主机名 | IP地址 | 操作系统 | 架构 | 规格 |
---|
okd-node01 | 172.16.1.116 | centos7 | x86 | 8c8G 系统盘100G |
okd-node02 | 172.16.1.117 | centos7 | x86 | 8c8G 系统盘100G |
okd-node03 | 172.16.1.118 | centos7 | x86 | 8c8G 系统盘100G |
一、环境初始化
1、修改hostname
hostnamectl set-hostname master01.example.com
hostnamectl set-hostname node01.example.com
hostnamectl set-hostname node02.example.com
2、配置集群免密
ssh-copy-id master01.example.com
ssh-copy-id node01.example.com
ssh-copy-id node02.example.com
3、开启selinux
vim /etc/sysconfig/selinux
SELINUX=enforcing
SELINUXTYPE=targeted
4、关闭防火墙
systemctl stop NetworkManager && systemctl stop iptables && systemctl stop firewalld
systemctl disable NetworkManager && systemctl disable iptables && systemctl disable firewalld
5、安装基础依赖
yum update -y
yum install -y ntpdate wget git net-tools bind-utils yum-utils iptables-services bridge-utils bash-completion kexec-tools sos psacct java-1.8.0-openjdk-headless python-passlib
yum -y install nfs-utils lrzsz gcc gcc-c++ make cmake libxml2-devel openssl-devel curl curl-devel unzip sudo ntp libaio-devel vim ncurses-devel autoconf automake zlib-devel python-devel epel-release lrzsz openssh-server socat ipvsadm conntrack
yum install -y <https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm>
6、设置时间同步
ntpdate time2.aliyun.com
二、okd集群安装
1、各节点 docker 安装
yum install -y docker-1.13.1
# docker 配置文件
vim /etc/sysconfig/docker
## options 改成
OPTIONS='--selinux-enabled=false --signature-verification=False'
## 配置加速
vi /etc/docker/daemon.json
{
"registry-mirrors": ["<https://rsbud4vc.mirror.aliyuncs.com>","<https://registry.docker-cn.com>","<https://docker.mirrors.ustc.edu.cn>","<https://dockerhub.azk8s.cn>","<http://hub-mirror.c.163.com>","<http://qtid6917.mirror.aliyuncs.com>"]
}
## 重启docker
systemctl daemon-reload
systemctl restart docker.service
2、master 节点安装 ansible-2.6.5、pyOpenSSL、openshift-3.10
# 安装指定版本的 ansible
# <https://releases.ansible.com/ansible/rpm/release/epel-7-x86_64/> 可以到该目录下找到对应的 rpm 包,指定安装
yum install -y <https://releases.ansible.com/ansible/rpm/release/epel-7-x86_64/ansible-2.6.5-1.el7.ans.noarch.rpm>
# 安装
sed -i -e "s/^enabled=1/enabled=0/" /etc/yum.repos.d/epel.repo
yum -y --enablerepo=epel install pyOpenSSL
# <https://github.com/openshift/openshift-ansible/tags> 找到对应的 openshift-ansible 版本,上传到 master 节点
3、master 节点配置docker私有仓库
docker pull registry:2.5
yum install httpd -y
systemctl start httpd
mkdir -p /opt/registry-var/auth/
docker run --entrypoint htpasswd registry:2.5 -Bbn admin admin >> /opt/registry-var/auth/htpasswd
# 设置配置文件
mkdir -p /opt/registry-var/config
vim /opt/registry-var/config/config.yml
version: "0.1"
log:
fields:
service: registry
storage:
delete:
enabled: true
cache:
blobdescriptor: inmemory
filesystem:
rootdirectory: /var/lib/registry
http:
addr: :5000
headers:
X-Content-Type-Options: [nosniff]
health:
storagedriver:
enabled: true
interval: 10s
threshold: 3
# 启动服务
docker run -d -p 5000:5000 --restart=always --name=registry -v /opt/registry-var/config/:/etc/docker/registry/ -v /opt/registry-var/auth/:/auth/ -e "REGISTRY_AUTH=htpasswd" -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" -e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd -v /opt/registry-var/:/var/lib/registry/ registry:2.5
4、各节点配置 https 权限支持
vim /etc/docker/daemon.json
{
"registry-mirrors": ["<https://rsbud4vc.mirror.aliyuncs.com>","<https://registry.docker-cn.com>","<https://docker.mirrors.ustc.edu.cn>","<https://dockerhub.azk8s.cn>","<http://hub-mirror.c.163.com>","<http://qtid6917.mirror.aliyuncs.com>"],
