Your Browser is Out of Date

ShareDemos uses technology that works best in other browsers.
For a full experience use one of the browsers below
Deployment Guide—Dell EMC Ready Stack for Red Hat OpenShift Container Platform 3.11

view all chapters

Adding Worker Nodes
Adding a Red Hat Enterprise Linux worker node Adding Red Hat Enterprise Linux CoreOS worker node

Adding a Red Hat Enterprise Linux worker node

  • Introduction

    Worker nodes in OpenShift Container Platform 4.3 can run either CoreOS or Red Hat Enterprise Linux 7.6 or later. This section describes how to add a worker node that is running Red Hat Enterprise Linux 7.6 or later.

    Prerequisites

    The prerequisites for adding a worker node are as follows:

    • Red Hat Enterprise Linux 7.6 must be installed and assigned an IP address.
    • The node must be subscribed to the following repositories:
    • rhel-7-server-rpms
    • rhel-7-extras-rpms
    • rhel-7-server-ose-4.3-rpms

    The Red Hat Enterprise Linux worker node details are as follows:

    • The hostname is set to worker-2.example.com.
    • The IP address is assigned 100.82.46.26/26 (bond0), and DNS is 100.82.46.20 (CSAH node IP address).

    Adding the Red Hat Enterprise Linux worker node

    To add the worker node, complete the following steps. Run the commands as user root in CSAH unless otherwise specified.

    1. Update the subscription repositories:

     [root@csah ~]# subscription-manager repos --enable="rhel-7-server-extras-rpms" --enable="rhel-7-server-ose-4.3-rpms"

    Repository 'rhel-7-server-ose-4.3-rpms' is enabled for this system.

    Repository 'rhel-7-server-extras-rpms' is enabled for this system.

    1. Install the openshift-ansible and openshift-clients RPMs:

    [root@csah ~]# yum install openshift-ansible openshift-clients

    1. Copy kubeconfig to the user ansible home directory:

    [root@csah ~]# cp /home/core/openshift/auth/kubeconfig /home/ansible/

    [root@csah ~]# chown ansible:ansible /home/ansible/kubeconfig

    1. Update the DNS entries for forward lookup (A and CNAME records) and reverse lookup of the Red Hat Enterprise Linux worker node as follows.

    Note: DNS files are located under the /var/named directory. The forward lookup file is example.com, and the reverse lookup file is 46.82.100.in-addr.arpa.

     [root@csah named]# pwd

    /var/named

    [root@csah named]# cat example.com | grep worker-2

    worker-2  IN    A      100.82.46.26

    worker-2  IN   CNAME   worker-2.example.com.

    [root@csah named]# cat 46.82.100.in-addr.arpa | grep worker-2

    26   IN       PTR       worker-2.example.com.

    1. Restart the named service and validate the DNS entries:

    [root@csah named]# systemctl restart named

    [root@csah named]# nslookup worker-2

    Server:         100.82.46.20

    Address:        100.82.46.20#53

    Name:   worker-2.example.com

    Address: 100.82.46.26

    [root@csah named]# nslookup worker-2.ocp.example.com

    Server:         100.82.46.20

    Address:        100.82.46.20#53

    worker-2.ocp.example.com        canonical name = worker-2.example.com.

    Name:   worker-2.example.com

    Address: 100.82.46.26

    [root@csah named]# nslookup 100.82.46.26

    26.46.82.100.in-addr.arpa       name = worker-2.example.com.

    1. As user ansible, create an inventory file with the Red Hat Enterprise Linux worker node information:

    [ansible@csah ~]$ cat rhelworker

    [all:vars]

    ansible_user=ansible

    ansible_become=True

    openshift_kubeconfig_path="/home/ansible/kubeconfig"

    [new_workers]

    worker-2.example.com

    Note: Run the commands in the remaining steps as user root in Red Hat Enterprise Linux worker node unless specified otherwise.

    1. Use subscription manager to add repositories:

    [root@worker-2 ~]# subscription-manager repos --enable="rhel-7-server-extras-rpms" –enable=”rhel-7-server-rpms” --enable="rhel-7-server-ose-4.3-rpms"

    Repository 'rhel-7-server-extras-rpms' is enabled for this system.

