openshift4离线部署_OpenShift 4.2 离线安装补充记录
OpenShift4.2詳細(xì)安裝參考同事王征的安裝手冊(cè)(感謝王征大師的研究和答疑解惑, 大坑文章都已經(jīng)搞定了,我這里是一些小坑)
因?yàn)槲疫@邊的環(huán)境有些不同,所以這里只是自己的補(bǔ)充記錄,詳細(xì)的需要對(duì)照來(lái)看.
1.架構(gòu)
啟動(dòng)的虛擬機(jī)通過(guò)bridge和主機(jī)網(wǎng)絡(luò)在同一個(gè)網(wǎng)段,ip規(guī)劃保持和文檔一致
Bootstrap nodes
192.168.7.12
master-0.ocp4.redhat.ren
192.168.7.13
master-1.ocp4.redhat.ren
192.168.7.14
master-2.ocp4.redhat.ren
192.168.7.15
worker-0.ocp4.redhat.ren
192.168.7.16
worker-1.ocp4.redhat.ren
192.168.7.17
worker-2.ocp4.redhat.ren
192.168.7.18
2.網(wǎng)絡(luò)
我手頭的機(jī)器是4臺(tái)NUC,每臺(tái)4CPU,32G內(nèi)存,而4.2OCP集群最少需要3臺(tái)master, 1個(gè)bootstrap,1臺(tái)作為負(fù)載均衡,dns解析等工作,再配上幾個(gè)worker節(jié)點(diǎn),因此需要的機(jī)器在6+以上,采用虛擬機(jī)后,OpenShift節(jié)點(diǎn)啟動(dòng)以后的跨主機(jī)網(wǎng)絡(luò)連接就是一個(gè)問(wèn)題。
經(jīng)過(guò)嘗試,采用的是KVM的Bridge模式,具體設(shè)置如下。
在每臺(tái)機(jī)器上設(shè)置
添加一個(gè)br0
[root@base ocp4]# cat /etc/sysconfig/network-scripts/ifcfg-br0
TYPE=Bridge
BOOTPROTO=staticIPADDR=192.168.7.1NETMASK=255.255.255.0GATEWAY=192.168.7.1ONBOOT=yes
DEFROUTE=yes
NAME=br0
DEVICE=br0
PREFIX=25
修改現(xiàn)有的網(wǎng)卡加入br0
[root@base ocp4]# cat /etc/sysconfig/network-scripts/ifcfg-eno1
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=none
#IPADDR=192.168.7.1#NETMASK=255.255.255.0#GATEWAY=192.168.7.1DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=eno1
UUID=4e9504c6-a5c4-4093-88b8-89a153dd66de
DEVICE=eno1
ONBOOT=yes
BRIDGE=br0
重啟網(wǎng)絡(luò)
systemctl restart network
啟動(dòng)以后驗(yàn)證筆記本還能繼續(xù)連接
[root@base ocp4]# ip a1: lo: mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00inet127.0.0.1/8scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128scope host
valid_lft forever preferred_lft forever2: eno1: mtu 1500 qdisc pfifo_fast master br0 state UP group default qlen 1000link/ether 00:1f:c6:9c:56:60brd ff:ff:ff:ff:ff:ff3: wlp3s0: mtu 1500 qdisc noop state DOWN group default qlen 1000link/ether 00:c2:c6:f0:c8:78brd ff:ff:ff:ff:ff:ff4: br0: mtu 1500 qdisc noqueue state UP group default qlen 1000link/ether 00:1f:c6:9c:56:60brd ff:ff:ff:ff:ff:ff
inet192.168.7.1/25 brd 192.168.7.127 scope globalnoprefixroute br0
valid_lft forever preferred_lft forever
inet6 fe80::e458:f6ff:fea8:b655/64scope link
valid_lft forever preferred_lft forever5: virbr0: mtu 1500 qdisc noqueue state DOWN group default qlen 1000link/ether 52:54:00:6d:9d:9f brd ff:ff:ff:ff:ff:ff
inet192.168.122.1/24 brd 192.168.122.255 scope globalvirbr0
