$ ssh-keygen -t rsa -b 2048 -f ./id_rsa -N "" Generating public/private rsa key pair. Your identification has been saved in ./id_rsa. Your public key has been saved in ./id_rsa.pub. The key fingerprint is: *snip* The key's randomart image is: *snip* $ ls -l total 8 -rw------- 1 test test 1679 Apr 8 07:58 id_rsa -rw-r--r-- 1 test test 397 Apr 8 07:58 id_rsa.pub $
[root@cent7no01 ~]# kubectl version
Client Version: version.Info{Major:"1", Minor:"6", GitVersion:"v1.6.1+coreos.0", GitCommit:"9212f77ed8c169a0afa02e58dce87913c6387b3e", GitTreeState:"clean", BuildDate:"2017-04-04T00:32:53Z", GoVersion:"go1.7.5", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"6", GitVersion:"v1.6.1+coreos.0", GitCommit:"9212f77ed8c169a0afa02e58dce87913c6387b3e", GitTreeState:"clean", BuildDate:"2017-04-04T00:32:53Z", GoVersion:"go1.7.5", Compiler:"gc", Platform:"linux/amd64"}
[root@cent7no01 ~]#
[root@cent7no01 ~]# kubectl get nodes NAME STATUS AGE VERSION cent7no01 Ready 1d v1.6.1+coreos.0 cent7no02 Ready 1d v1.6.1+coreos.0 cent7no03 Ready 1d v1.6.1+coreos.0 [root@cent7no01 ~]#
[root@cent7no02 ~]# kubectl get nodes NAME STATUS AGE VERSION cent7no01 Ready 1d v1.6.1+coreos.0 cent7no02 Ready 1d v1.6.1+coreos.0 cent7no03 Ready 1d v1.6.1+coreos.0 [root@cent7no02 ~]#
[root@cent7no01 ~]# kubectl get pods No resources found. [root@cent7no01 ~]#
[root@cent7no01 ~]# kubectl get pods --namespace=kube-system NAME READY STATUS RESTARTS AGE dnsmasq-2996005329-5zrjg 1/1 Running 0 1d dnsmasq-2996005329-pqtsg 1/1 Running 0 1d dnsmasq-autoscaler-2349860636-wnsp1 1/1 Running 0 1d kube-apiserver-cent7no01 1/1 Running 0 1d kube-apiserver-cent7no02 1/1 Running 0 1d kube-controller-manager-cent7no01 1/1 Running 0 1d kube-controller-manager-cent7no02 1/1 Running 0 1d kube-proxy-cent7no01 1/1 Running 0 1d kube-proxy-cent7no02 1/1 Running 0 1d kube-proxy-cent7no03 1/1 Running 0 1d kube-scheduler-cent7no01 1/1 Running 0 1d kube-scheduler-cent7no02 1/1 Running 0 1d kubedns-1519522227-ckxl0 3/3 Running 0 1d kubedns-autoscaler-2999057513-gxs16 1/1 Running 0 1d nginx-proxy-cent7no03 1/1 Running 0 1d [root@cent7no01 ~]#
In the case of using Ubuntu Server 16.04, already the server was intalled LXD.
