第1步:先更新操作系统
yum -y upgrade
第2步:确认操作系统版本号
cat /etc/redhat-release
或
uname -r
第3步: 查看主机hosts文件配置
cat /etc/hosts
第4步:查看网络配置
ifconfig
第5步:查看主机域名
hostname
第6步:关闭防火墙
systemctl stop firewall
第7步:禁用防火墙
systemctl disable firewalld
第8步:查看 防火墙状态
systemctl status firewalld
第9步:安装必备软件
yum -y install docker git wget net-tools bind-utils iptables-services bridge-utils bash-completion kexec-tools sos psacct
第10步:安装ansible
yum -y install ansible
出现异常:Error downloading packages:
python-httplib2-0.9.2-1.el7.noarch: [Errno 256] No more mirrors to try.
由于:ansible一般在epel源中提供,需重新配置epel源,以解决以上问题
第11步:下载epel源
wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
第12步:重新更新yum源
yum clean all
yum makecache
第13步:重新安装ansible
yum install -y ansible
安装libselinux-python
yum install -y libselinux-python
第14步:重启docker
service docker restart
出现以下异常:
Redirecting to /bin/systemctl restart docker.service
Job for docker.service failed because the control process exited with error code. See "systemctl status docker.service" and "journalctl -xe" for details.
第15步:查看异常详细信息:
systemctl status docker.service
docker.service - Docker Application Container Engine
Loaded: loaded (/usr/lib/systemd/system/docker.service; disabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Sat 2020-02-22 10:49:43 EST; 10s ago
Docs: http://docs.docker.com
Process: 7676 ExecStart=/usr/bin/dockerd-current --add-runtime docker-runc=/usr/libexec/docker/docker-runc-current --default-runtime=docker-runc --exec-opt native.cgroupdriver=systemd --userland-proxy-path=/usr/libexec/docker/docker-proxy-current --init-path=/usr/libexec/docker/docker-init-current --seccomp-profile=/etc/docker/seccomp.json $OPTIONS $DOCKER_STORAGE_OPTIONS $DOCKER_NETWORK_OPTIONS $ADD_REGISTRY $BLOCK_REGISTRY $INSECURE_REGISTRY $REGISTRIES (code=exited, status=1/FAILURE)
Main PID: 7676 (code=exited, status=1/FAILURE)
Feb 22 10:49:41 master.example.com systemd[1]: Starting Docker Application Container Engine...
Feb 22 10:49:41 master.example.com dockerd-current[7676]: time="2020-02-22T10:49:41.960043307-05:00" level=warning msg="could not change group /var/run/...t found"
Feb 22 10:49:41 master.example.com dockerd-current[7676]: time="2020-02-22T10:49:41.962429609-05:00" level=info msg="libcontainerd: new containerd proce...d: 7684"
Feb 22 10:49:42 master.example.com dockerd-current[7676]: time="2020-02-22T10:49:42.982704970-05:00" level=warning msg="overlay2: the backing xfs filesystem is ...
Feb 22 10:49:43 master.example.com dockerd-current[7676]: Error starting daemon: SELinux is not supported with the overlay2 graph driver on this kernel....d=false)
Feb 22 10:49:43 master.example.com systemd[1]: docker.service: main process exited, code=exited, status=1/FAILURE
Feb 22 10:49:43 master.example.com systemd[1]: Failed to start Docker Application Container Engine.
Feb 22 10:49:43 master.example.com systemd[1]: Unit docker.service entered failed state.
Feb 22 10:49:43 master.example.com systemd[1]: docker.service failed.
Hint: Some lines were ellipsized, use -l to show in full.
第16步修改/etc/sysconfig/docker文件,把 selinux-enable设置为false
vi /etc/sysconfig/docker
# Modify these options if you want to change the way the docker daemon runs
OPTIONS='--selinux-enabled=false --log-driver=journald --signature-verification=false'
