· 6 years ago · Jun 11, 2019, 04:36 PM
1[root@icp1 cluster]# pwd
2/opt/ibm-cloud-private-3.1.2/cluster
3[root@icp1 cluster]# ls -la
4total 20
5drwxr-xr-x. 5 root root 91 Jun 11 17:20 .
6drwxr-xr-x. 3 root root 59 Jun 11 16:44 ..
7-rw-------. 1 root root 7992 Jun 11 17:20 config.yaml
8-rw-------. 1 root root 143 Jun 11 16:40 hosts
9drwxr-xr-x. 2 root root 52 Jun 11 16:44 images
10drwxr-xr-x. 2 root root 4096 Jun 11 17:26 logs
11drwxr-xr-x. 3 root root 27 Jun 11 16:21 misc
12-r--------. 1 root root 1 Jun 11 16:21 ssh_key
13[root@icp1 cluster]# cat config.yaml
14# Licensed Materials - Property of IBM
15# IBM Cloud private
16# @ Copyright IBM Corp. 2017 All Rights Reserved
17# US Government Users Restricted Rights - Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp.
18
19---
20
21## Network Settings
22network_type: calico
23# network_helm_chart_path: < helm chart path >
24
25## Network in IPv4 CIDR format
26network_cidr: 192.168.199.0/24
27
28## Kubernetes Settings
29service_cluster_ip_range: 192.168.199.0/24
30
31# cluster_domain: cluster.local
32# cluster_name: mycluster
33# cluster_CA_domain: "{{ cluster_name }}.icp"
34
35## Etcd Settings
36etcd_extra_args: ["--grpc-keepalive-timeout=0", "--grpc-keepalive-interval=0", "--snapshot-count=10000"]
37# Keep the log data separate from the etcd data.
38# You could set etcd wal dirctory to a centralized and remote log directory for persistent logging.
39# etcd_data_dir: "/var/lib/etcd"
40# etcd_wal_dir: "/var/lib/etcd-wal"
41
42## General Settings
43# wait_for_timeout: 600
44fips_enabled: false
45
46## Advanced Settings
47default_admin_user: admin
48default_admin_password: P@ssw0rd
49# ansible_become: true
50# ansible_become_password: <password>
51ansible_user: root
52ansible_ssh_pass: P@ssw0rd
53ansible_ssh_common_args: "-oPubkeyAuthentication=no"
54
55password_rules:
56- '(.*)'
57
58## Kubernetes Settings
59# kubelet_extra_args: [""]
60# kube_apiserver_extra_args: []
61# kube_controller_manager_extra_args: []
62# kube_proxy_extra_args: []
63# kube_scheduler_extra_args: []
64
65## Bootstrap token
66# bootstrap_token_ttl: "24h0m0s"
67
68
69## Enable Kubernetes Audit Log
70# auditlog_enabled: false
71
72## Audit logging settings
73journal_path: /run/log/journal
74
75## Cluster Router settings
76# router_http_port: 8080
77# router_https_port: 8443
78
79## Nginx Ingress settings
80# ingress_http_port: 80
81# ingress_https_port: 443
82
83## GlusterFS Storage Settings
84# storage-glusterfs:
85# nodes:
86# - ip: <storage_node_m_IP_address>
87# devices:
88# - <link path>/<symlink of device aaa>
89# - <link path>/<symlink of device bbb>
90# - ip: <storage_node_n_IP_address>
91# devices:
92# - <link path>/<symlink of device ccc>
93# - ip: <storage_node_o_IP_address>
94# devices:
95# - <link path>/<symlink of device ddd>
96# storageClass:
97# create: true
98# name: glusterfs
99# isDefault: false
100# volumeType: replicate:3
101# reclaimPolicy: Delete
102# volumeBindingMode: Immediate
103# volumeNamePrefix: icp
104# additionalProvisionerParams: {}
105# allowVolumeExpansion: true
106# gluster:
107# resources:
108# requests:
109# cpu: 500m
110# memory: 512Mi
111# limits:
112# cpu: 1000m
113# memory: 1Gi
114# heketi:
115# backupDbSecret: heketi-db-backup
116# authSecret: heketi-secret
117# maxInFlightOperations: 20
118# resources:
119# requests:
120# cpu: 500m
121# memory: 512Mi
122# limits:
123# cpu: 1000m
124# memory: 1Gi
125# nodeSelector:
126# key: hostgroup
127# value: glusterfs
128# prometheus:
129# enabled: true
130# path: "/metrics"
131# port: 8080
132# tolerations: []
133# podPriorityClass: system-cluster-critical
134
135
136## storage-minio settings
137# storage-minio:
138# image:
139# repository: "{{ image_repo }}/minio"
140# mcImage:
141# repository: "{{ image_repo }}/minio-mc"
142# mode: standalone
143# accessKey: "admin"
144# secretKey: "admin1234"
145# minioAccessSecret: "minio-secret"
146# configPath: "/root/.minio/"
147# mountPath: "/export"
148# replica: 4
149# persistence:
150# enabled: false
151# useDynamicProvisioning: false
