https://rancher.com/ logo
Join Slack
Powered by
This message was deleted.
# elemental
a
This message was deleted.
m
Once I generate the ISO, should I upload it to vSphere’s content library? Can I go straight to creating an RKE2 cluster, and utilize the thing that built using the “Build Media” button in the Elemental console? I guess I’m a little lost on my next steps here… Currently using RancherOS/BurmillaOS to create RKE1 clusters using node templates and cluster templates. Managing the OS that way was rather painful, so trying to test out “the new way”. I have already used the “Create an Elemental Cluster” button to gen me an RKE2 cluster using the vSphere foo - but it’s holding on “Waiting for viable init node”
q
Playing around with vsphere the last weeks so i can answer some questions: Yes the iso needs to be uploaded to vsphere as you need to start a vm from it and yes you can use the UI to build/download the iso or you can go the cli way https://elemental.docs.rancher.com/quickstart-cli#preparing-the-installation-seed-image
s
Yes Mike is right, the ISO should be uploaded to vsphere in order to start VMs from it. The generated ISO after booting first thing it tries to do is to register against Rancher instance, hence the upstream management cluster should be reachable from downstream cluster nodes. The registration is done using the registration URL that is part of a MachineRegistration resource. So the ISO is coupled to a specific instance of a MachineRegistration. Once registered the installation from the ISO to the hard disk starts automatically. Then with the 
Create an Elemental Cluster
button you create RKE2 clusters with a machine pool that tries to fetch nodes from the Elemental machine inventory. At that point is where the labels you included in the MachineRegistration might be relevant to select certain nodes.
m
Thanks all! What if I want to turn the generated ISO into a bootable image or VM template I can use for the RKE2 cluster to use for its content library for nodes? Is that possible or am I going about this the wrong way?
As an example, to not have to pre-create VMs and machine pools before the cluster is formed.
q
The iso is a bootable image. Upload it to vsphere content library and create a vm with it.
👍 1
As i did a lot of vsphere deployments recently here some hints: • choose SEL 15 as OS so EFI is available • add TPM Device • change Encryption from Oppurtunistic to Required (vmotion and FT) or elemental will not boot
and now the bad thing when you plan to use terraform: the vsphere provider does not support adding tpm and encryption settings
which makes me now testing emulated-tpm-seed
h
Just starting to test elemental here, are you guys getting the Elemental extension up in the rancher admin interface? I have installed the operator
q
yes
h
Weird. i only see this:
What do you see under repositories?
the only extension repo i get is "partner-extensions"
q
image.png
h
Nice, did you add Rancher Extensions manually?
q
afaik it comes in when enabling extensions in general
h
thanks, trying to reinstall it now
m
Hey all! Just now getting back to this… So I created an Elemental ISO image from the registration endpoint, downloaded the boot media, and uploaded it to a content library in vSphere. When I try to boot from it, it doesn’t seem to want to - and goes straight in to PXE mode. Any ideas? Also, what OS Compatibility should I be setting this to for vSphere?
q
m
Ahh I might have forgotten that last step
Ok, what do we do if we don’t have a KMS server setup or anything for virtual TPM functionality ? Do I have to have TPM for this to work?
@quaint-airline-20784
q
not available in your vsphere?
m
Nope it’s not, I asked our vSphere admin and what he told me was what I posted above
q
then you can go with emulate
m
I’m reading thru this: https://elemental.docs.rancher.com/authentication/ but can’t see a way to do it within Rancher Elemental
q
registration: emulate-tpm: true emulated-tpm-seed: -1
m
Ah thanks, I see it now under Edit Config for the registration endpoint
f
It allows for elemental configs but you can be very granular with the config.
It also allows you to pack in additional binaries at build. This is helpful if you want additional utilities within the image.
I'm still tinkering with the kuberenetes aspects but it also allows you to build a cluster into the image. This way you can deploy an airgapped rke2 cluster and all the necessary binaries are pulled in at image build
m
Thanks, I don’t believe I need more utils, currently using BurmillaOS at the moment for our K8s clsuters and it’s a fork of RancherOS. It fits our use-case pretty well but I want to do this the “official” way with SUSE Slim/Elemental and RKE2…
f
So that's the beauty of this utility. It's based off SLE-Micro and you can download and inject the elemental registration so it'll register with OS Management on your rancher manager. I was using elemental but switched to this as I was able to use the network aspect to create bonded uplinks for my server infra.
