github.com/openshift/installer@v1.4.17/docs/user/openstack/add_worker_nodes_by_hand.md (about) 1 # Adding Compute Nodes By Hand 2 The preferred method of adding compute nodes to an OpenShift cluster is 3 to use the worker MachineSet with [Machine API Operator](https://github.com/openshift/machine-api-operator). 4 5 It is also possible to add a compute node through other tools like ansible. For example, 6 the compute nodes may be added as described in [Installing OpenShift on OpenStack User-Provisioned Infrastructure][1]; 7 or when scaling up the compute nodes using [Openshift-ansible][2]. 8 9 When doing so, there are a few important points that should be taken into account. 10 11 ## Apply Necessary Security Groups To Ports 12 When adding a new compute, the necessary security groups need to be applied to 13 allow the node access the cluster API endpoints and services. 14 15 If the node is directly attached to the machineNetwork, the pre-existing worker security groups maybe 16 applied to the port attaching the node. The existing security rules should not require modifications. 17 18 If the nodes is attached to a different network than the machineNetwork, 19 then new security group rules will have to be configured because the security group rules deployed by default on a cluster 20 match on both destination and source networks. 21 22 23 ## Configure Allowed Address Pairs On Node Port 24 The port used by the new compute node needs to be configured to accept traffic for the ingress VIP. 25 26 The value for the ingress VIP can be found by running the command: 27 28 ``` 29 $ openstack port show <cluster-id>-ingress-port -f value -c fixed_ips 30 10.0.128.7 31 ``` 32 33 Configure the compute node's port to accept traffic for the ingress VIP by 34 setting the allowed address pairs. 35 36 ``` 37 $ openstack port set 97f73ba7-e104-49e2-ad7a-d4b440acc57e --allowed-address ip-address='10.0.128.7' 38 39 $ openstack port show 97f73ba7-e104-49e2-ad7a-d4b440acc57e -c allowed_address_pairs 40 +-----------------------+----------------------------------------------------------+ 41 | Field | Value | 42 +-----------------------+----------------------------------------------------------+ 43 | allowed_address_pairs | ip_address='10.0.128.7', mac_address='fa:16:3e:0d:35:f8' | 44 +-----------------------+----------------------------------------------------------+ 45 ``` 46 47 48 49 [1]: https://github.com/openshift/installer/blob/master/docs/user/openstack/install_upi.md#installing-openshift-on-openstack-user-provisioned-infrastructure 50 [2]: https://github.com/openshift/openshift-ansible 51 52 ## Access To API Endpoints Using FQD Hostnames. 53 The node needs to have access to the cluster API endpoints using 54 Fully Qualified Domain hostnames. The node's DNS configuration should resolve the hostname to an IP address which is accessible 55 to the node. Network security should be configured to allow access. 56 57 DNS resolution is a system administration task and deploying a compute node 58 by hand does not require a particular DNS configuration. For example, adding the necessary entries to /etc/hosts 59 file is one possible way. For other possible ways to configure DNS resolution 60 consult your operating system's documentation. 61 62 Before starting the deployment process 63 correct DNS configuration and access should be verified by using the appropriate tools. For example, if the cluster is named 64 my.cluster.com, then the following _curl_ command maybe used to check the necessary access: 65 66 ```curl --insecure https://api.url.text:6443``` 67 where ```api.url.text``` is a hostname that resolves to an IP address the node can use to reach the API endpoints. 68 ```curl``` is an example and not the only tool that maybe used to verify access.