OpenShift是红帽的云开发平台即服务(PaaS)。自由和开放源码的云计算平台使开发人员能够创建、测试和运行他们的应用程序,并且可以把它们部署到云中。OpenShift广泛支持多种编程语言和框架,如Java,Ruby和PHP等。另外它还提供了多种集成开发工具如Eclipse integration,JBoss Developer Studio和 Jenkins等。OpenShift 基于一个开源生态系统为移动应用,数据库服务等,提供支持。
OpenShift Online服务构建在Red Hat Enterprise Linux上。Red Hat Enterprise Linux提供集成应用程序,运行库和一个配置可伸缩的多用户单实例的操作系统,以满足企业级应用的各种需求。
①环境准备
| IP | 版本 | 运行内存 | CPU |
|---|---|---|---|
| 192.168.1.10 | CentOS Linux release 7.6.1810 (Core) | 8G | 4 |
关闭防火墙和selinux
sed -i "s/SELINUX=enforcing/SELINUX=permissive/g" /etc/selinux/config
systemctl stop firewalld
systemctl disable firewalld安装docker
yum install -y yum-utils
yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
yum -y install docker-ce配置docker私有仓库地址
因为openshift安装成功后,会自行启动一个registry的私有仓库镜像以便使用,为了之后不用重新配置后还要重启docker,所以在此先行配置
集群自动启动的registry仓库地址就是172.30.x.x,所以如下配置
systemctl start docker
vim/etc/docker/daemon.json
{
"insecure-registries": ["172.30.0.0/16"]
}
systemctl daemon-reload
systemctl restart docker
systemctl enable docker②开始安装
OpenShift下载地址
建议直接去官网下载这样速度会很快
cd /opt/
wget https://github.com/openshift/origin/releases/download/v3.11.0/openshift-origin-server-v3.11.0-0cbc58b-linux-64bit.tar.gz解压及修改目录名称
tar -zxvf openshift-origin-server-v3.11.0-0cbc58b-linux-64bit.tar.gz
mv openshift-origin-server-v3.11.0-0cbc58b-linux-64bit /opt/openshift-server-v3.11.0修改/etc/profile,加入环境变量
PATH=$PATH:/opt/openshift-server-v3.11.0/
source /etc/profile③启动集群
这里有一点需要注意:启动集群会在当前目录下创建集群配置文件等信息,所以要确保执行启动命令时,所在目录是你想要的目录(相当于安装目录了)
cd /opt/
oc cluster up --skip-registry-check=true --public-hostname="192.168.1.10" --no-proxy="192.168.1.10"参数介绍:
- skip-registry-check 代表是否跳过Docker守护进程注册表什么的检查
- public-hostname 代表暴露在外部供访问的地址
- no-proxy 代表哪些地址不需要转发(如果不加这个,有可能部署成功后访问地址会转发到 localhost 127.0.0.1)
启动成功的最后会有这个输出
le-templates/dancer quickstart" "sample-templates/django quickstart" "sample-templates/railstart" "sample-templates/nodejs quickstart" "sample-templates/jenkins pipeline ephemeral" "samplates/sample pipeline" "sample-templates/mariadb" "sample-templates/mysql" "sample-templatgresql" "sample-templates/cakephp quickstart"
I1116 14:40:22.358695 10834 interface.go:41] Finished installing "centos-imagestreams" "op-image-registry" "openshift-router" "sample-templates" "openshift-web-console-operator" "per-volumes"
Login to server ...
Creating initial project "myproject" ...
Server Information ...
OpenShift server started.
The server is accessible via web console at:
https://192.168.1.10:8443
You are logged in as:
User: developer
Password: <any value>
To login as administrator:
oc login -u system:admin
④测试
登录web界面
https://192.168.1.10:8443
openshift默认用户:
system:admin 使用密钥,无密码
developer/developer
admin/admin
到这里一个简单的openshift集群已经完成了!
