环境:OCP 3.4
https://github.com/redhat-helloworld-msa/ 是红帽提供的一个非常好的微服务运行在 OpenShift 上的例子。
本文根据 docker hub 上已有的镜像来部署微服务。
1. 下载微服务镜像 (在 MAC 机器上操作)
docker pull redhatmsa/hola
docker pull redhatmsa/frontend
docker pull redhatmsa/api-gateway
docker pull redhatmsa/namaste
docker pull redhatmsa/ola
docker pull redhatmsa/aloha
docker pull redhatmsa/hello
docker pull redhatmsa/bonjour
docker pull fabric8/hystrix-dashboard:1.0.17
docker pull fabric8/turbine-server:1.0.17
docker pull fabric8/zipkin-mysql:0.1.1
docker pull openzipkin/zipkin-query:1.40.2
docker save -o redhat-msa.tar.gz redhatmsa/hola redhatmsa/frontend redhatmsa/api-gateway redhatmsa/namaste redhatmsa/ola redhatmsa/aloha redhatmsa/hello redhatmsa/bonjour fabric8/hystrix-dashboard:1.0.17 fabric8/turbine-server:1.0.17 fabric8/zipkin-mysql:0.1.1 openzipkin/zipkin-query:1.40.2
scp redhat-msa.tar.gz root@192.168.56.112:/opt/ose/images/
2. 加载微服务镜像(在 Registry 机器上操作)
cd /opt/ose/images
docker load -i redhat-msa.tar.gz
docker tag redhatmsa/hola:latest registry.example.com:5000/redhatmsa/hola:latest
docker push registry.example.com:5000/redhatmsa/hola
docker tag redhatmsa/frontend:latest registry.example.com:5000/redhatmsa/frontend:latest
docker push registry.example.com:5000/redhatmsa/frontend
docker tag redhatmsa/api-gateway:latest registry.example.com:5000/redhatmsa/api-gateway:latest
docker push registry.example.com:5000/redhatmsa/api-gateway
docker tag redhatmsa/namaste:latest registry.example.com:5000/redhatmsa/namaste:latest
docker push registry.example.com:5000/redhatmsa/namaste
docker tag redhatmsa/ola:latest registry.example.com:5000/redhatmsa/ola:latest
docker push registry.example.com:5000/redhatmsa/ola
docker tag redhatmsa/aloha:latest registry.example.com:5000/redhatmsa/aloha:latest
docker push registry.example.com:5000/redhatmsa/aloha
docker tag redhatmsa/hello:latest registry.example.com:5000/redhatmsa/hello:latest
docker push registry.example.com:5000/redhatmsa/hello
docker tag redhatmsa/bonjour:latest registry.example.com:5000/redhatmsa/bonjour:latest
docker push registry.example.com:5000/redhatmsa/bonjour
docker tag fabric8/hystrix-dashboard:1.0.17 registry.example.com:5000/fabric8/hystrix-dashboard:1.0.17
docker push registry.example.com:5000/fabric8/hystrix-dashboard:1.0.17
docker tag fabric8/turbine-server:1.0.17 registry.example.com:5000/fabric8/turbine-server:1.0.17
docker push registry.example.com:5000/fabric8/turbine-server:1.0.17
docker tag fabric8/zipkin-mysql:0.1.1 registry.example.com:5000/fabric8/zipkin-mysql:0.1.1
docker push registry.example.com:5000/fabric8/zipkin-mysql:0.1.1
docker tag openzipkin/zipkin-query:1.40.2 registry.example.com:5000/openzipkin/zipkin-query:1.40.2
docker push registry.example.com:5000/openzipkin/zipkin-query:1.40.2
3. 创建一个 admin 用户,并且赋予权限 (在 Master 机器上操作)
htpasswd -b /etc/origin/master/htpasswd admin admin
oadm policy add-cluster-role-to-user admin admin
4. 安装与配置各个微服务 (在 Master 机器上操作)
