# useradd kni
install-config
parametersPerform the following steps to prepare the provisioner node.
Log in to the provisioner node via ssh
.
Create a non-root user (kni
) and provide that user with sudo
privileges:
# useradd kni
# passwd kni
# echo "kni ALL=(root) NOPASSWD:ALL" | tee -a /etc/sudoers.d/kni
# chmod 0440 /etc/sudoers.d/kni
Create an ssh
key for the new user:
# su - kni -c "ssh-keygen -f /home/kni/.ssh/id_rsa -N ''"
Log in as the new user on the provisioner node:
# su - kni
Use Red Hat Subscription Manager to register the provisioner node:
$ sudo subscription-manager register --username=<user> --password=<pass> --auto-attach
$ sudo subscription-manager repos --enable=rhel-8-for-x86_64-appstream-rpms \
--enable=rhel-8-for-x86_64-baseos-rpms
For more information about Red Hat Subscription Manager, see Using and Configuring Red Hat Subscription Manager. |
Install the following packages:
$ sudo dnf install -y libvirt qemu-kvm mkisofs python3-devel jq ipmitool
Modify the user to add the libvirt
group to the newly created user:
$ sudo usermod --append --groups libvirt kni
Start firewalld
:
$ sudo systemctl start firewalld
Enable firewalld
:
$ sudo systemctl enable firewalld
Start the http
service:
$ sudo firewall-cmd --zone=public --add-service=http --permanent
$ sudo firewall-cmd --reload
Start and enable the libvirtd
service:
$ sudo systemctl enable libvirtd --now
Set the ID of the provisioner node:
$ PRVN_HOST_ID=<ID>
You can view the ID with the following ibmcloud
command:
$ ibmcloud sl hardware list
Set the ID of the public subnet:
$ PUBLICSUBNETID=<ID>
You can view the ID with the following ibmcloud
command:
$ ibmcloud sl subnet list
Set the ID of the private subnet:
$ PRIVSUBNETID=<ID>
You can view the ID with the following ibmcloud
command:
$ ibmcloud sl subnet list
Set the provisioner node public IP address:
$ PRVN_PUB_IP=$(ibmcloud sl hardware detail $PRVN_HOST_ID --output JSON | jq .primaryIpAddress -r)
Set the CIDR for the public network:
$ PUBLICCIDR=$(ibmcloud sl subnet detail $PUBLICSUBNETID --output JSON | jq .cidr)
Set the IP address and CIDR for the public network:
$ PUB_IP_CIDR=$PRVN_PUB_IP/$PUBLICCIDR
Set the gateway for the public network:
$ PUB_GATEWAY=$(ibmcloud sl subnet detail $PUBLICSUBNETID --output JSON | jq .gateway -r)
Set the private IP address of the provisioner node:
$ PRVN_PRIV_IP=$(ibmcloud sl hardware detail $PRVN_HOST_ID --output JSON | \
jq .primaryBackendIpAddress -r)
Set the CIDR for the private network:
$ PRIVCIDR=$(ibmcloud sl subnet detail $PRIVSUBNETID --output JSON | jq .cidr)
Set the IP address and CIDR for the private network:
$ PRIV_IP_CIDR=$PRVN_PRIV_IP/$PRIVCIDR
Set the gateway for the private network:
$ PRIV_GATEWAY=$(ibmcloud sl subnet detail $PRIVSUBNETID --output JSON | jq .gateway -r)
Set up the bridges for the baremetal
and provisioning
networks:
$ sudo nohup bash -c "
nmcli --get-values UUID con show | xargs -n 1 nmcli con delete
nmcli connection add ifname provisioning type bridge con-name provisioning
nmcli con add type bridge-slave ifname eth1 master provisioning
nmcli connection add ifname baremetal type bridge con-name baremetal
nmcli con add type bridge-slave ifname eth2 master baremetal
nmcli connection modify baremetal ipv4.addresses $PUB_IP_CIDR ipv4.method manual ipv4.gateway $PUB_GATEWAY
nmcli connection modify provisioning ipv4.addresses 172.22.0.1/24,$PRIV_IP_CIDR ipv4.method manual
nmcli connection modify provisioning +ipv4.routes \"10.0.0.0/8 $PRIV_GATEWAY\"
nmcli con down baremetal
nmcli con up baremetal
nmcli con down provisioning
nmcli con up provisioning
init 6
"
For |
If required, SSH back into the provisioner
node:
# ssh kni@provisioner.<cluster-name>.<domain>
Verify the connection bridges have been properly created:
$ sudo nmcli con show
NAME UUID TYPE DEVICE
baremetal 4d5133a5-8351-4bb9-bfd4-3af264801530 bridge baremetal
provisioning 43942805-017f-4d7d-a2c2-7cb3324482ed bridge provisioning
virbr0 d9bca40f-eee1-410b-8879-a2d4bb0465e7 bridge virbr0
bridge-slave-eth1 76a8ed50-c7e5-4999-b4f6-6d9014dd0812 ethernet eth1
bridge-slave-eth2 f31c3353-54b7-48de-893a-02d2b34c4736 ethernet eth2
Create a pull-secret.txt
file:
$ vim pull-secret.txt
In a web browser, navigate to Install on Bare Metal with user-provisioned infrastructure. In step 1, click Download pull secret. Paste the contents into the pull-secret.txt
file and save the contents in the kni
user’s home directory.
