OpenShift与Rancher

Rancher的部署
一、系统初始化

1）设置IP地址和主机名称

hostnamectl set-hostname rancher

2）添加地址解析和开启路由转发

cat >>/etc/hosts<<EOF

192.168.180.210 rancher

192.168.180.200 node1

192.168.180.190 node2

EOF
vim/etc/sysctl.conf

net.ipv4.ip_forward= 1

sysctl -p

3）关闭防火墙和Selinux

systemctl stop firewalld.service && systemctl disable firewalld.service

sed -i ‘/^SELINUX=/s/enforcing/disabled/’ /etc/selinux/config && setenforce 0

二、安装并启动Docker

1）安装依赖包

yum install -y yum-utils device-mapper-persistent-data lvm2

2）添加信息源

yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo

3）更新并安装docker

yum makecache fast

yum -y install docker-ce docker-ce-cli containerd.io

4）Docker镜像加速

mkdir /etc/docker

vim /etc/docker/daemon.json

{

“registry-mirrors”: [“https://6bs5y5lw.mirror.aliyuncs.com”]

}

systemctl daemon-reload && systemctl restart docker && systemctl enable docker

三、部署rancher

docker run -d --restart=unless-stopped -p 80:80 -p 443:443 rancher/rancher:v2.0.8

https://192.168.180.210

四、自定义群集

1）添加群集

OpenShift Origin部署
一、基本配置：
1、设置主机名：
hostnamectl set-hostname master.example.com && bash
hostnamectl set-hostname node1.example.com && bash
hostnamectl set-hostname node2.example.com && bash
2、关闭防火墙
systemctl disable firewalld && systemctl stop firewalld
getenforce 1 (selinux必须处于Enforcing状态)
3、添加/etc/hosts
cat >>/etc/hosts<<EOF
192.168.180.210 master.example.com
192.168.180.200 node1.example.com
192.168.180.190 node2.example.com
EOF
4、安装基础包
yum install ntp unzip lrzsz vim wget git net-tools bind-utils yum-utils iptables-services bridge-utils bash-completion kexec-tools sos psacct -y
将系统更新到最新版本
yum -y update
reboot

5、安装EPEL源
wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
yum install ansible pyOpenSSL -y
6、下载Openshift origin 3.11源码(Master主机上执行)
#git clone -b release-3.11 https://github.com/openshift/openshift-ansible.git —>下载软件包

7、所有节点都要修改内核参数
cat >>/etc/sysctl.conf<<EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
EOF

modprobe br_netfilter
sysctl -p

8、所有节点都要安装docker
yum -y install docker
systemctl enable docker
sudo mkdir -p /etc/docker
sudo tee /etc/docker/daemon.json <<-‘EOF’
{
“dns”:[“119.29.29.29”],
“registry-mirrors”:[“https://l8e41nna.mirror.aliyuncs.com”]
}
EOF
sudo systemctl daemon-reload
sudo systemctl restart docker

9、在Master节点上执行免密登录
ssh-keygen
ssh-copy-id root@master.example.com
ssh-copy-id root@node1.example.com
ssh-copy-id root@node2.example.com

10、安装OpenShift工具（所有节点）
yum -y install atomic atomic-openshift-utils
yum -y install centos-release-openshift-origin311
vim /etc/yum.repos.d/CentOS-OpenShift-Origin311.repo
[centos-openshift-origin311]
name=CentOS OpenShift Origin
baseurl=https://mirrors.aliyun.com/centos/7/paas/x86_64/openshift-origin311/
enabled=1
gpgcheck=0

sed -i 8d /etc/yum.repos.d/CentOS-ANSIBLE.repo
sed -i 9cbaseurl=https://mirror.tuna.tsinghua.edu.cn/epel/7/x86_64/ /etc/yum.repos.d/CentOS-ANSIBLE.repo
sed -i s/gpgcheck=1/gpgcheck=0/ /etc/yum.repos.d/CentOS-ANSIBLE.repo

