mirror of
https://github.com/openshift/openshift-docs.git
synced 2026-02-05 12:46:18 +01:00
274 lines
6.2 KiB
Plaintext
274 lines
6.2 KiB
Plaintext
// Module included in the following assemblies:
|
|
//
|
|
// * installing/installing_ibm_cloud_classic/install-ibm-cloud-installing-on-ibm-cloud.adoc
|
|
|
|
:_mod-docs-content-type: PROCEDURE
|
|
[id="preparing-the-provisioner-node-for-openshift-install-on-ibm-cloud_{context}"]
|
|
= Preparing the provisioner node on {ibm-cloud-bm} infrastructure
|
|
|
|
Perform the following steps to prepare the provisioner node.
|
|
|
|
.Procedure
|
|
|
|
. Log in to the provisioner node via `ssh`.
|
|
|
|
. Create a non-root user (`kni`) and provide that user with `sudo` privileges:
|
|
+
|
|
[source,terminal]
|
|
----
|
|
# useradd kni
|
|
----
|
|
+
|
|
[source,terminal]
|
|
----
|
|
# passwd kni
|
|
----
|
|
+
|
|
[source,terminal]
|
|
----
|
|
# echo "kni ALL=(root) NOPASSWD:ALL" | tee -a /etc/sudoers.d/kni
|
|
----
|
|
+
|
|
[source,terminal]
|
|
----
|
|
# chmod 0440 /etc/sudoers.d/kni
|
|
----
|
|
|
|
. Create an `ssh` key for the new user:
|
|
+
|
|
[source,terminal]
|
|
----
|
|
# su - kni -c "ssh-keygen -f /home/kni/.ssh/id_rsa -N ''"
|
|
----
|
|
|
|
. Log in as the new user on the provisioner node:
|
|
+
|
|
[source,terminal]
|
|
----
|
|
# su - kni
|
|
----
|
|
|
|
. Use Red Hat Subscription Manager to register the provisioner node:
|
|
+
|
|
[source,terminal]
|
|
----
|
|
$ sudo subscription-manager register --username=<user> --password=<pass> --auto-attach
|
|
----
|
|
+
|
|
[source,terminal]
|
|
----
|
|
$ sudo subscription-manager repos --enable=rhel-8-for-x86_64-appstream-rpms \
|
|
--enable=rhel-8-for-x86_64-baseos-rpms
|
|
----
|
|
+
|
|
[NOTE]
|
|
====
|
|
For more information about Red Hat Subscription Manager, see link:https://access.redhat.com/documentation/en-us/red_hat_subscription_management/1/html-single/rhsm/index[Using and Configuring Red Hat Subscription Manager].
|
|
====
|
|
|
|
. Install the following packages:
|
|
+
|
|
[source,terminal]
|
|
----
|
|
$ sudo dnf install -y libvirt qemu-kvm mkisofs python3-devel jq ipmitool
|
|
----
|
|
|
|
. Modify the user to add the `libvirt` group to the newly created user:
|
|
+
|
|
[source,terminal]
|
|
----
|
|
$ sudo usermod --append --groups libvirt kni
|
|
----
|
|
|
|
. Start `firewalld`:
|
|
+
|
|
[source,terminal]
|
|
----
|
|
$ sudo systemctl start firewalld
|
|
----
|
|
|
|
. Enable `firewalld`:
|
|
+
|
|
[source,terminal]
|
|
----
|
|
$ sudo systemctl enable firewalld
|
|
----
|
|
|
|
. Start the `http` service:
|
|
+
|
|
[source,terminal]
|
|
----
|
|
$ sudo firewall-cmd --zone=public --add-service=http --permanent
|
|
----
|
|
+
|
|
[source,terminal]
|
|
----
|
|
$ sudo firewall-cmd --reload
|
|
----
|
|
|
|
. Start and enable the `libvirtd` service:
|
|
+
|
|
[source,terminal]
|
|
----
|
|
$ sudo systemctl enable libvirtd --now
|
|
----
|
|
|
|
. Set the ID of the provisioner node:
|
|
+
|
|
[source,terminal]
|
|
----
|
|
$ PRVN_HOST_ID=<ID>
|
|
----
|
|
+
|
|
You can view the ID with the following `ibmcloud` command:
|
|
+
|
|
[source,terminal]
|
|
----
|
|
$ ibmcloud sl hardware list
|
|
----
|
|
|
|
. Set the ID of the public subnet:
|
|
+
|
|
[source,terminal]
|
|
----
|
|
$ PUBLICSUBNETID=<ID>
|
|
----
|
|
+
|
|
You can view the ID with the following `ibmcloud` command:
|
|
+
|
|
[source,terminal]
|
|
----
|
|
$ ibmcloud sl subnet list
|
|
----
|
|
|
|
. Set the ID of the private subnet:
|
|
+
|
|
[source,terminal]
|
|
----
|
|
$ PRIVSUBNETID=<ID>
|
|
----
|
|
+
|
|
You can view the ID with the following `ibmcloud` command:
|
|
+
|
|
[source,terminal]
|
|
----
|
|
$ ibmcloud sl subnet list
|
|
----
|
|
|
