Skip to main content

Step 6. Install and configure the XClarity Administrator (Docker)

Install and configure the Lenovo XClarity Administrator container on the Docker host that was just installed.

Before you begin

Ensure that the host system meets the minimum hardware and software requirements (see Hardware and software prerequisites).

Ensure that all appropriate ports are enabled, including ports that XClarity Administrator requires (see Port availability).

Ensure that the host system is in the same network as the devices that you want to manage.

Ensure that the host OS and the XClarity Administrator use the same NTP server.

XClarity Administrator allows a custom name for the network to be used for data management, hardware management, and OS deployment (see Network configurations). This examples in the following procedure use eth0.

XClarity Administrator allows a custom name for the network to be used for data and hardware management (see Network configurations). This examples in the following procedure use eth0

Ensure that a macvlan network is loaded into kernel on the host system. To check whether it is loaded, use the lsmod | grep macvlan command. To load macvlan into the kernel, run the modprobe macvlan command.

Ensure that you use a unique name and IP address for each container when running multiple XClarity Administrator containers on the same host.

If you intend to manage ThinkServer and other legacy devices, ensure that Docker is enabled to support IPv6.
  1. Edit the /etc/docker/daemon.json file, set the ipv6 key to true, and set the fixed-cidr-v6 key to your IPv6 subnet.

    The following is an example daemon file.

    {
    "ipv6": true,
    "fixed-cidr-v6": "2001:db8:1::/64",
    "experimental": true,
    "ip6tables": true
    }
  2. Reload the Docker configuration file by running the following command.
    systemctl reload docker
Note
XClarity Administratoris not run as a privileged container.
Firewall rules are not configured in the XClarity Administrator container. To add firewall rules for the container on the host system, complete these steps.
  1. Obtain the Docker process ID, identified by “NSPID,” by running the following command.
    docker inspect --format='{{ .State.Pid }}' "$CONTAINER_NAME"
  2. Create a symbolic link by running the following command.

    LINKFILE="/var/run/netns/$NSPID"
    mkdir -p /var/run/netns
    /bin/rm -f "$LINKFILE"
    ln -s "/proc/$NSPID/ns/net" "$LINKFILE"
  3. Configure appropriate iptables rules by running the following command.

    ip netns exec $NSPID iptables -I OUTPUT -j DROP
  4. Ensure all links are removed by running the following command..

    /bin/rm -f "$LINKFILE"

Procedure

To install an XClarity Administrator container using Docker compose, complete the following steps.

  1. Download the XClarity Administrator virtual-appliance image, environment file, and YAML file from the XClarity Administrator download webpage to a client workstation. Log on to the Web site, and then use the access key that was given to you to download the image.
  2. Import the XClarity Administrator container image into your docker host by running the following command.
    docker load -i lnvgy_sw_lxca_<ver>_anyos_noarch.tar.gz
  3. Edit the docker_compose.env file, and update the following environment variables.
    • CONTAINER_NAME. Unique container name, used to create docker volumes for each XClarity Administrator instance (for example, CONTAINER_NAME=LXCA-203)
    • ADDRESS. Static IPv4 address for the container (for example, ADDRESS=192.0.2.0)
    • BACKUP_MOUNT. (Optional) Path for the remote share that can be used to store XClarity Administrator backups. This must be /mnt/backup_share.
    • FIRMWARE_MOUNT. (Optional) Path for the remote share that can be used as a remote repository for firmware updates. This must be /mnt/fw_share.
    The following is an example environment file.
    CONTAINER_NAME="LXCA-203"
    ADDRESS="192.0.2.0"
    BACKUP_MOUNT="/mnt/backup_share"
    FIRMWARE_MOUNT="/mnt/fw_share"

  4. Edit the docker_compose.yml, and update the following properties.
    • Set the image property to the name of the installation image file used in step 2.
      Note
      You can change the image file name (for example, to “latest”) using the docker tag command.
    • If you want to use remote shares as a remote firmware repository and to store XClarity Administrator backups, set the host mount point for each remote share in the volumes property.
    • Set the dns property to the IP address of the DNS servers.
    • The container shares the pool of processor and memory resources that are available to the host. Optionally define limits on resource usage by setting the cpus and memory properties.
    • Set the parent property to the network interface name on the host system that is to be used as the parent interface for macvlan interface in the container. This interface must have direct access to the subnet that is assigned to the container.
    • Set the subnet and gateway according to your network topology. Typically, the subnet and the gateway are for management network, to which the ${ADDRESS} belongs.
    • If you want to support IPv6, set the enable_ipv6 property to true, set the ipv6_address property to the IPv6 address, and add another set of subnet and gateway properties according to your network topology (typically for management network to which the IPv6 address belongs).

    The following is an example YML file, with IPv6 enabled.

    version: '3.8'

    services:

    lxca:
    image: lenovo/lxca:4.1.0-124
    container_name: ${CONTAINER_NAME}
    tty: true
    stop_grace_period: 60s
    volumes:
    #bind mount example
    - /home/<HOST_MOUNT_POINT_FOR_BACKUP>:${BACKUP_MOUNT}
    - /home/<HOST_MOUNT_POINT_FOR_FW_SHARE>:${FIRMWARE_MOUNT}
    #docker volume mount
    - data:/opt/lenovo/lxca/data
    - postgresql:/var/lib/postgresql
    - log:/var/log
    - confluent-etc:/etc/confluent
    - confluent-log:/var/log/confluent
    - confluent:/var/lib/confluent
    - propconf:/opt/lenovo/lxca/bin/conf
    - ssh:/etc/ssh
    - xcat:/etc/xcat
    networks:
    lan:
    ipv4_address: ${ADDRESS}
    ipv6_address: "2001:8003:7d51:2003::2"
    dns:
    - 192.0.2.10
    - 192.0.2.11
    deploy:
    resources:
    limits:
    cpus: "2.0"
    memory: "8g"

    volumes:
    data:
    name: ${CONTAINER_NAME}-data
    postgresql:
    name: ${CONTAINER_NAME}-postgresql
    log:
    name: ${CONTAINER_NAME}-log
    confluent-etc:
    name: ${CONTAINER_NAME}-confluent-etc
    confluent-log:
    name: ${CONTAINER_NAME}-confluent-log
    confluent:
    name: ${CONTAINER_NAME}-confluent
    propconf:
    name: ${CONTAINER_NAME}-propconf
    ssh:
    name: ${CONTAINER_NAME}-ssh
    xcat:
    name: ${CONTAINER_NAME}-xcat

    networks:
    lan:
    name: lan
    driver: macvlan
    enable_ipv6: true
    driver_opts:
    parent: eth0
    ipam:
    config:
    - subnet: 192.0.0.0/19
    gateway: 192.0.30.1
    - subnet: "2001:8003:7d51:2000::/80"
    gateway: "2001:8003:7d51:2000::1"

  5. Deploy the image in docker by running the following command, where <ENV_FILENAME> is the name of the environment variables file that you created in step 2.
    COMPOSE_HTTP_TIMEOUT=300 docker-compose –p ${CONTAINER_NAME} ––env–file <ENV_FILENAME> up -d