forked from utianayuba/kolla-ansible-aio-configs
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathpre-magnum-test.txt
148 lines (127 loc) · 6.48 KB
/
pre-magnum-test.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
#1. Create server key
mkdir certs
openssl genrsa -out certs/registry.stratus.ok.key
#2. Create certificate signing request
openssl req -new -key certs/registry.stratus.ok.key -out certs/registry.stratus.ok.csr -addext "subjectAltName = DNS:registry.stratus.ok"
#3. Sign the CSR using Kolla root CA
openssl x509 -req -extfile <(printf "subjectAltName=DNS:registry.stratus.ok") -days 365 -in certs/registry.stratus.ok.csr -CA /etc/kolla/certificates/private/root/root.crt -CAkey /etc/kolla/certificates/private/root/root.key -CAcreateserial -out certs/registry.stratus.ok.crt
#4. Copy certs directory to /etc/docker
sudo cp -r certs /etc/docker
#5. Run registry container
docker run -d --restart=always --name registry -v /etc/docker/certs:/etc/docker/certs -e REGISTRY_HTTP_ADDR=0.0.0.0:4433 -e REGISTRY_HTTP_TLS_CERTIFICATE=/etc/docker/certs/registry.stratus.ok.crt -e REGISTRY_HTTP_TLS_KEY=/etc/docker/certs/registry.stratus.ok.key --network host registry:2
#6. Copy Kolla root CA to docker client directory
sudo mkdir -p /etc/docker/certs.d/registry.stratus.ok\:4433/
sudo cp /etc/kolla/certificates/private/root/root.crt /etc/docker/certs.d/registry.stratus.ok\:4433/ca.crt
#7. Create container image list file
cat <<EOF > container_images.txt
docker.io/openstackmagnum/heat-container-agent:wallaby-stable-1
docker.io/openstackmagnum/cluster-autoscaler:v1.20.0
docker.io/rancher/hyperkube:v1.20.14-rancher1
docker.io/coredns/coredns:1.6.6
docker.io/k8scloudprovider/k8s-keystone-auth:v1.20.0
docker.io/k8scloudprovider/openstack-cloud-controller-manager:v1.20.2
docker.io/k8scloudprovider/cinder-csi-plugin:v1.20.3
docker.io/k8scloudprovider/magnum-auto-healer:v1.20.5
docker.io/k8scloudprovider/octavia-ingress-controller:v1.20.2
docker.io/grafana/grafana:5.1.5
docker.io/prom/node-exporter:latest
docker.io/prom/prometheus:latest
docker.io/kubernetesui/dashboard:v2.0.0
docker.io/kubernetesui/metrics-scraper:v1.0.4
docker.io/planetlabs/draino:abf028a
docker.io/squareup/ghostunnel:v1.5.2
docker.io/jettech/kube-webhook-certgen:v1.0.0
gcr.io/google_containers/pause:3.1
gcr.io/google_containers/metrics-server-amd64:v0.3.5
gcr.io/google_containers/cluster-proportional-autoscaler-amd64:1.1.2
quay.io/coreos/etcd:v3.4.6
quay.io/coreos/configmap-reload:v0.0.1
quay.io/coreos/prometheus-operator:v0.37.0
quay.io/coreos/prometheus-config-reloader:v0.37.0
quay.io/calico/cni:v3.13.1
quay.io/calico/pod2daemon-flexvol:v3.13.1
quay.io/calico/kube-controllers:v3.13.1
quay.io/calico/node:v3.13.1
quay.io/prometheus/prometheus:v2.15.2
quay.io/prometheus/alertmanager:v0.20.0
k8s.gcr.io/sig-storage/csi-attacher:v2.2.1
k8s.gcr.io/sig-storage/csi-provisioner:v1.6.1
k8s.gcr.io/sig-storage/csi-resizer:v0.5.1
k8s.gcr.io/sig-storage/csi-snapshotter:v2.1.3
k8s.gcr.io/sig-storage/csi-node-driver-registrar:v1.3.0
k8s.gcr.io/sig-storage/livenessprobe:v2.1.0
EOF
#8. Pull images and push images to registry
screen -r 0
while read U; do docker pull $U; done < container_images.txt
while read U; do V=`echo $U | cut -f3 -d/`; docker tag $U registry.stratus.ok:4433/$V; done < container_images.txt
while read U; do V=`echo $U | cut -f3 -d/`; docker push registry.stratus.ok:4433/$V; done < container_images.txt
docker pull docker.io/traefik:v1.7.28
docker tag docker.io/traefik:v1.7.28 registry.stratus.ok:4433/traefik:v1.7.28
docker push registry.stratus.ok:4433/traefik:v1.7.28
docker pull k8s.gcr.io/node-problem-detector:v0.6.2
docker tag k8s.gcr.io/node-problem-detector:v0.6.2 registry.stratus.ok:4433/node-problem-detector:v0.6.2
docker push registry.stratus.ok:4433/node-problem-detector:v0.6.2
#Ctrl+A,D
#9. Create zone and recordset
source karno-openrc.sh
openstack zone create --email [email protected] stratus.ok.
