0

尝试使用 3 个主设置、2 个基础设施和 2 个节点进行 openshift 3.11 安装。我没有使用 LB 节点,因为我认为 AWS ELB 会为我解决这个问题。

我当前的问题是在等待控制面板任务时安装将失败。

failed: [ip-10-0-4-29.us-east-2.compute.internal] (item=etcd) => {"attempts": 60, "changed": false, "item": "etcd", "msg": {"cmd": "/usr/bin/oc get pod master-etcd-ip-10-0-4-29.us-east-2.compute.internal -o json -n kube-system"

不同的错误如下所示

我做了以下事情。

因为这只是一个恶魔系统,所以我想走便宜的路线并创建自签名证书。所以我跑了以下

openssl rew -new -key openshift.key -out openshift.csr
openssl req -new -key openshift.key -out openshift.csr
openssl x509 -req -days 1095 -in openshift.csr -signkey openshift.key -out openshift.crt

然后在我的主机文件中,我添加了以下内容

openshift_master_named_certificates=[{"certfile": "/home/ec2-user/certs/openshift.crt", "keyfile": "/home/ec2-user/certs/openshift.key"}]

接下来,我创建了一个 ELB,在端口 8443 上接受 HTTP 流量,并将其定向到 HTTP 8443 到任何主机。当我这样做时,在重新运行导致任务失败的命令时出现以下失败

[root@ip-10-0-4-29 ~]# /usr/bin/oc get pod master-etcd-ip-10-0-4-29.us-east-2.compute.internal -o json -n kube-system
Unable to connect to the server: http: server gave HTTP response to HTTPS client

如果我将 ELB 更改为获取 http 流量并将其定向到 HTTPS 8443,则会出现以下错误

[root@ip-10-0-4-29 ~]# /usr/bin/oc get pod master-etcd-ip-10-0-4-29.us-east-2.compute.internal -o json -n kube-system
The connection to the server os.domain-name.net:8443 was refused - did you specify the right host or port?

如果我尝试更改 ELB 以接受 HTTPS 流量,我需要复制指南以创建 SSL 证书以在 aws 中使用,但即便如此,在 8443 上接受 HTTPS 流量并通过 HTTP 或 HTTPS 将其发送到主节点上的 8443 会导致此错误

 [root@ip-10-0-4-29 ~]# /usr/bin/oc get pod master-etcd-ip-10-0-4-29.us-east-2.compute.internal -o json -n kube-system
 Unable to connect to the server: x509: certificate signed by unknown authority

我还复制了我的主机文件,以防万一我有什么问题。# 创建一个包含 master、nodes、etcd 和 lb 组的 OSEv3 组。# lb 组让 Ansible 将 HAProxy 配置为负载均衡解决方案。# 如果您的负载均衡器已预先配置,请将 lb 注释掉。[OSEv3:children] 主节点 etcd

# Set variables common for all OSEv3 hosts
[OSEv3:vars]
ansible_ssh_user=root
openshift_deployment_type=origin


openshift_cloudprovider_aws_access_key="{{ lookup('env','AWS_ACCESS_KEY_ID') }}"
openshift_cloudprovider_aws_secret_key="{{ lookup('env','AWS_SECRET_ACCESS_KEY') }}"
openshift_clusterid=openshift
openshift_cloudprovider_kind=aws

openshift_hosted_manage_registry=true
openshift_hosted_registry_storage_kind=object
openshift_hosted_registry_storage_provider=s3
openshift_hosted_registry_storage_s3_accesskey="{{ lookup('env','AWS_ACCESS_KEY_ID') }}"
openshift_hosted_registry_storage_s3_secretkey="{{ lookup('env','AWS_SECRET_ACCESS_KEY') }}"
openshift_hosted_registry_storage_s3_bucket=os-test-os-bucket
openshift_hosted_registry_storage_s3_region=us-west-2
openshift_hosted_registry_storage_s3_chunksize=26214400
openshift_hosted_registry_storage_s3_rootdirectory=/registry
openshift_hosted_registry_pullthrough=true
openshift_hosted_registry_acceptschema2=true
openshift_hosted_registry_enforcequota=true
openshift_hosted_registry_replicas=3

#openshift_enable_excluders=false
openshift_disable_check=memory_availability
openshift_additional_repos=[{'id': 'centos-okd-ci', 'name': 'centos-okd-ci', 'baseurl' :'https://rpms.svc.ci.openshift.org/openshift-origin-v3.11', 'gpgcheck' :'0', 'enabled' :'1'}]

openshift_node_groups=[{'name': 'node-config-master', 'labels': ['node-role.kubernetes.io/master=true']}, {'name': 'node-config-infra', 'labels': ['node-role.kubernetes.io/infra=true']}, {'name': 'node-config-compute', 'labels': ['node-role.kubernetes.io/compute=true']}]
openshift_router_selector='node-role.kubernetes.io/infra=true'
openshift_registry_selector='node-role.kubernetes.io/infra=true'
openshift_metrics_install_metrics=true


openshift_master_named_certificates=[{"certfile": "/home/ec2-user/certs/openshift.crt", "keyfile": "/home/ec2-user/certs/openshift.key"}]



# uncomment the following to enable htpasswd authentication; defaults to AllowAllPasswordIdentityProvider
openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', 'challenge': 'true', 'kind': 'HTPasswdPasswordIdentityProvider'}]

# Native high availability cluster method with optional load balancer.
# If no lb group is defined installer assumes that a load balancer has
# been preconfigured. For installation the value of
# openshift_master_cluster_hostname must resolve to the load balancer
# or to one or all of the masters defined in the inventory if no load
# balancer is present.
openshift_master_cluster_method=native
openshift_master_cluster_hostname=os.domain-name.net
openshift_master_cluster_public_hostname=os.domain-name.net

# host group for masters

[masters]
ip-10-0-4-29.us-east-2.compute.internal
ip-10-0-5-54.us-east-2.compute.internal
ip-10-0-6-8.us-east-2.compute.internal

[etcd]
ip-10-0-4-29.us-east-2.compute.internal
ip-10-0-5-54.us-east-2.compute.internal
ip-10-0-6-8.us-east-2.compute.internal


[nodes]

# host group for nodes, includes region info
[nodes]

#master
ip-10-0-4-29.us-east-2.compute.internal  openshift_node_group_name='node-config-master'
ip-10-0-5-54.us-east-2.compute.internal  openshift_node_group_name='node-config-master'
ip-10-0-6-8.us-east-2.compute.internal  openshift_node_group_name='node-config-master'

#infra
ip-10-0-4-28.us-east-2.compute.internal openshift_node_group_name='node-config-infra'
ip-10-0-5-241.us-east-2.compute.internal openshift_node_group_name='node-config-infra'


#node
ip-10-0-4-162.us-east-2.compute.internal openshift_node_group_name='node-config-compute'
ip-10-0-5-146.us-east-2.compute.internal openshift_node_group_name='node-config-compute'

请如果有人可以帮助我克服这个障碍,以便我最终可以尝试使用 Openshift 演示 CI/CD 管道,我将不胜感激

4

1 回答 1

0

我知道这是一个旧链接,但我的 ELB 配置为 HTTPS 时遇到了同样的问题。我将侦听器更改为 TCP,并将端口 443 用于负载均衡器端口和实例端口。对于健康检查,请确保您使用的是 Ping 协议 HTTPS、Ping 端口 443 和“/”的 Ping 路径。这些配置更改允许安装继续进行。

于 2019-02-08T20:52:02.873 回答