152# storageClass: standard
153# accessMode: ReadWriteOnce
154# size: 10Gi
155# service:
156# type: ClusterIP
157# clusterIP: None
158# loadBalancerIP: None
159# port: 9000
160# nodePort: 31311
161# ingress:
162# enabled: false
163# path: /
164# hosts: ""
165# tls: ""
166# tls:
167# enabled: false
168# type: "selfsigned"
169# minioTlsSecret: ""
170# nodeSelector: ""
171# tolerations: ""
172
173## Network Settings
174## Calico Network Settings
175# calico_ipip_mode: Always
176# calico_tunnel_mtu: 1430
177# calico_ip_autodetection_method: can-reach={{ groups['master'][0] }}
178
179## IPSec mesh Settings
180## If user wants to configure IPSec mesh, the following parameters
181## should be configured through config.yaml
182# ipsec_mesh:
183# enable: true
184# subnets: []
185# exclude_ips: []
186# cipher_suite: ""
187
188## Environment Isolation
189# Example: [{namespace: production, hostgroup: proxy-prod, lb_address: x.x.x.x}]
190# Mandatory parameters: namespace, hostgroup
191# Optional parameters: lb_address
192isolated_namespaces: []
193isolated_proxies: []
194
195# kube_apiserver_secure_port: 8001
196
197## External loadbalancer IP or domain
198## Or floating IP in OpenStack environment
199# cluster_lb_address: none
200
201## External loadbalancer IP or domain
202## Or floating IP in OpenStack environment
203# proxy_lb_address: none
204
205## Install in firewall enabled mode
206# firewall_enabled: false
207
208## Allow loopback dns server in cluster nodes
209# loopback_dns: false
210
211## High Availability Settings: etcd or keepalived
212vip_manager: etcd
213
214## High Availability Settings for master nodes
215# vip_iface: eth0
216# cluster_vip: 127.0.1.1
217
218## High Availability Settings for Proxy nodes
219# proxy_vip_iface: eth0
220# proxy_vip: 127.0.1.1
221
222## vSphere cloud provider Settings
223## If user wants to configure vSphere as cloud provider, vsphere_conf
224## parameters should be configured through config.yaml
225# kubelet_nodename: hostname
226# cloud_provider: vsphere
227# vsphere_conf:
228# user: <vCenter username for vSphere cloud provider>
229# password: <password for vCenter user>
230# server: <vCenter server IP or FQDN>
231# port: [vCenter Server Port; default: 443]
232# insecure_flag: [set to 1 if vCenter uses a self-signed certificate]
233# datacenter: <datacenter name on which Node VMs are deployed>
234# datastore: <default datastore to be used for provisioning volumes>
235# working_dir: <vCenter VM folder path in which node VMs are located>
236
237## You can disable following services if they are not needed:
238# custom-metrics-adapter
239# image-security-enforcement
240# istio
241# metering
242# logging
243# monitoring
244# service-catalog
245# storage-minio
246# storage-glusterfs
247# vulnerability-advisor
248# node-problem-detector-draino
249# multicluster-hub: disabled
250# multicluster-endpoint: disabled
251
252management_services:
253 istio: disabled
254 vulnerability-advisor: disabled
255 storage-glusterfs: disabled
256 storage-minio: disabled
257 platform-security-netpols: disabled
258 node-problem-detector-draino: disabled
259 multicluster-hub: disabled
260 multicluster-endpoint: disabled
261
262## Docker configuration option, more options see
263## https://docs.docker.com/engine/reference/commandline/dockerd/#daemon-configuration-file
264# docker_config:
265# log-opts:
266# max-size: "100m"
267# max-file: "10"
268
269## Docker environment setup
270# docker_env:
271# - HTTP_PROXY=http://1.2.3.4:3128
272# - HTTPS_PROXY=http://1.2.3.4:3128
273# - NO_PROXY=localhost,127.0.0.1,{{ cluster_CA_domain }}
274
275## Install/upgrade docker version
276# docker_version: 18.03.1
277
278## Install Docker automatically or not
279# install_docker: true
280
281## Nginx Ingress Controller configuration
282## You can add your nginx ingress controller configuration, and the allowed configuration can refer to
283## https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/
284## Section ingress_controller is obsolete, it is replaced by nginx-ingress.
