Chapter 7. Disconnected installation


Frequently, portions of a data center might not have access to the Internet, even via proxy servers. You can still install OpenShift Container Platform in these environments, but you must download required software and images and make them available to the disconnected environment.

After the installation components are available to your node hosts, you install OpenShift Container Platform by following the standard installation steps.

After you install OpenShift Container Platform, you must make the S2I builder images that you pulled available to the cluster.

7.1. Prerequisites

  • Review OpenShift Container Platform’s overall architecture and plan your environment topology.
  • Obtain a Red Hat Enterprise Linux (RHEL) 7 server that you have root access to with access to the Internet and at least 110 GB of disk space. You download the required software repositories and container images to this computer.
  • Plan to maintain a webserver within your disconnected environment to serve the mirrored repositories. You copy the repositories from the Internet-connected host to this webserver, either over the network or by using physical media in disconnected deployments.
  • Provide a source control repository. After installation, your nodes must access source code in a source code repository, such as Git.

    When building applications in OpenShift Container Platform, your build might contain external dependencies, such as a Maven Repository or Gem files for Ruby applications.

  • Provide a registry within the disconnected environment. Options include:

7.2. Obtaining required software packages and images

Before you install OpenShift Container Platform in your disconnected environment, obtain the required images and components and store them in your repository.

Important

You must obtain the required images and software components on a system with the same architecture as the cluster that is in your disconnected environment.

7.2.1. Obtaining OpenShift Container Platform packages

On the RHEL 7 server with an internet connection, sync the repositories:

  1. To ensure that the packages are not deleted after you sync the repository, import the GPG key:

    $ rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
  2. Register the server with the Red Hat Customer Portal. You must use the credentials that are associated with the account that has access to the OpenShift Container Platform subscriptions:

    $ subscription-manager register
  3. Pull the latest subscription data from RHSM:

    $ subscription-manager refresh
  4. Attach a subscription that provides OpenShift Container Platform channels.

    1. Find an available subscription pool that provides the OpenShift Container Platform channels:

      $ subscription-manager list --available --matches '*OpenShift*'
    2. Attach a pool ID for a subscription that provides OpenShift Container Platform:

      $ subscription-manager attach --pool=<pool_id>
      $ subscription-manager repos --disable="*"
  5. Enable only the repositories required by OpenShift Container Platform 3.11.

    • For cloud installations and on-premise installations on x86_64 servers, run the following command:

      # subscription-manager repos \
          --enable="rhel-7-server-rpms" \
          --enable="rhel-7-server-extras-rpms" \
          --enable="rhel-7-server-ose-3.11-rpms" \
          --enable="rhel-7-server-ansible-2.9-rpms"
    • For on-premise installations on IBM POWER8 servers, run the following command:

      # subscription-manager repos \
          --enable="rhel-7-for-power-le-rpms" \
          --enable="rhel-7-for-power-le-extras-rpms" \
          --enable="rhel-7-for-power-le-optional-rpms" \
          --enable="rhel-7-server-ansible-2.9-for-power-le-rpms" \
          --enable="rhel-7-server-for-power-le-rhscl-rpms" \
          --enable="rhel-7-for-power-le-ose-3.11-rpms"
    • For on-premise installations on IBM POWER9 servers, run the following command:

      # subscription-manager repos \
          --enable="rhel-7-for-power-9-rpms" \
          --enable="rhel-7-for-power-9-extras-rpms" \
          --enable="rhel-7-for-power-9-optional-rpms" \
          --enable="rhel-7-server-ansible-2.9-for-power-9-rpms" \
          --enable="rhel-7-server-for-power-9-rhscl-rpms" \
          --enable="rhel-7-for-power-9-ose-3.11-rpms"
    Note

    Older versions of OpenShift Container Platform 3.11 supported only Ansible 2.6. The most recent versions of the playbooks now support Ansible 2.9, which is the preferred version to use.

  6. Install required packages:

    $ sudo yum -y install yum-utils createrepo docker git

    The yum-utils package provides the reposync utility, which lets you mirror yum repositories, and you can use the createrepo package to create a usable yum repository from a directory.

  7. Make a directory to store the software in the server’s storage or to a USB drive or other external device:

    $ mkdir -p </path/to/repos>
    Important

    If you can re-connect this server to the disconnected LAN and use it as the repository server, store the files locally. If you cannot, use USB-connected storage so you can transport the software to a repository server in your disconnected LAN.

  8. Sync the packages and create the repository for each of them.

    • For on-premise installations on x86_64 servers, run the following command:

      $ for repo in \
        rhel-7-server-rpms \
        rhel-7-server-extras-rpms \
        rhel-7-server-ansible-2.9-rpms \
        rhel-7-server-ose-3.11-rpms
      do
        reposync --gpgcheck -lm --repoid=${repo} --download_path=</path/to/repos> 1
        createrepo -v </path/to/repos/>${repo} -o </path/to/repos/>${repo} 2
      done
      1 2
      Provide the path to the directory you created.
    • For on-premise installations on IBM POWER8 servers, run the following command:

      $ for repo in \
        rhel-7-for-power-le-rpms \
        rhel-7-for-power-le-extras-rpms \
        rhel-7-for-power-le-optional-rpms \
        rhel-7-server-ansible-2.9-for-power-le-rpms \
        rhel-7-server-for-power-le-rhscl-rpms \
        rhel-7-for-power-le-ose-3.11-rpms
      do
        reposync --gpgcheck -lm --repoid=${repo} --download_path=</path/to/repos> 1
        createrepo -v </path/to/repos/>${repo} -o </path/to/repos/>${repo} 2
      done
      1 2
      Provide the path to the directory you created.
    • For on-premise installations on IBM POWER9 servers, run the following command:

      $ for repo in \
        rhel-7-for-power-9-rpms \
        rhel-7-for-power-9-extras-rpms \
        rhel-7-for-power-9-optional-rpms \
        rhel-7-server-ansible-2.9-for-power-9-rpms \
        rhel-7-server-for-power-9-rhscl-rpms \
        rhel-7-for-power-9-ose-3.11-rpms
      do
        reposync --gpgcheck -lm --repoid=${repo} --download_path=/<path/to/repos> 1
        createrepo -v </path/to/repos/>${repo} -o </path/to/repos/>${repo} 2
      done
      1 2
      Provide the path to the directory you created.

7.2.2. Obtaining images

Pull the required container images:

  1. Start the Docker daemon:

    $ systemctl start docker
  2. Pull all of the required OpenShift Container Platform infrastructure component images. Replace <tag> with the version to install. For example, specify v3.11.634 for the latest version. You can specify a different minor version. If you are using a containerized installer, pull registry.redhat.io/openshift3/ose-ansible:v3.11 in addition to these required images:

