Preparing the Fabric Services System virtual machine nodes
The procedures in this section describe how to create and configure Fabric Services System nodes in deployments that use virtual machine servers.
You must use the Fabric Services System base OS image. This image is specially designed for use with the Fabric Services System deployment and comes with the necessary software and components, pre-installed in a minimally-hardened Rocky 8.6 operating system.
Complete the procedure for each individual Fabric Services System node, ensuring that each node is running on a separate hypervisor to minimize the risk of any impact if a hypervisor fails.
Downloading the Fabric Services System base OS image
Contact Nokia support for the location of the Fabric Services System base OS image. Download the OVA or QCOW2 image.
Networking considerations
Nokia recommends that you use two different networks for the Fabric Services System nodes.
Within the hypervisor, both networks should be available as bridged networks. Both these networks require support for jumbo frames (MTU set to 9000).
Ensure that the MTU is set to 9000 on all the interfaces on the hypervisor, Fabric Service System VM nodes, deployer and the interconnecting devices.
Configuring the Fabric Services System virtual machine
-
From the VMware vSphere or KVM console, log in to the node VM.
Use the following credentials:
Username:
rootPassword:
N0ki@FSSb4se! -
If your environment does not support or use the cloud-init services, disable
and stop these services.
# systemctl stop cloud-init cloud-init-local cloud-config cloud-final # systemctl disable cloud-init cloud-init-local cloud-config cloud-final -
Enable SSH.
The base image is a hardened image so SSH is disabled by default for the root user. To enable SSH, update the /etc/ssh/sshd_config file and change the following lines:
to:PasswordAuthentication no PermitRootLogin noPasswordAuthentication yes PermitRootLogin yesNote: You can keep password authentication disabled to provide extra security. In this case, only key-based authentication works, and you must configure the appropriate public SSH keys for the root user so it can log in over SSH. In any case, this configuration is needed for the deployer VM to reach the nodes. -
Restart SSH.
# systemctl restart sshd -
Edit the /etc/sysconfig/network-scripts/ifcfg-eth0 file to
configure the correct static IP address, DNS servers, and gateway for the OAM
network.
The final content should look similar to the following example, except with the IP address, DNS, and domain details specific to the target environment:
BOOTPROTO=static DEVICE=eth0 ONBOOT=yes TYPE=Ethernet USERCTL=no IPADDR=192.0.2.10 PREFIX=24 GATEWAY=192.0.2.1 DNS1=192.0.2.5 DNS2=192.0.2.6 DOMAIN=fss.nokia.local MTU=9000 -
Edit the /etc/sysconfig/network-scripts/ifcfg-eth1 file to
configure the correct static IP address for the Fabric Management network.
The final content should look similar to the following, except with the IP address, DNS, and domain details specific to the target environment:
BOOTPROTO=static DEVICE=eth0 ONBOOT=yes TYPE=Ethernet USERCTL=no IPADDR=192.0.2.10 PREFIX=24 MTU=9000Ensure that you set the MTU parameter to 9000 for all the interfaces.
-
Restart the network to apply the new configuration.
# systemctl restart NetworkManager.service -
Resize the root partition.
The base OS image comes with a smaller partition than needed. Use the following commands to resize the root partition. Verify that you are using the right disk (in this example
/dev/sda; in KVM this may be/dev/vdainstead).# fdisk /dev/sda Welcome to fdisk (util-linux 2.23.2). Changes will remain in memory only, until you decide to write them. Be careful before using the write command. Command (m for help): p Disk /dev/sda: 214.7 GB, 214748364800 bytes, 419430400 sectors Units = sectors of 1 * 512 = 512 bytes Sector size (logical/physical): 512 bytes / 512 bytes I/O size (minimum/optimal): 512 bytes / 512 bytes Disk label type: dos Disk identifier: 0x000b050e Device Boot Start End Blocks Id System /dev/sda1 * 2048 16777215 8387584 83 Linux -
Delete the existing partition.
