前置准备工作:

1.每台主机准备好有公钥在 /root/.ssh/authorized_keys,私钥则存放在第一台主机的/root/.ssh/id_rsa

2.确定每台主机的私网IP地址是固定的。

3.设置DNS服务器,让openshift.iqyuan.com 指向 HAproxy的公网IP

4. 设置DNS服务器,让*.apps.iqyuan.com 指向 HAproxy的公网IP

5. 公网开放防火墙端口8443、80、443,由云平台提供开放。

6. 提前设定每台主机的hostname,建议加上域名,如  master1.iqyuan.com

设置命令如下: hostnamectl  set-hostname master1.iqyuan.com

也可以通过云平台提供的编排功能提前设定主机名称.

脚本安装操作:

// 本教程需要精通linux的运维人员才具有理解能力.确保您能读懂如下脚本内容..任何疏忽的配置,都可能导致后续安装失败.

第一台主机第一阶段脚本:

yum install -y epel-release

yum -y  install ansible lrzsz telnet wget pyOpenSSL

wget http://mirrors.ustc.edu.cn/centos/7/os/x86_64/Packages/python-rhsm-certificates-1.19.10-1.el7_4.x86_64.rpm

mkdir -p  /etc/rhsm/ca/

rpm2cpio python-rhsm-certificates-1.19.-.el7_4.x86_64.rpm | cpio -iv --to-stdout ./etc/rhsm/ca/redhat-uep.pem | tee /etc/rhsm/ca/redhat-uep.pem

cat <<EOF > ~/.ssh/id_rsa

-----BEGIN RSA PRIVATE KEY-----

私钥粘贴到这里.公钥提前放到各个主机对应目录,注意权限为600

-----END RSA PRIVATE KEY-----

EOF

chmod  ~/.ssh/id_rsa

sed -i 's/GSSAPIAuthentication yes/StrictHostKeyChecking no/g'  /etc/ssh/ssh_config

sed -i 's/#forks          = 5/forks          = 15/g' /etc/ansible/ansible.cfg

cat <<EOF > /etc/ansible/hosts

master1.iqyuan.com

[okd]

haproxy1.iqyuan.com

master2.iqyuan.com

master3.iqyuan.com

node1.iqyuan.com

node2.iqyuan.com

node3.iqyuan.com

infra-node1.iqyuan.com

infra-node2.iqyuan.com

infra-node3.iqyuan.com

EOF

cat <<EOF > /etc/hosts

127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4

::         localhost localhost.localdomain localhost6 localhost6.localdomain6

192.168.0.250 node1.iqyuan.com

192.168.0.251 node2.iqyuan.com

192.168.0.3   node3.iqyuan.com

192.168.0.1   infra-node1.iqyuan.com

192.168.0.252 infra-node2.iqyuan.com

192.168.0.2   infra-node3.iqyuan.com

192.168.0.249 master1.iqyuan.com

192.168.0.5   master2.iqyuan.com

192.168.0.6   master3.iqyuan.com

192.168.0.4   haproxy1.iqyuan.com openshift.iqyuan.com

EOF

for host in \

     haproxy1.iqyuan.com \

     master1.iqyuan.com \

     master2.iqyuan.com \

     master3.iqyuan.com \

     node1.iqyuan.com \

     node2.iqyuan.com \

     node3.iqyuan.com \

     infra-node1.iqyuan.com \

     infra-node2.iqyuan.com \

     infra-node3.iqyuan.com; \

     do scp  /etc/hosts $host:/etc/ ; \

     done

for host in \

     haproxy1.iqyuan.com \

     master1.iqyuan.com \

     master2.iqyuan.com \

     master3.iqyuan.com \

     node1.iqyuan.com \

     node2.iqyuan.com \

     node3.iqyuan.com \

     infra-node1.iqyuan.com \

     infra-node2.iqyuan.com \

     infra-node3.iqyuan.com; \

     do scp -r /etc/rhsm/  $host:/etc/ ; \

     done

ansible all -m shell -a "wipefs -a /dev/vdb; wipefs -a /dev/vdc; sed -i 's/SELINUX=disabled/SELINUX=enforcing/g'  /etc/selinux/config; yum update -y"

ansible okd -m shell -a "systemctl reboot"

#暂停2秒

sleep

reboot

第二阶段脚本:

ansible all -m shell -a "yum install -y telnet lsof wget zip unzip lrzsz git net-tools bind-utils yum-utils  bridge-utils bash-completion kexec-tools sos psacct   docker    glusterfs-fuse python-passlib httpd-tools java-1.8.0-openjdk-headless"

ansible all -m shell -a "setsebool -P virt_sandbox_use_fusefs on; setsebool -P virt_use_fusefs on; echo { \\\"registry-mirrors\\\": [\\\"https://bo30b6ic.mirror.aliyuncs.com/\\\"] } > /etc/docker/daemon.json "

# 修改docker存储位置.

cat <<EOF > /etc/sysconfig/docker-storage-setup

DEVS="/dev/vdb"

VG="docker-vg"

DATA_SIZE="95%VG"

STORAGE_DRIVER=overlay2

CONTAINER_ROOT_LV_NAME="dockerlv"

