-
Notifications
You must be signed in to change notification settings - Fork 3
Configuring Router
khodayard edited this page Apr 14, 2020
·
13 revisions
We will install a Minimal CentOS latest release 64bit with:
- 16 GiB HDD
- 4 GiB RAM
- 2 vCPU Cores
- 2 Network cards:
- One in Public with 33.33.33.33
- One in Private with 10.1.1.1
- NTP enabled during install to sync with Internet
- Hostname set during install
- LVM autoconfig
Login (or SSH) to your server and:
- Install "X Window System" yum group
- Install these packages with yum
open-vm-tools telnet git httpd-tools wget git net-tools bind-utils yum-utils iptables-services bridge-utils bash-completion kexec-tools sos psacct origin-clients.x86_64 java-1.8.0-openjdk-headless.x86_64 firefox.x86_64 chrony bind tcpdump- Install Ansible from EPEL repo:
[root@dns01 ~]# yum -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
[root@dns01 ~]# sed -i -e "s/^enabled=1/enabled=0/" /etc/yum.repos.d/epel.repo
[root@dns01 ~]# yum -y --enablerepo=epel install ansible pyOpenSSL- Configure chrony like this:
[root@dns01 ~]# cat /etc/chrony.conf | grep -v ^#| grep -v ^$
server 0.centos.pool.ntp.org iburst
server 1.centos.pool.ntp.org iburst
server 2.centos.pool.ntp.org iburst
server 3.centos.pool.ntp.org iburst
driftfile /var/lib/chrony/drift
makestep 1.0 3
rtcsync
allow 10.1.1.0/24
logdir /var/log/chrony
[root@dns01 ~]#All of these setting except allow is already set because you have enabled NTP during installation.
- Configure bind like this:
[root@dns01 ~]# cat /etc/named/named.conf.local | grep -v ^#| grep -v ^$
zone "okd.lcl" {
type master;
file "/etc/named/zones/db.okd.lcl"; # zone file path
};
[root@dns01 ~]#
[root@dns01 ~]#
[root@dns01 ~]# cat /etc/named/zones/db.okd.lcl | grep -v ^\;| grep -v ^$
@ IN SOA ns1.okd.lcl. admin.okd.lcl. (
3 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
IN NS ns1.okd.lcl.
ns1.okd.lcl. IN A 10.1.1.1
mst01.okd.lcl. IN A 10.1.1.21
mst02.okd.lcl. IN A 10.1.1.22
mst03.okd.lcl. IN A 10.1.1.23
nlb.okd.lcl. IN A 10.1.1.30
nlb01.okd.lcl. IN A 10.1.1.31
nlb02.okd.lcl. IN A 10.1.1.32
xlb.okd.lcl. IN A 10.1.1.35
xlb01.okd.lcl. IN A 10.1.1.36
xlb02.okd.lcl. IN A 10.1.1.37
wrk01.okd.lcl. IN A 10.1.1.41
wrk02.okd.lcl. IN A 10.1.1.42
wrk03.okd.lcl. IN A 10.1.1.43
inf01.okd.lcl. IN A 10.1.1.51
inf02.okd.lcl. IN A 10.1.1.52
inf03.okd.lcl. IN A 10.1.1.53
glf01.okd.lcl. IN A 10.1.1.61
glf02.okd.lcl. IN A 10.1.1.62
glf03.okd.lcl. IN A 10.1.1.63
glr01.okd.lcl. IN A 10.1.1.71
glr02.okd.lcl. IN A 10.1.1.72
glr03.okd.lcl. IN A 10.1.1.73
*.apps.okd.lcl IN A 10.1.1.51
*.apps.okd.lcl IN A 10.1.1.52
*.apps.okd.lcl IN A 10.1.1.53
*.apps.okd.lcl IN A 10.1.1.71
*.apps.okd.lcl IN A 10.1.1.72
*.apps.okd.lcl IN A 10.1.1.73
[root@dns01 ~]#I guess all is clear but *.apps.okd.lcl which has to be set as openshift_master_default_subdomain to be used in OKD Router and has to point to all infra nodes.
-
Configure routing:
You have to configure your server to rout all traffic to internet, so that all of your nodes can access Internet but could not be access from Internet without your permission and control.
[root@dns01 ~]# cat /etc/sysctl.conf | grep -v ^#| grep -v ^$
net.ipv4.ip_forward = 1
[root@dns01 ~]# - Configure firewall
[root@dns01 ~]#iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
[root@dns01 ~]#iptables -A FORWARD -i eth1 -j ACCEPTI think these two rules would be enough, but you test it yourself ;)
- Clone git repo:
[root@dns01 ~]# cd ~
[root@dns01 ~]# git clone https://github.com/openshift/openshift-ansible
[root@dns01 ~]# cd openshift-ansible
[root@dns01 ~]# git checkout release-3.11