oc new-project helloworld-msa
(1)hola
oc new-app registry.example.com:5000/redhatmsa/hola --insecure-registry
oc expose svc hola --hostname=hola-helloworld-msa.rhel-cdk.10.1.2.2.xip.io
curl http://hola-helloworld-msa.rhel-cdk.10.1.2.2.xip.io/api/hola (在 MAC 上操作)
(2)namaste
oc new-app registry.example.com:5000/redhatmsa/namaste --insecure-registry
oc expose svc namaste --hostname=namaste-helloworld-msa.rhel-cdk.10.1.2.2.xip.io
curl http://namaste-helloworld-msa.rhel-cdk.10.1.2.2.xip.io/api/namaste(在 MAC 上操作)
发现 service 暴露的 8778 端口不对,应该是 8080
oc get svc -o wide
oc delete svc namaste
oc expose dc namaste --port=8080
oc delete route namaste
oc expose svc namaste --hostname=namaste-helloworld-msa.rhel-cdk.10.1.2.2.xip.io
(3)ola
oc new-app registry.example.com:5000/redhatmsa/ola --insecure-registry
oc expose svc ola --hostname=ola-helloworld-msa.rhel-cdk.10.1.2.2.xip.io
curl http://ola-helloworld-msa.rhel-cdk.10.1.2.2.xip.io/api/ola(在 MAC 上操作)
发现 service 暴露的 8778 端口不对,应该是 8080
oc get svc -o wide
oc delete svc ola
oc expose dc ola --port=8080
oc delete route ola
oc expose svc ola --hostname=ola-helloworld-msa.rhel-cdk.10.1.2.2.xip.io
(4)aloha
oc new-app registry.example.com:5000/redhatmsa/aloha --insecure-registry
oc expose svc aloha --hostname=aloha-helloworld-msa.rhel-cdk.10.1.2.2.xip.io
curl http://aloha-helloworld-msa.rhel-cdk.10.1.2.2.xip.io/api/aloha(在 MAC 上操作)
发现 service 暴露的 8778 端口不对,应该是 8080
oc get svc -o wide
oc delete svc aloha
oc expose dc aloha --port=8080
oc delete route aloha
oc expose svc aloha --hostname=aloha-helloworld-msa.rhel-cdk.10.1.2.2.xip.io
发现 aloha pod 启动失败
I> No access restrictor found, access to all MBean is allowed
Jolokia: Agent started with URL http://10.128.0.22:8778/jolokia/
Exception in thread "main" java.lang.IllegalStateException: Failed to create cache dir
at io.vertx.core.impl.FileResolver.setupCacheDir(FileResolver.java:256)
at io.vertx.core.impl.FileResolver.(FileResolver.java:79)
at io.vertx.core.impl.VertxImpl.(VertxImpl.java:138)
at io.vertx.core.impl.VertxImpl.(VertxImpl.java:114)
at io.vertx.core.impl.VertxImpl.(VertxImpl.java:110)
at io.vertx.core.impl.VertxFactoryImpl.vertx(VertxFactoryImpl.java:34)
at io.vertx.core.Vertx.vertx(Vertx.java:79)
at com.redhat.developers.msa.aloha.AlohaApplication.main(AlohaApplication.java:24)
修改 SCC(Security Context Control),为 sa default 授予 anyuid SCC,允许该 sa 以任何用户在容器中操作。
如果 Dockerfile 中定义了 USER,就是使用该 USER;如果 Dockerfile 中没有定义了 USER,就使用 root。
oc login -u system:admin
oadm policy add-scc-to-user anyuid -z default
oc edit scc anyuid
看到如下信息就对了:
users:
- system:serviceaccount:helloworld-msa:default
删除失败的 pod,会自动创建一个新的 pod,这次启动成功了。
(5)hello
oc new-app registry.example.com:5000/redhatmsa/hello --insecure-registry
oc expose svc hello --hostname=hello-helloworld-msa.rhel-cdk.10.1.2.2.xip.io
curl http://hello-helloworld-msa.rhel-cdk.10.1.2.2.xip.io/api/hello(在 MAC 上操作)
(6)bonjour
