blob: 2995213eaed96a41f49452a05459bbb78b403403 [file] [log] [blame]
Petr Ospalýbe81ab02019-02-14 21:30:31 +01001.. This work is licensed under a Creative Commons Attribution 4.0 International License.
2.. http://creativecommons.org/licenses/by/4.0
Bartek Grzybowskid549d822021-03-22 13:12:01 +01003.. Copyright 2021 Samsung Electronics Co., Ltd.
Petr Ospalýbe81ab02019-02-14 21:30:31 +01004
Bartek Grzybowskid549d822021-03-22 13:12:01 +01005Offline Installer - Installation Guide
6======================================
Petr Ospalýbe81ab02019-02-14 21:30:31 +01007
Bartek Grzybowski2936ef12021-03-23 14:15:33 +01008This document describes offline installation procedure for `OOM ONAP`_, which is done by the ansible based `Offline installer`_.
Petr Ospalýbe81ab02019-02-14 21:30:31 +01009
Bartek Grzybowski553a9202021-03-23 15:09:11 +010010Before you begin the installation process you should prepare the offline installation packages. Please refer to the `Build Guide`_ for instructions on how to create them.
Petr Ospalýbe81ab02019-02-14 21:30:31 +010011
12-----
13
Petr Ospalýbe81ab02019-02-14 21:30:31 +010014Part 1. Prerequisites
15---------------------
16
Bartek Grzybowski553a9202021-03-23 15:09:11 +010017ONAP platform has certain software requirements - see `Software requirements`_ and minimum hardware recommendations: ``224 GB RAM``, ``112 vCPUs`` and ``160GB`` of storage (see `Hardware requirements`_). The minimum count of nodes should not drop below three - otherwise you may have to do some tweaking to make it work, which is not covered here (there is a pod count limit for a single kubernetes node - you can read more about it in this `discussion <https://lists.onap.org/g/onap-discuss/topic/oom_110_kubernetes_pod/25213556>`_).
Petr Ospalýbe81ab02019-02-14 21:30:31 +010018
Petr Ospalýbe81ab02019-02-14 21:30:31 +010019Kubernetes cluster
20~~~~~~~~~~~~~~~~~~
21
22The four nodes/VMs will be running these services:
23
24- **infra-node**::
25
26 - nexus
27 - nginx proxy
28 - dns
Michal Ptacek26278df2019-07-09 10:46:26 +000029 - kubernetes-etcd
30 - kubernetes-control-plane
Bartek Grzybowski553a9202021-03-23 15:09:11 +010031 - chartmuseum (if using helm v3)
Michal Ptacek26278df2019-07-09 10:46:26 +000032
Jan Benedikt1b3915e2019-11-13 04:13:34 -050033**NOTE:** kubernetes-* roles can be collocated directly with kubernetes nodes and not necessarily on infra node.
Petr Ospalýbe81ab02019-02-14 21:30:31 +010034
35- **kubernetes node 1-3**::
36
Michal Ptacek26278df2019-07-09 10:46:26 +000037 - kubernetes worker
Petr Ospalýbe81ab02019-02-14 21:30:31 +010038
Bartek Grzybowski553a9202021-03-23 15:09:11 +010039You don't need to care about these services now - that is the responsibility of the installer (described below). Just start four VMs as seen in below table (or according to your needs as we hinted above):
Petr Ospalýbe81ab02019-02-14 21:30:31 +010040
41.. _Overview table of the kubernetes cluster:
42
43Kubernetes cluster overview
44^^^^^^^^^^^^^^^^^^^^^^^^^^^
45
Bartek Grzybowski553a9202021-03-23 15:09:11 +010046.. note:: Offline installer leverages `RKE`_ to provision kubernetes cluster. If you'd like to use different k8s installation method please exclude ``rke.yml`` ansible playbook from execution and provide your own.
