centos7.5安装openshift3.11

发表于 | 分类于 | 阅读次数:
字数统计: 1.6k | 阅读时长 ≈ 9

centos7.5安装openshift3.11

操作系统采用centos7.5,注意不要更换阿里元,安装会失败。

1
2
[root@openshift1 ~]# cat /etc/redhat-release 
CentOS Linux release 7.5.1804 (Core)
主机 ip 备注
openshift1 10.0.0.60 compute,infra,master
openshift2 10.0.0.63 compute,infra,master
openshift3 10.0.5.17 compute,infra,master
openshift4 10.0.5.8 compute,infra,master

下载离线包

docker镜像

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
yum install docker -y
systemctl start docker; systemctl enable docker

docker pull docker.io/openshift/origin-node:v3.11
docker pull docker.io/openshift/origin-control-plane:v3.11
docker pull docker.io/openshift/origin-deployer:v3.11.0
docker pull docker.io/openshift/origin-haproxy-router:v3.11
docker pull docker.io/openshift/origin-pod:v3.11.0
docker pull docker.io/openshift/origin-web-console:v3.11
docker pull docker.io/openshift/origin-docker-registry:v3.11
docker pull docker.io/openshift/origin-metrics-server:v3.11
docker pull docker.io/openshift/origin-console:v3.11
docker pull docker.io/openshift/origin-metrics-heapster:v3.11
docker pull docker.io/openshift/origin-metrics-hawkular-metrics:v3.11
docker pull docker.io/openshift/origin-metrics-schema-installer:v3.11
docker pull docker.io/openshift/origin-metrics-cassandra:v3.11
docker pull docker.io/cockpit/kubernetes:latest
docker pull quay.io/coreos/cluster-monitoring-operator:v0.1.1
docker pull quay.io/coreos/prometheus-config-reloader:v0.23.2
docker pull quay.io/coreos/prometheus-operator:v0.23.2
docker pull docker.io/openshift/prometheus-alertmanager:v0.15.2
docker pull docker.io/openshift/prometheus-node-exporter:v0.16.0
docker pull docker.io/openshift/prometheus:v2.3.2
docker pull docker.io/grafana/grafana:5.2.1
docker pull quay.io/coreos/kube-rbac-proxy:v0.3.1
docker pull quay.io/coreos/etcd:v3.2.22
docker pull quay.io/coreos/kube-state-metrics:v1.3.1
docker pull docker.io/openshift/oauth-proxy:v1.1.0
docker pull quay.io/coreos/configmap-reload:v0.0.1

之后将下载的镜像导出到新节点上,可以借助批量导出工具:
镜像批量导出工具

在所有节点执行如下任务,本文以playbook的方式执行。

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
---
- name: Pre Install
  hosts: nodes

  tasks:
  - name: set selinux
    command: "sed  -i 's/SELINUX=disabled/SELINUX=permissive/g'  /etc/selinux/config"
  
  - name: install tools
    command: "yum install -y wget git net-tools bind-utils yum-utils iptables-services bridge-utils bash-completion kexec-tools sos psacct vim python-setuptools unzip tree atomic NetworkManager"
  
  - name: install repo
    command: "yum install -y centos-release-openshift-origin311 ceph-common container-selinux epel extras python-docker"
  
  - name: install origin
    command: "yum install -y origin-node-3.11.0 origin-clients-3.11.0 conntrack-tools origin-3.11.0"

  - name: set docker enable
    command: "systemctl enable NetworkManager"

  - name: disable firewalld
    command: "systemctl stop firewalld"

  - name: disable firewalld
    command: "systemctl disable firewalld"
1
2
3
4
5
6
7
8
9
10
11
12
#所有节点配置iptables
cp /etc/sysconfig/iptables /etc/sysconfig/iptables.bak.$(date "+%Y%m%d%H%M%S");
sed -i '/.*--dport 22 -j ACCEPT.*/a\-A INPUT -p tcp -m state --state NEW -m tcp --dport 53 -j ACCEPT' /etc/sysconfig/iptables;
sed -i '/.*--dport 22 -j ACCEPT.*/a\-A INPUT -p udp -m state --state NEW -m udp --dport 53 -j ACCEPT' /etc/sysconfig/iptables;
sed -i '/.*--dport 22 -j ACCEPT.*/a\-A INPUT -p tcp -m state --state NEW -m tcp --dport 5000 -j ACCEPT' /etc/sysconfig/iptables;
sed -i '/.*--dport 22 -j ACCEPT.*/a\-A INPUT -p tcp -m state --state NEW -m tcp --dport 81 -j ACCEPT' /etc/sysconfig/iptables;

