Deploying a User Provisioned Infrastructure environment for OpenShift 4.1 on vSphere

2019 年 6 月 13 日Davis Phillips4 分钟阅读
Hybrid cloud

Deploying a UPI environment for OpenShift 4.1 on vSphere

NOTE: This process is not supported by Red Hat and is provided “as-is”. However, OpenShift 4.1 is fully supported on a user-provided infrastructure vSphere environment.

Please refer to the OpenShift docs for more information regarding supported configurations.

 
This process will utilize terraform to deploy the infrastructure used by the OpenShift Installer.

Please install the appropriate version for your operating system:
https://www.terraform.io/downloads.html

This article was created utilizing Terraform v0.11.12.

 

Download and import the Red Hat CoreOS image for vSphere

Download the latest version of govc and use it to import the OVA:

$ cd /tmp/
$ curl -L https://github.com/vmware/govmomi/releases/download/v0.20.0/govc_linux_amd64.gz | gunzip > /usr/local/bin/govc
$ curl -O https://mirror.openshift.com/pub/openshift-v4/dependencies/rhcos/4.1/latest/rhcos-4.1.0-x86_64-vmware.ova
$ chmod +x /usr/local/bin/govc
$ export GOVC_URL='vcsa.example.com'
$ export GOVC_USERNAME='administrator@vsphere.local'
$ export GOVC_PASSWORD='password'
$ export GOVC_NETWORK='VM Network'
$ export GOVC_DATASTORE='vmware-datastore'
$ export GOVC_INSECURE=1 # If the host above uses a self-signed cert
$ govc import.ova -name=rhcos-latest ./rhcos-410.8.20190516.0-vmware.ova

This will provide a working Red Hat CoreOS image to use for deploying the user provided infrastructure environment (UPI).

 

Create the applicable DNS records for the OpenShift deployment

Take note of the SRV records for etcd. Also, examine the bootstrap-0 DNS records: host, api and api-int.

$ORIGIN apps.upi.example.com.

* A 10.x.y.38

* A 10.x.y.39

* A 10.x.y.40

$ORIGIN upi.example.com.

_etcd-server-ssl._tcp SRV 0 10 2380 etcd-0

_etcd-server-ssl._tcp SRV 0 10 2380 etcd-1

_etcd-server-ssl._tcp SRV 0 10 2380 etcd-2

bootstrap-0 A 10.x.y.34

control-plane-0 A 10.x.y.35

control-plane-1 A 10.x.y.36

control-plane-2 A 10.x.y.37

api A 10.x.y.34

api A 10.x.y.35

api A 10.x.y.36

api A 10.x.y.37

api-int A 10.x.y.34

api-int A 10.x.y.35

api-int A 10.x.y.36

api-int A 10.x.y.37

etcd-0 A 10.x.y.35

etcd-1 A 10.x.y.36

etcd-2 A 10.x.y.37

compute-0 A 10.x.y.38

compute-1 A 10.x.y.39

compute-2 A 10.x.y.40

To learn more about required DNS the OpenShift docs discuss further.

Create a working install-config file for the installer to consume

Download the latest 4.1 installer and client from the repository.


$ cd /tmp/
$ curl -O https://mirror.openshift.com/pub/openshift-v4/clients/ocp/latest/openshift-install-linux-4.1.7.tar.gz
$ curl -O https://mirror.openshift.com/pub/openshift-v4/clients/ocp/latest/openshift-client-linux-4.1.7.tar.gz
$ tar xzvf openshift-install-linux-4.1.7.tar.gz
$ tar xzvf openshift-client-linux-4.1.7.tar.gz
$ mv oc kubectl openshift-install /usr/local/bin/
$ mkdir ~/vsphere/
$ vi ~/vsphere/install-config.yaml

apiVersion: v1

baseDomain: example.com

metadata:

  name: upi

networking:

  machineCIDR: "10.x.y.0/23"

platform:

  vsphere:

    vCenter: vcsa67.example.com

    username: "administrator@vsphere.local"

    password: "password"

    datacenter: dc

    defaultDatastore: vmware-datastore

pullsecret: ‘omitted’

sshKey: ‘omitted’


$ openshift-install --dir ~/vsphere create ignition-configs

This will generate ignition configuration files that will need to be added to the terraform tfvars in the next section. Note, that the bootstrap ignition config is too large to be added via a virtual appliance property and will need to be stored somewhere external. The example listed below leverages a github gist.

Download the UPI terraform included in the OpenShift installer repository and update provisioning variables

Edit terraform.tfvars with the appropriate variables including the ignition configs from the previous steps:


$ git clone -b release-4.1 https://github.com/openshift/installer
$ vi openshift/installer/upi/vsphere/terraform.tfvars

bootstrap_ip = "10.x.y.34"

control_plane_ips = ["10.x.y.35","10.x.y.36","10.x.y.37"]

compute_ips = ["10.x.y.38","10.x.y.39","10.x.y.40"]

machine_cidr = "10.x.y.0/23"

cluster_id = "upi"

cluster_domain = "upi.example.com"

base_domain = "example.com"

vsphere_server = "vcsa67.example.com"

vsphere_user = "administrator@vsphere.local"

vsphere_password = "password"

vsphere_cluster = "cluster"

vsphere_datacenter = "dc"

vsphere_datastore = "vmware-datastore”

vm_template = "rhcos-latest"

// Due to size limitations for the OVA use a URL for the bootstrap ignition config file
 bootstrap_ignition_url = "https://gist.githubusercontent.com/test/12345/raw/12345/bootstrap.ign"


