1.准备工作
(1)vmware 版本 :win10环境下选择VMware-workstation-full-10.0.0-1295980;12 14均有报错没有找到解决办法;
(2)镜像版本:CentOS-7-x86_64-DVD-1810.iso
(3)安装vmwaretool:
安装中的各种问题详见(如果不需要共享文件可以不装)
https://www.cnblogs.com/chen1970/p/11076424.html
https://www.cnblogs.com/jiu0821/p/5946062.html
(4)vmware网络配置
在vmware中设置NAT模式并在虚机中配置网卡;如果设置BOOTPROTO=dhcp会自动生成ip
# vi /etc/sysconfig/network-scripts/ifcfg-ens33 TYPE=Ethernet PROXY_METHOD=none BROWSER_ONLY=no BOOTPROTO=none DEFROUTE=yes IPV4_FAILURE_FATAL=no IPV6INIT=yes IPV6_AUTOCONF=yes IPV6_DEFROUTE=yes IPV6_FAILURE_FATAL=no IPV6_ADDR_GEN_MODE=stable-privacy NAME=ens33 UUID=38d6bc1a-f362-4021-b890-db144b32d8fd DEVICE=ens33 ONBOOT=yes IPADDR=192.168.75.10 NETMASK=255.255.255.0 GATEWAY=192.168.75.2
DNS1=192.168.75.2
参考:https://blog.csdn.net/lkpklpk/article/details/81148906
2.安装步骤:
(1)各节点配置/etc/hosts
192.168.75.180 node01.okd.com 192.168.75.10 master01.okd.com 192.168.75.10 okd.mcg.com
(2)设置主机名与互信
hostnamectl set-hostname master01.okd.com ··· ssh-keygen ssh-copy-id $host
(3)配置yum源
#把原来的yum建议都删掉使用aliyun wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo 如下: [root@master01 ~]# cd /etc/yum.repos.d/ [root@master01 yum.repos.d]# ls CentOS-Base.repo epel.repo okd-ali.repo [root@master01 yum.repos.d]# cat okd-ali.repo [centos-openshift-origin311] name=Aliyun CentOS OpenShift Origin baseurl=http://mirrors.aliyun.com/centos/7/paas/x86_64/openshift-origin311/ enabled=1 gpgcheck=0 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-PaaS [centos-openshift-origin311-source] name=CentOS OpenShift Origin Source baseurl=http://vault.centos.org/centos/7/paas/Source/openshift-origin311/ enabled=0 gpgcheck=0 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-PaaS
yum clean all && yum makecache
(4)基础包安装
yum install wget git net-tools bind-utils yum-utils iptables-services bridge-utils bash-completion kexec-tools sos psacct ansible pyOpenSSL
(5)docker与docker-storage-setup,这里使用overlay2
yum install docker-1.13.1 cat <<EOF > /etc/sysconfig/docker-storage-setup STORAGE_DRIVER=overlay2 EOF
docker-storage-setup
#使用已经存在的vg #cat <<EOF > /etc/sysconfig/docker-storage-setup #VG=docker-vg #EOF systemctl restart docker systemctl status docker #配置镜像加速 mkdir -p /etc/docker tee /etc/docker/daemon.json <<-'EOF' { "registry-mirrors": ["https://t65g57p1.mirror.aliyuncs.com"] } EOF
(6)下载ansible-playbook
# git clone https://github.com/openshift/openshift-ansible # cd openshift-ansible # git checkout release-3.11
或者:
wget -O ocp-ansible.tar.gz https://codeload.github.com/openshift/openshift-ansible/tar.gz/openshift-ansible-3.11.170-1
cd /usr/share/ansible && tar -zxf ocp-ansible.tar.gz
mv openshift-ansible-openshift-ansible-3.11.170-1/ openshift-ansible
(7)配置ansible hosts
[root@master01 yum.repos.d]# cat /etc/ansible/hosts [OSEv3:children] masters nodes etcd # Set variables common for all OSEv3 hosts [OSEv3:vars] # SSH user, this user should allow ssh based auth without requiring a password ansible_ssh_user=root # If ansible_ssh_user is not root, ansible_become must be set to true #ansible_become=true openshift_disable_check=disk_availability,docker_storage,memory_availability,docker_image_availability openshift_deployment_type=origin # uncomment the following to enable htpasswd authentication; defaults to AllowAllPasswordIdentityProvider# #openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', 'challenge': 'true', 'kind': 'HTPasswdPasswordIdentityProvider'}] openshift_node_groups=[{'name': 'node-config-master', 'labels': ['node-role.kubernetes.io/master=true','node-role.kubernetes.io/infra=true']}, {'name': 'node-config-compute', 'labels': ['node-role.kubernetes.io/compute=true']}] openshift_master_cluster_hostname=okd.mcg.com openshift_master_cluster_public_hostname=okd.mcg.com # host group for masters [masters] master01.okd.com # host group for etcd [etcd] master01.okd.com # host group for nodes, includes region info [nodes] master01.okd.com openshift_node_group_name='node-config-master' node01.okd.com openshift_node_group_name='node-config-compute'
(8) 执行安装
cd /usr/share/ansible/openshift-ansible ansible-playbook playbooks/prerequisites.yml #检查 ansible-playbook playbooks/deploy_cluster.yml #安装 ansible-playbook openshift-ansible/playbooks/adhoc/uninstall.yml #卸载
如果有报错可以分步骤retry
详情:https://docs.okd.io/latest/install/running_install.html#advanced-retrying-installation
3.安装常见问题:
(1)ansible playbook执行过程中controllers容器启动一直重试:
由于controller容器的启动赖于另外两个容器的启动,通过docker logs 相关容器查看etcd 以及api日志,看其中的报错;我这次安装时由于网卡的dhcp模式导致ip出现问题。
(2)这一步特别慢:
去相应的节点手动执行ps -ef |grep yum 中的命令,安装origin-node.service
(3)node节点添加失败:出现csr问题Approve node certificates when bootstrapping
第一的问题是node01 节点访问不了外网了,安装完再卸载后dns可能发生的变化可以通过修改/etc/resolv.conf解决;
csr节点证书问题:
systemctl status origin-node #看节点报错信息 oc adm certificate approve xxx #批准相关证书
(4)node节点/etc/cni/net.d/中的文件找不到
将主节点的文件传过去:
scp 80-openshift-network.conf node01.okd.com:/etc/cni/net.d/80-openshift-network.conf
(5)no route to host
首先关闭node节点与master节点的firewalld 服务,再看iptables下有没有禁用相关规则。