IBM Cloud Private社区版 3.1.1安装

部署模式： all in one

如果是按照ICP ，最近最好不要安装3.1.0,安装完成后好像有问题。安装3.1.1没有问题。

[root@vicp2 docker]# sudo docker pull ibmcom/icp-inception:3.1.1
3.1.1: Pulling from ibmcom/icp-inception
285795c7fa30: Pull complete 
b63d2ba9ff4b: Pull complete 
cc3b17b04168: Pull complete 
b4bb7270cc00: Pull complete 
e6ebd41bd7d7: Pull complete 
b1bb7b7d8283: Pull complete 
01a8edcbc3a0: Pull complete 
5d8d9b024410: Pull complete 
539b65455294: Pull complete 
8f66aeecfa63: Pull complete 
88beab8b0d47: Pull complete 
9fc6ae8c9c01: Pull complete 
73464ad29538: Pull complete 
7aaacd3ce7b6: Pull complete 
b31b4e630df5: Pull complete 
f18fc63eb7c4: Pull complete 
600a61f010fe: Pull complete 
Digest: sha256:0077afa864185e8c2e0618f3e7dc4d11065079c94513e0d529766f63f138acfe
Status: Downloaded newer image for ibmcom/icp-inception:3.1.1
[root@vicp2 docker]# sudo mkdir /opt/ibm-cloud-private-ce-3.1.1;
[root@vicp2 docker]# cd /opt/ibm-cloud-private-ce-3.1.1
[root@vicp2 ibm-cloud-private-ce-3.1.1]# sudo docker run -e LICENSE=accept \
>    -v "$(pwd)":/data ibmcom/icp-inception:3.1.1 cp -r cluster /data
[root@vicp2 ibm-cloud-private-ce-3.1.1]# ls
cluster
[root@vicp2 ibm-cloud-private-ce-3.1.1]# cd /root
[root@vicp2 ~]# ls
anaconda-ks.cfg  Documents  initial-setup-ks.cfg  Pictures  Templates
Desktop          Downloads  Music                 Public    Videos
[root@vicp2 ~]# ssh-keygen -b 4096 -f ~/.ssh/id_rsa -N ""
Generating public/private rsa key pair.
Created directory '/root/.ssh'.
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:43KVHiJjVcvzerNQY4W/C+QwjQzUmMcDVRdNIG1eMsI root@vicp2
The key's randomart image is:
+---[RSA 4096]----+
|        oBooo.+=.|
|       .oo=.E+= o|
|        o.+..+.+ |
|       . o * o.  |
|      + S O B .  |
|     . + = X . . |
|      . o + = .  |
|       o   o + . |
|            . .  |
+----[SHA256]-----+
[root@vicp2 ~]# cat ~/.ssh/id_rsa.pub | sudo tee -a ~/.ssh/authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDNts3QFKpwhX69EXz85kzOO/vVSVmFpim3Fe8rwX6Q6TudUYsL+ulZnup8kEYo/Qq3DGew/GHI3oyQDIJf8gmPVUQB+FN/5NFR3ou+UKDJklhfvwvD6QOPGNTLRLI5rWz2Z/feCvGmcdlRahxSzruuBFlVvwA+EyMShIb3aIa6nDXC95hXRzMp9iaKG462dY1WIOYopbaxYueCQvPEPIkdYNOy6qfkcdJQ+jhvWY/cIGt6zbBr1QSPaFo046ZXU/yPMNZw14fG7CEATXJcvb2D8+EDrboF3467VY5KPyK2446vuWuhD/dRbKCewFFywxsBXt0YgJvvk6+KKwZH283V6znKTmO+GiS7nwwnHMdz0bQQrWz9uZ9PpxYaGwbWs636PFvSw27Rksm6KLL5dgqPkQ00IInDVeGjFJN1Br/gpB4arEf/kNWgpLXHFTAVUHX1ELph14gomKhKTuTXvB6JP1ppq+49GOHcjmdv6bJgYY+ss9Qi0tgX6hKHrQYsVfuy50+42orBKFSxLTtiNZI3ky5hTkdHAVw3ONBOsehKJjJ/NDc056sgNn86MIqV/Ydepfeho7kw5rl6LVyncUy7t2Nbqr7sOcYa49a7a1k/N29E9fFngceJxYqrKQDjM72QN1wzFNLuQtaeT+4tnGFE1TdE0T0TuzgvZKWg2dI2qw== root@vicp2
[root@vicp2 ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub root@192.168.122.80
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host '192.168.122.80 (192.168.122.80)' can't be established.
ECDSA key fingerprint is SHA256:6OXn8/qH4Ysfg3XnoLRv9lgqRY5keg4en3Mktnxz3gY.
ECDSA key fingerprint is MD5:d8:b8:d8:5e:8d:c6:b9:1b:fe:84:52:14:77:85:73:d7.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed

/usr/bin/ssh-copy-id: WARNING: All keys were skipped because they already exist on the remote system.
        (if you think this is a mistake, you may want to use -f option)

[root@vicp2 ~]# sudo systemctl restart sshd
[root@vicp2 ~]# cd /opt/ibm-cloud-private-ce-3.1.1/cluster/
[root@vicp2 cluster]# ls
config.yaml  hosts  misc  ssh_key
[root@vicp2 cluster]# vi hosts
[root@vicp2 cluster]# cat hosts
[master]
192.168.122.80

[worker]
192.168.122.80

[proxy]
192.168.122.80

#[management]
#4.4.4.4

#[va]
#5.5.5.5
[root@vicp2 cluster]# sudo cp /root/.ssh/id_rsa /opt/ibm-cloud-private-ce-3.1.1/cluster/ssh_key
[root@vicp2 cluster]# vi config.yaml
[root@vicp2 cluster]# cat config.yaml
# Licensed Materials - Property of IBM
# IBM Cloud private
# @ Copyright IBM Corp. 2017 All Rights Reserved
# US Government Users Restricted Rights - Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp.

---

## Network Settings
network_type: calico
# network_helm_chart_path: < helm chart path >

## Network in IPv4 CIDR format
network_cidr: 10.1.0.0/16

## Kubernetes Settings
service_cluster_ip_range: 10.0.0.0/16

# cluster_domain: cluster.local
# cluster_name: mycluster
# cluster_CA_domain: "{{ cluster_name }}.icp"

## Etcd Settings
etcd_extra_args: ["--grpc-keepalive-timeout=0", "--grpc-keepalive-interval=0", "--snapshot-count=10000"]
# Keep the log data separate from the etcd data.
# You could set etcd wal dirctory to a centralized and remote log directory for persistent logging.
# etcd_data_dir: "/var/lib/etcd"
# etcd_wal_dir: "/var/lib/etcd-wal"

## General Settings
# wait_for_timeout: 600
fips_enabled: false

## Advanced Settings
default_admin_user: admin
default_admin_password: admin
# ansible_user: <username>
# ansible_become: true
# ansible_become_password: <password>

## Kubernetes Settings
# kubelet_extra_args: [""]
# kube_apiserver_extra_args: []
# kube_controller_manager_extra_args: []
# kube_proxy_extra_args: []
# kube_scheduler_extra_args: []

## Bootstrap token
# bootstrap_token_ttl: "24h0m0s"

## Enable Kubernetes Audit Log
# auditlog_enabled: false

## Audit logging settings
journal_path: /run/log/journal

## Cluster Router settings
# router_http_port: 8080
# router_https_port: 8443

## Nginx Ingress settings
# ingress_http_port: 80
# ingress_https_port: 443

## GlusterFS Storage Settings
# storage-glusterfs:
#  nodes:
#    - ip: <storage_node_m_IP_address>
#      devices:
#        - <link path>/<symlink of device aaa>
#        - <link path>/<symlink of device bbb>
#    - ip: <storage_node_n_IP_address>
#      devices:
#        - <link path>/<symlink of device ccc>
#    - ip: <storage_node_o_IP_address>
#      devices:
#        - <link path>/<symlink of device ddd>
#  storageClass:
#    create: true
#    name: glusterfs
#    isDefault: false
#    volumeType: replicate:3
#    reclaimPolicy: Delete
#    volumeBindingMode: Immediate
#    volumeNamePrefix: icp
#    additionalProvisionerParams: {}
#    allowVolumeExpansion: true
#  gluster:
#    resources:
#      requests:
#        cpu: 500m
#        memory: 512Mi
#      limits:
#        cpu: 1000m
#        memory: 1Gi
#  heketi:
#    backupDbSecret: heketi-db-backup
#    authSecret: heketi-secret
#    maxInFlightOperations: 20
#    resources:
#      requests:
#        cpu: 500m
#        memory: 512Mi
#      limits:
#        cpu: 1000m
#        memory: 1Gi
#  nodeSelector:
#    key: hostgroup
#    value: glusterfs
#  prometheus:
#    enabled: false
#    path: "/metrics"
#    port: 8080
#  tolerations: []
#  podPriorityClass: system-cluster-critical

## storage-minio settings
# storage-minio:
#  image:
#    repository: "{{ image_repo }}/minio"
#  mcImage:
#    repository: "{{ image_repo }}/minio-mc"
#  mode: standalone
#  accessKey: "admin"
#  secretKey: "admin1234"
#  minioAccessSercret: "minio-secret"
#  configPath: "/root/.minio/"
#  mountPath: "/export"
#  replica: 4
#  persistence:
#    enabled: false
#    useDynamicProvisioning: false
#    storageClass: standard
#    accessMode: ReadWriteOnce
#    size: 10Gi
#  service:
#    type: ClusterIP
#    clusterIP: None
#    loadBalancerIP: None
#    port: 9000
#    nodePort: 31311
#  ingress:
#    enabled: false
#    path: /
#    hosts: ""
#    tls: ""
#  tls:
#    enabled: false
#    type: "selfsigned"
#    minioTlsSercret: ""
#  nodeSelector: ""
#  tolerations: ""

