分类目录归档:未分类

Zabbix 5.0安装

OS: CentOS 8.1.1911
DB: MariaDB 10
Web: Nginx

关闭防火墙及SELinux

sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config
systemctl disable --now firewalld
reboot

列出可用的MariaDB模块流

dnf module list mariadb

输出显示可用的mariadb版本,目前为10.3版本

CentOS-8 - AppStream
Name                Stream               Profiles                               Summary                  
mariadb             10.3 [d]             client, server [d], galera             MariaDB Module           

Hint: [d]efault, [e]nabled, [x]disabled, [i]nstalled

安装MariaDB

sudo dnf install -y mariadb-server

启动MariaDB

sudo systemctl enable --now mariadb

初始化MariaDB数据库

mysql_secure_installation

配置Zabbix安装源

sudo rpm -Uvh https://repo.zabbix.com/zabbix/5.0/rhel/8/x86_64/zabbix-release-5.0-1.el8.noarch.rpm
sed -i 's#http://repo.zabbix.com#https://mirrors.aliyun.com/zabbix#' /etc/yum.repos.d/zabbix.repo
sudo dnf clean all

安装Zabbix相应组件

sudo dnf install -y zabbix-server-mysql zabbix-web-mysql zabbix-nginx-conf zabbix-agent

初始化Zabbix数据库(会提示输入密码)

mysql -uroot -p
mysql> create database zabbix character set utf8 collate utf8_bin;
mysql> create user zabbix@localhost identified by 'zabbix';
mysql> grant all privileges on zabbix.* to zabbix@localhost;
mysql> quit;

初始化表结构

zcat /usr/share/doc/zabbix-server-mysql*/create.sql.gz | mysql -uzabbix -pzabbix zabbix

编辑/etc/zabbix/zabbix_server.conf文件,修改数据库密码

DBPassword=zabbix

配置PHP,修改/etc/nginx/conf.d/zabbix.conf,取消listen及server_name两行的注释

listen 80;
server_name example.com;

修改PHP时区,修改/etc/php-fpm.d/zabbix.conf

php_value[date.timezone] = Asia/Shanghai

启动服务

systemctl enable zabbix-server zabbix-agent nginx php-fpm --now

Kubernetes社区的Ingress Controller部署

该NGINX Ingress Controller为Kubernetes社区制作的(https://github.com/kubernetes/ingress-nginx),与之前写的NGINX公司制作的Ingress Controller(https://github.com/nginxinc/kubernetes-ingress)配置上不一样

安装非常的简单,执行下面的命令即可

kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/mandatory.yaml

如果不是部署在云上,可以使用以下命令开启NodePort

kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/provider/baremetal/service-nodeport.yaml

安装完成后使用以下命令检测ingress容器状态

kubectl get pods --all-namespaces -l app.kubernetes.io/name=ingress-nginx --watch

使用以下命令可检测所安装的版本

POD_NAMESPACE=ingress-nginx
POD_NAME=$(kubectl get pods -n $POD_NAMESPACE -l app.kubernetes.io/name=ingress-nginx -o jsonpath='{.items[0].metadata.name}')
kubectl exec -it $POD_NAME -n $POD_NAMESPACE -- /nginx-ingress-controller --version

典型的Ingress配置文件如下

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: test
spec:
  rules:
  - host: foo.bar.com
    http:
      paths:
      - backend:
          serviceName: s1
          servicePort: 80
  - host: bar.foo.com
    http:
      paths:
      - backend:
          serviceName: s2
          servicePort: 80

Dashboard的Ingress配置,k8s-dashboard-secret需先创建

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: k8s-dashboard
  namespace: kube-system
  annotations:
    nginx.ingress.kubernetes.io/ssl-redirect: "true"
    nginx.ingress.kubernetes.io/rewrite-target: /
    nginx.ingress.kubernetes.io/secure-backends: "true"

spec:
  tls:
   - secretName: k8s-dashboard-secret
  rules:
   - http:
      paths:
      - path: /dashboard
        backend:
          serviceName: kubernetes-dashboard
          servicePort: 443

OpenShift Origin 3.9离线部署方法

OpenShift Origin是一款开源的容器云平台,对应的商业版本是Red Hat OpenShift。OpenShift以Docker为容器运行环境、K8S为容器编排,加上一系列自动化工具构成了整个平台。

OpenShift安装先决条件:Docker
修改Docker配置文件

cat << EOF > /etc/docker/daemon.json
{
  "registry-mirrors": ["https://registry.docker-cn.com"],
  "insecure-registries": ["172.30.0.0/16"]
}
EOF
systemctl restart docker

从GitHub下载最新程序文件:https://github.com/openshift/origin/releases
本文将以3.9版本为基础,因此下载客户端:openshift-origin-client-tools-v3.9.0-191fece-linux-64bit.tar.gz
将下载的文件上传至服务器,然后解压:

tar -xvzf openshift-origin-client-tools-v3.9.0-191fece-linux-64bit.tar.gz
cp openshift-origin-client-tools-v3.9.0-191fece-linux-64bit/oc /usr/local/bin

执行启动命令,192.168.1.41为服务器IP,启动后会自动下载所需的镜像文件

oc cluster up --public-hostname=192.168.1.41

启动完成后用浏览器登录https://192.168.1.41:8443即可范围系统,默认用户名和密码都是dev

使用stunnel连接squid

安装stunnel及squid等
yum install stunnel squid openssl openssl-devel -y

配置并启用squid服务
systemctl enable squid
systemctl start squid

创建stunnel配置文件
cp /usr/share/doc/stunnel-4.56/stunnel.conf-sample /etc/stunnel/stunnel.conf
vi /etc/stunnel/stunnel.conf
在Service definitions处加入
[squid]
accept = 8888
connect = 127.0.0.1:3128
cert = /etc/stunnel/stunnel.pem

创建stunnel密钥
openssl genrsa -out key.pem 2048
openssl req -new -x509 -key key.pem -out cert.pem -days 3650
cat key.pem cert.pem >> /etc/stunnel/stunnel.pem

创建stunnel运行目录
mkdir /var/run/stunnel
chown nobody:nobody /var/run/stunnel

创建stunnel启动脚本
vi /etc/systemd/system/stunnel.service
; systemd script for stunnel. Please put this file in
; /etc/systemd/system/stunnel.service or /usr/lib/systemd/system/stunnel.service
[Unit]
Description=SSL tunnel for network daemons
After=syslog.target
[Service]
ExecStart=/usr/bin/stunnel /etc/stunnel/stunnel.conf
ExecStop=kill -9 $(pgrep stunnel)
ExecStatus=pgrep stunnel
Type=forking
[Install]
WantedBy=multi-user.target

配置并启用stunnel服务
systemctl enable stunnel
systemctl start stunnel

下载stunnel客户端
https://www.stunnel.org/downloads.html

修改客户端stunnel.conf配置,在Service definitions处加入
[squid]
client = yes
accept = 127.0.0.1:8080
connect = X.X.X.X:8888
cert = stunnel.pem

NetScaler VPX与VMware ESXi Patch 201410001兼容问题

在更新了ESXi550-201410001 (Build 2143827)或ESXi510-201410001 (Build 219751)补丁后,NetScaler VPX网卡工作不正常,表现为性能低下,无法登录GUI,ping丢失。

目前的解决方案如下:

  1. 登录VPX
  2. > shell
  3. root@ns# cd /flash/boot
  4. root@ns# vi loader.conf.local
    添加hw.em.txd=512
  5. root@ns# reboot

http://support.citrix.com/article/CTX200278