mirror of
https://github.com/openshift/openshift-docs.git
synced 2026-02-05 12:46:18 +01:00
193 lines
5.1 KiB
Plaintext
193 lines
5.1 KiB
Plaintext
// This is included in the following assemblies:
|
|
//
|
|
// installing_ibm_cloud_classic/install-ibm-cloud-installing-on-ibm-cloud.adoc
|
|
|
|
:_mod-docs-content-type: PROCEDURE
|
|
[id="configuring-the-public-subnet_{context}"]
|
|
= Configuring the public subnet
|
|
|
|
All of the {product-title} cluster nodes must be on the public subnet. {ibm-cloud-bm} does not provide a DHCP server on the subnet. Set it up separately on the provisioner node.
|
|
|
|
You must reset the BASH variables defined when preparing the provisioner node. Rebooting the provisioner node after preparing it will delete the BASH variables previously set.
|
|
|
|
.Procedure
|
|
|
|
. Install `dnsmasq`:
|
|
+
|
|
[source,terminal]
|
|
----
|
|
$ sudo dnf install dnsmasq
|
|
----
|
|
|
|
. Open the `dnsmasq` configuration file:
|
|
+
|
|
[source,terminal]
|
|
----
|
|
$ sudo vi /etc/dnsmasq.conf
|
|
----
|
|
|
|
. Add the following configuration to the `dnsmasq` configuration file:
|
|
+
|
|
[source,text]
|
|
----
|
|
interface=baremetal
|
|
except-interface=lo
|
|
bind-dynamic
|
|
log-dhcp
|
|
|
|
dhcp-range=<ip_addr>,<ip_addr>,<pub_cidr> <1>
|
|
dhcp-option=baremetal,121,0.0.0.0/0,<pub_gateway>,<prvn_priv_ip>,<prvn_pub_ip> <2>
|
|
|
|
dhcp-hostsfile=/var/lib/dnsmasq/dnsmasq.hostsfile
|
|
----
|
|
+
|
|
<1> Set the DHCP range. Replace both instances of `<ip_addr>` with one unused IP address from the public subnet so that the `dhcp-range` for the `baremetal` network begins and ends with the same the IP address. Replace `<pub_cidr>` with the CIDR of the public subnet.
|
|
+
|
|
<2> Set the DHCP option. Replace `<pub_gateway>` with the IP address of the gateway for the `baremetal` network. Replace `<prvn_priv_ip>` with the IP address of the provisioner node's private IP address on the `provisioning` network. Replace `<prvn_pub_ip>` with the IP address of the provisioner node's public IP address on the `baremetal` network.
|
|
+
|
|
To retrieve the value for `<pub_cidr>`, execute:
|
|
+
|
|
[source,terminal]
|
|
----
|
|
$ ibmcloud sl subnet detail <publicsubnetid> --output JSON | jq .cidr
|
|
----
|
|
+
|
|
Replace `<publicsubnetid>` with the ID of the public subnet.
|
|
+
|
|
To retrieve the value for `<pub_gateway>`, execute:
|
|
+
|
|
[source,terminal]
|
|
----
|
|
$ ibmcloud sl subnet detail <publicsubnetid> --output JSON | jq .gateway -r
|
|
----
|
|
+
|
|
Replace `<publicsubnetid>` with the ID of the public subnet.
|
|
+
|
|
To retrieve the value for `<prvn_priv_ip>`, execute:
|
|
+
|
|
[source,terminal]
|
|
----
|
|
$ ibmcloud sl hardware detail <id> --output JSON | \
|
|
jq .primaryBackendIpAddress -r
|
|
----
|
|
+
|
|
Replace `<id>` with the ID of the provisioner node.
|
|
+
|
|
To retrieve the value for `<prvn_pub_ip>`, execute:
|
|
+
|
|
[source,terminal]
|
|
----
|
|
$ ibmcloud sl hardware detail <id> --output JSON | jq .primaryIpAddress -r
|
|
----
|
|
+
|
|
Replace `<id>` with the ID of the provisioner node.
