openshift3.11安装手册

一、机器准备

角色 主机名 IP 备注
master master1 192.168.11.3  
router router1 192.168.11.4  
node node1 192.168.11.5  
node node2 192.168.11.6  
LB负载   192.168.11.100

80:对应后端所有router机器

443:对应后端所有router机器

8443:对应后端所有master机器

 

防火墙开放:

  • 80端口:http应用访问端口,开放给LB
  • 443端口:https应用访问端口,开放给LB
  • 8443端口:Openshift平台web访问,开放给LB

 

二、选择其中各一台node节点作为部署机器,做一些准备工作:

  • yum的要求
    • base
    • updates
    • extras
    • epel
    • openshift
1. 取消快速源查找插件:/etc/yum.conf文件中的plugins=1修改为plugins=0
2. 配置yum源。
# cd /etc/yum.repo.d
# rm -rf ./*
# vi all.repo
[base]
name=CentOS-$releasever - Base 
baseurl=http://mirrors.aliyun.com/centos/$releasever/os/$basearch/
gpgcheck=0

[updates]
name=CentOS-$releasever - Updates
baseurl=http://mirrors.aliyun.com/centos/$releasever/updates/$basearch/
gpgcheck=0

[extras]
name=CentOS-$releasever - Extras
baseurl=http://mirrors.aliyun.com/centos/$releasever/extras/$basearch/
gpgcheck=0

[openshift]
name=Openshift
baseurl=http://mirrors.aliyun.com/centos/$releasever/paas/$basearch/openshift-origin311/
gpgcheck=0

[epel]
name=Centos EPEL
baseurl=http://mirrors.aliyun.com/epel/7/x86_64/
gpgcheck=0

# yum clean all
# yum makecache
  • 添加/etc/hosts文件解析
192.168.11.3 master1
192.168.11.4 router1
192.168.11.5 node1
192.168.11.6 node2
192.168.11.100 master
  • 安装ansible及相关必要软件的安装(ansible请注意版本,其他版本安装可能会出现问题),并做好免密登录。
# curl https://releases.ansible.com/ansible/rpm/release/epel-7-x86_64/ansible-2.6.8-1.el7.ans.noarch.rpm -O
# yum install ansible-2.6.8-1.el7.ans.noarch.rpm
# yum install httpd-tools java-1.8.0-openjdk-headless python-passlib pyOpenSSL

# 免密登录
# ssh-keygen -t rsa
# ssh-copy-id -i ~/.ssh/id_rsa.pub master1
# ssh-copy-id -i ~/.ssh/id_rsa.pub router1
# ssh-copy-id -i ~/.ssh/id_rsa.pub node1
# ssh-copy-id -i ~/.ssh/id_rsa.pub node2

 

三、集群inventory文件的准备(/etc/ansible/hosts)

更多详细参数请参考官方文档:https://access.redhat.com/documentation/zh-cn/openshift_container_platform/3.11/html/installing_clusters/multiple-masters

# Create an OSEv3 group that contains the masters, nodes, and etcd groups
[OSEv3:children]
masters
nodes
etcd

# Set variables common for all OSEv3 hosts
[OSEv3:vars]
# SSH user, this user should allow ssh based auth without requiring a password
ansible_ssh_user=efast
ansible_ssh_port=22
# If ansible_ssh_user is not root, ansible_become must be set to true
ansible_become=true

# versions
openshift_deployment_type=origin
openshift_release=3.11

# uncomment the following to enable htpasswd authentication; defaults to AllowAllPasswordIdentityProvider
openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', 'challenge': 'true', 'kind': 'HTPasswdPasswordIdentityProvider'}]

# domain
openshift_master_cluster_method=native
openshift_master_cluster_hostname=master
openshift_master_cluster_public_hostname=bseip.example.com
openshift_master_default_subdomain=apps.example.com

# custom certificates
openshift_master_named_certificates=[{"certfile": "/path/to/example.com_server.crt", "keyfile": "/path/to/example.com_server.key", "names": ["bseip.example.com"]}]
openshift_master_overwrite_named_certificates=true
openshift_named_certificate_omit_cafile=true

# Configure master API and console ports
openshift_master_api_port=8443
openshift_master_console_port=8443

# Don't install monitor
openshift_cluster_monitoring_operator_install=false

# docker registry (if you have it)
oreg_url=registry.apps.bseip.baison.net:10000/openshift/origin-${component}:${version}
openshift_docker_options="-l warn --ipv6=false --add-registry=registry.apps.bseip.baison.net:10000 --insecure-registry=0.0.0.0/0 --log-opt max-size=1M --log-opt max-file=3"

# cert_expire_days
openshift_hosted_registry_cert_expire_days=7300
openshift_ca_cert_expire_days=18250
openshift_node_cert_expire_days=7300
openshift_master_cert_expire_days=7300
etcd_ca_default_days=18250

# skip checking docker images & memory
openshift_disable_check=memory_availability,disk_availability,docker_storage_driver,docker_storage,package_availability,package_update,docker_image_availability

# host group for masters
[masters]
master1

# host group for etcd
[etcd]
master1

# host group for nodes, includes region info
[nodes]
master1 openshift_node_group_name='node-config-master'
router1 openshift_node_group_name='node-config-infra'
node1 openshift_node_group_name='node-config-compute'
node2 openshift_node_group_name='node-config-compute'

  

四、安装

  • 集群节点主机名、yum源设置、/etc/hosts文件
主机名:
  # ansible all -m shell -a "hostnamectl set-hostname --static {{ inventory_hostname }}"
YUM:
  # cp /etc/yum.repos.d/all.repo /tmp/
  # ansible all -m shell -a "rm -rf /etc/yum.repos.d/*"
  # ansible all -m shell -a 'sed -i "s/plugins=1/plugins=0/g" /etc/yum.conf'
  # ansible all -m copy -a "src=/tmp/all.repo dest=/etc/yum.repos.d/all.repo"
/etc/hosts:
  # ansible all -m copy -a 'src=/etc/hosts dest=/etc/hosts'
  •  集群节点selinux设置(需要重启生效)
# ansible all -m shell -a 'sed -i "s/^SELINUX=disabled/SELINUX=permissive/g" /etc/selinux/config'
# ansible all -m shell -a 'reboot'
  • 下载安装程序,https://github.com/openshift/openshift-ansible/tags,选择一个最新的3.11版本下载,解压。
  • 禁用集群安装默认的repos源
# cd openshift-ansible-release-3.11
# sed -i "s/^enabled=1/enabled=0/g" roles/openshift_repos/templates/CentOS-OpenShift-Origin311.repo.j2
  • 安装
# ansible-playbook playbooks/prerequisites.yml
# ansible-playbook playbooks/deploy_cluster.yml

 

五、创建管理员用户和密码

# ansible masters -m shell -a 'htpasswd -b /etc/origin/master/htpasswd admin admin'
# ansible masters -m shell -a 'oc adm policy add-cluster-role-to-user cluster-admin admin'

即可用admin/admin登录

 

posted @ 2021-02-05 13:59  kunsile  阅读(936)  评论(0)    收藏  举报