oc new-app registry.example.com:5000/redhatmsa/bonjour --insecure-registry
oc expose svc bonjour --hostname=bonjour-helloworld-msa.rhel-cdk.10.1.2.2.xip.io
curl http://bonjour-helloworld-msa.rhel-cdk.10.1.2.2.xip.io/api/bonjour(在 MAC 上操作)
(7)frontend
oc new-app registry.example.com:5000/redhatmsa/frontend --insecure-registry
oc expose svc frontend --hostname=frontend-helloworld-msa.rhel-cdk.10.1.2.2.xip.io
(8)api-gateway
oc new-app registry.example.com:5000/redhatmsa/api-gateway --insecure-registry
oc expose svc api-gateway --hostname=api-gateway-helloworld-msa.rhel-cdk.10.1.2.2.xip.io
发现 service 暴露的 8778 端口不对,应该是 8080
oc get svc -o wide
oc delete svc api-gateway
oc expose dc api-gateway --port=8080
oc delete route api-gateway
oc expose svc api-gateway --hostname=api-gateway-helloworld-msa.rhel-cdk.10.1.2.2.xip.io
(9)hystrix-dashboard
下载 http://central.maven.org/maven2/io/fabric8/kubeflix/packages/kubeflix/1.0.17/kubeflix-1.0.17-kubernetes.yml
把 image: "hystrix-dashboard:1.0.17"
修改为 image: "registry.example.com:5000/fabric8/hystrix-dashboard:1.0.17"
把 image: "fabric8/turbine-server:1.0.17"
修改为 image: "registry.example.com:5000/fabric8/turbine-server:1.0.17"
scp kubeflix-1.0.17-kubernetes.yml root@192.168.56.111:/root/
oc create -f kubeflix-1.0.17-kubernetes.yml
oc new-app kubeflix --insecure-registry=true
oc expose service hystrix-dashboard --port=8080 --hostname=hystrix-dashboard-helloworld-msa.rhel-cdk.10.1.2.2.xip.io
oc policy add-role-to-user admin system:serviceaccount:helloworld-msa:turbine
oc expose svc turbine-server --port=8080 --hostname=turbine-server-helloworld-msa.rhel-cdk.10.1.2.2.xip.io
发现 hystrix-dashboard pod 启动成功,但是 log 中有错误信息:
java.io.FileNotFoundException: /opt/jetty/jetty.state (Permission denied)
修改 SCC(Security Context Control),为 sa ribbon 授予 anyuid SCC,允许该 sa 以任何用户在容器中操作。
如果 Dockerfile 中定义了 USER,就是使用该 USER;如果 Dockerfile 中没有定义了 USER,就使用 root。
oc login -u system:admin
oadm policy add-scc-to-user anyuid -z ribbon
oc edit scc anyuid
看到如下信息就对了:
users:
- system:serviceaccount:helloworld-msa:ribbon
删除失败的 pod,会自动创建一个新的 pod,这次启动成功,并且没有错误。
如果有错,执行以下操作清理:
oc delete template kubeflix
oc delete sa ribbon
oc delete sa turbine
oc delete svc hystrix-dashboard
oc delete svc turbine-server
oc delete rc hystrix-dashboard
oc delete rc turbine-server
oc delete route hystrix-dashboard
oc delete deployments.extensions turbine-server
5. 增加项到 /etc/hosts (在 MAC 机器上操作)
192.168.56.113 hola-helloworld-msa.rhel-cdk.10.1.2.2.xip.io
192.168.56.113 namaste-helloworld-msa.rhel-cdk.10.1.2.2.xip.io
192.168.56.113 ola-helloworld-msa.rhel-cdk.10.1.2.2.xip.io
192.168.56.113 aloha-helloworld-msa.rhel-cdk.10.1.2.2.xip.io
192.168.56.113 hello-helloworld-msa.rhel-cdk.10.1.2.2.xip.io
192.168.56.113 frontend-helloworld-msa.rhel-cdk.10.1.2.2.xip.io
192.168.56.113 api-gateway-helloworld-msa.rhel-cdk.10.1.2.2.xip.io
192.168.56.113 hystrix-dashboard-helloworld-msa.rhel-cdk.10.1.2.2.xip.io
