×

You can configure OKD for Red Hat Virtualization by creating a bastion virtual machine and using it to install OKD.

Creating the bastion virtual machine

Create a bastion virtual machine in Red Hat Virtualization to install OKD.

Procedure
  1. Log in to the Manager machine by using SSH.

  2. Create a temporary bastion installation directory, for example, /bastion_installation, for the installation files.

  3. Create an encrypted /bastion_installation/secure_vars.yaml file with ansible-vault and record the password:

    # ansible-vault create secure_vars.yaml
  4. Add the following parameter values to the secure_vars.yaml file:

    engine_password: <Manager_password> (1)
    bastion_root_password: <bastion_root_password> (2)
    rhsub_user: <Red_Hat_Subscription_Manager_username> (3)
    rhsub_pass: <Red_Hat_Subscription_Manager_password>
    rhsub_pool: <Red_Hat_Subscription_Manager_pool_id> (4)
    root_password: <OpenShift_node_root_password> (5)
    engine_cafile: <RHVM_CA_certificate> (6)
    oreg_auth_user: <image_registry_authentication_username> (7)
    oreg_auth_password: <image_registry_authentication_password>
    1 Password for logging in to the Administration Portal.
    2 Root password for the bastion virtual machine.
    3 Red Hat Subscription Manager credentials.
    4 Pool ID of the Red Hat Virtualization Manager subscription pool.
    5 OKD root password.
    6 Red Hat Virtualization Manager CA certificate. The engine_cafile value is required if you are not running the playbook from the Manager machine. The Manager CA certificate’s default location is /etc/pki/ovirt-engine/ca.pem.
    7 If you are using an image registry that requires authentication, add the credentials.
  5. Save the file.

  6. Obtain the Red Hat Enterprise Linux KVM Guest Image download link:

    1. Navigate to Red Hat Customer Portal: Download Red Hat Enterprise Linux.

    2. In the Product Software tab, locate the Red Hat Enterprise Linux KVM Guest Image.

    3. Right-click Download Now, copy the link, and save it.

      The link is time-sensitive and must be copied just before you create the bastion virtual machine.

  7. Create the /bastion_installation/create-bastion-machine-playbook.yaml file with the following content and update its parameter values:

    ---
    - name: Create a bastion machine
      hosts: localhost
      connection: local
      gather_facts: false
      no_log: true
    
      roles:
        - oVirt.image-template
        - oVirt.vm-infra
      no_log: true
    
      vars:
        engine_url: https://_Manager_FQDN_/ovirt-engine/api (1)
        engine_user: <admin@internal>
        engine_password: "{{ engine_password }}"
        engine_cafile: /etc/pki/ovirt-engine/ca.pem
    
        qcow_url: <RHEL_KVM_guest_image_download_link> (2)
        template_cluster: Default
        template_name: rhelguest7
        template_memory: 4GiB
        template_cpu: 2
        wait_for_ip: true
        debug_vm_create: false
    
        vms:
        - name: rhel-bastion
          cluster: "{{ template_cluster }}"
          profile:
            cores: 2
            template: "{{ template_name }}"
            root_password: "{{ root_password }}"
            ssh_key: "{{ lookup('file', '/root/.ssh/id_rsa_ssh_ocp_admin.pub') }}"
            state: running
          cloud_init:
            custom_script: |
              rh_subscription:
                username: "{{ rhsub_user }}"
                password: "{{ rhsub_pass }}"
                auto-attach: true
                disable-repo: ['*']
                # 'rhel-7-server-rhv-4.2-manager-rpms' supports RHV 4.2 and 4.3
                enable-repo: ['rhel-7-server-rpms', 'rhel-7-server-extras-rpms', 'rhel-7-server-ansible-2.7-rpms', 'rhel-7-server-ose-3.11-rpms', 'rhel-7-server-supplementary-rpms', 'rhel-7-server-rhv-4.2-manager-rpms']
              packages:
                - ansible
                - ovirt-ansible-roles
                - openshift-ansible
                - python-ovirt-engine-sdk4
      pre_tasks:
        - name: Create an ssh key-pair for OpenShift admin
          user:
            name: root
            generate_ssh_key: yes
            ssh_key_file: .ssh/id_rsa_ssh_ocp_admin
    
