离线安装 openshift 需要将安装过程中用的 rpm 包、docker image 以及 openshift-ansible 代码 在一台联网的机器上提前下载好。
本安装文档, 不包含 s2i 相关镜像和监控组件的离线安装。
本安装文档基于 RHEL 7.3,与 openshift 兼容的 docker rpm 包版本为 v1.9.1, 由于版本较老, api 与最新版本有出入,例如:不支持 digist 最为 tag。
如果使用 CentOS 则可安装最新版 docker。
联网设备下载所需软件
本节操作,需要在一台能联网的 RHEL7.3 系统(与安装 openshift 的目标机保持一致即可)上进行。
准备 RPM 包
搭建本地 YUM 源(假设 iso 挂载在 /mnt 目录)
cat > /etc/yum.repos.d/local.repo <<'eof'
[iso-repo]
name=Local iso repo
baseurl=file:///mnt/
enable=1
gpgcheck=0
eof
添加 openshift 相关 YUM 源
cat > /etc/yum.repos.d/openshift-ansible-centos-paas-sig.repo <<'eof'
[centos-openshift-origin]
name=CentOS OpenShift Origin
baseurl=http://mirror.centos.org/centos/7/paas/x86_64/openshift-origin/
enabled=1
gpgcheck=0
gpgkey=file:///etc/pki/rpm-gpg/openshift-ansible-CentOS-SIG-PaaS
[centos-openshift-origin-testing]
name=CentOS OpenShift Origin Testing
baseurl=http://buildlogs.centos.org/centos/7/paas/x86_64/openshift-origin/
enabled=0
gpgcheck=0
gpgkey=file:///etc/pki/rpm-gpg/openshift-ansible-CentOS-SIG-PaaS
[centos-openshift-origin-debuginfo]
name=CentOS OpenShift Origin DebugInfo
baseurl=http://debuginfo.centos.org/centos/7/paas/x86_64/
enabled=0
gpgcheck=0
gpgkey=file:///etc/pki/rpm-gpg/openshift-ansible-CentOS-SIG-PaaS
[centos-openshift-origin-source]
name=CentOS OpenShift Origin Source
baseurl=http://vault.centos.org/centos/7/paas/Source/openshift-origin/
enabled=0
gpgcheck=0
gpgkey=file:///etc/pki/rpm-gpg/openshift-ansible-CentOS-SIG-PaaS
eof
添加 etcd 相关 YUM 源
cat > /etc/yum.repos.d/CentOS-Base.repo.repo <<'eof'
[extras]
name=CentOS-$releasever - Extras
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=extras&infra=$infra
baseurl=http://mirror.centos.org/centos/7.3.1611/extras/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
eof
通过 yum 命令安装相关软件包时,可以选择 “d”(只下载、不安装),或者使用 --downloadonly
参数来获取相关的 rpm 及其全部依赖。
master 节点涉及的包
- origin-master-1.5.1-1.el7.x86_64
- origin-1.5.1-1.el7.x86_64
- origin-node-1.5.1-1.el7.x86_64
- origin-sdn-ovs-1.5.1-1.el7.x86_64
- origin-clients-1.5.1-1.el7.x86_64
- tuned-profiles-origin-node-1.5.1-1.el7.x86_64
node 节点涉及的包
- origin-clients-1.5.1-1.el7.x86_64
- origin-1.5.1-1.el7.x86_64
- origin-node-1.5.1-1.el7.x86_64
- origin-sdn-ovs-1.5.1-1.el7.x86_64
- tuned-profiles-origin-node-1.5.1-1.el7.x86_64
etcd 涉及的包
- etcd-3.1.9-1.el7
其他
- docker
- iproute
- python-dbus
- python-six
- PyYAML
- yum-utils
- ansible
下载 rpm 包
yum install --downloadonly PyYAML ansible docker etcd-3.1.9-1.el7 iproute origin-1.5.1-1.el7.x86_64 origin-1.5.1-1.el7.x86_64 origin-clients-1.5.1-1.el7.x86_64 origin-clients-1.5.1-1.el7.x86_64 origin-master-1.5.1-1.el7.x86_64 origin-node-1.5.1-1.el7.x86_64 origin-node-1.5.1-1.el7.x86_64 origin-sdn-ovs-1.5.1-1.el7.x86_64 origin-sdn-ovs-1.5.1-1.el7.x86_64 python-dbus python-six tuned-profiles-origin-node-1.5.1-1.el7.x86_64 tuned-profiles-origin-node-1.5.1-1.el7.x86_64 yum-utils
下载的 rpm 位于/var/cache/yum/,可以使用如下命令,将 rpm 拷出备用:
mkdir rpms
find /var/cache/yum/ -iname '*.rpm' -exec cp {} rpms/ \;
位于本地 YUM 源中的 rpm 不会被下载,所以在安装 openshift 的目标机器上也需要搭建本地 YUM 源。
准备 docker images
安装 docker
yum install -y docker
安装过程涉及的 docker 镜像
- docker.io/busybox:latest
- docker.io/openshift/origin-haproxy-router:v1.5.1
- docker.io/openshift/origin-deployer:v1.5.1
- docker.io/openshift/origin-sti-builder:v1.5.1
- docker.io/openshift/origin-pod:v1.5.1
- docker.io/openshift/origin-docker-registry:v1.5.1
- docker.io/cockpit/kubernetes:latest
- docker.io/openshift/origin-metrics-cassandra:latest
- docker.io/openshift/origin-metrics-hawkular-metrics:latest
- docker.io/openshift/origin-metrics-heapster:latest
拉取镜像
docker pull docker.io/busybox:latest docker.io/openshift/origin-haproxy-router:v1.5.1 docker.io/openshift/origin-deployer:v1.5.1 docker.io/openshift/origin-sti-builder:v1.5.1 docker.io/openshift/origin-pod:v1.5.1 docker.io/openshift/origin-docker-registry:v1.5.1 docker.io/cockpit/kubernetes:latest docker.io/openshift/origin-metrics-cassandra:latest docker.io/openshift/origin-metrics-hawkular-metrics:latest docker.io/openshift/origin-metrics-heapster:latest
将镜像导出为 tar 包
