OpenShift 是RedHat的当家产品，在centos7中安装具有重要的意义，赶巧考红帽DO280的时机，我整理了这次安装过程，希望能够给同仁们一点有益的帮助。完全脱机安装，排错，整理，试验，历时一周时间。完全可以做的更好， 但苦于DO280考试在即，不得不放手，不过还行，能用。DO280考试做试验估计没问题。希望多提宝贵意见，贴下真知见解，也不枉我一片心血了，不胜感激！
安装环境：在VMWare下启动了6台虚拟机，事先积累了脱机版的镜像源。centos7没有升级。

1.节点规划

序号	ip	主机名
1	192.168.0.71	master.blueicex.com
2	192.168.0.72	node1.blueicex.com
3	192.168.0.73	node2.blueicex.com
4	192.168.0.74	node3.blueicex.com
5	192.168.0.75	etcd.blueicex.com
6	192.168.0.77	resource.blueicex.com

4core CPU，4G memory，40G system disk，20G docker vg，double netface

2. 主机基础搭建

2.1 修改ifc-ens33

操作节点：master nodes etcd resource
被操作节点：master nodes etcd resource

[root@localhost ~]# vi /etc/sysconfig/network-scripts/ifcfg-ens33
ONBOOT="yes"
IPADDR="192.168.0.7*"
GATEWAY="192.168.0.1"
NM_CONTROLLED=yes
[root@localhost ~]# systemctl restart network NetworkManager

★配置验证

[root@localhost ~]# cat etc/sysconfig/network-scripts/ifcfg-ens33
[root@localhost ~]# ip a s  ens33

2.2 root卷扩展

操作节点：master nodes etcd resource
被操作节点：master nodes etcd resource
在生成虚拟主机前，sda卷，保留了10G的预留空间未分配

[root@localhost ~]# fdisk /dev/sda
[root@localhost ~]# partprobe
[root@localhost ~]# lsblk
NAME            MAJ:MIN RM   SIZE RO TYPE MOUNTPOINT
sda               8:0    0    20G  0 disk
├─sda1            8:1    0   190M  0 part /boot
├─sda2            8:2    0  10.2G  0 part
│ ├─centos-root 253:0    0    10G  0 lvm  /
│ └─centos-home 253:1    0   192M  0 lvm  /home
└─sda3            8:3    0   9.6G  0 part
..........
[root@localhost ~]# mkfs.xfs /dev/sda3
[root@localhost ~]# vgextend centos /dev/sda3
[root@localhost ~]# vgsVG     #PV #LV #SN Attr   VSize   VFreecentos   2   2   0 wz--n- <19.81g 9.62g
[root@localhost ~]# lvextend -L +9.6G /dev/centos/root
[root@localhost ~]# xfs_growfs /dev/centos/root

★配置验证

[root@localhost ~]# lsblk /dev/sda
NAME            MAJ:MIN RM  SIZE RO TYPE MOUNTPOINT
sda               8:0    0   20G  0 disk
├─sda2            8:2    0 10.2G  0 part
│ ├─centos-home 253:1    0  192M  0 lvm  /home
│ └─centos-root 253:0    0 19.6G  0 lvm  /
├─sda3            8:3    0  9.6G  0 part
│ └─centos-root 253:0    0 19.6G  0 lvm  /
└─sda1            8:1    0  190M  0 part /boot

3. 资源主机服务构建

操作节点：resource
被操作节点：resource

3.1 环境准备

[root@localhost ~]# vi /etc/selinux/config
SELINUX=disabled
[root@localhost ~]# systemctl stop firewalld && systemctl disable firewalld
[root@localhost ~]# reboot
[root@localhost ~]# mkdir /blueicex/{soft,temp,image} /mnt/{cdrom,usb} -pv
[root@localhost ~]# lsblk
NAME            MAJ:MIN RM   SIZE RO TYPE MOUNTPOINT
sda               8:0    0    20G  0 disk
├─sda1            8:1    0   190M  0 part /boot
├─sda2            8:2    0  10.2G  0 part
│ ├─centos-root 253:0    0  19.6G  0 lvm  /
│ └─centos-home 253:1    0   192M  0 lvm  /home
└─sda3            8:3    0   9.6G  0 part └─centos-root 253:0    0  19.6G  0 lvm  /
sdb               8:16   0    20G  0 disk
sdc               8:32   0    20G  0 disk
sdd               8:48   1 233.3G  0 disk
├─sdd1            8:49   1 233.3G  0 part
└─sdd2            8:50   1  31.5K  0 part
sr0              11:0    1   4.3G  0 rom
[root@localhost ~]# echo "/dev/cdrom /mnt/cdrom iso9660 defaults 0 0" >> /etc/fstab
[root@localhost ~]# echo "/dev/sdd1 /mnt/usb vfat defaults 0 0" >> /etc/fstab
[root@localhost ~]# mount -a
[root@localhost ~]# rm /etc/yum.repos.d/* -rf
[root@localhost ~]# cp /mnt/usb/config/repos/source.repo /etc/yum.repos.d/
[root@localhost ~]# yum makecache
[root@localhost ~]# yum install -y wget git net-tools bind-utils iptables-services bridge-utils bash-completion kexec-tools sos psacct bash-completion.noarch bash-completion-extras.noarch python-passlib NetworkManager vim lrzsz psmisc tree ntp httpd-tools

