# Openshift Agent-based Installation
### 2024/11/14-15 @Metaage
# Agent base 安裝的特性
- Run disconnected
- No provisioning host required
- Pre-light validations
- Fully automated
- Static network configuration via NMState
- Supports Single Node PpenShift(SNO) and Baremetal/vSphere platforms
# 0. 安裝架構
# 1. 軟體下載與工具準備
1. 連線到RedHat的[console.redhat.com](https://console.redhat.com/openshift/downloads),去下載以下相關的軟體,確認要安裝的平台與作業系統:
1. OpenShift command-line interface (oc)
2. OpenShift for x86_64 Installer
3. mirror registry for Red Hat OpenShift
4. OpenShift Client (oc) mirror plugin (oc-mirror)
2. 在 download link 上按下右鍵,選” 複製連結網站“取得 URL
1. 在basion機中,去取得這些檔案,並且解壓縮到/usr/local/bin
注意:你從download link中取得是最新的版本,要確認你要安裝的版本,如果版本有問題,可以直接瀏覽https://mirror.openshift.com/pub/openshift-v4/x86_64/clients/ocp/ 去取得
```bash
wget https://mirror.openshift.com/pub/openshift-v4/x86_64/clients/ocp/4.16.21/openshift-client-linux-4.16.21.tar.gz
wget https://mirror.openshift.com/pub/openshift-v4/x86_64/clients/ocp/4.16.21/openshift-install-linux-4.16.21.tar.gz
tar zxvf openshift-client-linux-4.16.21.tar.gz -C /usr/local/bin/
tar zxvf openshift-install-linux-4.16.21.tar.gz -C /usr/local/bin/
chmod +x oc
chmod +x oc-mirror
oc version
oc-mirror version
openshift-install version
oc-mirror version
```
# 2. 網路配置
base domain: **agent.lab**
cluster name: ocp
clusterNetwork: 10.128.0.0/14
hostPrefix: 23
machineNetwork: 172.20.10.0/24
serviceNetwork:172.30.0.0/16
| Name | ip address | mac address | 網卡名字 | |
| --- | --- | --- | --- | --- |
| bastion / quay | 172.20.10.100 | | | |
| apiVIP | 172.20.10.101 | X | X | |
| ingressVIP | 172.20.10.102 | X | X | |
| master1.ocp.agent.lab | 172.20.10.103 | 00:50:56:b9:b5:c7 | ens33 | |
| master2.ocp.agent.lab | 172.20.10.104 | 00:50:56:b9:eb:b | ens33 | |
| master3.ocp.agent.lab | 172.20.10.106 | 00:50:56:b9:eb:b1 | ens33 | |
| worker1.ocp.agent.lab | 172.20.10.107 | 00:50:56:b9:62:c8 | ens33 | |
| worker2.ocp.agent.lab | 172.20.10.108 | 00:50:56:b9:46:aa | ens33 | |
| worker3.ocp.agent.lab | 172.20.10.109 | 00:50:56:b9:39:83 | ens33 | |
# 3. DNS 確認
## 配置與確認DNS
```bash
[root@bastion dnsmasq.d]# cat dns.conf
host-record=bastion.ocp.agent.lab,172.20.10.100
host-record=quay.ocp.agent.lab,172.20.10.100
host-record=master1.ocp.agent.lab,172.20.10.103
host-record=master2.ocp.agent.lab,172.20.10.104
host-record=master3.ocp.agent.lab,172.20.10.105
host-record=worker1.ocp.agent.lab,172.20.10.106
host-record=worker2.ocp.agent.lab,172.20.10.107
host-record=worker3.ocp.agent.lab,172.20.10.108
host-record=api.ocp.agent.lab,172.20.10.101
