Worker nodes in OpenShift Container Platform 4.3 can run either CoreOS or Red Hat Enterprise Linux 7.6 or later. This section describes how to add a worker node that is running Red Hat Enterprise Linux 7.6 or later.
The prerequisites for adding a worker node are as follows:
The Red Hat Enterprise Linux worker node details are as follows:
To add the worker node, complete the following steps. Run the commands as user root in CSAH unless otherwise specified.
[root@csah ~]# subscription-manager repos --enable="rhel-7-server-extras-rpms" --enable="rhel-7-server-ose-4.3-rpms"
Repository 'rhel-7-server-ose-4.3-rpms' is enabled for this system.
Repository 'rhel-7-server-extras-rpms' is enabled for this system.
[root@csah ~]# yum install openshift-ansible openshift-clients
[root@csah ~]# cp /home/core/openshift/auth/kubeconfig /home/ansible/
[root@csah ~]# chown ansible:ansible /home/ansible/kubeconfig
Note: DNS files are located under the /var/named directory. The forward lookup file is example.com, and the reverse lookup file is 46.82.100.in-addr.arpa.
[root@csah named]# pwd
/var/named
[root@csah named]# cat example.com | grep worker-2
worker-2 IN A 100.82.46.26
worker-2 IN CNAME worker-2.example.com.
[root@csah named]# cat 46.82.100.in-addr.arpa | grep worker-2
26 IN PTR worker-2.example.com.
[root@csah named]# systemctl restart named
[root@csah named]# nslookup worker-2
Server: 100.82.46.20
Address: 100.82.46.20#53
Name: worker-2.example.com
Address: 100.82.46.26
[root@csah named]# nslookup worker-2.ocp.example.com
Server: 100.82.46.20
Address: 100.82.46.20#53
worker-2.ocp.example.com canonical name = worker-2.example.com.
Name: worker-2.example.com
Address: 100.82.46.26
[root@csah named]# nslookup 100.82.46.26
26.46.82.100.in-addr.arpa name = worker-2.example.com.
[ansible@csah ~]$ cat rhelworker
[all:vars]
ansible_user=ansible
ansible_become=True
openshift_kubeconfig_path="/home/ansible/kubeconfig"
[new_workers]
worker-2.example.com
Note: Run the commands in the remaining steps as user root in Red Hat Enterprise Linux worker node unless specified otherwise.
[root@worker-2 ~]# subscription-manager repos --enable="rhel-7-server-extras-rpms" –enable=”rhel-7-server-rpms” --enable="rhel-7-server-ose-4.3-rpms"
Repository 'rhel-7-server-extras-rpms' is enabled for this system.
Repository 'rhel-7-server-rpms' is enabled for this system.
Repository 'rhel-7-server-ose-4.3-rpms' is enabled for this system.
[root@worker-2 ~]# systemctl disable firewalld
Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@worker-2 ~]# systemctl stop firewalld
Note: Do not enable firewalld later. If you do, you cannot access OpenShift Container Platform logs on the worker node.
[root@worker-2 ~]# useradd ansible
[root@worker-2 ~]# visudo
root ALL=(ALL) ALL (This line already exists)
ansible ALL=(ALL) NOPASSWD: ALL
[ansible@worker-2 ~]$ mkdir .ssh
[ansible@worker-2 .ssh]$ vi authorized_keys
[ansible@worker-2 ~]$ chmod 700 .ssh/
[ansible@worker-2 ~]$ chmod 600 .ssh/authorized_keys
[ansible@csah ~]$ scp kubeconfig worker-2:~/
100% 17KB 44.4MB/s 00:00
Note: You are not prompted for a password because the authorized keys from CSAH have already been added.
As user ansible in CSAH node, you must list all existing nodes in the cluster and, in some cases, might receive the following error:
[ansible@csah tasks]$ oc get nodes --config=/home/ansible/.auth/kubeconfig
error: You must be logged in to the server (Unauthorized)
If you receive the login error when logging in as ansible, log in as kubeadmin:
[ansible@csah ~]$ oc login -u kubeadmin -p xxxxx-xxxxx-xxxxx-xxxxx
Login successful.
You have access to 53 projects, the list has been suppressed. You can list all projects with 'oc projects'
Using project "default".
[ansible@csah ~]$ cd /usr/share/ansible/openshift-ansible/
[ansible@csah openshift-ansible]$ ansible-playbook -i /home/ansible/rhelworker playbooks/scaleup.yml
The following figure shows the task summary and execution times:
Figure 12. Red Hat Enterprise Linux worker node Ansible task summary
backend http
balance roundrobin
mode tcp
server worker-0 100.82.46.24:80 check
server worker-1 100.82.46.25:80 check
server worker-2 100.82.46.26:80 check
backend https
balance roundrobin
mode tcp
server worker-0 100.82.46.24:443 check
server worker-1 100.82.46.25:443 check
server worker-2 100.82.46.26:443 check
The line server worker-2 is now in haproxy.cfg. The output that is shown here is truncated for documentation purposes.
[root@csah named]# systemctl restart haproxy
[core@csah ~]$ oc get nodes
NAME STATUS ROLES AGE VERSION
etcd-0.example.com Ready master 4d2h v1.16.2
etcd-1.example.com Ready master 4d2h v1.16.2
etcd-2.example.com Ready master 4d2h v1.16.2
worker-0.example.com Ready worker 4d1h v1.16.2
worker-1.example.com Ready worker 4d1h v1.16.2
worker-2.example.com Ready worker 89m v1.16.2