Install the latest OpenShift V3 on CentOS 7.x

Prerequisites: CentOS 7.x minimal install (tested on 7.2)

Updated 2016/06/05: to docker 1.11.x & OPENSHIFT_VERSION=v1.2.0

Mode: Single node setup, all manual.

Step 1: Install docker and tweak INSECURE_REGISTRY for smoother operation on “integrated docker registry”.

Fix DNS (as needed)

tee -a /etc/hosts << '__EOF__' osv3-single

cat > /etc/yum.repos.d/docker.repo << '__EOF__'
name=Docker Repository
yum -y install docker-engine wget git

Tweak for systemd way of setting INSECURE_REGISTRY


mkdir -p /etc/systemd/system/docker.service.d 
cat > /etc/systemd/system/docker.service.d/override.conf << '__EOF__'
ExecStart=/usr/bin/docker daemon --storage-driver=overlay --insecure-registry -H fd://
systemctl daemon-reload
systemctl enable docker
systemctl restart docker

Step 2: Get the binaries

mkdir /opt/openshift-origin-v1.2
chmod 755 /opt /opt/openshift-origin-v1.2
cd /opt/openshift-origin-v1.2
tar -zxvf openshift-origin-server-*.tar.gz --strip-components 1
rm -f openshift-origin-server-*.tar.gz

Step 3: Set and load the environments

cat > /etc/profile.d/ << '__EOF__'
export OPENSHIFT=/opt/openshift-origin-v1.2
export KUBECONFIG=$OPENSHIFT/openshift.local.config/master/admin.kubeconfig
export CURL_CA_BUNDLE=$OPENSHIFT/openshift.local.config/master/ca.crt
chmod 755 /etc/profile.d/
. /etc/profile.d/
# optional: pre-fetch required docker images
docker pull openshift/origin-pod:$OPENSHIFT_VERSION
docker pull openshift/origin-sti-builder:$OPENSHIFT_VERSION
docker pull openshift/origin-docker-builder:$OPENSHIFT_VERSION
docker pull openshift/origin-deployer:$OPENSHIFT_VERSION
docker pull openshift/origin-docker-registry:$OPENSHIFT_VERSION
docker pull openshift/origin-haproxy-router:$OPENSHIFT_VERSION

Step 4a: Generate OpenShift V3 configuration files

./openshift start --write-config=openshift.local.config
chmod +r $OPENSHIFT/openshift.local.config/master/admin.kubeconfig
chmod +r $OPENSHIFT/openshift.local.config/master/openshift-registry.kubeconfig
chmod +r $OPENSHIFT/openshift.local.config/master/openshift-router.kubeconfig

Optional: change the default router subdomain in master-config.yaml

sed -i 's/router.default.svc.cluster.local/' \

Step 4b: Add firewall rules

firewall-cmd --permanent --zone=public --add-port=80/tcp
firewall-cmd --permanent --zone=public --add-port=443/tcp
firewall-cmd --permanent --zone=public --add-port=8443/tcp
firewall-cmd --reload

Step 4c: Launch OpenShift V3

nohup ./openshift start &

Or install as serviced daemon and then launch.

cat > /etc/systemd/system/openshift-origin.service << '__EOF__'
Description=Origin Master Service
ExecStart=/opt/openshift-origin-v1.2/openshift start
systemctl daemon-reload
systemctl enable openshift-origin
systemctl start openshift-origin

Basic product installation is completed. Congratulations!

[root@osv3-single openshift-origin-v1.1]# oc login -u system:admin -n default
You have access to the following projects and can switch between them with 'oc project <projectname>':
  * default (current)
  * openshift
  * openshift-infra
Using project "default".

