Preparing the Fabric Services System virtual machine nodes

The procedures in this section describe how to create and configure Fabric Services System nodes in deployments that use virtual machine servers.

You must use the Fabric Services System base OS image. This image is specially designed for use with the Fabric Services System deployment and comes with the necessary software and components, pre-installed in a minimally-hardened Rocky 8.6 operating system.

Complete the procedure for each individual Fabric Services System node, ensuring that each node is running on a separate hypervisor to minimize the risk of any impact if a hypervisor fails.

Downloading the Fabric Services System base OS image

Contact Nokia support for the location of the Fabric Services System base OS image. Download the OVA or QCOW2 image.

Networking considerations

Nokia recommends that you use two different networks for the Fabric Services System nodes.

Within the hypervisor, both networks should be available as bridged networks. Both these networks require support for jumbo frames (MTU set to 9000).

Ensure that the MTU is set to 9000 on all the interfaces on the hypervisor, Fabric Service System VM nodes, deployer and the interconnecting devices.

Configuring the Fabric Services System virtual machine

Complete the following steps to configure a Fabric Services System node.
  1. From the VMware vSphere or KVM console, log in to the node VM.

    Use the following credentials:

    Username: root

    Password: N0ki@FSSb4se!

  2. If your environment does not support or use the cloud-init services, disable and stop these services.
    # systemctl stop cloud-init cloud-init-local cloud-config cloud-final
    # systemctl disable cloud-init cloud-init-local cloud-config cloud-final
  3. Enable SSH.
    The base image is a hardened image so SSH is disabled by default for the root user. To enable SSH, update the /etc/ssh/sshd_config file and change the following lines:
    PasswordAuthentication no
    PermitRootLogin no
    to:
    PasswordAuthentication yes
    PermitRootLogin yes
    Note: You can keep password authentication disabled to provide extra security. In this case, only key-based authentication works, and you must configure the appropriate public SSH keys for the root user so it can log in over SSH. In any case, this configuration is needed for the deployer VM to reach the nodes.
  4. Restart SSH.
    # systemctl restart sshd
  5. Edit the /etc/sysconfig/network-scripts/ifcfg-eth0 file to configure the correct static IP address, DNS servers, and gateway for the OAM network.
    The final content should look similar to the following example, except with the IP address, DNS, and domain details specific to the target environment:
    BOOTPROTO=static
    DEVICE=eth0
    ONBOOT=yes
    TYPE=Ethernet
    USERCTL=no
    IPADDR=192.0.2.10
    PREFIX=24
    GATEWAY=192.0.2.1
    DNS1=192.0.2.5
    DNS2=192.0.2.6
    DOMAIN=fss.nokia.local
    MTU=9000
    
  6. Edit the /etc/sysconfig/network-scripts/ifcfg-eth1 file to configure the correct static IP address for the Fabric Management network.
    The final content should look similar to the following, except with the IP address, DNS, and domain details specific to the target environment:
    BOOTPROTO=static
    DEVICE=eth0
    ONBOOT=yes
    TYPE=Ethernet
    USERCTL=no
    IPADDR=192.0.2.10
    PREFIX=24
    MTU=9000
    

    Ensure that you set the MTU parameter to 9000 for all the interfaces.

  7. Restart the network to apply the new configuration.
    # systemctl restart NetworkManager.service
  8. Resize the root partition.
    The base OS image comes with a smaller partition than needed. Use the following commands to resize the root partition. Verify that you are using the right disk (in this example /dev/sda; in KVM this may be /dev/vda instead).
    # fdisk /dev/sda
    Welcome to fdisk (util-linux 2.23.2).
    
    Changes will remain in memory only, until you decide to write them.
    Be careful before using the write command.
    
    
    Command (m for help): p
    
    Disk /dev/sda: 214.7 GB, 214748364800 bytes, 419430400 sectors
    Units = sectors of 1 * 512 = 512 bytes
    Sector size (logical/physical): 512 bytes / 512 bytes
    I/O size (minimum/optimal): 512 bytes / 512 bytes
    Disk label type: dos
    Disk identifier: 0x000b050e
    
       Device Boot      Start         End      Blocks   Id  System
    /dev/sda1   *        2048    16777215     8387584   83  Linux
    
  9. Delete the existing partition.
    Command (m for help): d
    Selected partition 1
    Partition 1 is deleted
  10. Create a new partition that fills the entire disk.
    Accept the default settings presented.
    Command (m for help): n
    Partition type:
     p primary (0 primary, 0 extended, 4 free)
     e extended
    Select (default p):
    Using default response p
    Partition number (1-4, default 1):
    First sector (2048-419430399, default 2048):
    
    Last sector, +sectors or +size{K,M,G} (2048-419430399, default 419430399):
    
    Created a new partition 1 of type 'Linux' and of size 200 GiB.
    Partition #1 contains a xfs signature.
    