    $ docker pull registry.redhat.io/openshift3/apb-base:<tag>
    $ docker pull registry.redhat.io/openshift3/apb-tools:<tag>
    $ docker pull registry.redhat.io/openshift3/automation-broker-apb:<tag>
    $ docker pull registry.redhat.io/openshift3/csi-attacher:<tag>
    $ docker pull registry.redhat.io/openshift3/csi-driver-registrar:<tag>
    $ docker pull registry.redhat.io/openshift3/csi-livenessprobe:<tag>
    $ docker pull registry.redhat.io/openshift3/csi-provisioner:<tag>
    $ docker pull registry.redhat.io/openshift3/grafana:<tag>
    $ docker pull registry.redhat.io/openshift3/kuryr-controller:<tag>
    $ docker pull registry.redhat.io/openshift3/kuryr-cni:<tag>
    $ docker pull registry.redhat.io/openshift3/local-storage-provisioner:<tag>
    $ docker pull registry.redhat.io/openshift3/manila-provisioner:<tag>
    $ docker pull registry.redhat.io/openshift3/mariadb-apb:<tag>
    $ docker pull registry.redhat.io/openshift3/mediawiki:<tag>
    $ docker pull registry.redhat.io/openshift3/mediawiki-apb:<tag>
    $ docker pull registry.redhat.io/openshift3/mysql-apb:<tag>
    $ docker pull registry.redhat.io/openshift3/ose-ansible-service-broker:<tag>
    $ docker pull registry.redhat.io/openshift3/ose-cli:<tag>
    $ docker pull registry.redhat.io/openshift3/ose-cluster-autoscaler:<tag>
    $ docker pull registry.redhat.io/openshift3/ose-cluster-capacity:<tag>
    $ docker pull registry.redhat.io/openshift3/ose-cluster-monitoring-operator:<tag>
    $ docker pull registry.redhat.io/openshift3/ose-console:<tag>
    $ docker pull registry.redhat.io/openshift3/ose-configmap-reloader:<tag>
    $ docker pull registry.redhat.io/openshift3/ose-control-plane:<tag>
    $ docker pull registry.redhat.io/openshift3/ose-deployer:<tag>
    $ docker pull registry.redhat.io/openshift3/ose-descheduler:<tag>
    $ docker pull registry.redhat.io/openshift3/ose-docker-builder:<tag>
    $ docker pull registry.redhat.io/openshift3/ose-docker-registry:<tag>
    $ docker pull registry.redhat.io/openshift3/ose-efs-provisioner:<tag>
    $ docker pull registry.redhat.io/openshift3/ose-egress-dns-proxy:<tag>
    $ docker pull registry.redhat.io/openshift3/ose-egress-http-proxy:<tag>
    $ docker pull registry.redhat.io/openshift3/ose-egress-router:<tag>
    $ docker pull registry.redhat.io/openshift3/ose-haproxy-router:<tag>
    $ docker pull registry.redhat.io/openshift3/ose-hyperkube:<tag>
    $ docker pull registry.redhat.io/openshift3/ose-hypershift:<tag>
    $ docker pull registry.redhat.io/openshift3/ose-keepalived-ipfailover:<tag>
    $ docker pull registry.redhat.io/openshift3/ose-kube-rbac-proxy:<tag>
    $ docker pull registry.redhat.io/openshift3/ose-kube-state-metrics:<tag>
    $ docker pull registry.redhat.io/openshift3/ose-metrics-server:<tag>
    $ docker pull registry.redhat.io/openshift3/ose-node:<tag>
    $ docker pull registry.redhat.io/openshift3/ose-node-problem-detector:<tag>
    $ docker pull registry.redhat.io/openshift3/ose-operator-lifecycle-manager:<tag>
    $ docker pull registry.redhat.io/openshift3/ose-ovn-kubernetes:<tag>
    $ docker pull registry.redhat.io/openshift3/ose-pod:<tag>
    $ docker pull registry.redhat.io/openshift3/ose-prometheus-config-reloader:<tag>
    $ docker pull registry.redhat.io/openshift3/ose-prometheus-operator:<tag>
    $ docker pull registry.redhat.io/openshift3/ose-recycler:<tag>
    $ docker pull registry.redhat.io/openshift3/ose-service-catalog:<tag>
    $ docker pull registry.redhat.io/openshift3/ose-template-service-broker:<tag>
    $ docker pull registry.redhat.io/openshift3/ose-tests:<tag>
    $ docker pull registry.redhat.io/openshift3/ose-web-console:<tag>
    $ docker pull registry.redhat.io/openshift3/postgresql-apb:<tag>
    $ docker pull registry.redhat.io/openshift3/registry-console:<tag>
    $ docker pull registry.redhat.io/openshift3/snapshot-controller:<tag>
    $ docker pull registry.redhat.io/openshift3/snapshot-provisioner:<tag>
    $ docker pull registry.redhat.io/rhel7/etcd:3.2.28
  3. For on-premise installations on x86_64 servers, pull the following image. Replace <tag> with the version to install. For example, specify v3.11.634 for the latest version. You can specify a different minor version.

    $ docker pull registry.redhat.io/openshift3/ose-efs-provisioner:<tag>
  4. Pull all of the required OpenShift Container Platform component images for the optional components. Replace <tag> with the version to install. For example, specify v3.11.634 for the latest version. You can specify a different minor version.

    • For on-premise installations on x86_64 servers, run the following commands:

      $ docker pull registry.redhat.io/openshift3/metrics-cassandra:<tag>
      $ docker pull registry.redhat.io/openshift3/metrics-hawkular-metrics:<tag>
      $ docker pull registry.redhat.io/openshift3/metrics-hawkular-openshift-agent:<tag>
      $ docker pull registry.redhat.io/openshift3/metrics-heapster:<tag>
      $ docker pull registry.redhat.io/openshift3/metrics-schema-installer:<tag>
      $ docker pull registry.redhat.io/openshift3/oauth-proxy:<tag>
      $ docker pull registry.redhat.io/openshift3/ose-logging-curator5:<tag>
      $ docker pull registry.redhat.io/openshift3/ose-logging-elasticsearch5:<tag>
      $ docker pull registry.redhat.io/openshift3/ose-logging-eventrouter:<tag>
      $ docker pull registry.redhat.io/openshift3/ose-logging-fluentd:<tag>
      $ docker pull registry.redhat.io/openshift3/ose-logging-kibana5:<tag>
      $ docker pull registry.redhat.io/openshift3/prometheus:<tag>
      $ docker pull registry.redhat.io/openshift3/prometheus-alertmanager:<tag>
      $ docker pull registry.redhat.io/openshift3/prometheus-node-exporter:<tag>
      $ docker pull registry.redhat.io/cloudforms46/cfme-openshift-postgresql
      $ docker pull registry.redhat.io/cloudforms46/cfme-openshift-memcached
      $ docker pull registry.redhat.io/cloudforms46/cfme-openshift-app-ui
      $ docker pull registry.redhat.io/cloudforms46/cfme-openshift-app
      $ docker pull registry.redhat.io/cloudforms46/cfme-openshift-embedded-ansible
      $ docker pull registry.redhat.io/cloudforms46/cfme-openshift-httpd
      $ docker pull registry.redhat.io/cloudforms46/cfme-httpd-configmap-generator
      $ docker pull registry.redhat.io/rhgs3/rhgs-server-rhel7
      $ docker pull registry.redhat.io/rhgs3/rhgs-volmanager-rhel7
      $ docker pull registry.redhat.io/rhgs3/rhgs-gluster-block-prov-rhel7
      $ docker pull registry.redhat.io/rhgs3/rhgs-s3-server-rhel7
    • For on-premise installations on IBM POWER8 or IBM POWER9 servers, run the following commands:

      $ docker pull registry.redhat.io/openshift3/metrics-cassandra:<tag>
      $ docker pull registry.redhat.io/openshift3/metrics-hawkular-openshift-agent:<tag>
      $ docker pull registry.redhat.io/openshift3/metrics-heapster:<tag>
      $ docker pull registry.redhat.io/openshift3/metrics-schema-installer:<tag>
      $ docker pull registry.redhat.io/openshift3/oauth-proxy:<tag>
      $ docker pull registry.redhat.io/openshift3/ose-logging-curator5:<tag>
      $ docker pull registry.redhat.io/openshift3/ose-logging-elasticsearch5:<tag>
      $ docker pull registry.redhat.io/openshift3/ose-logging-eventrouter:<tag>
      $ docker pull registry.redhat.io/openshift3/ose-logging-fluentd:<tag>
      $ docker pull registry.redhat.io/openshift3/ose-logging-kibana5:<tag>
      $ docker pull registry.redhat.io/openshift3/prometheus:<tag>
      $ docker pull registry.redhat.io/openshift3/prometheus-alert-buffer:<tag>
      $ docker pull registry.redhat.io/openshift3/prometheus-alertmanager:<tag>
      $ docker pull registry.redhat.io/openshift3/prometheus-node-exporter:<tag>
    Important

    For Red Hat support, a converged mode subscription is required for rhgs3/ images.

  5. Pull the Red Hat-certified Source-to-Image (S2I) builder images that you intend to use in your OpenShift Container Platform environment.

    Make sure to indicate the correct tag by specifying the version number. See the S2I table in the OpenShift and Atomic Platform Tested Integrations page for details about image version compatibility.

    You can pull the following images:

    $ docker pull registry.redhat.io/jboss-amq-6/amq63-openshift:<tag>
    $ docker pull registry.redhat.io/jboss-datagrid-7/datagrid71-openshift:<tag>
    $ docker pull registry.redhat.io/jboss-datagrid-7/datagrid71-client-openshift:<tag>
    $ docker pull registry.redhat.io/jboss-datavirt-6/datavirt63-openshift:<tag>
    $ docker pull registry.redhat.io/jboss-datavirt-6/datavirt63-driver-openshift:<tag>
    $ docker pull registry.redhat.io/jboss-decisionserver-6/decisionserver64-openshift:<tag>
    $ docker pull registry.redhat.io/jboss-processserver-6/processserver64-openshift:<tag>
    $ docker pull registry.redhat.io/jboss-eap-6/eap64-openshift:<tag>
    $ docker pull registry.redhat.io/jboss-eap-7/eap71-openshift:<tag>
    $ docker pull registry.redhat.io/jboss-webserver-3/webserver31-tomcat7-openshift:<tag>
    $ docker pull registry.redhat.io/jboss-webserver-3/webserver31-tomcat8-openshift:<tag>
    $ docker pull registry.redhat.io/openshift3/jenkins-2-rhel7:<tag>
    $ docker pull registry.redhat.io/openshift3/jenkins-agent-maven-35-rhel7:<tag>
    $ docker pull registry.redhat.io/openshift3/jenkins-agent-nodejs-8-rhel7:<tag>
    $ docker pull registry.redhat.io/openshift3/jenkins-slave-base-rhel7:<tag>
    $ docker pull registry.redhat.io/openshift3/jenkins-slave-maven-rhel7:<tag>
    $ docker pull registry.redhat.io/openshift3/jenkins-slave-nodejs-rhel7:<tag>
    $ docker pull registry.redhat.io/rhscl/mongodb-32-rhel7:<tag>
    $ docker pull registry.redhat.io/rhscl/mysql-57-rhel7:<tag>
    $ docker pull registry.redhat.io/rhscl/perl-524-rhel7:<tag>
    $ docker pull registry.redhat.io/rhscl/php-56-rhel7:<tag>
    $ docker pull registry.redhat.io/rhscl/postgresql-95-rhel7:<tag>
    $ docker pull registry.redhat.io/rhscl/python-35-rhel7:<tag>
    $ docker pull registry.redhat.io/redhat-sso-7/sso70-openshift:<tag>
    $ docker pull registry.redhat.io/rhscl/ruby-24-rhel7:<tag>
    $ docker pull registry.redhat.io/redhat-openjdk-18/openjdk18-openshift:<tag>
    $ docker pull registry.redhat.io/redhat-sso-7/sso71-openshift:<tag>
    $ docker pull registry.redhat.io/rhscl/nodejs-6-rhel7:<tag>
    $ docker pull registry.redhat.io/rhscl/mariadb-101-rhel7:<tag>

