Skip to content

Latest commit

 

History

History
246 lines (155 loc) · 8.37 KB

Install-AIO-Libvirt.adoc

File metadata and controls

246 lines (155 loc) · 8.37 KB

All In One: AIO Libvirt

Overview

If you plan to deploy OCP in a libvirt/kvm based environment, you are in luck. These playbooks can automate everything including the setup of the libvirt/kvm host itself.

Using this configuration, Openshift will be deployed as virtual machines in a NAT’d internal network. You can easily change this to a bridged network by using alternate configuration templates.

NAT is easy because:

  • dhcp, pxe don’t conflict with public network

  • it’s a real cloud, meaning you get ingress through the haproxy loadbalancer. The outside world cannot reach your cluster nodes directly.

After setup of the libvirt host is complete, the bastion host is built from a DVD and post-configured with ansible plays to enable:

  • dns

  • dhcp

  • pxe

  • matchbox

  • nfs for persistent storage (not supported in PROD, but works for POC)

  • openshift install/ignition generation

  • more…​

Lastly, these are default configurations on the virt host but can be changed in the config files:

  • vm images will go into /home/virt-images

  • iso images will got into /home/iso

  • network is NAT by default with 192.168.123.xxx and ocp.example.com as internal domain.

Virt host should be loaded with either RHEL 7.7+, RHEL 8.1+ or RHEL 9.0+

1. Prerequisites

  • RHEL 7.7+, 8.0+, 9.0+ base installation

  • Installed packages: git, ansible 2.9

  • RHEL images needed for the deployment are now automatically downloaded (see api-token.txt)

  • RHEL 7.9 or 8.4 BOOT ISO saved in /home/iso

  • log on to cloud.redhat.com and get your pull-secret.txt, ocm-token.txt, api-token.txt

  • internet access (either direct or via proxy)

1.1. Register system

However you get it done, the primary virthost system will need access to additional RHEL repos. At this time, I’m testing on RHEL 7.9, RHEL 8.4, RHEL 9.0

For RHEL 7.9

  • "rhel-7-server-rpms"

  • "rhel-7-server-optional-rpms"

  • "rhel-7-server-ansible-2.9-rpms"

For RHEL 8.4:

  • "rhel-8-for-x86_64-baseos-rpms"

  • "rhel-8-for-x86_64-appstream-rpms"

  • "ansible-2.9-for-rhel-8-x86_64-rpms"

For RHEL 9.0:

  • "rhel-9-for-x86_64-baseos-rpms"

  • "rhel-9-for-x86_64-appstream-rpms"

  • added ansible collections from EPEL

And yes, I test with CentOS 7 from time to time and it should work as both the virthost platform and for the bastion server.

1.2. Install additional packages

⚠️
 this process requires and is tested with ansible 2.9. Anything older that Ansible 2.9 WILL NOT WORK!!!

Besides an @Base installation, you will need git and ansible installed before you begin. Once installed, the playbooks will take care of the rest.

yum -y install git

1.3. Git Clone Repo

Still on your virt host:

cd ~

git clone http://github.com/xtophd/OCP4-Workshop --recurse-submodules

1.4. Create the Config Files

1.4.1. Determine Network Configuration

In both cases (NAT or Bridge), the libvirt 'default' network is left alone and unused. This allows for the continued use of whatever you may already have configured on the virt host without conflict with what is about to be deployed.

In this example, we will use the NAT’d configuration.

1.4.2. Copy NAT configurations to './config' directory

Using the NAT’d network config will require the least amount of changes to the config. You really only need to provide the provide proper info for IP address space.

cd ./OCP4-Workshop

cp ./sample-configs/libvirt-nat/ocp4-workshop-setup.ans ./config

1.5. Run the setup tool

ℹ️
 Any changes you make directly to the files in './config/' will be left untouched in the event you update the project repo with git pull. Git is configured to ignore files in ../config

Launch the setup tool which reads the answer file you created in the previous step.

