title: “Delete the Router”
date: 2020-02-11T10:45:22
slug: delete-the-router
oc delete all -l router=router
Category Archives: openshift
1. openshift preparement
title: “1. openshift preparement”
date: 2020-02-04T15:58:26
slug: 2-openshift-preparement
Instructions from here:
https://docs.openshift.com/container-platform/3.11/install/host_preparation.html
Copy ssh public key to each Node
ssh-keygen -b 2048
cat /root/.ssh/id\_rsa.pub >> /root/.ssh/authorized\_keys
set selinux to enforcing
sed "s/permissive/enforcing/g" -i /etc/selinux/config
reboot
Registering hosts
subscription-manager register --username=tomskiffb --password=v3NtPkdo7nfijV7SoZhf
subscription-manager refresh
subscription-manager list --available --matches '\*OpenShift\*'
subscription-manager attach --pool=<pool\_id>
subscription-manager repos --disable="\*"
yum repolist
yum-config-manager --disable \\*
subscription-manager repos \
--enable="rhel-7-server-rpms" \
--enable="rhel-7-server-extras-rpms" \
--enable="rhel-7-server-ose-3.11-rpms" \
--enable="rhel-7-server-ansible-2.8-rpms"
yum install -y wget git net-tools bind-utils yum-utils iptables-services bridge-utils bash-completion kexec-tools sos psacct openshift-ansible docker-1.13.1
yum -y update
reboot
Install Docker Storage (attach second hard disc here: /dev/vdb)
cat <<EOF > /etc/sysconfig/docker-storage-setup
DEVS=/dev/vdb
VG=docker-vg
EOF
docker-storage-setup
cat /etc/sysconfig/docker-storage
DOCKER\_STORAGE\_OPTIONS="--storage-driver devicemapper --storage-opt dm.fs=xfs --storage-opt dm.thinpooldev=/dev/mapper/rhel-docker--pool --storage-opt dm.use\_deferred\_removal=true --storage-opt dm.use\_deferred\_deletion=true "
lvs
LV VG Attr LSize Pool Origin Data% Meta% Move Log Cpy%Sync Convert
docker-pool rhel twi-a-t--- 9.29g 0.00 0.12
systemctl start docker
systemctl enable docker
systemctl is-active docker
cat <<EOF > /etc/ansible/hosts
[OSEv3:children]
masters
nodes
etcd
# Set variables common for all OSEv3 hosts
[OSEv3:vars]
oreg\_auth\_user=tomskiffb
oreg\_auth\_password=v3NtPkdo7nfijV7SoZhf
openshift\_web\_console\_install=true
osm\_use\_cockpit=true
# SSH user, this user should allow ssh based auth without requiring a password
ansible\_ssh\_user=root
# If ansible\_ssh\_user is not root, ansible\_become must be set to true
#ansible\_become=true
openshift\_deployment\_type=openshift-enterprise
deployment\_subtype=registry
openshift\_hosted\_infra\_selector=""
# uncomment the following to enable htpasswd authentication; defaults to DenyAllPasswordIdentityProvider
#openshift\_master\_identity\_providers=[{'name': 'htpasswd\_auth', 'login': 'true', 'challenge': 'true', 'kind': 'HTPasswdPasswordIdentityProvider'}]
# host group for masters
[masters]
registry.os.asanger.eu
# host group for etcd
[etcd]
registry.os.asanger.eu
# host group for nodes, includes region info
[nodes]
registry.os.asanger.eu openshift\_node\_group\_name='node-config-all-in-one'
EOF
Configure static DNS and Search Domain and disable automatic DNS configure
nmtui
Remove automatically hostname and hosts configuration by removing the lines:
- update_hostname
- update_etc_hosts
vi /etc/cloud/cloud.cfg
Set Hostname:
echo "registry.os.asanger.eu" > /etc/hostname
Update /etc/hosts
echo "127.0.0.1 localhost" > /etc/hosts
echo "::1 localhost" >> /etc/hosts
reboot
cd /usr/share/ansible/openshift-ansible
ansible-playbook playbooks/prerequisites.yml
ansible-playbook playbooks/deploy\_cluster.yml
2. DNS
title: “2. DNS”
date: 2020-02-04T15:43:54
slug: 1-dns
Adopt to external ip address in /etc/named.conf, /etc/named/zones/registry.os.asanger.eu, /etc/named/zones/1.168.192.in-addr.arpa
yum install -y bind bind-utils
systemctl enable named
firewall-cmd --zone=public --add-port=53/udp --permanent
firewall-cmd --zone=public --add-port=53/tcp --permanent
firewall-cmd --reload
cat <<EOF > /etc/named.conf
options {