★配置验证

[root@localhost ~]# getenforce
[root@localhost ~]# systemctl status firewalld
[root@localhost ~]# mount | egrep 'usb|cdrom'
/dev/sr0 on /mnt/cdrom type iso9660 (ro,relatime)
/dev/sdd1 on /mnt/usb type vfat (rw,relatime,fmask=0022,dmask=0022,codepage=437,iocharset=ascii,shortname=mixed,errors=remount-ro)

3.2 DNS服务构建

[root@localhost ~]# yum install bind -y
[root@localhost ~]# vim /etc/named.conf
options {listen-on port 53 { 127.0.0.1;any; };       allow-query     { localhost;any; };dnssec-enable no;dnssec-validation no;
[root@localhost ~]# vim /etc/named.rfc1912.zones      zone "blueicex.com" IN{type master;file "blueicex.com.zone";allow-update { none; };
};
[root@localhost ~]# cp /var/named/{named.empty,blueicex.com.zone}
[root@localhost ~]# vim /var/named/blueicex.com.zone
$TTL 3H
@       IN SOA  blueicex.com. blueice1980.126.com. (0       ; serial1D      ; refresh1H      ; retry1W      ; expire3H )    ; minimum
@       NS      dns.blueicex.com.
dns             A       192.168.0.77
master          A       192.168.0.71
node1           A       192.168.0.72
node2           A       192.168.0.73
node3           A       192.168.0.74
etcd            A       192.168.0.75
resource        A       192.168.0.77
registry        A       192.168.0.77
[root@localhost ~]# cd /var/named/
[root@localhost named]# chown root:named blueicex.com.zone
[root@localhost named]# named-checkconf /etc/named.conf
[root@localhoste named]# named-checkzone blueicex.com.zone blueicex.com.zone
zone blueicex.com.zone/IN: loaded serial 0
OK
[root@localhost named]# systemctl restart named && systemctl enable named

★配置验证

[root@localhost named]# dig @192.168.0.77 master.blueicex.com | grep master.blueicex.com.
;master.blueicex.com.       IN  A
master.blueicex.com.    10800   IN  A   192.168.0.71

3.3 httpd服务构建

★★★★构建单独的yum镜像源，镜像源文件提前下载到u盘中，整个openshift可脱机安装

[root@localhost ~]# yum -y install httpd
[root@localhost ~]# vim /etc/httpd/conf/httpd.conf
DocumentRoot "/mnt/usb"
[root@localhost ~]# cd /etc/httpd/conf.d/
[root@localhost conf.d]# vim yum.conf
<VirtualHost *:80>ServerAdmin blueice1980@126.comDocumentRoot  "/mnt/usb"# ServerName register.blueicex.com reource.blueicex.com ErrorLog "/var/log/httpd/yum-error_log"CustomLog "/var/log/httpd/yum-access_log" common
</VirtualHost>
<Directory /mnt/usb>Options AllAllowOverride NoneRequire all granted
</Directory>
[root@localhost conf.d]# mv welcome.conf welcome.conf.bak
[root@localhost conf.d]# systemctl start httpd && systemctl enable httpd

★配置验证

[root@localhost conf.d]# systemctl status httpd
[root@localhost conf.d]# curl http://192.168.0.77

3.4 ntp服务器构建

[root@localhost ~]# echo 'restrict 192.168.0.0 mask 255.255.255.0  nomodify notrap' >> /etc/ntp.conf
[root@localhost ~]# echo 'server 127.127.1.0' >> /etc/ntp.conf
[root@localhost ~]# echo 'fudge 127.127.1.0 stratum 10'>> /etc/ntp.conf
[root@localhost ~]# systemctl start ntpd && systemctl enable ntpd

★配置验证
和 “4.11 节点时间同步”共同验证

3.5 docker私有仓库构建

[root@localhost ~]# cp /mnt/usb/config/repos/yum.repo /etc/yum.repos.d/
[root@localhost ~]# yum install -y docker-distribution && systemctl start docker-distribution && systemctl enable docker-distribution

★配置验证

[root@localhost ~]# curl 192.168.0.77:5000/v2/_catalog
{"repositories":[]}

4. 主机基础配置

4.1 修改主机名

操作节点：master
被操作节点：master nodes etcd resource
需要输入主机密码

[root@localhost ~]# vi change-hostname.sh
ssh 192.168.0.71 hostnamectl set-hostname master.blueicex.com
ssh 192.168.0.72 hostnamectl set-hostname node1.blueicex.com
ssh 192.168.0.73 hostnamectl set-hostname node2.blueicex.com
ssh 192.168.0.74 hostnamectl set-hostname node3.blueicex.com
ssh 192.168.0.75 hostnamectl set-hostname etcd.blueicex.com
ssh 192.168.0.77 hostnamectl set-hostname resource.blueicex.com
[root@localhost ~]# bash change-hostname.sh

