版本选择
CentOs 7.4
Rancher 2.3.3
Docker 17.09
Harbor 1.9.2
Kubectl v1.17.3
Kubernetes v1.16.3 (rke自带)
基本思想
配置证书、免密>>安装代理nginx>>安装Harbor>>安装docker>>rke安装Rancher>>安装kubectl
注:新版本采用helm方式安装,原理基本相通,需要改进部分脚本
以下为主安装脚本install.sh
#!/bin/bash
#脚本根目录
base_dir=$(cd "$(dirname "$0")";
pwd)
#本地IP
net_int=$(ls /etc/sysconfig/network-scripts/ | grep ifcfg- | grep -v ifcfg-lo | awk -F '-' '{print $2}')
local_ip=$(ifconfig ${net_int}|grep inet|grep -v 127.0.0.1|grep -v inet6 | awk '{print $2}' | tr -d "addr:")#本地生成ssh私钥/密钥
echo y | ssh-keygen -t rsa -P '' -f /root/.ssh/id_rsa#从配置文件中获得IP
function get_ip()
{
str=$1
check_comma=$(echo $str | grep "\,")
check_brackets=$(echo $str | grep "\[")
#不支持既包含连续又包含非连续的地址段
if [[ "$check_brackets" != "" && "$check_comma" != ""]];
then
echo "please wait....!"
exit 1
elif [[ "$check_brackets" != "" ]];
then
prefix=${str%[*};
temp=${str#*[}
first=${temp%-*};
temp=${temp%]*}
last=${temp#*-}
index=0
for (( i=$first;
i<=$last;
i++ ))
do
IPS[$index]=${prefix}${i}
let index++
done
elif [[ "$check_comma" != "" ]];
then
LD_IFS="$IFS";
IFS=","
IPS=($str)
IFS="$OLD_IFS"
else
IPS[0]=$str
fi
echo ${IPS[*]}
}#生成证书
function create_cert()
{
# yum remove openssl -y
yum localinstall ./rpm/openssl/*.rpm -y
yum localinstall ./rpm/expect/*.rpm -y
cd ${base_dir}/certopenssl genrsa -out ${base_dir}/cert/server.key 1024
/bin/expect $base_dir/cert/https.sh
openssl x509 -req-days 365 -sha256 -extfile ${base_dir}/cert/openssl.cnf -extensions v3_req-in ${base_dir}/cert/server.csr -signkey ${base_dir}/cert/server.key -out ${base_dir}/cert/server.crt
openssl x509 -req -in server.csr -out server.crt -signkey server.key -days 3650
cd $base_dir
echo "create cert susscess!"
}#配置ansible
function ansible_hosts()
{
#master节点
temp_dest=""
temp_cluster=""
for master in ${MASTERS[*]}
do
if [[ "${local_ip}" == "${master}" ]];
then
temp_dest="${local_ip} ansible_ssh_user=\"root\" ansible_ssh_pass=\"${password}\" \n"
temp_cluster="${local_ip} ansible_ssh_user=\"rancher\" ansible_ssh_pass=\"${password}\" \n"
else
dest_ip=${dest_ip}"${master} ansible_ssh_user=\"root\" ansible_ssh_pass=\"${password}\" \n"
cluster_ip=${cluster_ip}"${master} ansible_ssh_user=\"rancher\" ansible_ssh_pass=\"${password}\" \n"
fi
donefor worker in ${WORKERS[*]}
do
if [[ "${local_ip}" == "${worker}" ]];
then
temp_dest="${local_ip} ansible_ssh_user=\"root\" ansible_ssh_pass=\"${password}\" \n"
temp_cluster="${local_ip} ansible_ssh_user=\"rancher\" ansible_ssh_pass=\"${password}\" \n"
else
dest_ip=${dest_ip}"${worker} ansible_ssh_user=\"root\" ansible_ssh_pass=\"${password}\" \n"
cluster_ip=${cluster_ip}"${worker} ansible_ssh_user=\"rancher\" ansible_ssh_pass=\"${password}\" \n"
fi
done
sed -i "s//${dest_ip}/g" ${base_dir}/conf/ansible_hosts
sed -i "s//${dest_ip}${temp_dest}/g" ${base_dir}/conf/ansible_hosts
sed -i "s//${cluster_ip}${temp_cluster}/g" ${base_dir}/conf/ansible_hosts
}#安装ansible
function exec_ansible_config_cluster()
{
yum localinstall ./rpm/ansible/*.rpm -y
#ansible_home=/etc/ansible
#配置hosts
ansible_hosts
/bin/cp $base_dir/conf/ansible_hosts${ansible_home}/hosts
#配置初次ssh不进行校验
sed -i "s/#host_key_checking = False/host_key_checking = False/g" ${ansible_home}/ansible.cfg
#执行安装
ansible-playbook -i $ansible_home/hosts ${base_dir}/conf/playbook-config.yml --extra-vars="basedir=${base_dir}"
}#安装rke
function init_cluster()
{
/bin/cp $base_dir/rke /usr/local/bin/
chmod +x /usr/local/bin/rke
#安装集群
chmod 775 $base_dir/cert/server.crt
crt=$(cat $base_dir/cert/server.crt | base64 -w0)
sed -i "s//${crt}/g" $base_dir/conf/rancher-cluster.yml#master节点
for master in ${MASTERS[*]}
do
temp=${temp}"- address: ${master}\nuser: rancher\nrole: [controlplane,etcd,worker]\nssh_key_path: \/root\/.ssh\/id_rsa\n"
done
#worker节点
#WORKERS=(192.168.1.4 192.168.1.5)
for worker in ${WORKERS[*]}
do
temp=${temp}"- address: ${worker}\nuser: rancher\nrole: [worker]\nssh_key_path: \/root\/.ssh\/id_rsa\n"
done
sed -i "s//${temp%\\*}/g" $base_dir/conf/rancher-cluster.ymlrke up --config $base_dir/conf/rancher-cluster.yml
temp=$?
