by

Installation of Red Hat Openshift Platform

In this article we will see, how to install Openshift platform step by step on Red hat enterprise Linux 7. This installation includes three machines. In which one node work as master and another will host pods (collection of containers) and third node is workstation will host private image registry for openshift.

Master runs Openshift core services such as authentication, Kubernetes master services, Etcd daemons, Scheduler and Management/Replication while Node runs applications inside containers, which are in turn grouped into pods also it runs Kubernetes kubelet and kube-proxy daemons.

The Kubernetes scheduling unit is the pod, which is a grouping of containers sharing a virtual network device, internal IP address, TCP/UDP ports, and persistent storage. A pod can be anything from a complete enterprise application, including each of its layers as a distinct container, to a single microservice inside a single container. For example, a pod with one container running PHP under Apache and another container running MySQL.

Kubernetes also manage replica to scale pods. A replica is a set of pods sharing the same definition. For example, a replica consisting of many Apache+PHP pods running the same container image could be used for horizontally scaling a web application.

Following figure shows typical working of Openshift cloud platform.

openshift_working

Prior to installation make sure all systems are subscribed and connected to Red hat subscription management not to the RHN. Following subscriptions are required for Openshift installation.

OpenShift Container Platform subscriptions version 3.0 or 3.4, RHEL channel (rhel-7-server-rpms), rhel-7-server-extras-rpms required for docker installation, and rhel-7-server-optional-rpms.

To enable the required channels, use the command subscription-manager repos –enable.

Pr-requisite before installation:

  • Configure password less SSH between Master and Node.
  • Master and Node both must have static IP Address with resolvable DNS hostnames.
  • NetworkManager service must be enable and running on Master and Node.
  • Firewall service must be disable.
  • Configure wild card DNS zone. This needed by Openshift router (openshift router is basically pod which runs on node).

Installation procedure:

Master Server: master.test.example.com 172.25.0.10

Node Server: node.test.example.com 172.25.0.11

Workstation Server: workstation.test.example.com 172.25.0.9

Sub-domain Name: cloudapps.test.example.com

Step 1: Configure password less SSH between Master and Node server.

[root@master ~]# ssh-keygen -f /root/.ssh/id_rsa -N ”
Generating public/private rsa key pair.
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
F5:8e:39:3d:a6:64:66:c7:3c:03:cb:fd:48:7a:26:e9
root@master.test.example.com
The key’s randomart image is:
+–[ RSA 2048]—-+
|                 |
|                 |
|          .      |
|         . .     |
|        S . .    |
|         . @     |
|          @. &   |
|         =oBo*   |
|         .E+. .  |
+—————–+

Copy SSH key to Node Server as well as Master server itself, the reason is Openshift installer will copy installation files from Master server to Node server.

[root@master ~]# ssh-copy-id root@node.test.example.com

[root@master ~]# ssh-copy-id root@master.test.example.com

Step 2: Stop and Disable firewalld service.

[root@master ~]# systemctl stop firewalld

[root@master ~]# systemctl disable firewalld

[root@node ~]# systemctl stop firewalld

[root@node ~]# systemctl disable firewalld

Step 3: Copy SSL certificate from workstation to Master and Node server. (Pls. see post how to configure Private Image Registry on workstation….)

[root@master ~]# scp root@workstation:/etc/pki/tls/certs/example.com.crt \
/etc/pki/ca-trust/source/anchors/

Add certificate as from trusted source.
[root@master ~]# update-ca-trust extract

Repeat the same on Node server.

[root@node~]# scp root@workstation:/etc/pki/tls/certs/example.com.crt \
/etc/pki/ca-trust/source/anchors/

Add certificate as from trusted source.
[root@node~]# update-ca-trust extract

Step 4: Install Docker package and edit the docker configuration to setup internal private registry and block public docker registry.

[root@master ~]# yum install -y docker

[root@master ~]# /etc/sysconfig/docker

#ADD_REGISTRY=’–add-registry registry.access.redhat.com’
ADD_REGISTRY=’–add-registry workstation.test.example.com:5000′
BLOCK_REGISTRY=’–block-registry docker.io –block-registry registry.access.redhat.com’

save and exit file.

Repeat the same on Node server.

[root@node ~]# yum install -y docker

[root@node ~]# /etc/sysconfig/docker

#ADD_REGISTRY=’–add-registry registry.access.redhat.com’
ADD_REGISTRY=’–add-registry workstation.test.example.com:5000′
BLOCK_REGISTRY=’–block-registry docker.io –block-registry registry.access.redhat.com’

save and exit file..

Step 5: Setup storage for docker. create docker-storage-setup script inside /etc/sysconfig directory. specify device name, volume group name and enable LVM thin pool feature.

