Installing Fabric Services System

After the Fabric Services System deployer VM and the Fabric Services System nodes have been installed and configured, the environment is ready to be installed with the Fabric Services System application.

Using HTTPS for the UI and API

Nokia strongly recommends that you enable HTTPS for the UI and API to enforce the use of TLS encryption (v1.2 or v1.3) for all communication to the Fabric Services System management interfaces. Enabling HTTPS guarantees that all information is secured against snooping or changes during transit.

To enable HTTPS, a server certificate and private key must be provided to the deployer VM and installation tool. This certificate can either be provided by a trusted Certificate Authority within the environment, or it can be a self-signed certificate.

Ensure that the following properties of the certificate specify the FQDN that is used to access the Fabric Services System UI and API:

  • CN
  • SubjectAltName

If a self-signed certificate is preferred, the following command is an example of how to generate a self-signed certificate and accompanying private key. Replace the variables, (enclosed in brackets, < >) with the appropriate values for your deployment scenario. This command requires openssl 1.1.1 or later:

openssl req -newkey rsa:4096 -x509 -sha512 -days
        <validity-period-days> -nodes -out fss-tls.crt -keyout fss-tls.key -subj
        "/C=<country-code>/ST=<state-province>/L=<city>/O=<company>/OU=<organizational-unit>/CN=<FSS-FQDN>"
        -addext "subjectAltName=DNS:<FSS-FQDN>"

To enable HTTPS, the following settings must be configured in the installation configuration file. For related information, see Editing the installation configuration file.

httpsenabled
Set this parameter to true (Boolean; do not enclose with quotes).
certificate
The full path of the certificate crt file as it is stored on the deployer VM.
privatekey
The full path of the private key file as it is stored on the deployer VM.
domainhost
The FQDN that is used to access the UI and API of the environment.
Note: When HTTPS is enabled, the Fabric Services System only allows connections over HTTPS that use the FQDN as the hostname in the request. Additionally, all HTTP requests are redirected toward HTTPS and to that specific FQDN. If a different hostname is used, the request fails.

Editing the installation configuration file

As part of the deployment, you must provide specific details about the configurable portions of the installation using a configuration file. The details you provide instruct the deployer how to proceed when setting up the Kubernetes deployment, the Fabric Services System software, and the Digital Sandbox.

Note: You can rename the input configuration file to a name specific to your deployment. In the examples that follow, the input configuration file is named sample-input.json.
  1. From the deployer, access the input configuration
    [root@fss-deployer ~] vi sample-input.json
    
  2. Edit the configuration file.

    Update the file with the following settings:

    • IP addresses of the nodes to be used in your Fabric Services System deployment
    • deployer nodes
    • worker nodes
    • storage nodes
      Note: When you set the devices parameter, specify only the partition name, ("sdb1" in the example below). You do not need to specify the path.
    • time synchronization
    • replica count
    • Optional: Digital Sandbox installation characteristics

    The deployer creates three Kubernetes master nodes. By default, the master nodes are the first three worker nodes specified in the configuration file. However, you can specify which worker nodes you want to act as the Kubernetes master nodes by tagging those nodes with the master role in the configuration file.

    The following is an example of a sample-input.json configuration file. Configuration file fields describes the fields you must configure.

    {
      "deployernode": {
        "ipaddr": "192.0.2.10",
        "gateway": "192.0.2.1",
        "netmask": "255.255.255.0"
      },
      "digitalsandbox": {
        "enabled": true,
        "volumenode": "fss-node04"
      },
      "timesync": {
        "install": true,
        "server": "192.0.2.5"
      },
      "fss": {
         "heketinode": "fss-node04",
         "dhcpnode": "fss-node01",
         "dhcpinterface": "198.51.100.11/24",
         "ztpaddress": "198.51.100.11",
         "httpsenabled":  true,
         "certificate": "/root/certs/fss-tls.crt",
         "privatekey": "/root/certs/fss-tls.key",
         "domainhost": "fss.nokia.tld"
      },
      "workernodes": [
        {
          "hostip": "192.0.2.11",
          "hostname": "fss-node01",
          "role": "master"
        },
        {
          "hostip": "192.0.2.12",
          "hostname": "fss-node02",
          "role": "master"
        },
        {
          "hostip": "192.0.2.13",
          "hostname": "fss-node03",
          "role": "master"
        },
        {
          "hostip": "192.0.2.14",
          "hostname": "fss-node04",
          "role": "digitalsandbox"
        },
        {
          "hostip": "192.0.2.15",
          "hostname": "fss-node05",
          "role": "digitalsandbox"
        },
        {
          "hostip": "192.0.2.16",
          "hostname": "fss-node06",
          "role": "digitalsandbox"
        }
      ],
      "replicacount": 3,
      "storagenodes": [
        {
          "hostip": "192.0.2.14",
          "hostname": "fss-node04",
          "devices": [
            "sdb1"
          ]
        },
        {
          "hostip": "192.0.2.15",
          "hostname": "fss-node05",
          "devices": [
            "sdb1"
          ]
        },
        {
          "hostip": "192.0.2.16",
          "hostname": "fss-node06",
          "devices": [
            "sdb1"
          ]
        }
      ]
    }
    
    Table 1. Configuration file fields
    Heading Configurable values
    deployernode

    Specifies the IP address, gateway, and netmask configured on the network interface of the deployer VM. The deployer VM must be reachable by all of the Fabric Services System nodes, and the Fabric Services System nodes must be reachable by the deployer VM.

