3 Installation Procedures

The installation procedures in this document provision and configure an Oracle Communications Signaling, Network Function Cloud Native Environment (OCCNE). OCCNE offers the choice of deployment platform; the CNE can be deployed directly onto dedicated hardware, (referred to as a bare metal CNE), or deployed onto OpenStack-hosted VMs. (referred to as a virtualized CNE).

Regardless of which deployment platform is selected, OCCNE installation is highly automated. A collection of container-based utilities are used to automate the provisioning, installation, and configuration of OCCNE. These utilities are based on the following automation tools:

• PXE helps reliably automate provisioning the hosts with a minimal operating system.
• Terraform is used to create the virtual resources that the virtualized CNE is hosted on.
• Kubespray helps reliably install a base Kubernetes cluster, including all dependencies (like etcd), using the Ansible provisioning tool.
• Ansible is used to orchestrate the overall deployment.
• Helm is used to deploy and configure common services such as Prometheus, Grafana, ElasticSearch and Kibana.

Note:

In case any procedure requires Linux Shell access, make sure that the shell is with Keepalive to avoid unexpected timeout.

Bare Metal Installation

This section describes the procedure to install OCCNE onto dedicated bare metal hardware.

OCCNE Installation Overview

Frame and Component Overview

The initial release of the OCCNE system provides support for on-prem deployment to a very specific target environment consisting of a frame holding switches and servers. This section describes the layout of the frame and describes the roles performed by the racked equipment.

Note:

In the installation process, some of the roles of servers change as the installation procedure proceeds.

Frame Overview

The physical frame is comprised of HP c-Class enclosure (BL460c blade servers), 5 DL380 rack mount servers, and 2 Top of Rack (ToR) Cisco switches. In case any procedure requires Linux Shell access, make sure that the shell is with Keepalive to avoid unexpected timeout.

Figure 3-1 Frame Overview

Host Designations

Each physical server has a specific role designation within the CNE solution.

Figure 3-2 Host Designations

Node Roles

Along with the primary role of each host, a secondary role may be assigned. The secondary role may be software related, or, in the case of the Bootstrap Host, hardware related, as there are unique OOB connections to the ToR switches.

Figure 3-3 Node Roles

Transient Roles

Transient role is unique in that it has OOB connections to the ToR switches, which brings the designation of Bootstrap Host. This role is only relevant during initial switch configuration and disaster recovery of the switch. RMS1 also has a transient role as the Installer Bootstrap Host, which is only relevant during initial install of the frame, and subsequent to getting an official install on RMS2, this host is re-paved to its Storage Host role.

Figure 3-4 Transient Roles

Create OCCNE Instance

This section describes the steps and procedures required to create an OCCNE instance at a customer site. The following diagrams shows the installation context:

Figure 3-5 OCCNE Installation Overview

The following is an overview or basic install flow for reference to understand the overall effort contained within these procedures:

1. Check that the hardware is on-site and properly cabled and powered up.
2. Pre-assemble the basic ingredients needed to perform a successful install:
   1. Identify

      1. Download and stage software and other configuration files using provided manifests. Refer to Artifact Acquisition and Hosting for manifests information.
      2. Identify the layer 2 (MAC) and layer 3 (IP) addresses for the equipment in the target frame
      3. Identify the addresses of key external network services (e.g., NTP, DNS, etc.)
      4. Verify / Set all of the credentials for the target frame hardware to known settings
   2. Prepare
      1. Software Repositories: Load the various SW repositories (YUM, Helm, Docker, etc.) using the downloaded software and configuration
      2. Configuration Files: Populate the hosts inventory file with credentials and layer 2 and layer 3 network information, switch configuration files with assigned IP addresses, and yaml files with appropriate information.
3. Bootstrap the System:
   1. Manually configure a Minimal Bootstrapping Environment (MBE); perform the minimal set of manual operations to enable networking and initial loading of a single Rack Mount Server - RMS1 - the transient Installer Bootstrap Host. In this procedure, a minimal set of packages needed to configure switches, iLOs, PXE boot environment, and provision RMS2 as an OCCNE Storage Host are installed.
   2. Using the newly constructed MBE, automatically create the first (complete) Management VM on RMS2. This freshly installed Storage Host will include a virtual machine for hosting the Bastion Host.
   3. Using the newly constructed Bastion Host on RMS2, automatically deploy and configure the OCCNE on the other servers in the frame
4. Final Steps
   1. Perform post installation checks
   2. Perform recommended security hardening steps

Cluster Bootstrapping Overview

This install procedure is targeted at installing OCCNE onto a new hardware absent of any networking configurations to switches, or operating systems provisioned. Therefore, the initial step in the installation process is to provision RMS1 (see Installation Procedures) as a temporary Installer Bootstrap Host. The Bootstrap Host is configured with a minimal set of packages needed to configure switches, iLOs, PXE boot environment, and provision RMS2 as an OCCNE Storage Host. A virtual Bastion Host is also provisioned on RMS2. The Bastion Host is then used to provision (and in the case of the Bootstrap Host, re-provision) the remaining OCCNE hosts, install Kubernetes, Database services, and Common Services running within the Kubernetes cluster.

Installation Prerequisites

Obtain Mate Site DB Replication Service Load Balancer IP

Complete the procedures outlined in this section before moving on to the Install Procedures section. OCCNE installation procedures require certain artifacts and information to be made available prior to executing installation procedures. Refer to Configure Artifact Acquisition and Hosting for the prerequisites.

While installing MYSQL NDB on the second site the Mate Site DB Replication Service Load Balancer IP must be provided as the configuration parameter for the geo-replication process to start.

1. Login to Bastion Host of the first site and execute the following command to retrieve DB Replication Service Load Balancer IP
2. Fetch DB Replication Service Load Balancer IP of Mate Site MYSQL NDB.

   $ kubectl get svc --namespace=occne-infra | grep replication
    
   Example:
   $ kubectl get svc --namespace=occne-infra | grep replication
   occne-db-replication-svc     LoadBalancer   10.233.3.117    10.75.182.88     80:32496/TCP   2m8s

   In the above example IPv4: 10.75.182.88 is the Mate Site DB Replication Service Load Balancer IP.

Configure Artifact Acquisition and Hosting

OCCNE requires artifacts from Oracle eDelivery and certain open-source projects. OCCNE deployment environments are not expected to have direct internet access. Thus, customer-provided intermediate repositories are necessary for the OCCNE installation process. These repositories will need OCCNE dependencies to be loaded into them. This section will address the artifacts list needed to be in these repositories.

Oracle eDelivery Artifact Acquisition

The following artifacts require download from eDelivery and/or OHC.

Table 3-1 Oracle eDelivery Artifact Acquisition

Artifact	Description	File Type	Destination Repository
occne-images-1.3.x.tgz	OCCNE Installers (Docker images)	Tar GZ	Docker Registry
v980756-01.zip	Zip file of MySQL Cluster Manager 1.4.7+Cluster	Zip of tar file	File repository MySQL Repository Requirements
v975367-01.iso	OL7 ISO	ISO	File repository Oracle Linux 7.5 Download Instructions
Install Docs	These Install Procedures from OHC	PDFs	N/A
Templates	Switch config files, hosts.ini file templates from OHC	Config files (.conf, .ini)	Local media

Third Party Artifacts

OCCNE dependencies that come from open-source software must be available in repositories reachable by the OCCNE installation tools. For an accounting of third party artifacts needed for this installation, refer to the Artifact Acquisition and Hosting.

Populate the MetalLB Configuration

Introduction

The metalLB configMap file (mb_configmap.yaml) contains the manifest for the metalLB configMap, this defines the BGP peers and address pools for metalLB. This file (mb_configmap.yaml) must be placed in the same directory (/var/occne/<cluster_name>) as the hosts.ini file.

Table 3-2 Procedure to configure MetalLB pools and peers

Step #	Procedure	Description
1.	Add BGP peers and address groups	Referring to the data collected in the Preflight Checklist, add BGP peers (ToRswitchA_Platform_IP, ToRswitchB_Platform_IP) and address groups for each address pool. Address-pools list the IP addresses that metalLB is allowed to allocate.
2.	Edit the mb_configmap.yaml file	Edit the mb_configmap.yaml file with the site-specific values found in the Preflight Checklist Note: The name "signaling" is prone to different spellings (UK vs US), therefore pay special attention to how this signaling pool is referenced. configInline: peers: - peer-address: <ToRswitchA_Platform_IP> peer-asn: 64501 my-asn: 64512 - peer-address: <ToRswitchB_Platform_IP> peer-asn: 64501 my-asn: 64512 address-pools: - name: signaling protocol: bgp auto-assign: false addresses: - '<MetalLB_Signal_Subnet_IP_Range>' - name: oam protocol: bgp auto-assign: false addresses: - '<MetalLB_OAM_Subnet_IP_Range>'

Install Backup Bastion Host

Introduction

This procedure details the steps necessary to install the Backup Bastion Host on the Storage Host db-1/RMS1 and backing up the data from the active Bastion Host on db-2/RMS2 to the Backup Bastion Host.

Prerequisites

1. Bastion Host is already created on Storage Host db-2/RMS2.
2. Storage Host db-2/RMS2 and the Backup Bastion Host are defined in the Customer hosts.ini file as defined in procedure: Inventory File Preparation.
3. Host names and IP Address, network information assigned to Backup Management VM are captured in the Installation PreFlight Checklist.
4. All the Network information should be configured in Inventory File Preparation.

Expectations

1. Bastion Host VM on Storage Host db-1/RMS1 is created as a backup for Bastion Host VM on Storage Host db-2/RMS2.
2. All the required config files and data configured in the Backup Bastion Host on Storage Host db-1/RMS1 are copied from the active Bastion Host on Storage Host db-2/RMS2.

Procedure

Create the Backup Bastion Host on Storage Host db-1/RMS1

All commands are executed from the active Bastion Host on db-2/RMS2.

1. Login in to the active Bastion Host (VM on RMS2) using the admusr/****** credentials.
2. Execute the deploy.sh script from the /var/occne/ directory with the required parameters set.

   $ export CENTRAL_REPO=<customer specific repo name>
   $ export CENTRAL_REPO_IP=<customer_specific_repo_ipv4>
   $ export OCCNE_CLUSTER=<cluster_name>
   $ export OCCNE_BASTION=<bastion_full_name>
   $ ./deploy.sh
    
   Customer Example:
   $ export CENTRAL_REPO=central-repo
   $ export CENTRAL_REPO_IP=10.10.10.10
   $ export OCCNE_CLUSTER=rainbow
   $ export OCCNE_BASTION=bastion-1.rainbow.lab.us.oracle.com
   $ ./deploy.sh
    
   Note: The above example can be executed like the following:
   CENTRAL_REPO=central-repo CENTRAL_REPO_IP=10.10.10.10 OCCNE_CLUSTER=rainbow OCCNE_BASTION=bastion-1.rainbow.lab.us.oracle.com ./deploy.sh

Initial Configuration - Prepare a Minimal Boot Strapping Environment

In the first step of the installation, a minimal bootstrapping environment is established that is to support the automated installation of the CNE environment. The steps in this section provide the details necessary to establish this minimal bootstrap environment on the Installer Bootstrap Host using a Keyboard, Video, Mouse (KVM) connection.

Installation of Oracle Linux 7.5 on Bootstrap Host

This procedure outlines the installation steps for installing the OL7 onto the OCCNE Installer Bootstrap Host. This host is used to configure the networking throughout the system and install OL7 onto RMS2. It is re-paved as a Database Host in a later procedure.

Prerequisites

1. USB drive of sufficient size to hold the ISO (approximately 5Gb)
2. Oracle Linux 7.x iso
3. YUM repository file
4. Keyboard, Video, Mouse (KVM)

Limitations and Expectations

1. The configuration of the Installer Bootstrap Host is meant to be quick and easy, without a lot of care on appropriate OS configuration. The Installer Bootstrap Host is re-paved with the appropriate OS configuration for cluster and DB operation at a later stage of installation. The Installer Bootstrap Host needs a Linux OS and some basic network to get the installation process started.
2. All steps in this procedure are performed using Keyboard, Video, Mouse (KVM).

References

1. Oracle Linux 7 Installation guide: https://docs.oracle.com/cd/E52668_01/E54695/html/index.html
2. HPE Proliant DL380 Gen10 Server User Guide

