SELinux_is_Enabled|is enabled]] on all hosts: | |||
sestatus | |||
If is not, enable it. | |||
Also make sure <tt>SELINUXTYPE</tt> is "[[SELinux_Concepts#type_targeted|targeted]]" in /etc/selinux/config. | |||
cat /etc/selinux/config | |||
==Firewall Configuration== | |||
firewalld must be disabled and replaced with iptables. Follow this [[RHEL_7/Centos_7_Installation#Turn_off_firewalld_and_configure_the_iptables_service|procedure]]. The summary is presented below: | |||
systemctl stop firewalld | |||
systemctl disable firewalld | |||
systemctl is-enabled firewalld | |||
yum remove firewalld | |||
OpenShift needs iptables running: | |||
systemctl enable iptables | |||
systemctl start iptables | |||
==Configure the OpenShift Installation User== | |||
All environment hosts must expose an "ansible" installation user that can be used by the OpenShift advanced installation procedure to install OpenShift. For that: | |||
1. Create the user on the template, as shown below: | |||
groupadd -g 2200 ansible | |||
useradd -m -g ansible -u 2200 ansible | |||
2. As "ansible", [[Ssh_Configure_Public/Private_Key_Authentication#Create_the_OpenSSH_Private.2FPublic_Key_Pair|create the passwordless public/private key ssh key pair]] on the template host. | |||
su - ansible | |||
ssh-keygen -q -b 2048 -f ~/.ssh/id_rsa -t rsa | |||
Enter passphrase (empty for no passphrase): | |||
Enter same passphrase again: | |||
3. Move the key pair in the environment's directory on the virtualization host and name them ansible-id_rsa and ansible-id_rsa.pub. | |||
pwd | |||
/root/environments/ocp36 | |||
ls -l | |||
-rw-------. 1 root root 1675 Nov 7 17:26 ansible-id_rsa | |||
-rw-r--r--. 1 root root 416 Nov 7 17:26 ansible-id_rsa.pub | |||
4. Remove both the keys from the template. | |||
cd .ssh | |||
rm id_rsa | |||
rm id_rsa.pub | |||
5. Add the "ansible" user's public key into ~ansible/.ssh/authorized_keys | |||
echo "..." > ~ansible/.ssh/authorized_keys | |||
6. Enable [[Sudo#Allow_a_user_to_run_all_commands_as_root_without_a_password|passwordless sudo]] for "ansible". | |||
==Other Miscellaneous Configuration== | |||
Configure log rotation (/etc/logrotate.conf): | |||
# rotate log files daily | |||
daily | |||
# keep 2 days worth of backlogs | |||
rotate 2 | |||
Latest revision as of 20:16, 29 April 2018
Internal
Overview
This is the simplest possible guest template, which will be used as a base for various other types of guests or more complex templates. The basic template can be used to generate the ingress node directly.
Virtual Machine Creation
KVM Virtual Machine Creation
Make sure the required storage pools have been configured as described in the Virtualization Host Preparation page.
The template creation procedure is described in detail in the virt-install page. Drive the installation from the procedure described there, as it contains critical details.
The actual command is:
virt-install --name ocp36.basic-template --memory 1024 --vcpus 2 --os-variant=rhel7.4 --location /iso-images/rhel-server-7.4-x86_64-dvd.iso --extra-args="console=tty0 console=ttyS0,115200n8" --disk=/iso-images/rhel-server-7.4-x86_64-dvd.iso,device=cdrom --disk=/main-storage-pool/ocp36.basic-template.qcow2,size=7 --network default --graphics none
The command will enter in text interactive mode.
VMware Fusion Virtual Machine Creation
VirtualBox Virtual Machine Creation
First-Boot Configuration
- English/American
- Network
- Host name: basic-template.ocp36.local
- eth0: 192.168.122.21/255.255.255.0/192.168.1.1, IPV6 ignore, nameservers: 8.8.8.8, connect automatically after reboot, apply configuration in installer.
Use a neutral address. The static IP address will be changed when the template is cloned into actual virtual machine instances.
- Timezone 3 82, NTP server 129.6.15.28
- Software selection: minimal install
- Installation destination: vda, use all space, Standard partition.
- Disable kdump
- root password
More details about RHEL Minimal installation:
Configuration and Validation
IP Address
ip addr
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 52:54:00:03:c4:35 brd ff:ff:ff:ff:ff:ff
inet 192.168.122.21/24 brd 192.168.122.255 scope global eth0
valid_lft forever preferred_lft forever
...
NetworkManager
OpenShift requires NetworkManager to be operational on all nodes (see https://docs.openshift.com/container-platform/3.6/install_config/install/prerequisites.html#prereq-networkmanager). Verify it works:
nmcli g
Attach the Node to a RHEL Subscription
Follow the procedure described here:
and
The summary is available below:
subscription-manager register subscription-manager refresh subscription-manager list --available --all subscription-manager attach --pool=<pool-id> --quantity=1
Install Required Base Packages
yum install wget git net-tools bind-utils iptables-services bridge-utils bash-completion kexec kexec-tools sos psacct zip unzip rpcbind nfs-utils haproxy
Update the Entire System
yum update -y
Reboot
systemctl reboot
Configure DNS
Configure the DNS client with with nmcli:
nmcli dev status # get the connection name nmcli con mod <connection-name> ipv4.dns-search "ocp36.local" nmcli con mod <connection-name> ipv4.dns "<ip-address-of-the-support-DNS-server> 8.8.8.8"
Note that the support may not be up at times while the environment is being setup, so the network operations may be slow.
Turn Off ssh Client Name DNS Verification
Authorize Virtualization Host root's Public Key
cd mkdir .ssh echo "..." > .ssh/authorized_keys chmod -R go-rwx .ssh
SELinux
Make sure SELinux is enabled on all hosts:
sestatus
If is not, enable it.
Also make sure SELINUXTYPE is "targeted" in /etc/selinux/config.
cat /etc/selinux/config
Firewall Configuration
firewalld must be disabled and replaced with iptables. Follow this procedure. The summary is presented below:
systemctl stop firewalld systemctl disable firewalld systemctl is-enabled firewalld yum remove firewalld
OpenShift needs iptables running:
systemctl enable iptables systemctl start iptables
Configure the OpenShift Installation User
All environment hosts must expose an "ansible" installation user that can be used by the OpenShift advanced installation procedure to install OpenShift. For that:
1. Create the user on the template, as shown below:
groupadd -g 2200 ansible useradd -m -g ansible -u 2200 ansible
2. As "ansible", create the passwordless public/private key ssh key pair on the template host.
su - ansible ssh-keygen -q -b 2048 -f ~/.ssh/id_rsa -t rsa Enter passphrase (empty for no passphrase): Enter same passphrase again:
3. Move the key pair in the environment's directory on the virtualization host and name them ansible-id_rsa and ansible-id_rsa.pub.
pwd /root/environments/ocp36 ls -l -rw-------. 1 root root 1675 Nov 7 17:26 ansible-id_rsa -rw-r--r--. 1 root root 416 Nov 7 17:26 ansible-id_rsa.pub
4. Remove both the keys from the template.
cd .ssh rm id_rsa rm id_rsa.pub
5. Add the "ansible" user's public key into ~ansible/.ssh/authorized_keys
echo "..." > ~ansible/.ssh/authorized_keys
6. Enable passwordless sudo for "ansible".
Other Miscellaneous Configuration
Configure log rotation (/etc/logrotate.conf):
# rotate log files daily daily # keep 2 days worth of backlogs rotate 2