Installing a Subcloud Using Redfish Platform Management Service

For subclouds with servers that support Redfish Virtual Media Service (version 1.2 or higher), you can use the Central Cloud’s CLI to install the ISO and bootstrap the subclouds from the Central Cloud.

About this task

After physically installing the hardware and network connectivity of a subcloud, the subcloud installation has these phases:

  • Executing the dcmanager subcloud add command in the Central Cloud:

    • Uses Redfish Virtual Media Service to remote install the ISO on controller-0 in the subcloud

    • Uses Ansible to bootstrap StarlingX on controller-0 in the subcloud

Note

After a successful remote installation of a subcloud in a Distributed Cloud system, a subsequent remote reinstallation fails because of an existing ssh key entry in the /root/.ssh/known_hosts on the SystemController. In this case, delete the host key entry, if present, from /root/.ssh/known_hosts on the SystemController before doing reinstallations.

Prerequisites

  • The docker rvmc image needs to be added to the SystemController bootstrap override file, docker.io/starlingx/rvmc:stx.5.0-v1.0.0.

  • A new system CLI option --active is added to the load-import command to allow the import into the SystemController /opt/dc-vault/loads. The purpose of this is to allow Redfish install of subclouds referencing a single full copy of the bootimage.iso at /opt/dc-vault/loads. (Previously, the full bootimage.iso was duplicated for each subcloud add command).

    Note

    This is required only once and does not have to be done for every subcloud install.

    dcmanager recognizes bootimage names ending in <.iso> and <.sig>

    For example,

    ~(keystone_admin)]$ system --os-region-name SystemController load-import --active wind-river-cloud-platform-host-installer-<version>.iso wind-river-cloud-platform-host-installer-<version>.sig
    

    In order to be able to deploy subclouds from either controller, all local files that are referenced in the bootstrap.yml file must exist on both controllers (for example, /home/sysadmin/docker-registry-ca-cert.pem).

Procedure

  1. At the subcloud location, physically install the servers and network connectivity required for the subcloud.

  1. Create the install-values.yaml file and use the content to pass the file into the dcmanager subcloud add command, using the --install-values command option.

    Note

    If your controller is on a ZTSystems Triton server that requires a longer timeout value, you can now use the rd.net.timeout.ipv6dad dracut parameter to specify an increased timeout value for dracut to wait for the interface to have carrier, and complete IPv6 duplicate address detection DAD. For the ZTSystems server, this can take more than four minutes. It is recommended to set this value to 300 seconds, by specifying the following in the subcloud install-values.yaml file:

    rd.net.timeout.ipv6dad: 300
    

    For example, --install-values /home/sysadmin/install-values.yaml.

    # Specify the WRCP software version, for example '20.06' for the WRCP 20.06 release of software.
    software_version: <software_version>
    bootstrap_interface: <bootstrap_interface_name> # e.g. eno1
    bootstrap_address: <bootstrap_interface_ip_address> # e.g.128.224.151.183
    bootstrap_address_prefix: <bootstrap_netmask> # e.g. 23
    
    # Board Management Controller
    bmc_address: <BMCs_IPv4_or_IPv6_address> # e.g. 128.224.64.180
    bmc_username: <bmc_username> # e.g. root
    
    # If the subcloud's bootstrap IP interface and the system controller are not on the
    # same network then the customer must configure a default route or static route
    # so that the Central Cloud can login bootstrap the newly installed subcloud.
    
    # If nexthop_gateway is specified and the network_address is not specified then a
    # default route will be configured. Otherwise, if a network_address is specified then
    # a static route will be configured.
    
    nexthop_gateway: <default_route_address> for  # e.g. 128.224.150.1 (required)
    network_address: <static_route_address>   # e.g. 128.224.144.0
    network_mask: <static_route_mask>         # e.g. 255.255.254.0
    
    # Installation type codes
    #0 - Standard Controller, Serial Console
    #1 - Standard Controller, Graphical Console
    #2 - AIO, Serial Console
    #3 - AIO, Graphical Console
    #4 - AIO Low-latency, Serial Console
    #5 - AIO Low-latency, Graphical Console
    install_type: 3
    
    # Optional parameters defaults can be modified by uncommenting the option with a modified value.
    
    # This option can be set to extend the installing stage timeout value
    # wait_for_timeout: 3600
    
    # Set this options for https
    no_check_certificate: True
    
    # If the bootstrap interface is a vlan interface then configure the vlan ID.
    # bootstrap_vlan: <vlan_id>
    
    # Override default filesystem device.
    # rootfs_device: "/dev/disk/by-path/pci-0000:00:1f.2-ata-1.0"
    # boot_device: "/dev/disk/by-path/pci-0000:00:1f.2-ata-1.0"
    
  2. At the SystemController, create a /home/sysadmin/subcloud1-bootstrap-values.yaml overrides file for the subcloud.

    For example:

    system_mode: simplex
    name: "subcloud1"
    
    description: "test"
    location: "loc"
    
    management_subnet: 192.168.101.0/24
    management_start_address: 192.168.101.2
    management_end_address: 192.168.101.50
    management_gateway_address: 192.168.101.1
    
    external_oam_subnet: 10.10.10.0/24
    external_oam_gateway_address: 10.10.10.1
    external_oam_floating_address: 10.10.10.12
    
    systemcontroller_gateway_address: 192.168.204.101
    
    docker_registries:
      k8s.gcr.io:
        url: registry.central:9001/k8s.gcr.io
      gcr.io:
        url: registry.central:9001/gcr.io
      quay.io:
        url: registry.central:9001/quay.io
      docker.io:
        url: registry.central:9001/docker.io
      docker.elastic.co:
        url: registry.central:9001/docker.elastic.co
      defaults:
        username: sysinv
        password: <sysinv_password>
        type: docker
    

