Planning and prerequisites for your Bare Metal Hosted Control Plane

As a prerequisite, gather networking information of the hosting cluster. Define and apply DHCP and DNS information, and configure host inventory settings.

Plan for the Bare Metal Hosted Control Plane:
  1. Choose your configuration.
  2. Gather networking information about IBM Fusion HCI System hosting cluster.
  3. Define the new networking information.
  4. Apply the networking information to the DNS and DHCP in your environment

Choose your configuration

There are two configurations of Bare Metal Hosted Control Plane cluster.
Internal
In the internal Bare Metal Hosted Control Plane, the servers that are used in the cluster are within the IBM Fusion HCI System. When the servers are internal to the IBM Fusion HCI System, much of the network information required is collected and present in the Custom Resources of the IBM Fusion HCI System.
External
In external Bare Metal Hosted Control Plane, the servers used in the cluster are external to the IBM Fusion HCI System. For external servers, you must gather the network information from your lab network administrator.

Connecting your external servers to IBM Fusion HCI System:

External servers must be connected to the IBM Fusion HCI System through a switch to allow connectivity. These servers can then be imported into Red Hat® Advanced Cluster Management for Kubernetes as part of a Host Inventory. For instructions to import and its usage in a Hosted Control Plane, see Deploying Bare Metal clusters with Fusion Data Foundation.

Networking prerequisites

Step 1: Gather network information

The networking information consists of the entries that the network administrator needs to add to the network. You need the following information about the host cluster:

Cluster wide information:
Note: The cluster name, sub domain, and domain are all for one hosted cluster. Create them for each of your hosted clusters.
Details Description Example values
Base Domain Cluster base domain you want to use for Hosted Control Plane cluster to be created mydomain.com
Cluster name Cluster name you want to use for HCP cluster to be created. fusion-bm
Sub Domain This is always <cluster name>.<base domain> fusion-bm.mydomain.com
Individual nodes in the cluster:
Entry Description Example values
BMC address This is value of field named ipv6ULA in the kickstart CM. Example for ipv6ULA - fd9c:316d:179e:c0de:a94:efff:fefe:2ec1
IMM USER/Password To get this value, search for secretName field in the kickstart config. Inside that secret, search for defaultUserName and defaultUserPasswrd fields for IMM user and Password respectively.  
Macaddress It is available in the kickstart config networkInterfaces, the bond0 macAddress. You need both Bare Metal primary and secondary interface Mac addresses. You can find the macaddress in the slot section that includes the first macaddress.

This guidance is for internal HCI managed nodes. Consult your network administrator for external bare metal nodes.

  
MTU This can be 9000 or 1500 based on base HCI rack Bare metal MTU used during installation. Find this value from field mtuCount in secret userconfig-secret in namespace ibm-spectrum-fusion-ns. 9000
Bare metal Primary interface’s first port’s Mac address This is the value of primary macaddress in kickstart config map for a given node where the interfaceType is baremetal. 08:c0:eb:d4:16:4e
Bare metal Primary interface’s second port’s Mac address This is the value of secondary macaddress in kickstart config map for given node where interfaceType is baremetal. 08:c0:eb:d4:16:4f
Bare metal Primary interface’s Mac address This is value of field networkInterfaces -> macAddress in kickstart config map for a given node where the interfaceType is baremetal. 08:c0:eb:d4:16:4e
Bare metal Primary interface’s (bond0) first port/interface name This is value of field networkInterfaces -> interfaceLeg1 in kickstart config map for a given node, where interfaceType is baremetal. ens3f0np0
Bare metal Primary interface’s (bond0) second port/interface name This is value of field networkInterfaces -> interfaceLeg2 in kickstart config map for given node, where interfaceType is baremetal.  

Example servers external to IBM Fusion HCI System:
Server BMC address of external Bare Metal node HCP Cluster name Switch bond0 info mac Address Type

sr650immru22

tc11-m04-ru22.mydomain.com		 fd8c:215d:178e:c0de:3a68:ddff:fe57:2e95 extbarehcp01m04

ens1f0np0 b8:3f:d2:3c:6d:60

ens1f1np1

b8:3f:d2:3c:6d:61		 b8:3f:d2:3c:6d:60 External
Example servers internal to IBM Fusion HCI System:
Server macaddress Example HCP Cluster name BMC address Type/ Label
compute-1-ru8 1070FDB8DF72 fusion-bm fd8c:215d:178e:c0de:a94:efff:fefd:e7e1 Compute

DHCP update for the cluster:

To ensure that the individual servers have an IP address that can be contacted by the Hosted Control Plane cluster, make an entry for each host that links its macaddress to an IP address that can be contacted by the IBM Fusion HCI System cluster. The macaddress can be found on the back of each physical server.

