1.准備工作
(1)vmware 版本 :win10環境下選擇VMware-workstation-full-10.0.0-1295980;12 14均有報錯沒有找到解決辦法;
(2)鏡像版本:CentOS-7-x86_64-DVD-1810.iso
(3)安裝vmwaretool:
安裝中的各種問題詳見(如果不需要共享文件可以不裝)
https://www.cnblogs.com/chen1970/p/11076424.html
https://www.cnblogs.com/jiu0821/p/5946062.html
(4)vmware網絡配置
在vmware中設置NAT模式並在虛機中配置網卡;如果設置BOOTPROTO=dhcp會自動生成ip
# vi /etc/sysconfig/network-scripts/ifcfg-ens33 TYPE=Ethernet PROXY_METHOD=none BROWSER_ONLY=no BOOTPROTO=none DEFROUTE=yes IPV4_FAILURE_FATAL=no IPV6INIT=yes IPV6_AUTOCONF=yes IPV6_DEFROUTE=yes IPV6_FAILURE_FATAL=no IPV6_ADDR_GEN_MODE=stable-privacy NAME=ens33 UUID=38d6bc1a-f362-4021-b890-db144b32d8fd DEVICE=ens33 ONBOOT=yes IPADDR=192.168.75.10 NETMASK=255.255.255.0 GATEWAY=192.168.75.2
DNS1=192.168.75.2
參考:https://blog.csdn.net/lkpklpk/article/details/81148906
2.安裝步驟:
(1)各節點配置/etc/hosts
192.168.75.180 node01.okd.com 192.168.75.10 master01.okd.com 192.168.75.10 okd.mcg.com
(2)設置主機名與互信
hostnamectl set-hostname master01.okd.com ··· ssh-keygen ssh-copy-id $host
(3)配置yum源
#把原來的yum建議都刪掉使用aliyun wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo 如下: [root@master01 ~]# cd /etc/yum.repos.d/ [root@master01 yum.repos.d]# ls CentOS-Base.repo epel.repo okd-ali.repo [root@master01 yum.repos.d]# cat okd-ali.repo [centos-openshift-origin311] name=Aliyun CentOS OpenShift Origin baseurl=http://mirrors.aliyun.com/centos/7/paas/x86_64/openshift-origin311/ enabled=1 gpgcheck=0 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-PaaS [centos-openshift-origin311-source] name=CentOS OpenShift Origin Source baseurl=http://vault.centos.org/centos/7/paas/Source/openshift-origin311/ enabled=0 gpgcheck=0 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-PaaS
yum clean all && yum makecache
(4)基礎包安裝
yum install wget git net-tools bind-utils yum-utils iptables-services bridge-utils bash-completion kexec-tools sos psacct ansible pyOpenSSL
(5)docker與docker-storage-setup,這里使用overlay2
yum install docker-1.13.1 cat <<EOF > /etc/sysconfig/docker-storage-setup STORAGE_DRIVER=overlay2 EOF
docker-storage-setup
#使用已經存在的vg
#cat <<EOF > /etc/sysconfig/docker-storage-setup
#VG=docker-vg
#EOF
systemctl restart docker
systemctl status docker
#配置鏡像加速
mkdir -p /etc/docker
tee /etc/docker/daemon.json <<-'EOF'
{
"registry-mirrors": ["https://t65g57p1.mirror.aliyuncs.com"]
}
EOF
(6)下載ansible-playbook
# git clone https://github.com/openshift/openshift-ansible # cd openshift-ansible # git checkout release-3.11
或者:
wget -O ocp-ansible.tar.gz https://codeload.github.com/openshift/openshift-ansible/tar.gz/openshift-ansible-3.11.170-1
cd /usr/share/ansible && tar -zxf ocp-ansible.tar.gz
mv openshift-ansible-openshift-ansible-3.11.170-1/ openshift-ansible
(7)配置ansible hosts
[root@master01 yum.repos.d]# cat /etc/ansible/hosts
[OSEv3:children]
masters
nodes
etcd
# Set variables common for all OSEv3 hosts
[OSEv3:vars]
# SSH user, this user should allow ssh based auth without requiring a password
ansible_ssh_user=root
# If ansible_ssh_user is not root, ansible_become must be set to true
#ansible_become=true
openshift_disable_check=disk_availability,docker_storage,memory_availability,docker_image_availability
openshift_deployment_type=origin
# uncomment the following to enable htpasswd authentication; defaults to AllowAllPasswordIdentityProvider#
#openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', 'challenge': 'true', 'kind': 'HTPasswdPasswordIdentityProvider'}]
openshift_node_groups=[{'name': 'node-config-master', 'labels': ['node-role.kubernetes.io/master=true','node-role.kubernetes.io/infra=true']}, {'name': 'node-config-compute', 'labels': ['node-role.kubernetes.io/compute=true']}]
openshift_master_cluster_hostname=okd.mcg.com
openshift_master_cluster_public_hostname=okd.mcg.com
# host group for masters
[masters]
master01.okd.com
# host group for etcd
[etcd]
master01.okd.com
# host group for nodes, includes region info
[nodes]
master01.okd.com openshift_node_group_name='node-config-master'
node01.okd.com openshift_node_group_name='node-config-compute'
(8) 執行安裝
cd /usr/share/ansible/openshift-ansible ansible-playbook playbooks/prerequisites.yml #檢查 ansible-playbook playbooks/deploy_cluster.yml #安裝 ansible-playbook openshift-ansible/playbooks/adhoc/uninstall.yml #卸載
如果有報錯可以分步驟retry
詳情:https://docs.okd.io/latest/install/running_install.html#advanced-retrying-installation
3.安裝常見問題:
(1)ansible playbook執行過程中controllers容器啟動一直重試:
由於controller容器的啟動賴於另外兩個容器的啟動,通過docker logs 相關容器查看etcd 以及api日志,看其中的報錯;我這次安裝時由於網卡的dhcp模式導致ip出現問題。
(2)這一步特別慢:
去相應的節點手動執行ps -ef |grep yum 中的命令,安裝origin-node.service
(3)node節點添加失敗:出現csr問題Approve node certificates when bootstrapping
第一的問題是node01 節點訪問不了外網了,安裝完再卸載后dns可能發生的變化可以通過修改/etc/resolv.conf解決;
csr節點證書問題:
systemctl status origin-node #看節點報錯信息 oc adm certificate approve xxx #批准相關證書
(4)node節點/etc/cni/net.d/中的文件找不到
將主節點的文件傳過去:
scp 80-openshift-network.conf node01.okd.com:/etc/cni/net.d/80-openshift-network.conf
(5)no route to host
首先關閉node節點與master節點的firewalld 服務,再看iptables下有沒有禁用相關規則。