Fabric Services System installation

After the Fabric Services System deployer VM and the Fabric Services System nodes have been installed and configured, the environment is ready to be installed with the Fabric Services System application.

Using HTTPS for the UI and API

Nokia strongly recommends that you enable HTTPS for the UI and API to enforce the use of TLS encryption (v1.2 or v1.3) for all communication to the Fabric Services System management interfaces. Enabling HTTPS guarantees that all information is secured against snooping or changes during transit.

To enable HTTPS, a server certificate and private key must be provided to the deployer VM and installation tool. This certificate can either be provided by a trusted Certificate Authority within the environment, or it can be a self-signed certificate.

Ensure that the following properties of the certificate specify the FQDN that is used to access the Fabric Services System UI and API:

CN
SubjectAltName

The certificate provided during the installation must also be able to sign certificate requests itself; the CA option must be set to true. This is also referred to as a SubCA or Intermediate CA certificate.

If a self-signed certificate is preferred, the following command is an example of how to generate a self-signed certificate and accompanying private key. Replace the variables (enclosed in brackets, < >) with the appropriate values for your deployment scenario. This command requires OpenSSL 1.1.1 or later:

openssl req -newkey rsa:4096 -x509 -sha512 -days
        <validity-period-days> -nodes -out fss-tls.crt -keyout fss-tls.key -subj
        "/C=<country-code>/ST=<state-province>/L=<city>/O=<company>/OU=<organizational-unit>/CN=<FSS-FQDN>"
        -addext "subjectAltName=DNS:<FSS-FQDN>"

To enable HTTPS, the following settings must be configured in the installation configuration file:

httpsenabled: Set this parameter to true (Boolean; do not enclose with quotes).
certificate: The full path of the certificate .crt file as it is stored on the deployer VM.
privatekey: The full path of the private key file as it is stored on the deployer VM.
domainhost: The FQDN that is used to access the UI and API of the environment.

Note: When HTTPS is enabled, the Fabric Services System only allows connections over HTTPS that use the FQDN as the hostname in the request. Additionally, all HTTP requests are redirected to use HTTPS and to use that specific FQDN. If a different hostname is used, the request fails.

Dual-stack networks

The system supports a dual-stack network, where each VM has an IPv4 and an IPv6 address; the system does not support a pure IPv6 network.

Note:

The network must be ready for IPv6 and IPv4 IP addresses.
Each node must be configured with an IPv4 and IPv6 default gateway configured and the gateways must be functional.
The pods running in the VMs need to connect to SR Linux, which is in a different network.
After creating the VMs, Nokia recommends that you verify the required connectivity over IPv4 and IPv6.

To enable support for a dual-stack network, set the enable_dual_stack_networks parameter to True in the sample-input.json file. You must also set an IP v6 address in the ipv6 parameter for each worker node and storage node.

Editing the installation configuration file

As part of the deployment, you must provide specific details about the configurable portions of the installation using a configuration file. The details you provide instruct the deployer how to proceed when setting up the Kubernetes deployment, the Fabric Services System software, and the Digital Sandbox.

Note: You can rename the input configuration file to a name specific to your deployment. In the examples that follow, the input configuration file is named sample-input.json.

From the deployer, access the input configuration file.
```
[root@fss-deployer ~] vi sample-input.json
```

Edit the configuration file.

Update the file with the following settings:

IP addresses of the nodes to be used in your Fabric Services System deployment
deployer node settings
worker node settings
storage node settings
Note: When you set the devices parameter, specify only the partition name ("sdb" or "vdb" in the example below). You do not need to specify the path.
time synchronization
replica count
optional: Digital Sandbox installation characteristics
optional: remote syslog settings

The deployer creates three Kubernetes master nodes. By default, the master nodes are the first three worker nodes specified in the configuration file. However, you can specify which worker nodes you want to act as the Kubernetes master nodes by tagging those nodes with the master role in the configuration file.

