ansible部署openshift集群
ansible安装部署openshift集群,prometheus,grafana,logging(elasticsearch,fluentd,kibana)
ansible部署openshift集群
- 安装ansible
sudo wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
sudo wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
sudo yum clean all && yum makecache
sudo yum install ansible-2.6.2 pyOpenSSL python-lxml -y
sudo mv /etc/ansible/hosts /etc/ansible/hosts.bak
- 宿主机开启selinux
[root@master-12-79 ~]# getenforce
Enforcing
- 添加普通用户
useradd m8 && echo "m8" | passwd --stdin m8
vim /etc/sudoers
m8 ALL=(ALL) NOPASSWD: ALL
- 安装ansible
# 选择一台机器作为ansible节点,下载安装包
[m8@ansible m8cloudv4.10-openshift3.10]$ pwd
/m8/m8cloudv4.10-openshift3.10
[m8@ansible m8cloudv4.10-openshift3.10]$ wget https://github.com/openshift/openshift-ansible/archive/openshift-ansible-3.10.27-2.tar.gz
[m8@ansible m8cloudv4.10-openshift3.10]$ tar zxvf openshift-ansible-3.10.27-2.tar.gz
[m8@ansible m8cloudv4.10-openshift3.10]$ ln -s openshift-ansible-openshift-ansible-3.10.27-2 openshift-3.10
# 修改ansible所在机器的/etc/hosts文件
[m8@ansible openshift-3.10]$ sudo cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
172.17.12.79 master-12-79
172.17.12.80 master-12-80
172.17.12.81 node-12-81 oc-console.oc310.com
172.17.12.83 infra-12-83
172.17.12.78 ceph-admin-12-78
172.17.12.82 ceph-node1-12-82
[m8@ansible openshift-3.10]$
# 下发
ansible nodes -m copy -a 'src=/etc/hosts dest=/etc/hosts'
- 配置ansible hosts文件
# 修改openshift repo
[m8@host-172-18-2-21 templates]$ pwd
/m8/openshift/openshift3.10/roles/openshift_repos/templates
[m8@ansible openshift-3.10]$ vim roles/openshift_repos/templates/CentOS-OpenShift-Origin.repo.j2
baseurl=https://mirrors.aliyun.com/centos/7/paas/x86_64/openshift-origin310/
# 修改ansible hosts文件
# ansible hosts文件定义的变量在roles/openshift_facts/defaults/main.yml文件中定义
# 示例 openshift_node_group_name
# [m8@ansible openshift-3.10]$ vim inventory/hosts.example
# https://docs.okd.io/latest/install/configuring_inventory_file.html
# 配置ansible hosts文件
[OSEv3:children]
masters
nodes
etcd
lb
[OSEv3:vars]
ansible_connection=ssh
ansible_ssh_user=m8
ansible_ssh_pass=m8
ansible_become=yes
yum_url=https://mirrors.aliyun.com
openshift_deployment_type=origin
openshift_release=v3.10
openshift_clock_enabled=true
openshift_disable_check=memory_availability,disk_availability,docker_storage,docker_storage_driver,docker_image_availability,package_version,package_availability,package_update
os_firewall_use_firewalld=True
openshift_docker_selinux_enabled=False
openshift_master_api_port=443
openshift_master_console_port=443
openshift_master_cluster_method=native
openshift_master_cluster_hostname=oc-console.oc310.com
openshift_master_cluster_public_hostname=oc-console.oc310.com
osm_controller_lease_ttl=30
openshift_master_default_subdomain=oc310.com
os_sdn_network_plugin_name='redhat/openshift-ovs-multitenant'
openshift_master_htpasswd_users={'m8admin': '$apr1$h365yuto$6nWBXOIjWTbP9MOI4aBII0', 'm8user': '$apr1$1us0qxca$6ZeGwn9DA4te3TBzwPl/m.'}
#openshift_node_groups=[{'name': 'node-config-master' 'labels': ['node-role.kubernetes.io/master=true']}, {'name': 'node-config-infra', 'labels': ['node-role.kubernetes.io/infra=true',]}, {'name': 'node-config-compute', 'labels': ['node-role.kubernetes.io/compute=true'], 'edits': [{ 'key': 'kubeletArguments.pods-per-core','value': ['20']}]}]
[masters]
master-12-79 hostname=master-12-79
master-12-80 hostname=master-12-80
[etcd]
master-12-79
master-12-80
infra-12-83 hostname=infra-12-83
[lb]
node-12-81 hostname=node-12-81
[nodes]
# 3.10的console也是一个pod,所以master节点必须可被调度。
master-12-79 openshift_schedulable=true openshift_node_group_name="node-config-master"
master-12-80 openshift_schedulable=true openshift_node_group_name="node-config-master"
node-12-81 openshift_node_group_name="node-config-compute"
infra-12-83 openshift_node_group_name="node-config-infra"
- 检查安装依赖等
# 检查
ansible-playbook playbooks/prerequisites.yml -vvv
- 安装openshift
# 安装
ansible-playbook playbooks/deploy_cluster.yml
- 创建集群管理员
# 创建集群管理员用户(如果在安装的时候ansible hosts指定了就不用再用htpasswd创建)
# htpasswd -c /etc/origin/master/htpasswd m8admin m8admin
oc adm policy add-cluster-role-to-user cluster-admin m8admin
# 取消集群管理员角色
oc adm policy remove-cluster-role-from-user cluster-admin m8admin
ansible部署prometheus
# 参考:
https://docs.okd.io/3.10/install/running_install.html
# 安装
ansible-playbook playbooks/openshift-prometheus/config.yml
ansible部署grafana
# 安装
ansible-playbook playbooks/openshift-grafana/config.yml
ansible部署logging(elk)
# 安装
ansible-playbook playbooks/openshift-logging/config.yml
FQA
卸载openshift集群
ansible-playbook playbooks/adhoc/uninstall.yml