×
Preparing to install with the Agent-based Installer
- About the Agent-based Installer
- Understanding Agent-based Installer
- About networking
- Example: Bonds and VLAN interface node network configuration
- Example: Bonds and SR-IOV dual-nic node network configuration
- Sample install-config.yaml file for bare metal
- Validation checks before agent ISO creation
- About root device hints
- Next steps
About the Agent-based Installer
The Agent-based installation method provides the flexibility to boot your on-premises servers in any way that you choose. It combines the ease of use of the Assisted Installation service with the ability to run offline, including in air-gapped environments. Agent-based installation is a subcommand of the OpenShift Container Platform installer. It generates a bootable ISO image containing all of the information required to deploy an OpenShift Container Platform cluster, with an available release image.
The configuration is in the same format as for the installer-provisioned infrastructure and user-provisioned infrastructure installation methods. The Agent-based Installer can also optionally generate or accept Zero Touch Provisioning (ZTP) custom resources. ZTP allows you to provision new edge sites with declarative configurations of bare-metal equipment.
Understanding Agent-based Installer
As an OpenShift Container Platform user, you can leverage the advantages of the Assisted Installer hosted service in disconnected environments.
The Agent-based installation comprises a bootable ISO that contains the Assisted discovery agent and the Assisted Service. Both are required to perform the cluster installation, but the latter runs on only one of the hosts.
The openshift-install agent create image subcommand generates an ephemeral ISO based on the inputs that you provide. You can choose to provide inputs through the following manifests:
Preferred:
-
install-config.yaml -
agent-config.yaml
or
Optional: ZTP manifests
-
cluster-manifests/cluster-deployment.yaml -
cluster-manifests/agent-cluster-install.yaml -
cluster-manifests/pull-secret.yaml -
cluster-manifests/infraenv.yaml -
cluster-manifests/cluster-image-set.yaml -
cluster-manifests/nmstateconfig.yaml -
mirror/registries.conf -
mirror/ca-bundle.crt
Agent-based Installer workflow
One of the control plane hosts runs the Assisted Service at the start of the boot process and eventually becomes the bootstrap host. This node is called the rendezvous host (node 0). The Assisted Service ensures that all the hosts meet the requirements and triggers an OpenShift Container Platform cluster deployment. All the nodes have the Red Hat Enterprise Linux CoreOS (RHCOS) image written to the disk. The non-bootstrap nodes reboot and initiate a cluster deployment. Once the nodes are rebooted, the rendezvous host reboots and joins the cluster. The bootstrapping is complete and the cluster is deployed.
Figure 1. Node installation workflow
You can install a disconnected OpenShift Container Platform cluster through the openshift-install agent create image subcommand for the following topologies:
-
A single-node OpenShift Container Platform cluster (SNO): A node that is both a master and worker.
-
A three-node OpenShift Container Platform cluster : A compact cluster that has three master nodes that are also worker nodes.
-
Highly available OpenShift Container Platform cluster (HA): Three master nodes with any number of worker nodes.
Recommended resources for topologies
Recommended cluster resources for the following topologies:
| Topology | Number of master nodes | Number of worker nodes | vCPU | Memory | Storage |
|---|---|---|---|---|---|
Single-node cluster |
1 |
0 |
8 vCPU cores |
16GB of RAM |
120GB |
Compact cluster |
3 |
0 or 1 |
8 vCPU cores |
16GB of RAM |
120GB |
HA cluster |
3 |
2 and above |
8 vCPU cores |
16GB of RAM |
120GB |
The following platforms are supported:
-
baremetal -
vsphere -
noneThe
noneoption is supported for only single-node OpenShift clusters with anOVNKubernetesnetwork type.
Additional resources
About networking
The rendezvous IP must be known at the time of generating the agent ISO, so that during the initial boot all the hosts can check in to the assisted service.
If the IP addresses are assigned using a Dynamic Host Configuration Protocol (DHCP) server, then the rendezvousIP field must be set to an IP address of one of the hosts that will become part of the deployed control plane.
In an environment without a DHCP server, you can define IP addresses statically.
In addition to static IP addresses, you can apply any network configuration that is in NMState format. This includes VLANs and NIC bonds.
