Agent-Based Installation
The Agent-based installation method provides the flexibility to boot your on-premise servers in any way that you choose. It combines the ease of use of the Assisted Installation service with the ability to run offline, including in air-gapped environments
Key Benefits
- No dedicated bootstrap node is required
- Load balancer support – Works with internal cluster-level LB and external LB.
Deployment environment overview :
- Bastion host with Internet access – Acting as a mirror registry for OpenShift, it allows for the deployment of a cluster and access to the cluster.
- 5 Servers – 3 master +worker and 1 worker
- DNS records –
Kube.lab is base domain and kube4 is cluster name
DNS Name | Type | Value | Purpose |
|---|---|---|---|
api.kube4.kube.lab | A | 192.168.60.11 | API VIP (cluster LB) VIP |
api-int.kube4.kube.lab | A | 192.168.60.11 | Internal API VIP |
*.apps.kube4.kube.lab | A | 192.168.60.12 | Ingress VIP (wildcard) |
master0.kube4.kube.lab | A | 192.168.60.13 | Controller 0 + Worker |
master1.kube4.kube.lab | A | 192.168.60.14 | Controller 1 + Worker |
master2.kube4.kube.lab | A | 192.168.60.15 | Controller 2 + Worker |
worker0.kube4.kube.lab | A | 192.168.60.16 | Compute 0 /Worker 0 |
Bastion.kube.lab | A | 172.16.16.172 | Mirror registry and CLI |
4. NTP
Configure the bastion host and OpenShift cluster deployment: –
Install RHEL 8/9 on the Bastion Host. I Installed a RHEL 9.7.
Disable the Firewall and SElinux (You may enable and permit necessary rules if desired)
The OpenShift Container Platform 4.21 release images will require approximately 20 to 30 GB of storage. Depending on your needs, you will also need to download the necessary operator, which will use additional space. Therefore, ensure that you have adequate storage to accommodate all images and operators.
By default, Podman utilizes the /var partition. If there is insufficient space in /var, you can modify the storage path prior to installation.
I am using /home partition
Crated a directory in home
$mkdir /home/containers
$mkdir /home/containers-run
Update storage path in /etc/containers/storage.conf file and restart podman service
$ systemctl restart podman
Install Butane and nmstate packages, note that Butane is used for Chrony/NTP configuration, and nmstate is required for network validation.
Download required OpenShift cli packages
$wget https://mirror.openshift.com/pub/cgw/mirror-registry/latest/mirror-registry-amd64.tar.gz \
https://mirror.openshift.com/pub/openshift-v4/x86_64/clients/ocp/stable/oc-mirror.tar.gz
Untar/extarct tar files
$tar -xzf openshift-client-linux-4.21.0.tar.gz
$tar -xzf openshift-install-linux-4.21.0.tar.gz
$tar -xzf mirror-registry-amd64.tar.gz
$tar -xzf oc-mirror.tar.gz
Assign execute permission and copy it to /usr/local/bin
$chmod +x oc kubectl openshift-install oc-mirror mirror-registry execution-environment.tar image-archive.tar sqlite3.tar
$cp kubectl oc mirror-registry oc-mirror openshift-install execution-environment.tar image-archive.tar sqlite3.tar /usr/local/bin/
Install Redhat QUAY mirror registry
$mirror-registry install –quayHostname bastion.kube.lab –quayRoot /home/mirror –initUser openshift –initPassword Cloud@123
(you use any username and password)
It will take a few minutes. Once the installation is complete, you will see the message: Quay installed successfully.
Open a browser and enter the URL to sign in.
The installation of the Redhat Quay repository was successful, and we can now download OpenShift images.
Self-signed certificate generated automatically for the Red Hat Quay repository. Add certificate to trust
$ cp /home/mirror/quay-rootCA/rootCA.pem /etc/pki/ca-trust/anchors
$ update-ca-trust extract
To pull/download images, the Redhat OpenShift pull secret is required. Download the pull-secret file from the Redhat portal.
https://console.redhat.com/openshift/install/pull-secret
I am placing all the files associated with the cluster in one dedicated directory. You can also make a dedicated directory.
$mkdir ocp
convert to pull secret to json and also convert QUAY registry username and password to to base64
$ cat ./pull-secret | jq . > pull-secret.json
$ echo -n ‘openshift:Cloud@123’|base64 -w0
Copy base64 output
On pull-secret.json file add repository server URL and auth info.
“bastion.kube.lab:8443”: { # repo url
“auth”: “b3BlbnNoaWZ0OkNsb3VkQDEyMw==”, # repo username and password in base64 format
“email”: “dineshreddy.kayithi@gmail.com”
},
Create a directory. docker and copy pull-secret json file
$mkdir /root/.docker
$cp pull-secret.json /root/.docker/config.json
create an image set configuration file. This image set configuration file defines which OpenShift Container Platform releases, Operators, and other images to mirror.
https://github.com/Dineshk1205/ocp_4.21/blob/ddea7ebda8761cdea51254a1ea4733e0baabfb28/Imageset.yaml
Mirror the images from the specified image set configuration to a specified registry by running the following command:
$oc-mirror –config /root/ocp/imageset.yaml –workspace file://home/images docker://bastion.kube.lab:8443 –v2
Depending on your network, it could take some time to pull/download images.
Next, Create a Chrony/ntp config files for master and worker nodes
99-master-chrony.bu & 99-worker-chrony.bu
Convert to bu file to yaml using butane
butane 99-worker-chrony.bu -o 99-worker-chrony.yaml
butane 99-master-chrony.bu -o 99-master-chrony.yaml
Create a directory OpenShift and copy 99-master and worker yaml file to OpenShift folder
$mkdir openshift
$cp 99-master-chrony.yaml 99-worker-chrony.yaml openshift/
Ocp>openshift>99-master/worker-chrony.yaml
Create an SSH key. (The SSH key is copied to all nodes, allowing access to the nodes using the bastion SSH key.)
$ssh-keygen -t ed25519 -N ” -f ~/.ssh/id_ed25519
$eval “$(ssh-agent -s)”
$ssh-add ~/.ssh/id_ed25519
Create an Install-config.yaml file
Note: – You need to update the details in the install and agent YAML files according to your infrastructure.
Create and agent-config.yaml file
Directory Structure
~/ocp-install/
|– install-config.yaml
|– agent-config.yaml
+– openshift/
|– 99-master-chrony.yaml # Generated by Butane
+– 99-worker-chrony.yaml # Generated by Butane
Generate ISO using below command
$ openshift-install agent create image –dir=.
Download the Generated ISO from the bastion host and boot the OpenShift master and worker nodes.
Note: – Ensure that the ISO has been booted on all nodes and that they are all up and running. The cluster installation cannot start without validation.
It will take few minutes, you can check the status using below command
$openshift-install agent wait-for install-complete –dir=/root/ocp –log-level=info
Once cluster installation is completed. You can check node status
$ export KUBECONFIG=/root/ocp/auth/kubeconfig
$oc get nodes
You can also open web-console and check status
Great write up Dinesh! Keep it up.