Example:
Server macaddress IP address
compute-1-ru8.fusion-bm.mydomain.com 10:70:FD:B8:DF:72 172.17.x.y

DNS update for Cluster:

Note: Add DNS entry of every host user who wants to create Bare Metal Hosted Control Plane cluster.
The DNS update table entries for each Hosted Control Plane cluster that links a lab provided Server IP address to the *.apps.NameofCluster.FQDN. This IP address is used to create a load balancer on the Hosted Control Plane cluster to allow ingress to that cluster.
Load balancer IP Entry for DNS FQDN Host Ingress Type HCP Clustername Domain name
1.23.45.910 *.apps.fusion-bm.mydomain.com compute-1-ru8.fusion-bm.mydomain.com loadbalancer fusion-bm mydomain.com
Server name Entry for DNS IP address
compute-1-ru8 compute-1-ru8.fusion-bm.mydomain.com 172.17.x.y
Step 2: Apply the networking information to the DNS and DHCP in your environment
After you gather hosting cluster information, apply the following in your environment (lab network environment):
  • DHCP update
  • DNS update for host
  • DNS updates for api and api-int

Red Hat Advanced Cluster Management for Kubernetes (ACM)

Step 1: Configure Host Inventory Settings

After the initial setup, configure the host inventory settings. For more information about the host inventory settings, see Red Hat documentation.

Step 2: Create your infrastructure environment
The next step is to create an infrastructure environment in Red Hat Advanced Cluster Management for Kubernetes (ACM) or using the Hosted Control Plane CLI. This infrastructure environment contains the list of Bare Metal hosts that you can select to create a Bare Metal Hosted Control Plane.
Important: Create one infrastructure environment per hosted control plane cluster. Each Hosted Control Plane can only add hosts from a single infrastructure.
  1. In the ACM user interface, go to Infrastructure > Host Inventory.
  2. Select Create infrastructure environment.
  3. On the Create infrastructure environment page, enter the following details:
    Name
    Name of the infrastructure. No specific name is required.
    Network type
    Select Static IP, Bridges, and Bonds.
    Location
    Location of hosts
    Labels
    Optional value.
    Pull Secret
    The pull secret must include the following:
    • cloud.openshift.com
    • cp.icr.io
    • quay.io
    • registry.connect.redhat.com
    • registry.redhat.io
    SSH public key
    Generate a private public ssh key pair from bastion host and specify public key in ssh field. It is optional but recommended.
Step 3: Import the hosts by using ACM
With the infrastructure environment created, the next steps are to boot individual servers with an ISO to import them into the host inventory.
Step 3.1: Create the NMStateConfig for each host
The NMStateConfig allows the server to be recognized by the IBM Fusion HCI System cluster. For additional information, see Red Hat documentation.
Note: What goes into NMStateConfig for internal is available through the CRs. For external, consult your network administrator.
Example: 
apiVersion: agent-install.openshift.io/v1beta1
kind: NMStateConfig
metadata:
  labels:
    infraenvs.agent-install.openshift.io: <same as infra name>
  name: <any unique name for host within infra for example fusion-bm-ru8>
  namespace: <same namespace as used for infra>
spec:
  config:
    interfaces:
    - ipv4:
        dhcp: true
        enabled: true
      ipv6:
        enabled: false
      link-aggregation:
        mode: 802.3ad
        options:
          lacp_rate: "1"
          miimon: "140"
          xmit_hash_policy: "1"
        ports:
        - <Bare metal Primary interface's first port/interface name>
        - <Bare metal Primary interface's second port/interface name>
      mac-address: <Bare metal Primary interface's first port's Mac address>
      mtu: <MTU value>
      name: bond0
      state: up
      type: bond
  interfaces:
    - macAddress: <Bare metal Primary interface's first port's Mac address>
      name: <Bare metal Primary interface's first port/interface name>
    - macAddress: <Bare metal Primary interface's second port's Mac address>
      name: <Bare metal Primary interface's second port/interface name>

The NMStateConfig is dependent on the network environment and must be created in consultation with your network administrators.

