VMware NSX-T SDN Install and Config updates #14649
Conversation
openshift-ci-robot
added
the
size/L
|
Thanks for submitting this PR. We are not currently accepting partner documentation in our docs. I am going to close this PR. Please work with your partner team at Red Hat for approvals for these updates. |
|
@vikram-redhat This work has been completed via the partner team and has been approved. |
| $ ansible-playbook -i hosts openshift-ansible/playbooks/prerequisites.yml | ||
| ---- | ||
|
|
||
| Once the above playbook has executed successfully, run the following on all nodes: |
There was a problem hiding this comment.
@RobbieJVMW Should this be a prerequisite?
There was a problem hiding this comment.
Howdy @mburke5678 ! Yes, this prepares the nodes for OCP installation. See:
|
|
||
| There is a *T0 router* on the top that connects physical with virtual world. We also have *T1 router* acting as a default gateway for the OpenShift VMs. | ||
|
|
||
| Those VMs have *two vNICs* each. One vNIC is connected to Management Logical Switch for accessing the VMs. The second vNIC is connected to a dump Logical Switch and is used by nsx-node-agent to uplink the POD networking. For further details, we strongly suggest reading the link:https://docs.vmware.com/en/VMware-NSX-T-Data-Center/2.3/nsxt_23_ncp_OpenShift.pdf[NSX Container Plug-in for OpenShift]. |
There was a problem hiding this comment.
@RobbieJVMW I get a 404 at that link. Can you confirm the link?
There was a problem hiding this comment.
The link should be : https://docs.vmware.com/en/VMware-NSX-T-Data-Center/2.4/nsxt_24_ncp_openshift.pdf
If you could check it works for you, its fine for me.
| This means that the DNS records for the infra components need to point the infrastructure node IP addresses since the HAProxy uses the host network namespace. | ||
| This works well for infra routes but in order to avoid exposing the infra nodes management IPs to the outside world we will be deploying application specific routes to the NSX-T LoadBalancer. | ||
|
|
||
| The topology here assumes 3 x OpenShift master virtual machines and 4 x OpenShift worker virtual machines(two for infrastructure and two for compute). |
There was a problem hiding this comment.
@RobbieJVMW Can the user use 4.x and 3.x together? Or are you connecting the two?
There was a problem hiding this comment.
This is referring to the number of virtual machines not the Openshift version ( if that's the question). The target for this update is 3.11
| * Virtual Machine requirements: | ||
| ** {product-title} node VMs must have *two vNICs*: | ||
| ** Management vNIC connected to the *Logical Switch* that is uplinked to the management *T1 router*. | ||
| ** The second vNIC on all VMs needs to have two Tags in *NSX-T* in order 'nsx-container-plugin' (NCP) to know which port needs to be used as a parent VIF for all PODs running in the particular OpenShift node. Tags need to be as following: |
There was a problem hiding this comment.
@RobbieJVMW In Tags in NSX-T in order what does Tags in NSX-T mean?
There was a problem hiding this comment.
Tag is essentially a label. NSX Tag's are how the nsx platform manages relationships between components.
There was a problem hiding this comment.
I saw that better when I got the image to appear in my preview. Thanks!
|
|
||
| Once the above playbook has executed successfully, run the following on all nodes: | ||
|
|
||
| Assuming NCP Container image is downloaded locally on all nodes. |
There was a problem hiding this comment.
@RobbieJVMW Does the OpenShift installer download these images or is this a manual step?
docker load -i nsx-ncp-rhel-xxx.tar
Is nsx-ncp-rhel-xxx a literal string to enter or does the user need to know the file name? If the later, how does the user know the file name?
There was a problem hiding this comment.
This is a manual set with 'nsx-ncp-rhel-xxx' where xxx refers to the NCP build version.
|
|
||
| == Check NSX-T after {product-title} deployment | ||
|
|
||
| Check routing. T1 routers has been created during namespace creation and linked to T0 router: |
There was a problem hiding this comment.
T1 router has been created during namespace creation
Is it important when the routers were created? Is saying T1 router has been created sufficient?
| image:images/nsxt-visibility.png[NSX visibility] | ||
|
|
||
| Check Load Balancing. NSX-T offers Load Balancer and Ingress Controller capabilities: | ||
| image:images/nsxt-loadbalancing.png[NSX loadbalancing] |
There was a problem hiding this comment.
@RobbieJVMW Is the nsxt-loadbalancing.png image correct? The Server Pools tab of the Load Balancing page is displayed. Should this be the Load Balancers tab?
| Check Load Balancing. NSX-T offers Load Balancer and Ingress Controller capabilities: | ||
| image:images/nsxt-loadbalancing.png[NSX loadbalancing] | ||
|
|
||
| For additional configuration and options please refer to the link:https://docs.vmware.com/en/VMware-NSX-T-Data-Center/2.4/rn/NSX-Container-Plugin-Release-Notes.html[VMware NSX-T v2.4 OpenShift Plug-In] documentation. |
There was a problem hiding this comment.
@RobbieJVMW This link goes to the release notes. Is that the best place to find configurations and options?
Updated documentation for VMware NSX-T SDN plug-in.
Example topology and ansible config.
Links to full configuration guide following the same style and formatting of existing SDN Plug-In docs.
Targetting - Enterprise 3.1 / Origin
@openshift/team-documentation