Deploying the MetalSoft agent¶
Pre-requisites¶
Usualy the agent is deployed on am VM with the following configuration:
- Hardware configuration: 100GB Disk, 8 vCPU, 16GB RAM
- OS: Ubuntu 20.04 or higher
- An already configured Datacenter record
- (Optional) A working CLI deployment on another machine
- Network access to MetalSoft Registry, MetalSoft Repo, MetalSoft controller. More details [here](#Agent firewall configuration).
- Environemt cert and key to be saved in a file locally on the agents VM
- Credentials for accessing Metalsoft docker registry
Install the Datacenter Agents on the DC agents machine¶
Retrieve the configuration URL using the CLI:
$ metalcloud-cli datacenter get --id uk-london --return-config-url
https://api.poc.metalsoft.io/api/url?rqi=br.ROc8B7Ogy12VrSbVI7koZ9vfpsWs9l3_tjMUd....
Alternatively click on the “Retrieve agent configuration URL” button in the UI on the Datacenter’s page.
$ export DCCONF=`https://api.poc.metalsoft.io/api/url?rqi=br.ROc8B7Ogy12VrSbVI7koZ9vfpsWs9l3_tjM...`
Save the provided certificates in a file named ca-cert.pem
Download and run the deploy-agents.sh script
$ wget https://raw.githubusercontent.com/metalsoft-io/scripts/main/deploy-agents.sh
$ DCCONF="https://api.poc.metalsoft.io/api/url?rqi=br.ROc8B7Ogy12VrSbVI7koZ9vfpsWs9l3_tjM..." SSL_HOSTNAME=yourhost.metalsoft.io GUACAMOLE_KEY=your_guacamole_key_provided_by_metalsoft bash ./deploy-agents.sh
And respond to all questions asked (Certificate file path, Metalsoft registry credentials)
Check if the containers are up:
$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
2b3951a31c4db registry.metalsoft.dev/datacenter-agents/datacenter-agents-compiled-v2:latest "docker-entrypoint.s…" 5 hours ago Up 5 hours dc-agents
356ba275db5ea registry.metalsoft.dev/datacenter-agents/dc-haproxy:latest
Agent firewall configuration¶
Metalsoft Agents require the following ports open, depending on the deployment type:
Ports open to inbound connections for virtual-media-based deployments¶
The following ports need to be accessible from the servers’ management IPs to allow the servers to boot ISOs during deployment in virtual-media based deployments (also called OOB-only operation mode):
- TCP 111, 2049, 32765, 32767 (NFS)
- TCP 139, 445 (Samba)
Ports open to inbound connections for zero-touch¶
If “zero touch” (automatic) registration of servers is required, the servers need to be able to reach the agent with their DHCP requests, either via L2 or an DHCP relay configuration on the management network:
- UDP port 67 (DHCP)
Ports open for inbound for legacy deployments (PXE-based)¶
The following ports need to be accessible to inbound from both the OOB network and the transient provisioning network (”Quarantine network”):
- TCP ports 80/443 (HTTP/s)
- TCP Port 53 (DNS)
- UDP port 53 (DNS)
- UDP port 67 (DHCP)
- UDP port 69 (TFTP)
Outbound traffic¶
- Metalsoft Controller → TCP ports 80/443
- Metalsoft Controller → TCP ports 9003,9009,9090,9091,9011,9010
- Metalsoft image registry → TCP port 443 registry.metalsoft.dev
- Metalsoft assets repo → TCP ports 80,443 repo.metalsoft.io
- Server’s out-of-band network - TCP ports 22,80,443, 5901 and UDP Port 623 (IPMI)
- Switches management interface - TCP ports 22(SSH),80(HTTP),443(HTTPS),830(NETCONF/SSH)
In-Band Access - Outbound from the agents perspective¶
In some cases where Metalsoft Apps are deployed, or workflows are used, in-band access to certain ports are required to be open:
- TCP Port 22 → Used for deploying VMware vSphere, Kubernetes
- TCP Port 443 → Common port used to communicate with various applications, for management and configuration.
`