Fill the fields in the NMStateConfig.yaml based on the following guidance. These fields within the NMStateConfig are unique per host:
name
Unique name for each node
namespace
Namespace is the infraenv namespace.
labels
infraenvs.agent-install.openshift.io: infraNamespace. The infraNamespace must match the name of the infraenvironment into which the host is imported.
ports
The correct ports can be found in the kickstart configmap for the particular node to be imported to ACM. Within the kickstart config, there is a section “NetworkInterfaces”. Within this section, the interfaceName with “baremetal” has the name of the two interfaces interfaceLeg1 and interfaceLeg2. The values under interfaceLeg1 and interfaceLeg2 are the ports.

This guidance is for internal. Consult your network administrator for external.

ipaddress
It is the ipv4 address for that node or server.
interfaces > port: macaddress: and port: macaddress:
You can find these values in the kickstart configmap. Each port is an entry from the ports. The macaddress is for that port. The macaddress can be found in the kickstart configmap for the node by looking for the networkType port: baremetal. Map that macaddress to the networkCards: -slot-#: There will be one matching macaddress and one new one, use those in the NMStateConfig.yaml. Important: change any letters to lower case.

Example:

ens1f0np1: macaddress: macaddress can be found in the kickstart configmap for the node under networkCards: slot-1: macaddress:

This guidance is for internal. Consult your network administrator for external.

NMstate information is from the switch and for unmanaged servers, you need to provide the values:

After the NMStateConfig.yaml is created for a server. It must be added to IBM Fusion HCI System cluster with the following commands:

  1. Go to the infraenvnamespace namespace.
    oc project infraenvnamespace
  2. Apply the YAML.
    oc apply -f nmstate.yaml
Step 3.2: Download the discovery.iso
Use the wget command to download the discovery.iso to the service node or another jumpbox.
Note: Keep this ISO secure as you can use this to add a server to the cluster with sensitive information.

To get the retrieval command do the following:

  1. Log into the hub IBM Fusion HCI System cluster.
  2. In the ACM section, go to Infrastructure > Host inventory.
  3. In the infrastructure environment, select the infrastructure you intend to import the host into and select that infrastructure environment.
  4. Select Add Hosts > With Discovery ISO. There exists either a URL or a wget command. Use the command or URL to transfer the ISO to your jumpbox.
Step 3.4: Boot the host with the discovery.iso
This task requires you to log into the IMM, mount the ISO image, and reboot the server.
Note: For internal, go through the steps in this section. For external, go through the Red Hat documentation.
Mount the ISO on to the server through the IMM:
  1. Get the IPv6 from kickstart config for that server.
  2. Log in to the IMM.
  3. To get this value, search for secretName field in the kickstart config. Inside that secret, search for defaultUserName and defaultUserPasswrd fields for IMM user and Password respectively.
  4. Select Remote Console tab.
  5. In the Remote Console tab, select Launch remote console and Media.
  6. In the Media page, go to the Mount media from Client Browser section.
  7. Select the discovery.iso image and mount it.
  8. Select one virtual media to boot on the next restart.
  9. Select the mounted discovery.iso and restart immediately.
  10. Close windows and monitor that the remote console is showing the reboot.
Step 4: Accept the host into the ACM Inventory
After the server gets restarted with discovery.iso, accept the host into the host inventory.
  1. In the ACM user interface, go to Infrastructure > Host inventory.
  2. From the table, select the infrastructure environment where the host got imported.
    Note: In the hosts table, you can see the approve host after the server gets booted up completely. It can take 10-15 minutes. Verify the server before you accept. If the server name is not recognizable, then look at the details to confirm. You can change the host name but ensure it is unique.
  3. Accept the host into the inventory.
Step 5: Labeling hosts (optional for advanced config)
After you accept the hosts, add labels to them through the Agent CR. It can be useful to identify a specific cluster or nodepool.
To add the label, do the following steps:
  1. Log into the OpenShift console.
  2. Go to Administration > CustomResourceDefinitions.
  3. Search for Agent of type agent-install-openshift.io.
  4. In the instances, find the agent to modify the label.
  5. Edit the label of the agent to add a new label.
    Run the following command to label the agent:
    oc -n <hosted-cluster-namespace> label agent <agent-name> inventory.agent-install.openshift.io/<label-key>=<label-value>
    For example, If there exists an agent 0176c90f-1111-78cf-1dc6-8d987fe794b2 under namespace fusion-bm, then run the following command to apply the label: 
    oc -n fusion-bm label agent 0176c90f-1111-78cf-1dc6-8d987fe794b2 inventory.agent-install.openshift.io/hcp=hcp1
When you create the cluster, use these labels to filter or assign nodes to different node pools within the cluster.