(Old) OCP Notes

Posted by Chris Kim on October 14, 2017

OCP Test on Virtualization


Setting Up OCP 3.5/3.6 on a single hosted virtualized environment

Things to keep in mind:

  • Memory limits
  • DNS availability
  • Network routing
  • Persistent volumes don’t work


I set up an OpenShift Container Platform 3.6 environment on a single box running a hypervisor. This required a number of machines as I wanted to use the “Advanced Installation” process provided by OpenShift

What Doesn’t Work

Persistent storage/volumes.

Provisioning hosts

Make sure that you can sudo without password on each machine, as well as providing the ability to log in without password. Thus, use ssh-keygen on the jump host then ssh-copy-id to each machine as ocpadmin.

For sudoing without a password, on each machine, change /etc/sudoers such that it looks like:

## Allows people in group wheel to run all commands
# %wheel	ALL=(ALL)	ALL

## Same thing without a password

Essentially you are enabling NOPASSWD.

VM Details

These are very specific for my environment, but they provide a little bit of perspective on how you would set up your environment should you want to do something similar to this.

Machine Hostname Machine IP Machine Type Machine Description
os-workstation.rhlabenv.chrishkim.com RHEL 7.3 Server Ansible Jump Host/Environment Access Machine
os-firewall.rhlabenv.chrishkim.com pfSense Router/Firewall for OCP 3.6 Environment
os-infrastructure.rhlabenv.chrishkim.com RHEL 7.3 Server DNS Server
os-master.rhlabenv.chrishkim.com RHEL 7.3 Server OCP 3.6 Master Host
os-infranode1.rhlabenv.chrishkim.com RHEL 7.3 Server OCP 3.6 Infrastructure Node (marked region=infra)
os-appnode1.rhlabenv.chrishkim.com RHEL 7.3 Server OCP 3.6 Application Node

Port Forwarding for Out-Of-Network Access

I have forwarded port 8443 to os-master and 443 and 80 to os-infranode1. This allows the machine to


openshift_master_identity_providers=[{'name': 'htpasswd_auth','login': 'true', 'challenge': 'true','kind': 'HTPasswdPasswordIdentityProvider','filename': '/etc/origin/master/htpasswd'}] # Sets up htpasswd authentication rather than the default denyall so that you can actually log in
openshift_master_cluster_hostname=ocpd.airlias.com # Cluster name
openshift_master_cluster_public_hostname=ocpd.airlias.com # Public hostname for cluster
openshift_master_default_subdomain=openshift.airlias.com # Provides the subdomain for new routes (an example subdomain would be test.openshift.airlias.com)
openshift_docker_insecure_registries=true # Configures Docker to allow access to insecure registries on
deployment_type=openshift-enterprise # Installs OpenShift Container Platform (rather than Origin)
openshift_disable_check=memory_availability # This tells Ansible to not check the availble memory. Very useful if your machines are under the recommended limit
ansible_ssh_user=ocpadmin # Tells ansible not to run as root
ansible_become=true # Tells Ansible to essentially use "sudo"
containerized=false # Use RPM Installation
openshift_hosted_metrics_deploy=true # Deploys ephemeral metrics




os-master.rhlabenv.chrishkim.com openshift_node_labels="{'region': 'master'}"
os-infranode1.rhlabenv.chrishkim.com openshift_node_labels="{'region': 'infra'}"
os-appnode1.rhlabenv.chrishkim.com openshift_node_labels="{'region': 'primary'}"

Running Ansible

Your jump host should have the package atomic-openshift-utils installed. Once installed, you can run the ansible playbook through

ansible-playbook -i /etc/ansible/hosts /usr/share/ansible/openshift-ansible/playbooks/byo/config.yml