Menu Close
13.2.2.2. Provisioning a kernel module to OpenShift Container Platform
Depending on whether or not you must have the kernel module in place when OpenShift Container Platform cluster first boots, you can set up the kernel modules to be deployed in one of two ways:
-
Provision kernel modules at cluster install time (day-1): You can create the content as a
MachineConfigobject and provide it toopenshift-installby including it with a set of manifest files. - Provision kernel modules via Machine Config Operator (day-2): If you can wait until the cluster is up and running to add your kernel module, you can deploy the kernel module software via the Machine Config Operator (MCO).
In either case, each node needs to be able to get the kernel packages and related software packages at the time that a new kernel is detected. There are a few ways you can set up each node to be able to obtain that content.
- Provide RHEL entitlements to each node.
-
Get RHEL entitlements from an existing RHEL host, from the
/etc/pki/entitlementdirectory and copy them to the same location as the other files you provide when you build your Ignition config. -
Inside the Dockerfile, add pointers to a
yumrepository containing the kernel and other packages. This must include new kernel packages as they are needed to match newly installed kernels.
13.2.2.2.1. Provision kernel modules via a MachineConfig object
By packaging kernel module software with a MachineConfig object, you can deliver that software to worker or master nodes at installation time or via the Machine Config Operator.
First create a base Ignition config that you would like to use. At installation time, the Ignition config will contain the ssh public key to add to the authorized_keys file for the core user on the cluster. To add the MachineConfig object later via the MCO instead, the SSH public key is not required. For both type, the example simple-kmod service creates a systemd unit file, which requires a kmods-via-containers@simple-kmod.service.
The systemd unit is a workaround for an upstream bug and makes sure that the kmods-via-containers@simple-kmod.service gets started on boot:
Register a RHEL 8 system:
# subscription-manager register
Attach a subscription to the RHEL 8 system:
# subscription-manager attach --auto
Install software needed to build the software:
# yum install podman make git -y
Create an Ignition config file that creates a systemd unit file:
Create a directory to host the Ignition config file:
$ mkdir kmods; cd kmods
Create the Ignition config file that creates a systemd unit file:
$ cat <<EOF > ./baseconfig.ign { "ignition": { "version": "2.2.0" }, "passwd": { "users": [ { "name": "core", "groups": ["sudo"], "sshAuthorizedKeys": [ "ssh-rsa AAAA" ] } ] }, "systemd": { "units": [{ "name": "require-kvc-simple-kmod.service", "enabled": true, "contents": "[Unit]\nRequires=kmods-via-containers@simple-kmod.service\n[Service]\nType=oneshot\nExecStart=/usr/bin/true\n\n[Install]\nWantedBy=multi-user.target" }] } } EOF注記You must add your public SSH key to the
baseconfig.ignfile to use the file duringopenshift-install. The public SSH key is not needed if you create theMachineConfigobject using the MCO.
Create a base MCO YAML snippet that uses the following configuration:
$ cat <<EOF > mc-base.yaml apiVersion: machineconfiguration.openshift.io/v1 kind: MachineConfig metadata: labels: machineconfiguration.openshift.io/role: worker name: 10-kvc-simple-kmod spec: config: EOF注記The
mc-base.yamlis set to deploy the kernel module onworkernodes. To deploy on master nodes, change the role fromworkertomaster. To do both, you could repeat the whole procedure using different file names for the two types of deployments.Get the
kmods-via-containerssoftware:Clone the
kmods-via-containersrepository:$ git clone https://github.com/kmods-via-containers/kmods-via-containers
Clone the
kvc-simple-kmodrepository:$ git clone https://github.com/kmods-via-containers/kvc-simple-kmod
-
Get your module software. In this example,
kvc-simple-kmodis used: Create a fakeroot directory and populate it with files that you want to deliver via Ignition, using the repositories cloned earlier:
Create the directory:
$ FAKEROOT=$(mktemp -d)
Change to the
kmod-via-containersdirectory:$ cd kmods-via-containers
Install the KVC framework instance:
$ make install DESTDIR=${FAKEROOT}/usr/local CONFDIR=${FAKEROOT}/etc/Change to the
kvc-simple-kmoddirectory:$ cd ../kvc-simple-kmod
Create the instance:
$ make install DESTDIR=${FAKEROOT}/usr/local CONFDIR=${FAKEROOT}/etc/
Get a tool called
filetranspilerand dependent software:$ cd .. ; sudo yum install -y python3 git clone https://github.com/ashcrow/filetranspiler.git
Generate a final machine config YAML (
mc.yaml) and have it include the base Ignition config, base machine config, and the fakeroot directory with files you would like to deliver:$ ./filetranspiler/filetranspile -i ./baseconfig.ign \ -f ${FAKEROOT} --format=yaml --dereference-symlinks \ | sed 's/^/ /' | (cat mc-base.yaml -) > 99-simple-kmod.yamlIf the cluster is not up yet, generate manifest files and add this file to the
openshiftdirectory. If the cluster is already running, apply the file as follows:$ oc create -f 99-simple-kmod.yaml
Your nodes will start the
kmods-via-containers@simple-kmod.serviceservice and the kernel modules will be loaded.To confirm that the kernel modules are loaded, you can log in to a node (using
oc debug node/<openshift-node>, thenchroot /host). To list the modules, use thelsmodcommand:$ lsmod | grep simple_
Example output
simple_procfs_kmod 16384 0 simple_kmod 16384 0