开源openshift确实很坑人,今天折腾了一天,晚上重新开始,终于有些眉目了!
Hostname: master-openshift.example.com IP: 192.168.188.10 OS: centos74 Memory:32G CPU:2
Hostname: node-openshift.example.com IP: 192.168.188.20 OS: centos74 Memory:32G CPU:2
Disk1: 200G
Disk2:50G
一、 CentOS 7.4安装openshift 3.11参考资料
systemctl disable firewalld
systemctl stop firewalld
vim /etc/sysconfig/selinux
SELINUX=permissive #设置为permissive
vim /etc/sysctl.d/91-openshift.conf
net.ipv4.ip_forward=1
192.168.188.10 master-openshift.example.com master
192.168.188.20 master-openshift.example.com master
yum update -y ;reboot
yum install wget git net-tools bind-utils yum-utils iptables-services bridge-utils \
bash-completion kexec-tools sos psacct ansible pyOpenSSL -y
二、安装docker,所有节点都需要安装docker ,安装完成之后暂不启动docker
yum -y install centos-release-openshift-origin311 docker
#需要在master、node2台机器执行
yum install openshift-ansible.noarch -y
#只需要在master安装
三、配置docker存储,所有节点均需要执行
pvcreate /dev/sdb
vgcreate vg1 /dev/sdb
echo VG=vg1 >> /etc/sysconfig/docker-storage-setup
systemctl restart docker
systemctl enable docker
-修改docker 镜像源,配置文件/etc/containers/registries.conf
registries = ['hub-mirror.c.163.com', 'docker.io']
-(可选)添加openshift3.11国内软件源
[centos-openshift-origin311]
name=CentOS OpenShift Origin
baseurl=http://buildlogs.centos.org/centos/7/paas/x86_64/openshift-origin311/
enabled=1
gpgcheck=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-PaaS
[centos-openshift-origin311-testing]
name=CentOS OpenShift Origin Testing
baseurl=http://buildlogs.centos.org/centos/7/paas/x86_64/openshift-origin311/
enabled=0
gpgcheck=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-PaaS
[centos-openshift-origin311-debuginfo]
name=CentOS OpenShift Origin DebugInfo
baseurl=http://debuginfo.centos.org/centos/7/paas/x86_64/
enabled=0
gpgcheck=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-PaaS
[centos-openshift-origin311-source]
name=CentOS OpenShift Origin Source
baseurl=http://vault.centos.org/centos/7/paas/Source/openshift-origin311/
enabled=0
gpgcheck=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-PaaS
四、配置SSH无密钥登录,需要在master节点配置
$ ssh-keygen
$ ssh-copy-id [email protected]
$ ssh-copy-id [email protected]
五、配置ansible hosts文件,配置如下vim /etc/ansible/hosts
[OSEv3:children]
masters
nodes
etcd
# Set variables common for all OSEv3 hosts
[OSEv3:vars]
# SSH user, this user should allow ssh based auth without requiring a password
ansible_ssh_user=root
openshift_deployment_type=origin
openshift_image_tag=v3.11
# If ansible_ssh_user is not root, ansible_become must be set to true
#ansible_become=true
# default selectors for router and registry services
# openshift_router_selector='node-role.kubernetes.io/infra=true'
# openshift_registry_selector='node-role.kubernetes.io/infra=true'
# uncomment the following to enable htpasswd authentication; defaults to DenyAllPasswordIdentityProvider
openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', 'challenge': 'true', 'kind': 'HTPasswdPasswordIdentityProvider'}]
openshift_disable_check=memory_availability,disk_availability,docker_image_availability
os_sdn_network_plugin_name=redhat/openshift-ovs-multitenant
# new 2018-11--5 14:40:00
# 方便访问使用,指定web console 端口为443以及域名
#openshift_master_api_port=443
#openshift_master_console_port=443
openshift_hosted_router_replicas=1
openshift_hosted_registry_replicas=1
openshift_master_cluster_hostname=master-openshift.example.com
openshift_master_cluster_public_hostname=master-openshift.example.com
openshift_master_default_subdomain=apps.example.com
openshift_master_cluster_method=native
openshift_public_ip=192.168.188.10
# false
ansible_service_broker_install=false
openshift_enable_service_catalog=false
template_service_broker_install=false
openshift_logging_install_logging=false
# registry passwd
#oreg_url=172.16.37.12:5000/openshift3/ose-${component}:${version}
#openshift_examples_modify_imagestreams=true
# docker config
#openshift_docker_additional_registries=172.16.37.12:5000,172.30.0.0/16
#openshift_docker_insecure_registries=172.16.37.12:5000,172.30.0.0/16
#openshift_docker_blocked_registries
openshift_docker_options="--log-driver json-file --log-opt max-size=1M --log-opt max-file=3"
