作者归档:daban

CoreOS ISO引导安装

1. 从官网下载最新CoreOS ISO文件
https://stable.release.core-os.net/amd64-usr/current/coreos_production_iso_image.iso

2. 修改SSH配置
使用ISO文件引导Live CD,复制sshd_config文件
cd /etc/ssh
sudo mv sshd_config{,.bak}
sudo cp /usr/share/ssh/sshd_config .
sudo vi sshd_config
增加一行PermitRootLogin yes
sudo systemctl restart sshd
sudo passwd root

3. 通过SSH将ignition.json复制到服务器
ignition.json文件内容如下

{
  "ignition": {
    "config": {},
    "timeouts": {},
    "version": "2.1.0"
  },
  "networkd": {},
  "passwd": {
    "users": [
      {
        "name": "core",
        "sshAuthorizedKeys": [
          "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDGdByTgSVHq......."
        ]
      }
    ]
  },
  "storage": {},
  "systemd": {}
}

4. 将CoreOS安装到磁盘
sudo coreos-install -d /dev/sda -C stable -i ~/ignition.json

Docker Compose安装

两进制安装:

sudo curl -L https://github.com/docker/compose/releases/download/1.21.2/docker-compose-$(uname -s)-$(uname -m) \
-o /usr/local/bin/docker-compose
sudo chmod +x /usr/local/bin/docker-compose
$ docker-compose --version
docker-compose version 1.21.2, build a133471

pip安装:

pip install docker-compose

在CentOS 7上安装Docker CE

安装所需的包:

yum install -y yum-utils device-mapper-persistent-data lvm2

安装docker的repo:

sudo yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo

安装docker ce:

yum install docker-ce

启动docker:

systemctl start docker

验证docker:

docker run hello-world

配置docker国内镜像:
编辑/etc/docker/daemon.json,添加以下一行

{
  "registry-mirrors": ["https://registry.docker-cn.com"]
}

重新启动docker:

systemctl restart docker

如要安装指定的旧版本则需要使用rpm安装,比如安装17.03.2.ce版本

yum remove -y docker-ce container-selinux
rm -rf /var/lib/docker
curl -O https://mirrors.aliyun.com/docker-ce/linux/centos/7/x86_64/stable/Packages/docker-ce-17.03.2.ce-1.el7.centos.x86_64.rpm
curl -O https://mirrors.aliyun.com/docker-ce/linux/centos/7/x86_64/stable/Packages/docker-ce-selinux-17.03.2.ce-1.el7.centos.noarch.rpm
rpm -Uvh docker-ce*17.03.2.ce*.rpm

使用stunnel连接squid

安装stunnel及squid等
yum install stunnel squid openssl openssl-devel -y

配置并启用squid服务
systemctl enable squid
systemctl start squid

创建stunnel配置文件
cp /usr/share/doc/stunnel-4.56/stunnel.conf-sample /etc/stunnel/stunnel.conf
vi /etc/stunnel/stunnel.conf
在Service definitions处加入
[squid]
accept = 8888
connect = 127.0.0.1:3128
cert = /etc/stunnel/stunnel.pem

创建stunnel密钥
openssl genrsa -out key.pem 2048
openssl req -new -x509 -key key.pem -out cert.pem -days 3650
cat key.pem cert.pem >> /etc/stunnel/stunnel.pem

创建stunnel运行目录
mkdir /var/run/stunnel
chown nobody:nobody /var/run/stunnel

创建stunnel启动脚本
vi /etc/systemd/system/stunnel.service
; systemd script for stunnel. Please put this file in
; /etc/systemd/system/stunnel.service or /usr/lib/systemd/system/stunnel.service
[Unit]
Description=SSL tunnel for network daemons
After=syslog.target
[Service]
ExecStart=/usr/bin/stunnel /etc/stunnel/stunnel.conf
ExecStop=kill -9 $(pgrep stunnel)
ExecStatus=pgrep stunnel
Type=forking
[Install]
WantedBy=multi-user.target

配置并启用stunnel服务
systemctl enable stunnel
systemctl start stunnel

下载stunnel客户端
https://www.stunnel.org/downloads.html

修改客户端stunnel.conf配置,在Service definitions处加入
[squid]
client = yes
accept = 127.0.0.1:8080
connect = X.X.X.X:8888
cert = stunnel.pem

