文章目录
1、环境
软件 | 版本 |
---|---|
centos | 7.4-1708 |
docker | 19.03.0-ce |
rancher | 2.3.6 |
主机名 | IP | |
---|---|---|
manager.rancher | 10.180.249.57 | server管理 |
master.rancher | 10.180.249.58 | agent节点 |
worker.rancher | 10.180.249.59 | agent节点 |
2、准备工作
以下几项所有节点都要执行
2.1 配置域名和IP映射
编辑/etc/hosts
文件
cat >> /etc/hosts <<EOF
10.180.249.57 manager.rancher
10.180.249.58 master.rancher
10.180.249.59 worker.rancher
EOF
2.2 域名解析
cat >> /etc/resolv.conf <<EOF
nameserver 8.8.8.8
nameserver 8.8.4.4
EOF
2.3 关闭防火墙
[root@worker ~]# systemctl stop firewalld && systemctl disable firewalld
Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
2.4 关闭SELinux
[root@manager ~]# setenforce 0
[root@manager ~]# sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
2.5 关闭SWAP
swapoff -a
或者修改/etc/fstab
,将swap那一项注释掉(需重启,永久禁用)
# /etc/fstab
# Created by anaconda on Fri Dec 20 15:28:07 2019
#
# Accessible filesystems, by reference, are maintained under '/dev/disk'
# See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info
#
UUID=21bbe1f9-7e7b-47db-b13a-e54edecf4342 / xfs defaults 0 0
UUID=45103268-084f-4ad5-ab3f-703edda4456a /boot xfs defaults 0 0
# UUID=af6af595-3cd9-4fdc-9489-689eb64fd8c6 swap swap defaults 0 0
2.6 设置本地yum源(根据需要)
安装完操作系统后默认的yum仓库
[root@master ~]# ll /etc/yum.repos.d/
total 28
-rw-r--r--. 1 root root 1664 Aug 30 2017 CentOS-Base.repo
-rw-r--r--. 1 root root 1309 Aug 30 2017 CentOS-CR.repo
-rw-r--r--. 1 root root 649 Aug 30 2017 CentOS-Debuginfo.repo
-rw-r--r--. 1 root root 314 Aug 30 2017 CentOS-fasttrack.repo
-rw-r--r--. 1 root root 630 Aug 30 2017 CentOS-Media.repo
-rw-r--r--. 1 root root 1331 Aug 30 2017 CentOS-Sources.repo
-rw-r--r--. 1 root root 3830 Aug 30 2017 CentOS-Vault.repo
[root@manager ~]# cd /etc/yum.repos.d/
[root@manager yum.repos.d]# rename .repo .repo.bak *.repo
[root@manager yum.repos.d]# ll
total 28
-rw-r--r--. 1 root root 1664 Aug 30 2017 CentOS-Base.repo.bak
-rw-r--r--. 1 root root 1309 Aug 30 2017 CentOS-CR.repo.bak
-rw-r--r--. 1 root root 649 Aug 30 2017 CentOS-Debuginfo.repo.bak
-rw-r--r--. 1 root root 314 Aug 30 2017 CentOS-fasttrack.repo.bak
-rw-r--r--. 1 root root 630 Aug 30 2017 CentOS-Media.repo.bak
-rw-r--r--. 1 root root 1331 Aug 30 2017 CentOS-Sources.repo.bak
-rw-r--r--. 1 root root 3830 Aug 30 2017 CentOS-Vault.repo.bak
创建本地仓库
一般光盘安装的操作系统,都可以采用这种方式
先挂载光盘映像
[root@manager yum.repos.d]# mkdir -p /media/centos7
[root@manager yum.repos.d]# mount -o loop /dev/cdrom /media/centos7/
[root@manager ~]# ll /media/centos7/
total 1586
-rw-rw-r--. 3 root root 14 Sep 5 2017 CentOS_BuildTag
drwxr-xr-x. 3 root root 2048 Sep 5 2017 EFI
-rw-rw-r--. 3 root root 227 Aug 30 2017 EULA
-rw-rw-r--. 3 root root 18009 Dec 10 2015 GPL
drwxr-xr-x. 3 root root 2048 Sep 6 2017 images
drwxr-xr-x. 2 root root 2048 Sep 5 2017 isolinux
drwxr-xr-x. 2 root root 2048 Sep 5 2017 LiveOS
drwxrwxr-x. 2 root root 1585152 Sep 6 2017 Packages
drwxrwxr-x. 2 root root 4096 Sep 6 2017 repodata
-rw-rw-r--. 3 root root 1690 Dec 10 2015 RPM-GPG-KEY-CentOS-7
-rw-rw-r--. 3 root root 1690 Dec 10 2015 RPM-GPG-KEY-CentOS-Testing-7
-r--r--r--. 1 root root 2883 Sep 6 2017 TRANS.TBL
创建centos7.repo文件
