Managing Virtual Machines with Red Hat OpenShift Virtualization

Instructions

A developer's VM needs access to a database outside your Red Hat OpenShift Container Platform cluster. The database, on server.srv.example.com, is configured to accept incoming connections from the devuser user, from a specific IP address on the 192.168.51.0/24 network only.

The cluster nodes, worker01 and worker02, each have an additional ens4 interface, on the 192.168.51.0/24 network. Use the Kubernetes NMState operator to configure the worker01 and worker02 nodes as multihomed nodes with an L2 Linux bridge on the ens4 interface.

After creating the Linux bridge on the compute nodes, create a network attachment definition to enable VMs within the developer-vms project to use the database network that the Linux bridge provides. Next, configure the developer's VM to use this additional network as a secondary interface with a static IP address. Confirm that the VM can communicate with the database on server.srv.example.com on the database network.

1. As the admin user, install the Kubernetes NMState operator.

   1. Open a web browser and navigate to https://console-openshift-console.apps.ocp4.example.com

   2. Click htpasswd_provider and log in as the admin user with redhatocp as the password.

   3. Click Operators → OperatorHub. In the Filter by keyword field, type nmstate to locate the NMState operator, and then click Kubernetes NMState Operator.

   4. The web console displays information about the Kubernetes NMState operator. Click Install to proceed to the Install Operator page.

   5. Click Install to install the operator with the default options in the openshift-nmstate namespace.

   6. Wait until the installation is complete and the web console displays the ready for use message.

2. Create an NMState instance.

   1. After the operator installation completes, click View Operator.

      Note

      Alternatively, you can navigate to Operators → Installed Operators and open the Kubernetes NMState Operator page.

   2. In the NMState card, click Create instance to view the creation parameters for the NMState instance.

   3. Ensure that the instance name is nmstate, and click Create at the lower left of the window.

   4. Wait a few minutes until the web console shows the Web console update is available message, and then reload the web console.

   5. Verify that both NodeNetworkConfigurationPolicy and NodeNetworkState items are available in the Networking menu.

3. Observe and then back up the current node network configuration of the worker01 and worker02 nodes to YAML files. The backup YAML files are for reference only, and cannot be applied to the cluster to modify or restore node networking to a previous state.

   1. From the left panel of the OpenShift web console, navigate to Networking → NodeNetworkState.

   2. Observe the network configuration of the worker01 and worker02 nodes. The ens4 network interface is connected to the same network as the database server.

   3. Click worker01, navigate to the YAML tab, and click Download to export the node network configuration as a YAML file.

   4. Repeat the operation for the worker02 node.

4. Add the external-network=true label to the worker01 and worker02 nodes. You use this label as a node selector in later steps.

   1. Navigate to Compute → Nodes, click the vertical ellipsis icon ⋮ next to the worker01 line, and then click Edit labels.

   2. Type external-network=true in the form and click Save.

   3. Repeat this step for the worker02 node.

   4. On the Compute → Nodes page, select Label in the drop-down menu, type external in the Search by label field, and select the external-network=true label.

   5. Verify that the node list contains only the worker01 and worker02 nodes.

5. Create a node network configuration policy to configure a new Linux bridge with the ens4 ethernet device as the port.

   1. Navigate to Networking → NodeNetworkConfigurationPolicy and click Create NodeNetworkConfigurationPolicy.

      Note

      Alternatively, you can click Create at the upper right and select From Form.

   2. Complete the Create NodeNetworkConfigurationPolicy form by using the following information to create the Linux bridge:

      Field	Value
      Name	br0-ens4-policy
      Description	Linux bridge with ens4 as a port
      Interface name	br0
      Network state	Up
      Type	Bridge
      IPv4	Checked
      DHCP	Checked
      Port	ens4

   3. Select the node selector checkbox to open the node selector.

   4. Click Add Label, and type external-network as the key, and true as the value. Verify that both worker01 and worker02 nodes match that label configuration by clicking View matching Nodes.

   5. Click Save and then click Create to create the node network configuration policy.

6. Monitor the progress of the configuration policy.

   1. Navigate to Networking → NodeNetworkConfigurationPolicy to review the status of the node network configuration policy.

   2. Observe the br0-ens4-policy status and wait until the node network state is 2 Available.

   3. Click 2 Available to review the status summary and confirm that the policy applies successfully on each node.

7. Observe the network configuration of the worker01 and worker02 nodes, and confirm the configuration of the new Linux bridge.

