Openshift3.9部署手册

说明：本文主要介绍通过Ansible来部署Openshift 3.9

一、准备

系统准备

节点类型	说明
Masters	物理主机或者虚拟机系统：Fedora 21, CentOS 7.3, 7.4或者7.5 最少4vCPU 最少16GB内存 /var/最少40GB空间 /usr/local/bin最少1GB空间容器临时目录最少1GB空间
Nodes	物理主机或者虚拟机系统：Fedora 21, CentOS 7.3, 7.4或者7.5 NetworkManager版本1.0以上最少1vCPU 最少8GB内存 /var/最少15GB空间 /usr/local/bin最少1GB空间容器临时目录最少1GB空间
额外的etcd节点	最少20GB用来存储etcd数据

注：在安装时可以通过ansible_inventory的配置忽略以上系统要求
扩展：对于生产部署时，Master的配置要求计算规则如下：每1000个pods需要额外的1核CPU和1.5GB内存。因此如果要满足支持2000个pods的话，Master节点需要在最低配置2核CPU和16GB内存的基础上再加2核CPU和3GB内存，共4核CPU 19GB内存。

安装准备

关闭防火墙及selinux

systemctl disable firewalld
systemctl stop firewalld
sed -i "s/SELINUX=enforcing/SELINUX=disabled/" /etc/selinux/config
setenforce 0

更改yum源 base74 、 openshift-3.9 、 epel 、 updates 和 extras。

 #/etc/yum.repos.d/all.repo
[base]
name=CentOS-$releasever - Base
baseurl=http://mirrors.ustc.edu.cn/centos/$releasever/os/$basearch/
gpgcheck=0
[updates]
name=CentOS-$releasever - Updates
baseurl=http://mirrors.ustc.edu.cn/centos/$releasever/updates/$basearch/
gpgcheck=0
[extras]
name=CentOS-$releasever - Extras
baseurl=http://mirrors.ustc.edu.cn/centos/$releasever/extras/$basearch/
gpgcheck=0
[openshift-3.9]
name=Openshift 3.9
baseurl=http://mirrors.ustc.edu.cn/centos/$releasever/paas/$basearch/openshift-origin39/
gpgcheck=0
[epel]
name=Centos EPEL
baseurl=http://mirrors.ustc.edu.cn/epel/7/$basearch/
gpgcheck=0

清除缓存

 yum makecache

二、安装

安装需要的软件包

 yum install vim git ansible wget java-1.8.0-openjdk httpd-tools python-passlib docker -y

下载openshift ansible部署脚本

 git clone https://github.com/openshift/openshift-ansible.git -b release-3.9

禁用ansible脚本中的指定repo

 sed -i 's/enabled=1/enabled=0/g' ./roles/openshift_repos/templates/CentOS-OpenShift-Origin.repo.j2

设置hostsname
a. 在 /etc/hosts 添加ip映射

# /etc/hosts
192.168.2.3 openshift

b. 更新本机hostname

 hostnamectl set-hostname --static openshift

设置本地ssh无密钥登录

 ssh-keygen -t rsassh-copy-id -i ~/.ssh/id_rsa.pub root@openshift#或将id_rsa.pub内容添加到~/.ssh/authorized_keys中

配置ansible hosts

[OSEv3:children]
masters
nodes
etcd
nfs[OSEv3:vars]
ansible_ssh_user=root
openshift_deployment_type=origin
deployment_type=origin
openshift_release=v3.9#如果使用自己的镜像的话/etc/sysconfig/docker中会添加ADD_REGISTRY='--add-registry harbor.apps.com'
#oreg_url=harbor.apps.com/openshift/origin-${component}:${version}
#system_images_registry=harbor.apps.com
#openshift_examples_modify_imagestreams=true
#openshift_docker_additional_registries=harbor.apps.com
#openshift_service_catalog_image_prefix=harbor.apps.com/openshift/origin-
#openshift_metrics_image_prefix=harbor.apps.com/openshift/origin-
#openshift_logging_image_prefix=harbor.apps.com/openshift/origin-
#ansible_service_broker_image_prefix=harbor.apps.com/openshift/origin-
#ansible_service_broker_etcd_image_prefix=harbor.apps.com/openshift/origin-
#openshift_metrics_image_version=v3.9openshift_enable_service_catalog=false
template_service_broker_install=false
ansible_service_broker_install=falseopenshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login':'true','challenge': 'true', 'kind': 'HTPasswdPasswordIdentityProvider'}]
openshift_master_htpasswd_file=/etc/origin/master/htpasswd
openshift_enable_unsupported_configurations=True
openshift_docker_options="-l warn --ipv6=false --insecure-registry=0.0.0.0/0 --registry-mirror=https://docker.mirrors.ustc.edu.cn --log-opt max-size=1M --log-opt max-file=3"
openshift_disable_check=memory_availability,disk_availability,package_availability,package_update,docker_image_availability,docker_storage_driver,docker_storage
openshift_master_default_subdomain=apps.openshiftopenshift_metrics_install_metrics=true
openshift_hosted_metrics_public_url=https://hawkular-metrics.apps.openshift/hawkular/metricsopenshift_logging_install_logging=true
openshift_hosted_etcd_storage_kind=nfs
openshift_hosted_etcd_storage_nfs_options="*(rw,root_squash,sync,no_wdelay)"
openshift_hosted_etcd_storage_nfs_directory=/nfs-data
openshift_hosted_etcd_storage_volume_name=etcd-vol2
openshift_hosted_etcd_storage_access_modes=["ReadWriteOnce"]
openshift_hosted_etcd_storage_volume_size=1G
openshift_hosted_etcd_storage_labels={'storage': 'etcd'}ansible_service_broker_image_prefix=registry.access.redhat.com/openshift3/ose-
ansible_service_broker_registry_url=registry.access.redhat.com
ansible_service_broker_registry_user=<user_name>
ansible_service_broker_registry_password=<password>
ansible_service_broker_registry_organization=<organization>[masters]
openshift
[etcd]
openshift
[nfs]
openshift
[nodes]
openshift openshift_node_labels="{'region': 'infra', 'zone':'default'}" openshift_schedulable=true

如果要修改为自己的镜像仓库的话，还需要更改几个yaml文件

# roles/openshift_web_console/defaults/main.yml（去掉docker.io/）
openshift_web_console_image_dict:origin:prefix: "openshift/origin-"version: "{{ openshift_image_tag }}"image_name: "web-console"

执行安装脚本

ansible-playbook playbooks/prerequisites.yml
ansible-playbook playbooks/deploy_cluster.yml

创建管理员账号

htpasswd -b /etc/origin/master/htpasswd admin admin
oc adm policy add-cluster-role-to-user cluster-admin admin

三、展示

首页展示

项目主页展示

镜像仓库页展示

参考文章
Openshift 3.9官方高级安装手册