Bootstrap Install Procedure

Table 3-3 Bootstrap Install Procedure

Step #	Procedure	Description
1.	Create Bootable USB Media	Download the Oracle Linux Download the Oracle Linux ISO from OHC onto a user accessible location (eg. Installer's notebook). The exact details on how to perform this step is specific to the users equipment). Push the OL ISO image onto the USB Flash Drive. Since the installer's notebook may be Windows or Linux OS-based, the user executing this procedure determines the appropriate detail to execute this task. For a Linux based notebook, insert a USB Flash Drive of the appropriate size into a Laptop (or some other linux host where the iso can be copied to), and run the dd command to create a bootable USB drive with the Oracle Linux 7 iso. $ dd -if=<path to ISO> -of=<USB device path> -bs=1m Example (assuming the USB is on /dev/sdf and the iso file is at /var/occne) $ dd -if=/var/occne/OracleLinux-7.5-x86_64-disc1.iso -of=/dev/sdf -bs=1m
2.	Install OL7 on the Installer Bootstrap Host.	Connect a Keyboard, Video, and Mouse (KVM) into the Installer Bootstrap Host's monitor and USB ports. Plug the USB flash drive containing the bootable iso into an available USB port on the Bootstrap host (usually in the front panel). Reboot the host by momentarily pressing the power button on the host's front panel. The button will go yellow. If it holds at yellow, press the button again. The host should auto-boot to the USB flash drive. Note: If the host was previously configured and the USB is not a bootable path in the boot order, it may not boot successfully. If the host does not boot to the USB, repeat step 3, and interrupt the boot process by pressing F11 which brings up the Boot Menu. If the host has been recently booted with an OL, the Boot Menu will display Oracle Linux at the top of the list. Select Generic USB Boot as the first boot device and proceed. The host attempts to boot from the USB. Select Test this media & install Oracle Linux 7.x and click ENTER. This begins the verification of the media and the boot process. After the verification reaches 100%, the Welcome screen is displayed. When prompted for the language to use, select the default setting: English (United States) and click Continue in the lower left corner. The INSTALLATION SUMMARY page, is displayed. The following settings are expected. If any of these are not set correctly then please select that menu item and make the appropriate changes. LANGUAGE SUPPORT: English (United States) KEYBOARD: English (US) INSTALLATION SOURCE: Local Media SOFTWARE SELECTION: Minimal Install INSTALLATION DESTINATION should display No disks selected. Select INSTALLATION DESTINATION to indicate the drive to install the OS on. Select the first HDD drive ( in this case that would be the first one listed or the 1.6 TB disk) and select DONE in the upper right corner. If the server has already been installed a red banner at the bottom of the page may indicate there is an error condition. Selecting that banner causes a dialog to appear indicating there is not enough free space (which might mean an OS has already been installed). In the dialog it may show both 1.6 TB HDDs as claimed or just the one. If only one HDD is displayed (or it could be both 1.6 TB drives selected, select the Reclaim space button. Another dialog appears. Select the Delete all button and the Reclaim space button again. Select DONE to return to the INSTALLATION SUMMARY screen. If the disk selection dialog appears (after selecting the red banner at the bottom of the page), this implies a full installation of the RMS has already been performed (usually this is because the procedure had to be restarted after it was successfully completed). In this case select the Modify Disk Selection. This will return to the disk selection page. Select both HDDs and hit done. The red banner should now indicate the space must be reclaimed. The same steps to reclaim the space can be performed. Select DONE. This returns to the INSTALLATION SUMMARY page. At the INSTALLATION SUMMARY screen, select Begin Installation. The CONFIGURATION screen is displayed. At the CONFIGURATION screen, select ROOT PASSWORD. Enter a root password appropriate for this installation. It is good practice to use a customer provided secure password to minimize the host being compromised during installation. At the conclusion of the install, remove the USB and select Reboot to complete the install and boot to the OS on the host. At the end of the boot, the login prompt appears.
3.	Install Additional Packages.	Additional packages are needed to complete the installation and move on to the next step in the overall procedure. These additional packages are available within the OL install media on the USB. To install these packages, a YUM repo file is configured to use the install media. The additional packages to install are: dnsmasq dhcp xinetd tftp-server dos2unix nfs-utils Login with the root user and password configured above. Create the mount directory: $ mkdir /media/usb Insert the USB into an available USB port (usually the front USB port) of the Installer Bootstrap Host. Find and mount the USB partition. Typically the USB device is enumerated as /dev/sda but that is not always the case. Use the lsblk command to find the USB device. An example lsblk output is below. The capacity of the USB drive is expected to be approximately 30GiB, therefore the USB drive is enumerated as device /dev/sda in the example below: $ lsblk sdd 8:48 0 894.3G 0 disk sde 8:64 0 1.7T 0 disk sdc 8:32 0 894.3G 0 disk ├─sdc2 8:34 0 1G 0 part /boot ├─sdc3 8:35 0 893.1G 0 part │ ├─ol-swap 252:1 0 4G 0 lvm [SWAP] │ ├─ol-home 252:2 0 839.1G 0 lvm /home │ └─ol-root 252:0 0 50G 0 lvm / └─sdc1 8:33 0 200M 0 part /boot/efi sda 8:0 1 29.3G 0 disk ├─sda2 8:2 1 8.5M 0 part └─sda1 8:1 1 4.3G 0 part The dmesg command also provides information about how the operating system enumerates devices. In the example below, the dmesg output indicates the USB drive is enumerated as device /dev/sda. Note: The output is shortened here for display purposes. $ dmesg ... [8850.211757] usb-storage 2-6:1.0: USB Mass Storage device detected [8850.212078] scsi host1: usb-storage 2-6:1.0 [8851.231690] scsi 1:0:0:0: Direct-Access SanDisk Cruzer Glide 1.00 PQ: 0 ANSI: 6 [8851.232524] sd 1:0:0:0: Attached scsi generic sg0 type 0 [8851.232978] sd 1:0:0:0: [sda] 61341696 512-byte logical blocks: (31.4 GB/29.3 GiB) [8851.234598] sd 1:0:0:0: [sda] Write Protect is off [8851.234600] sd 1:0:0:0: [sda] Mode Sense: 43 00 00 00 [8851.234862] sd 1:0:0:0: [sda] Write cache: disabled, read cache: enabled, doesn't support DPO or FUA [8851.255300] sda: sda1 sda2 ... The USB device should contain at least two partitions. One is the boot partition and the other is the install media. The install media is the larger of the two partitions. To find information about the partitions use the fdisk command to list the filesystems on the USB device. Use the device name discovered via the steps outlined above. In the examples above, the USB device is /dev/sda. $ fdisk -l /dev/sda Disk /dev/sda: 31.4 GB, 31406948352 bytes, 61341696 sectors Units = sectors of 1 * 512 = 512 bytes Sector size (logical/physical): 512 bytes / 512 bytes I/O size (minimum/optimal): 512 bytes / 512 bytes Disk label type: dos Disk identifier: 0x137202cf Device Boot Start End Blocks Id System /dev/sda1 * 0 8929279 4464640 0 Empty /dev/sda2 3076 20503 8714 ef EFI (FAT-12/16/32) In the example output above, the /dev/sda2 partition is the EFI boot partition. Therefore the install media files are on /dev/sda1. Use the mount command to mount the install media file system. The same command without any options is used to verify the device is mounted to /media/usb. $ mount /dev/sda1 /media/usb $ mount ... /dev/sda1 on /media/usb type iso9660 (ro,relatime,nojoliet,check=s,map=n,blocksize=2048) Create a yum config file to install packages from local install media. Create a repo file /etc/yum.repos.d/Media.repo with the following information: [ol7_base_media] name=Oracle Linux 7 Base Media baseurl=file:///media/usb gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-oracle gpgcheck=1 enabled=1 Disable the default public yum repo. This is done by renaming the current .repo file to end with something other than .repo. Adding .disabled to the end of the file name is standard. Note: This can be left in this state as the Installer Bootstrap Host is re-paved in a later procedure. $ mv /etc/yum.repos.d/public-yum-ol7.repo /etc/yum.repos.d/public-yum-ol7.repo.disabled Use the yum repolist command to check the repository configuration. The output of yum repolist should look like the example below. Verify there no errors regarding un-reachable yum repos. $ yum repolist Loaded plugins: langpacks, ulninfo repo id repo name status ol7_base_media Oracle Linux 7 Base Media 5,134 repolist: 5,134 Use yum to install the additional packages from the USB repo. $ yum install dnsmasq $ yum install dhcp $ yum install xinetd $ yum install tftp-server $ yum install dos2unix $ yum install nfs-utils Verify installation of dhcp, xinetd, and tftp-server. Note: Currently dnsmasq is not being used. The verification of tftp makes sure the tftp file is included in the /etc/xinetd.d directory. Installation/Verification does not include actually starting any of the services. Service configuration/starting is performed in a later procedure. Verify dhcp is installed: ------------------------- $ cd /etc/dhcp $ ls dhclient.d dhclient-exit-hooks.d dhcpd6.conf dhcpd.conf scripts Verify xinetd is installed: --------------------------- $ cd /etc/xinetd.d $ ls chargen-dgram chargen-stream daytime-dgram daytime-stream discard-dgram discard-stream echo-dgram echo-stream tcpmux-server time-dgram time-stream Verify tftp is installed: ------------------------- $ cd /etc/xinetd.d $ ls chargen-dgram chargen-stream daytime-dgram daytime-stream discard-dgram discard-stream echo-dgram echo-stream tcpmux-server tftp time-dgram time-stream Unmount the USB and remove the USB from the host. The mount command can be used to verify the USB is no longer mounted to /media/usb. $ umount /media/usb $ mount Verify that /dev/sda1 is no longer shown as mounted to /media/usb.

Configure the Installer Bootstrap Host BIOS

Introduction

These procedures define the steps necessary to set up the Legacy BIOS changes on the Bootstrap host using the KVM. Some of the procedures in this document require a reboot of the system and are indicated in the procedure.

Prerequisites

Procedure OCCNE Installation of Oracle Linux 7.5 on Bootstrap Host is complete.

Limitations and Expectations

1. Applies to HP Gen10 iLO 5 only.
2. The procedures listed here applies to the Bootstrap host only.

Steps to OCCNE Configure the Installer Bootstrap Host BIOS

Table 3-4 Procedure to configure the Installer Bootstrap Host BIOS

Step #	Procedure	Description
1.	Expose the System Configuration Utility	This procedure details how to expose the HP iLO 5 System Configuration Utility main page from the KVM. It does not provide instructions on how to connect the console as these may be different on each installation. After making the proper connections for the KVM on the back of the Bootstrap host to have access to the console, the user should reboot the host by momentarily pressing the power button on the front of the Bootstrap host. Expose the HP Proliant DL380 Gen10 System Utilities. Once the remote console has been exposed, the system must be reset to force it through the restart process. When the initial window is displayed, hit the F9 key repeatedly. Once the F9 is highlighted at the lower left corner of the remote console, it should eventually bring up the main System Utility. The System Utilities screen is exposed in the remote console.
2.	Change over from UEFI Booting Mode to Legacy BIOS Booting Mode	Should the System Utility default the booting mode to UEFI or has been changed to UEFI, it will be necessary to switch the booting mode to Legacy. Expose the System Configuration Utility by following Step 1. Select System Configuration. Select BIOS/Platform Configuration (RBSU). Select Boot Options. If the Boot Mode is set to UEFI Mode then this procedure should be used to change it to Legacy BIOS Mode. Note: The server reset must go through an attempt to boot before the changes will actually apply. The user is prompted to select the Reboot Required popup dialog. This will drop back into the boot process. The boot must go into the process of actually attempting to boot from the boot order. This should fail since the disks have not been installed at this point. The System Utility can be accessed again. After the reboot and the user re-enters the System Utility, the Boot Options page should appear. Select F10: Save if it's desired to save and stay in the utility or select the F12: Save and Exit if its desired to save and exit to complete the current boot process.
3.	Adding a New User Account	This procedure provides the steps required to add a new user account to the server iLO 5 interface. Note: This user must match the pxe_install_lights_out_usrfields as provided in the hosts inventory files created using the template: OCCNE Inventory File Preparation. Expose the System Utility by following Step 1. Select System Configuration. Select iLO 5 Configuration Utility. Select User Management, and then Add User. Select the appropriate permissions. For the root user set all permissions to YES. Enter root as New User Name and Login Name fields, and enter <password> in the Password field. Select F10: Save to save and stay in the utility or select the F12: Save and Exit to save and exit, to complete the current boot process.
4.	Force PXE to boot from the first Embedded FlexibleLOM HPE Ethernet 10Gb 2-port Adapter	During host PXE, the DHCP DISCOVER requests from the hosts must be broadcast over the 10Gb port. This procedure provides the steps necessary to configure the broadcast to use the 10Gb ports before it attempts to use the 1Gb ports. Moving the 10Gb port up on the search order helps to speed up the response from the host servicing the DHCP DISCOVER. Enclosure blades have 2 10GE NICs which default to being configured for PXE booting. The RMS are re-configured to use the PCI NICs using this procedure. Expose the System Utility by following Step 1. Select System Configuration. Select BIOS/Platform Configuration (RBSU). Select Boot Options. This menu defines the boot mode which should be set to Legacy BIOS Mode, the UEFI Optimized Boot which should be disabled, and the Boot Order Policy which should be set to Retry Boot Order Indefinitely (this means it will keep trying to boot without ever going to disk). In this screen select Legacy BIOS Boot Order. If not in Legacy BIOS Mode, please follow procedure 2.2 Change over from UEFI Booting Mode to Legacy BIOS Booting Mode to set the Configuration Utility to Legacy BIOS Mode. Select Legacy BIOS Boot Order This page defines the legacy BIOS boot order. This includes the list of devices from which the server will listen for the DHCP OFFER (includes the reserved IPv4) after the PXE DHCP DISCOVER message is broadcast out from the server. In the default view, the 10Gb Embedded FlexibleLOM 1 Port 1 is at the bottom of the list. When the server begins the scan for the response, it scans down this list until it receives the response. Each NIC will take a finite amount of time before the server gives up on that NIC and attempts another in the list. Moving the 10Gb port up on this list should decrease the time that is required to finally process the DHCP OFFER. To move an entry, select that entry, hold down the first mouse button and move the entry up in the list below the entry it must reside under. Move the 10 Gb Embedded FlexibleLOM 1 Port 1 entry up above the 1Gb Embedded LOM 1 Port 1 entry. Select F10: Save to save and stay in the utility or select the F12: Save and Exit to save and exit, to complete the current boot process.
5.	Enabling Virtualization	This procedure provides the steps required to enable virtualization on a given Bare Metal Server. Virtualization can be configured using the default settings or via the Workload Profiles. Verifying Default Settings Expose the System Configuration Utility by following Step 1. Select System Configuration. Select BIOS/Platform Configuration (RBSU) Select Virtualization Options This screen displays the settings for the Intel(R) Virtualization Technology (IntelVT), Intel(R) VT-d, and SR-IOV options (Enabled or Disabled). The default values for each option is Enabled. Select F10: Save to save and stay in the utility or select the F12: Save and Exit to save and exit, to complete the current boot process.
6.	Disable RAID Configurations	Expose the System Configuration Utility by following Step 1. Select System Configuration. Select Embedded RAID 1 : HPE Smart Array P408i-a SR Gen 10. Select Array Configuration. Select Manage Arrays. Select Array A (or any designated Array Configuration if there are more than one). Select Delete Array. Select Submit Changes. Select F10: Save to save and stay in the utility or select the F12: Save and Exit to save and exit, to complete the current boot process.
7.	Enable the Primary Boot Device	This procedure provides the steps necessary to configure the primary bootable device for a given Gen10 Server. In this case the RMS would include two devices as Hard Drives (HDDs). Some configurations may also include two Solid State Drives (SSDs). The SSDs are not to be selected for this configuration. Only the primary bootable device is set in this procedure since RAID is being disabled. The secondary bootable device remains as Not Set. Expose the System Configuration Utility by following Step 1. Select System Configuration. Select Embedded RAID 1 : HPE Smart Array P408i-a SR Gen 10. Select Set Bootable Device(s) for Legacy Boot Mode. If the boot devices are not set then it will display Not Set for the primary and secondary devices. Select Select Bootable Physical Drive. Select Port 1| Box:3 Bay:1 Size:1.8 TB SAS HP EG00100JWJNR. Note: This example includes two HDDs and two SSDs. The actual configuration may be different. Select Set as Primary Bootable Device. Select Back to Main Menu. This will return to the HPE Smart Array P408i-a SR Gen10 menu. The secondary bootable device is left as Not Set. Select F10: Save to save and stay in the utility or select the F12: Save and Exit to save and exit, to complete the current boot process.
8.	Configure the iLO 5 Static IP Address	When configuring the Bootstrap host, the static IP address for the iLO 5 must be configured. Note: This procedure requires a reboot after completion. Expose the System Configuration Utility by following Step 1. Select System Configuration. Select iLO 5 Configuration Utility. Select Network Options. Enter the IP Address, Subnet Mask, and Gateway IP Address fields provided in Installation PreFlight Checklist. Select F12: Save and Exit to complete the current boot process. A reboot is required when setting the static IP for the iLO 5. A warning appears indicating that the user must wait 30 seconds for the iLO to reset and then a reboot is required. A prompt appears requesting a reboot. Select Reboot. Once the reboot is complete, the user can re-enter the System Utility and verify the settings if necessary.

Configure Top of Rack 93180YC-EX Switches

Introduction

This procedure provides the steps required to initialize and configure Cisco 93180YC-EX switches as per the topology defined in Physical Network Topology Design.

Note:

All instructions in this procedure are executed from the Bootstrap Host.

Prerequisites

1. Procedure OCCNE Installation of Oracle Linux 7.5 on Bootstrap Host has been completed.
2. The switches are in factory default state.
3. The switches are connected as per Installation PreFlight Checklist. Customer uplinks are not active before outside traffic is necessary.
4. DHCP, XINETD, and TFTP are already installed on the Bootstrap host but are not configured.
5. The Utility USB is available containing the necessary files as per: Installation PreFlight checklist: Create Utility USB.

Limitations/Expectations

All steps are executed from a Keyboard, Video, Mouse (KVM) connection.

