openshift

Openshift 部署文档

环境规划

地址	节点名	功能
192.168.11.200	master	Master节点、etcd
192.168.11.201	node1	node1节点
192.168.11.202	Node2	node2节点

基本配置

**所有节点 ** host文件配置

$ vim /etc/hosts

192.168.11.200 master.example.com
192.168.11.201 node1.example.com infra-node1.example.com
192.168.11.202 node2.example.com infra-node2.example.com

master节点 操作SSH互信

$ ssh-kengen -t rsa

Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): 
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:baZy/r25FJrgtJaN6iMs5o1Aatg0BOwoZDarGM05g1w root@master
The key's randomart image is:
+---[RSA 2048]----+
|o                |
| B E             |
|B+=.             |
|==*      .       |
|+ooo    S + .    |
|*o .   o X o .   |
|+...  . O + .    |
|..ooo .*   o .   |
| oo..oo.... =o   |
+----[SHA256]-----+

$ for i in `cat /etc/hosts | grep 192.168 | awk '{print $2}'`; do ssh-copy-id -i .ssh/id_rsa.pub $i; done

所有节点 安装基本yum工具

$ yum install wget git net-tools bind-utils iptables-services bridge-utils bash-completion kexec-tools sos psacct vim ntpdate httpd-tools -y
$ yum update
$ reboot

所有节点 同步时间并安装docker

$ ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
$ ntpdate cn.ntp.org.cn
$ hwclock --systohc 
$ yum -y install docker
$ systemctl start docker && systemctl enable docker

master节点 安装ansible

$ yum -y install     https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
$ sed -i -e "s/^enabled=1/enabled=0/" /etc/yum.repos.d/epel.repo
$ yum -y --enablerepo=epel install ansible pyOpenSSL

所有节点 所有节点关闭防火墙

$ systemctl stop firewalld 
$ systemctl disable firewalld

node节点 设置docker-storage-setup

# 新添加一块磁盘/dev/vdb
$ vim /etc/sysconfig/docker-storage-setup

EVS=/dev/vdb
VG=docker-vg
$ docker-storage-setup

master节点 修改ansible host文件

$ cat /etc/ansible/hosts

# Create an OSEv3 group that contains the masters, nodes, and etcd groups
[OSEv3:children]
masters
nodes
etcd
#
# # Set variables common for all OSEv3 hosts
[OSEv3:vars]
# # SSH user, this user should allow ssh based auth without requiring a password
ansible_ssh_user=root
#
# # If ansible_ssh_user is not root, ansible_become must be set to true
# #ansible_become=true
#
openshift_deployment_type=origin
#openshift_node_groups=[{'name': 'node-config-compute', 'labels': 'node-role.kubernetes.io/master=true'}]
openshift_node_groups=[{'name': 'node-config-master', 'labels': ['node-role.kubernetes.io/master=true']}, {'name': 'node-config-infra', 'labels': ['node-role.kubernetes.io/infra=true']}, {'name': 'node-config-compute', 'labels': ['node-role.kubernetes.io/compute=true']}]
#
# # uncomment the following to enable htpasswd authentication; defaults to AllowAllPasswordIdentityProvider
# #openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', 'challenge': 'true', 'kind': 'HTPasswdPasswordIdentityProvider'}]
#
# # host group for masters
[masters]
master.example.com
#
# # host group for etcd
[etcd]
master.example.com
#
# # host group for nodes, includes region info
[nodes]
master.example.com openshift_node_group_name=node-config-master
node1.example.com openshift_node_group_name=node-config-compute
node2.example.com openshift_node_group_name=node-config-compute
#node2.example.com openshift_node_group_name='node-config-compute'
infra-node1.example.com openshift_node_group_name='node-config-infra'
infra-node2.example.com openshift_node_group_name='node-config-infra'

ansible安装

$ cd openshift-ansible/
$ ansible-playbook -i /etc/ansible/hosts playbooks/prerequisites.yml
$ ansible-playbook -i /etc/ansible/hosts playbooks/deploy_cluster.yml

创建用户

$ oc login system:admin
$ yum -y install httpd-tools
$ touch /etc/origin/master/htpasswd
$ htpasswd -b /etc/origin/master/htpasswd admin redhat
# 创建了用户为admin，密码为redhat的用户
$ master-restart api
$ master-restart controllers
$ oc admin policy add-cluster-role-to-user cluster-admin admin