1. Create Oracle Cloud Native Environment on Oracle Private Cloud Appliance
  2. Configure the Environment

Configure the Environment

These steps describe how to configure the environment before you can install Oracle Cloud Native Environment on Oracle Private Cloud Appliance.

We assume the following resources are already provisioned:

  • A compartment in tenancy.
  • A Virtual Cloud Network (VCN) in the compartment with a DNS label (with Use DNS Hostnames enabled in this VCN).
  • Compute instances for three worker nodes, one control node, and one operator node.

Set Proxy

Set proxy vars in etc bashrc on all nodes so all future shell sessions will have the benefit of the proxy environment variables. Substitute your appropriate proxy server name and port with: http://proxy-host:proxy-port. 

if [ ! -f /etc/bashrc.bak ]; then
 cp -p /etc/bashrc /etc/bashrc.bak
else
 cp -p /etc/bashrc.bak /etc/bashrc
fi
zz=/tmp/ocne.setup.sh.on_host_to_be_setup
cat <<EOD > $zz
export http_proxy=http://proxy-host:proxy-port
export https_proxy=http://proxy-host:proxy-port
# substitute your domain name for "dm.com"
HOSTNAME=`hostname`
first_3_octets_of_LAN=`nslookup $HOSTNAME.dm.com | grep Address | tail -1 | sed -e 's/Address: 
//' -e 's/\.[0-9]*$//'`
export 
no_proxy='localhost,127.0.0.1,.proxy-host,.oraclecorp.com,.oraclevcn.com,$first_3_octets_of_L
AN.0/24,.svc,/var/run/crio/crio.sock,10.96.0.0/12'
EOD
cat $zz >> /etc/bashrc

Apply OS Updates

Apply OS patches to bring all nodes security and function up-to-date.

Identify your OS.

Identify OEL major release 
uname -a | sed -e 's/.*\.el//' -e 's/^\(.\).*/\1/'

If the result of this command is 8, then you are running OEL8. If you are running OEL7, use yum instead of dnf, and do not pass the additional argument --best --allowerasing.

For example, if the instructions say:

yum --setopt=keepcache=1 xyz

Instead if you are running on OEL7, you should run the command:

dnf --best --setopt=keepcache=1 --allowerasing xyz

Next, apply OS updates on all nodes after configuring yum and possibly dnf to be aware of your proxy server. 

if [ ! -f /etc/yum.conf.bak ]; then
 cp /etc/yum.conf /etc/yum.conf.bak
else
 cp /etc/yum.conf.bak /etc/yum.conf
fi
echo proxy=http://proxy-host:proxy-port >> /etc/yum.conf
if [ -d /etc/dnf ]; then
 if [ ! -f /etc/dnf/dnf.conf.bak ]; then
 sudo cp /etc/dnf/dnf.conf /etc/dnf/dnf.conf.bak
 else
 sudo cp /etc/dnf/dnf.conf.bak /etc/dnf/dnf.conf
 fi
 cp /etc/dnf/dnf.conf.bak /tmp/dnf.conf
 echo proxy=http://proxy-host:proxy-port:80 >> /tmp/dnf.conf
 sudo mv /tmp/dnf.conf /etc/dnf/dnf.conf
fi
dnf --best --setopt=keepcache=1 --allowerasing update -y
reboot

Configure Repositories on All Nodes

Configure yum repositories on all nodes. 

configure repos 
# if we are on OEL7, do the following:
sudo yum-config-manager --enable ol7_OCNE15 ol7_kvm_utils ol7_addons ol7_latest ol7_UEKR6
sudo yum-config-manager --disable ol7_OCNE14 ol7_OCNE13 ol7_OCNE12 ol7_OCNE11 ol7_OCNE
ol7_developer
# but if we are on OEL8, do the following:
sudo dnf -y install oracle-OCNE-release-el8
sudo yum config-manager --enable ol8_OCNE15 ol8_addons ol8_baseos_latest ol8_appstream 
ol8_UEKR6
sudo yum config-manager --disable ol8_OCNE12 ol8_OCNE13 ol8_OCNE14 ol8_developer

Install Chrony

#Install chrony on all nodes.
sudo dnf --best --setopt=keepcache=1 --allowerasing -y install chrony
sudo systemctl enable --now chronyd.service

Disable Swap On All Nodes

no swap 
swapoff -a
if [ ! -f /etc/fstab.bak ]; then
 sudo cp /etc/fstab /etc/fstab.bak
fi
cat /etc/fstab.bak | sed '/[\t ]swap[\t ]/d' > /tmp/fstab
echo diff /etc/fstab.bak /tmp/fstab
diff /etc/fstab.bak /tmp/fstab
sudo cp /tmp/fstab /etc/fstab
echo cat /etc/fstab
cat /etc/fstab

Configure Firewall on Operator Node

operator node firewall 
sudo firewall-cmd --add-port=8091/tcp --permanent
sudo firewall-cmd --reload

Configure Firewall On Worker Nodes

worker node firewall 
sudo firewall-cmd --zone=trusted --add-interface=cni0 --permanent
sudo firewall-cmd --add-port=8090/tcp --permanent
sudo firewall-cmd --add-port=10250/tcp --permanent
sudo firewall-cmd --add-port=10255/tcp --permanent
sudo firewall-cmd --add-port=8472/udp --permanent
sudo firewall-cmd --add-masquerade --permanent
sudo systemctl restart firewalld.service

Configure Subnet Security List Ingress Rule

You must adjust the subnet security list to permit Oracle Cloud Native Environment and Kubernetes traffic on the new cluster.
  1. Drill down into the security list to add ingress rules.
  2. Add ingress rules to the security list for the subnet used for the nodes' compute instances to allow traffic on the necessary ports.
  3. Allow traffic to the following ports:
    • 2379-2380
    • 6443-6444
    • 8090-8091
    • 8472
    • 10250-10252
    • 10255