Michal Ptacek26278df2019-07-09 10:46:26 +000047
Tomáš Levora2a355bb2019-10-10 14:04:08 +020048=================== ================== ==================== ============== ============ ===============
49KUBERNETES NODE OS NETWORK CPU RAM STORAGE
50=================== ================== ==================== ============== ============ ===============
51**infra-node** RHEL/CentOS 7.6 ``10.8.8.100/24`` ``8 vCPUs`` ``8 GB`` ``100 GB``
52**kube-node1** RHEL/CentOS 7.6 ``10.8.8.101/24`` ``16 vCPUs`` ``56+ GB`` ``100 GB``
53**kube-node2** RHEL/CentOS 7.6 ``10.8.8.102/24`` ``16 vCPUs`` ``56+ GB`` ``100 GB``
54**kube-node3** RHEL/CentOS 7.6 ``10.8.8.103/24`` ``16 vCPUs`` ``56+ GB`` ``100 GB``
55SUM ``56 vCPUs`` ``176+ GB`` ``400 GB``
56=========================================================== ============== ============ ===============
Petr Ospalýbe81ab02019-02-14 21:30:31 +010057
Marcin Wilk34488952020-11-10 12:22:59 +010058As of now, the offline installer supports only **RHEL 7.x** and **CentOS 7.6** distributions, with at least *@core* and *@base* package groups installed including *Mandatory* and *Default* package sets. So, your VMs should be preinstalled with this operating system - the hypervisor and platform can be of your choosing.
Petr Ospalýbe81ab02019-02-14 21:30:31 +010059
Bartek Grzybowski553a9202021-03-23 15:09:11 +010060We will expect from now on that you installed four VMs and they are connected to the shared network. All VMs must be reachable from *install-server* (below), which can be the hypervisor, *infra-node* or completely different host. But in either of these cases the *install-server* must be able to connect over ssh to all of these nodes.
Petr Ospalýbe81ab02019-02-14 21:30:31 +010061
Petr Ospalýbe81ab02019-02-14 21:30:31 +010062Install-server
63~~~~~~~~~~~~~~
64
65We will use distinct *install-server* and keep it separate from the four-node cluster. But if you wish so, you can use *infra-node* for this goal (if you use the default ``'chroot'`` option of the installer), but in that case double the size of the storage requirement!
66
67Prerequisites for the *install-server*:
68
69- packages described in `Build Guide`_
70- extra ``100 GB`` storage (to have space where to store these packages)
71- installed ``'chroot'`` and/or ``'docker'`` system commands
72- network connection to the nodes - especially functioning ssh client
73
74Our *install-server* will have ip: ``10.8.8.4``.
75
76**NOTE:** All the subsequent commands below, are executed from within this *install-server*.
77
78-----
79
Petr Ospalýbe81ab02019-02-14 21:30:31 +010080Part 2. Preparation and configuration
81-------------------------------------
82
83We *MUST* do all the following instructions from the *install-server* and also we will be running them as a user ``root``. But that is not necessary - you can without any problem pick and use a regular user. The ssh/ansible connection to the nodes will also expect that we are connecting as a ``root`` - you need to elevate privileges to be able to install on them. Although it can be achieved by other means (sudo), we decided here to keep instructions simple.
84
Petr Ospalýbe81ab02019-02-14 21:30:31 +010085Installer packages
86~~~~~~~~~~~~~~~~~~
87
88As was stated above you must have prepared the installer packages (names will differ - check out the `Build Guide`_):
89
Michal Ptacek26278df2019-07-09 10:46:26 +000090- sw_package.tar
91- resources_package.tar
92- aux_package.tar
Petr Ospalýbe81ab02019-02-14 21:30:31 +010093
Michal Ptacek26278df2019-07-09 10:46:26 +000094**NOTE:** ``'aux_package.tar'`` is optional and if you don't have use for it, you can ignore it.
Petr Ospalýbe81ab02019-02-14 21:30:31 +010095
96We will store them in the ``/data`` directory on the *install-server* and then we will unpack the ``'sw'`` package to your home directory for example::
97
98 $ mkdir ~/onap-offline-installer
Michal Ptacek26278df2019-07-09 10:46:26 +000099 $ tar -C ~/onap-offline-installer -xf /data/sw_package.tar
Petr Ospalýbe81ab02019-02-14 21:30:31 +0100100
Petr Ospalýbe81ab02019-02-14 21:30:31 +0100101Application directory
102~~~~~~~~~~~~~~~~~~~~~
103
104Change the current directory to the ``'ansible'``::
105
106 $ cd ~/onap-offline-installer/ansible
107
108You can see multiple files and directories inside - this is the *offline-installer*. It is implemented as a set of ansible playbooks.
