OpenShift Infrastructure安装和使用指导

1 Installation

1.1 Preparation

Note: This article will take pre-production ofSpain as an environment to show the steps.

1.1.1 Infrastructure plan

According to the OpenShift specification, see https://docs.openshift.com/container-platform/3.7/install_config/install/prerequisites.html#install-config-install-prerequisites,each VM should be created with minimum flavor required by OpenShift. Ifcustomer wants to expand business scale, they could reference the same link toadd new node or scale up the node flavor.

The infrastructure will incorporate thefollowing VMs:

Load balancer: 1 VM, acts as NTP server, and HAProxyfor distributing traffic to masters.

Master: 3 VMs

Node: 2 VMs

Infra node: 1 VM, router POD, metric POD,logging POD will be created here.

DNS: 1 VM.

1.1.2 Domain name plan

LB:(NTP, LB)

    -lb.openshift.example.com 192.168.0.131

master:

    -master01.openshift.example.com 192.168.0.164

    -master02.openshift.example.com 192.168.0.159

    -master03.openshift.example.com 192.168.0.88

node:

    -node01.openshift.example.com 192.168.0.180

    -node02.openshift.example.com 192.168.0.135

infra:

    -infra-node01.openshift.example.com 192.168.0.195

1.1.3 Provision VMs

Based on the infrastructure plan, create eachVM with 8 vCPU, 16GB memory, 40GB system disk and 20GB data disk, and with OSof RHEL 7.3.

Note:currently we provision VMs using RHEL image, but in the future we will improveby creating another new image which contains some packages and configurationsbeforehand.

Meanwhile, bind LB VM and Infra node VM withelastic IP (EIP) respectively.

During the installation, all of the nodes needto access Internet to download Docker images, therefore you need to configureSNAT for the subnet. Steps:

Switch to NAT Gateway on VPC console, andcreate one by:

Here, you need to choose VPC and subnet namewhich are same with your infrastructure’s network definition.

After the NAT Gateway is created, you need to add SNAT rules, like:

This will allow all the VMs in subnet-docker tovisit Internet using SNAT. In this step, you have to apply an EIP in advance.Therefore, considering LB and Infra node bund with EIP, you need 3 EIPs intotal during the installation.

1.2 Configurations before installing

1.2.1 Change host name

On each VM, change host name by command ntmui.

If you provision the VMs with the exact name of domain name in plan, you dont have to change host name. If not, you have to change it.

1.2.2 Disable firewalld

systemctl disable firewalld

systemctl stop firewalld

Finally check if all the firewall ruleshave been removed:

iptables -S

Normally, it should be:

-P INPUT ACCEPT

-P FORWARD ACCEPT

-P OUTPUT ACCEPT

1.2.3 Allow root to access

On each VM, edit /etc/ssh/sshd_config to allow root to login using password, mainly options about:

PasswordAuthenticationyes

PermitRootLoginyes

 

Then restart sshd by:

systemctlrestart sshd

Check if you can login by root account with ssh.

1.2.4 Configure NTP

On LB VM, install NTP by:

yum install ntp

Edit /etc/ntp.conf and add thefollowing configuration to allow the other client in the same subnet tosynchronize time:

restrict 192.168.0.0 mask 255.255.255.0 nomodifynotrap

Enable NTP service and start it:

systemctl enable ntpd

systemctl restart ntpd

Check if NTP server synchronizes time withother servers in Internet: ntpstat

 

On the rest VMs, install NTP with the samecommand:

yum install ntp

But edit /etc/ntp.conf and set the upperlevel NTP server to be LB VM’s internal address:

# Use public servers from the pool.ntp.org project.

# Please consider joining the pool(http://www.pool.ntp.org/join.html).

server 192.168.0.131

And enable the NTP service and start it:

systemctl enable ntpd

systemctl restartntpd

1.2.5 Configure DNS

Create a VM with OS of Windows Server 2012 R2 DC.

Install DNS Server in the VM, with Add Roles and Features Wizard:

After DNS service installed, open the Properties for openshift-dns, and configure the Forwarders to be “100.125.1.11”, which is the default and internal DNS server when you create a new subnet.

Meanwhile add the DNS records in the DNS server, like:

Finally modify the DNS server address for the subnet:

Here, 192.168