用ansible脚本安装rancher和k8s集群

一、服务器规划

ip fqdn hostname config
192.168.126.10 rancher.k8s.example.com rancher 管理负载4-4
192.168.126.11 jwxt.k8s.example.com jwxt 应用负载4-4
192.168.126.12 harbor.k8s.example.com harbor 4-8
192.168.126.20 rancher1.k8s.example.com rancher1 4-8
192.168.126.21 rancher2.k8s.example.com rancher2 4-8
192.168.126.22 rancher3.k8s.example.com rancher3 4-8
192.168.126.30 k8s01.k8s.example.com k8s01 4-8
192.168.126.31 k8s02.k8s.example.com k8s02 4-8
192.168.126.32 k8s03.k8s.example.com k8s03 4-8
192.168.126.40 docker01.k8s.example.com docker01 12-16
192.168.126.41 docker02.k8s.example.com docker02 12-16
192.168.126.42 docker03.k8s.example.com docker03 12-16
192.168.126.50 nfs.k8s.example.com nfs 4-4
192.168.126.51 oracle.k8s.example.com oracle 8-32

以下所有操作都已配置好eams用户,且eams用户具有sudo权限

yum install sudo -y

useradd eams

echo abc123 | passwd --stdin eams

usermod eams -aG wheel



vim /etc/sudoers

NOPASSED:ALL

二、配置ansible环境

以下所有操作都在rancher(nginx负载)的主机上进行

2.1 修改hosts文件

sudo vim /etc/hosts
hosts文件(示例)
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6

192.168.126.10  rancher.k8s.example.com  rancher
192.168.126.11  app.k8s.example.com  app
192.168.126.12  harbor.k8s.example.com  harbor
192.168.126.20  rancher1.k8s.example.com  rancher1
192.168.126.21  rancher2.k8s.example.com  rancher2
192.168.126.22  rancher3.k8s.example.com  rancher3
192.168.126.30  k8s01.k8s.example.com  k8s01
192.168.126.31  k8s02.k8s.example.com  k8s02
192.168.126.32  k8s03.k8s.example.com  k8s03
192.168.126.40  docker01.k8s.example.com  docker01
192.168.126.41  docker02.k8s.example.com  docker02
192.168.126.42  docker03.k8s.example.com  docker03
192.168.126.50  nfs.k8s.example.com  nfs

用命令ping主机名,如ping nfs,测试配置成功

2.2 安装ansible

sudo yum install epel-release -y
sudo yum install ansible -y

2.3 下载ansible脚本

https://e.coding.net/supwisdo...

拷贝至/home/eams目录下ansibe

2.4 编辑inventory文件

cd /home/eams/ansible/
vim inventory 
inventory文件(示例)

绿色的名字不能更改,主机可根据实际需要增减

[nginxs]
rancher
jwxt

[nginxs1]
rancher

[nginxs2]
jwxt

[harbors]
harbor

[ranchers]
rancher1
rancher2
rancher3

[k8ss]
k8s01
k8s02
k8s03

[dockers]
docker01
docker02
docker03

[nfss]
nfs

[appservers:children]
ranchers
k8ss
dockers
harbors



2.6 设置SSH免登

ssh-keygen

所有提示都直接按回车,生成成功后,逐条执行以下命令,过程中需要输入yes以及对应主机的eams用户密码

ssh-copy-id eams@nginx1
ssh-copy-id eams@nginx2
ssh-copy-id eams@harbor
ssh-copy-id eams@rancher1
ssh-copy-id eams@rancher2
ssh-copy-id eams@rancher3
ssh-copy-id eams@k8s01
ssh-copy-id eams@k8s02
ssh-copy-id eams@k8s03
ssh-copy-id eams@docker01
ssh-copy-id eams@docker02
ssh-copy-id eams@docker03
ssh-copy-id eams@nfs

2.7 测试ansible环境

cd /home/eams/ansible/
ansible all -m ping

返回值success表示ansible环境搭建成功

三、配置操作系统环境

以下所有操作都在rancher的nginx主机上进行

3.1 分发hosts文件

cd /home/eams/ansible/
# 可以将当前主机上的hosts文件拷贝,也可以直接编辑ansible目录中的hosts.j2文件
cp /etc/hosts /home/eams/ansible/hosts.j2
ansible-playbook hosts.yml
# 验证
ansible all -m shell -a 'cat /etc/hosts'

3.2 更换yum源

cd /home/eams/ansible/
ansible-playbook yum.yml
# 验证
ansible all -m shell -a 'ls -l /etc/yum.repos.d/'

3.3 升级系统内核(可选)

cd /home/eams/ansible/
# 更新除nginx1之外的所有主机内核,更新完成后自动重启
ansible-playbook kernel1.yml
# 验证所有虚拟机是否启动成功
ansible all -m ping
# 更新nginx1主机内核
ansible-playbook kernel2.yml
# 重启
reboot
# 验证内核是否升级成功
ansible all -m shell -a 'uname -a' 

如果uname -r 内核已经是3.10及以上,本步骤可以忽略

3.4 安装软件

cd /home/eams/ansible/
ansible-playbook soft.yml 

更新内核和安装软件时间比较长,耐心等待。如果过程中卡住了,ctrl+c终止进程,然后重新一遍脚本,直至返回成功

3.5 关闭firewalld和selinux

cd /home/eams/ansible/
ansible-playbook firewalld.yml 

# 临时关闭
ansible all -m shell -a 'setenforce 0'

#永久关闭selinux需要重启(也可稍后重启)
#ansible "nginxs2 appservers nfss" -m shell -a 'reboot'
#ansible nginxs1 -m shell -a 'reboot'

# 验证
ansible all -m shell -a 'systemctl status firewalld' 
ansible all -m shell -a 'sestatus' 

3.6 设置时钟同步

cd /home/eams/ansible/
vim timesync.yml 

timesync文件

---
- name: time sync
  hosts: all
  tasks:
    - name: Install and configure chrony
      include_role:
        name: unxnn.chrony
      vars:
        chrony_config_server:
          - ntp.aliyun.com
        chrony_timezone: Asia/Shanghai

修改ntp.aliyun.com为学校的时钟服务器地址,保存退出

cd /home/eams/ansible/
ansible-playbook timesync.yml
# 验证
ansible all -m shell -a 'timedatectl' 

3.7 设置语言环境(可选)echo

# 查看所有主机的语言环境是否是en_US.UTF-8
ansible all -m shell -a 'echo $LANG'

# (可选)如果语言环境不是en_US.UFT-8
cd /home/eams/ansible/
ansible-playbook lang.yml

如果你重新设置了语言环境变量,在现有打开的终端窗口echo $LANG还是未修改之前的,必须重新开启一个终端才会是修改后的

3.8 内核模块优化

cd /home/eams/ansible/
ansible-playbook core.yml
# 验证,抽查其中一个模块是否加载成功
ansible all -m shell -a 'lsmod | grep veth'

3.9 关闭SWAP分区

cd /home/eams/ansible/
ansible-playbook swap.yml
# 验证
ansible appservers -m shell -a 'free -m'

3.10 NFS的服务端安装

cd /home/eams/ansible/
ansible-playbook nfs.yml
# 验证
ansible nfss -m shell -a 'showmount -e localhost' 

3.11 重启

至此,将所有主机重启,观察是否正常启动,若有问题,检查处理

ansible "nginxs2 appservers nfss" -m shell -a 'reboot'
ansible nginxs1 -m shell -a 'reboot'

四、集群安装

以下所有操作都在rancher的nginx主机上进行

4.1 Docker安装

cd /home/eams/ansible/
ansible-playbook docker1.yml
# 验证 有client显示表示正常
ansible appservers -m shell -a 'docker version'

client正常,server报错是正常的

4.2 Docker配置

cd /home/eams/ansible/
ansible-playbook docker2.yml
# 验证
ansible appservers -m shell -a 'docker version'

client正常,server也正常,表示安装成功

4.3 rancher的nginx安装

cd /home/eams/ansible/
ansible-playbook nginx1.yml

4.4 rancher的nginx配置

cd /home/eams/ansible/
ansible-playbook nginx2.yml

如果nginx服务器超过4个CPU,需要编辑nginx.conf.j2模板文件后,再执行上面的nginx2脚本呢

4.4 安装kubectl

cd /home/eams/ansible/
ansible-playbook kubectl.yml

#验证
kubectl version 

4.5 安装RKE

cd /home/eams/ansible/
ansible-playbook rke.yml
# 验证
rke -v

4.6 RKE在rancher上安装K8S

cd /home/eams/ansible/
ansible-playbook rancher.yml

运行RKE创建集群

rke up --config /home/eams/rancher/rancher-cluster.yml

# 验证,出现 Finished building Kubernetes cluster successfully 表示成功

设置环境变量

echo "export KUBECONFIG=/home/eams/rancher/kube_config_rancher-cluster.yml" >> ~/.bash_profile
source ~/.bash_profile

执行以下命令,看是否成功

kubectl get nodes
kubectl get pods --all-namespaces
kubectl get pods -n kube-system

4.7 安装Helm

cd /home/eams/ansible/
ansible-playbook helm.yml
# 验证
helm version

4.8 创建SSL私钥

cd /home/eams/ansible/
ansible-playbook ssl.yml

以上命令会返回result.stdout

# 切换到ssl目录
cd /home/eams/ssl/

# 复制result.stdout的结果执行,以下命令是参考,不要直接执行
./create_self-signed-cert.sh  --ssl-domain=***  --ssl-trusted-ip=***  --ssl-size=2048   --ssl-date=3650

验证是否成功

openssl verify -CAfile cacerts.pem tls.crt # 应该返回状态为 tls.crt: ok
openssl x509 -in tls.crt -noout -text #执行后查看对应的域名和扩展iP是否正确

4.9 安装rancher

cd /home/eams/ssl
helm repo add rancher-stable http://rancher-mirror.oss-cn-beijing.aliyuncs.com/server-charts/stable
helm repo update

kubectl create namespace cattle-system

kubectl -n cattle-system create     secret tls tls-rancher-ingress     --cert=./tls.crt --key=./tls.key
kubectl -n cattle-system create secret     generic tls-ca     --from-file=cacerts.pem

# 下面命令需要修改域名后运行
helm install rancher rancher-stable/rancher     --namespace cattle-system     --set hostname=**rancher.k8s.example.com**      --set ingress.tls.source=secret     --set privateCA=true

#检查集群是否正常
kubectl -n cattle-system rollout status deploy/rancher
#查看deployment状态
kubectl -n cattle-system get deploy rancher
#查看运行的容器
kubectl -n cattle-system get pods
#查看运行容器的运行状态
kubectl -n cattle-system describe pod
#查看运行容器的运行日志
kubectl -n cattle-system logs -f rancher-7674bdcd95-4nxjm


#配置host访问域名
rancher.k8s.example.com
 

视频教程地址:
https://www.ixigua.com/695436...

你可能感兴趣的:(用ansible脚本安装rancher和k8s集群)