Frequently, portions of a data center might not have access to the Internet, even via proxy servers. You can still install OpenShift Container Platform in these environments, but you must download required software and images and make them available to the disconnected environment.

After the installation components are available to your node hosts, you install OpenShift Container Platform by following the standard installation steps.

After you install OpenShift Container Platform, you must make the S2I builder images that you pulled available to the cluster.

Prerequisites

  • Review OpenShift Container Platform’s overall architecture and plan your environment topology.

  • Obtain a Red Hat Enterprise Linux (RHEL) 7 server that you have root access to with access to the Internet and at least 110 GB of disk space. You download the required software repositories and container images to this computer.

  • Plan to maintain a webserver within your disconnected environment to serve the mirrored repositories. You copy the repositories from the Internet-connected host to this webserver, either over the network or by using physical media in disconnected deployments.

  • Provide a source control repository. After installation, your nodes must access source code in a source code repository, such as Git.

    When building applications in OpenShift Container Platform, your build might contain external dependencies, such as a Maven Repository or Gem files for Ruby applications.

  • Provide a registry within the disconnected environment. Options include:

Obtaining required software packages and images

Before you install OpenShift Container Platform in your disconnected environment, obtain the required images and components and store them in your repository.

You must obtain the required images and software components on a system with the same architecture as the cluster that is in your disconnected environment.

Obtaining OpenShift Container Platform packages

On the RHEL 7 server with an internet connection, sync the repositories:

  1. To ensure that the packages are not deleted after you sync the repository, import the GPG key:

    $ rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
  2. Register the server with the Red Hat Customer Portal. You must use the credentials that are associated with the account that has access to the OpenShift Container Platform subscriptions:

    $ subscription-manager register
  3. Pull the latest subscription data from RHSM:

    $ subscription-manager refresh
  4. Attach a subscription that provides OpenShift Container Platform channels.

    1. Find an available subscription pool that provides the OpenShift Container Platform channels:

      $ subscription-manager list --available --matches '*OpenShift*'
    2. Attach a pool ID for a subscription that provides OpenShift Container Platform:

      $ subscription-manager attach --pool=<pool_id>
      $ subscription-manager repos --disable="*"
  5. Enable only the repositories required by OpenShift Container Platform 3.10.

    • For cloud installations and on-premise installations on x86_64 servers, run the following command:

      # subscription-manager repos \
          --enable="rhel-7-server-rpms" \
          --enable="rhel-7-server-extras-rpms" \
          --enable="rhel-7-server-ose-3.10-rpms" \
          --enable="rhel-7-server-ansible-2.4-rpms"
    • For on-premise installations on IBM POWER8 servers, run the following command:

      # subscription-manager repos \
          --enable="rhel-7-for-power-le-rpms" \
          --enable="rhel-7-for-power-le-extras-rpms" \
          --enable="rhel-7-for-power-le-optional-rpms" \
          --enable="rhel-7-server-ansible-2.6-for-power-le-rpms" \
          --enable="rhel-7-server-for-power-le-rhscl-rpms" \
          --enable="rhel-7-for-power-le-ose-3.10-rpms"
    • For on-premise installations on IBM POWER9 servers, run the following command:

      # subscription-manager repos \
          --enable="rhel-7-for-power-9-rpms" \
          --enable="rhel-7-for-power-9-extras-rpms" \
          --enable="rhel-7-for-power-9-optional-rpms" \
          --enable="rhel-7-server-ansible-2.6-for-power-9-rpms" \
          --enable="rhel-7-server-for-power-le-rhscl-rpms" \
          --enable="rhel-7-for-power-le-ose-3.10-rpms"
  6. Install required packages:

    $ sudo yum -y install yum-utils createrepo docker git

    The yum-utils package provides the reposync utility, which lets you mirror yum repositories, and you can use the createrepo package to create a usable yum repository from a directory.

  7. Make a directory to store the software in the server’s storage or to a USB drive or other external device:

    $ mkdir -p </path/to/repos>

    If you can re-connect this server to the disconnected LAN and use it as the repository server, store the files locally. If you cannot, use USB-connected storage so you can transport the software to a repository server in your disconnected LAN.