      roles:
        - oVirt.image-template
        - oVirt.vm-infra
    
    - name: post installation tasks on the bastion machine
      hosts: rhel-bastion
      tasks:
        - name: create ovirt-engine PKI dir
          file:
            state: directory
            dest: /etc/pki/ovirt-engine/
        - name: Copy the engine ca cert to the bastion machine
          copy:
            src: "{{ engine_cafile }}"
            dest: "{{ engine_cafile }}"
        - name: Copy the secured vars to the bastion machine
          copy:
            src: secure_vars.yaml
            dest: secure_vars.yaml
            decrypt: false
        - file:
            state: directory
            path: /root/.ssh
        - name: copy the OpenShift_admin keypair to the bastion machine
          copy:
            src: "{{ item }}"
            dest: "{{ item }}"
            mode: 0600
          with_items:
            - /root/.ssh/id_rsa_ssh_ocp_admin
            - /root/.ssh/id_rsa_ssh_ocp_admin.pub
    1 FQDN of the Manager machine.
    2 <qcow_url> is the download link of the Red Hat Enterprise Linux KVM Guest Image. The Red Hat Enterprise Linux KVM Guest Image includes the cloud-init package, which is required by this playbook. If you are not using Red Hat Enterprise Linux, download the cloud-init package and install it manually before running this playbook.
  8. Create the bastion virtual machine:

    # ansible-playbook -i localhost create-bastion-machine-playbook.yaml -e @secure_vars.yaml --ask-vault-pass
  9. Log in to the Administration Portal.

  10. Click Compute  Virtual Machines to verify that the rhel-bastion virtual machine was created successfully.

Installing OKD with the bastion virtual machine

Install OKD by using the bastion virtual machine in Red Hat Virtualization.

Procedure
  1. Log in to rhel-bastion.

  2. Create an install_ocp.yaml file that contains the following content:

    ---
    - name: Openshift on RHV
      hosts: localhost
      connection: local
      gather_facts: false
    
      vars_files:
        - vars.yaml
        - secure_vars.yaml
    
      pre_tasks:
        - ovirt_auth:
            url:      "{{ engine_url }}"
            username: "{{ engine_user }}"
            password: "{{ engine_password }}"
            insecure: "{{ engine_insecure }}"
            ca_file:  "{{ engine_cafile | default(omit) }}"
    
      roles:
        - role: openshift_ovirt
    
    - import_playbook: setup_dns.yaml
    - import_playbook: /usr/share/ansible/openshift-ansible/playbooks/prerequisites.yml
    - import_playbook: /usr/share/ansible/openshift-ansible/playbooks/openshift-node/network_manager.yml
    - import_playbook: /usr/share/ansible/openshift-ansible/playbooks/deploy_cluster.yml
  3. Create a setup_dns.yaml file that contains the following content:

    - hosts: masters
      strategy: free
      tasks:
        - shell: "echo {{ ansible_default_ipv4.address }} {{ inventory_hostname }} etcd.{{ inventory_hostname.split('.', 1)[1] }} openshift-master.{{ inventory_hostname.split('.', 1)[1] }} openshift-public-master.{{ inventory_hostname.split('.', 1)[1] }} docker-registry-default.apps.{{ inventory_hostname.split('.', 1)[1] }} webconsole.openshift-web-console.svc registry-console-default.apps.{{ inventory_hostname.split('.', 1)[1] }} >> /etc/hosts"
          when: openshift_ovirt_all_in_one is defined | ternary((openshift_ovirt_all_in_one | bool), false)
  4. Create an /etc/ansible/openshift_3_11.hosts Ansible inventory file that contains the following content:

    [workstation]
    localhost ansible_connection=local
    
    [all:vars]
    openshift_ovirt_dns_zone="{{ public_hosted_zone }}"
    openshift_web_console_install=true
    openshift_master_overwrite_named_certificates=true
    openshift_master_cluster_hostname="openshift-master.{{ public_hosted_zone }}"
    openshift_master_cluster_public_hostname="openshift-public-master.{{ public_hosted_zone }}"
    openshift_master_default_subdomain="{{ public_hosted_zone }}"
    openshift_public_hostname="{{openshift_master_cluster_public_hostname}}"
    openshift_deployment_type=openshift-enterprise
    openshift_service_catalog_image_version="{{ openshift_image_tag }}"
    
