openshift 3.10部署文档
机器
ip | hostname |
---|---|
10.39.47.63 | openshift-master |
10.39.47.64 | openshift-node-64 |
10.39.47.65 | openshift-node-65 |
10.39.47.66 | openshift-node-66 |
系统
[root@openshift-master ansible]# cat /etc/redhat-release
CentOS Linux release 7.2.1511 (Core)
每台都执行yum升级并安装必要的软件包
yum clean all && yum update -y && yum install epel-release -y && yum install lrzsz tree -y
每台都配置系统时区为GMT+8
timedatectl set-timezone Asia/Shanghai
每台都安装docker,并配置docker mirror源
yum install docker -y
cat /etc/docker/daemon.json
{
"registry-mirrors": ["https://registry.docker-cn.com"]
}
每个节点都要执行
添加host映射
vi /etc/hosts
10.39.47.63 openshift-master openshift-master.example.com
10.39.47.64 openshift-node-64 openshift-node-64.example.com
10.39.47.65 openshift-node-65 openshift-node-65.example.com
10.39.47.66 openshift-node-66 openshift-node-66.example.com
格式化磁盘(每个节点)
[root@openshift-node-66 ~]# fdisk /dev/vdc
Welcome to fdisk (util-linux 2.23.2).Changes will remain in memory only, until you decide to write them.
Be careful before using the write command.Device does not contain a recognized partition table
Building a new DOS disklabel with disk identifier 0x658c9b83.Command (m for help): n
Partition type:p primary (0 primary, 0 extended, 4 free)e extended
Select (default p):
Using default response p
Partition number (1-4, default 1):
First sector (2048-545259519, default 2048):
Using default value 2048
Last sector, +sectors or +size{K,M,G} (2048-545259519, default 545259519):
Using default value 545259519
Partition 1 of type Linux and of size 260 GiB is setCommand (m for help): w
The partition table has been altered!Calling ioctl() to re-read partition table.
Syncing disks.
[root@openshift-node-66 ~]# lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
vda 253:0 0 100G 0 disk
└─vda1 253:1 0 100G 0 part /
vdb 253:16 0 16G 0 disk [SWAP]
vdc 253:32 0 260G 0 disk
└─vdc1 253:33 0 260G 0 part
[root@openshift-node-66 ~]# bi
bind biosdecode biosdevname
[root@openshift-node-66 ~]# b
badblocks bg blkid btrfs btrfs-map-logical bunzip2 bzip2
base64 bind blockdev btrfsck btrfs-select-super busctl bzip2recover
basename biosdecode bond2team btrfs-convert btrfstune bzcat bzless
bash biosdevname bootctl btrfs-debug-tree btrfs-zero-log bzcmp bzmore
bashbug blkdeactivate break btrfs-find-root build-locale-archive bzdiff
bashbug-64 blkdiscard bridge btrfs-image builtin bzgrep
[root@openshift-node-66 ~]# bl
blkdeactivate blkdiscard blkid blockdev
[root@openshift-node-66 ~]# bl
blkdeactivate blkdiscard blkid blockdev
[root@openshift-node-66 ~]# blkid
/dev/vda1: UUID="277fd82b-0856-4e23-8371-1f11823281b7" TYPE="ext4"
/dev/vdb: LABEL="YUNIFYSWAP" UUID="48eb1df6-1663-4a52-ab30-040d552c2d76" TYPE="swap"
[root@openshift-node-66 ~]# mkfs.xfs /dev/vdc1
meta-data=/dev/vdc1 isize=512 agcount=4, agsize=17039296 blks= sectsz=512 attr=2, projid32bit=1= crc=1 finobt=0, sparse=0
data = bsize=4096 blocks=68157184, imaxpct=25= sunit=0 swidth=0 blks
naming =version 2 bsize=4096 ascii-ci=0 ftype=1
log =internal log bsize=4096 blocks=33279, version=2= sectsz=512 sunit=0 blks, lazy-count=1
realtime =none extsz=4096 blocks=0, rtextents=0
[root@openshift-node-66 ~]# blkid
/dev/vda1: UUID="277fd82b-0856-4e23-8371-1f11823281b7" TYPE="ext4"
/dev/vdb: LABEL="YUNIFYSWAP" UUID="48eb1df6-1663-4a52-ab30-040d552c2d76" TYPE="swap"
/dev/vdc1: UUID="ade4f022-1f2d-4854-a34e-876d874b71f8" TYPE="xfs"
[root@openshift-node-66 ~]# vi /etc/fstab
[root@openshift-node-66 ~]#
[root@openshift-node-66 ~]#
[root@openshift-node-66 ~]#
[root@openshift-node-66 ~]#
[root@openshift-node-66 ~]#
[root@openshift-node-66 ~]#
[root@openshift-node-66 ~]# systemctl stop docker
[root@openshift-node-66 ~]# mount -a
[root@openshift-node-66 ~]# systemctl start docker
[root@openshift-node-66 ~]# lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
vda 253:0 0 100G 0 disk
└─vda1 253:1 0 100G 0 part /
vdb 253:16 0 16G 0 disk [SWAP]
vdc 253:32 0 260G 0 disk
└─vdc1 253:33 0 260G 0 part /var/lib/docker
需要打开selinux
[root@openshift-master ~]# cat /etc/selinux/config # This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=enforcing