# openshift_cluster_monitoring_operator_install=false
# openshift_metrics_install_metrics=true
# openshift_enable_unsupported_configurations=True
#openshift_logging_es_nodeselector='node-role.kubernetes.io/infra: "true"'
#openshift_logging_kibana_nodeselector='node-role.kubernetes.io/infra: "true"'
# host group for masters
[masters]
master-openshift.example.com
[etcd]
master-openshift.example.com
[nodes]
master-openshift.example.com openshift_node_group_name='node-config-master'
node-openshift.example.com openshift_node_group_name='node-config-compute'
#master-openshift.example.com openshift_node_group_name='node-config-infra'
六、在master节点执行openshift安装命令
ansible-playbook /usr/share/ansible/openshift-ansible/playbooks/deploy_cluster.yml
七、创建openshift用户,在anisble 清单文件设置openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', 'challenge': 'true', 'kind': 'HTPasswdPasswordIdentityProvider'}],已经将登录验证方式改为http密码,只需要创建用户即可,不需要修改/etc/origin/master/master-config.yaml
$ htpasswd -b htpasswd admin admin123
八、安装结束
[root@master-openshift master]# oc get pods
NAME READY STATUS RESTARTS AGE
php-1-build 0/1 Completed 0 21m
php-1-qlndc 1/1 Running 0 16m
pythonapp-1-build 0/1 Completed 0 47m
pythonapp-1-mcs95 1/1 Running 0 36m
pythonapp-1-rxf47 1/1 Running 0 40m
[root@master-openshift master]#
[root@master-openshift master]# oc login https://master-openshift.example.com:8443 -u admin
Authentication required for https://master-openshift.example.com:8443 (openshift)
Username: admin
Password:
Login successful.
You have one project on this server: "pythontraining"
Using project "pythontraining".
[root@master-openshift master]# oc new-project demo
Now using project "demo" on server "https://master-openshift.example.com:8443".
You can add applications to this project with the 'new-app' command. For example, try:
oc new-app centos/ruby-25-centos7~https://github.com/sclorg/ruby-ex.git
to build a new example application in Ruby.
[root@master-openshift master]# oc new-app https://github.com/openshift/cakephp-ex.git --name=demoapp1
--> Found image 4039444 (2 weeks old) in image stream "openshift/php" under tag "7.1" for "php"
Apache 2.4 with PHP 7.1
-----------------------
PHP 7.1 available as container is a base platform for building and running various PHP 7.1 applications and frameworks. PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fairly simple. The most common use of PHP coding is probably as a replacement for CGI scripts.
Tags: builder, php, php71, rh-php71
* The source repository appears to match: php
* A source build using source code from https://github.com/openshift/cakephp-ex.git will be created
* The resulting image will be pushed to image stream tag "demoapp1:latest"
* Use 'start-build' to trigger a new build
* This image will be deployed in deployment config "demoapp1"
* Ports 8080/tcp, 8443/tcp will be load balanced by service "demoapp1"
* Other containers can access this service through the hostname "demoapp1"
--> Creating resources ...
imagestream.image.openshift.io "demoapp1" created
buildconfig.build.openshift.io "demoapp1" created
deploymentconfig.apps.openshift.io "demoapp1" created
service "demoapp1" created
--> Success
Build scheduled, use 'oc logs -f bc/demoapp1' to track its progress.
Application is not exposed. You can expose services to the outside world by executing one or more of the commands below:
'oc expose svc/demoapp1'
Run 'oc status' to view your app.
[root@master-openshift master]# oc logs -f bc/demoapp1
Cloning "https://github.com/openshift/cakephp-ex.git" ...
Commit: c1b7cdc5ff9bc1f04ef3a3bda896d9b1456e0204 (Merge pull request #107 from liangxia/url)
Author: Honza Horak
Date: Mon Oct 15 10:09:08 2018 +0200
Using docker-registry.default.svc:5000/openshift/php@sha256:0940fdfa498704074783a9c5bda2f27c1b24b288357f27278c1824e2e025895a as the s2i builder image
---> Installing application source...
Found 'composer.json', installing dependencies using composer.phar...
Downloading https://getcomposer.org/installer, attempt 1/6
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 257k 100 257k 0 0 67134 0 0:00:03 0:00:03 --:--:-- 67130
All settings correct for using Composer
Downloading...
