[OpenShift origin v3.7] cluster up

OpenShift origin

前回の設定を変更してから
「oc login -u system:admin」でログインできない状態でした

焦りに焦って初期インストールからし直してみます。
って訳でもう一度CentOs7へOpenShift originをインストールするおさらい。
# yum -y update
# yum -y install wget git curl docker
# yum -y groupinstall "GNOME Desktop"
# systemctl set-default graphical.target
# reboot

/etc/sysconfig/dockerを編集します。
# /etc/sysconfig/docker

# Modify these options if you want to change the way the docker daemon runs
OPTIONS='--selinux-enabled --log-driver=journald --signature-verification=false'
if [ -z "${DOCKER_CERT_PATH}" ]; then
DOCKER_CERT_PATH=/etc/docker
fi

# Do not add registries in this file anymore. Use /etc/containers/registries.conf
# from the atomic-registries package.
#

# On an SELinux system, if you remove the --selinux-enabled option, you
# also need to turn on the docker_transition_unconfined boolean.
# setsebool -P docker_transition_unconfined 1

# Location used for temporary files, such as those created by
# docker load and build operations. Default is /var/lib/docker/tmp
# Can be overriden by setting the following environment variable.
# DOCKER_TMPDIR=/var/tmp

# Controls the /etc/cron.daily/docker-logrotate cron job status.
# To disable, uncomment the line below.
# LOGROTATE=false

# docker-latest daemon can be used by starting the docker-latest unitfile.
# To use docker-latest client, uncomment below lines
#DOCKERBINARY=/usr/bin/docker-latest
#DOCKERDBINARY=/usr/bin/dockerd-latest
#DOCKER_CONTAINERD_BINARY=/usr/bin/docker-containerd-latest
#DOCKER_CONTAINERD_SHIM_BINARY=/usr/bin/docker-containerd-shim-latest

INSECURE_REGISTRY='--insecure-registry=172.30.0.0/16'

dockerサービスを起動します。
# systemctl status docker
● docker.service - Docker Application Container Engine
Loaded: loaded (/usr/lib/systemd/system/docker.service; disabled; vendor preset: disabled)
Active: inactive (dead)
Docs: http://docs.docker.com

# systemctl start docker
# systemctl status docker
docker.service - Docker Application Container Engine
Loaded: loaded (/usr/lib/systemd/system/docker.service; disabled; vendor preset: disabled)
Active: active (running) since 土 2017-12-30 19:18:52 JST; 2s ago
Docs: http://docs.docker.com
Main PID: 14173 (dockerd-current)
CGroup: /system.slice/docker.service
tq14173 /usr/bin/dockerd-current --add-runtime docker-runc=/usr/libexec/docker/docker-runc-current --default-runtime=...
mq14179 /usr/bin/docker-containerd-current -l unix:///var/run/docker/libcontainerd/docker-containerd.sock --shim dock...
:
# systemctl enable docker
Created symlink from /etc/systemd/system/multi-user.target.wants/docker.service to /usr/lib/systemd/system/docker.service.

ブリッジネットワークを作成します。
# docker network inspect -f "{{range .IPAM.Config }}{{ .Subnet }}{{end}}" bridge
172.17.0.0/16

Firewallの設定を変更します。
# firewall-cmd --permanent --new-zone dockerc
success
# firewall-cmd --permanent --zone dockerc --add-source 172.17.0.0/16
success
# firewall-cmd --permanent --zone dockerc --add-port 8443/tcp
success
# firewall-cmd --permanent --zone dockerc --add-port 53/udp
success
# firewall-cmd --permanent --zone dockerc --add-port 8053/udp
success
# firewall-cmd --reload
success

バイナリーを取得してきます。今回はOpenshift origin v3.7.0のバイナリーを取得してきました。
念のためクライアント側とサーバ側両方とも
で取得してきたら解凍して/usr/sbinに放り込みます。
# cd ~
# wget https://github.com/openshift/origin/releases/download/v3.7.0/openshift-origin-client-tools-v3.7.0-7ed6862-linux-64bit.tar.gz

# wget https://github.com/openshift/origin/releases/download/v3.7.0/openshift-origin-server-v3.7.0-7ed6862-linux-64bit.tar.gz

