OCP Origin 3.x Installation - on GCP

Follow · 8 mins read
Share this

This is a quick guide to setup OpenShift Origin Cluster with 1 Master and 2 Nodes. We will use ansible playbooks provided by OpenShift-ansible.

You need to setup a separate DNS server to manage internal DNS traffic.

Master server hosted on GCP

Components running on the server

  • kubernetes API Server
  • etcd
  • Controller Manager Server
  • Ansible
  • Docker Service
  • OpenShift Container Registry
  • Web console if any
  • CLI Client

Node 1 & 2: Hosted on GCP:

  • Docker service
  • kubelet
  • service proxy

Important Notes:

  • In ansible inventory file, ansible_service_broker_install=False; if this entry is true then playbook run will fail always if your DNS server didn’t configure properly.

  • If DNS server is ready, use wild card entry as *

    eg: * IN A

  • Configure static IP address on your Master servers and nodes.

Master Server Configuration

Below see the steps to follow.

Step 1 : Update system

yum update

Step 2 : Install Required Packages

# yum install -y wget git zile nano net-tools \
	docker bind-utils iptables-services bridge-utils \
	bash-completion kexec-tools sos psacct openssl-devel \
	httpd-tools NetworkManager python-cryptography \
	python2-pip python-devel python-passlib \
	java-1.6.0-openjdk python-rhsm-certificates
# yum group install "Development Tools" -y
# yum install centos-release-openshift-origin39 #use correct version like 3.6 or 3.9
# yum install epel* [epel repository]
# sed -i -e "s/^enabled=1/enabled=0/" /etc/yum.repos.d/epel.repo #<====> to use epel repo only
# systemctl start NetworkManager
# systemctl enable NetworkManager
# yum install --enablerepo=epel install ansible pyOpenSSL #<===Only on master

Step 3 : Clone the package from github

git clone
cd OpenShift-ansible
git fetch
git checkout --track origin/release-3.9  #<====== Change branch to 3.9 release 

If you find issue check files in master branch itself.

Step 4: Configure your DNS server

Step 5 : Create a user with admin privilege

Grant full sudo access via sudoers file. eg:

# cat /etc/sudoers.d/ansible

Step 6 : Start and Enable Docker

sudo systemctl stop docker
sudo systemctl restart docker
sudo systemctl enable docker

Step 7 : Configure Storage

# cat /etc/sysconfig/docker-storage-setup

Step 8 : Configure the inventory file

Amend the entries in inventory file



#htpasswd auth
openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', 'challenge': 'true', 'kind': 'HTPasswdPasswordIdentityProvider', 'filename': '/etc/origin/master/htpasswd'}]
#openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', 'challenge': 'true', 'kind': 'HTPasswdPasswordIdentityProvider'}]

openshift_node_kubelet_args={'pods-per-core': ['10']}

# allow unencrypted connection within cluster

# to fix the No package matching 'origin-docker-excluder-3.7.0 error
# Ref:


ocp-master02 openshift_public_hostname= openshift_hostname="" openshift_ip= openshift_public_ip= #openshift_node_group_name=ocpgce

ocp-master02 #openshift_node_group_name=ocpgce

ocp-master02 openshift_node_labels="{'region': 'infra', 'zone': 'default'}" openshift_ip= openshift_public_ip= #openshift_node_group_name=ocpgce #openshift_schedulable=false
ocp-node03 openshift_node_labels="{'region': 'primary', 'zone': 'east'}" openshift_ip= openshift_public_ip= #openshift_node_group_name=ocpgce #openshift_schedulable=true
ocp-node04 openshift_node_labels="{'region': 'primary', 'zone': 'west'}" openshift_ip= openshift_public_ip= #openshift_node_group_name=ocpgce  #openshift_schedulable=true

Step 9: Verify Pre-Req

Release 3.6, run below,

ansible-playbook playbooks/byo/openshift-preflight/check.yml -i inventory/ocp

If you are facing below error,

fatal: [localhost]: FAILED! => {"attempts": 3, "changed": false, "msg": "No package matching 'origin-docker-excluder-3.11**' found available, installed or updated", "rc":
 126, "results": ["No package matching 'origin-docker-excluder-3.11**' found available, installed or updated"]} 

then use

Step 10: Deploy Cluster

If pre-check is successful then run the main deployment.

ansible-playbook playbooks/byo/config.yml -i inventory/ocp

If you face issues as below, refer This or This

TASK [openshift_hosted_facts : Set hosted facts] *************************************************************************************************************************
task path: /home/ansible/openshift-ansible/roles/openshift_hosted_facts/tasks/main.yml:9
fatal: [ocp-master1]: FAILED! => {}
|failed expects to merge two dicts

Also try by downgrading your ansible version.

Step 11: Configure cluster admin login

Once the cluster is up and online log on to the master node and setup a user and password.

[root@ocp-master1 ~]# htpasswd -b /etc/origin/master/htpasswd admin openshift
Updating password for user admin
[root@ocp-master1 ~]# openshift admin policy add-cluster-role-to-user cluster-admin admin
cluster role "cluster-admin" added: "admin"

Step 12: Verify Cluster Status

From the master node verify the cluster is up with no errors by running the oc status command.