|
. Set the provisioner node public IP address:
|
|
+
|
|
[source,terminal]
|
|
----
|
|
$ PRVN_PUB_IP=$(ibmcloud sl hardware detail $PRVN_HOST_ID --output JSON | jq .primaryIpAddress -r)
|
|
----
|
|
|
|
. Set the CIDR for the public network:
|
|
+
|
|
[source,terminal]
|
|
----
|
|
$ PUBLICCIDR=$(ibmcloud sl subnet detail $PUBLICSUBNETID --output JSON | jq .cidr)
|
|
----
|
|
|
|
. Set the IP address and CIDR for the public network:
|
|
+
|
|
[source,terminal]
|
|
----
|
|
$ PUB_IP_CIDR=$PRVN_PUB_IP/$PUBLICCIDR
|
|
----
|
|
|
|
. Set the gateway for the public network:
|
|
+
|
|
[source,terminal]
|
|
----
|
|
$ PUB_GATEWAY=$(ibmcloud sl subnet detail $PUBLICSUBNETID --output JSON | jq .gateway -r)
|
|
----
|
|
|
|
. Set the private IP address of the provisioner node:
|
|
+
|
|
[source,terminal]
|
|
----
|
|
$ PRVN_PRIV_IP=$(ibmcloud sl hardware detail $PRVN_HOST_ID --output JSON | \
|
|
jq .primaryBackendIpAddress -r)
|
|
----
|
|
|
|
. Set the CIDR for the private network:
|
|
+
|
|
[source,terminal]
|
|
----
|
|
$ PRIVCIDR=$(ibmcloud sl subnet detail $PRIVSUBNETID --output JSON | jq .cidr)
|
|
----
|
|
|
|
. Set the IP address and CIDR for the private network:
|
|
+
|
|
[source,terminal]
|
|
----
|
|
$ PRIV_IP_CIDR=$PRVN_PRIV_IP/$PRIVCIDR
|
|
----
|
|
|
|
. Set the gateway for the private network:
|
|
+
|
|
[source,terminal]
|
|
----
|
|
$ PRIV_GATEWAY=$(ibmcloud sl subnet detail $PRIVSUBNETID --output JSON | jq .gateway -r)
|
|
----
|
|
|
|
. Set up the bridges for the `baremetal` and `provisioning` networks:
|
|
+
|
|
[source,terminal]
|
|
----
|
|
$ sudo nohup bash -c "
|
|
nmcli --get-values UUID con show | xargs -n 1 nmcli con delete
|
|
nmcli connection add ifname provisioning type bridge con-name provisioning
|
|
nmcli con add type bridge-slave ifname eth1 master provisioning
|
|
nmcli connection add ifname baremetal type bridge con-name baremetal
|
|
nmcli con add type bridge-slave ifname eth2 master baremetal
|
|
nmcli connection modify baremetal ipv4.addresses $PUB_IP_CIDR ipv4.method manual ipv4.gateway $PUB_GATEWAY
|
|
nmcli connection modify provisioning ipv4.addresses 172.22.0.1/24,$PRIV_IP_CIDR ipv4.method manual
|
|
nmcli connection modify provisioning +ipv4.routes \"10.0.0.0/8 $PRIV_GATEWAY\"
|
|
nmcli con down baremetal
|
|
nmcli con up baremetal
|
|
nmcli con down provisioning
|
|
nmcli con up provisioning
|
|
init 6
|
|
"
|
|
----
|
|
+
|
|
[NOTE]
|
|
====
|
|
For `eth1` and `eth2`, substitute the appropriate interface name, as needed.
|
|
====
|
|
|
|
. If required, SSH back into the `provisioner` node:
|
|
+
|
|
[source,terminal]
|
|
----
|
|
# ssh kni@provisioner.<cluster-name>.<domain>
|
|
----
|
|
|
|
. Verify the connection bridges have been properly created:
|
|
+
|
|
[source,terminal]
|
|
----
|
|
$ sudo nmcli con show
|
|
----
|
|
+
|
|
.Example output
|
|
[source,terminal]
|
|
----
|
|
NAME UUID TYPE DEVICE
|
|
baremetal 4d5133a5-8351-4bb9-bfd4-3af264801530 bridge baremetal
|
|
provisioning 43942805-017f-4d7d-a2c2-7cb3324482ed bridge provisioning
|
|
virbr0 d9bca40f-eee1-410b-8879-a2d4bb0465e7 bridge virbr0
|
|
bridge-slave-eth1 76a8ed50-c7e5-4999-b4f6-6d9014dd0812 ethernet eth1
|
|
bridge-slave-eth2 f31c3353-54b7-48de-893a-02d2b34c4736 ethernet eth2
|
|
----
|
|
|
|
. Create a `pull-secret.txt` file:
|
|
+
|
|
[source,terminal]
|
|
----
|
|
$ vim pull-secret.txt
|
|
----
|
|
+
|
|
In a web browser, navigate to link:https://console.redhat.com/openshift/install/metal/user-provisioned[Install on Bare Metal with user-provisioned infrastructure]. In step 1, click **Download pull secret**. Paste the contents into the `pull-secret.txt` file and save the contents in the `kni` user's home directory.
|