Rancher的部署
一、系统初始化
1)设置IP地址和主机名称
hostnamectl set-hostname rancher
2)添加地址解析和开启路由转发
cat >>/etc/hosts< 192.168.180.210 rancher 192.168.180.200 node1 192.168.180.190 node2 EOF net.ipv4.ip_forward= 1 sysctl -p 3)关闭防火墙和Selinux systemctl stop firewalld.service && systemctl disable firewalld.service sed -i ‘/^SELINUX=/s/enforcing/disabled/’ /etc/selinux/config && setenforce 0 二、安装并启动Docker 1)安装依赖包 yum install -y yum-utils device-mapper-persistent-data lvm2 2)添加信息源 yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo 3)更新并安装docker yum makecache fast yum -y install docker-ce docker-ce-cli containerd.io 4)Docker镜像加速 mkdir /etc/docker vim /etc/docker/daemon.json { “registry-mirrors”: [“https://6bs5y5lw.mirror.aliyuncs.com”] } systemctl daemon-reload && systemctl restart docker && systemctl enable docker 三、部署rancher docker run -d --restart=unless-stopped -p 80:80 -p 443:443 rancher/rancher:v2.0.8 https://192.168.180.210 四、自定义群集 1) 添加群集 OpenShift Origin部署 5、安装EPEL源 7、所有节点都要修改内核参数 modprobe br_netfilter 8、所有节点都要安装docker 9、在Master节点上执行免密登录 10、安装OpenShift工具(所有节点) sed -i 8d /etc/yum.repos.d/CentOS-ANSIBLE.repo 二、配置Ansible(Master主机上执行) [OSEv3:children] ansible_ssh_user=root openshift_master_identity_providers=[{‘name’: ‘htpasswd_auth’, ‘login’: ‘true’, ‘challenge’: ‘true’,‘kind’: ‘HTPasswdPasswordIdentityProvider’}] openshift_docker_insecure_registries=172.30.0.0/16 master.example.com openshift_node_group_name=‘node-config-all-in-one’ 三、部署并访问OpenShift 解压openshift.git.tgz后,进入openshift-ansible 打开web界面 https://master.example.com:8443 排错命令 各种报错后,先卸载,再尝试安装 四、管理OpenShift 创建项目: vim Dockerfile docker build -t docker-registry.default.svc:5000/myproject/nginx . --network host oc login -u admin -p admin
vim/etc/sysctl.conf
一、基本配置:
1、设置主机名:
hostnamectl set-hostname master.example.com && bash
hostnamectl set-hostname node1.example.com && bash
hostnamectl set-hostname node2.example.com && bash
2、关闭防火墙
systemctl disable firewalld && systemctl stop firewalld
getenforce 1 (selinux必须处于Enforcing状态)
3、添加/etc/hosts
cat >>/etc/hosts<
192.168.180.200 node1.example.com
192.168.180.190 node2.example.com
EOF
4、安装基础包
yum install ntp unzip lrzsz vim wget git net-tools bind-utils yum-utils iptables-services bridge-utils bash-completion kexec-tools sos psacct -y
将系统更新到最新版本
yum -y update
reboot
wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
yum install ansible pyOpenSSL -y
6、下载Openshift origin 3.11源码(Master主机上执行)
#git clone -b release-3.11 https://github.com/openshift/openshift-ansible.git —>下载软件包
cat >>/etc/sysctl.conf<
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
EOF
sysctl -p
yum -y install docker
systemctl enable docker
sudo mkdir -p /etc/docker
sudo tee /etc/docker/daemon.json <<-‘EOF’
{
“dns”:[“119.29.29.29”],
“registry-mirrors”:[“https://l8e41nna.mirror.aliyuncs.com”]
}
EOF
sudo systemctl daemon-reload
sudo systemctl restart docker
ssh-keygen
ssh-copy-id [email protected]
ssh-copy-id [email protected]
ssh-copy-id [email protected]
yum -y install atomic atomic-openshift-utils
yum -y install centos-release-openshift-origin311