The table below describes the fields in the sample-input.json file. Examples of sample-input.json files for IPv4 and dual-stack deployments follow.

Table 1. Field definitions
Heading	Configurable values
deployernode Specifies the IP address, gateway, and netmask configured on the network interface of the deployer VM. The deployer VM must be reachable by all of the Fabric Services System nodes, and the Fabric Services System nodes must be reachable by the deployer VM.	ipaddr: the IP address of the deployer VM. gateway: the gateway address of the interface on the deployer node. netmask: the netmask of the interface on the deployer node.
rsyslog Specifies the remote syslog server settings.	host: the IP address or FQDN of the remote syslog server. port: the port that the rsyslog utility uses for network connectivity. proto: the protocol used for syslog traffic, either TCP or UDP. Note: The system currently supports one remote syslog server.
digitalsandbox Specifies Digital Sandbox parameters.	enabled: when this flag is set to `true`, the Digital Sandbox component is installed. Ensure that at least one worker node is tagged with the `digitalsandbox` role. When set to `false`, the Digital Sandbox component is not installed.
fss Specifies Fabric Services System deployment options.	ztpaddress: specifies an address associated with the node running Traefik. The node can be any of the Fabric Services System cluster nodes. The SR Linux nodes connect to this IP address during the boot process to get the software image and the configuration. This IP address must be reachable from the SR Linux management network. ztpv6address: specifies the IPv6 address associated with the node for SR Linux to connect using IPv6. dhcpnode: specifies a node on which the Fabric Services System DHCP pod is scheduled. dhcpinterface: specifies the address that the DHCP server listens to for any DHCP requests coming from the DHCP relay agent. Optionally, you can connect SR Linux nodes via the relay agent to reach the Fabric Services System if they are not on the management network. dhcpv6interface: specifies the IPv6 address of the DHCPv6 relay agent. httpsenabled: Specifies whether HTTPS is enabled or disabled on the API and UI. This field is mandatory. Possible values: `true`: enables HTTPS on the API and UI `false`: disables HTTPS on the API and UI certificate: contains the path on the deployer VM where the installer can find the certificate .crt file. This certificate can be provided by a trusted Certificate Authority within your environment or can be self-signed. The settings for its CN and SubjectAltName fields must be set to the domainhost value. privatekey: contains the path on the deployer VM where the installer can find the private key file associated with the certificate. domainhost: contains the full FQDN on which the Fabric Services System API and UI is served. truststoreFilename: specifies the location of the truststore filename with the absolute path information. The JKS file must be generated to access the LDAP server from the Fabric Services System instance. The alternate names in the certificate should match the name and IP address configured for the federation provider (using the Fabric Services System UI or REST API). truststorePassword: specifies the password used to access the truststore kafkaconfig Configures the parameters that enable third-party tools to access Fabric Services System alarms. Note: HTTPS must be enabled on the Fabric Services System. port: the port number used by the client to connect to the Kafka service; specify a value between 30000 and 32767. groupprefix: the user group prefix for the client to use to connect to Kafka service. user and password: the credentials to use to authenticate. maxConnections: the maximum number of clients that can connect to the Kafka service. The maximum allowed value is 10.
K8s Specifies whether dual-stack network is supported	enable_dual_stack_networks: set to `True` to enable support for IPv6 networks. Note: The system supports only a dual-stack network, where each VM has an IPv4 and IPv6 address; the system does not support a pure IPv6 network.
workernodes Specifies the list of nodes intended to be part of the deployment, except for the deployer host. Worker nodes include storage nodes and Digital Sandbox nodes.	hostip: the IP address of the specific worker node . ip6: the IPv6 address of the worker node; required if the enable_dual_stack_networks parameter is set to `True`. hostname: the hostname of the worker node. role: the specified role of the worker node . For Digital Sandbox nodes, specify this value as `digitalsandbox`. For Kubernetes master nodes, specify this value as `master`.
replicacount Specifies the replica count for Gluster volumes, including the active volume.	The default value is `1`, indicating no replica (active volume only). A replica count higher than `1` creates the respective number of replica storage volumes. The value cannot be greater than the number of storage nodes.
storagenodes Specifies the list of nodes used to create a storage pool. The number of storage nodes must match the value of `replicacount`, if configured. Nokia recommends that you configure a minimum of three storage nodes.	hostip: the IP address of the specific storage node. ip6: the IPv6 address of the specific storage node; required if the enable_dual_stack_networks parameter is set to `True`. hostname: the hostname of the storage node. devices: separate block devices must be configured. Configure a raw partition as `xxx`. If an existing file system is present on the device, the setup cannot proceed.
singlenode Specifies whether the deployment consists of only a single node for extra small deployments.	The default value is `false`, indicating that the deployment is a standard three- or six-node deployment. If set to `true`, the deployment is set up on a single node and has no redundancy built in.