if [ $temp=0 ];
then
echo "rke Install successed!"
else
echo "rke Install failed!"
exit 1
fi
}#安装nginx并配置
function install_nginx()
{
yum localinstall ./rpm/nginx/*.rpm -y
#配置nginx
for master in ${MASTERS[*]}
do
upstream_ip=${upstream_ip}"server ${master}:80;
\n"
donesed -i "s//${upstream_ip}/g" ${base_dir}/conf/rancher-nginx.conf
/bin/cp ${base_dir}/conf/rancher-nginx.conf /etc/nginx/conf.d/systemctl restart nginx
nginx -s reload
}function set_domain()
{
domain=`sed '/^domain=/!d;
s/.*=//' ${base_dir}/conf/config`
echo "set the domain: ${domain}"#替换域名
sed -i "s//${domain}/g" ${base_dir}/conf/rancher-cluster.yml
sed -i "s//${domain}/g" ${base_dir}/conf/rancher-nginx.conf
sed -i "s//${domain}/g" ${base_dir}/cert/*
#修改替换HarborIP
sed -i "s/HARBOR_IP/${harbor_ip}/g" ./set_conf.sh
sed -i "s/HARBOR_IP/${harbor_ip}/g" ./set_harbor.sh
sed -i "s/HARBOR_IP/${harbor_ip}/g" ./conf/rancher-cluster.yml
#修改替换密码
sed -i "s/PASSWORD/${password}/g" ./set_conf.sh
sed -i "s/PASSWORD/${password}/g" ./set_harbor.sh
#配置hosts DNS
echo "${local_ip}${domain}" >> ${base_dir}/conf/hosts
}#再次安装还原信息
function restore_conf()
{
/bin/cp ${base_dir}/conf/ansible_hosts.bak ${base_dir}/conf/ansible_hosts
/bin/cp ${base_dir}/conf/rancher-cluster.yml.bak ${base_dir}/conf/rancher-cluster.yml
/bin/cp ${base_dir}/conf/rancher-nginx.conf.bak ${base_dir}/conf/rancher-nginx.conf
/bin/cp ${base_dir}/conf/hosts.bak ${base_dir}/conf/hosts
/bin/cp ${base_dir}/cert/openssl.cnf.bak ${base_dir}/cert/openssl.cnf
/bin/cp ${base_dir}/conf/set_conf.sh.bak ${base_dir}/set_conf.sh
/bin/cp ${base_dir}/conf/set_harbor.sh.bak ${base_dir}/set_harbor.sh
}#安装kubectl
function install_kubectl()
{
#执行安装kubectl
ansible-playbook -i ${ansible_home}/hosts ${base_dir}/conf/playbook-kubectl.yml#配置cattle-agentDNS
#kubectl -n cattle-system patchdaemonsets cattle-node-agent --patch '{"spec": {"template": {"spec": {"hostAliases": [{"hostnames":["${domain}"],"ip": "${local_ip}"}]}}}}'
#kubectl -n cattle-system patchdeployments cattle-cluster-agent --patch '{"spec": {"template": {"spec": {"hostAliases": [{"hostnames":["${domain}"],"ip": "${local_ip}"}]}}}}'
}function install_harbor(){
#配置免密
/usr/bin/expect <<-EOF
set timeout 20
spawn ssh-copy-id -oStrictHostKeyChecking=no -i /root/.ssh/id_rsa.pub root@${harbor_ip}
expect {
"*password:" { send "${password}\r" }
}
expect eof
EOF
#节点安装harbor
scp -r${base_dir}/harbor-offline-installer-v1.9.2.tgz ${base_dir}/rancher-images.tar ${base_dir}/docker-compose ${base_dir}/rpm/docker ${base_dir}/rancher-images.txt${base_dir}/set_harbor.sh${harbor_ip}:/opt
ssh root@"${harbor_ip}" "cd /opt;
./set_harbor.sh;
"
}#从配置文件中获得IP
master_temp=`sed '/^master=/!d;
s/.*=//' ${base_dir}/conf/config`
MASTERS=`get_ip $master_temp`
worker_temp=`sed '/^work=/!d;
s/.*=//' ${base_dir}/conf/config`
WORKERS=`get_ip $worker_temp`