# SELINUXTYPE= can take one of these two values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are protected.
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
Master节点
在master节点上生成免密码登录的ssh key
[root@openshift-master ansible] yum install -y ansible
[root@openshift-master ansible]# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
6e:63:84:52:ae:ca:0e:9f:7c:e8:3e:fa:cd:e9:9e:21 root@openshift-master
The key's randomart image is:
+--[ RSA 2048]----+
| |
| |
| . |
| o . |
| . o S |
| o o |
|. E.o = |
| =o*.+ o . |
|.*@=B |
+-----------------+
[root@openshift-master ansible]# ssh-copy-id 10.39.47.63
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
Warning: Permanently added '10.39.47.63' (ECDSA) to the list of known hosts.
root@10.39.47.63's password: Number of key(s) added: 1Now try logging into the machine, with: "ssh '10.39.47.63'"
and check to make sure that only the key(s) you wanted were added.[root@openshift-master ansible]# ssh-copy-id 10.39.47.64
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
Warning: Permanently added '10.39.47.64' (ECDSA) to the list of known hosts.
root@10.39.47.64's password: Number of key(s) added: 1Now try logging into the machine, with: "ssh '10.39.47.64'"
and check to make sure that only the key(s) you wanted were added.[root@openshift-master ansible]# ssh-copy-id 10.39.47.65
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
Warning: Permanently added '10.39.47.65' (ECDSA) to the list of known hosts.
root@10.39.47.65's password: Number of key(s) added: 1Now try logging into the machine, with: "ssh '10.39.47.65'"
and check to make sure that only the key(s) you wanted were added.
安装ansible-openshift脚本
yum install centos-release-openshift-origin310 -yyum install openshift-ansible -y
每台都安装docker,并配置docker mirror源
yum install docker ansible -y
升级ansible(openshift对ansible要求严格)
yum install python-pip python-devel -y
yum install gcc glbc-devel zlib-devel rpm-build openssl-devel -y
pip install -U pip
pip install cryptography -U
pip install ansible --upgrade
需要升级到ansible 2.7.1
升级ansible的文档参考Ansible系列(一) Centos7 安装ansible ,解决cryptography版本低引起的故障问题
TASK [openshift_control_plane : Wait for all control plane pods to become ready] *****************************************************************************
FAILED - RETRYING: Wait for all control plane pods to become ready (60 retries left).
FAILED - RETRYING: Wait for all control plane pods to become ready (59 retries left).
FAILED - RETRYING: Wait for all control plane pods to become ready (58 retries left).
FAILED - RETRYING: Wait for all control plane pods to become ready (57 retries left).
FAILED - RETRYING: Wait for all control plane pods to become ready (56 retries left).
FAILED - RETRYING: Wait for all control plane pods to become ready (55 retries left).
FAILED - RETRYING: Wait for all control plane pods to become ready (54 retries left).
FAILED - RETRYING: Wait for all control plane pods to become ready (53 retries left).
FAILED - RETRYING: Wait for all control plane pods to become ready (52 retries left).
FAILED - RETRYING: Wait for all control plane pods to become ready (51 retries left).
这个原因是没有生etcd-ca的证书/etc/origin/master/master.etcd-ca.crt
root@openshift-master ~]# docker ps -a | grep api
5c20e93ac530 ebcfed580e6b "/bin/bash -c '#!/..." 2 minutes ago Exited (255) 2 minutes ago k8s_api_master-api-openshift-master_kube-system_9ca23c5815da8ed1d3dca61d87e1f6ab_77
7f55a8778021 docker.io/openshift/origin-pod:v3.10.0 "/usr/bin/pod" 5 hours ago Up 5 hours k8s_POD_master-api-openshift-master_kube-system_9ca23c5815da8ed1d3dca61d87e1f6ab_0
[root@openshift-master ~]# docker logs 5c20e93ac530
...
