1. 环境准备
vmware workstation安装一台虚拟机,最小化安装,桥接并可以连接外网
master.example.com 192.168.0.200 2 6G CentOS 7.6 20G+20G
注意:/dev/sdb无需分区格式化
2. 前期步骤
2.1 确认selinux打开
[root@master ~]# getenforce
Enforcing
2.2 配置hosts和主机名
cat << EOF | tee -a /etc/hosts
127.0.0.1 master.example.com master
EOF
hostnamectl set-hostname master.example.com
2.3 关闭防火墙firewalld或iptables,打开网卡转发
systemctl stop firewalld
systemctl disable firewalld
echo 'net.ipv4.ip_forward=1' >> /etc/sysctl.conf
2.4 配置yum源
cd /etc/yum.repos.d/
mv * /tmp
curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
yum repolist
yum update -y
reboot(重启主机)
2.5 安装基础依赖包
yum install wget git net-tools bind-utils iptables-services bridge-utils bash-completion* kexec-tools sos psacct python-passlib NetworkManager unzip java-1.8.0-openjdk-headless patch httpd-tools -y
2.6 安装docker
yum install docker -y
2.7 配置docker存储
如果只有一块盘,可以忽略此步骤
cat << EOF | tee /etc/sysconfig/docker-storage-setup
DEVS=/dev/sdb
VG=DOCKER
SETUP_LVM_THIN_POOL=yes
DATA_SIZE="100%FREE"
EOF
rm -rf /var/lib/docker
wipefs --all /dev/sdb
docker-storage-setup
2.8 配置docker加速器
curl -sSL https://get.daocloud.io/daotools/set_mirror.sh | sh -s http://f1361db2.m.daocloud.io
sed -i 's/,//g' /etc/docker/daemon.json
2.9 重启docker
systemctl daemon-reload
systemctl restart docker
systemctl enable docker
2.10 启动DNS解析容器
openshift在安装和使用时都需要dns解析
cat << EOF | tee /opt/dnsmasq.conf
no-resolv
server=114.114.114.114
strict-order
address=/master.example.com/192.168.0.200
address=/node.example.com/192.168.0.200
address=/apps.example.com/192.168.0.200
address=/openshift.example.com/192.168.0.200
EOF
docker run --name dnsmasq -d -v /opt/dnsmasq.conf:/etc/dnsmasq.conf --restart always jpillora/dnsmasq
2.11 测试DNS(替换容器id为实际的)
[root@master ~]# docker inspect 容器id |grep -i ipaddress
"SecondaryIPAddresses": null,
"IPAddress": "172.17.0.2",
"IPAddress": "172.17.0.2",
[root@master ~]# echo "nameserver 172.17.0.2" > /etc/resolv.conf
[root@master ~]# nslookup master.example.com
Server: 172.17.0.2
Address: 172.17.0.2#53
Name: master.example.com
Address: 192.168.0.200
[root@master ~]# nslookup test.apps.example.com
Server: 172.17.0.2
Address: 172.17.0.2#53
Name: test.apps.example.com
Address: 192.168.0.200
2.12 配置无密码登录
ssh-keygen(全部回车)
ssh-copy-id master(yes,输入密码)
2.13 安装ansible
yum install ansible pyOpenSSL -y
2.14 安装ansible2.65
mkdir /home/openshift
cd /home/openshift
wget https://releases.ansible.com/ansible/ansible-2.6.5.tar.gz
tar -xzvf ansible-2.6.5.tar.gz
cd ansible-2.6.5
python setup.py install
ansible --version
wget https://codeload.github.com/openshift/openshift-ansible/zip/release-3.11
unzip release-3.11
mv openshift-ansible-release-3.11 openshift-ansible
cd /home/openshift/openshift-ansible/roles/openshift_repos/templates/
sed -i 's/mirror.centos.org/mirrors.aliyun.com/g' CentOS-OpenShift-Origin311.repo.j2
3.安装openshift
3.1 编写Inventory文件
vim /etc/ansible/hosts(内容如下)
# Create an OSEv3 group that contains the masters, nodes, and etcd groups
[OSEv3:children]
masters
nodes
etcd
# Set variables common for all OSEv3 hosts
[OSEv3:vars]