192.168.56.113 turbine-server-helloworld-msa.rhel-cdk.10.1.2.2.xip.io
https://github.com/redhat-helloworld-msa/ 是红帽提供的一个非常好的微服务运行在 OpenShift 上的例子。
本文根据 docker hub 上已有的镜像来部署微服务。
1. 下载微服务镜像 (在 MAC 机器上操作)
docker pull redhatmsa/hola
docker pull redhatmsa/frontend
docker pull redhatmsa/api-gateway
docker pull redhatmsa/namaste
docker pull redhatmsa/ola
docker pull redhatmsa/aloha
docker pull redhatmsa/hello
docker pull redhatmsa/bonjour
docker pull fabric8/hystrix-dashboard:1.0.17
docker pull fabric8/turbine-server:1.0.17
docker pull fabric8/zipkin-mysql:0.1.1
docker pull openzipkin/zipkin-query:1.40.2
docker save -o redhat-msa.tar.gz redhatmsa/hola redhatmsa/frontend redhatmsa/api-gateway redhatmsa/namaste redhatmsa/ola redhatmsa/aloha redhatmsa/hello redhatmsa/bonjour fabric8/hystrix-dashboard:1.0.17 fabric8/turbine-server:1.0.17 fabric8/zipkin-mysql:0.1.1 openzipkin/zipkin-query:1.40.2
scp redhat-msa.tar.gz root@192.168.56.112:/opt/ose/images/
2. 加载微服务镜像(在 Registry 机器上操作)
cd /opt/ose/images
docker load -i redhat-msa.tar.gz
docker tag redhatmsa/hola:latest registry.example.com:5000/redhatmsa/hola:latest
docker push registry.example.com:5000/redhatmsa/hola
docker tag redhatmsa/frontend:latest registry.example.com:5000/redhatmsa/frontend:latest
docker push registry.example.com:5000/redhatmsa/frontend
docker tag redhatmsa/api-gateway:latest registry.example.com:5000/redhatmsa/api-gateway:latest
docker push registry.example.com:5000/redhatmsa/api-gateway
docker tag redhatmsa/namaste:latest registry.example.com:5000/redhatmsa/namaste:latest
docker push registry.example.com:5000/redhatmsa/namaste
docker tag redhatmsa/ola:latest registry.example.com:5000/redhatmsa/ola:latest
docker push registry.example.com:5000/redhatmsa/ola
docker tag redhatmsa/aloha:latest registry.example.com:5000/redhatmsa/aloha:latest
docker push registry.example.com:5000/redhatmsa/aloha
docker tag redhatmsa/hello:latest registry.example.com:5000/redhatmsa/hello:latest
docker push registry.example.com:5000/redhatmsa/hello
docker tag redhatmsa/bonjour:latest registry.example.com:5000/redhatmsa/bonjour:latest
docker push registry.example.com:5000/redhatmsa/bonjour
docker tag fabric8/hystrix-dashboard:1.0.17 registry.example.com:5000/fabric8/hystrix-dashboard:1.0.17
docker push registry.example.com:5000/fabric8/hystrix-dashboard:1.0.17
docker tag fabric8/turbine-server:1.0.17 registry.example.com:5000/fabric8/turbine-server:1.0.17
docker push registry.example.com:5000/fabric8/turbine-server:1.0.17
docker tag fabric8/zipkin-mysql:0.1.1 registry.example.com:5000/fabric8/zipkin-mysql:0.1.1
docker push registry.example.com:5000/fabric8/zipkin-mysql:0.1.1
docker tag openzipkin/zipkin-query:1.40.2 registry.example.com:5000/openzipkin/zipkin-query:1.40.2
docker push registry.example.com:5000/openzipkin/zipkin-query:1.40.2
3. 创建一个 admin 用户,并且赋予权限 (在 Master 机器上操作)
htpasswd -b /etc/origin/master/htpasswd admin admin
oadm policy add-cluster-role-to-user admin admin
