openshift安装部署
前置准备工作:
1.每台主机准备好有公钥在 /root/.ssh/authorized_keys,私钥则存放在第一台主机的/root/.ssh/id_rsa
2.确定每台主机的私网IP地址是固定的。
3.设置DNS服务器,让openshift.iqyuan.com 指向 HAproxy的公网IP
4. 设置DNS服务器,让*.apps.iqyuan.com 指向 HAproxy的公网IP
5. 公网开放防火墙端口8443、80、443,由云平台提供开放。
6. 提前设定每台主机的hostname,建议加上域名,如 master1.iqyuan.com
设置命令如下: hostnamectl set-hostname master1.iqyuan.com
也可以通过云平台提供的编排功能提前设定主机名称.
脚本安装操作:
// 本教程需要精通linux的运维人员才具有理解能力.确保您能读懂如下脚本内容..任何疏忽的配置,都可能导致后续安装失败.
第一台主机第一阶段脚本:
- yum install -y epel-release
- yum -y install ansible lrzsz telnet wget pyOpenSSL
- wget http://mirrors.ustc.edu.cn/centos/7/os/x86_64/Packages/python-rhsm-certificates-1.19.10-1.el7_4.x86_64.rpm
- mkdir -p /etc/rhsm/ca/
- rpm2cpio python-rhsm-certificates-1.19.-.el7_4.x86_64.rpm | cpio -iv --to-stdout ./etc/rhsm/ca/redhat-uep.pem | tee /etc/rhsm/ca/redhat-uep.pem
- cat <<EOF > ~/.ssh/id_rsa
- -----BEGIN RSA PRIVATE KEY-----
- 私钥粘贴到这里.公钥提前放到各个主机对应目录,注意权限为600
- -----END RSA PRIVATE KEY-----
- EOF
- chmod ~/.ssh/id_rsa
- sed -i 's/GSSAPIAuthentication yes/StrictHostKeyChecking no/g' /etc/ssh/ssh_config
- sed -i 's/#forks = 5/forks = 15/g' /etc/ansible/ansible.cfg
- cat <<EOF > /etc/ansible/hosts
- master1.iqyuan.com
- [okd]
- haproxy1.iqyuan.com
- master2.iqyuan.com
- master3.iqyuan.com
- node1.iqyuan.com
- node2.iqyuan.com
- node3.iqyuan.com
- infra-node1.iqyuan.com
- infra-node2.iqyuan.com
- infra-node3.iqyuan.com
- EOF
- cat <<EOF > /etc/hosts
- 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
- :: localhost localhost.localdomain localhost6 localhost6.localdomain6
- 192.168.0.250 node1.iqyuan.com
- 192.168.0.251 node2.iqyuan.com
- 192.168.0.3 node3.iqyuan.com
- 192.168.0.1 infra-node1.iqyuan.com
- 192.168.0.252 infra-node2.iqyuan.com
- 192.168.0.2 infra-node3.iqyuan.com
- 192.168.0.249 master1.iqyuan.com
- 192.168.0.5 master2.iqyuan.com
- 192.168.0.6 master3.iqyuan.com
- 192.168.0.4 haproxy1.iqyuan.com openshift.iqyuan.com
- EOF
- for host in \
- haproxy1.iqyuan.com \
- master1.iqyuan.com \
- master2.iqyuan.com \
- master3.iqyuan.com \
- node1.iqyuan.com \
- node2.iqyuan.com \
- node3.iqyuan.com \
- infra-node1.iqyuan.com \
- infra-node2.iqyuan.com \
- infra-node3.iqyuan.com; \
- do scp /etc/hosts $host:/etc/ ; \
- done
- for host in \
- haproxy1.iqyuan.com \
- master1.iqyuan.com \
- master2.iqyuan.com \
- master3.iqyuan.com \
- node1.iqyuan.com \
- node2.iqyuan.com \
- node3.iqyuan.com \
- infra-node1.iqyuan.com \
- infra-node2.iqyuan.com \
- infra-node3.iqyuan.com; \
- do scp -r /etc/rhsm/ $host:/etc/ ; \
- done
- ansible all -m shell -a "wipefs -a /dev/vdb; wipefs -a /dev/vdc; sed -i 's/SELINUX=disabled/SELINUX=enforcing/g' /etc/selinux/config; yum update -y"
- ansible okd -m shell -a "systemctl reboot"
- #暂停2秒
- sleep
- reboot
第二阶段脚本:
- ansible all -m shell -a "yum install -y telnet lsof wget zip unzip lrzsz git net-tools bind-utils yum-utils bridge-utils bash-completion kexec-tools sos psacct docker glusterfs-fuse python-passlib httpd-tools java-1.8.0-openjdk-headless"
- ansible all -m shell -a "setsebool -P virt_sandbox_use_fusefs on; setsebool -P virt_use_fusefs on; echo { \\\"registry-mirrors\\\": [\\\"https://bo30b6ic.mirror.aliyuncs.com/\\\"] } > /etc/docker/daemon.json "
- # 修改docker存储位置.