  8. Sync the packages and create the repository for each of them.

    • For on-premise installations on x86_64 servers, run the following command:

      $ for repo in \
      rhel-7-server-rpms \
      rhel-7-server-extras-rpms \
      rhel-7-server-ansible-2.4-rpms \
      rhel-7-server-ose-3.10-rpms
      do
        reposync --gpgcheck -lm --repoid=${repo} --download_path=</path/to/repos> (1)
        createrepo -v </path/to/repos/>${repo} -o </path/to/repos/>${repo} (1)
      done
      1 Provide the path to the directory you created.
    • For on-premise installations on IBM POWER8 servers, run the following command:

      $ for repo in \
      rhel-7-for-power-le-rpms \
      rhel-7-for-power-le-extras-rpms \
      rhel-7-for-power-le-optional-rpms \
      rhel-7-server-ansible-2.6-for-power-le-rpms \
      rhel-7-server-for-power-le-rhscl-rpms \
      rhel-7-for-power-le-ose-3.10-rpms
      do
        reposync --gpgcheck -lm --repoid=${repo} --download_path=</path/to/repos> (1)
        createrepo -v </path/to/repos/>${repo} -o </path/to/repos/>${repo} (1)
      done
      1 Provide the path to the directory you created.
    • For on-premise installations on IBM POWER9 servers, run the following command:

      $ for repo in \
      rhel-7-for-power-9-rpms \
      rhel-7-for-power-9-extras-rpms \
      rhel-7-for-power-9-optional-rpms \
      rhel-7-server-ansible-2.6-for-power-9-rpms \
      rhel-7-server-for-power-le-rhscl-rpms \
      rhel-7-for-power-le-ose-3.10-rpms
      do
        reposync --gpgcheck -lm --repoid=${repo} --download_path=/<path/to/repos> (1)
        createrepo -v </path/to/repos/>${repo} -o </path/to/repos/>${repo} (1)
      done
      1 Provide the path to the directory you created.

Obtaining images

Pull the required container images:

  1. Start the Docker daemon:

    $ systemctl start docker
  2. Pull all of the required OpenShift Container Platform infrastructure component images. Replace <tag> with the version to install. For example, specify v3.10.45 for the latest version. You can specify a different minor version.