4. 安装与配置各个微服务 (在 Master 机器上操作)
oc new-project helloworld-msa
(1)hola
oc new-app registry.example.com:5000/redhatmsa/hola --insecure-registry
oc expose svc hola --hostname=hola-helloworld-msa.rhel-cdk.10.1.2.2.xip.io
curl http://hola-helloworld-msa.rhel-cdk.10.1.2.2.xip.io/api/hola (在 MAC 上操作)
(2)namaste
oc new-app registry.example.com:5000/redhatmsa/namaste --insecure-registry
oc expose svc namaste --hostname=namaste-helloworld-msa.rhel-cdk.10.1.2.2.xip.io
curl http://namaste-helloworld-msa.rhel-cdk.10.1.2.2.xip.io/api/namaste(在 MAC 上操作)
发现 service 暴露的 8778 端口不对,应该是 8080
oc get svc -o wide
oc delete svc namaste
oc expose dc namaste --port=8080
oc delete route namaste
oc expose svc namaste --hostname=namaste-helloworld-msa.rhel-cdk.10.1.2.2.xip.io
(3)ola
oc new-app registry.example.com:5000/redhatmsa/ola --insecure-registry
oc expose svc ola --hostname=ola-helloworld-msa.rhel-cdk.10.1.2.2.xip.io
curl http://ola-helloworld-msa.rhel-cdk.10.1.2.2.xip.io/api/ola(在 MAC 上操作)
发现 service 暴露的 8778 端口不对,应该是 8080
oc get svc -o wide
oc delete svc ola
oc expose dc ola --port=8080
oc delete route ola
oc expose svc ola --hostname=ola-helloworld-msa.rhel-cdk.10.1.2.2.xip.io
(4)aloha
oc new-app registry.example.com:5000/redhatmsa/aloha --insecure-registry
oc expose svc aloha --hostname=aloha-helloworld-msa.rhel-cdk.10.1.2.2.xip.io
curl http://aloha-helloworld-msa.rhel-cdk.10.1.2.2.xip.io/api/aloha(在 MAC 上操作)
发现 service 暴露的 8778 端口不对,应该是 8080
oc get svc -o wide
oc delete svc aloha
oc expose dc aloha --port=8080
oc delete route aloha
oc expose svc aloha --hostname=aloha-helloworld-msa.rhel-cdk.10.1.2.2.xip.io
发现 aloha pod 启动失败
I> No access restrictor found, access to all MBean is allowed
Jolokia: Agent started with URL http://10.128.0.22:8778/jolokia/
Exception in thread "main" java.lang.IllegalStateException: Failed to create cache dir
at io.vertx.core.impl.FileResolver.setupCacheDir(FileResolver.java:256)
at io.vertx.core.impl.FileResolver.
at io.vertx.core.impl.VertxImpl.
at io.vertx.core.impl.VertxImpl.
at io.vertx.core.impl.VertxImpl.
at io.vertx.core.impl.VertxFactoryImpl.vertx(VertxFactoryImpl.java:34)
at io.vertx.core.Vertx.vertx(Vertx.java:79)
at com.redhat.developers.msa.aloha.AlohaApplication.main(AlohaApplication.java:24)
修改 SCC(Security Context Control),为 sa default 授予 anyuid SCC,允许该 sa 以任何用户在容器中操作。
如果 Dockerfile 中定义了 USER,就是使用该 USER;如果 Dockerfile 中没有定义了 USER,就使用 root。
oc login -u system:admin
oadm policy add-scc-to-user anyuid -z default
oc edit scc anyuid
看到如下信息就对了:
users:
- system:serviceaccount:helloworld-msa:default
删除失败的 pod,会自动创建一个新的 pod,这次启动成功了。
(5)hello
oc new-app registry.example.com:5000/redhatmsa/hello --insecure-registry
oc expose svc hello --hostname=hello-helloworld-msa.rhel-cdk.10.1.2.2.xip.io
curl http://hello-helloworld-msa.rhel-cdk.10.1.2.2.xip.io/api/hello(在 MAC 上操作)
(6)bonjour
oc new-app registry.example.com:5000/redhatmsa/bonjour --insecure-registry
