Rancher的部署
一、系统初始化
1)设置IP地址和主机名称
hostnamectl set-hostname rancher
2)添加地址解析和开启路由转发
cat >>/etc/hosts<<EOF
192.168.180.210 rancher
192.168.180.200 node1
192.168.180.190 node2
EOF
vim/etc/sysctl.conf
net.ipv4.ip_forward= 1
sysctl -p
3)关闭防火墙和Selinux
systemctl stop firewalld.service && systemctl disable firewalld.service
sed -i ‘/^SELINUX=/s/enforcing/disabled/’ /etc/selinux/config && setenforce 0
二、安装并启动Docker
1)安装依赖包
yum install -y yum-utils device-mapper-persistent-data lvm2
2)添加信息源
yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
3)更新并安装docker
yum makecache fast
yum -y install docker-ce docker-ce-cli containerd.io
4)Docker镜像加速
mkdir /etc/docker
vim /etc/docker/daemon.json
{
“registry-mirrors”: [“https://6bs5y5lw.mirror.aliyuncs.com”]
}
systemctl daemon-reload && systemctl restart docker && systemctl enable docker
三、部署rancher
docker run -d --restart=unless-stopped -p 80:80 -p 443:443 rancher/rancher:v2.0.8
https://192.168.180.210
四、自定义群集
1) 添加群集
OpenShift Origin部署
一、基本配置:
1、设置主机名:
hostnamectl set-hostname master.example.com && bash
hostnamectl set-hostname node1.example.com && bash
hostnamectl set-hostname node2.example.com && bash
2、关闭防火墙
systemctl disable firewalld && systemctl stop firewalld
getenforce 1 (selinux必须处于Enforcing状态)
3、添加/etc/hosts
cat >>/etc/hosts<<EOF
192.168.180.210 master.example.com
192.168.180.200 node1.example.com
192.168.180.190 node2.example.com
EOF
4、安装基础包
yum install ntp unzip lrzsz vim wget git net-tools bind-utils yum-utils iptables-services bridge-utils bash-completion kexec-tools sos psacct -y
将系统更新到最新版本
yum -y update
reboot
5、安装EPEL源
wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
yum install ansible pyOpenSSL -y
6、下载Openshift origin 3.11源码(Master主机上执行)
#git clone -b release-3.11 https://github.com/openshift/openshift-ansible.git —>下载软件包
7、所有节点都要修改内核参数
cat >>/etc/sysctl.conf<<EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
EOF
modprobe br_netfilter
sysctl -p
8、所有节点都要安装docker
yum -y install docker
systemctl enable docker
sudo mkdir -p /etc/docker
sudo tee /etc/docker/daemon.json <<-‘EOF’
{
“dns”:[“119.29.29.29”],
“registry-mirrors”:[“https://l8e41nna.mirror.aliyuncs.com”]
}
EOF
sudo systemctl daemon-reload
sudo systemctl restart docker
9、在Master节点上执行免密登录
ssh-keygen
ssh-copy-id root@master.example.com
ssh-copy-id root@node1.example.com
ssh-copy-id root@node2.example.com
10、安装OpenShift工具(所有节点)
yum -y install atomic atomic-openshift-utils
yum -y install centos-release-openshift-origin311
vim /etc/yum.repos.d/CentOS-OpenShift-Origin311.repo
[centos-openshift-origin311]
name=CentOS OpenShift Origin
baseurl=https://mirrors.aliyun.com/centos/7/paas/x86_64/openshift-origin311/
enabled=1
gpgcheck=0
sed -i 8d /etc/yum.repos.d/CentOS-ANSIBLE.repo
sed -i 9cbaseurl=https://mirror.tuna.tsinghua.edu.cn/epel/7/x86_64/ /etc/yum.repos.d/CentOS-ANSIBLE.repo
sed -i s/gpgcheck=1/gpgcheck=0/ /etc/yum.repos.d/CentOS-ANSIBLE.repo
二、配置Ansible(Master主机上执行)
mv /etc/ansible/hosts /etc/ansible/hosts.bak
vim /etc/ansible/hosts
