查看Centos版本
CentOS Linux release 7.7.1908 (Core)
passwd
yum update -y
yum makecache
yum install fail2ban -y
yum install epel-release -y
yum makecache
yum update -y
yum makecache
yum search fail2ban -y
yum -y install epel-release
yum update -y
yum makecache
yum search fail2ban -y
yum install fail2ban -y
systemctl enable fail2bna -y
systemctl enable fail2ban
systemctl start fail2ban
setenforce 0
sed -i '/SELINUX/s/enforcing/disabled/' /etc/selinux/config
/sbin/iptables -P INPUT ACCEPT
iptables -F
yum -y install epel-release net-tools wget && yum clean all && yum makecache
systemctl stop firewalld && systemctl disable firewalld
echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.confcag
echo "net.ipv4.ip_forward_use_pmtu = 0" >> /etc/sysctl.conf
echo "net.ipv6.conf.all.forwarding = 1" >> /etc/sysctl.conf
sysctl -p
yum search docker
yum list |grep docker
yum install docker -y
docker -v
systemctl enable docker
systemctl start docker
yum search origin
yum install centos-release-openshift-origin310 -y
yum search origin
oc cluster up --public-hostname=95.169.18.172 --skip-registry-check=true
oc login -u system:admin
oc adm policy add-scc-to-user hostnetwork -z router
oc adm router router --service-account=router
开启80 443
oc env dc/router ROUTER_USE_PROXY_PROTOCOL=true
mkdir /etc/docker
cat << EOF > /etc/docker/daemon.json
{
"registry-mirrors": ["https://3laho3y3.mirror.aliyuncs.com"],
"graph": "/data/docker"
}
EOF
docker pull openshift/origin-control-plane:v3.10
docker pull openshift/origin-cli:v3.10
docker pull openshift/origin-hypershift:v3.10
docker pull openshift/origin-hyperkube:v3.10
docker pull openshift/origin-web-console:v3.10
docker pull openshift/origin-node:v3.10
docker pull openshift/origin-docker-builder:v3.10
docker pull openshift/origin-haproxy-router:v3.10
docker pull openshift/origin-deployer:v3.10
docker pull openshift/origin-pod:v3.10
docker pull openshift/origin-docker-registry:v3.10
# 这个是关闭, 可以不运行吧
oc cluster down
oc login -u system:admin
默认账户 dev 密码 dev
部署后问题: 镜像源错误
部署一个GIT程序后, 日志显示
Pushing image 172.30.1.1:5000/sso/zed:latest ...
Registry server Address:
Registry server User Name: serviceaccount
Registry server Email: serviceaccount@example.org
Registry server Password: <<non-empty>>
error: build error: Failed to push image: Get https://172.30.1.1:5000/v1/_ping: http: server gave HTTP response to HTTPS client
解决方案:
修改该或者新建/etc/docker/daemon.json
{ "insecure-registries":["myregistry.example.com:5000"] }
关闭openshift
重启docker service docker restart
开启openshift
部署后问题: 管理员权限
oc login -u system:admin
oc adm policy add-cluster-role-to-user cluster-admin dev