Configure Openshift vSphere Cloud Provider

In this post I will show you how can you use vmware for persistent storagi on Openshift.

Parst of the Openshift series

• Part1: Install Opeshift
• Part2: How to Enable Auto Approval of CSR in Openshift v3.11
• Part3: Add new workers to Openshift cluster
• Part4: Chane the certificates of the Openshift cluster
• Part5: LDAP authentication for Openshift
• Part6: Keycloak SSO authentication for Openshift
• Part7: Gitlab SSO authentication for Openshift
• Part8a: Ceph persistent storage for Openshift
• Part8b: vSphere persistent storage for Openshift
• Part9: Helm on Openshift
• Part10: Tillerless Helm on Openshift
• Part11: Use external docker registry on Openshift
• Part12: Secondary router on Openshift
• Part13a: Use Letsencrypt on Openshift
• Part13b: Install cert-managger on Openshift
• Part14: Create Openshift operators
• Part15: Convert docker-compose file to Opeshift

vSphere Configuration

• Create a folder for all the VMs in vCenter
  • In the navigator, select the data center
  • Right-click and select the menu option to create the folder.
  • Select All vCenter Actions > New VM and Template Folder.
  • Move Openshift vms to this folder
• The name of the virtual machine must match the name of the nodes for the OpenShift cluster.

Set up the GOVC environment:

# on deployer
curl -LO https://github.com/vmware/govmomi/releases/download/v0.20.0/govc_linux_amd64.gz
gunzip govc_linux_amd64.gz
chmod +x govc_linux_amd64
cp govc_linux_amd64 /usr/bin/govc
echo "export GOVC_URL='vCenter IP OR FQDN'" >> /etc/profile
echo "export GOVC_USERNAME='vCenter User'" >> /etc/profile
echo "export GOVC_PASSWORD='vCenter Password'" >> /etc/profile
echo "export GOVC_INSECURE=1" >> /etc/profile
source /etc/profile

Add disk.enableUUID=1 for all VM:

govc vm.info <vm>
govc ls /Datacenter/kubernetes/<vm-folder-name>
# example:
govc ls /Datacenter/kubernetes/okd-01

govc vm.change -e="disk.enableUUID=1" -vm='VM Path'
# example:
govc vm.change -e="disk.enableUUID=1" -vm='/datacenter/kubernetes/okd-01/okd-m01'

VM Hardware should be at version 15 or higher. Upgrade if needed:

govc vm.option.info '/datacenter/kubernetes/okd-01/okd-m01' | grep HwVersion

govc vm.upgrade -version=15 -vm '/datacenter/kubernetes/okd-01/okd-m01'

Create the required Roles

• Navigate in the vSphere Client - Menu > Administration > Roles
• Add a new Role and select the permissions required. Repeat for each role.

Roles	Privileges	Entities	Propagate to Children
vcp-manage-okd-node-vms	Resource.AssignVMToPoolVirtualMachine.Config.AddExistingDisk, VirtualMachine.Config.AddNewDisk, VirtualMachine.Config.AddRemoveDevice, VirtualMachine.Config.RemoveDisk, VirtualMachine.Config.SettingsVirtualMachine.Inventory.Create, VirtualMachine.Inventory.Delete	Cluster, Hosts, VM Folder	Yes
vcp-manage-okd-volumes	Datastore.AllocateSpace, Datastore.FileManagement (Low level file operations)	Datastore	No
vcp-view-okd-spbm-profile	StorageProfile.View (Profile-driven storage view)	vCenter	No
Read-only (pre-existing default role)	System.Anonymous, System.Read, System.View	Datacenter, Datastore Cluster, Datastore Storage Folder	No

Create a service account

• Create a vsphere user, or add a domain user, to provide access and assign the new roles to.

Configure ansible installer

nano /etc/hosts
openshift_master_dynamic_provisioning_enabled=true
openshift_cloudprovider_kind=vsphere
openshift_cloudprovider_vsphere_username=<vCenter User>
openshift_cloudprovider_vsphere_password=<vCenter Password>
openshift_cloudprovider_vsphere_host=<vCenter IP OR FQDN>
openshift_cloudprovider_vsphere_datacenter=<Datacenter>
openshift_cloudprovider_vsphere_datastore=<Datastore>
openshift_cloudprovider_vsphere_folder=<vm-folder-name>

Add providerID

nano openshift-vmware-pacher.sh
DATACENTER='<Datacenter>'
FOLDER='<vm-folder-name>'
for vm in $(govc ls /$DATACENTER/vm/$FOLDER ); do
  MACHINE_INFO=$(govc vm.info -json -dc=$DATACENTER -vm.ipath="$vm" -e=true)
  # My VMs are created on vmware with upper case names, so I need to edit the names with awk
  VM_NAME=$(jq -r ' .VirtualMachines[] | .Name' <<< $MACHINE_INFO | awk '{print tolower($0)}')
  # UUIDs come in lowercase, upper case then
  VM_UUID=$( jq -r ' .VirtualMachines[] | .Config.Uuid' <<< $MACHINE_INFO | awk '{print toupper($0)}')
  echo "Patching $VM_NAME with UUID:$VM_UUID"
  # This is done using dry-run to avoid possible mistakes, remove when you are confident you got everything right.
  kubectl patch node $VM_NAME -p "{\"spec\":{\"providerID\":\"vsphere://$VM_UUID\"}}"
done

chmod +x openshift-vmware-pacher.sh
./openshift-vmware-pacher.sh

Run the Installer

# deployer
cd /usr/share/ansible/openshift-ansible/
sudo ansible-playbook -i inventory/hosts.localhost playbooks/prerequisites.yml
sudo ansible-playbook -i inventory/hosts.localhost playbooks/deploy_cluster.yml

# If installastion failed or went wrong, the following uninstallation script can be run, and running installation can be tried again:
sudo ansible-playbook -i inventory/hosts.localhost playbooks/adhoc/uninstall.yml

Create vSphere storage-class

nano vmware-sc.yml
kind: StorageClass
apiVersion: storage.k8s.io/v1
metadata:
  annotations:
    storageclass.kubernetes.io/is-default-class: "true"
  name: "vsphere-standard"
provisioner: kubernetes.io/vsphere-volume
parameters:
    diskformat: zeroedthick
    datastore: "NFS"
reclaimPolicy: Delete

oc aplay -f vmware-sc.yml