# tar zxvf openshift-origin-client-tools-v3.7.0-7ed6862-linux-64bit.tar.gz

# tar zxvf openshift-origin-server-v3.7.0-7ed6862-linux-64bit.tar.gz

# cd openshift-origin-client-tools-v3.7.0-7ed6862-linux-64bit
# cp -p o* /usr/sbin/

# cd ../openshift-origin-server-v3.7.0-7ed6862-linux-64bit
# cp -p o* /usr/sbin/
# cp -p k* /usr/sbin/
# cp -p t* /usr/sbin/

起動用スクリプトを用意します。
/usr/lib/systemd/system/origin.service
[Unit]
Description=OpenShift origin
After=network.target docker.service

[Service]
Type=oneshot
RemainAfterExit=yes
ExecStart=/usr/sbin/oc cluster up --host-data-dir=/var/lib/origin
ExecStop=/usr/sbin/oc cluster down

[Install]
WantedBy=multi-user.target

何が起きてもいいようにこの辺りでVMのImageをバックアップしておきます。
一度、shutdiwn -h nowしたのちにVMのImageファイルをzipに固めておきます。

バックアップが取れた後、仮想マシンを再起動し試しにサービスコマンドで立ち上げてみます。
# systemctl status origin
● origin.service - OpenShift origin
Loaded: loaded (/usr/lib/systemd/system/origin.service; disabled; vendor preset: disabled)
Active: inactive (dead)
# systemctl start origin
# systemctl status origin -l
origin.service - OpenShift origin
Loaded: loaded (/usr/lib/systemd/system/origin.service; disabled; vendor preset: disabled)
Active: active (exited) since 土 2017-12-30 19:59:25 JST; 1min 29s ago
Process: 2911 ExecStart=/usr/sbin/oc cluster up --host-data-dir=/var/lib/origin (code=exited, status=0/SUCCESS)
Main PID: 2911 (code=exited, status=0/SUCCESS)
Memory: 0B
CGroup: /system.slice/origin.service
:

一見サービスは正常起動しているようで、WebGUIへもアクセスできますが…
コマンドラインでAdministratorでログインしようとするとこんなエラーが
# oc login -u system:admin
Server [https://localhost:8443]:
The server uses a certificate signed by an unknown authority.
You can bypass the certificate check, but any data you send to the server could be intercepted by others.
Use insecure connections? (y/n): n

error: The server uses a certificate signed by unknown authority. You may need to use the --certificate-authority flag to provide the path to a certificate file for the certificate authority, or --insecure-skip-tls-verify to bypass the certificate check and use insecure connections.

# oc login -u system:admin
Server [https://localhost:8443]: https://127.0.0.1:8443
The server uses a certificate signed by an unknown authority.
You can bypass the certificate check, but any data you send to the server could be intercepted by others.
Use insecure connections? (y/n): n

error: The server uses a certificate signed by unknown authority. You may need to use the --certificate-authority flag to provide the path to a certificate file for the certificate authority, or --insecure-skip-tls-verify to bypass the certificate check and use insecure connections.

rootアカウントのディレクトリを調べてみたら認証系の証明書類が入っているフォルダ「~/.kube」がみあたらない
という事で一度サービスとして終了して単純なoc cluster upをしてみることに
# systemctl stop origin
# systemctl status origin -l
● origin.service - OpenShift origin
Loaded: loaded (/usr/lib/systemd/system/origin.service; disabled; vendor preset: disabled)
Active: inactive (dead)

# oc cluster up
Starting OpenShift using openshift/origin:v3.7.0 ...
OpenShift server started.

The server is accessible via web console at:
https://127.0.0.1:8443

You are logged in as:
User: developer
Password:

To login as administrator:
oc login -u system:admin

rootアカウントのディレクトリを調べてたら「~/.kube」が出来上がっていました!
まずは単純な「oc cluster up」が必要なのですね…。

さて気を取り直して
# systemctl enable origin
Created symlink from /etc/systemd/system/multi-user.target.wants/origin.service to /usr/lib/systemd/system/origin.service.

# reboot
関連記事