Rancher离线一键化安装部署脚本

版本选择
CentOs 7.4
Rancher 2.3.3
Docker 17.09
Harbor 1.9.2
Kubectl v1.17.3
Kubernetes v1.16.3 (rke自带)
基本思想
配置证书、免密>>安装代理nginx>>安装Harbor>>安装docker>>rke安装Rancher>>安装kubectl
注:新版本采用helm方式安装,原理基本相通,需要改进部分脚本
以下为主安装脚本install.sh

#!/bin/bash #脚本根目录 base_dir=$(cd "$(dirname "$0")"; pwd) #本地IP net_int=$(ls /etc/sysconfig/network-scripts/ | grep ifcfg- | grep -v ifcfg-lo | awk -F '-' '{print $2}') local_ip=$(ifconfig ${net_int}|grep inet|grep -v 127.0.0.1|grep -v inet6 | awk '{print $2}' | tr -d "addr:")#本地生成ssh私钥/密钥 echo y | ssh-keygen -t rsa -P '' -f /root/.ssh/id_rsa#从配置文件中获得IP function get_ip() { str=$1 check_comma=$(echo $str | grep "\,") check_brackets=$(echo $str | grep "\[") #不支持既包含连续又包含非连续的地址段 if [[ "$check_brackets" != "" && "$check_comma" != ""]]; then echo "please wait....!" exit 1 elif [[ "$check_brackets" != "" ]]; then prefix=${str%[*}; temp=${str#*[} first=${temp%-*}; temp=${temp%]*} last=${temp#*-} index=0 for (( i=$first; i<=$last; i++ )) do IPS[$index]=${prefix}${i} let index++ done elif [[ "$check_comma" != "" ]]; then LD_IFS="$IFS"; IFS="," IPS=($str) IFS="$OLD_IFS" else IPS[0]=$str fi echo ${IPS[*]} }#生成证书 function create_cert() { # yum remove openssl -y yum localinstall ./rpm/openssl/*.rpm -y yum localinstall ./rpm/expect/*.rpm -y cd ${base_dir}/certopenssl genrsa -out ${base_dir}/cert/server.key 1024 /bin/expect $base_dir/cert/https.sh openssl x509 -req-days 365 -sha256 -extfile ${base_dir}/cert/openssl.cnf -extensions v3_req-in ${base_dir}/cert/server.csr -signkey ${base_dir}/cert/server.key -out ${base_dir}/cert/server.crt openssl x509 -req -in server.csr -out server.crt -signkey server.key -days 3650 cd $base_dir echo "create cert susscess!" }#配置ansible function ansible_hosts() { #master节点 temp_dest="" temp_cluster="" for master in ${MASTERS[*]} do if [[ "${local_ip}" == "${master}" ]]; then temp_dest="${local_ip} ansible_ssh_user=\"root\" ansible_ssh_pass=\"${password}\" \n" temp_cluster="${local_ip} ansible_ssh_user=\"rancher\" ansible_ssh_pass=\"${password}\" \n" else dest_ip=${dest_ip}"${master} ansible_ssh_user=\"root\" ansible_ssh_pass=\"${password}\" \n" cluster_ip=${cluster_ip}"${master} ansible_ssh_user=\"rancher\" ansible_ssh_pass=\"${password}\" \n" fi donefor worker in ${WORKERS[*]} do if [[ "${local_ip}" == "${worker}" ]]; then temp_dest="${local_ip} ansible_ssh_user=\"root\" ansible_ssh_pass=\"${password}\" \n" temp_cluster="${local_ip} ansible_ssh_user=\"rancher\" ansible_ssh_pass=\"${password}\" \n" else dest_ip=${dest_ip}"${worker} ansible_ssh_user=\"root\" ansible_ssh_pass=\"${password}\" \n" cluster_ip=${cluster_ip}"${worker} ansible_ssh_user=\"rancher\" ansible_ssh_pass=\"${password}\" \n" fi done sed -i "s//${dest_ip}/g" ${base_dir}/conf/ansible_hosts sed -i "s//${dest_ip}${temp_dest}/g" ${base_dir}/conf/ansible_hosts sed -i "s//${cluster_ip}${temp_cluster}/g" ${base_dir}/conf/ansible_hosts }#安装ansible function exec_ansible_config_cluster() { yum localinstall ./rpm/ansible/*.rpm -y #ansible_home=/etc/ansible #配置hosts ansible_hosts /bin/cp $base_dir/conf/ansible_hosts${ansible_home}/hosts #配置初次ssh不进行校验 sed -i "s/#host_key_checking = False/host_key_checking = False/g" ${ansible_home}/ansible.cfg #执行安装 ansible-playbook -i $ansible_home/hosts ${base_dir}/conf/playbook-config.yml --extra-vars="basedir=${base_dir}" }#安装rke function init_cluster() { /bin/cp $base_dir/rke /usr/local/bin/ chmod +x /usr/local/bin/rke #安装集群 chmod 775 $base_dir/cert/server.crt crt=$(cat $base_dir/cert/server.crt | base64 -w0) sed -i "s//${crt}/g" $base_dir/conf/rancher-cluster.yml#master节点 for master in ${MASTERS[*]} do temp=${temp}"- address: ${master}\nuser: rancher\nrole: [controlplane,etcd,worker]\nssh_key_path: \/root\/.ssh\/id_rsa\n" done #worker节点 #WORKERS=(192.168.1.4 192.168.1.5) for worker in ${WORKERS[*]} do temp=${temp}"- address: ${worker}\nuser: rancher\nrole: [worker]\nssh_key_path: \/root\/.ssh\/id_rsa\n" done sed -i "s//${temp%\\*}/g" $base_dir/conf/rancher-cluster.ymlrke up --config $base_dir/conf/rancher-cluster.yml temp=$? if [ $temp=0 ]; then echo "rke Install successed!" else echo "rke Install failed!" exit 1 fi }#安装nginx并配置 function install_nginx() { yum localinstall ./rpm/nginx/*.rpm -y #配置nginx for master in ${MASTERS[*]} do upstream_ip=${upstream_ip}"server ${master}:80; \n" donesed -i "s//${upstream_ip}/g" ${base_dir}/conf/rancher-nginx.conf /bin/cp ${base_dir}/conf/rancher-nginx.conf /etc/nginx/conf.d/systemctl restart nginx nginx -s reload }function set_domain() { domain=`sed '/^domain=/!d; s/.*=//' ${base_dir}/conf/config` echo "set the domain: ${domain}"#替换域名 sed -i "s//${domain}/g" ${base_dir}/conf/rancher-cluster.yml sed -i "s//${domain}/g" ${base_dir}/conf/rancher-nginx.conf sed -i "s//${domain}/g" ${base_dir}/cert/* #修改替换HarborIP sed -i "s/HARBOR_IP/${harbor_ip}/g" ./set_conf.sh sed -i "s/HARBOR_IP/${harbor_ip}/g" ./set_harbor.sh sed -i "s/HARBOR_IP/${harbor_ip}/g" ./conf/rancher-cluster.yml #修改替换密码 sed -i "s/PASSWORD/${password}/g" ./set_conf.sh sed -i "s/PASSWORD/${password}/g" ./set_harbor.sh #配置hosts DNS echo "${local_ip}${domain}" >> ${base_dir}/conf/hosts }#再次安装还原信息 function restore_conf() { /bin/cp ${base_dir}/conf/ansible_hosts.bak ${base_dir}/conf/ansible_hosts /bin/cp ${base_dir}/conf/rancher-cluster.yml.bak ${base_dir}/conf/rancher-cluster.yml /bin/cp ${base_dir}/conf/rancher-nginx.conf.bak ${base_dir}/conf/rancher-nginx.conf /bin/cp ${base_dir}/conf/hosts.bak ${base_dir}/conf/hosts /bin/cp ${base_dir}/cert/openssl.cnf.bak ${base_dir}/cert/openssl.cnf /bin/cp ${base_dir}/conf/set_conf.sh.bak ${base_dir}/set_conf.sh /bin/cp ${base_dir}/conf/set_harbor.sh.bak ${base_dir}/set_harbor.sh }#安装kubectl function install_kubectl() { #执行安装kubectl ansible-playbook -i ${ansible_home}/hosts ${base_dir}/conf/playbook-kubectl.yml#配置cattle-agentDNS #kubectl -n cattle-system patchdaemonsets cattle-node-agent --patch '{"spec": {"template": {"spec": {"hostAliases": [{"hostnames":["${domain}"],"ip": "${local_ip}"}]}}}}' #kubectl -n cattle-system patchdeployments cattle-cluster-agent --patch '{"spec": {"template": {"spec": {"hostAliases": [{"hostnames":["${domain}"],"ip": "${local_ip}"}]}}}}' }function install_harbor(){ #配置免密 /usr/bin/expect <<-EOF set timeout 20 spawn ssh-copy-id -oStrictHostKeyChecking=no -i /root/.ssh/id_rsa.pub root@${harbor_ip} expect { "*password:" { send "${password}\r" } } expect eof EOF #节点安装harbor scp -r${base_dir}/harbor-offline-installer-v1.9.2.tgz ${base_dir}/rancher-images.tar ${base_dir}/docker-compose ${base_dir}/rpm/docker ${base_dir}/rancher-images.txt${base_dir}/set_harbor.sh${harbor_ip}:/opt ssh root@"${harbor_ip}" "cd /opt; ./set_harbor.sh; " }#从配置文件中获得IP master_temp=`sed '/^master=/!d; s/.*=//' ${base_dir}/conf/config` MASTERS=`get_ip $master_temp` worker_temp=`sed '/^work=/!d; s/.*=//' ${base_dir}/conf/config` WORKERS=`get_ip $worker_temp` harbor_ip=`sed '/^harbor_ip=/!d; s/.*=//' ${base_dir}/conf/config` password=`sed '/^password=/!d; s/.*=//' ${base_dir}/conf/config` ansible_home=/etc/ansible #close firewalld systemctl stop firewalld systemctl disable firewalld#还原信息 restore_conf #替换域名 set_domain #生成证书 create_cert #安装并配置nginx install_nginx #安装docker环境及harbor仓库 install_harbor #通过ansible配置基础环境 exec_ansible_config_cluster #初始化集群 init_cluster #安装并配置kubectl install_kubectl

