{"id":13647894,"url":"https://github.com/redhat-openstack/openshift-on-openstack","last_synced_at":"2025-10-24T01:15:58.312Z","repository":{"id":31104099,"uuid":"34663409","full_name":"redhat-openstack/openshift-on-openstack","owner":"redhat-openstack","description":"A place to write templates, docs etc. for deploying OpenShift on OpenStack.","archived":false,"fork":false,"pushed_at":"2020-09-10T08:49:56.000Z","size":1387,"stargazers_count":136,"open_issues_count":67,"forks_count":87,"subscribers_count":41,"default_branch":"master","last_synced_at":"2024-11-09T22:36:14.515Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/redhat-openstack.png","metadata":{"files":{"readme":"README.adoc","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.txt","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2015-04-27T11:46:34.000Z","updated_at":"2024-05-17T16:43:18.000Z","dependencies_parsed_at":"2022-09-09T03:30:28.924Z","dependency_job_id":null,"html_url":"https://github.com/redhat-openstack/openshift-on-openstack","commit_stats":null,"previous_names":[],"tags_count":23,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/redhat-openstack%2Fopenshift-on-openstack","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/redhat-openstack%2Fopenshift-on-openstack/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/redhat-openstack%2Fopenshift-on-openstack/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/redhat-openstack%2Fopenshift-on-openstack/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/redhat-openstack","download_url":"https://codeload.github.com/redhat-openstack/openshift-on-openstack/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":244591486,"owners_count":20477709,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-02T01:03:49.445Z","updated_at":"2025-10-24T01:15:53.256Z","avatar_url":"https://github.com/redhat-openstack.png","language":"Shell","readme":"\n= OpenShift on OpenStack\n\n\n== Maintenance Status\n\nThis project is no longer being developed or maintained by its original\nauthors.\n\nThe https://github.com/openshift/openshift-ansible[official OpenShift installer]\nnow supports various cloud providers including OpenStack so a lot of the development\neffort has moved there:\n\nhttps://github.com/openshift/openshift-ansible/tree/master/playbooks/openstack\n\nWe recommend you take a look at it.\n\n\n== About\n\nA collection of documentation, https://wiki.openstack.org/wiki/Heat[Heat] templates, configuration and everything\nelse that's necessary to deploy http://www.openshift.org/[OpenShift]\non http://www.openstack.org/[OpenStack].\n\nThis template uses Heat to create the OpenStack infrastructure\ncomponents, then calls the https://github.com/openshift/openshift-ansible[OpenShift Ansible] installer playbooks to\ninstall and configure OpenShift on the VMs.\n\n== Architecture\n\nAll of the OpenShift VMs will share a private network. This network is\nconnected to the public network by a router.\n\nThe deployed OpenShift environment is composed of a replicated\nset of _OpenShift master_ VMs fronted by a  _load_balancer_. This provides\nboth a single point of access and some HA capabilities. The\napplications run on one or more _OpenShift node_ VMs.  These are\nconnected by a private _software defined network_ (SDN) which can be\nimplemented either with http://openvswitch.org/[OpenVSwitch] or https://github.com/coreos/flannel[Flannel].\n\nA _bastion server_ is used to control the host and service\nconfiguration. The host and service configuration is run using\nhttps://www.ansible.com/[Ansible] playbooks executed from the bastion\nhost.\n\n_Bastion server_, _master nodes_ and _infra nodes_ is also given a _floating IP_\naddress on the public network. This provides direct access to the\n_bastion server_ from where you can access all nodes by SSH.\n_Master nodes_ and _infra nodes_ have _floating IP_ assigned to make sure\nthese nodes are accessible when an _external loadbalancer_ is used for\naccessing OpenShift services.\n\nAll of the OpenShift hosts (master, infra and node) have block storage for\nDocker images and containers provided by Cinder.  OpenShift will run a\nlocal Docker registry, also backed by Cinder block storage.  