第1步:先更新操作系統
yum -y upgrade
第2步:確認操作系統版本號
cat /etc/redhat-release
或
uname -r
第3步: 查看主機hosts文件配置
cat /etc/hosts
第4步:查看網絡配置
ifconfig
第5步:查看主機域名
hostname
第6步:關閉防火牆
systemctl stop firewall
第7步:禁用防火牆
systemctl disable firewalld
第8步:查看 防火牆狀態
systemctl status firewalld
第9步:安裝必備軟件
yum -y install docker git wget net-tools bind-utils iptables-services bridge-utils bash-completion kexec-tools sos psacct
第10步:安裝ansible
yum -y install ansible
出現異常:Error downloading packages:
python-httplib2-0.9.2-1.el7.noarch: [Errno 256] No more mirrors to try.
由於:ansible一般在epel源中提供,需重新配置epel源,以解決以上問題
第11步:下載epel源
wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
第12步:重新更新yum源
yum clean all
yum makecache
第13步:重新安裝ansible
yum install -y ansible
安裝libselinux-python
yum install -y libselinux-python
第14步:重啓docker
service docker restart
出現以下異常:
Redirecting to /bin/systemctl restart docker.service
Job for docker.service failed because the control process exited with error code. See "systemctl status docker.service" and "journalctl -xe" for details.
第15步:查看異常詳細信息:
systemctl status docker.service
docker.service - Docker Application Container Engine
Loaded: loaded (/usr/lib/systemd/system/docker.service; disabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Sat 2020-02-22 10:49:43 EST; 10s ago
Docs: http://docs.docker.com
Process: 7676 ExecStart=/usr/bin/dockerd-current --add-runtime docker-runc=/usr/libexec/docker/docker-runc-current --default-runtime=docker-runc --exec-opt native.cgroupdriver=systemd --userland-proxy-path=/usr/libexec/docker/docker-proxy-current --init-path=/usr/libexec/docker/docker-init-current --seccomp-profile=/etc/docker/seccomp.json $OPTIONS $DOCKER_STORAGE_OPTIONS $DOCKER_NETWORK_OPTIONS $ADD_REGISTRY $BLOCK_REGISTRY $INSECURE_REGISTRY $REGISTRIES (code=exited, status=1/FAILURE)
Main PID: 7676 (code=exited, status=1/FAILURE)
Feb 22 10:49:41 master.example.com systemd[1]: Starting Docker Application Container Engine...
Feb 22 10:49:41 master.example.com dockerd-current[7676]: time="2020-02-22T10:49:41.960043307-05:00" level=warning msg="could not change group /var/run/...t found"
Feb 22 10:49:41 master.example.com dockerd-current[7676]: time="2020-02-22T10:49:41.962429609-05:00" level=info msg="libcontainerd: new containerd proce...d: 7684"
Feb 22 10:49:42 master.example.com dockerd-current[7676]: time="2020-02-22T10:49:42.982704970-05:00" level=warning msg="overlay2: the backing xfs filesystem is ...
Feb 22 10:49:43 master.example.com dockerd-current[7676]: Error starting daemon: SELinux is not supported with the overlay2 graph driver on this kernel....d=false)
Feb 22 10:49:43 master.example.com systemd[1]: docker.service: main process exited, code=exited, status=1/FAILURE
Feb 22 10:49:43 master.example.com systemd[1]: Failed to start Docker Application Container Engine.
Feb 22 10:49:43 master.example.com systemd[1]: Unit docker.service entered failed state.
Feb 22 10:49:43 master.example.com systemd[1]: docker.service failed.
Hint: Some lines were ellipsized, use -l to show in full.
第16步修改/etc/sysconfig/docker文件,把 selinux-enable設置爲false
vi /etc/sysconfig/docker
# Modify these options if you want to change the way the docker daemon runs
OPTIONS='--selinux-enabled=false --log-driver=journald --signature-verification=false'
