1. SSH 互信配置(在 Master 上操作)
ssh-keygen;
for i in master.example.com node1.example.com node2.example.com;
do
ssh-copy-id $i;
done;
2. 安装(在 Master 上操作)
cat > /etc/ansible/hosts <<EOF
[OSEv3:children]
masters
nodes
[OSEv3:vars]
ansible_ssh_user=root
deployment_type=openshift-enterprise
openshift_release=v3.5
#oreg_url=registry.example.com:5000/openshift3/ose-${component}:${version}
openshift_docker_additional_registries=registry.example.com:5000
openshift_docker_insecure_registries=registry.example.com:5000
openshift_examples_modify_imagestreams=true
openshift_cockpit_deployer_prefix=registry.example.com:5000/openshift3/
openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', 'challenge': 'true', 'kind': 'HTPasswdPasswordIdentityProvider', 'filename': '/etc/origin/master/htpasswd'}]
openshift_clock_enabled=true
openshift_hosted_router_selector="infra=true"
openshift_hosted_registry_selector="infra=true"
#openshift_master_cluster_method=native
#openshift_master_cluster_hostname=master.example.com
#openshift_master_cluster_public_hostname=master.example.com
#openshift_master_default_subdomain=apps.example.com
#openshift_node_kubelet_args={'pods-per-core': ['10'], 'max-pods':['25']}
[masters]
master.example.com
[nodes]
master.example.com
node1.example.com openshift_node_labels="{'infra': 'true'}"
EOF
说明:
(1)注释 oreg_url=registry.example.com:5000/openshift3/ose-${component}:${version}
经过多次实验,发现这个参数会引起如下错误,因此将其注释:
TASK [openshift_master : Start and enable master] ******************************
FAILED - RETRYING: TASK: openshift_master : Start and enable master (1 retries left).
fatal: [master.example.com]: FAILED! => {
"attempts": 1,
"changed": false,
"failed": true
}
MSG:
Unable to start service atomic-openshift-master: Job for atomic-openshift-master.service failed because the control process exited with error code. See "systemctl status atomic-openshift-master.service" and "journalctl -xe" for details
(2)增加 openshift_cockpit_deployer_prefix=registry.example.com:5000/openshift3/
这样就可以正确 pull 到 registry-console 镜像。如果不加,它会到 registry.access.redhat.com 去 pull 镜像,是无法成功的。
执行安装脚本
ansible-playbook /usr/share/ansible/openshift-ansible/playbooks/byo/config.yml;
安装大概需要 11 分钟,安装成功,最后会输出:
PLAY RECAP *********************************************************************
localhost : ok=8 changed=0 unreachable=0 failed=0
master.example.com : ok=524 changed=140 unreachable=0 failed=0
node1.example.com : ok=217 changed=60 unreachable=0 failed=0
node2.example.com : ok=217 changed=60 unreachable=0 failed=0
如果安装失败,查看错误,修改 hosts 脚本,然后运行以下命令清理环境,再重装
ansible-playbook /usr/share/ansible/openshift-ansible/playbooks/adhoc/uninstall.yml
卸载 atomic-openshift-utils(在各个机器上操作)
yum remove atomic-openshift-utils
3. 安装后检查(在 Master 上操作)
oc get node --show-labels
输出如下:
NAME STATUS AGE LABELS
master.example.com Ready,SchedulingDisabled 5m beta.kubernetes.io/arch=amd64,beta.kubernetes.io/os=linux,kubernetes.io/hostname=master.example.com
node1.example.com Ready 5m beta.kubernetes.io/arch=amd64,beta.kubernetes.io/os=linux,kubernetes.io/hostname=node1.example.com
node2.example.com Ready 5m beta.kubernetes.io/arch=amd64,beta.kubernetes.io/os=linux,kubernetes.io/hostname=node2.example.com
oc get pod -o wide
输出如下:
NAME READY STATUS RESTARTS AGE IP NODE
docker-registry-1-9v8rt 1/1 Running 0 6m 10.129.0.4 node1.example.com
registry-console-1-n8prf 1/1 Running 0 5m 10.130.0.3 node2.example.com
router-1-9vnv6 1/1 Running 0 6m 192.168.56.113 node1.example.com
至此,说明安装成功!
