金鱼哥RHCA回忆录:DO280OpenShift安装与部署--安装部署与验证
【摘要】 第二章 OpenShift安装与部署--安装部署与验证
🎹 个人简介:大家好,我是 金鱼哥,CSDN运维领域新星创作者,华为云·云享专家,阿里云社区·专家博主
📚个人资质:CCNA、HCNP、CSNA(网络分析师),软考初级、中级网络工程师、RHCSA、RHCE、RHCA、RHCI、ITIL😜
💬格言:努力不一定成功,但要想成功就必须努力🔥🎈支持我:可点赞👍、可收藏⭐️、可留言📝
📜安装部署OpenShift(课本练习)
📑1. 前置准备
[student@workstation ~]$ lab install-prepare setup
Setting up workstation for lab exercise work:
Downloading files for Workshop: Preparing for installation
Exercise has already been downloaded. Use cleanup if you want to start over.
• Setting up lab files:....................................... SUCCESS
[student@workstation ~]$ sudo yum install ansible
[student@workstation ~]$ cd /home/student/do280-ansible/
[student@workstation do280-ansible]$ ansible-playbook playbooks/prepare_install.yml #设置相关环境
[student@workstation do280-ansible]$ lab install-run setup
Setting up workstation for lab work:
Downloading files for GE: Running the Installer
• Downloading starter project................................. SUCCESS
• Downloading solution project................................ SUCCESS
Download successful.
Downloading additional artifacts for the lab:
• Downloading Ansible artifacts............................... SUCCESS
• Install 'crudini' if necessary.............................. SUCCESS
Setup successful.
[student@workstation do280-ansible]$ cd /home/student/DO280/labs/install-run/
📑2. 安装atomic
[student@workstation install-run]$ sudo yum install atomic-openshift-utils
提示:atomic-openshift-utils提供了安装OpenShift所需的Ansible playbook和role。
📑3. 创建Inventory
[student@workstation install-run]$ cp inventory.initial inventory
[student@workstation install-run]$ cat inventory
[workstations]
workstation.lab.example.com
[nfs]
services.lab.example.com
[masters]
master.lab.example.com
[etcd]
master.lab.example.com
[nodes]
master.lab.example.com
node1.lab.example.com
node2.lab.example.com
[OSEv3:children]
masters
etcd
nodes
nfs
#Variables needed by classroom host preparation playbooks.
[nodes:vars]
registry_local=registry.lab.example.com
use_overlay2_driver=true
insecure_registry=false
run_docker_offline=true
docker_storage_device=/dev/vdb
[student@workstation install-run]$ echo -e "\n[OSEv3:vars]" >> inventory
📑4. 配置相关安装版本
[student@workstation install-run]$ cat general_vars.txt
#General Cluster Variables
openshift_deployment_type=openshift-enterprise #配置为openshift-enterprise版本
openshift_release=v3.9 #配置版本为v3.9
openshift_image_tag=v3.9.14
openshift_disable_check=disk_availability,docker_storage,memory_availability #禁用check
📑5. 设置htpasswd认证
[student@workstation install-run]$ openssl passwd -apr1 redhat
$apr1$k0sF8BuD$HEutvhef0YNzwj8wyIRrc0
[student@workstation install-run]$ openssl passwd -apr1 redhat
$apr1$viJ4N3sq$Ue/MJNshmKzYoyD8MAUCU/
[student@workstation install-run]$ cat authentication_vars.txt
#Cluster Authentication Variables
openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', 'challenge': 'true', 'kind': 'HTPasswdPasswordIdentityProvider', 'filename': '/etc/origin/master/htpasswd'}]
openshift_master_htpasswd_users={'admin':'$apr1$k0sF8BuD$HEutvhef0YNzwj8wyIRrc0', 'developer':'$apr1$viJ4N3sq$Ue/MJNshmKzYoyD8MAUCU/'}
📑6. 配置集群网络
[student@workstation install-run]$ cat networking_vars.txt
#OpenShift Networking Variables
os_firewall_use_firewalld=true # 开启firewall防火墙
openshift_master_api_port=443 # 启用端口
openshift_master_console_port=443 # 启用控制端口
openshift_master_default_subdomain=apps.lab.example.com # 指定subdomain
📑7. 配置NFS
[student@workstation install-run]$ cat persistence_vars.txt
#NFS is an unsupported configuration
openshift_enable_unsupported_configurations=true
#OCR configuration variables
openshift_hosted_registry_storage_kind=nfs
openshift_hosted_registry_storage_access_modes=['ReadWriteMany']
openshift_hosted_registry_storage_nfs_directory=/exports
openshift_hosted_registry_storage_nfs_options='*(rw,root_squash)'
openshift_hosted_registry_storage_volume_name=registry
openshift_hosted_registry_storage_volume_size=40Gi
#OAB's etcd configuration variables
openshift_hosted_etcd_storage_kind=nfs
openshift_hosted_etcd_storage_access_modes=["ReadWriteOnce"]
openshift_hosted_etcd_storage_nfs_directory=/exports