host-record=api-int.ocp.agent.lab,172.20.10.101
host-record=apps.ocp.agent.lab,172.20.10.102
host-record=\*.apps.ocp.agent.lab,172.20.10.102
address=/bastion.ocp.agent.lab/172.20.10.100
address=/quay.ocp.agent.lab/172.20.10.100
address=/master1.ocp.agent.lab/172.20.10.103
address=/master2.ocp.agent.lab/172.20.10.104
address=/master3.ocp.agent.lab/172.20.10.105
address=/worker1.ocp.agent.lab/172.20.10.106
address=/worker2.ocp.agent.lab/172.20.10.107
address=/worker3.ocp.agent.lab/172.20.10.108
address=/apps.ocp.agent.lab/172.20.10.102
address=/\*.apps.ocp.agent.lab/172.20.10.102
address=/api.ocp.agent.lab/172.20.10.101
address=/api-int.ocp.agent.lab/172.20.10.101
server=1.1.1.1
```
# 4. 安裝mirror-registry
## 4.1 install mirror-registry
```bash
./mirror-registry install --quayHostname quay.ocp.agent.lab --quayRoot /quay --quayStorage /quay/quay-Storage
```
https://docs.openshift.com/container-platform/4.10/installing/disconnected_install/installing-mirroring-creating-registry.html
- -quayHostname:quay 的主機名uri。 我們有另外設置一個quay.ocp.agent.lab
- -quayRoot:安裝的目錄 (default "~/quay-install")
- --quayStorage /quay/quay-Storage :因為空間不夠,另外掛了一個disk出來裝
## 4.2 安裝完成後可以取得帳號與密碼,並且試著登入
```bash
Quay installed successfully, config data is stored in ~/quay
Quay is available at https://mirror-registry.ocp4.lab.local:8443 with credentials (init, yaFRt3MNXBE1v7ZGP9YiOS206Js48gl5)
podman login -u init -p yaFRt3MNXBE1v7ZGP9YiOS206Js48gl5 quay.ocp.agent.lab:8443 --tls-verify=false
Login Succeeded!
```
## 4.3 加入CA憑証
安裝mirror registry 會自動生成CA憑證, 須加入信任憑證中
```bash
$ cp /quay/quay-rootCA/rootCA.pem /usr/share/pki/ca-trust-source/anchors/rootCA.cert
$ update-ca-trust
```
# 5. 建立ocp iso檔
## 5.1 Pull secret
從[console.redhat.com](https://console.redhat.com/openshift/downloads) 下載 Pull secret,改輸出成json格式
```bash
cat pull-secret.txt | jq . pull-secret.json
cat Pull-sercet.json
"auths": {
"cloud.openshift.com": {
"auth": "b3BlbnNoaWZ0LXJlbGVhc2UtZGV2K29jbV9hY2Nlc3NfOWVjY2NmNzJkOWQxNDFiOTk4ZmU1ZWM0ZTA4OTQ2NGY6SzlGU002Qk4zVVo2MTNZV0pEU0QzRVVNSjlMTlI5MjJOOTZSTzVVVVpFUzYzRFY3RU9UM0VIMVJQTkpXMjFWOQ=="
},
"quay.io": {
"auth": "b3BlbnNoaWZ0LXJlbGVhc2UtZGV2K29jbV9hY2Nlc3NfOWVjY2NmNzJkOWQxNDFiOTk4ZmU1ZWM0ZTA4OTQ2NGY6SzlGU002Qk4zVVo2MTNZV0pEU0QzRVVNSjlMTlI5MjJOOTZSTzVVVVpFUzYzRFY3RU9UM0VIMVJQTkpXMjFWOQ=="
},
"registry.connect.redhat.com": {
"auth": "fHVoYy1wb29sLWQ1ODM2YWYxLWM0MWYtNGI3ZC05ZjUwLTlj
}
```
登入內建的mirror register需要的帳號密碼,可以透過以下方式取出
```bash
[root@bastion /]# podman login quay.ocp.agent.lab:8443 --username init --password yaFRt3MNXBE1v7ZGP9YiOS206Js48gl5
Login Succeeded!
