5 预配实例
本节介绍如何使用区块链平台管理器预配 Oracle Blockchain Platform 实例。
创建 Oracle Blockchain Platform 实例之前
在预配 Oracle Blockchain Platform 之前,请确定开发人员或企业实例是否满足您的需求。
确定要使用的预配配置
预配实例时,您可以在两种配置之间进行选择。当前不支持在这些选项之间迁移。
| 配置 | 功能 |
|---|---|
| 开发人员 推荐使用此启动形状的用途是开发和评估。 |
|
| 企业 高可用性实例配置,每个服务的副本数更高。 |
|
使用区块链平台管理器预配实例
要在区块链平台管理器中创建区块链创始人或参与者实例,请使用“创建新实例”向导。
您可以预配两种类型的 Oracle Blockchain Platform 实例:
-
创始人组织:完整的区块链环境,包括参与者可以稍后加入的新网络。
-
参与者实例:如果已经有要加入的创始组织,则如果您的身份证明向您提供对网络的访问权限,则可以创建参与者实例。请注意,参与者不能自行工作。
预配先决条件
在访问 Oracle Blockchain Platform 服务控制台之前,请为区块链实例服务配置主机名解析,与之前为区块链平台管理器主机名所做的类似。使用以下命令获取创建的区块链实例的主机名列表:
kubectl get virtualservice -n <instance-namespace> -o json | jq -r
.items[].spec.hosts[0]在访问 Oracle Blockchain Platform 服务控制台之前,请为区块链实例服务配置主机名解析,类似于您之前为 Blockchain Platform Manager 主机名所做的配置。使用以下命令获取创建的区块链实例的主机名列表:
kubectl get virtualservice -n <instance-namespace> -o json | jq -r
.items[].spec.hosts[0]创建 Oracle Blockchain Platform Enterprise Edition 实例后,必须配置 DNS,以便可以从 OpenShift 本地网络解析组件的公共主机名。
创建实例后,实例名称和父域将用作 Oracle Blockchain Platform Enterprise Edition 组件的子域。必须在 OpenShift 的默认 DNS 配置上设置 DNS 转发,以便将 DNS 请求转发到解析公开服务的定制 DNS 云池。完成以下步骤以配置 DNS 转发。
- 运行以下命令。
oc new-project obp-coredns - 通过运行以下命令在
obp-coredns名称空间中部署定制coredns服务器。
将以下清单文件与命令一起使用。kubectl apply -f <coredns-deployment-yaml-file>apiVersion: v1 kind: ConfigMap metadata: name: coredns namespace: obp-coredns data: Corefile: |- .:1053 { errors health { lameduck 5s } ready kubernetes cluster.local in-addr.arpa ip6.arpa { pods insecure fallthrough in-addr.arpa ip6.arpa } prometheus :9153 forward . /etc/resolv.conf cache 30 loop reload loadbalance } import custom/*.server --- apiVersion: apps/v1 kind: Deployment metadata: labels: app: obp-coredns name: obp-coredns namespace: obp-coredns spec: progressDeadlineSeconds: 600 replicas: 1 revisionHistoryLimit: 10 selector: matchLabels: app: obp-coredns strategy: type: RollingUpdate template: metadata: labels: app: obp-coredns spec: containers: - args: - -conf - /etc/coredns/Corefile image: docker.io/coredns/coredns:latest imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 5 httpGet: path: /health port: 8080 scheme: HTTP initialDelaySeconds: 60 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 5 name: coredns ports: - containerPort: 1053 name: dns protocol: UDP - containerPort: 1053 name: dns-tcp protocol: TCP - containerPort: 9153 name: metrics protocol: TCP readinessProbe: failureThreshold: 3 httpGet: path: /ready port: 8181 scheme: HTTP periodSeconds: 10 successThreshold: 1 timeoutSeconds: 1 resources: limits: memory: 170Mi requests: cpu: 100m memory: 70Mi securityContext: allowPrivilegeEscalation: false capabilities: add: - NET_BIND_SERVICE drop: - all readOnlyRootFilesystem: true terminationMessagePath: /dev/termination-log terminationMessagePolicy: File volumeMounts: - mountPath: /etc/coredns name: config-volume readOnly: true - mountPath: /etc/coredns/custom name: custom-config-volume readOnly: true dnsPolicy: Default restartPolicy: Always schedulerName: default-scheduler securityContext: {} serviceAccount: obp-coredns serviceAccountName: obp-coredns terminationGracePeriodSeconds: 30 volumes: - configMap: defaultMode: 420 items: - key: Corefile path: Corefile name: coredns name: config-volume - configMap: defaultMode: 420 name: coredns-custom optional: true name: custom-config-volume --- apiVersion: v1 kind: Service metadata: labels: app: obp-coredns name: obp-coredns namespace: obp-coredns spec: ports: - name: dns port: 53 protocol: UDP targetPort: 1053 - name: dns-tcp port: 53 protocol: TCP targetPort: 1053 - name: metrics port: 9153 protocol: TCP targetPort: 9153 selector: app: obp-coredns sessionAffinity: None type: ClusterIP --- apiVersion: v1 kind: ServiceAccount metadata: name: obp-coredns namespace: obp-coredns --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: obp-coredns rules: - apiGroups: - "" resources: - endpoints - services - pods - namespaces verbs: - list - watch - apiGroups: - "" resources: - nodes verbs: - get - apiGroups: - discovery.k8s.io resources: - endpointslices verbs: - list - watch --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: obp-coredns roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: obp-coredns subjects: - kind: ServiceAccount name: obp-coredns namespace: obp-coredns - 为您的区块链实例创建 YAML 格式的
coredns-custom-configmap文件。
在前面的示例中,apiVersion: v1 kind: ConfigMap metadata: name: coredns-custom namespace: obp-coredns data: obp.server: |2 <instanceName>.<domain>:1053 { log kubernetes cluster.local in-addr.arpa ip6.arpa { pods insecure fallthrough in-addr.arpa ip6.arpa } rewrite stop { name regex (.*)\.<instanceName>\.<domain>\.com istio-ingressgateway.istio-system.svc.cluster.local answer auto } forward . /etc/resolv.conf }<instanceName>是实例的名称,<domain>是创建实例时传递的域。 - 运行以下命令以应用定制
ConfigMap对象。kubectl apply -f <coredns-custom-configmap-yaml-file> - 运行以下命令以获取群集 IP 地址。记录 IP 地址。
kubectl get svc -n obp-coredns - 运行以下命令以编辑 OpenShift DNS 定制资源。
kubectl edit dnses.operator/default - 更新 DNS 定制资源的区域部分以使用您的实例和域名,如以下示例中所示。
在前面的示例中,## Add the following section to the dns custom resource under spec servers: - forwardPlugin: policy: Random upstreams: - 192.0.2.233 name: obp-server zones: - <instanceName>.<domain><instanceName>是实例的名称,<domain>是父域。 - 要添加新实例,请将条目添加到
coredns-custom-configmap文件并更新新实例域的 OpenShift DNS 定制资源,如以下示例中所示:
您必须停止并重新启动使用区块链平台管理器进行 DNS 更改的区块链平台实例才能生效。apiVersion: v1 kind: ConfigMap metadata: name: coredns-custom namespace: obp-coredns data: obp.server: |2 myobp.example.com:1053 { log kubernetes cluster.local in-addr.arpa ip6.arpa { pods insecure fallthrough in-addr.arpa ip6.arpa } rewrite stop { name regex (.*)\.myobp\.example\.com istio-ingressgateway.istio-system.svc.cluster.local answer auto } forward . /etc/resolv.conf } otherobp.example.org:1053 { log kubernetes cluster.local in-addr.arpa ip6.arpa { pods insecure fallthrough in-addr.arpa ip6.arpa } rewrite stop { name regex (.*)\.otherobp\.example\.org istio-ingressgateway.istio-system.svc.cluster.local answer auto } forward . /etc/resolv.conf } ## Edit the Openshift's DNS custom resource kubectl edit dnses.operator/default ## Add the new instance domain to the existing .spec.servers.zones servers: - forwardPlugin: policy: Random upstreams: - 192.0.2.233 name: obp-server zones: - myobp.example.com - otherobp.example.org
配置 DNS
创建 Oracle Blockchain Platform Enterprise Edition 实例后,必须配置 DNS,以便可以从 OpenShift 本地网络解析组件的公共主机名。