References

• https://github.com/datacenter/nexus9000/blob/master/nx-os/poap/poap.py
• https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus5000/sw/configuration/guide/cli/CLIConfigurationGuide/Licensing.html

ProceduConfiguration Procedureres

Table 3-5 Procedure to configure Top of Rack 93180YC-EX Switches

Step #	Procedure	Description
1.	Login to the Bootstrap host as root.	Using the KVM, login to the Bootstrap host as root. Note: All instructions in this procedure are executed from the Bootstrap Host.
2.	Insert and mount the Utility USB	Insert and mount the Utility USB that contains the configuration and script files. Verify the files are listed in the USB using the ls /media/usb command. Note: Instructions for mounting the USB can be found in: Installation of Oracle Linux 7.5 on Bootstrap Server : Install Additional Packages. Only steps 2 and 3 need to be followed in that procedure.
3.	Create bridge interface	Create bridge interface to connect both management ports and setup the management bridge to support switch initialization. Note: <CNE_Management_IP_With_Prefix> is from Installation PreFlight Checklist : Complete Site Survey Host IP Table. Row 1 CNE Management IP Addresess (VLAN 4) column. <ToRSwitch_CNEManagementNet_VIP> is from Installation PreFlight Checklist : Complete OA and Switch IP Table. $ nmcli con add con-name mgmtBridge type bridge ifname mgmtBridge $ nmcli con add type bridge-slave ifname eno2 master mgmtBridge $ nmcli con add type bridge-slave ifname eno3 master mgmtBridge $ nmcli con mod mgmtBridge ipv4.method manual ipv4.addresses 192.168.2.11/24 $ nmcli con up mgmtBridge $ nmcli con add type team con-name team0 ifname team0 team.runner lacp $ nmcli con add type team-slave con-name team0-slave-1 ifname eno5 master team0 $ nmcli con add type team-slave con-name team0-slave-2 ifname eno6 master team0 $ nmcli con mod team0 ipv4.method manual ipv4.addresses 172.16.3.4/24 $ nmcli con add con-name team0.4 type vlan id 4 dev team0 $ nmcli con mod team0.4 ipv4.method manual ipv4.addresses <CNE_Management_IP_Address_With_Prefix> ipv4.gateway <ToRswitch_CNEManagementNet_VIP> $ nmcli con up team0.4
4.	Edit the /etc/xinetd.d/tftp file	Edit the /etc/xinetd.d/tftp file to enable TFTP service. Change the disable option to no, if it is set to yes. $ vi /etc/xinetd.d/tftp # default: off # description: The tftp server serves files using the trivial file transfer \ # protocol. The tftp protocol is often used to boot diskless \ # workstations, download configuration files to network-aware printers, \ # and to start the installation process for some operating systems. service tftp { socket_type = dgram protocol = udp wait = yes user = root server = /usr/sbin/in.tftpd server_args = -s /var/lib/tftpboot disable = no per_source = 11 cps = 100 2 flags = IPv4 }
5.	Enable tftp on the Bootstrap host.	$ systemctl start tftp $ systemctl enable tftp Verify tftp is active and enabled: $ systemctl status tftp $ ps -elf | grep tftp
6.	Copy the dhcpd.conf file	Copy the dhcpd.conf file from the Utility USB in Installation PreFlight checklist : Create the dhcpd.conf File to the /etc/dhcp/ directory. $ cp /media/usb/dhcpd.conf /etc/dhcp/
7.	Restart and enable dhcpd service.	# /bin/systemctl restart dhcpd.service # /bin/systemctl enable dhcpd.service Use the systemctl status dhcpd command to verify active and enabled. # systemctl status dhcpd
8.	Copy the switch configuration and script files	Copy the switch configuration and script files from the Utility USB to directory /var/lib/tftpboot/. $ cp /media/usb/93180_switchA.cfg /var/lib/tftpboot/. $ cp /media/usb/93180_switchB.cfg /var/lib/tftpboot/. $ cp /media/usb/poap_nexus_script.py /var/lib/tftpboot/.
9.	Modify POAP script File.	Modify POAP script File. Change Username and password credentials used to login to the Bootstrap host. # vi /var/lib/tftpboot/poap_nexus_script.py # Host name and user credentials options = { "username": "<username>", "password": "<password>", "hostname": "192.168.2.11", "transfer_protocol": "scp", "mode": "serial_number", "target_system_image": "nxos.9.2.3.bin", } Note: The version nxos.9.2.3.bin is used by default. If different version is to be used, modify the "target_system_image" with new version.
10.	Modify POAP script file	Modify POAP script file md5sum by executing the md5Poap.sh script from the Utility USB created from Installation PreFlight checklist : Create the md5Poap Bash Script. # cd /var/lib/tftpboot/ # /bin/bash md5Poap.sh
11.	Create the files necessary to configure the ToR switches using the serial number from the switch.	The serial number is located on a pullout card on the back of the switch in the left most power supply of the switch. Note: The serial number is located on a pullout card on the back of the switch in the left most power supply of the switch. Be careful in interpreting the exact letters. If the switches are preconfigured then you can even verify the serial numbers using 'show license host-id' command.
12.	Copy the /var/lib/tftpboot/93180_switchA.cfg into a file called /var/lib/tftpboot/conf.<switchA serial number>	Modify the switch specific values in the /var/lib/tftpboot/conf.<switchA serial number> file, including all the values in the curly braces as following code block. These values are contained at Installation PreFlight checklist : ToR and Enclosure Switches Variables Table (Switch Specific) and Installation PreFlight Checklist : Complete OA and Switch IP Table. Modify these values with the following sed commands, or use an editor such as vi etc. # sed -i 's/{switchname}/<switch_name>/' conf.<switchA serial number> # sed -i 's/{admin_password}/<admin_password>/' conf.<switchA serial number> # sed -i 's/{user_name}/<user_name>/' conf.<switchA serial number> # sed -i 's/{user_password}/<user_password>/' conf.<switchA serial number> # sed -i 's/{ospf_md5_key}/<ospf_md5_key>/' conf.<switchA serial number> # sed -i 's/{OSPF_AREA_ID}/<ospf_area_id>/' conf.<switchA serial number> # sed -i 's/{NTPSERVER1}/<NTP_server_1>/' conf.<switchA serial number> # sed -i 's/{NTPSERVER2}/<NTP_server_2>/' conf.<switchA serial number> # sed -i 's/{NTPSERVER3}/<NTP_server_3>/' conf.<switchA serial number> # sed -i 's/{NTPSERVER4}/<NTP_server_4>/' conf.<switchA serial number> # sed -i 's/{NTPSERVER5}/<NTP_server_5>/' conf.<switchA serial number> # Note: If less than 5 ntp servers available, delete the extra ntp server lines such as command: # sed -i 's/{NTPSERVER5}/d' conf.<switchA serial number> Note: different delimiter is used in next two commands due to '/' sign in the variables # sed -i 's#{ALLOW_5G_XSI_LIST_WITH_PREFIX_LEN}#<MetalLB_Signal_Subnet_With_Prefix>#g' conf.<switchA serial number> # sed -i 's#{CNE_Management_SwA_Address}#<ToRswitchA_CNEManagementNet_IP>#g' conf.<switchA serial number> # sed -i 's#{CNE_Management_SwB_Address}#<ToRswitchB_CNEManagementNet_IP>#g' conf.<switchA serial number> # sed -i 's#{CNE_Management_Prefix}#<CNEManagementNet_Prefix>#g' conf.<switchA serial number> # sed -i 's#{SQL_replication_SwA_Address}#<ToRswitchA_SQLreplicationNet_IP>#g' conf.<switchA serial number> # sed -i 's#{SQL_replication_SwB_Address}#<ToRswitchB_SQLreplicationNet_IP>#g' conf.<switchA serial number> # sed -i 's#{SQL_replication_Prefix}#<SQLreplicationNet_Prefix>#g' conf.<switchA serial number> # ipcalc -n <ToRswitchA_SQLreplicationNet_IP/<SQLreplicationNet_Prefix> | awk -F'=' '{print $2}' # sed -i 's/{SQL_replication_Subnet}/<output from ipcalc command as SQL_replication_Subnet>/' conf.<switchA serial number> # sed -i 's/{CNE_Management_VIP}/<ToRswitch_CNEManagementNet_VIP>/g' conf.<switchA serial number> # sed -i 's/{SQL_replication_VIP}/<ToRswitch_SQLreplicationNet_VIP>/g' conf.<switchA serial number> # sed -i 's/{OAM_UPLINK_CUSTOMER_ADDRESS}/<ToRswitchA_oam_uplink_customer_IP>/' conf.<switchA serial number> # sed -i 's/{OAM_UPLINK_SwA_ADDRESS}/<ToRswitchA_oam_uplink_IP>/g' conf.<switchA serial number> # sed -i 's/{SIGNAL_UPLINK_SwA_ADDRESS}/<ToRswitchA_signaling_uplink_IP>/g' conf.<switchA serial number> # sed -i 's/{OAM_UPLINK_SwB_ADDRESS}/<ToRswitchB_oam_uplink_IP>/g' conf.<switchA serial number> # sed -i 's/{SIGNAL_UPLINK_SwB_ADDRESS}/<ToRswitchB_signaling_uplink_IP>/g' conf.<switchA serial number> # ipcalc -n <ToRswitchA_signaling_uplink_IP>/30 | awk -F'=' '{print $2}' # sed -i 's/{SIGNAL_UPLINK_SUBNET}/<output from ipcalc command as signal_uplink_subnet>/' conf.<switchA serial number> # ipcalc -n <ToRswitchA_SQLreplicationNet_IP> | awk -F'=' '{print $2}' # sed -i 's/{MySQL_Replication_SUBNET}/<output from the above ipcalc command appended with prefix >/' conf.<switchA serial number> Note: The version nxos.9.2.3.bin is used by default and hard-coded in the conf files. If different version is to be used, run the following command: # sed -i 's/nxos.9.2.3.bin/<nxos_version>/' conf.<switchA serial number> Note: access-list Restrict_Access_ToR # The following line allow one access server to access the switch management and SQL vlan addresses while other accesses are denied. If no need, delete this line. If need more servers, add similar line. # sed -i 's/{Allow_Access_Server}/<Allow_Access_Server>/' conf.<switchA serial number>
13.	Copy the /var/lib/tftpboot/93180_switchB.cfg into a file called /var/lib/tftpboot/conf.<switchB serial number>	Modify the switch specific values in the /var/lib/tftpboot/conf.<switchA serial number> file, including: hostname, username/password, oam_uplink IP address, signaling_uplink IP address, access-list ALLOW_5G_XSI_LIST permit address, prefix-list ALLOW_5G_XSI. These values are contained at Installation PreFlight checklist : ToR and Enclosure Switches Variables Table and Installation PreFlight Checklist : Complete OA and Switch IP Table. # sed -i 's/{switchname}/<switch_name>/' conf.<switchB serial number> # sed -i 's/{admin_password}/<admin_password>/' conf.<switchB serial number> # sed -i 's/{user_name}/<user_name>/' conf.<switchB serial number> # sed -i 's/{user_password}/<user_password>/' conf.<switchB serial number> # sed -i 's/{ospf_md5_key}/<ospf_md5_key>/' conf.<switchB serial number> # sed -i 's/{OSPF_AREA_ID}/<ospf_area_id>/' conf.<switchB serial number> # sed -i 's/{NTPSERVER1}/<NTP_server_1>/' conf.<switchB serial number> # sed -i 's/{NTPSERVER2}/<NTP_server_2>/' conf.<switchB serial number> # sed -i 's/{NTPSERVER3}/<NTP_server_3>/' conf.<switchB serial number> # sed -i 's/{NTPSERVER4}/<NTP_server_4>/' conf.<switchB serial number> # sed -i 's/{NTPSERVER5}/<NTP_server_5>/' conf.<switchB serial number> # Note: If less than 5 ntp servers available, delete the extra ntp server lines such as command: # sed -i 's/{NTPSERVER5}/d' conf.<switchB serial number> Note: different delimiter is used in next two commands due to '/' sign in in the variables # sed -i 's#{ALLOW_5G_XSI_LIST_WITH_PREFIX_LEN}#<MetalLB_Signal_Subnet_With_Prefix>#g' conf.<switchB serial number> # sed -i 's#{CNE_Management_SwA_Address}#<ToRswitchA_CNEManagementNet_IP>#g' conf.<switchB serial number> # sed -i 's#{CNE_Management_SwB_Address}#<ToRswitchB_CNEManagementNet_IP>#g' conf.<switchB serial number> # sed -i 's#{CNE_Management_Prefix}#<CNEManagementNet_Prefix>#g' conf.<switchB serial number> # sed -i 's#{SQL_replication_SwA_Address}#<ToRswitchA_SQLreplicationNet_IP>#g' conf.<switchB serial number> # sed -i 's#{SQL_replication_SwB_Address}#<ToRswitchB_SQLreplicationNet_IP>#g' conf.<switchB serial number> # sed -i 's#{SQL_replication_Prefix}#<SQLreplicationNet_Prefix>#g' conf.<switchB serial number> # ipcalc -n <ToRswitchB_SQLreplicationNet_IP/<SQLreplicationNet_Prefix> | awk -F'=' '{print $2}' # sed -i 's/{SQL_replication_Subnet}/<output from ipcalc command as SQL_replication_Subnet>/' conf.<switchB serial number> # sed -i 's/{CNE_Management_VIP}/<ToRswitch_CNEManagementNet_VIP>/' conf.<switchB serial number> # sed -i 's/{SQL_replication_VIP}/<ToRswitch_SQLreplicationNet_VIP>/' conf.<switchB serial number> # sed -i 's/{OAM_UPLINK_CUSTOMER_ADDRESS}/<ToRswitchB_oam_uplink_customer_IP>/' conf.<switchB serial number> # sed -i 's/{OAM_UPLINK_SwA_ADDRESS}/<ToRswitchA_oam_uplink_IP>/g' conf.<switchB serial number> # sed -i 's/{SIGNAL_UPLINK_SwA_ADDRESS}/<ToRswitchA_signaling_uplink_IP>/g' conf.<switchB serial number> # sed -i 's/{OAM_UPLINK_SwB_ADDRESS}/<ToRswitchB_oam_uplink_IP>/g' conf.<switchB serial number> # sed -i 's/{SIGNAL_UPLINK_SwB_ADDRESS}/<ToRswitchB_signaling_uplink_IP>/g' conf.<switchB serial number> # ipcalc -n <ToRswitchB_signaling_uplink_IP>/30 | awk -F'=' '{print $2}' # sed -i 's/{SIGNAL_UPLINK_SUBNET}/<output from ipcalc command as signal_uplink_subnet>/' conf.<switchB serial number> Note: The version nxos.9.2.3.bin is used by default and hard-coded in the conf files. If different version is to be used, run the following command: # sed -i 's/nxos.9.2.3.bin/<nxos_version>/' conf.<switchB serial number> Note: access-list Restrict_Access_ToR # The following line allow one access server to access the switch management and SQL vlan addresses while other accesses are denied. If no need, delete this line. If need more servers, add similar line. # sed -i 's/{Allow_Access_Server}/<Allow_Access_Server>/' conf.<switchB serial number>
14.	Generate the md5 checksum	Generate the md5 checksum for each conf file in /var/lib/tftpboot and copy that into a new file called conf.<switchA/B serial number>.md5. $ md5sum conf.<switchA serial number> > conf.<switchA serial number>.md5 $ md5sum conf.<switchB serial number> > conf.<switchB serial number>.md5
15.	Verify the /var/lib/tftpboot directory has the correct files.	Make sure the file permissions are set as given below. Note: The ToR switches are constantly attempting to find and execute the poap_nexus_script.py script which uses tftp to load and install the configuration files. # ls -l /var/lib/tftpboot/ total 1305096 -rw-r--r--. 1 root root 7161 Mar 25 15:31 conf.<switchA serial number> -rw-r--r--. 1 root root 51 Mar 25 15:31 conf.<switchA serial number>.md5 -rw-r--r--. 1 root root 7161 Mar 25 15:31 conf.<switchB serial number> -rw-r--r--. 1 root root 51 Mar 25 15:31 conf.<switchB serial number>.md5 -rwxr-xr-x. 1 root root 75856 Mar 25 15:32 poap_nexus_script.py
16.	Disable firewalld.	$ systemctl stop firewalld $ systemctl disable firewalld To verify: $ systemctl status firewalld Once this is complete, the ToR Switches will attempt to boot from the tftpboot files automatically. Eventually the verification steps can be executed below. It may take about 5 minutes for this to complete.
17.	Un-mount the Utility USB	Un-mount the Utility USB and remove it: umount /media/usb

Verification

Table 3-6 Procedure to verify Top of Rack 93180YC-EX Switches

Step #	Procedure	Description
1.	After the ToR switches configured, ping the switches from bootstrap server. The switches mgmt0 interfaces are configured with the IP addresses which are in the conf files.	Note: Wait till the device responds. # ping 192.168.2.1 PING 192.168.2.1 (192.168.2.1) 56(84) bytes of data. 64 bytes from 192.168.2.1: icmp_seq=1 ttl=255 time=0.419 ms 64 bytes from 192.168.2.1: icmp_seq=2 ttl=255 time=0.496 ms 64 bytes from 192.168.2.1: icmp_seq=3 ttl=255 time=0.573 ms 64 bytes from 192.168.2.1: icmp_seq=4 ttl=255 time=0.535 ms ^C --- 192.168.2.1 ping statistics --- 4 packets transmitted, 4 received, 0% packet loss, time 3000ms rtt min/avg/max/mdev = 0.419/0.505/0.573/0.063 ms # ping 192.168.2.2 PING 192.168.2.2 (192.168.2.2) 56(84) bytes of data. 64 bytes from 192.168.2.2: icmp_seq=1 ttl=255 time=0.572 ms 64 bytes from 192.168.2.2: icmp_seq=2 ttl=255 time=0.582 ms 64 bytes from 192.168.2.2: icmp_seq=3 ttl=255 time=0.466 ms 64 bytes from 192.168.2.2: icmp_seq=4 ttl=255 time=0.554 ms ^C --- 192.168.2.2 ping statistics --- 4 packets transmitted, 4 received, 0% packet loss, time 3001ms rtt min/avg/max/mdev = 0.466/0.543/0.582/0.051 ms
2.	Attempt to ssh to the switches with the username/password provided in the conf files.	# ssh plat@192.168.2.1 The authenticity of host '192.168.2.1 (192.168.2.1)' can't be established. RSA key fingerprint is SHA256:jEPSMHRNg9vejiLcEvw5qprjgt+4ua9jucUBhktH520. RSA key fingerprint is MD5:02:66:3a:c6:81:65:20:2c:6e:cb:08:35:06:c6:72:ac. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '192.168.2.1' (RSA) to the list of known hosts. User Access Verification Password: Cisco Nexus Operating System (NX-OS) Software TAC support: http://www.cisco.com/tac Copyright (C) 2002-2019, Cisco and/or its affiliates. All rights reserved. The copyrights to certain works contained in this software are owned by other third parties and used and distributed under their own licenses, such as open source. This software is provided "as is," and unless otherwise stated, there is no warranty, express or implied, including but not limited to warranties of merchantability and fitness for a particular purpose. Certain components of this software are licensed under the GNU General Public License (GPL) version 2.0 or GNU General Public License (GPL) version 3.0 or the GNU Lesser General Public License (LGPL) Version 2.1 or Lesser General Public License (LGPL) Version 2.0. A copy of each such license is available at http://www.opensource.org/licenses/gpl-2.0.php and http://opensource.org/licenses/gpl-3.0.html and http://www.opensource.org/licenses/lgpl-2.1.php and http://www.gnu.org/licenses/old-licenses/library.txt. #
3.	Verify the running-config has all expected configurations in the conf file using the show running-config command.	# show running-config !Command: show running-config !Running configuration last done at: Mon Apr 8 17:39:38 2019 !Time: Mon Apr 8 18:30:17 2019 version 9.2(3) Bios:version 07.64 hostname 12006-93108A vdc 12006-93108A id 1 limit-resource vlan minimum 16 maximum 4094 limit-resource vrf minimum 2 maximum 4096 limit-resource port-channel minimum 0 maximum 511 limit-resource u4route-mem minimum 248 maximum 248 limit-resource u6route-mem minimum 96 maximum 96 limit-resource m4route-mem minimum 58 maximum 58 limit-resource m6route-mem minimum 8 maximum 8 feature scp-server feature sftp-server cfs eth distribute feature ospf feature bgp feature interface-vlan feature lacp feature vpc feature bfd feature vrrpv3 .... ....
4.	Verify license on the switches	In case some of the above features are missing, verify license on the switches and at least NXOS_ADVANTAGE level license is "In use". If license not installed or too low level, contact vendor for correct license key file, following Licensing document mentioned in reference section to install license key. Then run "write erase" and "reload" to set back to factory default. The switches will go to POAP configuration again. # show license Example output: # show license MDS20190215085542979.lic: SERVER this_host ANY VENDOR cisco INCREMENT NXOS_ADVANTAGE_XF cisco 1.0 permanent uncounted \ VENDOR_STRING=<LIC_SOURCE>MDS_SWIFT</LIC_SOURCE><SKU>NXOS-AD-XF</SKU> \ HOSTID=VDH=FDO22412J2F \ NOTICE="<LicFileID>20190215085542979</LicFileID><LicLineID>1</LicLineID> \ <PAK></PAK>" SIGN=8CC8807E6918 # show license usage Example output: # show license usage Feature Ins Lic Status Expiry Date Comments Count -------------------------------------------------------------------------------- ... NXOS_ADVANTAGE_M4 No - Unused - NXOS_ADVANTAGE_XF Yes - In use never - NXOS_ESSENTIALS_GF No - Unused - ... #
5.	Verify the RMS1 can ping the CNE_Management VIP	# ping <ToRSwitch_CNEManagementNet_VIP> PING <ToRSwitch_CNEManagementNet_VIP> (<ToRSwitch_CNEManagementNet_VIP>) 56(84) bytes of data. 64 bytes from <ToRSwitch_CNEManagementNet_VIP>: icmp_seq=2 ttl=255 time=1.15 ms 64 bytes from <ToRSwitch_CNEManagementNet_VIP>: icmp_seq=3 ttl=255 time=1.11 ms 64 bytes from <ToRSwitch_CNEManagementNet_VIP>: icmp_seq=4 ttl=255 time=1.23 ms ^C --- 10.75.207.129 ping statistics --- 4 packets transmitted, 3 received, 25% packet loss, time 3019ms rtt min/avg/max/mdev = 1.115/1.168/1.237/0.051 ms
6.	Enable customer uplink	Connect or enable customer uplink.
7.	Verify the RMS1 can be accessed from laptop. Use application such as putty etc to ssh to RMS1.	$ ssh root@<CNE_Management_IP_Address> Using username "root". root@<CNE_Management_IP_Address>'s password:<root password> Last login: Mon May 6 10:02:01 2019 from 10.75.9.171 [root@RMS1 ~]#

SNMP Trap Configuration

Table 3-7 Procedure to configure SNMP Trap

Step #	Procedure	Description
1.	SNMPv2c Configuration	When SNMPv2c configuration is needed, ssh to the two switches, run the following commands: These values <SNMP_Trap_Receiver_Address>and <SNMP_Community_String> are from unresolvable-reference.html#GUID-E58EE350-836A-45B0-AC6F-AB6560032E9A [root@RMS1 ~]# ssh <user_name>@<ToRswitchA_CNEManagementNet_IP> # configure terminal (config)# snmp-server host <SNMP_Trap_Receiver_Address> traps version 2c <SNMP_Community_String> (config)# snmp-server host <SNMP_Trap_Receiver_Address> use-vrf default (config)# snmp-server host <SNMP_Trap_Receiver_Address> source-interface Ethernet1/51 (config)# snmp-server enable traps (config)# snmp-server community <SNMP_Community_String> group network-admin
2.	Restrict direct access to ToR switches	In order to restrict direct access to ToR switches, IP access list is created and applied on the uplink interfaces, the following commands are needed on ToR switches: [root@RMS1 ~]# ssh <user_name>@<ToRswitchA_CNEManagementNet_IP> # configure terminal (config)# ip access-list Restrict_Access_ToR permit ip {Allow_Access_Server}/32 any permit ip {NTPSERVER1}/32 {OAM_UPLINK_SwA_ADDRESS}/32 permit ip {NTPSERVER2}/32 {OAM_UPLINK_SwA_ADDRESS}/32 permit ip {NTPSERVER3}/32 {OAM_UPLINK_SwA_ADDRESS}/32 permit ip {NTPSERVER4}/32 {OAM_UPLINK_SwA_ADDRESS}/32 permit ip {NTPSERVER5}/32 {OAM_UPLINK_SwA_ADDRESS}/32 deny ip any {CNE_Management_VIP}/32 deny ip any {CNE_Management_SwA_Address}/32 deny ip any {CNE_Management_SwB_Address}/32 deny ip any {SQL_replication_VIP}/32 deny ip any {SQL_replication_SwA_Address}/32 deny ip any {SQL_replication_SwB_Address}/32 deny ip any {OAM_UPLINK_SwA_ADDRESS}/32 deny ip any {OAM_UPLINK_SwB_ADDRESS}/32 deny ip any {SIGNAL_UPLINK_SwA_ADDRESS}/32 deny ip any {SIGNAL_UPLINK_SwB_ADDRESS}/32 permit ip any any interface Ethernet1/51 ip access-group Restrict_Access_ToR in interface Ethernet1/52 ip access-group Restrict_Access_ToR in
3.	Traffic egress	Traffic egress out of cluster, including snmptrap traffic to SNMP trap receiver, and traffic goes to signal server: [root@RMS1 ~]# ssh <user_name>@<ToRswitchA_CNEManagementNet_IP> # configure terminal (config)# feature nat ip access-list host-snmptrap 10 permit udp 172.16.3.0/24 <snmp trap receiver>/32 eq snmptrap log ip access-list host-sigserver 10 permit ip 172.16.3.0/24 <signal server>/32 ip nat pool sig-pool 10.75.207.211 10.75.207.222 prefix-length 27 ip nat inside source list host-sigserver pool sig-pool overload add-route ip nat inside source list host-snmptrap interface Ethernet1/51 overload interface Vlan3 ip nat inside interface Ethernet1/51 ip nat outside interface Ethernet1/52 ip nat outside Run the same commands on ToR switchB

Configure Addresses for RMS iLOs, OA, EBIPA

Introduction

This procedure is used to configure RMS iLO addresses and add a new user account for each RMS other than the Bootstrap Host. When the RMSs are shipped and out of box after hardware installation and powerup, the RMSs are in a factory default state with the iLO in DHCP mode waiting for DHCP service. DHCP is used to configure the ToR switches, OAs, Enclosure switches, and blade server iLOs, so DHCP can be used to configure RMS iLOs as well.

Prerequisites

Procedure OCCNE Configure Top of Rack 93180YC-EX Switches has been completed.

Limitations/Expectations

All steps are executed from the ssh session of the Bootstrap server.