   1. Navigate to Networking → NodeNetworkState, and notice the linux-bridge item on both worker01 and worker02 nodes.

   2. Click linux-bridge and review the configuration summary of the Linux bridge. The br0 bridge is connected to the same network as the database server.

   3. Click br0 to display more details about the bridge configuration, and verify that the bridge port is ens4.

      The worker01 and worker02 nodes are now configured as multihomed nodes with an L2 Linux bridge that provides access to the database network.

8. Create a network attachment definition in the developer-vms project that uses the Linux bridge to attach VMs to the database network.

   1. Navigate to Networking → NetworkAttachmentDefinitions.

   2. Select the developer-vms project from the Project list, and then click Create network attachment definition.

   3. Complete the Create Network Attachment Definition form by using the following information to create a network attachment definition for the database network:

      Field	Value
      Name	database-network
      Description	Linux bridge on the worker01 and worker02 nodes with ens4 as a port
      Network Type	CNV Linux bridge
      Bridge Name	br0

   4. Click Create to create the network attachment definition.

9. Configure the developer's VM to use the database network on a secondary interface.

   Configure the secondary interface to use 00:00:00:00:00:01 as a custom MAC address.

   The custom MAC address is required for the VM to receive the 192.168.51.10/24 static IP address from the DHCP server in the database network.

   1. Navigate to Virtualization → VirtualMachines.

   2. Select the developer-vms project from the Projects list. Click the dev-dbaccess VM to open the VM's Overview tab.

   3. Click the Configuration tab and then click Network Interfaces to display the network interfaces that are connected to the VM.

   4. Click Add Network Interface to create an interface on the VM.

   5. On the Add Network Interface page, set the name to database and select developer-vms/database-network from the Network field.

   6. Confirm that the Type is set to Bridge, and enter 00:00:00:00:00:01 in the MAC Address field. Click Add to save and attach the interface to the VM.

   7. Restart the VM to apply the pending changes. Click Actions → Restart, and then click Restart to confirm the action.

10. Confirm that the VM's secondary network interface, eth1, is configured with a 192.168.51.10/24 static IP address.

    1. Click the Console tab to open the VM's console.

    2. Click the console window and log in as the developer user with developer as the password.

    3. Use the ip addr show eth1 command to display the IP address configuration of the eth1 network interface.

       [developer@dev-dbaccess ~]$ ip addr show eth1
       3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
           link/ether 00:00:00:00:00:01 brd ff:ff:ff:ff:ff:ff
           inet 192.168.51.10/24 brd 192.168.51.255 scope global dynamic noprefixroute eth1
              valid_lft 437230198sec preferred_lft 437230198sec
           inet6 fe80::b50f:3586:6165:c5a3/64 scope link noprefixroute
              valid_lft forever preferred_lft forever

    4. Alternatively, you can observe the VM IPs on the Overview tab, in the Network Interfaces card.

11. Connect to the sakila database on server.srv.example.com with the mysql client. The host, server.srv.example.com, resolves with the server hostname to resources in the 192.168.51.0/24 network.

    1. On the VM's console, use the mysql command to connect to the MariaDB instance on the server.srv.example.com host. Log in as the devuser user with developer as the password.

       [developer@dev-dbaccess ~]$ mysql -u devuser -h server -p
       Enter password: developer
       Welcome to the MariaDB monitor.  Commands end with ; or \g.
       Your MariaDB connection id is 8
       Server version: 10.5.16-MariaDB MariaDB Server
       
       Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
       
       Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
       
       MariaDB [(none)]>

    2. Connect to the sakila database with the use command.

       MariaDB [(none)]> use sakila;
       Reading table information for completion of table and column names
       You can turn off this feature to get a quicker startup with -A
       
       Database changed
       MariaDB [sakila]>

    3. Confirm that the devuser can view the sakila tables with the show tables; command.

       MariaDB [sakila]> show tables;
       +------------------------------+
       | Tables_in_sakila             |
       +------------------------------+
       | actor                        |
       | actor_info                   |
       | address                      |
       | category                     |
       | city                         |
       ...output omitted...
       | staff_list                   |
       | store                        |
       +------------------------------+
       23 rows in set (0.002 sec)

    4. Exit the database with the exit; command.

       MariaDB [sakila]> exit;
       Bye
       [developer@dev-dbaccess ~]$