    Repository 'rhel-7-server-rpms' is enabled for this system.

    Repository 'rhel-7-server-ose-4.3-rpms' is enabled for this system.

    1. Disable the firewall:

    [root@worker-2 ~]# systemctl disable firewalld

    Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service.

    Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.

    [root@worker-2 ~]# systemctl stop firewalld

    Note: Do not enable firewalld later. If you do, you cannot access OpenShift Container Platform logs on the worker node.

    1. Create user ansible:

    [root@worker-2 ~]# useradd ansible

    1. Provide sudoers access to user ansible, and add the following content after running the visudo command:

    [root@worker-2 ~]# visudo

    root    ALL=(ALL) ALL (This line already exists)

    ansible ALL=(ALL) NOPASSWD: ALL

    1. Copy the contents of /home/ansible/.ssh/id_rsa.pub in CSAH node to /home/ansible/.ssh/authorized_keys in the Red Hat Enterprise Linux worker node:

    [ansible@worker-2 ~]$ mkdir .ssh

    [ansible@worker-2 .ssh]$ vi authorized_keys

    1. Set permissions of 700 to /home/ansible/.ssh and 600 to /home/ansible/.ssh/authorization_keys:

    [ansible@worker-2 ~]$ chmod 700 .ssh/

    [ansible@worker-2 ~]$ chmod 600 .ssh/authorized_keys

    1. As user ansible in CSAH node, copy kubeconfig to the Red Hat Enterprise Linux worker node:

    [ansible@csah ~]$ scp kubeconfig worker-2:~/

    100%   17KB  44.4MB/s   00:00

    Note: You are not prompted for a password because the authorized keys from CSAH have already been added.

    As user ansible in CSAH node, you must list all existing nodes in the cluster and, in some cases, might receive the following error:

    [ansible@csah tasks]$ oc get nodes --config=/home/ansible/.auth/kubeconfig

    error: You must be logged in to the server (Unauthorized)

    If you receive the login error when logging in as ansible, log in as kubeadmin:

    [ansible@csah ~]$ oc login -u kubeadmin -p xxxxx-xxxxx-xxxxx-xxxxx

    Login successful.

    You have access to 53 projects, the list has been suppressed. You can list all projects with 'oc projects'

    Using project "default".

    1. As user ansible, run ansible-playbook in CSAH node, which adds the new worker node into an existing cluster:

    [ansible@csah ~]$ cd /usr/share/ansible/openshift-ansible/

    [ansible@csah openshift-ansible]$ ansible-playbook -i /home/ansible/rhelworker playbooks/scaleup.yml

    The following figure shows the task summary and execution times:

    Figure 12.          Red Hat Enterprise Linux worker node Ansible task summary

    1. Edit haproxy.cfg under /etc/haproxy to include the new worker node IP address under sections backend http and backend https:

    backend http

       balance roundrobin

       mode tcp

       server worker-0 100.82.46.24:80 check

       server worker-1 100.82.46.25:80 check

       server worker-2 100.82.46.26:80 check

    backend https

       balance roundrobin

       mode tcp

       server worker-0 100.82.46.24:443 check

       server worker-1 100.82.46.25:443 check

       server worker-2 100.82.46.26:443 check

    The line server worker-2 is now in haproxy.cfg. The output that is shown here is truncated for documentation purposes.

    1. As user root, restart the haproxy service:

    [root@csah named]# systemctl restart haproxy

    1. Verify that the worker node (worker-2.example.com) is now part of the cluster:

    [core@csah ~]$ oc get nodes

    NAME                   STATUS   ROLES    AGE    VERSION

    etcd-0.example.com     Ready    master   4d2h   v1.16.2

    etcd-1.example.com     Ready    master   4d2h   v1.16.2

    etcd-2.example.com     Ready    master   4d2h   v1.16.2

    worker-0.example.com   Ready    worker   4d1h   v1.16.2

    worker-1.example.com   Ready    worker   4d1h   v1.16.2

    worker-2.example.com   Ready    worker   89m    v1.16.2