cat >> /etc/yum.repos.d/centos7.repo <<EOF
[centos7]
name=centos7
baseurl=file:///media/centos7/
gpgcheck=0
enabled=1
EOF
3、安装Docker
三个节点都执行(以manager为例)
3.1 安装部署
使用阿里云Docker Yum源
sudo yum install -y yum-utils device-mapper-persistent-data lvm2
sudo yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
sudo yum makecache fast
查看当前yum有哪些可用安装包
[root@manager yum.repos.d]# yum list docker-ce.x86_64 --showduplicates | sort -r
执行安装
sudo yum -y install docker-ce-19.03.8
出现如下错误
[root@manager yum.repos.d]# yum install docker-ce-19.03.8
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
Resolving Dependencies
--> Running transaction check
---> Package docker-ce.x86_64 3:19.03.8-3.el7 will be installed
--> Processing Dependency: container-selinux >= 2:2.74 for package: 3:docker-ce-19.03.8-3.el7.x86_64
--> Processing Dependency: containerd.io >= 1.2.2-3 for package: 3:docker-ce-19.03.8-3.el7.x86_64
--> Processing Dependency: libseccomp >= 2.3 for package: 3:docker-ce-19.03.8-3.el7.x86_64
--> Processing Dependency: docker-ce-cli for package: 3:docker-ce-19.03.8-3.el7.x86_64
--> Processing Dependency: libcgroup for package: 3:docker-ce-19.03.8-3.el7.x86_64
--> Processing Dependency: libseccomp.so.2()(64bit) for package: 3:docker-ce-19.03.8-3.el7.x86_64
--> Running transaction check
---> Package containerd.io.x86_64 0:1.2.13-3.1.el7 will be installed
--> Processing Dependency: container-selinux >= 2:2.74 for package: containerd.io-1.2.13-3.1.el7.x86_64
---> Package docker-ce.x86_64 3:19.03.8-3.el7 will be installed
--> Processing Dependency: container-selinux >= 2:2.74 for package: 3:docker-ce-19.03.8-3.el7.x86_64
---> Package docker-ce-cli.x86_64 1:19.03.8-3.el7 will be installed
---> Package libcgroup.x86_64 0:0.41-13.el7 will be installed
---> Package libseccomp.x86_64 0:2.3.1-3.el7 will be installed
--> Finished Dependency Resolution
Error: Package: 3:docker-ce-19.03.8-3.el7.x86_64 (docker-ce-stable)
Requires: container-selinux >= 2:2.74
Error: Package: containerd.io-1.2.13-3.1.el7.x86_64 (docker-ce-stable)
Requires: container-selinux >= 2:2.74
You could try using --skip-broken to work around the problem
You could try running: rpm -Va --nofiles --nodigest
需要特定版本的container-selinux,执行以下安装
yum install wget -y
wget -O /etc/yum.repos.d/CentOS-Base-Ali.repo http://mirrors.aliyun.com/repo/Centos-7.repo
yum install epel-release -y
yum install container-selinux -y
依赖包解决以后,再次执行安装docker
sudo yum -y install docker-ce-19.03.8
安装完成。
启动docker服务,并设置开机启动
systemctl start docker
systemctl enable docker
3.2 设置docker hub国内镜像(中国科技大学的镜像加速器)
进入/etc/docker目录,编辑daemon.json文件(如果没有,自己创建该文件)
# https://6kx4zyno.mirror.aliyuncs.com/
{
"registry-mirrors": ["https://docker.mirrors.ustc.edu.cn/"]
}
或者
cat >> /etc/docker/daemon.json << EOF
{
"registry-mirrors": ["https://docker.mirrors.ustc.edu.cn/"]
}
EOF
编辑保存退出后,重启docker服务
sudo systemctl daemon-reload
systemctl restart docker
4、安装Rancher
管理节点操作即可。
查看rancher镜像版本
[root@manager yum.repos.d]# docker search rancher
NAME DESCRIPTION STARS OFFICIAL AUTOMATED
rancher/server Rancher 1.x Server Container 586
rancher/rancher A container management platform built for or… 204
......
