/etc/ansible/hosts高級安裝openshift配置詳解

一.根據環境部署需部署的角色佈局可以有四種：

1.[OSEv3:children]

masters

nodes

etcd #數據庫

2.[OSEv3:children]

masters

nodes

glusterfs_registry #持久化存儲倉庫

3.[OSEv3:children]

masters

nodes

etcd

lb HAProxy負載平衡API主終端

4.[OSEv3:children]

masters

nodes

nfs

全局參數分類：

基於角色第一種情況設置參數：

1.[OSEv3:children]

masters

nodes

etcd #數據庫

[OSEv3:var]

配置羣集變量

#1身份提供商之一htpasswd

openshift_master_identity_providers=[{'name': 'htpasswd_auth',

'login': 'true', 'challenge': 'true',

'kind': 'HTPasswdPasswordIdentityProvider',

'filename': '/etc/origin/master/htpasswd'}]

#2默認子域以用於公開的 路由

openshift_master_default_subdomain=apps.test.example.com

#3設置安裝程序使用的SSH用戶

ansible_ssh_user=root

#4If ansible_ssh_user is not root, ansible_become must be set to true

#ansible_become=true

#5配置部署類型

openshift_deployment_type=openshift-enterprise

#6配置羣集預安裝檢查

openshift_disable_check=memory_availability,disk_availability,docker_image_availability,package_availability,docker_storage

#7配置系統容器，----理解：系統容器提供了一種方法來容納在docker守護進程運行之前需要運行的服務。

注意點：所有系統容器組件都是 OpenShift Container Platform 3.7 中的 技術預覽功能。

它們不能用於生產，並且不支持升級到OpenShift Container Platform 3.7。在此階段，它們只能用於非生產環境中的新集羣安裝。

舉例Docker格式的容器：

OSTree for storage,

runC for the runtime,

systemd for service management, and

skopeo for searching.

OpenShift容器平臺僅支持RHEL和RHEL Atomic作爲主機操作系統，因此默認使用爲RHEL構建的系統容器。

將DOCKER作爲系統容器運行注意點：

1.庫存變量將 docker被忽略的參數---docker_version與docker_upgrade

2.不得使用以下庫存變量----openshift_docker_options

++++++++++++++++++++++++++++++++++++

openshift_docker_use_system_container=True

#8配置數據庫容器

openshift_use_etcd_system_container=True

#9您也可以強制docker在系統容器中使用特定的容器註冊表和存儲庫時，拉container-engine圖像，而不是從默認值registry.access.redhat.com/openshift3/

openshift_docker_systemcontainer_image_override="<registry>/<user>/<image>:<tag>"

#10配置註冊表位置

oreg_url=harborone.ultraapp.com/openshift3/ose-${component}:${version}

#配置註冊表存儲有四種方式。

1主機內

openshift_hosted_registry_storage_kind=nfs

openshift_hosted_registry_storage_access_modes=['ReadWriteMany']

openshift_hosted_registry_storage_nfs_directory=/exports

openshift_hosted_registry_storage_nfs_options='*(rw,root_squash)'

openshift_hosted_registry_storage_volume_name=registry

openshift_hosted_registry_storage_volume_size=10Gi

2主機外

openshift_hosted_registry_storage_kind=nfs

openshift_hosted_registry_storage_access_modes=['ReadWriteMany']

openshift_hosted_registry_storage_host=nfs.example.com

openshift_hosted_registry_storage_nfs_directory=/exports

openshift_hosted_registry_storage_volume_name=registry

openshift_hosted_registry_storage_volume_size=10Gi

3openshift平臺

openshift_hosted_registry_storage_kind=openstack

openshift_hosted_registry_storage_access_modes=['ReadWriteOnce']

openshift_hosted_registry_storage_openstack_filesystem=ext4

openshift_hosted_registry_storage_openstack_volumeID=3a650b4f-c8c5-4e0a-8ca5-eaee11f16c57

