OpenShift3.11OKD安装部署
#openshift 3.11 OKD安装部署
openshift安装部署
###1 环境准备(所有节点)
openshift 版本 v3.11
1.1 机器环境
ip cpu mem hostname OSsystem
172.16.1.91 4 8 node01 CentOS7.6
172.16.1.92 4 8 node02 CentOS7.6
172.16.1.93 4 8 node03 CentOS7.6
172.16.1.94 4 8 node04 CentOS7.6
172.16.1.95 4 8 node05 CentOS7.6
1.2 免密码ssh登陆
ssh-keygen
docters
ssh-copy-id 172.16.1.91
ssh-copy-id 172.16.1.92
ssh-copy-id 172.16.1.93
ssh-copy-id 172.16.1.94
ssh-copy-id 172.16.1.95
1.3 hosts解析
vim /etc/hosts
172.16.1.91 node01
172.16.1.92 node02
172.16.1.93 node03
172.16.1.94 node04
172.16.1.95 node05
---------------------
scp -rp /etc/hosts 192.168.1.132:/etc/hosts
scp -rp /etc/hosts 192.168.1.135:/etc/hosts贱熊30
1.4 linux和关闭防⽕墙
#d -i 's/SELINUX=.*/SELINUX=enforcing/' /etc/linux/config
#d -i 's/SELINUXTYPE=.*/SELINUXTYPE=targeted/' /etc/linux/config
开放8443端⼝给openshift,api使⽤
/
sbin/iptables -I INPUT -p tcp --dport 8443 -j ACCEPT &&\ rvice iptables save
1.2.3 安装需要的软件包
yum install -y wget git ntp net-tools bind-utils iptables-rvices bridge-utils bash-completion kexec-tools sos psacct nfs-utils yum-utils docker NetworkManager
1.2.4 其他
sysctl net.ipv4.ip_forward=1
yum install pyOpenSSL httpd-tools -y
systemctl start NetworkManager
systemctl enable NetworkManager
配置镜像加速器
echo '{
"incure-registries": ["172.30.0.0/16"],
"registry-mirrors": ["3aexnae3."]
}' >/etc/docker/daemon.json
systemctl daemon-reload && \
systemctl enable docker && \
systemctl restart docker
1.2.5 镜像下载
#master镜像列表(主节点)
echo 'docker.io/cockpit/kubernetes
docker.io/openshift/origin-haproxy-router
docker.io/openshift/origin-haproxy-router
docker.io/openshift/origin-rvice-catalog
docker.io/openshift/origin-node
docker.io/openshift/origin-deployer
docker.io/openshift/origin-control-plane
docker.io/openshift/origin-control-plane
docker.io/openshift/origin-template-rvice-broker
docker.io/openshift/origin-pod
docker.io/cockpit/kubernetes
docker.io/openshift/origin-web-console
quay.io/coreos/etcd' & && \
while read line; do docker pull $line ; done&
#node镜像列表(两个node节点)
echo 'docker.io/openshift/origin-haproxy-router
docker.io/openshift/origin-node
docker.io/openshift/origin-deployer
docker.io/openshift/origin-pod
docker.io/ansibleplaybookbundle/origin-ansible-rvice-broker docker.io/openshift/origin-docker-registry' & && \ while read line; do docker pull $line ; done&
###2 配置ansible(主节点)
2.1 下载openshift-ansible代码
需要下载2.6.5版本的ansible
yum install ansible
[root@master ~]# cat /etc/ansible/hosts
[all]
# all下放所有机器节点的名称
node01
node02
node03
node04
node05
[OSEv3:children]
#这⾥放openshfit的⾓⾊,这⾥有三个⾓⾊,master,node,etcd masters
nodes
etcd
[OSEv3:vars]
#这⾥是openshfit的安装参数
#指定ansible使⽤ssh的⽤户为root
ansible_ssh_ur=root
#指定⽅式为origin
openshift_deployment_type=origin
#指定版本为3.11
openshift_relea=3.11
openshift_enable_rvice_catalog=fal
openshift_clock_enabled=true
openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', 'challenge': 'true', 'kind':
'HTPasswdPasswordIdentityProvider'}]
openshift_disable_check=disk_availability,docker_storage,memory_availability,docker_image_availability
[masters]
#master⾓⾊的机器名称包含
node01
[etcd]
#etcd⾓⾊的机器名称包含
node01
[nodes]
#node⾓⾊的机器名称包含
assume#master openshift_node_group_name='node-config-all-in-one'
#node01 openshift_node_group_name='node-config-compute'
#node02 openshift_node_group_name='node-config-compute'
node01 openshift_node_group_name='node-config-master'
node02 openshift_node_group_name='node-config-compute'
node03 openshift_node_group_name='node-config-compute'
node04 openshift_node_group_name='node-config-infra'
samurainode05 openshift_node_group_name='node-config-infra'
#gluster[1:6]. openshift_node_group_name='node-config-compute-storage'
#openshift_enable_rvice_catalog=fal