if [ -z "${DOCKER_CERT_PATH}" ]; then
DOCKER_CERT_PATH=/etc/docker
fi
# Do not add registries in this file anymore. Use /etc/containers/registries.conf
# instead. For more information reference the registries.conf(5) man page.
# Location used for temporary files, such as those created by
# docker load and build operations. Default is /var/lib/docker/tmp
# Can be overriden by setting the following environment variable.
# DOCKER_TMPDIR=/var/tmp
# Controls the /etc/cron.daily/docker-logrotate cron job status.
# To disable, uncomment the line below.
# LOGROTATE=false
# docker-latest daemon can be used by starting the docker-latest unitfile.
# To use docker-latest client, uncomment below lines
#DOCKERBINARY=/usr/bin/docker-latest
#DOCKERDBINARY=/usr/bin/dockerd-latest
#DOCKER_CONTAINERD_BINARY=/usr/bin/docker-containerd-latest
#DOCKER_CONTAINERD_SHIM_BINARY=/usr/bin/docker-containerd-shim-latest
第17步,重启docker,解决以上问题
service docker restart
第18步,查看docker 版本号
docker --version
第19步:,生成ssh密钥
ssh-keygen -f ~/.ssh/id_rsa -N ''
第20步:分发ssh公钥到主机上
for host in master.example.com; do ssh-copy-id -i ~/.ssh/id_rsa.pub $host; done
出现异常:
/usr/bin/ssh-copy-id: ERROR: ssh: Could not resolve hostname master.example.com: Name or service not known
第21步:修改/etc/hosts文件,添加域名master.example.com配置
vi /etc/hosts
第22步:重新执行分发ssh公钥到主机上的脚步
for host in master.example.com; do ssh-copy-id -i ~/.ssh/id_rsa.pub $host; done
第23步: 把openshift离线镜像包以及几个相关文件下载到本地电脑。
需要下载的文件如下:
images.tar:openshift3.11版本离线镜像包
docker.images.sh:导入离线镜像包的脚本文件
hosts: ansible的hosts文件
下载地址链接:https://pan.baidu.com/s/1UCCy6EdhdRNDuIy1LDtILg
提取码:jxy1
第24步:使用rz命令 上传openshift v3.11镜像包到服务器上 /home/openshift_v311目录上(先提前通过mkdir命令建好此目录)
使用rz命令前,先使用安装相关软件包
第25步,安装lrzsz软件包,这样就可以使用rz命令上传文件啦
yum install -y lrzsz
第26步:解压images.tar文件,并修改当前文件所在目录权限
先解压文件
tar -zxvf images.tar
再修改当前文件所在目录权限
chmod -R 777 .
第27步: 导入离线镜像到docker本地镜像库中
./docker.images.sh load-images
第28步:查看镜像是否已经导入成功
docker images
第29步:克隆 ansible-openshift 项目库,分支选择3.11
git clone https://github.com/openshift/openshift-ansible /home/openshift-ansible
第30步:查看ansible-openshift库的v3.11版本的分支名,并检查出该分支
查看所有分支
git branch -a
检查分支v3.11分支
git checkout -b v3.11 remotes/origin/release-3.11
第31步:进入/etc/yum.repod.d目录
cd /etc/yum.repos.d
第32步:通过rz命令上传all.repo yum源文件
all.repo文件内容如下:
[centos-openshift-origin311]
name=CentOS OpenShift Origin
baseurl=http://buildlogs.centos.org/centos/7/paas/x86_64/openshift-origin311/
enabled=1
gpgcheck=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-PaaS
[centos-openshift-origin311-testing]
name=CentOS OpenShift Origin Testing
baseurl=http://buildlogs.centos.org/centos/7/paas/x86_64/openshift-origin311/
enabled=0
gpgcheck=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-PaaS
[centos-openshift-origin311-debuginfo]
name=CentOS OpenShift Origin DebugInfo
baseurl=http://debuginfo.centos.org/centos/7/paas/x86_64/
enabled=0
gpgcheck=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-PaaS
第33步: 重建yum源
yum clean all && yum makecache
第34步:通过rz -y 上传 ansible的hosts文件到/etc/ansible/ 目录下
hosts文件内容如下:
# Create an OSEv3 group that contains the masters, nodes, and etcd groups
[OSEv3:children]
masters
nodes
etcd
# Set variables common for all OSEv3 hosts
[OSEv3:vars]
# SSH user, this user should allow ssh based auth without requiring a password
ansible_ssh_user=root
# If ansible_ssh_user is not root, ansible_become must be set to true
#ansible_become=true
openshift_deployment_type=origin
# uncomment the following to enable htpasswd authentication; defaults to AllowAllPasswordIdentityProvider
openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', 'challenge': 'true', 'kind': 'HTPasswdPasswordIdentityProvider'}]
openshift_disable_check=memory_availability,disk_availability,docker_image_availability,docker_storage
# host group for masters
[masters]
master.example.com
# host group for etcd
[etcd]
master.example.com
# host group for nodes, includes region info
[nodes]
#master.example.com openshift_node_group_name='node-config-master'
master.example.com openshift_node_group_name='node-config-all-in-one'
#node1.example.com openshift_node_group_name='node-config-compute'
#node2.example.com openshift_node_group_name='node-config-compute'
第35步,通过ansible-playbook命令,执行命令检查
ansible-playbook -i /etc/ansible/hosts /home/openshift-ansible/playbooks/prerequisites.yml
第36步,通过ansible-playybook命令,执行命令安装
ansible-playbook -i /etc/ansible/hosts /home/openshift-ansible/playbooks/deploy_cluster.yml
第37步:安装httpd软件包
yum install -y httpd
第38步:使用htpasswd命令创建用户名和密码
htpasswd -cb /home/openshift_password/admin_password admin admin
第39步:将admin用户授权为集群管理员角色
oc adm policy add-cluster-role-to-user cluster-admin admin
第40步:查看node节点
oc get nodes
第41步:另外一台机器,修改hosts文件(我的电脑是windows操作系统)
在windows下修改hosts文件,加入
192.168.10.102 master.example.com
第42步:访问浏览器,登录openshift-webcosole
https://master.example.com:8443
使用刚刚创建的用户密码 admin/admin 登录。