test@ubuntu01:~$ cat /etc/lsb-release DISTRIB_ID=Ubuntu DISTRIB_RELEASE=16.04 DISTRIB_CODENAME=xenial DISTRIB_DESCRIPTION="Ubuntu 16.04.2 LTS" test@ubuntu01:~$
test@ubuntu01:~$ lxd --version 2.0.9 test@ubuntu01:~$
test@ubuntu01:~$ dpkg -l | grep lxd ii lxd 2.0.9-0ubuntu1~16.04.2 amd64 Container hypervisor based on LXC - daemon ii lxd-client 2.0.9-0ubuntu1~16.04.2 amd64 Container hypervisor based on LXC - client test@ubuntu01:~$ dpkg -l | grep zfs test@ubuntu01:~$
test@ubuntu01:~$ sudo apt-get install zfs [sudo] password for test: Reading package lists... Done Building dependency tree Reading state information... Done Note, selecting 'zfsutils-linux' instead of 'zfs' The following additional packages will be installed: libnvpair1linux libuutil1linux libzfs2linux libzpool2linux zfs-doc zfs-zed Suggested packages: default-mta | mail-transport-agent samba-common-bin nfs-kernel-server zfs-initramfs The following NEW packages will be installed: libnvpair1linux libuutil1linux libzfs2linux libzpool2linux zfs-doc zfs-zed zfsutils-linux 0 upgraded, 7 newly installed, 0 to remove and 25 not upgraded. Need to get 897 kB of archives. After this operation, 2,902 kB of additional disk space will be used. Do you want to continue? [Y/n] Y Get:1 http://us.archive.ubuntu.com/ubuntu xenial-updates/main amd64 zfs-doc all 0.6.5.6-0ubuntu16 [50.1 kB] Get:2 http://us.archive.ubuntu.com/ubuntu xenial-updates/main amd64 libuutil1linux amd64 0.6.5.6-0ubuntu16 [27.5 kB] Get:3 http://us.archive.ubuntu.com/ubuntu xenial-updates/main amd64 libnvpair1linux amd64 0.6.5.6-0ubuntu16 [23.4 kB] Get:4 http://us.archive.ubuntu.com/ubuntu xenial-updates/main amd64 libzpool2linux amd64 0.6.5.6-0ubuntu16 [384 kB] Get:5 http://us.archive.ubuntu.com/ubuntu xenial-updates/main amd64 libzfs2linux amd64 0.6.5.6-0ubuntu16 [106 kB] Get:6 http://us.archive.ubuntu.com/ubuntu xenial-updates/main amd64 zfsutils-linux amd64 0.6.5.6-0ubuntu16 [276 kB] Get:7 http://us.archive.ubuntu.com/ubuntu xenial-updates/main amd64 zfs-zed amd64 0.6.5.6-0ubuntu16 [29.8 kB] Fetched 897 kB in 1s (626 kB/s) Selecting previously unselected package zfs-doc. (Reading database ... 91931 files and directories currently installed.) Preparing to unpack .../zfs-doc_0.6.5.6-0ubuntu16_all.deb ... Unpacking zfs-doc (0.6.5.6-0ubuntu16) ... Selecting previously unselected package libuutil1linux. Preparing to unpack .../libuutil1linux_0.6.5.6-0ubuntu16_amd64.deb ... Unpacking libuutil1linux (0.6.5.6-0ubuntu16) ... Selecting previously unselected package libnvpair1linux. Preparing to unpack .../libnvpair1linux_0.6.5.6-0ubuntu16_amd64.deb ... Unpacking libnvpair1linux (0.6.5.6-0ubuntu16) ... Selecting previously unselected package libzpool2linux. Preparing to unpack .../libzpool2linux_0.6.5.6-0ubuntu16_amd64.deb ... Unpacking libzpool2linux (0.6.5.6-0ubuntu16) ... Selecting previously unselected package libzfs2linux. Preparing to unpack .../libzfs2linux_0.6.5.6-0ubuntu16_amd64.deb ... Unpacking libzfs2linux (0.6.5.6-0ubuntu16) ... Selecting previously unselected package zfsutils-linux. Preparing to unpack .../zfsutils-linux_0.6.5.6-0ubuntu16_amd64.deb ... Unpacking zfsutils-linux (0.6.5.6-0ubuntu16) ... Selecting previously unselected package zfs-zed. Preparing to unpack .../zfs-zed_0.6.5.6-0ubuntu16_amd64.deb ... Unpacking zfs-zed (0.6.5.6-0ubuntu16) ... Processing triggers for libc-bin (2.23-0ubuntu7) ... Processing triggers for initramfs-tools (0.122ubuntu8.8) ... update-initramfs: Generating /boot/initrd.img-4.4.0-78-generic W: mdadm: /etc/mdadm/mdadm.conf defines no arrays. Processing triggers for systemd (229-4ubuntu10) ... Processing triggers for ureadahead (0.100.0-19) ... Processing triggers for man-db (2.7.5-1) ... Setting up zfs-doc (0.6.5.6-0ubuntu16) ... Setting up libuutil1linux (0.6.5.6-0ubuntu16) ... Setting up libnvpair1linux (0.6.5.6-0ubuntu16) ... Setting up libzpool2linux (0.6.5.6-0ubuntu16) ... Setting up libzfs2linux (0.6.5.6-0ubuntu16) ... Setting up zfsutils-linux (0.6.5.6-0ubuntu16) ... zfs-import-cache.service is a disabled or a static unit, not starting it. zfs-import-scan.service is a disabled or a static unit, not starting it. zfs-mount.service is a disabled or a static unit, not starting it. Processing triggers for initramfs-tools (0.122ubuntu8.8) ... update-initramfs: Generating /boot/initrd.img-4.4.0-78-generic W: mdadm: /etc/mdadm/mdadm.conf defines no arrays. Setting up zfs-zed (0.6.5.6-0ubuntu16) ... zed.service is a disabled or a static unit, not starting it. Processing triggers for libc-bin (2.23-0ubuntu7) ... Processing triggers for systemd (229-4ubuntu10) ... Processing triggers for ureadahead (0.100.0-19) ... test@ubuntu01:~$ test@ubuntu01:~$
Let’s confirm
test@ubuntu01:~$ dpkg -l | grep zfs ii libzfs2linux 0.6.5.6-0ubuntu16 amd64 Native OpenZFS filesystem library for Linux ii zfs-doc 0.6.5.6-0ubuntu16 all Native OpenZFS filesystem documentation and examples. ii zfs-zed 0.6.5.6-0ubuntu16 amd64 OpenZFS Event Daemon (zed) ii zfsutils-linux 0.6.5.6-0ubuntu16 amd64 Native OpenZFS management utilities for Linux test@ubuntu01:~$
test@ubuntu01:~$ lxc list
Generating a client certificate. This may take a minute...
If this is your first time using LXD, you should also run: sudo lxd init
To start your first container, try: lxc launch ubuntu:16.04
+------+-------+------+------+------+-----------+
| NAME | STATE | IPV4 | IPV6 | TYPE | SNAPSHOTS |
+------+-------+------+------+------+-----------+
test@ubuntu01:~$
test@ubuntu01:~$ ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 08:00:27:9f:80:ce brd ff:ff:ff:ff:ff:ff
inet 172.16.10.61/24 brd 172.16.10.255 scope global enp0s3
valid_lft forever preferred_lft forever
inet6 fe80::a00:27ff:fe9f:80ce/64 scope link
valid_lft forever preferred_lft forever
3: lxdbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default qlen 1000
link/ether fa:a4:33:27:e6:cb brd ff:ff:ff:ff:ff:ff
inet6 fe80::f8a4:33ff:fe27:e6cb/64 scope link
valid_lft forever preferred_lft forever
inet6 fe80::1/64 scope link
valid_lft forever preferred_lft forever
test@ubuntu01:~$
test@ubuntu01:~$ sudo lxd init
Name of the storage backend to use (dir or zfs) [default=zfs]:
Create a new ZFS pool (yes/no) [default=yes]?
Name of the new ZFS pool [default=lxd]:
Would you like to use an existing block device (yes/no) [default=no]?
Size in GB of the new loop device (1GB minimum) [default=15]:
Would you like LXD to be available over the network (yes/no) [default=no]?
Do you want to configure the LXD bridge (yes/no) [default=yes]?
Warning: Stopping lxd.service, but it can still be activated by:
lxd.socket
LXD has been successfully configured.
test@ubuntu01:~$
test@ubuntu01:~$ lxc list
+------+-------+------+------+------+-----------+
| NAME | STATE | IPV4 | IPV6 | TYPE | SNAPSHOTS |
+------+-------+------+------+------+-----------+
test@ubuntu01:~$
setting like images below.
IPv6 is disabled.