Finally\nall nodes will have access to Cinder volumes which can be created by\nOpenStack users and mounted into containers by http://kubernetes.io/[Kubernetes].\n\nimage:graphics/architecture.png[caption=\"VM and Network Layout\",\ntitle=\"OpenShift Architecture\"]\n\n== Prerequisites\n\n. OpenStack version Juno or later with the Heat, Neutron, Ceilometer, Aodh (Mitaka or later) services\nrunning:\n  * heat-api-cfn service - used for passing heat metadata to nova instances\n  * Neutron LBaaS service (optional) - used for loadbalancing requests in HA\n    mode, if this service is not available, you can deploy dedicated\n    loadbalancer node, see \u003c\u003cLoadBalancing\u003e\u003e\n  * Ceilometer services (optional) - used when autoscaling is enabled\n. `ServerGroupAntiAffinityFilter` enabled in Nova service\n  (optionally `ServerGroupAffinityFilter` when using all-in-one OpenStack\n  environment)\n. http://www.centos.org/[CentOS] 7.2 cloud image (we leverage cloud-init)\nloaded in Glance for OpenShift Origin Deployments.\nhttps://access.redhat.com/downloads[RHEL]_ 7.2 cloud image if doing Atomic\nEnterprise or OpenShift Container Platform. Make sure to use official images to avoid\nunexpected issues during deployment (e.g. a custom firewall may block OpenShift\ninter-node communication).\n. An SSH keypair loaded into Nova\n. A (Neutron) network with a pool of floating IP addresses available\n\nCentOS and RHEL are the only tested distros for now.\n\n=== DNS Server\n\nThe OpenShift installer requires that all nodes be reachable via their\nhostnames. Since OpenStack does not currently provide an internal name\nresolution, this needs to be done with an external DNS service that\nall nodes use via the `dns_nameserver` parameter.\n\nIn a production deployment this would be your existing DNS, but if you\ndon't have the ability to update it to add new name records, you will\nhave to deploy one yourself.\n\nWe have provided a separate repository that can deploy a DNS server\nsuitable for OpenShift:\n\nhttps://github.com/openshift/openshift-ansible-contrib/tree/master/reference-architecture/osp-dns\n\nNOTE: If your DNS supports dynamic updates via RFC 2136, you can pass\nthe update key to the Heat stack and all nodes will register\nthemselves as they come up. Otherwise, you will have to update your\nDNS records manually.\n\n\n=== Red Hat Software Repositories\n\nWhen installing OpenShift Container Platform on RHEL the OpenShift and\nOpenStack repositories must be enabled, along with several common\nrepositories. These repositories must be available under the\nsubscription account used for installation.\n\n.Required Repositories for RHEL installation\n|===\n|Repo Name |Purpose\n\n|rhel-7-server-rpms | Standard RHEL Server RPMs\n|rhel-7-server-extras-rpms | Supporting RPMs\n|rhel-7-server-optional-rpms | Supporting RPMs\n|rhel-7-server-openstack-10-rpms | OpenStack client and data collection RPMs\n|rhel-7-server-ose-3.5-rpms | OpenShift Container Platform RPMs\n|rhel-7-fast-datapath-rpms | Required for OSP 3.5+ and OVS 2.6+\n|===\n\n== Creating an All-In-One Demo Environment\n\nFollowing steps can be used to setup all-in-one testing/developer environment:\n\n```bash\n# OpenStack does not run with NetworkManager\nsystemctl stop NetworkManager\nsystemctl disable NetworkManager\n\n# The Packstack Installer is not supported for production but will work\n# for demonstrations\nyum -y install openstack-packstack libvirt git\n\n# Add room for images if /varlib is too small\nmv /var/lib/libvirt/images /home\nln -s /home/images /var/lib/libvirt/images\n\n# Install OpenStack demonstrator with no real security\n#   This produces the keystonerc_admin file used below\npackstack --allinone --provision-all-in-one-ovs-bridge=y \\\n  --os-heat-install=y --os-heat-cfn-install=y \\\n  --os-neutron-lbaas-install=y \\\n  --keystone-admin-passwd=password --keystone-demo-passwd=password\n\n# Retrieve the Heat templates for OpenShift\ngit clone https://github.com/redhat-openstack/openshift-on-openstack.git\n\n# Retrieve a compatible image for the OpenShift VMs\ncurl -O http://cloud.centos.org/centos/7/images/CentOS-7-x86_64-GenericCloud.qcow2\n\n# Set access environment parameters for the new OpenStack service\nsource keystonerc_admin\n\n# Load the VM image into the store and make it available for creating VMs\nglance image-create --name centos72 --is-public True \\\n  --disk-format qcow2 --container-format bare \\\n  --file CentOS-7-x86_64-GenericCloud.qcow2\n# For newer versions of glance clients, substitute \"--is-public True\" with \"--visibility public\"\n\n# Install the current user's SSH key for access to VMs\nnova keypair-add --pub-key ~/.ssh/id_rsa.pub default\n```\n\n== Deployment\n\nYou can pass all environment variables to heat on command line.  