Translated message

A translation of this page exists in English.

Warning message

This translation is outdated. For the most up-to-date information, please refer to the English version.

Assisted Installer を使用してインストールした OCP クラスターの vSphere 設定を変更する

Solution Verified - Updated -

Environment

  • Red Hat OpenShift Container Platform 4.9 以降(OCP)

Issue

Assisted Installer を使用して、プラットフォーム統合機能を有効にしてクラスターをインストールした場合、インストールしたクラスター上で vSphere 設定を手動更新する必要があります。これは、完全にインストールが完了し、クラスターが console.redhat.com に接続された場合にのみ実行する必要があります。

注記: このドキュメントは、OCP クラスターの他のインストール方法には適用されません。

Resolution

  • Openshift で vSphere を変更する手順。ユーザー名、パスワード、vCenter アドレス、データセンター、データストアを変更する必要があります (YOURVCENTERADDRESSYOURVCENTERDATACENTERYOURVCENTERDATASTOREYOURVCENTERUSERVNAMEYOURVCENTERPASSWORDYOURVCENTERCLUSTER)。

1) バックアップを作成します。

# oc get secret vsphere-creds -o yaml -n kube-system > creds_backup.yaml
# oc get cm cloud-provider-config -o yaml -n openshift-config > cloud-provider-config_backup.yaml

OpenShift バージョン 4.13 以降では、追加のバックアップが必要です。

# oc get infrastructures.config.openshift.io -o yaml > infrastructures.config.openshift.io.yaml.backup

2) vCenter のユーザー名とパスワード用に、Base64 でエンコードされたパスワードを生成します。
注記: vSphere ユーザー名の形式は、'USERNAME@DOMAIN' とします。

# echo -n "YOURVCENTERPASSWORD" | base64 -w0
**YOURVCENTERPASSWORD_ENCODED**

# echo -n "YOURVCENTERUSERNAME@YOURVCENTERDOMAIN" | base64 -w0
**YOURVCENTERUSERVNAME_ENCODED**

3) creds.yaml を編集します。

# cp creds_backup.yaml vsphere-creds.yaml
# vi vsphere-creds.yaml

apiVersion: v1
data:
  YOURVCENTERADDRESS.password: YOURVCENTERPASSWORD_ENCODED**
  YOURVCENTERADDRESS.username: YOURVCENTERUSERVNAME_ENCODED**
kind: Secret
metadata:
  annotations:
    cloudcredential.openshift.io/mode: passthrough
  creationTimestamp: "2022-01-25T17:39:50Z" name: vsphere-creds
  namespace: kube-system
  resourceVersion: "2437" uid: 06971978-e3a5-4741-87f9-2ca3602f2658
type: Opaque

# oc replace -f vsphere-creds.yaml
secret/vsphere-creds replaced

or 
# oc edit -f vsphere-creds.yaml --namespace=kube-system
secret/vsphere-creds replaced

4) kube-controller-manager Pod の再デプロイメントを強制します。

# oc patch kubecontrollermanager cluster -p='{"spec": {"forceRedeploymentReason": "recovery-'"$( date --rfc-3339=ns )"'"}}' --type=merge
kubecontrollermanager.operator.openshift.io/cluster patched

5) cloud-provider-config.yaml を編集します。

# cp cloud-provider-config_backup.yaml cloud-provider-config.yaml
# vi cloud-provider-config.yaml

apiVersion: v1
data:
  config: |
    [Global]
    secret-name="vsphere-creds"   secret-namespace="kube-system"   insecure-flag="1"    [Workspace]
    server="YOURVCENTERADDRESS"   datacenter="YOURVCENTERDATACENTER"   default-datastore="YOURVCENTERDATASTORE"   folder="/YOURVCENTERDATACENTER/path/to/folder"    [VirtualCenter "YOURVCENTERADDRESS"]
    datacenters="YOURVCENTERDATACENTER"
kind: ConfigMap
metadata:
  creationTimestamp: "2022-01-25T17:40:49Z" name: cloud-provider-config
  namespace: openshift-config
  resourceVersion: "2070" uid: 80bb8618-bf25-442b-b023-b31311918507

# oc apply -f cloud-provider-config.yaml
Warning: resource configmaps/cloud-provider-config is missing the kubectl.kubernetes.io/last-applied-configuration annotation which is required by oc apply. oc apply should only be used on resources created declaratively by either oc create --save-config or oc apply. The missing annotation will be patched automatically.
configmap/cloud-provider-config configured

 

OpenShift バージョン 4.13 以降で必要な手順:

