Practical Guide to Offline Installation of an OpenShift 4 Enterprise HA Cluster with Troubleshooting

The article revisits the "OpenShift 4 Enterprise HA Cluster (Offline) Installation Practice & Troubleshooting" guide, removing mobile‑unfriendly details and highlighting undocumented or subtle points for reference.

Key validation results include successful bare‑metal deployment on non‑tested platforms (VMware ESXi 6.7.0), a static‑IP installation method that eliminates the need for DHCP, and a test‑environment approach that works without a load balancer (not recommended for production).

Pre‑installation – The required services (DHCP, LB, DNS, HTTP server, mirror registry) are normally hosted on a bastion host; the authors demonstrate that DHCP and LB can be omitted for small clusters, while a mirror registry should already exist in an enterprise environment.

Bastion host – Serves to host dependent services, sync external images, generate Ignition files, and act as a jump host for OpenShift nodes.

HTTP Server – Public HTTP servers store reusable installation files, while Ignition files (containing sensitive data) must be kept on a private server.

DHCP / Static IP – Without DHCP, static IPs are supplied via two methods; the article adopts the second method (boot parameters) and corrects a formatting error in the original blog. Example boot parameter syntax: ip=<WORKER_NODE_IP>:<GATEWAY_IP>:<NETMASK>:<HOSTNAMEFQDN>:<INTERFACE_NAME>:none nameserver=<DNS_IP>

Load Balancer omission – DNS is used to point api to the bootstrap node then to master01 , and *.apps to worker01 , which works for experiments but sacrifices HA.

DNS – Configuration follows the OpenShift 4.1 Bare Metal Install Quickstart; when LB is omitted, the reverse api record must be removed.

Mirror registry – In restricted networks the internal mirror should already exist; the installer expects specific images (e.g., quay.io/openshift-release-dev/ocp-v4.0-art-dev ) that are generated by oc adm release mirror . Verification commands: podman login registry.example.com:5000 podman image pull registry.example.com:5000/ocp4/openshift4:etcd

Installation – During Ignition config creation, the author notes the need to delete hidden state files ( .openshift_install_state.json ) and warns against misinterpreting the CIDR in install-config.yaml . Bootstrap machine setup requires manual entry of the long boot parameters; errors can be diagnosed with hostname -I && ip route show && cat /etc/resolv.conf and port checks ( netstat -ltnp | grep 22623 ).

Master machines – After bootstrap, verify port 2379 is listening on each master ( netstat -ltnp | grep 2379 ) before adding workers.

Cluster creation – Once bootstrap and masters are healthy, the API endpoint is switched (via LB or DNS) and workers are added.

Post‑installation – Covers OAuth IDP switching, registry configuration, and considerations for day‑2 operations such as persistent HTTP servers, mirror registry reliability, DHCP to static IP migration, DNS integration, and backup of bastion keys and Ignition files.

Troubleshooting – Highlights major issues: "Error pulling image" (often due to mirror registry bugs or incorrect imageContentSources ), "etcd is unhealthy" (port or network problems), and "no matches for kind MachineConfig" (incorrect CIDR/hostPrefix causing IP exhaustion). Sample log snippets are included to illustrate each problem.