Openshift 部署文档
环境规划
地址 | 节点名 | 功能 |
---|---|---|
192.168.11.200 | master | Master节点、etcd |
192.168.11.201 | node1 | node1节点 |
192.168.11.202 | Node2 | node2节点 |
基本配置
**所有节点 ** host文件配置
$ vim /etc/hosts
192.168.11.200 master.example.com
192.168.11.201 node1.example.com infra-node1.example.com
192.168.11.202 node2.example.com infra-node2.example.com
master节点 操作SSH互信
$ ssh-kengen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:baZy/r25FJrgtJaN6iMs5o1Aatg0BOwoZDarGM05g1w root@master
The key's randomart image is:
+---[RSA 2048]----+
|o |
| B E |
|B+=. |
|==* . |
|+ooo S + . |
|*o . o X o . |
|+... . O + . |
|..ooo .* o . |
| oo..oo.... =o |
+----[SHA256]-----+
$ for i in `cat /etc/hosts | grep 192.168 | awk '{print $2}'`; do ssh-copy-id -i .ssh/id_rsa.pub $i; done
所有节点 安装基本yum工具
$ yum install wget git net-tools bind-utils iptables-services bridge-utils bash-completion kexec-tools sos psacct vim ntpdate httpd-tools -y
$ yum update
$ reboot
所有节点 同步时间并安装docker
$ ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
$ ntpdate cn.ntp.org.cn
$ hwclock --systohc
$ yum -y install docker
$ systemctl start docker && systemctl enable docker
master节点 安装ansible
$ yum -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
$ sed -i -e "s/^enabled=1/enabled=0/" /etc/yum.repos.d/epel.repo
$ yum -y --enablerepo=epel install ansible pyOpenSSL
所有节点 所有节点关闭防火墙
$ systemctl stop firewalld
$ systemctl disable firewalld
node节点 设置docker-storage-setup
# 新添加一块磁盘/dev/vdb
$ vim /etc/sysconfig/docker-storage-setup
EVS=/dev/vdb
VG=docker-vg
$ docker-storage-setup
master节点 修改ansible host文件
$ cat /etc/ansible/hosts
# Create an OSEv3 group that contains the masters, nodes, and etcd groups
[OSEv3:children]
masters
nodes
etcd
#
# # Set variables common for all OSEv3 hosts
[OSEv3:vars]
# # SSH user, this user should allow ssh based auth without requiring a password
ansible_ssh_user=root
#
# # If ansible_ssh_user is not root, ansible_become must be set to true
# #ansible_become=true
#
openshift_deployment_type=origin
#openshift_node_groups=[{'name': 'node-config-compute', 'labels': 'node-role.kubernetes.io/master=true'}]
openshift_node_groups=[{'name': 'node-config-master', 'labels': ['node-role.kubernetes.io/master=true']}, {'name': 'node-config-infra', 'labels': ['node-role.kubernetes.io/infra=true']}, {'name': 'node-config-compute', 'labels': ['node-role.kubernetes.io/compute=true']}]
#
# # uncomment the following to enable htpasswd authentication; defaults to AllowAllPasswordIdentityProvider
# #openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', 'challenge': 'true', 'kind': 'HTPasswdPasswordIdentityProvider'}]
#
# # host group for masters
[masters]
master.example.com
#
# # host group for etcd
[etcd]
master.example.com
#
# # host group for nodes, includes region info
[nodes]
master.example.com openshift_node_group_name=node-config-master
node1.example.com openshift_node_group_name=node-config-compute
node2.example.com openshift_node_group_name=node-config-compute
#node2.example.com openshift_node_group_name='node-config-compute'
infra-node1.example.com openshift_node_group_name='node-config-infra'
infra-node2.example.com openshift_node_group_name='node-config-infra'
ansible安装
$ cd openshift-ansible/
$ ansible-playbook -i /etc/ansible/hosts playbooks/prerequisites.yml
$ ansible-playbook -i /etc/ansible/hosts playbooks/deploy_cluster.yml
创建用户
$ oc login system:admin
$ yum -y install httpd-tools
$ touch /etc/origin/master/htpasswd
$ htpasswd -b /etc/origin/master/htpasswd admin redhat
# 创建了用户为admin,密码为redhat的用户
$ master-restart api
$ master-restart controllers
$ oc admin policy add-cluster-role-to-user cluster-admin admin