All of the OpenShift Container Platform cluster nodes must be on the public subnet. IBM Cloud® does not provide a DHCP server on the subnet. Set it up separately on the provisioner node.
You must reset the BASH variables defined when preparing the provisioner node. Rebooting the provisioner node after preparing it will delete the BASH variables previously set.
Install dnsmasq
:
$ sudo dnf install dnsmasq
Open the dnsmasq
configuration file:
$ sudo vi /etc/dnsmasq.conf
Add the following configuration to the dnsmasq
configuration file:
interface=baremetal
except-interface=lo
bind-dynamic
log-dhcp
dhcp-range=<ip_addr>,<ip_addr>,<pub_cidr> (1)
dhcp-option=baremetal,121,0.0.0.0/0,<pub_gateway>,<prvn_priv_ip>,<prvn_pub_ip> (2)
dhcp-hostsfile=/var/lib/dnsmasq/dnsmasq.hostsfile
1 | Set the DHCP range. Replace both instances of <ip_addr> with one unused IP address from the public subnet so that the dhcp-range for the baremetal network begins and ends with the same the IP address. Replace <pub_cidr> with the CIDR of the public subnet. |
2 | Set the DHCP option. Replace <pub_gateway> with the IP address of the gateway for the baremetal network. Replace <prvn_priv_ip> with the IP address of the provisioner node’s private IP address on the provisioning network. Replace <prvn_pub_ip> with the IP address of the provisioner node’s public IP address on the baremetal network. |
To retrieve the value for <pub_cidr>
, execute:
$ ibmcloud sl subnet detail <publicsubnetid> --output JSON | jq .cidr
Replace <publicsubnetid>
with the ID of the public subnet.
To retrieve the value for <pub_gateway>
, execute:
$ ibmcloud sl subnet detail <publicsubnetid> --output JSON | jq .gateway -r
Replace <publicsubnetid>
with the ID of the public subnet.
To retrieve the value for <prvn_priv_ip>
, execute:
$ ibmcloud sl hardware detail <id> --output JSON | \
jq .primaryBackendIpAddress -r
Replace <id>
with the ID of the provisioner node.
To retrieve the value for <prvn_pub_ip>
, execute:
$ ibmcloud sl hardware detail <id> --output JSON | jq .primaryIpAddress -r
Replace <id>
with the ID of the provisioner node.
Obtain the list of hardware for the cluster:
$ ibmcloud sl hardware list
Obtain the MAC addresses and IP addresses for each node:
$ ibmcloud sl hardware detail <id> --output JSON | \
jq '.networkComponents[] | \
"\(.primaryIpAddress) \(.macAddress)"' | grep -v null
Replace <id>
with the ID of the node.
"10.196.130.144 00:e0:ed:6a:ca:b4"
"141.125.65.215 00:e0:ed:6a:ca:b5"
Make a note of the MAC address and IP address of the public network. Make a separate note of the MAC address of the private network, which you will use later in the install-config.yaml
file. Repeat this procedure for each node until you have all the public MAC and IP addresses for the public baremetal
network, and the MAC addresses of the private provisioning
network.
Add the MAC and IP address pair of the public baremetal
network for each node into the dnsmasq.hostsfile
file:
$ sudo vim /var/lib/dnsmasq/dnsmasq.hostsfile
00:e0:ed:6a:ca:b5,141.125.65.215,master-0
<mac>,<ip>,master-1
<mac>,<ip>,master-2
<mac>,<ip>,worker-0
<mac>,<ip>,worker-1
...
Replace <mac>,<ip>
with the public MAC address and public IP address of the corresponding node name.
Start dnsmasq
:
$ sudo systemctl start dnsmasq
Enable dnsmasq
so that it starts when booting the node:
$ sudo systemctl enable dnsmasq
Verify dnsmasq