文章目錄
- 環境
- OCP
- Client(Ansible控制節點)
- 步驟
- 準備工作
- 在client端配置ssh免密登錄OCP端
- 在client端安裝Ansible
- kubernetes.core.k8s_info
- 第1次嘗試
- 在OCP端安裝python和pip3
- 在OCP端安裝kubernetes
- 在OCP端安裝PyYAML
- 第2次嘗試
- 在OCP端配置config文件
- 第3次嘗試
- 其它問題
- PyYAML
- 安裝/更新kubectl(可選)
- kubernetes.core.k8s
- 參考
環境
OCP
api.kai1212.cp.fyre.ibm.com-
Red Hat Enterprise Linux release 8.8 (Ootpa)
-
OpenShift 4.14.1
- Red Hat Enterprise Linux CoreOS release 4.14
-
Python 3.6.8
-
pip 9.0.3 from /usr/lib/python3.6/site-packages (python 3.6)
-
oc
[root@api.kai1212.cp.fyre.ibm.com ~]# oc version Client Version: 4.14.1 Kustomize Version: v5.0.1 Server Version: 4.14.1 Kubernetes Version: v1.27.6+f67aeb3 -
kubectl
[root@api.kai1212.cp.fyre.ibm.com ~]# kubectl version WARNING: This version information is deprecated and will be replaced with the output from kubectl version --short. Use --output=yaml|json to get the full version. Client Version: version.Info{Major:"1", Minor:"27", GitVersion:"v1.27.4", GitCommit:"0c63f9da2694c080257111616c60005f32a5bf47", GitTreeState:"clean", BuildDate:"2023-10-20T23:16:49Z", GoVersion:"go1.20.10 X:strictfipsruntime", Compiler:"gc", Platform:"linux/amd64"} Kustomize Version: v5.0.1 Server Version: version.Info{Major:"1", Minor:"27", GitVersion:"v1.27.6+f67aeb3", GitCommit:"f3ec0ed759cde48849b6e3117c091b7db90c95fa", GitTreeState:"clean", BuildDate:"2023-10-20T22:20:44Z", GoVersion:"go1.20.10 X:strictfipsruntime", Compiler:"gc", Platform:"linux/amd64"}
-
Client(Ansible控制節點)
kairedhat91.fyre.ibm.com- Red Hat Enterprise Linux release 9.2 (Plow)
- Ansible 2.14.9
步驟
準備工作
在client端配置ssh免密登錄OCP端
用 ssh-keygen -t rsa 命令生成密鑰對,然后把公鑰( /root/.ssh/id_rsa.pub )的內容添加到OCP端( api.kai1212.cp.fyre.ibm.com )的 /root/.ssh/authorized_keys 文件里。
測試一下ssh登錄,確保能夠免密登錄。
在client端安裝Ansible
在client端安裝Ansible:
yum install ansible
如果報錯:
No match for argument: ansible
Error: Unable to find a match: ansible
則需要配置repo源。修改 /etc/yum.repos.d/redhat.repo ,添加如下內容:
[epel]
name=epel
baseurl=https://mirrors.aliyun.com/epel/9/Everything/x86_64/
enabled=1
gpgcheck=1
gpgkey=https://mirrors.aliyun.com/epel/RPM-GPG-KEY-EPEL-9
然后再安裝,就OK了。
......
......
Installed:ansible-1:7.7.0-1.el9.noarch ansible-core-1:2.14.9-1.el9.x86_64 python3-cffi-1.14.5-5.el9.x86_64 python3-cryptography-36.0.1-4.el9.x86_64 python3-packaging-20.9-5.el9.noarch python3-ply-3.11-14.el9.noarchpython3-pycparser-2.20-6.el9.noarch python3-pyparsing-2.4.7-9.el9.noarch python3-resolvelib-0.5.4-5.el9.noarch sshpass-1.09-4.el9.x86_64Complete!