# SSH user, this user should allow ssh based auth without requiring a password
ansible_ssh_user=root
# If ansible_ssh_user is not root, ansible_become must be set to true
#ansible_become=true
openshift_deployment_type=origin
openshift_release=3.11
openshift_master_default_subdomain=apps.example.com
openshift_clock_enabled=true
debug_level=2
openshift_master_cluster_hostname=master.example.com
#uncomment the following to enable htpasswd authentication; defaults to DenyAllPasswordIdentityProvider
openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', 'challenge': 'true', 'kind': 'HTPasswdPasswordIdentityProvider'}]
openshift_disable_check=disk_availability,docker_storage,memory_availability,docker_image_availability,package_version,package_availability
# host group for masters
[masters]
master.example.com
# host group for etcd
[etcd]
master.example.com
# host group for nodes, includes region info
[nodes]
master.example.com openshift_node_group_name='node-config-all-in-one'
3.2 安装openshift
ansible-playbook /home/openshift/openshift-ansible/playbooks/prerequisites.yml
ansible-playbook /home/openshift/openshift-ansible/playbooks/deploy_cluster.yml
3.3 检查
所有Pod要都running
[root@master ~]# oc get pods --all-namespaces
NAMESPACE NAME READY STATUS RESTARTS AGE
default docker-registry-1-nh8wl 1/1 Running 0 9h
default registry-console-1-phrhw 1/1 Running 0 9h
default router-1-wv44s 1/1 Running 0 9h
kube-service-catalog apiserver-x5r2b 1/1 Running 4 8h
kube-service-catalog controller-manager-dp55f 1/1 Running 5 8h
kube-system master-api-master.example.com 1/1 Running 2 9h
kube-system master-controllers-master.example.com 1/1 Running 4 9h
kube-system master-etcd-master.example.com 1/1 Running 0 9h
openshift-ansible-service-broker asb-1-qncdr 1/1 Running 4 8h
openshift-console console-7fbf7c67-bwhsx 1/1 Running 0 9h
openshift-monitoring alertmanager-main-0 3/3 Running 0 9h
openshift-monitoring alertmanager-main-1 3/3 Running 0 8h
openshift-monitoring alertmanager-main-2 3/3 Running 0 8h
openshift-monitoring cluster-monitoring-operator-6465f8fbc7-6ptfk 1/1 Running 0 9h
openshift-monitoring grafana-6b9f85786f-jn5xx 2/2 Running 0 9h
openshift-monitoring kube-state-metrics-7449d589bc-666f6 3/3 Running 0 8h
openshift-monitoring node-exporter-b2sxh 2/2 Running 0 8h
openshift-monitoring prometheus-k8s-0 4/4 Running 1 9h
openshift-monitoring prometheus-k8s-1 4/4 Running 1 9h
openshift-monitoring prometheus-operator-6644b8cd54-wm6cv 1/1 Running 0 9h
openshift-node sync-5mc9k 1/1 Running 0 9h
openshift-sdn ovs-8krxw 1/1 Running 0 9h
openshift-sdn sdn-97w7d 1/1 Running 0 9h
openshift-template-service-broker apiserver-mhgqg 1/1 Running 5 8h
openshift-web-console webconsole-7df4f9f689-v7c7l 1/1 Running 0 9h
3.4 登录web console
htpasswd -b /etc/origin/master/htpasswd admin redhat
oc adm policy add-cluster-role-to-user cluster-admin admin
浏览器访问 https://192.168.0.200:8443
username:admin
password:redhat
3.5 其他
如果安装失败了,需要先清理并重新安装
ansible-playbook /home/openshift/openshift-ansible/playbooks/adhoc/uninstall.yml
ip link delete vxlan_xxxxx
评论区