table of Contents
Three, environmental preparation
Fourth, create, push the mirror warehouse and run rancher
1. Deployment ideas
1. Local deployment of a VMware virtual machine, mainly for testing offline installation. Using one machine can maximize resource utilization. After all, the host machine is a laptop with limited resources.
2. If you are also a machine, it is recommended to configure at least 8vCPUs16G memory and 150G storage. Many machines have appropriately lowered their configuration. This test uses a machine with 4vCPUs16G memory and found that rancher is running relatively stable.
3. Install all software docker, docker-compose, harbor, rancher/server, rancher/agent on one machine.
4. All involved software adopts the latest stable version and is installed offline to ensure that no version upgrade is required for a relatively long time. The default network for this deployment is a pure internal network that cannot be connected to an external network. Download from the external network and deploy in the internal network, you can use the NTFS format U disk transfer .
2. Prerequisites
1. Familiar with the basic steps and ideas of online installation of rancher2.5.2 or other stable versions, please refer to the online installation of rancher2.5.2 I wrote earlier .
2. Meet the requirements of the hardware and software environment, install basic tool services according to your needs, such as: net-tools, lrzsz, etc.
3. Necessary rancher environment adjustments, including turning off the firewall, turning off selinux, configuring hosts domain name binding, etc., or not turning off but setting corresponding rules.
4. Offline installation of docker (management of rancher related containers) and docker-compose (management of harbor) that meet the requirements of the version. Docker must be configured with a domestic image accelerator. It is recommended to configure Alibaba Cloud.
5. Offline installation of the newer stable version of the harbor mirror warehouse for docker to pull the required mirror offline when starting the container. The warehouse space is not less than 50G.
6. Configure barbor's https access. This step is actually to configure harbor's built-in nginx to enable https. Authorize all docker machines (only one in this test), and rancher uses the https protocol by default when pulling images from the barbor warehouse through docker.
Three, environmental preparation
A newly installed virtual machine (4 cores, 8 threads, 16G memory, CentOS7.6 minimal installation). Install docker, docker-compose and harbor first offline, please refer to https://blog.csdn.net/ct_666/article/details/110916695 , this article does not involve specific installation. Note that I have modified the default port, and multiple machines do not need to be modified for deployment.
| IP | software | version | port |
|---|---|---|---|
| 192.168.44.100 | docker-this | 19.03.13 | |
| docker-compose | 1.27.4 | ||
| harbor | 2.0.4 | 80==>9080,443==>9443 |
|
| rancher/server | 2.5.2 | 80==>8080,443==>8443 | |
| rancher/agent | 2.5.2 | 80,443 |
Fourth, create, push the mirror warehouse and run rancher
Note: 1. The required files should be located in the same directory, I put them in the /home directory: rancher-images.txt, rancher-save-images.sh, rancher-load-images.sh, rancher-images.tar.gz .
2. Among them, rancher-images.txt, rancher-save-images.sh, rancher-load-images.sh, these three files are downloaded from the official website according to the version requirements of your choice, and rancher-images.tar.gz is in Generated in step 3 of this article.
3. Download the file address: https://github.com/rancher/rancher/releases , be careful not to download Pre-releasethe version with rc or , because they are unstable in the production environment. The following is the current asset list of the latest stable version 2.5.3,
This article uses 2.5.2.
Steps 4.1-3 operate on the external network, and steps 4-7 operate on the internal network. This article is the fourth step to disconnect the network to simulate the internal network.
cd /home/1. Sort and uniqueize the mirror list to remove duplicate mirror sources.
sort -u rancher-images.txt -o rancher-images.txt2. Add the executable permissions of the rancher-save-images.sh file.
chmod +x rancher-save-images.sh3. Execute the script rancher-save-images.sh and use --image-list ./rancher-images.txt as a parameter to create a compressed package of the desired image (a longer time).
./rancher-save-images.sh --image-list ./rancher-images.txt4. Use the U disk to transfer the file rancher-images.tar.gz generated in the previous step to the intranet server where your harbor mirror library is located (because I am a machine, there is no transfer, just disconnect the Internet to simulate the intranet) , Log in to docker in the intranet to prepare to upload the image to the harbor offline warehouse.
docker login 192.168.44.100:94435. Add the executable permissions of the rancher-load-images.sh file.
chmod +x rancher-load-images.sh6. Use the script rancher-load-images.sh to extract the image in the rancher-images.tar.gz file. After executing the command, first decompress the rancher-images.tar.gz file. About 10 minutes and there is no prompt like stuck, the upload will start after the decompression is complete. Re-tag the extracted mirror files according to the mirror list in the file rancher-images.txt and push them to your own harbor offline mirror warehouse. Before that, your harbor warehouse needs to create a rancher project.
After confirming that the rancher project is created, execute the push command, the script will push all the images to the rancher project
./rancher-load-images.sh --image-list ./rancher-images.txt --registry 192.168.44.100:94437. After the offline mirror warehouse is established, the test uses docker to run a rancher/server on the internal network machine to pull all the required mirrors from the designated harbor offline mirror warehouse.
docker run -d --restart=unless-stopped --name rancher --privileged \
-p 8080:80 -p 8443:443 \
-e CATTLE_SYSTEM_DEFAULT_REGISTRY=192.168.44.100:9443 \
-e CATTLE_SYSTEM_CATALOG=bundled \
-v /var/lib/rancher:/var/lib/rancher \
-v /var/log/auditlog:/var/log/auditlog \
192.168.44.100:9443/rancher/rancher:v2.5.28. Log in to https://192.168.44.100:8443, create a new "custom" cluster, fill in the cluster name, set rancher's private mirror warehouse address, login name, and password. Make rancher always pull the required mirrors from the specified mirror warehouse when building a cluster, and click Next for the rest of the default settings.
9. Since there is only one machine, check the Etcd role, Control role, and Worker role. Copy the commands in the command box to the terminal for execution, and wait for the cluster to be created.
to sum up:
There is not much difference between offline installation and online installation, mainly because the mirror acquisition method is different. Online installation uses the official mirror source, and offline installation uses a private mirror warehouse built by yourself. And the mirrors in the private mirror warehouse need to be maintained by themselves. The missing mirrors need to be downloaded from the external network, and then transferred to the internal network using tools, and pushed to the private warehouse before they can be used. The whole process is more troublesome.