Chapter 27. Revision History: Installation and Configuration

27.1. Wed Mar 07 2018

Affected TopicDescription of Change

Aggregating Container Logs

Added to instructions to scale EFK pods when changes are made in the Post-deployment Configuration section.

27.2. Fri Jul 28 2017

Affected TopicDescription of Change

Redeploying Certificates

Added the Redeploying a New etcd CA section.

27.3. Thu May 25 2017

Affected TopicDescription of Change

Syncing Groups With LDAP

Added Nested Membership Sync Example.

27.4. Tue Apr 25 2017

Affected TopicDescription of Change

Redeploying Certificates

Updated for new set of playbooks and options.

27.5. Thu Apr 13 2017

Affected TopicDescription of Change

Installing a Cluster → Prerequisites

Specified the UDP for port 4789.

Installing → Advanced Installation

In the Known Issues multiple masters discussion, included the docker-common package in the removal process, following a failed setup play.

Configuring for OpenStack

Added openshift_cloudprovider_openstack_domain_id and openshift_cloudprovider_openstack_domain_name to the list of configurable parameters.

27.6. Mon Apr 03 2017

Affected TopicDescription of Change

Redeploying Certificates

Added Registry and Router Certificates section with instructions on redeploying these certificates manually.

27.7. Tue Mar 14 2017

Affected TopicDescription of Change

Installing a Cluster → Prerequisites

Renamed instances of openshift_node_set_node_ip to openshift_set_node_ip, the correct openshift-ansible variable name.

Upgrading a Cluster → Performing Manual In-place Cluster Upgrades

Removed a repetitive step within the Updating the Default Image Streams and Templates section.

27.8. Tue Mar 07 2017

Affected TopicDescription of Change

Installing a Cluster → Advanced Installation

Updated Before You Begin section to raise minimal Ansible version to 2.2.0.

Provided guidance for preconfigured loadbalancers for OpenShift Enterprise with high availability.

Redeploying Certificates

Added the Checking Certificate Expirations section.

27.9. Tue Feb 21 2017

Affected TopicDescription of Change

Installing → Configure or Deploy the Router

Changed the value from true to 1 in "Configure the Router to Use iptables" in the Preventing Connection Failures During Restarts section.

27.10. Wed Feb 01 2017

Affected TopicDescription of Change

Installing → Prerequisites

Added instructions for installing and using the atomic-openshift-excluder and atomic-openshift-docker-excluder scripts during cluster installations and upgrades.

Installing → Quick Installation

Installing → Advanced Installation

Upgrading → Manual Upgrades

Upgrading → Automated Upgrades

27.11. Mon Jan 30 2017

Affected TopicDescription of Change

Installing → Configure or Deploy a Docker Registry

Removed references to the deprecated --api-version flag.

27.12. Wed Jan 25 2017

Affected TopicDescription of Change

Installing a Cluster → Prerequisites

Added information about required ports for Aggregated Logging.

27.13. Mon Jan 16 2017

Affected TopicDescription of Change

Configuring Authentication and User Agent

Clarified the difference between /api and /oapi in the User Agent section.

27.14. Mon Jan 09 2017

Affected TopicDescription of Change

Working with HTTP Proxies

Added clarifying details about HTTP proxies.

27.15. Tue Dec 20 2016

Affected TopicDescription of Change

Working with HTTP Proxies

Removed section on configuring Maven with http proxies.

27.16. Mon Nov 14 2016

Affected TopicDescription of Change

Advance LDAP Configuration → Setting up SSSD for LDAP Failover

Fixed error in Step 3: Apache Configuration section.

27.17. Mon Oct 24 2016

Affected TopicDescription of Change

Installing → Prerequisites

Aded Note box to the Software Prerequisites section about subscription names.

27.18. Mon Oct 17 2016

Affected TopicDescription of Change

Loading the Default Image Streams and Templates

Updated information in the Offerings by Subscription Type section on which images are provided by which subscriptions.

Installing a Cluster → Advanced Installation

Added more information to the openshift_portal_net parameter description in the Configuring Cluster Variables section.

27.19. Tue Oct 11 2016

27.20. Tue Oct 04 2016

Affected TopicDescription of Change

Advanced LDAP Configuration → Setting up SSSD for LDAP Failover

Fixed errors in the Phase 2: Authenticating Proxy Setup section.

Configure or Deploy a Docker Registry

Added troubleshooting guidance on Image Pruning Failures.

Installing → Prerequisites

Added information about disabling dnsmasq.

Installing → Advanced Installation

Added example for a multi-master install with etcd on the same hosts.