    Where <sysinv_password> can be found by running the following command as ‘sysadmin’ on the Central Cloud:

    $ keyring get sysinv services
    

    This configuration will install container images from the local registry on your central cloud. The Central Cloud’s local registry’s HTTPS Certificate must have the Central Cloud’s OAM IP, registry.local and registry.central in the certificate’s SAN list. For example, a valid certificate contains a SAN list:

    "DNS.1: registry.local DNS.2: registry.central IP.1: floating_management IP.2: floating_OAM"
    

    If required, run the following command on the Central Cloud prior to bootstrapping the subcloud to install the new certificate for the Central Cloud with the updated SAN list:

    ~(keystone_admin)]$ system certificate-install -m docker_registry path_to_cert
    

    If you prefer to install container images from the default WRS AWS ECR external registries, make the following substitutions for the docker_registries sections of the file.

    docker_registries:
      defaults:
       username: <your_wrs-aws.io_username>
       password: <your_wrs-aws.io_password>
    
  3. Add the subcloud using dcmanager.

    When calling the subcloud add command, specify the install values, the bootstrap values and the subcloud’s sysadmin password.

    ~(keystone_admin)]$ dcmanager subcloud add \
    --bootstrap-address <oam_ip_address_of_subclouds_controller-0 >\
    --bootstrap-values /home/sysadmin/subcloud1-bootstrap-values.yaml \
    --sysadmin-password <sysadmin_password> \
    --install-values /home/sysadmin/install-values.yaml \
    --bmc-password <bmc_password>
    
    if the ``--sysadmin-password`` is not specified, you are prompted to
    enter it once the full commmand is invoked.  The password is masked
    when it is entered.
    
    Enter the sysadmin password for the subcloud:
    

    (Optional) The --bmc-password <password> is used for subcloud installation, and only required if the --install-values parameter is specified.

    If the --bmc-password <password> is omitted and the --install-values option is specified the system administrator will be prompted to enter it, following the dcmanager subcloud add command. This option is ignored if the --install-values option is not specified. The password is masked when it is entered.

    Enter the bmc password for the subcloud:
    

    You will be prompted for the BMC password of the subcloud. This command will take five to ten minutes to complete.

    The dcmanager subcloud add command can take up to ten minutes to complete.

  4. At the Central Cloud / SystemController, monitor the progress of the subcloud install, bootstrapping, and deployment by using the deploy status field of the dcmanager subcloud list command.

    ~(keystone_admin)]$ dcmanager subcloud list
    +----+-----------+------------+--------------+---------------+---------+
    | id | name      | management | availability | deploy status | sync    |
    +----+-----------+------------+--------------+---------------+---------+
    |  1 | subcloud1 | unmanaged  | online       | installing    | unknown |
    +----+-----------+------------+--------------+---------------+---------+
    

    The deploy status field has the following values:

    Pre-Install

    This status indicates that the ISO for the subcloud is being updated by the Central Cloud with the boot menu parameters, and kickstart configuration as specified in the install-values.yaml file.

    Installing

    This status indicates that the subcloud’s ISO is being installed from the Central Cloud to the subcloud using the Redfish Virtual Media service on the subcloud’s BMC.

    Bootstrapping

    This status indicates that the Ansible bootstrap of StarlingX software on the subcloud’s controller-0 is in progress.

    Complete

    This status indicates that subcloud deployment is complete.

    The subcloud install, bootstrapping and deployment can take up to 30 minutes.

    Caution

    If there is an installation failure, or a failure during bootstrapping, you must delete the subcloud before re-adding it, using the dcmanager subcloud add command. For more information on deleting, managing or unmanaging a subcloud, see Managing Subclouds Using the CLI.

    If there is a deployment failure, do not delete the subcloud, use the subcloud reconfig command, to reconfigure the subcloud. For more information, see Managing Subclouds Using the CLI.

  5. You can also monitor detailed logging of the subcloud installation, bootstrapping and deployment by monitoring the following log files on the active controller in the Central Cloud.

    /var/log/dcmanager/<subcloud_name>_install_<date_stamp>.log.

    /var/log/dcmanager/<subcloud_name>_bootstrap_<date_stamp>.log.

    For example:

    controller-0:/home/sysadmin# tail /var/log/dcmanager/subcloud1_install_2019-09-23-19-19-42.log
    TASK [wait_for] ****************************************************************
    ok: [subcloud1]
    
    controller-0:/home/sysadmin# tail /var/log/dcmanager/subcloud1_bootstrap_2019-09-23-19-03-44.log
    k8s.gcr.io: {password: secret, url: null}
    quay.io: {password: secret, url: null}
    )
    
    TASK [bootstrap/bringup-essential-services : Mark the bootstrap as completed] ***
    changed: [subcloud1]
    
    PLAY RECAP *********************************************************************
    subcloud1                  : ok=230  changed=137  unreachable=0    failed=0
    

Postrequisites

  • Provision the newly installed and bootstrapped subcloud. For detailed StarlingX deployment procedures for the desired deployment configuration of the subcloud, see the post-bootstrap steps of StarlingX Installation.

  • Check and update docker registry credentials on the subcloud:

    REGISTRY="docker-registry"
    SECRET_UUID='system service-parameter-list | fgrep
    $REGISTRY | fgrep auth-secret | awk '{print $10}''
    SECRET_REF='openstack secret list | fgrep $
    {SECRET_UUID} | awk '{print $2}''
    openstack secret get ${SECRET_REF} --payload -f value
    

    The secret payload should be, “username: sysinv password:<password>”. If the secret payload is, “username: admin password:<password>”, see, Updating Docker Registry Credentials on a Subcloud for more information.

  • For more information on bootstrapping and deploying StarlingX Installation.