OpenShift on RHV Automated, Secure and Transparent

Red Hat Virtualization and the OpenShift Container Platform go far back. Both products are very well integrated and share security features like svirt and cgroups which are a core security component of Red Hat Enterprise Linux. Svirt allows you to run your virtual instances as well as containers in full tenant isolation mode whereas cgroups makes sure your resource are isolated properly. Another very useful integration of Red Hat Virtualization  and the OpenShift Container Platform is the ability to view containers from within the Red Hat Virtualization Manager. This features comes very handy if you want to understand on what nodes your containers are running.

In the past 2 years we have been working hard on building ansible modules for RHV which enable automated builds of the RHV core infrastructure like the Red Hat Virtualization Manager, the Datacenter, Clusters, Hosts, Storage and networks as well as the virtual resources on top of Red Hat Virtualization.

This blog post will walk you through how you can make use of ansible to install the OpenShift Container Platform fully automated on Red Hat Virtualization with a single push of a button.

For the ansible playbooks to work in your environment you will need clone the following github repository:

https://github.com/ldomb/OpenShiftOnRHV

and meet the following pre requirements:

  • A RHEL 7.4 golden image with DHCP enabled
  • A working DHCP server in your environment
  • A DNS server with pre populated DNS names
  • The openshift-ansible roles / playbooks
  • RHV 4.1 or 4.2
  • DNS entries for the haproxy load balancer as well as infrastructure nodes once build

Once you have fulfilled the above requirements you can go ahead and configure the variables in the directory group_vars/all/vars as well as group_vars/all/vault.

The following variables will need to be adjusted:

  • key:
  • db_size
  • db_vol_name
  • template_name
  • datastore
  • cluster
  • rhvm_addr: “{{ vault_rhvm_addr }}”
  • rhv_user: “{{ vault_rhv_user }}”
  • rhv_pass: “{{ vault_rhv_pass }}”
  • network_name: ovirtmgmt
  • rhn_user: “{{ vault_rhn_user }}”
  • rhn_pass: “{{ vault_rhn_pass }}”
  • rhn_pool: 8a85f98660c55a380160c2fa572d302b
  • openshift_master_default_subdomain: apps.local.redhat-demo.com

The architecture for the production grade installation of OpenShift on RHV will look as follows:

To build the OpenShift Container Platform on RHV based on the above architecture you won’t need to adjust the master playbook ocp-deploy-rhv.yml as all the variables are already set.

The installation of the OpenShift Container Platform on RHV can now be launched. The following recording shows the entire process of the installation.  

Once the installation is done you will not only be able to login and build containers on the OpenShift Container Platform but also view the containers in the RHVM portal.