21.2. 使用堡垒虚拟机安装 OpenShift Container Platform

流程

1. 登录 rhel-bastion。

2. 创建一个包含以下内容的 install_ocp.yaml 文件：

   ---
   - name: Openshift on RHV
     hosts: localhost
     connection: local
     gather_facts: false
   
     vars_files:
       - vars.yaml
       - secure_vars.yaml
   
     pre_tasks:
       - ovirt_auth:
           url:      "{{ engine_url }}"
           username: "{{ engine_user }}"
           password: "{{ engine_password }}"
           insecure: "{{ engine_insecure }}"
           ca_file:  "{{ engine_cafile | default(omit) }}"
   
     roles:
       - role: openshift_ovirt
   
   - import_playbook: setup_dns.yaml
   - import_playbook: /usr/share/ansible/openshift-ansible/playbooks/prerequisites.yml
   - import_playbook: /usr/share/ansible/openshift-ansible/playbooks/openshift-node/network_manager.yml
   - import_playbook: /usr/share/ansible/openshift-ansible/playbooks/deploy_cluster.yml

   Copy to Clipboard Toggle word wrap

3. 创建一个包含以下内容的 setup_dns.yaml 文件：

   - hosts: masters
     strategy: free
     tasks:
       - shell: "echo {{ ansible_default_ipv4.address }} {{ inventory_hostname }} etcd.{{ inventory_hostname.split('.', 1)[1] }} openshift-master.{{ inventory_hostname.split('.', 1)[1] }} openshift-public-master.{{ inventory_hostname.split('.', 1)[1] }} docker-registry-default.apps.{{ inventory_hostname.split('.', 1)[1] }} webconsole.openshift-web-console.svc registry-console-default.apps.{{ inventory_hostname.split('.', 1)[1] }} >> /etc/hosts"
         when: openshift_ovirt_all_in_one is defined | ternary((openshift_ovirt_all_in_one | bool), false)

   Copy to Clipboard Toggle word wrap

4. 创建一个包含以下内容的 /etc/ansible/openshift_3_11.hosts Ansible 清单文件：

   [workstation]
   localhost ansible_connection=local
   
   [all:vars]
   openshift_ovirt_dns_zone="{{ public_hosted_zone }}"
   openshift_web_console_install=true
   openshift_master_overwrite_named_certificates=true
   openshift_master_cluster_hostname="openshift-master.{{ public_hosted_zone }}"
   openshift_master_cluster_public_hostname="openshift-public-master.{{ public_hosted_zone }}"
   openshift_master_default_subdomain="{{ public_hosted_zone }}"
   openshift_public_hostname="{{openshift_master_cluster_public_hostname}}"
   openshift_deployment_type=openshift-enterprise
   openshift_service_catalog_image_version="{{ openshift_image_tag }}"
   
   [OSEv3:vars]
   # General variables
   debug_level=1
   containerized=false
   ansible_ssh_user=root
   os_firewall_use_firewalld=true
   openshift_enable_excluders=false
   openshift_install_examples=false
   openshift_clock_enabled=true
   openshift_debug_level="{{ debug_level }}"
   openshift_node_debug_level="{{ node_debug_level | default(debug_level,true) }}"
   osn_storage_plugin_deps=[]
   openshift_master_bootstrap_auto_approve=true
   openshift_master_bootstrap_auto_approver_node_selector={"node-role.kubernetes.io/master":"true"}
   osm_controller_args={"experimental-cluster-signing-duration": ["20m"]}
   osm_default_node_selector="node-role.kubernetes.io/compute=true"
   openshift_enable_service_catalog=false
   
   # Docker
   container_runtime_docker_storage_type=overlay2
   openshift_docker_use_system_container=false
   
   [OSEv3:children]
   nodes
   masters
   etcd
   lb
   
   [masters]
   [nodes]
   [etcd]
   [lb]

   Copy to Clipboard Toggle word wrap

5. 获取 Red Hat Enterprise Linux KVM 客户机镜像 下载链接：

   1. 访问 Red Hat Customer Portal:下载 Red Hat Enterprise Linux。
   2. 在产品软件 选项卡中，找到 Red Hat Enterprise Linux KVM 客户机镜像。

   3. 右键单击 Download Now，复制 链接并保存。

      不要使用您在创建堡垒虚拟机时复制的链接。下载链接区分大小写，且必须先复制后才能运行安装 playbook。

6. 使用以下内容创建 vars.yaml 文件并更新其参数值：

   ---
   # For detailed documentation of variables, see
   # openshift_ovirt: https://github.com/openshift/openshift-ansible/tree/master/roles/openshift_ovirt#role-variables
   # openshift installation: https://github.com/openshift/openshift-ansible/tree/master/inventory
   engine_url: https://<Manager_FQDN>/ovirt-engine/api 

   1

   
   engine_user: admin@internal
   engine_password: "{{ engine_password }}"
   engine_insecure: false
   engine_cafile: /etc/pki/ovirt-engine/ca.pem
   
   openshift_ovirt_vm_manifest:
     - name: 'master'
       count: 1
       profile: 'master_vm'
     - name: 'compute'
       count: 0
       profile: 'node_vm'
     - name: 'lb'
       count: 0
       profile: 'node_vm'
     - name: 'etcd'
       count: 0
       profile: 'node_vm'
     - name: infra
       count: 0
       profile: node_vm
   