    • ipaddr: IP address of the deployer VM
    • gateway: gateway address of the interface on the deployer node
    • netmask: netmask of the interface on the deployer node
    timesync

    Specifies time synchronization parameters. The system requires all servers to be time-synchronized to function properly. If not completed already, the Fabric Services System deployer must be configured to install Chrony for time synchronization.

    • install: when set to true, Chrony is installed on all compute nodes with a default configuration
    • server: address of the NTPD server. This optional value configures an additional NTPD server as well as the default servers.
    digitalsandbox

    Specifies Digital Sandbox parameters.

    • enabled: when this flag is set to true, the Digital Sandbox component is installed. Ensure that at least one worker node is tagged with the digitalsandbox role.

      When set to false, the Digital Sandbox component is not installed.

    • volumenode: specifies one of the storage nodes on which the Digital Sandbox volume is created using Gluster. If not specified, the first node in the storage pool is used.
    fss

    Specifies Fabric Services System deployment options.

    • heketinode: specifies a node in the storage pool for the Heketi component. Heketi is used for provisioning storage requirements. This value specifies where to run the Heketi service. If no value is provided, the first node in the storage pool is used.
    • ztpaddress: specifies an address associated with the node running Traefik. The node can be any of the Fabric Services System cluster nodes. The SR Linux nodes connect to this IP address during the BOOT process to get the software image and the configuration. This IP address must be reachable from the SR Linux management network.
    • dhcpnode: specifies a node on which the Fabric Services System DHCP pod is scheduled
    • dhcpinterface: specifies the address that the DHCP server listens to for any DHCP requests coming from the DHCP relay agent. Optionally, you can connect SR Linux nodes via the relay agent to reach the Fabric Services System if they are not on the management network.
    • httpsenabled: Specifies whether HTTPS is enabled or disabled on the API and UI. This field is mandatory. Possible values:
      • false: disables HTTPS on the API and UI
      • true: enables HTTPS on the API and UI
    • certificate: contains the path on the deployer VM where the installer can find the crt (certificate) file. This certificate can be provided by a trusted Certificate Authority within your environment, or can be self-signed. The settings for its CN and SubjectAltName fields must be set to the domainhost value.
    • privatekey: contains the path on the deployer VM where the installer can find the private key file associated with the certificate.
    • domainhost: contains the full FQDN on which the Fabric Services System API and UI is served.
    workernodes

    Specifies the list of nodes intended to be part of the deployment, except for the deployer host. Worker nodes include storage nodes and Digital Sandbox nodes.

    • hostip: IP address of the specific worker node
    • hostname: hostname of the worker node
    • role: specified role of the worker node

      For Digital Sandbox nodes, specify this value as digitalsandbox.

      For Kubernetes master nodes, specify this value as master.

    replicacount

    Specifies the replica count for Gluster volumes, including the active volume.

    The default value is 1, indicating no replica (active volume only).

    A replica count higher than 1 creates the respective number of replica storage volumes. The value cannot be greater than the number of storage nodes.

    storagenodes

    Specifies the list of nodes used to create a storage pool. The number of storage nodes must match the value of replicacount, if configured.

    Nokia recommends that you configure a minimum of three storage nodes
    • hostip: IP address of the specific storage node
    • hostname: hostname of the storage node
    • devices: separate block devices must be set up. Set up a raw partition as xxx. If an existing file system is present on the device, the setup cannot proceed.

After you finish editing the input configuration file, you can install the Fabric Services System environment.

Installing the Fabric Services System environment

  1. Initiate the setup.
    [root@fss-deployer ~]$ /root/bin/fss-install.sh configure sample-input.json
    

    The CLI prompt indicates when the configuration is complete.

  2. Start the installation of Kubernetes, the Fabric Services System software, and the Digital Sandbox.
    [root@fss-deployer ~]$ /root/bin/fss-install.sh
    

    The installation time varies depending on the capacity of your system.

  3. After the installation script is completed, verify the installation by logging in to the Fabric Services System user interface.
    If HTTPS is enabled, use https://<domainhost_in_the_sample-json.input>; otherwise, use one of the node the IP addresses.

    Log in using the following default username and password:

    Username: admin

    Password: NokiaFss1!

    Note: After the initial login, Nokia recommends that you change this default admin password to a stronger password to secure the platform properly.

Troubleshooting a failed installation

If the Fabric Services System installation fails for any reason, you can use a script that is bundled with the system to generate information about the installation status. For assistance with troubleshooting, contact your Nokia support team.

The technical support script is included with the Fabric Services System.

For more information about the script and how to run it, see "Capturing troubleshooting data" in the Fabric Services System User Guide