離線安裝 openshift 需要將安裝過程中用的 rpm 包、docker image 以及 openshift-ansible 代碼 在一臺聯網的機器上提前下載好。

本安裝文檔， 不包含 s2i 相關鏡像和監控組件的離線安裝。
本安裝文檔基于 RHEL 7.3，與 openshift 兼容的 docker rpm 包版本為 v1.9.1， 由于版本較老， api 與最新版本有出入，例如：不支持 digist 最為 tag。
如果使用 CentOS 則可安裝最新版 docker。

聯網設備下載所需軟件

本節操作，需要在一臺能聯網的 RHEL7.3 系統（與安裝 openshift 的目標機保持一致即可）上進行。

準備 RPM 包

搭建本地 YUM 源(假設 iso 掛載在 /mnt 目錄)

cat > /etc/yum.repos.d/local.repo <<'eof'
[iso-repo]
name=Local iso repo
baseurl=file:///mnt/
enable=1
gpgcheck=0
eof

添加 openshift 相關 YUM 源

cat > /etc/yum.repos.d/openshift-ansible-centos-paas-sig.repo <<'eof'
[centos-openshift-origin]
name=CentOS OpenShift Origin
baseurl=http://mirror.centos.org/centos/7/paas/x86_64/openshift-origin/
enabled=1
gpgcheck=0
gpgkey=file:///etc/pki/rpm-gpg/openshift-ansible-CentOS-SIG-PaaS

[centos-openshift-origin-testing]
name=CentOS OpenShift Origin Testing
baseurl=http://buildlogs.centos.org/centos/7/paas/x86_64/openshift-origin/
enabled=0
gpgcheck=0
gpgkey=file:///etc/pki/rpm-gpg/openshift-ansible-CentOS-SIG-PaaS

[centos-openshift-origin-debuginfo]
name=CentOS OpenShift Origin DebugInfo
baseurl=http://debuginfo.centos.org/centos/7/paas/x86_64/
enabled=0
gpgcheck=0
gpgkey=file:///etc/pki/rpm-gpg/openshift-ansible-CentOS-SIG-PaaS

[centos-openshift-origin-source]
name=CentOS OpenShift Origin Source
baseurl=http://vault.centos.org/centos/7/paas/Source/openshift-origin/
enabled=0
gpgcheck=0
gpgkey=file:///etc/pki/rpm-gpg/openshift-ansible-CentOS-SIG-PaaS
eof

添加 etcd 相關 YUM 源

cat > /etc/yum.repos.d/CentOS-Base.repo.repo <<'eof'
[extras]
name=CentOS-$releasever - Extras
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=extras&infra=$infra
baseurl=http://mirror.centos.org/centos/7.3.1611/extras/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
eof

通過 yum 命令安裝相關軟件包時，可以選擇 “d”（只下載、不安裝），或者使用 --downloadonly 參數來獲取相關的 rpm 及其全部依賴。

master 節點涉及的包

• origin-master-1.5.1-1.el7.x86_64
• origin-1.5.1-1.el7.x86_64
• origin-node-1.5.1-1.el7.x86_64
• origin-sdn-ovs-1.5.1-1.el7.x86_64
• origin-clients-1.5.1-1.el7.x86_64
• tuned-profiles-origin-node-1.5.1-1.el7.x86_64

node 節點涉及的包

• origin-clients-1.5.1-1.el7.x86_64
• origin-1.5.1-1.el7.x86_64
• origin-node-1.5.1-1.el7.x86_64
• origin-sdn-ovs-1.5.1-1.el7.x86_64
• tuned-profiles-origin-node-1.5.1-1.el7.x86_64