★配置验证

[root@localhost ~]# hostname
master.blueicex.com

4.2 配置DNS

操作节点：master
被操作节点：master nodes etcd resource
需要输入主机密码

[root@master ~]# vi config-dns.sh
for i in {2,3,4,5,7};
do ssh 192.168.0.7$i 'echo -e "DNS1=192.168.0.77\nDNS2=8.8.8.8\nNM_CONTROLLED=yes" >>/etc/sysconfig/network-scripts/ifcfg-ens33 && systemctl restart network'
done;
[root@master ~]# bash config-dns.sh
#ssh 本身主机不成功，需要从其他主机配置DNS
[root@resource ~]# ssh 192.168.0.71 'echo -e "DNS1=192.168.0.77\nDNS2=8.8.8.8\nNM_CONTROLLED=yes" >>/etc/sysconfig/network-scripts/ifcfg-ens33 && systemctl restart network'

★配置验证

[root@master ~]# cat /etc/resolv.conf | grep 192.168.0.77
nameserver 192.168.0.77

4.3 主机ssh互信

操作节点：master
被操作节点：master nodes etcd resource
需要输入主机密码

[root@master ~]# vi ssh-confidence.sh
rm -rf /root/.ssh/*
ssh-keygen -f /root/.ssh/id_rsa -N ''
ssh-copy-id -i ~/.ssh/id_rsa.pub master.blueicex.com
scp -r /root/.ssh node1.blueicex.com:/root/
scp -r /root/.ssh node2.blueicex.com:/root/
scp -r /root/.ssh node3.blueicex.com:/root/
scp -r /root/.ssh etcd.blueicex.com:/root/
scp -r /root/.ssh resource.blueicex.com:/root/
[root@master ~]# bash ssh-confidence.sh

★配置验证
★★★★★这6步一定要做，否则会报没有权限的错误，进入后，exit命令退出，for循环会进入下一个主机

[root@master ~]# for i in {master,node1,node2,node3,etcd,resource};do ssh $i ;done;
[root@node1 ~]# for i in {master,node1,node2,node3,etcd,resource};do ssh $i ;done;
[root@node2 ~]# for i in {master,node1,node2,node3,etcd,resource};do ssh $i ;done;
[root@node3 ~]# for i in {master,node1,node2,node3,etcd,resource};do ssh $i ;done;
[root@etcd ~]# for i in {master,node1,node2,node3,etcd,resource};do ssh $i ;done;
[root@resource ~]# for i in {master,node1,node2,node3,etcd,resource};do ssh $i ;done;

4.4 主节点配置yum源

操作节点：master
被操作节点：master

[root@master ~]# vi master-config-yum.sh
mkdir /mnt/{cdrom,usb} /blueicex/{soft,image,temp} -pv
rm -rf /etc/yum.repos.d/Ce*.*
scp resource.blueicex.com:/mnt/usb/config/repos/* /etc/yum.repos.d/
echo "/dev/cdrom /mnt/cdrom iso9660 defaults 0 0" >> /etc/fstab
mount -a
yum makecache
[root@master ~]# bash master-config-yum.sh

★★此处做快照镜像

4.5 主节点安装 ansible-2.6.5

操作节点：master
被操作节点：master
安装openshift-ansible-3.11.37后发现，仅仅支持Ansible >= 2.6.5
★★★★★这是个坑

[root@master ~]# cat /usr/share/doc/openshift-ansible-3.11.37/README.md
- Ansible >= 2.6.5, Ansible 2.7 is not yet supported and known to fail

[root@master ~]# yum install -y ansible-2.6.5
[root@master ~]# vi /etc/ansible/hosts
[alls]
master.blueicex.com
node1.blueicex.com
node2.blueicex.com
node3.blueicex.com
etcd.blueicex.com
[nodes]
node1.blueicex.com
node2.blueicex.com
node3.blueicex.com
[master]
master.blueicex.com
[etcd]
etcd.blueicex.com
[resource]
resource.blueicex.com

★配置验证

[root@master ~]# ansible all -m shell -a 'touch /root/test'
[root@master ~]# ansible all -m shell -a 'ls /root/' | grep test | wc -l
6