二、配置Ansible(Master主机上执行)
mv /etc/ansible/hosts /etc/ansible/hosts.bak
vim /etc/ansible/hosts

add follows to the end

[OSEv3:children]
masters
nodes
etcd
[OSEv3:vars]

admin user created in previous section

ansible_ssh_user=root
openshift_deployment_type=origin

use HTPasswd for authentication

openshift_master_identity_providers=[{‘name’: ‘htpasswd_auth’, ‘login’: ‘true’, ‘challenge’: ‘true’,‘kind’: ‘HTPasswdPasswordIdentityProvider’}]
openshift_disable_check=disk_availability,docker_storage,memory_availability,docker_image_availability,package_version,package_availability

allow unencrypted connection within cluster

openshift_docker_insecure_registries=172.30.0.0/16
[masters]
master.example.com
[etcd]
master.example.com
[nodes]

set labels [region: , zone: ] (any name you like)

master.example.com openshift_node_group_name=‘node-config-all-in-one’
node1.example.com openshift_node_group_name=‘node-config-compute’
node2.example.com openshift_node_group_name=‘node-config-compute’

三、部署并访问OpenShift
上传提供的openshift-master.tgz 到Master
解压后，使用sh load.sh载入镜像
上传提供的openshift-node1.tgz 到node1
解压后，使用sh load.sh载入镜像
上传提供的openshift-node2.tgz 到node2
解压后，使用sh load.sh载入镜像

解压openshift.git.tgz后，进入openshift-ansible
cd openshift-ansible
ansible-playbook playbooks/prerequisites.yml
ansible-playbook playbooks/deploy_cluster.yml

打开web界面 https://master.example.com:8443

排错命令
出现的错误提示：fatal: [master.example.com]: FAILED! => {“changed”: false, “msg”: “Control plane pods didn’t come up”}
journalctl -flu docker.service

各种报错后，先卸载，再尝试安装
卸载命令:
ansible-playbook ./playbooks/adhoc/uninstall.yml
多次安装导致证书不一致导致node认证master失败，也可以执行证书重新生成操作
ansible-playbook ./playbooks/redeploy-certificates.yml

四、管理OpenShift
1、创建集群管理员
htpasswd -b /etc/origin/master/htpasswd admin admin
oc adm policy add-cluster-role-to-user cluster-admin admin
查看
oc get user

创建项目：
oc new-project myproject
配置权限：
oc login -u system:admin
oc project myproject
oc adm policy add-scc-to-user privileged system:serviceaccount:default:router
oc adm policy add-scc-to-user privileged system:serviceaccount:myproject:admin
oc adm policy add-scc-to-user anyuid system:serviceaccount:myproject:admin
oc adm policy add-scc-to-group anyuid system:authenticated
oc adm policy add-scc-to-user anyuid -z default

vim Dockerfile
FROM centos:7
MAINTAINER openshift
RUN yum -y install wget &&
wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo &&
yum -y install nginx &&
rm -f /usr/share/nginx/html/index.html &&
echo “This is my first project for Openshift Origin” > /usr/share/nginx/html/index.html &&
yum clean all &&
rm -rf /tmp/*
EXPOSE 80
CMD [“/usr/sbin/nginx”,“-g”,“daemon off;”]

docker build -t docker-registry.default.svc:5000/myproject/nginx . --network host

oc login -u admin -p admin
oc whoami -t 命令会产生以下的token
Pt2E5vwBbLKpSW4hKFBTZ1azCcasBk52NPsszQ6sc40
docker login -u admin -p Pt2E5vwBbLKpSW4hKFBTZ1azCcasBk52NPsszQ6sc40 docker-registry.default.svc:5000
docker push docker-registry.default.svc:5000/myproject/nginx
oc get all
oc new-app docker-registry.default.svc:5000/myproject/nginx --name=nginx
oc expose svc/nginx
oc get route
curl nginx-myproject.router.default.svc.cluster.local
oc edit routes/nginx
修改以下内容 host: nginx.master.example.com
echo “192.168.180.210 nginx.master.example.com” >> /etc/hosts
curl nginx.master.example.com