etcd 涉及的包

• etcd-3.1.9-1.el7

其他

• docker
• iproute
• python-dbus
• python-six
• PyYAML
• yum-utils
• ansible

下載 rpm 包

yum install --downloadonly PyYAML ansible docker etcd-3.1.9-1.el7 iproute origin-1.5.1-1.el7.x86_64 origin-1.5.1-1.el7.x86_64 origin-clients-1.5.1-1.el7.x86_64 origin-clients-1.5.1-1.el7.x86_64 origin-master-1.5.1-1.el7.x86_64 origin-node-1.5.1-1.el7.x86_64 origin-node-1.5.1-1.el7.x86_64 origin-sdn-ovs-1.5.1-1.el7.x86_64 origin-sdn-ovs-1.5.1-1.el7.x86_64 python-dbus python-six tuned-profiles-origin-node-1.5.1-1.el7.x86_64 tuned-profiles-origin-node-1.5.1-1.el7.x86_64 yum-utils

下載的 rpm 位于/var/cache/yum/，可以使用如下命令，將 rpm 拷出備用：

mkdir rpms
find /var/cache/yum/ -iname '*.rpm' -exec cp {} rpms/ \;

位于本地 YUM 源中的 rpm 不會被下載，所以在安裝 openshift 的目標機器上也需要搭建本地 YUM 源。

準備 docker images

安裝 docker

yum install -y docker

安裝過程涉及的 docker 鏡像

• docker.io/busybox:latest
• docker.io/openshift/origin-haproxy-router:v1.5.1
• docker.io/openshift/origin-deployer:v1.5.1
• docker.io/openshift/origin-sti-builder:v1.5.1
• docker.io/openshift/origin-pod:v1.5.1
• docker.io/openshift/origin-docker-registry:v1.5.1
• docker.io/cockpit/kubernetes:latest
• docker.io/openshift/origin-metrics-cassandra:latest
• docker.io/openshift/origin-metrics-hawkular-metrics:latest
• docker.io/openshift/origin-metrics-heapster:latest

拉取鏡像

 docker pull docker.io/busybox:latest docker.io/openshift/origin-haproxy-router:v1.5.1 docker.io/openshift/origin-deployer:v1.5.1 docker.io/openshift/origin-sti-builder:v1.5.1 docker.io/openshift/origin-pod:v1.5.1 docker.io/openshift/origin-docker-registry:v1.5.1 docker.io/cockpit/kubernetes:latest docker.io/openshift/origin-metrics-cassandra:latest docker.io/openshift/origin-metrics-hawkular-metrics:latest docker.io/openshift/origin-metrics-heapster:latest

將鏡像導出為 tar 包

docker save -o oso1.5.1-images.tar docker.io/busybox:latest docker.io/openshift/origin-haproxy-router:v1.5.1 docker.io/openshift/origin-deployer:v1.5.1 docker.io/openshift/origin-sti-builder:v1.5.1 docker.io/openshift/origin-pod:v1.5.1 docker.io/openshift/origin-docker-registry:v1.5.1 docker.io/cockpit/kubernetes:latest docker.io/openshift/origin-metrics-cassandra:latest docker.io/openshift/origin-metrics-hawkular-metrics:latest docker.io/openshift/origin-metrics-heapster:latest

拉取 playbook 代碼

git clone https://github.com/openshift/openshift-ansible

離線設備安裝

將準備好的 rpm 包、鏡像導出的 tar 包、playbook 代碼 拷貝到所有目標機器。
本節相關操作，在需要安裝 openshift 的設備上執行（離線環境）
本文檔，以兩節點 openshift 安裝為示例。

安裝 rpm

使用操作系統鏡像，搭建本地 YUM 源

mount /dev/sr0 /mnt/

cat > /etc/yum.repos.d/local.repo <<'eof'
[iso-repo]
name=Local iso repo
baseurl=file:///mnt/
enable=1
gpgcheck=0
eof

安裝 rpm 包

cd rpms
yum install ./*.rpm

刪除 rpm 安裝后生成的配置文件

 rm -rf /etc/origin/*

導入 docker 鏡像

docker load -i ose3-images.tar

準備 playbook 代碼

OpenShift-ansible 需要切換至于安裝的 OpenShift 對應的版本，OpenShift v1.5.1 對應 OpenShift-ansible v3.5.1

cd openshift-ansible
git checkout openshift-ansible-3.5.1-1

注釋掉< openshift-ansible home >/roles/openshift_repos/tasks/main.yaml 文件中的 “Configure origin yum repositories RHEL/CentOS” task，禁止生成 openshift yum repo 文件