# 在master节点允许 8443 for node join
sed -i '/.*--dport 22 -j ACCEPT.*/a\-A INPUT -p tcp -m state --state NEW -m tcp --dport 8443 -j ACCEPT ' /etc/sysconfig/iptables;
sed -i '/.*--dport 22 -j ACCEPT.*/a\-A INPUT -p tcp -m state --state NEW -m tcp --dport 8443 -j ACCEPT ' /etc/sysconfig/iptables;

systemctl restart iptables;systemctl enable iptables

在ansible主机执行如下操作

本文以openshift1作为安装主机

配置ansible免密登录

1
2
3
4
5
6
ssh-keygen -f ~/.ssh/id_rsa -N ''
for host in openshift1 openshift2 openshift3
do
     echo $host
     ssh-copy-id -i ~/.ssh/id_rsa.pub $host;
done

安装openshift-ansible

1
2
yum install -y ansible-2.6.14-1.el7
yum install -y openshift-ansible

如果使用Open VSwitch虚拟网络,hosts文件如下

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
[root@openshift1 ~]# cat /etc/ansible/hosts
# Create an OSEv3 group that contains the masters, nodes, and etcd groups
[OSEv3:children]
masters
nodes
etcd

# Set variables common for all OSEv3 hosts
[OSEv3:vars]
# SSH user, this user should allow ssh based auth without requiring a password
ansible_ssh_user=root
#openshift_deployment_type=openshift-enterprise
openshift_deployment_type=origin
openshift_release="3.11"
openshift_image_tag=v3.11
openshift_pkg_version=-3.11.0
openshift_use_openshift_sdn=true
# If ansible_ssh_user is not root, ansible_become must be set to true
#ansible_become=true
#containerized=false

# default selectors for router and registry services
# openshift_router_selector='node-role.kubernetes.io/infra=true'
# openshift_registry_selector='node-role.kubernetes.io/infra=true'

# uncomment the following to enable htpasswd authentication; defaults to DenyAllPasswordIdentityProvider
openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', 'challenge': 'true', 'kind': 'HTPasswdPasswordIdentityProvider'}]
#openshift_master_default_subdomain=ai.com
openshift_disable_check=memory_availability,disk_availability,docker_image_availability

os_sdn_network_plugin_name='redhat/openshift-ovs-networkpolicy'

openshift_master_cluster_method=native
openshift_master_cluster_hostname=openshift1
openshift_master_cluster_public_hostname=openshift1
# false
ansible_service_broker_install=false
openshift_enable_service_catalog=false
template_service_broker_install=false
openshift_logging_install_logging=false
enable_excluders=false
# registry passwd
#oreg_url=10.1.236.77:5000/openshift3/ose-${component}:${version}
#oreg_url=10.1.236.77:5000/openshift/origin-${component}:${version}
#openshift_examples_modify_imagestreams=true

# docker config
#openshift_docker_additional_registries=10.1.236.77:5000
#openshift_docker_insecure_registries=10.1.236.77:5000
#openshift_docker_blocked_registries
openshift_docker_options="--log-driver json-file --log-opt max-size=1M --log-opt max-file=3"

# openshift_cluster_monitoring_operator_install=false
# openshift_metrics_install_metrics=true
# openshift_enable_unsupported_configurations=True
#openshift_logging_es_nodeselector='node-role.kubernetes.io/infra: "true"'
#openshift_logging_kibana_nodeselector='node-role.kubernetes.io/infra: "true"'
# host group for masters

[masters]
openshift1
openshift2
openshift3
openshift4

# host group for etcd
[etcd]
openshift1
openshift2
openshift3
openshift4

# host group for nodes, includes region info
[nodes]
openshift1 openshift_node_group_name='node-config-all-in-one'
openshift2 openshift_node_group_name='node-config-all-in-one'
openshift3 openshift_node_group_name='node-config-all-in-one'
openshift4  openshift_node_group_name='node-config-all-in-one'

如果使用calico虚拟网络,配置文件如下:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
[root@openshift1 ~]# cat /etc/ansible/hosts    
# Create an OSEv3 group that contains the masters, nodes, and etcd groups
[OSEv3:children]
masters
nodes
etcd

# Set variables common for all OSEv3 hosts
[OSEv3:vars]
# bellow 3 parameter for Calico
os_sdn_network_plugin_name=cni
openshift_use_calico=true
openshift_use_openshift_sdn=false

# SSH user, this user should allow ssh based auth without requiring a password
ansible_ssh_user=root
#openshift_deployment_type=openshift-enterprise
openshift_deployment_type=origin
openshift_release="3.11"
openshift_image_tag=v3.11
openshift_pkg_version=-3.11.0
#openshift_use_openshift_sdn=true
# If ansible_ssh_user is not root, ansible_become must be set to true
#ansible_become=true
#containerized=false