./sample-configs/ocp4-workshop-setup.sh

Please pay close attention to the general network information, and of course the IP and MAC addresses for your systems (vms). In a libvirt (or ovirt) environment, the default behaviour is to allow the playbooks to generate MAC addresses. The randomly generated MACs are stored and will persist in the configs until the config directory is deleted (../config/host_vars/*).

It is MANDATORY to set the various passwords each time the setup script is invoked. Passwords are NEVER stored in the answer file.

You should not need to make any additional adjustments to the settings, but the choice is yours.

Once the passwords are set, select the option to Prepare Deploymnet and will convert your answers to the actual configuration files in ./config

1.6. Retrieve RHEL 8.8 DVD and BOOT ISOs

The utility server currently depends on a RHEL 8.8 images. You can copy the URL from the access.redhat.com download page, and be sure to use single quotes to prevent bash from parsing the string.

ℹ️
 As of the latest release (Feb 2024), xtoph_deploy will automatically pull the required RHEL Images if the api-token.txt file is set. 
mkdir -p /home/iso/

wget -O /home/iso/rhel-8.8-x86_64-dvd.iso '<URL>'
wget -O /home/iso/rhel-8.8-x86_64-boot.iso '<URL>'

1.7. Retrieve Openshift Pull Secret

⚠️
 The file /root/OCP4-Workshop/config/pull-secret.txt must exist on the deployer host before you continue.

Using a browser, go to redhat.com and retrieve the pull-secret. You can either:

  • download the pull-secret.txt and transfer it to the ./config directory, OR

  • copy the pull-secret.txt to the paste buffer and then edit pull-secret.txt and paste the contents

If you are planning an Assisted-Installer based deployment (ai or ai-sno), then you must also create the ocm-token.txt file.

Using a browser, go to redhat.com and retrieve the ocm-token.

  • generate the token

  • copy the token and paste it into ./config/ocm-token.txt

Using a browser, go to redhat.com and retrieve the api-token.

  • generate the token

  • copy the token and paste it into ./config/api-token.txt

1.8. Final Check List

  • Is there enough memory?

  • Is there enough cpu?

  • Is there enough disk space and is it in the right location?

  • Is the RHEL ISO downloaded and stored in the right place

  • Is the Openshift UPI Pull Secret downloaded and stored in the right place

  • Is the OCM Token (only for AI installs) downloaded and stored in the right place

  • Did you install (upgrade) Ansible 2.9

2. Platform Setup

./xtoph-deploy.sh setup

3. OCP Deployment

./xtoph-deploy.sh deploy

4. Post Installation

If you elected to deploy the workshop materials (which is the default) in your configuartion, you will find a number of convenient scripts in /usr/local/bin on the bastion host.

4.1. Extra Info (WHERE ARE MY CREDENTIALS?)

Artifacts from the build will be on the bastion host in /root/ocp-<clustername>

Authority files will be on the bastion host in /root/ocp-<clustername>/auth

4.2. VNC Connection to the bastion host

If enabled in master-config.yml (now the default for the libvirt-nat.yml), a VNC server is configured on the bastion host.

You could then use an ssh tunnel to setup up a port on the virt host which will connect to the bastion vm. If you left all of the default parameters and substituting your-host-ipaddr, run the following on the libvirt host.

firewall-cmd --add-port=5903/tcp
firewall-cmd --permanent --add-port=5903/tcp
ssh -L <your-host-ipaddr>:5903:192.168.123.10:5903 [email protected] -N

Now you should be able to use VNC client to connect to <your-host-ipaddr>:5903

Don’t forget to set the display quality to "High" in the VNC connection properties, and increase the display resolution on the bastion’s desktop GUI settings.

Continue to the Workshop

The workshop document and exercises can be found here:

The End

Built-in
asciidoctor-version

2.0.22

safe-mode-name

secure