Configuring Persistent Storage →Persistent Storage Using Ceph Rados Block Device (RBD)

Updated the persistentVolumeReclaimPolicy setting to retain in the Persistent Volume Object Definition Using Ceph RBD example.

Persistent Storage Examples → Complete Example Using GlusterFS

Updated the GlusterFS persistent storage example to use NGNIX instead of busybox.

Installing → Advanced Installation

Replaced ansible_sudo with ansible_become.

Configuring Persistent Storage → Volume Security

Fixed formatting of the oc get project default -o yaml example output within the SCCs, Defaults, and Allowed Ranges section.

Configuring Persistent Storage → Volume Security

Removed no_root_squash from the NFS example, as it is not a recommended option.

27.21. Tue Sep 13 2016

Affected TopicDescription of Change

Installing → Advanced Installation

Updated the Multiple Masters Using HAProxy Inventory File example with a line about enabling ntp on masters to ensure proper failover as part of HA configuration.

Installing → Configure or Deploy the Router

Updated the F5 deployment instructions to reflect that the F5 router needs to be run in privileged mode.

Master and Node Configuration

Enhanced descriptions of master and node configuration file parameters and created subsections for similar groupings.

Configuring Authentication and User Agent

Renamed the User Agent section to Preventing CLI Version Mismatch With User Agent and added more information.

Aggregate Logging Sizing Guidelines

New topic on aggregate logging sizing guidelines for Elasticsearch, Fluentd, and Kibana (EFK) stack aggregate logs from nodes and applications.

27.22. Tue Sep 06 2016

Affected TopicDescription of Change

Configuring Persistent Storage → Persistent Storage Using GlusterFS

Updated to use the Retain reclaim policy, as the Recycle policy is not currently supported with GlusterFS.

Working with HTTP Proxies

Added more information about the NO_PROXY variable.

Configure or Deploy the Router

Added information about the --selector option and how the quick installation method automatically deploys the router and registry.

Configure or Deploy a Docker Registry

Added information explaining that quick installations automatically handle the initial deployment of the Docker registry and the OpenShift Enterprise router.

27.23. Mon Aug 29 2016

Affected TopicDescription of Change

Installing → Disconnected Install

Fixed the tag references of images to be more generic.

27.24. Tue Aug 23 2016

Affected TopicDescription of Change

Installing → Prerequisites

Clarified in the DNS section that the OpenShift Enterprise 3.2 DNS changes are not automatically applied to existing clusters during an upgrade from OpenShift Enterprise 3.1 to 3.2.

Upgrading → Performing Manual Cluster Upgrades

Added an Important box about meeting prerequisites before upgrade.

Upgrading → Performing Automated Cluster Upgrades

Added an Important box about meeting prerequisites before upgrade.

Configuring Custom Certificates

Added details about configuring custom certificates with Ansible.

Configuring Authentication and User Agent

Added details about configuring authentication with Ansible.

Configuring the SDN

Added details about configuring the SDN with Ansible.

Configuring for AWS

Added details about configuring for AWS with Ansible.

Configuring for OpenStack

Added details about configuring for OpenStack with Ansible.

Working with HTTP Proxies

Added details about configuring HTTP proxies with Ansible.

Configuring Global Build Defaults and Overrides

Added details about configuring global build defaults and overrides with Ansible.

Enabling Cluster Metrics

Added clarifying details to the Providing Your Own Certificates section.

Customizing the Web Console

Added details about configuring the web console with Ansible.

27.25. Thu Aug 18 2016

Affected TopicDescription of Change

Upgrading → Performing Manual Cluster Upgrades

Added manual upgrade steps to get the latest templates from openshift-ansible-roles.

Added references to the .NET Core for RHEL image streams in the Updating the Default Image Streams and Templates section.

27.26. Mon Aug 15 2016

Affected TopicDescription of Change

Aggregating Container Logs

Added information on log locations within Kibana to the Deploying the EFK Stack section.

Enabling Cluster Metrics

Removed the --port option when creating the route in the Using a Re-encrypting Route section, as it caused issues.

27.27. Thu Aug 11 2016

Affected TopicDescription of Change

Installing → Deploying a Docker Registry

Added Google Cloud Storage (GCS) to the list of currently supported storage drivers in the Advanced: Overriding the Registry Configuration section.

Clarified details in CloudFront configuration references.

Upgrading → Performing Manual Cluster Upgrades

Minor updates for OpenShift Enterprise 3.2.1.13 relevance.

27.28. Mon Aug 08 2016

Affected TopicDescription of Change

Adding Hosts to an Existing Cluster

New topic. Moves existing content on adding node hosts from the Quick Installation and Advanced Installation topics and combines with new content on adding master hosts.

