OpenShift Virtualization on Single Node OpenShift Cluster

#OpenShift #RedHat

If you're looking to set up OpenShift Virtualization on a Single Node OpenShift (SNO) Cluster, here’s a step-by-step guide that outlines the prerequisites and the process:

Prerequisites:

• Hypervisor: You'll need an x86 hypervisor like KVM or ESXi.
• Virtual Servers: Set up two virtual servers on the same network subnet (e.g., 192.168.230.120-121/24):

Bastion Server: vCPUs: 4 RAM: 8 GB Disk Space: 50 GB OS: CentOS, Fedora, or Red Hat Linux Services: DNS (required), DHCP (optional if you prefer static IP configuration), OC client.

SNO Server: vCPUs: 15 RAM: 64 GB Disk 1 (OS): 120 GB Disk 2 (Data): 512 GB OS: CoreOS

• Red Hat Subscription: Ensure you have a Red Hat subscription to access the OpenShift Assisted Installer.

Why the Bastion Server?

The bastion server plays a crucial role in the setup, acting as the management server that manages the OpenShift Cluster and provides essential services like DNS and DHCP. In my setup, I opted for static IP configuration, but if you prefer using DHCP, you can configure it on the bastion server.

Installation Steps:

• Create bastion and sno VMs on VShpere (EXSI)

• Install RedHat or CentOS Linux on the bastion VM, and make sure selinux and firewall are disabled.

[root@bastion ~]# hostnamectl
   Static hostname: bastion.xxx.xxx.xxx
         Icon name: computer-vm
           Chassis: vm
        Machine ID: 08ca734e90894cb69950eb7233bff768
           Boot ID: ef1ee3aeab6647358cb4e76c819dfd34
    Virtualization: vmware
  Operating System: Red Hat Enterprise Linux 8.6 (Ootpa)
       CPE OS Name: cpe:/o:redhat:enterprise_linux:8::baseos
            Kernel: Linux 4.18.0-372.9.1.el8.x86_64
      Architecture: x86-64
[root@bastion ~]# systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled)
   Active: inactive (dead)
     Docs: man:firewalld(1)
[root@bastion ~]# cat /etc/selinux/config

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=permissive
# SELINUXTYPE= can take one of these three values:
#     targeted - Targeted processes are protected,
#     minimum - Modification of targeted policy. Only selected processes are protected.
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted        

• To install the OpenShift CLI (`oc` client), you can use the following: script depending on your operating system. Here's a script for Linux-based systems:

### Script to Install `oc` Client on Linux

```bash
#!/bin/bash

# Define the version of OpenShift CLI you want to install
OC_VERSION="latest"  # You can specify a version like "4.12.0" or use "latest"

# Set the download URL based on the version
if [ "$OC_VERSION" == "latest" ]; then
    DOWNLOAD_URL=$(curl -s https://mirror.openshift.com/pub/openshift-v4/clients/ocp/latest/ | grep -oP 'https://[^"]+linux-64bit.tar.gz' | head -1)
else
    DOWNLOAD_URL="https://mirror.openshift.com/pub/openshift-v4/clients/ocp/${OC_VERSION}/openshift-client-linux-${OC_VERSION}.tar.gz"
fi

# Create a temporary directory
TMP_DIR=$(mktemp -d)

# Download the OpenShift CLI
echo "Downloading OpenShift CLI..."
curl -Lo "$TMP_DIR/oc.tar.gz" "$DOWNLOAD_URL"

# Extract the archive
echo "Extracting OpenShift CLI..."
tar -xzf "$TMP_DIR/oc.tar.gz" -C "$TMP_DIR"

# Move the binaries to /usr/local/bin
echo "Installing OpenShift CLI..."
sudo mv "$TMP_DIR/oc" /usr/local/bin/
sudo mv "$TMP_DIR/kubectl" /usr/local/bin/

# Clean up the temporary directory
rm -rf "$TMP_DIR"

# Verify the installation
echo "Verifying OpenShift CLI installation..."
oc version --client

echo "OpenShift CLI installation complete."
```

### Usage

1. Copy the script into a file, e.g., `install_oc.sh`.
2. Make the script executable:

   ```bash
   chmod +x install_oc.sh
   ```

3. Run the script:

   ```bash
   ./install_oc.sh
   ```

This script will automatically download the latest version of the OpenShift CLI or a specified version, install it, and verify the installation.        