CONTAINER_ROOT_LV_MOUNT_PATH="/var/lib/docker"

EOF

for host in \

     haproxy1.iqyuan.com \

     master1.iqyuan.com \

     master2.iqyuan.com \

     master3.iqyuan.com \

     node1.iqyuan.com \

     node2.iqyuan.com \

     node3.iqyuan.com \

     infra-node1.iqyuan.com \

     infra-node2.iqyuan.com \

     infra-node3.iqyuan.com; \

     do scp  /etc/sysconfig/docker-storage-setup $host:/etc/sysconfig/ ; \

     done

ansible all -m shell -a "docker-storage-setup; systemctl enable NetworkManager;systemctl enable docker; systemctl start NetworkManager;systemctl start docker; docker pull  cockpit/kubernetes:latest"

# 阿里云特殊,他们镜像缓存有缺陷太慢了.

for host in \

     haproxy1.iqyuan.com \

     master1.iqyuan.com \

     master2.iqyuan.com \

     master3.iqyuan.com \

     node1.iqyuan.com \

     node2.iqyuan.com \

     node3.iqyuan.com \

     infra-node1.iqyuan.com \

     infra-node2.iqyuan.com \

     infra-node3.iqyuan.com; \

     do scp  /etc/yum.repos.d/CentOS-Base.repo  $host:/etc/yum.repos.d/ ; \

     done

cd

wget https://github.com/openshift/openshift-ansible/archive/openshift-ansible-3.9.40-1.tar.gz

tar -xzf openshift-ansible-3.9.-.tar.gz

mv  openshift-ansible-openshift-ansible-3.9.- openshift-ansible

开始上传剧本参数文件

rz  ~/inventory ,从windows机器上传.

第三阶段安装脚本:

ansible-playbook  -i ~/inventory   ~/openshift-ansible/playbooks/prerequisites.yml

ansible all -m shell -a "sed -i 's/mirror.centos.org/mirrors.ustc.edu.cn/g' /etc/yum.repos.d/CentOS-OpenShift-Origin.repo"

# 初次执行改剧本如果遇到错误,建议分步骤执行,避免耗时.

ansible-playbook  -i ~/inventory   ~/openshift-ansible/playbooks/deploy_cluster.yml

ansible all -m shell -a "firewall-cmd --zone=public --add-service=http --add-service=https --permanent && firewall-cmd --reload"

后续操作:

修改HAproxy的配置,增加80,443端口映射:

修改的HAproxy配置参考:

# Global settings

#---------------------------------------------------------------------

global

    maxconn

    log         /dev/log local0 info

    chroot      /var/lib/haproxy

    pidfile     /var/run/haproxy.pid

    user        haproxy

    group       haproxy

    daemon

    # turn on stats unix socket

    stats socket /var/lib/haproxy/stats

#---------------------------------------------------------------------

# common defaults that all the 'listen' and 'backend' sections will

# use if not designated in their block

#---------------------------------------------------------------------

defaults

    mode                    http

    log                     global

    option                  httplog

    option                  dontlognull

#    option http-server-close

    option forwardfor       except 127.0.0.0/

    option                  redispatch

    retries

    timeout http-request    10s

    timeout queue           1m

    timeout connect         10s

    timeout client          300s

    timeout server          300s

    timeout http-keep-alive 10s

    timeout check           10s

    maxconn                 

listen stats

    bind :

    mode http

    stats enable

    stats uri /

frontend  atomic-openshift-api

    bind *:

    default_backend atomic-openshift-api

    mode tcp

    option tcplog

backend atomic-openshift-api

    balance source

    mode tcp

    server      master0 192.168.0.249: check

    server      master1 192.168.0.5: check

    server      master2 192.168.0.6: check

frontend  atomic-openshift-

    bind *:

    default_backend atomic-openshift-

    mode tcp

    option tcplog

backend atomic-openshift-

    balance source

    mode tcp

    server      infra-node1 infra-node1.iqyuan.com: check

    server      infra-node2 infra-node2.iqyuan.com: check

    server      infra-node3 infra-node3.iqyuan.com: check

frontend  atomic-openshift-

    bind *:

    default_backend atomic-openshift-

    mode tcp

    option tcplog

backend atomic-openshift-

    balance source

    mode tcp

    server      infra-node1 infra-node1.iqyuan.com: check

    server      infra-node2 infra-node2.iqyuan.com: check

    server      infra-node3 infra-node3.iqyuan.com: check

修改完成后执行重启服务 systemctl restart haproxy.service

增加代理服务的防火墙

firewall-cmd --zone=public --add-service=http --add-service=https --permanent && firewall-cmd --reload

继续执行其他组件的安装

ansible-playbook  -i ~/inventory  ~/openshift-ansible/playbooks/openshift-metrics/config.yml  -e openshift_metrics_install_metrics=true

ansible-playbook  -i ~/inventory  ~/openshift-ansible/playbooks/openshift-logging/config.yml  -e openshift_logging_install_logging=true

openshift安装部署的更多相关文章

  1. openshift 3.11安装部署

    openshift 3.11 安装部署 openshift安装部署 1 环境准备(所有节点) openshift 版本 v3.11 1.1 机器环境 ip cpu mem hostname OSsys ...