[root@bastion /]# cat /run/user/0/containers/auth.json
"auths": {
"quay.ocp.agent.lab:8443": {
"auth": "aW5pdDp5YUZSdDNNTlhCRTF2N1pHUDlZaU9TMjA2SnM0OGdsNQ=="
}
}
```
把找到的值取出,並且加到 pull-secret.json, 並且蓋掉/run/user/0/containers/auth.json
```bash
vi pull-secret.json
cp pull-secret.json /run/user/0/containers/auth.json
cat /run/user/0/containers/auth.json
"auths": {
"cloud.openshift.com": {
"auth": "b3BlbnNoaWZ0LXJlbGVhc2UtZGV2K29jbV9hY2Nlc3NfOWVjY2NmNzJkOWQxNDFiOTk4ZmU1ZWM0ZTA4OTQ2NGY6SzlGU002Qk4zVVo2MTNZV0pEU0QzRVVNSjlMTlI5MTzVVVVpFUzYzRFY3RU9UM0VIMVJQTkpXMjFWOQ=="
},
"quay.io": {
"auth": "b3BlbnNoaWZ0LXJlbGVhc2UtZGV2K29jbV9hY2Nlc3NfOWVjY2NmNzJkOWQxNDFiOTk4ZmU1ZWM0ZTA4OTQ2NGY6SzlGU002Qk4zVVo2MTNZV0pEU0QzRVVNSjlMTlI5MTzVVVVpFUzYzRFY3RU9UM0VIMVJQTkpXMjFWOQ=="
},
"quay.ocp.agent.lab:8443": {
"auth": "aW5pdDp5YUZSdDNNTlhCRTF2N1pHUDlZaU9TMjA2SnM0OGdsNQ=="
},
"registry.connect.redhat.com": {
"auth": "fHVoYy1wb29sLWQ1ODM2YWYxLWM0MWYtNGI3ZC05ZjUwLTljNTViYWUwODJhNzpleUpoYkdjaU9pSlNVelV4TWlKOS5leUp6ZFdJaU9pSXhNRFE0T1dVell6VXhNekkwWUmpNREV6WldNelkyWTVPRE5oTmlKOS5ZQlhoeXd6Yi1zT3RxTTdJUzRjSVVVRWJvb29rWnJadm1VWFdTR0dvd1dLT0VwbjVkVlhMTFNGMW9WYjRlbTJzZGtrandvbTZuZWc1cHJVUVBtZ3VLNUxWVzFwMXM2eUttQkEpvdndVdXlEYlhjM25TYnFIQzZkazZNRWd0ZURNbk4yQTlJSGI4b0Z0LWE1SmFRaDh4Vy1TUDVqWkhXSXdSVjZNYy1vZDFqMjVHcEJVVXVkTHlxdW1CUVR3TFQ2VHFXaV8yQVdSZTI5eHEweExKQ00yY0VEaGh5dFZZBOWF5WVd0M1Fnd3VCWlpPZ0xvWUlzN1ZMSnE0UjZySDRmR1dMZzFIMk1CZjRYWGR0dm8wNWRYNjhUY2tJVkFjclliT2ZmSDRPTVVXWnFIZ1ZVbGNDbU5ZdWh6NlAxVllvUzBGdTFZOTVRcFA1R0g4Wjh4VWc3djNsOaEI4RkxCWHFWa1VEd085THFfWVdQV2xSVHFBMXM1SkNZR3U2cUZlUXZLUEoxc2VZZEJ5OEkxWl9objMtVzk0VklHNEQ2Wk4yeURYSVJsU096UkRNUk4za2VrUF9tS1gwWkVPUDhucWRrYVVlT3JOVll3S05VTm95MNVlFNXBwcHVqNGlEdXQ0ZzZZdVZkWVJlYUJvdENSQ1R6U1N1ZzllTE5UX1Q3MktrOUlyQ3ZnQTQxVmV2b29obk9CcENnWlpkdmUyTDQzOWdNVzRLU2hTcXZqNXJBRHd4TWdtblg2SFMyWUtuZTVtR0lMWU5LaU5tRXTdPM2wtSG5YUzRlTGJFdnVod0tOSVFNaEdua25ESFd6M0o4dXl6ajRwSFlCNHg1NnlWeWowU1FZeVd6cnlaQ1didmJoaThCQQ=="
},
"registry.redhat.io": {
"auth": "fHVoYy1wb29sLWQ1ODM2YWYxLWM0MWYtNGI3ZC05ZjUwLTljNTViYWUwODJhNzpleUpoYkdjaU9pSlNVelV4TWlKOS5leUp6ZFdJaU9pSXhNRFE0T1dVell6VXhNekkwWUmpNREV6WldNelkyWTVPRE5oTmlKOS5ZQlhoeXd6Yi1zT3RxTTdJUzRjSVVVRWJvb29rWnJadm1VWFdTR0dvd1dLT0VwbjVkVlhMTFNGMW9WYjRlbTJzZGtrandvbTZuZWc1cHJVUVBtZ3VLNUxWVzFwMXM2eUttQkEpvdndVdXlEYlhjM25TYnFIQzZkazZNRWd0ZURNbk4yQTlJSGI4b0Z0LWE1SmFRaDh4Vy1TUDVqWkhXSXdSVjZNYy1vZDFqMjVHcEJVVXVkTHlxdW1CUVR3TFQ2VHFXaV8yQVdSZTI5