The Agent-based installation method provides the flexibility to boot your on-premises servers in any way that you choose. It combines the ease of use of the Assisted Installation service with the ability to run offline, including in air-gapped environments. Agent-based installation is a subcommand of the OpenShift Container Platform installer. It generates a bootable ISO image containing all of the information required to deploy an OpenShift Container Platform cluster, with an available release image.
The configuration is in the same format as for the installer-provisioned infrastructure and user-provisioned infrastructure installation methods. The Agent-based Installer can also optionally generate or accept Zero Touch Provisioning (ZTP) custom resources. ZTP allows you to provision new edge sites with declarative configurations of bare-metal equipment.
As an OpenShift Container Platform user, you can leverage the advantages of the Assisted Installer hosted service in disconnected environments.
The Agent-based installation comprises a bootable ISO that contains the Assisted discovery agent and the Assisted Service. Both are required to perform the cluster installation, but the latter runs on only one of the hosts.
The openshift-install agent create image
subcommand generates an ephemeral ISO based on the inputs that you provide. You can choose to provide inputs through the following manifests:
Preferred:
install-config.yaml
agent-config.yaml
or
Optional: ZTP manifests
cluster-manifests/cluster-deployment.yaml
cluster-manifests/agent-cluster-install.yaml
cluster-manifests/pull-secret.yaml
cluster-manifests/infraenv.yaml
cluster-manifests/cluster-image-set.yaml
cluster-manifests/nmstateconfig.yaml
mirror/registries.conf
mirror/ca-bundle.crt
One of the control plane hosts runs the Assisted Service at the start of the boot process and eventually becomes the bootstrap host. This node is called the rendezvous host (node 0). The Assisted Service ensures that all the hosts meet the requirements and triggers an OpenShift Container Platform cluster deployment. All the nodes have the Red Hat Enterprise Linux CoreOS (RHCOS) image written to the disk. The non-bootstrap nodes reboot and initiate a cluster deployment. Once the nodes are rebooted, the rendezvous host reboots and joins the cluster. The bootstrapping is complete and the cluster is deployed.
You can install a disconnected OpenShift Container Platform cluster through the openshift-install agent create image
subcommand for the following topologies:
A single-node OpenShift Container Platform cluster (SNO): A node that is both a master and worker.
A three-node OpenShift Container Platform cluster : A compact cluster that has three master nodes that are also worker nodes.
Highly available OpenShift Container Platform cluster (HA): Three master nodes with any number of worker nodes.
Recommended cluster resources for the following topologies:
Topology | Number of master nodes | Number of worker nodes | vCPU | Memory | Storage |
---|---|---|---|---|---|
Single-node cluster |
1 |
0 |
8 vCPUs |
16GB of RAM |
120GB |
Compact cluster |
3 |
0 or 1 |
8 vCPUs |
16GB of RAM |
120GB |
HA cluster |
3 |
2 and above |
8 vCPUs |
16GB of RAM |
120GB |
The following platforms are supported:
baremetal
vsphere
none
The |
The rendezvous IP must be known at the time of generating the agent ISO, so that during the initial boot all the hosts can check in to the assisted service.
If the IP addresses are assigned using a Dynamic Host Configuration Protocol (DHCP) server, then the rendezvousIP
field must be set to an IP address of one of the hosts that will become part of the deployed control plane.
In an environment without a DHCP server, you can define IP addresses statically.
In addition to static IP addresses, you can apply any network configuration that is in NMState format. This includes VLANs and NIC bonds.
