概述
根據(jù)官方文檔中的“高級(jí)安裝指南”的建議,如果想要搭建真正的滿足生產(chǎn)環(huán)境要求的 OpenShift 集群,我們需要借助配置管理工具 Ansible 來(lái)安裝 OpenShift 集群少态。本文所介紹的即為面向生產(chǎn)環(huán)境的高級(jí)安裝指南。
基礎(chǔ)設(shè)施配置清單
服務(wù)器需要三臺(tái):一臺(tái)主節(jié)點(diǎn)服務(wù)器,兩臺(tái)子節(jié)點(diǎn)服務(wù)器家厌,其中主節(jié)點(diǎn)服務(wù)器也會(huì)充當(dāng) NFS 文件共享存儲(chǔ)目錄和 etcd 數(shù)據(jù)持久化的服務(wù)器。
| 配置屬性 | master | node01 | node02 |
|---|---|---|---|
| CPU 邏輯內(nèi)核數(shù)量 | 4 | 4 | 4 |
| 內(nèi)存 | 16G | 8G | 8G |
| 硬盤 | 300G | 100G | 100G |
| 操作系統(tǒng) | CentOS 7 | CentOS 7 | CentOS 7 |
| hostname | master.example.com | node01.example.com | node02.example.com |
| 服務(wù)器 IP | 192.168.123.155 | 192.168.123.156 | 192.168.123.158 |
| root 用戶密碼 | handhand | handhand | handhand |
| 服務(wù)器角色 | 主控節(jié)點(diǎn)椎工,NFS | 計(jì)算節(jié)點(diǎn)饭于,load balancer | 計(jì)算節(jié)點(diǎn) |
主要服務(wù)組件清單
| 組件名稱 | 版本/分支 | 安裝來(lái)源 | 安裝節(jié)點(diǎn) | 備注 |
|---|---|---|---|---|
| docker | 1.12.6 | yum 軟件倉(cāng)庫(kù) | 所有節(jié)點(diǎn) | |
| VMware Harbor | 1.2.2 | Github | N/A | 由 gzregistry 服務(wù)器提供注冊(cè)服務(wù) |
| ansible | 2.4.0 | yum epel | 主節(jié)點(diǎn) | |
| openshift-ansible | release-3.6 | Github | 主節(jié)點(diǎn) | |
| OpenShift Origin | 3.6.1 | openshift-ansible / yum 軟件倉(cāng)庫(kù) | 主節(jié)點(diǎn) | |
| etcd | 3.1.9 | openshift-ansible / yum 軟件倉(cāng)庫(kù) | 主節(jié)點(diǎn) | ? |
關(guān)于 etcd 的版本問(wèn)題
根據(jù)安裝實(shí)測(cè),CentOS 軟件倉(cāng)庫(kù)提供的最新版本的 etcd 3.2.7 目前存在問(wèn)題维蒙,服務(wù)啟動(dòng)時(shí)報(bào)證書錯(cuò)誤掰吕,如下所示:
etcd started with error: transport: remote error: tls: bad certificate; please retry
所以目前我們?cè)?ansible 配置文件中認(rèn)為限定 etcd 的安裝版本為3.1.9
OpenShift 詳細(xì)安裝步驟
本章節(jié)將詳細(xì)介紹 OpenShift Origin 集群搭建的詳細(xì)過(guò)程。完整的安裝指南請(qǐng)?jiān)L問(wèn)官方鏈接:https://docs.openshift.org/latest/install_config/install/advanced_install.html
注意:以下列示的步驟需要在所有節(jié)點(diǎn)上實(shí)施颅痊。
為 CentOS 配置國(guó)內(nèi)鏡像源
mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.backup
curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
yum makecache
yum -y update && yum -y upgrade
添加 Host 映射
192.168.123.155 master.example.com master
192.168.123.155 nfs.example.com
192.168.123.156 lb.example.com
192.168.123.156 node01.example.com node01
192.168.123.158 node02.example.com node02
? 注意:以下步驟僅在“主節(jié)點(diǎn)”上實(shí)施殖熟。
配置 SSH 免密碼登陸
ssh-keygen -f ~/.ssh/id_rsa -N ''
for host in master.example.com node01.example.com node02.example.com
do
ssh-copy-id -i ~/.ssh/id_rsa.pub $host;
done
安裝基礎(chǔ)軟件包
yum -y install docker git wget net-tools bind-utils iptables-services bridge-utils bash-completion kexec-tools sos psacct
設(shè)置 Docker 為開機(jī)自啟動(dòng)并啟動(dòng) Docker 守護(hù)進(jìn)程
systemctl enable docker
systemctl start docker
移動(dòng) Docker 數(shù)據(jù)目錄至數(shù)據(jù)盤分區(qū) /u01
systemctl stop docker
mkdir -p /u01/var/lib
mv /var/lib/docker /u01/var/lib
ln -s /u01/var/lib/docker /var/lib/docker
systemctl start docker
安裝 Ansible
yum install -y epel-release
yum repolist
yum install -y ansible pyOpenSSL python-cryptography python-lxml
克隆倉(cāng)庫(kù) openshift-ansible 并切換至 release-3.6 分支
git clone -b release-3.6 https://github.com/openshift/openshift-ansible.git /usr/share/openshift-ansible
配置 ansible 庫(kù)存文件
編輯 /etc/ansible/hosts 文件并添加一下內(nèi)容:
# Create an OSEv3 group that contains the masters and nodes groups
[OSEv3:children]
masters
nodes
etcd
lb
# Set variables common for all OSEv3 hosts
[OSEv3:vars]
