Salt Master服务器配置:
CentOS 7.9.2009
IP: 192.168.0.2
0.架构
标准安装需要四个组件,可以合在一起,如果要高可用的话建议每个组件分不同节点安装
- A Salt master
- A PostgreSQL database node
- A Redis database node
- A RaaS node, also known as SaltStack Config

Salt Master服务器配置:
CentOS 7.9.2009
IP: 192.168.0.2
0.架构
标准安装需要四个组件,可以合在一起,如果要高可用的话建议每个组件分不同节点安装
OS: CentOS 8.1.1911
DB: MariaDB 10
Web: Nginx
关闭防火墙及SELinux
sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config systemctl disable --now firewalld reboot
列出可用的MariaDB模块流
dnf module list mariadb
输出显示可用的mariadb版本,目前为10.3版本
CentOS-8 - AppStream Name Stream Profiles Summary mariadb 10.3 [d] client, server [d], galera MariaDB Module Hint: [d]efault, [e]nabled, [x]disabled, [i]nstalled
安装MariaDB
sudo dnf install -y mariadb-server
启动MariaDB
sudo systemctl enable --now mariadb
初始化MariaDB数据库
mysql_secure_installation
配置Zabbix安装源
sudo rpm -Uvh https://repo.zabbix.com/zabbix/5.0/rhel/8/x86_64/zabbix-release-5.0-1.el8.noarch.rpm sed -i 's#http://repo.zabbix.com#https://mirrors.aliyun.com/zabbix#' /etc/yum.repos.d/zabbix.repo sudo dnf clean all
安装Zabbix相应组件
sudo dnf install -y zabbix-server-mysql zabbix-web-mysql zabbix-nginx-conf zabbix-agent
初始化Zabbix数据库(会提示输入密码)
mysql -uroot -p mysql> create database zabbix character set utf8 collate utf8_bin; mysql> create user zabbix@localhost identified by 'zabbix'; mysql> grant all privileges on zabbix.* to zabbix@localhost; mysql> quit;
初始化表结构
zcat /usr/share/doc/zabbix-server-mysql*/create.sql.gz | mysql -uzabbix -pzabbix zabbix
编辑/etc/zabbix/zabbix_server.conf文件,修改数据库密码
DBPassword=zabbix
配置PHP,修改/etc/nginx/conf.d/zabbix.conf,取消listen及server_name两行的注释
listen 80; server_name example.com;
修改PHP时区,修改/etc/php-fpm.d/zabbix.conf
php_value[date.timezone] = Asia/Shanghai
启动服务
systemctl enable zabbix-server zabbix-agent nginx php-fpm --now
该NGINX Ingress Controller为Kubernetes社区制作的(https://github.com/kubernetes/ingress-nginx),与之前写的NGINX公司制作的Ingress Controller(https://github.com/nginxinc/kubernetes-ingress)配置上不一样
安装非常的简单,执行下面的命令即可
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/mandatory.yaml
如果不是部署在云上,可以使用以下命令开启NodePort
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/provider/baremetal/service-nodeport.yaml
安装完成后使用以下命令检测ingress容器状态
kubectl get pods --all-namespaces -l app.kubernetes.io/name=ingress-nginx --watch
使用以下命令可检测所安装的版本
POD_NAMESPACE=ingress-nginx POD_NAME=$(kubectl get pods -n $POD_NAMESPACE -l app.kubernetes.io/name=ingress-nginx -o jsonpath='{.items[0].metadata.name}') kubectl exec -it $POD_NAME -n $POD_NAMESPACE -- /nginx-ingress-controller --version
典型的Ingress配置文件如下
apiVersion: extensions/v1beta1 kind: Ingress metadata: name: test spec: rules: - host: foo.bar.com http: paths: - backend: serviceName: s1 servicePort: 80 - host: bar.foo.com http: paths: - backend: serviceName: s2 servicePort: 80
Dashboard的Ingress配置,k8s-dashboard-secret需先创建
apiVersion: extensions/v1beta1 kind: Ingress metadata: name: k8s-dashboard namespace: kube-system annotations: nginx.ingress.kubernetes.io/ssl-redirect: "true" nginx.ingress.kubernetes.io/rewrite-target: / nginx.ingress.kubernetes.io/secure-backends: "true" spec: tls: - secretName: k8s-dashboard-secret rules: - http: paths: - path: /dashboard backend: serviceName: kubernetes-dashboard servicePort: 443
OpenShift Origin是一款开源的容器云平台,对应的商业版本是Red Hat OpenShift。OpenShift以Docker为容器运行环境、K8S为容器编排,加上一系列自动化工具构成了整个平台。
OpenShift安装先决条件:Docker
修改Docker配置文件
cat << EOF > /etc/docker/daemon.json { "registry-mirrors": ["https://registry.docker-cn.com"], "insecure-registries": ["172.30.0.0/16"] } EOF systemctl restart docker
从GitHub下载最新程序文件:https://github.com/openshift/origin/releases
本文将以3.9版本为基础,因此下载客户端:openshift-origin-client-tools-v3.9.0-191fece-linux-64bit.tar.gz
将下载的文件上传至服务器,然后解压:
tar -xvzf openshift-origin-client-tools-v3.9.0-191fece-linux-64bit.tar.gz cp openshift-origin-client-tools-v3.9.0-191fece-linux-64bit/oc /usr/local/bin
执行启动命令,192.168.1.41为服务器IP,启动后会自动下载所需的镜像文件
oc cluster up --public-hostname=192.168.1.41
安装stunnel及squid等
yum install stunnel squid openssl openssl-devel -y
配置并启用squid服务
systemctl enable squid
systemctl start squid
创建stunnel配置文件
cp /usr/share/doc/stunnel-4.56/stunnel.conf-sample /etc/stunnel/stunnel.conf
vi /etc/stunnel/stunnel.conf
在Service definitions处加入
[squid]
accept = 8888
connect = 127.0.0.1:3128
cert = /etc/stunnel/stunnel.pem
创建stunnel密钥
openssl genrsa -out key.pem 2048
openssl req -new -x509 -key key.pem -out cert.pem -days 3650
cat key.pem cert.pem >> /etc/stunnel/stunnel.pem
创建stunnel运行目录
mkdir /var/run/stunnel
chown nobody:nobody /var/run/stunnel
创建stunnel启动脚本
vi /etc/systemd/system/stunnel.service
; systemd script for stunnel. Please put this file in
; /etc/systemd/system/stunnel.service or /usr/lib/systemd/system/stunnel.service
[Unit]
Description=SSL tunnel for network daemons
After=syslog.target
[Service]
ExecStart=/usr/bin/stunnel /etc/stunnel/stunnel.conf
ExecStop=kill -9 $(pgrep stunnel)
ExecStatus=pgrep stunnel
Type=forking
[Install]
WantedBy=multi-user.target
配置并启用stunnel服务
systemctl enable stunnel
systemctl start stunnel
下载stunnel客户端
https://www.stunnel.org/downloads.html
修改客户端stunnel.conf配置,在Service definitions处加入
[squid]
client = yes
accept = 127.0.0.1:8080
connect = X.X.X.X:8888
cert = stunnel.pem
在更新了ESXi550-201410001 (Build 2143827)或ESXi510-201410001 (Build 219751)补丁后,NetScaler VPX网卡工作不正常,表现为性能低下,无法登录GUI,ping丢失。
目前的解决方案如下:
http://support.citrix.com/article/CTX200278
www.ebanban.com的服务器已由原来的FreeBSD+Apache+PHP+MySQL升级为CentOS+Nginx+PHP+MySQL
解压密码: www.ebanban.com