Minggu, 13 Oktober 2024

OPENSHIFT-giopublic

 

Openshift merupakan sebuah Platform-as-a-Service (PaaS) yang dikembangkan oleh Red Hat yang memudahkan para developer untuk mengembangkan maupun scale up/down aplikasi pada cloud computing

Pada panduan kali ini kita akan menginstal openshift dengan topologi berikut.



Setup environtment 

Untuk setup pertama buat 2 VM dengan OS CentOS 7 yang diinstall dari ISO 

A. Instal dan konfigurasi DNSmasq di host master

  • Instal paket dnsmasq
# yum -y install dnsmasq
  • Buat file Openshift.conf
# vi /etc/dnsmasq.d/openshift.conf
strict-order
domain-needed
local=/giostaging.com
bind-dynamic
log-querie
address=/.okd.giostaging.com/10.10.10.100

Note: Untuk giostaging.com dan okd.giostaging.com silakan disesuaikan dengan domain/subdomain yang diinginkan. Sedangkan untuk 10.10.10.100 merupakan IP Private host master

  • Tambahkan ke file /etc/hosts
# vi /etc/hosts
…
10.10.10.100 okd.giostaging.com okd
10.10.10.200 node.giostaging.com node
  • Tambahkan DNS resolver ke /etc/resolv.conf
# vi /etc/resolv.conf
…
nameserver 10.10.10.100
  • Edit file dnsmasq.conf
<i># vi /etc/dnsmasq.conf
...
listen-address=10.10.10.100 #IP private host master
...
server=8.8.8.8</i>
# systemctl enable dnsmasq
# systemctl start dnsmasq
# systemctl status dnsmasq
  • Install dan tambahkan rule iptables untuk service DNS
# yum install -y iptables-services
# systemctl enable iptables
# systemctl start iptables
# systemctl status iptables
# iptables -I INPUT 1 -p TCP --dport 53 -j ACCEPT
# iptables -I INPUT 1 -p UDP --dport 53 -j ACCEPT
# iptables-save > /etc/sysconfig/iptables
  • Tambahkan resolv.conf ke folder /etc/origin/node/
# mkdir -p /etc/origin/node
# touch /etc/origin/node/resolv.conf

 

B. Instal dan konfigurasi DNSmasq di host node

  • Instal paket dnsmasq
# yum -y install dnsmasq
  • Tambahkan IP host master di konfigurasi dnsmasq.conf
# vi /etc/dnsmasq.conf
...
server=10.10.10.100 #IP private host master
  • Tambahkan IP host master sebagai DNS resolver ke /etc/resolv.conf
# vi /etc/resolv.conf
...
nameserver 10.10.10.100
# systemctl enable dnsmasq
# systemctl start dnsmasq
# systemctl status dnsmasq
  • Tambahkan resolv.conf ke folder /etc/origin/node/
# mkdir -p /etc/origin/node
# touch /etc/origin/node/resolv.conf

 

C.  Konfigurasi di masing-masing host 

  • Disable firewalld
# systemctl stop firewalld
# systemctl disable firewalld
# systemctl status firewalld
  • Instal dan konfigurasi NetworkManager
# yum install -y NetworkManager
# vi /etc/NetworkManager/NetworkManager.conf
...
[main]
dns=none
# systemctl enable NetworkManager
# systemctl start NetworkManager
# systemctl status NetworkManager
  • Konfigurasi SELINUX=enforcing & SELINUXTYPE=targeted
# vi /etc/selinux/config
...
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX= enforcing
# SELINUXTYPE= can take one of these two values:
#     targeted - Targeted processes are protected,
#     minimum - Modification of targeted policy. Only selected processes are protected.
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted
  • Konfigurasi PATH 
# vi ~/.bash_profile
...
<i>export PATH=$PATH:/bin:/sbin:/usr/bin:/usr/sbin</i>
# source ~/.bash_profiles
  • Install paket utilities dan EPEL repositori
# yum install -y wget git net-tools bind-utils iptables-services bridge-utils
bash-completion curl vim openssl
# yum -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
# sed -i -e "s/^enabled=1/enabled=0/" /etc/yum.repos.d/epel.repo
  • Update paket dan restart VM
# yum -y update
# reboot
  • Instal docker dan konfigurasi docker storage
# yum install -y docker

Untuk docker storage, gunakan data volume tambahan yang sudah di-attach ke masing-masing host master dan node.

# fdisk -l
...
<i>Disk /dev/sdb: 32.2 GB, 32212254720 bytes, 62914560 sectors
<i>Units = sectors of 1 * 512 = 512 bytes
<i>Sector size (logical/physical): 512 bytes / 512 bytes
<i>I/O size (minimum/optimal): 512 bytes / 512 bytes</i></i></i></i>
# vgcreate docker-vg /dev/

(untuk /dev/sdb disesuaikan dengan hasil output dari command fdisk -l sebelumnya)

# vgdisplay


# vi /etc/sysconfig/docker-storage-setup
…
VG=docker-vg
# docker-storage-setup

Note : untuk docker storage di sini masih belum di set persistent storage nya. Silakan dilakukan pengaturan sesuai kebutuhan untuk persistent storage.
 

