The Ansible hosts file defines the nodes in the OpenShift cluster.


  1. Clone the NCP GitHub repository at The hosts file is in the openshift-ansible-nsx directory.
  2. In the [masters] and [nodes] sections, specify the host names and IP addresses of the OpenShift VMs. For example,
        admin.rhel.osmaster ansible_ssh_host=
        admin.rhel.osmaster ansible_ssh_host=
        admin.rhel.osmaster ansible_ssh_host= openshift_ip= openshift_schedulable=true openshift_hostname=admin.rhel.osmaster
        admin.rhel.osnode ansible_ssh_host= openshift_ip= openshift_hostname=admin.rhel.osnode

    Note that openshift_ip identifies the cluster internal IP and needs to be set if the interface to be used is not the default one. The single_master variable is used by ncp-related roles from a master node to perform certain tasks only once, e.g. NSX-T management plane resource configuration.

  3. Set up SSH access so that all the nodes can be accessed without password from the node where the Ansible role is run (typically it is the master node):
        ssh-copy-id -i ~/.ssh/ root@admin.rhel.osnode
  4. Update the [OSEv3:vars] section. Details about all the parameters can be found in the OpenShift Container Platform Documentation for the Advanced Installation ( For example,
        # Set the default route fqdn
        # If ansible_ssh_user is not root, ansible_become must be set to true
        # uncomment the following to enable htpasswd authentication; defaults to DenyAllPasswordIdentityProvider
        openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', 'challenge': 'true', 'kind': 'HTPasswdPasswordIdentityProvider', 'filename': '/etc/origin/master/htpasswd'}]
          This is the default subdomain used in the OpenShift routes for External LB
          Set to 'cni' for the NSX Integration
          Set to false to disable the built-in OpenShift SDN solution
          Set to false to disable creation of router during installation. The router has to be manually started after NCP and nsx-node-agent are running.
          Set to false to disable creation of registry during installation. The registry has to be manually started after NCP and nsx-node-agent are running.
          Set to origin or openshift-enterprise for the open source or Enterprise version
          of OpenShift respectively
          This file is holding the htpasswd password file. You will need to fix the
          path to it for the deployment to work, so exchange <enter_full_path_here>
          with your 'real path'. You need to install htpasswd and create password
          file with it.
  5. Check that you have connectivity to all hosts:
        ansible OSEv3 -i /PATH/TO/HOSTS/hosts -m ping

    The results should look like the following. If not, resolve the connectivity problem.

        openshift-node1 | SUCCESS => {
           "changed": false,
           "ping": "pong"
        openshift-master | SUCCESS => {
           "changed": false,
           "ping": "pong"

What to do next

Install CNI plug-in and OVS. See Install CNI Plug-in and OVS.