    Do you want to remove the signature? [Y]es/[N]o: Y
    
    The signature will be removed by a write command.
    
  11. Set the boot flag for this partition.
    Command (m for help): a
    Selected partition 1
  12. Write the partition table.
    Command (m for help): w
    The partition table has been altered!
     
    Calling ioctl() to re-read partition table.
     
    WARNING: Re-reading the partition table failed with error 16: Device or resource busy.
    The kernel still uses the old table. The new table will be used at
    the next reboot or after you run partprobe(8) or kpartx(8)
    Syncing disks.
  13. Optional: Configure a standard Linux partition on the storage disk, /dev/sdb in this example (in KVM this may be /dev/vdb instead).
    # fdisk /dev/sdb
    Welcome to fdisk (util-linux 2.23.2).
     
    Changes will remain in memory only, until you decide to write them.
    Be careful before using the write command.
     
    Device does not contain a recognized partition table
    Building a new DOS disklabel with disk identifier 0x8891800b.
     
    Command (m for help): n
    Partition type:
     p primary (0 primary, 0 extended, 4 free)
     e extended
    Select (default p):
    Using default response p
    Partition number (1-4, default 1):
    First sector (2048-629145599, default 2048):
    Using default value 2048
    Last sector, +sectors or +size{K,M,G} (2048-629145599, default 629145599):
    Using default value 629145599
    Partition 1 of type Linux and of size 300 GiB is set
     
    Command (m for help): w
    The partition table has been altered!
     
    Calling ioctl() to re-read partition table.
    Syncing disks.
  14. Reboot the node to register the change in partition sizes in the system.
    # reboot
  15. Grow the root partition file system to its full size.
    # xfs_growfs -d /
    meta-data=/dev/sda1 isize=512 agcount=4, agsize=524224 blks
     = sectsz=512 attr=2, projid32bit=1
     = crc=1 finobt=0 spinodes=0
    data = bsize=4096 blocks=2096896, imaxpct=25
     = sunit=0 swidth=0 blks
    naming =version 2 bsize=4096 ascii-ci=0 ftype=1
    log =internal bsize=4096 blocks=2560, version=2
     = sectsz=512 sunit=0 blks, lazy-count=1
    realtime =none extsz=4096 blocks=0, rtextents=0
    data blocks changed from 2096896 to 52428544
  16. Configure the appropriate NTP servers.
    Edit the /etc/chrony.conf configuration file and replace all lines that begin with server with the correct server lines for the environment.
  17. Restart the chronyd service.
    # systemctl restart chronyd
  18. Verify that time synchronization is functioning properly.
    # chronyc tracking

    If the Reference ID field is not set to any of the configured servers, but instead refers to something like 127.127.1.1, time synchronization is not functioning properly.

    Reference ID    : 87E30FFE (192.0.2.5)
    Stratum         : 4
    Ref time (UTC)  : Wed Feb 16 01:20:36 2022
    System time     : 0.000014215 seconds slow of NTP time
    Last offset     : -0.000001614 seconds
    RMS offset      : 0.000106133 seconds
    Frequency       : 11.863 ppm slow
    Residual freq   : -0.071 ppm
    Skew            : 0.187 ppm
    Root delay      : 0.063009784 seconds
    Root dispersion : 0.018440660 seconds
    Update interval : 64.5 seconds
    Leap status     : Normal
    
  19. Synchronize the RTC clock and the system clock.
    Ensure that the RTC and the system clock are synchronized after every reboot.
    # hwclock --systohc
    Then verify that local time and the RTC time are synchronized.
    # timedatectl
  20. Change the hostname.
    # hostnamectl set-hostname fss-node01.domain.tld
  21. Set up key-based authentication from the Fabric Services System deployer VM.
    If password authentication has been enabled on the node for SSH, enter the following command from the deployer VM.
    # ssh-copy-id root@<node IP/FQDN>