创建实例后,实例名称和父域将用作 Oracle Blockchain Platform Enterprise Edition 组件的子域。必须在 OpenShift 的默认 DNS 配置上设置 DNS 转发,以便将 DNS 请求转发到解析公开服务的定制 DNS 云池。完成以下步骤以配置 DNS 转发。
- 运行以下命令。
oc new-project obp-coredns - 通过运行以下命令在
obp-coredns名称空间中部署定制coredns服务器。
将以下清单文件与命令一起使用。kubectl apply -f <coredns-deployment-yaml-file>apiVersion: v1 kind: ConfigMap metadata: name: coredns namespace: obp-coredns data: Corefile: |- .:1053 { errors health { lameduck 5s } ready kubernetes cluster.local in-addr.arpa ip6.arpa { pods insecure fallthrough in-addr.arpa ip6.arpa } prometheus :9153 forward . /etc/resolv.conf cache 30 loop reload loadbalance } import custom/*.server --- apiVersion: apps/v1 kind: Deployment metadata: labels: app: obp-coredns name: obp-coredns namespace: obp-coredns spec: progressDeadlineSeconds: 600 replicas: 1 revisionHistoryLimit: 10 selector: matchLabels: app: obp-coredns strategy: type: RollingUpdate template: metadata: labels: app: obp-coredns spec: containers: - args: - -conf - /etc/coredns/Corefile image: docker.io/coredns/coredns:latest imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 5 httpGet: path: /health port: 8080 scheme: HTTP initialDelaySeconds: 60 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 5 name: coredns ports: - containerPort: 1053 name: dns protocol: UDP - containerPort: 1053 name: dns-tcp protocol: TCP - containerPort: 9153 name: metrics protocol: TCP readinessProbe: failureThreshold: 3 httpGet: path: /ready port: 8181 scheme: HTTP periodSeconds: 10 successThreshold: 1 timeoutSeconds: 1 resources: limits: memory: 170Mi requests: cpu: 100m memory: 70Mi securityContext: allowPrivilegeEscalation: false capabilities: add: - NET_BIND_SERVICE drop: - all readOnlyRootFilesystem: true terminationMessagePath: /dev/termination-log terminationMessagePolicy: File volumeMounts: - mountPath: /etc/coredns name: config-volume readOnly: true - mountPath: /etc/coredns/custom name: custom-config-volume readOnly: true dnsPolicy: Default restartPolicy: Always schedulerName: default-scheduler securityContext: {} serviceAccount: obp-coredns serviceAccountName: obp-coredns terminationGracePeriodSeconds: 30 volumes: - configMap: defaultMode: 420 items: - key: Corefile path: Corefile name: coredns name: config-volume - configMap: defaultMode: 420 name: coredns-custom optional: true name: custom-config-volume --- apiVersion: v1 kind: Service metadata: labels: app: obp-coredns name: obp-coredns namespace: obp-coredns spec: ports: - name: dns port: 53 protocol: UDP targetPort: 1053 - name: dns-tcp port: 53 protocol: TCP targetPort: 1053 - name: metrics port: 9153 protocol: TCP targetPort: 9153 selector: app: obp-coredns sessionAffinity: None type: ClusterIP --- apiVersion: v1 kind: ServiceAccount metadata: name: obp-coredns namespace: obp-coredns --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: obp-coredns rules: - apiGroups: - "" resources: - endpoints - services - pods - namespaces verbs: - list - watch - apiGroups: - "" resources: - nodes verbs: - get - apiGroups: - discovery.k8s.io resources: - endpointslices verbs: - list - watch --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: obp-coredns roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: obp-coredns subjects: - kind: ServiceAccount name: obp-coredns namespace: obp-coredns - 为您的区块链实例创建 YAML 格式的
