$ wget https://github.com/openshift/openshift-ansible/archive/openshift-ansible-3.11.136-1.zip
$ yum install unzip
$ unzip openshift-ansible-3.11.136-1.zip
$ cd openshift-ansible-openshift-ansible-3.11.136-1/
...
$ cd ..
$ cp openshift-ansible-openshift-ansible-3.11.136-1/ansible.cfg .

配置 Openshift Ansible 「inventory file」 描述

Inventory

• Inventory 主要是設定整個Cluster 的重要角色
• 這次的 Inventory 我們主要有幾個重點
  • Core Settings: 主要 core componets 的設定
  • Container Runtime Setting: 這次我們主要會將Container runtime 轉換為RedHat 的另一個 Container runtime 專案 CRIO
  • CA Expired Date Setting: 將憑證日期延長至20年
  • 因為部分的 add-on 有 persistent volume 需要(e.g. EFK)，其餘設定都暫時先用設定，夠過後續安裝的方式安裝。

#reate an OSEv3 group that contains the masters and nodes groups
[OSEv3:children]
masters
nodes
etcd
#
# # Set variables common for all OSEv3 hosts
[OSEv3:vars]
##
openshift_disable_check=disk_availability,docker_storage,memory_availability,docker_image_availability,package_version
## # SSH user, this user should allow ssh based auth without requiring a password
ansible_ssh_user=root

debug_level=2
##
#Core Settings
#-----------------------------------------------------
openshift_image_tag="v3.11.0"
openshift_pkg_version="-3.11.0-1.el7.git.0.62803d0"
openshift_version="3.11.0"
openshift_release="3.11.0"
openshift_master_default_subdomain=apps.paas.domain.tw
openshift_deployment_type=origin
openshift_hosted_infra_selector=""
openshift_master_cluster_hostname=webconsole.paas.domain.tw
openshift_master_cluster_public_hostname=webconsole.paas.domain.tw
openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', 'challenge': 'true', 'kind': 'HTPasswdPasswordIdentityProvider'}]
openshift_master_console_port=8443
openshift_master_api_port=8443
#-----------------------------------------------------

#Container runtime setting
#-----------------------------------------------------
#if you wanna change the crio
# https://docs.openshift.com/container-platform/3.11/crio/crio_runtime.html
openshift_use_crio=True
openshift_use_crio_only=False
openshift_crio_enable_docker_gc=False
openshift_crio_docker_gc_node_selector={'runtime': 'cri-o'}
#-----------------------------------------------------

#CA expired date setting
#-----------------------------------------------------
openshift_ca_cert_expire_days=7300
openshift_node_cert_expire_days=7300
openshift_master_cert_expire_days=7300
etcd_ca_default_days=7300
#-----------------------------------------------------


osm_use_cockpit=true
osm_cockpit_plugins=['cockpit-kubernetes']

## # host group for masters
[masters]
paas01.paas.domain.tw

## # host group for etcd
[etcd]
paas01.paas.domain.tw

## # host group for nodes
[nodes]
paas01.paas.domain.tw openshift_node_group_name='node-config-master-crio'
paas02.paas.domain.tw openshift_node_group_name='node-config-infra-crio'
paas03.paas.domain.tw openshift_node_group_name='node-config-compute-crio'
paas04.paas.domain.tw openshift_node_group_name='node-config-compute-crio'
paas05.paas.domain.tw openshift_node_group_name='node-config-compute-crio'

Prerequisites

• 安裝 pre requisites rpm
• production mode 建議透過offline install 的方式安裝，保存安裝時所使用的rpm檔

$ ansible-playbook -i inventory.ini openshift-ansible-openshift-ansible-3.11.136-1/playbooks/prerequisites.yml 

Deploy Cluster

• 開始部署節點

$ ansible-playbook -i inventory.ini openshift-ansible-openshift-ansible-3.11.136-1/playbooks/deploy_cluster.yml 

後續設定

• 增加 admin 帳號 (登入webconsole)
• inventory 一開始預設有指定透過/etc/origin/master/htpasswd 作為基本的 identity provider 驗證

$ htpasswd -c /etc/origin/master/htpasswd admin

• 對 htpasswd admin user 進行cluster role binding (cluster-admin)

$ oc adm policy add-cluster-role-to-user cluster-admin admin

• 最後我們就可以透過inventory 設定的url登入Openshift webconsole 介面了

Webconsole: https://webconsole.paas.domain.tw:8443
Cluster console: https://console.apps.domain.tw