如下是安装harbor仓库脚本
#!/bin/bash#关闭防火墙 systemctl stop firewalld systemctl disable firewalld#关闭selinux setenforce 0 sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config#开启服务器转发 modprobe br_netfilter echo "net.ipv4.ip_forward = 1 net.bridge.bridge-nf-call-ip6tables = 1 net.bridge.bridge-nf-call-iptables = 1" >> /etc/sysctl.conf sysctl -p#关闭swap swapoff -a sed -i '/swap/s/^/#/g' /etc/fstab#开启cgroups sed -i '/GRUB_CMDLINE_LINUX/d' /etc/default/grub echo 'GRUB_CMDLINE_LINUX_DEFAULT="cgroup_enable=memory swapaccount=1" GRUB_CMDLINE_LINUX="cgroup_enable=memory swapaccount=1"' >> /etc/default/grub#安装docker functioninstall_docker(){ #yum remove libcgroup -y yum localinstall /opt/docker/*.rpm -y cp /opt/docker-compose /usr/local/bin/docker-compose chmod +x /usr/local/bin/docker-compose systemctl start docker } #安装Harbor functioninstall_harbor(){ tar -zxvf /opt/harbor-offline-installer-v1.9.2.tgz sed -i"s/reg.mydomain.com/HARBOR_IP/g" /opt/harbor/harbor.yml ./harbor/install.sh } #配置仓库 functionconfig_harbor_login(){ cat > /etc/docker/daemon.json <> /dev/null usermod -G docker rancherinstall_docker install_harbor config_harbor_login check_harbor docker_login

安装docker脚本
#!/bin/bashnet_int=$(ls /etc/sysconfig/network-scripts/ | grep ifcfg- | grep -v ifcfg-lo | awk -F '-' '{print $2}') local_ip=$(ifconfig ${net_int}|grep inet|grep -v 127.0.0.1|grep -v inet6 | awk '{print $2}' | tr -d "addr:")#设置主机名 hostnamectl set-hostname "rancher${local_ip##*.}.inspur.com"#关闭防火墙 systemctl stop firewalld systemctl disable firewalld#关闭selinux setenforce 0 sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config#开启服务器转发 modprobe br_netfilter echo "net.ipv4.ip_forward = 1 net.bridge.bridge-nf-call-ip6tables = 1 net.bridge.bridge-nf-call-iptables = 1" >> /etc/sysctl.conf sysctl -p#关闭swap swapoff -a sed -i '/swap/s/^/#/g' /etc/fstab#开启cgroups sed -i '/GRUB_CMDLINE_LINUX/d' /etc/default/grub echo 'GRUB_CMDLINE_LINUX_DEFAULT="cgroup_enable=memory swapaccount=1" GRUB_CMDLINE_LINUX="cgroup_enable=memory swapaccount=1"' >> /etc/default/grub#安装docker #yum remove libcgroup -y yum localinstall /opt/rpm/docker/*.rpm -y systemctl start docker #安装helm cp /opt/helm /usr/local/bin/ chmod +x /usr/local/bin/helm #配置仓库 cat > /etc/docker/daemon.json <> /dev/null usermod -G docker rancher

安装包可以通过这里下载https://download.csdn.net/download/tamako0v0/12668118
【Rancher离线一键化安装部署脚本】由于安装包镜像太大,不方便传输,故将所需镜像写入rancher-images.txt文件,可以通过docker pull 直接拉取

    推荐阅读