I used a base CoreOS 7 box with docker installed as my provisioning machine. At first, I tried to install matchbox from the tar files provided by the documentation in the tectonic bare-install guide.
https://coreos.com/tectonic/docs/latest/install/bare-metal/index.html#1-overview
I also downloaded a dnsmasq docker image and used that for the network setup.
I then came across the https://github.com/coreos/matchbox repository and found that instead of using my own dnsmasq container they had some scripts to run a docker image in the repo.
Most of the difficulty in this install process is understanding the pxe configuration. Also, I was able to get my first attempt to run the http client correctly but the grpc client is not configured to start automatically.
This is where the examples in the matchbox repo is proving to be valuable. I was able to finally get docker images running for matchbox and dnsmasq
Command to run matchbox
docker run --net=host --rm -v /var/lib/matchbox:/var/lib/matchbox:Z -v /etc/matchbox:/etc/matchbox:Z,ro quay.io/coreos/matchbox:latest -address=0.0.0.0:8080 -rpc-address=0.0.0.0:8081 -log-level=debug
Command to run dnsmasq
docker run --rm --cap-add=NET_ADMIN quay.io/coreos/dnsmasq -d -q --dhcp-range=10.0.0.3,10.0.0.254 --enable-tftp --tftp-root=/var/lib/tftpboot --dhcp-userclass=set:ipxe,iPXE --dhcp-boot=tag:#ipxe,undionly.kpxe --dhcp-boot=tag:ipxe,http://matchbox.menkecloud:8080/boot.ipxe --log-queries --log-dhcp --dhcp-option=3,10.0.0.1 --address=/matchbox.menkecloud/10.0.0.2
Command to test the certs with the api
openssl s_client -connect localhost:8081 -CAfile /etc/matchbox/ca.crt -cert /tectonic/matchbox/scripts/tls/client.crt -key /tectonic/matchbox/scripts/tls/client.key
NOTE the github repo did not contain the cert-gen program that was in the .tar file for matchbox. I ended up using the cert-gen program from the tar and then referring to these files from the openssl test statement.
Links:
https://github.com/coreos/matchbox/blob/master/Documentation/getting-started-docker.md
https://github.com/coreos/matchbox/tree/master/contrib/dnsmasq
https://github.com/coreos/matchbox/blob/master/Documentation/network-booting.md
At this point, i was able to download the isntaller on my windows machine and use the bash command line from git to run it.
user@DESKTOP ~/Downloads/tectonic/tectonic-installer/windows
$ ./installer
One thing has been puzzling. They are asking for MAC address and machine names even though I am doing a PXE boot. It seems like a bit of a chicken and egg thing here. I have some machines that I had previously PXE booted for Openstack and the installer would not need the MAC addresses - it would find them when the client registered.
Next week I plan to create the inventory of mac addresses and try to proceed with the installation.
1 comment:
here are my comments.
Tektonic setup is not easy as you think. Fist and foremost here is what you need to understand several things.
1) Tektonic installer requires MAC Address and DNS address becausae the IPXE chain load process to bootstrap the ISO from MATCHBOX image instead you use your COREOS image.
All you need to just node down the MAC Address information of the bare metal or VM's.
For Baremetal you can get the MAC address from either ILO (Remote Managmenet) or IPMI tool or you just need to install with any live (Centos Live ) ISO to bootstrap the systes and node down the MAC address.
For VM's its easy as you need to just create DUMMY VM's and attach a network (Distributed switch or standard switch)
For VM's you need to make sure there is no THIN provision used during the disk creation.
3) Tektonic installer requires DNS/DHCP/TFTP for IPXE to retrieve and chain load ISO from MATCHBOX image. For this either you can use provided Docker Image(you need a docker host to do that) or RKT image (rocket image requires you setup COREOS already ) which containers all (DNS/DHCP/TFTP for IPX). So you need to logon to docker or rkt instance and make sure the dnsmasq.conf have the same IP address or else this is not useful
--> The simplest way to setup your own DNS/DHCP/TFTP and follow tektonic parameters , such as use MATCHBOX provided image and dnsmsq.conf should have IP address range for which your VM's or baremetal network IP space (same VLAN or IP range 192.168.1.0/24 )
3) Tektonic installer uses its templates files in /var/lib/matchbox/ignition where it has tectonic-worker.yaml.tmpl and tectonic-controller.yaml.tmpl. For corporate world everyone is behind proxy , so you need to open these 2 files and add the http_proxy of your company proxy port otherwise the installer will not move any phase and you will go crazy.
4) During Tektonic there are various files require to (tektonic license, tektonic TLS generated files and client public (ssh.pub) files, so you need to have all that before you start tektonic installer in windows or mac .
BR
Rushi.
Post a Comment