⑤扩展内容
(一)集群docker-registry测试
命令行登录集群:
oc login -u system:admin 系统管理员用户,可以查询到所有信息
oc login -u admin -p admin 普通用户登录方式查看环境services等信息
[root@localhost openshift-server-v3.11.0]# oc get pods --all-namespaces
NAMESPACE NAME READY STATUS RESTARTS AGE
default docker-registry-1-tjkpn 1/1 Running 0 41m
default persistent-volume-setup-dktgk 1/1 Running 0 41m
default router-1-2vcbk 1/1 Running 0 41m
kube-dns kube-dns-j9vv4 1/1 Running 0 44m
kube-proxy kube-proxy-mqhd7 1/1 Running 0 44m
kube-system kube-controller-manager-localhost 1/1 Running 0 45m
kube-system kube-scheduler-localhost 1/1 Running 0 44m
kube-system master-api-localhost 1/1 Running 0 43m
kube-system master-etcd-localhost 1/1 Running 0 44m
openshift-apiserver openshift-apiserver-m24bf 1/1 Running 0 44m
openshift-controller-manager openshift-controller-manager-bgk75 1/1 Running 0 41m
openshift-core-operators openshift-service-cert-signer-operator-6d477f986b-9977s 1/1 Running 0 45m
openshift-core-operators openshift-web-console-operator-664b974ff5-948dt 1/1 Running 0 41m
openshift-service-cert-signer apiservice-cabundle-injector-8ffbbb6dc-snt4l 1/1 Running 0 42m
openshift-service-cert-signer service-serving-cert-signer-668c45d5f-wxn6v 1/1 Running 0 42m
openshift-web-console webconsole-547fd977ff-p7rqm 1/1 Running 0 37m
[root@localhost openshift-server-v3.11.0]# oc get all
NAME READY STATUS RESTARTS AGE
pod/docker-registry-1-tjkpn 1/1 Running 0 43m
pod/persistent-volume-setup-dktgk 1/1 Running 0 44m
pod/router-1-2vcbk 1/1 Running 0 43m
NAME DESIRED CURRENT READY AGE
replicationcontroller/docker-registry-1 1 1 1 44m
replicationcontroller/router-1 1 1 1 44m
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/docker-registry ClusterIP 172.30.1.1 <none> 5000/TCP 44m
service/kubernetes ClusterIP 172.30.0.1 <none> 443/TCP 47m
service/router ClusterIP 172.30.255.146 <none> 80/TCP,443/TCP,1936/TCP 44m
NAME DESIRED SUCCESSFUL AGE
job.batch/persistent-volume-setup 1 1 44m
NAME REVISION DESIRED CURRENT TRIGGERED BY
deploymentconfig.apps.openshift.io/docker-registry 1 1 1 config
deploymentconfig.apps.openshift.io/router 1 1 1 config
从输出的信息中可以查看到配置的有私有仓库replicationcontroller/docker-registry-1
查看镜像-n 代表命名空间 看起来这些镜像应该也都是现从openshift的仓库中拉下来的,本地的这个相当于转发仓库
“oc get all -n openshift”
[root@localhost openshift-server-v3.11.0]# oc get all -n openshift
NAME DOCKER REPO TAGS UPDATED
imagestream.image.openshift.io/dotnet 172.30.1.1:5000/openshift/dotnet 2.0,latest 44 minutes ago
imagestream.image.openshift.io/httpd 172.30.1.1:5000/openshift/httpd 2.4,latest 44 minutes ago
imagestream.image.openshift.io/jenkins 172.30.1.1:5000/openshift/jenkins latest,1,2 44 minutes ago
imagestream.image.openshift.io/mariadb 172.30.1.1:5000/openshift/mariadb latest,10.1,10.2 44 minutes ago
imagestream.image.openshift.io/mongodb 172.30.1.1:5000/openshift/mongodb 3.4,3.6,latest + 3 more... 44 minutes ago
imagestream.image.openshift.io/mysql 172.30.1.1:5000/openshift/mysql 5.5,5.6,5.7 + 1 more... 44 minutes ago
