Chapter 8. Configuring network settings for fully disconnected hosts
Learn how to apply networking customization and settings to run MicroShift on fully disconnected hosts. A disconnected host should be the Red Hat Enterprise Linux (RHEL) operating system, versions 9.0+, whether real or virtual, that runs without network connectivity.
8.1. Preparing networking for fully disconnected hosts
Use the procedure that follows to start and run MicroShift clusters on devices running fully disconnected operating systems. A MicroShift host is considered fully disconnected if it has no external network connectivity.
Typically this means that the device does not have an attached network interface controller (NIC) to provide a subnet. These steps can also be completed on a host with a NIC that is removed after setup. You can also automate these steps on a host that does not have a NIC by using the %post
phase of a Kickstart file.
Configuring networking settings for disconnected environments is necessary because MicroShift requires a network device to support cluster communication. To meet this requirement, you must configure MicroShift networking settings to use the "fake" IP address you assign to the system loopback device during setup.
8.1.1. Procedure summary
To run MicroShift on a disconnected host, the following steps are required:
- Prepare the host
- Stop MicroShift if it is currently running and clean up changes the service has made to the network.
- Set a persistent hostname.
- Add a “fake” IP address on the loopback interface.
- Configure DNS to use the fake IP as local name server.
-
Add an entry for the hostname to
/etc/hosts
.
- Update the MicroShift configuration
-
Define the
nodeIP
parameter as the new loopback IP address. -
Set the
.node.hostnameOverride
parameter to the persistent hostname.
-
Define the
- For the changes to take effect
- Disable the default NIC if attached.
- Restart the host or device.
After starting, MicroShift runs using the loopback device for within-cluster communication.
8.2. Restoring MicroShift networking settings to default
You can remove networking customizations and return the network to default settings by stopping MicroShift and running a clean-up script.
Prerequisites
- RHEL 9 or newer.
- MicroShift 4.14 or newer.
- Access to the host CLI.
Procedure
Stop the MicroShift service by running the following command:
$ sudo systemctl stop microshift
Stop the
kubepods.slice
systemd unit by running the following command:$ sudo systemctl stop kubepods.slice
MicroShift installs a helper script to undo network changes made by OVN-K. Run the cleanup script by entering the following command:
$ sudo /usr/bin/microshift-cleanup-data --ovn
8.3. Configuring the networking settings for fully disconnected hosts
To configure the networking settings for running MicroShift on a fully disconnected host, you must prepare the host, update the networking configuration, then restart to apply the new settings. All commands are executed from the host CLI.
Prerequisites
- RHEL 9 or newer.
- MicroShift 4.14 or newer.
- Access to the host CLI.
- A valid IP address chosen to avoid both internal and potential future external IP conflicts when running MicroShift.
- MicroShift networking settings are set to defaults.
The following procedure is for use cases in which access to the MicroShift cluster is not required after devices are deployed in the field. There is no remote cluster access after the network connection is removed.
Procedure
Add a fake IP address to the loopback interface by running the following command:
$ IP="10.44.0.1" 1 $ sudo nmcli con add type loopback con-name stable-microshift ifname lo ip4 ${IP}/32
- 1
- The fake IP address used in this example is “10.44.0.1”.
NoteAny valid IP works if it avoids both internal MicroShift and potential future external IP conflicts. This can be any subnet that does not collide with the MicroShift node subnet or is be accessed by other services on the device.
Configure the DNS interface to use the local name server by setting modifying the settings to ignore automatic DNS and reset it to the local name server:
Bypass the automatic DNS by running the following command:
$ sudo nmcli conn modify stable-microshift ipv4.ignore-auto-dns yes
Point the DNS interface to use the local name server:
$ sudo nmcli conn modify stable-microshift ipv4.dns "10.44.1.1"
Get the hostname of the device by running the following command:
$ NAME="$(hostnamectl hostname)"
Add an entry for the hostname of the node in the
/etc/hosts
file by running the following command:$ echo "$IP $NAME" | sudo tee -a /etc/hosts >/dev/null
Update the MicroShift configuration file by adding the following YAML snippet to
/etc/microshift/config.yaml
:sudo tee /etc/microshift/config.yaml > /dev/null <<EOF node: hostnameOverride: $(echo $NAME) nodeIP: $(echo $IP) EOF
MicroShift is now ready to use the loopback device for cluster communications. Finish preparing the device for offline use.
- If the device currently has a NIC attached, disconnect the device from the network.
- Shut down the device and disconnect the NIC.
- Restart the device for the offline configuration to take effect.
Restart the MicroShift host to apply the configuration changes by running the following command:
$ sudo systemctl reboot 1
- 1
- This step restarts the cluster. Wait for the greenboot health check to report the system healthy before implementing verification.
Verification
At this point, network access to the MicroShift host has been severed. If you have access to the host terminal, you can use the host CLI to verify that the cluster has started in a stable state.
Verify that the MicroShift cluster is running by entering the following command:
$ export KUBECONFIG=/var/lib/microshift/resources/kubeadmin/kubeconfig $ sudo -E oc get pods -A
Example output
NAMESPACE NAME READY STATUS RESTARTS AGE kube-system csi-snapshot-controller-74d566564f-66n2f 1/1 Running 0 1m kube-system csi-snapshot-webhook-69bdff8879-xs6mb 1/1 Running 0 1m openshift-dns dns-default-dxglm 2/2 Running 0 1m openshift-dns node-resolver-dbf5v 1/1 Running 0 1m openshift-ingress router-default-8575d888d8-xmq9p 1/1 Running 0 1m openshift-ovn-kubernetes ovnkube-master-gcsx8 4/4 Running 1 1m openshift-ovn-kubernetes ovnkube-node-757mf 1/1 Running 1 1m openshift-service-ca service-ca-7d7c579f54-68jt4 1/1 Running 0 1m openshift-storage topolvm-controller-6d777f795b-bx22r 5/5 Running 0 1m openshift-storage topolvm-node-fcf8l 4/4 Running 0 1m