Prerequisites for Bare-Metal Deployment

Before you start the deployment, complete the following:

• Ensure that your Docker or containerd environment meets the minimum deployment requirements.
• Open all required ports on the NIOS-X servers, as list in Port Usage for Bare-Metal NIOS-X Servers, in addition to the ports required for firewalls.
• Ensure that there are no other processes using port 53 on the server system on which your NIOS-X server will be deployed. For example, some Ubuntu systems running local DNS cache (system-resolved) might occupy port 53, and your server might not function properly in this case.
• Dind (Docker-in-Docker) configuration is not supported for NIOS-X server deployments.
• Avoid CIDR overlapping with the default CIDR.
• No K3s binary should be placed in this directory: /usr/local/bin/.
• SELinux policy is properly set up.
• Install containerd on the instance and make sure it is running.
• Install package for “dig“ utility:
  • Red Hat: yum install bind-utils
  • Ubuntu: apt-get install dnsutils 

    • Note: If the script checking for the 'dig' utility is not installed,  the following error will occur:
      
      [ec2-user@ip-10-0-5-xx ~]$ sudo ./bloxone_installer_v1.9.1.sh -j xxxxxx
      Error: The following utilities are not installed: dig. Please install them before running the script.
      
      

For Red Hat 8.x and 9.x:

Execute the following commands:

sudo yum install -y container-selinux selinux-policy-base
sudo yum install -y https://rpm.rancher.io/k3s/stable/common/centos/8/noarch/k3s-selinux-0.3-0.el8.noarch.rpm

Then, disable nm-cloud-setup.service using the following command:

sudo systemctl disable nm-cloud-setup.service

After you install the required package, complete the following:

1. Disable the firewall service.
   • systemctl stop firewalld.service
   • systemctl disable firewalld.service
2.  Mask the firewalld service.
   • systemctl mask firewalld.service
   • systemctl status firewalld.service    
3. Install and enable the iptables service.
   • dnf install iptables-services
   • systemctl enable iptables
   • modprobe ipv6
   • modprobe ip6_tables
   • systemctl start iptables
   • systemctl status iptables
4. Reboot the system.

For Red Hat 9.4 and 9.5:

Red Hat NetworkManager has transitioned from using the old ifcfg-formatted interface files located in /etc/sysconfig/network-scripts/ to the new keyfiles format found in /etc/NetworkManager/system-connections/ for RHEL 9 networking. Red Hat NetworkManager sets never-default to no for all interfaces. You will need to set never-default to yes for the interfaces you plan to use. For information, see this RedHat KB. The metric used is 100 for the first interface (sorted alphabetically by name) and 101 for the second interface, and so on.

To configure the network interfaces:

1. Check if there are files in /etc/sysconfig/network-scripts/. If so, execute the following commands to migrate the files:
   # nmcli connection migrate
   
   
2. Check if there are duplicate connections after the migration:
   # nmcli con show
   
   If there is a duplicate connection, remove the unused one. The following is an example output of the # nmcli con show command:
   NAME    UUID                                  TYPE      DEVICE

ens192  94a58xx2-90af-33xx-b32c-331f6b49xx37  ethernet  ens192

ens224  c9xx73b8-7xx1-39a1-9x85-35102b0fc2xx  ethernet  ens224

lo      f39xxe26-7xxb-40xx-8a50-54b54xxea2c4  loopback  lo

ens192  8bxx8b87-3axx-4bxx-8939-5xx7x9a1x4xx  ethernet
   
   In this example, there is a duplicate ens192 connection. Execute the following command to delete the second ens192 connection:
   # nmcli conn delete 8bxx8b87-3axx-4bxx-8939-5xx7x9a1x4xx
   