IPv4

The following is an example of a sample-input.json configuration file for an IPv4 network.

{
  "deployernode": {
    "ipaddr": "192.0.2.200",
    "gateway": "192.0.2.1",
    "netmask": "255.255.254.0"
  },
  "digitalsandbox": {
    "enabled": true,
    "volumenode": "fss-node04"
  },
  "fss": {
     "heketinode": "fss-node04",
     "dhcpnode": "fss-node01",
     "dhcpinterface": "128.66.0.201/24",
     "ztpaddress": "128.66.0.201",
     "httpsenabled":  true,
     "certificate": "/root/certs/fss-tls.crt",
     "privatekey": "/root/certs/fss-tls.key",
     "domainhost": "fss-dev.phd.fss.dev",
     "kafkaconfig": {
         "port": "31000",
         "groupprefix": "fsskafka",
         "user": "fssalarms",
         "password": "fssalarms",
         "maxConnections": 2
     }
  }, 
  "rsyslog": {
        "host": "192.0.2.161",
        "port": 51400,
        "proto": "udp"
     },
  "k8s": {
      "enable_dual_stack_networks": false
  },
  "replicacount": 2,
  "workernodes": [
    {
      "hostip": "192.0.2.201",
      "hostname": "fss-node01",
      "role": "master"
    },
    {
      "hostip": "192.0.2.202",
      "hostname": "fss-node02",
      "role": "master"
    },
    {
      "hostip": "192.0.2.203",
      "hostname": "fss-node03",
      "role": "master"
    },
    {
      "hostip": "192.0.2.204",
      "hostname": "fss-node04",
      "role": "digitalsandbox"
    },
    {
      "hostip": "192.0.2.205",
      "hostname": "fss-node05",
      "role": "digitalsandbox"
    },
    {
      "hostip": "192.0.2.206",
     "hostname": "fss-node06",
      "role": "digitalsandbox"
    }
  ],
  "storagenodes": [
    {
      "hostip": "192.0.2.204",
      "hostname": "fss-node04",
      "devices": [
        "sdb1"
      ]
    },
    {
      "hostip": "192.0.2.205",
      "hostname": "fss-node05",
      "devices": [
        "sdb1"
      ]
    },
    {
      "hostip": "192.0.2.206",
      "hostname": "fss-node06",
      "devices": [
        "sdb1"
      ]
    }
  ]
}

Dual stack

The following is an example of a sample-input.json configuration file for dual stack IPv4 and IPv6 network.