docker save -o oso1.5.1-images.tar docker.io/busybox:latest docker.io/openshift/origin-haproxy-router:v1.5.1 docker.io/openshift/origin-deployer:v1.5.1 docker.io/openshift/origin-sti-builder:v1.5.1 docker.io/openshift/origin-pod:v1.5.1 docker.io/openshift/origin-docker-registry:v1.5.1 docker.io/cockpit/kubernetes:latest docker.io/openshift/origin-metrics-cassandra:latest docker.io/openshift/origin-metrics-hawkular-metrics:latest docker.io/openshift/origin-metrics-heapster:latest
拉取 playbook 代码
git clone https://github.com/openshift/openshift-ansible
离线设备安装
将准备好的 rpm 包、镜像导出的 tar 包、playbook 代码 拷贝到所有目标机器。
本节相关操作,在需要安装 openshift 的设备上执行(离线环境)
本文档,以两节点 openshift 安装为示例。
安装 rpm
使用操作系统镜像,搭建本地 YUM 源
mount /dev/sr0 /mnt/
cat > /etc/yum.repos.d/local.repo <<'eof'
[iso-repo]
name=Local iso repo
baseurl=file:///mnt/
enable=1
gpgcheck=0
eof
安装 rpm 包
cd rpms
yum install ./*.rpm
删除 rpm 安装后生成的配置文件
rm -rf /etc/origin/*
导入 docker 镜像
docker load -i ose3-images.tar
准备 playbook 代码
OpenShift-ansible 需要切换至于安装的 OpenShift 对应的版本,OpenShift v1.5.1 对应 OpenShift-ansible v3.5.1
cd openshift-ansible
git checkout openshift-ansible-3.5.1-1
注释掉< openshift-ansible home >/roles/openshift_repos/tasks/main.yaml 文件中的 “Configure origin yum repositories RHEL/CentOS” task,禁止生成 openshift yum repo 文件
[root@master openshift-ansible]# cat roles/openshift_repos/tasks/main.yaml
---
# TODO: Add flag for enabling EPEL repo, default to false
# TODO: Add subscription-management config, with parameters
# for username, password, poolid(name), and official repos to
# enable/disable. Might need to make a module that extends the
# subscription management module to take a poolid and enable/disable the
# proper repos correctly.
- assert:
that: openshift_deployment_type in known_openshift_deployment_types
when: not openshift.common.is_containerized | bool
- name: Ensure libselinux-python is installed
package: name=libselinux-python state=present
when: not openshift.common.is_containerized | bool
- name: Create any additional repos that are defined
template:
src: yum_repo.j2
dest: /etc/yum.repos.d/openshift_additional.repo
when: openshift_additional_repos | length > 0 and not openshift.common.is_containerized | bool
notify: refresh cache
- name: Remove the additional repos if no longer defined
file:
dest: /etc/yum.repos.d/openshift_additional.repo
state: absent
when: openshift_additional_repos | length == 0 and not openshift.common.is_containerized | bool
notify: refresh cache
- name: Configure origin gpg keys if needed
copy:
src: origin/gpg_keys/openshift-ansible-CentOS-SIG-PaaS
dest: /etc/pki/rpm-gpg/
notify: refresh cache
when: ansible_os_family == "RedHat" and ansible_distribution != "Fedora"
and openshift_deployment_type == 'origin'
and not openshift.common.is_containerized | bool
and openshift_enable_origin_repo | default(true) | bool
#- name: Configure origin yum repositories RHEL/CentOS
# copy:
# src: origin/repos/openshift-ansible-centos-paas-sig.repo
# dest: /etc/yum.repos.d/
# notify: refresh cache
# when: ansible_os_family == "RedHat" and ansible_distribution != "Fedora"
# and openshift_deployment_type == 'origin'
# and not openshift.common.is_containerized | bool
# and openshift_enable_origin_repo | default(true) | bool
其他配置
在 /etc/hosts 中添加相关机器的域名解析
192.168.12.170 master.openshift.blabla.local
192.168.12.171 node.openshift.blabla.local
配置 ssh 无密码登录
ssh-keygen
ssh-copy-id -i ~/.ssh/id_rsa.pub 192.168.12.170
ssh-copy-id -i ~/.ssh/id_rsa.pub 192.168.12.171
安装 openshift
本小结操作,在 master 节点进行
在 /etc/ansible/hosts 中配置节点信息
# Create an OSEv3 group that contains the masters, nodes, and etcd groups
[OSEv3:children]
masters
nodes
etcd
# Set variables common for all OSEv3 hosts
[OSEv3:vars]
ansible_ssh_user=root
deployment_type=origin
[masters]
master.openshift.blabla.local
# host group for etcd
[etcd]
node.openshift.blabla.local
# host group for nodes, includes region info
[nodes]
master.openshift.blabla.local openshift_node_labels="{'region': 'infra', 'zone': 'default'}"
node.openshift.blabla.local openshift_node_labels="{'region': 'primary', 'zone': 'west'}"
ansible ping测试:
[root@master ~]# ansible all -m ping
master.openshift.blabla.local | SUCCESS => {
"changed": false,
"ping": "pong"
}
node02.openshift.blabla.local | SUCCESS => {
"changed": false,
"ping": "pong"
}
安装
ansible-playbook playbooks/byo/config.yml
执行 ansible-playbook 之前,务必确认各节点主机名是否正确