4.6 其他节点配置yum源

操作节点：master
被操作节点：nodes etcd resource

[root@master ~]# vi othernodes-config-yum.sh
ansible nodes,resource,etcd -m shell -a 'mkdir /mnt/{cdrom,usb} /blueicex/{soft,image,temp} -pv'
ansible nodes,resource,etcd -m shell -a 'rm -rf /etc/yum.repos.d/Ce*.*'
ansible nodes,resource,etcd -m shell -a 'echo "/dev/cdrom /mnt/cdrom iso9660 defaults 0 0">>/etc/fstab'
ansible nodes,resource,etcd -m shell -a 'mount -a'
ansible nodes,resource,etcd -m copy -a 'src=/etc/yum.repos.d/ dest=/etc/yum.repos.d/'
[root@master ~]# bash othernodes-config-yum.sh

★配置验证

#共6台主机
[root@master ~]# ansible all -m shell -a 'ls /etc/yum.repos.d' | grep yum.repo | wc -l
6

4.7 关闭防火墙

操作节点：master
被操作节点：master nodes etcd resource

[root@master ~]# ansible all -m shell -a 'systemctl stop firewalld && systemctl disable firewalld'

★配置验证

#共6台主机
[root@master ~]# ansible all -m shell -a 'systemctl status firewalld' | grep inactive | wc -l
6

4.8 开启selinux

操作节点：master
被操作节点：master nodes etcd
默认是开启的，可不手动开启

[root@master ~]# ansible alls -m shell -a 'sed -i s/^SELINUX=.*/SELINUX=enforcing/g /etc/selinux/config'
[root@master ~]# ansible  all -m shell -a 'touch /.autorelabel '
[root@master ~]# ansible nodes,etcd -m shell -a 'reboot'
[root@master ~]# ansible master -m shell -a 'reboot'

★配置验证

#共6台主机,resource主机没有enforcing
[root@master ~]# ansible all -m shell -a 'getenforce' | grep Enforcing | wc -l
5

4.9 配置sshd

操作节点：master
被操作节点：master nodes etcd resource

[root@master ~]# ansible all -m shell -a 'echo UseDNS=no >>/etc/ssh/sshd_config'
[root@master ~]# ansible all -m shell -a 'systemctl restart sshd'

★配置验证

#共6台主机
[root@master ~]# ansible all -m shell -a 'grep  -w UseDNS=no /etc/ssh/sshd_config' | wc -l
12

4.10 基础安装

操作节点：master
被操作节点：master nodes etcd resource

[root@master ~]# ansible all -m shell -a 'yum install -y wget git net-tools bind-utils iptables-services bridge-utils bash-completion kexec-tools sos psacct bash-completion.noarch bash-completion-extras.noarch python-passlib NetworkManager vim lrzsz psmisc tree ntp httpd-tools'

4.11 节点时间同步

操作节点：master
被操作节点：master nodes etcd resource

[root@master ~]# ansible resource -m shell -a 'systemctl stop ntpd && ntpdate ntp.ntsc.ac.cn && systemctl start ntpd'
[root@master ~]# ansible alls -m shell -a 'ntpdate resource.blueicex.com'

★配置验证

[root@master ~]# ansible alls -m shell -a 'date'

4.12 设置ip地址转发及iptables放行

操作节点：master
被操作节点：master nodes etcd resource

[root@master ~]# ansible alls -m shell -a ' echo "1" > /proc/sys/net/ipv4/ip_forward'
[root@master ~]# ansible alls -m shell -a 'iptables -P FORWARD ACCEPT'
[root@master ~]# ansible alls -m shell -a '/sbin/iptables -I INPUT -p tcp --dport 8443 -j ACCEPT && service iptables save'

★★★此处做镜像快照

5. docker 部署

5.1 yum安装 docker

操作节点：master
被操作节点：master nodes etcd resource

[root@master ~]# ansible all -m shell -a 'yum install docker -y '

5.2 docker 配置

5.2.1 修改镜像仓库地址
操作节点：master
被操作节点：master nodes etcd resource

[root@master ~]# vim /etc/containers/registries.conf
[registries.search]
registries = ['registry.docker-cn.com','hub-mirror.c.163.com','docker.mirrors.ustc.edu.cn','resource.blueicex.com:5000','2savhou3.mirror.aliyuncs.com']
[registries.insecure]
registries = ['resource.blueicex.com:5000']
[registries.block]
registries = []
[root@master ~]# ansible nodes,etcd,resource -m copy -a 'src=/etc/containers/registries.conf dest=/etc/containers/'

5.2.2 配置 daemon.json
操作节点：master
被操作节点：master nodes etcd resource
"https://2savhou3.mirror.aliyuncs.com"为阿里云镜像加速器

[root@master ~]# vim /etc/docker/daemon.json
{"registry-mirrors": ["https://registry.docker-cn.com","http://hub-mirror.c.163.com","https://docker.mirrors.ustc.edu.cn","https://2savhou3.mirror.aliyuncs.com"],"insecure-registries":["resource.blueicex.com:5000"]
}
[root@master ~]# ansible nodes,etcd,resource  -m copy -a 'src=/etc/docker/daemon.json  dest=/etc/docker/daemon.json'