References

HPE BladeSystem Onboard Administrator User Guide

Steps to configure Addresses for RMS iLOs, OA, EBIPA

Table 3-8 Procedure to configure Addresses for RMS iLOs, OA, EBIPA

Step #	Procedure	Description
1.	Setup team0.2 interface	$ nmcli con add con-name team0.2 type vlan id 2 dev team0 $ nmcli con mod team0.2 ipv4.method manual ipv4.addresses 192.168.20.11/24 $ nmcli con up team0.2
2.	Subnet and conf file address	The /etc/dhcp/dhcpd.conf file should already have been configured in procedure Configure Top of Rack 93180YC-EX Switches and dhcp started/enabled on the bootstrap server. The second subnet 192.168.20.0 is used to assign addresses for OA and RMS iLOs. The "next-server 192.168.20.11" option is same as the server team0.2 IP address.
3.	Display the dhcpd leases file at /var/lib/dhcpd/dhcpd.leases. The DHCPD lease file will display the DHCP addresses for all RMS iLOs, Enclosure OAs.	# cat /var/lib/dhcpd/dhcpd.leases # The format of this file is documented in the dhcpd.leases(5) manual page. # This lease file was written by isc-dhcp-4.2.5 lease 192.168.20.101 { starts 4 2019/03/28 22:05:26; ends 4 2019/03/28 22:07:26; tstp 4 2019/03/28 22:07:26; cltt 4 2019/03/28 22:05:26; binding state free; hardware ethernet 48:df:37:7a:41:60; } lease 192.168.20.103 { starts 4 2019/03/28 22:05:28; ends 4 2019/03/28 22:07:28; tstp 4 2019/03/28 22:07:28; cltt 4 2019/03/28 22:05:28; binding state free; hardware ethernet 48:df:37:7a:2f:70; } lease 192.168.20.102 { starts 4 2019/03/28 22:05:16; ends 4 2019/03/28 23:03:29; tstp 4 2019/03/28 23:03:29; cltt 4 2019/03/28 22:05:16; binding state free; hardware ethernet 48:df:37:7a:40:40; } lease 192.168.20.106 { starts 5 2019/03/29 11:14:04; ends 5 2019/03/29 14:14:04; tstp 5 2019/03/29 14:14:04; cltt 5 2019/03/29 11:14:04; binding state free; hardware ethernet b8:83:03:47:5f:14; uid "\000\270\203\003G_\024\000\000\000"; } lease 192.168.20.105 { starts 5 2019/03/29 12:56:23; ends 5 2019/03/29 15:56:23; tstp 5 2019/03/29 15:56:23; cltt 5 2019/03/29 12:56:23; binding state free; hardware ethernet b8:83:03:47:5e:54; uid "\000\270\203\003G^T\000\000\000"; } lease 192.168.20.104 { starts 5 2019/03/29 13:08:21; ends 5 2019/03/29 16:08:21; tstp 5 2019/03/29 16:08:21; cltt 5 2019/03/29 13:08:21; binding state free; hardware ethernet b8:83:03:47:64:9c; uid "\000\270\203\003Gd\234\000\000\000"; } lease 192.168.20.108 { starts 5 2019/03/29 09:57:02; ends 5 2019/03/29 21:57:02; tstp 5 2019/03/29 21:57:02; cltt 5 2019/03/29 09:57:02; binding state active; next binding state free; rewind binding state free; hardware ethernet fc:15:b4:1a:ea:05; uid "\001\374\025\264\032\352\005"; client-hostname "OA-FC15B41AEA05"; } lease 192.168.20.107 { starts 5 2019/03/29 12:02:50; ends 6 2019/03/30 00:02:50; tstp 6 2019/03/30 00:02:50; cltt 5 2019/03/29 12:02:50; binding state active; next binding state free; rewind binding state free; hardware ethernet 9c:b6:54:80:d7:d7; uid "\001\234\266T\200\327\327"; client-hostname "SA-9CB65480D7D7"; } server-duid "\000\001\000\001$#\364\344\270\203\003Gim"; lease 192.168.20.107 { starts 5 2019/03/29 18:09:47; ends 6 2019/03/30 06:09:47; cltt 5 2019/03/29 18:09:47; binding state active; next binding state free; rewind binding state free; hardware ethernet 9c:b6:54:80:d7:d7; uid "\001\234\266T\200\327\327"; client-hostname "SA-9CB65480D7D7"; } lease 192.168.20.108 { starts 5 2019/03/29 18:09:54; ends 6 2019/03/30 06:09:54; cltt 5 2019/03/29 18:09:54; binding state active; next binding state free; rewind binding state free; hardware ethernet fc:15:b4:1a:ea:05; uid "\001\374\025\264\032\352\005"; client-hostname "OA-FC15B41AEA05"; } lease 192.168.20.106 { starts 5 2019/03/29 18:10:04; ends 5 2019/03/29 21:10:04; cltt 5 2019/03/29 18:10:04; binding state active; next binding state free; rewind binding state free; hardware ethernet b8:83:03:47:5f:14; uid "\000\270\203\003G_\024\000\000\000"; client-hostname "ILO2M2909004B"; } lease 192.168.20.104 { starts 5 2019/03/29 18:10:35; ends 5 2019/03/29 21:10:35; cltt 5 2019/03/29 18:10:35; binding state active; next binding state free; rewind binding state free; hardware ethernet b8:83:03:47:64:9c; uid "\000\270\203\003Gd\234\000\000\000"; client-hostname "ILO2M2909004F"; } lease 192.168.20.105 { starts 5 2019/03/29 18:10:40; ends 5 2019/03/29 21:10:40; cltt 5 2019/03/29 18:10:40; binding state active; next binding state free; rewind binding state free; hardware ethernet b8:83:03:47:5e:54; uid "\000\270\203\003G^T\000\000\000"; client-hostname "ILO2M29090048";
4.	Access RMS iLO from the DHCP address with default Administrator password. From the above dhcpd.leases file, find the IP address for the iLO name, the default username is Administrator, the password is on the label which can be pulled out from front of server.	Note: The DNS Name on the pull-out label. The DNS Name on the pull-out label should be used to match the physical machine with the iLO IP since the same default DNS Name from the pull-out label is displayed upon logging in to the iLO command line interface, as shown in the example below. # ssh Administrator@192.168.20.104 Administrator@192.168.20.104's password: User:Administrator logged-in to ILO2M2909004F.labs.nc.tekelec.com(192.168.20.104 / FE80::BA83:3FF:FE47:649C) iLO Standard 1.37 at Oct 25 2018 Server Name: Server Power: On
5.	Create RMS iLO new user. Create new user with customized username and password.	</>hpiLO-> create /map1/accounts1 username=root password=TklcRoot group=admin,config,oemHP_rc,oemHP_power,oemHP_vm status=0 status_tag=COMMAND COMPLETED Tue Apr 2 20:08:30 2019 User added successfully.
6.	Disable the DHCP before able to setup static IP. Setup static failed before DHCP is disabled.	</>hpiLO-> set /map1/dhcpendpt1 EnabledState=NO status=0 status_tag=COMMAND COMPLETED Tue Apr 2 20:04:53 2019 Network settings change applied. Settings change applied, iLO 5 will now be reset. Logged Out: It may take several minutes before you can log back in. CLI session stopped packet_write_wait: Connection to 192.168.20.104 port 22: Broken pipe
7.	Setup RMS iLO static IP address. After a while after previous step, can login back with the same address(which is static IP now) and new username/password. If don't want to use the same address, go to next step to change the IP address.	# ssh <new username>@192.168.20.104 <new username>@192.168.20.104's password: <new password> User: logged-in to ILO2M2909004F.labs.nc.tekelec.com(192.168.20.104 / FE80::BA83:3FF:FE47:649C) iLO Standard 1.37 at Oct 25 2018 Server Name: Server Power: On </>hpiLO-> set /map1/enetport1/lanendpt1/ipendpt1 IPv4Address=192.168.20.122 SubnetMask=255.255.255.0 status=0 status_tag=COMMAND COMPLETED Tue Apr 2 20:22:23 2019 Network settings change applied. Settings change applied, iLO 5 will now be reset. Logged Out: It may take several minutes before you can log back in. CLI session stopped packet_write_wait: Connection to 192.168.20.104 port 22: Broken pipe #
8.	Set EBIPA addresses for InterConnect Bays (Enclosure Switches).	From bootstrap server, login to OA, set EBIPA addressed for the two enclosure switches. The addresses have to be in the subnet with server team0.2 address in order for TFTP to work. Set address for each enclosure switch, note the last number 1 or 2 is the interconnect bay number. OA-FC15B41AEA05> set ebipa interconnect 192.168.20.133 255.255.255.0 1 Entering anything other than 'YES' will result in the command not executing. It may take each interconnect several minutes to acquire the new settings. Are you sure you want to change the IP address for the specified interconnect bays? yes Successfully set 255.255.255.0 as the netmask for interconnect bays. Successfully set interconnect bay # 1 to IP address 192.168.20.133 For the IP addresses to be assigned EBIPA must be enabled. OA-FC15B41AEA05> set ebipa interconnect 192.168.20.134 255.255.255.0 2 Entering anything other than 'YES' will result in the command not executing. It may take each interconnect several minutes to acquire the new settings. Are you sure you want to change the IP address for the specified interconnect bays? yes Successfully set 255.255.255.0 as the netmask for interconnect bays. Successfully set interconnect bay # 2 to IP address 192.168.20.134 For the IP addresses to be assigned EBIPA must be enabled.
9.	Set EBIPA addresses for Blade Servers. Set EBIPA addressed for all the blade servers. The addresses are in the same subnet with first server team0.2 address and enclosure switches.	OA-FC15B41AEA05> set ebipa server 192.168.20.141 255.255.255.0 1-16 Entering anything other than 'YES' will result in the command not executing. Changing the IP address for device (iLO) bays that are enabled causes the iLOs in those bays to be reset. Are you sure you want to change the IP address for the specified device (iLO) bays? YES Successfully set 255.255.255.0 as the netmask for device (iLO) bays. Successfully set device (iLO) bay # 1 to IP address 192.168.20.141 Successfully set device (iLO) bay # 2 to IP address 192.168.20.142 Successfully set device (iLO) bay # 3 to IP address 192.168.20.143 Successfully set device (iLO) bay # 4 to IP address 192.168.20.144 Successfully set device (iLO) bay # 5 to IP address 192.168.20.145 Successfully set device (iLO) bay # 6 to IP address 192.168.20.146 Successfully set device (iLO) bay # 7 to IP address 192.168.20.147 Successfully set device (iLO) bay # 8 to IP address 192.168.20.148 Successfully set device (iLO) bay # 9 to IP address 192.168.20.149 Successfully set device (iLO) bay #10 to IP address 192.168.20.150 Successfully set device (iLO) bay #11 to IP address 192.168.20.151 Successfully set device (iLO) bay #12 to IP address 192.168.20.152 Successfully set device (iLO) bay #13 to IP address 192.168.20.153 Successfully set device (iLO) bay #14 to IP address 192.168.20.154 Successfully set device (iLO) bay #15 to IP address 192.168.20.155 Successfully set device (iLO) bay #16 to IP address 192.168.20.156 For the IP addresses to be assigned EBIPA must be enabled. OA-FC15B41AEA05>
10.	Add New User for OA.	Create new user, set access level as ADMINISTRATOR, and assign access to all blades, all enclosure switches and OAs. After that, the username and password can be used to access OAs. OA-FC15B41AEA05> ADD USER <username> New Password: ******** Confirm : ******** User "<username>" created. You may set user privileges with the 'SET USER ACCESS' and 'ASSIGN' commands. OA-FC15B41AEA05> set user access <username> ADMINISTRATOR "<username>" has been given administrator level privileges. OA-FC15B41AEA05> ASSIGN SERVER ALL <username> <username> has been granted access to the valid requested bay(s) OA-FC15B41AEA05> ASSIGN INTERCONNECT ALL <username> <username> has been granted access to the valid requested bay(s) OA-FC15B41AEA05> ASSIGN OA <username> <username> has been granted access to the OA.
11.	From OA, go to each blade with "connect server <bay number>", add New User for each blade.	OA-FC15B41AEA05> connect server 4 Connecting to bay 4 ... User:OAtmp-root-5CBF2E61 logged-in to ILO2M290605KP.(192.168.20.144 / FE80::AF1:EAFF:FE89:460) iLO Standard Blade Edition 1.37 at Oct 25 2018 Server Name: Server Power: On </>hpiLO-> </>hpiLO-> create /map1/accounts1 username=root password=TklcRoot group=admin,config,oemHPE_rc,oemHPE_power,oemHPE_vm status=2 status_tag=COMMAND PROCESSING FAILED error_tag=COMMAND SYNTAX ERROR Tue Apr 23 16:18:58 2019 User added successfully.
12.	Change to static IP on OA. In order not reply on DHCP and make the OA address stable, change to static IP.	Note: After the following change, on the active OA (could be the bay1 OA or bay2 OA) , the OA session will be stuck due to the address change, make another server session ready to ssh with the new IP address and new root user. The change on the standby OA will not stuck the OA session. OA-FC15B41AEA05> SET IPCONFIG STATIC 1 192.168.20.131 255.255.255.0 Static IP settings successfully updated. These setting changes will take effect immediately. OA-FC15B41AEA05> SET IPCONFIG STATIC 2 192.168.20.132 255.255.255.0 Static IP settings successfully updated. These setting changes will take effect immediately. OA-FC15B41AEA05>

Configure Legacy BIOS on Remaining Hosts

These procedures define the steps necessary to configure additional Legacy BIOS for all hosts in OCCNE 1.2. This includes steps that cannot be performed from the HP iLO 5 CLI prompt such as RAID configuration, changing the boot mode, and setting the primary and secondary boot devices.

Note:

The procedures in this document apply to the HP iLO console accessed via KVM. Each procedure is executed in the order listed.

Prerequisites

Procedure OCCNE Configure Addresses for RMS iLOs, OA, EBIPA is complete.

Limitations and Expectations

1. Applies to HP iLO 5 only.
2. Should the System Utility indicate (or defaults to) UEFI booting, then the user must go through the steps to reset booting back to the Legacy BIOS mode by following step: Change over from UEFI Booting Mode to Legacy BIOS Booting Mode in Table 3-9.
3. The procedures listed here apply to both Gen10 DL380 RMSs and Gen10 BL460c Blades in a C7000 enclosure.
4. Access to the enclosure blades in these procedures is via the Bootstrap host using SSH on the KVM. This is possible because the prerequisites are complete. If the prerequisites are not completed before executing this procedure, the enclosure blades are only accessible via the KVM connected directly to the active OA. In this case the mouse is not usable and screen manipulations are performed using the keyboard ESC and directional keys.
5. This procedure does NOT apply to the Bootstrap Host.

References

1. HPE iLO 5 User Guide 1.15
2. UEFI System Utilities User Guide for HPE ProLiant Gen10 Servers and HPE Synergy
3. UEFI Workload-based Performance and Tuning Guide for HPE ProLiant Gen10 Servers and HPE Synergy
4. HPE BladeSystem Onboard Administrator User Guide
5. OCCNE Inventory File Preparation

Steps to configure the Legacy BIOS on Remaining Hosts

Table 3-9 Procedure to configure the Legacy BIOS on Remaining Hosts

Step #	Procedure	Description
1.	Expose the System Configuration Utility on a RMS Host	Expose the System Utility screen to the user for a RMS host on the KVM. This procedure does not provide instructions on how to connect the KVM as this may be different on each installation. Once the remote console has been exposed, the system must be reset by manually pressing the power button on the front of the RMS host to force it through the restart process. When the initial window is displayed, hit the F9 key repeatedly. Once the F9 is highlighted at the lower left corner of the remote console, it should eventually bring up the main System Utility. The System Utilities screen is exposed in the remote console.
2.	Expose the System Utility for an Enclosure Blade	The blades are maintained via the OAs in the enclosure. Because each blade iLO has already been assigned an IP address from the prerequisites, the blades can each be reached using SSH from the Bootstrap host login shell on the KVM. SSH to the blade using the iLO IP address and the root user and password. This brings up the HP iLO prompt. $ ssh root@<blade_ilo_ip_address> Using username "root". Last login: Fri Apr 19 12:24:56 2019 from 10.39.204.17 [root@localhost ~]# ssh root@192.168.20.141 root@192.168.20.141's password: User:root logged-in to ILO2M290605KM.(192.168.20.141 / FE80::AF1:EAFF:FE89:35E) iLO Standard Blade Edition 1.37 at Oct 25 2018 Server Name: Server Power: On </>hpiLO-> Use VSP to connect to the blade remote console. </>hpiLO->vsp Power cycle the blade to bring up the System Utility for that blade. Note: The System Utility is a text based version of that exposed on the RMS via the KVM. The user must use the directional (arrow) keys to manipulate between selections, ENTER key to select, and ESC to go back from the current selection. Access the System Utility by hitting ESC 9. Enabling Virtualization This procedure provides the steps required to enable virtualization on a given Bare Metal Server. Virtualization can be configured using the default settings or via the default Workload Profiles. Verifying Default Settings Expose the System Utility by following step 1 or 2 depending on the hardware being configured. Select System Configuration Select BIOS/Platform Configuration (RBSU) Select Virtualization Options This view displays the settings for the Intel(R) Virtualization Technology (IntelVT), Intel(R) VT-d, and SR-IOV options (Enabled or Disabled). The default values for each option is Enabled. Select F10 if it is desired to save and stay in the utility or select the F12 if it is desired to save and exit to continue the current boot process.
3.	Change over from UEFI Booting Mode to Legacy BIOS Booting Mode	Expose the System Utility by following step 1 or 2 depending on the hardware being configured. Select System Configuration Select BIOS/Platform Configuration (RBSU) Select Boot Options. This menu defines the boot mode. If the Boot Mode is set to UEFI Mode then continue this procedure. Otherwise there is no need to make any of the changes below. Select Boot Mode This generates a warning indicating the following: Boot Mode changes require a system reboot in order to take effect. Changing the Boot Mode can impact the ability of the server to boot the installed operating system. An operating system is installed in the same mode as the platform during the installation. If the Boot Mode does not match the operating system installation, the system cannot boot. The following features require that the server be configured for UEFI Mode: Secure Boot, IPv6 PXE Boot, Boot > 2.2 TB Disks in AHCI SATA Mode, and Smart Array SW RAID. Hit the ENTER key and two selections appear: UEFI Mode(highlighted) and Legacy BIOS Mode Use the down arrow key to select Legacy BIOS Mode and hit the ENTER. The screen indicates: A reboot is required for the Boot Mode changes. Hit F12. This displays the following: Changes are pending. Do you want to save changes? Press 'Y" to save and exit, 'N' to discard and stay, or 'ESC' to cancel. Hit the y key and an additional warning appears indicating: System configuration changed. A system reboot is required. Press ENTER to reboot the system. Hit ENTER to force a reboot. Note: The boot must go into the process of actually trying to boot from the boot devices using the boot order (not just go back through initialization and access the System Utility again). The boot should fail and the System Utility can be accessed again to continue any further changes needed. After the reboot, hit the ESC 9key sequence to re-enter the System Utility. Selecting System Configuration->BIOS/Platform Configuration (RBSU)->Boot Options. Verify the Boot Mode is set to Legacy Boot Mode UEFI Optimized Boot is set to Disabled Select F10 if it is desired to save and stay in the utility or select the F12 if it is desired to save and exit to complete the current boot process.
4.	Force PXE to boot from the first Embedded FlexibleLOM HPE Ethernet 10Gb 2-port Adapter	Expose the System Utility by following step 1 or 2 depending on the hardware being configured. Select System Configuration. Select BIOS/Platform Configuration (RBSU) . Select Boot Options. This menu defines the boot mode. Confirm the following settings: Boot Mode Legacy BIOS Mode UEFI Optimized Boot , and Boot Order Policy Retry Boot Order Indefinitely(this means it keeps trying to boot without ever going to disk). If not in Legacy BIOS Mode, follow procedure 2.1 Change over from UEFI Booting Mode to Legacy BIOS Booting Mode. Select Legacy BIOS Boot Order In the default view, the 10Gb Embedded FlexibleLOM 1 Port 1 is at the bottom of the list. Move the 10 Gb Embedded FlexibleLOM 1 Port 1 entry up above the 1Gb Embedded LOM 1 Port 1 entry. To move an entry press the '+' key to move an entry higher in the boot list and the '-' key to move an entry lower in the boot list. Use the arrow keys to navigate through the Boot Order list. Select F10 if it is desired to save and stay in the utility or select the F12 it is desired to save and exit to continue the current boot process.
5.	Enabling Virtualization	This procedure provides the steps required to enable virtualization on a given Bare Metal Server. Virtualization can be configured using the default settings or via the Workload Profiles. Verifying Default Settings Expose the System Utility by following step 1 or 2 depending on the hardware being configured. Select System Configuration Select BIOS/Platform Configuration (RBSU) Select Virtualization Options This view displays the settings for the Intel(R) Virtualization Technology (IntelVT), Intel(R) VT-d, and SR-IOV options (Enabled or Disabled). The default values for each option is Enabled. Select F10 if it is desired to save and stay in the utility or select the F12 if it is desired to save and exit to continue the current boot process.
6.	Disable RAID Configurations	OCCNE does not currently support any RAID configuration. Follow this procedure to disable RAID settings if the default settings of the System Utility include any RAID configuration(s). Note: There may be more than one RAID Array set up. This procedure should be repeated for any RAID configuration. Expose the System Utility by following step 1 or 2 depending on the hardware being configured. Select System Configuration. Select Embedded RAID 1 : HPE Smart Array P408i-a SR Gen 10. Select Array Configuration. Select Manage Arrays. Select Array A (or any designated Array Configuration if there are more than one). Select Delete Array. A warning is displayed indicating the following: Deletes an Array. All the data on the logical drives that are part of deleted array will be lost. Also if the deleted array is the only one on the controller, the controller settings will be erased and its default configuration is restored. Hit ENTER, the changes are submitted and Delete Array Successful is displayed. Hit ENTER to go back to the main menu for the HPE Smart Array. Select F10 if it is desired to save and stay in the utility or select the F12 it is desired to save and exit to continue the current boot process.
7.	Enable the Primary and Secondary Boot Devices	This steps provide necessary to configure the primary and secondary bootable devices for a Gen10 Server. Note: There can be multiple configurations of hardware drives on the server that include both Hard Drives (HDD) and Solid State Hard Drives (SSD). SSDs are indicated by SATA-SSD ATA in the drive description. The commands below include two HDDs and two SSDs. The SSDs are not to be selected for this configuration. The actual selections may be different based on the hardware being updated. Expose the System Utility by following step 1 or 2 depending on the hardware being configured. Select System Configuration. Select Embedded RAID 1 : HPE Smart Array P408i-a SR Gen 10. Select Set Bootable Device(s) for Legacy Boot Mode. If the boot devices are not set then Not Set is displayed for the primary and secondary devices. Examine the list of available hardware drives. If one or more HDDs are available, continue with this procedure. Note: A single drive can be set as both the primary and secondary boot device but that is not part of this configuration. Select Bootable Physical Drive Select Port 1| Box:3 Bay:1 Size:1.8 TB SAS HP EG00100JWJNR. Note: This example includes two HDDs and two SSDs. The actual configuration may be different. Select Set as Primary Bootable Device. Hit ENTER. Note: There is no need to set the secondary boot device. Leave it as Not Set. Hit the ESC key to back out to the System Utilitiesmenu. Select F10 if it Is desired to save and stay in the utility or select the F12 if it Is desired to save and exit to continue the current boot process.