# SSH user, this user should allow ssh based auth without requiring a password
ansible_ssh_user=root
# If ansible_ssh_user is not root, ansible_become must be set to true
#ansible_become=true
openshift_deployment_type=origin
# Specify the generic release of OpenShift to install. This is used mainly just during installation, after which we
# rely on the version running on the first master. Works best for containerized installs where we can usually
# use this to lookup the latest exact version of the container images, which is the tag actually used to configure
# the cluster. For RPM installations we just verify the version detected in your configured repos matches this
# release.
openshift_release=v3.6
# Specify an exact container image tag to install or configure.
# WARNING: This value will be used for all hosts in containerized environments, even those that have another version installed.
# This could potentially trigger an upgrade and downtime, so be careful with modifying this value after the cluster is set up.
openshift_image_tag=v3.6.1
# Specify an exact rpm version to install or configure.
# WARNING: This value will be used for all hosts in RPM based environments, even those that have another version installed.
# This could potentially trigger an upgrade and downtime, so be careful with modifying this value after the cluster is set up.
openshift_pkg_version=-3.6.1
# uncomment the following to enable htpasswd authentication; defaults to DenyAllPasswordIdentityProvider
openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', 'challenge': 'true', 'kind': 'HTPasswdPasswordIdentityProvider', 'filename': '/etc/origin/master/htpasswd'}]
# Default login account: admin / handhand
openshift_master_htpasswd_users={'admin': '$apr1$gfaL16Jf$c.5LAvg3xNDVQTkk6HpGB1'}
# Specify exact version of etcd to configure or upgrade to.
etcd_version="3.1.9"
#openshift_repos_enable_testing=true
openshift_disable_check=disk_availability,docker_storage
docker_selinux_enabled=false
openshift_docker_options=" --log-driver=journald --storage-driver=overlay --registry-mirror=http://4a0fee72.m.daocloud.io "
# OpenShift Router Options
# Router selector (optional)
# Router will only be created if nodes matching this label are present.
# Default value: 'region=infra'
openshift_hosted_router_selector='region=infra,router=true'
# default subdomain to use for exposed routes
openshift_master_default_subdomain=app.example.com
# host group for masters
[masters]
master.example.com
# host group for etcd
[etcd]
master.example.com
# Load balancers
[lb]
lb.example.com
# host group for nodes, includes region info
[nodes]
master.example.com openshift_schedulable=true openshift_node_labels="{'region': 'infra', 'router': 'true'}"
node01.example.com openshift_schedulable=true openshift_node_labels="{'region': 'infra', 'router': 'true'}"
node02.example.com openshift_schedulable=true openshift_node_labels="{'region': 'infra', 'router': 'true'}"
運(yùn)行 ansible 手冊(cè)安裝 OpenShift Origin
ansible-playbook /usr/share/openshift-ansible/playbooks/byo/config.yml
配置 NFS 服務(wù)器
安裝依賴服務(wù)組件并啟動(dòng)服務(wù)
yum install -y nfs-utils rpcbind
rpm -qa | grep -E 'nfs-utils|rpcbind'
systemctl enable rpcbind
systemctl enable nfs
systemctl restart rpcbind
systemctl restart nfs
編輯 /etc/sysconfig/iptables 并新增一下內(nèi)容:
#
# NFS client access allowd settings
#
# The following line must be commented in order to make nfs work properly
#-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A INPUT -s 192.168.0.0/24 -p tcp --dport 2049 -j ACCEPT
保存配置并重啟 iptables 服務(wù):
service iptables save
service iptables restart
初始化 Persistent Volumes
這里借鑒 minishift 默認(rèn)的 pv 初始化,即預(yù)創(chuàng)建100個(gè) pv (pv0001 ~ pv0100 ) 初始化大小為100Gi
運(yùn)行一下腳本進(jìn)行初始化:
cd $OPENSHIFT_ADMIN/bin
./init-100-pvs.sh
在本機(jī)配置 hosts 映射
Windows 操作系統(tǒng)下編輯 C:\Windows\System32\drivers\etc\hosts
Linux / macOS 操作系統(tǒng)下編輯 /etc/hosts
添加一下內(nèi)容:
192.168.123.155 master.example.com
訪問(wèn) OpenShift Origin 主頁(yè)
訪問(wèn)以下地址確保 OpenShift Origin 可以正確訪問(wèn): https://master.example.com:8443/
用戶賬戶: admin / handhand
