openstack/openstack-helm
Code Issues Proposed changes
dbe7b30748
openstack-helm/doc/source/install/common-requirements.rst
Gage Hugo 13b0a3ffd9 Update proxy documentation for AIO 
This change adds in information about overriding the dns entries
that can end up overwriting the existing ones in resolv.conf
and resulting in a lack of network connectivity when deploying
AIO behind a proxy.

Change-Id: I9faab36a114e28fe8f4c312e7cd64a582333033b
2019-12-12 13:32:36 -06:00

2.5 KiB
Raw Blame History

Common Deployment Requirements

Passwordless Sudo

Throughout this guide the assumption is that the user is: ubuntu. Because this user has to execute root level commands remotely to other nodes, it is advised to add the following lines to /etc/sudoers for each node:

root    ALL=(ALL) NOPASSWD: ALL
ubuntu  ALL=(ALL) NOPASSWD: ALL

Latest Version Installs

On the host or master node, install the latest versions of Git, CA Certs & Make if necessary

../../../tools/deployment/developer/common/000-install-packages.sh

Proxy Configuration

Note

This guide assumes that users wishing to deploy behind a proxy have already defined the conventional proxy environment variables http_proxy, https_proxy, and no_proxy.

In order to deploy OpenStack-Helm behind corporate proxy servers, add the following entries to openstack-helm-infra/tools/gate/devel/local-vars.yaml.

proxy:
  http: http://username:password@host:port
  https: https://username:password@host:port
  noproxy: 127.0.0.1,localhost,172.17.0.1,.svc.cluster.local

Note

The .svc.cluster.local address is required to allow the OpenStack client to communicate without being routed through proxy servers. The IP address 172.17.0.1 is the advertised IP address for the Kubernetes API server. Replace the addresses if your configuration does not match the one defined above.

Add the address of the Kubernetes API, 172.17.0.1, and .svc.cluster.local to your no_proxy and NO_PROXY environment variables.

export no_proxy=${no_proxy},172.17.0.1,.svc.cluster.local
export NO_PROXY=${NO_PROXY},172.17.0.1,.svc.cluster.local

By default, this installation will use Google DNS Server IPs (8.8.8.8, 8.8.4.4) and will update resolv.conf as a result. If those IPs are blocked by the proxy, this will overwrite the original DNS entries and result in the inability to connect to anything on the network behind the proxy. These DNS nameserver entries can be changed by updating the external_dns_nameservers entry in this file:

openstack-helm-infra/tools/images/kubeadm-aio/assets/opt/playbooks/vars.yaml

It is recommended to add your own existing DNS nameserver entries to avoid losing connection.