$ openssl genrsa -des3 -out server.key 4096 Generating RSA private key, 4096 bit long modulus .....++ ...................................................................................................................................................................................++ e is 65537 (0x10001) Enter pass phrase for server.key: Verifying - Enter pass phrase for server.key: $
$ openssl req -new -key server.key -out server.csr Enter pass phrase for server.key: You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [XX]: State or Province Name (full name) []: Locality Name (eg, city) [Default City]: Organization Name (eg, company) [Default Company Ltd]: Organizational Unit Name (eg, section) []: Common Name (eg, your name or your server's hostname) []: Email Address []: Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []: $
$ cp server.key server.key.org $ openssl rsa -in server.key.org -out server.key Enter pass phrase for server.key.org: writing RSA key $
$ openssl x509 -in server.csr -days 365000 -req -signkey server.key > server.crt Signature ok subject=/C=XX/L=Default City/O=Default Company Ltd/CN= Getting Private key $
$ ls -1 server.crt server.csr server.key server.key.org $
$ openssl genrsa -out server.key 4096 Generating RSA private key, 4096 bit long modulus .......................................................++ ..........++ e is 65537 (0x10001) $
$ openssl req -new -key server.key -out server.csr You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [XX]: State or Province Name (full name) []: Locality Name (eg, city) [Default City]: Organization Name (eg, company) [Default Company Ltd]: Organizational Unit Name (eg, section) []: Common Name (eg, your name or your server's hostname) []: Email Address []: Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []: $
$ openssl x509 -in server.csr -days 365000 -req -signkey server.key > server.crt Signature ok subject=/C=XX/L=Default City/O=Default Company Ltd/CN=<ip or host> Getting Private key $
$ ls -1 server.crt server.csr server.key $
[root@centos01 ~]# wget https://github.com/openshift/openshift-ansible/archive/openshift-ansible-3.4.70-1.tar.gz
[root@kvmtest ~]# ovs-vsctl add-br br0 [root@kvmtest ~]# ovs-vsctl add-port br0 enp0s3
[root@kvmtest ~]# cat /etc/sysconfig/network-scripts/ifcfg-enp0s3 DEVICE=enp0s3 NAME=enp0s3 BOOTPROTO=none UUID=289182bb-48c3-40e7-b3cd-77423569fc7a ONBOOT=yes NM_CONTROLLED=no DEVICETYPE=ovs TYPE=OVSPort OVS_BRIDGE=br0 [root@kvmtest ~]#
[root@kvmtest ~]# cat /etc/sysconfig/network-scripts/ifcfg-br0 DEVICE=br0 NAME=br0 BOOTPROTO=none ONBOOT=yes NM_CONTROLLD=NO DEVICETYPE=ovs TYPE=OVSBridge IPADDR=192.168.0.240 PREFIX=24 GATEWAY=192.168.0.1 DNS1=8.8.8.8 DEFROUTE=yes IPV4_FAILURE_FATAL=no IPV6INIT=no [root@kvmtest ~]#
[root@kvmtest ~]# reboot
[root@kvmtest ~]# ovs-vsctl show
bbf32677-0b6c-46f4-8734-e8705c5cbe80
Bridge "br0"
Port "br0"
Interface "br0"
type: internal
Port "enp0s3"
Interface "enp0s3"
ovs_version: "2.6.1"
[root@kvmtest ~]#
[root@kvmtest ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master ovs-system state UP qlen 1000
link/ether 08:00:27:32:47:47 brd ff:ff:ff:ff:ff:ff
inet6 fe80::a00:27ff:fe32:4747/64 scope link
valid_lft forever preferred_lft forever
3: enp0s8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 08:00:27:15:48:81 brd ff:ff:ff:ff:ff:ff
4: ovs-system: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000
link/ether ee:bf:5d:00:ba:06 brd ff:ff:ff:ff:ff:ff
5: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN qlen 1000
link/ether 08:00:27:32:47:47 brd ff:ff:ff:ff:ff:ff
inet 192.168.0.240/24 brd 192.168.0.255 scope global br0
valid_lft forever preferred_lft forever
inet6 fe80::c8ea:adff:fea9:7548/64 scope link
valid_lft forever preferred_lft forever
[root@kvmtest ~]#