DHCP
Preferred method:
install-config.yaml and agent-config.yamlYou must specify the value for the rendezvousIP field. The networkConfig fields can be left blank:
Sample agent-config.yaml.file
apiVersion: v1alpha1
kind: AgentConfig
metadata:
name: sno-cluster
rendezvousIP: 192.168.111.80 (1)| 1 | The IP address for the rendezvous host. |
Static networking
-
Preferred method:
install-config.yamlandagent-config.yamlSample agent-config.yaml.filecat > agent-config.yaml << EOF apiVersion: v1alpha1 kind: AgentConfig metadata: name: sno-cluster rendezvousIP: 192.168.111.80 (1) hosts: - hostname: master-0 interfaces: - name: eno1 macAddress: 00:ef:44:21:e6:a5 (2) networkConfig: interfaces: - name: eno1 type: ethernet state: up mac-address: 00:ef:44:21:e6:a5 ipv4: enabled: true address: - ip: 192.168.111.80 (3) prefix-length: 23 (4) dhcp: false dns-resolver: config: server: - 192.168.111.1 (5) routes: config: - destination: 0.0.0.0/0 next-hop-address: 192.168.111.1 (6) next-hop-interface: eno1 table-id: 254 EOF1 If a value is not specified for the rendezvousIPfield, one address will be chosen from the static IP addresses specified in thenetworkConfigfields.2 The MAC address of an interface on the host, used to determine which host to apply the configuration to. 3 The static IP address of the target bare metal host. 4 The static IP address’s subnet prefix for the target bare metal host. 5 The DNS server for the target bare metal host. 6 Next hop address for the node traffic. This must be in the same subnet as the IP address set for the specified interface. -
Optional method: GitOps ZTP manifests
The optional method of the GitOps ZTP custom resources comprises 6 custom resources; you can configure static IPs in the
nmstateconfig.yamlfile.apiVersion: agent-install.openshift.io/v1beta1 kind: NMStateConfig metadata: name: master-0 namespace: openshift-machine-api labels: cluster0-nmstate-label-name: cluster0-nmstate-label-value spec: config: interfaces: - name: eth0 type: ethernet state: up mac-address: 52:54:01:aa:aa:a1 ipv4: enabled: true address: - ip: 192.168.122.2 (1) prefix-length: 23 (2) dhcp: false dns-resolver: config: server: - 192.168.122.1 (3) routes: config: - destination: 0.0.0.0/0 next-hop-address: 192.168.122.1 (4) next-hop-interface: eth0 table-id: 254 interfaces: - name: eth0 macAddress: 52:54:01:aa:aa:a1 (5)1 The static IP address of the target bare metal host. 2 The static IP address’s subnet prefix for the target bare metal host. 3 The DNS server for the target bare metal host. 4 Next hop address for the node traffic. This must be in the same subnet as the IP address set for the specified interface. 5 The MAC address of an interface on the host, used to determine which host to apply the configuration to.
The rendezvous IP is chosen from the static IP addresses specified in the config fields.
Example: Bonds and VLAN interface node network configuration
The following agent-config.yaml file is an example of a manifest for bond and VLAN interfaces.
apiVersion: v1alpha1
kind: AgentConfig
rendezvousIP: 10.10.10.14
hosts:
- hostname: master0
role: master
interfaces:
- name: enp0s4
macAddress: 00:21:50:90:c0:10
- name: enp0s5
macAddress: 00:21:50:90:c0:20
networkConfig:
interfaces:
- name: bond0.300 (1)
type: vlan (2)
state: up
vlan:
base-iface: bond0
id: 300
ipv4:
enabled: true
address:
- ip: 10.10.10.14
prefix-length: 24
dhcp: false
- name: bond0 (1)
type: bond (3)
state: up
mac-address: 00:21:50:90:c0:10 (4)
ipv4:
enabled: false
ipv6:
enabled: false
link-aggregation:
mode: active-backup (5)
options:
miimon: "150" (6)
port:
- enp0s4
- enp0s5
dns-resolver: (7)
config:
server:
- 10.10.10.11
- 10.10.10.12
routes:
config:
- destination: 0.0.0.0/0
next-hop-address: 10.10.10.10 (8)
next-hop-interface: bond0.300 (9)
table-id: 254| 1 | Name of the interface. |
| 2 | The type of interface. This example creates a VLAN. |
| 3 | The type of interface. This example creates a bond. |
| 4 | The mac address of the interface. |
| 5 | The mode attribute specifies the bonding mode. |
| 6 | Specifies the MII link monitoring frequency in milliseconds. This example inspects the bond link every 150 milliseconds. |
