Offline Deployment
This section describes how to install openFuyao based on Kubernetes. The following uses openEuler 22.03 on the Arm64 architecture as an example. The installation procedure is the same for other supported operating systems and architectures.
Compared with online deployment, offline deployment introduces the concept of artifacts, which include the image files, binary files, and certain component configuration files required for offline deployment. During offline deployment, you must first download the artifacts on a host with Internet access. After the download is complete, copy both the artifacts and the installation package to the offline environment, and install them in the offline environment.
Precautions
Currently, openFuyao does not support installing and deploying extensions in an offline environment. If required, you can try uploading the necessary images to a local image repository in the offline environment, and change the image addresses to point to that local image repository during installation and deployment. However, successful installation in this scenario is not guaranteed by openFuyao.
Configuration Requirements
Node Resource Requirements
Table 1 Recommended resource configuration of the worker node
| vCPUs | Memory (GB) |
|---|---|
| 4 | 8 |
NOTE
When simultaneous multithreading (SMT) or hyper-threading is disabled, a vCPU is equivalent to a physical core. After SMT or hyper-threading is enabled, the following formula is used for calculating the number of vCPUs: Number of vCPUs = (Number of threads per core x Number of cores) x Number of sockets.
Table 2 Recommended resource configuration of the master node
| vCPUs | Memory (GB) | Number of Worker Nodes |
|---|---|---|
| 4 | 16 | 1–24 |
| 8 | 32 | 25–100 |
| 16 | 64 | 101–150 |
| 24 | 64 | 151–200 |
- The required resource of the master node increases with the number of worker nodes.
- When SMT or hyper-threading is disabled, a vCPU is equivalent to a physical core. After SMT or hyper-threading is enabled, the following formula is used for calculating the number of vCPUs: Number of vCPUs = (Number of threads per core x Number of cores) x Number of sockets.
Node Configuration Requirements
- A host is available for performing the installation. It can be a node in the cluster or a host outside the cluster.
- Root user login is available on all hosts.
- The tar, socat, conntrack, iptables, ipset, and ipvsadm tools must have been installed on all nodes to be added to the cluster.
- The tar, openssl, and iptables tools must have been installed on Harbor nodes to be added.
- The tar tool must have been installed on the installation host.
Environment Preparation
Prepare four Linux computers running openEuler 22.03, one with Internet access, and the other three without Internet access.
Table 3 Environment information
| Host IP Address | Host Name | Operating System | Role |
|---|---|---|---|
| 192.168.0.9 | node8 | openEuler | Host with Internet access used to create offline deployment packages |
| 192.168.0.10 | node9 | openEuler | Master node in the offline environment |
| 192.168.0.11 | node10 | openEuler | Worker node in the offline environment |
| 192.168.0.12 | node11 | openEuler | Image node in the offline environment |
Deployment Preparation
-
Log in to node8 as the root user.
-
Download the installation tool and installation script.
curl -sfL https://openfuyao.obs.cn-north-4.myhuaweicloud.com/openFuyao/installer/releases/download/v25.03/download.sh | bash -By default, the installation package of the latest version is downloaded by running the preceding command. To download the installation package of another version, run the following command with VERSION set to the desired version:
NOTE
For details about how to verify the integrity of the installation package, see Installation Package Integrity Verification.export VERSION=x.y.z
curl -sfL https://openfuyao.obs.cn-north-4.myhuaweicloud.com/openFuyao/installer/releases/download/v25.03/download.sh | bash - -
Export artifacts.
- Go to the installation package directory.
NOTE
Here uses openEuler 22.03 on the Arm64 architecture as an example. Adjust the path according to the actual situation.export INSTALLER_PACKAGE_PATH=fuyao-v25.03-openEuler-22.03-arm64
cd $INSTALLER_PACKAGE_PATH- Run the following command in the installation package directory to export the artifacts:
./fuyao export artifact- View artifacts.
- The artifacts are stored in the Targets directory by default.
- The artifact file name is fuyao-offline-artifact.tar.gz.
ls -
Copy the downloaded artifacts and installation package to the installation node in the offline environment using a USB flash drive or other media.
Procedure
-
Log in to the offline installation host as the root user.
-
Configure key-based login.
