# Deploying HPE Ezmeral Container Platform
This section gives an overview of deploying HPE Ezmeral Container Platform on RHEL 7.7.
Figure 9 outlines the deployment steps.
Figure 9. Deployment steps
# Prerequisites
# Configuring requirements
This section provides instructions to utilize the Ansible automation script to configure essential requirements on RHEL 7.7 hosts for HPE Ezmeral Container Platform installation.
# Overview
The automation script configures the following on the hosts on which HPE Ezmeral Container Platform is to be installed:
Register the host to Red Hat Subscription Manager (RHSM) if not already registered.
Enable the following repos:
rhel-7-server-optional-rpms
rhel-7-server-extras-rpms
rhel-ha-for-rhel-7-server-rpms
Set the RHEL OS release to 7.7 and perform an update.
The behavior of yum plugin is set to notifications only in the /etc/yum/pluginconf.d/search-disabled-repos.conf file.
Disable firewall and set SELinux to permissive mode.
The ARP settings in the /etc/sysctl.conf file for arp_announce and arp_ignore is set to zero to facilitate the use of local target IP address configured on any interface and reply for any local target IP address configured on any interface.
The SSHD service allows the Controller host to communicate directly with Worker hosts via password-less SSH when adding the Worker hosts to the HPE Ezmeral Container Platform deployment. This script updates the following fields in /etc/ssh/sshd_config file:
PubkeyAuthentication=yes
AuthorizedKeysFile=.ssh/authorized_keys
PermitRootLogin=yes
Download yum repos - bluedata-bdmgmt-.el7 bluedata-troubleshoot-.el7 bluedata-webui-.el7 bluedata-datatap-.el7 bluedata-bdconfig-.el7 openvswitch-2.5.2-1.el7 yum-utils sos python-requests python-requests-kerberos python-argparse python-boto python-urllib3 policycoreutils-python python-dateutil ceph-common httpd mod_ssl mod_wsgi django chrony bind-utils bc lvm2 parted autofs rpcbind libcgroup-tools psmisc nfs-utils python-ipaddr python-iniparse patch curl wget openssh-clients python-setuptools createrepo openldap-clients docker selinux-policy python-devel python-cffi python-virtualenv python-dateutil libxml2-devel libxslt-devel openssl-devel device-mapper-persistent-data dnsmasq haproxy socat
Reboot the server after all the above tasks are completed.
For more information on configuration requirements for HPE Ezmeral Container Platform nodes, see http://docs.bluedata.com/50_operating-system-requirements and http://docs.bluedata.com/50_configuration-requirements.
Prerequisites
Python 3 and Ansible environment is enabled as listed in Installer machine section of deployment guide.
Passwordless SSH is configured to target hosts from the installer machine.
NOTE
To generate an SSH key pair of specific algorithm or specific key size as per user requirements, use the following command.
> ssh-keygen -t <algorithm> -b <keysize>
# Installation
Use the following command to change the current working directory to "prepare_hpecp_hosts."
> cd BASE_DIR/prepare_hpecp_hostsNOTE
BASE_DIR is defined and set in Installer machine section within this document.
Update the input file host and provide the IP address of the hosts which needs to be configured with the prerequisites for HPE Ezmeral Container Platform installation.
> vi hostsExample values for the hosts file is as follows.
[hpecp_nodes] # HPECP controller nodes 20.0.x.x 20.0.x.x 20.0.x.x # HPECP gateway nodes 20.0.x.x 20.0.x.x # HPECP worker nodes 20.0.x.x 20.0.x.x 20.0.x.x 20.0.x.x 20.0.x.x 20.0.x.xUse the following command to update the secret.yml ansible vault file to provide the Red Hat Subscription Manager credentials.
> ansible-vault edit secret.ymlThe default password for the ansible vault file secret.yml is changeme.
Example values for the secret.yml file is as follows.
rhsub_password: "<redhat_subscription_manager_password>" rhsub_username: "<redhat_subscription_manager_username>"Use the following command to execute the playbook.
> ansible-playbook -i hosts prepare_host.yml --ask-vault-pass
# Setup SSH passwordless login
HPE Ezmeral Container Platform controller uses passwordless SSH login to communicate with other nodes in the platform for configuration and setup. Execute the following command on the primary controller to generate a new 4096 bits SSH key pair. Copy the key to all other nodes in the platform. Add the public key to the list of authorized keys on the primary controller.
> ssh-keygen -t rsa -b 4096 > ssh-copy-id <root@hcp01.hcp.local> > cat id_rsa.pub >> /root/.ssh/authorized_keys.
The instruction assumes that the hosts are configured with SSH passwordless access.
NOTE
Ensure internet connectivity is available on all the nodes participating in the HPE Ezmeral Container Platform cluster.
# Setup proxy for Docker (optional)
Docker needs to be able to pull images from the internet. Perform these steps even before Docker (and therefore HPE Ezmeral Container Platform) to be installed on your system. To do this, perform the following steps.
Use the following command to create a Docker service directory if it does not exist.