| 7 | Optional: Specifies the search and server settings for the DNS server. |
| 8 | Next hop address for the node traffic. This must be in the same subnet as the IP address set for the specified interface. |
| 9 | Next hop interface for the node traffic. |
Example: Bonds and SR-IOV dual-nic node network configuration
|
Support for Day 1 operations associated with enabling NIC partitioning for SR-IOV devices is a Technology Preview feature only. Technology Preview features are not supported with Red Hat production service level agreements (SLAs) and might not be functionally complete. Red Hat does not recommend using them in production. These features provide early access to upcoming product features, enabling customers to test functionality and provide feedback during the development process. For more information about the support scope of Red Hat Technology Preview features, see Technology Preview Features Support Scope. |
The following agent-config.yaml file is an example of a manifest for dual port NIC with a bond and SR-IOV interfaces:
apiVersion: v1alpha1
kind: AgentConfig
rendezvousIP: 10.10.10.14
hosts:
- hostname: worker-1
interfaces:
- name: eno1
macAddress: 0c:42:a1:55:f3:06
- name: eno2
macAddress: 0c:42:a1:55:f3:07
networkConfig: (1)
interfaces: (2)
- name: eno1 (3)
type: ethernet (4)
state: up
mac-address: 0c:42:a1:55:f3:06
ipv4:
enabled: true
dhcp: false (5)
ethernet:
sr-iov:
total-vfs: 2 (6)
ipv6:
enabled: false
- name: sriov:eno1:0
type: ethernet
state: up (7)
ipv4:
enabled: false (8)
ipv6:
enabled: false
dhcp: false
- name: sriov:eno1:1
type: ethernet
state: down
- name: eno2
type: ethernet
state: up
mac-address: 0c:42:a1:55:f3:07
ipv4:
enabled: true
ethernet:
sr-iov:
total-vfs: 2
ipv6:
enabled: false
- name: sriov:eno2:0
type: ethernet
state: up
ipv4:
enabled: false
ipv6:
enabled: false
- name: sriov:eno2:1
type: ethernet
state: down
- name: bond0
type: bond
state: up
min-tx-rate: 100 (9)
max-tx-rate: 200 (10)
link-aggregation:
mode: active-backup (11)
options:
primary: sriov:eno1:0 (12)
port:
- sriov:eno1:0
- sriov:eno2:0
ipv4:
address:
- ip: 10.19.16.57 (13)
prefix-length: 23
dhcp: false
enabled: true
ipv6:
enabled: false
dns-resolver:
config:
server:
- 10.11.5.160
- 10.2.70.215
routes:
config:
- destination: 0.0.0.0/0
next-hop-address: 10.19.17.254
next-hop-interface: bond0 (14)
table-id: 254| 1 | The networkConfig field contains information about the network configuration of the host, with subfields including interfaces,dns-resolver, and routes. |
| 2 | The interfaces field is an array of network interfaces defined for the host. |
| 3 | The name of the interface. |
| 4 | The type of interface. This example creates an ethernet interface. |
| 5 | Set this to false to disable DHCP for the physical function (PF) if it is not strictly required. |
| 6 | Set this to the number of SR-IOV virtual functions (VFs) to instantiate. |
| 7 | Set this to up. |
| 8 | Set this to false to disable IPv4 addressing for the VF attached to the bond. |
| 9 | Sets a minimum transmission rate, in Mbps, for the VF. This sample value sets a rate of 100 Mbps.
|
| 10 | Sets a maximum transmission rate, in Mbps, for the VF. This sample value sets a rate of 200 Mbps. |
| 11 | Sets the desired bond mode. |
| 12 | Sets the preferred port of the bonding interface. The primary device is the first of the bonding interfaces to be used and is not abandoned unless it fails. This setting is particularly useful when one NIC in the bonding interface is faster and, therefore, able to handle a bigger load. This setting is only valid when the bonding interface is in active-backup mode (mode 1) and balance-tlb (mode 5). |
| 13 | Sets a static IP address for the bond interface. This is the node IP address. |
| 14 | Sets bond0 as the gateway for the default route. |
Additional resources
Sample install-config.yaml file for bare metal
You can customize the install-config.yaml file to specify more details about your OpenShift Container Platform cluster’s platform or modify the values of the required parameters.