4. 检查所有机器的 /etc/sysconfig/docker 文件内容 (在 Master、Node1、Node2 上操作)
OpenShift 成功安装后,会重置 /etc/sysconfig/docker文件,为保证后面使用正常,需要把这些文件改成正确的内容。
经过确认,Master、Node1、Node2 上的这个文件都是正确的。
如果不放心,运行以下脚本:
cp /etc/sysconfig/docker /etc/sysconfig/docker.bak.$(date "+%Y%m%d%H%M%S");
sed -i s/".*OPTIONS=.*"/"OPTIONS='--selinux-enabled --insecure-registry 172.30.0.0\/16 --insecure-registry registry.example.com:5000'"/g /etc/sysconfig/docker;
sed -i 's/registry.access.redhat.com/registry.example.com:5000/g' /etc/sysconfig/docker;
systemctl restart docker
ssh-keygen;
for i in master.example.com node1.example.com node2.example.com;
do
ssh-copy-id $i;
done;
2. 安装(在 Master 上操作)
cat > /etc/ansible/hosts <<EOF
[OSEv3:children]
masters
nodes
[OSEv3:vars]
ansible_ssh_user=root
deployment_type=openshift-enterprise
openshift_release=v3.5
#oreg_url=registry.example.com:5000/openshift3/ose-${component}:${version}
openshift_docker_additional_registries=registry.example.com:5000
openshift_docker_insecure_registries=registry.example.com:5000
openshift_examples_modify_imagestreams=true
openshift_cockpit_deployer_prefix=registry.example.com:5000/openshift3/
openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', 'challenge': 'true', 'kind': 'HTPasswdPasswordIdentityProvider', 'filename': '/etc/origin/master/htpasswd'}]
openshift_clock_enabled=true
openshift_hosted_router_selector="infra=true"
openshift_hosted_registry_selector="infra=true"
#openshift_master_cluster_method=native
#openshift_master_cluster_hostname=master.example.com
#openshift_master_cluster_public_hostname=master.example.com
#openshift_master_default_subdomain=apps.example.com
#openshift_node_kubelet_args={'pods-per-core': ['10'], 'max-pods':['25']}
master.example.com
[nodes]
master.example.com
node1.example.com openshift_node_labels="{'infra': 'true'}"
node2.example.com
说明:
(1)注释 oreg_url=registry.example.com:5000/openshift3/ose-${component}:${version}
经过多次实验,发现这个参数会引起如下错误,因此将其注释:
TASK [openshift_master : Start and enable master] ******************************
FAILED - RETRYING: TASK: openshift_master : Start and enable master (1 retries left).
fatal: [master.example.com]: FAILED! => {
"attempts": 1,
"changed": false,
"failed": true
}
MSG:
Unable to start service atomic-openshift-master: Job for atomic-openshift-master.service failed because the control process exited with error code. See "systemctl status atomic-openshift-master.service" and "journalctl -xe" for details
(2)增加 openshift_cockpit_deployer_prefix=registry.example.com:5000/openshift3/
这样就可以正确 pull 到 registry-console 镜像。如果不加,它会到 registry.access.redhat.com 去 pull 镜像,是无法成功的。
ansible-playbook /usr/share/ansible/openshift-ansible/playbooks/byo/config.yml;
安装大概需要 11 分钟,安装成功,最后会输出:
PLAY RECAP *********************************************************************
localhost : ok=8 changed=0 unreachable=0 failed=0
master.example.com : ok=524 changed=140 unreachable=0 failed=0
node1.example.com : ok=217 changed=60 unreachable=0 failed=0
node2.example.com : ok=217 changed=60 unreachable=0 failed=0
如果安装失败,查看错误,修改 hosts 脚本,然后运行以下命令清理环境,再重装
ansible-playbook /usr/share/ansible/openshift-ansible/playbooks/adhoc/uninstall.yml
卸载 atomic-openshift-utils(在各个机器上操作)
yum remove atomic-openshift-utils
3. 安装后检查(在 Master 上操作)
oc get node --show-labels
输出如下:
NAME STATUS AGE LABELS
master.example.com Ready,SchedulingDisabled 5m beta.kubernetes.io/arch=amd64,beta.kubernetes.io/os=linux,kubernetes.io/hostname=master.example.com
node1.example.com Ready 5m beta.kubernetes.io/arch=amd64,beta.kubernetes.io/os=linux,kubernetes.io/hostname=node1.example.com
node2.example.com Ready 5m beta.kubernetes.io/arch=amd64,beta.kubernetes.io/os=linux,kubernetes.io/hostname=node2.example.com
oc get pod -o wide
输出如下:
NAME READY STATUS RESTARTS AGE IP NODE
docker-registry-1-9v8rt 1/1 Running 0 6m 10.129.0.4 node1.example.com
registry-console-1-n8prf 1/1 Running 0 5m 10.130.0.3 node2.example.com
router-1-9vnv6 1/1 Running 0 6m 192.168.56.113 node1.example.com
这里 registry、router、registry-console 安装成功。
如果 registry-console 安装失败,也可以后面手工安装 registry-console。
如果 registry-console 安装失败,也可以后面手工安装 registry-console。
4. 检查所有机器的 /etc/sysconfig/docker 文件内容 (在 Master、Node1、Node2 上操作)
OpenShift 成功安装后,会重置 /etc/sysconfig/docker文件,为保证后面使用正常,需要把这些文件改成正确的内容。
经过确认,Master、Node1、Node2 上的这个文件都是正确的。
如果不放心,运行以下脚本:
cp /etc/sysconfig/docker /etc/sysconfig/docker.bak.$(date "+%Y%m%d%H%M%S");
sed -i s/".*OPTIONS=.*"/"OPTIONS='--selinux-enabled --insecure-registry 172.30.0.0\/16 --insecure-registry registry.example.com:5000'"/g /etc/sysconfig/docker;
sed -i 's/registry.access.redhat.com/registry.example.com:5000/g' /etc/sysconfig/docker;
systemctl restart docker
没有评论:
发表评论