前置准备工作:
1.每台主机准备好有公钥在 /root/.ssh/authorized_keys,私钥则存放在第一台主机的/root/.ssh/id_rsa
2.确定每台主机的私网IP地址是固定的。
3.设置DNS服务器,让openshift.iqyuan.com 指向 HAproxy的公网IP
4. 设置DNS服务器,让*.apps.iqyuan.com 指向 HAproxy的公网IP
5. 公网开放防火墙端口8443、80、443,由云平台提供开放。
6. 提前设定每台主机的hostname,建议加上域名,如 master1.iqyuan.com
设置命令如下: hostnamectl set-hostname master1.iqyuan.com
也可以通过云平台提供的编排功能提前设定主机名称.
脚本安装操作:
// 本教程需要精通linux的运维人员才具有理解能力.确保您能读懂如下脚本内容..任何疏忽的配置,都可能导致后续安装失败.
第一台主机第一阶段脚本:
yum install -y epel-release yum -y install ansible lrzsz telnet wget pyOpenSSL wget http://mirrors.ustc.edu.cn/centos/7/os/x86_64/Packages/python-rhsm-certificates-1.19.10-1.el7_4.x86_64.rpm mkdir -p /etc/rhsm/ca/ rpm2cpio python-rhsm-certificates-1.19.10-1.el7_4.x86_64.rpm | cpio -iv --to-stdout ./etc/rhsm/ca/redhat-uep.pem | tee /etc/rhsm/ca/redhat-uep.pem cat <<EOF > ~/.ssh/id_rsa -----BEGIN RSA PRIVATE KEY----- 私钥粘贴到这里.公钥提前放到各个主机对应目录,注意权限为600 -----END RSA PRIVATE KEY----- EOF chmod 600 ~/.ssh/id_rsa sed -i 's/GSSAPIAuthentication yes/StrictHostKeyChecking no/g' /etc/ssh/ssh_config sed -i 's/#forks = 5/forks = 15/g' /etc/ansible/ansible.cfg cat <<EOF > /etc/ansible/hosts master1.iqyuan.com [okd] haproxy1.iqyuan.com master2.iqyuan.com master3.iqyuan.com node1.iqyuan.com node2.iqyuan.com node3.iqyuan.com infra-node1.iqyuan.com infra-node2.iqyuan.com infra-node3.iqyuan.com EOF cat <<EOF > /etc/hosts 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 192.168.0.250 node1.iqyuan.com 192.168.0.251 node2.iqyuan.com 192.168.0.3 node3.iqyuan.com 192.168.0.1 infra-node1.iqyuan.com 192.168.0.252 infra-node2.iqyuan.com 192.168.0.2 infra-node3.iqyuan.com 192.168.0.249 master1.iqyuan.com 192.168.0.5 master2.iqyuan.com 192.168.0.6 master3.iqyuan.com 192.168.0.4 haproxy1.iqyuan.com openshift.iqyuan.com EOF for host in \ haproxy1.iqyuan.com \ master1.iqyuan.com \ master2.iqyuan.com \ master3.iqyuan.com \ node1.iqyuan.com \ node2.iqyuan.com \ node3.iqyuan.com \ infra-node1.iqyuan.com \ infra-node2.iqyuan.com \ infra-node3.iqyuan.com; \ do scp /etc/hosts $host:/etc/ ; \ done for host in \ haproxy1.iqyuan.com \ master1.iqyuan.com \ master2.iqyuan.com \ master3.iqyuan.com \ node1.iqyuan.com \ node2.iqyuan.com \ node3.iqyuan.com \ infra-node1.iqyuan.com \ infra-node2.iqyuan.com \ infra-node3.iqyuan.com; \ do scp -r /etc/rhsm/ $host:/etc/ ; \ done ansible all -m shell -a "wipefs -a /dev/vdb; wipefs -a /dev/vdc; sed -i 's/SELINUX=disabled/SELINUX=enforcing/g' /etc/selinux/config; yum update -y" ansible okd -m shell -a "systemctl reboot" #暂停2秒 sleep 2 reboot