iT邦幫忙

第 11 屆 iT 邦幫忙鐵人賽

DAY 5
0
$ wget https://github.com/openshift/openshift-ansible/archive/openshift-ansible-3.11.136-1.zip
$ yum install unzip
$ unzip openshift-ansible-3.11.136-1.zip
$ cd openshift-ansible-openshift-ansible-3.11.136-1/
...
$ cd ..
$ cp openshift-ansible-openshift-ansible-3.11.136-1/ansible.cfg .

配置 Openshift Ansible 「inventory file」 描述

Inventory

  • Inventory 主要是設定整個Cluster 的重要角色
  • 這次的 Inventory 我們主要有幾個重點
    • Core Settings: 主要 core componets 的設定
    • Container Runtime Setting: 這次我們主要會將Container runtime 轉換為RedHat 的另一個 Container runtime 專案 CRIO
    • CA Expired Date Setting: 將憑證日期延長至20年
    • 因為部分的 add-on 有 persistent volume 需要(e.g. EFK),其餘設定都暫時先用設定,夠過後續安裝的方式安裝。
#reate an OSEv3 group that contains the masters and nodes groups
[OSEv3:children]
masters
nodes
etcd
#
# # Set variables common for all OSEv3 hosts
[OSEv3:vars]
##
openshift_disable_check=disk_availability,docker_storage,memory_availability,docker_image_availability,package_version
## # SSH user, this user should allow ssh based auth without requiring a password
ansible_ssh_user=root

debug_level=2
##
#Core Settings
#-----------------------------------------------------
openshift_image_tag="v3.11.0"
openshift_pkg_version="-3.11.0-1.el7.git.0.62803d0"
openshift_version="3.11.0"
openshift_release="3.11.0"
openshift_master_default_subdomain=apps.paas.domain.tw
openshift_deployment_type=origin
openshift_hosted_infra_selector=""
openshift_master_cluster_hostname=webconsole.paas.domain.tw
openshift_master_cluster_public_hostname=webconsole.paas.domain.tw
openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', 'challenge': 'true', 'kind': 'HTPasswdPasswordIdentityProvider'}]
openshift_master_console_port=8443
openshift_master_api_port=8443
#-----------------------------------------------------

#Container runtime setting
#-----------------------------------------------------
#if you wanna change the crio
# https://docs.openshift.com/container-platform/3.11/crio/crio_runtime.html
openshift_use_crio=True
openshift_use_crio_only=False
openshift_crio_enable_docker_gc=False
openshift_crio_docker_gc_node_selector={'runtime': 'cri-o'}
#-----------------------------------------------------

#CA expired date setting
#-----------------------------------------------------
openshift_ca_cert_expire_days=7300
openshift_node_cert_expire_days=7300
openshift_master_cert_expire_days=7300
etcd_ca_default_days=7300
#-----------------------------------------------------


osm_use_cockpit=true
osm_cockpit_plugins=['cockpit-kubernetes']

## # host group for masters
[masters]
paas01.paas.domain.tw

## # host group for etcd
[etcd]
paas01.paas.domain.tw

## # host group for nodes
[nodes]
paas01.paas.domain.tw openshift_node_group_name='node-config-master-crio'
paas02.paas.domain.tw openshift_node_group_name='node-config-infra-crio'
paas03.paas.domain.tw openshift_node_group_name='node-config-compute-crio'
paas04.paas.domain.tw openshift_node_group_name='node-config-compute-crio'
paas05.paas.domain.tw openshift_node_group_name='node-config-compute-crio'

Prerequisites

  • 安裝 pre requisites rpm
  • production mode 建議透過offline install 的方式安裝,保存安裝時所使用的rpm檔
$ ansible-playbook -i inventory.ini openshift-ansible-openshift-ansible-3.11.136-1/playbooks/prerequisites.yml 

Deploy Cluster

  • 開始部署節點
$ ansible-playbook -i inventory.ini openshift-ansible-openshift-ansible-3.11.136-1/playbooks/deploy_cluster.yml 

後續設定

  • 增加 admin 帳號 (登入webconsole)
  • inventory 一開始預設有指定透過/etc/origin/master/htpasswd 作為基本的 identity provider 驗證
$ htpasswd -c /etc/origin/master/htpasswd admin
  • 對 htpasswd admin user 進行cluster role binding (cluster-admin)
$ oc adm policy add-cluster-role-to-user cluster-admin admin
  • 最後我們就可以透過inventory 設定的url登入Openshift webconsole 介面了
Webconsole: https://webconsole.paas.domain.tw:8443
Cluster console: https://console.apps.domain.tw

上一篇
Day 04 :部署 OpenShift 3.11(OKD)(上) - 事前準備工作
下一篇
Day 06 :OKD 常見部署問題探討
系列文
從 RedHat OpenShift 社群版 OKD 看 Kubernetes17

尚未有邦友留言

立即登入留言