$ atomic-openshift-installer install
OpenShift Container Platform is a fully-featured enterprise solution that includes an integrated container registry called OpenShift Container registry (OCR). Alternatively, instead of deploying OpenShift Container Platform as a full PaaS environment for developers, you can install OCR as a stand-alone container registry to run on-premise or in the cloud.
When installing a stand-alone deployment of OCR, a cluster of masters and nodes is still installed, similar to a typical OpenShift Container Platform installation. Then, the container registry is deployed to run on the cluster. This stand-alone deployment option is useful for administrators that want a container registry, but do not require the full OpenShift Container Platform environment that includes the developer-focused web console and application build and deployment tools.
OCR provides the following capabilities:
A user-focused registry web console, Cockpit.
Secured traffic by default, served via TLS.
Global identity provider authentication.
A project namespace model to enable teams to collaborate through role-based access control (RBAC) authorization.
A Kubernetes-based cluster to manage services.
An image abstraction called image streams to enhance image management.
Administrators may want to deploy a stand-alone OCR to manage a registry separately that supports multiple OpenShift Container Platform clusters. A stand-alone OCR also enables administrators to separate their registry to satisfy their own security or compliance requirements.
Installing a stand-alone OCR has the following hardware requirements:
Physical or virtual system, or an instance running on a public or private IaaS.
Base OS: RHEL 7.3, 7.4, or 7.5 with the "Minimal" installation option and the latest packages from the RHEL 7 Extras channel, or RHEL Atomic Host 7.4.5 or later.
NetworkManager 1.0 or later
2 vCPU.
Minimum 16 GB RAM.
Minimum 15 GB hard disk space for the file system containing /var/.
An additional minimum 15 GB unallocated space to be used for Docker’s storage back end; see Configuring Docker Storage for details.
OpenShift Container Platform only supports servers with x86_64 architecture. |
Meeting the /var/ file system sizing requirements in RHEL Atomic Host requires making changes to the default configuration. See Managing Storage in Red Hat Enterprise Linux Atomic Host for instructions on configuring this during or after installation. |
The following system topologies are supported for stand-alone OCR:
All-in-one |
A single host that includes the master, node, etcd, and registry components. |
Multiple Masters (Highly-Available) |
Three hosts with all components included on each (master, node, etcd, and registry), with the masters configured for native high-availability. |
Before installing stand-alone OCR, all of the same steps detailed in the Host Preparation topic for installing a full OpenShift Container Platform PaaS must be performed. This includes registering and subscribing the host(s) to the proper repositories, installing or updating certain packages, and setting up Docker and its storage requirements.
Follow the steps in the Host Preparation topic, then continue to Stand-alone registry Installation Methods.
To install a stand-alone registry, use either of the standard installation methods (quick or advanced) used to install any variant of OpenShift Container Platform.
As of OpenShift Container Platform 3.9, the quick installation method is deprecated. In a future release, it will be removed completely. In addition, using the quick installer to upgrade from version 3.7 to 3.9 is not supported. |
The following shows the step-by-step process for running the quick install tool to install an OpenShift Container registry, instead of the full OpenShift Container Platform install.
Start the interactive installation:
$ atomic-openshift-installer install
Follow the on-screen instructions to install a new registry. The installation questions will be largely the same as if you were installing a full OpenShift Container Platform PaaS. When you reach the following screen, choose 2
to follow the registry installation path:
Which variant would you like to install? (1) OpenShift Container Platform (2) registry
Specify the hosts that make up your cluster:
Enter hostname or IP address: Will this host be an OpenShift master? [y/N]: Will this host be RPM or Container based (rpm/container)? [rpm]:
See the Installing on Containerized Hosts topic for information about RPM versus containerized hosts.
Change the cluster host name, if desired:
Enter hostname or IP address [None]:
Choose the host to act as the storage host (the master host by default):
Enter hostname or IP address [master.host.example.com]:
Change the default subdomain, if desired:
New default subdomain (ENTER for none) []:
All certificates and routes are created with this subdomain. Ensure this is set to the correct desired subdomain to avoid having to change the configuration after installation. |
Specify a HTTP or HTTPS proxy, if needed:
Specify your http proxy ? (ENTER for none) []: Specify your https proxy ? (ENTER for none) []:
After the previous has been entered, the next page summarizes your install and starts to gather the host information.
For further usage details on the quick installer in general, including next steps, see the full topic at Quick Installation. |
When using the advanced installation method to install stand-alone OCR,
use the same steps for installing a full OpenShift Container Platform PaaS using Ansible
described in the full
Advanced Installation topic. The main difference is that you must set
deployment_subtype=registry
in the inventory file within the [OSEv3:vars]
section for the playbooks to follow the registry installation path.
See the following example inventory files for the different supported system topologies:
# Create an OSEv3 group that contains the masters and nodes groups [OSEv3:children] masters nodes etcd # Set variables common for all OSEv3 hosts [OSEv3:vars] # SSH user, this user should allow ssh based auth without requiring a password ansible_ssh_user=root openshift_master_default_subdomain=apps.test.example.com # If ansible_ssh_user is not root, ansible_become must be set to true #ansible_become=true openshift_deployment_type=openshift-enterprise deployment_subtype=registry (1) openshift_hosted_infra_selector="" (2) # uncomment the following to enable htpasswd authentication; defaults to DenyAllPasswordIdentityProvider #openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', 'challenge': 'true', 'kind': 'HTPasswdPasswordIdentityProvider', 'filename': '/etc/origin/master/htpasswd'}] # host group for masters [masters] registry.example.com # host group for etcd [etcd] registry.example.com # host group for nodes [nodes] registry.example.com
1 | Set deployment_subtype=registry to ensure installation of stand-alone OCR and
not a full OpenShift Container Platform environment. |
2 | Allows the registry and its web console to be scheduled on the single host. |
# Create an OSEv3 group that contains the master, nodes, etcd, and lb groups. # The lb group lets Ansible configure HAProxy as the load balancing solution. # Comment lb out if your load balancer is pre-configured. [OSEv3:children] masters nodes etcd lb # Set variables common for all OSEv3 hosts [OSEv3:vars] ansible_ssh_user=root openshift_deployment_type=openshift-enterprise deployment_subtype=registry (1) openshift_master_default_subdomain=apps.test.example.com # Uncomment the following to enable htpasswd authentication; defaults to # DenyAllPasswordIdentityProvider. #openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', 'challenge': 'true', 'kind': 'HTPasswdPasswordIdentityProvider', 'filename': '/etc/origin/master/htpasswd'}] # Native high availability cluster method with optional load balancer. # If no lb group is defined installer assumes that a load balancer has # been preconfigured. For installation the value of # openshift_master_cluster_hostname must resolve to the load balancer # or to one or all of the masters defined in the inventory if no load # balancer is present. openshift_master_cluster_method=native openshift_master_cluster_hostname=openshift-internal.example.com openshift_master_cluster_public_hostname=openshift-cluster.example.com # apply updated node defaults openshift_node_kubelet_args={'pods-per-core': ['10'], 'max-pods': ['250'], 'image-gc-high-threshold': ['90'], 'image-gc-low-threshold': ['80']} # enable ntp on masters to ensure proper failover openshift_clock_enabled=true # host group for masters [masters] master1.example.com master2.example.com master3.example.com # host group for etcd [etcd] etcd1.example.com etcd2.example.com etcd3.example.com # Specify load balancer host [lb] lb.example.com # host group for nodes, includes region info [nodes] master[1:3].example.com openshift_node_labels="{'region': 'infra', 'zone': 'default'}" node1.example.com openshift_node_labels="{'region': 'primary', 'zone': 'east'}" node2.example.com openshift_node_labels="{'region': 'primary', 'zone': 'west'}"
1 | Set deployment_subtype=registry to ensure installation of stand-alone OCR and
not a full OpenShift Container Platform environment. |
After you have configured Ansible by defining an inventory file in /etc/ansible/hosts:
Run the prerequisites.yml playbook to configure base packages and Docker.
This must be run only once before deploying a new cluster. Use the following command, specifying -i
if your
inventory file located somewhere other than /etc/ansible/hosts:
The host that you run the Ansible playbook on must have at least 75MiB of free memory per host in the inventory. |
# ansible-playbook [-i /path/to/inventory] \ /usr/share/ansible/openshift-ansible/playbooks/prerequisites.yml
Run the deploy_cluster.yml playbook to initiate the installation:
# ansible-playbook [-i /path/to/inventory] \ /usr/share/ansible/openshift-ansible/playbooks/deploy_cluster.yml
For more detailed usage information on the advanced installation method, including a comprehensive list of available Ansible variables, see the full topic at Advanced Installation. |