109
Denis Kasanica7702f22019-11-14 12:35:46 +0100110If you created the ``'sw'`` package according to the *Build Guide* then you should have had the *offline-installer* populated with at least the following files:
Petr Ospalýbe81ab02019-02-14 21:30:31 +0100111
Denis Kasanica7702f22019-11-14 12:35:46 +0100112- ``application/application_configuration.yml``
113- ``inventory/hosts.yml``
Petr Ospalýbe81ab02019-02-14 21:30:31 +0100114
Denis Kasanica7702f22019-11-14 12:35:46 +0100115Following paragraphs describe fine-tuning of ``'inventory.yml'`` and ``'application_configuration.yml'`` to reflect your VMs setup.
Petr Ospalýbe81ab02019-02-14 21:30:31 +0100116
Petr Ospalýbe81ab02019-02-14 21:30:31 +0100117hosts.yml
118~~~~~~~~~
119
120We need to setup the ``'hosts.yml'`` first, the template looks like this::
121
122 ---
123 # This group contains hosts with all resources (binaries, packages, etc.)
124 # in tarball.
125 all:
126 vars:
127 # this key is supposed to be generated during setup.yml playbook execution
128 # change it just when you have better one working for all nodes
129 ansible_ssh_private_key_file: /root/.ssh/offline_ssh_key
130 ansible_ssh_common_args: '-o StrictHostKeyChecking=no'
131
132 children:
133 resources:
134 hosts:
135 resource-host:
136 ansible_host: 10.8.8.5
137
138 # This is group of hosts where nexus, nginx, dns and all other required
139 # services are running.
140 infrastructure:
141 hosts:
142 infrastructure-server:
143 ansible_host: 10.8.8.13
144 #IP used for communication between infra and kubernetes nodes, must be specified.
145 cluster_ip: 10.8.8.13
146
147 # This is group of hosts which are/will be part of Kubernetes cluster.
148 kubernetes:
Michal Zeganf9ef0c12019-06-25 11:05:05 +0200149 children:
150 # This is a group of hosts containing kubernetes worker nodes.
151 kubernetes-node:
152 hosts:
153 kubernetes-node-1:
154 ansible_host: 10.8.8.19
155 #ip of the node that it uses for communication with k8s cluster.
156 cluster_ip: 10.8.8.19
Petr Ospalýbe81ab02019-02-14 21:30:31 +0100157
Michal Zeganf9ef0c12019-06-25 11:05:05 +0200158 # Group of hosts containing etcd cluster nodes.
159 # Defaults to infra.
160 kubernetes-etcd:
161 hosts:
162 infrastructure-server
163
164 # This is a group of hosts that are to be used as kubernetes control plane nodes.
165 # This means they host kubernetes api server, controller manager and scheduler.
166 # This example uses infra for this purpose, however note that any
167 # other host could be used including kubernetes nodes.
168 # cluster_ip needs to be set for hosts used as control planes.
169 kubernetes-control-plane:
170 hosts:
171 infrastructure-server
Bartek Grzybowskicf6797c2019-05-22 14:53:31 +0200172
Petr Ospalýbe81ab02019-02-14 21:30:31 +0100173 nfs-server:
174 hosts:
175 kubernetes-node-1
176
177There is some ssh configuration under the ``'vars'`` section - we will deal with ssh setup a little bit later in the `SSH authentication`_.
178
179We need to first correct the ip addresses and add a couple of kubernetes nodes to match our four-node cluster:
180
181- Under the ``'resource-host'`` set the ``'ansible_host'`` address to the ip of your server, where the packages are stored - it must be reachable by ssh from the *install-server* (for ansible to run playbooks on it) **AND** *infra-node* (to extract resource data from *resource-host* to *infra-node* over ssh). In our scenario the *resource-host* is the same as the *install-server*: ``'10.8.8.4'``
182- Similarly, set the ``'ansible_host'`` to the address of the *infra-node* under the ``'infrastructure-server'``.
183- Copy the whole ``'kubernetes-node-1'`` subsection and paste it twice directly after. Change the numbers to ``'kubernetes-node-2'`` and ``'kubernetes-node-3'`` respectively and fix the addresses in the ``'ansible_host'`` variables again to match *kube-node1*, *kube-node2* and *kube-node3*.
