7, setup node service, we install node service on all nodes, including master nodes.
yum install -y centos-release-openshift-origin yum install -y origin-node origin-pod origin-sdn-ovs origin-dockerregistry
vi /etc/sysctl.conf
net.ipv4.ip_forward = 1 sysctl -p
vi /etc/sysconfig/origin-node
OPTIONS=--loglevel=2 CONFIG_FILE=/etc/origin/node/node-config.yaml IMAGE_VERSION=v1.4.1
vi /etc/origin/node/node-config.yaml
allowDisabledDocker: false apiVersion: v1 authConfig: authenticationCacheSize: 1000 authenticationCacheTTL: 5m authorizationCacheSize: 1000 authorizationCacheTTL: 5m dnsDomain: cluster.local dnsIP: "192.168.2.205" dockerConfig: execHandlerName: native enableUnidling: true imageConfig: format: openshift/origin-${component}:${version} latest: false iptablesSyncPeriod: 30s kind: NodeConfig kubeletArguments: node-labels: - region=infra - zone=default masterClientConnectionOverrides: acceptContentTypes: application/vnd.kubernetes.protobuf,application/json burst: 40 contentType: application/vnd.kubernetes.protobuf qps: 20 masterKubeConfig: system:node:master1.openshift.qyos.com.kubeconfig networkConfig: mtu: 1450 networkPluginName: "redhat/openshift-ovs-multitenant" nodeIP: "192.168.2.206" nodeName: master1.openshift.qyos.com podManifestConfig: null servingInfo: bindAddress: 0.0.0.0:10250 bindNetwork: tcp4 certFile: server.crt clientCA: ca.crt keyFile: server.key namedCertificates: null volumeConfig: localQuota: perFSGroup: null volumeDirectory: /openshift.local.volumes
on master1, we generate node configuration files.
mkdir /etc/origin/generated-configs/node-master1.openshift.qyos.com oc adm create-api-client-config \ --certificate-authority=/etc/origin/master/ca.crt \ --client-dir=/etc/origin/generated-configs/node-master1.openshift.qyos.com \ --groups=system:nodes \ --master=https://openshift.qyos.com:8443 \ --signer-cert=/etc/origin/master/ca.crt \ --signer-key=/etc/origin/master/ca.key \ --signer-serial=/etc/origin/master/ca.serial.txt \ --user=system:node:master1.openshift.qyos.com oc adm ca create-server-cert \ --cert=/etc/origin/generated-configs/node-master1.openshift.qyos.com/server.crt \ --key=/etc/origin/generated-configs/node-master1.openshift.qyos.com/server.key \ --overwrite=true \ --hostnames=openshift.qyos.com,localhost,127.0.0.1,172.17.42.1,kubernetes.default.local,kubernetes,kubernetes.default,kubernetes.default.svc,kubernetes.default.svc.cluster.local,master1.openshift.qyos.com,master2.openshift.qyos.com,master3.openshift.qyos.com,openshift,openshift.default,openshift.default.svc,openshift.default.svc.cluster.local,172.30.0.1,192.168.2.206,192.168.2.207,192.168.2.208 \ --signer-cert=/etc/origin/master/ca.crt \ --signer-key=/etc/origin/master/ca.key \ --signer-serial=/etc/origin/master/ca.serial.txt cp /etc/origin/generated-configs/node-master1.openshift.qyos.com/* /etc/origin/node/ mkdir /etc/origin/generated-configs/node-master2.openshift.qyos.com oc adm create-api-client-config \ --certificate-authority=/etc/origin/master/ca.crt \ --client-dir=/etc/origin/generated-configs/node-master2.openshift.qyos.com \ --groups=system:nodes \ --master=https://openshift.qyos.com:8443 \ --signer-cert=/etc/origin/master/ca.crt \ --signer-key=/etc/origin/master/ca.key \ --signer-serial=/etc/origin/master/ca.serial.txt \ --user=system:node:master2.openshift.qyos.com oc adm ca create-server-cert \ --cert=/etc/origin/generated-configs/node-master2.openshift.qyos.com/server.crt \ --key=/etc/origin/generated-configs/node-master2.openshift.qyos.com/server.key \ --overwrite=true \ --hostnames=openshift.qyos.com,localhost,127.0.0.1,172.17.42.1,kubernetes.default.local,kubernetes,kubernetes.default,kubernetes.default.svc,kubernetes.default.svc.cluster.local,master1.openshift.qyos.com,master2.openshift.qyos.com,master3.openshift.qyos.com,openshift,openshift.default,openshift.default.svc,openshift.default.svc.cluster.local,172.30.0.1,192.168.2.206,192.168.2.207,192.168.2.208 \ --signer-cert=/etc/origin/master/ca.crt \ --signer-key=/etc/origin/master/ca.key \ --signer-serial=/etc/origin/master/ca.serial.txt scp /etc/origin/generated-configs/node-master2.openshift.qyos.com/* root@192.168.2.207:/etc/origin/node/ mkdir /etc/origin/generated-configs/node-master3.openshift.qyos.com oc adm create-api-client-config \ --certificate-authority=/etc/origin/master/ca.crt \ --client-dir=/etc/origin/generated-configs/node-master3.openshift.qyos.com \ --groups=system:nodes \ --master=https://openshift.qyos.com:8443 \ --signer-cert=/etc/origin/master/ca.crt \ --signer-key=/etc/origin/master/ca.key \ --signer-serial=/etc/origin/master/ca.serial.txt \ --user=system:node:master3.openshift.qyos.com oc adm ca create-server-cert \ --cert=/etc/origin/generated-configs/node-master3.openshift.qyos.com/server.crt \ --key=/etc/origin/generated-configs/node-master3.openshift.qyos.com/server.key \ --overwrite=true \ --hostnames=openshift.qyos.com,localhost,127.0.0.1,172.17.42.1,kubernetes.default.local,kubernetes,kubernetes.default,kubernetes.default.svc,kubernetes.default.svc.cluster.local,master1.openshift.qyos.com,master2.openshift.qyos.com,master3.openshift.qyos.com,openshift,openshift.default,openshift.default.svc,openshift.default.svc.cluster.local,172.30.0.1,192.168.2.206,192.168.2.207,192.168.2.208 \ --signer-cert=/etc/origin/master/ca.crt \ --signer-key=/etc/origin/master/ca.key \ --signer-serial=/etc/origin/master/ca.serial.txt scp /etc/origin/generated-configs/node-master3.openshift.qyos.com/* root@192.168.2.208:/etc/origin/node/ mkdir /etc/origin/generated-configs/node-node1.openshift.qyos.com oc adm create-api-client-config \ --certificate-authority=/etc/origin/master/ca.crt \ --client-dir=/etc/origin/generated-configs/node-node1.openshift.qyos.com \ --groups=system:nodes \ --master=https://openshift.qyos.com:8443 \ --signer-cert=/etc/origin/master/ca.crt \ --signer-key=/etc/origin/master/ca.key \ --signer-serial=/etc/origin/master/ca.serial.txt \ --user=system:node:node1.openshift.qyos.com oc adm ca create-server-cert \ --cert=/etc/origin/generated-configs/node-node1.openshift.qyos.com/server.crt \ --key=/etc/origin/generated-configs/node-node1.openshift.qyos.com/server.key \ --overwrite=true \ --hostnames=openshift.qyos.com,localhost,127.0.0.1,172.17.42.1,kubernetes.default.local,kubernetes,kubernetes.default,kubernetes.default.svc,kubernetes.default.svc.cluster.local,master1.openshift.qyos.com,master2.openshift.qyos.com,master3.openshift.qyos.com,node1.openshift.qyos.com,openshift,openshift.default,openshift.default.svc,openshift.default.svc.cluster.local,172.30.0.1,192.168.2.206,192.168.2.207,192.168.2.208,192.168.2.209 \ --signer-cert=/etc/origin/master/ca.crt \ --signer-key=/etc/origin/master/ca.key \ --signer-serial=/etc/origin/master/ca.serial.txt scp /etc/origin/generated-configs/node-node1.openshift.qyos.com/* root@192.168.2.209:/etc/origin/node/
on each node:
cp /etc/origin/node/ca.crt /etc/pki/ca-trust/source/anchors/openshift-ca.crt update-ca-trust systemctl restart docker systemctl enable origin-node systemctl start origin-node