Command (m for help): d Selected partition 1 Partition 1 is deleted -
Create a new partition that fills the entire disk.
Accept the default settings presented.
Command (m for help): n Partition type: p primary (0 primary, 0 extended, 4 free) e extended Select (default p): Using default response p Partition number (1-4, default 1): First sector (2048-419430399, default 2048): Last sector, +sectors or +size{K,M,G} (2048-419430399, default 419430399): Created a new partition 1 of type 'Linux' and of size 200 GiB. Partition #1 contains a xfs signature. Do you want to remove the signature? [Y]es/[N]o: Y The signature will be removed by a write command. -
Set the boot flag for this partition.
Command (m for help): a Selected partition 1 -
Write the partition table.
Command (m for help): w The partition table has been altered! Calling ioctl() to re-read partition table. WARNING: Re-reading the partition table failed with error 16: Device or resource busy. The kernel still uses the old table. The new table will be used at the next reboot or after you run partprobe(8) or kpartx(8) Syncing disks. - Optional:
Configure a standard Linux partition on the storage disk,
/dev/sdb in this example (in KVM this may be
/dev/vdbinstead).# fdisk /dev/sdb Welcome to fdisk (util-linux 2.23.2). Changes will remain in memory only, until you decide to write them. Be careful before using the write command. Device does not contain a recognized partition table Building a new DOS disklabel with disk identifier 0x8891800b. Command (m for help): n Partition type: p primary (0 primary, 0 extended, 4 free) e extended Select (default p): Using default response p Partition number (1-4, default 1): First sector (2048-629145599, default 2048): Using default value 2048 Last sector, +sectors or +size{K,M,G} (2048-629145599, default 629145599): Using default value 629145599 Partition 1 of type Linux and of size 300 GiB is set Command (m for help): w The partition table has been altered! Calling ioctl() to re-read partition table. Syncing disks. -
Reboot the node to register the change in partition sizes in the system.
# reboot -
Grow the root partition file system to its full size.
# xfs_growfs -d / meta-data=/dev/sda1 isize=512 agcount=4, agsize=524224 blks = sectsz=512 attr=2, projid32bit=1 = crc=1 finobt=0 spinodes=0 data = bsize=4096 blocks=2096896, imaxpct=25 = sunit=0 swidth=0 blks naming =version 2 bsize=4096 ascii-ci=0 ftype=1 log =internal bsize=4096 blocks=2560, version=2 = sectsz=512 sunit=0 blks, lazy-count=1 realtime =none extsz=4096 blocks=0, rtextents=0 data blocks changed from 2096896 to 52428544 -
Configure the appropriate NTP servers.
Edit the /etc/chrony.conf configuration file and replace all lines that begin with
serverwith the correct server lines for the environment. -
Restart the chronyd service.
# systemctl restart chronyd -
Verify that time synchronization is functioning properly.
# chronyc trackingIf the Reference ID field is not set to any of the configured servers, but instead refers to something like 127.127.1.1, time synchronization is not functioning properly.
Reference ID : 87E30FFE (192.0.2.5) Stratum : 4 Ref time (UTC) : Wed Feb 16 01:20:36 2022 System time : 0.000014215 seconds slow of NTP time Last offset : -0.000001614 seconds RMS offset : 0.000106133 seconds Frequency : 11.863 ppm slow Residual freq : -0.071 ppm Skew : 0.187 ppm Root delay : 0.063009784 seconds Root dispersion : 0.018440660 seconds Update interval : 64.5 seconds Leap status : Normal -
Synchronize the RTC clock and the system clock.
Ensure that the RTC and the system clock are synchronized after every reboot.
# hwclock --systohcThen verify that local time and the RTC time are synchronized.# timedatectl -
Change the hostname.
# hostnamectl set-hostname fss-node01.domain.tld -
Set up key-based authentication from the Fabric Services System deployer VM.
If password authentication has been enabled on the node for SSH, enter the following command from the deployer VM.
# ssh-copy-id root@<node IP/FQDN>