OpenShift Installation and Configuration Management
Branch: master
Clone or download
AOS Automation Release Team
AOS Automation Release Team Automatic commit of package [openshift-ansible] release [4.0.0-0.178.0].
Created by command:

/usr/bin/tito tag --debug --accept-auto-changelog --keep-version --debug
Latest commit 92dcb32 Feb 19, 2019
Type Name Latest commit message Commit time
Failed to load latest commit information.
.github Simplify PR template and add text to Nov 8, 2018
.tito Automatic commit of package [openshift-ansible] release [4.0.0-0.178.0]. Feb 19, 2019
docs Refactor with_items usage with Ansible package module Aug 31, 2018
examples Remove duplicate words Sep 18, 2018
hack Add CI scripts in hack/ Oct 1, 2018
images/installer Use ansible 2.7.4 Dec 13, 2018
inventory Revert "Devel 4.0: CI test" Dec 12, 2018
meta Adding meta/main.yml to allow for Galaxy use of this repo Oct 4, 2017
playbooks Add additional gluster SMEs to approvers, update ansible reviewers Jan 28, 2019
roles Add additional gluster SMEs to approvers, update ansible reviewers Jan 28, 2019
test Revert "Devel 4.0: CI test" Dec 12, 2018
.coveragerc Lowering test coverage percentage. Mar 8, 2017
.dockerignore Rework test CI Aug 31, 2018
.flake8 Fix flake8 errors in utils/test Jan 4, 2018
.gitignore Add the DNS updates and rename the openstack vars Nov 7, 2017
.papr-master-ha.inventory PAPR: set docker log driver to journald so that journal artifacts con… Jun 17, 2018
.papr.all-in-one.inventory PAPR: set docker log driver to journald so that journal artifacts con… Jun 17, 2018
.papr.inventory PAPR: set docker log driver to journald so that journal artifacts con… Jun 17, 2018 PAPR: install new requirements during upgrade Jul 11, 2018
.papr.yml Disable papr on pull requests Jul 24, 2018
.pylintrc Fix ansible version checking Oct 25, 2018
.release Branch for v3.11 Jun 15, 2018
.travis.yml Output useful logs in CI on failure Apr 17, 2018
.yamllint More toxification Jan 10, 2017 image builds: remove dependency on playbook2image Jul 18, 2017 Add a bare minimum localhost hosts file Jan 30, 2018 Remove alternative oreg vars and update logic Jul 18, 2018 Documents new node upgrade hooks. Apr 3, 2018
LICENSE move LICENSE to /usr/share/licenses/openshift-ansible-VERSION/ Sep 20, 2016
OWNERS Add new team members to OWNERS file. Jan 15, 2019 Simplify PR template and add text to Nov 8, 2018 Update documentation links, -> Aug 13, 2018
ansible.cfg Set log-path = ~/openshift-ansible.log Jul 18, 2018 Configure pytest to run tests and coverage Feb 20, 2017
openshift-ansible.spec Automatic commit of package [openshift-ansible] release [4.0.0-0.178.0]. Feb 19, 2019
pytest.ini Add unit tests for existing health checks Mar 17, 2017
requirements.txt Revert "Devel 4.0: CI test" Dec 12, 2018
setup.cfg Remove atomic-openshift-utils Apr 6, 2018 Update the naming of openshift on rhv to ovirt Aug 27, 2018
test-requirements.txt Fixes #8267 Sep 28, 2018
tox.ini Remove utils unit tests Apr 6, 2018

Join the chat at Build Status Coverage Status


Master branch is closed! A major refactor is ongoing in devel-40. Changes for 3.x should be made directly to the latest release branch they're relevant to and backported from there.

OpenShift Ansible

This repository contains Ansible roles and playbooks to install, upgrade, and manage OpenShift clusters.

Note: the Ansible playbooks in this repository require an RPM package that provides docker. Currently, the RPMs from do not provide this requirement, though they may in the future. This limitation is being tracked by #2720.

Getting the correct version

When choosing an openshift release, ensure that the necessary origin packages are available in your distribution's repository. By default, openshift-ansible will not configure extra repositories for testing or staging packages for end users.

We recommend using a release branch. We maintain stable branches corresponding to upstream Origin releases, e.g.: we guarantee an openshift-ansible 3.2 release will fully support an origin 1.2 release.

The most recent branch will often receive minor feature backports and fixes. Older branches will receive only critical fixes.

In addition to the release branches, the master branch master branch tracks our current work in development and should be compatible with the Origin master branch (code in development).

Getting the right openshift-ansible release

Follow this release pattern and you can't go wrong:

Origin/OCP OpenShift-Ansible version openshift-ansible branch
1.3 / 3.3 3.3 release-1.3
1.4 / 3.4 3.4 release-1.4
1.5 / 3.5 3.5 release-1.5
3.X 3.X release-3.x

If you're running from the openshift-ansible master branch we can only guarantee compatibility with the newest origin releases in development. Use a branch corresponding to your origin version if you are not running a stable release.


Install base dependencies:


  • Ansible >= 2.6.5, Ansible 2.7 is not yet supported and known to fail
  • Jinja >= 2.7
  • pyOpenSSL
  • python-lxml


dnf install -y ansible pyOpenSSL python-cryptography python-lxml

Additional requirements:


  • java-1.8.0-openjdk-headless
  • patch


  • httpd-tools

Simple all-in-one localhost Installation

This assumes that you've installed the base dependencies and you're running on Fedora or RHEL

git clone
cd openshift-ansible
sudo ansible-playbook -i inventory/hosts.localhost playbooks/prerequisites.yml
sudo ansible-playbook -i inventory/hosts.localhost playbooks/deploy_cluster.yml

Node Group Definition and Mapping

In 3.10 and newer all members of the [nodes] inventory group must be assigned an openshift_node_group_name. This value is used to select the configmap that configures each node. By default there are three configmaps created; one for each node group defined in openshift_node_groups and they're named node-config-master node-config-infra node-config-compute. It's important to note that the configmap is also the authoritative definition of node labels, the old openshift_node_labels value is effectively ignored.

There are also two configmaps that label nodes into multiple roles, these are not recommended for production clusters, however they're named node-config-all-in-one and node-config-master-infra if you'd like to use them to deploy non production clusters.

The default set of node groups is defined in [roles/openshift_facts/defaults/main.yml] like so

  - name: node-config-master
      - ''
    edits: []
  - name: node-config-infra
      - ''
    edits: []
  - name: node-config-compute
      - ''
    edits: []
  - name: node-config-master-infra
      - ','
    edits: []
  - name: node-config-all-in-one
      - ',,'
    edits: []

When configuring this in the INI based inventory this must be translated into a Python dictionary. Here's an example of a group named node-config-all-in-one which is suitable for an All-In-One installation with kubeletArguments.pods-per-core set to 20

openshift_node_groups=[{'name': 'node-config-all-in-one', 'labels': ['', '', ''], 'edits': [{ 'key': 'kubeletArguments.pods-per-core','value': ['20']}]}]

For upgrades, the upgrade process will block until you have the required configmaps in the openshift-node namespace. Please define openshift_node_groups as explained above or accept the defaults and run the playbooks/openshift-master/openshift_node_group.yml playbook to have them created for you automatically.

Complete Production Installation Documentation:

Containerized OpenShift Ansible

See for information on how to package openshift-ansible as a container image.

Installer Hooks

See the hooks documentation.


See the contribution guide.

Building openshift-ansible RPMs and container images

See the build instructions.