当前位置: 首页 > 文档资料 > 技术文档 Cookbook >

前续安装

优质
小牛编辑
144浏览
2023-12-01

安装准备说明

Table 1. 软件安装需求
类型说明

SELinux

配置 SELinux(/etc/selinux/config),确保:

  • SELINUX=enforcing

  • SELINUXTYPE=targeted

DNS

/etc/hosts 中添加静态域名

DNA A record

添加 A 记录

*.cloudapps.example.com. 300 IN  A 10.0.0.1

NetworkManager

可选择的,如果禁用,需要手动配置 DNS

firewall

推荐打开,对应 ansible inventory 中添加:

os_firewall_use_firewalld=True

Storage

NFS, GlusterFS, Ceph RBD, OpenStack Cinder, AWS Elastic Block Store (EBS), GCE Persistent Disks, iSCSI.

安装包

# yum install wget git net-tools bind-utils yum-utils iptables-services bridge-utils bash-completion kexec-tools sos psacct
# yum update
# systemctl reboot

Ansible Task

# yum install openshift-ansible

docker

# yum install docker-1.13.1
# rpm -V docker-1.13.1
# docker version

本部分提供两种安装方式:Ansible 执行前续安装,及 Bash 执行前续安装。

Bash 执行前续安装

控制节点静态域名配置

Master 上配置 hosts 内容如下
echo "10.66.208.101 master.example.com master" >> /etc/hosts
echo "10.66.208.102 infra.example.com infra" >> /etc/hosts
echo "10.66.208.103 node1.example.com node1" >> /etc/hosts
echo "10.66.208.104 node2.example.com node2" >> /etc/hosts
echo "10.66.208.105 nfs.example.com nfs" >> /etc/hosts
echo "10.66.208.106 yum.example.com yum" >> /etc/hosts
echo "10.66.208.106 registry.example.com registry" >> /etc/hosts

Master 到其它节点互信

1. 生成 SSH 所需之秘钥。命令如下,应答输入请直接输入回车
# ssh-keygen
2. 配置到各节点免密登录
# for i in master infra nfs node1 node2 registry; do ssh-copy-id $i.example.com; done;
3. 免密登录验证
# for i in master infra nfs node1 node2 registry; do ssh $i.example.com 'date'; done
Mon Oct 15 20:41:54 CST 2018
Mon Oct 15 20:41:31 CST 2018
Mon Oct 15 20:41:55 CST 2018
Mon Oct 15 20:42:50 CST 2018
Mon Oct 15 20:42:49 CST 2018
Tue Oct 16 04:42:48 CST 2018

所有节点 hosts 文件拷贝

# for i in infra node1 node2 nfs ; do scp /etc/hosts root@$i.example.com:/etc/hosts ; done

所有节点 yum 源配置

1. 控制节点创建 ocp.repo
cat << EOF > /etc/yum.repos.d/ocp.repo
[rhel-7-server-rpms]
baseurl = http://yum.example.com/repo/rhel-7-server-rpms
enabled = 1
gpgcheck = 0
name = rhel-7-server-rpms

[rhel-7-server-extras-rpms]
baseurl = http://yum.example.com/repo/rhel-7-server-extras-rpms
enabled = 1
gpgcheck = 0
name = rhel-7-server-extras-rpms

[rhel-7-server-ose-3.11-rpms]
baseurl = http://yum.example.com/repo/rhel-7-server-ose-3.11-rpms
enabled = 1
gpgcheck = 0
name = rhel-7-server-ose-3.11-rpms

[rhel-7-server-ansible-2.6-rpms]
baseurl = http://yum.example.com/repo/rhel-7-server-ansible-2.6-rpms
enabled = 1
gpgcheck = 0
name = rhel-7-server-ansible-2.6-rpms
EOF
2. 确保所有用户有可读权限
# chmod a+x ocp.repo
3. 所有节点 yum 源配置
# for i in infra node1 node2 nfs ; do scp /etc/yum.repos.d/ocp.repo root@$i.example.com:/etc/yum.repos.d/ ; done
4. 测试 yum 源配置
# for i in master infra node1 node2 ; do ssh $i.example.com 'yum list | grep openshift-ansible' ; done
openshift-ansible.noarch             3.11.16-1.git.0.4ac6f81.el7
openshift-ansible-docs.noarch        3.11.16-1.git.0.4ac6f81.el7
openshift-ansible-playbooks.noarch   3.11.16-1.git.0.4ac6f81.el7
openshift-ansible-roles.noarch       3.11.16-1.git.0.4ac6f81.el7
...