apiVersion: v1
baseDomain: example.com (1)
compute: (2)
- name: worker
replicas: 0 (3)
controlPlane: (2)
name: master
replicas: 1 (4)
metadata:
name: sno-cluster (5)
networking:
clusterNetwork:
- cidr: 10.128.0.0/14 (6)
hostPrefix: 23 (7)
networkType: OVNKubernetes (8)
serviceNetwork: (9)
- 172.30.0.0/16
platform:
none: {} (10)
fips: false (11)
pullSecret: '{"auths": ...}' (12)
sshKey: 'ssh-ed25519 AAAA...' (13)| 1 | The base domain of the cluster. All DNS records must be sub-domains of this base and include the cluster name. | ||
| 2 | The controlPlane section is a single mapping, but the compute section is a sequence of mappings. To meet the requirements of the different data structures, the first line of the compute section must begin with a hyphen, -, and the first line of the controlPlane section must not. Only one control plane pool is used. |
||
| 3 | This parameter controls the number of compute machines that the Agent-based installation waits to discover before triggering the installation process. It is the number of compute machines that must be booted with the generated ISO.
|
||
| 4 | The number of control plane machines that you add to the cluster. Because the cluster uses these values as the number of etcd endpoints in the cluster, the value must match the number of control plane machines that you deploy. | ||
| 5 | The cluster name that you specified in your DNS records. | ||
| 6 | A block of IP addresses from which pod IP addresses are allocated. This block must not overlap with existing physical networks. These IP addresses are used for the pod network. If you need to access the pods from an external network, you must configure load balancers and routers to manage the traffic.
|
||
| 7 | The subnet prefix length to assign to each individual node. For example, if hostPrefix is set to 23, then each node is assigned a /23 subnet out of the given cidr, which allows for 510 (2^(32 - 23) - 2) pod IP addresses. If you are required to provide access to nodes from an external network, configure load balancers and routers to manage the traffic. |
||
| 8 | The cluster network plugin to install. The supported values are OVNKubernetes (default value) and OpenShiftSDN. |
||
| 9 | The IP address pool to use for service IP addresses. You can enter only one IP address pool. This block must not overlap with existing physical networks. If you need to access the services from an external network, configure load balancers and routers to manage the traffic. | ||
| 10 | You must set the platform to none for a single-node cluster. You can set the platform to either vsphere or baremetal for multi-node clusters.
|
||
| 11 | Whether to enable or disable FIPS mode. By default, FIPS mode is not enabled.
|
||
| 12 | This pull secret allows you to authenticate with the services that are provided by the included authorities, including Quay.io, which serves the container images for OpenShift Container Platform components. | ||
| 13 | The SSH public key for the core user in Red Hat Enterprise Linux CoreOS (RHCOS).
|
Validation checks before agent ISO creation
The Agent-based Installer performs validation checks on user defined YAML files before the ISO is created. Once the validations are successful, the agent ISO is created.
install-config.yaml-
baremetal,vsphereandnoneplatforms are supported. -
If
noneis used as a platform, the number of control plane replicas must be1and the total number of worker replicas must be0. -
The
networkTypeparameter must beOVNKubernetesin the case ofnoneplatform. -
apiVIPsandingressVIPsparameters must be set for bare metal and vSphere platforms. -
Some host-specific fields in the bare metal platform configuration that have equivalents in
agent-config.yamlfile are ignored. A warning message is logged if these fields are set.
agent-config.yaml-
Each interface must have a defined MAC address. Additionally, all interfaces must have a different MAC address.
-
At least one interface must be defined for each host.
-
World Wide Name (WWN) vendor extensions are not supported in root device hints.
-
The
roleparameter in thehostobject must have a value of eithermasterorworker.
About root device hints
The rootDeviceHints parameter enables the installer to provision the Red Hat Enterprise Linux CoreOS (RHCOS) image to a particular device. The installer examines the devices in the order it discovers them, and compares the discovered values with the hint values. The installer uses the first discovered device that matches the hint value. The configuration can combine multiple hints, but a device must match all hints for the installer to select it.
| Subfield | Description |
|---|---|
|
A string containing a Linux device name such as |
|
A string containing a SCSI bus address like |
|
A string containing a vendor-specific device identifier. The hint can be a substring of the actual value. |
|
A string containing the name of the vendor or manufacturer of the device. The hint can be a sub-string of the actual value. |
|
A string containing the device serial number. The hint must match the actual value exactly. |
|
An integer representing the minimum size of the device in gigabytes. |
|
A string containing the unique storage identifier. The hint must match the actual value exactly. |
|
A boolean indicating whether the device should be a rotating disk (true) or not (false). |
Example usage
- name: master-0
role: master
rootDeviceHints:
deviceName: "/dev/sda"