安装openshift v3.11版本全程记录

成伟平2022

已于 2022-04-21 23:37:18 修改

阅读量2.7k

点赞数 1

CC 4.0 BY-SA版权

分类专栏： openshift 文章标签： linux openshift 运维

于 2020-02-23 01:15:42 首次发布

本文链接：https://blog.youkuaiyun.com/pingweicheng/article/details/104452303

openshift 专栏收录该内容

6 篇文章

订阅专栏

本教程详细介绍了在Linux环境下部署OpenShift v3.11版本的全过程，包括系统准备、软件安装、镜像导入、Ansible配置及集群安装等关键步骤。

摘要生成于 C知道，由 DeepSeek-R1 满血版支持，前往体验 >

第1步：先更新操作系统

yum -y upgrade

第2步：确认操作系统版本号

cat /etc/redhat-release

或

uname -r

第3步：查看主机hosts文件配置

cat /etc/hosts

第4步：查看网络配置

ifconfig

第5步：查看主机域名

hostname

第6步：关闭防火墙

systemctl stop firewall

第7步：禁用防火墙

systemctl disable firewalld

第8步：查看防火墙状态

systemctl status firewalld

第9步：安装必备软件

yum -y install docker git wget net-tools bind-utils iptables-services bridge-utils bash-completion kexec-tools sos psacct

第10步：安装ansible

yum -y install ansible

出现异常：Error downloading packages:
python-httplib2-0.9.2-1.el7.noarch: [Errno 256] No more mirrors to try.

由于：ansible一般在epel源中提供，需重新配置epel源，以解决以上问题

第11步：下载epel源

wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo

第12步：重新更新yum源

yum clean all

yum makecache

第13步：重新安装ansible

yum install -y ansible

安装libselinux-python

yum install -y  libselinux-python

第14步：重启docker

 service docker restart

出现以下异常：

Redirecting to /bin/systemctl restart docker.service
Job for docker.service failed because the control process exited with error code. See "systemctl status docker.service" and "journalctl -xe" for details.

第15步：查看异常详细信息：

systemctl status docker.service

docker.service - Docker Application Container Engine
Loaded: loaded (/usr/lib/systemd/system/docker.service; disabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Sat 2020-02-22 10:49:43 EST; 10s ago
Docs: http://docs.docker.com
Process: 7676 ExecStart=/usr/bin/dockerd-current --add-runtime docker-runc=/usr/libexec/docker/docker-runc-current --default-runtime=docker-runc --exec-opt native.cgroupdriver=systemd --userland-proxy-path=/usr/libexec/docker/docker-proxy-current --init-path=/usr/libexec/docker/docker-init-current --seccomp-profile=/etc/docker/seccomp.json $OPTIONS $DOCKER_STORAGE_OPTIONS $DOCKER_NETWORK_OPTIONS $ADD_REGISTRY $BLOCK_REGISTRY $INSECURE_REGISTRY $REGISTRIES (code=exited, status=1/FAILURE)
Main PID: 7676 (code=exited, status=1/FAILURE)

Feb 22 10:49:41 master.example.com systemd[1]: Starting Docker Application Container Engine...
Feb 22 10:49:41 master.example.com dockerd-current[7676]: time="2020-02-22T10:49:41.960043307-05:00" level=warning msg="could not change group /var/run/...t found"
Feb 22 10:49:41 master.example.com dockerd-current[7676]: time="2020-02-22T10:49:41.962429609-05:00" level=info msg="libcontainerd: new containerd proce...d: 7684"
Feb 22 10:49:42 master.example.com dockerd-current[7676]: time="2020-02-22T10:49:42.982704970-05:00" level=warning msg="overlay2: the backing xfs filesystem is ...
Feb 22 10:49:43 master.example.com dockerd-current[7676]: Error starting daemon: SELinux is not supported with the overlay2 graph driver on this kernel....d=false)
Feb 22 10:49:43 master.example.com systemd[1]: docker.service: main process exited, code=exited, status=1/FAILURE
Feb 22 10:49:43 master.example.com systemd[1]: Failed to start Docker Application Container Engine.
Feb 22 10:49:43 master.example.com systemd[1]: Unit docker.service entered failed state.
Feb 22 10:49:43 master.example.com systemd[1]: docker.service failed.
Hint: Some lines were ellipsized, use -l to show in full.

第16步修改/etc/sysconfig/docker文件，把 selinux-enable设置为false

vi  /etc/sysconfig/docker

# Modify these options if you want to change the way the docker daemon runs
OPTIONS='--selinux-enabled=false --log-driver=journald --signature-verification=false'
if [ -z "${DOCKER_CERT_PATH}" ]; then
DOCKER_CERT_PATH=/etc/docker
fi

# Do not add registries in this file anymore. Use /etc/containers/registries.conf
# instead. For more information reference the registries.conf(5) man page.