    $ docker pull registry.access.redhat.com/openshift3/csi-attacher:<tag>
    $ docker pull registry.access.redhat.com/openshift3/csi-driver-registrar:<tag>
    $ docker pull registry.access.redhat.com/openshift3/csi-livenessprobe:<tag>
    $ docker pull registry.access.redhat.com/openshift3/csi-provisioner:<tag>
    $ docker pull registry.access.redhat.com/openshift3/image-inspector:<tag>
    $ docker pull registry.access.redhat.com/openshift3/local-storage-provisioner:<tag>
    $ docker pull registry.access.redhat.com/openshift3/manila-provisioner:<tag>
    $ docker pull registry.access.redhat.com/openshift3/ose-ansible:<tag>
    $ docker pull registry.access.redhat.com/openshift3/ose-cli:<tag>
    $ docker pull registry.access.redhat.com/openshift3/ose-cluster-capacity:<tag>
    $ docker pull registry.access.redhat.com/openshift3/ose-deployer:<tag>
    $ docker pull registry.access.redhat.com/openshift3/ose-descheduler:<tag>
    $ docker pull registry.access.redhat.com/openshift3/ose-docker-builder:<tag>
    $ docker pull registry.access.redhat.com/openshift3/ose-docker-registry:<tag>
    $ docker pull registry.access.redhat.com/openshift3/ose-egress-dns-proxy:<tag>
    $ docker pull registry.access.redhat.com/openshift3/ose-egress-http-proxy:<tag>
    $ docker pull registry.access.redhat.com/openshift3/ose-egress-router:<tag>
    $ docker pull registry.access.redhat.com/openshift3/ose-f5-router:<tag>
    $ docker pull registry.access.redhat.com/openshift3/ose-haproxy-router:<tag>
    $ docker pull registry.access.redhat.com/openshift3/ose-hyperkube:<tag>
    $ docker pull registry.access.redhat.com/openshift3/ose-hypershift:<tag>
    $ docker pull registry.access.redhat.com/openshift3/ose-keepalived-ipfailover:<tag>
    $ docker pull registry.access.redhat.com/openshift3/ose-pod:<tag>
    $ docker pull registry.access.redhat.com/openshift3/ose-node-problem-detector:<tag>
    $ docker pull registry.access.redhat.com/openshift3/ose-recycler:<tag>
    $ docker pull registry.access.redhat.com/openshift3/ose-web-console:<tag>
    $ docker pull registry.access.redhat.com/openshift3/ose-node:<tag>
    $ docker pull registry.access.redhat.com/openshift3/ose-control-plane:<tag>
    $ docker pull registry.access.redhat.com/openshift3/registry-console:<tag>
    $ docker pull registry.access.redhat.com/openshift3/snapshot-controller:<tag>
    $ docker pull registry.access.redhat.com/openshift3/snapshot-provisioner:<tag>
    $ docker pull registry.access.redhat.com/openshift3/apb-base:<tag>
    $ docker pull registry.access.redhat.com/openshift3/apb-tools:<tag>
    $ docker pull registry.access.redhat.com/openshift3/ose-service-catalog:<tag>
    $ docker pull registry.access.redhat.com/openshift3/ose-ansible-service-broker:<tag>
    $ docker pull registry.access.redhat.com/openshift3/mariadb-apb:<tag>
    $ docker pull registry.access.redhat.com/openshift3/mediawiki-apb:<tag>
    $ docker pull registry.access.redhat.com/openshift3/mysql-apb:<tag>
    $ docker pull registry.access.redhat.com/openshift3/ose-template-service-broker:<tag>
    $ docker pull registry.access.redhat.com/openshift3/postgresql-apb:<tag>
    $ docker pull registry.access.redhat.com/rhel7/etcd:3.2.22
  3. For on-premise installations on x86_64 servers, pull the following image. Replace <tag> with the version to install. For example, specify v3.10.45 for the latest version. You can specify a different minor version.

    $ docker pull registry.access.redhat.com/openshift3/efs-provisioner:<tag>
  4. Pull all of the required OpenShift Container Platform component images for the optional components. Replace <tag> with the version to install. For example, specify v3.10.45 for the latest version. You can specify a different minor version.

    • For on-premise installations on x86_64 servers, run the following commands:

      $ docker pull registry.access.redhat.com/openshift3/logging-auth-proxy:<tag>
      $ docker pull registry.access.redhat.com/openshift3/logging-curator:<tag>
      $ docker pull registry.access.redhat.com/openshift3/logging-elasticsearch:<tag>
      $ docker pull registry.access.redhat.com/openshift3/logging-eventrouter:<tag>
      $ docker pull registry.access.redhat.com/openshift3/logging-fluentd:<tag>
      $ docker pull registry.access.redhat.com/openshift3/logging-kibana:<tag>
      $ docker pull registry.access.redhat.com/openshift3/oauth-proxy:<tag>
      $ docker pull registry.access.redhat.com/openshift3/metrics-cassandra:<tag>
      $ docker pull registry.access.redhat.com/openshift3/metrics-hawkular-metrics:<tag>
      $ docker pull registry.access.redhat.com/openshift3/metrics-hawkular-openshift-agent:<tag>
      $ docker pull registry.access.redhat.com/openshift3/metrics-heapster:<tag>
      $ docker pull registry.access.redhat.com/openshift3/metrics-schema-installer:<tag>
      $ docker pull registry.access.redhat.com/openshift3/prometheus:<tag>
      $ docker pull registry.access.redhat.com/openshift3/prometheus-alert-buffer:<tag>
      $ docker pull registry.access.redhat.com/openshift3/prometheus-alertmanager:<tag>
      $ docker pull registry.access.redhat.com/openshift3/prometheus-node-exporter:<tag>
      $ docker pull registry.access.redhat.com/cloudforms46/cfme-openshift-postgresql
      $ docker pull registry.access.redhat.com/cloudforms46/cfme-openshift-memcached
      $ docker pull registry.access.redhat.com/cloudforms46/cfme-openshift-app-ui
      $ docker pull registry.access.redhat.com/cloudforms46/cfme-openshift-app
      $ docker pull registry.access.redhat.com/cloudforms46/cfme-openshift-embedded-ansible
      $ docker pull registry.access.redhat.com/cloudforms46/cfme-openshift-httpd
      $ docker pull registry.access.redhat.com/cloudforms46/cfme-httpd-configmap-generator
      $ docker pull registry.access.redhat.com/rhgs3/rhgs-server-rhel7
      $ docker pull registry.access.redhat.com/rhgs3/rhgs-volmanager-rhel7
      $ docker pull registry.access.redhat.com/rhgs3/rhgs-gluster-block-prov-rhel7
      $ docker pull registry.access.redhat.com/rhgs3/rhgs-s3-server-rhel7
    • For on-premise installations on IBM POWER8 or IBM POWER9 servers, run the following commands:

