Version 1.12. This version is no longer supported. For information about how to upgrade to version 1.13, see Upgrading Anthos on bare metal in the 1.13 documentation. For more information about supported and unsupported versions, see the Version history page in the latest documentation.
You must configure the base operating system of your node machines to use
Google Distributed Cloud. This page contains the steps you need to take to complete the
needed configuration. For more information about troubleshooting
Google Distributed Cloud, see the
troubleshooting guides.
Before you begin
Ensure you are using a supported version of your operating system.
Google Distributed Cloud supports the following versions of RHEL:
RHEL 8.1
RHEL 8.2
RHEL 8.3
RHEL 8.4
RHEL 8.5
Ensure that you have your RedHat username and password, and that you have root
access to the machines you're configuring. Validate Package manager with the
following steps:
If you haven't registered your operating system, register with RedHat using
your RedHat username and password to download updates:
Firewalld can be configured
for use with Google Distributed Cloud or disabled. For information on configuring
firewalld, see
Configure firewalld ports
on the Network requirements page.
Compare your output with the following example to ensure the Client and
Server versions are 19.03+:
Client: Docker Engine - Community
Version: 19.03.13
...
Server: Docker Engine - Community
Engine:
Version: 19.03.13
Verify Docker runs:
dockerrunhello-world
You should see something similar to this:
Hello from Docker!
This message shows that your installation appears to be working correctly.
Set up time synchronization
Time synchronization consists of setting the clocks on your node machines, using
a designated external time reference. Time synchronization is important for
time-sentive cluster activities, such as event logging and metrics collection.
The kernel of your node machine controls the clock in containers that run on the
node. To ensure proper time synchronization, install a network time protocol
(NTP) service on your machines, using any of the available services:
chrony, systemd-timesyncd,
ntp, or ntpdate. Run timedatectl to verify the system clock is
synchronized. The output of timedatectl should contain the following status:
System clock synchronized: yes
Best Practices
To simplify installation, we recommend that you configure RHEL using a minimal
installation with headless management. Also, be sure to enable your
network connection
and either use the default DHCP or provide a valid, static IP address and
network information. Ensure that the machine can connect to
the required external resources,
such as cloud.google.com.
If Docker fails to run, check that the Docker daemon is running with the following command:
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-09-09 UTC."],[[["\u003cp\u003eThis document outlines the necessary steps to configure the base operating system of node machines for Google Distributed Cloud, emphasizing compatibility with specific RHEL versions (8.1 to 8.5).\u003c/p\u003e\n"],["\u003cp\u003eUsers must register their operating system with RedHat, using their credentials, to facilitate updates and then use the package manager to ensure there are no errors.\u003c/p\u003e\n"],["\u003cp\u003eFirewalld should be either configured according to Google Distributed Cloud requirements or disabled entirely, with instructions provided for disabling it in this document.\u003c/p\u003e\n"],["\u003cp\u003eDocker version 19.03 or later must be installed, and previous versions, along with certain other packages, must first be uninstalled, then the document provides the steps to follow to verify the installation and its version.\u003c/p\u003e\n"],["\u003cp\u003eTime synchronization is critical, so an NTP service must be set up on each machine, using services like \u003ccode\u003echrony\u003c/code\u003e, \u003ccode\u003esystemd-timesyncd\u003c/code\u003e, \u003ccode\u003entp\u003c/code\u003e, or \u003ccode\u003entpdate\u003c/code\u003e, with commands to verify its correct configuration also provided.\u003c/p\u003e\n"]]],[],null,["# Configure RHEL\n\n\u003cbr /\u003e\n\nYou must configure the base operating system of your node machines to use\nGoogle Distributed Cloud. This page contains the steps you need to take to complete the\nneeded configuration. For more information about troubleshooting\nGoogle Distributed Cloud, see the\n[troubleshooting guides](/anthos/clusters/docs/bare-metal/1.12/troubleshooting/known-issues).\n\nBefore you begin\n----------------\n\nEnsure you are using a supported version of your operating system.