   # Currently, only all-in-one installation (`openshift_ovirt_all_in_one: true`) is supported.
   # Multi-node installation (master and node VMs installed separately) will be supported in a future release.
   openshift_ovirt_all_in_one: true
   openshift_ovirt_cluster: Default
   openshift_ovirt_data_store: data
   openshift_ovirt_ssh_key: "{{ lookup('file', '/root/.ssh/id_rsa_ssh_ocp_admin.pub') }}"
   
   public_hosted_zone:
   # Uncomment to disable install-time checks, for smaller scale installations
   #openshift_disable_check: memory_availability,disk_availability,docker_image_availability
   
   qcow_url: <RHEL_KVM_guest_image_download_link> 

   2

   
   image_path: /var/tmp
   template_name: rhelguest7
   template_cluster: "{{ openshift_ovirt_cluster }}"
   template_memory: 4GiB
   template_cpu: 1
   template_disk_storage: "{{ openshift_ovirt_data_store }}"
   template_disk_size: 100GiB
   template_nics:
     - name: nic1
       profile_name: ovirtmgmt
       interface: virtio
   
   debug_vm_create: false
   wait_for_ip: true
   vm_infra_wait_for_ip_retries: 30
   vm_infra_wait_for_ip_delay: 20
   
   node_item: &node_item
     cluster: "{{ openshift_ovirt_cluster }}"
     template: "{{ template_name }}"
     memory: "8GiB"
     cores: "2"
     high_availability: true
     disks:
       - name: docker
         size: 15GiB
         interface: virtio
         storage_domain: "{{ openshift_ovirt_data_store }}"
       - name: openshift
         size: 30GiB
         interface: virtio
         storage_domain: "{{ openshift_ovirt_data_store }}"
     state: running
     cloud_init:
       root_password: "{{ root_password }}"
       authorized_ssh_keys: "{{ openshift_ovirt_ssh_key }}"
       custom_script: "{{ cloud_init_script_node | to_nice_yaml }}"
   
   openshift_ovirt_vm_profile:
     master_vm:
       <<: *node_item
       memory: 16GiB
       cores: "{{ vm_cores | default(4) }}"
       disks:
         - name: docker
           size: 15GiB
           interface: virtio
           storage_domain: "{{ openshift_ovirt_data_store }}"
         - name: openshift_local
           size: 30GiB
           interface: virtio
           storage_domain: "{{ openshift_ovirt_data_store }}"
         - name: etcd
           size: 25GiB
           interface: virtio
           storage_domain: "{{ openshift_ovirt_data_store }}"
       cloud_init:
         root_password: "{{ root_password }}"
         authorized_ssh_keys: "{{ openshift_ovirt_ssh_key }}"
         custom_script: "{{ cloud_init_script_master | to_nice_yaml }}"
     node_vm:
       <<: *node_item
     etcd_vm:
       <<: *node_item
     lb_vm:
       <<: *node_item
   
   cloud_init_script_node: &cloud_init_script_node
     packages:
       - ovirt-guest-agent
     runcmd:
       - sed -i 's/# ignored_nics =.*/ignored_nics = docker0 tun0 /' /etc/ovirt-guest-agent.conf
       - systemctl enable ovirt-guest-agent
       - systemctl start ovirt-guest-agent
       - mkdir -p /var/lib/docker
       - mkdir -p /var/lib/origin/openshift.local.volumes
       - /usr/sbin/mkfs.xfs -L dockerlv /dev/vdb
       - /usr/sbin/mkfs.xfs -L ocplv /dev/vdc
     mounts:
       - [ '/dev/vdb', '/var/lib/docker', 'xfs', 'defaults,gquota' ]
       - [ '/dev/vdc', '/var/lib/origin/openshift.local.volumes', 'xfs', 'defaults,gquota' ]
     power_state:
       mode: reboot
       message: cloud init finished - boot and install openshift
       condition: True
   cloud_init_script_master:
     <<: *cloud_init_script_node
     runcmd:
       - sed -i 's/# ignored_nics =.*/ignored_nics = docker0 tun0 /' /etc/ovirt-guest-agent.conf
       - systemctl enable ovirt-guest-agent
       - systemctl start ovirt-guest-agent
       - mkdir -p /var/lib/docker
       - mkdir -p /var/lib/origin/openshift.local.volumes
       - mkdir -p /var/lib/etcd
       - /usr/sbin/mkfs.xfs -L dockerlv /dev/vdb
       - /usr/sbin/mkfs.xfs -L ocplv /dev/vdc
       - /usr/sbin/mkfs.xfs -L etcdlv /dev/vdd
     mounts:
       - [ '/dev/vdb', '/var/lib/docker', 'xfs', 'defaults,gquota' ]
       - [ '/dev/vdc', '/var/lib/origin/openshift.local.volumes', 'xfs', 'defaults,gquota' ]
       - [ '/dev/vdd', '/var/lib/etcd', 'xfs', 'defaults,gquota' ]

   Copy to Clipboard Toggle word wrap

   1

   Manager 机器的 FQDN。

   2

   <qcow_url> 是 Red Hat Enterprise Linux KVM 客户机镜像的下载链接。Red Hat Enterprise Linux KVM 客户机镜像 包含 cloud-init 软件包，此 playbook 需要该软件包。如果没有使用 Red Hat Enterprise Linux，请下载 cloud-init 软件包，并在运行此 playbook 前手动安装它。

7. 安装 OpenShift Container Platform：

   # export ANSIBLE_ROLES_PATH="/usr/share/ansible/roles/:/usr/share/ansible/openshift-ansible/roles"
   # export ANSIBLE_JINJA2_EXTENSIONS="jinja2.ext.do"
   # ansible-playbook -i /etc/ansible/openshift_3_11.hosts install_ocp.yaml -e @vars.yaml -e @secure_vars.yaml --ask-vault-pass

   Copy to Clipboard Toggle word wrap
8. 为每个基础架构实例创建路由器的 DNS 条目。
9. 配置循环路由，以便路由器可以将流量传递到应用。
10. 为 OpenShift Container Platform Web 控制台创建 DNS 条目。
11. 指定负载均衡器节点的 IP 地址。