But the OS management thru Rancher is also super easy to get rolling.
m
Ah interesting - yeah I was really interested in the Rancher Server OS management piece for this
f
@high-morning-12231 can probably provide more details on it as well.
m
So another dumb question time: When I bootstrap the VM, using the newly built ISO media from Rancher Elemental - do I turn that VM into a template (after it installs) and then tell RKE2 to use those when I provision a new RKE2 cluster?
f
From my experience you'll need to create a new VM each time since the registration to Rancher uses data stored in the TPM and that needs to be unique to each machine.
m
That seems less than ideal - I want to provision in the Rancher UI only without having to reach out and use vSphere..
f
Hmmmmm.... I think I'm going to test that in my home lab and see what happens.
m
Yeah I’m having to emulate TPM anyways (thanks Mike for that), but that’s what I really loved about using boot2docker and RKE1 - I could give it the RancherOS/BurmillaOS ISO URL, config my cluster (so many etcd/cntrlpln/wrker nodes and click go. I’d have a 7 node cluster in 7 mins on vSphere without having to do anything from vSphere’s end.
q
you can do this with terraform
m
Eventually I think we’ll get there. But I want to see if I can do it native in Rancher first. Then use the Rancher API for the rest via Terraform or Ansible
q
and no you can not use templates. there is something with the machine registration id (?) which needs to be unique
i tried that too 🙂
m
Ah gotcha - but I can use the same ISO for any number of nodes in the cluster?
q
if you dont do hacks like me you need for every kind (worker, controller) a separate image
m
Interesting, this does not seem intuitive or simpler at all
q
yes, you will loose some handy stuff from regular rancher.
f
I know labels are a good way to sort but again multiple images is harder to maintain. Baremetal you can use hardware aspects like the service tag or serial number to sort. However I do feel it could be a lot easier from the sorting perspective if the cluster expansion only truly consumed the systems you check off.
👍 1
m
Anyone know if there’s a way to tell the machine registration id to use the MAC address instead of something off of the TPM? This might solve the template problem
s
I think this is what you might be looking at https://elemental.docs.rancher.com/next/machineregistration-reference#configelementalregistration there are some options on registration methods (https://elemental.docs.rancher.com/authentication). For the time being, any non TPM authentication meant to be used for testing and development purposes only.
👍 1
m
Yep yep, thanks much. Since we don’t have any TPM and this is a PoC - I guess we fall under “testing and development purposes only.” lol Also! circling back to my previous question about using the same ISO for another VM: I was able to do that successfully! I used the rules in the Elemental cluster config under Inventory of Machines Selector Template to target a specific machine in each machine pool to the specific one in vSphere.
f
For that did you use the machineUUID selector?
m
I did 
serialNumber
I just checked the labels and they did each get a unique UUID also
f
I use this with baremetal right now. the SMBIOS labels and service tags help a lot as well. Being able to sort by processor class to specific pools is nifty. Especially when applications developers demand a specific type of hardware.
👍 1
q
@modern-television-79263 are you using serialNumber in VMware? So far the only field i found in vmware to use with smbios is 
smBIOS.assetTag
m
I am mapping this on the registration endpoint:
Copy code
machineInventoryLabels:
  machineUUID: ${System Information/UUID}
  manufacturer: ${System Information/Manufacturer}
  productName: ${System Information/Product Name}
  serialNumber: ${System Information/Serial Number}
Then using serialNumber when I target a VM for the pool:
The labels do populate properly and uniquely when you look at the machine in the Inventory view:
And in the nodes cluster view:
Both of those use the same ISO that I generated via Elemental and uploaded to vSphere’s content Library to create VMs on and install on first boot.
q
So you assign every vm manually to it's pool by changing the MachineInventorySelectorTemplate and adding another serial number?