# default selectors for router and registry services
# openshift_router_selector='node-role.kubernetes.io/infra=true'
# openshift_registry_selector='node-role.kubernetes.io/infra=true'

# uncomment the following to enable htpasswd authentication; defaults to DenyAllPasswordIdentityProvider
openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', 'challenge': 'true', 'kind': 'HTPasswdPasswordIdentityProvider'}]
#openshift_master_default_subdomain=ai.com
openshift_disable_check=memory_availability,disk_availability,docker_image_availability,docker_storage

#os_sdn_network_plugin_name='redhat/openshift-ovs-networkpolicy'

openshift_master_cluster_method=native
openshift_master_cluster_hostname=openshift1
openshift_master_cluster_public_hostname=openshift1
# false
ansible_service_broker_install=false
openshift_enable_service_catalog=false
template_service_broker_install=false
openshift_logging_install_logging=false
enable_excluders=false
# registry passwd
#oreg_url=10.1.236.77:5000/openshift3/ose-${component}:${version}
#oreg_url=10.1.236.77:5000/openshift/origin-${component}:${version}
#openshift_examples_modify_imagestreams=true

# docker config
#openshift_docker_additional_registries=10.1.236.77:5000
#openshift_docker_insecure_registries=10.1.236.77:5000
#openshift_docker_blocked_registries
openshift_docker_options="--log-driver json-file --log-opt max-size=1M --log-opt max-file=3"

# openshift_cluster_monitoring_operator_install=false
# openshift_metrics_install_metrics=true
# openshift_enable_unsupported_configurations=True
#openshift_logging_es_nodeselector='node-role.kubernetes.io/infra: "true"'
#openshift_logging_kibana_nodeselector='node-role.kubernetes.io/infra: "true"'
# host group for masters

[masters]
openshift1
openshift2
openshift3
openshift4

# host group for etcd
[etcd]
openshift1
openshift2
openshift3
openshift4

# host group for nodes, includes region info
[nodes]
openshift1 openshift_node_group_name='node-config-all-in-one'
openshift2 openshift_node_group_name='node-config-all-in-one'
openshift3 openshift_node_group_name='node-config-all-in-one'
openshift2  openshift_node_group_name='node-config-all-in-one'

配置DNS解析

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
cat /etc/hosts
    127.0.0.1 VM_0_60_centos VM_0_60_centos
    127.0.0.1 localhost.localdomain localhost
    127.0.0.1 localhost4.localdomain4 localhost4
    
    ::1 VM_0_60_centos VM_0_60_centos
    ::1 localhost.localdomain localhost
    ::1 localhost6.localdomain6 localhost6
    
    10.0.0.60 openshift1
    10.0.0.63 openshift2
    10.0.5.17 openshift3
    10.0.5.8 openshift4

ansible all -m copy -a "src=/etc/hosts dest=/etc/hosts "

启动docker

1
ansible all -a 'systemctl start docker;systemctl enable docker'

执行检查

1
ansible-playbook /usr/share/ansible/openshift-ansible/playbooks/prerequisites.yml

执行安装

1
ansible-playbook /usr/share/ansible/openshift-ansible/playbooks/deploy_cluster.yml -vvv

如果安装过程出错或者想要重新安装,需要先卸载

1
ansible-playbook  /usr/share/ansible/openshift-ansible/playbooks/adhoc/uninstall.yml

配置后台登录用户

1
2
htpasswd -cb /etc/origin/master/htpasswd admin abc123
oc adm policy add-cluster-role-to-user cluster-admin admin

之后修改hosts文件,在浏览器输入 https://openshift1:8443 即可访问okd页面,并使用okd311.

安装过程中的问题:

1
2
3
4
5
遇到下面问题需要在对应node上安装atomic包,再次执行安装步骤:
Message: The following packages have pending transactions: atomic-x86_64
ansible 2.8 版本不支持openshift3.11,用ansible2.6.14成功安装。
rpm -e --nodeps ansible-2.8.2-1.el7.noarch
yum install ansible-2.6.14-1.el7

本文参考链接:
https://www.jianshu.com/p/cc012c93ad8c
https://www.jianshu.com/p/47711a21ba49
https://www.jianshu.com/p/de0d5b89e231

官方文档:
https://docs.okd.io/3.11/install/host_preparation.html

分享到: 收藏夹 复制网址 邮件 微信 QQ空间 腾讯微博 豆瓣 一键分享 更多