\nGoogle Distributed Cloud supports the following versions of RHEL:\n\n- RHEL 8.1\n- RHEL 8.2\n- RHEL 8.3\n- RHEL 8.4\n- RHEL 8.5\n\nEnsure that you have your RedHat username and password, and that you have root\naccess to the machines you're configuring. Validate Package manager with the\nfollowing steps:\n\n1. If you haven't registered your operating system, register with RedHat using\n your RedHat username and password to download updates:\n\n sudo subscription-manager register\n sudo subscription-manager refresh\n sudo subscription-manager attach --auto\n\n2. Check for updates:\n\n sudo dnf check-update\n\n Ensure the output has no errors and includes the last metadata expiration\n check. For example: \n\n Updating Subscription Management repositories.\n ...\n # Last metadata expiration check: ...\n ...\n\nConfigure or disable firewalld\n------------------------------\n\nFirewalld can be configured\nfor use with Google Distributed Cloud or disabled. For information on configuring\nfirewalld, see\n[Configure firewalld ports](/anthos/clusters/docs/bare-metal/1.12/concepts/network-reqs#configuring_firewalld_ports)\non the Network requirements page.\n\nThe following instructions disable firewalld.\n\n1. Disable firewalld:\n\n sudo systemctl stop firewalld\n sudo systemctl disable firewalld\n\n2. Check the status of firewalld to ensure it is disabled:\n\n sudo systemctl status firewalld | grep \"Active\"\n # Output\n # Active: inactive (dead)\n\nConfigure Docker 19.03+ on your workstation\n-------------------------------------------\n\n| **Note:** The workstation running `bmctl` needs non-root user access to Docker to start the temporary bootstrap (kind) cluster during installation. To enable non-root user access to Docker, go to [Manage Docker as a non-root user](https://docs.docker.com/engine/install/linux-postinstall/#manage-docker-as-a-non-root-user).\n\nFollow these steps to manually install Docker:\n\n1. Remove any previous Docker version:\n\n sudo dnf remove docker \\\n docker-client \\\n docker-client-latest \\\n docker-common \\\n docker-latest \\\n docker-latest-logrotate \\\n docker-logrotate \\\n docker-engine\n\n2. Remove podman-manpages:\n\n sudo dnf remove podman-manpages\n\n3. Install Docker 19.03+:\n\n sudo dnf install -y yum-utils\n sudo yum-config-manager \\\n --add-repo \\\n https://download.docker.com/linux/centos/docker-ce.repo\n sudo dnf install -y --allowerasing docker-ce docker-ce-cli containerd.io\n sudo systemctl start docker\n\n4. Verify that you are now running version 19.03+:\n\n sudo docker version\n\n5. Compare your output with the following example to ensure the Client and\n Server versions are 19.03+:\n\n Client: Docker Engine - Community\n Version: 19.03.13\n ...\n Server: Docker Engine - Community\n Engine:\n Version: 19.03.13\n\n6. Verify Docker runs:\n\n docker run hello-world\n\n You should see something similar to this: \n\n Hello from Docker!\n\n This message shows that your installation appears to be working correctly.\n\nSet up time synchronization\n---------------------------\n\nTime synchronization consists of setting the clocks on your node machines, using\na designated external time reference. Time synchronization is important for\ntime-sentive cluster activities, such as event logging and metrics collection.\nThe kernel of your node machine controls the clock in containers that run on the\nnode. To ensure proper time synchronization, install a network time protocol\n(NTP) service on your machines, using any of the available services:\n[`chrony`](https://chrony.tuxfamily.org/), `systemd-timesyncd`,\n`ntp`, or `ntpdate`. Run `timedatectl` to verify the system clock is\nsynchronized. The output of `timedatectl` should contain the following status: \n\n System clock synchronized: yes\n\nBest Practices\n--------------\n\nTo simplify installation, we recommend that you configure RHEL using a minimal\ninstallation with headless management. Also, be sure to enable your\n[network connection](https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/configuring_basic_system_settings/assembly_configuring-and-managing-network-access_configuring-basic-system-settings)\nand either use the default DHCP or provide a valid, static IP address and\nnetwork information. Ensure that the machine can connect to\n[the required external resources](/anthos/clusters/docs/bare-metal/1.12/installing/proxy#prerequisites),\nsuch as `cloud.google.com`.\n\nIf Docker fails to run, check that the Docker daemon is running with the following command: \n\n sudo systemctl start docker"]]