🎹 个人简介:大家好,我是 金鱼哥,CSDN运维领域新星创作者,华为云·云享专家,阿里云社区·专家博主
📚个人资质: CCNA、HCNP、CSNA(网络分析师),软考初级、中级网络工程师、RHCSA、RHCE、RHCA、RHCI、ITIL😜
💬格言:努力不一定成功,但要想成功就必须努力🔥🎈支持我:可点赞👍、可收藏⭐️、可留言📝
@[toc]
📜安装准备概述
Red Hat OpenShift容器平台是由Red Hat作为RPM包和容器映像两种类型存在。RPM包使用订阅管理器从标准Red Hat存储库(即Yum存储库)下载,容器镜像来自Red Hat私有仓库。
OpenShift容器平台安装需要多个服务器,支持服务器或虚拟机的多种形式。同时为了简化OpenShift集群的部署,Red Hat提供了一个基于Ansible的安装程序,它可以通过交互运行,也可以使用包含环境配置细节的应答文件以自动的非交互方式运行。
在运行安装程序之前,需要执行一些预安装任务,以及安装后的安装任务,以获得功能齐全的OpenShift容器平台集群。RedHat为安装OpenShift容器平台提供了两种不同的方法。
- 第一种方法使用快速安装程序,可用于简单的集群设置。
- 第二种方法是较为精细的安装方式,并使用Ansible playbook来自动化该过程。
本实验使用Ansible来自动配置OpenShift集群。同时,Ansible可以为OpenShift安装准备主机,例如包安装、禁用服务和客户化配置。
📜节点准备
需要相应的master和node节点互通,并且配置master至所有节点的免秘钥登录。同时能解析所有FQDN,及注册相应repo库。
提示:以上准备工作也可通过Ansible直接跑相应的yml完成。
📜课本练习
📑1 环境准备
[student@workstation ~]$ lab install-prepare setup # 运行准备脚本
📑2 安装Ansible
[student@workstation ~]$ rpm -qa | grep ansible
[student@workstation ~]$ sudo yum -y install ansible
📑3 验证Ansible
[student@workstation ~]$ ansible --version
ansible 2.4.3.0
config file = /etc/ansible/ansible.cfg
configured module search path = [u'/home/student/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python2.7/site-packages/ansible
executable location = /usr/bin/ansible
python version = 2.7.5 (default, Feb 20 2018, 09:19:12) [GCC 4.8.5 20150623 (Red Hat 4.8.5-28)]
[student@workstation ~]$ cd /home/student/DO280/labs/install-prepare/
[student@workstation installprepare]$cat ansible.cfg
[defaults]
remote_user = student
inventory = ./inventory
log_path = ./ansible.log
[privilege_escalation]
become = yes
become_user = root
become_method = sudo
[student@workstation install-prepare]$ cat inventory
[workstations]
workstation.lab.example.com
[nfs]
services.lab.example.com
[masters]
master.lab.example.com
[etcd]
master.lab.example.com
[nodes]
master.lab.example.com
node1.lab.example.com
node2.lab.example.com
[OSEv3:children]
masters
etcd
nodes
nfs
#Variables needed by the prepare_install.yml playbook.
[nodes:vars]
registry_local=registry.lab.example.com
use_overlay2_driver=true
insecure_registry=false
run_docker_offline=true
docker_storage_device=/dev/vdb
📑Inventory文件解释:
Inventory定义了六个主机组:
- workstations:为developer节点,即运行playbook的节点;
- nfs:为集群存储提供nfs服务的环境中的vm;
- masters:OpenShift集群中用作master角色的节点;
- etcd:用于OpenShift集群的etcd服务的节点,本环境中使用master节点;
- node:OpenShift集群中的node节点;
- OSEv3:组成OpenShift集群的所有节点,包括master、etcd、node或nfs组中的节点。
注意:默认情况下,docker使用在线仓库下载容器镜像。本环境内部无网络,因此将docker仓库配置为内部私有仓库。在yml中使用变量引入仓库配置。此外,安装会在每个主机上配置docker守护进程,以使用overlay2 image驱动程序存储容器映像。Docker支持许多不同的image驱动。如AUFS、Btrfs、Device mapper、OverlayFS。
📑4 检查节点连通性
[student@workstation install-prepare]$ cat ping.yml
---
- name: Verify Connectivity
hosts: all
gather_facts: no
tasks:
- name: "Test connectivity to machines."