    [OSEv3:vars]
    # General variables
    debug_level=1
    containerized=false
    ansible_ssh_user=root
    os_firewall_use_firewalld=true
    openshift_enable_excluders=false
    openshift_install_examples=false
    openshift_clock_enabled=true
    openshift_debug_level="{{ debug_level }}"
    openshift_node_debug_level="{{ node_debug_level | default(debug_level,true) }}"
    osn_storage_plugin_deps=[]
    openshift_master_bootstrap_auto_approve=true
    openshift_master_bootstrap_auto_approver_node_selector={"node-role.kubernetes.io/master":"true"}
    osm_controller_args={"experimental-cluster-signing-duration": ["20m"]}
    osm_default_node_selector="node-role.kubernetes.io/compute=true"
    openshift_enable_service_catalog=false
    
    # Docker
    container_runtime_docker_storage_type=overlay2
    openshift_docker_use_system_container=false
    
    [OSEv3:children]
    nodes
    masters
    etcd
    lb
    
    [masters]
    [nodes]
    [etcd]
    [lb]
  5. Obtain the Red Hat Enterprise Linux KVM Guest Image download link:

    1. Navigate to Red Hat Customer Portal: Download Red Hat Enterprise Linux.

    2. In the Product Software tab, locate the Red Hat Enterprise Linux KVM Guest Image.

    3. Right-click Download Now, copy the link, and save it.

      Do not use the link that you copied when you created the bastion virtual machine. The download link is time-sensitive and must be copied just before you run the installation playbook.

  6. Create the vars.yaml file with the following content and update its parameter values:

    ---
    # For detailed documentation of variables, see
    # openshift_ovirt: https://github.com/openshift/openshift-ansible/tree/master/roles/openshift_ovirt#role-variables
    # openshift installation: https://github.com/openshift/openshift-ansible/tree/master/inventory
    engine_url: https://<Manager_FQDN>/ovirt-engine/api (1)
    engine_user: admin@internal
    engine_password: "{{ engine_password }}"
    engine_insecure: false
    engine_cafile: /etc/pki/ovirt-engine/ca.pem
    
    openshift_ovirt_vm_manifest:
      - name: 'master'
        count: 1
        profile: 'master_vm'
      - name: 'compute'
        count: 0
        profile: 'node_vm'
      - name: 'lb'
        count: 0
        profile: 'node_vm'
      - name: 'etcd'
        count: 0
        profile: 'node_vm'
      - name: infra
        count: 0
        profile: node_vm
    
    # Currently, only all-in-one installation (`openshift_ovirt_all_in_one: true`) is supported.
    # Multi-node installation (master and node VMs installed separately) will be supported in a future release.
    openshift_ovirt_all_in_one: true
    openshift_ovirt_cluster: Default
    openshift_ovirt_data_store: data
    openshift_ovirt_ssh_key: "{{ lookup('file', '/root/.ssh/id_rsa_ssh_ocp_admin.pub') }}"
    
    public_hosted_zone:
    # Uncomment to disable install-time checks, for smaller scale installations
    #openshift_disable_check: memory_availability,disk_availability,docker_image_availability
    
    qcow_url: <RHEL_KVM_guest_image_download_link> (2)
    image_path: /var/tmp
    template_name: rhelguest7
    template_cluster: "{{ openshift_ovirt_cluster }}"
    template_memory: 4GiB
    template_cpu: 1
    template_disk_storage: "{{ openshift_ovirt_data_store }}"
    template_disk_size: 100GiB
    template_nics:
      - name: nic1
        profile_name: ovirtmgmt
        interface: virtio
    
    debug_vm_create: false
    wait_for_ip: true
    vm_infra_wait_for_ip_retries: 30
    vm_infra_wait_for_ip_delay: 20
    
    node_item: &node_item
      cluster: "{{ openshift_ovirt_cluster }}"
      template: "{{ template_name }}"
      memory: "8GiB"
      cores: "2"
      high_availability: true
      disks:
        - name: docker
          size: 15GiB
          interface: virtio
          storage_domain: "{{ openshift_ovirt_data_store }}"
        - name: openshift
          size: 30GiB
          interface: virtio
          storage_domain: "{{ openshift_ovirt_data_store }}"
      state: running
      cloud_init:
        root_password: "{{ root_password }}"
        authorized_ssh_keys: "{{ openshift_ovirt_ssh_key }}"
        custom_script: "{{ cloud_init_script_node | to_nice_yaml }}"
    
