離線安裝 openshift 需要將安裝過程中用的 rpm 包、docker image 以及 openshift-ansible 代碼 在一臺聯網的機器上提前下載好。
本安裝文檔, 不包含 s2i 相關鏡像和監控組件的離線安裝。
本安裝文檔基于 RHEL 7.3,與 openshift 兼容的 docker rpm 包版本為 v1.9.1, 由于版本較老, api 與最新版本有出入,例如:不支持 digist 最為 tag。
如果使用 CentOS 則可安裝最新版 docker。
聯網設備下載所需軟件
本節操作,需要在一臺能聯網的 RHEL7.3 系統(與安裝 openshift 的目標機保持一致即可)上進行。
準備 RPM 包
搭建本地 YUM 源(假設 iso 掛載在 /mnt 目錄)
cat > /etc/yum.repos.d/local.repo <<'eof'
[iso-repo]
name=Local iso repo
baseurl=file:///mnt/
enable=1
gpgcheck=0
eof
添加 openshift 相關 YUM 源
cat > /etc/yum.repos.d/openshift-ansible-centos-paas-sig.repo <<'eof'
[centos-openshift-origin]
name=CentOS OpenShift Origin
baseurl=http://mirror.centos.org/centos/7/paas/x86_64/openshift-origin/
enabled=1
gpgcheck=0
gpgkey=file:///etc/pki/rpm-gpg/openshift-ansible-CentOS-SIG-PaaS
[centos-openshift-origin-testing]
name=CentOS OpenShift Origin Testing
baseurl=http://buildlogs.centos.org/centos/7/paas/x86_64/openshift-origin/
enabled=0
gpgcheck=0
gpgkey=file:///etc/pki/rpm-gpg/openshift-ansible-CentOS-SIG-PaaS
[centos-openshift-origin-debuginfo]
name=CentOS OpenShift Origin DebugInfo
baseurl=http://debuginfo.centos.org/centos/7/paas/x86_64/
enabled=0
gpgcheck=0
gpgkey=file:///etc/pki/rpm-gpg/openshift-ansible-CentOS-SIG-PaaS
[centos-openshift-origin-source]
name=CentOS OpenShift Origin Source
baseurl=http://vault.centos.org/centos/7/paas/Source/openshift-origin/
enabled=0
gpgcheck=0
gpgkey=file:///etc/pki/rpm-gpg/openshift-ansible-CentOS-SIG-PaaS
eof
添加 etcd 相關 YUM 源
cat > /etc/yum.repos.d/CentOS-Base.repo.repo <<'eof'
[extras]
name=CentOS-$releasever - Extras
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=extras&infra=$infra
baseurl=http://mirror.centos.org/centos/7.3.1611/extras/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
eof
通過 yum 命令安裝相關軟件包時,可以選擇 “d”(只下載、不安裝),或者使用 --downloadonly
參數來獲取相關的 rpm 及其全部依賴。
master 節點涉及的包
- origin-master-1.5.1-1.el7.x86_64
- origin-1.5.1-1.el7.x86_64
- origin-node-1.5.1-1.el7.x86_64
- origin-sdn-ovs-1.5.1-1.el7.x86_64
- origin-clients-1.5.1-1.el7.x86_64
- tuned-profiles-origin-node-1.5.1-1.el7.x86_64
node 節點涉及的包
- origin-clients-1.5.1-1.el7.x86_64
- origin-1.5.1-1.el7.x86_64
- origin-node-1.5.1-1.el7.x86_64
- origin-sdn-ovs-1.5.1-1.el7.x86_64
- tuned-profiles-origin-node-1.5.1-1.el7.x86_64
etcd 涉及的包
- etcd-3.1.9-1.el7
其他
- docker
- iproute
- python-dbus
- python-six
- PyYAML
- yum-utils
- ansible
下載 rpm 包
yum install --downloadonly PyYAML ansible docker etcd-3.1.9-1.el7 iproute origin-1.5.1-1.el7.x86_64 origin-1.5.1-1.el7.x86_64 origin-clients-1.5.1-1.el7.x86_64 origin-clients-1.5.1-1.el7.x86_64 origin-master-1.5.1-1.el7.x86_64 origin-node-1.5.1-1.el7.x86_64 origin-node-1.5.1-1.el7.x86_64 origin-sdn-ovs-1.5.1-1.el7.x86_64 origin-sdn-ovs-1.5.1-1.el7.x86_64 python-dbus python-six tuned-profiles-origin-node-1.5.1-1.el7.x86_64 tuned-profiles-origin-node-1.5.1-1.el7.x86_64 yum-utils