NetScaler VPX与VMware ESXi Patch 201410001兼容问题

在更新了ESXi550-201410001 (Build 2143827)或ESXi510-201410001 (Build 219751)补丁后,NetScaler VPX网卡工作不正常,表现为性能低下,无法登录GUI,ping丢失。

目前的解决方案如下:

  1. 登录VPX
  2. > shell
  3. root@ns# cd /flash/boot
  4. root@ns# vi loader.conf.local
    添加hw.em.txd=512
  5. root@ns# reboot

http://support.citrix.com/article/CTX200278

RHEL6与RHEL7的变化(转)

System and command changes between RHEL 6 and RHEL 7

Between RHEL6 and RHEL7 there are a number of changes to tools, commands, and workflows. Changes that are likely to affect common administrative tasks are listed here:

  • Anaconda RHEL installer completely redesigned1
  • Legacy GRUB boot loader replaced by GRUB22
  • Procedure for bypassing root password prompt at boot completely different3
  • SysV init system and all related tools replaced by systemd4
  • ext4 replaced by xfs as default filesystem type5
  • Directories /bin, /sbin, /lib and /lib64 are now all under the /usr directory6
  • Network interfaces have a new naming scheme based on physical device location (e.g., eth0 might become enp0s3)7
  • ntpd replaced by chronyd as the default network time protocol daemon8
  • GNOME2 replaced by GNOME3 as default desktop environment9
  • System registration and subscription now handled exclusively with Red Hat Subscription Management (RHSM)10
  • MySQL replaced by Mariadb11
  • tgtd replaced by targetcli12
  • High Availability Add-On: RGManager removed as resource-management option (in favor of Pacemaker); all CMAN features merged into Corosync (qdiskd replaced by votequorum plugin); all tools unified into pcs13
  • ifconfig and route commands are further deprecated in favor of ip
  • netstat further deprecated in favor of ss
  • System user UID range extended from 0-499 to 0-999
  • locate no longer available by default; (available as mlocate package)
  • nc (netcat) replaced by nmap-ncat

See footnotes for additional detail about these changes.

继续阅读

CentOS 7 (RHEL 7)服务管理命令的变化

CentOS 7 (RHEL 7)带来了新的服务管理命令,为了保持兼容原有的命令仍可以使用,以下是新旧命令的对照。

启动、停止、重启、重载、检查服务:
6: service httpd start|stop|restart|reload|status
7: systemctl start|stop|restart|reload|status httpd.service

允许、禁止服务自启动:
6: chkconfig httpd on|off
7: system enable|disable httpd.service

列出服务:
6: chkconfig –list
7: systemctl list-unit-files –type=service 或 ls /etc/systemd/system/*.wants/

添加服务:
6: chkconfig httpd –add
7: systemctl daemon-reload

使用PowerCLI批量修改虚拟机内存

由于要修改一批VDI机器的内存,数量比较多,就拿出了PowerCLI来进行批量修改,命令如下:

Connect-VIServer -Server vcenter.test.local -User admin -Password password

$VMs = Get-Cluster “Cluster” | Get-VM | Where { $_.Name -like “vdi-*” }

ForEach ($VM in $VMs) { Set-VM $VM -MemoryMB 2176 -Confirm:$False }

VMware vSphere 6.0 新特性预览

VMware可能在今年10月发布新版本的VMware vSphere虚拟化软件,版本号为6.0,以下是在6.0版本里可能增加的特性:

  1. 支持新的硬件、新的操作系统。加入了对OpenStack云的支持。客户机操作系统可能会增加FreeBSD 10.0、Chrome OS等。
  2. 增加了系统的最大配置:单个虚拟机最大支持128个vCPU和4TB内存,单ESX最多支持480个物理CPU、12TB内存、64TB存储、1000个虚拟机。并且虚拟机的图像性能得到提升。
  3. 增强了存储的可用性:支持VSAN、vVol、vFlash,并且vSphere Replication和SRM都得到增强。
  4. 支持NFSv4.1,并且支持Kerberos验证。
  5. vMotion增强:vMotion可以跨vCenter Server、跨vSwitch间进行,支持长距离(大于100毫秒延迟的网络)的vMotion。
  6. 支持多处理器的Fault Tolerance(SMP-FT):目前(5.x)的FT版本仅支持单vCPU的虚拟机,新版本可以支持4 vCPU的FT,将大大提高FT的实用性。
  7. 跨站点的内容库:使多个站点间的ISO镜像、虚拟机模板等管理简单化,保持各站点文件的统一性。