eHEweExKQ00yY0VEaGh5dFZZBOWF5WVd0M1Fnd3VCWlpPZ0xvWUlzN1ZMSnE0UjZySDRmR1dMZzFIMk1CZjRYWGR0dm8wNWRYNjhUY2tJVkFjclliT2ZmSDRPTVVXWnFIZ1ZVbGNDbU5ZdWh6NlAxVllvUzBGdTFZOTVRcFA1R0g4Wjh4VWc3djNsOaEI4RkxCWHFWa1VEd085THFfWVdQV2xSVHFBMXM1SkNZR3U2cUZlUXZLUEoxc2VZZEJ5OEkxWl9objMtVzk0VklHNEQ2Wk4yeURYSVJsU096UkRNUk4za2VrUF9tS1gwWkVPUDhucWRrYVVlT3JOVll3S05VTm95MNVlFNXBwcHVqNGlEdXQ0ZzZZdVZkWVJlYUJvdENSQ1R6U1N1ZzllTE5UX1Q3MktrOUlyQ3ZnQTQxVmV2b29obk9CcENnWlpkdmUyTDQzOWdNVzRLU2hTcXZqNXJBRHd4TWdtblg2SFMyWUtuZTVtR0lMWU5LaU5tRXTdPM2wtSG5YUzRlTGJFdnVod0tOSVFNaEdua25ESFd6M0o4dXl6ajRwSFlCNHg1NnlWeWowU1FZeVd6cnlaQ1didmJoaThCQQ=="
}
}
```
將mirror registry值寫入install-config.yaml中
```bash
pullSecret: '{"auths":{"quay.ocp.agent.lab:8443":{"auth":"aW5pdDp5YUZSdDNNTlhCRTF2N1pHUDlZaU9TMjA2SnM0OGdsNQ==","email":"jasowan@redhat.com"}}}'
```
這個值就是quay的init 密碼去做base 64加密,不過如果直接去進行得不到系統內的值,所以要直接從系統內取出
```bash
[root@bastion /]# echo aW5pdDp5YUZSdDNNTlhCRTF2N1pHUDlZaU9TMjA2SnM0OGdsNQ== | base64 -d
init:yaFRt3MNXBE1v7ZGP9YiOS206Js48gl5
```
## 5.2 sshKey:
產生ssh key,以備後續連線使用
```bash
ssh-keygen
cd .ssh
cat id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC5vSEsokRbpHCJl8PcO5s9DSlz74pOIDu9PLd8+Lgy6j+ymhT1zsuDPgAeHUnttC9j4OQ4A5t0VZGvLax1b82wUStnXptEgKoG/WsvaqODL3S6cobsUyaU9NSjB0OV4WMOcURrEkmzYhj/yQmlZjOQzd6YY1u6wKYPZtTpFjxSslz2R68dXBQS3WiWWL9XyCIf0fZsbExoUHT2hsoBb2f7tSUk354jI9oOVQi1aeBFRF8d+IV5b8shpHSIm2ur2uWwGLy6cEq3iHT1lZ2HlKUPfHhD4APt8SxqtzaY+qXA7suzJmXn5d//Ke4QRCgZj2DYk+ED6GXHfNj7BXCLCYcR0QB5vZURpOcS4QctbOmHG7rqlseNczlaKK0No0uCBQzcXNxbE+QQ5QxAxJVHBOXopbDb3sykpLaT0aWldWyDlZWwrktcnXLI5Y8uGKSC7DdOSNEACEEtJionZ9eIHFyzos+WMJ8L15EM3z+qlvSpMuCEKGOHwavNoXmVYt98k2U= root@bastion.ocp.agent.lab
```
## 5.3 ImageDigestSources:
建立imageset-config.yaml
```bash
apiVersion: mirror.openshift.io/v1alpha2
storageConfig:
registry:
imageURL: quay.ocp.agent.lab:8443/mirror/oc-mirror-metadata
skipTLS: true
mirror:
platform:
channels:
- name: stable-4.16
type: ocp
```
執行oc-mirror config imagesetl
```bash
oc-mirror --config imageset-config.yaml docker://quay.ocp.agent.lab:8443/ocp4
```
查詢imageContentSourcePolicy.yaml ,取出repositoryDigestMirrors的值,更新install-config.yaml
```bash
[root@bastion results-1731569746]# cat /root/ocp4-platfrom/oc-mirror-workspace/results-1731569746/imageContentSourcePolicy.yaml
---
apiVersion: operator.openshift.io/v1alpha1
kind: ImageContentSourcePolicy
metadata:
name: release-0
spec:
repositoryDigestMirrors:
- mirrors:
- quay.ocp.agent.lab:8443/ocp4/openshift/release
source: quay.io/openshift-release-dev/ocp-v4.0-art-dev
- mirrors:
- quay.ocp.agent.lab:8443/ocp4/openshift/release-images
source: quay.io/openshift-release-dev/ocp-release
```
查詢channel 與version
```bash
[root@bastion ocp4]# oc-mirror list releases --channels --version=4.16
Listing channels for version 4.16.
stable-4.15
eus-4.16
stable-4.16
fast-4.17
candidate-4.15
fast-4.15
candidate-4.16
fast-4.16
candidate-4.17
[root@bastion ocp4]# oc-mirror list releases --channel=stable-4.16
Listing stable channels. Use --channel=<channel-name> to filter.
Use oc-mirror list release --channels to discover other channels.
Channel: stable-4.16
Architecture: amd64
4.15.0
4.15.2
4.15.3
4.15.5
‥
```
## 5.4 additionalTrustBundle: |
透過以下指令取得
```bash
cat /quay/quay-rootCA/rootCA.pem
-----BEGIN CERTIFICATE-----
MIID3DCCAsSgAwIBAgIUdG6akjlcQTfkJLclNULSf/cP4S8wDQYJKoZIhvcNAQEL
BQAwbDELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAlZBMREwDwYDVQQHDAhOZXcgWW9y
azENMAsGA1UECgwEUXVheTERMA8GA1UECwwIRGl2aXNpb24xGzAZBgNVBAMMEnF1
YXkub2NwLmFnZW50LmxhYjAeFw0yNDExMTQwNjQ0MDRaFw0yNzA5MDQwNjQ0MDRa
MGwxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJWQTERMA8GA1UEBwwITmV3IFlvcmsx
DTALBgNVBAoMBFF1YXkxETAPBgNVBAsMCERpdmlzaW9uMRswGQYDVQQDDBJxdWF5
Lm9jcC5hZ2VudC5sYWIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6
wixM7732lt7euPK4w9LBuUYbWy81nhT4dBtQ5HPcx2UhfTbFdhL3mAkvvGQjbtCv
SrKjfEPmLT6XFJ3Nkisof0P4Pb5mrU8pM73doaVyKf0kHlIvc05XJEZpGxwccRK0
8JnxNIRkZsYw3Bl1yqUQesEt9mJZfngFZrrzUrjXOKEDBL6rppFA1Z7RKc5AFxTq
qoU6yJdykWMHDx0ZkgVXYJwCfnr19ztE2w4/OZ009/3eNHq+Z9UhU1f7CuHA8iES
FBTY+G8ycDDmfMUD6vLpyV3LjeGRs8R1b4wlgeva6UOvGfzZ5QJm/570CPUsXj55
pgTfEpw1TOhXJMVTyD/NAgMBAAGjdjB0MAsGA1UdDwQEAwIC5DATBgNVHSUEDDAK
BggrBgEFBQcDATAdBgNVHREEFjAUghJxdWF5Lm9jcC5hZ2VudC5sYWIwEgYDVR0T
AQH/BAgwBgEB/wIBATAdBgNVHQ4EFgQUO2oV66MF4i4OxITJPGocQvcQPVgwDQYJ
KoZIhvcNAQELBQADggEBAF1GUxA8Iw7UqPEbrAaWSC4mUEj82Eldc9Ru5kUS66Vy
nS2G/NNEQxktZ8taJloBu1Q+x0TTrCM+Il5PMtAlvo1DGUpKwoltFerj/pysuN45
9LOYsxlTw3/Xjwd6lDBaELsBqT/tgMeBMf7O7cvbOmglneUUAu0kM0GppYKRVrcJ
Es44N0d3Zgr+clRSlFUNCzW+V/IMCHaJrNwEQ2aVcz3x3VLxQ1EUeBe7wWOZoATS
EH5enbQfjH+vFTQwOC4SIFQYNV32FCV+KuH/Pv7c2szb2b+nCnFMOpHqRp3CBb4W
QVpqO6UsrxrsT6osI4evolj6yyseuHJJduM/56UOgAc=
-----END CERTIFICATE-----
```
## 5.5 修改install-config.yaml
```yaml
apiVersion: v1
baseDomain: agent.lab
compute:
- architecture: amd64
hyperthreading: Enabled
