openshift origin multi-master manually deployment part-4

7, setup node service, we install node service on all nodes, including master nodes.

yum install -y centos-release-openshift-origin
yum install -y origin-node origin-pod origin-sdn-ovs origin-dockerregistry

vi /etc/sysctl.conf

net.ipv4.ip_forward = 1
sysctl -p

vi /etc/sysconfig/origin-node

OPTIONS=--loglevel=2
CONFIG_FILE=/etc/origin/node/node-config.yaml
IMAGE_VERSION=v1.4.1

vi /etc/origin/node/node-config.yaml

allowDisabledDocker: false
apiVersion: v1
authConfig:
  authenticationCacheSize: 1000
  authenticationCacheTTL: 5m
  authorizationCacheSize: 1000
  authorizationCacheTTL: 5m
dnsDomain: cluster.local
dnsIP: "192.168.2.205"
dockerConfig:
  execHandlerName: native
enableUnidling: true
imageConfig:
  format: openshift/origin-${component}:${version}
  latest: false
iptablesSyncPeriod: 30s
kind: NodeConfig
kubeletArguments:
  node-labels:
  - region=infra
  - zone=default
masterClientConnectionOverrides:
  acceptContentTypes: application/vnd.kubernetes.protobuf,application/json
  burst: 40
  contentType: application/vnd.kubernetes.protobuf
  qps: 20
masterKubeConfig: system:node:master1.openshift.qyos.com.kubeconfig
networkConfig:
  mtu: 1450
  networkPluginName: "redhat/openshift-ovs-multitenant"
nodeIP: "192.168.2.206"
nodeName: master1.openshift.qyos.com
podManifestConfig: null
servingInfo:
  bindAddress: 0.0.0.0:10250
  bindNetwork: tcp4
  certFile: server.crt
  clientCA: ca.crt
  keyFile: server.key
  namedCertificates: null
volumeConfig:
  localQuota:
    perFSGroup: null
volumeDirectory: /openshift.local.volumes

on master1, we generate node configuration files.

mkdir /etc/origin/generated-configs/node-master1.openshift.qyos.com
oc adm create-api-client-config \
      --certificate-authority=/etc/origin/master/ca.crt \
      --client-dir=/etc/origin/generated-configs/node-master1.openshift.qyos.com \
      --groups=system:nodes \
      --master=https://openshift.qyos.com:8443 \
      --signer-cert=/etc/origin/master/ca.crt \
      --signer-key=/etc/origin/master/ca.key \
      --signer-serial=/etc/origin/master/ca.serial.txt \
      --user=system:node:master1.openshift.qyos.com

oc adm ca create-server-cert \
      --cert=/etc/origin/generated-configs/node-master1.openshift.qyos.com/server.crt \
      --key=/etc/origin/generated-configs/node-master1.openshift.qyos.com/server.key \
      --overwrite=true \
      --hostnames=openshift.qyos.com,localhost,127.0.0.1,172.17.42.1,kubernetes.default.local,kubernetes,kubernetes.default,kubernetes.default.svc,kubernetes.default.svc.cluster.local,master1.openshift.qyos.com,master2.openshift.qyos.com,master3.openshift.qyos.com,openshift,openshift.default,openshift.default.svc,openshift.default.svc.cluster.local,172.30.0.1,192.168.2.206,192.168.2.207,192.168.2.208 \
      --signer-cert=/etc/origin/master/ca.crt \
      --signer-key=/etc/origin/master/ca.key \
      --signer-serial=/etc/origin/master/ca.serial.txt 

cp /etc/origin/generated-configs/node-master1.openshift.qyos.com/* /etc/origin/node/

mkdir /etc/origin/generated-configs/node-master2.openshift.qyos.com
oc adm create-api-client-config \
      --certificate-authority=/etc/origin/master/ca.crt \
      --client-dir=/etc/origin/generated-configs/node-master2.openshift.qyos.com \
      --groups=system:nodes \
      --master=https://openshift.qyos.com:8443 \
      --signer-cert=/etc/origin/master/ca.crt \
      --signer-key=/etc/origin/master/ca.key \
      --signer-serial=/etc/origin/master/ca.serial.txt \
      --user=system:node:master2.openshift.qyos.com

