footer: ©Linkernetworks 2018
slidenumbers: true
Deploy Vortex with kubespray and ansible
- Quick Start for Testing
- Step by Step for Production installation
- Manchine Requirements
- Preparation work on each host
- On Ansible Control Machine, install ansible and prepare ssh-key for root
- On Ansible Control Machine, edit config file
- On Ansible Control Machine, start install
- Reset cluster
- Check Kubernetes Cluster
- Other Details
- Deploy a vortex on localhost with Vagrant and VirtualBox
- Not for production. Test purpose only.
git clone https://github.com/linkernetworks/vortex-installer.git
cd vortex-installer && ./scripts/deploy-in-vagrant
- Supported OS: Ubuntu 16.04
- Hareware
- RAM: at least 16 G
- CPU: 8 cores
- Prepare at least 2 hosts with Ubuntu 16.04
- One for Ansible Control Machine
- At least one for Ansible Managed Node to deploy vortex
Edit /etc/network/interfaces
and reboot every host.
dns-nameservers 8.8.8.8
- Edit
/etc/ssh/sshd_config
and updatePermitRootLogin
option toPermitRootLogin yes
. - restart ssh service
sudo service ssh restart
sudo -s
passwd
sudo apt-get install make
cd ~/ && git clone https://github.com/linkernetworks/vortex-installer.git
cd ~/vortex-installer/
make ansible
- generate ssh-key
mkdir inventory/keys/ && ssh-keygen -t rsa -b 4096 -C "" -f inventory/keys/id_rsa -q -N ''
- Put ssh public key to each Ansible Managed Node
cat inventory/keys/id_rsa.pub | ssh root@host-ip 'mkdir -p .ssh && cat >> .ssh/authorized_keys'
eg.
cat inventory/keys/id_rsa.pub | ssh [email protected] 'mkdir -p .ssh && cat >> .ssh/authorized_keys'
cat inventory/keys/id_rsa.pub | ssh [email protected] 'mkdir -p .ssh && cat >> .ssh/authorized_keys'
... (for all bare metal servers)
- Test ssh connection
ssh root@host-ip -i inventory/keys/id_rsa
eg.
ssh [email protected] -i inventory/keys/id_rsa
For example:
node-1 ansible_ssh_host=10.1.14.14 ip=10.1.14.14
[kube-master]
node-1
[etcd]
node-1
[kube-node]
node-1
[network-setup]
node-1
0. Check on Hugepage each Ansible Managed Node
ls /sys/devices/system/node/node0/hugepages/hugepages-1048576kB/
ls /sys/devices/system/node/node0/hugepages/hugepages-2048kB/
1. Edit inventory/group_vars/network-setup.yml
- If there is no
/sys/devices/system/node/node0/hugepages/hugepages-1048576kB/
path, update the config as the followings:
default_hugepagesz: 2M
nr_hugepages: 1024
- Update ovs_access_mode
- If ovs_access_mode is public, you need to setup
ovs_version
option. - If ovs_access_mode is private, you need to setup
ovs_tar_path
&ovs_folder_name
options.
- If ovs_access_mode is public, you need to setup
$ cp inventory/host_vars/localhost.yml inventory/host_vars/host.yml
eg.