      $ docker pull registry.access.redhat.com/openshift3/logging-auth-proxy:<tag>
      $ docker pull registry.access.redhat.com/openshift3/logging-curator:<tag>
      $ docker pull registry.access.redhat.com/openshift3/logging-elasticsearch:<tag>
      $ docker pull registry.access.redhat.com/openshift3/logging-eventrouter:<tag>
      $ docker pull registry.access.redhat.com/openshift3/logging-fluentd:<tag>
      $ docker pull registry.access.redhat.com/openshift3/logging-kibana:<tag>
      $ docker pull registry.access.redhat.com/openshift3/oauth-proxy:<tag>
      $ docker pull registry.access.redhat.com/openshift3/metrics-cassandra:<tag>
      $ docker pull registry.access.redhat.com/openshift3/metrics-hawkular-metrics:<tag>
      $ docker pull registry.access.redhat.com/openshift3/metrics-hawkular-openshift-agent:<tag>
      $ docker pull registry.access.redhat.com/openshift3/metrics-heapster:<tag>
      $ docker pull registry.access.redhat.com/openshift3/metrics-schema-installer:<tag>
      $ docker pull registry.access.redhat.com/openshift3/prometheus:<tag>
      $ docker pull registry.access.redhat.com/openshift3/prometheus-alert-buffer:<tag>
      $ docker pull registry.access.redhat.com/openshift3/prometheus-alertmanager:<tag>
      $ docker pull registry.access.redhat.com/openshift3/prometheus-node-exporter:<tag>

    For Red Hat support, a {gluster-native} subscription is required for rhgs3/ images.

    Prometheus on OpenShift Container Platform is a Technology Preview feature only. Technology Preview features are not supported with Red Hat production service level agreements (SLAs), might not be functionally complete, and Red Hat does not recommend to use them for production. These features provide early access to upcoming product features, enabling customers to test functionality and provide feedback during the development process.

    For more information on Red Hat Technology Preview features support scope, see https://access.redhat.com/support/offerings/techpreview/.

  5. Pull the Red Hat-certified Source-to-Image (S2I) builder images that you intend to use in your OpenShift Container Platform environment.

    Make sure to indicate the correct tag by specifying the version number. See the S2I table in the OpenShift and Atomic Platform Tested Integrations page for details about image version compatibility.

    You can pull the following images:

    $ docker pull registry.access.redhat.com/jboss-amq-6/amq63-openshift
    $ docker pull registry.access.redhat.com/jboss-datagrid-7/datagrid71-openshift
    $ docker pull registry.access.redhat.com/jboss-datagrid-7/datagrid71-client-openshift
    $ docker pull registry.access.redhat.com/jboss-datavirt-6/datavirt63-openshift
    $ docker pull registry.access.redhat.com/jboss-datavirt-6/datavirt63-driver-openshift
    $ docker pull registry.access.redhat.com/jboss-decisionserver-6/decisionserver64-openshift
    $ docker pull registry.access.redhat.com/jboss-processserver-6/processserver64-openshift
    $ docker pull registry.access.redhat.com/jboss-eap-6/eap64-openshift
    $ docker pull registry.access.redhat.com/jboss-eap-7/eap70-openshift
    $ docker pull registry.access.redhat.com/jboss-webserver-3/webserver31-tomcat7-openshift
    $ docker pull registry.access.redhat.com/jboss-webserver-3/webserver31-tomcat8-openshift
    $ docker pull registry.access.redhat.com/openshift3/jenkins-1-rhel7:<tag>
    $ docker pull registry.access.redhat.com/openshift3/jenkins-2-rhel7:<tag>
    $ docker pull registry.access.redhat.com/openshift3/jenkins-agent-maven-35-rhel7:<tag>
    $ docker pull registry.access.redhat.com/openshift3/jenkins-agent-nodejs-8-rhel7:<tag>
    $ docker pull registry.access.redhat.com/openshift3/jenkins-slave-base-rhel7:<tag>
    $ docker pull registry.access.redhat.com/openshift3/jenkins-slave-maven-rhel7:<tag>
    $ docker pull registry.access.redhat.com/openshift3/jenkins-slave-nodejs-rhel7:<tag>
    $ docker pull registry.access.redhat.com/rhscl/mongodb-32-rhel7
    $ docker pull registry.access.redhat.com/rhscl/mysql-57-rhel7
    $ docker pull registry.access.redhat.com/rhscl/perl-524-rhel7
    $ docker pull registry.access.redhat.com/rhscl/php-56-rhel7
    $ docker pull registry.access.redhat.com/rhscl/postgresql-95-rhel7
    $ docker pull registry.access.redhat.com/rhscl/python-35-rhel7
    $ docker pull registry.access.redhat.com/redhat-sso-7/sso70-openshift
    $ docker pull registry.access.redhat.com/rhscl/ruby-24-rhel7
    $ docker pull registry.access.redhat.com/redhat-openjdk-18/openjdk18-openshift
    $ docker pull registry.access.redhat.com/redhat-sso-7/sso71-openshift
    $ docker pull registry.access.redhat.com/rhscl/nodejs-6-rhel7
    $ docker pull registry.access.redhat.com/rhscl/mariadb-101-rhel7

Exporting images

If your environment does not have access to your internal network and requires physical media to transfer content, export the images to compressed files. If your host is connected to both the Internet and your internal networks, skip the following steps and continue to Prepare and populate the repository server.

  1. Create a directory to store your compressed images in and change to it:

    $ mkdir </path/to/images>
    $ cd </path/to/images>
  2. Export the OpenShift Container Platform infrastructure component images:

    $ docker save -o ose3-images.tar \
        registry.access.redhat.com/openshift3/csi-attacher \
        registry.access.redhat.com/openshift3/csi-driver-registrar \
        registry.access.redhat.com/openshift3/csi-livenessprobe \
        registry.access.redhat.com/openshift3/csi-provisioner \
        registry.access.redhat.com/openshift3/efs-provisioner \
        registry.access.redhat.com/openshift3/image-inspector \
        registry.access.redhat.com/openshift3/local-storage-provisioner \
        registry.access.redhat.com/openshift3/manila-provisioner \
        registry.access.redhat.com/openshift3/ose-ansible \
        registry.access.redhat.com/openshift3/ose-cli \
        registry.access.redhat.com/openshift3/ose-cluster-capacity \
        registry.access.redhat.com/openshift3/ose-deployer \
        registry.access.redhat.com/openshift3/ose-descheduler \
        registry.access.redhat.com/openshift3/ose-docker-builder \
        registry.access.redhat.com/openshift3/ose-docker-registry \
        registry.access.redhat.com/openshift3/ose-egress-dns-proxy \
        registry.access.redhat.com/openshift3/ose-egress-http-proxy \
        registry.access.redhat.com/openshift3/ose-egress-router \
        registry.access.redhat.com/openshift3/ose-f5-router \
        registry.access.redhat.com/openshift3/ose-haproxy-router \
        registry.access.redhat.com/openshift3/ose-hyperkube \
        registry.access.redhat.com/openshift3/ose-hypershift \
        registry.access.redhat.com/openshift3/ose-keepalived-ipfailover \
        registry.access.redhat.com/openshift3/ose-pod \
        registry.access.redhat.com/openshift3/ose-node-problem-detector \
        registry.access.redhat.com/openshift3/ose-recycler \
        registry.access.redhat.com/openshift3/ose-web-console \
        registry.access.redhat.com/openshift3/ose-node \
        registry.access.redhat.com/openshift3/ose-control-plane \
        registry.access.redhat.com/openshift3/registry-console \
        registry.access.redhat.com/openshift3/snapshot-controller \
        registry.access.redhat.com/openshift3/snapshot-provisioner \
        registry.access.redhat.com/openshift3/apb-base \
        registry.access.redhat.com/openshift3/apb-tools \
        registry.access.redhat.com/openshift3/ose-service-catalog \
        registry.access.redhat.com/openshift3/ose-ansible-service-broker \
        registry.access.redhat.com/openshift3/mariadb-apb \
        registry.access.redhat.com/openshift3/mediawiki-apb \
        registry.access.redhat.com/openshift3/mysql-apb \
        registry.access.redhat.com/openshift3/ose-template-service-broker \
        registry.access.redhat.com/openshift3/postgresql-apb \
        registry.access.redhat.com/rhel7/etcd:3.2.22
  1. If you synchronized images for optional components, export them:

    $ docker save -o ose3-optional-imags.tar \
        registry.access.redhat.com/openshift3/logging-curator5 \
        registry.access.redhat.com/openshift3/logging-elasticsearch5 \
        registry.access.redhat.com/openshift3/logging-eventrouter \
        registry.access.redhat.com/openshift3/logging-fluentd \
        registry.access.redhat.com/openshift3/logging-kibana5 \
        registry.access.redhat.com/openshift3/oauth-proxy \
        registry.access.redhat.com/openshift3/metrics-cassandra \
        registry.access.redhat.com/openshift3/metrics-hawkular-metrics \
        registry.access.redhat.com/openshift3/metrics-hawkular-openshift-agent \
        registry.access.redhat.com/openshift3/metrics-heapster \
        registry.access.redhat.com/openshift3/metrics-schema-installer \
        registry.access.redhat.com/openshift3/prometheus \
        registry.access.redhat.com/openshift3/prometheus-alert-buffer \
        registry.access.redhat.com/openshift3/prometheus-alertmanager \
        registry.access.redhat.com/openshift3/prometheus-node-exporter \
        registry.access.redhat.com/cloudforms46/cfme-openshift-postgresql \
        registry.access.redhat.com/cloudforms46/cfme-openshift-memcached \
        registry.access.redhat.com/cloudforms46/cfme-openshift-app-ui \
        registry.access.redhat.com/cloudforms46/cfme-openshift-app \
        registry.access.redhat.com/cloudforms46/cfme-openshift-embedded-ansible \
        registry.access.redhat.com/cloudforms46/cfme-openshift-httpd \
        registry.access.redhat.com/cloudforms46/cfme-httpd-configmap-generator \
        registry.access.redhat.com/rhgs3/rhgs-server-rhel7 \
        registry.access.redhat.com/rhgs3/rhgs-volmanager-rhel7 \
        registry.access.redhat.com/rhgs3/rhgs-gluster-block-prov-rhel7 \
        registry.access.redhat.com/rhgs3/rhgs-s3-server-rhel7
  2. Export the S2I builder images that you pulled. For example, if you synced only the Jenkins and Tomcat images:

    $ docker save -o ose3-builder-images.tar \
        registry.access.redhat.com/jboss-webserver-3/webserver31-tomcat7-openshift \
        registry.access.redhat.com/jboss-webserver-3/webserver31-tomcat8-openshift \
        registry.access.redhat.com/openshift3/jenkins-1-rhel7 \
        registry.access.redhat.com/openshift3/jenkins-2-rhel7 \
        registry.access.redhat.com/openshift3/jenkins-agent-maven-35-rhel7 \
        registry.access.redhat.com/openshift3/jenkins-agent-nodejs-8-rhel7 \
        registry.access.redhat.com/openshift3/jenkins-slave-base-rhel7 \
        registry.access.redhat.com/openshift3/jenkins-slave-maven-rhel7 \
        registry.access.redhat.com/openshift3/jenkins-slave-nodejs-rhel7
  3. Copy the compressed files from your Internet-connected host to your internal host.