|
|
|
|
. Obtain the list of hardware for the cluster:
|
|
+
|
|
[source,terminal]
|
|
----
|
|
$ ibmcloud sl hardware list
|
|
----
|
|
|
|
. Obtain the MAC addresses and IP addresses for each node:
|
|
+
|
|
[source,terminal]
|
|
----
|
|
$ ibmcloud sl hardware detail <id> --output JSON | \
|
|
jq '.networkComponents[] | \
|
|
"\(.primaryIpAddress) \(.macAddress)"' | grep -v null
|
|
----
|
|
+
|
|
Replace `<id>` with the ID of the node.
|
|
+
|
|
.Example output
|
|
[source,terminal]
|
|
----
|
|
"10.196.130.144 00:e0:ed:6a:ca:b4"
|
|
"141.125.65.215 00:e0:ed:6a:ca:b5"
|
|
----
|
|
+
|
|
Make a note of the MAC address and IP address of the public network. Make a separate note of the MAC address of the private network, which you will use later in the `install-config.yaml` file. Repeat this procedure for each node until you have all the public MAC and IP addresses for the public `baremetal` network, and the MAC addresses of the private `provisioning` network.
|
|
|
|
. Add the MAC and IP address pair of the public `baremetal` network for each node into the `dnsmasq.hostsfile` file:
|
|
+
|
|
[source,terminal]
|
|
----
|
|
$ sudo vim /var/lib/dnsmasq/dnsmasq.hostsfile
|
|
----
|
|
+
|
|
.Example input
|
|
[source,text]
|
|
----
|
|
00:e0:ed:6a:ca:b5,141.125.65.215,master-0
|
|
<mac>,<ip>,master-1
|
|
<mac>,<ip>,master-2
|
|
<mac>,<ip>,worker-0
|
|
<mac>,<ip>,worker-1
|
|
...
|
|
----
|
|
+
|
|
Replace `<mac>,<ip>` with the public MAC address and public IP address of the corresponding node name.
|
|
|
|
. Start `dnsmasq`:
|
|
+
|
|
[source,terminal]
|
|
----
|
|
$ sudo systemctl start dnsmasq
|
|
----
|
|
|
|
. Enable `dnsmasq` so that it starts when booting the node:
|
|
+
|
|
[source,terminal]
|
|
----
|
|
$ sudo systemctl enable dnsmasq
|
|
----
|
|
|
|
. Verify `dnsmasq` is running:
|
|
+
|
|
[source,terminal]
|
|
----
|
|
$ sudo systemctl status dnsmasq
|
|
----
|
|
+
|
|
.Example output
|
|
[source,terminal]
|
|
----
|
|
● dnsmasq.service - DNS caching server.
|
|
Loaded: loaded (/usr/lib/systemd/system/dnsmasq.service; enabled; vendor preset: disabled)
|
|
Active: active (running) since Tue 2021-10-05 05:04:14 CDT; 49s ago
|
|
Main PID: 3101 (dnsmasq)
|
|
Tasks: 1 (limit: 204038)
|
|
Memory: 732.0K
|
|
CGroup: /system.slice/dnsmasq.service
|
|
└─3101 /usr/sbin/dnsmasq -k
|
|
----
|
|
|
|
. Open ports `53` and `67` with UDP protocol:
|
|
+
|
|
[source,terminal]
|
|
----
|
|
$ sudo firewall-cmd --add-port 53/udp --permanent
|
|
----
|
|
+
|
|
[source,terminal]
|
|
----
|
|
$ sudo firewall-cmd --add-port 67/udp --permanent
|
|
----
|
|
|
|
. Add `provisioning` to the external zone with masquerade:
|
|
+
|
|
[source,terminal]
|
|
----
|
|
$ sudo firewall-cmd --change-zone=provisioning --zone=external --permanent
|
|
----
|
|
+
|
|
This step ensures network address translation for IPMI calls to the management subnet.
|
|
|
|
. Reload the `firewalld` configuration:
|
|
+
|
|
[source,terminal]
|
|
----
|
|
$ sudo firewall-cmd --reload
|
|
----
|