if [ -z "${DOCKER_CERT_PATH}" ]; then
DOCKER_CERT_PATH=/etc/docker
fi
# Do not add registries in this file anymore. Use /etc/containers/registries.conf
# instead. For more information reference the registries.conf(5) man page.
# Location used for temporary files, such as those created by
# docker load and build operations. Default is /var/lib/docker/tmp
# Can be overriden by setting the following environment variable.
# DOCKER_TMPDIR=/var/tmp
# Controls the /etc/cron.daily/docker-logrotate cron job status.
# To disable, uncomment the line below.
# LOGROTATE=false
# docker-latest daemon can be used by starting the docker-latest unitfile.
# To use docker-latest client, uncomment below lines
#DOCKERBINARY=/usr/bin/docker-latest
#DOCKERDBINARY=/usr/bin/dockerd-latest
#DOCKER_CONTAINERD_BINARY=/usr/bin/docker-containerd-latest
#DOCKER_CONTAINERD_SHIM_BINARY=/usr/bin/docker-containerd-shim-latest
第17步,重啓docker,解決以上問題
service docker restart
第18步,查看docker 版本號
docker --version
第19步:,生成ssh密鑰
ssh-keygen -f ~/.ssh/id_rsa -N ''
第20步:分發ssh公鑰到主機上
for host in master.example.com; do ssh-copy-id -i ~/.ssh/id_rsa.pub $host; done
出現異常:
/usr/bin/ssh-copy-id: ERROR: ssh: Could not resolve hostname master.example.com: Name or service not known
第21步:修改/etc/hosts文件,添加域名master.example.com配置
vi /etc/hosts
第22步:重新執行分發ssh公鑰到主機上的腳步
for host in master.example.com; do ssh-copy-id -i ~/.ssh/id_rsa.pub $host; done
第23步: 把openshift離線鏡像包以及幾個相關文件下載到本地電腦。
需要下載的文件如下:
images.tar:openshift3.11版本離線鏡像包
docker.images.sh:導入離線鏡像包的腳本文件
hosts: ansible的hosts文件
下載地址鏈接:https://pan.baidu.com/s/1UCCy6EdhdRNDuIy1LDtILg
提取碼:jxy1
第24步:使用rz命令 上傳openshift v3.11鏡像包到服務器上 /home/openshift_v311目錄上(先提前通過mkdir命令建好此目錄)
使用rz命令前,先使用安裝相關軟件包
第25步,安裝lrzsz軟件包,這樣就可以使用rz命令上傳文件啦
yum install -y lrzsz
第26步:解壓images.tar文件,並修改當前文件所在目錄權限
先解壓文件
tar -zxvf images.tar
再修改當前文件所在目錄權限
chmod -R 777 .
第27步: 導入離線鏡像到docker本地鏡像庫中
./docker.images.sh load-images
第28步:查看鏡像是否已經導入成功
docker images
第29步:克隆 ansible-openshift 項目庫,分支選擇3.11
git clone https://github.com/openshift/openshift-ansible /home/openshift-ansible
第30步:查看ansible-openshift庫的v3.11版本的分支名,並檢查出該分支
查看所有分支
git branch -a
檢查分支v3.11分支
git checkout -b v3.11 remotes/origin/release-3.11
第31步:進入/etc/yum.repod.d目錄
cd /etc/yum.repos.d
第32步:通過rz命令上傳all.repo yum源文件
all.repo文件內容如下:
[centos-openshift-origin311]
name=CentOS OpenShift Origin
baseurl=http://buildlogs.centos.org/centos/7/paas/x86_64/openshift-origin311/
enabled=1
gpgcheck=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-PaaS
[centos-openshift-origin311-testing]
name=CentOS OpenShift Origin Testing
baseurl=http://buildlogs.centos.org/centos/7/paas/x86_64/openshift-origin311/
enabled=0
gpgcheck=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-PaaS
[centos-openshift-origin311-debuginfo]
name=CentOS OpenShift Origin DebugInfo
baseurl=http://debuginfo.centos.org/centos/7/paas/x86_64/
enabled=0
gpgcheck=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-PaaS
第33步: 重建yum源
yum clean all && yum makecache
第34步:通過rz -y 上傳 ansible的hosts文件到/etc/ansible/ 目錄下
hosts文件內容如下:
# Create an OSEv3 group that contains the masters, nodes, and etcd groups
[OSEv3:children]
masters
nodes
etcd
# Set variables common for all OSEv3 hosts
[OSEv3:vars]
# SSH user, this user should allow ssh based auth without requiring a password
ansible_ssh_user=root
# If ansible_ssh_user is not root, ansible_become must be set to true
#ansible_become=true
openshift_deployment_type=origin
# uncomment the following to enable htpasswd authentication; defaults to AllowAllPasswordIdentityProvider
openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', 'challenge': 'true', 'kind': 'HTPasswdPasswordIdentityProvider'}]
openshift_disable_check=memory_availability,disk_availability,docker_image_availability,docker_storage
# host group for masters
[masters]
master.example.com
# host group for etcd
[etcd]
master.example.com
# host group for nodes, includes region info
[nodes]
#master.example.com openshift_node_group_name='node-config-master'
master.example.com openshift_node_group_name='node-config-all-in-one'
#node1.example.com openshift_node_group_name='node-config-compute'
#node2.example.com openshift_node_group_name='node-config-compute'
第35步,通過ansible-playbook命令,執行命令檢查
ansible-playbook -i /etc/ansible/hosts /home/openshift-ansible/playbooks/prerequisites.yml
第36步,通過ansible-playybook命令,執行命令安裝
ansible-playbook -i /etc/ansible/hosts /home/openshift-ansible/playbooks/deploy_cluster.yml
第37步:安裝httpd軟件包
yum install -y httpd
第38步:使用htpasswd命令創建用戶名和密碼
htpasswd -cb /home/openshift_password/admin_password admin admin
第39步:將admin用戶授權爲集羣管理員角色
oc adm policy add-cluster-role-to-user cluster-admin admin
第40步:查看node節點
oc get nodes
第41步:另外一臺機器,修改hosts文件(我的電腦是windows操作系統)
在windows下修改hosts文件,加入
192.168.10.102 master.example.com
第42步:訪問瀏覽器,登錄openshift-webcosole
https://master.example.com:8443
使用剛剛創建的用戶密碼 admin/admin 登錄。