• Script to Install and Configure DNS Server (BIND) on RHEL/CentOS

#!/bin/bash

# Function to check the exit status of the last command
check_status() {
    if [ $? -ne 0 ]; then
        echo "Error: $1 failed."
        exit 1
    fi
}

# Prompt the user for the domain name
read -p "Enter the domain name you want to configure (e.g., example.com): " DOMAIN_NAME

# Prompt the user for DNS queries (A records)
declare -A DNS_QUERIES
while true; do
    read -p "Enter a hostname (e.g., www) or leave blank to finish: " HOSTNAME
    if [ -z "$HOSTNAME" ]; then
        break
    fi
    read -p "Enter the IP address for $HOSTNAME.$DOMAIN_NAME: " IP_ADDRESS
    DNS_QUERIES[$HOSTNAME]=$IP_ADDRESS
done

# Install BIND and its utilities
echo "Installing BIND DNS server..."
sudo yum install -y bind bind-utils
check_status "BIND installation"

# Enable and start the BIND service
echo "Enabling and starting BIND service..."
sudo systemctl enable named
sudo systemctl start named
check_status "BIND service"

# Configure the named.conf file
echo "Configuring BIND DNS server..."
sudo cp /etc/named.conf /etc/named.conf.backup
sudo sed -i "s/^\(.*listen-on port 53\).*/\1 { any; };/" /etc/named.conf
sudo sed -i "s/^\(.*allow-query\).*/\1 { any; };/" /etc/named.conf

# Create a zone file for the domain
ZONE_FILE="/var/named/${DOMAIN_NAME}.zone"
sudo cat <<EOF | sudo tee $ZONE_FILE
\$TTL 86400
@   IN  SOA     ns1.$DOMAIN_NAME. root.$DOMAIN_NAME. (
                                2         ; Serial
                                3600      ; Refresh
                                1800      ; Retry
                                604800    ; Expire
                                86400 )   ; Minimum TTL
                                
    IN  NS      ns1.$DOMAIN_NAME.

ns1 IN  A       127.0.0.1
EOF

# Add DNS queries to the zone file
for HOST in "${!DNS_QUERIES[@]}"; do
    echo "$HOST IN A ${DNS_QUERIES[$HOST]}" | sudo tee -a $ZONE_FILE
done

# Update the named.conf file to include the new zone
sudo sed -i "/^include \"\/etc\/named.rfc1912.zones\";/a \
zone \"$DOMAIN_NAME\" IN {\n\
        type master;\n\
        file \"$ZONE_FILE\";\n\
        allow-update { none; };\n\
};" /etc/named.conf

# Set the correct permissions for the zone file
sudo chown named:named $ZONE_FILE

# Restart the BIND service
echo "Restarting BIND service..."
sudo systemctl restart named
check_status "BIND restart"

# Open DNS port in the firewall
echo "Configuring firewall to allow DNS queries..."
sudo firewall-cmd --add-service=dns --permanent
sudo firewall-cmd --reload
check_status "Firewall configuration"

# Check if BIND is running and configured correctly
sudo systemctl status named

echo "DNS server configured successfully for domain $DOMAIN_NAME."        

• Usage

1. Save the script to a file, e.g., install_configure_dns.sh.
2. Make the script executable:

chmod +x install_configure_dns.sh        

sudo ./install_configure_dns.sh        

Now Access the RedHat OpenShift Console website Link By using your Username and Password

After installation completion is successfully done, you will be able to login to the cluster by using the below information.