harbor_ip=`sed '/^harbor_ip=/!d;
s/.*=//' ${base_dir}/conf/config`
password=`sed '/^password=/!d;
s/.*=//' ${base_dir}/conf/config`
ansible_home=/etc/ansible
#close firewalld
systemctl stop firewalld
systemctl disable firewalld#还原信息
restore_conf
#替换域名
set_domain
#生成证书
create_cert
#安装并配置nginx
install_nginx
#安装docker环境及harbor仓库
install_harbor
#通过ansible配置基础环境
exec_ansible_config_cluster
#初始化集群
init_cluster
#安装并配置kubectl
install_kubectl
如下是安装harbor仓库脚本
#!/bin/bash#关闭防火墙
systemctl stop firewalld
systemctl disable firewalld#关闭selinux
setenforce 0
sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config#开启服务器转发
modprobe br_netfilter
echo "net.ipv4.ip_forward = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1" >> /etc/sysctl.conf
sysctl -p#关闭swap
swapoff -a
sed -i '/swap/s/^/#/g' /etc/fstab#开启cgroups
sed -i '/GRUB_CMDLINE_LINUX/d' /etc/default/grub
echo 'GRUB_CMDLINE_LINUX_DEFAULT="cgroup_enable=memory swapaccount=1"
GRUB_CMDLINE_LINUX="cgroup_enable=memory swapaccount=1"' >> /etc/default/grub#安装docker
functioninstall_docker(){
#yum remove libcgroup -y
yum localinstall /opt/docker/*.rpm -y
cp /opt/docker-compose /usr/local/bin/docker-compose
chmod +x /usr/local/bin/docker-compose
systemctl start docker
}
#安装Harbor
functioninstall_harbor(){
tar -zxvf /opt/harbor-offline-installer-v1.9.2.tgz
sed -i"s/reg.mydomain.com/HARBOR_IP/g" /opt/harbor/harbor.yml
./harbor/install.sh
}
#配置仓库
functionconfig_harbor_login(){
cat > /etc/docker/daemon.json <> /dev/null
usermod -G docker rancherinstall_docker
install_harbor
config_harbor_login
check_harbor
docker_login
安装docker脚本
#!/bin/bashnet_int=$(ls /etc/sysconfig/network-scripts/ | grep ifcfg- | grep -v ifcfg-lo | awk -F '-' '{print $2}')
local_ip=$(ifconfig ${net_int}|grep inet|grep -v 127.0.0.1|grep -v inet6 | awk '{print $2}' | tr -d "addr:")#设置主机名
hostnamectl set-hostname "rancher${local_ip##*.}.inspur.com"#关闭防火墙
systemctl stop firewalld
systemctl disable firewalld#关闭selinux
setenforce 0
sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config#开启服务器转发
modprobe br_netfilter
echo "net.ipv4.ip_forward = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1" >> /etc/sysctl.conf
sysctl -p#关闭swap
swapoff -a
sed -i '/swap/s/^/#/g' /etc/fstab#开启cgroups
sed -i '/GRUB_CMDLINE_LINUX/d' /etc/default/grub
echo 'GRUB_CMDLINE_LINUX_DEFAULT="cgroup_enable=memory swapaccount=1"
GRUB_CMDLINE_LINUX="cgroup_enable=memory swapaccount=1"' >> /etc/default/grub#安装docker
#yum remove libcgroup -y
yum localinstall /opt/rpm/docker/*.rpm -y
systemctl start docker
#安装helm
cp /opt/helm /usr/local/bin/
chmod +x /usr/local/bin/helm
#配置仓库
cat > /etc/docker/daemon.json <> /dev/null
usermod -G docker rancher
安装包可以通过这里下载https://download.csdn.net/download/tamako0v0/12668118
【Rancher离线一键化安装部署脚本】由于安装包镜像太大,不方便传输,故将所需镜像写入rancher-images.txt文件,可以通过docker pull 直接拉取