OCP 3.1 setup
hostnames
192.168.1.128 oshift01
192.168.1.129 oshift02
oshift01 will be the master oshift02 will be the node
create virtual machines
- create 2 virtual machines using the RHEL 7 qcow2 image available at access.redhat.com
- add a second 10GB disk to each VM
- add a third 10GB disk to oshift01 for the registry
- attach cloud-init ISO to each VM
Creating the cloud-init iso
For each VM we have to create a cloud-init iso to set the network paramaters and password. For some good reading check out link
mkdir -p cloud-init/atomic01
cd cloud-init/atomic01
vi meta-data
instance-id: oshift01
local-hostname: oshift01
network-interfaces: |
iface eth0 inet static
address 192.168.1.128
network 192.168.1.0
netmask 255.255.255.0
broadcast 192.168.1.255
gateway 192.168.1.1
dns-nameservers 192.168.1.1
bootcmd:
- ifdown eth0
- ifup eth0
vi user-data
#cloud-config
password: shift
chpasswd: {expire: False}
ssh_pwauth: True
ssh_authorized_keys:
- ssh-rsa AAAAB3N......
- use your id_rsa.pub for the ssh-rsa line
genisoimage -output oshift01.iso -volid cidata -joliet -rock user-data meta-data
Repeat for each open shift VM and attach the iso to the appropriate VM
Once booted you can now login to each VM with user name cloud-user and the password or ssh key you selected
configure open shift hosts
sudo systemctl stop NetworkManager.service
sudo systemctl disable NetworkManager.service
sudo systemctl reboot
sudo subscription-manager register
sudo subscription-manager list --available
find the pool ID for the entitlement you want to use
sudo subscription-manager attach --pool=your-pool-id
sudo subscription-manager repos --disable="*"
subscription-manager repos \
--enable="rhel-7-server-rpms" \
--enable="rhel-7-server-extras-rpms" \
--enable="rhel-7-server-ose-3.1-rpms"
update and install rpms
sudo yum -y update
sudo yum -y install wget git net-tools bind-utils iptables-services bridge-utils \
bash-completion docker atomic-openshift-utils
configure docker and storage
sudo vi /etc/sysconfig/docker
edit the OPTIONS line
OPTIONS='--selinux-enabled --insecure-registry 172.30.0.0/16'
setup storage using the second disk we added
sudo vi /etc/sysconfig/docker-storage-setup
add the following, "/dev/vdb" should match the device name of your second disk
DEVS=/dev/vdb
VG=docker-vg
then run
sudo docker-storage-setup
run
sudo lvs
and it should show something like
LV VG Attr LSize Pool Origin Data% Meta% Move Log Cpy%Sync Convert
docker-pool docker-vg twi-a-t--- 3.99g 0.00 0.29
setup ssh host access
on the master "oshift01" run
ssh-keygen
accept the defaults and enter a blank password
for host in master.example.com \
oshift01 \
oshift02; \
do ssh-copy-id -i ~/.ssh/id_rsa.pub $host; \
done
enter "yes" and the password for each host
install openshift with ansible
sudo vi /etc/ansible/hosts
change any options to match your environment
# Create an OSEv3 group that contains the masters and nodes groups
[OSEv3:children]
masters
nodes
# Set variables common for all OSEv3 hosts
[OSEv3:vars]
# default sub domain for apps
osm_default_subdomain=oshift.example.org
# SSH user, this user should allow ssh based auth without requiring a password
ansible_ssh_user=cloud-user
# If ansible_ssh_user is not root, ansible_sudo must be set to true
ansible_sudo=true
deployment_type=openshift-enterprise
# uncomment the following to enable htpasswd authentication; defaults to DenyAllPasswordIdentityProvider
openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', 'challenge': 'true', 'kind': 'HTPasswdPasswordIdentityProvider', 'filename': '/etc/origin/htpasswd'}]
# host group for masters
[masters]
oshift01.example.org
# host group for nodes, includes region info
[nodes]
oshift01.example.org openshift_node_labels="{'region': 'infra', 'zone': 'west'}"
oshift02.example.org openshift_node_labels="{'region': 'primary', 'zone': 'west'}"
run the ansible playbook
ansible-playbook /usr/share/ansible/openshift-ansible/playbooks/byo/config.yml
in 10 minutes or so you should have a working openshift installation
deploying a registry
- use the third disk we added to oshift01 to make a filesystem and mount it at /srv/registry
sudo groupadd docker
sudo systemctl restart docker
sudo usermod -a -G docker cloud-user
exit and log back in, now you can run docker commands from your user account
sudo oadm registry --service-account=registry \
--config=/etc/origin/master/admin.kubeconfig \
--credentials=/etc/origin/master/openshift-registry.kubeconfig \
--images='registry.access.redhat.com/openshift3/ose-${component}:${version}' \
--mount-host=/srv/registry
after a minute or two you should have a docker registry running
oc get pods
NAME READY STATUS RESTARTS AGE
docker-registry-1-gdr9n 1/1 Running 0 2m
oc logs docker-registry-1-gdr9n
time="2016-01-25T18:00:31-05:00" level=info msg="version=v2.0.0+unknown"
time="2016-01-25T18:00:31-05:00" level=info msg="redis not configured" instance.id=d1223264-cadf-4f64-b48f-e02e9ded3ea2
time="2016-01-25T18:00:31-05:00" level=info msg="Starting upload purge in 48m0s" instance.id=d1223264-cadf-4f64-b48f-e02e9ded3ea2
time="2016-01-25T18:00:31-05:00" level=info msg="using inmemory layerinfo cache" instance.id=d1223264-cadf-4f64-b48f-e02e9ded3ea2
time="2016-01-25T18:00:31-05:00" level=info msg="Using Origin Auth handler"
time="2016-01-25T18:00:31-05:00" level=info msg="listening on :5000" instance.id=d1223264-cadf-4f64-b48f-e02e9ded3ea2
create and openshift user
sudo htpasswd /etc/origin/htpasswd oshiftuser
give the openshift user registry access
sudo oadm policy add-role-to-user system:registry oshiftuser
sudo oadm policy add-role-to-user admin oshiftuser -n openshift
sudo oadm policy add-role-to-user system:image-builder oshiftuser
oc get svc
note the IP and port for docker-registry
oc login
oc whoami -t
note that token
docker login -u oshiftuser -e oshiftuser@example.org -p $TOKEN $IP:5000
hopefully you get a Login Succeeded
test the registry
docker pull docker.io/busybox
docker tag docker.io/busybox $IP:5000/openshift/busybox
docker push $IP:5000/openshift/busybox
deploy a router
sudo oadm router router01 --replicas=1 \
--credentials='/etc/origin/master/openshift-router.kubeconfig' \
--service-account=router