oc expose svc bonjour --hostname=bonjour-helloworld-msa.rhel-cdk.10.1.2.2.xip.io
curl http://bonjour-helloworld-msa.rhel-cdk.10.1.2.2.xip.io/api/bonjour(在 MAC 上操作)
(7)frontend
oc new-app registry.example.com:5000/redhatmsa/frontend --insecure-registry
oc expose svc frontend --hostname=frontend-helloworld-msa.rhel-cdk.10.1.2.2.xip.io
(8)api-gateway
oc new-app registry.example.com:5000/redhatmsa/api-gateway --insecure-registry
oc expose svc api-gateway --hostname=api-gateway-helloworld-msa.rhel-cdk.10.1.2.2.xip.io
发现 service 暴露的 8778 端口不对,应该是 8080
oc get svc -o wide
oc delete svc api-gateway
oc expose dc api-gateway --port=8080
oc delete route api-gateway
oc expose svc api-gateway --hostname=api-gateway-helloworld-msa.rhel-cdk.10.1.2.2.xip.io
(9)hystrix-dashboard
下载 http://central.maven.org/maven2/io/fabric8/kubeflix/packages/kubeflix/1.0.17/kubeflix-1.0.17-kubernetes.yml
把 image: "hystrix-dashboard:1.0.17"
修改为 image: "registry.example.com:5000/fabric8/hystrix-dashboard:1.0.17"
把 image: "fabric8/turbine-server:1.0.17"
修改为 image: "registry.example.com:5000/fabric8/turbine-server:1.0.17"
scp kubeflix-1.0.17-kubernetes.yml root@192.168.56.111:/root/
oc create -f kubeflix-1.0.17-kubernetes.yml
oc new-app kubeflix --insecure-registry=true
oc expose service hystrix-dashboard --port=8080 --hostname=hystrix-dashboard-helloworld-msa.rhel-cdk.10.1.2.2.xip.io
oc policy add-role-to-user admin system:serviceaccount:helloworld-msa:turbine
oc expose svc turbine-server --port=8080 --hostname=turbine-server-helloworld-msa.rhel-cdk.10.1.2.2.xip.io
发现 hystrix-dashboard pod 启动成功,但是 log 中有错误信息:
java.io.FileNotFoundException: /opt/jetty/jetty.state (Permission denied)
修改 SCC(Security Context Control),为 sa ribbon 授予 anyuid SCC,允许该 sa 以任何用户在容器中操作。
如果 Dockerfile 中定义了 USER,就是使用该 USER;如果 Dockerfile 中没有定义了 USER,就使用 root。
oc login -u system:admin
oadm policy add-scc-to-user anyuid -z ribbon
oc edit scc anyuid
看到如下信息就对了:
users:
- system:serviceaccount:helloworld-msa:ribbon
删除失败的 pod,会自动创建一个新的 pod,这次启动成功,并且没有错误。
如果有错,执行以下操作清理:
oc delete template kubeflix
oc delete sa ribbon
oc delete sa turbine
oc delete svc hystrix-dashboard
oc delete svc turbine-server
oc delete rc hystrix-dashboard
oc delete rc turbine-server
oc delete route hystrix-dashboard
oc delete deployments.extensions turbine-server
5. 增加项到 /etc/hosts (在 MAC 机器上操作)
192.168.56.113 hola-helloworld-msa.rhel-cdk.10.1.2.2.xip.io
192.168.56.113 namaste-helloworld-msa.rhel-cdk.10.1.2.2.xip.io
192.168.56.113 ola-helloworld-msa.rhel-cdk.10.1.2.2.xip.io
192.168.56.113 aloha-helloworld-msa.rhel-cdk.10.1.2.2.xip.io
192.168.56.113 hello-helloworld-msa.rhel-cdk.10.1.2.2.xip.io
192.168.56.113 frontend-helloworld-msa.rhel-cdk.10.1.2.2.xip.io
192.168.56.113 api-gateway-helloworld-msa.rhel-cdk.10.1.2.2.xip.io
192.168.56.113 hystrix-dashboard-helloworld-msa.rhel-cdk.10.1.2.2.xip.io
192.168.56.113 turbine-server-helloworld-msa.rhel-cdk.10.1.2.2.xip.io
没有评论:
发表评论