valid_lft forever preferred_lft forever6: virbr0-nic: mtu 1500 qdisc pfifo_fast master virbr0 state DOWN group default qlen 1000link/ether 52:54:00:6d:9d:9f brd ff:ff:ff:ff:ff:ff12: vnet0: mtu 1500 qdisc pfifo_fast master br0 state UNKNOWN group default qlen 1000link/ether fe:54:00:9c:66:29brd ff:ff:ff:ff:ff:ff
inet6 fe80::fc54:ff:fe9c:6629/64scope link
valid_lft forever preferred_lft forever20: vnet1: mtu 1500 qdisc pfifo_fast master br0 state UNKNOWN group default qlen 1000link/ether fe:54:00:88:62:de brd ff:ff:ff:ff:ff:ff
inet6 fe80::fc54:ff:fe88:62de/64scope link
valid_lft forever preferred_lft forever
網(wǎng)絡(luò)生效后,應(yīng)該生成的虛擬機(jī)可以訪問(wèn)主機(jī)網(wǎng)絡(luò)。
建立虛擬機(jī)采用的網(wǎng)絡(luò)
[root@base data]# cat virt-net.xml
br0
virsh net-define --file virt-net.xml
virsh net-autostart br0
virsh net-start br0
查看一下
[root@base data]# virsh net-list
Name State Autostart Persistent----------------------------------------------------------br0 active yes yesdefault active yes yes
3. Yum源設(shè)置
參照3.11來(lái)設(shè)置yum源,但有一點(diǎn)要注意,盡量用3.11的高版本,之前用3.11.16來(lái)設(shè)置,結(jié)果導(dǎo)致podman build鏡像到本地有問(wèn)題,后來(lái)替換成3.11.146版本的yum.
[root@base ocp4]# cat /etc/yum.repos.d/base.repo
[base]
name=basebaseurl=http://192.168.7.1:8080/repo/rhel-7-server-rpms/
enabled=1gpgcheck=0[ansible]
name=ansible
baseurl=http://192.168.7.1:8080/repo/rhel-7-server-ansible-2.6-rpms/
enabled=1gpgcheck=0[extra]
name=extra
baseurl=http://192.168.7.1:8080/repo/rhel-7-server-extras-rpms/
enabled=1gpgcheck=0[ose]
name=ose
baseurl=http://192.168.7.1:8080/repo/rhel-7-server-ose-3.11-rpms/
enabled=1gpgcheck=0
4.啟動(dòng)虛擬機(jī)和安裝過(guò)程
指定bridge網(wǎng)絡(luò)啟動(dòng),調(diào)整了網(wǎng)絡(luò)和ram的大小
virt-install --name=ocp4-bootstrap --vcpus=4 --ram=8192\--disk path=/data/kvm/ocp4-bootstrap.qcow2,bus=virtio,size=120\--os-variant rhel8.0 --network bridge=br0,model=virtio \--boot menu=on --cdrom /data/ocp4/bootstrap-static.iso
virt-install --name=ocp4-master0 --vcpus=4 --ram=16384\--disk path=/data/kvm/ocp4-master0.qcow2,bus=virtio,size=120\--os-variant rhel8.0 --network bridge=br0,model=virtio \--boot menu=on --cdrom /data/ocp4/master-0.iso
virt-install --name=ocp4-master1 --vcpus=4 --ram=16384\--disk path=/data/kvm/ocp4-master1.qcow2,bus=virtio,size=120\--os-variant rhel8.0 --network bridge=br0,model=virtio \--boot menu=on --cdrom /data/ocp4/master-1.iso
virt-install --name=ocp4-master2 --vcpus=4 --ram=16384\--disk path=/data/kvm/ocp4-master2.qcow2,bus=virtio,size=120\--os-variant rhel8.0 --network bridge=br0,model=virtio \--boot menu=on --cdrom /data/ocp4/master-2.iso