Configure Enclosure Switches

Introduction

This procedure is used to configure the 6127XLG enclosure switches.

Prerequisites

• Procedure Configure Top of Rack 93180YC-EX Switches has been completed.
• Procedure Configure Addresses for RMS iLOs, OA, EBIPA has been completed.
• The Utility USB is available containing the necessary files as per: Installation PreFlight checklist: Create Utility USB.

Limitations/Expectations

All steps are executed from a Keyboard, Video, Mouse (KVM) connection.

References

1. https://support.hpe.com/hpsc/doc/public/display?docId=c04763537

Procedure

Table 3-10 Procedure to configure enclosure switches

Step #	Procedure	Description
1.	Copy the 6127XLG configuration file	Copy the 6127XLG configuration file from the Utility USB (See Installation PreFlight checklist : Create the OA 6127XLG Switch Configuration File) to the /var/lib/tftpboot directory on the Installer Bootstrap Host and verify it exists and the permissions. $ cp /media/usb/6127xlg_irf.cfg /var/lib/tftpboot/6127xlg_irf.cfg $ ls -l /var/lib/tftpboot/ total 1305096 -rw-r--r--. 1 root root 311 Mar 25 08:41 6127xlg_irf.cfg
2.	Modify the switch specific values in the /var/lib/tftpboot/6127xlg_irf.cfg file.	These values are contained at Installation PreFlight checklist : Create the OA 6127XLG Switch Configuration File from column Enclosure_Switch. $ cd /var/lib/tftpboot $ sed -i 's/{switchname}/<switch_name>/' 6127xlg_irf.cfg $ sed -i 's/{admin_password}/<admin_password>/' 6127xlg_irf.cfg $ sed -i 's/{user_name}/<user_name>/' 6127xlg_irf.cfg $ sed -i 's/{user_password}/<user_password>/' 6127xlg_irf.cfg
3.	Access the InterConnect Bay1 6127XLG	Access the InterConnect Bay1 6127XLG switch to configure the IRF (Intelligent Resilient Framework). Note: On a new switch the user is presented with the following when connecting to the console and must type CTRL_C or CTRL_D to break out of the loop. Note: When trying to save the config, the following prompt is received: [HPE] [HPE] save The current configuration will be written to the device. Are you sure? [Y/N]: Before pressing ENTER you must choose 'YES' or 'NO'[Y/N]:y Please input the file name(*.cfg)[flash:/startup.cfg] (To leave the existing filename unchanged, press the enter key): User can leave this default startup.cfg unchanged, or change to another name. The cfg file will be used for next reboot. $ ssh <oa username>@<oa address> If it shows standby, ssh to the other OA address. OA-FC15B41AEA05> connect interconnect 1 .... <HPE>system-view System View: return to User View with Ctrl+Z. (Note: Run the following commands:) irf member 1 priority 32 interface range Ten-GigabitEthernet 1/0/17 to Ten-GigabitEthernet 1/0/20 shutdown quit irf-port 1/1 port group interface Ten-GigabitEthernet1/0/17 port group interface Ten-GigabitEthernet1/0/18 port group interface Ten-GigabitEthernet1/0/19 port group interface Ten-GigabitEthernet1/0/20 quit interface range Ten-GigabitEthernet 1/0/17 to Ten-GigabitEthernet 1/0/20 undo shutdown quit save irf-port-configuration active
4.	Access the InterConnect Bay2 6127XLG	Access the InterConnect Bay2 6127XLG switch to re-number to IRF 2. OA-FC15B41AEA05> connect interconnect 2 .... <HPE>system-view System View: return to User View with Ctrl+Z. [HPE] irf member 1 renumber 2 Renumbering the member ID may result in configuration change or loss. Continue?[Y/N]Y [HPE]save The current configuration will be written to the device. Are you sure? [Y/N]:Y Please input the file name(*.cfg)[flash:/startup.cfg] (To leave the existing filename unchanged, press the enter key): Validating file. Please wait... Saved the current configuration to mainboard device successfully. [HPE]quit <HPE>reboot Start to check configuration with next startup configuration file, please wait.........DONE! This command will reboot the device. Continue? [Y/N]:Y Now rebooting, please wait... System is starting...
5.	Configure the IRF on Bay2 6127XLG switch	After rebooting, the interfaces will begin with number 2 such as Ten-GigabitEthernet2/0/17, Ten-GigabitEthernet2/1/5. Run the following commands: system-view interface range Ten-GigabitEthernet 2/0/17 to Ten-GigabitEthernet 2/0/20 shutdown quit irf-port 2/2 port group interface Ten-GigabitEthernet2/0/17 port group interface Ten-GigabitEthernet2/0/18 port group interface Ten-GigabitEthernet2/0/19 port group interface Ten-GigabitEthernet2/0/20 quit interface range Ten-GigabitEthernet 2/0/17 to Ten-GigabitEthernet 2/0/20 undo shutdown quit save irf-port-configuration active
6.	Run "reboot" command on both switches	<HPE>reboot Start to check configuration with next startup configuration file, please wait.........DONE! This command will reboot the device. Continue? [Y/N]:Y Now rebooting, please wait... System is starting...
7.	Verify the IRF for the 6127XLG switches.	When reboot is finished, verify IRF is working with both member and ports from previous two switches, which form IRF to act as one switch now. <HPE>system-view System View: return to User View with Ctrl+Z. [HPE]display irf configuration MemberID NewID IRF-Port1 IRF-Port2 1 1 Ten-GigabitEthernet1/0/17 disable Ten-GigabitEthernet1/0/18 Ten-GigabitEthernet1/0/19 Ten-GigabitEthernet1/0/20 2 2 disable Ten-GigabitEthernet2/0/17 Ten-GigabitEthernet2/0/18 Ten-GigabitEthernet2/0/19 Ten-GigabitEthernet2/0/20 [HPE]
8.	Configure the IRF switch with predefined configuration file.	<HPE>tftp 192.168.20.11 get 6127xlg_irf.cfg startup.cfg startup.cfg already exists. Overwrite it? [Y/N]:Y Press CTRL+C to abort. % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 9116 100 9116 0 0 167k 0 --:--:-- --:--:-- --:--:-- 178k <HPE>system-view System View: return to User View with Ctrl+Z. [HPE]configuration replace file flash:/startup.cfg Current configuration will be lost, save current configuration? [Y/N]:N Now replacing the current configuration. Please wait ... Succeeded in replacing current configuration with the file flash:/startup.cfg. [<switch_name>]save flash:/startup.cfg The current configuration will be saved to flash:/startup.cfg. Continue? [Y/N]:Y flash:/startup.cfg exists, overwrite? [Y/N]:Y Now saving current configuration to the device. Saving configuration flash:/startup.cfg.Please wait... Configuration is saved to device successfully. [<switch_name>]

Bastion Host Installation

This section outlines the use of the Installer Bootstrap Host to provision db-2/RMS2 with an operating system and configure it to fulfill the role of Database Host. After the Bastion Host is created, it is used to complete the installation of OCCNE.

Provision Second Database Host (RMS2) from Installer Bootstrap Host (RMS1)

Table 3-11 Terminology used in Procedure

Name	Description
bastion_full_name	This is the full name of the Bastion Host as defined in the hosts.ini file. Example: bastion-2.rainbow.us.labs.oracle.com
bastion_kvm_host_full_name	This is the full name of the KVM server (usually RMS2/db-2) that hosts the Bastion Host VM. Example: db-2.rainbow.us.labs.oracle.com
bastion_kvm_host_ip_address	This is the IPv4 ansible_host IP address of the server (usually RMS2/db-2) that hosts the Bastion Host VM. Example: 172.16.3.5
bastion_short_name	This is the name of the Bastion Host derived from the bastion_full_name up to the first ".". Example: bastion-2
bastion_external_ip_address	This is the external address for the Bastion Host Example : 10.75.148.5 for bastion-2
bastion_ip_address	This is the internal IPv4 "ansible_host" address of the Bastion Host as defined within the hosts.ini file. Example: 172.16.3.100 for bastion-2
cluster_full_name	This is the name of the cluster as defined in the hosts.ini file field: occne_cluster_name. Example: rainbow.us.labs.oracle.com
cluster_short_name	This is the short name of the cluster derived from the cluster_full_name up to the the first ".". Example: rainbow

Note:

The Bootstrap Host must be setup to use root/<customer_specific_root_password> as the credentials to access it. Setting that user/password is part of the instructions at: Installation of Oracle Linux 7.x on Bootstrap Host.

Table 3-12 Bastion Installation

Step #	Procedure	Description
1.	Copy the Necessary Files from the Utility USB to Support the OS Install	Login to the Bootstrap Host using the root credentials configured during OS installation of the Bootstrap Host. Create the directories needed on the Installer Bootstrap Host. $ mkdir -p /var/occne/cluster/<cluster_short_name>/yum.repos.d Mount the Utility USB. Note: Follow the instructions for mounting a USB in Linux are at: Installation of Oracle Linux 7.x on Bootstrap Host. Copy the hosts.ini file (created using procedure: OCCNE Inventory File Preparation) into the /var/occne/cluster/<cluster_short_name>/ directory. This hosts.ini file defines the Bastion KVM Host to the Provision Container running the provision image downloaded from the repo. $ cp /<path_to_usb>/hosts.ini /var/occne/cluster/<cluster_short_name>/hosts.ini Example: $ cp /media/usb/hosts.ini /var/occne/cluster/rainbow/hosts.ini Edit the /var/occne/cluster/<cluster_short_name>/hosts.ini file to include the ToR host_net (vlan3) VIP for NTP clock synchronization. Use the ToR VIP address (ToRswitch_Platform_VIP ) as defined in procedure: Installation PreFlight Checklist : Complete OA and Switch IP SwitchTable as the NTP source. Update the ntp_server field with the VIP address. Update the occne_repo_host_address to point to this Bootstrap Host internal address. This is being used for PXE booting and accessing the NFS share on the Installer Bootstrap Host (db-1/RMS1). Example (from hosts.sample.ini): ntp_server='172.16.3.1' occne_repo_host_address='172.16.3.4' Follow procedure Populate the MetalLB Configuration File to copy the MetalLB configuration file into the /var/occne/cluster/<cluster_short_name>/ directory and configure it. $ cp /<path_to_usb>/mb_configmap.yaml /var/occne/cluster/<cluster_short_name>/mb_configmap.yaml Example: $ cp /media/usb/mb_configmap.yaml /var/occne/cluster/rainbow/mb_configmap.yaml Copy the customer specific .repo file from the Utility USB to the Installer Bootstrap Host. This is the .repo file created by the customer that provides access to the onsite (within their network) yum repositories needed to complete the full deployment of OCCNE onto the Installer Bootstrap Host. It needs to be in two places, one for the local system, and one for the target systems. $ cp /<path_to_usb>/<customer_specific_repo>.repo /var/occne/cluster/<cluster_short_name>/yum.repos.d/. $ cp -r /var/occne/cluster/<cluster_short_name>/yum.repos.d /var/occne/. $ echo "reposdir=/var/occne/yum.repos.d" >> /etc/yum.conf Example: $ cp /media/usb/ol7-mirror.repo /var/occne/cluster/rainbow/yum.repos.d/ $ cp -r /var/occne/cluster/rainbow/yum.repos.d /var/occne/ $ echo "reposdir=/var/occne/yum.repos.d" >> /etc/yum.conf
2.	Set up the /etc/hosts file for the Central Repo and Verify Access	Add an entry to the /etc/hosts file on the Installer Bootstrap Host to provide a name mapping for the Customer Central Repository. $ vi /etc/hosts Example: 10.75.200.217 rainbow-reg To Verify: $ ping <central_repo_name> Example: # ping rainbow-reg PING reg-1 (10.75.200.217) 56(84) bytes of data. 64 bytes from reg-1 (10.75.200.217): icmp_seq=1 ttl=61 time=0.248 ms 64 bytes from reg-1 (10.75.200.217): icmp_seq=2 ttl=61 time=0.221 ms 64 bytes from reg-1 (10.75.200.217): icmp_seq=3 ttl=61 time=0.239 ms Verify the repo access execute the following command: $ yum repolist Example: $ yum repolist Loaded plugins: ulninfo repo id repo name status !UEKR5/x86_64 Unbreakable Enterprise Kernel Release 5 for Oracle Linux 7 (x86_64) 80 !addons/x86_64 Oracle Linux 7 Addons (x86_64) 91 !developer/x86_64 Packages for creating test and development environments for Oracle Linux 7 226 !developer_EPEL/x86_64 Packages for creating test and development environments for Oracle Linux 7 13,246 !ksplice/x86_64 Ksplice for Oracle Linux 7 (x86_64) 393 !latest/x86_64 Oracle Linux 7 Latest (x86_64) 5,401 repolist: 19,437
3.	Copy the OL7 ISO to the Installer Bootstrap Host	The iso file must be accessible from a Customer Site Specific repository. This file should be accessible because the ToR switch configurations were completed in procedure: Configure Top of Rack 93180YC-EX Switches Copy the OL7 ISO file to the /var/occne directory. The example below uses OracleLinux-7.5-x86_64-disc1.iso. If this file was copied to the Utility USB, it can be copied from there into the same directory on the Bootstrap Host. Note: If the user copies this ISO from their laptop then they must use an application like WinSCP pointing to the Management Interface IP. $ scp <usr>@<site_specific_address>:/<path_to_iso>/OracleLinux-7.5-x86_64-disc1.iso /var/occne/OracleLinux-7.5-x86_64-disc1.iso
4.	Install Packages onto the Installer Bootstrap Host	Use YUM to install necessary packages onto the installer Bootstrap Host. $ yum install docker-engine nfs_utils ansible
5.	Set up access to the Docker Registry on the Installer Bootstrap Host	Copy the docker registry certificate to two places on the Bootstrap Host. Note: How to obtain the docker registry certificate <source> is not necessarily covered in the procedure. The user can use the instructions at reference 1 to understand this more thoroughly. $ mkdir -p /var/occne/certificates $ cp <source>.crt /var/occne/certificates/<occne_private_registry>:<occne_private_registry_port>.crt $ mkdir -p /etc/docker/certs.d/<occne_private_registry>:<occne_private_registry_port> $ cp <source>.crt /etc/docker/certs.d/<occne_private_registry>:<occne_private_registry_port>/ca.crt Example: $ mkdir -p /var/occne/certificates $ cp <source>.crt /var/occne/certificates/rainbow_reg:5000.crt $ mkdir -p /etc/docker/certs.d/rainbow_reg:5000 $ cp <source>.crt /etc/docker/certs.d/rainbow_reg:5000/ca.crt Start the docker daemon. $ systemctl daemon-reload $ systemctl restart docker $ systemctl enable docker Verify docker is running: $ ps -elf | grep docker $ systemctl status docker
6.	Setup NFS on the Installer Bootstrap Host	Run the following commands using sudo (assumes nfs-utils has already been installed in procedure: Installation of Oracle Linux 7.x on Bootstrap Host : Install Additional Packages). Note: The IP address used in the echo command is the Platform VLAN IP Address (VLAN 3)of the Bootstrap Host (RMS 1) as given in: Installation PreFlight Checklist : Site Survey Host Table. $ echo '/var/occne 172.16.3.4/24(ro,no_root_squash)' >> /etc/exports $ systemctl start nfs-server $ systemctl enable nfs-server Verify nfs is running: $ ps -elf | grep nfs $ systemctl status nfs-server
7.	Set up the Boot Loader on the Installer Bootstrap Host	Execute the following commands: $ mkdir -p /var/occne/pxelinux $ mount -t iso9660 -o loop /var/occne/OracleLinux-7.5-x86_64-disc1.iso /mnt $ cp /mnt/isolinux/initrd.img /var/occne/pxelinux $ cp /mnt/isolinux/vmlinuz /var/occne/pxelinux
8.	Verify and Set the PXE Configuration File Permissions on the Installer Bootstrap Host	Each file configured in the step above must be open for read and write permissions. $ chmod -R 777 /var/occne/pxelinux
9.	Disable DHCP and TFTP on the Installer Bootstrap Host	The TFTP and DHCP services running on the Installer Bootstrap Host may still be running. These services must be disabled. $ systemctl stop dhcpd $ systemctl disable dhcpd $ systemctl stop tftp $ systemctl disable tftp
10.	Disable SELINUX	Set SELINUX to permissive mode. In order to successfully set the SELINUX mode, a reboot of the system is required. The getenforce command is used to determine the status of SELINUX. $ getenforce active If the output of this command displays "active", change it to "permissive" by editing the /etc/selinux/config file. $ vi /etc/selinux/config Change the SELINUX variable to passive: SELINUX=permissive save the file Reboot the system: reboot
11.	Generate the SSH private and public keys on Bootstrap Host.	This command generates a private and public key for the cluster. These keys are passed to the Bastion Host and used to communicate to other nodes from that Bastion Host. The public key is passed to each node on OS install. Do not supply a passphrase when it asks for one. Just hit enter. Note: The private key (occne_id_rsa) must be copied to a server that going to access the Bastion Host because the Bootstrap Host is repaved. This key is used later in the procedure to access the Bastion Host after it has been created. Execute the following commands on the Bootstrap Host: $ mkdir -m 0700 /var/occne/cluster/<cluster_short_name>/.ssh $ ssh-keygen -b 4096 -t rsa -C "occne installer key" -f "/var/occne/cluster/<cluster_short_name>/.ssh/occne_id_rsa" -q -N ""
12.	Execute the OS Install and Bastion VM Creation on Bastion KVM Host (RMS2) from the Installer Bootstrap Host	Run the docker commands below to perform the OS install and Bastion Host VM creation on the Bastion KVM Host (RMS2): $ docker run --rm --network host --cap-add=NET_ADMIN -v /var/occne/cluster/<cluster_short_name>/:/host -v /var/occne/:/var/occne:rw -e "OCCNEARGS=--limit=<bastion_full_name>,<bastion_kvm_host_full_name>,localhost" <image_name>:<image_tag> Example: $ docker run -it --rm --network host --cap-add=NET_ADMIN -v /var/occne/cluster/rainbow/:/host -v /var/occne/:/var/occne:rw -e "OCCNEARGS=--limit=bastion-2.rainbow.lab.us.oracle.com,db-2.rainbow.lab.us.oracle.com,localhost" winterfell:5000/occne/provision:1.3.0 Verify that Bastion Host VM is installed by logging into RMS2/db-2 and issuing the following command. The <ansible_host> field (which is an IPv4 address) is derived from the hosts.ini file db-2 entry for host_hp_gen_x groups. Note: This command is optional. Had a failure actually occurred, the docker run command would have experienced failures. ssh -i /var/occne/cluster/<cluster_short_name>/.ssh/occne_id_rsa admusr@<oam_host> $ sudo virsh list Example: ssh -i /var/occne/cluster/rainbow.lab.us.oracle.com/.ssh/occne_id_rsa admusr@10.75.148.6 $ sudo virsh list Id Name State ---------------------------------------------------- 11 bastion-2.rainbow.lab.us.oracle.com running Login to Bastion Host from the Boostrap Host as admusr using the generated key from the /var/occne/cluster/<cluster_short_name> directory to confirm the VM is set up correctly. The <oam_host> field (which is an IPv4 address) is derived from the hosts.ini file bastion-2 entry for the host_kernel_virtual group. Note: This command is optional. Had a failure actually occurred, the docker run command would have experienced failures. ssh -i /var/occne/cluster/<cluster_short_name>/.ssh/occne_id_rsa admusr@<oam_host> Example: ssh -i /var/occne/cluster/rainbow/.ssh/occne_id_rsa admusr@10.75.148.5