imagestream.image.openshift.io/nginx 172.30.1.1:5000/openshift/nginx 1.10,1.12,1.8 + 1 more... 44 minutes ago
imagestream.image.openshift.io/nodejs 172.30.1.1:5000/openshift/nodejs 8-RHOAR,latest,0.10 + 4 more... 44 minutes ago
imagestream.image.openshift.io/perl 172.30.1.1:5000/openshift/perl latest,5.16,5.20 + 2 more... 44 minutes ago
imagestream.image.openshift.io/php 172.30.1.1:5000/openshift/php 7.1,latest,5.5 + 2 more... 44 minutes ago
imagestream.image.openshift.io/postgresql 172.30.1.1:5000/openshift/postgresql 10,9.2,9.4 + 3 more... 44 minutes ago
imagestream.image.openshift.io/python 172.30.1.1:5000/openshift/python 3.4,3.5,3.6 + 3 more... 44 minutes ago
imagestream.image.openshift.io/redis 172.30.1.1:5000/openshift/redis 3.2,latest 44 minutes ago
imagestream.image.openshift.io/ruby 172.30.1.1:5000/openshift/ruby 2.0,2.2,2.3 + 3 more... 44 minutes ago
imagestream.image.openshift.io/wildfly 172.30.1.1:5000/openshift/wildfly 10.1,11.0,12.0 + 5 more... 44 minutes ago
获取镜像测试
[root@localhost openshift-server-v3.11.0]# docker pull 172.30.1.1:5000/openshift/nginx
Using default tag: latest
Error response from daemon: unauthorized: authentication required这样直接去获取镜像,输出Error response from daemon: unauthorized: authentication required,由此可见,获取镜像还需要用户验证,故:
获取用户token(任一用户均可)
[root@localhost openshift-server-v3.11.0]# oc login -u system -p admin
Login successful.
You don't have any projects. You can try to create a new project, by running
oc new-project <projectname>
[root@localhost openshift-server-v3.11.0]# oc whoami -t
8zDcvQGrS-zy0A9Q-ugXGZ6kIr8zkuKNsLWf5l73iQk登录docker-registry仓库
[root@localhost openshift-server-v3.11.0]# docker login 172.30.1.1:5000
Username: system
Password: 刚才获取的token
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store重新获取测试
[root@localhost openshift-server-v3.11.0]# docker pull 172.30.1.1:5000/openshift/nginx
Using default tag: latest
latest: Pulling from openshift/nginx
ab5ef0e58194: Pull complete
b04f3cd8f5dc: Pull complete
4bb32ba4aeb6: Pull complete
0c1ab5ee9c31: Pull complete
41395b31da21: Pull complete
7464432c3f01: Pull complete
0de1e67a7118: Pull complete
209c879d58e3: Pull complete
Digest: sha256:af171c38298e64664a9f999194480ce7e392858e773904df22f7585a1731ad0d
Status: Downloaded newer image for 172.30.1.1:5000/openshift/nginx:latest
172.30.1.1:5000/openshift/nginx:latest
(二)配置openshift开机自启
如果需要开机自启,则可以在/etc/rc.d/rc.local中添加上面集群启动时的命令,就可以实现了
(注意不同环境下需要修改oc命令所在路径和服务器IP)
/opt/openshift-server-v3.11.0/oc cluster up --skip-registry-check=true --public-hostname="192.168.1.10" --no-proxy="192.168.1.10"
(三)集群常用命令
用户相关命令
oc login -u 用户-p 密码 登陆集群
oc logout 登出集群
oc login -u system:admin 系统管理员登录
oc create user admin 创建用户
oc adm policy add-cluster-role-to-user cluster-admin admin 赋予普通用户系统管理员权限
oc whoami 查看当前用户(-t 查看token)
oc get users 查看集群用户集群状态相关命令
oc cluster up 启动集群
oc cluster down 停止集群
oc status 查看集群状态
oc get all 获取环境所有信息
oc get pod 列出集群pod
oc get images 列出集群docker镜像
oc logs -f podname 查看pod日志
oc get project 查询项目列表
oc project <project_name> 切换到项目
oc rsh <project_name> 到容器中执行命令(相当于docker exec -ti)