shell: "whoami"
changed_when: false
[student@workstation install-prepare]$ ansible-playbook -v ping.yml
Using /home/student/DO280/labs/install-prepare/ansible.cfg as config file
PLAY [Verify Connectivity] *******************************************************************************************
TASK [Test connectivity to machines.] ********************************************************************************
ok: [workstation.lab.example.com] => {"changed": false, "cmd": "whoami", "delta": "0:00:00.004528", "end": "2021-02-24 21:49:13.107527", "rc": 0, "start": "2021-02-24 21:49:13.102999", "stderr": "", "stderr_lines": [], "stdout": "root", "stdout_lines": ["root"]}
ok: [master.lab.example.com] => {"changed": false, "cmd": "whoami", "delta": "0:00:00.006375", "end": "2021-02-24 21:49:13.158534", "rc": 0, "start": "2021-02-24 21:49:13.152159", "stderr": "", "stderr_lines": [], "stdout": "root", "stdout_lines": ["root"]}
ok: [node1.lab.example.com] => {"changed": false, "cmd": "whoami", "delta": "0:00:00.005058", "end": "2021-02-24 21:49:13.161850", "rc": 0, "start": "2021-02-24 21:49:13.156792", "stderr": "", "stderr_lines": [], "stdout": "root", "stdout_lines": ["root"]}
ok: [node2.lab.example.com] => {"changed": false, "cmd": "whoami", "delta": "0:00:00.004414", "end": "2021-02-24 21:49:13.168739", "rc": 0, "start": "2021-02-24 21:49:13.164325", "stderr": "", "stderr_lines": [], "stdout": "root", "stdout_lines": ["root"]}
ok: [services.lab.example.com] => {"changed": false, "cmd": "whoami", "delta": "0:00:00.004306", "end": "2021-02-24 21:49:13.226978", "rc": 0, "start": "2021-02-24 21:49:13.222672", "stderr": "", "stderr_lines": [], "stdout": "root", "stdout_lines": ["root"]}
PLAY RECAP ***********************************************************************************************************
master.lab.example.com : ok=1 changed=0 unreachable=0 failed=0
node1.lab.example.com : ok=1 changed=0 unreachable=0 failed=0
node2.lab.example.com : ok=1 changed=0 unreachable=0 failed=0
services.lab.example.com : ok=1 changed=0 unreachable=0 failed=0
workstation.lab.example.com : ok=1 changed=0 unreachable=0 failed=0
whoami命令的输出应该是root。这表明Ansible可以使用sudo命令升级特权。
📑5 确认剧本yml
[student@workstation install-prepare]$ cat prepare_install.yml
---
- name: "Host Preparation: Docker tasks"
hosts: nodes
roles:
- docker-storage
- docker-registry-cert
- openshift-node
#Tasks below were not handled by the roles above.
tasks:
- name: Student Account - Docker Access
user:
name: student
groups: docker
append: yes
...
docker-storage内容如下,该role定义相关docker的后端存储驱动以及创建docker所需的image存储路径,并最终启动docker。
[student@workstation install-prepare]$ cat roles/docker-storage/tasks/main.yml
---
- block:
- name: Customize default /etc/sysconfig/docker-storage-setup
template:
src: docker-storage-setup
dest: /etc/sysconfig/docker-storage-setup
owner: root
group: root
mode: 0644
when: not use_overlay2_driver
- name: Customize /etc/sysconfig/docker-storage-setup using overlay2 storage driver
template:
src: docker-storage-setup-overlay2
dest: /etc/sysconfig/docker-storage-setup
owner: root
group: root
mode: 0644
when: use_overlay2_driver
- name: Verify existence of /dev/docker-vg/docker-pool
stat:
path: /dev/docker-vg/docker-pool
register: p
- name: Stop docker
service:
name: docker
state: stopped
when: p.stat.exists == False
- name: Remove loopback docker files
file:
dest: /var/lib/docker
state: absent
when: p.stat.exists == False
- name: Run docker-storage-setup
command: /usr/bin/docker-storage-setup
when: p.stat.exists == False
- name: Start and enable docker
service:
name: docker
state: started
when: p.stat.exists == False
when: docker_storage_device is defined
[student@workstation install-prepare]$ cat roles/docker-storage/templates/docker-storage-setup
DEVS={{ docker_storage_device }}
VG=docker-vg
SETUP_LVM_THIN_POOL=yes