[OSEv3:children]
masters
nodes
etcd
[OSEv3:vars]
ansible_ssh_user=root
openshift_deployment_type=origin
openshift_master_identity_providers=[{‘name’: ‘htpasswd_auth’, ‘login’: ‘true’, ‘challenge’: ‘true’,‘kind’: ‘HTPasswdPasswordIdentityProvider’}]
openshift_disable_check=disk_availability,docker_storage,memory_availability,docker_image_availability,package_version,package_availability
openshift_docker_insecure_registries=172.30.0.0/16
[masters]
master.example.com
[etcd]
master.example.com
[nodes]
master.example.com openshift_node_group_name=‘node-config-all-in-one’
node1.example.com openshift_node_group_name=‘node-config-compute’
node2.example.com openshift_node_group_name=‘node-config-compute’
三、部署并访问OpenShift
上传提供的openshift-master.tgz 到Master
解压后,使用sh load.sh载入镜像
上传提供的openshift-node1.tgz 到node1
解压后,使用sh load.sh载入镜像
上传提供的openshift-node2.tgz 到node2
解压后,使用sh load.sh载入镜像
解压openshift.git.tgz后,进入openshift-ansible
cd openshift-ansible
ansible-playbook playbooks/prerequisites.yml
ansible-playbook playbooks/deploy_cluster.yml
打开web界面 https://master.example.com:8443
排错命令
出现的错误提示:fatal: [master.example.com]: FAILED! => {“changed”: false, “msg”: “Control plane pods didn’t come up”}
journalctl -flu docker.service
各种报错后,先卸载,再尝试安装
卸载命令:
ansible-playbook ./playbooks/adhoc/uninstall.yml
多次安装导致证书不一致导致node认证master失败,也可以执行证书重新生成操作
ansible-playbook ./playbooks/redeploy-certificates.yml
四、管理OpenShift
1、创建集群管理员
htpasswd -b /etc/origin/master/htpasswd admin admin
oc adm policy add-cluster-role-to-user cluster-admin admin
查看
oc get user
创建项目:
oc new-project myproject
配置权限:
oc login -u system:admin
oc project myproject
oc adm policy add-scc-to-user privileged system:serviceaccount:default:router
oc adm policy add-scc-to-user privileged system:serviceaccount:myproject:admin
oc adm policy add-scc-to-user anyuid system:serviceaccount:myproject:admin
oc adm policy add-scc-to-group anyuid system:authenticated
oc adm policy add-scc-to-user anyuid -z default
vim Dockerfile
FROM centos:7
MAINTAINER openshift
RUN yum -y install wget &&
wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo &&
yum -y install nginx &&
rm -f /usr/share/nginx/html/index.html &&
echo “This is my first project for Openshift Origin” > /usr/share/nginx/html/index.html &&
yum clean all &&
rm -rf /tmp/*
EXPOSE 80
CMD [“/usr/sbin/nginx”,“-g”,“daemon off;”]
docker build -t docker-registry.default.svc:5000/myproject/nginx . --network host
oc login -u admin -p admin
oc whoami -t 命令会产生以下的token
Pt2E5vwBbLKpSW4hKFBTZ1azCcasBk52NPsszQ6sc40
docker login -u admin -p Pt2E5vwBbLKpSW4hKFBTZ1azCcasBk52NPsszQ6sc40 docker-registry.default.svc:5000
docker push docker-registry.default.svc:5000/myproject/nginx
oc get all
oc new-app docker-registry.default.svc:5000/myproject/nginx --name=nginx
oc expose svc/nginx
oc get route
curl nginx-myproject.router.default.svc.cluster.local
oc edit routes/nginx
修改以下内容 host: nginx.master.example.com
echo “192.168.180.210 nginx.master.example.com” >> /etc/hosts
curl nginx.master.example.com