[root@master ~]#vi /etc/sysconfig/docker-storage-setup
DEVS=/dev/vdc
VG=docker-vg
SETUP_LVM_THIN_POOL=yes

[root@master ~]# lvmconf –disable-cluster
[root@master ~]# docker-storage-setup

Repeat the same on Node server.

[root@node ~]#vi /etc/sysconfig/docker-storage-setup
DEVS=/dev/vdc
VG=docker-vg
SETUP_LVM_THIN_POOL=yes

[root@node ~]# lvmconf –disable-cluster
[root@node ~]# docker-storage-setup

Examine newly created docker pool, this will host storage for docker container images.

[root@master ~]# lvs /dev/docker-vg/docker-pool
LV          VG        Attr       LSize Pool Origin Data%  Meta%    Move  Log  Cpy%Sync  Convert
docker-pool docker-vg twi-a-t— 10.45g            0.00   0.20

Start and enable docker service on both master and node server.

[root@master ~]# systemctl start docker
[root@master ~]# systemctl enable docker

[root@node~]# systemctl start docker
[root@node~]# systemctl enable docker

Step 6: Install packages and images required by installer.

Following rpm package are required:

wget
git
net-tools
bind-utils
iptables-services
bridge-utils
atomic-openshift-docker-excluder
atomic-openshift-excluder
atomic-openshift-utils

Following container images are required:

openshift3/ose-haproxy-router
openshift3/ose-deployer
openshift3/ose-sti-builder
openshift3/ose-pod
openshift3/ose-docker-registry
openshift3/ose-docker-builder
openshift3/registry-console

Additionally following application images are required but are optional.

openshift3/ruby-20-rhel7
openshift3/mysql-55-rhel7
openshift3/php-55-rhel7
jboss-eap-6/eap64-openshift
openshift3/nodejs-010-rhel7

[root@master ~]# yum -y install atomic-openshift-docker-excluder \
atomic-openshift-excluder atomic-openshift-utils \
bind-utils bridge-utils git \
iptables-services net-tools wget

[root@node~]# yum -y install atomic-openshift-docker-excluder \
atomic-openshift-excluder atomic-openshift-utils \
bind-utils bridge-utils git \
iptables-services net-tools wget

Create following script to fetch images on both master and node server from workstation server.

[root@master~]# vi fetch.sh

#!/bin/bash

for image in \
openshift3/ose-haproxy-router openshift3/ose-deployer openshift3/ose-sti-builder \
openshift3/ose-pod openshift3/ose-docker-registry openshift3/ose-docker-builder \
openshift3/registry-console
do docker pull $image:v3.4.1.0; done

#runtime images
for image in \
openshift3/ruby-20-rhel7 openshift3/mysql-55-rhel7 openshift3/php-55-rhel7 \
jboss-eap-6/eap64-openshift  openshift3/nodejs-010-rhel7
do docker pull $image: done

#sample image
for image in \
openshift/hello-openshift php-quote
do docker pull $image; done

[root@master~]# bash fetch.sh

Check images using

[root@master ~]# docker images

copy script to node server

[root@master~]# scp fetch.sh root@node.test.example.com:/tmp/fetch.sh

[root@node~]# bash /tmp/fetch.sh

[root@node~]# docker images

Step 7: Run the installer.

Remove OpenShift package exclusions. When the atomic-openshift-excluder package was installed, it added an exclude line to the /etc/yum.conf file. The package exclusions need to be removed in order for the installation to succeed. Remove the package exclusions from the master and node hosts:

[root@master~]# atomic-openshift-excluder unexclude

[root@node ~]# atomic-openshift-excluder unexclude

Make copy of docker configuration file on both master and node.

[root@master ~]# cp /etc/sysconfig/docker /etc/sysconfig/docker-backup

[root@node~]# cp /etc/sysconfig/docker /etc/sysconfig/docker-backup

Now run Openshift installer on master server only.

[root@master ~]# atomic-openshift-installer install

The installer displays a list of pre-requisites and asks for confirmation to continue.

  • The installer asks the user to connect to remote hosts. Press Enter to continue.
  • The installers asks if you want to install OCP or a standalone registry. Press Enter to accept the default value of 1, which installs OCP.
  • The installer prompts for details about the master node. Enter master.test.example.com as the hostname of master, Enter y to confirm that this host will be the master, and press Enter to accept the default rpm option
  • You have added details for the OCP master. You also need to add an OCP node. Enter y in the Do you want to add additional hosts? prompt, enter node.test.example.com as the hostname of the node, Enter N to confirm that this host will not be the master, and press Enter to accept the default rpm option.
  • The OpenShift cluster will have only two hosts. Enter N at the Do you want to add additional hosts? prompt.
  • The installer asks if you want to override the cluster host name. Press Enter to accept the default value of None.
  • The installer prompts you for a host where the storage for the OCP registry will be configured. Press Enter to accept the default value of master.test.example.com.
  • Enter cloudapps.test.example.com as the DNS sub-domain for the OCP router.
  • Accept the default value of none for both the http and https proxy.
  • The installer prints a final summary based on your input and asks for confirmation. Ensure that the hostname and IP address details of master and node hosts are correct, and then enter y to continue.
  • Finally Enter y to start the installation.