However,\ntwo environment files are provided as examples.\n\n* ``env_origin.yaml`` is an example of the variables to deploy an OpenShift\n  Origin 3 environment.\n* ``env_aop.yaml`` is an example of the variables to deploy an Atomic\n  Enterprise or OpenShift Container Platform 3 environment.  Note deployment type\n  should be *openshift-enterprise* for OpenShift or *atomic-enterprise*\n  for Atomic Enterprise.  Also, a valid RHN subscription is required\n  for deployment.\n\nHere is a sample of environment file which uses a subset of parameters which\ncan be set by the user to configure OpenShift deployment. All configurable\nparameters including description can be found in the `parameters` section in\nthe link:openshift.yaml[main template]. Assuming your external\nnetwork is called ``public``, your SSH key is `default`, your\nCentOS 7.2 image is ``centos72`` and your domain name is ``example.com``,\nthis is how you deploy OpenShift Origin:\n\n```yaml\ncat \u003c\u003c EOF \u003e openshift_parameters.yaml\nparameters:\n   # Use OpenShift Origin (vs OpenShift Container Platform)\n   deployment_type: origin\n\n   # set SSH access to VMs\n   ssh_user: centos\n   ssh_key_name: default\n\n   # Set the image type and size for the VMs\n   bastion_image: centos72\n   bastion_flavor: m1.medium\n   master_image: centos72\n   master_flavor: m1.medium\n   infra_image: centos72\n   infra_flavor: m1.medium\n   node_image: centos72\n   node_flavor: m1.medium\n   loadbalancer_image: centos72\n   loadbalancer_flavor: m1.medium\n\n   # Set an existing network for inbound and outbound traffic\n   external_network: public\n   dns_nameserver: 8.8.4.4,8.8.8.8\n\n   # Define the host name templates for master and nodes\n   domain_name: \"example.com\"\n   master_hostname: \"origin-master\"\n   node_hostname: \"origin-node\"\n\n   # Allocate additional space for Docker images\n   master_docker_volume_size_gb: 25\n   infra_docker_volume_size_gb: 25\n   node_docker_volume_size_gb: 25\n\n   # Specify the (initial) number of nodes to deploy\n   node_count: 2\n\n   # Add auxiliary services: OpenStack router and internal Docker registry\n   deploy_router: False\n   deploy_registry: False\n\n   # If using RHEL image, add RHN credentials for RPM installation on VMs\n   rhn_username: \"\"\n   rhn_password: \"\"\n   rhn_pool: '' # OPTIONAL\n\n   # Currently Ansible 2.1 is not supported so add these parameters as a workaround\n   openshift_ansible_git_url: https://github.com/openshift/openshift-ansible.git\n   openshift_ansible_git_rev: master\n\nresource_registry:\n  # use neutron LBaaS\n  OOShift::LoadBalancer: openshift-on-openstack/loadbalancer_neutron.yaml\n  # use openshift SDN\n  OOShift::ContainerPort: openshift-on-openstack/sdn_openshift_sdn.yaml\n  # enable ipfailover for router setup\n  OOShift::IPFailover: openshift-on-openstack/ipfailover_keepalived.yaml\n  # create dedicated volume for docker storage\n  OOShift::DockerVolume: openshift-on-openstack/volume_docker.yaml\n  OOShift::DockerVolumeAttachment: openshift-on-openstack/volume_attachment_docker.yaml\n  # use ephemeral cinder volume for openshift registry\n  OOShift::RegistryVolume: openshift-on-openstack/registry_ephemeral.yaml\nEOF\n```\n\n```bash\n# retrieve the Heat template (if you haven't yet)\ngit clone https://github.com/redhat-openstack/openshift-on-openstack.git\n```\n\nAfter this you can deploy using the heat command\n\n```bash\n# create a stack named 'my-openshift'\nheat stack-create my-openshift -t 180 \\\n  -e openshift_parameters.yaml \\\n  -f openshift-on-openstack/openshift.yaml\n```\n\nor using the generic OpenStack client\n\n```\n# create a stack named 'my-openshift'\nopenstack stack create --timeout 180 \\\n  -e openshift_parameters.yaml \\\n  -t openshift-on-openstack/openshift.yaml my-openshift\n```\n\nThe ``node_count`` parameter specifies how many compute nodes you\nwant to deploy. In the example above, we will deploy one master, one infra node\nand two compute nodes.