Offline installation of Openshift using orcharhino

Over the last year, Kubernetes has emerged as the industry standard for container platforms. There are now some Kubernetes-based platforms that are offered with their own interface and preconfigured services as well as additional features. For example, the container platform Red Hat calls “Openshift” is being used more and more frequently.

In many companies, development and test environments are encapsulated in their own networks and therefore secured. This means that neither access to nor from the Internet is possible. Even the usual installation of Openshift is a bit complex. With the requirement to set up the environment offline, the complexity increases significantly.

We tried it out and show what things need to be taken into account when installing offline. We used Openshift with the corresponding Ansible installer and our tool orcharhino

Openshift is a container platform from Red Hat based on Kubernetes. As is usual with Red Hat, there is both an enterprise version with a subscription model (Openshift Enterprise) and an open source version (Openshift Origin).

New features are integrated into Openshift Origin and, as soon as they are stable, will be included in the enterprise version. In addition to the usual features of a container platform such as multi-tenancy, high availability, orchestration tools and integrated services for logging and monitoring, a collection of developer tools is the special feature of Openshift. This ranges from an integrated, containerized Jenkins to webhooks for git repositories to Openshift’s source-to-image builds (S2I). With S2I, developers can submit their code in a git repository directly to Openshift. You can use the appropriate development framework for this. If you do not specify this, Openshift will decide which framework to use based on the file extensions.

Openshift then starts a base image with the corresponding framework. The next step is to clone the Git directory, start the application and save the resulting container image in the integrated Openshift registry.

The second tool used is orcharhino, based on Foreman and Katello (similar to Redhat Satellite 6). This allows repositories to be synchronized and provided as a mirror. In this case, both yum repositories and container images are required to install Openshift. Debian distributions and SLES can also be supported. With the appropriate lifecycle environments and content views, the version statuses can be frozen and fixed. This ensures stable package statuses for productive operation. The required servers can be set up directly via appropriately connected hypervisors. Bare metal solutions are also possible. All servers can then be prepared directly for the Openshift installation using the integrated configuration management tools.

An offline installation must ensure that all repositories and packages are available. These are provided via orcharhino. In addition to the packages, the container images also need to be synchronized. These are necessary if Openshift is to be installed in the containerized version. This is also necessary for corresponding services that are supposed to run in Openshift after installation. These services include the provision of metrics, management of logs, a registry and the HAProxies for routing.

When synchronizing container images with orcharhino, the repo structure is changed. This changes the naming of the images.

From:

registry.access.redhat.com/openshift3/ose-haproxy-router:v3.7.46

becomes with orcharhino :

orcharhino.atix.demo:5000/ATIX-production-openshift_content-container_images-ose-haproxy-router:v3.7.46

according to the following scheme:

:5000/----:

The sources used for the images and their changed repo structure must now be taken into account in the Ansible inventory for the offline installation. Openshift can then be set up in an environment without direct Internet access.

This requires the use of orcharhino as a registry. The following parameters are then added for the installation of the base images: 

openshift_docker_additional_registries=orcharhino.atix.demo:5000 
oreg_url=ATIX-production-openshift_content-container_images-ose-${component}:${version}

It is possible to spread Openshift across multiple networks. For example, the test and development environments can be separate but managed with the same master servers. Similarly, new environments can be added to an existing offline environment and upgrades from existing installations can be carried out.

The following applies: the more complex the requirements, the more needs to be taken into account. The basic features are shown here – further details depend heavily on the environment in which the container platform is set up and the requirements.

If you have any questions about the blog post or if you need support installing a complex Openshift environment, please feel free to contact us at any time!

orcharhino Training

This course is designed for participants who have little or no experience with orcharhino. You will learn the core functions of deployment, patch and lifecycle management, and configuration management through hands-on exercises. Other training content includes the maintenance of the orcharhino as well as the use of plugins.

Find out more
You might also like
Oracle Linux Manager is EOL – Guide to migration
Event-Driven Ansible ATIX blogEvent-Driven Ansible
openshift foremanInstalling OpenShift through Foreman
Delbian Repositories PulpManaging Large Debian Repositories with Pulp
Five reasons why the premiere of the orcharhino Summit was a complete success
orcharhinoMigrating CentOS 8 to Rocky Linux 8 or AlmaLinux 8 using orcharhino
+ posts

Dr. Jonas Trüstedt is the team lead at ATIX AG for orcharhino and infrastructure automation. He helps companies to increase their efficiency in the data center by selecting and implementing suitable tools.