[student@workstation install-prepare]$ cat roles/docker-storage/templates/docker-storage-setup-overlay2
DEVS={{ docker_storage_device }}
VG=docker-vg
STORAGE_DRIVER=overlay2
DATA_SIZE=95%VG
CONTAINER_ROOT_LV_NAME=docker-pool
CONTAINER_ROOT_LV_MOUNT_PATH=/var/lib/docker
CONTAINER_ROOT_LV_SIZE=100%FREE
docke-rregistry-cert内容如下,该role定义相关docker的使用私有仓库,并且导入了相关crt证书。
[student@workstation install-prepare]$ cat roles/docker-registry-cert/tasks/main.yml
---
- name: Enable the Trust
shell: update-ca-trust enable
- name: Retrieve the certificate
fetch:
src: "{{ cacert }}"
dest: "{{ local_destination }}"
delegate_to: "{{ registry_host }}"
- name: Copy the certificate
copy:
src: "{{ source }}"
dest: "{{ destination }}"
owner: root
group: root
mode: 0755
- name: Update the Trust
shell: update-ca-trust extract
- name: Restart Docker
service:
name: docker
state: restarted
[student@workstation install-prepare]$ cat roles/docker-registry-cert/vars/main.yml
registry_host: services.lab.example.com
cacert: /etc/pki/tls/certs/example.com.crt
local_destination: /tmp/
source: "/tmp/{{ ansible_fqdn }}/etc/pki/tls/certs/example.com.crt"
destination: /etc/pki/ca-trust/source/anchors/example.com.crt
openshift-node内容如下,该role定义相关安装OpenShift所需的所有依赖包任务。
[student@workstation install-prepare]$ ll roles/openshift-node/files/
total 4
-rw-r--r--. 1 student student 389 Jul 19 2018 id_rsa.pub
[student@workstation install-prepare]$ cat roles/openshift-node/tasks/main.yml
---
- name: Deploy ssh key to root at all nodes
authorized_key:
user: root
key: "{{ item }}"
with_file:
- id_rsa.pub
- name: Install required packages
yum:
name: "{{ item }}"
state: latest
with_items:
- wget
- git
- net-tools
- bind-utils
- iptables-services
- bridge-utils
- bash-completion
- kexec-tools
- sos
- psacct
- atomic-openshift-clients
- atomic-openshift-utils
- atomic-openshift
📑6 运行playbook
[student@workstation install-prepare]$ ansible-playbook prepare_install.yml
PLAY [Host Preparation: Docker tasks] ********************************************************************************
TASK [Gathering Facts] ***********************************************************************************************
ok: [master.lab.example.com]
ok: [node2.lab.example.com]
ok: [node1.lab.example.com]
………………
提示:该准备工作将完成如下操作:
- 在每个节点上安装并运行Docker;
- 在每个节点上Docker使用一个逻辑卷存储;
- 每个节点使用自签名证书信任私有Docker仓库;
- 在每个节点上都会安装基本包。
📑7 确认验证
验证docker服务
[student@workstation install-prepare]$ for vm in master node1 node2; do
echo -e "\n$vm"
ssh $vm sudo systemctl status docker | head -n3
done
查看docker使用的lvm
[student@workstation install-prepare]$ for vm in master node1 node2; do
echo -e "\n$vm : lvs"
ssh $vm sudo lvs
echo -e "\n$vm : df -h"
ssh $vm sudo df -h | grep vg-docker
done
测试pull image
[student@workstation install-prepare]$ for vm in master node1 node2; do
echo -e "\n$vm"
ssh $vm docker pull rhel7:latest
done
检查相关依赖包是否安装成功
[student@workstation install-prepare]$ for vm in master node1 node2; do
echo -e "\n$vm"
ssh $vm rpm -qa wget git net-tools bind-utils \
yum-utils iptables-services bridge-utils bash-completion \
kexec-tools sos psacct atomic-openshift-utils
done
📜课外
检查那些选项可自我编写playbook进行查看
---
- name: Verify the task
hosts: nodes
become: yes
gather_facts: no
tasks:
- name: test the docker service
shell: "systemctl status docker | head -n 3"
register: service
- name: show the lvs
shell: "lvs && df -h | grep docker"
register: lvs
- name: query the rpm
shell: "rpm -qa wget git net-tools bind-utils yum-utils iptables-services bridge-utils bash-completion kexec-tools sos psacct atomic-openshift-utils "
register: rpm
- debug: msg="{{ service }},{{ lvs }},{{ rpm }}"
💡总结
RHCA认证需要经历5门的学习与考试,还是需要花不少时间去学习与备考的,好好加油,可以噶🤪。
以上就是【金鱼哥】对 第二章 OpenShift安装与部署--安装前准备 的简述和讲解。希望能对看到此文章的小伙伴有所帮助。
💾 红帽认证专栏系列:
RHCSA专栏: 戏说 RHCSA 认证
RHCE专栏: 戏说 RHCE 认证
此文章收录在RHCA专栏: RHCA 回忆录
如果这篇【文章】有帮助到你,希望可以给【金鱼哥】点个赞👍,创作不易,相比官方的陈述,我更喜欢用【通俗易懂】的文笔去讲解每一个知识点。
如果有对【运维技术】感兴趣,也欢迎关注❤️❤️❤️ 【金鱼哥】❤️❤️❤️,我将会给你带来巨大的【收获与惊喜】💕💕!