Openshift Origin (OKD) v3.11安裝

一. 環(huán)境準(zhǔn)備

我準(zhǔn)備在Azure上進(jìn)行安裝OKD v3.11 版本

機(jī)器名 ip地址 角色 公網(wǎng)IP 用戶
master-1 10.0.1.4 master 23.98.41.24x okd
master-2 10.0.1.5 master - okd
node-1 10.0.1.6 compute - okd
  1. 解析*.okd.goxx.top, okd.goxx.top A記錄到到 23.98.41.24x,方便后續(xù)可以使用子域名綁定到router訪問服務(wù)。
  2. 在Azure控制臺 中將三臺主機(jī)創(chuàng)建在共一個網(wǎng)絡(luò)安全組 [master-1-nsg] 中,并臨時添加規(guī)則允許所有端口呵來運(yùn)IP訪問。

二. 主機(jī)準(zhǔn)備

  1. 使用的是CentOS 7.4
[okd@master-1 ~]$ cat /etc/redhat-release
CentOS Linux release 7.4.1708 (Core)
  1. 拷貝本地共鑰到master-1,此機(jī)器有公網(wǎng)IP,方便登陸到服務(wù)器
ssh-copy-id -i .ssh/id_rsa.pub okd@okd.gois.top
  1. 在master-1上創(chuàng)建密鑰對,并分發(fā)共鑰到其他機(jī)器,使用此節(jié)點(diǎn)作為ansible分發(fā)節(jié)點(diǎn)
ssh-keygen -t rsa # 不設(shè)置密碼
ssh-copy-id -i .ssh/id_rsa.pub okd@10.0.1.5
ssh-copy-id -i .ssh/id_rsa.pub okd@10.0.1.6
  1. 配置各節(jié)點(diǎn)的hosts
# /etc/hosts 增加如下配置
10.0.1.4 master-1
10.0.1.5 master-2
10.0.1.6 node-1
  1. 配置各主機(jī)sudo免密碼,后續(xù)使用okd用戶安裝,需要sudo權(quán)限:
# /etc/sudoers 文件增加
okd  ALL=(ALL) NOPASSWD:ALL
  1. 分發(fā)hosts(配置ansible后分發(fā))

二. 安裝文件源準(zhǔn)備

  • 由于3.11版本發(fā)布較近,官方還未推出rpm包,故后續(xù)使用的是http://buildlogs.centos.org/centos/7/paas/x86_64/openshift-origin311/ 安裝

1. ansible安裝

  • 安裝失敗后從官方倉庫找到原因是ansible版本存在要求,故而使用官方推薦的2.6版本。
rpm -ivh https://buildlogs.centos.org/centos/7/paas/x86_64/openshift-origin311/ansible-2.6.5-1.el7.noarch.rpm
  • docker 等其他依賴的包openshift-ansible 安裝程序會自行安裝。
[okd@master-1 ~]$ ansible --version
ansible 2.6.5
  config file = /etc/ansible/ansible.cfg
  configured module search path = [u'/home/okd/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python2.7/site-packages/ansible
  executable location = /usr/bin/ansible
  python version = 2.7.5 (default, Aug  4 2017, 00:39:18) [GCC 4.8.5 20150623 (Red Hat 4.8.5-16)]

2. ansible hosts 文件編寫: /home/okd/okd.hosts 

[okd@master-1 ~]$ cat okd.hosts
# Create an OSEv3 group that contains the masters, nodes, and etcd groups
[OSEv3:children]
masters
nodes
etcd

# Set variables common for all OSEv3 hosts
[OSEv3:vars]
# SSH user, this user should allow ssh based auth without requiring a password
ansible_ssh_user=okd
openshift_deployment_type=origin
openshift_image_tag=v3.11
# If ansible_ssh_user is not root, ansible_become must be set to true
ansible_become=true


# default selectors for router and registry services
# openshift_router_selector='node-role.kubernetes.io/infra=true'
# openshift_registry_selector='node-role.kubernetes.io/infra=true'

