Install Openshift

March 12, 2019

Page content

Ansible-openshift is a pre made ansible playbook for Openshift installation. In this Post I will show you how to use to install a new Openshift cluster.

Parts of the Openshift series

Part1: Install Opeshift
Part2: How to Enable Auto Approval of CSR in Openshift v3.11
Part3: Add new workers to Openshift cluster
Part4: Chane the certificates of the Openshift cluster
Part5: LDAP authentication for Openshift
Part6: Keycloak SSO authentication for Openshift
Part7: Gitlab SSO authentication for Openshift
Part8a: Ceph persistent storage for Openshift
Part8b: vSphere persistent storage for Openshift
Part9: Helm on Openshift
Part10: Tillerless Helm on Openshift
Part11: Use external docker registry on Openshift
Part12: Secondary router on Openshift
Part13a: Use Letsencrypt on Openshift
Part13b: Install cert-managger on Openshift
Part14: Create Openshift operators
Part15: Convert docker-compose file to Opeshift
Part16a: Opeshift elasticsearch search-guard error
Part16b: Openshift: Log4Shell - Remote Code Execution (CVE-2021-44228) (CVE-2021-4104)

Environment

192.168.1.40    deployer
192.168.1.41    openshift01 # master node
192.168.1.42    openshift02 # infra node
192.168.1.43    openshift03 # worker node

# hardware requirement
4 CPU
16G RAM

DNS config

master.openshift     300 IN  A 192.168.1.41
openshift            300 IN  A 192.168.1.42
*.openshift            300 IN  A 192.168.1.42

Prerequirement

# deployer
yum install epel-release centos-release-openshift-origin311
yum --disablerepo=* --enablerepo=centos-ansible26 install ansible
yum install openshift-ansible nano

echo "exclude=ansible" >> /etc/yum.conf

nano ~/.ssh/config
Host openshift01
    Hostname openshift01.devopstales.intra
    User origin

Host openshift02
    Hostname openshift02.devopstales.intra
    User origin

Host openshift03
    Hostname openshift03.devopstales.intra
    User origin

# on all openshift hosts
hostnamectl set-hostname openshift01
yum -y update
yum -y install centos-release-openshift-origin311 epel-release docker git pyOpenSSL

useradd origin
passwd origin
echo -e 'Defaults:origin !requiretty\norigin ALL = (root) NOPASSWD:ALL' | tee /etc/sudoers.d/origin
chmod 440 /etc/sudoers.d/origin
reboot

# Disable swap permanently
nano /etc/fstab
#/dev/mapper/centos_openshift01-swap swap                    swap    defaults        0 0

sudo swapoff -a

sudo lvremove -Ay /dev/centos/swap
sudo lvextend -l +100%FREE centos/root
sudo xfs_growfs /

sudo nano /etc/default/grub
GRUB_TIMEOUT=5
GRUB_DEFAULT=saved
GRUB_DISABLE_SUBMENU=true
GRUB_TERMINAL_OUTPUT="console"
# GRUB_CMDLINE_LINUX="rd.lvm.lv=centos/root rd.lvm.lv=centos/swap crashkernel=auto rhgb quiet"
GRUB_CMDLINE_LINUX="rd.lvm.lv=centos/root crashkernel=auto rhgb quiet"
GRUB_DISABLE_RECOVERY="true"

dracut --regenerate-all -f
grub2-mkconfig -o /boot/grub2/grub.cfg

Configurate Installer

# deployer

nano /etc/ansible/hosts
[OSEv3:children]
masters
nodes
etcd

[OSEv3:vars]
# admin user created in previous section
ansible_ssh_user=origin
ansible_become=true
openshift_deployment_type=origin
os_firewall_use_firewalld=True
openshift_clock_enabled=true

# use HTPasswd for authentication
openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', 'challenge': 'true', 'kind': 'HTPasswdPasswordIdentityProvider'}]

# define default sub-domain for Master node
openshift_master_default_subdomain=openshift.devopstales.intra
osm_default_subdomain=openshift.devopstales.intra

# allow unencrypted connection within cluster
openshift_docker_insecure_registries=172.30.0.0/16

openshift_master_cluster_hostname=master.openshift.devopstales.intra
openshift_master_cluster_public_hostname=master.openshift.devopstales.intra
openshift_public_hostname=master.openshift.devopstales.intra

openshift_master_api_port=443
openshift_master_console_port=443

[masters]
openshift01 containerized=true openshift_public_hostname=master.openshift.devopstales.intra

[etcd]
openshift01 containerized=true

[nodes]
# defined values for [openshift_node_group_name] in the file below
# [/usr/share/ansible/openshift-ansible/roles/openshift_facts/defaults/main.yml]
openshift01 openshift_node_group_name='node-config-master'
openshift02 openshift_node_group_name='node-config-infra'
openshift03 openshift_node_group_name='node-config-compute'

Run the Installer

# deployer
cd /usr/share/ansible/openshift-ansible/
sudo ansible-playbook playbooks/prerequisites.yml
sudo ansible-playbook playbooks/deploy_cluster.yml

# If installastion failed or went wrong, the following uninstallation script can be run, and running installation can be tried again:
sudo ansible-playbook playbooks/adhoc/uninstall.yml

User management

# on openshift master

cd /etc/origin/master/
# add user
htpasswd [/path/to/users.htpasswd] [user_name]
htpasswd htpasswd devopstales

# delete user
htpasswd -D [htpasswd/file/path/]  [user-name] [password]
htpasswd -D htpasswd devopstales Password1

# it will remove only the username from the htpasswd file by default it won’t remove user identity
oc delete  identity htpasswd_auth:user

Parts of the Openshift series

Environment

DNS config

Prerequirement

Configurate Installer

Run the Installer

User management

Your support is our everlasting motivation, that cup of coffee is what keeps us going!

Your support is our everlasting motivation,
that cup of coffee is what keeps us going!