[ English | Indonesia | 한국어 (대한민국) | Deutsch | English (United Kingdom) ]

Common Deployment Requirements

Passwordless Sudo

Throughout this guide the assumption is that the user is: ubuntu. Because this user has to execute root level commands remotely to other nodes, it is advised to add the following lines to /etc/sudoers for each node:

root    ALL=(ALL) NOPASSWD: ALL
ubuntu  ALL=(ALL) NOPASSWD: ALL

Latest Version Installs

On the host or master node, install the latest versions of Git, CA Certs & Make if necessary

#!/bin/bash
sudo apt-get update
sudo apt-get install --no-install-recommends -y \
        ca-certificates \
        git \
        make \
        jq \
        nmap \
        curl \
        uuid-runtime \
        bc \
        python3-pip

Proxy Configuration

Note

This guide assumes that users wishing to deploy behind a proxy have already defined the conventional proxy environment variables http_proxy, https_proxy, and no_proxy.

In order to deploy OpenStack-Helm behind corporate proxy servers, add the following entries to openstack-helm-infra/tools/gate/devel/local-vars.yaml.

proxy:
  http: http://username:password@host:port
  https: https://username:password@host:port
  noproxy: 127.0.0.1,localhost,172.17.0.1,.svc.cluster.local

Note

The .svc.cluster.local address is required to allow the OpenStack client to communicate without being routed through proxy servers. The IP address 172.17.0.1 is the advertised IP address for the Kubernetes API server. Replace the addresses if your configuration does not match the one defined above.

Add the address of the Kubernetes API, 172.17.0.1, and .svc.cluster.local to your no_proxy and NO_PROXY environment variables.

export no_proxy=${no_proxy},172.17.0.1,.svc.cluster.local
export NO_PROXY=${NO_PROXY},172.17.0.1,.svc.cluster.local

By default, this installation will use Google DNS Server IPs (8.8.8.8, 8.8.4.4) and will update resolv.conf as a result. If those IPs are blocked by the proxy, this will overwrite the original DNS entries and result in the inability to connect to anything on the network behind the proxy. These DNS nameserver entries can be changed by updating the external_dns_nameservers entry in this file:

openstack-helm-infra/tools/images/kubeadm-aio/assets/opt/playbooks/vars.yaml

It is recommended to add your own existing DNS nameserver entries to avoid losing connection.