部署 一、准备机器 master1
如果本地安装的centos,需要配置网络,网卡名字可能不一样
1 2 3 4 5 6 7 8 9 10 11 12 13 14 vi /etc/sysconfig/network-scripts/ifcfg-eth0 ONBOOT=yes BOOTPROTO=none IPADDR=192.168.242.140 PREFIX=16 GATEWAY=192.168.1.3 DNS1=192.168.1.3 service network restart
二、配置yum 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 vi /etc/yum.conf yum update cp -rp /etc/yum.repos.d/ /etc/yum.repos.d.bak/ rm -rf /etc/yum.repos.d/* vi all.repo yum clean all yum makecache
all.repo
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 [base] name=CentOS-$releasever - Base baseurl=http://mirrors.aliyun.com/centos/$releasever/os/$basearch/ gpgcheck=0 [updates] name=CentOS-$releasever - Updates baseurl=http://mirrors.aliyun.com/centos/$releasever/updates/$basearch/ gpgcheck=0 [extras] name=CentOS-$releasever - Extras baseurl=http://mirrors.aliyun.com/centos/$releasever/extras/$basearch/ gpgcheck=0 [openshift] name=Openshift baseurl=http://mirrors.aliyun.com/centos/$releasever/paas/$basearch/openshift-origin311/ gpgcheck=0 [epel] name=Centos EPEL baseurl=http://mirrors.aliyun.com/epel/7/x86_64/ gpgcheck=0
三、安装ansible 在master机器上进行
1 2 3 curl https://releases.ansible.com/ansible/rpm/release/epel-7-x86_64/ansible-2.6.8-1.el7.ans.noarch.rpm -O yum install ansible-2.6.8-1.el7.ans.noarch.rpm yum install httpd-tools java-1.8.0-openjdk-headless python-passlib pyOpenSSL
四、配置hosts和免密登录 在master机器上进行
1、配置master的hosts文件
1 2 3 4 5 192.168.242.140 master 192.168.242.141 master1 192.168.242.142 router1 192.168.242.143 node1 192.168.242.144 node2
2、配置免密登录
1 2 3 4 5 ssh-keygen -t rsa ssh-copy-id -i ~/.ssh/id_rsa.pub master1 ssh-copy-id -i ~/.ssh/id_rsa.pub router1 ssh-copy-id -i ~/.ssh/id_rsa.pub node1 ssh-copy-id -i ~/.ssh/id_rsa.pub node2
五、准备inventory 更多详细参数请参考官方文档:https://access.redhat.com/documentation/zh-cn/openshift_container_platform/3.11/html/installing_clusters/multiple-masters
vi /etc/ansible/hosts
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 [OSEv3:children] masters nodes etcd [OSEv3:vars] ansible_ssh_user=root openshift_deployment_type=origin #openshift_release="3.11" openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', 'challenge': 'true', 'kind': 'HTPasswdPasswordIdentityProvider'}] openshift_public_hostname=okd.yuako.dev openshift_master_default_subdomain=yuako.dev openshift_ca_cert_expire_days=3650 openshift_node_cert_expire_days=3650 openshift_master_cert_expire_days=3650 etcd_ca_default_days=3650 #openshift_hosted_manage_registry=false openshift_disable_check=memory_availability,disk_availability,docker_image_availability,docker_storage #openshift_enable_service_catalog=false #template_service_broker_install=false #ansible_service_broker_install=false #osn_storage_plugin_deps=[] #openshift_enable_service_catalog=false #openshift_cluster_monitoring_operator_install=false [masters] master1 [etcd] master1 [nodes] master1 openshift_node_group_name='node-config-master' node1 openshift_node_group_name='node-config-compute' node2 openshift_node_group_name='node-config-compute' router1 openshift_node_group_name='node-config-infra'
六、安装 主机名:
1 ansible all -m shell -a "hostnamectl set-hostname --static {{ inventory_hostname }}"
YUM:
1 2 3 4 cp /etc/yum.repos.d/all.repo /tmp/ ansible all -m shell -a "rm -rf /etc/yum.repos.d/*" ansible all -m shell -a 'sed -i "s/plugins=1/plugins=0/g" /etc/yum.conf' ansible all -m copy -a "src=/tmp/all.repo dest=/etc/yum.repos.d/all.repo"
/etc/hosts:
1 ansible all -m copy -a 'src=/etc/hosts dest=/etc/hosts'
集群节点selinux设置(需要重启生效)
1 2 ansible all -m shell -a 'sed -i "s/^SELINUX=disabled/SELINUX=permissive/g" /etc/selinux/config' ansible all -m shell -a 'reboot'
下载安装程序,https://github.com/openshift/openshift-ansible/tags,选择一个最新的3.11版本下载,解压。
1 2 cd openshift-ansible-release-3.11 sed -i "s/^enabled=1/enabled=0/g" roles/openshift_repos/templates/CentOS-OpenShift-Origin311.repo.j2
安装
1 2 ansible-playbook ~/openshift-ansible/playbooks/prerequisites.yml ansible-playbook ~/openshift-ansible/playbooks/deploy_cluster.yml
卸载
1 ansible-playbook ~/openshift-ansible/playbooks/adhoc/uninstall.yml
七、创建管理员用户和密码 1 2 ansible masters -m shell -a 'htpasswd -b /etc/origin/master/htpasswd admin admin' ansible masters -m shell -a 'oc adm policy add-cluster-role-to-user cluster-admin admin'
即可用admin/admin登录
八、常见问题 1、Privileged containers are not allowed spec.initContainers[1].securityContext.privileged: Invalid value: true 权限问题,-n后面是namespace也就是project
1 oc adm policy add-scc-to-user privileged -z default -n efk
2、Error: EACCES: permission denied, mkdir 权限问题,没有写入到指定目录权限
配置私有存储,指定分配路径
直接分配权限(生产环境不建议)
1 oc adm policy add-scc-to-user anyuid -z default