184
185As you can see, there is another ``'cluster_ip'`` variable for each node - this serve as a designated node address in the kubernetes cluster. Make it the same as the respective ``'ansible_host'``.
186
187**NOTE:** In our simple setup we have only one interface per node, but that does not need to be a case for some other deployment - especially if we start to deal with a production usage. Basically, an ``'ansible_host'`` is an entry point for the *install-server's* ansible (*offline-installer*), but the kubernetes cluster can be communicating on a separate network to which *install-server* has no access. That is why we have this distinctive variable, so we can tell the installer that there is a different network, where we want to run the kubernetes traffic and what address each node has on such a network.
188
189After all the changes, the ``'hosts.yml'`` should look similar to this::
190
191 ---
192 # This group contains hosts with all resources (binaries, packages, etc.)
193 # in tarball.
194 all:
195 vars:
196 # this key is supposed to be generated during setup.yml playbook execution
197 # change it just when you have better one working for all nodes
198 ansible_ssh_private_key_file: /root/.ssh/offline_ssh_key
199 ansible_ssh_common_args: '-o StrictHostKeyChecking=no'
200
201 children:
202 resources:
203 hosts:
204 resource-host:
205 ansible_host: 10.8.8.4
206
207 # This is group of hosts where nexus, nginx, dns and all other required
208 # services are running.
209 infrastructure:
210 hosts:
211 infrastructure-server:
Denis Kasanica7702f22019-11-14 12:35:46 +0100212 ansible_host: 10.8.8.100
Petr Ospalýbe81ab02019-02-14 21:30:31 +0100213 #IP used for communication between infra and kubernetes nodes, must be specified.
214 cluster_ip: 10.8.8.100
215
216 # This is group of hosts which are/will be part of Kubernetes cluster.
217 kubernetes:
Michal Zeganf9ef0c12019-06-25 11:05:05 +0200218 children:
219 # This is a group of hosts containing kubernetes worker nodes.
220 kubernetes-node:
221 hosts:
222 kubernetes-node-1:
223 ansible_host: 10.8.8.101
224 #ip of the node that it uses for communication with k8s cluster.
225 cluster_ip: 10.8.8.101
226 kubernetes-node-2:
227 ansible_host: 10.8.8.102
228 #ip of the node that it uses for communication with k8s cluster.
229 cluster_ip: 10.8.8.102
230 kubernetes-node-3:
231 ansible_host: 10.8.8.103
232 #ip of the node that it uses for communication with k8s cluster.
233 cluster_ip: 10.8.8.103
Petr Ospalýbe81ab02019-02-14 21:30:31 +0100234
Michal Zeganf9ef0c12019-06-25 11:05:05 +0200235 # Group of hosts containing etcd cluster nodes.
236 # Defaults to infra.
237 kubernetes-etcd:
238 hosts:
239 infrastructure-server
240
241 # This is a group of hosts that are to be used as kubernetes control plane nodes.
242 # This means they host kubernetes api server, controller manager and scheduler.
243 # This example uses infra for this purpose, however note that any
244 # other host could be used including kubernetes nodes.
245 # cluster_ip needs to be set for hosts used as control planes.
246 kubernetes-control-plane:
247 hosts:
248 infrastructure-server
Bartek Grzybowskicf6797c2019-05-22 14:53:31 +0200249
Petr Ospalýbe81ab02019-02-14 21:30:31 +0100250 nfs-server:
251 hosts:
252 kubernetes-node-1
253
Petr Ospalýbe81ab02019-02-14 21:30:31 +0100254application_configuration.yml
255~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
256
257Here, we will be interested in the following variables:
258
259- ``resources_dir``
260- ``resources_filename``
261- ``aux_resources_filename``
262- ``app_data_path``
263- ``aux_data_path``
264- ``app_name``
Bartek Grzybowski30b2cbf2019-03-26 16:10:10 +0100265- ``timesync``
Petr Ospalýbe81ab02019-02-14 21:30:31 +0100266
267``'resource_dir'``, ``'resources_filename'`` and ``'aux_resources_filename'`` must correspond to the file paths on the *resource-host* (variable ``'resource_host'``), which is in our case the *install-server*.