name: worker
replicas: 3
controlPlane:
architecture: amd64
hyperthreading: Enabled
name: master
replicas: 3
metadata:
name: ocp
networking:
clusterNetwork:
- cidr: 10.128.0.0/14
hostPrefix: 23
machineNetwork:
- cidr: 172.20.10.0/24
networkType: OVNKubernetes
serviceNetwork:
- 172.30.0.0/16
platform:
baremetal:
apiVIPs:
- 172.20.10.101
ingressVIPs:
- 172.20.10.102
hosts:
- name: master1.ocp.agent.lab
role: master
bootMACAddress: 00:50:56:b9:b5:c7
- name: master2.ocp.agent.lab
role: master
bootMACAddress: 00:50:56:b9:eb:b1
- name: master3.ocp.agent.lab
role: master
bootMACAddress: 00:50:56:b9:0b:cb
- name: worker1.ocp.agent.lab
role: worker
bootMACAddress: 00:50:56:b9:62:c8
- name: worker2.ocp.agent.lab
role: worker
bootMACAddress: 00:50:56:b9:46:aa
- name: worker3.ocp.agent.lab
role: worker
bootMACAddress: 00:50:56:b9:39:83
pullSecret: '{"auths":{"quay.ocp.agent.lab:8443":{"auth":"aW5pdDp5YUZSdDNNTlhCRTF2N1pHUDlZaU9TMjA2SnM0OGdsNQ==","email":"jasowan@redhat.com"}}}'
sshKey: 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC5vSEsokRbpHCJl8PcO5s9DSlz74pOIDu9PLd8+Lgy6j+ymhT1zsuDPgAeHUnttC9j4OQ4A5t0VZGvLax1b82wUStnXptEgKoG/WsvaqODL3S6cobsUyaU9NSjB0OV4WMOcURrEkmzYhj/yQmlZjOQzd6YY1u6wKYPZtTpFjxSslz2R68dXBQS3WiWWL9XyCIf0fZsbExoUHT2hsoBb2f7tSUk354jI9oOVQi1aeBFRF8d+IV5b8shpHSIm2ur2uWwGLy6cEq3iHT1lZ2HlKUPfHhD4APt8SxqtzaY+qXA7suzJmXn5d//Ke4QRCgZj2DYk+ED6GXHfNj7BXCLCYcR0QB5vZURpOcS4QctbOmHG7rqlseNczlaKK0No0uCBQzcXNxbE+QQ5QxAxJVHBOXopbDb3sykpLaT0aWldWyDlZWwrktcnXLI5Y8uGKSC7DdOSNEACEEtJionZ9eIHFyzos+WMJ8L15EM3z+qlvSpMuCEKGOHwavNoXmVYt98k2U= root@bastion.ocp.agent.lab'
ImageDigestSources:
- mirrors:
- quay.ocp.agent.lab:8443/ocp4/openshift/release
source: quay.io/openshift-release-dev/ocp-v4.0-art-dev
- mirrors:
- quay.ocp.agent.lab:8443/ocp4/openshift/release-images
source: quay.io/openshift-release-dev/ocp-release
additionalTrustBundle: |
-----BEGIN CERTIFICATE-----
MIID3DCCAsSgAwIBAgIUdG6akjlcQTfkJLclNULSf/cP4S8wDQYJKoZIhvcNAQEL
BQAwbDELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAlZBMREwDwYDVQQHDAhOZXcgWW9y
azENMAsGA1UECgwEUXVheTERMA8GA1UECwwIRGl2aXNpb24xGzAZBgNVBAMMEnF1
YXkub2NwLmFnZW50LmxhYjAeFw0yNDExMTQwNjQ0MDRaFw0yNzA5MDQwNjQ0MDRa
MGwxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJWQTERMA8GA1UEBwwITmV3IFlvcmsx
DTALBgNVBAoMBFF1YXkxETAPBgNVBAsMCERpdmlzaW9uMRswGQYDVQQDDBJxdWF5
Lm9jcC5hZ2VudC5sYWIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6