Aggregating Container Logs

Added that NFS is a not suitable for Lucene storage, NFS is not supported, and how to use local storage.

Performing Manual Cluster Upgrades

Distinguished between embedded and external etcd in the Preparing for a Manual Upgrade section.

Installing → Deploying a Router

Clarified the need for the cluster-reader permission and added the Using Namespace Router Shards section.

27.29. Thu Aug 04 2016

Affected TopicDescription of Change

Installing → Deploying a Docker Registry

Removed Microsoft Azure from the list of currently supported storage drivers in the Advanced: Overriding the Registry Configuration section.

Configuring Persistent Storage → Persistent Storage Using GlusterFS

Added overviews for the existing dedicated storage cluster method and the new containerized storage cluster method, including a link to the new Deployment Guide for Containerized Red Hat Gluster Storage documentation.

27.30. Mon Aug 01 2016

Affected TopicDescription of Change

Routing from Edge Load Balancers

Added a link connecting F5 router and Routing from Edge Load Balancers topics within the Establishing a Tunnel Using a Ramp Node section.

Installing → Prerequisites

Added directions on changing the default configuration file in the Installing Docker section.

Installing → Deploying a Docker Registry

Added support information for upstream registry configuration.

27.31. Wed Jul 27 2016

Affected TopicDescription of Change

Configuring for OpenStack

Added Important advisories about file creation for cloud configurations in the Configuring Masters and Configuring Nodes sections.

Configuring for GCE

Added Important advisories about file creation for cloud configurations in the Configuring Masters and Configuring Nodes sections.

Configuring for AWS

Added Important advisories about file creation for cloud configurations in the Configuring Masters and Configuring Nodes sections.

Aggregating Container Logs

Added the Performing Elasticsearch Maintenance Operations section.

Installing → Prerequisites

Added TCP/UDP information to the xref:prereq-network-access[Network Access} tables.

Installing → Disconnected Installation

Fixed command in Syncing Repositories section.

Configuring Authentication and User Agent

Added a new section about userAgentMatching.

Performing Automated Cluster Upgrades

Added step about logging in as an administrator.

Aggregating Container Logs

Added guidance on configuring Curator.

Configuring Persistent Storage

Added important box about changing fstype field in a persistent volume configuration in several files.

Install → Prerequisites

Provided more details on OpenShift DNS requirements.

Deploying a Router

Added a Preventing Connection Failures During Restarts section.

27.32. Wed Jul 20 2016

Affected TopicDescription of Change

Upgrading → Performing Automated Cluster Upgrades

Updated the Using the Installer to Upgrade section to note the installer now supports applying asynchronous errata updates as well as minor version upgrades.

Updated the Running the Upgrade Playbook Directly section to detail usage of the new v3_2 upgrade playbook, which supports both upgrading to OpenShift Enterprise 3.2 and applying OpenShift Enterprise 3.2 asynchronous errata updates.

Upgrading → Performing Manual Cluster Upgrades

Update location of nuke_images.sh file.

Minor updates for OpenShift Enterprise 3.2.1.9 relevance.

27.33. Thu Jul 14 2016

Affected TopicDescription of Change

Installing → Prerequisites

Added an Important box to the System Requirements section.

Provided more details on OpenShift DNS requirements.

Corrected sizing information in the Host Recommendations section.

Described which required ports are necessary for master self-communication.

Installing → Advanced Installation

Added the following variables to the Configuring Cluster Variables section:

  • openshift_node_proxy_mode
  • openshift_docker_additional_registries
  • openshift_docker_insecure_registries
  • openshift_docker_blocked_registries

Installing → Deploying a Docker Registry

Replaced the deprecated --credentials option in place of --service-account option.

Upgrading → Performing Automated Cluster Upgrades

Added a Upgrading Cluster Metrics section.

Upgrading → Performing Manual Cluster Upgrades

Added a Upgrading Cluster Metrics section.

Master and Node Configuration

Added proxy-mode parameters.

Configuring Authentication

Corrected wording in the HTPasswd section.

Advanced LDAP Configuration

New set of topics for advanced LDAP configuration:

Aggregating Container Logs

Added a section on sending logs to an external source.

Expanded documentation on scaling up Elasticsearch instances.

Rewording and clarifications.

Enabling Cluster Metrics

Added deployer template parameters.

Added requirement of using re-encrypting route for cluster metrics that use generated self-signed certs.

