Skip to content

Instantly share code, notes, and snippets.

@kairen

kairen/ocp-install-live-iso.md Secret

Created August 4, 2021 07:42
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save kairen/894348c6281f33a981b528e69c3d06bf to your computer and use it in GitHub Desktop.
Save kairen/894348c6281f33a981b528e69c3d06bf to your computer and use it in GitHub Desktop.
Download ZIP
Raw
ocp-install-live-iso.md

如果超過 24 小時需要重新安裝

cd ${OCP_IGN}/${OCP_ID} rm -rf $(ls -ad * |egrep -v install-config.yaml*) && rm -rf .[!.]* cp install-config.yaml* install-config.yaml

設定 IP 位置以及 Gateway & DNS

sudo nmtui

安裝 Bootstrap

sudo coreos-installer install /dev/sda --insecure-ignition --ignition-url=http://ign.${DOMAIN}:8080/ign/ocp4-1/bootstrap.ign --firstboot-args 'rd.neednet=1' --copy-network

檢查 ip 位置以及磁碟分佈狀態

ip a lsblk -f

重新開機

安裝完成後要把 ISO 光碟拿出來:先關機(shutdown)-> 拿出來 -> 開機

確認 bootstrap 機器狀態,用這個 ssh key 登入

rm -rf ~/.ssh/known_hosts ssh core@192.168.52.40 -i ${SEC_PATH}/rhcos/id_rsa.pub

檢查 bootstrap 是否啟動完成

ssh -i ${RHCOS_KEY} core@bootstrap.${OCP_ID}.${DOMAIN} "curl -s -u openshift:redhat https://${REG_OCP_1}/v2/_catalog"

ssh -i ${RHCOS_KEY} core@bootstrap.${OCP_ID}.${DOMAIN} \ "sudo crictl pods" ssh -i ${RHCOS_KEY} core@bootstrap.${OCP_ID}.${DOMAIN} \ "sudo crictl ps -a"

追蹤進度(Debug 專用)

ssh -i ${RHCOS_KEY} core@bootstrap.${OCP_ID}.${DOMAIN} "journalctl -b -f -u bootkube.service"

正常情況

POD ID              CREATED              STATE               NAME                                           NAMESPACE                             ATTEMPT             RUNTIME
8101e41b16f9e       52 seconds ago       Ready               bootstrap-kube-scheduler-localhost             kube-system                           0                   (default)
907d0a933771a       52 seconds ago       Ready               bootstrap-kube-controller-manager-localhost    kube-system                           0                   (default)
a8b709f7caeaa       52 seconds ago       Ready               bootstrap-kube-apiserver-localhost             kube-system                           0                   (default)
4eb793b3d1844       52 seconds ago       Ready               cloud-credential-operator-localhost            openshift-cloud-credential-operator   0                   (default)
49a1cdb2b25f9       52 seconds ago       Ready               bootstrap-cluster-version-operator-localhost   openshift-cluster-version             0                   (default)
c5098e42b5aa5       About a minute ago   Ready               bootstrap-machine-config-operator-localhost    default                               0                   (default)
e7a3dbc6e0bc0       About a minute ago   Ready               etcd-bootstrap-member-localhost                openshift-etcd                        0                   (default)

CONTAINER           IMAGE                                                                                                                    CREATED              STATE               NAME                             ATTEMPT             POD ID
9eaafdd72095d       quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:d92072b61ee59ef3b9539770eb74c021463becc75fd642edd49c082f59664b37   23 seconds ago       Running             cluster-policy-controller        0                   a5fad6eec7f43
8b268bc6794f0       9a03c795c5d07e7b80851487adbbd5bcf4b79e933de2b2a29fca3c4f8fc5036f                                                         53 seconds ago       Running             kube-controller-manager          1                   a5fad6eec7f43
505b0c1108450       9aeacae3e54c7305167b8bc15cab50025b7b5552e35015a667cd83bf220157e8                                                         About a minute ago   Running             kube-apiserver-insecure-readyz   0                   58e30795f77cb
da94e326a93cd       9a03c795c5d07e7b80851487adbbd5bcf4b79e933de2b2a29fca3c4f8fc5036f                                                         About a minute ago   Running             kube-apiserver                   0                   58e30795f77cb
c0e2cc3d4ab4f       quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:cb17aded6ac46ca6b4828c2bd7d1fe79e6efcfa57a74bdcafec05aa32963a97b   2 minutes ago        Running             kube-scheduler                   0                   8e8c9958c3eef
ae93f4f2a289c       quay.io/openshift-release-dev/ocp-release@sha256:6ddbf56b7f9776c0498f23a54b65a06b3b846c1012200c5609c4bb716b6bdcdf        2 minutes ago        Running             cluster-version-operator         0                   484f2e34d528f
dc78055f26ad2       0913bd219c9f85a702bab6f59a2d0a927145536123710c3ac128aebd61945ebc                                                         2 minutes ago        Running             cloud-credential-operator        0                   08f742749099b
3bb30d8dc9f66       18b7e7f79f16c0efd05733bd4b6c48fd2ee298db907cbf684c8e0d1cd162fb80                                                         7 minutes ago        Running             machine-config-server            0                   f4e278f68270d
685c09139cfeb       quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:6308d094cdac1a4c09bb7a00c60d12e3bac2ba44dd04e12dfb5170ce9d14d616   8 minutes ago        Running             etcd-member                      0                   4e51c5e0f4b23

curl -k https://api-int.ocp4-1.${DOMAIN}:22623/config/master |jq .

等待 haproxy 的 openshift-api-server 以及 machine-config-server 的指示燈都是綠色時可以開始安裝

--

安裝 Master Nodes

sudo coreos-installer install /dev/sda --insecure-ignition --ignition-url=http://ign.${DOMAIN}:8080/ign/ocp4-1/master.ign --firstboot-args 'rd.neednet=1' --copy-network

直到出現這條為止才能開始安裝 worker nodes

DEBUG Still waiting for the cluster to initialize: Some cluster operators are still updating: authentication, console, ingress, kube-storage-version-migrator, monitoring

安裝 Worker Nodes

sudo coreos-installer install /dev/sda --insecure-ignition --ignition-url=http://ign.${DOMAIN}:8080/ign/ocp4-1/worker.ign --firstboot-args 'rd.neednet=1' --copy-network

安裝完 worker 節點後

oc project default watch -n 5 oc get csr

approve certificate

oc get csr -o name | xargs oc adm certificate approve

Debug 專區

�ssh -i ${RHCOS_KEY} core@master-0.${OCP_ID}.${DOMAIN} "sudo cat /etc/containers/registries.conf" ssh -i ${RHCOS_KEY} core@master-0.${OCP_ID}.${DOMAIN} "curl -s -u openshift:redhat https://${REG_OCP_1}/v2/_catalog" �ssh -i ${RHCOS_KEY} core@master-0.${OCP_ID}.${DOMAIN} "sudo crictl ps" ssh -i ${RHCOS_KEY} core@master-0.${OCP_ID}.${DOMAIN} \ "sudo ss -nltupe "

NTP 沒有對準(不是主要問題)

sed -i -e "s/^server*/#&/g" -e "s/#log measurements statistics tracking/log measurements statistics tracking/g" /etc/chrony.conf sed -i "3a server ntp.ocp.hazel.internal iburst" /etc/chrony.confcurl systemctl restart chronyd chronyc -a makestep chronyc -a sources

Debug kubernetes API Server

ssh -i ${RHCOS_KEY} core@master-0.${OCP_ID}.${DOMAIN} \ "sudo crictl logs c47 "

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment