1 Installation
1.1 Preparation
Note: This article will take pre-production ofSpain as an environment to show the steps.
1.1.1 Infrastructure plan
According to the OpenShift specification, see https://docs.openshift.com/container-platform/3.7/install_config/install/prerequisites.html#install-config-install-prerequisites,each VM should be created with minimum flavor required by OpenShift. Ifcustomer wants to expand business scale, they could reference the same link toadd new node or scale up the node flavor.
The infrastructure will incorporate thefollowing VMs:
Load balancer: 1 VM, acts as NTP server, and HAProxyfor distributing traffic to masters.
Master: 3 VMs
Node: 2 VMs
Infra node: 1 VM, router POD, metric POD,logging POD will be created here.
DNS: 1 VM.
1.1.2 Domain name plan
LB:(NTP, LB)
-lb.openshift.example.com 192.168.0.131
master:
-master01.openshift.example.com 192.168.0.164
-master02.openshift.example.com 192.168.0.159
-master03.openshift.example.com 192.168.0.88
node:
-node01.openshift.example.com 192.168.0.180
-node02.openshift.example.com 192.168.0.135
infra:
-infra-node01.openshift.example.com 192.168.0.195
1.1.3 Provision VMs
Based on the infrastructure plan, create eachVM with 8 vCPU, 16GB memory, 40GB system disk and 20GB data disk, and with OSof RHEL 7.3.
Note:currently we provision VMs using RHEL image, but in the future we will improveby creating another new image which contains some packages and configurationsbeforehand.
Meanwhile, bind LB VM and Infra node VM withelastic IP (EIP) respectively.
During the installation, all of the nodes needto access Internet to download Docker images, therefore you need to configureSNAT for the subnet. Steps:
Switch to NAT Gateway on VPC console, andcreate one by:
Here, you need to choose VPC and subnet namewhich are same with your infrastructure’s network definition.
After the NAT Gateway is created, you need to add SNAT rules, like:
This will allow all the VMs in subnet-docker tovisit Internet using SNAT. In this step, you have to apply an EIP in advance.Therefore, considering LB and Infra node bund with EIP, you need 3 EIPs intotal during the installation.
1.2 Configurations before installing
1.2.1 Change host name
On each VM, change host name by command ntmui.
If you provision the VMs with the exact name of domain name in plan, you dont have to change host name. If not, you have to change it.1.2.2 Disable firewalld
systemctl disable firewalld
systemctl stop firewalld
Finally check if all the firewall ruleshave been removed:
iptables -S
Normally, it should be:
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT1.2.3 Allow root to access
On each VM, edit /etc/ssh/sshd_config to allow root to login using password, mainly options about:
PasswordAuthenticationyes
PermitRootLoginyes
Then restart sshd by:
systemctlrestart sshd
Check if you can login by root account with ssh.1.2.4 Configure NTP
On LB VM, install NTP by:
yum install ntp
Edit /etc/ntp.conf and add thefollowing configuration to allow the other client in the same subnet tosynchronize time:
restrict 192.168.0.0 mask 255.255.255.0 nomodifynotrap
Enable NTP service and start it:
systemctl enable ntpd
systemctl restart ntpd
Check if NTP server synchronizes time withother servers in Internet: ntpstat
On the rest VMs, install NTP with the samecommand:
yum install ntp
But edit /etc/ntp.conf and set the upperlevel NTP server to be LB VM’s internal address:
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool(http://www.pool.ntp.org/join.html).
server 192.168.0.131
And enable the NTP service and start it:
systemctl enable ntpd
systemctl restartntpd
1.2.5 Configure DNS
Create a VM with OS of Windows Server 2012 R2 DC.
Install DNS Server in the VM, with Add Roles and Features Wizard:
After DNS service installed, open the Properties for openshift-dns, and configure the Forwarders to be “100.125.1.11”, which is the default and internal DNS server when you create a new subnet.
Meanwhile add the DNS records in the DNS server, like:
Finally modify the DNS server address for the subnet:
Here, 192.168