    openshift_ovirt_vm_profile:
      master_vm:
        <<: *node_item
        memory: 16GiB
        cores: "{{ vm_cores | default(4) }}"
        disks:
          - name: docker
            size: 15GiB
            interface: virtio
            storage_domain: "{{ openshift_ovirt_data_store }}"
          - name: openshift_local
            size: 30GiB
            interface: virtio
            storage_domain: "{{ openshift_ovirt_data_store }}"
          - name: etcd
            size: 25GiB
            interface: virtio
            storage_domain: "{{ openshift_ovirt_data_store }}"
        cloud_init:
          root_password: "{{ root_password }}"
          authorized_ssh_keys: "{{ openshift_ovirt_ssh_key }}"
          custom_script: "{{ cloud_init_script_master | to_nice_yaml }}"
      node_vm:
        <<: *node_item
      etcd_vm:
        <<: *node_item
      lb_vm:
        <<: *node_item
    
    cloud_init_script_node: &cloud_init_script_node
      packages:
        - ovirt-guest-agent
      runcmd:
        - sed -i 's/# ignored_nics =.*/ignored_nics = docker0 tun0 /' /etc/ovirt-guest-agent.conf
        - systemctl enable ovirt-guest-agent
        - systemctl start ovirt-guest-agent
        - mkdir -p /var/lib/docker
        - mkdir -p /var/lib/origin/openshift.local.volumes
        - /usr/sbin/mkfs.xfs -L dockerlv /dev/vdb
        - /usr/sbin/mkfs.xfs -L ocplv /dev/vdc
      mounts:
        - [ '/dev/vdb', '/var/lib/docker', 'xfs', 'defaults,gquota' ]
        - [ '/dev/vdc', '/var/lib/origin/openshift.local.volumes', 'xfs', 'defaults,gquota' ]
      power_state:
        mode: reboot
        message: cloud init finished - boot and install openshift
        condition: True
    cloud_init_script_master:
      <<: *cloud_init_script_node
      runcmd:
        - sed -i 's/# ignored_nics =.*/ignored_nics = docker0 tun0 /' /etc/ovirt-guest-agent.conf
        - systemctl enable ovirt-guest-agent
        - systemctl start ovirt-guest-agent
        - mkdir -p /var/lib/docker
        - mkdir -p /var/lib/origin/openshift.local.volumes
        - mkdir -p /var/lib/etcd
        - /usr/sbin/mkfs.xfs -L dockerlv /dev/vdb
        - /usr/sbin/mkfs.xfs -L ocplv /dev/vdc
        - /usr/sbin/mkfs.xfs -L etcdlv /dev/vdd
      mounts:
        - [ '/dev/vdb', '/var/lib/docker', 'xfs', 'defaults,gquota' ]
        - [ '/dev/vdc', '/var/lib/origin/openshift.local.volumes', 'xfs', 'defaults,gquota' ]
        - [ '/dev/vdd', '/var/lib/etcd', 'xfs', 'defaults,gquota' ]
    1 FQDN of the Manager machine.
    2 <qcow_url> is the download link of the Red Hat Enterprise Linux KVM Guest Image. The Red Hat Enterprise Linux KVM Guest Image includes the cloud-init package, which is required by this playbook. If you are not using Red Hat Enterprise Linux, download the cloud-init package and install it manually before running this playbook.
  7. Install OKD:

    # export ANSIBLE_ROLES_PATH="/usr/share/ansible/roles/:/usr/share/ansible/openshift-ansible/roles"
    # export ANSIBLE_JINJA2_EXTENSIONS="jinja2.ext.do"
    # ansible-playbook -i /etc/ansible/openshift_3_11.hosts install_ocp.yaml -e @vars.yaml -e @secure_vars.yaml --ask-vault-pass
  8. Create DNS entries for the routers, for each infrastructure instance.

  9. Configure round-robin routing so that the router can pass traffic to the applications.

  10. Create a DNS entry for the OKD web console.

  11. Specify the IP address of the load balancer node.