[root@ocp-master1 ~]# oc status
In project default on server
https://docker-registry-default.cloudapps.techbeatly.local (passthrough) (svc/docker-registry)
  dc/docker-registry deploys
	deployment #1 deployed 28 hours ago - 1 pod
svc/kubernetes - ports 443->8443, 53->8053, 53->8053
https://registry-console-default.cloudapps.techbeatly.local (passthrough) (svc/registry-console)
  dc/registry-console deploys
	deployment #1 deployed 28 hours ago - 1 pod
svc/router - ports 80, 443, 1936
  dc/router deploys
	deployment #1 deployed 28 hours ago - 2 pods
View details with 'oc describe <resource>/<name>' or list everything with 'oc get all'.
[root@ocp-master1 ~]# oc get all
NAME                  DOCKER REPO                                                 TAGS  	UPDATED
is/registry-console   docker-registry.default.svc:5000/default/registry-console   latest    28 hours ago
dc/docker-registry    1      	1     	1     	config
dc/registry-console   1      	1     	1     	config
dc/router             1      	2     	2     	config
NAME                    DESIRED   CURRENT   READY     AGE
rc/docker-registry-1    1     	1     	1     	1d
rc/registry-console-1   1     	1     	1     	1d
rc/router-1             2     	2     	2     	1d
NAME                      HOST/PORT                                             PATH  	SERVICES       	POR
routes/docker-registry    docker-registry-default.cloudapps.techbeatly.local          	docker-registry	<al
l>     passthrough   None
routes/registry-console   registry-console-default.cloudapps.techbeatly.local         	registry-console   <al
l>     passthrough   None
NAME                   CLUSTER-IP   	EXTERNAL-IP   PORT(S)               	AGE
svc/docker-registry   <none>    	5000/TCP              	1d
svc/kubernetes   	<none>    	443/TCP,53/UDP,53/TCP 	1d
svc/registry-console   <none>    	9000/TCP              	1d
svc/router 	<none>    	80/TCP,443/TCP,1936/TCP   1d
NAME                          READY 	STATUS	RESTARTS   AGE
po/docker-registry-1-410r0    1/1   	Running   2          1d
po/registry-console-1-knq88   1/1   	Running   1          1d
po/router-1-6n4r7             1/1   	Running   1          1d
po/router-1-k65vw             1/1   	Running   2          1d

Step 13: Verify basic pod status

Verify your metric pods are running without any errors.

[root@master ~]# oc get pods -n openshift-infra

Step 14: Verify Web Console

Log on to your OpenShift Origin cluster via the browser using your master node as the URL with port 8443 -

Note : Make sure you have added firewall rules to allow traffic using 8443. (Both inside OS as well as on your infra like GCP/AWS or Openstack)

Restart or Check Status of openshift service

[root@ocp-master02 ~]# systemctl status origin-master.service
[root@ocp-master02 ~]# systemctl restart origin-master.service

Some more configs - Configuring Host Variables

To assign environment variables to hosts during the Ansible installation, indicate the desired variables in the /etc/ansible/hosts file after the host entry in the [masters] or [nodes] sections.

For example:

  • openshift_hostname - This variable overrides the internal cluster host name for the system. Use this when the system’s default IP address does not resolve to the system host name.

  • openshift_public_hostname - This variable overrides the system’s public host name. Use this for cloud installations, or for hosts on networks using a network address translation (NAT).

  • openshift_ip - This variable overrides the cluster internal IP address for the system. Use this when using an interface that is not configured with the default route. This variable can also be used for etcd.

  • openshift_public_ip - This variable overrides the system’s public IP address. Use this for cloud installations, or for hosts on networks using a network address translation (NAT).

  • openshift_master_cluster_hostname - This variable overrides the host name for the cluster, which defaults to the host name of the master.

  • openshift_master_cluster_public_hostname - This variable overrides the public host name for the cluster, which defaults to the host name of the master.

Refer : Advanced Installation

Verify PublicURL

[root@ocp-master02 ~]# grep PublicURL /etc/origin/master/master-config.yaml

Uninstalling OCP Cluster

If you need to uninstall the cluster and start over. Run the following command.

ansible-playbook -i ./inventory/byo/hosts playbooks/adhoc/uninstall.yml

Deleting all your pods and services in your project in order to start over.

oc delete all  --all -n test01




debug command: curl -L -k https://<your ip>:8443/consoles

Latest Stories

How To Get Hands-On Experience in AWS

Every Time you have the same situation, you know the technology and maybe you are already a certified professional in that technology, but you are not getting enough hands-on on that ...

In AWS, Jan 04, 2021
Getting Started with Ansible Collections

Ansible Collection is a great way of getting content contributions from various Ansible Developers. Earlier there was a tagline for Ansible – “Batteries included”, but now the battery...

In redhat, ansible, Dec 22, 2020
Configure Your Windows Host to be Managed by Ansible

I was talking to my friend about Ansible automation and how we are implementing automated solutions for cloud and on-premise infrastructure. Then he told me that, his team is looking ...

In redhat, ansible, Dec 01, 2020
Remove nodes from Kubespray Managed Kubernetes Cluster

Kubespray is a combination of Ansible and Kubernetes and you can use Kubespray for deploying production ready Kubernetes clusters. You can manage full-lifecycle of Kubernetes clusters...

In containers, kubernetes, Nov 30, 2020
Adding new nodes to Kubespray Managed Kubernetes Cluster

Kubespray is a combination of Ansible and Kubernetes and you can use Kubespray for deploying production ready Kubernetes clusters. Learn how to add new nodes in a Kubernetes cluster u...

In containers, kubernetes, Nov 27, 2020