openshift_hosted_registry_storage_volume_size=10Gi

4ams s3服務

openshift_hosted_registry_storage_kind=object

openshift_hosted_registry_storage_provider=s3

openshift_hosted_registry_storage_s3_accesskey=access_key_id

openshift_hosted_registry_storage_s3_secretkey=secret_access_key

openshift_hosted_registry_storage_s3_bucket=bucket_name

openshift_hosted_registry_storage_s3_region=bucket_region

openshift_hosted_registry_storage_s3_chunksize=26214400

openshift_hosted_registry_storage_s3_rootdirectory=/registry

openshift_hosted_registry_pullthrough=true

openshift_hosted_registry_acceptschema2=true

openshift_hosted_registry_enforcequota=true

#注意If you are using a different S3 service, such as Minio or ExoScale, also add the region endpoint parameter:

openshift_hosted_registry_storage_s3_regionendpoint=https://myendpoint.example.com/

************************************************************************************************************

配置GlusterFS永久存儲

#1.添加glusterfs該[OSEv3:children]部分以啓用該[glusterfs]組

[OSEv3:children]

masters

nodes

glusterfs

#2在[OSEv3:vars] 要更改的部分中包含以下任何角色變量

[OSEv3:vars]

openshift_storage_glusterfs_namespace=glusterfs

openshift_storage_glusterfs_name=storage

#3[glusterfs]爲每個將存放GlusterFS存儲的存儲節點添加一個條目，glusterfs_ip並glusterfs_devices在表單中包含和 參數

#<hostname_or_ip> glusterfs_ip=<ip_address> glusterfs_devices='[ "</path/to/device1/>", "</path/to/device2>", ... ]'

[glusterfs]

192.168.10.11 glusterfs_ip=192.168.10.11 glusterfs_devices='[ "/dev/xvdc", "/dev/xvdd" ]'

192.168.10.12 glusterfs_ip=192.168.10.12 glusterfs_devices='[ "/dev/xvdc", "/dev/xvdd" ]'

192.168.10.13 glusterfs_ip=192.168.10.13 glusterfs_devices='[ "/dev/xvdc", "/dev/xvdd" ]'

#4列出的主機也添加[glusterfs]到[nodes]組中

[nodes]

192.168.10.11

192.168.10.12

192.168.10.13

#5在每次運行高級安裝完成羣集安裝後 ，從主服務器運行以下命令驗證是否成功創建了必要的對象

oc get storageclass

oc get routes

curl http://heketi-glusterfs-default.cloudapps.example.com/hello

****************************************************************************************************************************

未完成分類：

配置OpenShift docker registry

配置全局代理選項

配置防火牆

配置主人的可調度性

配置節點主機標籤

配置會話選項

配置自定義證書

配置證書有效性

配置羣集度量

配置羣集記錄

配置服務目錄

配置OpenShift Ansible Broker

配置模板服務代理

配置Web控制檯自定義

三.master域名定義與數量（一個或多個）

master.example.com

master1.example.com

master2.example.com

四.主數據庫etcd：

數量也可以根據需求分佈一個或者多個

位置可以一種在master節點，一種單獨分出節點

[etcd]

1.etcd1.example.com

2.master.example.com

.........

五.node節點：實際的標籤名稱和值是任意的，可以根據您的羣集要求進行分配。region=infra

master.example.com

node1.example.com openshift_node_labels="{'region': 'primary', 'zone': 'node1','infra':'true'}"

node2.example.com openshift_node_labels="{'region': 'primary', 'zone': 'node2'}"

*********************************************************************************************************************************************

這是我安裝測試環境下配置的參數：

第一種：一主多從

# Create an OSEv3 group that contains the masters, nodes, and etcd groups
[OSEv3:children]
masters
nodes
etcd


# Set variables common for all OSEv3 hosts
[OSEv3:vars]
# SSH user, this user should allow ssh based auth without requiring a password
ansible_ssh_user=root