install-config.yaml
and agent-config.yaml
You must specify the value for the rendezvousIP
field. The networkConfig
fields can be left blank:
apiVersion: v1alpha1
kind: AgentConfig
metadata:
name: sno-cluster
rendezvousIP: 192.168.111.80 (1)
1 | The IP address for the rendezvous host. |
Preferred method: install-config.yaml
and agent-config.yaml
cat > agent-config.yaml << EOF
apiVersion: v1alpha1
kind: AgentConfig
metadata:
name: sno-cluster
rendezvousIP: 192.168.111.80 (1)
hosts:
- hostname: master-0
interfaces:
- name: eno1
macAddress: 00:ef:44:21:e6:a5 (2)
networkConfig:
interfaces:
- name: eno1
type: ethernet
state: up
mac-address: 00:ef:44:21:e6:a5
ipv4:
enabled: true
address:
- ip: 192.168.111.80 (3)
prefix-length: 23 (4)
dhcp: false
dns-resolver:
config:
server:
- 192.168.111.1 (5)
routes:
config:
- destination: 0.0.0.0/0
next-hop-address: 192.168.111.1 (6)
next-hop-interface: eno1
table-id: 254
EOF
1 | If a value is not specified for the rendezvousIP field, one address will be chosen from the static IP addresses specified in the networkConfig fields. |
2 | The MAC address of an interface on the host, used to determine which host to apply the configuration to. |
3 | The static IP address of the target bare metal host. |
4 | The static IP address’s subnet prefix for the target bare metal host. |
5 | The DNS server for the target bare metal host. |
6 | Next hop address for the node traffic. This must be in the same subnet as the IP address set for the specified interface. |
Optional method: GitOps ZTP manifests
The optional method of the GitOps ZTP custom resources comprises 6 custom resources; you can configure static IPs in the nmstateconfig.yaml
file.
apiVersion: agent-install.openshift.io/v1beta1
kind: NMStateConfig
metadata:
name: master-0
namespace: openshift-machine-api
labels:
cluster0-nmstate-label-name: cluster0-nmstate-label-value
spec:
config:
interfaces:
- name: eth0
type: ethernet
state: up
mac-address: 52:54:01:aa:aa:a1
ipv4:
enabled: true
address:
- ip: 192.168.122.2 (1)
prefix-length: 23 (2)
dhcp: false
dns-resolver:
config:
server:
- 192.168.122.1 (3)
routes:
config:
- destination: 0.0.0.0/0
next-hop-address: 192.168.122.1 (4)
next-hop-interface: eth0
table-id: 254
interfaces:
- name: eth0
macAddress: 52:54:01:aa:aa:a1 (5)
1 | The static IP address of the target bare metal host. |
2 | The static IP address’s subnet prefix for the target bare metal host. |
3 | The DNS server for the target bare metal host. |
4 | Next hop address for the node traffic. This must be in the same subnet as the IP address set for the specified interface. |
5 | The MAC address of an interface on the host, used to determine which host to apply the configuration to. |
The rendezvous IP is chosen from the static IP addresses specified in the config
fields.
The following agent-config.yaml
file is an example of a manifest for bond and VLAN interfaces.
apiVersion: v1alpha1
kind: AgentConfig
rendezvousIP: 10.10.10.14
hosts:
- hostname: master0
role: master
interfaces:
- name: enp0s4
macAddress: 00:21:50:90:c0:10
- name: enp0s5
macAddress: 00:21:50:90:c0:20
networkConfig:
interfaces:
- name: bond0.300 (1)
type: vlan (2)
state: up
vlan:
base-iface: bond0
id: 300
ipv4:
enabled: true
address:
- ip: 10.10.10.14
prefix-length: 24
dhcp: false
- name: bond0 (1)
type: bond (3)
state: up
mac-address: 00:21:50:90:c0:10 (4)
ipv4:
enabled: false
ipv6:
enabled: false
link-aggregation:
mode: active-backup (5)
options:
miimon: "150" (6)
port:
- enp0s4
- enp0s5
dns-resolver: (7)
config:
server:
- 10.10.10.11
- 10.10.10.12
routes:
config:
- destination: 0.0.0.0/0
next-hop-address: 10.10.10.10 (8)
next-hop-interface: bond0.300 (9)
table-id: 254
1 | Name of the interface. |
2 | The type of interface. This example creates a VLAN. |
3 | The type of interface. This example creates a bond. |
4 | The mac address of the interface. |
5 | The mode attribute specifies the bonding mode. |
