OpenShift Disconnected Workshop

Welcome to the OpenShift Disconnected Workshop!

🪩 💃 It’s DISCO time! 🕺 🪩

In this workshop you will: learn about, prepare for, install and operate an OpenShift 4 cluster in a disconnected network. This is also known as installing OpenShift in a restricted network or an air gap network.

The workshop environment (illustrated below) gives you access to several systems in different networks.

The instructions and environments were created using OpenShift version 4.14.19.

The term disconnected network can mean different things to different people.

This workshop describes one particular way of performing a disconnected installation. Another way would be to setup, secure, and use a proxy server. You could also install OpenShift with a temporary connection to the installation resources and remove the access later.

Who uses disconnected networks?

Before we begin let’s consider a few use-cases for disconnected networks:

  • Military & Law Enforcement: Often need secure environments to handle sensitive data

  • Research Organizations: Want to protect their data & provide data governance

  • Industrial / Utilities: Use SCADA networks to protect their supervisory and control machinery

Understanding our lab environment

The diagram below illustrates the various systems, networks and connections your workshop environment provides. The diagram will be simplifed and explained in more detail later. The workshop instructions will help you prepare the jump system to download the installation content, setup the highside system to serve the content, and create the disco.lab OpenShift cluster — which doesn’t exist yet.

The salsa network and its systems were built automatically when the workshop environment was created. You can log into the salsa systems to compare your systems with functional disconnected systems.

disco diagram

Lab Access and Documentation notes

The terminal to your right is already logged in to the jump system’s SSH Terminal.
The right-hand side of this browser can also show the jump system’s graphical desktop by clicking on the Desktop button.

The lab instructions should be run as the user named {bastion_ssh_user_name}.

Commands that should be run on the jump system will appear in this color.

echo 'Run this command on the "jump" system'
echo 'The jump system is also known as the "lowside" system'

Commands that should be run on the highside system will appear in this color.

echo 'Run this command on the "highside" system'

Use the Copy button in the corner of the command boxes to your advantage!

Press Ctrl + Shift + V to paste.
Using Ctrl + Insert (copy) and Shift + Insert (paste) also works.

The workshop instructions intentionally avoid asking you to use vi, nano, or emacs to edit text files. The authors of the workshop want you to focus on the material instead of the strange incantations required to save and quit out of vi, nano or emacs.

Alternate connection methods

If you prefer to use your own terminal, you can log into the jump system using SSH like this:

# Your unique SSH password is {bastion_ssh_password}
{bastion_ssh_command}

If you prefer to use your own VNC viewer, you can connect to the jump system’s graphical desktop like this:

# Your unique VNC password is {bastion_ssh_password}
vncviewer {JumpInstancePublicIp}