\n\nThe templates will report stack completion back to Heat only when the whole\nOpenShift setup is finished.\n\n== Debugging\n\nSometimes it's necessary to find out why a stack was not deployed as expected.\nlink:README_debugging.adoc[Debugging] helps you find the root cause of the\nissue.\n\n== OpenStack Integration\n\nOpenShift on OpenStack takes advantage of the cloud provider to offer\nfeatures such as dynamic storage to the OpenShift users. Auto scaling\nalso requires communication with the OpenStack service.  You must\nprovide a set of OpenStack credentials so that OpenShift and the heat\nscaling mechanism can work correctly.\n\nThese are the same values used to create the Heat stack.\n\n.Sample OSP Credentials - `osp_credentials.yaml`\n----\n---\nparameters:\n  os_auth_url: http://10.0.x.x:5000/v2.0\n  os_username: \u003cusername\u003e\n  os_password: \u003cpassword\u003e\n  os_region_name: regionOne\n  os_tenant_name: \u003ctenant name\u003e\n  os_domain_name: \u003cdomain name\u003e\n----\n\nWhen invoking the stack creation, include this by adding `-e\nosp_credentials.yaml` to the command.\n\n== [[ca-certificates]]OpenStack with SSL/TLS\n\nIf your OpenStack service is encrypted with SSL/TLS, you will need to\nprovide the CA certificate so that the communication channel can be\nvalidated.\n\nThe CA certificate is provided as a literal string copy of contents of\nthe CA certificate file, and can be included in an additional\nenvironment file:\n\n.CA Certificate Parameter File `ca_certificates.yaml`\n----\n---\nparameters:\n  ca_cert: |\n    -----BEGIN CERTIFICATE-----\n   ...\n   -----END CERTIFICATE-----\n----\n\nWhen invoking the stack creation, includ this by adding `-e\nca_certificates.yaml`.\n\nYou can include multiple CA certificate strings and all will be imported\ninto the CA list on all instances.\n\n\n== Multiple Master Nodes\n\nYou can deploy OpenShift with multiple master hosts using the 'native'\nHA method (see\nhttps://docs.openshift.org/latest/install_config/install/advanced_install.html#multiple-masters\nfor details) by increasing number of master nodes. This can be done by setting\n``master_count`` heat parameter:\n\n```bash\nheat stack-create my-openshift \\\n   -e openshift_parameters.yaml \\\n   -P master_count=3 \\\n   -f openshift-on-openstack/openshift.yaml\n```\n\nThree master nodes will be deployed. Console and API URLs\npoint to the loadbalancer server which distributes requests across all\nthree nodes. You can get the URLs from Heat by running\n`heat output-show my-openshift console_url` and\n`heat output-show my-openshift api_url`.\n\n== Multiple Infra Nodes\n\nYou can deploy OpenShift with multiple infra hosts. Then OpenShift router\nis deployed on each of infra node (only if `-P deploy_router=true` is used)\nand router requests are load balanced by either dedicated or neutron\nloadbalancer. This can be done by setting ``infra_count`` heat parameter:\n\n```bash\nheat stack-create my-openshift \\\n   -e openshift_parameters.yaml \\\n   -P infra_count=2 \\\n   -P deploy_router=true \\\n   -f openshift-on-openstack/openshift.yaml\n```\n\nTwo infra nodes will be deployed. Loadbalancer server distributes requests on\nports 80 and 443 across both nodes.\n\n[[LoadBalancing]]\n== Select Loadbalancer Type\n\nWhen deploying multiple master nodes, both access to the nodes and OpenShift\nrouter pods (which run on infra nodes) have to be loadbalanced.\nopenshift-on-openstack provides multiple options for setting up loadbalancing:\n\n* Neutron LBaaS - this loadbalancer is used by default. Neutron loadbalancer\n  serviceis used for loadbalancing console/api requests to master nodes. At the\n  moment OpenShift router requests are not loadbalanced and an external\n  loadbalancer has to be used for it.\n  This is default option, but can be set\n  explicitly by including `-e openshift-on-openstack/env_loadbalancer_neutron.yaml`\n  when creating the stack. By default, this mode uses \u003c\u003cIPFailover,IP failover\u003e\u003e.