268
Michal Ptacek26278df2019-07-09 10:46:26 +0000269The ``'resource_dir'`` should be set to ``'/data'``, ``'resources_filename'`` to ``'resources_package.tar'`` and ``'aux_resources_filename'`` to ``'aux_package.tar'``. The values should be the same as are in the `Installer packages`_ section.
Petr Ospalýbe81ab02019-02-14 21:30:31 +0100270
Michal Ptacek26278df2019-07-09 10:46:26 +0000271``'app_data_path'`` is the absolute path on the *infra-node* to where the package ``'resources_package.tar'`` will be extracted and similarly ``'aux_data_path'`` is another absolute path for ``'aux_package.tar'``. Both the paths are fully arbitrary, but they should point to the filesystem with enough space - the storage requirement in `Overview table of the kubernetes cluster`_.
Petr Ospalýbe81ab02019-02-14 21:30:31 +0100272
273**NOTE:** As we mentioned in `Installer packages`_ - the auxiliary package is not mandatory and we will not utilize it in here either.
274
Bartek Grzybowski30b2cbf2019-03-26 16:10:10 +0100275The ``'app_name'`` variable should be short and descriptive. We will set it simply to: ``onap``.
Petr Ospalýbe81ab02019-02-14 21:30:31 +0100276
Bartek Grzybowski30b2cbf2019-03-26 16:10:10 +0100277The ``'timesync'`` variable is optional and controls synchronisation of the system clock on hosts. It should be configured only if a custom NTP server is available and needed. Such a time authority should be on a host reachable from all installation nodes. If this setting is not provided then the default behavior is to setup NTP daemon on infra-node and sync all kube-nodes' time with it.
278
279If you wish to provide your own NTP servers configure their IPs as follows::
280
281 timesync:
282 servers:
283 - <ip address of NTP_1>
284 - <...>
285 - <ip address of NTP_N>
286
287Another time adjustment related variables are ``'timesync.slewclock'`` and ``'timesync.timezone'`` .
288First one can have value of ``'true'`` or ``'false'`` (default). It controls whether (in case of big time difference compared to server) time should be adjusted gradually by slowing down or speeding up the clock as required (``'true'``) or in one step (``'false'``)::
289
290 timesync:
291 slewclock: true
292
293Second one controls time zone setting on host. It's value should be time zone name according to tz database names with ``'Universal'`` being the default one::
294
295 timesync.
296 timezone: UTC
297
298``'timesync.servers'``, ``'timesync.slewclock'`` and ``'timesync.timezone'`` settings can be used independently.
299
300Final configuration can resemble the following::
Petr Ospalýbe81ab02019-02-14 21:30:31 +0100301
302 resources_dir: /data
Denis Kasanica7702f22019-11-14 12:35:46 +0100303 resources_filename: resources_package.tar
Petr Ospalýbe81ab02019-02-14 21:30:31 +0100304 app_data_path: /opt/onap
305 app_name: onap
Bartek Grzybowski30b2cbf2019-03-26 16:10:10 +0100306 timesync:
307 servers:
308 - 192.168.0.1
309 - 192.168.0.2
310 slewclock: true
311 timezone: UTC
Petr Ospalýbe81ab02019-02-14 21:30:31 +0100312
Michal Zegana579c982019-04-02 15:33:30 +0200313Helm chart value overrides
314^^^^^^^^^^^^^^^^^^^^^^^^^^
315
Tomáš Levora2a355bb2019-10-10 14:04:08 +0200316In El Alto OOM charts are coming with all ONAP components disabled, this setting is also prepackaged within our sw_package.tar. Luckily there are multiple ways supported how to override this setting. It's also necessary for setting-up VIM specific entries and basically to configure any stuff with non default values.
Michal Ptacek26278df2019-07-09 10:46:26 +0000317
318First option is to use ``overrides`` key in ``application_configuration.yml``.
Michal Zegana579c982019-04-02 15:33:30 +0200319These settings will override helm values originally stored in ``values.yaml`` files in helm chart directories.
320
321For example, the following lines could be appended to ``application_configuration.yml`` to set up managed openstack credentials for onap's so component::
322
323 overrides:
324 so:
325 config:
326 openStackUserName: "os_user"
327 openStackRegion: "region_name"
328 openStackKeyStoneUrl: "keystone_url"
329 openStackEncryptedPasswordHere: "encrypted_password"
330
Michal Ptacek26278df2019-07-09 10:46:26 +0000331In addition or alternatively to that one can configure ``helm_override_files`` key, which is new feature implemented in Change-Id: I8b8ded38b39aa9a75e55fc63fa0e11b986556cb8.
