Setting Up the Infrastructure (Contrail Networking Release 21.4.L4 or Later)
SUMMARY Follow this topic to set up the infrastructure for Contrail Networking deployment in a RHOSP 17.1 environment when you are using Contrail Networking Release 21.4.L4 or later.
When to Use This Procedure
You should use this topic to provision and deploy overcloud for Contrail Networking in a RHOSP 17.1 environment when you are using Contrail Networking Release 21.4.L4 or later.
To provision and deploy overcloud, you need to:
Provision the network resources for your physical network.
Provision the bare metal nodes.
Deploy your overcloud.
For more information on provisioning and deploying overcloud, see Provisioning and Deploying an overcloud.
Deploy Hosts with Red Hat Enterprise Linux
This section provides an example of how to deploy Red Hat Enterprise Linux 9.2.
Install and enable required software
This example shows how to obtain, install, and enable the software required to operate RHEL9.2.
# Register node with RedHat subscription
# (for satellite check RedHat instruction)
sudo subscription-manager register \
--username {username} \
--password {password}
# Attach pools that allow to enable all required repos
# e.g.:
sudo subscription-manager attach \
--pool {RHOSP17.1 pool ID} \
--pool {Red Hat Virtualization Manager pool ID}
# Enable repos
sudo subscription-manager repos \
--disable='*' \
--enable=rhel-9-for-x86_64-baseos-eus-rpms
--enable=rhel-9-for-x86_64-appstream-eus-rpms
--enable=rhel-9-for-x86_64-highavailability-eus-rpms
--enable=fast-datapath-for-rhel-9-x86_64-rpms
--enable=openstack-17.1-for-rhel-9-x86_64-rpms
--enable=rhceph-4-tools-for-rhel-9-x86_64-rpms
# Remove cloud-init (in case if it virt test setup and cloud image used for deploy)
sudo dnf remove -y cloud-init || true
# Enable dnf modules and update system
# (for previous versions check RedHat documentation)
sudo dnf distro-sync -y --nobest
sudo dnf upgrade -y --nobest
# Enable firewall
sudo dnf install -y firewalld
sudo systemctl enable --now firewalld
# Check current active zone
sudo firewall-cmd --get-active-zones
# exmaple of zones:
# public
# interfaces: eth0
# Add virbr0 interface into the active zone for ovirtmgmt, e.g.
sudo firewall-cmd --zone=public --change-zone=virbr0 --permanent
sudo firewall-cmd --zone=public --add-forward --permanent
# Ensure used interfaces in one zone
sudo firewall-cmd --get-active-zones
# exmaple of zones:
# [stack@node-10-0-10-147 ~]$ sudo firewall-cmd --get-active-zones
# public
# interfaces: eth0 virbr0
# Enable https and cockpit for RHVM web access and monitoring
sudo firewall-cmd --permanent \
--add-service=https \
--add-service=cockpit \
--add-service nfs
sudo firewall-cmd --permanent \
--add-port 2223/tcp \
--add-port 5900-6923/tcp \
--add-port 2223/tcp \
--add-port 5900-6923/tcp \
--add-port 111/tcp --add-port 111/udp \
--add-port 2049/tcp --add-port 2049/udp \
--add-port 4045/tcp --add-port 4045/udp \
--add-port 1110/tcp --add-port 1110/udp
# prepare special user required by Red Hat Virtualization
getent group kvm || sudo groupadd kvm -g 36
sudo useradd vdsm -u 36 -g kvm
exports="/storage *(rw,all_squash,anonuid=36,anongid=36)\n"
for s in vmengine undercloud ipa overcloud ; do
sudo mkdir -p /storage/$s
exports+="/storage/$s *(rw,all_squash,anonuid=36,anongid=36)\n"
done
sudo chown -R 36:36 /storage
sudo chmod -R 0755 /storage
# add storage directory to exports
echo -e "$exports" | sudo tee /etc/exports
# restart NFS services
sudo systemctl restart rpcbind
sudo systemctl restart nfs-server
# check exports
sudo exportfs
# Rebbot system In case if newer kernel available in /lib/modules
latest_kv=$(ls -1 /lib/modules | sort -V | tail -n 1)
active_kv=$(uname -r)
if [[ "$latest_kv" != "$active_kv" ]] ; then
echo "INFO: newer kernel version $latest_kv is available, active one is $active_kv"
echo "Perform reboot..."
sudo reboot
fiConfirm the Domain Names
Before proceeding, ensure that the Fully Qualified Domain Names (FQDNs) can be resolved by DNS or by the /etc/hosts on all nodes.
[stack@node-10-0-10-147 ~]$ cat /etc/hosts # Red Hat Virtualization Manager VM 10.0.10.200 vmengine.dev.clouddomain vmengine.dev vmengine # Red Hat Virtualization Hosts 10.0.10.147 node-10-0-10-147.dev.clouddomain node-10-0-10-147.dev node-10-0-10-147 10.0.10.148 node-10-0-10-148.dev.clouddomain node-10-0-10-148.dev node-10-0-10-148 10.0.10.149 node-10-0-10-149.dev.clouddomain node-10-0-10-149.dev node-10-0-10-149 10.0.10.150 node-10-0-10-150.dev.clouddomain node-10-0-10-150.dev node-10-0-10-150
Prepare images
To prepare the images:
Create Undercloud VM
Follow the instructions in this section to the create the undercloud VM:
Customize the image for Undercloud VM
To customize the image for the undercloud VM:
cd
cloud_image=images/rhel-9.2-x86_64-kvm.qcow2
undercloud_name=undercloud
domain_name=dev.clouddomain
root_password=contrail123
stack_password=contrail123
export LIBGUESTFS_BACKEND=direct
qemu-img create -f qcow2 images/${undercloud_name}.qcow2 100G
virt-resize --expand /dev/sda3 ${cloud_image} images/${undercloud_name}.qcow2
virt-customize -a images/${undercloud_name}.qcow2 \
--run-command 'xfs_growfs /' \
--root-password password:${root_password} \
--hostname ${undercloud_name}.${domain_name} \
--run-command 'useradd stack' \
--password stack:password:${stack_password} \
--run-command 'echo "stack ALL=(root) NOPASSWD:ALL" | tee -a /etc/sudoers.d/stack' \
--chmod 0440:/etc/sudoers.d/stack \
--run-command 'sed -i "s/PasswordAuthentication no/PasswordAuthentication yes/g" /etc/ssh/sshd_config' \
--run-command 'systemctl enable sshd' \
--selinux-relabelCreate FreeIPA VM
To create the FreeIPA VM:
Customize VM image for RedHat IDM (FreeIPA) VM
Follow this example to customer the VM image for the RedHat IDM image.
This example is setup for a TLS everywhere deployment.
cd
cloud_image=images/rhel-9.2-x86_64-kvm.qcow2
ipa_name=ipa
domain_name=dev.clouddomain
qemu-img create -f qcow2 images/${ipa_name}.qcow2 100G
virt-resize --expand /dev/sda3 ${cloud_image} images/${ipa_name}.qcow2
virt-customize -a images/${ipa_name}.qcow2 \
--run-command 'xfs_growfs /' \
--root-password password:${root_password} \
--hostname ${ipa_name}.${domain_name} \
--run-command 'sed -i "s/PasswordAuthentication no/PasswordAuthentication yes/g" /etc/ssh/sshd_config' \
--run-command 'systemctl enable sshd' \
--selinux-relabel