\n\n* External loadbalancer - a user is expected to set its own loadbalancer both\n  for master nodes and OpenShift routers.\n  This is suggested type for production.\n  To select this type include `-e openshift-on-openstack/env_loadbalancer_external.yaml`\n  when creating the stack and also set `lb_hostname` parameter to point to the\n  loadbalancer's fully qualified domain name. Once stack creation is finished\n  you can set your external loadbalancer with the list of created master nodes.\n\n* Dedicated loadbalancer node - a dedicated node is created during stack\n  creation and HAProxy loadbalancer is configured on it. Both console/API and\n  OpenSHift router requests are load balanced by this dedicated node.\n  This type is useful for demo/testing purposes only because HA is not assured for\n  the single loadbalancer. To select this type include\n  `-e openshift-on-openstack/env_loadbalancer_dedicated.yaml` when creating the stack.\n  node.\n\n* None - if only single master node is deployed, it's possible to skip\n  loadbalancer creation, then all master node requests and OpenShift router requests\n  point to the single master node.\n  To select this type include `-e openshift-on-openstack/env_loadbalancer_none.yaml`\n  when creating the stack. By default, this mode uses \u003c\u003cIPFailover,IP failover\u003e\u003e.\n\n== Select SDN Type ==\n\nBy default, OpenShift is deployed with https://docs.openshift.com/enterprise/3.2/architecture/additional_concepts/sdn.html[OpenShift-SDN].\nWhen used with OpenStack Neutron with GRE or VXLAN tunnels, packets are encapsulated twice\nwhich can have an impact on performances. Those Heat templates allow using https://github.com/coreos/flannel[Flannel]\ninstead of openshift-sdn, with the `host-gw` backend to avoid the double encapsulation.\nTo do so, you need to include the `env_flannel.yaml` environment file when you create the stack:\n\n```bash\nheat stack-create my_openshift \\\n   -e openshift_parameters.yaml \\\n   -f openshift-on-openstack/openshift.yaml \\\n   -e openshift-on-openstack/env_flannel.yaml\n```\n\nTo use this feature, the Neutron `port_security` extension driver needs to be enabled.\nTo do so and when using the ML2 driver, edit the file `/etc/neutron/plugins/ml2/ml2_conf.ini`\nand make sure it contains the line:\n\n```bash\nextension_drivers = port_security\n```\n\nNote that this feature is still in experimental mode.\n\n== LDAP authentication\n\nYou can use an external LDAP server to authenticate OpenShift users. Update\nparameters in `env_ldap.yaml` file and include this environment file\nwhen you create the stack.\n\nExample of `env_ldap.yaml` using an Active Directory server:\n\n.LDAP parameter file `env_ldap.yaml\n----\nparameter_defaults:\n   ldap_hostname: \u003cldap hostname\u003e\n   ldap_ip: \u003cip of ldap server\u003e\n   ldap_url: ldap://\u003cldap hostname\u003e:389/CN=Users,DC=example,DC=openshift,DC=com?sAMAccountName\n   ldap_bind_dn: CN=Administrator,CN=Users,DC=example,DC=openshift,DC=com?sAMAccountName\n   ldap_bind_password: \u003cadmin password\u003e\n----\n\n```bash\nheat stack-create my-openshift \\\n  -e openshift_parameters.yaml \\\n  -e openshift-on-openstack/env_ldap.yaml \\\n  -f openshift-on-openstack/openshift.yaml\n```\n\nIf your LDAP service uses SSL, you will also need to add a link:#ca-certificates[CA Certficate] for the LDAP communications.\n\n== Using Custom Yum Repositories\n\nYou can set additional Yum repositories on deployed nodes by passing `extra_repository_urls`\nparameter which contains list of Yum repository URLs delimited by comma:\n\n```bash\nheat stack-create my-openshift \\\n  -e openshift_parameters.yaml \\\n  -P extra_repository_urls=http://server/my/own/repo1.repo,http://server/my/own/repo2.repo\n  -f openshift-on-openstack/openshift.yaml\n```\n\n== Using Custom Docker Respositories\n\nYou can set additional Docker repositories on deployed nodes by passing `extra_docker_repository_urls`\nparameter which contains list of docker repository URLs delimited by comma, if a repository is insecure\nyou can use `#insecure` suffix for the repository:\n\n```bash\nheat