listen-on port 53 { any; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache\_dump.db";
statistics-file "/var/named/data/named\_stats.txt";
memstatistics-file "/var/named/data/named\_mem\_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
allow-query { any; };
allow-recursion { 192.168.1.0/24; };
forwarders {
8.8.8.8;
};
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
/\* Path to ISC DLV key \*/
bindkeys-file "/etc/named.root.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
logging {
channel default\_file {
file "/var/log/named/default.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel general\_file {
file "/var/log/named/general.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel database\_file {
file "/var/log/named/database.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel security\_file {
file "/var/log/named/security.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel config\_file {
file "/var/log/named/config.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel resolver\_file {
file "/var/log/named/resolver.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel xfer-in\_file {
file "/var/log/named/xfer-in.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel xfer-out\_file {
file "/var/log/named/xfer-out.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel notify\_file {
file "/var/log/named/notify.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel client\_file {
file "/var/log/named/client.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel unmatched\_file {
file "/var/log/named/unmatched.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel queries\_file {
file "/var/log/named/queries.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel network\_file {
file "/var/log/named/network.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel update\_file {
file "/var/log/named/update.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel dispatch\_file {
file "/var/log/named/dispatch.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel dnssec\_file {
file "/var/log/named/dnssec.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel lame-servers\_file {
file "/var/log/named/lame-servers.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
category default { default\_file; };
category general { general\_file; };
category database { database\_file; };
category security { security\_file; };
category config { config\_file; };
category resolver { resolver\_file; };
category xfer-in { xfer-in\_file; };
category xfer-out { xfer-out\_file; };
category notify { notify\_file; };
category client { client\_file; };
category unmatched { unmatched\_file; };
category queries { queries\_file; };
category network { network\_file; };
category update { update\_file; };
category dispatch { dispatch\_file; };
category dnssec { dnssec\_file; };
category lame-servers { lame-servers\_file; };
};
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
include "/etc/named/named.conf.local";
EOF
mkdir /etc/named/zones
mkdir /var/log/named/
chown named /var/log/named/
cat <<EOF > /etc/named/named.conf.local
zone "registry.os.asanger.eu" IN {
type master;
file "/etc/named/zones/registry.os.asanger.eu";
};
zone "1.168.192.in-addr.arpa" {
type master;
file "/etc/named/zones/1.168.192.in-addr.arpa";
};
EOF
cat <<EOF > /etc/named/zones/registry.os.asanger.eu
\$TTL 600
@ IN SOA registry.os.asanger.eu. admin.api-v2.match-club.ru. (
3 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
; name servers - NS records
IN NS registry.os.asanger.eu.
registry.os.asanger.eu. IN A 192.168.1.7
EOF
cat <<EOF > /etc/named/zones/1.168.192.in-addr.arpa
\$TTL 86400
@ IN SOA localhost. root.localhost. (
20091028 ; serial
28800 ; refresh
14400 ; retry
3600000 ; expire
86400 ; default\_ttl
)
IN NS registry.os.asanger.eu.
7 IN PTR registry.os.asanger.eu.
EOF
systemctl restart named
dig @localhost registry.os.asanger.eu
dig -x @localhost 192.168.1.7