# uncomment the following to enable htpasswd authentication; defaults to DenyAllPasswordIdentityProvider
openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', 'challenge': 'true', 'kind': 'HTPasswdPasswordIdentityProvider'}]
openshift_disable_check=memory_availability,disk_availability,docker_image_availability

os_sdn_network_plugin_name=redhat/openshift-ovs-multitenant

# new 2018-11--5 14:40:00
# 方便訪問使用,指定web console 端口為443以及域名
openshift_master_api_port=443
openshift_master_console_port=443
openshift_hosted_router_replicas=1
openshift_hosted_registry_replicas=1
openshift_master_cluster_hostname=master.okd.gois.top
openshift_master_cluster_public_hostname=master.okd.gois.top
openshift_master_default_subdomain=okd.gois.top

openshift_master_cluster_method=native
openshift_public_ip=23.98.41.245
# false
ansible_service_broker_install=false
openshift_enable_service_catalog=false
template_service_broker_install=false
openshift_logging_install_logging=false

# registry passwd
#oreg_url=172.16.37.12:5000/openshift3/ose-${component}:${version}
#openshift_examples_modify_imagestreams=true

# docker config
#openshift_docker_additional_registries=172.16.37.12:5000,172.30.0.0/16
#openshift_docker_insecure_registries=172.16.37.12:5000,172.30.0.0/16
#openshift_docker_blocked_registries
openshift_docker_options="--log-driver json-file --log-opt max-size=1M --log-opt max-file=3"

# openshift_cluster_monitoring_operator_install=false
# openshift_metrics_install_metrics=true
# openshift_enable_unsupported_configurations=True
#openshift_logging_es_nodeselector='node-role.kubernetes.io/infra: "true"'
#openshift_logging_kibana_nodeselector='node-role.kubernetes.io/infra: "true"'
# host group for masters

[masters]
master-[1:2]

[etcd]
master-[1:2]

[nodes]
master-[1:2] openshift_node_group_name='node-config-master'
node-1 openshift_node_group_name='node-config-compute'
node-1 openshift_node_group_name='node-config-infra'

2. 分發(fā)hosts

  • 順便可以測試下ansible是否工作正常,sudo權(quán)限是否正確:
ansible -i okd.hosts  nodes --user=root -m copy -a 'src=/etc/hosts dest=/etc/hosts'

3. 分發(fā)CentOS-Openshift yum源:

[okd@master-1 ~]$ cat /etc/yum.repos.d/CentOS-OpenShift-Origin311.repo
[centos-openshift-origin311]
name=CentOS OpenShift Origin
baseurl=http://buildlogs.centos.org/centos/7/paas/x86_64/openshift-origin311/
enabled=1
gpgcheck=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-PaaS

[centos-openshift-origin311-testing]
name=CentOS OpenShift Origin Testing
baseurl=http://buildlogs.centos.org/centos/7/paas/x86_64/openshift-origin311/
enabled=0
gpgcheck=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-PaaS

[centos-openshift-origin311-debuginfo]
name=CentOS OpenShift Origin DebugInfo
baseurl=http://debuginfo.centos.org/centos/7/paas/x86_64/
enabled=0
gpgcheck=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-PaaS

[centos-openshift-origin311-source]
name=CentOS OpenShift Origin Source
baseurl=http://vault.centos.org/centos/7/paas/Source/openshift-origin311/
enabled=0
gpgcheck=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-PaaS

[okd@master-1 ~]$ ansible -i okd.hosts  nodes --user=root -m copy -a \
'src=/etc/yum.repos.d/CentOS-OpenShift-Origin311.repo  \
dest=/etc/yum.repos.d/CentOS-OpenShift-Origin311.repo'

3. 下載opensift-ansible項目(需要安裝git):