{
  "deployernode": {
    "ipaddr": "192.0.2.200",
    "gateway": "192.0.2.1",
    "netmask": "255.255.254.0"
  },
  "digitalsandbox": {
    "enabled": true,
    "volumenode": "fss-node04"
  },
  "fss": {
     "heketinode": "fss-node04",
     "dhcpnode": "fss-node01",
     "dhcpinterface": "128.66.0.201/24",
     "ztpaddress": "128.66.0.201",
     "httpsenabled":  true,
     "certificate": "/root/certs/fss-tls.crt",
     "privatekey": "/root/certs/fss-tls.key",
     "domainhost": "fss-dev.phd.fss.dev",
     "kafkaconfig": {
         "port": "31000",
         "groupprefix": "fsskafka",
         "user": "fssalarms",
         "password": "fssalarms",
         "maxConnections": 2
         "truststoreFilename": "/root/fss.truststore.jks",
         "truststorePassword": "fss123"
  },
  "k8s": {
      "enable_dual_stack_networks": true
  },
  "replicacount": 2,
  "rsyslog": {
      "host": "192.0.2.161",
      "port": 514,
      "proto": "udp"
  },
  "workernodes": [
    {
      "hostip": "192.0.2.201",
      "ip6": "2001:db8:f685:0::201",
      "hostname": "fss-node01",
      "role": "master"
    },
    {
      "hostip": "192.0.2.202",
      "ip6": "2001:db8:f685:0::202",
      "hostname": "fss-node02",
      "role": "master"
    },
    {
      "hostip": "192.0.2.203",
      "ip6": "2001:db8:f685:0::203",
      "hostname": "fss-node03",
      "role": "master"
    },
    {
      "hostip": "192.0.2.204",
      "ip6": "2001:db8:f685:0::204",
      "hostname": "fss-node04",
      "role": "digitalsandbox"
    },
    {
      "hostip": "192.0.2.205",
      "ip6": "2001:db8:f685:0::205",
      "hostname": "fss-node05",
      "role": "digitalsandbox"
    },
    {
      "hostip": "192.0.2.206",
      "ip6": "2001:db8:f685:0::206",
      "hostname": "fss-node06",
      "role": "digitalsandbox"
    }
  ],
  "storagenodes": [
    {
      "hostip": "192.0.2.204",
      "ip6": "2001:db8:f685:0::204",
      "hostname": "fss-node04",
      "devices": [
        "sdb1"
      ]
    },
    {
      "hostip": "192.0.2.205",
      "ip6": "2001:db8:f685:0::205",
      "hostname": "fss-node05",
      "devices": [
        "sdb1"
      ]
    },
    {
      "hostip": "192.0.2.206",
      "ip6": "2001:db8:f685:0::206",
      "hostname": "fss-node06",
     "devices": [
        "sdb1"
      ]
    }
  ]
}

After you finish editing the input configuration file, you can install the Fabric Services System environment.

Installing the Fabric Services System environment

Initiate the setup.
```
[root@fss-deployer ~]$ fss-install.sh configure sample-input.json
```
The CLI prompt indicates when the configuration is complete.
Start the installation of Kubernetes, the Fabric Services System software, and the Digital Sandbox.
```
[root@fss-deployer ~]$ fss-install.sh
```
The installation time varies depending on the capacity of your system.
After the installation script is completed, verify the installation by logging in to the Fabric Services System user interface.
If HTTPS is enabled, use https://<domainhost_in_the_sample-json.input>; otherwise, use one of the node the IP addresses.
Log in using the following default username and password:
Username: admin
Password: NokiaFss1!
Note: After the initial login, Nokia recommends that you change this default admin password to a stronger password to secure the platform properly.

How to troubleshoot a failed installation

If the Fabric Services System installation fails for any reason, you can use a script that is bundled with the system to generate information about the installation status. For assistance with troubleshooting, contact your Nokia support team.

The technical support script is included with the Fabric Services System.

For more information about the script and how to run it, see "Capturing troubleshooting data" in the Fabric Services System User Guide.

Fabric Services System installation

Using HTTPS for the UI and API

Dual-stack networks

Editing the installation configuration file

Installing the Fabric Services System environment

How to troubleshoot a failed installation

For consumers

For business

Innovation

About us

Contact and support