#openshift_hosted_registry_storage_kind=nfsblow out
#openshift_hosted_registry_storage_access_modes=['ReadWriteMany']
#openshift_hosted_registry_storage_nfs_directory=/data/docker
#openshift_hosted_registry_storage_nfs_options='*(rw,root_squash)'
#openshift_hosted_registry_storage_volume_name=registry
#openshift_hosted_registry_storage_volume_size=20Gi
# openshiftclock_enabled=true
# ansible_rvice_broker_install=fal
3 使⽤ansible来进⾏安装
#安装前检查
ansible-playbook ~/openshift-ansible/l
#安装
ansible-playbook ~/openshift-ansible/playbooks/l
#安装openshift-web-console
ansible-playbook ~/openshift-ansible/playbooks/l
#如需重新安装,先卸载
ansible-playbook ~/openshift-ansible/playbooks/l
###4 安装后配置(主节点)
4.1 配置nfs持久卷
yum install nfs-utils rpcbind -y
mkdir -p /data/v0{01..20} /data/{docker,volume,registry}
chmod -R 777 /data
matter是什么意思啊
vim /etc/exports
/data 172.16.1.0/24(rw,sync,no_all_squash,no_root_squash)
/data/v001 172.16.1.0/24(rw,sync,no_all_squash,no_root_squash)
/
data/v002 172.16.1.0/24(rw,sync,no_all_squash,no_root_squash)
/data/v003 172.16.1.0/24(rw,sync,no_all_squash,no_root_squash)
/data/v004 172.16.1.0/24(rw,sync,no_all_squash,no_root_squash)
/data/v005 172.16.1.0/24(rw,sync,no_all_squash,no_root_squash)人人分享
/data/v006 172.16.1.0/24(rw,sync,no_all_squash,no_root_squash)
/data/v007 172.16.1.0/24(rw,sync,no_all_squash,no_root_squash)
/data/v008 172.16.1.0/24(rw,sync,no_all_squash,no_root_squash)
provide的用法
/data/v009 172.16.1.0/24(rw,sync,no_all_squash,no_root_squash)
/data/v010 172.16.1.0/24(rw,sync,no_all_squash,no_root_squash)
/data/docker *(rw,sync,no_all_squash,no_root_squash)
systemctl restart rpcbind &&\
systemctl restart nfs && \
systemctl enable rpcbind &&\
systemctl enable nfs
exportfs -rv #重新读取配置⽂件
exportfs #检查 NFS 服务器是否挂载我们想共享的⽬录 /home:
rpcinfo -p #确认NFS服务器启动成功
exportfs -v #查看配置
kubectl apply -l
配置⽂件参考章节最后 l
4.2 创建openshift⽤户
oc login -u system:admin ##使⽤系统管理员⽤户登录htpasswd -b /etc/origin/mast
er/htpasswd admin 123456 ##创建⽤户htpasswd -b /etc/origin/master/htpasswd dev dev ##创建⽤户
oc login -u admin ##使⽤⽤户登录
oc logout ##退出当前⽤户
4.3 赋予创建的⽤户集群管理员权限
oc login -u system:admin &&\
oc adm policy add-cluster-role-to-ur cluster-admin admin
4.4 访问测试
需要添加hosts解析到本地电脑
172.16.1.91 node01
172.16.1.92 node02
172.16.1.93 node03
172.16.1.94 node04
172.16.1.95 node05
###5 其他配置
5.1 部署集群节点管理cockpit
yum install -y cockpit cockpit-docker cockpit-kubernetes &&\
systemctl start cockpit &&\
systemctl enable cockpit.socket &&\
iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 9090 -j ACCEPT
5.2 命令补全
#kubectl 命令补全
mkdir -p /usr/share/bash-completion/kubernetes
kubectl completion bash >/usr/share/bash-completion/kubernetes/bash_completion
echo 'source /usr/share/bash-completion/kubernetes/bash_completion' >>~/.bash_profile
#oc ⾃动补全
mkdir -p /usr/share/bash-completion/openshift
oc completion bash >/usr/share/bash-completion/openshift/bash_completion
echo "source /usr/share/bash-completion/openshift/bash_completion" >> ~/.bash_profile
source ~/.bash_profile
5.3 openshift登录
#admin⽤户登陆openshift:⽤户名dev 密码:dev
oc login -n openshift
oc get svc -n default|grep docker-registry|awk '{print $3}'
sumo
#查看admin⽤户的token
oc whoami -t
#登录docker私库
scenery什么意思docker login -u admin -p `oc whoami -t` docker-registry.default.svc:5000
通过观察rvice的docker-registry的IP
###6 其他
6.1 pv-01-10.yaml⽂件
apiVersion: v1
kind: PersistentVolume
metadata:
name: nfs-pv001
labels:
name: pv001
type: nfs
spec:
nfs:
path: /data/v001
rver: 172.16.1.91
capacity:
storage: 50Gi
accessModes:
- ReadWriteMany
-
ReadWriteOnce
- ReadOnlyMany
persistentVolumeReclaimPolicy: Retain
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: nfs-pv002
labels:
name: nfs-pv002
type: nfs
spec:
nfs:
path: /data/v002
rver: 172.16.1.91
capacity:
storage: 50Gi