下載的 rpm 位于/var/cache/yum/,可以使用如下命令,將 rpm 拷出備用:
mkdir rpms
find /var/cache/yum/ -iname '*.rpm' -exec cp {} rpms/ \;
位于本地 YUM 源中的 rpm 不會被下載,所以在安裝 openshift 的目標機器上也需要搭建本地 YUM 源。
準備 docker images
安裝 docker
yum install -y docker
安裝過程涉及的 docker 鏡像
- docker.io/busybox:latest
- docker.io/openshift/origin-haproxy-router:v1.5.1
- docker.io/openshift/origin-deployer:v1.5.1
- docker.io/openshift/origin-sti-builder:v1.5.1
- docker.io/openshift/origin-pod:v1.5.1
- docker.io/openshift/origin-docker-registry:v1.5.1
- docker.io/cockpit/kubernetes:latest
- docker.io/openshift/origin-metrics-cassandra:latest
- docker.io/openshift/origin-metrics-hawkular-metrics:latest
- docker.io/openshift/origin-metrics-heapster:latest
拉取鏡像
docker pull docker.io/busybox:latest docker.io/openshift/origin-haproxy-router:v1.5.1 docker.io/openshift/origin-deployer:v1.5.1 docker.io/openshift/origin-sti-builder:v1.5.1 docker.io/openshift/origin-pod:v1.5.1 docker.io/openshift/origin-docker-registry:v1.5.1 docker.io/cockpit/kubernetes:latest docker.io/openshift/origin-metrics-cassandra:latest docker.io/openshift/origin-metrics-hawkular-metrics:latest docker.io/openshift/origin-metrics-heapster:latest
將鏡像導出為 tar 包
docker save -o oso1.5.1-images.tar docker.io/busybox:latest docker.io/openshift/origin-haproxy-router:v1.5.1 docker.io/openshift/origin-deployer:v1.5.1 docker.io/openshift/origin-sti-builder:v1.5.1 docker.io/openshift/origin-pod:v1.5.1 docker.io/openshift/origin-docker-registry:v1.5.1 docker.io/cockpit/kubernetes:latest docker.io/openshift/origin-metrics-cassandra:latest docker.io/openshift/origin-metrics-hawkular-metrics:latest docker.io/openshift/origin-metrics-heapster:latest
拉取 playbook 代碼
git clone https://github.com/openshift/openshift-ansible
離線設備安裝
將準備好的 rpm 包、鏡像導出的 tar 包、playbook 代碼 拷貝到所有目標機器。
本節相關操作,在需要安裝 openshift 的設備上執行(離線環境)
本文檔,以兩節點 openshift 安裝為示例。
安裝 rpm
使用操作系統鏡像,搭建本地 YUM 源
mount /dev/sr0 /mnt/
cat > /etc/yum.repos.d/local.repo <<'eof'
[iso-repo]
name=Local iso repo
baseurl=file:///mnt/
enable=1
gpgcheck=0
eof
安裝 rpm 包
cd rpms
yum install ./*.rpm
刪除 rpm 安裝后生成的配置文件
rm -rf /etc/origin/*
導入 docker 鏡像
docker load -i ose3-images.tar
準備 playbook 代碼
OpenShift-ansible 需要切換至于安裝的 OpenShift 對應的版本,OpenShift v1.5.1 對應 OpenShift-ansible v3.5.1
cd openshift-ansible
git checkout openshift-ansible-3.5.1-1
注釋掉< openshift-ansible home >/roles/openshift_repos/tasks/main.yaml 文件中的 “Configure origin yum repositories RHEL/CentOS” task,禁止生成 openshift yum repo 文件