vim /etc/yum.repos.d/CentOS-OpenShift-Origin311.repo
[centos-openshift-origin311]
name=CentOS OpenShift Origin
baseurl=https://mirrors.aliyun.com/centos/7/paas/x86_64/openshift-origin311/
enabled=1
gpgcheck=0
sed -i 9cbaseurl=https://mirror.tuna.tsinghua.edu.cn/epel/7/x86_64/ /etc/yum.repos.d/CentOS-ANSIBLE.repo
sed -i s/gpgcheck=1/gpgcheck=0/ /etc/yum.repos.d/CentOS-ANSIBLE.repo
mv /etc/ansible/hosts /etc/ansible/hosts.bak
vim /etc/ansible/hostsadd follows to the end
masters
nodes
etcd
[OSEv3:vars]admin user created in previous section
openshift_deployment_type=originuse HTPasswd for authentication
openshift_disable_check=disk_availability,docker_storage,memory_availability,docker_image_availability,package_version,package_availabilityallow unencrypted connection within cluster
[masters]
master.example.com
[etcd]
master.example.com
[nodes]set labels [region: ***, zone: ***] (any name you like)
node1.example.com openshift_node_group_name=‘node-config-compute’
node2.example.com openshift_node_group_name=‘node-config-compute’
上传提供的openshift-master.tgz 到Master
解压后,使用sh load.sh载入镜像
上传提供的openshift-node1.tgz 到node1
解压后,使用sh load.sh载入镜像
上传提供的openshift-node2.tgz 到node2
解压后,使用sh load.sh载入镜像
cd openshift-ansible
ansible-playbook playbooks/prerequisites.yml
ansible-playbook playbooks/deploy_cluster.yml
出现的错误提示:fatal: [master.example.com]: FAILED! => {“changed”: false, “msg”: “Control plane pods didn’t come up”}
journalctl -flu docker.service
卸载命令:
ansible-playbook ./playbooks/adhoc/uninstall.yml
多次安装导致证书不一致导致node认证master失败,也可以执行证书重新生成操作
ansible-playbook ./playbooks/redeploy-certificates.yml
1、创建集群管理员
htpasswd -b /etc/origin/master/htpasswd admin admin
oc adm policy add-cluster-role-to-user cluster-admin admin
查看
oc get user
oc new-project myproject
配置权限:
oc login -u system:admin
oc project myproject
oc adm policy add-scc-to-user privileged system:serviceaccount:default:router
oc adm policy add-scc-to-user privileged system:serviceaccount:myproject:admin
oc adm policy add-scc-to-user anyuid system:serviceaccount:myproject:admin
oc adm policy add-scc-to-group anyuid system:authenticated
oc adm policy add-scc-to-user anyuid -z default
FROM centos:7
MAINTAINER openshift
RUN yum -y install wget &&
wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo &&
yum -y install nginx &&
rm -f /usr/share/nginx/html/index.html &&
echo “This is my first project for Openshift Origin” > /usr/share/nginx/html/index.html &&
yum clean all &&
rm -rf /tmp/*
EXPOSE 80
CMD [“/usr/sbin/nginx”,“-g”,“daemon off;”]
oc whoami -t 命令会产生以下的token
Pt2E5vwBbLKpSW4hKFBTZ1azCcasBk52NPsszQ6sc40
docker login -u admin -p Pt2E5vwBbLKpSW4hKFBTZ1azCcasBk52NPsszQ6sc40 docker-registry.default.svc:5000
docker push docker-registry.default.svc:5000/myproject/nginx
oc get all
oc new-app docker-registry.default.svc:5000/myproject/nginx --name=nginx
oc expose svc/nginx
oc get route
curl nginx-myproject.router.default.svc.cluster.local
oc edit routes/nginx
修改以下内容 host: nginx.master.example.com
echo “192.168.180.210 nginx.master.example.com” >> /etc/hosts
curl nginx.master.example.com