Invalid MasterConfig /etc/origin/master/master-config.yamletcdClientInfo.ca: Invalid value: "/etc/origin/master/master.etcd-ca.crt": could not read file: stat /etc/origin/master/master.etcd-ca.crt: no such file or directory
相关的issue
https://github.com/openshift/openshift-ansible/issues/8376
https://bugzilla.redhat.com/show_bug.cgi?id=1638699
https://github.com/openshift/openshift-ansible/issues/10368
配置 ansible 库存文件
[root@openshift-master ~]# cat /etc/ansible/hosts
# Create an OSEv3 group that contains the masters, nodes, and etcd groups
[OSEv3:children]
masters
nodes
etcd# Set variables common for all OSEv3 hosts
[OSEv3:vars]
ansible_ssh_user=root
#ansible_become=true
openshift_deployment_type=origin
# uncomment the following to enable htpasswd authentication; defaults to AllowAllPasswordIdentityProvider
openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', 'challenge': 'true', 'kind': 'HTPasswdPasswordIdentityProvider'}]openshift_ca_cert_expire_days=3650
openshift_node_cert_expire_days=3650
openshift_master_cert_expire_days=3650
etcd_ca_default_days=3650#This variable overrides the default subdomain to use for exposed routes
openshift_hosted_manage_registry=false
openshift_disable_check=memory_availability,disk_availability,docker_image_availability
openshift_enable_service_catalog=false
template_service_broker_install=false
ansible_service_broker_install=false# host group for masters
[masters]
openshift-master.example.com# host group for etcd
[etcd]
openshift-master.example.com# host group for nodes, includes region info
[nodes]
openshift-master.example.com openshift_node_group_name='node-config-master-infra'
openshift-node-64.example.com openshift_node_group_name='node-config-compute'
openshift-node-65.example.com openshift_node_group_name='node-config-compute'
openshift-node-66.example.com openshift_node_group_name='node-config-compute'
执行准备工作命令
ansible-playbook /usr/share/ansible/openshift-ansible/playbooks/prerequisites.yml
安装openshift
ansible-playbook /usr/share/ansible/openshift-ansible/playbooks/deploy_cluster.yml
卸载openshift
ansible-playbook /usr/share/ansible/openshift-ansible/playbooks/adhoc/uninstall.yml
添加本地主hosts
➜ # cat /etc/hosts
10.39.47.63 openshift-master
创建用户,参考设置openshift用户登录
[root@openshift-master ~]# htpasswd -b /etc/origin/master/htpasswd dev dev
Adding password for user dev
[root@openshift-master ~]# cat /etc/origin/master/htpasswd
dev:$apr1$kKt0XW0C$SjIX59pIkhk7jYB59uXA..
[root@openshift-master ~]# oc login -u system:admin
Logged into "https://openshift-master:8443" as "system:admin" using existing credentials.You have access to the following projects and can switch between them with 'oc project <projectname>':* defaultkube-publickube-systemmanagement-infraopenshiftopenshift-infraopenshift-loggingopenshift-nodeopenshift-sdnopenshift-web-consoleUsing project "default".
[root@openshift-master ~]# oc login
Authentication required for https://openshift-master:8443 (openshift)
Username: dev
Password:
Login successful.You don't have any projects. You can try to create a new project, by runningoc new-project <projectname>[root@openshift-master ~]# oc get pods -n kube-system
Error from server (Forbidden): pods is forbidden: User "dev" cannot list pods in the namespace "kube-system": User "dev" cannot list pods in project "kube-system"
[root@openshift-master ~]# oc logout
Logged "dev" out on "https://openshift-master:8443"
[root@openshift-master ~]# oc get pods -n kube-system
Error from server (Forbidden): pods is forbidden: User "system:anonymous" cannot list pods in the namespace "kube-system": User "system:anonymous" cannot list pods in project "kube-system"
[root@openshift-master ~]# oc get nodes
Error from server (Forbidden): nodes is forbidden: User "system:anonymous" cannot list nodes at the cluster scope: User "system:anonymous" cannot list all nodes in the cluster[root@openshift-master ~]# oc login -u system:admin
Logged into "https://openshift-master:8443" as "system:admin" using existing credentials.You have access to the following projects and can switch between them with 'oc project <projectname>':* defaultkube-publickube-systemmanagement-infraopenshiftopenshift-infraopenshift-loggingopenshift-nodeopenshift-sdnopenshift-web-consoleUsing project "default".