SELinux 设定

查看 SELinux 设定
# for in in master infra node1 node2 ; do ssh $i.example.com 'getenforce' ; done
Enforcing
Enforcing
Enforcing
Enforcing

安装软件包

1. yum 更新
# for i in master infra node1 node2 nfs ; do ssh $i.example.com 'yum update -y' ; done
2. 安装基本包
# for i in master infra node1 node2 nfs ; do ssh $i.example.com 'yum -y install wget git net-tools bind-utils yum-utils iptables-services bridge-utils bash-completion kexec-tools sos psacct vim tree; echo' ; done
3. Master 上安装 openshift-ansible
# ssh master.example.com 'yum -y install openshift-ansible'
4. 重起所有节点
# for i in infra node1 node2 nfs master ; do ssh $i.example.com 'reboot' ; done

DNS 配置

1. 所有节点配置 DNS
# for i in master infra node1 node2 nfs ; do ssh $i.example.com 'nmcli connection modify eth0 ipv4.dns 10.66.208.106' ; done
2. 测试 DNS
# for i in master infra node1 node2 ; do ssh $i.example.com 'dig master.example.com  +short' ; done
# for i in master infra node1 node2 ; do ssh $i.example.com 'dig infra.example.com +short' ; done
# for i in master infra node1 node2 ; do ssh $i.example.com 'dig nfs.example.com +short' ; done
# for i in master infra node1 node2 ; do ssh $i.example.com 'dig node1.example.com  +short' ; done
# for i in master infra node1 node2 ; do ssh $i.example.com 'dig node2.example.com  +short' ; done
# for i in master infra node1 node2 ; do ssh $i.example.com 'dig registry.example.com +short' ; done

# for i in master infra node1 node2 ; do ssh $i.example.com 'dig test.apps.example.com  +short' ; done
# for i in master infra node1 node2 ; do ssh $i.example.com 'dig xyz.apps.example.com  +short' ; done

安装 Docker

1. 安装
# for i in master infra node1 node2 ; do ssh $i.example.com 'yum -y install docker'; done
2. 配置 Docker Storage(可选)
3. 启动
# for i in master infra node1 node2; do ssh $i.example.com 'systemctl enable docker ; systemctl start docker'; done
4. 启动验证
# for i in master infra node1 node2 ; do ssh $i.example.com 'systemctl status docker'; done
# for i in master infra node1 node2 ; do ssh $i.example.com 'systemctl is-active docker'; done

Docker 证书配置

1. 拷贝证书
# for i in master infra node1 node2; do scp example.com.crt root@$i.example.com:/etc/pki/ca-trust/source/anchors/ ; done
2. 更新信任自签名证书
# for i in master infra node1 node2 ; do ssh $i.example.com 'update-ca-trust extract'; done
3. 重起 Docker
# for i in master infra node1 node2 ; do ssh $i.example.com 'systemctl restart docker ; systemctl is-active docker'; done
# for i in master infra node1 node2 ; do ssh $i.example.com 'systemctl is-enabled docker'; done
4. 镜像下载测试
# for i in master infra node1 node2; do ssh $i.example.com 'docker pull registry.example.com/rhscl/php-56-rhel7:latest'; done

Ansible 执行前续安装

本部分是在操作控制节点上进行。

操作控制节点安装 Ansible

1 - 安装
# yum install ansible
2 - 验证是否已安装了 ansible 软件包
$ rpm -qa | grep ansible
ansible-2.3.2.0-2.el7.noarch

$ ansible --version
ansible 2.3.2.0
  config file = /etc/ansible/ansible.cfg
  configured module search path = Default w/o overrides
  python version = 2.7.5 (default, May  3 2017, 07:55:04) [GCC 4.8.5 20150623 (Red Hat 4.8.5-14)]

操作控制节点配置到各节点免密登录

1 - 配置操作控制节点到各节点静态域名解析
echo "10.66.208.101 master.example.com master" >> /etc/hosts
echo "10.66.208.102 infra.example.com infra" >> /etc/hosts
echo "10.66.208.103 nfs.example.com nfs" >> /etc/hosts
echo "10.66.208.105 node1.example.com node1" >> /etc/hosts
echo "10.66.208.106 node2.example.com node2" >> /etc/hosts
2 - 配置操作控制节点生成 SSH 所需之秘钥。命令如下,应答输入请直接输入回车
# ssh-keygen
3 - 配置到各节点免密登录
for i in master infra nfs node1 node2; do ssh-copy-id $i; done;

准备 Playbook 脚本

如上文件目录结构为:

ocp pre files.png

执行 Playbook 脚本

ansible-playbook -i inventory prepare_install.yml