Set up and run NCP and NSX node agent.

Procedure

  1. Edit roles/ncp/defaults/main.yaml and specify the OpenShift API server IP, NSX manager IP, and URL'sfor downloading NCP ReplicationController yaml and nsx-node-agent DaemonSet yaml.
  2. From the openshift-ansible-nsx directory, run the ncp role:
        ansible-playbook -i /PATH/TO/HOSTS/hosts ncp.yaml

Results

The ncp role performs the following steps:

  • Check if nsx-system project exists, and create one if it does not.

        oc new-project nsx-system
  • Check if a default service account exists, and create one if it does not.

        oc create serviceaccount default
  • Add cluster-admin role to the above service account, to be used by user to create NCP and nsx-node-agent pods.

        oadm policy add-cluster-role-to-user cluster-admin system:serviceaccount:nsx-system:default
  • Obtain the token associated with the above service account, and store it under /etc/nsx-ujo/default_token.

        secret=`kubectl get serviceaccount default -o yaml | grep -A1 secrets | tail -n1 | awk {'print $3'}`
    
        kubectl get secret $secret -o yaml | grep 'token:' | awk {'print $2'} | base64 -d > /etc/nsx-ujo/default_token
  • Download the SecurityContextConstraint (SCC) yaml file for NCP and create the SCC based on the yaml.

  • Add the created SCC to current user.

        oadm policy add-scc-to-user ncp-scc -z default
  • Download the YAML files for NCP ReplicationController (RC) and nsx-node-agent DaemonSet (DS) and update the ConfigMap.

  • Download and load the NCP image (nsx-node-agent uses the same image).

  • Configure the service account and set up the required SecurityContextConstraint for NCP and nsx_node_agent.

  • Create the NCP ReplicationController and nsx-node-agent DaemonSet.

Note:

NCP opens persistent HTTP connections to the Kubernetes API server to watch for life cycle events of Kubernetes resources. If an API server failure or a network failure causes NCP's TCP connections to become stale, you must restart NCP so that it can re-establish connections to the API server. Otherwise, NCP will miss the new events.