6) 初期化されていないテイントでノードをテイントします。

各ノードで、以下を置き換えて実行します (ノードごとに 1 回ずつ)。

#  oc get nodes
NAME                STATUS   ROLES                  AGE   VERSION
master-0   Ready    control-plane,master   45h   v1.26.3+379cd9f
master-1   Ready    control-plane,master   45h   v1.26.3+379cd9f
worker-0   Ready    worker                 45h   v1.26.3+379cd9f
worker-1   Ready    worker                 45h   v1.26.3+379cd9f
master-2   Ready    control-plane,master   45h   v1.26.3+379cd9f

# oc adm taint node master-1 node.cloudprovider.kubernetes.io/uninitialized=true:NoSchedule
# oc adm taint node master-2 node.cloudprovider.kubernetes.io/uninitialized=true:NoSchedule
# oc adm taint node master-3 node.cloudprovider.kubernetes.io/uninitialized=true:NoSchedule
# oc adm taint node worker-0 node.cloudprovider.kubernetes.io/uninitialized=true:NoSchedule
# oc adm taint node worker-1 node.cloudprovider.kubernetes.io/uninitialized=true:NoSchedule

7) infrastructures.config を更新します。

# cp infrastructures.config.openshift.io.yaml.backup infrastructures.config.openshift.io.yaml
# vi infrastructures.config.openshift.io.yaml

apiVersion: v1
items:
- apiVersion: config.openshift.io/v1
  kind: Infrastructure
  metadata:
    creationTimestamp: "2023-05-07T10:19:55Z"   generation: 1
    name: cluster
    resourceVersion: "536"   uid: e8a5742c-6d15-44e6-8a9e-064b26ab347d
  spec:
    cloudConfig:
      key: config
      name: cloud-provider-config
    platformSpec:
      type: VSphere
      vsphere:
        failureDomains:
        - name: assisted-generated-failure-domain
          region: assisted-generated-region
          server: YOURVCENTERADDRESS
          topology:
            computeCluster: /YOURVCENTERDATACENTER/host/YOURVCENTERCLUSTER
            datacenter: YOURVCENTERDATACENTER
            datastore: /YOURVCENTERDATACENTER/datastore/YOURVCENTERDATASTORE
            folder: "/YOURVCENTERDATACENTER/path/to/folder"           networks:
            - "VM Network"           resourcePool: /YOURVCENTERDATACENTER/host/YOURVCENTERCLUSTER/Resources
          zone: assisted-generated-zone
        nodeNetworking:
          external: {}
          internal: {}
        vcenters:
        - datacenters:
          - YOURVCENTERDATACENTER
          server: YOURVCENTERADDRESS

kind: List
metadata:
  resourceVersion: ""# oc apply -f infrastructures.config.openshift.io.yaml --overwrite=true
Warning: resource infrastructures/cluster is missing the kubectl.kubernetes.io/last-applied-configuration annotation which is required by oc apply. oc apply should only be used on resources created declaratively by either oc create --save-config or oc apply. The missing annotation will be patched automatically.
infrastructure.config.openshift.io/cluster configured

Diagnostic Steps

  • Openshift で vSphere を検証する手順

1) StorageClass vsphere-ds

# vi vsphere-sc.yaml

kind: StorageClass
apiVersion: storage.k8s.io/v1
metadata:
 name: vsphere-sc
provisioner: kubernetes.io/vsphere-volume
parameters:
 datastore: YOURVCENTERDATASTORE
 diskformat: thin
reclaimPolicy: Delete
volumeBindingMode: Immediate

# oc create -f vsphere-sc.yaml
storageclass.storage.k8s.io/vsphere-sc created

2) PersistentVolumeClaim と PersistentVolume を作成して接続をテストします。

# vi test-pvc.yaml

kind: PersistentVolumeClaim
apiVersion: v1
metadata:
 name: test-pvc
 namespace: openshift-config
 annotations:
   volume.beta.kubernetes.io/storage-provisioner: kubernetes.io/vsphere-volume
 finalizers:
   - kubernetes.io/pvc-protection
spec:
 accessModes:
   - ReadWriteOnce
 resources:
   requests:
    storage: 10Gi
 storageClassName: vsphere-sc
 volumeMode: Filesystem


# oc create -f test-pvc.yaml
persistentvolumeclaim/my-test-pvc created

# oc get pvc -n openshift-config
NAME        STATUS   VOLUME                                     CAPACITY   ACCESS MODES   STORAGECLASS   AGE
test-pvc   Bound    pvc-e91314a3-f225-46b9-9fdb-c2adcea934ad   10Gi     RWO         vsphere-sc  2m4s

# oc get pv
NAME                                    CAPACITY   ACCESS MODES   RECLAIM POLICY   STATUS   CLAIM                       STORAGECLASS   REASON   AGE
pvc-e91314a3-f225-46b9-9fdb-c2adcea934ad   10Gi     RWO         Delete          Bound   openshift-config/test-pvc   vsphere-sc              10m

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.

Comments