Automated Installation

This section details the steps required to execute the automated configuration of the Bastion Host VM. This consists of two main section:

1. Setting up and executing the deploy.sh script on the Bootstrap Host.
2. Accessing the Bastion Host and executing the final commands to execute the pipeline.sh script to complete the Bastion Host configuration and deploy the OCCNE cluster.

Table 3-13 Automated Installation

Step #	Procedure	Description
1.	Setting up for and executing the deploy.sh script on the Bootstrap Host	The deploy.sh script performs the initial pre-configuration of the Bastion host. This includes installing ansible, executing the ansible playbook configBastionHost.yaml to setup the initial files and staging directories on the Bastion Host and executing the pipeline to setup the artifacts directory. The script is executed on the Bootstrap Host using a set of environment variables that can be initialized on the command line along with the deploy.sh script. These variables include the following: Name Comment Example usage CENTRAL_REPO Defines the customer specific repository host name. Note: This would be used in conjunction with CENTRAL_REPO_IP and CENTRAL_REPO_DOCKER_PORT. CENTRAL_REPO=customer_repo \ CENTRAL_REPO_IP=10.10.10.10 \ CENTRAL_REPO_DOCKER_PORT=5000 ./deploy.sh CENTRAL_REPO_IP Defines the customer specific repository IPv4 address. See above. CENTRAL_REPO_DOCKER_PORT Defines the customer specific repository docker port number. Defaults to 5000. See above. OCCNE_CLUSTER Defines the cluster short name. OCCNE_CLUSTER=rainbow OCCNE_BASTION Bastion Host full name OCCNE_BASTION=bastion-2.rainbow.us.labs.oracle.com OCCNE_VERSION The version tag of the image releases OCCNE_VERSION=1.3.2
2.	Copy necessary files from Utility USB to the Bootstrap Host staging directory	The MySQL .zip file (ex: V980756-01.zip) must be copied to the staging directory /var/occne directory. This file should be provided from the Utility USB. This file is used for installing the ndb MySQL nodes. $ cp /<usb_dev>/db/*.zip /var/occne/*.zip Copy the configBastionHost.yaml file from the Customer Utility USB to the staging directory /var/occne/. $ cp /<usb_dev>/configBastionHost.yaml /var/occne/. Copy the deploy.sh script from the Customer Utility USB to the staging directory at /var/occne/ and set the file to executable. $ cp /<usb_dev>/deploy.sh /var/occne/. $ chmod +x /var/occne/deploy.sh
3.	Execute Deploy	Execute the deploy.sh script from the /var/occne/ directory with the required parameters set. $ export CENTRAL_REPO=<customer_specific_repo_name> $ export CENTRAL_REPO_IP=<customer_specific_repo_ipv4> $ export OCCNE_CLUSTER=<cluster_short_name> $ export OCCNE_BASTION=<bastion_full_name> $ $ ./deploy.sh Customer Example: $ export CENTRAL_REPO=central-repo $ export CENTRAL_REPO_IP=10.10.10.10 $ export OCCNE_CLUSTER=rainbow $ export OCCNE_BASTION=bastion-2.rainbow.us.labs.oracle.com $ ./deploy.sh The command above can be executed like the following: $ CENTRAL_REPO=central-repo CENTRAL_REPO_IP=10.10.10.10 OCCNE_CLUSTER=rainbow OCCNE_BASTION=bastion-2.rainbow.us.labs.oracle.com ./deploy.sh Internal Example: Internally the defaults would be used so the only possible variables that needs to be provided are the OCCNE_CLUSTER, OCCNE_BASTION, and OCCNE_VERSION. $ OCCNE_CLUSTER=rainbow OCCNE_BASTION=bastion-2.rainbow.us.labs.oracle.com ./deploy.sh
4.	Executing Final Deploy on Bastion Host	The following commands are executed from the Bastion Host to complete the Bastion Host configuration and deploy OCCNE on the Bare Metal system. Note: The Bootstrap Host cannot be used to access the Bastion Host as it will be re-paved from execution of this command. Login to the Bastion Host as admusr. The private key that was saved earlier should be used to access the Bastion Host from a server other than the Bootstrap Host using the ssh command. This private key should be copied to the /home/<user>/.ssh directory on that server as id_rsa using scp (or winSCP from a desktop PC). The permissions of the key must be set to 0600 using the command: chmod 0600 ~/.ssh/id_rsa $ ssh -i ~/.ssh/id_rsa admusr@<bastion_external_ip_address> Execute the following command to complete the deployment of OCCNE from the Bastion Host (excluding re-install on the Bastion Host and its KVM host, which are already setup). This action will re-pave the Bootstrap Host RMS. $ export PROV_DEPLOY_ARGS='--limit=!<bastion_full_name>,!<bastion_kvm_host_full_name>' $ export DB_ARGS='--extra-vars=mate_site_db_replication_ip=<remote_site_db_replication_service_ip>,occne_mysqlndb_cluster_id=<mysqlndb_cluster_identifier>' $ /var/occne/cluster/<cluster_short_name>/artifacts/pipeline.sh Customer Example: $ export PROV_DEPLOY_ARGS='--limit=!bastion-2.rainbow.lab.us.oracle.com,!db-2.rainbow.lab.us.oracle.com' $ export DB_ARGS='--extra-vars=mate_site_db_replication_ip=10.75.182.88,occne_mysqlndb_cluster_id=2' $ /var/occne/cluster/rainbow/artifacts/pipeline.sh To save the output from the pipeline.sh script the command can be written as: $ /var/occne/cluster/rainbow/artifacts/pipeline.sh | tee pipeline$(date +"%F_%H%M%S").log Note: While Installing on the First Site ignore DB_ARGS configuration parameter which Provides Mate Site DB Replication Service Load Balancer IP. Provide the Mate Site DB Replication Service Load Balancer IP and MySQL Cluster identifier while Installing MYSQL NDB Cluster on second site.
5.	Update the Bastion KVM Host repo file	Since db-2 was not part of the final OS install and cluster deploy, it's /var/occne/yum.repos.d/*.repo file is not pointing to the Bastion Host as its YUM repo. That file on RMS2/db-2 must be updated so that it now points to the Bastion Host as the repo. After the Bastion Host was created, the .repo file that was copied onto the Bastion Host has the correct settings. That file can just be copied back to RMS2/db-2. From the Bastion Host, login to the Bastion Host KVM Host, using the occne private key and the internal host IP address for that node (extracted from the hosts.ini file) $ ssh -i /var/occne/cluster/<cluster_short_name>/.ssh/occne_id_rsa admusr@<bastion_kvm_host_ip_address> Remove the existing .repo files: $ sudo rm /var/occne/yum.repos.d/*.repo Copy the Bastion specific .repo file from the Bastion Host to the Bastion KVM Host. Execute this command from the Bastion KVM Host. scp <bastion_short_name>:/var/occne/yum.repos.d/*.repo /var/occne/yum.repos.d/ Example: scp bastion-2:/var/occne/yum.repos.d/*.repo /var/occne/yum.repos.d/
6.	Change MySQL root user password	Refer to Change MySQL root user password

Virtualized CNE Installation

This procedure details the steps necessary to configure and install an OCCNE cluster in an OpenStack Environment.

Prerequisites

1. The user has access to an existing OpenStack Environment including the OpenStack Desktop.
2. The OpenStack Environment is configured with appropriate resource flavors and network resources for resource allocation to the VMs created via this procedure.
3. Octavia Load Balancing plugin must be installed on the OpenStack Environment.
4. Users must have a pub key that can be configured for logging into the Bootstrap Host. This key should be placed into the customer OpenStack Environment prior to running this procedure using the following:

   Use the Import Keytab on the Launch Instance→Key Pair dialog or via the Compute→Access and Security

Limitation/Expectations

1. It is expected that the user is familiar with the use of OpenStack as a virtualized provider and the OpenStack Client.

   Note:

   All OpenStack Client commands listed in this procedure are executed from the Bootstrap Host after it has been instantiated.
2. All necessary images, binaries, etc have been downloaded from Oracle OSDC prior to executing this procedure and these resources are available for use in this procedure.
3. The customer has made available a central repository for all images, binaries, helm charts, etc, prior to executing this procedure.

Note:

The OpenStack commands in the procedures below are from a specific version of the OpenStack Desktop. The desktop used at the customer site may be slightly different depending on the version installed. The operations should be compatible.

Upload an Image to an OpenStack Environment

This is the process of uploading the qcow2 image. The image is provided via OSDC.

Note:

This procedure is executed from the OpenStack Desktop.

Table 3-14 Upload an Image to an OpenStack Environment

Step #	Procedure	Description
1.	Navigate to Images	Go to Compute → Images
2.	Create Image	Select the +Create Image button. This brings up a new dialog. You have to enter a name for the image. Use the same name as was used to create and download the imag (ex: occne_bootstrap-1.3.0.qcow2).
3.	Choose the source of the image	Using the Image Source pull down select: Image File. This will enable a Browse button. Select this button to bring up a Windows Explorer dialog. From the Windows dialog, select the image that was created in the previous procedures. This will insert the image name into the OpenStack Create Image dialog and set the Format for you.
4.	Upload Image	Select the Create Image button at the bottom right of the dialog. This will start the image upload process. It will take a while so be patient. You will not be able to actually see the image being uploaded even if you log into another OpenStack instance.
5.	Check the image	When the process is complete, the image should be listed in the Compute → Images screen. Again you will have to use Next to go through all the images and finally get to the image you uploaded depending on how many images are on the system.

Bootstrap Host Creation

The Bootstrap Host is provisioned to drive the creation of the virtualized cluster using Terraform, the OpenStack Client, and Ansible Playbook(s). A qcow2 image was provided as part of the OSDC download and should be available on the users OpenStack Environment as per the previous section of this document.

Note:

The examples below are for reference only. While the steps are correct the actual values used will be different. The following steps are to be performed manually on the customer specific Openstack Environment Desktop.

