Preparing the Fabric Services System virtual machine nodes

The procedures in this section describe how to create and configure Fabric Services System nodes in deployments that use virtual machine servers.

You must use the Fabric Services System base OS image. This image is specially designed for use with the Fabric Services System deployment and comes with the necessary software and components, pre-installed in a minimally-hardened Rocky 8.9 operating system.

Complete the procedure for each individual Fabric Services System node, ensuring that each node is running on a separate hypervisor to minimize the risk of any impact if a hypervisor fails.

Downloading the Fabric Services System base OS image

Contact Nokia support for the location of the Fabric Services System base OS image. Download the OVA or QCOW2 image.

Networking considerations

Nokia recommends that you use two different networks for the Fabric Services System nodes.

Within the hypervisor, both networks should be available as bridged networks. Both these networks require support for jumbo frames (MTU set to 9000).

Ensure that the MTU is set to 9000 on all the interfaces on the hypervisor, Fabric Service System VM nodes, deployer, and the interconnecting devices.

Configuring the Fabric Services System virtual machine

Complete the following steps to configure a Fabric Services System node.
  1. From the VMware vSphere or KVM console, log in to the node VM.

    Use the following credentials:

    Username: root

    Password: N0ki@FSSb4se!

  2. If your environment does not support or use the cloud-init services, disable and stop these services. 
    # systemctl stop cloud-init cloud-init-local cloud-config cloud-final
# systemctl disable cloud-init cloud-init-local cloud-config cloud-final
  3. Enable SSH.
    The base image is a hardened image, so SSH is disabled by default for the root user. To enable SSH, update the /etc/ssh/sshd_config file and change the following lines:
    PasswordAuthentication no
PermitRootLogin no
    to:
    PasswordAuthentication yes
PermitRootLogin yes
    Note: You can keep password authentication disabled to provide extra security. In this case, only key-based authentication works and you must configure the appropriate public SSH keys for the root user to log in over SSH. In any case, this configuration is needed for the deployer VM to reach the nodes.
  4. Restart SSH. 
    # systemctl restart sshd
  5. Edit the /etc/sysconfig/network-scripts/ifcfg-eth0 file to configure the correct static IP address, DNS servers, and gateway for the OAM network.
    Note: If you are deploying a dual-stack system, provide the IPv6 details in the ifcfg-eth0 file. Additionally, ensure that the default gateway is configured for both IPv4 and IPv6 and that both gateways are functional before installing the Fabric Services System.
    The final content should look similar to the following example, except with the IP address, DNS, and domain details specific to the target environment:
    BOOTPROTO=static
DEVICE=eth0
ONBOOT=yes
TYPE=Ethernet
USERCTL=no
IPADDR=192.0.2.10
PREFIX=24
GATEWAY=192.0.2.1
DNS1=192.0.2.5
DNS2=192.0.2.6
DOMAIN=fss.nokia.local
MTU=9000
  6. Edit the /etc/sysconfig/network-scripts/ifcfg-eth1 file to configure the correct static IP address for the fabric management network.

    Ensure that the MTU parameter is set to 9000 for all the interfaces.

    The final content should look similar to the following, except with the IP address, DNS, and domain details specific to the target environment:
    BOOTPROTO=static
DEVICE=eth0
ONBOOT=yes
TYPE=Ethernet
USERCTL=no
IPADDR=192.0.2.10
PREFIX=24
MTU=9000
  7. Restart the network to apply the new configuration. 
    # systemctl restart NetworkManager.service
  8. Configure the appropriate NTP servers.
    Edit the /etc/chrony.conf configuration file and replace all lines that begin with server with the correct server lines for the environment.
  9. Restart the chronyd service. 
    # systemctl restart chronyd
  10. Verify that time synchronization is functioning properly. 
    # chronyc tracking

    If the Reference ID field is not set to any of the configured servers, but instead refers to something like 127.127.1.1, time synchronization is not functioning properly.

    Reference ID    : 87E30FFE (192.0.2.5)
Stratum         : 4
Ref time (UTC)  : Wed Feb 16 01:20:36 2022
System time     : 0.000014215 seconds slow of NTP time
Last offset     : -0.000001614 seconds
RMS offset      : 0.000106133 seconds
Frequency       : 11.863 ppm slow
Residual freq   : -0.071 ppm
Skew            : 0.187 ppm
Root delay      : 0.063009784 seconds
Root dispersion : 0.018440660 seconds
Update interval : 64.5 seconds
Leap status     : Normal
  11. Synchronize the RTC clock and the system clock.
    Ensure that the RTC and the system clock are synchronized after every reboot.
    # hwclock --systohc
    Then verify that local time and the RTC time are synchronized.
    # timedatectl
  12. Change the hostname. 
    # hostnamectl set-hostname fss-node01.domain.tld
  13. Set up key-based authentication from the deployer VM to Fabric Services System compute VMs.
    If password authentication has been enabled on the node for SSH, enter the following command from the deployer VM.
    # ssh-copy-id root@<node IP/FQDN>