285# nginx-ingress:
286# ingress:
287# config:
288# disable-access-log: 'true'
289# keep-alive-requests: '10000'
290# upstream-keepalive-connections: '64'
291# worker-processes: "2"
292# extraArgs:
293# publish-status-address: "{{ proxy_external_address }}"
294# enable-ssl-passthrough: true
295
296## Clean metrics indices in Elasticsearch older than this number of days
297# metrics_max_age: 1
298
299## Clean application log indices in Elasticsearch older than this number of days
300# logs_maxage: 1
301
302## Istio addons security Settings
303## If user wants to configure Istio addons securty settings
304## parameters should be configured through config.yaml
305# istio_addon:
306# grafana:
307# username: admin
308# passphrase: admin
309# kiali:
310# username: admin
311# passphrase: admin
312[root@icp1 cluster]# cat hosts
313[master]
314192.168.199.51
315
316[worker]
317192.168.199.51
318192.168.199.52
319
320[proxy]
321192.168.199.51
322192.168.199.52
323
324#[management]
325#4.4.4.4
326
327#[va]
328#5.5.5.5
329(reverse-i-search)`': ^C
330[root@icp1 cluster]# docker run --net=host -t -e LICENSE=accept -v "$(pwd)":/installer/cluster ibmcom/icp-inception-ppc64le:3.1.2-ee check
331
332PLAY [Checking Python interpreter] *********************************************
333
334TASK [Checking Python interpreter] *********************************************
335fatal: [192.168.199.51]: FAILED! => changed=true
336 msg: non-zero return code
337 rc: 5
338 stderr: |-
339 Permission denied, please try again.
340 stderr_lines: <omitted>
341 stdout: ''
342 stdout_lines: <omitted>
343fatal: [192.168.199.52]: FAILED! => changed=true
344 msg: non-zero return code
345 rc: 5
346 stderr: |-
347 Permission denied, please try again.
348 stderr_lines: <omitted>
349 stdout: ''
350 stdout_lines: <omitted>
351
352NO MORE HOSTS LEFT *************************************************************
353
354NO MORE HOSTS LEFT *************************************************************
355
356PLAY RECAP *********************************************************************
357192.168.199.51 : ok=0 changed=0 unreachable=0 failed=1
358192.168.199.52 : ok=0 changed=0 unreachable=0 failed=1
359
360Playbook run took 0 days, 0 hours, 0 minutes, 2 seconds
361
362[root@icp1 cluster]# ifconfig -a
363docker0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
364 inet 172.17.0.1 netmask 255.255.0.0 broadcast 172.17.255.255
365 ether 02:42:bb:74:ec:27 txqueuelen 0 (Ethernet)
366 RX packets 0 bytes 0 (0.0 B)
367 RX errors 0 dropped 0 overruns 0 frame 0
368 TX packets 0 bytes 0 (0.0 B)
369 TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
370
371eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
372 inet 192.168.199.51 netmask 255.255.255.0 broadcast 192.168.199.255
373 inet6 fe80::5054:ff:fe12:f4c2 prefixlen 64 scopeid 0x20<link>
374 ether 52:54:00:12:f4:c2 txqueuelen 1000 (Ethernet)
375 RX packets 1646 bytes 207847 (202.9 KiB)
376 RX errors 0 dropped 0 overruns 0 frame 0
377 TX packets 374 bytes 241468 (235.8 KiB)
378 TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
379
380lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
381 inet 127.0.0.1 netmask 255.0.0.0
382 inet6 ::1 prefixlen 128 scopeid 0x10<host>
383 loop txqueuelen 1000 (Local Loopback)
384 RX packets 112 bytes 16732 (16.3 KiB)
385 RX errors 0 dropped 0 overruns 0 frame 0
386 TX packets 112 bytes 16732 (16.3 KiB)
387 TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
388
389[root@icp1 cluster]#