oc adm ca create-server-cert \
      --cert=/etc/origin/generated-configs/node-master2.openshift.qyos.com/server.crt \
      --key=/etc/origin/generated-configs/node-master2.openshift.qyos.com/server.key \
      --overwrite=true \
      --hostnames=openshift.qyos.com,localhost,127.0.0.1,172.17.42.1,kubernetes.default.local,kubernetes,kubernetes.default,kubernetes.default.svc,kubernetes.default.svc.cluster.local,master1.openshift.qyos.com,master2.openshift.qyos.com,master3.openshift.qyos.com,openshift,openshift.default,openshift.default.svc,openshift.default.svc.cluster.local,172.30.0.1,192.168.2.206,192.168.2.207,192.168.2.208 \
      --signer-cert=/etc/origin/master/ca.crt \
      --signer-key=/etc/origin/master/ca.key \
      --signer-serial=/etc/origin/master/ca.serial.txt 

scp /etc/origin/generated-configs/node-master2.openshift.qyos.com/* root@192.168.2.207:/etc/origin/node/

mkdir /etc/origin/generated-configs/node-master3.openshift.qyos.com
oc adm create-api-client-config \
      --certificate-authority=/etc/origin/master/ca.crt \
      --client-dir=/etc/origin/generated-configs/node-master3.openshift.qyos.com \
      --groups=system:nodes \
      --master=https://openshift.qyos.com:8443 \
      --signer-cert=/etc/origin/master/ca.crt \
      --signer-key=/etc/origin/master/ca.key \
      --signer-serial=/etc/origin/master/ca.serial.txt \
      --user=system:node:master3.openshift.qyos.com

oc adm ca create-server-cert \
      --cert=/etc/origin/generated-configs/node-master3.openshift.qyos.com/server.crt \
      --key=/etc/origin/generated-configs/node-master3.openshift.qyos.com/server.key \
      --overwrite=true \
      --hostnames=openshift.qyos.com,localhost,127.0.0.1,172.17.42.1,kubernetes.default.local,kubernetes,kubernetes.default,kubernetes.default.svc,kubernetes.default.svc.cluster.local,master1.openshift.qyos.com,master2.openshift.qyos.com,master3.openshift.qyos.com,openshift,openshift.default,openshift.default.svc,openshift.default.svc.cluster.local,172.30.0.1,192.168.2.206,192.168.2.207,192.168.2.208 \
      --signer-cert=/etc/origin/master/ca.crt \
      --signer-key=/etc/origin/master/ca.key \
      --signer-serial=/etc/origin/master/ca.serial.txt 

scp /etc/origin/generated-configs/node-master3.openshift.qyos.com/* root@192.168.2.208:/etc/origin/node/

mkdir /etc/origin/generated-configs/node-node1.openshift.qyos.com
oc adm create-api-client-config \
      --certificate-authority=/etc/origin/master/ca.crt \
      --client-dir=/etc/origin/generated-configs/node-node1.openshift.qyos.com \
      --groups=system:nodes \
      --master=https://openshift.qyos.com:8443 \
      --signer-cert=/etc/origin/master/ca.crt \
      --signer-key=/etc/origin/master/ca.key \
      --signer-serial=/etc/origin/master/ca.serial.txt \
      --user=system:node:node1.openshift.qyos.com

oc adm ca create-server-cert \
      --cert=/etc/origin/generated-configs/node-node1.openshift.qyos.com/server.crt \
      --key=/etc/origin/generated-configs/node-node1.openshift.qyos.com/server.key \
      --overwrite=true \
      --hostnames=openshift.qyos.com,localhost,127.0.0.1,172.17.42.1,kubernetes.default.local,kubernetes,kubernetes.default,kubernetes.default.svc,kubernetes.default.svc.cluster.local,master1.openshift.qyos.com,master2.openshift.qyos.com,master3.openshift.qyos.com,node1.openshift.qyos.com,openshift,openshift.default,openshift.default.svc,openshift.default.svc.cluster.local,172.30.0.1,192.168.2.206,192.168.2.207,192.168.2.208,192.168.2.209 \
      --signer-cert=/etc/origin/master/ca.crt \
      --signer-key=/etc/origin/master/ca.key \
      --signer-serial=/etc/origin/master/ca.serial.txt 

scp /etc/origin/generated-configs/node-node1.openshift.qyos.com/* root@192.168.2.209:/etc/origin/node/

on each node:

cp /etc/origin/node/ca.crt /etc/pki/ca-trust/source/anchors/openshift-ca.crt
update-ca-trust
systemctl restart docker
systemctl enable origin-node
systemctl start origin-node

Leave a Reply

Your email address will not be published. Required fields are marked *