OpenShift 3.5 Installation

From NovaOrdis Knowledge Base
Jump to navigation Jump to search

External

Internal

Overview

There are two installation methods: quick install, which uses a CLI tool available in the "atomic-openshift-utils" package, which, in turn, uses Ansible in the background, and advanced install. The advanced install assumes familiarity with Ansible. This document covers advance install.

Prerequisites

External DNS Setup

An external DNS server is required.

Procedure to configure a bind server:

Set up a bind Server

Minimum Hardware Requirements

https://docs.openshift.com/container-platform/3.5/install_config/install/prerequisites.html#hardware

A full RHEL7.3/Master installation requires 121 MB in /boot and 1.7GB in /.

O/S Requirements and Configuration

https://docs.openshift.com/container-platform/3.5/install_config/install/prerequisites.html
https://docs.openshift.com/container-platform/3.5/install_config/install/host_preparation.html

Install RHEL 7.3 in "minimal" installation mode. A possible way to install it is on top of a VirtualBox virtual machine, as described here.

OpenShift requires NetworkManager on all nodes (see https://docs.openshift.com/container-platform/3.5/install_config/install/prerequisites.html#prereq-networkmanager). Using NetworkManager, assign a static IP address to the interface to be used by the OpenShift cluster, as described here: adding a Static Ethernet Connection with NetworkManager.

Turn off sshd client name DNS verification.

Attach the node to the subscription, using subscription manager, as described here: registering a RHEL System with subscription manager then follow the specific subscription steps required by OpenShift: https://docs.openshift.com/container-platform/3.5/install_config/install/host_preparation.html#host-registration

Sequence of steps - the goal of these steps is to configure the following supported repositories on the system: "rhel-7-server-rpms", "rhel-7-server-extras-rpms", "rhel-7-server-ose-3.5-rpms", "rhel-7-fast-datapath-rpms":

subscription-manager register
subscription-manager list --available --matches '*OpenShift*'
subscription-manager attach --pool=<pool-id> --quantity=1
subscription-manager repos --disable="*"
subscription-manager repos --list-enabled
yum repolist
yum-config-manager --disable <repo_id>
subscription-manager repos --enable="rhel-7-server-rpms" --enable="rhel-7-server-extras-rpms" --enable="rhel-7-server-ose-3.5-rpms" --enable="rhel-7-fast-datapath-rpms"
subscription-manager repos --list-enabled
yum repolist

Install base packages (https://docs.openshift.com/container-platform/3.5/install_config/install/host_preparation.html#installing-base-packages):

yum install wget git net-tools bind-utils iptables-services bridge-utils bash-completion
yum update -y
yum install atomic-openshift-utils

Prevent accidental upgrades of OpenShiift and Docker, by installing "excluder" packages. The *-excluder packages add entries to the "exclude" directive in the host’s /etc/yum.conf file when installed. Those entries can be removed later when we explicitly want to upgrade OpenShift or Docker. More details in yum Exclusion.

yum install atomic-openshift-excluder atomic-openshift-docker-excluder

If later we need to upgrade, we must run the following command:

atomic-openshift-excluder unexclude

Reboot the system to make sure it starts correctly after package installation:

systemctl reboot

Configure the DNS client to use the DNS server that was installed as part of the procedure. See Manual /etc/resolv.conf Configuration and https://docs.openshift.com/container-platform/3.5/install_config/install/prerequisites.html#prereq-dns

Make sure SELinux is enabled on all hosts. If is not, enable SELinux and make sure SELINUXTYPE is "targeted" in /etc/selinux/config.

sestatus

Docker Installation

https://docs.openshift.com/container-platform/3.5/install_config/install/host_preparation.html#installing-docker

Install Docker. Docker is technically not required on masters, but it is easier to create a uniform image and only disable docker on masters. The binaries must be installed from the rhel-7-server-ose-3.*-rpms repository and have it running before installing OpenShift.

OpenShift 3.5 requires Docker 1.12.

yum install docker
docker version

The advanced installation procedure will update /etc/sysconfig/docker on nodes with OpenShift-specific configuration.

Provision storage for the Docker server. The default loopback storage is not appropriate for production, it should be replaced by a thin-pool logical volume. Follow https://docs.openshift.com/container-platform/3.5/install_config/install/host_preparation.html#configuring-docker-storage. Used Option A) "an additional block device". On VirtualBox, provision a new virtual disk of appropriate size and configure it as Docker storage backend.

The procedure consists in executing /usr/bin/docker-storage-setup with the base configuration read from /usr/lib/docker-storage-setup/docker-storage-setup and custom configuration specified in /etc/sysconfig/docker-storage-setup, similarly to:

DEVS=/dev/sdb
VG=docker_vg

Under some circumstances, /usr/bin/docker-storage-setup fails with:

[...]
end of partition 1 has impossible value for cylinders: 65 (should be in 0-64)
sfdisk: I don't like these partitions - nothing changed.
(If you really want this, use the --force option.)

If that happens, follow the manual procedure of provisioning Docker storage on a dedicated block device:

Provision Docker Storage on a Dedicated Block Device


Check if Docker is running:

  1. systemctl is-active docker

If Docker has not yet been started on the host, enable and start the service:

  1. systemctl enable docker
  2. systemctl start docker

If Docker is already running, re-initialize Docker:

This will destroy any containers or images currently on the host.

  1. systemctl stop docker
  2. rm -rf /var/lib/docker/*
  3. systemctl restart docker

If there is any content in /var/lib/docker/, it must be deleted. Files will be present if Docker has been used prior to the installation of OpenShift Container Platform.

Then go to https://docs.openshift.com/container-platform/3.5/install_config/install/host_preparation.html#reconfiguring-docker-storage

Generic Docker installation instructions:

Docker Installation















Turn off firewalld and configure the iptables service

Make sure master can issue remote commands on the nodes without requiring password. Ansible, who runs the installation process, requires a user that has password-less access to all hosts.

From the master, as root:

# ssh-keygen
# ssh-copy-id root@node1.example.com
  • Configure iptables. iptables must be running and the following ports must be open. Most of the ports will be configured by the installer, automatically - verify that.:
OpenShift Ports

Run CLI to Install

Post-Install

Deploy the Integrated Docker Registry

Deploy the HAProxy Router

Load Image Streams

Load Templates

Set up NFS

The NFS server is required for persistent volumes.

Advanced Installation

OpenShift Advanced Installation

TODO

DNS Configuration

After setup, the DNS server needs to be configured to resolve a public wildcard DNS entry to the public IP address of the node that executes the default router, by adding an A record, with a low TTL. If the environment has multiple routers, an external load balancer is required.

*.myapp.example.com. 300 IN  A 1.2.3.4

Also see https://docs.openshift.com/container-platform/3.5/install_config/install/prerequisites.html#wildcard-dns-prereq


Post-Installation

  • Verify that /etc/sysconfig/docker on all nodes contains --selinux-enabled and --insecure-registry 172.30.0.0/16