The installation takes 15 to 20 minutes to complete depending on the CPU, memory and network capacity of servers. If installation is successful, you should see a “The installation was successful!” message at the end.

Verify node and pod status.

[root@master ~]# oc get nodes
NAME                    STATUS                   AGE
master.test.example.com  Ready,SchedulingDisabled 9m
node.test.example.com    Ready                    9m

Check the status of the pods that were created during the OCP installation:

[root@master ~]# oc get pods
NAME                        READY     STATUS              RESTARTS   AGE
docker-registry-6-deploy    0/1       ContainerCreating   0          12m
registry-console-1-deploy   0/1       ContainerCreating   0          11m
router-1-deploy             0/1       ContainerCreating   0          12m

 

Step 8: Configure Openshift router and registry.

By default openshift installer setup the router and registry automatically, The OpenShift router is the ingress point to all external traffic destined for applications inside the OCP cloud. It runs as a pod on schedulable nodes and may need some postinstallation adjustments for environments which don’t point to the Red Hat subscriber private registry.

Note: Openshift router run as a pod so ithas special constraint context security privilegde, so it can bind to TCP ports on the host itself. This provision already configured by installer. The default Router implementation provided by OCP is based on a container image running HAProxy.

When installing OCP in an offline environment, the base OCP platform docker images can be pulled from a private registry hosted on a server inside the network. If the docker configuration has been changed to point to the internal private docker registry, a bug in the OCP installer causes it to overwrite the registry location and point to the Red Hat subscribers registry at registry.access.redhat.com. This causes the router and docker-registry pods to fail to start after the OCP install process is complete.

To fix this issue, revert to an older version of the docker configuration file. (/etc/sysconfig/docker-backup).

[root@master ~]# cp /etc/sysconfig/docker-backup /etc/sysconfig/docker
cp: overwrite ‘/etc/sysconfig/docker’? yes
[root@master ~]# systemctl restart docker

[root@node~]# cp /etc/sysconfig/docker-backup /etc/sysconfig/docker
cp: overwrite ‘/etc/sysconfig/docker’? yes
[root@node~]# systemctl restart docker

Use watch oc get pods and wait until the docker-registry and router pods have moved to a status of Running and then press Ctrl+C to exit:

[root@master ~]# watch oc get pods
NAME                        READY     STATUS             RESTARTS   AGE
docker-registry-6-y84m8     1/1       Running            0          1m
registry-console-1-8bmr4    0/1       ImagePullBackOff   0          1m
registry-console-1-deploy   1/1       Running            0          20m
router-1-00nd2              1/1       Running            0          1m

From above status you will see the registry-console pod will not have a status of Running because the default configuration of the OCP installer tries to pull the registry-console image from registry.access.redhat.com. It may have a status of ImagePullBackOff, ErrImagePull, or Error.

Modify the deployment configuration for the registry console to point to workstation.test.example.com:5000, and then verify that all pods are running:

[root@master ~]# oc edit dc registry-console

it will open vi buffer, change public red hat registry address to private workstation registry. Search below line.

image: registry.access.redhat.com/openshift3/registry-console:3.3

Replace it by below

image: workstation.lab.example.com:5000/openshift3/registry-console:3.3

Now wait for minute, you will see all pods are in running status.

[root@master ~]# oc get pods
NAME                       READY     STATUS    RESTARTS   AGE
docker-registry-6-oytdi    1/1       Running   0          1m
registry-console-2-wijvb   1/1       Running   0          20s
router-1-7n637             1/1       Running   0          1m

Reinstate OpenShift package exclusions on both the master and node hosts to ensure that future package updates do not impact OpenShift:

[root@master~]# atomic-openshift-excluder exclude

[root@node ~]# atomic-openshift-excluder exclude

Step 9: Verify that the default router pod accepts requests from the DNS wildcard domain:

[root@master ~]# curl http://myapp.cloudapps.test.example.com

Step 10: Modify ImageStream to store and pool images from internal registry.

[root@master ~]# oc edit is -n openshift

The above command opens up a vi buffer which can be edited.

replace all occurrences of registry.access.redhat.com with workstation.test.example.com:5000:

:%s/registry.access.redhat.com/workstation.lab.example.com:5000

 

At this stage installation of Openshift Platform is completed, in next article we will see how to create users, project and resources in openshift cluster and also see how to deploy simple application on openshift platform.

 

Leave a comment