332
Petr Ospalýbe81ab02019-02-14 21:30:31 +0100333SSH authentication
334~~~~~~~~~~~~~~~~~~
335
336We are almost finished with the configuration and we are close to start the installation, but we need to setup password-less login from *install-server* to the nodes.
337
338You can use the ansible playbook ``'setup.yml'`` like this::
339
Denis Kasanica7702f22019-11-14 12:35:46 +0100340 $ ./run_playbook.sh -i inventory/hosts.yml setup.yml -u root --ask-pass
Petr Ospalýbe81ab02019-02-14 21:30:31 +0100341
342You will be asked for password per each node and the playbook will generate a unprotected ssh key-pair ``'~/.ssh/offline_ssh_key'``, which will be distributed to the nodes.
343
344Another option is to generate a ssh key-pair manually. We strongly advise you to protect it with a passphrase, but for simplicity we will showcase generating of a private key without any such protection::
345
346 $ ssh-keygen -N "" -f ~/.ssh/identity
347
348The next step will be to distribute the public key to these nodes and from that point no password is needed::
349
350 $ for ip in 100 101 102 103 ; do ssh-copy-id -i ~/.ssh/identity.pub root@10.8.8.${ip} ; done
351
352This command behaves almost identically to the ``'setup.yml'`` playbook.
353
354If you generated the ssh key manually then you can now run the ``'setup.yml'`` playbook like this and achieve the same result as in the first execution::
355
Denis Kasanica7702f22019-11-14 12:35:46 +0100356 $ ./run_playbook.sh -i inventory/hosts.yml setup.yml
Petr Ospalýbe81ab02019-02-14 21:30:31 +0100357
358This time it should not ask you for any password - of course this is very redundant, because you just distributed two ssh keys for no good reason.
359
360We can finally edit and finish the configuration of the ``'hosts.yml'``:
361
362- if you used the ``'setup.yml'`` playbook then you can just leave this line as it is::
363
364 ansible_ssh_private_key_file: /root/.ssh/offline_ssh_key
365
366- if you created a ssh key manually then change it like this::
367
368 ansible_ssh_private_key_file: /root/.ssh/identity
369
370-----
371
Petr Ospalýbe81ab02019-02-14 21:30:31 +0100372Part 3. Installation
373--------------------
374
375We should have the configuration complete and be ready to start the installation. The installation is done via ansible playbooks, which are run either inside a **chroot** environment (default) or from the **docker** container. If for some reason you want to run playbooks from the docker instead of chroot then you cannot use *infra-node* or any other *kube-node* as the *install-server* - otherwise you risk that installation will fail due to restarting of the docker service.
376
377If you built your ``'sw'`` package well then there should be the file ``'ansible_chroot.tgz'`` inside the ``'docker'`` directory. If not then you must create it - to learn how to do that and to get more info about the scripts dealing with docker and chroot, go to `Appendix 1. Ansible execution/bootstrap`_
378
379We will use the default chroot option so we don't need any docker service to be running.
380
381Installation is actually very straightforward now::
382
Denis Kasanica7702f22019-11-14 12:35:46 +0100383 $ ./run_playbook.sh -i inventory/hosts.yml -e @application/application_configuration.yml site.yml
Petr Ospalýbe81ab02019-02-14 21:30:31 +0100384
385This will take a while so be patient.