wixM7732lt7euPK4w9LBuUYbWy81nhT4dBtQ5HPcx2UhfTbFdhL3mAkvvGQjbtCv
SrKjfEPmLT6XFJ3Nkisof0P4Pb5mrU8pM73doaVyKf0kHlIvc05XJEZpGxwccRK0
8JnxNIRkZsYw3Bl1yqUQesEt9mJZfngFZrrzUrjXOKEDBL6rppFA1Z7RKc5AFxTq
qoU6yJdykWMHDx0ZkgVXYJwCfnr19ztE2w4/OZ009/3eNHq+Z9UhU1f7CuHA8iES
FBTY+G8ycDDmfMUD6vLpyV3LjeGRs8R1b4wlgeva6UOvGfzZ5QJm/570CPUsXj55
pgTfEpw1TOhXJMVTyD/NAgMBAAGjdjB0MAsGA1UdDwQEAwIC5DATBgNVHSUEDDAK
BggrBgEFBQcDATAdBgNVHREEFjAUghJxdWF5Lm9jcC5hZ2VudC5sYWIwEgYDVR0T
AQH/BAgwBgEB/wIBATAdBgNVHQ4EFgQUO2oV66MF4i4OxITJPGocQvcQPVgwDQYJ
KoZIhvcNAQELBQADggEBAF1GUxA8Iw7UqPEbrAaWSC4mUEj82Eldc9Ru5kUS66Vy
nS2G/NNEQxktZ8taJloBu1Q+x0TTrCM+Il5PMtAlvo1DGUpKwoltFerj/pysuN45
9LOYsxlTw3/Xjwd6lDBaELsBqT/tgMeBMf7O7cvbOmglneUUAu0kM0GppYKRVrcJ
Es44N0d3Zgr+clRSlFUNCzW+V/IMCHaJrNwEQ2aVcz3x3VLxQ1EUeBe7wWOZoATS
EH5enbQfjH+vFTQwOC4SIFQYNV32FCV+KuH/Pv7c2szb2b+nCnFMOpHqRp3CBb4W
QVpqO6UsrxrsT6osI4evolj6yyseuHJJduM/56UOgAc=
-----END CERTIFICATE-----
```
## 5.6 修改agent-config.yaml
```yaml
apiVersion: v1alpha1
kind: AgentConfig
metadata:
name: ocp4
rendezvousIP: 172.20.10.103
hosts:
- hostname: master1.ocp.agent.lab
role: master
interfaces:
- name: ens33
macAddress: 00:50:56:b9:b5:c7
networkConfig:
interfaces:
- name: ens33
type: ethernet
state: up
mac-address: 00:50:56:b9:b5:c7
ipv4:
enabled: true
address:
- ip: 172.20.10.103
prefix-length: 24
dhcp: false
dns-resolver:
config:
server:
- 172.20.10.100
routes:
config:
- destination: 0.0.0.0/0
next-hop-address: 172.20.10.10
next-hop-interface: ens33
table-id: 254
- hostname: master2.ocp.agent.lab
role: master
interfaces:
- name: ens33
macAddress: 00:50:56:b9:eb:b1
networkConfig:
interfaces:
- name: ens33
type: ethernet
state: up
mac-address: 00:50:56:b9:eb:b1
ipv4:
enabled: true
address:
- ip: 172.20.10.104
prefix-length: 24
dhcp: false
dns-resolver:
config:
server:
- 172.20.10.100
routes:
config:
- destination: 0.0.0.0/0
next-hop-address: 172.20.10.10
next-hop-interface: ens33
table-id: 254
- hostname: master3.ocp.agent.lab
role: master
interfaces:
- name: ens33
macAddress: 00:50:56:b9:0b:cb
networkConfig:
interfaces:
- name: ens33
type: ethernet
state: up
mac-address: 00:50:56:b9:0b:cb
ipv4:
enabled: true
address:
- ip: 172.20.10.105
prefix-length: 24
dhcp: false
dns-resolver:
config:
server:
- 172.20.10.100
routes:
config:
- destination: 0.0.0.0/0
next-hop-address: 172.20.10.10
next-hop-interface: ens33
table-id: 254
- hostname: worker1.ocp.agent.lab
role: worker