6 | Specifies the MII link monitoring frequency in milliseconds. This example inspects the bond link every 150 milliseconds. |
7 | Optional: Specifies the search and server settings for the DNS server. |
8 | Next hop address for the node traffic. This must be in the same subnet as the IP address set for the specified interface. |
9 | Next hop interface for the node traffic. |
Support for Day 1 operations associated with enabling NIC partitioning for SR-IOV devices is a Technology Preview feature only. Technology Preview features are not supported with Red Hat production service level agreements (SLAs) and might not be functionally complete. Red Hat does not recommend using them in production. These features provide early access to upcoming product features, enabling customers to test functionality and provide feedback during the development process. For more information about the support scope of Red Hat Technology Preview features, see Technology Preview Features Support Scope. |
The following agent-config.yaml
file is an example of a manifest for dual port NIC with a bond and SR-IOV interfaces:
apiVersion: v1alpha1
kind: AgentConfig
rendezvousIP: 10.10.10.14
hosts:
- hostname: worker-1
interfaces:
- name: eno1
macAddress: 0c:42:a1:55:f3:06
- name: eno2
macAddress: 0c:42:a1:55:f3:07
networkConfig: (1)
interfaces: (2)
- name: eno1 (3)
type: ethernet (4)
state: up
mac-address: 0c:42:a1:55:f3:06
ipv4:
enabled: true
dhcp: false (5)
ethernet:
sr-iov:
total-vfs: 2 (6)
ipv6:
enabled: false
- name: sriov:eno1:0
type: ethernet
state: up (7)
ipv4:
enabled: false (8)
ipv6:
enabled: false
dhcp: false
- name: sriov:eno1:1
type: ethernet
state: down
- name: eno2
type: ethernet
state: up
mac-address: 0c:42:a1:55:f3:07
ipv4:
enabled: true
ethernet:
sr-iov:
total-vfs: 2
ipv6:
enabled: false
- name: sriov:eno2:0
type: ethernet
state: up
ipv4:
enabled: false
ipv6:
enabled: false
- name: sriov:eno2:1
type: ethernet
state: down
- name: bond0
type: bond
state: up
min-tx-rate: 100 (9)
max-tx-rate: 200 (10)
link-aggregation:
mode: active-backup (11)
options:
primary: sriov:eno1:0 (12)
port:
- sriov:eno1:0
- sriov:eno2:0
ipv4:
address:
- ip: 10.19.16.57 (13)
prefix-length: 23
dhcp: false
enabled: true
ipv6:
enabled: false
dns-resolver:
config:
server:
- 10.11.5.160
- 10.2.70.215
routes:
config:
- destination: 0.0.0.0/0
next-hop-address: 10.19.17.254
next-hop-interface: bond0 (14)
table-id: 254
1 | The networkConfig field contains information about the network configuration of the host, with subfields including interfaces ,dns-resolver , and routes . |
2 | The interfaces field is an array of network interfaces defined for the host. |
3 | The name of the interface. |
4 | The type of interface. This example creates an ethernet interface. |
5 | Set this to false to disable DHCP for the physical function (PF) if it is not strictly required. |
6 | Set this to the number of SR-IOV virtual functions (VFs) to instantiate. |
7 | Set this to up . |
8 | Set this to false to disable IPv4 addressing for the VF attached to the bond. |
9 | Sets a minimum transmission rate, in Mbps, for the VF. This sample value sets a rate of 100 Mbps.
|
10 | Sets a maximum transmission rate, in Mbps, for the VF. This sample value sets a rate of 200 Mbps. |
11 | Sets the desired bond mode. |
12 | Sets the preferred port of the bonding interface. The primary device is the first of the bonding interfaces to be used and is not abandoned unless it fails. This setting is particularly useful when one NIC in the bonding interface is faster and, therefore, able to handle a bigger load. This setting is only valid when the bonding interface is in active-backup mode (mode 1) and balance-tlb (mode 5). |
13 | Sets a static IP address for the bond interface. This is the node IP address. |
14 | Sets bond0 as the gateway for the default route. |
You can customize the install-config.yaml
file to specify more details about your OpenShift Container Platform cluster’s platform or modify the values of the required parameters.