openstack zone list
openstack recordset create --record '10.10.10.10' --type A stratus.ok. osext
openstack recordset create --record '10.11.11.10' --type A stratus.ok. osint
openstack recordset create --record '10.11.11.11' --type A stratus.ok. registry
openstack recordset list stratus.ok.
dig @10.11.11.11 osext.stratus.ok
dig @10.11.11.11 osint.stratus.ok
dig @10.11.11.11 registry.stratus.ok
#10. Modify Kubernetes master and minion configuration scripts
sudo cp `sudo find /var -name configure-kubernetes-master.sh | grep /var/lib/kolla | head -1` .
sudo chown karno:karno configure-kubernetes-master.sh
sudo cp `sudo find /var -name configure-kubernetes-minion.sh | grep /var/lib/kolla | head -1` .
sudo chown karno:karno configure-kubernetes-minion.sh
# https://review.opendev.org/c/openstack/magnum/+/800428
vim configure-kubernetes-master.sh
...
#delete line at kubelet and kube-proxy sections
:ro \\
--volume /sys/fs/cgroup/systemd:/sys/fs/cgroup/systemd \\
...
vim configure-kubernetes-minion.sh
...
#delete line at kubelet and kube-proxy sections
:ro \\
--volume /sys/fs/cgroup/systemd:/sys/fs/cgroup/systemd \\
...
for U in `sudo find /var -name configure-kubernetes-master.sh | grep /var/lib/kolla`; do sudo cp -v configure-kubernetes-master.sh $U; done
for U in `sudo find /var -name configure-kubernetes-minion.sh | grep /var/lib/kolla`; do sudo cp -v configure-kubernetes-minion.sh $U; done
#11. Modify Amphora provider on Octavia Ingress enable script
sudo cp `sudo find /var -name enable-ingress-octavia.sh | grep /var/lib/kolla | head -1` .
sudo chown karno:karno enable-ingress-octavia.sh
# https://github.com/kubernetes/cloud-provider-openstack/pull/614
# https://github.com/kubernetes/cloud-provider-openstack/issues/1250
vim enable-ingress-octavia.sh
...
data:
config: |
cluster-name: ${CLUSTER_UUID}
openstack:
auth-url: ${AUTH_URL}
domain-name: Default
username: ${USERNAME}
password: ${PASSWORD}
project-id: ${PROJECT_ID}
region: ${REGION_NAME}
ca-file: /etc/kubernetes/ca-bundle.crt
octavia:
subnet-id: ${CLUSTER_SUBNET}
floating-network-id: ${EXTERNAL_NETWORK_ID}
provider: amphora
...
for U in `sudo find /var -name enable-ingress-octavia.sh | grep /var/lib/kolla`; do sudo cp -v enable-ingress-octavia.sh $U; done
#12. Create cinderv2 service and endpoints
source admin-openrc.sh
openstack service create --name cinderv2 volumev2
openstack endpoint create --region RegionOne volumev2 admin https://osint.stratus.ok:8776/v2/%\(tenant_id\)s
openstack endpoint create --region RegionOne volumev2 internal https://osint.stratus.ok:8776/v2/%\(tenant_id\)s
openstack endpoint create --region RegionOne volumev2 public https://osext.stratus.ok:8776/v2/%\(tenant_id\)s
openstack endpoint list --service cinderv2