Configure the Environment
These steps describe how to configure the environment before you can install Oracle Cloud Native Environment on Oracle Private Cloud Appliance.
We assume the following resources are already provisioned:
- A compartment in tenancy.
- A Virtual Cloud Network (VCN) in the compartment with a DNS label (with Use DNS Hostnames enabled in this VCN).
- Compute instances for three worker nodes, one control node, and one operator node.
Set Proxy
Set proxy vars in etc bashrc
on all nodes so all future shell sessions will have the benefit of the proxy environment variables. Substitute your appropriate proxy server name and port with: http://proxy-host:proxy-port
.
if [ ! -f /etc/bashrc.bak ]; then
cp -p /etc/bashrc /etc/bashrc.bak
else
cp -p /etc/bashrc.bak /etc/bashrc
fi
zz=/tmp/ocne.setup.sh.on_host_to_be_setup
cat <<EOD > $zz
export http_proxy=http://proxy-host:proxy-port
export https_proxy=http://proxy-host:proxy-port
# substitute your domain name for "dm.com"
HOSTNAME=`hostname`
first_3_octets_of_LAN=`nslookup $HOSTNAME.dm.com | grep Address | tail -1 | sed -e 's/Address:
//' -e 's/\.[0-9]*$//'`
export
no_proxy='localhost,127.0.0.1,.proxy-host,.oraclecorp.com,.oraclevcn.com,$first_3_octets_of_L
AN.0/24,.svc,/var/run/crio/crio.sock,10.96.0.0/12'
EOD
cat $zz >> /etc/bashrc
Apply OS Updates
Apply OS patches to bring all nodes security and function up-to-date.
Identify your OS.
Identify OEL major release
uname -a | sed -e 's/.*\.el//' -e 's/^\(.\).*/\1/'
If the result of this command is 8
, then you are running OEL8. If you are running OEL7, use yum
instead of dnf
, and do not pass the additional argument --best --allowerasing
.
For example, if the instructions say:
yum --setopt=keepcache=1 xyz
Instead if you are running on OEL7, you should run the command:
dnf --best --setopt=keepcache=1 --allowerasing xyz
Next, apply OS updates on all nodes after configuring yum
and possibly dnf
to be aware of your proxy server.
if [ ! -f /etc/yum.conf.bak ]; then
cp /etc/yum.conf /etc/yum.conf.bak
else
cp /etc/yum.conf.bak /etc/yum.conf
fi
echo proxy=http://proxy-host:proxy-port >> /etc/yum.conf
if [ -d /etc/dnf ]; then
if [ ! -f /etc/dnf/dnf.conf.bak ]; then
sudo cp /etc/dnf/dnf.conf /etc/dnf/dnf.conf.bak
else
sudo cp /etc/dnf/dnf.conf.bak /etc/dnf/dnf.conf
fi
cp /etc/dnf/dnf.conf.bak /tmp/dnf.conf
echo proxy=http://proxy-host:proxy-port:80 >> /tmp/dnf.conf
sudo mv /tmp/dnf.conf /etc/dnf/dnf.conf
fi
dnf --best --setopt=keepcache=1 --allowerasing update -y
reboot
Configure Repositories on All Nodes
Configure yum
repositories on all nodes.
configure repos
# if we are on OEL7, do the following:
sudo yum-config-manager --enable ol7_OCNE15 ol7_kvm_utils ol7_addons ol7_latest ol7_UEKR6
sudo yum-config-manager --disable ol7_OCNE14 ol7_OCNE13 ol7_OCNE12 ol7_OCNE11 ol7_OCNE
ol7_developer
# but if we are on OEL8, do the following:
sudo dnf -y install oracle-OCNE-release-el8
sudo yum config-manager --enable ol8_OCNE15 ol8_addons ol8_baseos_latest ol8_appstream
ol8_UEKR6
sudo yum config-manager --disable ol8_OCNE12 ol8_OCNE13 ol8_OCNE14 ol8_developer
Install Chrony
#Install chrony on all nodes.
sudo dnf --best --setopt=keepcache=1 --allowerasing -y install chrony
sudo systemctl enable --now chronyd.service
Disable Swap On All Nodes
no swap
swapoff -a
if [ ! -f /etc/fstab.bak ]; then
sudo cp /etc/fstab /etc/fstab.bak
fi
cat /etc/fstab.bak | sed '/[\t ]swap[\t ]/d' > /tmp/fstab
echo diff /etc/fstab.bak /tmp/fstab
diff /etc/fstab.bak /tmp/fstab
sudo cp /tmp/fstab /etc/fstab
echo cat /etc/fstab
cat /etc/fstab
Configure Firewall on Operator Node
operator node firewall
sudo firewall-cmd --add-port=8091/tcp --permanent
sudo firewall-cmd --reload
Configure Firewall On Worker Nodes
worker node firewall
sudo firewall-cmd --zone=trusted --add-interface=cni0 --permanent
sudo firewall-cmd --add-port=8090/tcp --permanent
sudo firewall-cmd --add-port=10250/tcp --permanent
sudo firewall-cmd --add-port=10255/tcp --permanent
sudo firewall-cmd --add-port=8472/udp --permanent
sudo firewall-cmd --add-masquerade --permanent
sudo systemctl restart firewalld.service
Configure Subnet Security List Ingress Rule
- Drill down into the security list to add ingress rules.
- Add ingress rules to the security list for the subnet used for the nodes' compute instances to allow traffic on the necessary ports.
- Allow traffic to the following ports:
- 2379-2380
- 6443-6444
- 8090-8091
- 8472
- 10250-10252
- 10255