386
387``'site.yml'`` playbook actually runs in the order the following playbooks:
388
389- ``upload_resources.yml``
390- ``infrastructure.yml``
Bartek Grzybowskicf6797c2019-05-22 14:53:31 +0200391- ``rke.yml``
Petr Ospalýbe81ab02019-02-14 21:30:31 +0100392- ``application.yml``
393
Michal Ptacekc424cff2019-03-06 16:25:43 +0000394----
395
Bartek Grzybowski32bf2fb2019-05-30 11:52:40 +0200396Part 4. Post-installation and troubleshooting
397---------------------------------------------
Michal Ptacekc424cff2019-03-06 16:25:43 +0000398
Bartek Grzybowski32bf2fb2019-05-30 11:52:40 +0200399After all of the playbooks are run successfully, it will still take a lot of time until all pods are up and running. You can monitor your newly created kubernetes cluster for example like this::
Petr Ospalýbe81ab02019-02-14 21:30:31 +0100400
Denis Kasanica7702f22019-11-14 12:35:46 +0100401 $ ssh -i ~/.ssh/offline_ssh_key root@10.8.8.100 # tailor this command to connect to your infra-node
Petr Ospalýbe81ab02019-02-14 21:30:31 +0100402 $ watch -d -n 5 'kubectl get pods --all-namespaces'
403
Bartek Grzybowski32bf2fb2019-05-30 11:52:40 +0200404Alternatively you can monitor progress with ``helm_deployment_status.py`` script located in offline-installer directory. Transfer it to infra-node and run::
Milan Verespej1a230472019-03-20 13:51:40 +0100405
406 $ python helm_deployment_status.py -n <namespace_name> # namespace defaults to onap
407
Bartek Grzybowski32bf2fb2019-05-30 11:52:40 +0200408To automatically verify functionality with healthchecks after deployment becomes ready or after timeout period expires, append ``-hp`` switch followed by the full path to the healthcheck script and ``--health-mode`` optional switch with appropriate mode supported by that script (``health`` by default, ``--help`` displays available modes)::
Milan Verespej1a230472019-03-20 13:51:40 +0100409
Bartek Grzybowski32bf2fb2019-05-30 11:52:40 +0200410 $ python helm_deployment_status.py -hp <app_data_path>/<app_name>/helm_charts/robot/ete-k8s.sh --health-mode <healthcheck mode>
Milan Verespej1a230472019-03-20 13:51:40 +0100411
Bartek Grzybowski32bf2fb2019-05-30 11:52:40 +0200412It is strongly recommended to tailor ``helm_deployment_status.py`` to your needs since default values might not be what you'd expect. The defaults can be displayed with ``--help`` switch.
Michal Ptacekc424cff2019-03-06 16:25:43 +0000413
414Final result of installation varies based on number of k8s nodes used and distribution of pods. In some dev envs we quite frequently hit problems with not all pods properly deployed. In successful deployments all jobs should be in successful state.
415This can be verified using ::
416
417 $ kubectl get jobs -n <namespace>
418
419If some of the job is hanging in some wrong end-state like ``'BackoffLimitExceeded'`` manual intervention is required to heal this and make also dependent jobs passing. More details about particular job state can be obtained using ::
420
421 $ kubectl describe job -n <namespace> <job_name>
422
423If manual intervention is required, one can remove failing job and retry helm install command directly, which will not launch full deployment but rather check current state of the system and rebuild parts which are not up & running. Exact commands are as follows ::
424
425 $ kubectl delete job -n <namespace> <job_name>
426 $ helm deploy <env_name> <helm_chart_name> --namespace <namespace_name>
427
428 E.g. helm deploy dev local/onap --namespace onap
429
430Once all pods are properly deployed and in running state, one can verify functionality e.g. by running onap healthchecks ::
431
432 $ cd <app_data_path>/<app_name>/helm_charts/robot
433 $ ./ete-k8s.sh onap health
434
Jan Benedikt1b3915e2019-11-13 04:13:34 -0500435For better work with terminal screen and jq packages were added . It can be installed from resources directory.
436
437Screen is a terminal multiplexer. With screen it is possible to have more terminal instances active. Screen as well keeps active SSH connections even terminal is closed.
438
439Jq can be used for editing json data format as output of kubectl. For example jq was used to troubleshoot `SDNC-739 (UEB - Listener in Crashloopback) <https://jira.onap.org/browse/SDNC-739/>`_ ::
440
441 $ kubectl -n onap get job onap-sdc-sdc-be-config-backend -o json | jq "del(.spec.selector)" | jq "del(.spec.template.metadata.labels)" | kubectl -n onap replace --force -f -
Michal Ptacekc424cff2019-03-06 16:25:43 +0000442
Petr Ospalýbe81ab02019-02-14 21:30:31 +0100443-----
444
Petr Ospalýbe81ab02019-02-14 21:30:31 +0100445Appendix 1. Ansible execution/bootstrap
446---------------------------------------
447
448There are two ways how to easily run the installer's ansible playbooks:
449
450- If you already have or can install a docker then you can build the provided ``'Dockerfile'`` for the ansible and run playbooks in the docker container.