openshift_hosted_etcd_storage_nfs_options="*(rw,root_squash,sync,no_wdelay)"
openshift_hosted_etcd_storage_volume_name=etcd-vol2
openshift_hosted_etcd_storage_volume_size=1G
openshift_hosted_etcd_storage_labels={'storage': 'etcd'}
📑8. 配置离线仓库
[student@workstation install-run]$ cat disconnected_vars.txt
#Modifications Needed for a Disconnected Install
oreg_url=registry.lab.example.com/openshift3/ose-${component}:${version} #添加内部仓库
openshift_examples_modify_imagestreams_var=true #修改IS
openshift_docker_additional_registries=registry.lab.example.com #内部仓库至docke配置
openshift_docker_blocked_registries=registry.access.redhat.com,docker.io #禁止外部官方仓库
#Image Prefixes
openshift_web_console_prefix=registry.lab.example.com/openshift3/ose-
openshift_cockpit_deployer_prefix='registry.lab.example.com/openshift3/'
openshift_service_catalog_image_prefix=registry.lab.example.com/openshift3/ose-
template_service_broker_prefix=registry.lab.example.com/openshift3/ose-
ansible_service_broker_image_prefix=registry.lab.example.com/openshift3/ose-
ansible_service_broker_etcd_image_prefix=registry.lab.example.com/rhel7/
📑9. 设置label
[student@workstation install-run]$ cat inventory
[nodes]
master.lab.example.com
node1.lab.example.com openshift_node_labels="{'region':'infra', 'node-role.kubernetes.io/compute':'true'}"
node2.lab.example.com openshift_node_labels="{'region':'infra', 'node-role.kubernetes.io/compute':'true'}"
📑10. 合并并校对Inventory
[student@workstation install-run]$ cat general_vars.txt networking_vars.txt authentication_vars.txt persistence_vars.txt disconnected_vars.txt >> inventory
[student@workstation install-run]$ lab install-run grade #本环境提供检查Inventory的脚本
• Checking openshift_examples_modify_imagestreams............. FAIL
1c1
< [ OSEv3:vars ] openshift_examples_modify_imagestreams = true
---
>
• The custom file does not match the original file.
• Please review the inventory file and update the necessary variables
若有错误按提示进行修改即可。
📑11. 执行安装剧本
[student@workstation install-run]$ ansible-playbook \
/usr/share/ansible/openshift-ansible/playbooks/prerequisites.yml #执行准备工作playbook
[student@workstation install-run]$ ansible-playbook \
/usr/share/ansible/openshift-ansible/playbooks/deploy_cluster.yml
整个部署log保存至本地目录的ansible.log中。
📜验证测试
📑1. 确认验证说明
要验证OpenShift安装,必须测试和验证所有OpenShift组件。仅仅从示例容器镜像启动pod是不够的,因为这并不使用OpenShift builders、deployer、router或内部registry。
建议通过以下方式完整验证OpenShift:
-
检查所有OpenShift节点状态;
-
检查相应的OpenShift registry和router的pod;
-
使用OpenShift从源代码构建一个应用程序,OpenShift从构建结果生成容器image,并从该镜像启动pod;
-
创建一个service,以便可以从内部容器网络和OpenShift节点访问应用程序;
-
创建一个route,以便可以从OpenShift集群外部的计算机访问应用程序。
安装完成后,OpenShift客户端可以使用oc,master节点可以使用oadm命令。master节点的root用户将被配置为云管理员的身份运行OpenShift客户机和管理员命令。
一些OpenShift内部服务,如内部仓库和router,默认情况下由安装程序配置。运行oc get nodes和oc get pods命令,以验证安装成功。
📑2. 登录测试
浏览器访问:https://master.lab.example.com
使用用户名和密码 admin/redhat 进行登录测试。
📑3. 验证OpenShift功能
[student@workstation ~]$ oc login -uadmin -predhat https://master.lab.example.com
The server uses a certificate signed by an unknown authority.
You can bypass the certificate check, but any data you send to the server could be intercepted by others.
Use insecure connections? (y/n): y
Login successful.
You don't have any projects. You can try to create a new project, by running
oc new-project <projectname>
Welcome! See 'oc help' to get started.
[student@workstation ~]$ oc whoami
admin
提示:账号权限需要单独授予,安装过程中创建的admin并没有集群的administration特权。
📑4. 授予权限
system:admin是唯一一个拥有集群administration权限的账户。master节点的root用户都为集群的system:admin用户。
[root@master ~]# oc whoami
system:admin
[root@master ~]# oc adm policy add-cluster-role-to-user cluster-admin admin
cluster role "cluster-admin" added: "admin"
cluster-admin角色权限非常高,允许管理用户销毁和修改集群资源,必须谨慎使用。
📑5. 查看节点状态
再次使用命令登录。
[student@workstation ~]$ oc login -uadmin -predhat https://master.lab.example.com
Login successful.
You have access to the following projects and can switch between them with 'oc project <projectname>':
* default
kube-public
kube-service-catalog
kube-system
logging
management-infra
openshift
openshift-ansible-service-broker
openshift-infra
openshift-node
openshift-template-service-broker
openshift-web-console
Using project "default".