5.2.3 配置执行 docker-storage-setup
操作节点：master
被操作节点：master nodes etcd resource

[root@master ~]# find / -iname container-storage-setup
/run/container-storage-setup
/usr/bin/container-storage-setup
/usr/share/container-storage-setup
[root@master ~]# vim config-docker-storage-setup
cp /usr/share/container-storage-setup /etc/sysconfig/config-docker-storage-setup
echo DEVS=/dev/sdb >> /etc/sysconfig/config-docker-storage-setup
echo VG=dockervg  >> /etc/sysconfig/config-docker-storage-setup
ansible nodes -m copy -a 'src=/etc/sysconfig/docker-storage-setup dest=/etc/sysconfig/'
ansible all -m shell -a 'bash docker-storage-setup'
[root@master ~]# bash config-docker-storage-setup.sh

5.2.5 启动 docker
修改docker为允许selinux

[root@master ~]#vim /etc/sysconfig/docker
# Modify these options if you want to change the way the docker daemon runs
OPTIONS='--selinux-enabled=true --log-driver=journald --signature-verification=false'
[root@master ~]# ansible nodes -m copy -a 'src=/etc/sysconfig/docker  dest=/etc/sysconfig/'

5.2.6 启动 docker
操作节点：master
被操作节点：master nodes etcd resource

[root@master ~]# ansible all -m shell -a 'systemctl start docker  && systemctl enable docker'

5.2.7 敏捷部署 docker
操作节点：master
被操作节点：master nodes etcd resource
以上可以浓缩为 initdocker.sh，docker-storage-setup、daemon.json、registries.conf事先已定义完毕

[root@master ~]# vim initdocker.sh
ansible all -m shell -a 'yum remove docker* -y && yum install docker docker-distribution -y '
ansible all -m get_url -a 'url=http://resource.blueicex.com/config/docker/daemon.json dest=/etc/docker/'
ansible all -m get_url -a 'url=http://resource.blueicex.com/config/docker/docker dest=/etc/sysconfig/'
ansible all -m get_url -a 'url=http://resource.blueicex.com/config/docker/docker-storage-setup dest=/etc/sysconfig/'
ansible all -m get_url -a 'url=http://resource.blueicex.com/config/docker/registries.conf dest=/etc/containers/'
ansible all -m shell -a 'docker-storage-setup && systemctl start docker docker-distribution  && systemctl enable docker docker-distribution '
ansible all -m shell -a 'lsblk | grep docker'
[root@master ~]# bash initdocker.sh

★配置验证

[root@master ~]# ansible all -m shell -a 'docker info'
[root@master ~]# curl resource.blueicex.com:5000/v2/_catalog

6. 装载镜像

操作节点：master
被操作节点：master nodes etcd resource
master 节点下载装载镜像,镜像已在资源主机192.168.0.77下载完毕

