CentOS Atomic主机是一个专为执行Docker容器而设的轻量操作系统,它创建自标准的CentOS 7组件,并追随Red Hat企业级Linux Atomic主机的组件版本。
更多内容可查看Atomic项目主页http://www.projectatomic.io/
以下下载地址来源于CentOS网站:https://wiki.centos.org/SpecialInterestGroup/Atomic/Download
未压缩qcow2格式下载链接
xz压缩qcow2格式下载链接
gz压缩qcow2格式下载链接
ISO镜像下载链接
OpenShift Origin 3.9离线部署方法
OpenShift Origin是一款开源的容器云平台,对应的商业版本是Red Hat OpenShift。OpenShift以Docker为容器运行环境、K8S为容器编排,加上一系列自动化工具构成了整个平台。
OpenShift安装先决条件:Docker
修改Docker配置文件
cat << EOF > /etc/docker/daemon.json { "registry-mirrors": ["https://registry.docker-cn.com"], "insecure-registries": ["172.30.0.0/16"] } EOF systemctl restart docker
从GitHub下载最新程序文件:https://github.com/openshift/origin/releases
本文将以3.9版本为基础,因此下载客户端:openshift-origin-client-tools-v3.9.0-191fece-linux-64bit.tar.gz
将下载的文件上传至服务器,然后解压:
tar -xvzf openshift-origin-client-tools-v3.9.0-191fece-linux-64bit.tar.gz cp openshift-origin-client-tools-v3.9.0-191fece-linux-64bit/oc /usr/local/bin
执行启动命令,192.168.1.41为服务器IP,启动后会自动下载所需的镜像文件
oc cluster up --public-hostname=192.168.1.41
使用Docker部署单节点etcd
为了能使Docker外的系统访问到etcd服务,需要通过docker inspect获得容器的IP。或者也可以通过参数–net=host使容器使用主机的网络。
export NODE1=192.168.1.21 docker run \ -p 2379:2379 \ -p 2380:2380 \ --volume=${DATA_DIR}:/etcd-data \ --name etcd quay.io/coreos/etcd:latest \ /usr/local/bin/etcd \ --data-dir=/etcd-data --name node1 \ --initial-advertise-peer-urls http://${NODE1}:2380 --listen-peer-urls http://${NODE1}:2380 \ --advertise-client-urls http://${NODE1}:2379 --listen-client-urls http://${NODE1}:2379 \ --initial-cluster node1=http://${NODE1}:2380 etcdctl --endpoints=http://${NODE1}:2379 member list
将容器作为systemd服务来运行
编写/etc/systemd/system/myapp.service内容如下
[Unit] Description=MyApp After=docker.service Requires=docker.service [Service] TimeoutStartSec=0 ExecStartPre=-/usr/bin/docker kill busybox1 ExecStartPre=-/usr/bin/docker rm busybox1 ExecStartPre=/usr/bin/docker pull busybox ExecStart=/usr/bin/docker run --name busybox1 busybox /bin/sh -c "trap 'exit 0' INT TERM; while true; do echo Hello World; sleep 1; done" [Install] WantedBy=multi-user.target
配置作为服务自动启动
sudo systemctl enable myapp.service
sudo systemctl start myapp.service
检查服务运行状态
journalctl -f -u hello.service
CoreOS ISO引导安装
1. 从官网下载最新CoreOS ISO文件
https://stable.release.core-os.net/amd64-usr/current/coreos_production_iso_image.iso
2. 修改SSH配置
使用ISO文件引导Live CD,复制sshd_config文件
cd /etc/ssh
sudo mv sshd_config{,.bak}
sudo cp /usr/share/ssh/sshd_config .