D. Install dan konfigurasi Openshift di host master

  • Instal Ansible versi 2.6

Download Ansible versi 2.6 menggunakan command berikut

# wget https://releases.ansible.com/ansible/rpm/release/epel-7-x86_64/ansible-2.6.0-1.el7.ans.noarch.rpm
# wget https://releases.ansible.com/ansible/rpm/release/epel-7-x86_64/ansible-2.6.0-1.el7.ans.src.rpm

Jalankan perintah berikut untuk instalasi Ansible versi 2.6

# yum -y install python-paramiko python-six python2-cryptography sshpass python-jinja2 pyOpenSSL
# rpm -Uvh ansible-2.6.0-1.el7.ans.*
  • Edit konfigurasi ansible di file /etc/ansible/hosts seperti berikut
# vi /etc/ansible/hosts
...
[OSEv3:children]

masters
nodes
etcd
# Set variables common for all OSEv3 hosts
[OSEv3:vars]
# SSH user, this user should allow ssh based auth without requiring a password
ansible_ssh_user=root
# If ansible_ssh_user is not root, ansible_become must be set to true
#ansible_become=true
openshift_deployment_type=origin
# uncomment the following to enable htpasswd authentication; defaults to DenyAllPasswordIdentityProvider
openshift_master_identity_providers=[{'name':'htpasswd_auth', 'login': 'true', 'challenge': 'true', 'kind':'HTPasswdPasswordIdentityProvider', 'filename':'/etc/origin/master/htpasswd'}]
openshift_master_default_subdomain=okd.giostaging.com
openshift_docker_insecure_registries=172.30.10.0/16
 


openshift_disable_check = memory_availability,disk_availability

# host group for masters
[masters]
okd.giostaging.com openshift_schedulable=true containerized=false openshift_hostname= okd.giostaging.com 
openshift_public_hostname= okd.giostaging.com openshift_public_ip= 103.44.27.209 #IP public host master
# host group for etcd
[etcd]
okd.giostaging.com
  
# host group for nodes, includes region info 


[nodes]

okd.giostaging.com openshift_node_labels="{'region': 'infra', 'zone': 'default'}"
node.giostaging.com openshift_node_labels="{'region': 'primary', 'zone': 'east'}" openshift_schedulable=true 
openshift_hostname= node.giostaging.com openshift_public_hostname= node.giostaging.com 
openshift_public_ip=103.58.100.150 #IP public host node
  • Clone repository openshift/openshift-ansible versi 3.9
# git clone -b release-3.9 https://github.com/openshift/openshift-ansible
# cd openshift-ansible
  • Jalankan perintah berikut untuk install openshift

Harap diperhatikan sebelum menjalankan command berikut, pastikan bahwa host master bisa ssh tanpa password ke host master dan host node

# ansible-playbook playbooks/prerequisites.yml

Note : tunggu proses tersebut sampai selesai dan pastikan tidak ada error/failed. Kemudian jalankan command berikut

# ansible-playbook playbooks/deploy_cluster.yml
  • Clone repository openshift/openshift-ansible versi 3.9
# git clone -b release-3.9 https://github.com/openshift/openshift-ansible
# cd openshift-ansible
  • Jalankan perintah berikut untuk install openshift

Harap diperhatikan sebelum menjalankan command berikut, pastikan bahwa host master bisa ssh tanpa password ke host master dan host node

# ansible-playbook playbooks/prerequisites.yml

Note : tunggu proses tersebut sampai selesai dan pastikan tidak ada error/failed. Kemudian jalankan command berikut

# ansible-playbook playbooks/deploy_cluster.yml


E. Verifikasi cluster yang sudah terinstal di host master 

  • List nodes
# oc get nodes
...
<i>NAME                 STATUS  ROLES   </i><i>AGE  VERSION</i>
<i>node.giostaging.com  Ready   compute 6m</i><i>v  1.9.1+a0ce1bc657
<i>okd.giostaging.com   Ready</i><i>   master</i><i>  6mv  1.9.1+a0ce1bc657</i></i>
  • Buat user untuk login ke dashboard openshift
# htpasswd /etc/origin/master/htpasswd admin
...
<i>New password: </i><i>your_strong_password</i>
<i>Re-type new password: </i><i>your_strong_password</i>
<i>Adding password for user admin</i>
  • Login openshift melalui CLI
# oc login
...
Authentication required for https://okd.giostaging.com:8443 (openshift)
Username: admin
Password: 
Login successful.
You don't have any projects. You can try to create a new project, by running
    oc new-project <projectname>
  • Login ke dashboard openshift

Buka URL https://hostname_master:8443 kemudian masukkan username dan password yang dibuat sebelumnya 

  • Halaman dashboard openshift setelah berhasil login

Tidak ada komentar:

Posting Komentar