virt-install --name=ocp4-worker0 --vcpus=4 --ram=8192\--disk path=/data/kvm/ocp4-worker0.qcow2,bus=virtio,size=120\--os-variant rhel8.0 --network bridge=br0,model=virtio \--boot menu=on --cdrom /data/ocp4/worker-0.iso
virt-install --name=ocp4-worker1 --vcpus=4 --ram=8192\--disk path=/data/kvm/ocp4-worker1.qcow2,bus=virtio,size=120\--os-variant rhel8.0 --network bridge=br0,model=virtio \--boot menu=on --cdrom /data/ocp4/worker-1.iso
virt-install --name=ocp4-worker2 --vcpus=4 --ram=8192\--disk path=/data/kvm/ocp4-worker2.qcow2,bus=virtio,size=120\--os-variant rhel8.0 --network bridge=br0,model=virtio \--boot menu=on --cdrom /data/ocp4/worker-2.iso
等大概5分鐘時(shí)間bootstrap會(huì)ready, 可以ready以后在建立其他虛擬機(jī)
等待一段時(shí)間后
在helper節(jié)點(diǎn)上通過(guò)命令查看安裝進(jìn)度
openshift-install wait-for bootstrap-complete --log-level debug
處理完存儲(chǔ)后,還是在helper節(jié)點(diǎn)
[root@helper ocp4]# openshift-install wait-for install-complete
INFO Waiting up to 30m0sfor the cluster at https://api.ocp4.redhat.ren:6443 to initialize...
INFO Waiting up to 10m0s for the openshift-console route to be created...
INFO Install complete!INFO To access the clusteras the system:admin user when using 'oc', run 'export KUBECONFIG=/root/ocp4/auth/kubeconfig'INFO Access the OpenShift web-console here: https://console-openshift-console.apps.ocp4.redhat.ren
INFO Login to the console with user: kubeadmin, password: WRTp9-avPVu-IMWLX-KiIQ2
5. 關(guān)于bootstrap節(jié)點(diǎn)不ready問(wèn)題
剛開始的時(shí)候,haproxy界面中bootstrap一直不ready,登錄到helper上去 sudo -i, podman images看到鏡像為空。
查看192.168.7.1的registry服務(wù),發(fā)現(xiàn)shake hand error.
需要更新install-config.yaml中的additionalTrustBundle,和/etc/crts/redhat.ren.crt 一致
install-config.yaml中需要修改的部分用粗體標(biāo)出
apiVersion: v1
baseDomain: redhat.ren
compute:-hyperthreading: Enabled
name: worker
replicas:3controlPlane:
hyperthreading: Enabled
name: master
replicas:3metadata:
name: ocp4
networking:
clusterNetworks:- cidr: 10.254.0.0/16hostPrefix:24networkType: OpenShiftSDN
serviceNetwork:- 172.30.0.0/16platform:
none: {}
pullSecret:'{"auths":{"registry.redhat.ren": {"auth": "ZHVtbXk6ZHVtbXk=","email": "noemail@localhost"}}}'sshKey:'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCnejC+QkKXqEOj7lSKxpHnnIxPli2iwNveE9apd0QUFgc3xTyaQWyOqbFEsUzR2MnXV36a89DiOVnecVgXZqVDFrDZDRkMLKJTm2U85AExWE0Lmtkxpmyg5OdpFmTBCutpNy2LigG8LTkMPXIgDrfNF+37/BvKzvWdrhR6/dQwqfMGqfRi+PYscD6nUJG5kAzVugalyw8+Sv9CzS+4BMRCZ4EVKu5bB2wl1bw7KCJc+D0nhnc87qGswJquleT7CGi7N2k6/Q1iK80l1KymmwWcwvh+Yf4Nhdk4cxbeSZmPGBQIQMmOUzK0Q4xs3XZd2WvZd/NYj0D83sSCQGXEUkGL root@helper'additionalTrustBundle:|