   
3. Check the current values set for the interfaces:
   

   # nmcli conn show ens192 | grep never-default

   ipv4.never-default:                     no

   ipv6.never-default:                     no

   # nmcli conn show ens224 | grep never-default

   ipv4.never-default:                     no

   ipv6.never-default:                     no
   

4. Check if there is any GATEWAY set in /etc/sysconfig/network. If so, delete that line from the file.

5. Set never-default to yes for the interfaces that do not require a default route (i.e. they are not used to connect to the Infoblox Portal). You can set a high metric for these interfaces. For example, if ens192 is NOT being used to connect to the Infoblox Portal, execute the following commands:

   # nmcli conn modify ens192 ipv4.never-default yes
# nmcli conn down ens192
# nmcli conn up ens192

If ens224 is the default interface, execute the following command and set the metric to 0:
   # nmcli conn modify ens224 ipv4.route-metric 0

6. Restart networking:
   

   # nmcli networking off

   # nmcli networking on

7. Set interface down and up:

   # nmcli conn down ens192
# nmcli conn up ens192
8. Reboot the system and verify that the settings have taken effect, ensuring that no unexpected routes are added.
   

   # reboot

   # nmcli conn show ens192 | grep never-default

   ipv4.never-default:                     yes

   ipv6.never-default:                     no

   # ip route | grep default | grep 100

   <no route is shown>

For Ubuntu 20 and Ubuntu 22:

In which systemd-resolved is running, perform the following before deploying a NIOS-X server:

Stop systemd-resolved and remove the corresponding resolv.conf, as follows:

systemctl disable systemd-resolved.service

systemctl stop systemd-resolved

rm -f /etc/resolv.conf

Check and verify if the NetworkManager service exists by performing the following on the NIOS-X server:

systemctl status NetworkManager

If the NetworkManager service exists, whether it is in the running or non-running state, stop the service by performing the following:

sudo systemctl stop NetworkManager-wait-online.service

sudo systemctl disable NetworkManager-wait-online.service

sudo systemctl stop NetworkManager-dispatcher.service

sudo systemctl disable NetworkManager-dispatcher.service

sudo systemctl stop network-manager.service

sudo systemctl disable network-manager.service

Set resolver, as follows:

tee /etc/resolv.conf << END

nameserver 8.8.8.8

END

• Disable unattended upgrades on Ubuntu. The unattended upgrades feature is enabled by default, and it runs at system boot without user's permission. Unattended upgrades could cause all containers to be terminated and new containers to be created. When this happens, the NIOS-X server will stay in a bad state and cannot be recovered. To disable unattended upgrades on Ubuntu and its derivatives, run the following command:

$ sudo dpkg-reconfigure unattended-upgrades

• Install net-tools on the NIOS-X server using the following commands:
  • For Ubuntu:
    $ sudo apt-get install -y net-tools
  • For Redhat:
    $ sudo yum install net-tools -y

For Ubuntu 22 only:

• Edit the file –sudo vi /etc/default/grub:
  • Modify the values from GRUB_CMDLINE_LINUX=”” to GRUB_CMDLINE_LINUX="systemd.unified_cgroup_hierarchy=no"
  • If the above default values are not there, add the line GRUB_CMDLINE_LINUX="systemd.unified_cgroup_hierarchy=no"

• Execute the following commands: 
  • sudo update-grub
  • sudo update-alternatives --set iptables /usr/sbin/iptables-legacy
  • sudo update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy
  • sudo reboot

Running the NIOS-X Install Script

Complete the following steps to download and run the install script: 

1. Log in to the Infoblox Portal.
2. Go to Configure > Administration > Downloads.
3. Go to the BloxOne Hosts pane and select Download BloxOne install script from the drop-down list.
4. Execute the downloaded script on Bare-Metal with the following command:

./bloxone.sh -j <JOIN_TOKEN>
Optional Parameters:
                          -p | --proxy         Proxy in the format http://<proxy_host>:<proxy_port>
                          -r | --remove       Remove BloxOne from the server.

If you are making changes on the Host network or DNS configuration, run the following command:
                          ./bloxone.sh -n | --reconfigure-network