> mkdir -p /etc/systemd/system/docker.service.dSet up docker-proxy.conf.
For RHEL 7.7
> cat > /etc/systemd/system/docker.service.d/docker-proxy.conf <<EOF [Service] Environment="HTTP_PROXY=$http_proxy" Environment="HTTPS_PROXY=$https_proxy" Environment="NO_PROXY=$no_proxy" EOF>>After you install HPE Ezmeral Container Platform, Docker will get installed and it will pick up the Docker proxy configuration. However, if you set-up docker-proxy.conf after the HPE Ezmeral Container Platform is installed, then, you must restart Docker service to enable the Docker proxy setting.
Execute the following commands to restart the Docker.
> systemctl daemon-reload > systemctl restart dockerFor more details on configuring docker to use a proxy server, see https://docs.docker.com/network/proxy/
# Installing HPE Ezmeral Container Platform controller
Installation of HPE Ezmeral Container Platform controller is a phase by phase approach and is described as follows.
# Phase 1 -- Download the bundle
Download the bundle. For more instructions on how to download HPE Ezmeral Container Platform software bundle, see Using the Bundle Download Script.
# Phase 2 - Perform precheck
The HPE Ezmeral Container Platform precheck script performs a series of checks on the Controller host to determine whether it is ready to accept the installation of HPE Ezmeral Container Platform. For more information, see Using the Pre-Check Script.
# Adding an SSL Certificate
If you want to access the HPE Ezmeral Container Platform interface using Secure Socket Layer (https://), then you will need to add an SSL certificate on the machine that will become the Controller host before running the Container Station precheck. If you do this, ensure to record the location and name of the certificate. Ensure to use the --ssl-cert and ssl-priv-key options while running the precheck script.
# Phase 3 - Install HPE Ezmeral Container Platform
To manually install the HPE Ezmeral Container Platform on the Controller host, do the following:
Login to the host that you will be using as the Controller host. Use either the root account and password or your assigned username and password to do so.
If needed, copy the HPE Ezmeral Container Platform Enterprise binary (.bin) to the host that you will use as the Controller host.
Make the .bin file executable by executing the command chmod a+x bluedata-epic-entdoc-<os>-<flavor>-release-<version>-<build>.bin
> chmod a+x bluedata-epic-entdoc-minimal-release-5.0-3006.binRun the executable binary from the Linux console as the assigned user by typing ./<epic>.bin <options>, where <options> is a list of one or more option(s) that specify how the installer should configure HPE Ezmeral Container Platform. For more information, see Installer Options.
>./bluedata-epic-entdoc-minimal-release-5.0-3006.binThe installer checks the integrity of the HPE Ezmeral Container Platform bundle and then extracts the bundle contents.
The End User License Agreement (EULA) appears. After you have viewed the entire EULA, press [y] to accept it and continue installing HPE Ezmeral Container Platform.
HPE Ezmeral Container Platform installs on the Controller host. A series of messages appear during the installation. The following message appears after the installation is complete.
Successfully installed HPE Software
Please visit https://192.xx.1.50 to configure the server.
# Phase 4 - Complete the deployment
Use an available web browser to connect to the HPE Ezmeral Container Platform controller. Use the URL https://192.xx.1.50, and proceed by providing the necessary details such as installation name, Node storage disks and tenant storage disks, and so on. Figure 10 shows the configuration screen.
Figure 10. Configuration screen
NOTE
The IP address in Figures 10, 12, 15, 18, 20, and 21 are for representation purposes only. Update the IP details as per your installation requirement. Licensing for new HPE Ezmeral Container Platform deployment is enforced via the HPE licensing mechanism. All new HPE Container Platform will be shipped unlicensed. On the initial login, the HPE Ezmeral Container Platform will redirect you to the License tab of the Settings screen. For more information, see License Tab. The Controller host must always be installed without a license. However, licensing limits the number of Worker CPU cores that can be installed for the HPE Ezmeral Container Platform deployment. Adding a new worker host without sufficient available licensed cores will place that worker host in the unlicensed state.
# Phase 5 - Logging in to HPE Ezmeral Container Platform
Login to the HPE Ezmeral Container Platform. The default Username is "admin" and Password is "admin123". Figure 11 shows the login screen of HPE Ezmeral Container Platform.
Figure 11. Login screen of HPE Ezmeral Container Platform
For more details, see Launching and Logging In.
# Platform High Availability setup
The HPE Ezmeral Container Platform control plane supports platform-level high availability functionality that protects HPE Ezmeral Container Platform against the failure of the Controller host. Platform-level high availability requires designating two Worker hosts such as Shadow Controller and Arbiter, respectively. If the Controller host fails, then the HPE Ezmeral Container Platform will failover to the Shadow Controller host within two or three minutes approximately. A warning message "System is configured with HA. Cluster is currently in a degraded state. Click here to reload the page" will appear at the top of the HPE Ezmeral Container Platform screen. You may need to login back to HPE Ezmeral Container Platform if this occurs.