- cat <<EOF > /etc/sysconfig/docker-storage-setup
- DEVS="/dev/vdb"
- VG="docker-vg"
- DATA_SIZE="95%VG"
- STORAGE_DRIVER=overlay2
- CONTAINER_ROOT_LV_NAME="dockerlv"
- CONTAINER_ROOT_LV_MOUNT_PATH="/var/lib/docker"
- EOF
- for host in \
- haproxy1.iqyuan.com \
- master1.iqyuan.com \
- master2.iqyuan.com \
- master3.iqyuan.com \
- node1.iqyuan.com \
- node2.iqyuan.com \
- node3.iqyuan.com \
- infra-node1.iqyuan.com \
- infra-node2.iqyuan.com \
- infra-node3.iqyuan.com; \
- do scp /etc/sysconfig/docker-storage-setup $host:/etc/sysconfig/ ; \
- done
- ansible all -m shell -a "docker-storage-setup; systemctl enable NetworkManager;systemctl enable docker; systemctl start NetworkManager;systemctl start docker; docker pull cockpit/kubernetes:latest"
- # 阿里云特殊,他们镜像缓存有缺陷太慢了.
- for host in \
- haproxy1.iqyuan.com \
- master1.iqyuan.com \
- master2.iqyuan.com \
- master3.iqyuan.com \
- node1.iqyuan.com \
- node2.iqyuan.com \
- node3.iqyuan.com \
- infra-node1.iqyuan.com \
- infra-node2.iqyuan.com \
- infra-node3.iqyuan.com; \
- do scp /etc/yum.repos.d/CentOS-Base.repo $host:/etc/yum.repos.d/ ; \
- done
- cd
- wget https://github.com/openshift/openshift-ansible/archive/openshift-ansible-3.9.40-1.tar.gz
- tar -xzf openshift-ansible-3.9.-.tar.gz
- mv openshift-ansible-openshift-ansible-3.9.- openshift-ansible
开始上传剧本参数文件
rz ~/inventory ,从windows机器上传.
第三阶段安装脚本:
- ansible-playbook -i ~/inventory ~/openshift-ansible/playbooks/prerequisites.yml
- ansible all -m shell -a "sed -i 's/mirror.centos.org/mirrors.ustc.edu.cn/g' /etc/yum.repos.d/CentOS-OpenShift-Origin.repo"
- # 初次执行改剧本如果遇到错误,建议分步骤执行,避免耗时.
- ansible-playbook -i ~/inventory ~/openshift-ansible/playbooks/deploy_cluster.yml
- ansible all -m shell -a "firewall-cmd --zone=public --add-service=http --add-service=https --permanent && firewall-cmd --reload"
后续操作:
修改HAproxy的配置,增加80,443端口映射:
修改的HAproxy配置参考:
- # Global settings
- #---------------------------------------------------------------------
- global
- maxconn
- log /dev/log local0 info
- chroot /var/lib/haproxy
- pidfile /var/run/haproxy.pid
- user haproxy
- group haproxy
- daemon
- # turn on stats unix socket
- stats socket /var/lib/haproxy/stats
- #---------------------------------------------------------------------
- # common defaults that all the 'listen' and 'backend' sections will
- # use if not designated in their block
- #---------------------------------------------------------------------
- defaults
- mode http
- log global
- option httplog
- option dontlognull
- # option http-server-close
- option forwardfor except 127.0.0.0/
- option redispatch
- retries
- timeout http-request 10s
- timeout queue 1m
- timeout connect 10s
- timeout client 300s
- timeout server 300s
- timeout http-keep-alive 10s
- timeout check 10s
- maxconn
- listen stats
- bind :
- mode http
- stats enable
- stats uri /
- frontend atomic-openshift-api
- bind *:
- default_backend atomic-openshift-api
- mode tcp
- option tcplog
- backend atomic-openshift-api
- balance source
- mode tcp
- server master0 192.168.0.249: check
- server master1 192.168.0.5: check
- server master2 192.168.0.6: check
- frontend atomic-openshift-
- bind *:
- default_backend atomic-openshift-
- mode tcp
- option tcplog
- backend atomic-openshift-
- balance source
- mode tcp
- server infra-node1 infra-node1.iqyuan.com: check
- server infra-node2 infra-node2.iqyuan.com: check
- server infra-node3 infra-node3.iqyuan.com: check
- frontend atomic-openshift-
- bind *:
- default_backend atomic-openshift-
- mode tcp
- option tcplog
- backend atomic-openshift-
- balance source
- mode tcp
- server infra-node1 infra-node1.iqyuan.com: check
- server infra-node2 infra-node2.iqyuan.com: check
- server infra-node3 infra-node3.iqyuan.com: check
修改完成后执行重启服务 systemctl restart haproxy.service
增加代理服务的防火墙
firewall-cmd --zone=public --add-service=http --add-service=https --permanent && firewall-cmd --reload
继续执行其他组件的安装
- ansible-playbook -i ~/inventory ~/openshift-ansible/playbooks/openshift-metrics/config.yml -e openshift_metrics_install_metrics=true
- ansible-playbook -i ~/inventory ~/openshift-ansible/playbooks/openshift-logging/config.yml -e openshift_logging_install_logging=true
openshift安装部署的更多相关文章
- openshift 3.11安装部署
openshift 3.11 安装部署 openshift安装部署 1 环境准备(所有节点) openshift 版本 v3.11 1.1 机器环境 ip cpu mem hostname OSsys ...