Table 3-15 Bootstrap Host Creation

Step #	Procedure
1.	Login to the OpenStack Environment using your OpenStack credentials, the appropriate domain and project name.
2.	Select Compute → Instances
3.	Select the Launch Instances tab on the upper right. A dialog will appear to configure a VM instance.
4.	Enter an Instance Name (for example: occne-<name>). Leave the Availability Zone and Count set as is.
5.	Select Source on the left hand side of the dialog. A new dialog appears (Note: there might be a long list of available images to choose from)
6.	Make sure the filter pulldown is set to Image
7.	Enter occne_bootstrap in the filter. This will display the occne_bootstrap-<x.y.z>.qcow2 image uploaded in the previous sections of this procedure.
8.	Select the OCCNE Bootstrap Host image by selecting the "+" on the right side of the image listing. This adds the image as the source for this VM.
9.	Select Flavor
10.	Enter a string which best describes the flavor being used for this customer specific OpenStack Environment in the search filter. This brings up a new dialog.
11.	Select the appropriate customer specific Flavor (for example: occne_bsh_flavor) by selecting the "+" on the right side of the flavor listings. This adds the resources to the Launch Instance dialog. Note: The BSH image requires a flavor that includes a disk size of 40GB or higher. The RAM size should be 8GB or higher although that is not a restriction.
12.	Select Networks
13.	Enter the appropriate network name as defined by the customer with the OpenStack Environment (example: ext-net) in the search filter. This brings up a new dialog.
14.	Select the appropriate network by selecting the "+" on the right side of the flavor listings. This adds the external network interface to the Launch Instance dialog.
15.	Select Key Pair. This dialog assumes you have already uploaded a public key to to OpenStack (see Prerequisites).
16.	Select the appropriate key by selecting the "+" on the right side of the key pair listings. This adds the public key to the authorized_keys file on the Bootstrap Host.
17.	Select Configuration. This screen allows the user to add configuration data which is used by cloud-init to set on the VM, the initial admusr and hostname/FQDN additions to the /etc/hosts file. Use the following configuration until there is more information available. This must be copied into the Customization Script text box. Make sure the fields marked as <instance_name_from_details_screen> are updated with the instance name you used in step 5 above. Leave the other fields on this dialog in their default setting. #cloud-config hostname: <instance_name_from_details_screen> fqdn: <instance_name_from_details_screen> system_info: default_user: name: admusr lock_passwd: false write_files: - content: | 127.0.0.1 localhost localhost4 localhost4.localdomain4 <instance_name_from_details_screen> ::1 localhost localhost6 localhost6.localdomain6 <instance_name_from_details_screen> path: /etc/hosts owner: root:root permissions: '0644'
18.	Select Launch Instance at the lower right side of the initial dialog. This will launch the creation of the VM. This can be observed back at the Compute→Instances screen.

Pre-deployment Configuration

The commands in this procedure are executed from the Bootstrap Host. All terraform commands are executed from the /var/terraform directory.

Table 3-16 Pre-deployment Configuration

Step #	Procedure	Description
1.	Obtain the TLS Certificate for OpenStack	Depending on the Customer's environment it is very likely that the customer's OpenStack uses certificates for TLS access to the API. Without this certificate, OpenStack commands will not work. Customer's may have to obtain this certificate before using OpenStack client commands. Contact the OpenStack admin to provide the required TLS certificate to access the client commands (ex. in an Oracle OpenStack system installed with kolla, the certificate will be located at /etc/kolla/certiifcates/haproxy-ca.crt) Copy the certificate to the Bootstrap Host at location: /etc/pki/<OpenStack_release_name>/haproxy-ca.crt (ex. /etc/pki/kolla/haproxy-ca.crt) (If /etc/pki/<OpenStack_release_name> does not exist, it can be created using command: mkdir -p /etc/pki/<OpenStack_release_name> Set the environment variable OS_CACERT to the location where the certificate was copied to using the command: export OS_CACERT=/etc/pki/<OpenStack_release_name>/haproxy-ca.crt (ex. export OS_CACERT=/etc/pki/kolla/haproxy-ca.crt)
2.	Get the Openstack RC (API v3) File	This file exports a number of environment variables on the Bootstrap Host for the given user which directs the OpenStack Client commands towards the particular OpenStack Environment. It must be copied to the users home directory on the Bootstrap Host so that the OpenStack Client commands can be executed. Note: These instructions may be somewhat different on OpenStack Desktops. From the OpenStack Desktop: go to Project → Compute → Access & Security. Select the API Access tab On the right hand side, select Download OpenStack RC File v3. This will download a openrc.sh file prefixed with the OpenStack project name (ex: 5G-openrc.sh). to your PC. SCP this file (ie. winSCP) to the Bootstrap Host in the /home/admusr directory as .<project_name>-openrc.sh Note: In order for SCP/winSCP to work properly, the key mentioned in the Prerequisites above must be used to access the Bootstrap Host. It may also be necessary to add the appropriate Security Group Rules to support SSH (Rule: SSH, Remote: CIDR CIDR: 0.0.0.0/0) under the Network → Security Groups page in the OpenStack Environment. Contact the OpenStack Administrator to get the proper rules added if necessary. Execute the following command: source .<project_name>-openrc.sh Execute the following command to verify the OpenStack Client is working: openstack image list
3.	Create SSH Key on Bootstrap Host	Create the keys that will be used to access the other VMs. This command generates the private and public keys that are passed to the Bastion Host and used to communicate to other node from that Bastion Host. Do not supply a passphrase when it asks for one. Just hit enter. Also the private key should be copied to a place for safe keeping should the Bootstrap Host be destroyed. $ ssh-keygen -m PEM -t rsa -b 2048
4.	Add Files to /tmp Directory	These files must be copied to the directories listed using scp or some other means (ie. winSCP). There are three directories on the Bootstrap Host. These three directories are as follows: /tmp/yum.repos.d /tmp/db /tmp/certificates Within these three directories the user must supply the following mandatory files: Add a customer specific central repo .repo file to the /tmp/yum.repos.d directory which allows for access to the customer specific repo (ex: winterfell-mirror.repo). Add a mysql .zip file. (ex: V980756-01.zip) to the /tmp/db directory. This file is used for installing the ndb MySQL cluster and is downloaded from OSDC. Add a docker registry certificate to the /tmp/certificates directory for the central docker registry. This file mus tbe copied using the following format:<central_repo_hostname>:<central_repo_port>.crt(ex: winterfell:5000.crt).
5.	Updating the ~.configure/openstack/clouds.yaml File	To obtain the values for the authorization fields need in clouds.yaml below, execute the openstack configuration show command (make sure you have sourced the openrc script before executing this command). $ openstack configuration show +---------------------------------+-------------------------------------------+ | Field | Value | +---------------------------------+-------------------------------------------+ | api_timeout | None | | application_catalog_api_version | 1 | | auth.auth_url | http://thundercloud.us.oracle.com:5000/v3 | | auth.password | <redacted> | | auth.project_domain_id | 6c3468f1207c4e00bb441746c2046a90 | | auth.project_id | 811ef89b5f154ab0847be2f7e41117c0 | | auth.project_name | OCCNE | | auth.user_domain_name | LDAP | | auth.username | John.Doe | | auth_type | password | | baremetal_api_version | 1 | | beta_command | False | | cacert | None | | cert | None | | compute_api_version | 3 | | container_api_version | 1 | | container_infra_api_version | 1 | +---------------------------------+-------------------------------------------+ To get the floating_network_id value for the load balancer configuration in clouds.yaml below, execute the following commands: $ openstack network list Get the network ID and the subnets id for floating ip address network name: Example from the openstack command cli list: +--------------------------------------+-------------------+--------------------------------------+ | ID | Name | Subnets | +--------------------------------------+-------------------+--------------------------------------+ | e4351e3e-81e3-4a83-bdc1-dde1296690e3 | ext-net | c0e0c185-ed65-4a53-a7a3-418277fb9a20 | Edit the ~/.configure/openstack/clouds.yaml file (using sudo vi ~/.configure/openstack/clouds.yaml) and update following values for your Openstack Environment using the commands listed above (use double quotes where indicated in the example given below): Note: The subnet_id field is automatically obtained and populated in the clouds.yaml file. There is no need to configure that value. clouds: mycloud: auth: auth_url: <openstack-Identity-api-url> username: <openstack-user-name> project_name: <openstack-project-name> project_id: <openstack-Project ID> user_domain_name: <openstack-Domain Name> password: <openstack-user-password> region_name: <openstack-region-name-if-available> interface: <openstack-intrface- public/private> identity_api_version: <openstack-indentity-api-version> loadbalancer: lbaas_enabled: true subnet_id: <openstack_lbaas_subnet_id> floating_network_id: <openstack_lbaas_floating_network_id> use_octavia: true lb_method: ROUND_ROBIN Example: clouds: mycloud: auth: auth_url: http://thundercloud.us.oracle.com:5000/v3 username: "john.doe" project_name: "OCCNE" project_id: 811ef89b5f154ab0847be2f7e41117c0 user_domain_name: "LDAP" password: "johnspw" region_name: "RegionOne" interface: "public" identity_api_version: 3 loadbalancer: lbaas_enabled: true subnet_id: c0e0c185-ed65-4a53-a7a3-418277fb9a20 floating_network_id: e4351e3e-81e3-4a83-bdc1-dde1296690e3 use_octavia: true lb_method: ROUND_ROBIN
6.	Updating cluster.tfvars File	The fields in the cluster.tfvars file must be configured to adapt to the current customer Openstack Environment. The steps below detail how to collect and set the fields that must be changed. Note: Image to use for bastion, masters, standalone etcd instances, and nodes image = "OracleLinux-7.5-x86_64". An Admin user of the customer specific OpenStack Environment must upload this image 'OracleLinux-7.5-x86_64.qcow2' to the openstack env and it should be accessible under image list. WARNING: The number of master nodes must be set to an odd number. The recommended value for number_of_k8s_masters_no_floating_ip is 3. From the /var/terraform directory, copy directory occne_example and its contents (cluster.tfvars) using the command below to create a new directory. Change the name of the new directory to include your name to distinguish it from the occne_example directory. Note: The directory name is not used for any special purpose other than to distinguish it from the occne_example directory. It can be called anything. $ cp -R occne_example occne_<user> Use the following commands to retrieve the information necessary to configure the cluster.tfvars The different flavor settings should be set according to the recommendations from Reference 1 in this document. An Admin user of the customer specific OpenStack Environment must add the flavors and provide the UUID of those flavors for configuration into the cluster.tfvars file. The UUID of each specific flavor that is used must be added as the value field of the key/value fields in the cluster.tfvars file. Once flavors have been added to the OpenStack Environment, the UUID can be retrieved via the following OpenStack Client command from the Bootstrap Host shell: $ openstack flavor list | grep <flavor_name> Example: $ openstack flavor list | grep medium | 43c7b73b-42a7-4f40-b52e-11f6803fc750 | oc-cne.medium | 16384 | 80 | 0 | 2 | True | $ openstack flavor show 43c7b73b-42a7-4f40-b52e-11f6803fc750 +----------------------------+--------------------------------------+ | Field | Value | +----------------------------+--------------------------------------+ | OS-FLV-DISABLED:disabled | False | | OS-FLV-EXT-DATA:ephemeral | 0 | | access_project_ids | None | | disk | 80 | | id | 43c7b73b-42a7-4f40-b52e-11f6803fc750 | | name | oc-cne.medium | | os-flavor-access:is_public | True | | properties | | | ram | 16384 | | rxtx_factor | 1.0 | | swap | | | vcpus | 2 | +----------------------------+--------------------------------------+ Use the following command to retrieve the floatingip_pool name and external_net UUID. $ openstack network list +--------------------------------------+-------------------+--------------------------------------+ | ID | Name | Subnets | +--------------------------------------+-------------------+--------------------------------------+ | 1d25d5ea-77ca-4f56-b364-f53b09292e7b | ext-net2 | f5c5ee71-8688-466d-a79f-4306e2bf3f6a | | 668bc488-5307-49ad-9332-24fb0767bb39 | test-network | 9432b2d5-99c0-43ee-8f8c-4709f38b68d9 | | 903155c7-c3ff-4283-bc2b-f34e8b6e76b0 | occne-ebadger-tc1 | ecbadd3e-e239-4830-b8c1-5ff94fa64c3a | | 90c160aa-2ef7-47d3-a212-e1790d56c971 | ext-net-ipv6 | 4c0b844f-1557-4454-b561-88fa31f657f3 | | c4a7569b-5448-4add-8c4e-006bbdd984ef | cluster1 | 4cf62be3-05e9-4a5b-b2a9-6aceee3c860f | | e4351e3e-81e3-4a83-bdc1-dde1296690e3 | ext-net | c0e0c185-ed65-4a53-a7a3-418277fb9a20 | | fc36d63f-b30b-4c7f-979f-9b52b614bbd7 | occne-mkingre | 7631612f-5d22-49be-975c-6e0a9329339b | +--------------------------------------+-------------------+--------------------------------------+ Navigate to occne_<user> directory and edit the contents of the cluster.tfvars file in the newly created directory: $ vi occne_<user>/cluster.tfvars The fields in the cluster.tfvars file must be configured to adapt to the current customer Openstack Provider. Initially the cluster_name and network_name should be set as the same value. # <Kubernetes cluster name here> cluster_name = "<cluster-name>" # networking network_name = "<cluster-name>" For setting the ntp_server value in the cluster.tfvars file, use the IP Address of your cloud URL. One way of obtaining this is using the ping command on your Bootstrap Host. (For example: ping thundercloud.us.oracle.com) $ ping thundercloud.us.oracle.com PING srv-10-75-171-2.us.oracle.com (10.75.171.2) 56(84) bytes of data. 64 bytes from pc1011601.labs.nc.tekelec.com (10.75.171.2): icmp_seq=1 ttl=63 time=0.283 ms If your deployment requires a specific Availability Zone other than the default availability zone called nova, please make the following changes in the cluster.tfvars file. This value can be added just after the cluster_name field. If you wish to use nova then do not add these changes. az_list = ["<your_availability_zone_name>"] Example: # Authorizing_Zone az_list = ["foobar"]
7.	Obtain Mate Site DB Replication Service Load Balancer IP	While installing MYSQL NDB on the second site we need to provide the Mate Site DB Replication Service Load Balancer IP as the configuration parameter for the geo-replication process to start. Note: If this is a single deploy and or a mated site with this being the first site deployed, this step can be skipped. In order to obtain the Mate Site DB Replication Service Load Balancer IP, login to the Bastion Host of first site and execute the following command to retrieve the DB Replication Service Load Balancer IP. Fetch DB Replication Service Load Balancer IP of Mate Site MYSQL NDB. [cloud-user@arjun1-bastion-1 ~]$ kubectl get svc --namespace=occne-infra | grep replication occne-db-replication-svc LoadBalancer 10.233.3.117 10.75.182.88 80:32496/TCP 2m8s In the above example we could see "10.75.182.88" as the Mate Site DB Replication Service Load Balancer IP.

Deploy the OCCNE Virtualized Cluster

The execution of the following command does all the work to deploy the VMs in the OpenStack Environment, configure the Bastion Host, and deploy and configure the Kubernetes clusters.

Table 3-17 Deploy the OCCNE Virtualized Cluster

Step #	Procedure	Description
1.	Deploy OCCNE Virtualized Cluster	Execute the following command from the /var/terraform directory on the Bootstrap Host. This command may take a while to run (can be up to 2 hours depending on the machines its run on). $ OCCNE_TFVARS_DIR=occne_<user> CENTRAL_REPO=<central_repo_hostname> CENTRAL_REPO_IP=<central_repo_ipv4_address> OCCNE_PIPELINE_ARGS='DB_ARGS=--extra-vars='\''{"mate_site_db_replication_ip":"'<db_replication_service_load_balancer_ip>'","occne_mysqlndb_cluster_id":<mysqlndb_cluster_identifier>}'\''' ./deploy.sh Example: $ OCCNE_TFVARS_DIR=occne_arjun CENTRAL_REPO=winterfell CENTRAL_REPO_IP=10.75.216.10 OCCNE_PIPELINE_ARGS='DB_ARGS=--extra-vars='\''{"mate_site_db_replication_ip":"'10.75.182.88'","occne_mysqlndb_cluster_id":2}'\''' ./deploy.sh Note: While Installing on the First Site ignore OCCNE_PIPELINE_ARGS configuration parameter which Provides Mate Site DB Replication Service Load Balancer IP. Provide the Mate Site DB Replication Service Load Balancer IP and MySQL Cluster identifier while Installing MYSQL NDB on second site. Note: The release version defaults to the 1.4.0 GA release. If there is a reason to use a different version, it can be specified by setting the OCCNE_VERSION=<release> variable on the command line.
2.	Change MySQL root user password	Refer to Change MySQL root user password