Agent-Based Installation

The Agent-based installation method provides the flexibility to boot your on-premise servers in any way that you choose. It combines the ease of use of the Assisted Installation service with the ability to run offline, including in air-gapped environments

Key Benefits

• No dedicated bootstrap node is required
  
• Load balancer support – Works with internal cluster-level LB and external LB.
  

Deployment environment overview :

1. Bastion host with Internet access – Acting as a mirror registry for OpenShift, it allows for the deployment of a cluster and access to the cluster.
   
2. 5 Servers – 3 master +worker and 1 worker
   
3. DNS records –
   

Kube.lab is base domain and kube4 is cluster name

DNS Name	Type	Value	Purpose
api.kube4.kube.lab	A	192.168.60.11	API VIP (cluster LB) VIP
api-int.kube4.kube.lab	A	192.168.60.11	Internal API VIP
*.apps.kube4.kube.lab	A	192.168.60.12	Ingress VIP (wildcard)
master0.kube4.kube.lab	A	192.168.60.13	Controller 0 + Worker
master1.kube4.kube.lab	A	192.168.60.14	Controller 1 + Worker
master2.kube4.kube.lab	A	192.168.60.15	Controller 2 + Worker
worker0.kube4.kube.lab	A	192.168.60.16	Compute 0 /Worker 0
Bastion.kube.lab	A	172.16.16.172	Mirror registry and CLI

4. NTP

Configure the bastion host and OpenShift cluster deployment: –

Install RHEL 8/9 on the Bastion Host. I Installed a RHEL 9.7.

Disable the Firewall and SElinux (You may enable and permit necessary rules if desired)

The OpenShift Container Platform 4.21 release images will require approximately 20 to 30 GB of storage. Depending on your needs, you will also need to download the necessary operator, which will use additional space. Therefore, ensure that you have adequate storage to accommodate all images and operators.

By default, Podman utilizes the /var partition. If there is insufficient space in /var, you can modify the storage path prior to installation.

I am using /home partition

Crated a directory in home

$mkdir /home/containers

$mkdir /home/containers-run

Update storage path in /etc/containers/storage.conf file and restart podman service

$ systemctl restart podman

Install Butane and nmstate packages, note that Butane is used for Chrony/NTP configuration, and nmstate is required for network validation.

Download required OpenShift cli packages

$wget https://mirror.openshift.com/pub/cgw/mirror-registry/latest/mirror-registry-amd64.tar.gz \

https://mirror.openshift.com/pub/openshift-v4/clients/ocp/4.21.0/openshift-install-linux-4.21.0.tar.gz \

https://mirror.openshift.com/pub/openshift-v4/clients/ocp/4.21.0/openshift-client-linux-4.21.0.tar.gz \

https://mirror.openshift.com/pub/openshift-v4/x86_64/clients/ocp/stable/oc-mirror.tar.gz

Untar/extarct tar files

$tar -xzf openshift-client-linux-4.21.0.tar.gz

$tar -xzf openshift-install-linux-4.21.0.tar.gz

$tar -xzf mirror-registry-amd64.tar.gz

$tar -xzf oc-mirror.tar.gz

Assign execute permission and copy it to /usr/local/bin

$chmod +x oc kubectl openshift-install oc-mirror mirror-registry execution-environment.tar image-archive.tar sqlite3.tar

$cp kubectl oc mirror-registry oc-mirror openshift-install execution-environment.tar image-archive.tar sqlite3.tar /usr/local/bin/

Install Redhat QUAY mirror registry

$mirror-registry install –quayHostname bastion.kube.lab –quayRoot /home/mirror –initUser openshift –initPassword Cloud@123

(you use any username and password)

It will take a few minutes. Once the installation is complete, you will see the message: Quay installed successfully.

Open a browser and enter the URL to sign in.

The installation of the Redhat Quay repository was successful, and we can now download OpenShift images.