## Network Settings
## Calico Network Settings
# calico_ipip_enabled: true
# calico_tunnel_mtu: 1430
# calico_ip_autodetection_method: can-reach={{ groups['master'][0] }}

## IPSec mesh Settings
## If user wants to configure IPSec mesh, the following parameters
## should be configured through config.yaml
# ipsec_mesh:
#   enable: true
#   subnets: []
#   exclude_ips: []
#   cipher_suite: ""

## Environment Isolation
# Example: [{namespace: production, hostgroup: proxy-prod, lb_address: x.x.x.x}]
# Mandatory parameters: namespace, hostgroup
# Optional parameters: lb_address
isolated_namespaces: []
isolated_proxies: []

# kube_apiserver_secure_port: 8001

## External loadbalancer IP or domain
## Or floating IP in OpenStack environment
# cluster_lb_address: none

## External loadbalancer IP or domain
## Or floating IP in OpenStack environment
# proxy_lb_address: none

## Install in firewall enabled mode
# firewall_enabled: false

## Allow loopback dns server in cluster nodes
# loopback_dns: false

## High Availability Settings: etcd or keepalived
vip_manager: etcd

## High Availability Settings for master nodes
# vip_iface: eth0
# cluster_vip: 127.0.1.1

## High Availability Settings for Proxy nodes
# proxy_vip_iface: eth0
# proxy_vip: 127.0.1.1

## vSphere cloud provider Settings
## If user wants to configure vSphere as cloud provider, vsphere_conf
## parameters should be configured through config.yaml
# kubelet_nodename: hostname
# cloud_provider: vsphere
# vsphere_conf:
#    user: <vCenter username for vSphere cloud provider>
#    password: <password for vCenter user>
#    server: <vCenter server IP or FQDN>
#    port: [vCenter Server Port; default: 443]
#    insecure_flag: [set to 1 if vCenter uses a self-signed certificate]
#    datacenter: <datacenter name on which Node VMs are deployed>
#    datastore: <default datastore to be used for provisioning volumes>
#    working_dir: <vCenter VM folder path in which node VMs are located>

## You can disable following services if they are not needed:
#   custom-metrics-adapter
#   image-security-enforcement
image-security-enforcement:
   clusterImagePolicy:
     - name: "docker.io/ibmcom/*"
       policy:
#   istio
#   metering
#   monitoring
#   service-catalog
#   storage-minio
#   storage-glusterfs
#   vulnerability-advisor
management_services:
  istio: disabled
  vulnerability-advisor: disabled
  storage-glusterfs: disabled
  storage-minio: disabled

## Docker configuration option, more options see
## https://docs.docker.com/engine/reference/commandline/dockerd/#daemon-configuration-file
# docker_config:
#   log-opts:
#     max-size: "100m"
#     max-file: "10"

## Docker environment setup
# docker_env:
#   - HTTP_PROXY=http://1.2.3.4:3128
#   - HTTPS_PROXY=http://1.2.3.4:3128
#   - NO_PROXY=localhost,127.0.0.1,{{ cluster_CA_domain }}

## Install/upgrade docker version
# docker_version: 18.03.1

## Install Docker automatically or not
# install_docker: true

## Nginx Ingress Controller configuration
## You can add your nginx ingress controller configuration, and the allowed configuration can refer to
## https://github.com/kubernetes/ingress-nginx/blob/nginx-0.16.2/docs/user-guide/nginx-configuration/configmap.md
## Section ingress_controller is obsolete, it is replaced by nginx-ingress.
# nginx-ingress:
#   ingress:
#     config:
#       disable-access-log: 'true'
#       keep-alive-requests: '10000'
#       upstream-keepalive-connections: '64'
#       worker-processes: "2"
#     extraArgs:
#       publish-status-address: "{{ proxy_external_address }}"
#       enable-ssl-passthrough: true

## Clean metrics indices in Elasticsearch older than this number of days
# metrics_max_age: 1

## Clean application log indices in Elasticsearch older than this number of days
# logs_maxage: 1

## Istio addons security Settings
## If user wants to configure Istio addons securty settings
## parameters should be configured through config.yaml
# istio_addon:
#   grafana:
#     username: admin
#     passphrase: admin
#   kiali:
#     username: admin
#     passphrase: admin
[root@vicp2 cluster]# 

 

[root@vicp2 cluster]# sudo docker run --net=host -t -e LICENSE=accept \
>   -v "$(pwd)":/installer/cluster ibmcom/icp-inception:3.1.1 install

PLAY [Checking Python interpreter] *********************************************