coredns-custom-configmap文件。
在前面的示例中,apiVersion: v1 kind: ConfigMap metadata: name: coredns-custom namespace: obp-coredns data: obp.server: |2 <instanceName>.<domain>:1053 { log kubernetes cluster.local in-addr.arpa ip6.arpa { pods insecure fallthrough in-addr.arpa ip6.arpa } rewrite stop { name regex (.*)\.<instanceName>\.<domain>\ istio-ingressgateway.istio-system.svc.cluster.local answer auto } forward . /etc/resolv.conf }<instanceName>是实例的名称,<domain>是父域。 - 运行以下命令以应用定制
ConfigMap对象。kubectl apply -f <coredns-custom-configmap-yaml-file> - 运行以下命令以获取群集 IP 地址。记录 IP 地址。
kubectl get svc -n obp-coredns - 运行以下命令以编辑 OpenShift DNS 定制资源。
kubectl edit dnses.operator/default - 更新 DNS 定制资源的区域部分以使用您的实例和域名,如以下示例中所示。
在前面的示例中,## Add the following section to the dns custom resource under spec servers: - forwardPlugin: policy: Random upstreams: - 192.0.2.233 name: obp-server zones: - <instanceName>.<domain><instanceName>是实例的名称,<domain>是父域。 - 要添加新实例,请将条目添加到
coredns-custom-configmap文件,并更新新实例域的 OpenShift DNS 定制资源,如以下示例中所示。
必须停止并重新启动实例,DNS 更改才能生效。apiVersion: v1 kind: ConfigMap metadata: name: coredns-custom namespace: obp-coredns data: obp.server: |2 myobp.example.com:1053 { log kubernetes cluster.local in-addr.arpa ip6.arpa { pods insecure fallthrough in-addr.arpa ip6.arpa } rewrite stop { name regex (.*)\.myobp\.example\.com istio-ingressgateway.istio-system.svc.cluster.local answer auto } forward . /etc/resolv.conf } otherobp.example.org:1053 { log kubernetes cluster.local in-addr.arpa ip6.arpa { pods insecure fallthrough in-addr.arpa ip6.arpa } rewrite stop { name regex (.*)\.otherobp\.example\.org istio-ingressgateway.istio-system.svc.cluster.local answer auto } forward . /etc/resolv.conf } ## Edit the Openshift's DNS custom resource kubectl edit dnses.operator/default ## Add the new instance domain to the existing .spec.servers.zones servers: - forwardPlugin: policy: Random upstreams: - 192.0.2.233 name: obp-server zones: - myobp.example.com - otherobp.example.org
在访问 Oracle Blockchain Platform 服务控制台之前,请为区块链实例服务配置主机名解析,类似于您之前为 Blockchain Platform Manager 主机名所做的配置。使用以下命令获取创建的区块链实例的主机名列表:
kubectl get virtualservice -n <instance-namespace> -o json | jq -r
.items[].spec.hosts[0]将其他节点添加到集群
由于集群中的节点不足,实例创建可能会失败。如果发生这种情况,您可能需要向群集添加更多节点。
- 运行以下命令检查处于 "Pending"(暂挂)状态的云池:
此外,您还可以检查是否有云池可用:kubectl get pods -n <instancename> | grep Pendingkubectl get pods -n instancename - 接下来,检查可用的 worker 节点:
kubectl get nodes | grep worker - 要检查是否有节点可用于获取新 pod,请针对每个 worker 节点运行以下命令:
其中 <worker_node> 是 worker 节点的名称。确保 worker 节点的容量不超过 100%。kubectl describe node $<worker_node> - 要添加其他节点,请首先获取群集中的 MachineSets 数量:
oc get machinesets -n openshift-machine-api - 对于少于 2 个节点的任何 MachineSets,请尝试扩展它们。
其中,<obpee00-qtthx-worker-eastus2> 是要将 MachineSet 扩展到 2 个节点的示例名称。oc scale --replicas=2 machineset <obpee00-qtthx-worker-eastus2> -n openshift-machine-api - 再次查询 MachineSets,直到就绪和可用节点列表达到您选择的节点数。
- 您现在可以重新部署失败的实例。
创建实例并将其列在“Instances(实例)”列表中后,您可以从实例名称旁边的菜单启动服务控制台。使用控制台配置网络,如 Using Oracle Blockchain Platform 中的 What's the Console?中所述。