  2. openshift 3.11 安装部署

    openshift 3.11 安装部署 openshift安装部署 1 环境准备(所有节点) openshift 版本 v3.11 1.1 机器环境 ip cpu mem hostname OSsys ...

  3. 002.OpenShift安装与部署

    一 前置条件说明 1.1 安装准备概述 Red Hat OpenShift容器平台是由Red Hat作为RPM包和容器映像两种类型存在.RPM包使用订阅管理器从标准Red Hat存储库(即Yum存储库 ...

  4. Istio(二):在Kubernetes(k8s)集群上安装部署istio1.14

    目录 一.模块概览 二.系统环境 三.安装istio 3.1 使用 Istioctl 安装 3.2 使用 Istio Operator 安装 3.3 生产部署情况如何? 3.4 平台安装指南 四.Ge ...

  5. Oracle安装部署,版本升级,应用补丁快速参考

    一.Oracle安装部署 1.1 单机环境 1.2 Oracle RAC环境 1.3 Oracle DataGuard环境 1.4 主机双机 1.5 客户端部署 二.Oracle版本升级 2.1 单机 ...

  6. KVM安装部署

    KVM安装部署 公司开始部署KVM,KVM的全称是kernel base virtual machine,对KVM虚拟化技术研究了一段时间, KVM是基于硬件的完全虚拟化,跟vmware.xen.hy ...

  7. Linux平台oracle 11g单实例 + ASM存储 安装部署 快速参考

    操作环境:Citrix虚拟化环境中申请一个Linux6.4主机(模板)目标:创建单机11g + ASM存储 数据库 1. 主机准备 2. 创建ORACLE 用户和组成员 3. 创建以下目录并赋予对应权 ...

  8. 分布式文件系统 - FastDFS 在 CentOS 下配置安装部署

    少啰嗦,直接装 看过上一篇分布式文件系统 - FastDFS 简单了解一下的朋友应该知道,本次安装是使用目前余庆老师开源的最新 V5.05 版本,是余庆老师放在 Github 上的,和目前你能在网络上 ...

  9. C# winform安装部署(转载)

    c# winform 程序打包部署 核心总结: 1.建议在完成的要打包的项目外,另建解决方案建立安装部署项目(而不是在同一个解决方案内新建),在解决方案上右击-〉添加-〉现有项目-〉选择你要打包的项目 ...

随机推荐

  1. EF分页查询

    /// <summary> /// 分页查询 + 条件查询 + 排序 /// </summary> /// <typeparam name="Tkey" ...

  2. 【LiteOS】STM32F103-LiteOS移植教程(详细篇)【华为云技术分享】

    版权声明:本文为博主原创文章,遵循CC 4.0 BY-SA版权协议,转载请附上原文出处链接和本声明. 本文链接:https://blog.csdn.net/devcloud/article/detai ...

  3. 鲲鹏性能优化十板斧之前言 | 鲲鹏处理器NUMA简介与性能调优五步法

    鲲鹏处理器NUMA简介 随着现代社会信息化.智能化的飞速发展,越来越多的设备接入互联网.物联网.车联网,从而催生了庞大的计算需求.但是功耗墙问题以功耗和冷却两大限制极大的影响了单核算力的发展.为了满足 ...

  4. 【nodejs原理&源码杂记(8)】Timer模块与基于二叉堆的定时器

    [摘要] timers模块部分源码和定时器原理 示例代码托管在:http://www.github.com/dashnowords/blogs 一.概述 Timer模块相关的逻辑较为复杂,不仅包含Ja ...

  5. SQL语句中将形式(12/10/19 4:13:21 PM)转化为(2019-12-10)

    convert(char(10),convert(datetime, H.TOEX_FIN_REJECT_TIMR)+1,20),

  6. 自学PHP的第22天---ThinkPHP中的路由、ThinkPHP目录结构

    这一切的一切都得从“Hello world”说起!!! 有很多东西在thinkPHP的官方开发文档上其实都有讲到,我在这里只是想记录自己每天坚持学习PHP的情况,今天接触ThinkPHP的路由,路由这 ...

  7. Coderfocers-551C

    Professor GukiZ is concerned about making his way to school, because massive piles of boxes are bloc ...

  8. 【TS】358- 浅析 TypeScript 设计模式

    点击上方"前端自习课"关注,学习起来~ 作者:DD菜 https://zhuanlan.zhihu.com/p/43283016 设计模式就是软件开发过程中形成的套路,就如同你在玩 ...

  9. 代码检查又一利器:ArchUnit

    Code Review总是让人又爱又恨,它可以帮助我们在提测之前发现很多代码中比较"丢人"的问题,但是,Code Review通常会比写代码更加耗费精力,因为你需要理解别人的代码, ...

  10. zabbix环境搭建部署(一)

     Linux高端架构师课程 Linux实战运维国内NO.1全套视频课程 QQ咨询:397824870  > 监控报警 > zabbix环境搭建部署(一) zabbix环境搭建部署(一) 监 ...