Chapter 3. Install OpenShift Enterprise 3

To install OpenShift Enterprise, you will need:

  • At least two physical or virtual RHEL 7+ machines, with fully qualified domain names (either real world or within a network) and password-less ssh access to each other. This guide, uses and These machines must be able to ping each other using these domain names.
  • A valid Red Hat subscription.
  • Wildcard DNS resolution that resolves your domain to the IP of the node. So, an entry like the following in your DNS server: 300 IN  A <IP of the master> 300 IN A <IP of the node>
* 300 IN  A <IP of the node>
Why the apps in your domain name for the wildcard entry?

When using OpenShift to deploy applications, an internal router needs to proxy incoming requests to the corresponding application pod. By using apps as part of the application domains, the application traffic is accurately marked to the right pod.

You can use anything other than apps. For example,

* 300 IN  A <IP of the node>

will work just as well.

Once you have acquired these items, use these steps to set up a two-machine OpenShift Enterprise install.

3.1. Attach OpenShift Subscription

  1. On the target machines (both master and node), as root, use subscription-manager to register the systems with Red Hat:

    $ subscription-manager register
  2. List the available subscriptions:

    $ subscription-manager list --available
  3. Find the pool ID that provides OpenShift Subscription and attach it:

    $ subscription-manager attach --pool=<pool_id>
  4. Replace the string <pool_id> with the pool ID of the pool that provides OSE 3. The pool ID is a long alphanumeric string.

These RHEL systems are now authorized to install OpenShift. Now you need to tell the systems where to get OpenShift from.

3.2. Set Up Repositories

On both master and node, use subscription-manager to enable the repositories that are necessary in order to install OpenShift (you may have already enabled the first two repositories in this example):

$ subscription-manager repos --enable="rhel-7-server-rpms" --enable="rhel-7-server-extras-rpms" --enable="rhel-7-server-ose-3.2-rpms"

Instead of rhel-7-server-ose-3.2-rpms, use rhel-7-server-ose-3.3-rpms for OpenShift Container Platform 3.3 and rhel-7-server-ose-3.4-rpms for OpenShift Container Platform 3.4

This command tells your RHEL system that the tools required to install OpenShift will be available from these repositories. Now we need the OpenShift installer that is based on Ansible.

3.3. Install the OpenShift Enterprise Package

The installer for OpenShift Enterprise is provided by the atomic-openshift-utils package. Install it using yum on both the master and the node, after running yum update:

$ yum update
$ yum install atomic-openshift-utils

3.4. Run the Installer

Before running the installer on the master, set up password-less ssh access as this is required by the installer to gain access to the machines. On the master:

$ ssh-keygen

Follow the prompts and just hit enter when asked for passphrase. Once done:

for host in; do ssh-copy-id -i ~/.ssh/ $host; done

Then, run the installer on the master:

$ atomic-openshift-installer install

This is an interactive install process that guides you through the various steps. In most cases, you want the default options. When it starts, select the option for OpenShift Enterprise 3.2 (or OpenShift Container Platform 3.3/3.4). Also, you are installing one master and one node and the domain name is the FQDN as mentioned at the start of this section ( and


At the step where the installer asks you for the FQDN for the routes, you must use (or as discussed earlier) and NOT If you make an error, you can edit the /etc/origin/master/master-config.yaml at the end of the install process and make this change yourself by looking for the subdomain entry.

This install process takes about 5-10 minutes.

3.5. Start OpenShift

After a successful install, use the following command to start OpenShift:

systemctl start atomic-openshift-master

Run the following command to verify that OpenShift Enterprise was installed and started successfully. You will get a listing of the master and node, in the Ready status.

oc get nodes

Once installed and started, before you add a new project, you need to set up basic authentication, user access, and routes.