檢查Ansible版本:
[root@kairedhat91 ~]# ansible --version
ansible [core 2.14.9]config file = /etc/ansible/ansible.cfgconfigured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']ansible python module location = /usr/lib/python3.9/site-packages/ansibleansible collection location = /root/.ansible/collections:/usr/share/ansible/collectionsexecutable location = /usr/bin/ansiblepython version = 3.9.18 (main, Sep 7 2023, 00:00:00) [GCC 11.4.1 20230605 (Red Hat 11.4.1-2)] (/usr/bin/python3)jinja version = 3.1.2libyaml = True
編輯 /etc/ansible/hosts ,添加如下內容:
[myvm]
api.kai1212.cp.fyre.ibm.com
測試一下Ansible連通性:
[root@kairedhat91 ~]# ansible all -m ping
api.kai1212.cp.fyre.ibm.com | SUCCESS => {"ansible_facts": {"discovered_interpreter_python": "/usr/libexec/platform-python"},"changed": false,"ping": "pong"
}
kubernetes.core.k8s_info
在client端創建 test1.yml 如下:
---
- hosts: alltasks:- name: task1kubernetes.core.k8s_info:api_version: v1kind: Namespacename: myns1register: var1- name: task2debug:msg: "{{ var1 }}"
該腳本會嘗試讀取名為 myns1 namespace信息,當然,該namespace目前并不存在。
第1次嘗試
運行 ansible-playbook test1.yml ,報錯如下:
TASK [task1] **************************************************************************************************************************************************************************************************************************************
fatal: [api.kai1212.cp.fyre.ibm.com]: FAILED! => {"changed": false, "msg": "Failed to import the required Python library (kubernetes) on api.kai1212.cp.fyre.ibm.com's Python /usr/libexec/platform-python. Please read the module documentation and install it in the appropriate location. If the required library is installed, but Ansible is using the wrong Python interpreter, please consult the documentation on ansible_python_interpreter"}
這是因為,按Ansible官網文檔所言,需要有以下先決條件:
- python >= 3.6
- kubernetes >= 12.0.0
- PyYAML >= 3.11
在OCP端安裝python和pip3
在OCP端安裝python和pip3:
yum install python3
如果報錯說找不到,則需要配置repo源,參考上面的做法。
安裝成功,如下:
......
......
Installed:python3-pip-9.0.3-22.el8.noarch python3-setuptools-39.2.0-7.el8.noarch python36-3.6.8-38.module+el8.5.0+12207+5c5719bc.x86_64Complete!
安裝好以后,查看python3和pip3的版本:
[root@api.kai1211.cp.fyre.ibm.com ~]# python3 --version
Python 3.6.8
[root@api.kai1211.cp.fyre.ibm.com ~]# pip3 -V
pip 9.0.3 from /usr/lib/python3.6/site-packages (python 3.6)
注:如果已有python3,則可以下載安裝pip3。
下載 get-pip.py 文件:
curl https://bootstrap.pypa.io/get-pip.py -o get-pip.py
安裝pip3:
python3 get-pip.py
在OCP端安裝kubernetes
在OCP端安裝kubernetes:
pip3 install kubernetes
注:如果報錯 AttributeError: module 'tarfile' has no attribute 'data_filter' ,則需升級pip3:
python3 -m pip install --upgrade pip
在OCP端安裝PyYAML
我沒有單獨做這一步,應該是在安裝kubernetes的同時,也安裝了滿足條件的PyYAML。
如果不滿足條件,則可能需要重新安裝kubernetes,詳見下面的“其它問題”。
第2次嘗試
再次運行 ansible-playbook test1.yml ,報錯如下:
TASK [task1] **************************************************************************************************************************************************************************************************************************************
An exception occurred during task execution. To see the full traceback, use -vvv. The error was: ansible_collections.kubernetes.core.plugins.module_utils.k8s.exceptions.CoreException: Could not create API client: Invalid kube-config file. No configuration found.
fatal: [api.kai1212.cp.fyre.ibm.com]: FAILED! => {"changed": false, "msg": "Could not create API client: Invalid kube-config file. No configuration found."}
這是因為我們沒有指定config文件。默認的config文件是 ~/.kube/config 。
在OCP端配置config文件
在OCP端,找到kube config文件,將其復制到 ~/.kube/ 目錄下:
cp /root/auth/kubeconfig ~/.kube/config
第3次嘗試
再次運行 ansible-playbook test1.yml ,這次終于成功了:
TASK [task1] **************************************************************************************************************************************************************************************************************************************
ok: [api.kai1212.cp.fyre.ibm.com]TASK [task2] **************************************************************************************************************************************************************************************************************************************
ok: [api.kai1212.cp.fyre.ibm.com] => {"msg": {"api_found": true,"changed": false,"failed": false,"resources": []}
}
運行成功,只不過沒找到 myns1 namespace,獲取到的信息為空。
其它問題
PyYAML
如果遇到如下報錯:
ERROR: Cannot uninstall 'PyYAML'. It is a distutils installed project and thus we cannot accurately determine which files belong to it which would lead to only a partial uninstall.
