Febrac8 + OpenShift + Kubernetes
2018-02-09 本文已影响0人
cxj_hit
Preface
To build a private PAAS platform for your dev team.
Host List
| IP Address | Hosts | Comment |
|---|---|---|
| 192.168.0.171 | lb1.os.example.com | LB |
| 192.168.0.252 | oskm1.os.example.com | Master1 |
| 192.168.0.221 | oskm2.os.example.com | Master2 |
| 192.168.0.168 | oskm3.os.example.com | Master3 |
| 192.168.0.182 | oskw1.os.example.com | Minion1 |
| 192.168.0.129 | oskw2.os.example.com | Minion2 |
| 192.168.0.117 | oskw3.os.example.com | Minion3 |
| 192.168.0.219 | oskw4.os.example.com | Minion4 |
| 192.168.0.182 | oskw5.os.example.com | Minion5 |
| 192.168.0.129 | oskw6.os.example.com | Minion6 |
| 192.168.0.117 | oskw7.os.example.com | Minion7 |
| 192.168.0.219 | oskw8.os.example.com | Minion8 |
| 192.168.0.219 | oskw9.os.example.com | Minion9 |
Upgrade OS to latest stable version
# yum upgrade
Upgrade kernel version
Please do the steps on all of the servers.
1 Check the current kernel version
# uname -sr
2 Upgrade the kernel version
2.1 Enable the ELRepo Yum Source
# rpm --import https://www.elrepo.org/RPM-GPG-KEY-elrepo.org
# rpm -Uvh http://www.elrepo.org/elrepo-release-7.0-2.el7.elrepo.noarch.rpm
2.2 Check the available kernel versions
# yum --disablerepo="*" --enablerepo="elrepo-kernel" list available
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* elrepo-kernel: mirrors.tuna.tsinghua.edu.cn
Available Packages
kernel-lt.x86_64 4.4.115-1.el7.elrepo elrepo-kernel
kernel-lt-devel.x86_64 4.4.115-1.el7.elrepo elrepo-kernel
kernel-lt-doc.noarch 4.4.115-1.el7.elrepo elrepo-kernel
kernel-lt-headers.x86_64 4.4.115-1.el7.elrepo elrepo-kernel
kernel-lt-tools.x86_64 4.4.115-1.el7.elrepo elrepo-kernel
kernel-lt-tools-libs.x86_64 4.4.115-1.el7.elrepo elrepo-kernel
kernel-lt-tools-libs-devel.x86_64 4.4.115-1.el7.elrepo elrepo-kernel
kernel-ml-devel.x86_64 4.15.1-1.el7.elrepo elrepo-kernel
kernel-ml-doc.noarch 4.15.1-1.el7.elrepo elrepo-kernel
kernel-ml-headers.x86_64 4.15.1-1.el7.elrepo elrepo-kernel
kernel-ml-tools.x86_64 4.15.1-1.el7.elrepo elrepo-kernel
kernel-ml-tools-libs.x86_64 4.15.1-1.el7.elrepo elrepo-kernel
kernel-ml-tools-libs-devel.x86_64 4.15.1-1.el7.elrepo elrepo-kernel
perf.x86_64 4.15.1-1.el7.elrepo elrepo-kernel
python-perf.x86_64 4.15.1-1.el7.elrepo elrepo-kernel
2.3 Install the latest kernel
# yum --enablerepo=elrepo-kernel install kernel-ml
Configure GRUB to enable the latest version
Change the GRUB default setting
Change the GRUB_DEFAULT to 0.
# vi /etc/default/grub
GRUB_TIMEOUT=5
GRUB_DISTRIBUTOR="$(sed 's, release .*$,,g' /etc/system-release)"
#GRUB_DEFAULT=saved
GRUB_DEFAULT=0
GRUB_DISABLE_SUBMENU=true
GRUB_TERMINAL_OUTPUT="console"
GRUB_CMDLINE_LINUX="crashkernel=auto rd.lvm.lv=cl/root rd.lvm.lv=cl/swap rhgb quiet"
GRUB_DISABLE_RECOVERY="true"
Recreate kernel boot setting
# grub2-mkconfig -o /boot/grub2/grub.cfg
# reboot
Configure selinux setting
From OpenShift user guide, we need to enable the SELINUX.
# vi /etc/selinux/config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
#SELINUX=disabled
SELINUX=enforcing
# SELINUXTYPE= can take one of three two values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are protected.
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
Install base packages
- Install the following base packages:
Remove the "iptables-services"
# yum install wget git net-tools bind-utils bridge-utils bash-completion kexec-tools sos psacct
- Install Ansible.
2.1 Install Ansible EPEL repo.
# yum -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
2.2 Disable the EPEL repository globally so that it is not accidentally used during later steps of the installation.
# sed -i -e "s/^enabled=1/enabled=0/" /etc/yum.repos.d/epel.repo
2.3 Install the packages for Ansible.
# yum -y --enablerepo=epel install ansible pyOpenSSL
- Clone the openshift/openshift-ansible repository from GitHub, which provides the required playbooks and configuration files.
# cd ~
# git clone https://github.com/openshift/openshift-ansible
# cd openshift-ansible
# git checkout release-3.9
Ensuring Host Access
We generate SSH Public key in master1 node, then copy to other nodes.
# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:JACywg3bZ3BT2CkjUYsKUehbziH3KBE78xIn7+nX0BY root@oskm1
The key's randomart image is:
+---[RSA 2048]----+
|o+o++++.. |
|o==.+=oo |
|=oo+.++ . |
|oX.=o E |
| .^ + . S |
| + * o o |
| + . + |
| o . . |
| ... |
+----[SHA256]-----+
#
# for host in oskm2.os.example.com \
oskm3.os.example.com \
oskw1.os.example.com \
oskw2.os.example.com \
oskw3.os.example.com \
oskw4.os.example.com \
oskw5.os.example.com \
oskw6.os.example.com \
oskw7.os.example.com \
oskw8.os.example.com \
oskw9.os.example.com \
lb1.os.example.com; \
do ssh-copy-id -i ~/.ssh/id_rsa.pub $host; \
done