# Location used for temporary files, such as those created by
# docker load and build operations. Default is /var/lib/docker/tmp
# Can be overriden by setting the following environment variable.
# DOCKER_TMPDIR=/var/tmp

# Controls the /etc/cron.daily/docker-logrotate cron job status.
# To disable, uncomment the line below.
# LOGROTATE=false

# docker-latest daemon can be used by starting the docker-latest unitfile.
# To use docker-latest client, uncomment below lines
#DOCKERBINARY=/usr/bin/docker-latest
#DOCKERDBINARY=/usr/bin/dockerd-latest
#DOCKER_CONTAINERD_BINARY=/usr/bin/docker-containerd-latest
#DOCKER_CONTAINERD_SHIM_BINARY=/usr/bin/docker-containerd-shim-latest

第17步，重启docker，解决以上问题

service docker restart

第18步，查看docker 版本号

docker --version

第19步：，生成ssh密钥

ssh-keygen -f ~/.ssh/id_rsa -N ''

第20步：分发ssh公钥到主机上

for host in master.example.com; do ssh-copy-id -i  ~/.ssh/id_rsa.pub $host; done

出现异常：

/usr/bin/ssh-copy-id: ERROR: ssh: Could not resolve hostname master.example.com: Name or service not known

第21步：修改/etc/hosts文件，添加域名master.example.com配置

vi /etc/hosts

第22步：重新执行分发ssh公钥到主机上的脚步

for host in master.example.com; do ssh-copy-id -i  ~/.ssh/id_rsa.pub $host; done

第23步: 把openshift离线镜像包以及几个相关文件下载到本地电脑。

需要下载的文件如下：

images.tar：openshift3.11版本离线镜像包

docker.images.sh：导入离线镜像包的脚本文件

hosts: ansible的hosts文件

下载地址链接：https://pan.baidu.com/s/1UCCy6EdhdRNDuIy1LDtILg
提取码：jxy1

第24步：使用rz命令上传openshift v3.11镜像包到服务器上 /home/openshift_v311目录上（先提前通过mkdir命令建好此目录）

使用rz命令前，先使用安装相关软件包

第25步，安装lrzsz软件包，这样就可以使用rz命令上传文件啦

yum install -y lrzsz

第26步：解压images.tar文件，并修改当前文件所在目录权限

先解压文件

tar -zxvf images.tar

再修改当前文件所在目录权限

 chmod -R 777 .

第27步: 导入离线镜像到docker本地镜像库中

./docker.images.sh load-images

第28步：查看镜像是否已经导入成功

docker images

第29步：克隆 ansible-openshift 项目库，分支选择3.11

git clone https://github.com/openshift/openshift-ansible /home/openshift-ansible

第30步：查看ansible-openshift库的v3.11版本的分支名，并检查出该分支

查看所有分支

git branch -a

检查分支v3.11分支

git checkout -b v3.11 remotes/origin/release-3.11

第31步：进入/etc/yum.repod.d目录

cd /etc/yum.repos.d

第32步：通过rz命令上传all.repo yum源文件

all.repo文件内容如下：

[centos-openshift-origin311]
name=CentOS OpenShift Origin
baseurl=http://buildlogs.centos.org/centos/7/paas/x86_64/openshift-origin311/
enabled=1
gpgcheck=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-PaaS

[centos-openshift-origin311-testing]
name=CentOS OpenShift Origin Testing
baseurl=http://buildlogs.centos.org/centos/7/paas/x86_64/openshift-origin311/
enabled=0
gpgcheck=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-PaaS

[centos-openshift-origin311-debuginfo]
name=CentOS OpenShift Origin DebugInfo
baseurl=http://debuginfo.centos.org/centos/7/paas/x86_64/
enabled=0
gpgcheck=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-PaaS

第33步: 重建yum源

yum clean all && yum makecache

第34步：通过rz -y 上传 ansible的hosts文件到/etc/ansible/ 目录下

hosts文件内容如下：

# Create an OSEv3 group that contains the masters, nodes, and etcd groups
[OSEv3:children]
masters
nodes
etcd

# Set variables common for all OSEv3 hosts
[OSEv3:vars]
# SSH user, this user should allow ssh based auth without requiring a password
ansible_ssh_user=root


# If ansible_ssh_user is not root, ansible_become must be set to true
#ansible_become=true

openshift_deployment_type=origin

# uncomment the following to enable htpasswd authentication; defaults to AllowAllPasswordIdentityProvider
openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', 'challenge': 'true', 'kind': 'HTPasswdPasswordIdentityProvider'}]
openshift_disable_check=memory_availability,disk_availability,docker_image_availability,docker_storage

# host group for masters
[masters]
master.example.com

# host group for etcd
[etcd]
master.example.com

# host group for nodes, includes region info
[nodes]
#master.example.com openshift_node_group_name='node-config-master'
master.example.com openshift_node_group_name='node-config-all-in-one'
#node1.example.com openshift_node_group_name='node-config-compute'
#node2.example.com openshift_node_group_name='node-config-compute'

第35步，通过ansible-playbook命令，执行命令检查

ansible-playbook -i /etc/ansible/hosts /home/openshift-ansible/playbooks/prerequisites.yml

第36步，通过ansible-playybook命令，执行命令安装

ansible-playbook -i /etc/ansible/hosts /home/openshift-ansible/playbooks/deploy_cluster.yml

第37步：安装httpd软件包

yum install -y httpd

第38步：使用htpasswd命令创建用户名和密码

htpasswd -cb /home/openshift_password/admin_password admin admin

第39步：将admin用户授权为集群管理员角色

oc adm policy add-cluster-role-to-user cluster-admin admin

第40步：查看node节点

oc get nodes

第41步：另外一台机器，修改hosts文件（我的电脑是windows操作系统）

在windows下修改hosts文件，加入

192.168.10.102 master.example.com

第42步：访问浏览器，登录openshift-webcosole

https://master.example.com:8443

使用刚刚创建的用户密码 admin/admin 登录。