Each host in the HPE Ezmeral Container Platform deployment has its own IP address. If the Controller host fails, then attempting to access the Shadow Controller host using the same IP address will fail. Similarly, accessing the Shadow Controller host using that host's IP address will fail once the Controller host recovers. To avoid this problem, specify a cluster IP address that is bonded to the node, acting as the Controller host, and then login to HPE Ezmeral Container Platform using that cluster IP address. HPE Ezmeral Container Platform will automatically connect you to the Controller host (if HPE Ezmeral Container Platform runs normally) or to the Shadow Controller host with a warning message (if the Controller host has failed and triggered the high availability protection).
For more information, see http://docs.bluedata.com/50_high-availability.
# Add EPIC Hosts - Worker node
Login to HPE Ezmeral Container Platform web interface. Navigate to EPIC drop-down on the left pane. Click hosts and add worker hosts as shown in Figure 12. Figure 12 shows how to add worker hosts on the HPE Ezmeral Container Platform.
Figure 12. Adding worker hosts on HPE Ezmeral Container Platform
NOTE
The IP address in Figures 12, 15, 18, 20, and 21 are for representation only. Update the IP details as per your installation requirement.
Select the hard drives on the Worker host that will be used by HPE Ezmeral Container Platform.
Place HPE Ezmeral Container Platform in Lockdown mode. Figure 13 depicts shows how to put the HPE Ezmeral Container Platform in lockdown mode.
Figure 13. HPE Ezmeral Container Platform in lockdown mode
Install the host(s) as HPE Ezmeral Container Platform workers. For more information on HPE Ezmeral Container Platform workers, see [Step 6: Add the Host(s) as Worker(s)]. HPE Ezmeral Container Platform will validate the number of CPU cores in the host(s) that do not exceed the licensed maximum, before proceeding with the installation (and displaying the green Installing bar for the new host(s)). Figure 14 depicts the installation status after adding new host on HPE Ezmeral Container Platform.
Figure 14. Installation status after adding the new host on HPE Ezmeral Container Platform
Exit Lockdown mode, and then validate that the new worker has been correctly added and is functioning properly.
# Configure HA
Configuring high availability required the platform to be in site lock down mode.
After successfully adding worker hosts to the HPE Ezmeral Container Platform, go to GLOBAL SETTINGS drop-down. Click Controllers and select the Enable HA checkbox. Provide the Cluster IP, Cluster Name, Shadow Controller, and Arbiter Node. Click Submit. Figure 15 depicts how to enable HA of the controller on HPE Ezmeral Container Platform.
Figure 15. Enable HA checkbox of the controller
After successful configuration of HA, you will be asked to login to HPE Ezmeral Container Platform using the new cluster name. Figure 16 depicts the login to HPE Ezmeral Container Platform with the new cluster name.
Figure 16. Login to HPE Ezmeral Container Platform with the new cluster name
# Gateway Host
Login to HPE Ezmeral Container Platform web interface. Navigate to GLOBAL SETTINGS drop- down on the left pane. Click Gateway LB and add gateway server(s). Provide the IP List, Hostname, and Password. Click Add Gateway. Figure 17 depicts the addition of Gateway LB.
Figure 17. Addition of Gateway LB
Gateway server addition requires the HPE Ezmeral Container Platform to be in site lock down mode. So, enable site lockdown before the addition of Gateway LB. Ensure that you disable it after it is done. See Figure 13 for enabling site lockdown.
# Gateway host high availability
Add multiple gateway server(s) as Gateway LB as shown in Figure18 and map these Gateway host IP addresses to a single host name that adds redundancy for Gateway hosts. After this is done, then either the DNS server or an external load balancer will load-balance requests to the hostname among all the Gateway hosts on a round-robin basis. This ensures that there is no single point of failure for the Gateway host. Figure 18 depicts how to add Gateways and see their status.
Figure 18. Adding Gateway and their status
Gateway servers map the services running in virtual nodes or containers to ports and balance service load as described in [Gateway Hosts] and [Load Balancing].
To add one or more Gateway worker host(s) to your HPE Container Platform deployment, you must specify a hostname in the Hostname field. If you specify one hostname for more than one Gateway IP address, then either the DNS server or external load balancer will load-balance requests to the hostname among all the Gateway hosts on a round-robin basis. Example: If three Gateway hosts are sharing a hostname, then Users 1-3 will access virtual nodes via Hosts 1-3, respectively, User 4 will access virtual node using Host 1, and so on. You may add additional Gateway host(s) to an existing set at any time by specifying the IP address(es) of the Gateway host(s) you are adding and then enter an existing Gateway hostname. You can use Gateway hostnames in the following ways:
Configure the Gateway hostname in the corporate DNS server to resolve the IP address(es) of the Gateway host(s).
Configure an external load balancer with rules to point traffic to the IP address (es) of the Gateway host(s). HPE Ezmeral Container Platform does not validate these rules.
NOTE
Ensure that you disable Site lockdown mode at this point.