stack-create my-openshift \\\n  -e openshift_parameters.yaml \\\n  -P extra_docker_repository_urls='user.docker.example.com,custom.user.example.com#insecure'\n  -f openshift-on-openstack/openshift.yaml\n```\n\n== Using Persistent Cinder Volume for Docker Registry\n\nWhen deploying OpenShift registry (`-P deploy_registry=true`) you can use either\nan ephemeral or persistent Cinder volume. Ephemeral volume is used by default,\nthe volume is automatically created when creating the stack and is also\ndeleted when deleting the stack. Alternatively you can use an existing Cinder\nvolume by including the `env_registry_persistent.yaml` environment file and\n`registry_volume_id` when you create the stack:\n\n```bash\nheat stack-create my-openshift \\\n  -e openshift_parameters.yaml \\\n  -f openshift-on-openstack/openshift.yaml \\\n  -e openshift-on-openstack/env_registry_persistent.yaml \\\n  -P registry_volume_id=\u003ccinder_volume_id\u003e\n```\n\nPersistent volume is not formatted when creating the stack, if you have a new\nunformatted volume you can enforce formatting by passing\n`-P prepare_registry=true`.\n\n== Accessing OpenShift\n\nFrom user point of view there are two entry points into the deployed OpenShift:\n\n* OpenShift console and API URLs: these URLs usually point to the\n  loadbalancer host and can be obtained by:\n\n```\nheat output-show my-openshift console_url\nheat output-show my-openshift api_url\n```\n\n* Router IP: the IP address which application OpenShift router service\n  listens on. This IP will be used for setting wildcard DNS for\n  .apps.\u003cdomain\u003e subdomain. The IP can be obtained by:\n\n```\nheat output-show my-openshift router_ip\n```\n\n== Setting DNS\n\nTo make sure that console and API URLs resolving works properly, you have to\ncreate a DNS record for the hostname used in `console_url` and `api_url` URLs.\nThe floating IP address can be obtained by:\n\n```\nheat output-show my-openshift loadbalancer_ip\n```\n\nFor example if `console_url` is `https://default32-lb.example.com:8443/console/`\nand loadbalancer_ip is `172.24.4.166` there should be a DNS record for domain\n`example.com`:\n\n```\ndefault32-lb  IN A  172.24.4.166\n```\n\nIf OpenShift router was deployed (`-P deploy_router=true`) you also may want\nto make sure that\nhttps://docs.openshift.com/enterprise/3.2/install_config/install/prerequisites.html#wildcard-dns-prereq[wildcard DNS]\nis set for application subdomain. For example if used domain is `example.com`\nand `router_ip` is `172.24.4.168` there should be a DNS record for domain\n`example.com`:\n```\n*.cloudapps.example.com. 300 IN  A 172.24.4.168\n```\n\n[NOTE]\n====\nThe above DNS records should be set on the DNS server authoritative for the\ndomain used in OpenShift cluster (`example.com` in the example above).\n====\n\n\n=== Dynamic DNS Updates\n\nIf your DNS servers support dynamic updates (as defined in RFC 2136),\nyou can pass the update key in the `dns_update_key` parameter and each\nnode will register its internal IP address to all the DNS servers in\nthe `dns_nameserver` list.\n\nIn addition, if you use the *dedicated load balancer*, the API and\nwildcard entries will be created as well. Otherwise, you will need to\nset them manually.\n\n\n== Retrieving the OpenShift CA certificate\n\nYou can retrieve the CA certificate that was generated during the OpenShift\ninstallation by running\n\n```bash\nheat output-show --format=raw my-openshift ca_cert \u003e ca.crt\nheat output-show --format=raw my-openshift ca_key \u003e ca.key\n```\n\n== Container and volumes quotas\n\nOpenShift has preliminary support for local emptyDir volume quotas. You can\nset the `volume_quota` parameter to a resource quantity representing the desired\nquota per FSGroup.\n\nYou can set quota on the maximum size of the containers using the\n`container_quota` parameter in GB.\n\nExample:\n```yaml\n   volume_quota: 10\n   container_quota: 20\n```\n\n== Disabling Cinder volumes for Docker storage\n\nBy default, the Heat templates create a Cinder volume per OpenShift node\nto host containers. This can be disabled by including both `volume_noop.yaml`\nand `volume_attachment_noop.yaml` in your environment file:\n\nresource_registry:\n  ...