cli_docker_additional_registries=<registry_hostname> cli_docker_insecure_registries=<registry_hostname> cli_docker_blocked_registries=<registry_hostname>
The default method for installing OpenShift on Red Hat Enterprise Linux (RHEL) uses RPMs. Alternatively, you can use the containerized method, which deploys containerized OpenShift master and node components. When targeting a RHEL Atomic Host system, the containerized method is the only available option, and is automatically selected for you based on the detection of the /run/ostree-booted file.
You can easily deploy environments mixing containerized and RPM based
installations. For the
advanced installation
method, you can set the Ansible variable containerized=true
in an
inventory
file on a cluster-wide or per host basis.
For the quick installation
method, you can choose between the RPM or containerized method on a per host
basis during the interactive installation, or set the values manually in an
installation
configuration file.
Containerized installations are supported starting in OpenShift Enterprise 3.1.1. When installing an environment with multiple masters, the load balancer cannot be deployed by the installation process as a container. See Advanced Installation for load balancer requirements using either the native HA or Pacemaker methods. |
The following sections detail the differences between the RPM and containerized methods.
Containerized installations make use of the following images:
openshift3/ose
openshift3/node
openshift3/openvswitch
registry.access.redhat.com/rhel7/etcd
By default, all of the above images are pulled from the Red Hat Registry at registry.access.redhat.com.
If you need to use a private registry to pull these images during the installation, you can specify the registry information ahead of time. For the advanced installation method, you can set the following Ansible variables in your inventory file, as required:
cli_docker_additional_registries=<registry_hostname> cli_docker_insecure_registries=<registry_hostname> cli_docker_blocked_registries=<registry_hostname>
For the quick installation method, you can export the following environment variables on each target host:
# export OO_INSTALL_ADDITIONAL_REGISTRIES=<registry_hostname> # export OO_INSTALL_INSECURE_REGISTRIES=<registry_hostname>
Blocked Docker registries cannot currently be specified using the quick installation method.
The configuration of additional, insecure, and blocked Docker registries occurs at the beginning of the installation process to ensure that these settings are applied before attempting to pull any of the required images.
When using containerized installations, a cli wrapper script is deployed on each master at /usr/local/bin/openshift. The following set of symbolic links are also provided to ease administrative tasks:
Symbolic Link | Usage |
---|---|
/usr/local/bin/oc |
Developer cli |
/usr/local/bin/oadm |
Administrative cli |
/usr/local/bin/kubectl |
Kubernetes cli |
The wrapper spawns a new container on each invocation, so you may notice it run slightly slower than native cli operations.
The wrapper scripts mount a limited subset of paths:
~/.kube
/etc/origin/
/tmp/
Be mindful of this when passing in files to be processed by the oc
or oadm
commands. You may find it easier to redirect the input, for example:
# oc create -f - < my-file.json
The wrapper is intended only to be used to bootstrap an environment. You should install the cli tools on another host after you have granted cluster-admin privileges to a user. See Managing Role Bindings and Get Started with the cli for more information. |
The installation process creates relevant systemd units which can be used to start, stop, and poll services using normal systemctl commands. For containerized installations, these unit names match those of an RPM installation, with the exception of the etcd service which is named etcd_container.
This change is necessary as currently RHEL Atomic Host ships with the etcd package installed as part of the operating system, so a containerized version is used for the OpenShift installation instead. The installation process disables the default etcd service. The etcd package is slated to be removed from RHEL Atomic Host in the future.
All OpenShift configuration files are placed in the same locations during containerized installation as RPM based installations and will survive os-tree upgrades.
However, the default image stream and template files are installed at /etc/origin/examples/ for containerized installations rather than the standard /usr/share/openshift/examples/, because that directory is read-only on RHEL Atomic Host.
RHEL Atomic Host installations normally have a very small root file system. However, the etcd, master, and node containers persist data in the /var/lib/ directory. Ensure that you have enough space on the root file system before installing OpenShift; see the System Requirements section for details.
OpenShift SDN initialization requires that the Docker bridge be reconfigured and that Docker is restarted. This complicates the situation when the node is running within a container. When using the Open vSwitch (OVS) SDN, you will see the node start, reconfigure Docker, restart Docker (which restarts all containers), and finally start successfully.
In this case, the node service may fail to start and be restarted a few times
because the master services are also restarted along with Docker. The current
implementation uses a workaround which relies on setting the Restart=always
parameter in the Docker based systemd units.