NOTE
If key-based login has already been configured, skip this step.if [ ! -f "$HOME/.ssh/id_rsa" ] || [ ! -f "$HOME/.ssh/id_rsa.pub" ]; then
ssh-keygen -t rsa-sha2-512 -P "" -f $HOME/.ssh/id_rsa && ls $HOME/.ssh;
fi
echo "" >> $HOME/.ssh/authorized_keys && \
echo "$(cat $HOME/.ssh/id_rsa.pub)" >> $HOME/.ssh/authorized_keys && \
awk ' !x[$0]++{print > "'$HOME'/.ssh/authorized_keys"}' $HOME/.ssh/authorized_keys -
Go to the installation package directory.
NOTE
Here uses openEuler 22.03 on the Arm64 architecture as an example. Adjust the path according to the actual situation.export INSTALLER_PACKAGE_PATH=fuyao-v25.03-openEuler-22.03-arm64
cd $INSTALLER_PACKAGE_PATH -
Create an offline image repository and upload artifacts.
- Create an offline image repository on the node where the command is executed.
export OPENFUYAO_ARTIFACT_PATH=/root/fuyao-offline-artifact.tar.gz
./fuyao create registry --artifact-path $OPENFUYAO_ARTIFACT_PATH --registry-passwd xxxxx --registry-db-passwd xxxxx- Create an offline image repository on another node.
export OPENFUYAO_ARTIFACT_PATH=/root/fuyao-offline-artifact.tar.gz
./fuyao create registry --artifact-path $OPENFUYAO_ARTIFACT_PATH --registry-node-host 192.168.0.12 --registry-node-user root --registry-node-passwd xxxxx --registry-passwd xxxxx --registry-db-passwd xxxxx- Enter the artifact storage path after
--artifact-path. - Enter the password for logging in to the image repository after
--registry-passwd. The password must contain 8 to 32 characters, including letters, numbers, and special characters~!@#%^&*()-_=+|[{ }];:'",<.>/?. - Enter the password of the image repository database after
--registry-db-passwd. The password must contain 8 to 32 characters, including letters, numbers, and special characters~!@#%^&*()-_=+|[{ }];:'",<.>/?. - If
successfullyis displayed, the offline image repository has been created, and artifacts have been uploaded.
NOTE
HTTPS is used for accessing the offline Harbor. Therefore, certificates are generated in self-signed mode and stored under/etc/ssl/certs/openfuyao-harborand/etc/ssl/certs/openfuyao-harbor/openfuyao-harbor-ca-bk.crt. During the cluster installation, these Harbor certificates will be copied to all nodes. On each node, the certificates will be stored under/etc/ssl/certs/openfuyao-harbor/openfuyao-harbor-ca.crt. -
Generate a cluster planning configuration file.
- Run the following command to generate a configuration file:
./fuyao create cluster-config- The following shows the content of the configuration file.
apiVersion: openfuyao.io/v1beta1
kind: cluster
metadata:
name: example-cluster
spec:
nodes:
masters:
- hostname: fuyao-master
user: root
ip: o.x.y.z
port: 22
privateKeyPath: /root/.ssh/id_rsa
removeTaint: true
labels:
- name: label-name
value: label-value
workers:
- hostname: fuyao-worker
user: root
ip: o.x.y.z
port: 22
privateKeyPath: /root/.ssh/id_rsa
labels:
- name: label-name
value: label-value -
Modify the cluster planning configuration file.
- Edit the cluster planning configuration file.
export CLUSTER_OFFLINE_CONFIG_FILE=example-cluster.yaml
vi $CLUSTER_OFFLINE_CONFIG_FILE-
Enter the node list information. The following is an example.
- hostname: name of a node in the cluster, which can be different from the actual host name.
- user: username for logging in to the node during deployment. Currently, only the root user is supported.
- ip: IP address of the node.
- port: port number used by SSH. The default value is 22.
-
Enter
ito enter the edit mode for modifications. After the modifications are complete, enter:wqto save the modifications and exit.
apiVersion: openfuyao.io/v1beta1
kind: cluster
metadata:
name: example-cluster
spec:
# Specify the nodes.
nodes:
# Master node configuration
masters:
# The hostname in the cluster can be different from the hostname of the host.
- hostname: fuyao-master # Configuration item
user: root # Configuration item
ip: 192.168.0.10 # Configuration item
port: 22 # Configuration item
# privateKeyPath: /root/.ssh/id_rsa # Configuration item (optional)
# Set it to true to remove taints and make the master node schedulable.
removeTaint: true # Configuration item (optional)
labels:
- name: fuyao-master # Configuration item (optional)
value: master-01 # Configuration item (optional)
workers:
- hostname: fuyao-worker # Configuration item
user: root # Configuration item
ip: 192.168.0.11 # Configuration item
port: 22 # Configuration item
# privateKeyPath: /root/.ssh/id_rsa # Configuration item (optional)
labels:
- name: fuyao-worker # Configuration item (optional)
value: worker-01 # Configuration item (optional- If SSH key–based login is configured for nodes in the cluster during configuration and installation, make sure to configure SSH key–based authentication on the installation host in advance.