👍 1
m
I’m not sure how else to auto-assign to pools yet - but I could probably add a label to each ISO build or VM I create and have it assign that way with a rule? At the moment, I was just testing to see if I could use the same built ISO for multiple VMs and have them report back sanely to Elemental.
q
my way is adding smBIOS.assetTag=controller or worker as extra parameter when creating the vm with terraform. this value populates Chassis Information/Asset Tag which then is used by: machineInventoryLabels: nodeType: "${Chassis Information/Asset Tag}" Then i have 2 MachineInventorySelectorTemplates:
Copy code
apiVersion: <http://elemental.cattle.io/v1beta1|elemental.cattle.io/v1beta1>
kind: MachineInventorySelectorTemplate
metadata:
  name: pxf-elemental1-worker
  namespace: fleet-default
spec:
  template:
    spec:
      selector:
        matchExpressions:
          - key: nodeType
            operator: In
            values: [ 'worker' ]
Copy code
apiVersion: <http://elemental.cattle.io/v1beta1|elemental.cattle.io/v1beta1>
kind: MachineInventorySelectorTemplate
metadata:
  name: pxf-elemental1-controller
  namespace: fleet-default
spec:
  template:
    spec:
      selector:
        matchExpressions:
          - key: nodeType
            operator: In
            values: [ 'controller' ]
This way i can use the same iso and vms get auto assigned to the right pool.
what bothers me is that i have to resize the quantity in the cluster definition
👍 1
m
Ah, I think the same is true if just using straight Rancher? Doesn’t one have to go in to the Elemental Cluster and do a new reconciliation?
q
in regular rancher we just change the quantity in terraform code and anything else ( creation in vmware, assigning, resizing etc.) is done magically in the background. would be cool when elemental will be supported by the rancher tf provider.
👍 1
f
Having the TF for that would be awesome as it would be similar to the TF they have for using the vSphere provisioner based on how that interacts with the underlying CRD. As a work around you could use FLUX/Kustomize and create an overlay for 
<http://provisioning.cattle.io|provisioning.cattle.io>
on the 
local
management cluster. From there you could define patches for the target.
Copy code
apiVersion: <http://provisioning.cattle.io/v1|provisioning.cattle.io/v1>
kind: Cluster
metadata:
  name: tailgate
spec:
  rkeConfig:
    machinePools:
      - name: worker
        quantity: 3
This could be a patch.yaml that kustomize applies
So I found out something neat. If you're using TF you can pre-seed your MachineInventorySelectorTemplates for elemental based off what you've configured in the registrations endpoint. In turn this allows you to use 
rancher_cluster_v2
TF to provision a cluster.
🎉 1
m
That is neat!
f
This is the spec you'll need to apply to create a SelectorTemplate. This will need to be present in order to use the 
rancher_cluster_v2
TF module.
Copy code
apiVersion: elemental.cattle.io/v1beta1
kind: MachineInventorySelectorTemplate
metadata:
  name: <clustername>-cp
  namespace: fleet-default
spec:
  template:
    spec:
      selector:
        matchExpressions:
        - key: controlplane
          operator: Exists
        - key: cluster
          operator: In
          values:
          - <clustername>
        matchLabels:
          cluster: <clustername>
Here is what the TF will look like.
Copy code
inputs = {
  cluster_name = "foo"
  k8s_version  = "rke2/k3s-version"
  rke_config {
    machine_pools {
      name = "control"
      control_plane_role = true
      etcd_role = true 
      worker_role = false 
      quantity = 3 
      drain_before_delete = true 
      machine_config { 
        kind = "MachineInventorySelectorTemplate" 
        name = "${var.cluster_name}-cp"
        api_version = "elemental.cattle.io/vibeta1"
      }
    }
    machine_pools {
      name = "worker"
      control_plane_role = false
      etcd_role = false
      worker_role = true
      quantity = 6
      drain_before_delete = true
      machine_config {
        kind = "MachineInventorySelectorTemplate"
        name = "${var.cluster_name}-wrk
        api_version = "elemental.cattle.io/vibeta1
        }
      }
    }  
  }
12 Views
Open in Slack
PreviousNext
Powered by