Openshift3-9部署手册

说明：本文主要介绍通过Ansible来部署Openshift 3.9

一、准备

系统准备

节点类型	说明
Masters	物理主机或者虚拟机 系统：Fedora 21, CentOS 7.3, 7.4或者7.5 最少4vCPU 最少16GB内存 /var/最少40GB空间 /usr/local/bin最少1GB空间 容器临时目录最少1GB空间  
Nodes	物理主机或者虚拟机 系统：Fedora 21, CentOS 7.3, 7.4或者7.5 NetworkManager版本1.0以上 最少1vCPU 最少8GB内存 /var/最少15GB空间 /usr/local/bin最少1GB空间 容器临时目录最少1GB空间  
额外的etcd节点	最少20GB用来存储etcd数据  

注：在安装时可以通过ansible_inventory的配置忽略以上系统要求
扩展：对于生产部署时，Master的配置要求计算规则如下：每1000个pods需要额外的1核CPU和1.5GB内存。因此如果要满足支持2000个pods的话，Master节点需要在最低配置2核CPU和16GB内存的基础上再加2核CPU和3GB内存，共4核CPU 19GB内存。

安装准备

1. 关闭防火墙及selinux

   systemctl disable firewalld
   systemctl stop firewalld
   sed -i "s/SELINUX=enforcing/SELINUX=disabled/" /etc/selinux/config
   setenforce 0

2. 更改yum源 base74 、 openshift-3.9 、 epel 、 updates 和 extras。

    #/etc/yum.repos.d/all.repo
   [base]
   name=CentOS-$releasever - Base
   baseurl=http://mirrors.ustc.edu.cn/centos/$releasever/os/$basearch/
   gpgcheck=0
   [updates]
   name=CentOS-$releasever - Updates
   baseurl=http://mirrors.ustc.edu.cn/centos/$releasever/updates/$basearch/
   gpgcheck=0
   [extras]
   name=CentOS-$releasever - Extras
   baseurl=http://mirrors.ustc.edu.cn/centos/$releasever/extras/$basearch/
   gpgcheck=0
   [openshift-3.9]
   name=Openshift 3.9
   baseurl=http://mirrors.ustc.edu.cn/centos/$releasever/paas/$basearch/openshift-origin39/
   gpgcheck=0
   [epel]
   name=Centos EPEL
   baseurl=http://mirrors.ustc.edu.cn/epel/7/$basearch/
   gpgcheck=0

   清除缓存

   yum makecache

二、安装

1. 安装需要的软件包

   yum install vim git ansible wget java-1.8.0-openjdk httpd-tools python-passlib docker -y

2. 下载openshift ansible部署脚本

   git clone https://github.com/openshift/openshift-ansible.git -b release-3.9

3. 禁用ansible脚本中的指定repo

   sed -i 's/enabled=1/enabled=0/g' ./roles/openshift_repos/templates/CentOS-OpenShift-Origin.repo.j2

4. 设置hostsname
   a. 在 /etc/hosts 添加ip映射

   # /etc/hosts
   192.168.2.3 openshift
   

   b. 更新本机hostname

    hostnamectl set-hostname --static openshift
   

5. 设置本地ssh无密钥登录

    ssh-keygen -t rsa
    ssh-copy-id -i ~/.ssh/id_rsa.pub root@openshift
    #或将id_rsa.pub内容添加到~/.ssh/authorized_keys中
   

6. 配置ansible hosts

   [OSEv3:children]
   masters
   nodes
   etcd
   nfs
   
   [OSEv3:vars]
   ansible_ssh_user=root
   openshift_deployment_type=origin
   deployment_type=origin
   openshift_release=v3.9
     
   #如果使用自己的镜像的话/etc/sysconfig/docker中会添加ADD_REGISTRY='--add-registry harbor.apps.com'
   #oreg_url=harbor.apps.com/openshift/origin-${component}:${version}
   #system_images_registry=harbor.apps.com
   #openshift_examples_modify_imagestreams=true
   #openshift_docker_additional_registries=harbor.apps.com
   #openshift_service_catalog_image_prefix=harbor.apps.com/openshift/origin-
   #openshift_metrics_image_prefix=harbor.apps.com/openshift/origin-
   #openshift_logging_image_prefix=harbor.apps.com/openshift/origin-
   #ansible_service_broker_image_prefix=harbor.apps.com/openshift/origin-
   #ansible_service_broker_etcd_image_prefix=harbor.apps.com/openshift/origin-
   #openshift_metrics_image_version=v3.9
      
   openshift_enable_service_catalog=false
   template_service_broker_install=false
   ansible_service_broker_install=false
   
   openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login':'true','challenge': 'true', 'kind': 'HTPasswdPasswordIdentityProvider'}]
   openshift_master_htpasswd_file=/etc/origin/master/htpasswd
   openshift_enable_unsupported_configurations=True
   openshift_docker_options="-l warn --ipv6=false --insecure-registry=0.0.0.0/0 --registry-mirror=https://docker.mirrors.ustc.edu.cn --log-opt max-size=1M --log-opt max-file=3"
   openshift_disable_check=memory_availability,disk_availability,package_availability,package_update,docker_image_availability,docker_storage_driver,docker_storage
   openshift_master_default_subdomain=apps.openshift
   
   openshift_metrics_install_metrics=true
   openshift_hosted_metrics_public_url=https://hawkular-metrics.apps.openshift/hawkular/metrics
   
   openshift_logging_install_logging=true
   openshift_hosted_etcd_storage_kind=nfs
   openshift_hosted_etcd_storage_nfs_options="*(rw,root_squash,sync,no_wdelay)"
   openshift_hosted_etcd_storage_nfs_directory=/nfs-data 
   openshift_hosted_etcd_storage_volume_name=etcd-vol2 
   openshift_hosted_etcd_storage_access_modes=["ReadWriteOnce"]
   openshift_hosted_etcd_storage_volume_size=1G
   openshift_hosted_etcd_storage_labels={'storage': 'etcd'}
   
   ansible_service_broker_image_prefix=registry.access.redhat.com/openshift3/ose-
   ansible_service_broker_registry_url=registry.access.redhat.com
   ansible_service_broker_registry_user=<user_name>
   ansible_service_broker_registry_password=<password>
   ansible_service_broker_registry_organization=<organization>
   
   [masters]
   openshift
   [etcd]
   openshift
   [nfs]
   openshift
   [nodes]
   openshift openshift_node_labels="{'region': 'infra', 'zone':'default'}" openshift_schedulable=true

7. 如果要修改为自己的镜像仓库的话，还需要更改几个yaml文件

   # roles/openshift_web_console/defaults/main.yml（去掉docker.io/）
   openshift_web_console_image_dict:
       origin:
           prefix: "openshift/origin-"
           version: "{{ openshift_image_tag }}"
           image_name: "web-console"

8. 执行安装脚本

   ansible-playbook playbooks/prerequisites.yml
   ansible-playbook playbooks/deploy_cluster.yml

9. 创建管理员账号

   htpasswd -b /etc/origin/master/htpasswd admin admin
   oc adm policy add-cluster-role-to-user cluster-admin admin

三、展示

参考文章
Openshift 3.9官方高级安装手册