"insecure-registries":["172.16.1.116:5000"]
}
# 重启 docker
systemctl daemon-reload
systemctl restart docker.service
systemctl enable docker
5、测试登录 docker 仓库
docker login 172.16.1.116:5000
6、镜像下载
1)master1
docker pull quay.io/coreos/etcd:v3.2.22
docker pull openshift/origin-control-plane:v3.10
docker pull docker.io/openshift/origin-service-catalog:v3.10
docker pull openshift/origin-node:v3.10
docker pull openshift/origin-deployer:v3.10
docker pull openshift/origin-deployer:v3.10.0
docker pull openshift/origin-template-service-broker:v3.10
docker pull openshift/origin-pod:v3.10
docker pull openshift/origin-pod:v3.10.0
docker pull openshift/origin-web-console:v3.10
docker pull openshift/origin-docker-registry:v3.10
docker pull openshift/origin-haproxy-router:v3.10
docker pull cockpit/kubernetes:latest
docker pull docker.io/cockpit/kubernetes:latest
docker pull docker.io/openshift/origin-control-plane:v3.10
docker pull docker.io/openshift/origin-deployer:v3.10
docker pull docker.io/openshift/origin-docker-registry:v3.10
docker pull docker.io/openshift/origin-haproxy-router:v3.10
docker pull docker.io/openshift/origin-pod:v3.10
2)node01、node02
docker pull quay.io/coreos/etcd:v3.2.22
docker pull openshift/origin-control-plane:v3.10
docker pull openshift/origin-node:v3.10
docker pull docker.io/openshift/origin-node:v3.10
docker pull openshift/origin-haproxy-router:v3.10
docker pull openshift/origin-deployer:v3.10
docker pull openshift/origin-pod:v3.10
docker pull ansibleplaybookbundle/origin-ansible-service-broker:v3.10
docker pull openshift/origin-docker-registry:v3.10
docker pull cockpit/kubernetes:latest
docker pull openshift/origin-haproxy-router:v3.10
docker pull docker.io/cockpit/kubernetes:latest
docker pull docker.io/openshift/origin-control-plane:v3.10
docker pull docker.io/openshift/origin-deployer:v3.10
docker pull docker.io/openshift/origin-docker-registry:v3.10
docker pull docker.io/openshift/origin-haproxy-router:v3.10
docker pull docker.io/openshift/origin-pod:v3.10
7、master 配置 ansible 清单文件
vim /etc/ansible/hosts
[OSEv3:children]
masters
nodes
etcd
[OSEv3:vars]
openshift_deployment_type=origin
ansible_ssh_user=root
ansible_become=yes
openshift_repos_enable_testing=true
openshift_enable_service_catalog=false
template_service_broker_install=false
debug_level=4
openshift_clock_enabled=true
openshift_version=3.10.0
openshift_image_tag=v3.10
openshift_disable_check=disk_availability,docker_storage,memory_availability,docker_image_availability,os_sdn_network_plugin_name=redhat/openshift-ovs-multitenant
openshift_master_identity_providers=[{'name': 'htpasswd_auth','login': 'true', 'challenge': 'true','kind': 'HTPasswdPasswordIdentityProvider'}]
os_firewall_use_firewalld=true
[masters]
master01.example.com
[nodes]
master01.example.com openshift_node_group_name='node-config-master-infra'
node01.example.com openshift_node_group_name='node-config-compute'
node02.example.com openshift_node_group_name='node-config-compute'
[etcd]
master01.example.com
8、集群安装
# 检查
ansible-playbook -i /etc/ansible/hosts openshift-ansible-release-3.10/playbooks/prerequisites.yml
# 安装
ansible-playbook -i /etc/ansible/hosts openshift-ansible-release-3.10/playbooks/deploy_cluster.yml
9、创建管理员账号
htpasswd -cb /etc/origin/master/htpasswd admin admin
htpasswd -b /etc/origin/master/htpasswd dev dev
oc login -u system:admin
oc adm policy add-cluster-role-to-user cluster-admin admin