# If ansible_ssh_user is not root, ansible_become must be set to true
#ansible_become=true


openshift_deployment_type=openshift-enterprise


# uncomment the following to enable htpasswd authentication; defaults to DenyAllPasswordIdentityProvider
openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', 'challenge': 'true', 'kind': 'HTPasswdPasswordIdentityProvider', 'filename': '/etc/origin/master/htpasswd'}]#外部認證方式選擇htpassd


openshift_disable_check=memory_availability,disk_availability,docker_image_availability,package_availability,docker_storage




openshift_docker_options="--selinux-enabled --insecure-registry 172.30.0.0/16 --log-driver json-file --log-opt max-size=10M --log-opt max-file=3 --insecure-registry harborone.ultraapp.com --add-registry harborone.ultraapp.com" #這是本人公司倉庫，請根據個人情況填寫修改


openshift_master_default_subdomain=apps.develop.com


openshift_hosted_router_selector='infra=true'
openshift_hosted_registry_selector='infra=true'


openshift_release=3.7.9


oreg_url=harborone.ultraapp.com/openshift3/ose-${component}:${version}
# host group for masters
[masters]
master.develop.com


# host group for etcd
[etcd]
master.develop.com


# host group for nodes, includes region info
[nodes]
master.develop.com
node1.develop.com openshift_node_labels="{'region': 'primary', 'zone': 'node1','infra':'true'}"
node2.develop.com openshift_node_labels="{'region': 'primary', 'zone': 'node2'}"

***************************************************************************************************************

第二種：多主多從

[OSEv3:children]
masters
nodes
etcd
lb #多master節點需要前面有負載均衡


# Set variables common for all OSEv3 hosts
[OSEv3:vars]
# SSH user, this user should allow ssh based auth without requiring a password
ansible_ssh_user=root


# If ansible_ssh_user is not root, ansible_become must be set to true
#ansible_become=true


deployment_type=openshift-enterprise


# uncomment the following to enable htpasswd authentication; defaults to DenyAllPasswordIdentityProvider
openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', 'challenge': 'true', 'kind': 'HTPasswdPasswordIdentityProvider', 'filename': '/etc/origin/master/htpasswd'}]#外部認證方式選擇htpassd


openshift_disable_check=memory_availability,disk_availability,docker_image_availability,package_availability,docker_storage


openshift_master_cluster_method=native #多master需要配置
openshift_master_cluster_hostname=master.develop.com
openshift_master_cluster_public_hostname=master.develop.com


openshift_docker_options="--selinux-enabled --insecure-registry 172.30.0.0/16 --log-driver json-file --log-opt max-size=10M --log-opt max-file=3 --insecure-registry harborone.ultraapp.com --add-registry harborone.ultraapp.com"
openshift_hosted_metrics_public_url=https://hawkular-metrics.apps.develop.com/hawkular/metrics
openshift_master_default_subdomain=apps.develop.com


openshift_hosted_router_selector='infra=true'


openshift_hosted_registry_selector='infra=true'


openshift_hosted_logging_deploy=true #部署日誌
openshift_logging_image_prefix=harborone.ultraapp.com/openshift3/
openshift_logging_image_version=v3.7
openshift_logging_public_master_url=harborone.ultraapp.com


openshift_metrics_install_metrics=true #部署監控
openshift_hosted_metrics_deploy=true
openshift_metrics_image_prefix=harborone.ultraapp.com/openshift3/
openshift_metrics_image_version=v3.7


# host group for masters
[masters]
master1.develop.com
master2.develop.com
master3.develop.com


[lb]
node3.develop.com


[etcd]
master1.develop.com
master2.develop.com
master3.develop.com


# host group for nodes, includes region info
[nodes]
master1.develop.com
master2.develop.com
master3.develop.com

node1.develop.com openshift_node_labels="{'region': 'primary', 'zone': 'node1', 'infra': 'true'}"
node2.develop.com openshift_node_labels="{'region': 'primary', 'zone': 'node2'}"
node3.develop.com openshift_node_labels="{'region': 'primary', 'zone': 'node3'}"