27.34. Fri Jul 08 2016

Affected TopicDescription of Change

Downgrading OpenShift

Updated topic to be relevant for the OpenShift Enterprise 3.2 to 3.1 downgrade path. (BZ#1348324)

27.35. Tue Jul 05 2016

27.36. Thu Jun 30 2016

Affected TopicDescription of Change

Upgrading → Performing Automated Cluster Upgrades

Updated the Upgrading to OpenShift Enterprise 3.2 Asynchronous Releases section to remove an Important box about containerized hosts and to add a note about the v3_1_to_v3_2 upgrade playbook.

Upgrading → Performing Manual Cluster Upgrades

Updated the topic to include manual upgrade steps for containerized hosts as well as RPM-based hosts.

Updated the Upgrading the EFK Logging Stack section to add a required step for manually importing image tags. (BZ#1338965)

27.37. Tue Jun 27 2016

Affected TopicDescription of Change

Installing → Prerequisites

Updated for Docker 1.10 support.

Upgrading → Performing Automated Cluster Upgrades

Updated for OpenShift Enterprise 3.2.1.1 relevance and to note the automated upgrade playbook for asynchronous errata updates is in development.

Upgrading → Performing Manual Cluster Upgrades

Updated for OpenShift Enterprise 3.2.1.1, including Docker 1.10 support.

Noted that manual upgrade steps are currently only available for RPM-based installations, with steps for containerized installations to come in a documentation update.

27.38. Tue Jun 14 2016

Affected TopicDescription of Change

Aggregating Container Logs

Specified the correct units for ES_INSTANCE_RAM and ES_OPS_INSTANCE_RAM.

Persistent Storage Examples → Mounting Volumes on Privileged Pods

Added Mounting Volumes on Privileged Pods file.

Installing → Deploying a Router

Added an Important box regarding default resource requests for router pods.

Configuring Authentication

Added the clientCommonNames parameter to the Request Header section.

Master and Node Configuration

Updated the setting guidance in Parallel Image Pulls with Docker 1.9+.

Installing → Deploying a Docker Registry

Updated the example of using an existing persistent volume claim (PVC) to a matching configuration for Docker registry PVC.

27.39. Fri Jun 10 2016

Affected TopicDescription of Change

Installing → Prerequisites

Added NetworkManager to the System Requirements section for nodes.

Added NetworkManager as a prerequisite in the Environment Requirements section.

Installing → Advanced Installation

Replaced the openshift_docker_log_options Ansible variable with openshift_docker_options in the Configuring Host Variables section.

Installing → Deploying a Docker Registry

Fixed examples in the Securing the Registry section to use consistent --cert and --key values. Also, clarify the origin of the ca.crt file that must be installed per-node.

Configuring Authentication

Added a note on how to obtain the htpasswd utility.

Customizing the Web Console

Added that each time a user’s token to OpenShift Enterprise expires, the user is presented with a custom page. Also, added use cases for custom login pages.

Installing → Advanced Installation

Updated openshift_router_selector to its new name of openshift_hosted_router_selector.

27.40. Wed Jun 08 2016

Affected TopicDescription of Change

Upgrading → Performing Automated Cluster Upgrades

Updated to declare support for containerized upgrades as of the RHBA-2016:1208 advisory.

Upgrading → Performing Manual Cluster Upgrades

Updated to declare support for containerized upgrades as of the RHBA-2016:1208 advisory.

27.41. Tue Jun 07 2016

Affected TopicDescription of Change

Upgrading

Updated to declare support for containerized upgrades as of the RHBA-2016:1208 advisory.

27.42. Fri Jun 03 2016

Affected TopicDescription of Change

Installing → Prerequisites

Fixed an incomplete command for installing the docker-1.9.1 package in the Installing Docker section.

Installing → Advanced Installation

Updated the location of the scaleup.yml playbook in the Adding Nodes to an Existing Cluster section.

Aggregating Container Logs

Added an Important box on manually importing tags for deployment to the Deploying the EFK Stack section.

27.43. Mon May 30 2016

Affected TopicDescription of Change

Installing → Prerequisites

Added an Important box to the Sizing Recommendations section advising that oversubscribing the physical resources on a node affects resource guarantees the Kubernetes scheduler makes during pod placement.

Added prerequisite information to node host section of System Requirements.

Installing → Advanced Installation

Updated the parameter name docker_log_options to openshift_docker_log_options in the Host Variables table.

Installing → Disconnected Installation

Fixed some outdated image names.

Installing → Deploying a Router

Added sections describing how to create and modify router shards.

Persistent Storage Examples → Backing Docker Registry with GlusterFS Storage

New topic about how to attach a GlusterFS persistent volume to the Docker Registry.

