Setting Up the Infrastructure (Contrail Networking Release 21.4.L4 or Later)
SUMMARY Follow this topic to set up the infrastructure for Contrail Networking deployment in a RHOSP 17.1 environment when you are using Contrail Networking Release 21.4.L4 or later.
When to Use This Procedure
You should use this topic to provision and deploy overcloud for Contrail Networking in a RHOSP 17.1 environment when you are using Contrail Networking Release 21.4.L4 or later.
To provision and deploy overcloud, you need to:
Provision the network resources for your physical network.
Provision the bare metal nodes.
Deploy your overcloud.
For more information on provisioning and deploying overcloud, see Provisioning and Deploying an overcloud.
Deploy Hosts with Red Hat Enterprise Linux
This section provides an example of how to deploy Red Hat Enterprise Linux 9.2.
Install and enable required software
This example shows how to obtain, install, and enable the software required to operate RHEL9.2.
# Register node with RedHat subscription # (for satellite check RedHat instruction) sudo subscription-manager register \ --username {username} \ --password {password} # Attach pools that allow to enable all required repos # e.g.: sudo subscription-manager attach \ --pool {RHOSP17.1 pool ID} \ --pool {Red Hat Virtualization Manager pool ID} # Enable repos sudo subscription-manager repos \ --disable='*' \ --enable=rhel-9-for-x86_64-baseos-eus-rpms --enable=rhel-9-for-x86_64-appstream-eus-rpms --enable=rhel-9-for-x86_64-highavailability-eus-rpms --enable=fast-datapath-for-rhel-9-x86_64-rpms --enable=openstack-17.1-for-rhel-9-x86_64-rpms --enable=rhceph-4-tools-for-rhel-9-x86_64-rpms # Remove cloud-init (in case if it virt test setup and cloud image used for deploy) sudo dnf remove -y cloud-init || true # Enable dnf modules and update system # (for previous versions check RedHat documentation) sudo dnf distro-sync -y --nobest sudo dnf upgrade -y --nobest # Enable firewall sudo dnf install -y firewalld sudo systemctl enable --now firewalld # Check current active zone sudo firewall-cmd --get-active-zones # exmaple of zones: # public # interfaces: eth0 # Add virbr0 interface into the active zone for ovirtmgmt, e.g. sudo firewall-cmd --zone=public --change-zone=virbr0 --permanent sudo firewall-cmd --zone=public --add-forward --permanent # Ensure used interfaces in one zone sudo firewall-cmd --get-active-zones # exmaple of zones: # [stack@node-10-0-10-147 ~]$ sudo firewall-cmd --get-active-zones # public # interfaces: eth0 virbr0 # Enable https and cockpit for RHVM web access and monitoring sudo firewall-cmd --permanent \ --add-service=https \ --add-service=cockpit \ --add-service nfs sudo firewall-cmd --permanent \ --add-port 2223/tcp \ --add-port 5900-6923/tcp \ --add-port 2223/tcp \ --add-port 5900-6923/tcp \ --add-port 111/tcp --add-port 111/udp \ --add-port 2049/tcp --add-port 2049/udp \ --add-port 4045/tcp --add-port 4045/udp \ --add-port 1110/tcp --add-port 1110/udp # prepare special user required by Red Hat Virtualization getent group kvm || sudo groupadd kvm -g 36 sudo useradd vdsm -u 36 -g kvm exports="/storage *(rw,all_squash,anonuid=36,anongid=36)\n" for s in vmengine undercloud ipa overcloud ; do sudo mkdir -p /storage/$s exports+="/storage/$s *(rw,all_squash,anonuid=36,anongid=36)\n" done sudo chown -R 36:36 /storage sudo chmod -R 0755 /storage # add storage directory to exports echo -e "$exports" | sudo tee /etc/exports # restart NFS services sudo systemctl restart rpcbind sudo systemctl restart nfs-server # check exports sudo exportfs # Rebbot system In case if newer kernel available in /lib/modules latest_kv=$(ls -1 /lib/modules | sort -V | tail -n 1) active_kv=$(uname -r) if [[ "$latest_kv" != "$active_kv" ]] ; then echo "INFO: newer kernel version $latest_kv is available, active one is $active_kv" echo "Perform reboot..." sudo reboot fi
Confirm the Domain Names
Before proceeding, ensure that the Fully Qualified Domain Names (FQDNs) can be resolved by DNS or by the /etc/hosts on all nodes.
[stack@node-10-0-10-147 ~]$ cat /etc/hosts # Red Hat Virtualization Manager VM 10.0.10.200 vmengine.dev.clouddomain vmengine.dev vmengine # Red Hat Virtualization Hosts 10.0.10.147 node-10-0-10-147.dev.clouddomain node-10-0-10-147.dev node-10-0-10-147 10.0.10.148 node-10-0-10-148.dev.clouddomain node-10-0-10-148.dev node-10-0-10-148 10.0.10.149 node-10-0-10-149.dev.clouddomain node-10-0-10-149.dev node-10-0-10-149 10.0.10.150 node-10-0-10-150.dev.clouddomain node-10-0-10-150.dev node-10-0-10-150
Prepare images
To prepare the images:
Create Undercloud VM
Follow the instructions in this section to the create the undercloud VM:
Customize the image for Undercloud VM
To customize the image for the undercloud VM:
cd cloud_image=images/rhel-9.2-x86_64-kvm.qcow2 undercloud_name=undercloud domain_name=dev.clouddomain root_password=contrail123 stack_password=contrail123 export LIBGUESTFS_BACKEND=direct qemu-img create -f qcow2 images/${undercloud_name}.qcow2 100G virt-resize --expand /dev/sda3 ${cloud_image} images/${undercloud_name}.qcow2 virt-customize -a images/${undercloud_name}.qcow2 \ --run-command 'xfs_growfs /' \ --root-password password:${root_password} \ --hostname ${undercloud_name}.${domain_name} \ --run-command 'useradd stack' \ --password stack:password:${stack_password} \ --run-command 'echo "stack ALL=(root) NOPASSWD:ALL" | tee -a /etc/sudoers.d/stack' \ --chmod 0440:/etc/sudoers.d/stack \ --run-command 'sed -i "s/PasswordAuthentication no/PasswordAuthentication yes/g" /etc/ssh/sshd_config' \ --run-command 'systemctl enable sshd' \ --selinux-relabel
Create FreeIPA VM
To create the FreeIPA VM:
Customize VM image for RedHat IDM (FreeIPA) VM
Follow this example to customer the VM image for the RedHat IDM image.
This example is setup for a TLS everywhere deployment.
cd cloud_image=images/rhel-9.2-x86_64-kvm.qcow2 ipa_name=ipa domain_name=dev.clouddomain qemu-img create -f qcow2 images/${ipa_name}.qcow2 100G virt-resize --expand /dev/sda3 ${cloud_image} images/${ipa_name}.qcow2 virt-customize -a images/${ipa_name}.qcow2 \ --run-command 'xfs_growfs /' \ --root-password password:${root_password} \ --hostname ${ipa_name}.${domain_name} \ --run-command 'sed -i "s/PasswordAuthentication no/PasswordAuthentication yes/g" /etc/ssh/sshd_config' \ --run-command 'systemctl enable sshd' \ --selinux-relabel