sudo vi sshd_config
增加一行PermitRootLogin yes
sudo systemctl restart sshd
sudo passwd root
3. 通过SSH将ignition.json复制到服务器
ignition.json文件内容如下
{ "ignition": { "config": {}, "timeouts": {}, "version": "2.1.0" }, "networkd": {}, "passwd": { "users": [ { "name": "core", "sshAuthorizedKeys": [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDGdByTgSVHq......." ] } ] }, "storage": {}, "systemd": {} } |
4. 将CoreOS安装到磁盘
sudo coreos-install -d /dev/sda -C stable -i ~/ignition.json
Docker Compose安装
两进制安装:
sudo curl -L https://github.com/docker/compose/releases/download/1.21.2/docker-compose-$(uname -s)-$(uname -m) \ -o /usr/local/bin/docker-compose sudo chmod +x /usr/local/bin/docker-compose $ docker-compose --version docker-compose version 1.21.2, build a133471
pip安装:
pip install docker-compose
在CentOS 7上安装Docker CE
安装所需的包:
yum install -y yum-utils device-mapper-persistent-data lvm2
安装docker的repo:
sudo yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
安装docker ce:
yum install docker-ce
启动docker:
systemctl start docker
验证docker:
docker run hello-world
配置docker国内镜像:
编辑/etc/docker/daemon.json,添加以下一行
{
"registry-mirrors": ["https://registry.docker-cn.com"]
}
重新启动docker:
systemctl restart docker
如要安装指定的旧版本则需要使用rpm安装,比如安装17.03.2.ce版本
yum remove -y docker-ce container-selinux rm -rf /var/lib/docker curl -O https://mirrors.aliyun.com/docker-ce/linux/centos/7/x86_64/stable/Packages/docker-ce-17.03.2.ce-1.el7.centos.x86_64.rpm curl -O https://mirrors.aliyun.com/docker-ce/linux/centos/7/x86_64/stable/Packages/docker-ce-selinux-17.03.2.ce-1.el7.centos.noarch.rpm rpm -Uvh docker-ce*17.03.2.ce*.rpm
使用stunnel连接squid
安装stunnel及squid等
yum install stunnel squid openssl openssl-devel -y
配置并启用squid服务
systemctl enable squid
systemctl start squid
创建stunnel配置文件
cp /usr/share/doc/stunnel-4.56/stunnel.conf-sample /etc/stunnel/stunnel.conf
vi /etc/stunnel/stunnel.conf
在Service definitions处加入
[squid]
accept = 8888
connect = 127.0.0.1:3128
cert = /etc/stunnel/stunnel.pem
创建stunnel密钥
openssl genrsa -out key.pem 2048
openssl req -new -x509 -key key.pem -out cert.pem -days 3650
cat key.pem cert.pem >> /etc/stunnel/stunnel.pem
创建stunnel运行目录
mkdir /var/run/stunnel
chown nobody:nobody /var/run/stunnel
创建stunnel启动脚本
vi /etc/systemd/system/stunnel.service
; systemd script for stunnel. Please put this file in
; /etc/systemd/system/stunnel.service or /usr/lib/systemd/system/stunnel.service
[Unit]
Description=SSL tunnel for network daemons
After=syslog.target
[Service]
ExecStart=/usr/bin/stunnel /etc/stunnel/stunnel.conf
ExecStop=kill -9 $(pgrep stunnel)
ExecStatus=pgrep stunnel
Type=forking
[Install]
WantedBy=multi-user.target
配置并启用stunnel服务
systemctl enable stunnel
systemctl start stunnel
下载stunnel客户端
https://www.stunnel.org/downloads.html
修改客户端stunnel.conf配置,在Service definitions处加入
[squid]
client = yes
accept = 127.0.0.1:8080
connect = X.X.X.X:8888
cert = stunnel.pem
NetScaler VPX与VMware ESXi Patch 201410001兼容问题
在更新了ESXi550-201410001 (Build 2143827)或ESXi510-201410001 (Build 219751)补丁后,NetScaler VPX网卡工作不正常,表现为性能低下,无法登录GUI,ping丢失。
目前的解决方案如下:
- 登录VPX
- > shell
- root@ns# cd /flash/boot
- root@ns# vi loader.conf.local
添加hw.em.txd=512 - root@ns# reboot
http://support.citrix.com/article/CTX200278
RHEL6与RHEL7的变化(转)
System and command changes between RHEL 6 and RHEL 7
Between RHEL6 and RHEL7 there are a number of changes to tools, commands, and workflows. Changes that are likely to affect common administrative tasks are listed here:
- Anaconda RHEL installer completely redesigned1
- Legacy GRUB boot loader replaced by GRUB22
- Procedure for bypassing root password prompt at boot completely different3
- SysV init system and all related tools replaced by systemd4
- ext4 replaced by xfs as default filesystem type5
- Directories /bin, /sbin, /lib and /lib64 are now all under the /usr directory6
- Network interfaces have a new naming scheme based on physical device location (e.g., eth0 might become enp0s3)7
ntpd
replaced bychronyd
as the default network time protocol daemon8- GNOME2 replaced by GNOME3 as default desktop environment9
- System registration and subscription now handled exclusively with Red Hat Subscription Management (RHSM)10
- MySQL replaced by Mariadb11
tgtd
replaced bytargetcli
12- High Availability Add-On: RGManager removed as resource-management option (in favor of Pacemaker); all CMAN features merged into Corosync (
qdiskd
replaced by votequorum plugin); all tools unified intopcs
13 ifconfig
androute
commands are further deprecated in favor ofip
netstat
further deprecated in favor ofss
- System user UID range extended from 0-499 to 0-999
locate
no longer available by default; (available as mlocate package)nc
(netcat) replaced bynmap-ncat
See footnotes for additional detail about these changes.