[root@master openshift-ansible]# cat roles/openshift_repos/tasks/main.yaml
---
# TODO: Add flag for enabling EPEL repo, default to false

# TODO: Add subscription-management config, with parameters
#       for username, password, poolid(name), and official repos to
#       enable/disable. Might need to make a module that extends the
#       subscription management module to take a poolid and enable/disable the
#       proper repos correctly.

- assert:
    that: openshift_deployment_type in known_openshift_deployment_types
  when: not openshift.common.is_containerized | bool

- name: Ensure libselinux-python is installed
  package: name=libselinux-python state=present
  when: not openshift.common.is_containerized | bool

- name: Create any additional repos that are defined
  template:
    src: yum_repo.j2
    dest: /etc/yum.repos.d/openshift_additional.repo
  when: openshift_additional_repos | length > 0 and not openshift.common.is_containerized | bool
  notify: refresh cache

- name: Remove the additional repos if no longer defined
  file:
    dest: /etc/yum.repos.d/openshift_additional.repo
    state: absent
  when: openshift_additional_repos | length == 0 and not openshift.common.is_containerized | bool
  notify: refresh cache

- name: Configure origin gpg keys if needed
  copy:
    src: origin/gpg_keys/openshift-ansible-CentOS-SIG-PaaS
    dest: /etc/pki/rpm-gpg/
  notify: refresh cache
  when: ansible_os_family == "RedHat" and ansible_distribution != "Fedora"
        and openshift_deployment_type == 'origin'
        and not openshift.common.is_containerized | bool
        and openshift_enable_origin_repo | default(true) | bool

#- name: Configure origin yum repositories RHEL/CentOS
#  copy:
#    src: origin/repos/openshift-ansible-centos-paas-sig.repo
#    dest: /etc/yum.repos.d/
#  notify: refresh cache
#  when: ansible_os_family == "RedHat" and ansible_distribution != "Fedora"
#        and openshift_deployment_type == 'origin'
#        and not openshift.common.is_containerized | bool
#        and openshift_enable_origin_repo | default(true) | bool    

其他配置

在 /etc/hosts 中添加相關機器的域名解析

192.168.12.170 master.openshift.blabla.local
192.168.12.171 node.openshift.blabla.local

配置 ssh 無密碼登錄

ssh-keygen
ssh-copy-id -i ~/.ssh/id_rsa.pub 192.168.12.170
ssh-copy-id -i ~/.ssh/id_rsa.pub 192.168.12.171

安裝 openshift

本小結操作，在 master 節點進行

在 /etc/ansible/hosts 中配置節點信息

# Create an OSEv3 group that contains the masters, nodes, and etcd groups
[OSEv3:children]
masters
nodes
etcd
 
# Set variables common for all OSEv3 hosts
[OSEv3:vars]
ansible_ssh_user=root
deployment_type=origin

[masters]
master.openshift.blabla.local
 
# host group for etcd
[etcd]
node.openshift.blabla.local
 
# host group for nodes, includes region info
[nodes]
master.openshift.blabla.local openshift_node_labels="{'region': 'infra', 'zone': 'default'}"
node.openshift.blabla.local openshift_node_labels="{'region': 'primary', 'zone': 'west'}"

ansible ping測試：

[root@master ~]#  ansible all -m ping
master.openshift.blabla.local | SUCCESS => {
    "changed": false, 
    "ping": "pong"
}
node02.openshift.blabla.local | SUCCESS => {
    "changed": false, 
    "ping": "pong"
}

安裝

ansible-playbook playbooks/byo/config.yml

執行 ansible-playbook 之前，務必確認各節點主機名是否正確

Links

• OpenShift Enterprise disconnected install
• Setup Offical Docker Repo on REHL 7