解決方法為:
pip3 install --ignore-installed PyYAML
pip3 install kubernetes
安裝/更新kubectl(可選)
下載 kubectl :
curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"
添加 x 屬性:
chmod +x kubectl
將其放到 /usr/bin/ 目錄下:
mv kubectl /usr/bin/
查看版本,比如:
[root@kai12101 ~]# kubectl version
Client Version: v1.28.4
Kustomize Version: v5.0.4-0.20230601165947-6ce0bf390ce3
The connection to the server localhost:8080 was refused - did you specify the right host or port?
kubernetes.core.k8s
前面通過 kubernetes.core.k8s_info 來讀取信息,接下來我們通過 kubernetes.core.k8s 來操作k8s,比如創建一個namespace。
創建文件 test2.yml 如下:
---
- hosts: alltasks:- name: task1kubernetes.core.k8s:name: myns1api_version: v1kind: Namespacestate: present
運行結果如下:
[root@kairedhat91 ~]# ansible-playbook test2.yml
......
......
TASK [task1] **************************************************************************************************************************************************************************************************************************************
changed: [api.kai1212.cp.fyre.ibm.com]
最后,我們再次運行 test1.yml ,獲取namespace myns1 的信息,結果如下:
TASK [task1] **************************************************************************************************************************************************************************************************************************************
ok: [api.kai1212.cp.fyre.ibm.com]TASK [task2] **************************************************************************************************************************************************************************************************************************************
ok: [api.kai1212.cp.fyre.ibm.com] => {"msg": {"api_found": true,"changed": false,"failed": false,"resources": [{"apiVersion": "v1","kind": "Namespace","metadata": {"annotations": {"openshift.io/sa.scc.mcs": "s0:c26,c15","openshift.io/sa.scc.supplemental-groups": "1000680000/10000","openshift.io/sa.scc.uid-range": "1000680000/10000"},"creationTimestamp": "2023-12-12T01:07:08Z","labels": {"kubernetes.io/metadata.name": "myns1","pod-security.kubernetes.io/audit": "restricted","pod-security.kubernetes.io/audit-version": "v1.24","pod-security.kubernetes.io/warn": "restricted","pod-security.kubernetes.io/warn-version": "v1.24"},"managedFields": [{"apiVersion": "v1","fieldsType": "FieldsV1","fieldsV1": {"f:metadata": {"f:labels": {"f:pod-security.kubernetes.io/audit": {},"f:pod-security.kubernetes.io/audit-version": {},"f:pod-security.kubernetes.io/warn": {},"f:pod-security.kubernetes.io/warn-version": {}}}},"manager": "pod-security-admission-label-synchronization-controller","operation": "Apply","time": "2023-12-12T01:07:08Z"},{"apiVersion": "v1","fieldsType": "FieldsV1","fieldsV1": {"f:metadata": {"f:labels": {".": {},"f:kubernetes.io/metadata.name": {}}}},"manager": "OpenAPI-Generator","operation": "Update","time": "2023-12-12T01:07:08Z"},{"apiVersion": "v1","fieldsType": "FieldsV1","fieldsV1": {"f:metadata": {"f:annotations": {".": {},"f:openshift.io/sa.scc.mcs": {},"f:openshift.io/sa.scc.supplemental-groups": {},"f:openshift.io/sa.scc.uid-range": {}}}},"manager": "cluster-policy-controller","operation": "Update","time": "2023-12-12T01:07:08Z"}],"name": "myns1","resourceVersion": "37555","uid": "7e4dcd8b-eae2-4f4a-8153-b229e279b0c4"},"spec": {"finalizers": ["kubernetes"]},"status": {"phase": "Active"}}]}
}
可見,成功獲取了namespace myns1 的信息。
參考
https://blog.csdn.net/qq_55977540/article/details/120235601https://blog.csdn.net/weixin_41010198/article/details/103852838https://blog.51cto.com/99cloud/2336420https://docs.ansible.com/ansible/latest/collections/kubernetes/core/k8s_info_module.htmlhttps://docs.ansible.com/ansible/latest/collections/kubernetes/core/k8s_module.htmlhttps://www.runoob.com/w3cnote/python-pip-install-usage.htmlhttps://mirrors.aliyun.com/epel/9/Everything/x86_64/
)
)
![[GPT]Andrej Karpathy微軟Build大會GPT演講(上)--GPT如何訓練](http://pic.xiahunao.cn/[GPT]Andrej Karpathy微軟Build大會GPT演講(上)--GPT如何訓練)
)