-----BEGIN CERTIFICATE-----MIIDszCCApugAwIBAgIJAPRFC4yzZOpxMA0GCSqGSIb3DQEBCwUAMHAxCzAJBgNV
BAYTAkNOMQswCQYDVQQIDAJHRDELMAkGA1UEBwwCU1oxGDAWBgNVBAoMD0dsb2Jh
bCBTZWN1cml0eTEWMBQGA1UECwwNSVQgRGVwYXJ0bWVudDEVMBMGA1UEAwwMKi5y
ZWRoYXQucmVuMB4XDTE5MTAxODEwMTAzMFoXDTI5MTAxNTEwMTAzMFowcDELMAkG
A1UEBhMCQ04xCzAJBgNVBAgMAkdEMQswCQYDVQQHDAJTWjEYMBYGA1UECgwPR2xv
YmFsIFNlY3VyaXR5MRYwFAYDVQQLDA1JVCBEZXBhcnRtZW50MRUwEwYDVQQDDAwq
LnJlZGhhdC5yZW4wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDA1Mgq
hGebtpCx93KtaaRw5jDRbxrTdJkZvV6Wyq1BYFRQDKZ3QOcFFOMrLbN7g8Nrw1dl
zgvKLLc1l4god12RgOiM1fOVODoLIk2Z0x2VFbQ7ZIx0jKdKmaNex/fGd/MoLhij
dYtAmZokjs7sw0VNkZLlHzPgR9AXYtJp07zUUL1eRWNTOhO8LxDUviOg2eVy31yW
TrYla1ze7+meTvZs3edr5/dLncZ2PCiyaF6hOEf/t7ev4vA33p6SUY6prgaPaKlb
PiB8+7ZKsucgXd/ikKoCP/0rMcqRSIrpYuudM8Dff8OGxhfL0ChUx3VkKd2t5T3l
N3717qj+siuUb7OLAgMBAAGjUDBOMB0GA1UdDgQWBBTwuyzX5stt+Pyrs7VIr508
1VMR8zAfBgNVHSMEGDAWgBTwuyzX5stt+Pyrs7VIr5081VMR8zAMBgNVHRMEBTAD
AQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBhhicfn9fY+PAxnVNn7R0PscxbYof4DVv3
lqkkO6BCLkHUivljxjU7OYpxkva34vSuK1WVZf74Mbif7NkzVS3EG0+b0h+8EcQ+Fnv4qyKBfs8LG/V/A0ukAD5AYP098jsj5tmREbnFbMy7UojVEK54w6262iefvg0b
uT5I0Y3jLljIlsxSbX4tTXjX0X/KHXK4PJ7hqdRLXnD4CgWKHjU6yNQS+sZg83VC
jsZpKl5eSBqOdXB1CFteZm571/AXlagcyGf9hvK4fV2ybQoOxgkZt9zyUvtm3myb
S5FAo4B5IvEhkge+jvolj31AWnB4v6GX0TgWotJd52GUpWDJDr5T-----END CERTIFICATE-----imageContentSources:-mirrors:- registry.redhat.ren/ocp4/openshift4
source: quay.io/openshift-release-dev/ocp-release-mirrors:- registry.redhat.ren/ocp4/openshift4
source: quay.io/openshift-release-dev/ocp-v4.0-art-dev
6.證書過(guò)期問(wèn)題
登錄helper通過(guò)命令行去查安裝進(jìn)度
需要重新刪除openshift-install?create ignition-configs 生成的部分。從下面這段重新開始
/bin/rm -rf *.ign .openshift_install_state.json auth bootstrap master0 master1 master2 worker0 worker1 worker2
openshift-install create ignition-configs --dir=/root/ocp4
當(dāng)然我的問(wèn)題是各機(jī)器的時(shí)間不同步,設(shè)置完時(shí)間同步后問(wèn)題重新做問(wèn)題解決。
7.image-registry-storage問(wèn)題
在安裝過(guò)程中,需要執(zhí)行
bash ocp4-upi-helpernode-master/files/nfs-provisioner-setup.sh
去創(chuàng)建nfs-provisioner的project同時(shí)部署一個(gè)pod,用于創(chuàng)建pvc
等待pod啟動(dòng)完成后(注意查看他的狀態(tài))
oc edit configs.imageregistry.operator.openshift.io
# 修改 storage 部分
# storage:
# pvc:
# claim:
把claim置空,之前是指向image-registry-storage的pvc的。修改完成后應(yīng)該會(huì)促使pod創(chuàng)建一個(gè)pvc:image-registry-storage
可以通過(guò)
oc get pvc --all-namespaces