- openshift 3.11 安装部署
openshift 3.11 安装部署 openshift安装部署 1 环境准备(所有节点) openshift 版本 v3.11 1.1 机器环境 ip cpu mem hostname OSsys ...
- 002.OpenShift安装与部署
一 前置条件说明 1.1 安装准备概述 Red Hat OpenShift容器平台是由Red Hat作为RPM包和容器映像两种类型存在.RPM包使用订阅管理器从标准Red Hat存储库(即Yum存储库 ...
- Istio(二):在Kubernetes(k8s)集群上安装部署istio1.14
目录 一.模块概览 二.系统环境 三.安装istio 3.1 使用 Istioctl 安装 3.2 使用 Istio Operator 安装 3.3 生产部署情况如何? 3.4 平台安装指南 四.Ge ...
- Oracle安装部署,版本升级,应用补丁快速参考
一.Oracle安装部署 1.1 单机环境 1.2 Oracle RAC环境 1.3 Oracle DataGuard环境 1.4 主机双机 1.5 客户端部署 二.Oracle版本升级 2.1 单机 ...
- KVM安装部署
KVM安装部署 公司开始部署KVM,KVM的全称是kernel base virtual machine,对KVM虚拟化技术研究了一段时间, KVM是基于硬件的完全虚拟化,跟vmware.xen.hy ...
- Linux平台oracle 11g单实例 + ASM存储 安装部署 快速参考
操作环境:Citrix虚拟化环境中申请一个Linux6.4主机(模板)目标:创建单机11g + ASM存储 数据库 1. 主机准备 2. 创建ORACLE 用户和组成员 3. 创建以下目录并赋予对应权 ...
- 分布式文件系统 - FastDFS 在 CentOS 下配置安装部署
少啰嗦,直接装 看过上一篇分布式文件系统 - FastDFS 简单了解一下的朋友应该知道,本次安装是使用目前余庆老师开源的最新 V5.05 版本,是余庆老师放在 Github 上的,和目前你能在网络上 ...
- C# winform安装部署(转载)
c# winform 程序打包部署 核心总结: 1.建议在完成的要打包的项目外,另建解决方案建立安装部署项目(而不是在同一个解决方案内新建),在解决方案上右击-〉添加-〉现有项目-〉选择你要打包的项目 ...
随机推荐
- 性能达到原生 MySQL 七倍,华为云 Taurus 技术解读【华为云技术分享】
版权声明:本文为博主原创文章,遵循CC 4.0 BY-SA版权协议,转载请附上原文出处链接和本声明. 本文链接:https://blog.csdn.net/devcloud/article/detai ...
- c获取shell中的参数
问题背景 在Linux中我们会使用到shell,来完成输入参数的获取,就如同下面的形式,这种形式在进行多语言编程和调用有着非常重要的作用 一.传递的过程 1.1 原理模型如下: 1.1.1 可执行sh ...
- Charles Fiddler使用
http://blog.devtang.com/2015/11/14/charles-introduction/ Charles 从入门到精通 http://www.infoq.com/cn/arti ...
- Xcode 10 Error: Multiple commands produce
目录 Xcode 9.4.1运行react-native 可以,但是在Xcode 10运行报错,报错信息如下: 解决方法 1. 选择 File > Project Settings (或者 Fi ...
- ARTS-S mongo关闭与启动
关闭 mongo admin --eval "db.shutdownServer()" 删除dbdata目录下的mongo.lock 启动 /usr/bin/mongod --db ...
- cl创建opencv程序
环境 win8 VS2017或VS2013 opencv 3.2.0 配制环境变量 解压opencv到某个目录,比如D:\Program\Uninstall,把设置OPENCV_HOME为D:\Pro ...
- Java实现数列的排列组合
定义: 排列:从给定个数的元素中取出指定个数的元素,进行排序 组合:从给定个数的元素中仅取出指定个数的元素,不考虑排序 公式: 从n个元素中取出m个元素进行排序的个数: A(m,n)=n(n-1)(n ...
- Python生成器的用法
生成器,一定情况下可以节省很多空间 比如: >>> b = (x for x in range(10)) >>> b <generator object &l ...
- rails 创建项目、创建controller、model等
rails2之前创建新项目: rails3以及更高版本创建新项目:rails new webname 创建数据表model:rails g model user name:string sex:str ...
- 【Java Web开发学习】Spring MVC 拦截器HandlerInterceptor
[Java Web开发学习]Spring MVC 拦截器HandlerInterceptor 转载:https://www.cnblogs.com/yangchongxing/p/9324119.ht ...