OpenShift origin v3.7 on CentOs7 まとめ

OpenShift origin

CentOS7上でOpenShift origin v3.7(All-In-One)をインストールします。

# yum -y update
# yum -y install wget git curl docker
# yum -y groupinstall "GNOME Desktop"
# systemctl set-default graphical.target
# reboot

/etc/sysconfig/dockerを編集します。
# /etc/sysconfig/docker

# Modify these options if you want to change the way the docker daemon runs
OPTIONS='--selinux-enabled --log-driver=journald --signature-verification=false'
if [ -z "${DOCKER_CERT_PATH}" ]; then
DOCKER_CERT_PATH=/etc/docker
fi

# Do not add registries in this file anymore. Use /etc/containers/registries.conf
# from the atomic-registries package.
#

# On an SELinux system, if you remove the --selinux-enabled option, you
# also need to turn on the docker_transition_unconfined boolean.
# setsebool -P docker_transition_unconfined 1

# Location used for temporary files, such as those created by
# docker load and build operations. Default is /var/lib/docker/tmp
# Can be overriden by setting the following environment variable.
# DOCKER_TMPDIR=/var/tmp

# Controls the /etc/cron.daily/docker-logrotate cron job status.
# To disable, uncomment the line below.
# LOGROTATE=false

# docker-latest daemon can be used by starting the docker-latest unitfile.
# To use docker-latest client, uncomment below lines
#DOCKERBINARY=/usr/bin/docker-latest
#DOCKERDBINARY=/usr/bin/dockerd-latest
#DOCKER_CONTAINERD_BINARY=/usr/bin/docker-containerd-latest
#DOCKER_CONTAINERD_SHIM_BINARY=/usr/bin/docker-containerd-shim-latest

INSECURE_REGISTRY='--insecure-registry=172.30.0.0/16'

dockerサービスを起動します。
# systemctl status docker
● docker.service - Docker Application Container Engine
Loaded: loaded (/usr/lib/systemd/system/docker.service; disabled; vendor preset: disabled)
Active: inactive (dead)
Docs: http://docs.docker.com

# systemctl start docker
# systemctl status docker
docker.service - Docker Application Container Engine
Loaded: loaded (/usr/lib/systemd/system/docker.service; disabled; vendor preset: disabled)
Active: active (running) since 土 2017-12-30 19:18:52 JST; 2s ago
Docs: http://docs.docker.com
Main PID: 14173 (dockerd-current)
CGroup: /system.slice/docker.service
tq14173 /usr/bin/dockerd-current --add-runtime docker-runc=/usr/libexec/docker/docker-runc-current --default-runtime=...
mq14179 /usr/bin/docker-containerd-current -l unix:///var/run/docker/libcontainerd/docker-containerd.sock --shim dock...
:
# systemctl enable docker
Created symlink from /etc/systemd/system/multi-user.target.wants/docker.service to /usr/lib/systemd/system/docker.service.

ブリッジネットワークを作成します。
# docker network inspect -f "{{range .IPAM.Config }}{{ .Subnet }}{{end}}" bridge
172.17.0.0/16

Firewallの設定を変更します。
# firewall-cmd --permanent --new-zone dockerc
success
# firewall-cmd --permanent --zone dockerc --add-source 172.17.0.0/16
success
# firewall-cmd --permanent --zone dockerc --add-port 8443/tcp
success
# firewall-cmd --permanent --zone dockerc --add-port 53/udp
success
# firewall-cmd --permanent --zone dockerc --add-port 8053/udp
success
# firewall-cmd --reload
success

バイナリーを取得してきます。今回はOpenshift origin v3.7.0のバイナリーを取得してきました。
念のためクライアント側とサーバ側両方とも
で取得してきたら解凍して/usr/sbinに放り込みます。
# cd ~
# wget https://github.com/openshift/origin/releases/download/v3.7.0/openshift-origin-client-tools-v3.7.0-7ed6862-linux-64bit.tar.gz

# wget https://github.com/openshift/origin/releases/download/v3.7.0/openshift-origin-server-v3.7.0-7ed6862-linux-64bit.tar.gz

# tar zxvf openshift-origin-client-tools-v3.7.0-7ed6862-linux-64bit.tar.gz

# tar zxvf openshift-origin-server-v3.7.0-7ed6862-linux-64bit.tar.gz

# cd openshift-origin-client-tools-v3.7.0-7ed6862-linux-64bit
# cp -p o* /usr/sbin/

# cd ../openshift-origin-server-v3.7.0-7ed6862-linux-64bit
# cp -p o* /usr/sbin/
# cp -p k* /usr/sbin/
# cp -p t* /usr/sbin/

起動用スクリプトを用意します。
/usr/lib/systemd/system/origin.service
[Unit]
Description=OpenShift origin
After=network.target docker.service

[Service]
Type=oneshot
RemainAfterExit=yes
ExecStart=/usr/sbin/oc cluster up --public-hostname=os.example.com --routing-suffix=app.example.com --host-data-dir=/var/lib/origin
ExecStop=/usr/sbin/oc cluster down

[Install]
WantedBy=multi-user.target

ここでおまじない。
# /usr/sbin/oc cluster up --public-hostname=os.example.com --routing-suffix=app.example.com

これでrootアカウントのホームディレクトリに「.kube」ディレクトリが作成され認証用の証明書等がセットアップされます。

試しにAdministraotrで入ってみます。
# oc login -u system:admin
Logged into "https://127.0.0.1:8443" as "system:admin" using existing credentials.

You have access to the following projects and can switch between them with 'oc project ':

* default
kube-public
kube-system
myproject
openshift
openshift-infra
openshift-node

Using project "default".


ここでOKの場合はサービスで起動するように設定します。
まずは起動しているOpenShift originを停止します。
# oc cluster down

そしてサービスを自動起動に設定します。
# systemctl enable origin
Created symlink from /etc/systemd/system/multi-user.target.wants/origin.service to /usr/lib/systemd/system/origin.service.
# systemctl start origin
# systemctl status origin -l
origin.service - OpenShift origin
Loaded: loaded (/usr/lib/systemd/system/origin.service; enabled; vendor preset: disabled)
Active: active (exited) since 水 2018-01-03 14:54:13 JST; 34min ago
Main PID: 3152 (code=exited, status=0/SUCCESS)
CGroup: /system.slice/origin.service


内部向けDNSサーバにCentOS7のホスト名を登録します。
/var/named/example.com
$TTL    86400
@ IN SOA example.com. root.example.com.(
2018010301 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
IN NS example.com.
@ IN A 192.168.253.136

ns IN A 192.168.253.136
os IN A 192.168.253.200
app IN A 192.168.253.200


GUIにアクセスする際は「https://os.example.com:8443/
Origin100.png

CLIでログインする場合
Administratorの時は
# oc login -u system:admin

一般ユーザの時は
# oc login -u [ユーザ名]

関連記事
上記広告は1ヶ月以上更新のないブログに表示されています。新しい記事を書くことで広告を消せます。