k8s-离线安装coreos

webtet

1.安装准备

下载iso

前往页面https://coreos.com/os/docs/latest/booting-with-iso.html

版本：stable 1465.7.0

日期：2017.09.26

准备ignition.json

{
"ignition": {
"version": "2.0.0",
"config": {}
},
"storage": {
"files": [
{
"filesystem": "root",
"path": "/etc/hostname",
"contents": {
"source": "data:,systech01",
"verification": {}
},
"mode": 420,
"user": {},
"group": {}
},{
"filesystem": "root",
"path": "/etc/hosts",
"contents": {
"source": "data:,127.0.0.1%09localhost%0A127.0.0.1%20systech01",
"verification": {}
},
"mode": 420,
"user": {},
"group": {}
}     
]
},
"systemd": {
"units": [
{
"name": "settimezone.service",
"enable": true,
"contents": "[Unit]\nDescription=time zone Asia/Shanghai\n[Service]\nExecStart=/usr/bin/timedatectl set-timezone Asia/Shanghai\nRemainAfterExit=yes\nType=oneshot  \n[Install]\nWantedBy=multi-user.target   \n"
}
]
},
"networkd": {
"units": [
{
"name": "00-static.network",
"contents": "[Match]\nName=eth0\n\n[Network]\nDNS=192.168.3.1\nAddress=192.168.3.101/24\nGateway=192.168.3.1\nDHCP=no      \n"
}
]
},
"passwd": {
"users": [
{
"name": "core",
"sshAuthorizedKeys": [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQA...kYoT8jhrw== mengkzhaoyun@gmail.com"
]
},{
"name": "root",
"passwordHash ": "$1$maTXmv6V$4UuGlRDpBZtipAhlPZ2/J0"
}
]
}
}

• /etc/hostname : 主机名
  
• /etc/hosts : 本地域名解析设置
  
• settimezone.service : 时区设置
  
• 00-static.network : 静态IP设置
  
• users : 为用户core配置sshkey登陆，root密码登陆(123456)
  

下载镜像安装文件

模板URL-https://${channel}.release.core-os.net/amd64-usr/${version}/xxx

例子-https://stable.release.core-os.net/amd64-usr/1465.7.0/version.txt
~/current/version.txt
~/1465.7.0/coreos_production_image.bin.bz2
~/1465.7.0/coreos_production_image.bin.bz2.DIGESTS
~/1465.7.0/coreos_production_image.bin.bz2.DIGESTS.asc
~/1465.7.0/coreos_production_image.bin.bz2.DIGESTS.sig
~/1465.7.0/coreos_production_image.bin.bz2.sig

搭建HTTP镜像服务器

使用python在本地建一个HTTP镜像服务器，默认使用8000端口http://192.168.3.99:8000

$ cd c:/coreos
$ python -m SimpleHTTPServer

将上面下载的文件拷贝至c:/coreos目录中

./ignition.json ./current/version.txt ./1465.7.0/coreos_production_image.bin.bz2 ./1465.7.0/coreos_production_image.bin.bz2.DIGESTS : ./1465.7.0/coreos_production_image.bin.bz2.DIGESTS.asc ./1465.7.0/coreos_production_image.bin.bz2.DIGESTS.sig ./1465.7.0/coreos_production_image.bin.bz2.sig

2.硬盘安装CoreOS

启动镜像

设置好虚拟机配置为Linux/coreos64，内存>1G，加载[Linux]coreos_1465.7.0_production_iso_image.iso启动镜像

注意：内存大小要大于1G，因为加载ISO时coreos将在内存里面跑，需要使用命令安装到本地的硬盘上。

安装coreos

# 下载 ignition.json
$ wget http://192.168.3.99:8000/ignition.json
# 安装命令
$ sudo coreos-install -b http://192.168.3.99:8000 -d /dev/sda -C stable -i ~/ignition.json

注意：/dev/sda指硬盘安装，由coreos维护的默认路径，指向硬盘根目录

3.其他

使用coreos-install安装coreos

[汪云飞2014.11.03]平台云基石-CoreOS之离线安装篇（无需互联网）

[涯余2015.01.21]Coreos 安装及配置

上面两篇博文很仔细的记录了ISO离线安装coreos的步骤，本文参考了部分内容。

为coreos设置静态IP

在/etc/systemd/network下新建一个文件00-static.network

[Match] Name=eth0 [Network] DNS=192.168.3.1 Address=192.168.3.231/24 Gateway=192.168.3.1 DHCP=no

eth0 : 默认的网卡名称，设置时请检查默认网卡的名称，使用(ip a)命令查看

然后重启网络服务

$ sudo systemctl daemon-reload
$ sudo systemctl restart systemd-networkd

如何生成password的hash

来源coreos官网，有以下几种生成hash的方式:

# On Debian/Ubuntu (via the package "whois")
mkpasswd --method=SHA-512 --rounds=4096
# OpenSSL (note: this will only make md5crypt.  While better than plantext it should not be considered fully secure)
openssl passwd -1
# Python (change password and salt values)
python -c "import crypt, getpass, pwd; print crypt.crypt('password', '\$6\$SALT\$')"
# Perl (change password and salt values)
perl -e 'print crypt("password","\$6\$SALT\$") . "\n"'

　　来自 <https://coreos.com/os/docs/latest/cloud-config.html>

上文使用openssl生成的hash，用于ignition.json中的示例

123456

$1$maTXmv6V$4UuGlRDpBZtipAhlPZ2/J0

镜像文件下载

百度云分享

http://pan.baidu.com/s/1o81GAbo