OpenShift Origin

This section details how to set up a local OpenShift Origin (community distribution of OpenShift) all-in-one cluster and configure that cluster for installing Telco Network Cloud Orchestration (TNC-O).

Pre-requisites

• Previous knowledge of basic installation process with TNC-O Helm charts.
• Linux machine (or Linux VM running on another platform) to install OpenShift cluster.

OpenShift all-in-one set-up

This guide follows OpenShift Origin (version 3.11) documentation.

Docker

• Install Docker (version 1.13 or later) onto your Linux machine.
• Configure the Docker daemon with an insecure registry parameter of 172.30.0.0/16. Also include the Docker registry from which you will get your TNC-O Docker images (read more about registry of your Docker images here). Edit file /etc/docker/daemon.json:

{
  "insecure-registries": [
    "172.30.0.0/16",
    "myregistry:5000"
  ]
}

• Restart the Docker daemon:

sudo systemctl daemon-reload
sudo systemctl restart docker

Firewall

Ensure that your firewall allows access to the OpenShift master API (8443/tcp) and DNS (53/udp) endpoints. In RHEL and Fedora, you can create a new firewalld zone to enable this access:

• Find Docker bridge network container subnet - you should get a value like 172.17.0.0/16

docker network inspect -f "{{range .IPAM.Config }}{{ .Subnet }}{{end}}" bridge

• Create a new firewalld zone for the subnet and grant it access to the correct ports:

firewall-cmd --permanent --new-zone dockerc
firewall-cmd --permanent --zone dockerc --add-source 172.17.0.0/16
firewall-cmd --permanent --zone dockerc --add-port 8443/tcp
firewall-cmd --permanent --zone dockerc --add-port 53/udp
firewall-cmd --permanent --zone dockerc --add-port 8053/udp
firewall-cmd --reload

OpenShift Client Tool

• Download the oc binary from OpenShift Origin Releases page to your machine. For this set-up we would be using client tool version 3.11.
• Place the binary in your path.

Start an OpenShift cluster

Run the following as a user that has permission to run Docker commands:

oc cluster up

Configuration

After your OpenShift cluster has been up, log in as system admin to perform further configuration steps:

oc login -u system:admin

Helm

TNC-O will be installed using Helm charts, so you would need Helm client and server:

• Go into the project (similar to Kubernetes namespace) meant for Tiller:

oc project kube-system

• Run the following command (replace with desired Helm version and Tiller namespace):

oc process -f https://github.com/openshift/origin/raw/master/examples/helm/tiller-template.yaml -p TILLER_NAMESPACE=kube-system -p HELM_VERSION=v2.14.3 | oc create -f -

• Check that Tiller pod is running by command oc get po.
• Grant admin cluster role to Helm

oc adm policy add-cluster-role-to-user cluster-admin system:serviceaccount:kube-system:tiller

• Check that Tiller role is correct by command helm ls. There should be an empty output.

Security policies for TNC-O’s Foundation chart

These configuration steps only apply to Telco Network Cloud Orchestration (TNC-O) helm-foundation chart (version 2.1 GA).

• Grant all authenticated users access to the anyuid security context constraint (SCC):

oc adm policy add-scc-to-group anyuid system:authenticated

• Go to the project (namespace) that you plan to install TNC-O Helm charts in:

oc project myproject

• Assign privileged SCC to specific foundation service accounts (replace myproject with your project):

oc adm policy add-scc-to-user privileged system:serviceaccount:myproject:default
oc adm policy add-scc-to-user privileged system:serviceaccount:myproject:foundation
oc adm policy add-scc-to-user privileged system:serviceaccount:myproject:foundation-nginx-ingress
oc adm policy add-scc-to-user privileged system:serviceaccount:myproject:foundation-elasticsearch-client
oc adm policy add-scc-to-user privileged system:serviceaccount:myproject:foundation-elasticsearch-data
oc adm policy add-scc-to-user privileged system:serviceaccount:myproject:foundation-elasticsearch-master

Local HostPath storage

OpenShift supports many Persistent Volume Types but in this case we’ll be looking at hostPath Persistent Volumes created by helm-foundation. Read more about TNC-O storage set-up here and helm inspect command on your helm-foundation chart. Default path on the host will be determined by the location from which you run the oc cluster up command, most likely $HOME/openshift.local.clusterup/openshift.local.pv/.

• Create a sub-directory for TNC-O volumes:

sudo mkdir -p $HOME/openshift.local.clusterup/openshift.local.pv/lm
sudo chmod -R 666 $HOME/openshift.local.clusterup/openshift.local.pv/lm

• Setup required local directories under $HOME/openshift.local.clusterup/openshift.local.pv/lm
• Put the full path in the values file intended for helm-foundation chart:

volumesInit:
  enabled: true
  hostPath: /home/<your-user>/openshift.local.clusterup/openshift.local.pv/lm

Notes and next steps

• The OpenShift cluster is now ready for installing TNC-O Helm charts. Start your installation by reviewing the Getting Started guide.
• Since this OpenShift cluster is a single-node set-up for development purposes, it is not suitable for production deployment of TNC-O. Choose minimal flavour in the sizing section
• Remember to run helm install with --namespace option pointing to the project that you configured earlier.