容器化應用: 在阿里雲搭建多節點 Openshift 集羣

概述

兩節點集羣作試驗
計算節點要配置的東西比較少, 建議先配置計算節點, 而後切換到 Master 節點慢慢搞.
在阿里雲的美國區(硅谷)開了兩個ECS(按量)

• Master: 2CPU, 16G內存, CentOS 7.4 64位
• Node1: 1CPU, 8G內存, CentOS 7.4 64位

但是, 自定義鏡像能在國內跨區複製, 可是總算藉助米國的網絡算是把整個流程跑通了, 國內的網絡出國各類卡.

配置

配置計算節點和控制節點, 稍微有點區別, 以下

計算節點

# 設置主機名
hostnamectl set-hostname node1.example.com

# 安裝依賴包
yum install -y docker wget git net-tools bind-utils iptables-services bridge-utils bash-completion

# 啓用, 啓動 Docker 服務
systemctl enable docker; systemctl start docker

# 啓用, 啓動網絡管理器
systemctl enable NetworkManager; systemctl start NetworkManager

# 中止, 禁用防火牆
systemctl stop firewalld ; systemctl diable firewalld

# Ansible和系統自帶的urllib3有衝突, 卸載之: Error unpacking rpm package python-urllib3-1.10.2-3.el7.noarch
pip uninstall urllib3

Master 控制節點

# 設置主機名
hostnamectl set-hostname master.example.com

# 本地域名解析
echo "172.20.62.195 master.example.com" >> /etc/hosts
echo "172.20.62.196 node1.example.com" >> /etc/hosts

# 安裝依賴包
yum install -y docker wget git net-tools bind-utils iptables-services bridge-utils bash-completion

# 啓用, 啓動 Docker 服務
systemctl enable docker; systemctl start docker

# 啓用, 啓動網絡管理器
systemctl enable NetworkManager; systemctl start NetworkManager

# 中止, 禁用防火牆
systemctl stop firewalld ; systemctl diable firewalld

# Ansible和系統自帶的urllib3有衝突, 卸載之: Error unpacking rpm package python-urllib3-1.10.2-3.el7.noarch
pip uninstall urllib3

# 安裝, 啓用, 啓動ETCD分佈式數據庫
yum -y install etcd
systemctl enable etcd; systemctl start etcd

# 下載EPEL
yum -y install https://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-10.noarch.rpm

# enable=0
sed -i -e "s/^enabled=1/enabled=0/" /etc/yum.repos.d/epel.repo

# 安裝
yum -y --enablerepo=epel install ansible pyOpenSSL

# 生成祕鑰
ssh-keygen -f /root/.ssh/id_rsa -N ''

# 複製祕鑰到集羣中的全部節點, 實現無密碼訪問
for host in master.example.com node1.example.com; do ssh-copy-id -i ~/.ssh/id_rsa.pub $host;  done

# 下載 openshift-ansible
wget https://github.com/openshift/openshift-ansible/archive/openshift-ansible-3.7.0-0.126.0.tar.gz
tar zxvf openshift-ansible-3.7.0-0.126.0.tar.gz

# 備份
cp /etc/ansible/hosts /etc/ansible/hosts.bak

# 配置 /etc/ansible/hosts
# /etc/ansible/hosts 文件的內容修改成下面一個代碼塊

# Create an OSEv3 group that contains the masters and nodes groups
[OSEv3:children]
masters
nodes
etcd

# Set variables common for all OSEv3 hosts
[OSEv3:vars]
# SSH user, this user should allow ssh based auth without requiring a password
ansible_ssh_user=root
openshift_deployment_type=origin
openshift_release=3.6.0
# 若是CPU內存知足條件, 能夠註釋掉 openshift_disable_check
# Master 節點要求 2 CPU核心, 16G內存, 40G磁盤
#   Node 節點要求 1 CPU核心,  8G內存, 20G磁盤
openshift_disable_check=disk_availability,docker_storage,memory_availability,docker_image_availability

# uncomment the following to enable htpasswd authentication; defaults to DenyAllPasswordIdentityProvider
openshift_master_identity_providers=[{'name':'htpasswd_auth','login':'true','challenge':'true','kind':'HTPasswdPasswordIdentityProvider','filename':'/etc/origin/master/htpasswd'}]

# host group for masters
[masters]
master.example.com

# host group for nodes, includes region info
[nodes]
master.example.com
node1.example.com
node1.example.com openshift_node_labels="{'region': 'infra', 'zone': 'east'}"

[etcd]
master.example.com

開工, 坐等結果

ansible-playbook ~/openshift-ansible-openshift-ansible-3.7.0-0.126.0/playbooks/byo/config.yml

而後

若是有啥毛病, 把錯誤消息複製下來Google. 百度沒有! 若是一切正常, 能夠經過下面的一些命令查看集羣的信息

查看節點列表

oc get nodes

我是誰

當前登陸用戶是WHO?

oc whoami

顯示集羣資源列表

oc get all -o wide

建立用戶

htpasswd -b /etc/origin/master/htpasswd dev dev

以集羣管理員登陸

oc login -u system:admin

給DEV帳號添加集羣管理員角色

oc adm policy add-cluster-role-to-user cluster-admin dev

打洞

master.example.com, node1.example.com, 是經過本地 /etc/hosts 文件解析的, 沒法經過公網訪問. 要公網訪問, 可使用DNS.

在本機 /etc/hosts 添加以下一行:

127.0.0.1 master.example.com

執行以下命令打洞到遠程Master

ssh -L 127.0.0.1:8443:master.example.com:8443 root@47.88.54.94

47.88.54.94 是真實的IP, 可是後面誰用就不知道了!!!

瀏覽器打開: https://master.example.com:8443

參考資料

• https://bugzilla.redhat.com/s...
• http://blog.csdn.net/huqigang...
• https://docs.openshift.org/la...
• http://blog.csdn.net/huqigang...