來(lái)查看是否成功。pvc會(huì)申請(qǐng)100G的空間,如果磁盤上沒(méi)有這么多空間的化,pvc就會(huì)在pending狀態(tài)。
oc get clusteroperator image-registry
狀態(tài)也會(huì)是False, image-registry的pod會(huì)是Pending狀態(tài),導(dǎo)致集群創(chuàng)建無(wú)法繼續(xù)。
如果狀態(tài)不對(duì),可以先刪除pvc,然后再修改configs.imageregistry.operator.openshift.io,會(huì)觸發(fā)創(chuàng)建。
只有當(dāng)image-registry的co狀態(tài)為True后,然后再運(yùn)行
openshift-install wait-for install-complete
等待集群繼續(xù)往下執(zhí)行。
8.DNS配置
除了生成的zonefile.db不變外,為了解析registry.redhat.ren,加入registry.zonefile.db
/etc/named.conf
########### Add what's between these comments ###########
zone "ocp4.redhat.ren"IN {
type master;
file"zonefile.db";
};
zone"7.168.192.in-addr.arpa"IN {
type master;
file"reverse.db";
};
########################################################
zone"redhat.ren"IN {
type master;
file"registry.zonefile.db";
};
[root@helper named]# cat registry.zonefile.db
$TTL 1W
@ IN SOA ns1.redhat.ren. root (2019120205; serial
3H ; refresh (3hours)
30M ; retry (30minutes)
2W ; expiry (2weeks)
1W ) ; minimum (1week)
IN NS ns1.redhat.ren.
IN MX10smtp.redhat.ren.
;
;
ns1 IN A192.168.7.11smtp IN A192.168.7.11;
registry IN A192.168.7.1registry IN A192.168.7.1;
;EOF
[root@helper named]# cat reverse.db
$TTL 1W
@ IN SOA ns1.ocp4.redhat.ren. root (2019120205; serial
3H ; refresh (3hours)
30M ; retry (30minutes)
2W ; expiry (2weeks)
1W ) ; minimum (1week)
IN NS ns1.ocp4.redhat.ren.
;
; syntaxis "last octet"and the host must have fqdn with trailing dot13 IN PTR master-0.ocp4.redhat.ren.14 IN PTR master-1.ocp4.redhat.ren.15 IN PTR master-2.ocp4.redhat.ren.
;12IN PTR bootstrap.ocp4.redhat.ren.
;11IN PTR api.ocp4.redhat.ren.11 IN PTR api-int.ocp4.redhat.ren.
;16 IN PTR worker-0.ocp4.redhat.ren.17 IN PTR worker-1.ocp4.redhat.ren.18 IN PTR worker-2.ocp4.redhat.ren.
;1IN PTR registry.redhat.ren.
;EOF
安裝完后訪問(wèn)
美中不足是Operatorhub沒(méi)有內(nèi)容,也需要離線安裝
在Helper機(jī)器上
cd ~/ocp4
export KUBECONFIG=auth/kubeconfig
[root@helper ocp4]# ocgetnodes
NAME STATUS ROLES AGE VERSION
master-0.ocp4.redhat.ren Ready master 71m v1.14.6+c07e432da
master-1.ocp4.redhat.ren Ready master 71m v1.14.6+c07e432da
master-2.ocp4.redhat.ren Ready master 71m v1.14.6+c07e432da
worker-0.ocp4.redhat.ren Ready worker 71m v1.14.6+c07e432da
worker-1.ocp4.redhat.ren Ready worker 71m v1.14.6+c07e432da
worker-2.ocp4.redhat.ren Ready worker 71m v1.14.6+c07e432da
裝機(jī)現(xiàn)場(chǎng)
總結(jié)
以上是生活随笔為你收集整理的openshift4离线部署_OpenShift 4.2 离线安装补充记录的全部?jī)?nèi)容,希望文章能夠幫你解決所遇到的問(wèn)題。
- 上一篇: Netflix 在加拿大、新西兰、西班牙
- 下一篇: 最大似然估计_状态估计的基本概念(2)最