interfaces:
- name: ens33
macAddress: 00:50:56:b9:62:c8
networkConfig:
interfaces:
- name: ens33
type: ethernet
state: up
mac-address: 00:50:56:b9:62:c8
ipv4:
enabled: true
address:
- ip: 172.20.10.106
prefix-length: 24
dhcp: false
dns-resolver:
config:
server:
- 172.20.10.100
routes:
config:
- destination: 0.0.0.0/0
next-hop-address: 172.20.10.10
next-hop-interface: ens33
table-id: 254
- hostname: worker2.ocp.agent.lab
role: worker
interfaces:
- name: ens33
macAddress: 00:50:56:b9:46:aa
networkConfig:
interfaces:
- name: ens33
type: ethernet
state: up
mac-address: 00:50:56:b9:46:aa
ipv4:
enabled: true
address:
- ip: 172.20.10.107
prefix-length: 24
dhcp: false
dns-resolver:
config:
server:
- 172.20.10.100
routes:
config:
- destination: 0.0.0.0/0
next-hop-address: 172.20.10.10
next-hop-interface: ens33
table-id: 254
- hostname: worker3.ocp.agent.lab
role: worker
interfaces:
- name: ens33
macAddress: 00:50:56:b9:39:83
networkConfig:
interfaces:
- name: ens33
type: ethernet
state: up
mac-address: 00:50:56:b9:39:83
ipv4:
enabled: true
address:
- ip: 172.20.10.108
prefix-length: 24
dhcp: false
dns-resolver:
config:
server:
- 172.20.10.100
routes:
config:
- destination: 0.0.0.0/0
next-hop-address: 172.20.10.10
next-hop-interface: ens33
table-id: 254
```
## 5.7 產生ios image檔
```bash
# openshift-install --dir ocp4 agent create image
agent.x86_64.iso
```
將agent.x86_64.iso 檔掛在VMMware的主機上,進行開機
Note: 如果安裝在VMWare上,要確定disk.EnableUUID設為True
https://access.redhat.com/solutions/4606201
https://docs.openshift.com/container-platform/3.11/install_config/configuring_vsphere.html
# 6. 開始安裝OCP
將iso分別掛載在所有的機器上後,進行開機動作,會開始OCP的安裝工作,會觀察到所有的機器全部開完後,進行安裝。
## 6.1 觀察OCP安裝情況
```bash
openshift-install --dir ocp4 agent wait-for bootstrap-complete --log-level=info
```
## 6.2 安裝完成後取得密碼
```bash
cat /root/ocp4/auth/kubeadmin-password
cat /root/ocp4/auth/kubeconfig
oc login -u kubeadmin -p <kubeadmin-password>
oc login --kubeconfig=/root/ocp4/auth/kubeconfig --insecure-skip-tls-verify
```
可以在basion機上設定 hosts檔,指向ingressVIP來取取 console
172.20.10.102 console-openshift-console.apps.ocp.agent.lab oauth-openshift.apps.ocp.agent.lab
# 7. 參考資料
[Installing an on-premise cluster with the Agent-based Installer](https://docs.redhat.com/en/documentation/openshift_container_platform/4.16/html/installing_an_on-premise_cluster_with_the_agent-based_installer/index#toc-wrapper-mobile)
Sign in with Wallet
Connect another wallet