  4. Load the images that you copied:

    $ docker load -i ose3-images.tar
    $ docker load -i ose3-builder-images.tar
    $ docker load -i ose3-optional-images.tar

Prepare and populate the repository server

During the installation, and any future updates, you need a webserver to host the software. RHEL 7 can provide the Apache webserver.

  1. Prepare the webserver:

    1. If you need to install a new webserver in your disconnected environment, install a new RHEL 7 system with at least 110 GB of space on your LAN. During RHEL installation, select the Basic Web Server option.

    2. If you are re-using the server where you downloaded the OpenShift Container Platform software and required images, install Apache on the server:

      $ sudo yum install httpd
  2. Place the repository files into Apache’s root folder.

    • If you are re-using the server:

      $ mv /path/to/repos /var/www/html/
      $ chmod -R +r /var/www/html/repos
      $ restorecon -vR /var/www/html
    • If you installed a new server, attach external storage and then copy the files:

      $ cp -a /path/to/repos /var/www/html/
      $ chmod -R +r /var/www/html/repos
      $ restorecon -vR /var/www/html
  3. Add the firewall rules:

    $ sudo firewall-cmd --permanent --add-service=http
    $ sudo firewall-cmd --reload
  4. Enable and start Apache for the changes to take effect:

    $ systemctl enable httpd
    $ systemctl start httpd

Populate the registry

From within your disconnected environment, tag and push the images to your internal registry:

The following steps are a generic guide to loading the images into a registry. You might need to take more or different actions to load the images.

  1. Before you push the images into the registry, re-tag each image.

    • For images in the openshift3 repository, tag the image as both the major and minor version number. For example, to tag the OpenShift Container Platform node image:

      $ docker tag registry.access.redhat.com/openshift3/ose-node:<tag> registry.example.com/openshift3/ose-node:<tag>
      $ docker tag registry.access.redhat.com/openshift3/ose-node:<tag> registry.example.com/openshift3/ose-node:{major-tag}
    • For other images, tag the image with the exact version number. For example, to tag the etcd image:

      $ docker tag registry.access.redhat.com/rhel7/etcd:3.2.22 registry.example.com/rhel7/etcd:3.2.22
  2. Push each image into the registry. For example, to push the OpenShift Container Platform node images:

    $ docker push registry.example.com/openshift3/ose-node:<tag>
    $ docker push registry.example.com/openshift3/ose-node:{major-tag}

Preparing cluster hosts

Now that you have the installation files, prepare your hosts.

  1. Create the hosts for your OpenShift Container Platform cluster. It is recommended to use the latest version of RHEL 7 and to perform a minimal installation. Ensure that the hosts meet the system requirements.

  2. On each node host, create the repository definitions. Place the following text in the /etc/yum.repos.d/ose.repo file:

    [rhel-7-server-rpms]
    name=rhel-7-server-rpms
    baseurl=http://<server_IP>/repos/rhel-7-server-rpms (1)
    enabled=1
    gpgcheck=0
    [rhel-7-server-extras-rpms]
    name=rhel-7-server-extras-rpms
    baseurl=http://<server_IP>/repos/rhel-7-server-extras-rpms (1)
    enabled=1
    gpgcheck=0
    [rhel-7-server-ansible-2.4-rpms]
    name=rhel-7-server-ansible-2.4-rpms
    baseurl=http://<server_IP>/repos/rhel-7-server-ansible-2.4-rpms (1)
    enabled=1
    gpgcheck=0
    [rhel-7-server-ose-3.10-rpms]
    name=rhel-7-server-ose-3.10-rpms
    baseurl=http://<server_IP>/repos/rhel-7-server-ose-3.10-rpms (1)
    enabled=1
    gpgcheck=0
    1 Replace <server_IP> with the IP address or host name of the Apache server that hosts the software repositories.
  3. Finish preparing the hosts for installation. Follow the Preparing your hosts steps, omitting the steps in the Host Registration section.

Installing OpenShift Container Platform

After you prepare the software, images, and hosts, you use the standard installation method to install OpenShift Container Platform:

  1. Configure your inventory file to reference your internal registry:

    orge_url=registry.example.com/openshift3/ose-${component}:${version}
    openshift_examples_modify_imagestreams=true
  2. Run the installation playbooks.