Self-signed certificate generated automatically for the Red Hat Quay repository. Add certificate to trust

$ cp /home/mirror/quay-rootCA/rootCA.pem /etc/pki/ca-trust/anchors

$ update-ca-trust extract

To pull/download images, the Redhat OpenShift pull secret is required. Download the pull-secret file from the Redhat portal.

https://console.redhat.com/openshift/install/pull-secret

I am placing all the files associated with the cluster in one dedicated directory. You can also make a dedicated directory.

$mkdir ocp

convert to pull secret to json and also convert QUAY registry username and password to to base64

$ cat ./pull-secret | jq . > pull-secret.json

$ echo -n ‘openshift:Cloud@123’|base64 -w0

Copy base64 output

On pull-secret.json file add repository server URL and auth info.

“bastion.kube.lab:8443”: { # repo url

“auth”: “b3BlbnNoaWZ0OkNsb3VkQDEyMw==”, # repo username and password in base64 format

“email”: “dineshreddy.kayithi@gmail.com”

},

Create a directory. docker and copy pull-secret json file

$mkdir /root/.docker

$cp pull-secret.json /root/.docker/config.json

create an image set configuration file. This image set configuration file defines which OpenShift Container Platform releases, Operators, and other images to mirror.

https://github.com/Dineshk1205/ocp_4.21/blob/ddea7ebda8761cdea51254a1ea4733e0baabfb28/Imageset.yaml

Mirror the images from the specified image set configuration to a specified registry by running the following command:

$oc-mirror –config /root/ocp/imageset.yaml –workspace file://home/images docker://bastion.kube.lab:8443 –v2

Depending on your network, it could take some time to pull/download images.

Next, Create a Chrony/ntp config files for master and worker nodes

99-master-chrony.bu & 99-worker-chrony.bu

https://github.com/Dineshk1205/ocp_4.21/blob/ddea7ebda8761cdea51254a1ea4733e0baabfb28/99-worker-chrony.bu

https://github.com/Dineshk1205/ocp_4.21/blob/ddea7ebda8761cdea51254a1ea4733e0baabfb28/99-master-chrony.bu

Convert to bu file to yaml using butane

butane 99-worker-chrony.bu -o 99-worker-chrony.yaml

butane 99-master-chrony.bu -o 99-master-chrony.yaml

Create a directory OpenShift and copy 99-master and worker yaml file to OpenShift folder

$mkdir openshift

$cp 99-master-chrony.yaml 99-worker-chrony.yaml openshift/

Ocp>openshift>99-master/worker-chrony.yaml

Create an SSH key. (The SSH key is copied to all nodes, allowing access to the nodes using the bastion SSH key.)

$ssh-keygen -t ed25519 -N ” -f ~/.ssh/id_ed25519

$eval “$(ssh-agent -s)”

$ssh-add ~/.ssh/id_ed25519

Create an Install-config.yaml file

Note: – You need to update the details in the install and agent YAML files according to your infrastructure.

https://github.com/Dineshk1205/ocp_4.21/blob/ddea7ebda8761cdea51254a1ea4733e0baabfb28/install-config.yaml

Create and agent-config.yaml file

https://github.com/Dineshk1205/ocp_4.21/blob/ddea7ebda8761cdea51254a1ea4733e0baabfb28/agent-install.yaml

Directory Structure

~/ocp-install/

|– install-config.yaml

|– agent-config.yaml

+– openshift/

|– 99-master-chrony.yaml # Generated by Butane

+– 99-worker-chrony.yaml # Generated by Butane

Generate ISO using below command

$ openshift-install agent create image –dir=.

Download the Generated ISO from the bastion host and boot the OpenShift master and worker nodes.

Note: – Ensure that the ISO has been booted on all nodes and that they are all up and running. The cluster installation cannot start without validation.

It will take few minutes, you can check the status using below command

$openshift-install agent wait-for install-complete –dir=/root/ocp –log-level=info

Once cluster installation is completed. You can check node status

$ export KUBECONFIG=/root/ocp/auth/kubeconfig

$oc get nodes

You can also open web-console and check status