Working with HTTP Proxies

Updated the example in the Configuring Default Templates for Proxies section to use https for GitHub access.

Routing from Edge Load Balancers

Fixed error in the OpenShift SDN cluster network setup steps for the ramp node.

Aggregating Container Logs

Updated with guidance to use oc new-app instead of oc process | oc create for logging.

Enabling Cluster Metrics

Simplified the Using a Re-encrypting Route section.

27.44. Wed May 18 2016

Affected TopicDescription of Change

Upgrading → Performing Manual Cluster Upgrades

Corrected a step in the Upgrading the EFK Logging Stack section to use oc apply.

27.45. Mon May 16 2016

Affected TopicDescription of Change

Installing → Advanced Installation

Added a Configuring Global Proxy Options section.

27.46. Thu May 12 2016

OpenShift Enterprise 3.2 initial release.

Affected TopicDescription of Change

Installing → Prerequisites

Added prerequisite information for CPU and GB size requirements to System Requirements, and Important boxes recommending the node and pod limits.

Removed support for the Pacemaker HA method.

Installing → Advanced Installation

Updated the osm_default_subdomain variable name to the new openshift_master_default_subdomain name.

Added openshift_rolling_restart_mode to the Configuring Cluster Variables section for controlling the behavior for rolling master restarts.

Removed support for the Pacemaker HA method.

Installing → Deploying a Docker Registry

Added the Registry Compute Resources section.

Updated the Known Issues section to note the error caused when a pulled image is pushed to an image stream different from the one it is being pulled from.

Used oc logs directly on deployment configurations in examples, instead of on individual pods.

Added a Whitelisting Docker Registries section.

Added a step to the Securing the Registry procedure for updating the schema for the readiness probe.

Installing → Deploying a Router

Added a Customizing the Router Service Ports section.

Added a Forcing Route Host Names to a Custom Routing Subdomain section.

Updated the Customizing the Default Routing Subdomain section for setting environment variables in the deployment configuration.

Updated an example in the Using Secured Routes section to use oc create route.

Installing → Deploying a Docker Registry

Updated to use oc create serviceaccount commands and service account user names in add-scc-to-user commands.

Installing → Deploying a Router

Routing from Edge Load Balancers

Upgrading → Manual Upgrades

Added the Upgrading the EFK Logging Stack section.

Downgrading OpenShift

Added a Note box clarifying that the topic currently only supports the OpenShift Enterprise 3.1 to 3.0 downgrade path, and that the topic will be updated in the future for 3.2 to 3.1.

Master and Node Configuration

Added information about alternate bindPassword/clientSecret methods.

Added information about parallel pulls with Docker 1.9+.

Updated the Node Configuration Files section to reflect that perFSGroup should be set to null.

Updated the Master Configuration Files section to include the alwaysShowProviderSelection.

Configuring Authentication

Added GitHub organization configuration information.

Added extended attributes to the Request Header section.

Added a GitLab section for the new GitLab identity provider.

Updated the Identity Providers section to mention that the identity provider selection page can be customized.

Sharing an NFS Persistent Volume (PV) Across Two Pods

New topic on how a user wanting to leverage shared storage for use by two separate containers would configure the solution.

Persistent Storage Examples

New topic on setting up and configuring common storage use cases.

Syncing Groups With LDAP

Added information about alternate bindPassword/clientSecret methods.

Customizing the Web Console

Added the Customizing the OAuth Error Page section.

Working with HTTP Proxies

Updated to indicate that NO_PROXY now supports CIDRs as well.

Routing from Edge Load Balancers

Updated to match the new OpenShift SDN cluster network (10.128.0.0/16) and add OpenFlow rules to get the ramp node working.

Configuring Global Build Defaults and Overrides

New topic convering the new BuildDefaults and BuildOverrides admission control plug-ins.

Configuring Persistent Storage → Persistent Storage Using GCE Persistent Disk

Linked to Volume Owner Information.

Configuring Persistent Storage → Persistent Storage Using OpenStack Cinder

Configuring Persistent Storage → Persistent Storage Using AWS Elastic Block Store

Configuring Persistent Storage → Dynamic Provisioning

Documented Volume Owner Information.

Customizing the Web Console

In the Adding or Changing Links to Download the CLI section, added information about downloading the CLI from the About page.

Updated web console extension examples.

Added instructions on customizing the login provider selection page to the Customizing the Login Page section.

Syncing Groups With LDAP

Added a RFC 2307 with User-Defined Error Tolerances section.

Added the pageSize parameter to examples, for setting LDAP search paging sizes.