[root@master openshift-ansible]# cat roles/openshift_repos/tasks/main.yaml
---
# TODO: Add flag for enabling EPEL repo, default to false
# TODO: Add subscription-management config, with parameters
# for username, password, poolid(name), and official repos to
# enable/disable. Might need to make a module that extends the
# subscription management module to take a poolid and enable/disable the
# proper repos correctly.
- assert:
that: openshift_deployment_type in known_openshift_deployment_types
when: not openshift.common.is_containerized | bool
- name: Ensure libselinux-python is installed
package: name=libselinux-python state=present
when: not openshift.common.is_containerized | bool
- name: Create any additional repos that are defined
template:
src: yum_repo.j2
dest: /etc/yum.repos.d/openshift_additional.repo
when: openshift_additional_repos | length > 0 and not openshift.common.is_containerized | bool
notify: refresh cache
- name: Remove the additional repos if no longer defined
file:
dest: /etc/yum.repos.d/openshift_additional.repo
state: absent
when: openshift_additional_repos | length == 0 and not openshift.common.is_containerized | bool
notify: refresh cache
- name: Configure origin gpg keys if needed
copy:
src: origin/gpg_keys/openshift-ansible-CentOS-SIG-PaaS
dest: /etc/pki/rpm-gpg/
notify: refresh cache
when: ansible_os_family == "RedHat" and ansible_distribution != "Fedora"
and openshift_deployment_type == 'origin'
and not openshift.common.is_containerized | bool
and openshift_enable_origin_repo | default(true) | bool
#- name: Configure origin yum repositories RHEL/CentOS
# copy:
# src: origin/repos/openshift-ansible-centos-paas-sig.repo
# dest: /etc/yum.repos.d/
# notify: refresh cache
# when: ansible_os_family == "RedHat" and ansible_distribution != "Fedora"
# and openshift_deployment_type == 'origin'
# and not openshift.common.is_containerized | bool
# and openshift_enable_origin_repo | default(true) | bool
其他配置
在 /etc/hosts 中添加相關機器的域名解析
192.168.12.170 master.openshift.blabla.local
192.168.12.171 node.openshift.blabla.local
配置 ssh 無密碼登錄
ssh-keygen
ssh-copy-id -i ~/.ssh/id_rsa.pub 192.168.12.170
ssh-copy-id -i ~/.ssh/id_rsa.pub 192.168.12.171
安裝 openshift
本小結操作,在 master 節點進行
在 /etc/ansible/hosts 中配置節點信息
# Create an OSEv3 group that contains the masters, nodes, and etcd groups
[OSEv3:children]
masters
nodes
etcd
# Set variables common for all OSEv3 hosts
[OSEv3:vars]
ansible_ssh_user=root
deployment_type=origin
[masters]
master.openshift.blabla.local
# host group for etcd
[etcd]
node.openshift.blabla.local
# host group for nodes, includes region info
[nodes]
master.openshift.blabla.local openshift_node_labels="{'region': 'infra', 'zone': 'default'}"
node.openshift.blabla.local openshift_node_labels="{'region': 'primary', 'zone': 'west'}"
ansible ping測試:
[root@master ~]# ansible all -m ping
master.openshift.blabla.local | SUCCESS => {
"changed": false,
"ping": "pong"
}
node02.openshift.blabla.local | SUCCESS => {
"changed": false,
"ping": "pong"
}
安裝
ansible-playbook playbooks/byo/config.yml
執行 ansible-playbook 之前,務必確認各節點主機名是否正確