451- Another way to deploy ansible is via chroot environment which is bundled together within this directory.
452
453(Re)build docker image and/or chroot archive
454~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
455
456Inside the ``'docker'`` directory is the ``'Dockerfile'`` and ``'build_ansible_image.sh'`` script. You can run ``'build_ansible_image.sh'`` script on some machine with the internet connectivity and it will download all required packages needed for building the ansible docker image and for exporting it into a flat chroot environment.
457
458Built image is exported into ``'ansible_chroot.tgz'`` archive in the same (``'docker'``) directory.
459
460This script has two optional arguments:
461
462#. ansible version
463#. docker image name
464
465**Note:** if optional arguments are not used, docker image name will be set to ``'ansible'`` by default.
466
467Launching ansible playbook using chroot environment
468~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
469
470This is the default and preferred way of running ansible playbooks in an offline environment as there is no dependency on docker to be installed on the system. Chroot environment is already provided by included archive ``'ansible_chroot.tgz'``.
471
472It should be available in the ``'docker'`` directory as the end-result of the packaging script or after manual run of the ``'build_ansible_image.sh'`` script referenced above.
473
474All playbooks can be executed via ``'./run_playbook.sh'`` wrapper script.
475
476To get more info about the way how the ``'./run_playbook.sh'`` wrapper script should be used, run::
477
478 $ ./run_playbook.sh
479
480The main purpose of this wrapper script is to provide the ansible framework to a machine where it was bootstrapped without need of installing additional packages. The user can run this to display ``'ansible-playbook'`` command help::
481
482 $ ./run_playbook.sh --help
483
484Developers notes
485~~~~~~~~~~~~~~~~
486
487* There are two scripts which work in tandem for creating and running chroot
488* First one can convert docker image into chroot directory
489* Second script will automate chrooting (necessary steps for chroot to work and cleanup)
490* Both of them have help - just run::
491
492 $ cd docker
493 $ ./create_docker_chroot.sh help
494 $ ./run_chroot.sh help
495
496Example usage::
497
498 $ sudo su
499 $ docker/create_docker_chroot.sh convert some_docker_image ./new_name_for_chroot
500 $ cat ./new_name_for_chroot/README.md
501 $ docker/run_chroot.sh execute ./new_name_for_chroot cat /etc/os-release 2>/dev/null
502
503Launching ansible playbook using docker container (ALTERNATIVE APPROACH)
504~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
505
506This option is here just to keep support for the older method which relies on a running docker service. For the offline deployment use the chroot option as indicated above.
507
508You will not need ``'ansible_chroot.tgz'`` archive anymore, but the new requirement is a prebuilt docker image of ansible (based on the provided ``'Dockerfile'``). It should be available in your local docker repository (otherwise the default name ``'ansible'`` may fetch unwanted image from default registry!).
509
510To trigger this functionality and to run ``'ansible-playbook'`` inside a docker container instead of the chroot environment, you must first set the ``ANSIBLE_DOCKER_IMAGE`` variable. The value must be a name of the built ansible docker image.
511
512Usage is basically the same as with the default chroot way - the only difference is the existence of the environment variable::
513
514 $ ANSIBLE_DOCKER_IMAGE=ansible ./run_playbook.sh --help
515
516-----
517
518.. _Build Guide: ./BuildGuide.rst
Bartek Grzybowski553a9202021-03-23 15:09:11 +0100519.. _Software requirements: https://docs.onap.org/projects/onap-oom/en/latest/oom_cloud_setup_guide.html#software-requirements
520.. _Hardware requirements: https://docs.onap.org/projects/onap-oom/en/latest/oom_cloud_setup_guide.html#minimum-hardware-configuration
Bartek Grzybowski2936ef12021-03-23 14:15:33 +0100521.. _OOM ONAP: https://docs.onap.org/projects/onap-oom/en/latest/index.html
522.. _Offline installer: https://gerrit.onap.org/r/q/oom/offline-installer
Bartek Grzybowski553a9202021-03-23 15:09:11 +0100523.. _RKE: https://rancher.com/products/rke/