Recommended Installation Practices

Pre-installing Dependencies

A node host will access the network to install any RPMs dependencies, such as atomic-openshift-*, iptables, and CRI-O or Docker. Pre-installing these dependencies, creates a more efficient install, because the RPMs are only accessed when necessary, instead of a number of times per host during the install.

This is also useful for machines that cannot access the registry for security purposes.

Ansible Install Optimization

The OKD install method uses Ansible. Ansible is useful for running parallel operations, meaning a fast and efficient installation. However, these can be improved upon with additional tuning options. See the Configuring Ansible section for a list of available Ansible configuration options.

Parallel behavior can overwhelm a content source, such as your image registry or Red Hat Satellite server. Preparing your server’s infrastructure pods and operating system patches can help prevent this issue.

Run the installer from the lowest-possible latency control node (LAN speeds). Running over a wide area network (WAN) is not advised, neither is running the installation over a lossy network connection.

Ansible provides its own guidance for performance and scaling, including using RHEL 6.6 or later to ensure the version of OpenSSH supports ControlPersist, and running the installer from the same LAN as the cluster, but not running it from a machine in the cluster.

The following is an example Ansible configuration for large cluster installation and administration that incorporates the recommendations documented by Ansible:

  1. # cat /etc/ansible/ansible.cfg
  2. # config file for ansible -- http://ansible.com/
  3. # ==============================================
  4. [defaults]
  5. forks = 20 (1)
  6. host_key_checking = False
  7. remote_user = root
  8. roles_path = roles/
  9. gathering = smart
  10. fact_caching = jsonfile
  11. fact_caching_connection = $HOME/ansible/facts
  12. fact_caching_timeout = 600
  13. log_path = $HOME/ansible.log
  14. nocows = 1
  15. callback_whitelist = profile_tasks
  16. [privilege_escalation]
  17. become = False
  18. [ssh_connection]
  19. ssh_args = -o ControlMaster=auto -o ControlPersist=600s -o ServerAliveInterval=60
  20. control_path = %(directory)s/%%h-%%r
  21. pipelining = True (2)
  22. timeout = 10
120 forks is ideal, because larger forks can lead to installations failing.
2Pipelining reduces the number of connections between control and target nodes, helping to improve installer performance.

Networking Considerations

Network subnets can be changed post-install, but with difficulty. It is much easier to consider the network subnet size prior to installation, because underestimating the size can create problems with growing clusters.

See the Network Optimization topic for recommended network subnetting practices.