-
Perform the installation in the installation package directory.
- For offline installation, you need to add the
--offlineflag and specify the artifact path. - The installation must be executed within the installation package directory where the offline image repository was created. This is because the registry-config.yaml file in the asset directory of the installation package contains information about the offline image repository, which is required during offline installation.
./fuyao create cluster -f $CLUSTER_OFFLINE_CONFIG_FILE --offline --artifact-path $OPENFUYAO_ARTIFACT_PATH- If password-based login is configured for nodes in the cluster, make sure to enter the corresponding node passwords as prompted during the installation.
- For offline installation, you need to add the
-
Verify the installation.
- After the automatic installation is complete, record the username and password for logging in to the openFuyao management plane.
- Check the information about all pods on the host. If all pods are in running state, the environment is ready.
kubectl get pod -ANOTE- The installation is complete when all pods are in running state. The actual time may vary depending on actual network conditions.
- The openFuyao authentication and authorization mechanism uses self-signed keys. All authentication and authorization keys and configuration files are stored under
/etc/kubernetes/webhookon all master nodes. After the installation is complete, you may choose to remove the files in this path. However, if the files are removed and the API server is restarted, authentication will fail. - The components deployed using the installation and deployment tool are configured with default settings and are intended only for testing the openFuyao platform's functions. For a production environment, adjust the security configurations of Kubernetes, container runtime, and network plug-in components.
-
Log in to the openFuyao management plane.
Enter "https://login IP address of the management plane:web service port of openFuyao" in the address box of a browser, and enter the username and password to log in to the openFuyao management plane.
NOTE Changing the password is required upon the first login.
The default web service port of openFuyao is 31616.
Uninstallation
-
Log in to the installation host as the root user.
-
Run the following command to enter the installation package directory:
cd $INSTALLER_PACKAGE_PATHvi $CLUSTER_OFFLINE_CONFIG_FILENOTE- Edit the configuration file. The modifications to the configuration file should be consistent with those made during installation. Enter information about hostname, user, passwd, ip, and port for the master and worker nodes in the cluster.
- If there are no changes to the nodes in the cluster, you can directly use the configuration file used during cluster installation to uninstall the cluster.
-
Perform the uninstallation in the installation package directory.
- During offline uninstallation, the image repository is uninstalled by default. To skip uninstalling the image repository, add the
--skip-rm-registryflag.
NOTE
If multiple applications or extensions are installed in the environment through the application market, you are advised to uninstall them through the application management or extension management function. Otherwise, the uninstallation may be slow or fail.- Run the following command if the offline image repository is located on the node where the uninstallation command is executed:
# The path for storing offline artifacts may vary. Make sure to change the variable value.
export OPENFUYAO_ARTIFACT_PATH=/root/fuyao-offline-artifact.tar.gz
./fuyao destroy cluster -f $CLUSTER_OFFLINE_CONFIG_FILE --offline --artifact-path $OPENFUYAO_ARTIFACT_PATH- Run the following command if the offline image repository is not located on the node where the uninstallation command is executed:
# The path for storing offline artifacts may vary. Make sure to change the variable value.
export OPENFUYAO_ARTIFACT_PATH=/root/fuyao-offline-artifact.tar.gz
./fuyao destroy cluster -f $CLUSTER_OFFLINE_CONFIG_FILE --offline --artifact-path $OPENFUYAO_ARTIFACT_PATH --registry-node-host 192.168.0.12 --registry-node-user root --registry-node-passwd 123456 - During offline uninstallation, the image repository is uninstalled by default. To skip uninstalling the image repository, add the
-
When
Successfully completed cluster destroyis displayed, the cluster is uninstalled.During the uninstallation, the logs generated during the installation and uninstallation are not removed. The logs are stored under
/var/log/fuyao-installer/. To remove these logs, run the following command:rm -rf /var/log/fuyao-installer/