OpenShift-OKD3.10基础环境部署

单master + 双node

1.主机角色划分

#采用双网段部署  0 网段是opesnshift内部通信IP,1 网段是连接外网通信地址

#master
master.example.com
192.168.0.39   
192.168.1.39

#node1 
node1.example.com
192.168.0.40
192.168.1.40

#node2
node2.example.com
192.168.0.41
192.168.1.41

2.系统初始化 

2.1  开启SELinux

[root@master ~]# cat /etc/sysconfig/selinux 

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=enforcing
# SELINUXTYPE= can take one of three two values:
#     targeted - Targeted processes are protected,
#     minimum - Modification of targeted policy. Only selected processes are protected. 
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted 

2.2  安装基础组件

yum install wget git net-tools bind-utils yum-utils iptables-services bridge-utils bash-completion kexec-tools sos psacct -y

2.3  更新操作系统

yum  update -y 
reboot

2.4  配置ansible

## install ansible
yum -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
sed -i -e "s/^enabled=1/enabled=0/" /etc/yum.repos.d/epel.repo
yum -y --enablerepo=epel install ansible pyOpenSSL

 #checkout install playbooks
 cd ~
 git clone https://github.com/openshift/openshift-ansible
 cd openshift-ansible
 git checkout release-3.10

 2.5 设置SSH免密登录（master -> node）

## ssh 
ssh-keygen
for host in master.example.com \
    master.example.com \
    node1.example.com \
    node2.example.com; \
    do ssh-copy-id -i ~/.ssh/id_rsa.pub $host; \
    done

 

3.开始部署

3.1 更新hosts配置文件

[root@master ~]# cat /etc/ansible/hosts
[OSEv3:children]
masters
nodes
etcd
nfs

[OSEv3:vars]
ansible_ssh_user=root
openshift_deployment_type=origin
#因采用虚拟机部署学习 配置此选项跳过主机硬件信息检查
openshift_disable_check=disk_availability,docker_storage,memory_availability,docker_image_availability
openshift_master_identity_providers=[{'name':'htpasswd_auth','login':'true','challenge':'true','kind':'HTPasswdPasswordIdentityProvider',}]

openshift_master_default_subdomain=apps.test.example.com
openshift_deployment_type=origin
os_firewall_use_firewalld=true

[masters]
master.example.com

[etcd]
master.example.com

[nodes]
master.example.com openshift_node_group_name='node-config-master'
node1.example.com openshift_node_group_name='node-config-compute'
node2.example.com openshift_node_group_name='node-config-compute'

[nfs]
master.example.com

3.2 执行预安装检测

[root@master ~]# ansible-playbook openshift-ansible/playbooks/prerequisites.yml

3.3 正式安装

[root@master ~]# ansible-playbook openshift-ansible/playbooks/deploy_cluster.yml

4.FAQ 

Q1 Docker HUB下载镜像缓慢导致执行deploy脚本失败##更改docker 的配置文件 /etc/sysconfig/docker

设置国内docker 镜像仓库例如阿里云加速

OPTIONS=' --selinux-enabled=false       --signature-verification=False --registry-mirror=https://c9ojlmr5.mirror.aliyuncs.com'

#需要重启docker
systemctl restart docker

#手动pull master和node使用的images

#master镜像列表

　docker.io/cockpit/kubernetes
　docker.io/openshift/origin-haproxy-router
  docker.io/openshift/origin-haproxy-router　　
  docker.io/openshift/origin-service-catalog

　　docker.io/openshift/origin-node
　　docker.io/openshift/origin-deployer
　　docker.io/openshift/origin-control-plane
　　docker.io/openshift/origin-control-plane
　　docker.io/openshift/origin-template-service-broker
　　docker.io/openshift/origin-pod
　　docker.io/cockpit/kubernetes
　　docker.io/openshift/origin-web-console
　　quay.io/coreos/etcd

　　#node镜像列表

　　docker.io/openshift/origin-haproxy-router
　　docker.io/openshift/origin-node
　　docker.io/openshift/origin-deployer
　　docker.io/openshift/origin-pod
　　docker.io/ansibleplaybookbundle/origin-ansible-service-broker
　　docker.io/openshift/origin-docker-registry
　　docker-registry.default.svc:5000/openshift/jenkins

Q2 执行deploy时主机dns导致连外网失败

临时解决方案更改/etc/resolv.conf
echo nameserver 114.114.114.114  >>/etc/resolv.conf