$ cp inventory/host_vars/localhost.yml inventory/host_vars/node-1.yml
$ cp inventory/host_vars/localhost.yml inventory/host_vars/node-2.yml
- Use the followings for installing DPDK-OVS & Kubernetes cluster
make vortex-dev
P.S. If you want to install DPDK-OVS & Kubernetes cluster step by step, please following these steps:
# install DPDK-OVS
make network-setup
# install Kubernetes cluster
make cluster-dev
# Install NFS Server
sudo apt-get install -qqy nfs-kernel-server
sudo mkdir -p /nfsshare/influxdb /nfsshare/mongodb /nfsshare/user
echo "/nfsshare *(rw,sync,no_root_squash)" | sudo tee /etc/exports
sudo exportfs -r
sudo showmount -e
curl -L https://storage.googleapis.com/kubernetes-helm/helm-v2.9.1-linux-amd64.tar.gz > helm-v2.9.1-linux-amd64.tar.gz && tar -zxvf helm-v2.9.1-linux-amd64.tar.gz && chmod +x linux-amd64/helm && sudo mv linux-amd64/helm /usr/local/bin/helm
cd ~/ && gt clone https://github.com/linkernetworks/vortex.git
cd ~/vortex/
1 Create secret
kubectl create secret docker-registry dockerhub-token --docker-server=https://mydockerhub.url/ --docker-username=root --docker-password=<password> [email protected]
2 Get secrets & check dockerconfigjson
value
kubectl get secrets dockerhub-token -o yaml
# .dockerconfigjson: eyJhdXRocyI6eyJodHRwczovL2RvY2tlcmh1Yi5wdy8iOnsidXNlcm5hbWUiOiJyb290IiwicGFzc3dvcmQiOiJ2b3J0ZXg1ODIwIiwiZW0haWwiOiJ2b3J0ZXhAbGlua2VybmV0d29ya3MuY29tIiwiYXV0aCI6ImNtOXZkRHAyYjNKMFpYZzFPREl3In19fQ==
3 Delete secrets
kubectl delete secrets dockerhub-token
eg.
- dockerToken: "you need to replace this token manually"
+ dockerToken: "eyJhdXRocyI6eyJodHRwczovL2RvY2tlcmh1Yi5wdy8iOnsidXNlcm5hbWUiOiJyb290IiwicGFzc3dvcmQiOiJ2b3J0ZXg1ODIwIiwiZW0haWwiOiJ2b3J0ZXhAbGlua2VybmV0d29ya3MuY29tIiwiYXV0aCI6ImNtOXZkRHAyYjNKMFpYZzFPREl3In19fQ=="
- smtpPassword: "you need to replace this token manually"
+ smtpPassword: "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"
- nfsServer: 10.1.14.86
+ nfsServer: 192.168.1.2
- nfsServer: 10.1.14.86
+ nfsServer: 192.168.1.2
kubectl get pod -n kube-system
make apps.launch-prod
kubectl get pod -n vortex
After edit deploy/helm/config/production.yaml
, just exec the followings cmd.
make apps.upgrade-prod
make apps.teardown-prod
Access https://host-ip:32767 (eg. https://192.168.1.2:32767 ) via the browser.
On Ansible Control Machine
- Reset k8s cluster
make reset
- Reset DPDK-OVS
ansible-playbook -e "@inventory/group_vars/network-setup.yml" --inventory inventory/inventory.ini network-setup-reset.yml
- ssh to one of k8s master
$ cat /etc/lsb-release
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=16.04
DISTRIB_CODENAME=xenial
DISTRIB_DESCRIPTION="Ubuntu 16.04.5 LTS"
$ uname -msr
Linux 4.15.0-34-generic x86_64
$ cat /proc/meminfo | grep Huge
AnonHugePages: 0 kB
ShmemHugePages: 0 kB
HugePages_Total: 8
HugePages_Free: 8
HugePages_Rsvd: 0
HugePages_Surp: 0
Hugepagesize: 1048576 kB
$ cat /sys/devices/system/cpu/cpu*/cpufreq/scaling_governor
performance
performance
performance
performance
performance
performance
performance
performance
performance
performance
performance
performance
$ sudo ovs-vsctl show
850c9716-cd8e-499f-a071-efe225a8fe20
ovs_version: "2.9.2"
$ ls /usr/src/dpdk-stable-17.11.4/
$ systemctl status ovsdb-server.service
● ovsdb-server.service - Open vSwitch Database Unit
Loaded: loaded (/etc/systemd/system/ovsdb-server.service; enabled; vendor preset: enabled)
Active: active (running) since 二 2018-09-04 11:34:45 CST; 1min 17s ago
$ systemctl status ovs-vswitchd.service
● ovs-vswitchd.service - Open vSwitch Forwarding Unit
Loaded: loaded (/etc/systemd/system/ovs-vswitchd.service; enabled; vendor preset: enabled)
Active: active (running) since 二 2018-09-04 11:34:46 CST; 1min 23s ago
$ kubectl get pod -n kube-system
$ kubectl get pod -n vortex
$ kubectl get secret dockerhub-token --output="jsonpath={.data.\.dockerconfigjson}" | base64 --decode