7.2.3. Exporting images

If your environment does not have access to your internal network and requires physical media to transfer content, export the images to compressed files. If your host is connected to both the Internet and your internal networks, skip the following steps and continue to Prepare and populate the repository server.

  1. Create a directory to store your compressed images in and change to it:

    $ mkdir </path/to/images>
    $ cd </path/to/images>
  2. Export the OpenShift Container Platform infrastructure component images. If you are using a containerized installer, export registry.redhat.io/openshift3/ose-ansible:v3.11 in addition to these required images:

    • For on-premise installations on x86_64 servers, run the following command:

      $ docker save -o ose3-images.tar \
          registry.redhat.io/openshift3/apb-base \
          registry.redhat.io/openshift3/apb-tools \
          registry.redhat.io/openshift3/automation-broker-apb \
          registry.redhat.io/openshift3/csi-attacher \
          registry.redhat.io/openshift3/csi-driver-registrar \
          registry.redhat.io/openshift3/csi-livenessprobe \
          registry.redhat.io/openshift3/csi-provisioner \
          registry.redhat.io/openshift3/grafana \
          registry.redhat.io/openshift3/kuryr-controller \
          registry.redhat.io/openshift3/kuryr-cni \
          registry.redhat.io/openshift3/local-storage-provisioner \
          registry.redhat.io/openshift3/manila-provisioner \
          registry.redhat.io/openshift3/mariadb-apb \
          registry.redhat.io/openshift3/mediawiki \
          registry.redhat.io/openshift3/mediawiki-apb \
          registry.redhat.io/openshift3/mysql-apb \
          registry.redhat.io/openshift3/ose-ansible-service-broker \
          registry.redhat.io/openshift3/ose-cli \
          registry.redhat.io/openshift3/ose-cluster-autoscaler \
          registry.redhat.io/openshift3/ose-cluster-capacity \
          registry.redhat.io/openshift3/ose-cluster-monitoring-operator \
          registry.redhat.io/openshift3/ose-console \
          registry.redhat.io/openshift3/ose-configmap-reloader \
          registry.redhat.io/openshift3/ose-control-plane \
          registry.redhat.io/openshift3/ose-deployer \
          registry.redhat.io/openshift3/ose-descheduler \
          registry.redhat.io/openshift3/ose-docker-builder \
          registry.redhat.io/openshift3/ose-docker-registry \
          registry.redhat.io/openshift3/ose-efs-provisioner \
          registry.redhat.io/openshift3/ose-egress-dns-proxy \
          registry.redhat.io/openshift3/ose-egress-http-proxy \
          registry.redhat.io/openshift3/ose-egress-router \
          registry.redhat.io/openshift3/ose-haproxy-router \
          registry.redhat.io/openshift3/ose-hyperkube \
          registry.redhat.io/openshift3/ose-hypershift \
          registry.redhat.io/openshift3/ose-keepalived-ipfailover \
          registry.redhat.io/openshift3/ose-kube-rbac-proxy \
          registry.redhat.io/openshift3/ose-kube-state-metrics \
          registry.redhat.io/openshift3/ose-metrics-server \
          registry.redhat.io/openshift3/ose-node \
          registry.redhat.io/openshift3/ose-node-problem-detector \
          registry.redhat.io/openshift3/ose-operator-lifecycle-manager \
          registry.redhat.io/openshift3/ose-ovn-kubernetes \
          registry.redhat.io/openshift3/ose-pod \
          registry.redhat.io/openshift3/ose-prometheus-config-reloader \
          registry.redhat.io/openshift3/ose-prometheus-operator \
          registry.redhat.io/openshift3/ose-recycler \
          registry.redhat.io/openshift3/ose-service-catalog \
          registry.redhat.io/openshift3/ose-template-service-broker \
          registry.redhat.io/openshift3/ose-tests \
          registry.redhat.io/openshift3/ose-web-console \
          registry.redhat.io/openshift3/postgresql-apb \
          registry.redhat.io/openshift3/registry-console \
          registry.redhat.io/openshift3/snapshot-controller \
          registry.redhat.io/openshift3/snapshot-provisioner \
          registry.redhat.io/rhel7/etcd:3.2.28 \
    • For on-premise installations on IBM POWER8 or IBM POWER9 servers, run the following command:

      $ docker save -o ose3-images.tar \
          registry.redhat.io/openshift3/apb-base \
          registry.redhat.io/openshift3/apb-tools \
          registry.redhat.io/openshift3/automation-broker-apb \
          registry.redhat.io/openshift3/csi-attacher \
          registry.redhat.io/openshift3/csi-driver-registrar \
          registry.redhat.io/openshift3/csi-livenessprobe \
          registry.redhat.io/openshift3/csi-provisioner \
          registry.redhat.io/openshift3/grafana \
          registry.redhat.io/openshift3/kuryr-controller \
          registry.redhat.io/openshift3/kuryr-cni \
          registry.redhat.io/openshift3/local-storage-provisioner \
          registry.redhat.io/openshift3/manila-provisioner \
          registry.redhat.io/openshift3/mariadb-apb \
          registry.redhat.io/openshift3/mediawiki \
          registry.redhat.io/openshift3/mediawiki-apb \
          registry.redhat.io/openshift3/mysql-apb \
          registry.redhat.io/openshift3/ose-ansible-service-broker \
          registry.redhat.io/openshift3/ose-cli \
          registry.redhat.io/openshift3/ose-cluster-autoscaler \
          registry.redhat.io/openshift3/ose-cluster-capacity \
          registry.redhat.io/openshift3/ose-cluster-monitoring-operator \
          registry.redhat.io/openshift3/ose-console \
          registry.redhat.io/openshift3/ose-configmap-reloader \
          registry.redhat.io/openshift3/ose-control-plane \
          registry.redhat.io/openshift3/ose-deployer \
          registry.redhat.io/openshift3/ose-descheduler \
          registry.redhat.io/openshift3/ose-docker-builder \
          registry.redhat.io/openshift3/ose-docker-registry \
          registry.redhat.io/openshift3/ose-egress-dns-proxy \
          registry.redhat.io/openshift3/ose-egress-http-proxy \
          registry.redhat.io/openshift3/ose-egress-router \
          registry.redhat.io/openshift3/ose-haproxy-router \
          registry.redhat.io/openshift3/ose-hyperkube \
          registry.redhat.io/openshift3/ose-hypershift \
          registry.redhat.io/openshift3/ose-keepalived-ipfailover \
          registry.redhat.io/openshift3/ose-kube-rbac-proxy \
          registry.redhat.io/openshift3/ose-kube-state-metrics \
          registry.redhat.io/openshift3/ose-metrics-server \
          registry.redhat.io/openshift3/ose-node \
          registry.redhat.io/openshift3/ose-node-problem-detector \
          registry.redhat.io/openshift3/ose-operator-lifecycle-manager \
          registry.redhat.io/openshift3/ose-ovn-kubernetes \
          registry.redhat.io/openshift3/ose-pod \
          registry.redhat.io/openshift3/ose-prometheus-config-reloader \
          registry.redhat.io/openshift3/ose-prometheus-operator \
          registry.redhat.io/openshift3/ose-recycler \
          registry.redhat.io/openshift3/ose-service-catalog \
          registry.redhat.io/openshift3/ose-template-service-broker \
          registry.redhat.io/openshift3/ose-tests \
          registry.redhat.io/openshift3/ose-web-console \
          registry.redhat.io/openshift3/postgresql-apb \
          registry.redhat.io/openshift3/registry-console \
          registry.redhat.io/openshift3/snapshot-controller \
          registry.redhat.io/openshift3/snapshot-provisioner \
          registry.redhat.io/rhel7/etcd:3.2.28 \
  3. If you synchronized images for optional components, export them:

    • For on-premise installations on x86_64 servers, run the following command:

      $ docker save -o ose3-optional-imags.tar \
          registry.redhat.io/openshift3/metrics-cassandra \
          registry.redhat.io/openshift3/metrics-hawkular-metrics \
          registry.redhat.io/openshift3/metrics-hawkular-openshift-agent \
          registry.redhat.io/openshift3/metrics-heapster \
          registry.redhat.io/openshift3/metrics-schema-installer \
          registry.redhat.io/openshift3/oauth-proxy \
          registry.redhat.io/openshift3/ose-logging-curator5 \
          registry.redhat.io/openshift3/ose-logging-elasticsearch5 \
          registry.redhat.io/openshift3/ose-logging-eventrouter \
          registry.redhat.io/openshift3/ose-logging-fluentd \
          registry.redhat.io/openshift3/ose-logging-kibana5 \
          registry.redhat.io/openshift3/prometheus \
          registry.redhat.io/openshift3/prometheus-alertmanager \
          registry.redhat.io/openshift3/prometheus-node-exporter \
          registry.redhat.io/cloudforms46/cfme-openshift-postgresql \
          registry.redhat.io/cloudforms46/cfme-openshift-memcached \
          registry.redhat.io/cloudforms46/cfme-openshift-app-ui \
          registry.redhat.io/cloudforms46/cfme-openshift-app \
          registry.redhat.io/cloudforms46/cfme-openshift-embedded-ansible \
          registry.redhat.io/cloudforms46/cfme-openshift-httpd \
          registry.redhat.io/cloudforms46/cfme-httpd-configmap-generator \
          registry.redhat.io/rhgs3/rhgs-server-rhel7 \
          registry.redhat.io/rhgs3/rhgs-volmanager-rhel7 \
          registry.redhat.io/rhgs3/rhgs-gluster-block-prov-rhel7 \
          registry.redhat.io/rhgs3/rhgs-s3-server-rhel7 \
    • For on-premise installations on IBM POWER8 or IBM POWER9 servers, run the following command:

      $ docker save -o ose3-optional-imags.tar \
          registry.redhat.io/openshift3/metrics-cassandra \
          registry.redhat.io/openshift3/metrics-hawkular-openshift-agent \
          registry.redhat.io/openshift3/metrics-heapster \
          registry.redhat.io/openshift3/metrics-schema-installer \
          registry.redhat.io/openshift3/oauth-proxy \
          registry.redhat.io/openshift3/ose-logging-curator5 \
          registry.redhat.io/openshift3/ose-logging-elasticsearch5 \
          registry.redhat.io/openshift3/ose-logging-eventrouter \
          registry.redhat.io/openshift3/ose-logging-fluentd \
          registry.redhat.io/openshift3/ose-logging-kibana5 \
          registry.redhat.io/openshift3/prometheus \
          registry.redhat.io/openshift3/prometheus-alert-buffer \
          registry.redhat.io/openshift3/prometheus-alertmanager \
          registry.redhat.io/openshift3/prometheus-node-exporter \
  4. Export the S2I builder images that you pulled. For example, if you synced only the Jenkins and Tomcat images:

    $ docker save -o ose3-builder-images.tar \
        registry.redhat.io/jboss-webserver-3/webserver31-tomcat7-openshift:<tag> \
        registry.redhat.io/jboss-webserver-3/webserver31-tomcat8-openshift:<tag> \
        registry.redhat.io/openshift3/jenkins-2-rhel7:<tag> \
        registry.redhat.io/openshift3/jenkins-agent-maven-35-rhel7:<tag> \
        registry.redhat.io/openshift3/jenkins-agent-nodejs-8-rhel7:<tag> \
        registry.redhat.io/openshift3/jenkins-slave-base-rhel7:<tag> \
        registry.redhat.io/openshift3/jenkins-slave-maven-rhel7:<tag> \
        registry.redhat.io/openshift3/jenkins-slave-nodejs-rhel7:<tag> \
  5. Copy the compressed files from your Internet-connected host to your internal host.
  6. Load the images that you copied:

    $ docker load -i ose3-images.tar
    $ docker load -i ose3-builder-images.tar
    $ docker load -i ose3-optional-images.tar

7.3. Prepare and populate the repository server

During the installation, and any future updates, you need a webserver to host the software. RHEL 7 can provide the Apache webserver.

