openshift4.7安装手册

时间:2021-02-08 22:14:15   收藏:0   阅读:161

Openshift4的安装已不在使用之前的ansible脚本安装,而是采用引导安装的方式,以下是我在虚拟机上安装Openshiift4.7的一些记录,4版本的其他安装方式,大致类似。

一、集群准备

角色 主机名 IP OS 备注
bastion bastion.ocp4.liufeng.cc 192.168.145.181 CentOS7

安装辅助工具:

DNS、HTTP、LB、HARBOR

bootstrap bootstrap.ocp4.liufeng.cc 192.168.145.182 RHCOS 安装引导节点,会临时创建一个K8S集群,负责引导OCP集群的安装,等OCP安装完成后,此节点可以删除
master1 master1.ocp4.liufeng.cc 192.168.145.183 RHCOS  
master2 master2.ocp4.liufeng.cc 192.168.145.184 RHCOS  
master3 master3.ocp4.liufeng.cc 192.168.145.185 RHCOS  
worker1 worker1.ocp4.liufeng.cc 192.168.145.186 RHCOS  
worker2 worker2.ocp4.liufeng.cc 192.168.145.187 RHCOS  

PS:只有bastion是CentOS系统,其他主机的系统为RHCOS,且在安装集群过程中完成系统的安装。

二、bastion主机的准备,主要是安装LB、DNS、HARBOR、HTTP,以便后续集群的安装。

# yum install haproxy
frontend openshift-api-server              
    bind *:6443
    default_backend openshift-api-server
    mode tcp
    option tcplog

backend openshift-api-server
    balance source
    mode tcp
    server bootstrap 192.168.145.182:6443 check  
    server master1 192.168.145.183:6443 check 
    server master2 192.168.145.184:6443 check
    server master3 192.168.145.185:6443 check
      
frontend machine-config-server          
    bind *:22623
    default_backend machine-config-server
    mode tcp
    option tcplog

backend machine-config-server
    balance source
    mode tcp
    server bootstrap 192.168.145.182:22623 check 
    server master1 192.168.145.183:22623 check   
    server master2 192.168.145.184:22623 check  
    server master3 192.168.145.185:22623 check
# systemctl start haproxy
# systemctl enable haproxy
# systemctl status haproxy

如果haproxy没有启动,运行下面的命令后,再次启动haproxy
# setsebool -P haproxy_connect_any=1
# firewall-cmd --add-port=6443/tcp --permanent
# firewall-cmd --add-port=22623/tcp --permanent
# firewall-cmd --reload
# firewall-cmd --list-all
# yum install dnsmasq
# ocp4 node
address=/master1.ocp4.liufeng.cc/192.168.145.183
address=/master2.ocp4.liufeng.cc/192.168.145.184
address=/master3.ocp4.liufeng.cc/192.168.145.185
address=/worker1.ocp4.liufeng.cc/192.168.145.186
address=/worker2.ocp4.liufeng.cc/192.168.145.187

# etcd
address=/etcd-0.ocp4.liufeng.cc/192.168.145.183
address=/etcd-1.ocp4.liufeng.cc/192.168.145.184
address=/etcd-2.ocp4.liufeng.cc/192.168.145.185
# etcd srv 
# <name>,<target>,<port>,<priority>,<weight>
srv-host=_etcd-server-ssl._tcp.ocp4.liufeng.cc,etcd-0.ocp4.liufeng.cc,2380,0,10
srv-host=_etcd-server-ssl._tcp.ocp4.liufeng.cc,etcd-1.ocp4.liufeng.cc,2380,0,10
srv-host=_etcd-server-ssl._tcp.ocp4.liufeng.cc,etcd-2.ocp4.liufeng.cc,2380,0,10

# lb
address=/.ocp4.liufeng.cc/192.168.145.186
address=/api.ocp4.liufeng.cc/192.168.145.181
address=/api-int.ocp4.liufeng.cc/192.168.145.181

# other
address=/bootstrap.ocp4.liufeng.cc/192.168.145.182
address=/bastion.ocp4.liufeng.cc/192.168.145.181
address=/harbor.ocp4.liufeng.cc/192.168.145.181
# systemctl start dnsmasq
# systemctl enable dnsmasq
# firewall-cmd --add-port=53/tcp --permanent
# firewall-cmd --add-port=53/udp --permanent
# firewall-cmd --reload
# firewall-cmd --list-all
# dig +short -t A etcd-0.ocp4.baison.cc @192.168.145.181
# dig +short -t SRV _etcd-server-ssl._tcp.ocp4.baison.cc @192.168.145.181 
如果没有dig命令,请使用如下命令安装
# yum install bind-utils
[docker-ce-stable]
name=Docker CE Stable - $basearch
baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/7/$basearch/stable
enabled=1
gpgcheck=0
# yum install -y docker-ce-19.03* docker-ce-cli-19.03*
# curl -L "https://github.com/docker/compose/releases/download/1.27.4/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
# chmod +x /usr/local/bin/docker-compose
# wget https://github.com/goharbor/harbor/releases/download/v2.1.3/harbor-offline-installer-v2.1.3.tgz
# tar xvf harbor-offline-installer-v2.1.3.tgz
# openssl req -x509 -nodes -days 36500 -newkey rsa:4096 -keyout server.key -out server.crt
下载的离线安装包里有模板,此文件是harbor安装的各种配置参数,可按需求修改相应的参数值。
大概几个参数如下:
hostname 
https下的证书路径(如果使用https连接的话)
harbor_admin_password
database下的密码(如果使用外部数据库,则放开external_database的注释)
# ./install.sh --with-clair
# docker-compose up -d
# docker-compose down
把再上面生成的server.crt内容追加到/etc/pki/tls/certs/ca-bundle.crt文件中
# cat server.crt >> /etc/pki/tls/certs/ca-bundle.crt
# systemctl daemon-reload
# systemctl restart docker
proxy:
  image: goharbor/nginx-photon:v2.1.3
  container_name: nginx
  restart: always
  cap_drop:
    - ALL
  cap_add:
    - CHOWN
    - SETGID
    - SETUID
    - NET_BIND_SERVICE
  volumes:
    - ./common/config/nginx:/etc/nginx:z
    - /home/harbor/data/secret/cert:/etc/cert:z
    - /home/www:/var/www/html:z
    - type: bind
      source: ./common/config/shared/trust-certificates
      target: /harbor_cust_cert
  networks:
    - harbor
  dns_search: .
  ports:
    - 80:8080
    - 443:8443
  depends_on:
    - registry
    - core
    - portal
    - log
  logging:
    driver: "syslog"
    options:
      syslog-address: "tcp://127.0.0.1:1514"
      tag: "proxy"
修改如下server段,注释掉308跳转,并加一个root目录
  server {
      listen 8080;
      #server_name harbordomain.com;
      #return 308 https://$host:443$request_uri;
      root /var/www/html;
  }
# firewall-cmd --add-port=443/tcp --permanent
# firewall-cmd --add-port=80/tcp --permanent
# firewall-cmd --reload
# docker-compose down
# docker-compose up -d
# systemctl enable docker 

 

原文:https://www.cnblogs.com/ooops/p/14389786.html

评论(0
© 2014 bubuko.com 版权所有 - 联系我们:wmxa8@hotmail.com
打开技术之扣,分享程序人生!