[root@master ~]# cd /blueicex/image/
[root@master image]# rm * -rf
[root@master image]# vim openshift-image.txt
http://192.168.0.77/freesoft/openshift-image/openshift3.11/origin-node-v3.11.tar
http://192.168.0.77/freesoft/openshift-image/openshift3.11/origin-control-plane-v3.11.tar
http://192.168.0.77/freesoft/openshift-image/openshift3.11/origin-haproxy-router-v3.11.tar
http://192.168.0.77/freesoft/openshift-image/openshift3.11/origin-deployer-v3.11.0.tar
http://192.168.0.77/freesoft/openshift-image/openshift3.11/origin-pod-v3.11.0.tar
http://192.168.0.77/freesoft/openshift-image/openshift3.11/cluster-monitoring-operator-v0.1.1.tar
http://192.168.0.77/freesoft/openshift-image/openshift3.11/origin-docker-registry-v3.11.tar
http://192.168.0.77/freesoft/openshift-image/openshift3.11/origin-console-v3.11.tar
http://192.168.0.77/freesoft/openshift-image/openshift3.11/prometheus-config-reloader-v0.23.2.tar
http://192.168.0.77/freesoft/openshift-image/openshift3.11/prometheus-operator-v0.23.2.tar
http://192.168.0.77/freesoft/openshift-image/openshift3.11/origin-web-console-v3.11.tar
http://192.168.0.77/freesoft/openshift-image/openshift3.11/origin-metrics-server-v3.11.tar
http://192.168.0.77/freesoft/openshift-image/openshift3.11/origin-metrics-heapster-v3.11.tar
http://192.168.0.77/freesoft/openshift-image/openshift3.11/origin-metrics-hawkular-metrics-v3.11.tar
http://192.168.0.77/freesoft/openshift-image/openshift3.11/origin-metrics-schema-installer-v3.11.tar
http://192.168.0.77/freesoft/openshift-image/openshift3.11/origin-metrics-cassandra-v3.11.tar
http://192.168.0.77/freesoft/openshift-image/openshift3.11/kubernetes-latest.tar
http://192.168.0.77/freesoft/openshift-image/openshift3.11/prometheus-alertmanager-v0.15.2.tar
http://192.168.0.77/freesoft/openshift-image/openshift3.11/prometheus-node-exporter-v0.16.0.tar
http://192.168.0.77/freesoft/openshift-image/openshift3.11/prometheus-v2.3.2.tar
http://192.168.0.77/freesoft/openshift-image/openshift3.11/grafana-5.2.1.tar
http://192.168.0.77/freesoft/openshift-image/openshift3.11/kube-state-metrics-v1.3.1.tar
http://192.168.0.77/freesoft/openshift-image/openshift3.11/oauth-proxy-v1.1.0.tar
http://192.168.0.77/freesoft/openshift-image/openshift3.11/configmap-reload-v0.0.1.tar
[root@master image]# wget -c -i openshift-image.txt
[root@master image]# for i in `ls *.tar` ; do docker image load -i $i;done;
[root@master image]# docker images | awk -F" " '{print $1":"$2}' | awk -F"/" '{print "docker image tag "$1"/"$2"/"$3" resource.blueicex.com:5000/"$2"/"$3}' > temp
[root@master image]# sed '/REPOSITORY/d' temp > marktag.sh
[root@master image]# bash marktag.sh
[root@master image]# awk -F" " '{print "docker push "$5}' marktag.sh >pushimage.sh
[root@master image]# bash pushimage.sh
[root@node1 ~]# watch curl resource.blueicex.com:5000/v2/_catalog
{"repositories":["cockpit/kubernetes","coreos/cluster-monitoring-operator","coreos/configmap-reload","coreos/kube-state-metrics","coreos/prometheus-config-reloader","coreos/prometheus-operator","grafana/grafana","openshift/oauth-proxy","openshift/origin-console","openshift/origin-control-plane","openshift/origin-deployer","openshift/origin-docker-registry","openshift/origin-haproxy-router","openshift/origin-metrics-cassandra","openshift/origin-metrics-hawkular-metrics","openshift/origin-metrics-heapster","openshift/origin-metrics-schema-installer","openshift/origin-metrics-server","openshift/origin-node","openshift/origin-pod","openshift/origin-web-console","openshift/prometheus","openshift/prometheus-alertmanager","openshift/prometheus-node-exporter"]}
#nodes etcd 节点下载装载镜像
[root@master image]# ansible nodes,etcd -m copy -a 'src=/blueicex/image/openshift-image.txt dest=/blueicex/image/'
[root@master image]# ansible nodes,etcd -m shell -a 'cd /blueicex/image && wget -c -i openshift-image.txt'
[root@master image]# ansible nodes,etcd -m shell -a 'for i in `ls /blueicex/image/*.tar` ; do docker image load -i $i;done;'

★配置验证

[root@master ~]# ansible master,nodes,etcd -m shell -a 'docker images | wc -l'

★★★此处做镜像快照

7. openshift-ansible-3.11 安装

操作节点：master
被操作节点：master

#太慢，不建议使用此种方式
[root@master ~]# git clone https://github.com/openshift/openshift-ansible
#推荐yum安装
[root@master ~]# yum list openshift-ansible --showduplica|grep 3.11
Bad id for repo: centos-paas-openshift-origin , byte =   28
openshift-ansible.noarch 3.11.37-1.git.0.3b8b341.el7       centos-paas-openshift-origin311
[root@master ~]# yum install -y openshift-ansible-3.11.37
[root@master ~]# rpm -ql openshift-ansible
/usr/share/ansible/openshift-ansible
/usr/share/doc/openshift-ansible-3.11.37
/usr/share/doc/openshift-ansible-3.11.37/README.md

★配置验证
ansible 要保持在2.6.5版本

[root@master ~]# rpm -ql openshift-ansible
[root@master ~]# ansible --version
ansible 2.6.5

8. 补充更新

操作节点：master
被操作节点：master nodes etcd resource

[root@master ~]# ansible all -m shell -a 'yum install -y  pyOpenSSL python-cryptography python-lxml java-1.8.0-openjdk-headless patch'
[root@master ~]# ansible all -m shell -a 'yum update -y'