apiVersion: v1
baseDomain: example.com (1)
compute: (2)
- name: worker
replicas: 0 (3)
controlPlane: (2)
name: master
replicas: 1 (4)
metadata:
name: sno-cluster (5)
networking:
clusterNetwork:
- cidr: 10.128.0.0/14 (6)
hostPrefix: 23 (7)
networkType: OVNKubernetes (8)
serviceNetwork: (9)
- 172.30.0.0/16
platform:
none: {} (10)
fips: false (11)
pullSecret: '{"auths": ...}' (12)
sshKey: 'ssh-ed25519 AAAA...' (13)
1 | The base domain of the cluster. All DNS records must be sub-domains of this base and include the cluster name. | ||
2 | The controlPlane section is a single mapping, but the compute section is a sequence of mappings. To meet the requirements of the different data structures, the first line of the compute section must begin with a hyphen, - , and the first line of the controlPlane section must not. Only one control plane pool is used. |
||
3 | This parameter controls the number of compute machines that the Agent-based installation waits to discover before triggering the installation process. It is the number of compute machines that must be booted with the generated ISO.
|
||
4 | The number of control plane machines that you add to the cluster. Because the cluster uses these values as the number of etcd endpoints in the cluster, the value must match the number of control plane machines that you deploy. | ||
5 | The cluster name that you specified in your DNS records. | ||
6 | A block of IP addresses from which pod IP addresses are allocated. This block must not overlap with existing physical networks. These IP addresses are used for the pod network. If you need to access the pods from an external network, you must configure load balancers and routers to manage the traffic.
|
||
7 | The subnet prefix length to assign to each individual node. For example, if hostPrefix is set to 23 , then each node is assigned a /23 subnet out of the given cidr , which allows for 510 (2^(32 - 23) - 2) pod IP addresses. If you are required to provide access to nodes from an external network, configure load balancers and routers to manage the traffic. |
||
8 | The cluster network plugin to install. The supported values are OVNKubernetes (default value) and OpenShiftSDN . |
||
9 | The IP address pool to use for service IP addresses. You can enter only one IP address pool. This block must not overlap with existing physical networks. If you need to access the services from an external network, configure load balancers and routers to manage the traffic. | ||
10 | You must set the platform to none for a single-node cluster. You can set the platform to either vsphere or baremetal for multi-node clusters.
|
||
11 | Whether to enable or disable FIPS mode. By default, FIPS mode is not enabled.
|
||
12 | This pull secret allows you to authenticate with the services that are provided by the included authorities, including Quay.io, which serves the container images for OpenShift Container Platform components. | ||
13 | The SSH public key for the core user in Red Hat Enterprise Linux CoreOS (RHCOS).
|
The Agent-based Installer performs validation checks on user defined YAML files before the ISO is created. Once the validations are successful, the agent ISO is created.
install-config.yaml
baremetal
, vsphere
and none
platforms are supported.
If none
is used as a platform, the number of control plane replicas must be 1
and the total number of worker replicas must be 0
.
The networkType
parameter must be OVNKubernetes
in the case of none
platform.
apiVIPs
and ingressVIPs
parameters must be set for bare metal and vSphere platforms.
Some host-specific fields in the bare metal platform configuration that have equivalents in agent-config.yaml
file are ignored. A warning message is logged if these fields are set.
agent-config.yaml
Each interface must have a defined MAC address. Additionally, all interfaces must have a different MAC address.
At least one interface must be defined for each host.
World Wide Name (WWN) vendor extensions are not supported in root device hints.
The role
parameter in the host
object must have a value of either master
or worker
.
The rootDeviceHints
parameter enables the installer to provision the Red Hat Enterprise Linux CoreOS (RHCOS) image to a particular device. The installer examines the devices in the order it discovers them, and compares the discovered values with the hint values. The installer uses the first discovered device that matches the hint value. The configuration can combine multiple hints, but a device must match all hints for the installer to select it.
Subfield | Description |
---|---|
|
A string containing a Linux device name such as |
|
A string containing a SCSI bus address like |
|
A string containing a vendor-specific device identifier. The hint can be a substring of the actual value. |
|
A string containing the name of the vendor or manufacturer of the device. The hint can be a sub-string of the actual value. |
|
A string containing the device serial number. The hint must match the actual value exactly. |
|
An integer representing the minimum size of the device in gigabytes. |
|
A string containing the unique storage identifier. The hint must match the actual value exactly.
If you use the |
|
A boolean indicating whether the device should be a rotating disk (true) or not (false). |
- name: master-0
role: master
rootDeviceHints:
deviceName: "/dev/sda"