[student@workstation ~]$ oc get nodes
NAME STATUS ROLES AGE VERSION
master.lab.example.com Ready master 3h v1.9.1+a0ce1bc657
node1.lab.example.com Ready compute 3h v1.9.1+a0ce1bc657
node2.lab.example.com Ready compute 3h v1.9.1+a0ce1bc657
[student@workstation ~]$ oc get pods
NAME READY STATUS RESTARTS AGE
docker-registry-1-brc89 1/1 Running 0 3h
docker-registry-1-fb4dn 1/1 Running 0 3h
registry-console-1-mkm66 1/1 Running 0 3h
router-1-5mhcq 1/1 Running 0 3h
router-1-wkr6z 1/1 Running 0 3h
📑6. 创建项目
[student@workstation ~]$ oc login -u developer
Authentication required for https://master.lab.example.com:443 (openshift)
Username: developer
Password:
Login successful.
You don't have any projects. You can try to create a new project, by running
oc new-project <projectname>
[student@workstation ~]$ oc new-project smoke-test
Now using project "smoke-test" on server "https://master.lab.example.com:443".
You can add applications to this project with the 'new-app' command. For example, try:
oc new-app centos/ruby-22-centos7~https://github.com/openshift/ruby-ex.git
to build a new example application in Ruby.
[student@workstation ~]$ oc get project
NAME DISPLAY NAME STATUS
smoke-test Active
📑7. 创建应用
[student@workstation ~]$ oc new-app php:5.6~http://services.lab.example.com/php-helloworld --name hello
…………
--> Creating resources ...
imagestream "hello" created
buildconfig "hello" created
deploymentconfig "hello" created
service "hello" created
--> Success
Build scheduled, use 'oc logs -f bc/hello' to track its progress.
Application is not exposed. You can expose services to the outside world by executing one or more of the commands below:
'oc expose svc/hello'
Run 'oc status' to view your app.
[student@workstation ~]$ oc logs -f bc/hello
Cloning "http://services.lab.example.com/php-helloworld" ...
Commit: 6d61e75647124d02aa761f994532ef29eae46f8e (Establish remote repository)
Author: root <root@services.lab.example.com>
Date: Thu Aug 9 11:33:29 2018 -0700
---> Installing application source...
=> sourcing 20-copy-config.sh ...
---> 13:02:33 Processing additional arbitrary httpd configuration provided by s2i ...
=> sourcing 00-documentroot.conf ...
=> sourcing 50-mpm-tuning.conf ...
=> sourcing 40-ssl-certs.sh ...
Pushing image docker-registry.default.svc:5000/smoke-test/hello:latest ...
Pushed 0/6 layers, 1% complete
Pushed 1/6 layers, 24% complete
Pushed 2/6 layers, 39% complete
Pushed 3/6 layers, 56% complete
Pushed 4/6 layers, 84% complete
Pushed 5/6 layers, 98% complete
Pushed 6/6 layers, 100% complete
Push successful
提示:输出表明OpenShift能够从仓库clone代码、并且构建image,同时将新image推入内部仓库。
📑8. 公开服务并查看route
[student@workstation ~]$ oc get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
hello ClusterIP 172.30.135.239 <none> 8080/TCP,8443/TCP 6m
[student@workstation ~]$ oc expose svc hello
route "hello" exposed
[student@workstation ~]$ oc get route
NAME HOST/PORT PATH SERVICES PORT TERMINATION WILDCARD
hello hello-smoke-test.apps.lab.example.com hello 8080-tcp None
📑9. 测试访问
[student@workstation ~]$ curl hello-smoke-test.apps.lab.example.com
Hello, World! php version is 5.6.25
💡总结
RHCA认证需要经历5门的学习与考试,还是需要花不少时间去学习与备考的,好好加油,可以噶🤪。
以上就是【金鱼哥】对 第二章 OpenShift安装与部署–安装部署与验证 的简述和讲解。希望能对看到此文章的小伙伴有所帮助。
💾红帽认证专栏系列:
RHCSA专栏:戏说 RHCSA 认证
RHCE专栏:戏说 RHCE 认证
此文章收录在RHCA专栏:RHCA 回忆录
如果这篇【文章】有帮助到你,希望可以给【金鱼哥】点个赞👍,创作不易,相比官方的陈述,我更喜欢用【通俗易懂】的文笔去讲解每一个知识点。
如果有对【运维技术】感兴趣,也欢迎关注❤️❤️❤️ 【金鱼哥】❤️❤️❤️,我将会给你带来巨大的【收获与惊喜】💕💕!
【版权声明】本文为华为云社区用户原创内容,转载时必须标注文章的来源(华为云社区)、文章链接、文章作者等基本信息, 否则作者和本社区有权追究责任。如果您发现本社区中有涉嫌抄袭的内容,欢迎发送邮件进行举报,并提供相关证据,一经查实,本社区将立刻删除涉嫌侵权内容,举报邮箱:
cloudbbs@huaweicloud.com
- 点赞
- 收藏
- 关注作者
评论(0)