[root@openshift-master ~]# oc get nodes
NAME STATUS ROLES AGE VERSION
openshift-master Ready infra,master 2h v1.10.0+b81c8f8
openshift-node-64 Ready compute 29m v1.10.0+b81c8f8
openshift-node-65 Ready compute 29m v1.10.0+b81c8f8
openshift-node-66 Ready compute 29m v1.10.0+b81c8f8
访问以下地址确保 OpenShift Origin 可以正确访问:
访问 https://openshift-master:8443 用户名和密码就是上一步创建的:dev/dev
登录
参考
example_inventories
index
Openshift集群部署.md
设置openshift用户登录
openshift 3.10部署文档相关推荐
- Redis集群部署文档(Ubuntu15.10系统)
Redis集群部署文档(Ubuntu15.10系统) (要让集群正常工作至少需要3个主节点,在这里我们要创建6个redis节点,其中三个为主节点,三个为从节点,对应的redis节点的ip和端口对应关系 ...
- Docker部署文档
Docker部署文档 目录 Docker部署文档 1 一.什么是Docker 3 1.1Docker简介 3 1.2对比传统虚拟机总结 4 1.3Docker通常用于如下场景: 5 1.4基本概念 5 ...
- loganalyzer部署文档-(第一部分)
loganalyzer部署文档 环境准备: 简介 LogAnalyzer 是一款syslog日志和其他网络事件数据的Web前端.它提供了对日志的简单浏览.搜索.基本分析和一些图表报告的功能.数据可以从 ...
- Django+Linux+Uwsgi+Nginx项目部署文档
Django+Linux+Uwsgi+Nginx项目部署文档 WSGI 在生产环境中使用WSGI作为python web的服务器 WSGI:全拼为Python Web服务器网关接口,Python We ...
- Ubuntu下LDAP 部署文档
LDAP 基本概念 LDAP 部署文档 环境准备 # cat /etc/issue Ubuntu 16.04.6 LTS \n \l # uname -r 4.4.0-142-generic # sl ...
- Fabric部署文档汇总(仅供参考)
老久之前研究Fabric记录的部署文档,有需要的可以做个参考! 这里编辑器不太好用,看起来有些乱,有要求的可以在这https://download.csdn.net/download/vohyeah/ ...
- 2022最新IntellJ IDEA的mall开发部署文档
Python微信订餐小程序课程视频 https://edu.csdn.net/course/detail/36074 Python实战量化交易理财系统 https://edu.csdn.net/cou ...
- 服务器安全部署文档(转载)
转载链接http://www.cnblogs.com/EmptyFS/p/3547796.html 年前一直在赶项目,到最后几日才拿到新服务器新添加的硬盘,重做阵列配置生产环境,还要编写部署文档做好安 ...
- Openmeetings—视频会议部署文档
Openmeetings-视频会议部署文档 Linux丶晨星关注 0.3182019.11.15 19:48:49字数 1,714阅读 4,463 一.openmeeting简介 OpenMeetin ...
最新文章
- linux-压缩和解压类
- JS中变量和函数的使用
- 身份反模式:联邦筒仓和意大利面条身份
- python 播放声音_如何用Python播放声音?
- 前端工程化和模块化学习资料汇总
- 用Java实现【万年历】
- 内链接和外连接的区别
- 奔图m7100dw_奔图M7100dW驱动
- php实现微信小程序消息通知
- 2019考研英语熟词生义
- android 圆形图片,(Android)处理图片成圆形
- 浅析vendor_init
- 华为S5700交换机设置密码包括telnet密码
- 合肥太阳能电池片表面缺陷检测-施努卡
- RabbitMQ 延迟队列和消息可靠传递
- J2me之一——移动开发技术基础
- dsa数字签名c语言编程,对文件进行DSA数字签名
- Xshell远程登录本地虚拟机(保姆级教学)
- Word(WPS文字)批量修改表格宽度
- pytorch一元二次函数 拟合 机器学习
热门文章
- 甲方项目经理的职责和行使
- ChatGPT 与AI大模型发展简要综述
- 泰克AFG31000系列任意波函数发生器应用
- HarmonyOS APP开发入门3——组件(四 CommonDialog普通弹框组件 )
- 编译原理: 做一个LL(1)语法分析器
- numpy numpy.concatenate()函数
- 已经整整10年了,经济学人分析日本福岛核泄漏事故带来的沉重影响
- 微信有声读物音频播放小程序系统设计与实现
- 删除mysql文件夹权限_mysql 删除一条root@localhost的权限后 丢失所有权限
- 京东家电今年将开上万家专卖店,线下PK苏宁国美