// Ignition config for the control plane machines. Copy the contents of the master.ign generated by the installer.
 control_plane_ignition = <<END_OF_MASTER_IGNITION
 {"ignition":{"config":{"append":[{"source":"https://api-int.upi.example.com:22623/config/master","verification":{}}]},"security":{"tls":{"certificateAuthori
 ..omitted..
 END_OF_MASTER_IGNITION


// Ignition config for the compute machines. Copy the contents of the worker.ign generated by the installer.
 compute_ignition = <<END_OF_WORKER_IGNITION
 {"ignition":{"config":{"append":[{"source":"https://api-int.upi.example.com:22623/config/worker","verification":{}}]},"security":{"tls":{"certificateAuthori
 ..omitted..
 END_OF_WORKER_IGNITION

Edit the ignition.tf to update the gateway and DNS server to use for VM deployment:

$ vi openshift/installer/upi/vsphere/machine/ignition.tf

gw = "10.x.y.254"


$ vi openshift/installer/upi/vsphere/machine/ignition.tf

DNS1=10.x.y.2

Remove the route53 section since DNS has been created above.

$ vi openshift/installer/upi/vsphere/main.tf

/*

module "dns" {

source = "./route53"

base_domain = "${var.base_domain}"
 cluster_domain = "${var.cluster_domain}"
 bootstrap_count = "${var.bootstrap_complete ? 0 : 1}"
 bootstrap_ips = ["${module.bootstrap.ip_addresses}"]
 control_plane_count = "${var.control_plane_count}"
 control_plane_ips = ["${module.control_plane.ip_addresses}"]
 compute_count = "${var.compute_count}"
 compute_ips = ["${module.compute.ip_addresses}"]
 }
 */

Run terraform to initialize and provision the environment


$ cd openshift/installer/upi/vsphere/
$ terraform init

Initializing modules...

- module.folder

Getting source "./folder"

- module.resource_pool

- module.bootstrap

- module.control_plane

- module.compute

Initializing provider plugins...
 ..omitted..


$ terraform apply -auto-approve

..omitted..

module.control_plane.vsphere_virtual_machine.vm[0]: Creation complete after 40s (ID: 4203f331-984c-8103-83a9-20d760fbf605)

module.bootstrap.vsphere_virtual_machine.vm: Creation complete after 40s (ID: 4203d5ab-d5e1-4ca7-eece-66aeb4a52b7d)

Apply complete! Resources: 9 added, 0 changed, 0 destroyed.

The environment should now be deployed in vCenter:

Inform the installer that the bootstrap process has completed and delete the bootstrap VM


$ openshift-install --dir ~/vsphere wait-for bootstrap-complete

INFO Waiting up to 30m0s for the Kubernetes API at https://api.upi.example.com:6443...

INFO API v1.14.0+ef1f86e up

INFO Waiting up to 30m0s for bootstrapping to complete...

INFO It is now safe to remove the bootstrap resources


$ terraform apply -auto-approve -var 'bootstrap_complete=true'

..omitted..

module.bootstrap.vsphere_virtual_machine.vm: Destruction complete after 7s

Apply complete! Resources: 0 added, 0 changed, 1 destroyed.

The Cluster Image Registry does not pick a storage backend for vSphere platform. Therefore, the cluster operator will be stuck in progressing because it is waiting for an administrator to configure a storage backend for the image-registry. See the following bugzilla for details.

Set EmptyDir for non-production clusters by issuing the following commands:


$ cp ~/vsphere/auth/kubeconfig ~/.kube/config
$ oc patch configs.imageregistry.operator.openshift.io cluster --type merge --patch '{"spec":{"storage":{"emptyDir":{}}}}'

Delete the bootstrap's DNS records and inform the installer to proceed

Note, the remaining api and api-int records should continue pointing towards the control-plane servers.

$ openshift-install --dir ~/vsphere wait-for install-complete

INFO Waiting up to 30m0s for the cluster at https://api.upi.example.com:6443 to initialize...

INFO Waiting up to 10m0s for the openshift-console route to be created...

INFO Install complete!

INFO To access the cluster as the system:admin user when using 'oc', run 'export KUBECONFIG=/root/go/src/github.com/openshift/installer/bin/auth/kubeconfig'

INFO Access the OpenShift web-console here: https://console-openshift-console.apps.upi.e2e.bos.redhat.com

INFO Login to the console with user: kubeadmin, password: my-kube-password

Enjoy the OpenShift Container Platform 4.1 cluster on a VMware software-defined datacenter!

 

Cleaning up

To remove the virtual machines from vCenter, terraform can be run with the destroy option:

$ terraform destroy -auto-approve

关于作者

Davis Phillips

Davis Phillips

UI_Icon-Red_Hat-Close-A-Black-RGB

更多此类内容

博客文章

AI in telco – the catalyst for scaling digital business

博客文章

Introducing OpenShift Service Mesh 3.2 with Istio’s ambient mode

原创播客

Edge computing covered and diced | Technically Speaking

按频道浏览

探索所有频道
automation icon

自动化

有关技术、团队和环境 IT 自动化的最新信息
AI icon

人工智能

平台更新使客户可以在任何地方运行人工智能工作负载
open hybrid cloud icon

开放混合云

了解我们如何利用混合云构建更灵活的未来
security icon

安全防护

有关我们如何跨环境和技术减少风险的最新信息
edge icon

边缘计算

简化边缘运维的平台更新
Infrastructure icon

基础架构

全球领先企业 Linux 平台的最新动态
application development icon

应用领域

我们针对最严峻的应用挑战的解决方案
Virtualization icon

虚拟化

适用于您的本地或跨云工作负载的企业虚拟化的未来