9. 配置 openshift-ansible

操作节点：master
被操作节点：master

[root@master ~]# cd /etc/ansible/
[root@master ansible]# vim inventory-3.11
#Create an OSEv3 group that contains the masters and nodes groups
[OSEv3:children]
masters
nodes
etcd
lb
#Set variables common for all OSEv3 hosts
[OSEv3:vars]
#SSH user, this user should allow ssh based auth without requiring a password
ansible_ssh_user=root#If ansible_ssh_user is not root, ansible_become must be set to true
#ansible_become=true
openshift_deployment_type=origin
openshift_release=3.11
openshift_image_tag=v3.11
openshift_pkg_version=-3.11.0
openshift_use_openshift_sdn=true
#uncomment the following to enable htpasswd authentication; defaults to DenyAllPasswordIdentityProvider
openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', 'challenge': 'true', 'kind': 'HTPasswdPasswordIdentityProvider'}]openshift_master_default_subdomain=blueicex.com
openshift_disable_check=docker_storage,memory_availability,disk_availability,docker_image_availability
openshift_master_cluster_method=native
openshift_master_cluster_hostname=master.blueicex.com
openshift_master_cluster_public_hostname=master.blueicex.com
#false
openshift_metrics_install_metrics=false
ansible_service_broker_install=false
openshift_enable_service_catalog=false
template_service_broker_install=false
openshift_logging_install_logging=false
enable_excluders=false#registry passwd
#oreg_url=192.168.0.77:5000/openshift3/ose-component:{version}
oreg_url=resource.blueicex.com:5000/openshift/origin-${component}:${version}
openshift_examples_modify_imagestreams=true# Enable cockpit
#osm_use_cockpit=true
#
# Set cockpit plugins
#osm_cockpit_plugins=['cockpit-kubernetes']#docker config
openshift_docker_additional_registries=resource.blueicex.com
openshift_docker_insecure_registries=resource.blueicex.com
#openshift_docker_blocked_registriesopenshift_docker_options="–log-driver json-file --log-opt max-size=1M --log-opt max-file=3"
#--insecure-registry 192.168.0.0/16# OpenShift Router Options
# Router selector (optional)
# Router will only be created if nodes matching this label are present.
# Default value: 'node-role.kubernetes.io/infra=true'
#openshift_hosted_router_selector='node-role.kubernetes.io/infra=true'
#
# Router replicas (optional)
# Unless specified, openshift-ansible will calculate the replica count
# based on the number of nodes matching the openshift router selector.
#openshift_hosted_router_replicas=2# Openshift Registry Options
# Registry selector (optional)
# Registry will only be created if nodes matching this label are present.
# Default value: 'node-role.kubernetes.io/infra=true'
#openshift_hosted_registry_selector='node-role.kubernetes.io/infra=true'
#
# Registry replicas (optional)
# Unless specified, openshift-ansible will calculate the replica count
# based on the number of nodes matching the openshift registry selector.
#openshift_hosted_registry_replicas=2openshift_cluster_monitoring_operator_install=true
# openshift_metrics_install_metrics=true
# openshift_enable_unsupported_configurations=True
# openshift_logging_es_nodeselector='node-role.kubernetes.io/infra: "true"'
# openshift_logging_kibana_nodeselector='node-role.kubernetes.io/infra: "true"'[masters]
master.blueicex.com [lb]
node1.blueicex.com  [etcd]
master.blueicex.com [nodes]
master.blueicex.com openshift_schedulable=True openshift_node_group_name='node-config-master'
node1.blueicex.com openshift_node_group_name='node-config-compute'
node2.blueicex.com openshift_node_group_name='node-config-compute'
etcd.blueicex.com openshift_node_group_name='node-config-compute'
node3.blueicex.com openshift_node_group_name='node-config-infra'
#master.blueicex.com openshift_node_group_name='node-config-master'
#node1.blueicex.com openshift_node_group_name='node-config-compute' openshift_ip=192.168.0.72
#master.blueicex.com openshift_schedulable=True openshift_node_group_name='node-config-all-in-one'
#node2.blueicex.com openshift_node_group_name='node-config-compute' openshift_ip=192.168.0.73
#node3.blueicex.com openshift_node_group_name='node-config-compute' openshift_ip=192.168.0.74
#node2.blueicex.com openshift_node_group_name='node-config-infra'   openshift_ip=192.168.0.73

10. 安装

操作节点：master
被操作节点：master nodes etcd

[root@master ~]# cd /usr/share/ansible/openshift-ansible/roles/openshift_repos/templates
[root@master templates]# cp CentOS-OpenShift-Origin.repo.j2 CentOS-OpenShift-Origin.repo.j2.bak
[root@master templates]# /bin/cp /etc/yum.repos.d/yum.repo CentOS-OpenShift-Origin.repo.j2

★★★★★★建议做快照备份

[root@master ~]# cd /usr/share/ansible/openshift-ansible#安装前检查此处报错，docker不能启动，我略过了安装检查
[root@master openshift-ansible]# ansible-playbook -i /etc/ansible/inventory-3.11 playbooks/prerequisites.yml
#安装
[root@master openshift-ansible]# ansible-playbook -i /etc/ansible/inventory-3.11 playbooks/deploy_cluster.yml#如需重新安装，先卸载
[root@master openshift-ansible]# ansible-playbook -i /etc/ansible/inventory-3.11 playbooks/adhoc/uninstall.yml

安装过程中会报错，docker容器起不来，执行"5.2.5 敏捷部署 docker"。

#开启selinux后，有可能进入不到系统，需要重新打标
touch /.autorelabel

————Blueicex 2020/05/19 23:35 blueice1980@126.com

OpenShift——openshift 3.11 集群安装（亲测版，你懂的）相关推荐

1. openstack集群安装（Rocky版）

   openstack集群安装(Rocky版) 开放栈文档:rocky安装指南 (openstack.org) 一.网络规划 在提供商网络架构中,所有实例都直接附加到提供商网络.在自助服务(私有)网络架构 ...