直接自动拉取镜像,安装ranger
[root@manager yum.repos.d]# sudo docker run -d --restart=unless-stopped -v /var/rancher/:/var/lib/rancher/ -v /var/log/auditlog:/var/log/auditlog -p 80:80 -p 443:443 rancher/rancher:stable
Unable to find image 'rancher/rancher:stable' locally
stable: Pulling from rancher/rancher
5bed26d33875: Pull complete
f11b29a9c730: Pull complete
930bda195c84: Pull complete
78bf9a5ad49e: Pull complete
12a73929b6a7: Pull complete
8434af3b0a23: Pull complete
28db93a68de0: Pull complete
e6dfd852f705: Pull complete
a1fa824ccd2c: Pull complete
1e2d165916be: Pull complete
aaf1116b238c: Pull complete
375fded79e14: Pull complete
e2c84878ed8a: Pull complete
f7a8fcb48ebd: Pull complete
Digest: sha256:d630921e978a938c86f9706e64b4f3229c45f006bd1ee5dfa74e5ba4634c7e7f
Status: Downloaded newer image for rancher/rancher:stable
62d6d666d3de4d832761591579327a24d25c60069d324fae7f7270e22706b60b
运行之后查看本地镜像
[root@manager yum.repos.d]# docker image ls
REPOSITORY TAG IMAGE ID CREATED SIZE
rancher/rancher stable b821fa609f1a 2 days ago 674MB
查看启动的容器
[root@manager yum.repos.d]# docker container ls
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
e060b944dae6 rancher/rancher:stable "entrypoint.sh" 7 seconds ago Up 7 seconds 0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp suspicious_joliot
浏览器输入https://IP:80
,即可打开rancher界面。
- 设置新密码
- 保存ranger server URL
5、添加集群后安装kubectl
比如:我创建一个把etcd、control和work
服务都安装在IP为58节点上的集群。
然后在集群中部署了一些应用,
Rancher会自动安装rke和k8s环境,
但是安装之后无法在58的节点上执行kubectl
指令。
5.1 节点安装kubectl
使用aliyun
的yum仓库
cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=0
EOF
安装
[root@manager pods]# yum -y install kubectl
还无法使用
[root@manager pods]# kubectl get pods
error: no configuration has been provided, try setting KUBERNETES_MASTER environment variable
5.2 配置
创建$HOME/.kube/config
空白文件
# 我的$HOME其实就是/root/目录
[root@master ~]# mkdir -p $HOME/.kube
[root@master ~]# touch $HOME/.kube/config
在rancher集群页面里,选择kubeconfig文件
按钮
将里面的配置信息复制下来写入到刚才创建的$HOME/.kube/config
文件中
现在可以正常使用kubectl
指令了
[root@master .kube]# kubectl get pods
NAME READY STATUS RESTARTS AGE
mynginx-d86c695c5-vq9wm 1/1 Running 0 20h
6、添加集群的异常
在我的测试环境里
kubernetes
版本选择v1.17.4-ranger1-2
创建集群:
有以下问题
[etcd] Failed to bring up Etcd Plane: etcd cluster is unhealthy: hosts
[10.180.249.59] failed to report healthy. Check etcd container logs on
each host for more information
2020-04-08 08:01:14.668605 I | embed: rejected connection from "10.180.249.59:40294" (error "EOF", ServerName "")
2020-04-08 08:01:23.824843 I | embed: rejected connection from "10.180.249.59:35500" (error "tls: failed to verify client's certificate: x509: certificate signed by unknown authority (possibly because of \"crypto/rsa: verification error\" while trying to verify candidate authority certificate \"kube-ca\")", ServerName "")
2020-04-08 08:01:28.836209 I | embed: rejected connection from "10.180.249.59:35524" (error "tls: failed to verify client's certificate: x509: certificate signed by unknown authority (possibly because of \"crypto/rsa: verification error\" while trying to verify candidate authority certificate \"kube-ca\")", ServerName "")
2020-04-08 08:01:33.842911 I | embed: rejected connection from "10.180.249.59:35546" (error "tls: failed to verify client's certificate: x509: certificate signed by unknown authority (possibly because of \"crypto/rsa: verification error\" while trying to verify candidate authority certificate \"kube-ca\")", ServerName "")
2020-04-08 08:02:45.586629 I | embed: rejected connection from "10.180.249.59:38434" (error "EOF", ServerName "")
暂时不知道原理
不过,在创建集群中如果把以下选项取消,就能成功创建集群了。
7、可能遇到的异常
1、管理节点遇到这样的提示
[root@manager ~]#
Message from syslogd@manager at Apr 3 14:15:42 ...
kernel:unregister_netdevice: waiting for lo to become free. Usage count = 1
Message from syslogd@manager at Apr 3 14:15:52 ...
kernel:unregister_netdevice: waiting for lo to become free. Usage count = 1
可尝试解决办法:
[root@manager ~]# yum -y update
参考文档
https://www.cnblogs.com/duwamish/p/11028230.html
https://docs.rancher.cn/rancher2x/quick-start.html#_3-%E5%AE%89%E8%A3%85rancher