Step 5a: Create an admin account

# to create an admin user for management
oadm policy add-cluster-role-to-user cluster-admin admin

Step 5b: Install the integrated registry (new version has simplified the process)

mkdir /opt/openshift-registry
chcon -Rt svirt_sandbox_file_t /opt/openshift-registry
chown 1001.root /opt/openshift-registry
oadm policy add-scc-to-user privileged -z registry 
oadm registry --service-account=registry --mount-host=/opt/openshift-registry
[root@osv3-single openshift-origin-v1.2]# oc get svc docker-registry
docker-registry   <none>        5000/TCP   10m

Step 5c: Install the router

oadm policy add-scc-to-user hostnetwork -z router
oadm router router --replicas=1 --service-account=router


[root@osv3-single openshift-origin-v1.2]# oc status
In project default on server
svc/docker-registry -
  dc/docker-registry deploys
    deployment #1 deployed 9 minutes ago - 1 pod
svc/kubernetes - ports 443, 53, 53
svc/router - ports 80, 443, 1936
  dc/router deploys
    deployment #1 deployed 2 minutes ago - 1 pod
View details with 'oc describe <resource>/<name>' or list everything with 'oc get all'.

Step 6: Install the default image-streams (after registry is deployed and live)

cd ~
git clone
cd openshift-ansible/roles/openshift_examples/files/examples/latest/
for f in image-streams/image-streams-centos7.json; do cat $f | oc create -n openshift -f -; done
for f in db-templates/*.json; do cat $f | oc create -n openshift -f -; done
for f in quickstart-templates/*.json; do cat $f | oc create -n openshift -f -; done



21 thoughts on “Install the latest OpenShift V3 on CentOS 7.x”

    1. Adding node is not possible in this setup (mainly due to SDN and storage related complications). I’m working on the multi-node setup and will cover in other post.

  1. Thank you! A prefect and actually working quick start to get a sandbox environment up fast and easy.

  2. Great turtorial, but it wouldn’t work for me. I have to use a proxy server in my environment; origin says it should be written in the /etc/sysconfig/origin-master file – but following your tutorial this file wouldn’t exist

  3. Hi,

    I’m seeing an issue with the router configuration. When I run oc status -v I see the following:

    [root@kojak ~]# oc status -v
    In project default on server (svc/docker-registry)
    dc/docker-registry deploys
    deployment #1 deployed 45 minutes ago – 1 pod (svc/fabric8)
    rc/fabric8 runs fabric8/fabric8-console:2.2.130
    rc/fabric8 created 45 minutes ago – 1 pod

    svc/kubernetes – ports 443, 53, 53 (svc/router)
    dc/router deploys
    deployment #1 deployed 45 minutes ago – 1 pod

    * route/router doesn’t have a port specified and is routing traffic to svc/router which uses multiple ports.

    View details with ‘oc describe /’ or list everything with ‘oc get all’.

    Any help would be appreciated.

  4. This was a great resource as I setup my first OpenShift environment. One thing I ran into is the hosts file and the order for when the certs get generated. My only recommendation is to do the /etc/hosts configuration as step 1.

  5. Great job!
    Default any user can login openshift console, can you provide a comment on how to setup security ? thanks!

  6. Great Tutorial! Thanks a lot! My setup is the following:
    Private IP:
    Public IP:
    What do I have to change, to make the console available under and the applications under *

  7. Can you also explain in your tutorial how you can configure persistant volumes in OpenShift with CentOS 7.x?

  8. if i use the serviced daemon and then launch openshift, the master-config.yml and node-config.yml are not loaded and openshift starts with some default settings. how can i configure the daemon to load these config files? for the start without the daemon i use ./openshift start –master-config=’/opt/openshift-origin-v1.2/openshift.local.config/master/master-config.yaml’ –node-config=’/opt/openshift-origin-v1.2/openshift.local.config/node-jordi-vm.speicherbox.local/node-config.yaml’

  9. I’m having the same problem. Using the serviced script with an entry to a config file in /etc/sysconfig following the contrib example is not honored. As the yaml is not read entries in the file to use http authentication are also not honored.

  10. Thanks for the tutorial.
    I am getting below error when I do

    oc status -v

    before following this article I used open shift origin quick install docker and i was able to do oc with certificate warring.

    Unable to connect to the server: x509: certificate signed by unknown authority

    Could you please help!

  11. Just want to say thanks for such a new clean writeup.

    I’m wondering if there is a possibility to just use the ansible scripts to get this installed (atomic-openshift-ansible packages). I’ve done it on RHEL systems but would like to have some testing ground having the same type of deployment.
    In that case you set the appropriate vars in /etc/ansible/hosts and you can quickly deploy a multinode cluster.

Leave a Reply

Your email address will not be published. Required fields are marked *