CentOS Atomic下载

CentOS Atomic主机是一个专为执行Docker容器而设的轻量操作系统,它创建自标准的CentOS 7组件,并追随Red Hat企业级Linux Atomic主机的组件版本。
更多内容可查看Atomic项目主页http://www.projectatomic.io/
以下下载地址来源于CentOS网站:https://wiki.centos.org/SpecialInterestGroup/Atomic/Download
未压缩qcow2格式下载链接
xz压缩qcow2格式下载链接
gz压缩qcow2格式下载链接
ISO镜像下载链接

OpenShift Origin 3.9离线部署方法

OpenShift Origin是一款开源的容器云平台,对应的商业版本是Red Hat OpenShift。OpenShift以Docker为容器运行环境、K8S为容器编排,加上一系列自动化工具构成了整个平台。

OpenShift安装先决条件:Docker
修改Docker配置文件

cat << EOF > /etc/docker/daemon.json
{
  "registry-mirrors": ["https://registry.docker-cn.com"],
  "insecure-registries": ["172.30.0.0/16"]
}
EOF
systemctl restart docker

从GitHub下载最新程序文件:https://github.com/openshift/origin/releases
本文将以3.9版本为基础,因此下载客户端:openshift-origin-client-tools-v3.9.0-191fece-linux-64bit.tar.gz
将下载的文件上传至服务器,然后解压:

tar -xvzf openshift-origin-client-tools-v3.9.0-191fece-linux-64bit.tar.gz
cp openshift-origin-client-tools-v3.9.0-191fece-linux-64bit/oc /usr/local/bin

执行启动命令,192.168.1.41为服务器IP,启动后会自动下载所需的镜像文件

oc cluster up --public-hostname=192.168.1.41

启动完成后用浏览器登录https://192.168.1.41:8443即可范围系统,默认用户名和密码都是dev

使用Docker部署单节点etcd

为了能使Docker外的系统访问到etcd服务,需要通过docker inspect获得容器的IP。或者也可以通过参数–net=host使容器使用主机的网络。

export NODE1=192.168.1.21
docker run \
  -p 2379:2379 \
  -p 2380:2380 \
  --volume=${DATA_DIR}:/etcd-data \
  --name etcd quay.io/coreos/etcd:latest \
  /usr/local/bin/etcd \
  --data-dir=/etcd-data --name node1 \
  --initial-advertise-peer-urls http://${NODE1}:2380 --listen-peer-urls http://${NODE1}:2380 \
  --advertise-client-urls http://${NODE1}:2379 --listen-client-urls http://${NODE1}:2379 \
  --initial-cluster node1=http://${NODE1}:2380
etcdctl --endpoints=http://${NODE1}:2379 member list

将容器作为systemd服务来运行

编写/etc/systemd/system/myapp.service内容如下

[Unit]
Description=MyApp
After=docker.service
Requires=docker.service

[Service]
TimeoutStartSec=0
ExecStartPre=-/usr/bin/docker kill busybox1
ExecStartPre=-/usr/bin/docker rm busybox1
ExecStartPre=/usr/bin/docker pull busybox
ExecStart=/usr/bin/docker run --name busybox1 busybox /bin/sh -c "trap 'exit 0' INT TERM; while true; do echo Hello World; sleep 1; done"

[Install]
WantedBy=multi-user.target

配置作为服务自动启动
sudo systemctl enable myapp.service
sudo systemctl start myapp.service
检查服务运行状态
journalctl -f -u hello.service

CoreOS ISO引导安装

1. 从官网下载最新CoreOS ISO文件
https://stable.release.core-os.net/amd64-usr/current/coreos_production_iso_image.iso

2. 修改SSH配置
使用ISO文件引导Live CD,复制sshd_config文件
cd /etc/ssh
sudo mv sshd_config{,.bak}
sudo cp /usr/share/ssh/sshd_config .
sudo vi sshd_config
增加一行PermitRootLogin yes
sudo systemctl restart sshd
sudo passwd root

3. 通过SSH将ignition.json复制到服务器
ignition.json文件内容如下

{
  "ignition": {
    "config": {},
    "timeouts": {},
    "version": "2.1.0"
  },
  "networkd": {},
  "passwd": {
    "users": [
      {
        "name": "core",
        "sshAuthorizedKeys": [
          "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDGdByTgSVHq......."
        ]
      }
    ]
  },
  "storage": {},
  "systemd": {}
}

