Openshift Origin开发日记 1 - 10

1. 下载 https://github.com/openshift/origin/releases

并且上传到360云盘 ／Postgraduate／云计算／Openshift Origin相关／安装包

2. 二进制包安装好，学习下面的基础教程

2.1.安装

https://docs.openshift.org/latest/getting_star

ted/administrators.html#getting-started-administrators

2.2.视频教程

https://access.redhat.com/videos/1606273

2.3.需要CLI

https://docs.openshift.org/latest/cli_reference/get_started_cli.html#cli-reference-get-started-cli

2.4.进入web console的网址：http s :127.0.0.1:8443 (注意是https,然后打开的时候会有不安全的提示，别管他)

2.5 Web Console Authentication

https://docs.openshift.org/latest/dev_guide/authentication.html#dev-guide-authentication

3.发现ubuntu不是很友好，且运行console，图形化管理的话，需要一些制约条件

后面发现Ubuntu 下面的firefox也是可以运行的

https://docs.openshift.org/latest/architecture/infrastructure_components/web_console.html#architecture-infrastructure-components-web-console

正式生产的分布式环境下的条件

https://docs.openshift.org/latest/install_config/install/prerequisites.html#install-config-install-prerequisites

5.控制台发布应用，往下拉

https://docs.openshift.org/latest/dev_guide/new_app.html

创建templete和instant app

https://docs.openshift.org/latest/dev_guide/templates.html

默认不导入Default Images，查看下面的链接

https://docs.openshift.org/latest/install_config/imagestreams_templates.html#install-config-imagestreams-templates

首先需要

Deploying a Docker Registry

https://docs.openshift.org/latest/install_config/install/docker_registry.html#install-config-install-docker-registry

按照下面的命令。总是找不到admin.kubeconfig,

运行/oadm registry —help，发现发现可以不带参数运行registery

Install or configure an integrated Docker registry

This command sets up a Docker registry integrated with your cluster to provide notifications when

images are pushed. With no arguments, the command will check for the existing registry service

called 'docker-registry' and try to create it. If you want to test whether the registry has

been created add the --dry-run flag and the command will exit with 1 if the registry does not

exist.

6.权限不够，无法创建docker registry

https://docs.openshift.org/latest/architecture/additional_concepts/authorization.html#roles

需要在 cluster policy or in a local policy .中定义各个角色

https://docs.openshift.org/latest/architecture/additional_concepts/authorization.html#roles

看下面关于policy的建议和例子

https://github.com/openshift/origin/blob/master/docs/proposals/policy.md

修改权限，查看policy的命令

https://docs.openshift.org/latest/admin_guide/manage_authorization_policy.html#viewing-cluster-roles

查看cluster级别的

oc describe clusterPolicy default

6.1默认的admin和test账户都无法查看cluster级别的policy

需要权限，国外开发组的邮件

Did you already log in as user test? Only a cluster admin can give that role to another user, so you need to run that command as the bootstrap cluster admin user. The credentials for that user are in the admin.kubeconfig file on the API server.

oadm policy add-cluster-role-to-user cluster-admin test --config= /home/zhk/Downloads/openshift-origin-server-v1.3.0-alpha.2-983578e-linux-64bit/openshift.local.config/master/ admin.kubeconfig

You can add and remove roles to and from users and groups using oadm policy commands.

利用oadm policy命令修改policy

admin.kubeconfig文件是在

/root/Downloads/openshift-origin-server-v1.3.0-alpha.2-983578e-linux-64bit/openshift.local.config/master

或者（后面的centos）

/home/zhk/Downloads/openshift-origin-server-v1.3.0-alpha.2-983578e-linux-64bit/openshift.local.config/master

角色授予成功后，test下面会多出 3个project，这就证明角色已经分配给test了。

6.3 oadm policy add-cluster-role-to-user <role> <username>

增加cluster级别的角色给某个用户

但是跑下面的命令，却没有权限查看

1. templates相当于应用程序模版，

https://docs.openshift.org/latest/dev_guide/templates.html#dev-guide-templates

2.导入默认的 install-config-imagestreams-templates

https://docs.openshift.org/latest/install_config/imagestreams_templates.html#install-config-imagestreams-templates

3.admin.kubeconfig文件是在

/root/Downloads/openshift-origin-server-v1.3.0-alpha.2-983578e-linux-64bit/openshift.local.config/master

即在master节点下面

7.根据下面的链接尝试创建集成的docker registry

https://docs.openshift.org/latest/install_config/install/docker_registry.html#install-config-install-docker-registry

oadm registry --config=/root/Downloads/openshift-origin-server-v1.3.0-alpha.2-983578e-linux-64bit/openshift.local.config/master/admin.kubeconfig --service-account=registry

1.第一步，运行上面的命令

根据此次命令的运行，可能命令行加上参数 —config＝admin.kubeconfig的时候，当前用户就拥有了全局的权限吧。可能是之前没有理解下面红框内的英文的意思。

根据上面的链接，只执行了第一步，后面的什么deploy the registry as a daemons对于导入默认的instant app和template貌似并不是要求的，所以先放一放。 目前,test用户拥有最高权限

8.目前根据 https://docs.openshift.org/latest/install_config/imagestreams_templates.html

已经完成下面这4个步骤。

9.

可见，集成默认的instant app和template就是在操作open shift这个project,从命令行的参数 -n open shift可以看出来，目前，test用户因为有了cluster-admin的角色，所以可以查看open shift这个project了

10.

单核的阿里云的ubuntu执行起来比较慢，但是登录vnc查看远程桌面的话，发现终端是一直在执行脚本的，导致ssh这边看上去好像卡住了一样，耐心等待