  1. Prepare the webserver:

    1. If you need to install a new webserver in your disconnected environment, install a new RHEL 7 system with at least 110 GB of space on your LAN. During RHEL installation, select the Basic Web Server option.
    2. If you are re-using the server where you downloaded the OpenShift Container Platform software and required images, install Apache on the server:

      $ sudo yum install httpd
  2. Place the repository files into Apache’s root folder.

    • If you are re-using the server:

      $ mv /path/to/repos /var/www/html/
      $ chmod -R +r /var/www/html/repos
      $ restorecon -vR /var/www/html
    • If you installed a new server, attach external storage and then copy the files:

      $ cp -a /path/to/repos /var/www/html/
      $ chmod -R +r /var/www/html/repos
      $ restorecon -vR /var/www/html
  3. Add the firewall rules:

    $ sudo firewall-cmd --permanent --add-service=http
    $ sudo firewall-cmd --reload
  4. Enable and start Apache for the changes to take effect:

    $ systemctl enable httpd
    $ systemctl start httpd

7.4. Populate the registry

From within your disconnected environment, tag and push the images to your internal registry:

Important

The following steps are a generic guide to loading the images into a registry. You might need to take more or different actions to load the images.

  1. Before you push the images into the registry, re-tag each image.

    • For images in the openshift3 repository, tag the image as both the major and minor version number. For example, to tag the OpenShift Container Platform node image:

      $ docker tag registry.redhat.io/openshift3/ose-node:<tag> registry.example.com/openshift3/ose-node:<tag>
      $ docker tag registry.redhat.io/openshift3/ose-node:<tag> registry.example.com/openshift3/ose-node:{major-tag}
    • For other images, tag the image with the exact version number. For example, to tag the etcd image:

      $ docker tag registry.redhat.io/rhel7/etcd:3.2.28 registry.example.com/rhel7/etcd:3.2.28
  2. Push each image into the registry. For example, to push the OpenShift Container Platform node images:

    $ docker push registry.example.com/openshift3/ose-node:<tag>
    $ docker push registry.example.com/openshift3/ose-node:{major-tag}

7.5. Preparing cluster hosts

Now that you have the installation files, prepare your hosts.

  1. Create the hosts for your OpenShift Container Platform cluster. It is recommended to use the latest version of RHEL 7 and to perform a minimal installation. Ensure that the hosts meet the system requirements.
  2. On each node host, create the repository definitions. Place the following text in the /etc/yum.repos.d/ose.repo file:

    [rhel-7-server-rpms]
    name=rhel-7-server-rpms
    baseurl=http://<server_IP>/repos/rhel-7-server-rpms 1
    enabled=1
    gpgcheck=0
    [rhel-7-server-extras-rpms]
    name=rhel-7-server-extras-rpms
    baseurl=http://<server_IP>/repos/rhel-7-server-extras-rpms 2
    enabled=1
    gpgcheck=0
    [rhel-7-server-ansible-2.9-rpms]
    name=rhel-7-server-ansible-2.9-rpms
    baseurl=http://<server_IP>/repos/rhel-7-server-ansible-2.9-rpms 3
    enabled=1
    gpgcheck=0
    [rhel-7-server-ose-3.11-rpms]
    name=rhel-7-server-ose-3.11-rpms
    baseurl=http://<server_IP>/repos/rhel-7-server-ose-3.11-rpms 4
    enabled=1
    gpgcheck=0
    1 2 3 4
    Replace <server_IP> with the IP address or host name of the Apache server that hosts the software repositories.
  3. Finish preparing the hosts for installation. Follow the Preparing your hosts steps, omitting the steps in the Host Registration section.

7.6. Installing OpenShift Container Platform

After you prepare the software, images, and hosts, you use the standard installation method to install OpenShift Container Platform:

  1. Configure your inventory file to reference your internal registry:

    • For a internal registry:

      oreg_url=registry.example.com/openshift3/ose-<component>:<version> 1
      openshift_examples_modify_imagestreams=true
      1
      Specify both the ose component name and version number.
    • For a Satellite image registry:

      oreg_url=satellite.example.com/oreg-prod-openshift3_ose-<component>:<version> 1
      osm_etcd_image=satellite.example.com/oreg-prod-rhel7_etcd:3.2.28 2
      openshift_examples_modify_imagestreams=true
      1
      Specify both the ose component name and version number.
      2
      If the URL prefix for the etcd image is different on your Satellite server, you must specify the location and name of the etcd image in the osm_etcd_image parameter.
  2. Run the installation playbooks.
Red Hat logoGithubRedditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

© 2024 Red Hat, Inc.