\n  OOShift::DockerVolume: volume_noop.yaml\n  OOShift::DockerVolumeAttachment: volume_attachment_noop.yaml\n\n[[IPFailover]]\n== IP failover\n\nThese templates allow using IP failover for the OpenShift router. In this mode,\na virtual IP address is assigned for the OpenShift router. Multiple instances of\nrouter may be active but only one instance at a time will have the virtual IP.\nThis ensures that minimal downtime in the case of the failure of the current active\nrouter.\n\nBy default, IP failover is used when the load balancing mode is `Neutron LBaas` or\n`None` (see section \u003c\u003cLoadBalancing\u003e\u003e).\n\nThe virtual IP of the router can be retrieved with\n```bash\nheat output-show --format=raw my-openshift router_ip\n```\n\n== Scaling Up or Down\n\nYou can manually scale up or down OpenShift nodes by updating `node_count` heat\nstack parameter to the desired new count:\n\n```\nheat stack-update -P node_count=5 \u003cother parameters\u003e\n```\n\nIf the stack has 2 nodes, 3 new nodes are added. If the stack has 7 nodes, 2\nare removed. Any running pods are evacuated from the node being removed.\n\n== Autoscaling\n\nScaling of OpenShift nodes can be automated by using Ceilometer metrics.\nBy default `cpu_util` metering is used. You can enable autoscaling by `autoscaling`\nheat parameter and tweaking properties of `cpu_alarm_high` and `cpu_alarm_low` in\n`openshift.yaml`.\n\n== Removing or Replacing Specific Nodes\n\nSometimes it's necessary to remove or replace specific nodes from the stack.\nFor example because of a hardware issue. Because OpenShift \"compute\" nodes are\nmembers of heat AutoScalingGroup adding or removing nodes is by default handled\nby a scaling policy and when removing a node the oldest one is\nselected by Heat by default. A specific node can be removed with following\nsteps though:\n\n```bash\n# delete the node\n$ nova delete instance_name\n\n# let heat detect the missing node\n$ heat action-check stack_name\n\n# update the stack with desired new number of nodes (same is before\n# for replacement, decreased by 1 for removal)\n$ heat stack-update \u003cparameters\u003e -P node_count=\u003cdesired_count\u003e\n```\n\n== Known Bugs\n\nHere is the link:README_bugs.adoc[list] of bugs which are not fixed\nand you may hit.\n\n== Customize OpenShift installation ==\n\nThose Heat templates make use of openshift-ansible to deploy OpenShift.\nYou can provide additional parameters to openshift-ansible by specifying\na JSON string as the `extra_openshift_ansible_params` parameter.\nFor example :\n\n```bash\n$ heat stack-create \u003cparameters\u003e -P extra_openshift_ansible_params='{\"osm_use_cockpit\":true}'\n```\n\nThis parameter must be used with caution as it may conflict with other\nparameters passed to openshift-ansible by the Heat templates.\n\n== Current Status\n\n1. The CA certificate used with OpenShift is currently not configurable.\n2. The apps cloud domain is hardcoded for now. We need to make this configurable.\n\n== Prebuild images\n\nA `customize-disk-image` script is provided to preinstall OpenShift packages.\n\n```bash\n./customize-disk-image --disk rhel7.2.qcow2 --sm-credentials user:password\n```\n\nThe modified image must be uploaded into Glance and used as the server image\nfor the heat stack with the `server_image` parameter.\n\n== Copyright\n\nCopyright 2016 Red Hat, Inc.\n\nLicensed under the Apache License, Version 2.0 (the \"License\");\nyou may not use this file except in compliance with the License.\nYou may obtain a copy of the License at\n\nhttp://www.apache.org/licenses/LICENSE-2.0\n\nUnless required by applicable law or agreed to in writing, software\ndistributed under the License is distributed on an \"AS IS\" BASIS,\nWITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\nSee the License for the specific language governing permissions and\nlimitations under the License.\n","funding_links":[],"categories":["Shell"],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fredhat-openstack%2Fopenshift-on-openstack","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fredhat-openstack%2Fopenshift-on-openstack","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fredhat-openstack%2Fopenshift-on-openstack/lists"}