2. 利用VmWare_在本地内网IP地址段_搭建Centos7测试MyCat集群_亲测---Linux工作笔记044

   最近在搭建Mycat集群,碰到了机器不够用的情况: 如果你跟我一样,没有这么多的机器,来搭建集群,你可以像我这样,假如你一共有3台机器,你可以一台机器,装上Centos系统,上面安装上MyCat. 另 ...

3. k8s集群搭建(亲测有效)

   环境准备 集群数量此次使用3台CentOS 7系列机器 节点名称 节点IP k8s-master01 192.168.0.150 k8s-node01 192.168.0.151 k8s-node02 ...

4. mysql-cluste多少钱_mysql-cluster集群（亲测）

   重要说明:mysql-cluste与非集群时用的mysql-server与mysql-client没有任何关系,mysql-cluste安装包中已自带了集群用的server与client,启动mysq ...

5. mongodb生成自签名证书以及配置SSL以及mongo集群搭建(亲测有效)版本-5.0.6

   @[TOC](mongodb生成自签名证书以及配置SSL(亲测有效) 版本-5.0.6 一直以来都是向大神学习,今天也做回大神分享,哈哈!!几个小时的努力不算白费. 一.自签名证书生成 1.生成根证书 ...

6. redis伪集群安装linux,redis伪集群搭建（亲测无坑）

   一.单机版安装部署,伪集群只需要操作前1-8步即可,再往下浏览找到:二.单机版-伪集群  安装部署继续搭建,如需设置密码参照第10步 1.安装基本工具 yum install -y gcc-c++ v ...

7. 一起来学k8s 38. 二进制k8s集群安装EFK

   二进制k8s集群安装EFK 环境准备 ##/etc/hosts 192.168.48.101 master01 192.168.48.102 master02 192.168.48.103 maste ...

8. k8s1.18多master节点高可用集群安装-超详细中文官方文档

   kubernetes安装系列文章 kubernetes1.17.3安装-超详细的安装步骤 安装kubernetes1.17.3多master节点的高可用集群 k8s1.18单master节点高可用集群 ...

9. CentOS7.9上部署OpenShift3.11集群

   CentOS7.9上部署OpenShift3.11集群 OCP官网文档:https://docs.openshift.com/container-platform/3.11/welcome/index ...

10. 大数据介绍及集群安装

    大数据介绍及集群安装 第一部分 <大数据概述> 传统数据如何处理? 什么是大数据? 传统数据与大数据的对比 大数据的特点? 大数据前/后服务器系统安装部署区别是什么?. 大数据生态系统以及 ...

最新文章

1. Apache启动报错
2. 《HeadFirst设计模式》笔记
3. docker下安装Nginx的方法
4. 理解 ActivityExecutionContextManager
5. Spring Bean 后置处理器PostProcessor
6. SAP CRM里的settype和relationship有什么区别
7. linux系统编程：read,write与lseek的综合应用
8. 使用命名空间别名限定符 ::
9. NHibernate Antlr.Runtime.NoViableAltException报错
10. docker启动nginx后挂了_使用docker启动nginx并挂载配置nginx
11. VC++ MFC 经典教程 – 基础篇
12. 解决Rufus不会自动下载ldlinux.sys和ldlinux.bss文件问题
13. 黑龙江高中计算机结业水平测试,黑龙江省普通高中信息技术学业水平考试标准.doc...
14. socket编程常用函数
15. 用C++做的文本分割器（就是黑乎乎的那个）
16. 第二次作业：微博案例分析
17. Python jiba 分词
18. python——报数游戏
19. python语句print(type(1j))的输出结果_Python 语句print(type(1J))的输出结果是：_学小易找答案...
20. 人机博弈 围棋程序GNU GO 所有版本源码及使用方法

热门文章

1. Win10开启高性能、卓越性能模式的方法
2. 企业微信有网页版登录吗？
3. 你在为谁工作——IT帮深圳分站2019年3月线下活动回顾
4. 计算机及软件工程专业基础综合,2019年东华大学854计算机及软件工程专业基础综合考研初试大纲...
5. Windows8[Web应用程序项目***已配置为使用IIS。无法访问IIS元数据库，您没有足够的特权访问计算机上的IIS网站]
6. 番外篇：常见安全漏洞及解决方案
7. C++ | isupper函数用法
8. vivo X9的usb调试模式在哪里，开启vivo X9usb调试模式的方法
9. mongo按季度统计_三季度国内纯碱市场总结及四季度分析
10. 努比亚手机老是出现android,努比亚又一老机型迅速升级Android 5.0