ABA makes it easier to install OpenShift in a disconnected (air-gapped) environment. <!-- omit in toc -->

Quickly install an OpenShift cluster into a fully or partially disconnected environment, either onto bare-metal or VMware (vSphere/ESXi). ABA integrates several standard Red Hat tools into a single workflow, simplifying image mirroring for disconnected environments and providing the essential Day-2 capabilities needed to make an air-gapped OpenShift environment fully usable.

Because ABA is based on the Agent-based installer there is no need to configure a load balancer, a bootstrap node or even require DHCP.

Download curated, ready-made, up-to-date, and tested ABA install bundles — including all images required to install OpenShift for specific use-cases — from: https://red.ht/disco-easy (requires Google account)

Who should use ABA?<!-- omit in toc -->

Use ABA to quickly set up OpenShift in a disconnected environment while letting it handle the heavy lifting for you.

Content

<!-- This TOC is auto-generated by VS Code whenever a heading is added and the file saved-->

• ABA Overview
• About Installing OpenShift in a Disconnected Environment
• Prerequisites
  • Common Prerequisites for Both Environments
  • Fully Disconnected (Air-Gapped) Prerequisites
  • Partially Disconnected Prerequisites
  • Fully Connected Prerequisites
• Downloading an Install Bundle
• ABA OpenShift Installation Workflow Diagram
• Install ABA
  • Method 1: Single command
  • Method 2: Git clone
• Partially Disconnected Scenario
• Fully disconnected (air-gapped) Scenario
• Installing OpenShift
• Creating a Custom Install Bundle
• How to Customize the Agent-based Configuration Files
• Day 2 Operations
  • Login and Verify Cluster State
  • Connect OperatorHub to Internal Mirror Registry
  • Custom Manifests for Day-2
  • Synchronize NTP Across Cluster Nodes
  • Enable OpenShift Update Service (OSUS)
• Advanced Use
  • User Configuration (`~/.aba/config`)
  • Named Mirror Directories (Enclaves)
  • Supported Architectures
  • Running ABA in a container
  • Creating an Install bundle on a restricted VM or Laptop
  • To install aba from the dev branch run the following:
  • Installing RPMS
• Feature Backlog and Ideas
• Miscellaneous
• Frequently Asked Questions (FAQ)
  • Q: Does ABA know what RPM packages to install?
  • Q: Can bonds and/or vlan be configured on my nodes?
  • Q: How can I determine the network interface names of my bare-metal servers?
  • Q: Can ABA run inside a container?
  • Q: Does ABA support ARM, s390x, or ppc64le?
  • Q: How do I run ABA on LinuxONE Community Cloud?
  • Q: How much disk space do I need when using ABA?
  • Q: Can I install Operators from community catalogs?
  • Q: Where are cluster types (SNO, compact, standard) configured?
  • Q: How to configure passwordless sudo?
  • Q: Can I use ABA to install OpenShift on User Provisioned Infrastructure (UPI)?
  • Q: Pushing images to the Quay mirror (e.g. aba load/sync) often fails, even after re-trying several times! What can I do?
  • Q: Is there a discussion forum?
  • Q: I accidentally uninstalled my mirror registry, how can I recover?
  • Q: I see the error load pubkey "/home/joe/.ssh/quay_installer": Invalid key length when installing Quay/loading images, what can I do?
  • Q: Can ABA be used to manage the full lifecycle of the oc-mirror image configuration (image-config.yaml)?
• License

<!-- [Download Demo Video](./images/aba-bundle-demo-v5-low.mp4) -->

Download Demo Video

ABA Overview

ABA helps you with the following and more:

1. Helps install your first OpenShift cluster, e.g. SNO (1-node), Compact (3-nodes), Standard (5+nodes).
2. Installs a mirror registry -- Quay or Docker -- locally or on a remote host, or connects to your existing registry.
3. Uses the registry's credentials and other inputs to generate the Agent-based configuration files.
4. Triggers the generation of the agent-based boot ISO.
5. Configures NTP during installation to prevent time synchronization issues caused by nodes with incorrect date and time settings
6. Optionally, creates the required VMs in ESXi or vSphere.
7. Monitors the installation progress.
8. Allows for adding more images (e.g. Operators) when synchronizing the mirror registry (day 1 or 2 operation).
9. Configures the OperatorHub integration with the mirror registry.
10. Can create an "install bundle" containing all the files needed to complete a fully disconnected installation.
11. Supports named mirror directories for managing multiple enclaves (aba -d mymirror install).
12. Executes several workarounds, if needed, for some typical issues with disconnected environments.
13. Works with oc-mirror v2.
14. Installs and integrates OpenShift Update Service (OSUS) to make upgrades a single-click.
15. Helps configure OpenShift with your NTP servers.
16. Enables graceful cluster shutdown and startup.
17. Allows for the modification of generated configuration files (image-set & agent based), if more control is required.

All ABA commands are designed to be idempotent. If something goes wrong, fix it and run the command again — ABA will always try to do the right thing.

ABA includes a TUI (Text User Interface) wizard that guides you through configuration and setup interactively, including registry type selection (Quay/Docker). See Install ABA for details.

About Installing OpenShift in a Disconnected Environment

<img src="images/air-gapped.jpg" alt="Air-gapped data transfer" title="Air-gapped data transfer" width="80%">

The diagram above illustrates two scenarios for installing OpenShift in a disconnected environment.

• Top Section: The Disconnected Scenario (partial network access, e.g. via a proxy).
• Bottom Section: The Fully Disconnected (Air-Gapped) Scenario (data transfer only through physical means, such as "sneaker net" into a fully disconnected environment).

Each scenario includes two main network zones:

• Connected Network: Located on the left side of the diagram, where external resources are accessible.
• Private Network: Located on the right side of the diagram, isolated from direct Internet access.

Linux OS Requirements

• Workstation: Use RHEL 8 or 9, CentOS Stream 8 or 9 or Fedora for your connected bastion or workstation.
• Bastion: Must be running RHEL 8 or 9 to support OpenShift installation in a disconnected environment.

These configurations ensure that each network zone meets OpenShift’s requirements for partially disconnected or fully disconnected installations.

Back to top

Prerequisites

Common Prerequisites for Both Environments

<!-- this is a perma-link from ABA blog, Oct 2025 -->

Registry Storage

• Registry images are stored by default under your home directory. Use the data_dir= value in aba/mirror/mirror.conf to change this.
• A minimum of 30 GB is required for OpenShift platform release images alone. Additional Operators will require significantly more space — 500 GB or more is recommended.

Network Configuration

• DNS: Configure the following DNS A records which match the intended cluster name and base domain ('ocp1' and 'example.com' in the below example):
  • OpenShift API: api.ocp1.example.com pointing to a free IP address in the internal subnet where OpenShift will be installed.
  • OpenShift Ingress: *.apps.ocp1.example.com (wildcard A record) pointin