Composer (version 1.8.0) successfully installed to: /opt/app-root/src/composer.phar
Use it: php composer.phar
Loading composer repositories with package information
Installing dependencies (including require-dev) from lock file
Package operations: 74 installs, 0 updates, 0 removals
- Installing cakephp/plugin-installer (1.1.0): Downloading (100%)
- Installing aura/intl (3.0.0): Downloading (100%)
- Installing symfony/yaml (v3.4.8): Downloading (100%)
- Installing symfony/polyfill-mbstring (v1.7.0): Downloading (100%)
- Installing psr/log (1.0.2): Downloading (100%)
- Installing symfony/debug (v3.4.8): Downloading (100%)
- Installing symfony/console (v3.4.8): Downloading (100%)
- Installing symfony/filesystem (v3.4.8): Downloading (100%)
- Installing symfony/config (v3.4.8): Downloading (100%)
- Installing robmorgan/phinx (v0.8.1): Downloading (100%)
- Installing psr/http-message (1.0.1): Downloading (100%)
....(此处省略)
> Cake\Composer\Installer\PluginInstaller::postAutoloadDump
> App\Console\Installer::postInstall
Created `/opt/app-root/src/logs` directory
Created `/opt/app-root/src/tmp` directory
Created `/opt/app-root/src/tmp/cache` directory
Created `/opt/app-root/src/tmp/cache/models` directory
Created `/opt/app-root/src/tmp/cache/persistent` directory
Created `/opt/app-root/src/tmp/cache/views` directory
Created `/opt/app-root/src/tmp/sessions` directory
Created `/opt/app-root/src/tmp/tests` directory
Permissions set on /opt/app-root/src/tmp/cache
Permissions set on /opt/app-root/src/tmp/cache/models
Permissions set on /opt/app-root/src/tmp/cache/persistent
Permissions set on /opt/app-root/src/tmp/cache/views
Permissions set on /opt/app-root/src/tmp/sessions
Permissions set on /opt/app-root/src/tmp/tests
Permissions set on /opt/app-root/src/tmp
Permissions set on /opt/app-root/src/logs
No Security.salt placeholder to replace.
=> sourcing 20-copy-config.sh ...
---> 08:10:11 Processing additional arbitrary httpd configuration provided by s2i ...
=> sourcing 00-documentroot.conf ...
=> sourcing 50-mpm-tuning.conf ...
=> sourcing 40-ssl-certs.sh ...
Pushing image docker-registry.default.svc:5000/demo/demoapp1:latest ...
Pushed 0/10 layers, 1% complete
Pushed 1/10 layers, 12% complete
Pushed 2/10 layers, 20% complete
Push successful
[root@master-openshift master]# oc get pods
NAME READY STATUS RESTARTS AGE
demoapp1-1-564m8 1/1 Running 0 3m
demoapp1-1-build 0/1 Completed 0 9m
[root@master-openshift master]# oc get dc
NAME REVISION DESIRED CURRENT TRIGGERED BY
demoapp1 1 1 1 config,image(demoapp1:latest)
[root@master-openshift master]# oc scale --replicas=10 dc demoapp1
deploymentconfig.apps.openshift.io/demoapp1 scaled
[root@master-openshift master]# oc get pods
NAME READY STATUS RESTARTS AGE
demoapp1-1-564m8 1/1 Running 0 3m
demoapp1-1-7twmv 1/1 Running 0 9s
demoapp1-1-bh8jg 1/1 Running 0 9s
demoapp1-1-build 0/1 Completed 0 9m
demoapp1-1-dbbz7 1/1 Running 0 9s
demoapp1-1-kpb4w 1/1 Running 0 9s
demoapp1-1-kvf76 1/1 Running 0 9s
demoapp1-1-m84nf 1/1 Running 0 9s
demoapp1-1-mw2bd 1/1 Running 0 9s
demoapp1-1-p5l7w 1/1 Running 0 9s
demoapp1-1-xbxz6 1/1 Running 0 9s
[root@master-openshift master]# oc scale --replicas=2 dc demoapp1
deploymentconfig.apps.openshift.io/demoapp1 scaled
[root@master-openshift master]# oc get pods
NAME READY STATUS RESTARTS AGE
demoapp1-1-564m8 1/1 Running 0 3m
demoapp1-1-bh8jg 0/1 Terminating 0 22s
demoapp1-1-build 0/1 Completed 0 9m
demoapp1-1-dbbz7 1/1 Terminating 0 22s
demoapp1-1-kpb4w 0/1 Terminating 0 22s
demoapp1-1-kvf76 1/1 Running 0 22s
demoapp1-1-mw2bd 0/1 Terminating 0 22s
demoapp1-1-xbxz6 0/1 Terminating 0 22s
[root@master-openshift master]# oc get pods
NAME READY STATUS RESTARTS AGE
demoapp1-1-564m8 1/1 Running 0 4m
demoapp1-1-build 0/1 Completed 0 9m
demoapp1-1-kvf76 1/1 Running 0 31s