Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Installing Red Hat OpenShift Container Platform with Contrail Networking

Perform the following steps to install Red Hat OpenShift Container Platform version 3.7 with Juniper Networks Contrail Networking Release 4.1. These instructions are valid for systems with Microsoft Azure, Amazon Web Services (AWS), or baremetal systems (BMS).

Launch Instances (Azure, AWS, or Baremetal)

Launch instances in the same subnet, using the following minimum configuration guidelines.

  • Master Node (x1 or x3 for high availability)

    • Image: RHEL 7.3 or 7.4

    • CPU/RAM: 4 CPU, 32 GB RAM

    • Disk: 250 GB

    • Security Group: Allow all traffic from everywhere

  • Slave Node (xn)

    • Image: RHEL 7.3 or 7.4

    • CPU/RAM: 8 CPU, 64 GB RAM

    • Disk: 250 G

    • Security Group: Allow all traffic from everywhere

  • Load Balancer Node (x1, only when using high availability. Not needed for single master node installation)

    • Image: RHEL 7.3 or 7.4

    • CPU/RAM: 2 CPU, 16 GB RAM

    • Disk: 100 G

    • Security Group: Allow all traffic from everywhere

Host Registration

Use the following procedure to register all nodes in the cluster.

  1. Register all nodes in cluster using Red Hat Subscription Manager (RHSM).

    (all-nodes)# subscription-manager register --username <username> --password <password> --force

  2. List the available subscriptions.

    (all-nodes)# subscription-manager list --available --matches '*OpenShift*'

  3. From the list of available subscriptions, find the pool ID for the OpenShift Container Platform subscription and attach it.

    (all-nodes)# subscription-manager attach --pool=<pool-ID>

  4. Disable all yum repositories.

    (all-nodes)# subscription-manager repos --disable="*"

  5. Enable only the repositories required by OpenShift Container Platform 3.7.

Install Base Packages

  1. Install Extra Packages for Enterprise Linux (EPEL).

    (all-nodes)# yum install wget -y && wget -O /tmp/epel-release-latest-7.noarch.rpm https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm && rpm -ivh /tmp/epel-release-latest-7.noarch.rpm

  2. Update the system to use the latest packages.

    (all-nodes)# yum update -y

  3. Install the atomic package that provides the OpenShift Container Platform utilities.

    (all-nodes)# yum install atomic-openshift-excluder atomic-openshift-utils git -y

  4. Use unexclude to remove the atomic-openshift packages from the list for the duration of the installation.

    (all-nodes)# atomic-openshift-excluder unexclude -y

  5. Enable SSH access for the root user.

    After logout, log in as root user.

  6. Enforce the SELinux security policy.
  7. Add a static entry for master and slaves in /etc/hosts and test with ping. Be sure to use the output of “hostname -f” to populate the file.
  8. Enable passwordless SSH access.
  9. Sync NTP.

Install OpenShift with Contrail Networking

  1. Download the Contrail Docker images from the Juniper software download site: https://www.juniper.net/support/downloads/?p=contrail#sw.

    Image 4.1 (Red Hat Enterprise Linux 7.X):contrail-kubernetes-docker-images_4.1.0.0-8.tgz

    (ansible-node)# cd /tmp && wget <contrail-container-image.tgz>

  2. Clone the openshift-ansible repo.
  3. Copy the install files.
  4. Populate the install file with Contrail configuration parameters specific to your system. Refer to the following example.

    Be sure to add the masters in the [nodes] section of the inventory, to ensure that the Contrail control pods will come up on OpenShift masters.

    For an example for a single master, see https://github.com/savithruml/openshift-contrail/blob/master/openshift/install-files/all-in-one/ose-install

    For an example for a HA master, see https://github.com/savithruml/openshift-contrail/blob/master/openshift/install-files/all-in-one/ose-install-ha

  5. Run the Ansible playbook to install the OpenShift container platform with Contrail Networking.
  6. Verify that Contrail has been installed and is operational.
  7. Create a password for the admin user to log in to the Contrail UI.
  8. Use the following to access the Contrail and OpenShift Web user interfaces, and attempt to log in to each.
    Note:

    If access and log in is unsuccessful, flush the iptables.

  9. Perform the following setups in the Contrail UI.
    • Set up BGP peering with the gateway router.

      Configure > Infrastructure > BGP Routers

    • Set up a network IPAM under the “default” project.

      Configure > Networking > IP Address Management > default-domain > default

    • Create a public virtual network.

      Configure > Networking > Networks > default-domain > default

Installing a Contrail System on an Existing OpenShift Setup

  1. Remove any existing SDN system, such as OVS, Calico, Nuage, and the like. Use removal instructions as published by the vendor of the existing system.
  2. Download the contrail-container-image package from the Juniper site. Untar the package and load the containers.

    (all-nodes)# wget <contrail-container-image.tgz> && tar -xvzf <contrail-container-image.tgz>

    (all-nodes)# docker load <contrail-container-image.tgz>

  3. The following Docker containers must be on the masters.
    • contrail-controller

    • contrail-analytics

    • contrail-analyticsdb

    • contrail-kube-manager

  4. The following Docker containers must be on the minions.
    • contrail-agent

    • contrail-kubernetes-agent

  5. Add contrail and daemon-set-controller to the OpenShift privileged security context constraints (scc).
  6. Label the master nodes prior to launching the Contrail pods.

    (master)# oc label nodes <all-master-nodes> opencontrail.org/controller=true

  7. Make the masters schedulable.

    (master)# oadm manage -<all-master-nodes> --schedulable

  8. Open relevant Contrail ports in the iptables.
  9. Populate the single YAML file with your environment variables and launch the installer.
  10. Verify that all services are up and running.
  11. Create a password for the admin user to log in to the UI.
  12. Patch the scc restricted.

    master-node)# oc patch scc restricted --patch='{ "runAsUser": { "type": "RunAsAny" } }'

  13. Use the following to access the Contrail and OpenShift Web user interfaces, and log in to each.