13b0a3ffd9
This change adds in information about overriding the dns entries that can end up overwriting the existing ones in resolv.conf and resulting in a lack of network connectivity when deploying AIO behind a proxy. Change-Id: I9faab36a114e28fe8f4c312e7cd64a582333033b
71 lines
2.5 KiB
ReStructuredText
71 lines
2.5 KiB
ReStructuredText
==============================
|
|
Common Deployment Requirements
|
|
==============================
|
|
|
|
Passwordless Sudo
|
|
=================
|
|
|
|
Throughout this guide the assumption is that the user is:
|
|
``ubuntu``. Because this user has to execute root level commands
|
|
remotely to other nodes, it is advised to add the following lines
|
|
to ``/etc/sudoers`` for each node:
|
|
|
|
.. code-block:: shell
|
|
|
|
root ALL=(ALL) NOPASSWD: ALL
|
|
ubuntu ALL=(ALL) NOPASSWD: ALL
|
|
|
|
Latest Version Installs
|
|
=======================
|
|
|
|
On the host or master node, install the latest versions of Git, CA Certs & Make if necessary
|
|
|
|
.. literalinclude:: ../../../tools/deployment/developer/common/000-install-packages.sh
|
|
:language: shell
|
|
:lines: 1,17-
|
|
|
|
Proxy Configuration
|
|
===================
|
|
|
|
.. note:: This guide assumes that users wishing to deploy behind a proxy have already
|
|
defined the conventional proxy environment variables ``http_proxy``,
|
|
``https_proxy``, and ``no_proxy``.
|
|
|
|
In order to deploy OpenStack-Helm behind corporate proxy servers, add the
|
|
following entries to ``openstack-helm-infra/tools/gate/devel/local-vars.yaml``.
|
|
|
|
.. code-block:: yaml
|
|
|
|
proxy:
|
|
http: http://username:password@host:port
|
|
https: https://username:password@host:port
|
|
noproxy: 127.0.0.1,localhost,172.17.0.1,.svc.cluster.local
|
|
|
|
.. note:: The ``.svc.cluster.local`` address is required to allow the OpenStack
|
|
client to communicate without being routed through proxy servers. The IP
|
|
address ``172.17.0.1`` is the advertised IP address for the Kubernetes API
|
|
server. Replace the addresses if your configuration does not match the
|
|
one defined above.
|
|
|
|
Add the address of the Kubernetes API, ``172.17.0.1``, and
|
|
``.svc.cluster.local`` to your ``no_proxy`` and ``NO_PROXY`` environment
|
|
variables.
|
|
|
|
.. code-block:: bash
|
|
|
|
export no_proxy=${no_proxy},172.17.0.1,.svc.cluster.local
|
|
export NO_PROXY=${NO_PROXY},172.17.0.1,.svc.cluster.local
|
|
|
|
By default, this installation will use Google DNS Server IPs (8.8.8.8, 8.8.4.4)
|
|
and will update resolv.conf as a result. If those IPs are blocked by the proxy,
|
|
this will overwrite the original DNS entries and result in the inability to
|
|
connect to anything on the network behind the proxy. These DNS nameserver entries
|
|
can be changed by updating the ``external_dns_nameservers`` entry in this file:
|
|
|
|
.. code-block:: bash
|
|
|
|
openstack-helm-infra/tools/images/kubeadm-aio/assets/opt/playbooks/vars.yaml
|
|
|
|
It is recommended to add your own existing DNS nameserver entries to avoid
|
|
losing connection.
|