4. 将CoreOS安装到磁盘
sudo coreos-install -d /dev/sda -C stable -i ~/ignition.json

Docker Compose安装

两进制安装:

sudo curl -L https://github.com/docker/compose/releases/download/1.21.2/docker-compose-$(uname -s)-$(uname -m) \
-o /usr/local/bin/docker-compose
sudo chmod +x /usr/local/bin/docker-compose
$ docker-compose --version
docker-compose version 1.21.2, build a133471

pip安装:

pip install docker-compose

在CentOS 7上安装Docker CE

安装所需的包:

yum install -y yum-utils device-mapper-persistent-data lvm2

安装docker的repo:

sudo yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo

安装docker ce:

yum install docker-ce

启动docker:

systemctl start docker

验证docker:

docker run hello-world

配置docker国内镜像:
编辑/etc/docker/daemon.json,添加以下一行

{
  "registry-mirrors": ["https://registry.docker-cn.com"]
}

重新启动docker:

systemctl restart docker

如要安装指定的旧版本则需要使用rpm安装,比如安装17.03.2.ce版本

yum remove -y docker-ce container-selinux
rm -rf /var/lib/docker
curl -O https://mirrors.aliyun.com/docker-ce/linux/centos/7/x86_64/stable/Packages/docker-ce-17.03.2.ce-1.el7.centos.x86_64.rpm
curl -O https://mirrors.aliyun.com/docker-ce/linux/centos/7/x86_64/stable/Packages/docker-ce-selinux-17.03.2.ce-1.el7.centos.noarch.rpm
rpm -Uvh docker-ce*17.03.2.ce*.rpm

使用stunnel连接squid

安装stunnel及squid等
yum install stunnel squid openssl openssl-devel -y

配置并启用squid服务
systemctl enable squid
systemctl start squid

创建stunnel配置文件
cp /usr/share/doc/stunnel-4.56/stunnel.conf-sample /etc/stunnel/stunnel.conf
vi /etc/stunnel/stunnel.conf
在Service definitions处加入
[squid]
accept = 8888
connect = 127.0.0.1:3128
cert = /etc/stunnel/stunnel.pem

创建stunnel密钥
openssl genrsa -out key.pem 2048
openssl req -new -x509 -key key.pem -out cert.pem -days 3650
cat key.pem cert.pem >> /etc/stunnel/stunnel.pem

创建stunnel运行目录
mkdir /var/run/stunnel
chown nobody:nobody /var/run/stunnel

创建stunnel启动脚本
vi /etc/systemd/system/stunnel.service
; systemd script for stunnel. Please put this file in
; /etc/systemd/system/stunnel.service or /usr/lib/systemd/system/stunnel.service
[Unit]
Description=SSL tunnel for network daemons
After=syslog.target
[Service]
ExecStart=/usr/bin/stunnel /etc/stunnel/stunnel.conf
ExecStop=kill -9 $(pgrep stunnel)
ExecStatus=pgrep stunnel
Type=forking
[Install]
WantedBy=multi-user.target

配置并启用stunnel服务
systemctl enable stunnel
systemctl start stunnel

下载stunnel客户端
https://www.stunnel.org/downloads.html

修改客户端stunnel.conf配置,在Service definitions处加入
[squid]
client = yes
accept = 127.0.0.1:8080
connect = X.X.X.X:8888
cert = stunnel.pem

NetScaler VPX与VMware ESXi Patch 201410001兼容问题

在更新了ESXi550-201410001 (Build 2143827)或ESXi510-201410001 (Build 219751)补丁后,NetScaler VPX网卡工作不正常,表现为性能低下,无法登录GUI,ping丢失。

目前的解决方案如下:

  1. 登录VPX
  2. > shell
  3. root@ns# cd /flash/boot
  4. root@ns# vi loader.conf.local
    添加hw.em.txd=512
  5. root@ns# reboot

http://support.citrix.com/article/CTX200278

RHEL6与RHEL7的变化(转)

System and command changes between RHEL 6 and RHEL 7

Between RHEL6 and RHEL7 there are a number of changes to tools, commands, and workflows. Changes that are likely to affect common administrative tasks are listed here:

  • Anaconda RHEL installer completely redesigned1
  • Legacy GRUB boot loader replaced by GRUB22
  • Procedure for bypassing root password prompt at boot completely different3
  • SysV init system and all related tools replaced by systemd4
  • ext4 replaced by xfs as default filesystem type5
  • Directories /bin, /sbin, /lib and /lib64 are now all under the /usr directory6
  • Network interfaces have a new naming scheme based on physical device location (e.g., eth0 might become enp0s3)7
  • ntpd replaced by chronyd as the default network time protocol daemon8
  • GNOME2 replaced by GNOME3 as default desktop environment9
  • System registration and subscription now handled exclusively with Red Hat Subscription Management (RHSM)10
  • MySQL replaced by Mariadb11
  • tgtd replaced by targetcli12
  • High Availability Add-On: RGManager removed as resource-management option (in favor of Pacemaker); all CMAN features merged into Corosync (qdiskd replaced by votequorum plugin); all tools unified into pcs13
  • ifconfig and route commands are further deprecated in favor of ip
  • netstat further deprecated in favor of ss
  • System user UID range extended from 0-499 to 0-999
  • locate no longer available by default; (available as mlocate package)
  • nc (netcat) replaced by nmap-ncat

See footnotes for additional detail about these changes.

继续阅读