[okd@master-1 ~]$ sudo yum install -y git
[okd@master-1 ~]$ cd ~ && git clone https://github.com/openshift/openshift-ansible
# 切換到release-v3.11
[okd@master-1 ~]$ cd ~/openshift-ansible && git checkout release-3.11

三. 安裝OKD

1. 安裝檢查:

[okd@master-1 ~]$ ls
okd.hosts  openshift-ansible
[okd@master-1 ~]$ ansible-playbook -i okd.hosts openshift-ansible/playbooks/prerequisites.yml
  • 執(zhí)行檢查無誤后,執(zhí)行安裝程序

2. 執(zhí)行安裝程序

[okd@master-1 ~]$ ansible-playbook -i okd.hosts openshift-ansible/playbooks/deploy_cluster.yml

  • 安裝完成后可以看到類似如下提示.

  • 可以清楚的看到安裝結(jié)果,如果有失敗,尋找原因再次安裝:

PLAY RECAP ***************************************************************************************************************************************************************************************
localhost                  : ok=11   changed=0    unreachable=0    failed=0
master-1                   : ok=599  changed=198  unreachable=0    failed=0
master-2                   : ok=263  changed=72   unreachable=0    failed=0
node-1                     : ok=110  changed=16   unreachable=0    failed=0


INSTALLER STATUS *********************************************************************************************************************************************************************************
Initialization               : Complete (0:01:55)
Health Check                 : Complete (0:00:14)
Node Bootstrap Preparation   : Complete (0:04:18)
etcd Install                 : Complete (0:01:56)
Master Install               : Complete (0:13:01)
Master Additional Install    : Complete (0:02:18)
Node Join                    : Complete (0:01:16)
Hosted Install               : Complete (0:02:50)
Cluster Monitoring Operator  : Complete (0:01:21)
Web Console Install          : Complete (0:01:08)
Console Install              : Complete (0:00:52)
metrics-server Install       : Complete (0:00:03)

3. 查看安裝結(jié)果

[okd@master-1 ~]$ oc get nodes
NAME       STATUS    ROLES     AGE       VERSION
master-1   Ready     master    19m       v1.11.0+d4cacc0
master-2   Ready     master    19m       v1.11.0+d4cacc0
node-1     Ready     infra     10m       v1.11.0+d4cacc0

4. 創(chuàng)建super account,使用簡單的文件密碼配置登陸web控制臺

[okd@master-1 ~]$ sudo htpasswd -cb /etc/origin/master/htpasswd admin 123456
Adding password for user admin
[okd@master-1 ~]$ oc adm policy add-cluster-role-to-user cluster-admin admin
Warning: User 'admin' not found
cluster role "cluster-admin" added: "admin"

文章僅供參考,安裝到此完成,后續(xù)有完善或者錯誤繼續(xù)補(bǔ)充。

錯誤記錄:

TASK [openshift_control_plane : Wait for control plane pods to appear] 失敗:

錯誤原因分析: master-api container 啟動失敗,可以看到由于etcd服務(wù)無法連接導(dǎo)致的,etcd cluster模式,所安裝的etcd服務(wù)器通過ip無法連接,
需要增加 ansible hosts文件中:
[etcd]
etcd.xx.xx openshift_ip=x.x.x.x

重復(fù)部署安裝即可

最后編輯于
?著作權(quán)歸作者所有,轉(zhuǎn)載或內(nèi)容合作請聯(lián)系作者
【社區(qū)內(nèi)容提示】社區(qū)部分內(nèi)容疑似由AI輔助生成,瀏覽時請結(jié)合常識與多方信息審慎甄別。
平臺聲明:文章內(nèi)容(如有圖片或視頻亦包括在內(nèi))由作者上傳并發(fā)布,文章內(nèi)容僅代表作者本人觀點(diǎn),簡書系信息發(fā)布平臺,僅提供信息存儲服務(wù)。

相關(guān)閱讀更多精彩內(nèi)容

友情鏈接更多精彩內(nèi)容