月份:2017年9月

如何在CentOS和Ubuntu中安装Linux Kernel 4.13

未分类

Linus Torvalds 在 9 月 3 日星期天正式发布了稳定版 Linux Kernel 4.13,这个最新版本发布了新功能,进行了诸多修复和问题改进。有关更多详细信息,请参阅: http://lkml.iu.edu/hypermail/linux/kernel/1709.0/01021.html

下面系统极客将向大家介绍在 CentOS 和 Ubuntu 中手动安装、更新 Linux Kernel 4.13 的方法,当然,这些步骤也同时适用于其它基于 YUM 和基于 APT 的系统。

CentOS系统安装Linux Kernel 4.13

以下步骤在 CentOS 7 64 位版本中进行了测试,它也适用于其他 RPM 发行版,如:RHEL、Fedora 和 Scientific Linux 等。

由于最新的内核在官方存储库中目前还不可用, 所以我们需要添加 ELRepo 仓库来安装这个最新的 Linux Kernel 4.13 内核。

1、使用如下命令添加 ELRepo GPG 密钥:

rpm --import https://www.elrepo.org/RPM-GPG-KEY-elrepo.org

2、使用如下命令在 CentOS 7、RHEL 7 或 Scientific Linux 7 中添加 ELRepo 存储库:

rpm -Uvh http://www.elrepo.org/elrepo-release-7.0-3.el7.elrepo.noarch.rpm

CentOS 6、RHEL 6、Scientific Linux 6 添加 ELRepo 存储库的命令是:

rpm -Uvh http://www.elrepo.org/elrepo-release-6-8.el6.elrepo.noarch.rpm

3、使用如下命令将 ELRepo 启用为最快镜像:

yum install yum-plugin-fastestmirror

4、启用 ELRepo 并使用如下命令安装 Linux Kernel 4.13 版本:

yum --enablerepo=elrepo-kernel install kernel-ml

5、安装内核后,重新启动系统并从 Grub 启动菜单中选择最新的内核。

Ubuntu 16.04 LTS系统安装Linux Kernel 4.13

在 Ubuntu 16.04 LTS 或其它基于 Ubuntu 的系统中(如 Debian、Linux Mint 等 )安装最新 Linux Kernel 4.13 内核的步骤如下:

1、现在已经可以从 Ubuntu 官方内核库中下载 Linux Kernel 4.13。

64 位 Ubuntu 系统:

wget http://kernel.ubuntu.com/~kernel-ppa/mainline/v4.13/linux-headers-4.13.0-041300_4.13.0-041300.201709031731_all.deb
wget http://kernel.ubuntu.com/~kernel-ppa/mainline/v4.13/linux-headers-4.13.0-041300-generic_4.13.0-041300.201709031731_amd64.deb
wget http://kernel.ubuntu.com/~kernel-ppa/mainline/v4.13/linux-image-4.13.0-041300-generic_4.13.0-041300.201709031731_amd64.deb

32 位 Ubuntu 系统:

wget http://kernel.ubuntu.com/~kernel-ppa/mainline/v4.13/linux-headers-4.13.0-041300_4.13.0-041300.201709031731_all.deb
wget http://kernel.ubuntu.com/~kernel-ppa/mainline/v4.13/linux-headers-4.13.0-041300-generic_4.13.0-041300.201709031731_i386.deb
wget http://kernel.ubuntu.com/~kernel-ppa/mainline/v4.13/linux-image-4.13.0-041300-generic_4.13.0-041300.201709031731_i386.deb

2、下载完成后使用如下命令安装 Linux Kernel 4.13:

sudo dpkg -i *.deb

3、使用如下命令更新 Grub 引导加载程序:

sudo update-grub

如果使用 BURG 引导加载程序,请运行:

sudo update-burg

4、重新启动系统并登录到新安装的内核。

acme-tiny在CentOS、Apache下自动更新https证书

# yum install mod_ssl openssl

# mkdir /home/crt/

# cd /home/crt/

复制

https://github.com/diafygi/acme-tiny

acme_tiny.py

到/home/crt/

yoursite—>站点名称

# mkdir yoursite/www/

# cd yoursite

//创建Let’s Encrypt私钥

# openssl genrsa 4096 > account.key

# openssl genrsa 4096 > domain.key

#单域名CSR用如下命令

#openssl req -new -sha256 -key domain.key -subj “/CN=yoursite.com” > domain.csr



#多域名CSR用如下命令(一般都至少要为根域和WWW申请证书吧)

接下来需要使用openssl.cnf文件,先查找自己该文件的位置

#locate openssl.cnf

CentOS下的文件位置在/etc/pki/tls/openssl.cnf

#

openssl req -new -sha256 -key domain.key -subj "/" -reqexts SAN -config <(cat /etc/ssl/openssl.cnf <(printf "[SAN]nsubjectAltName=DNS:yoursite.com,DNS:www.yoursite.com")) > domain.csr

#

设置该目录下面 www 文件夹权限为777

chmod -R 777 www

修改http.conf,红色为修改部分

<VirtualHost *:80>
DocumentRoot "/var/www/yoursite"
ServerName www.yoursite.com
ServerAlias yoursite.com
<Directory "/var/www/yoursite">
Options FollowSymLinks ExecCGI
AllowOverride All
Order allow,deny
Allow from all
Require all granted
</Directory>
Alias /.well-known/acme-challenge "/home/crt/yoursite/www"
<Directory "/home/crt/yoursite/www">
Options FollowSymLinks ExecCGI
AllowOverride All
Order allow,deny
Allow from all
Require all granted
</Directory>
</VirtualHost>

#systemctl restart httpd.service

# cd /home/crt/

vi renew_cert.sh

==========红字为sh内容

function getCrt()
{
BASURL=/home/crt/
python ${BASURL}/acme_tiny.py --account-key ${BASURL}${1}/account.key --csr ${BASURL}${1}/domain.csr --acme-dir ${BASURL}${1}/www/ > ${BASURL}${1}/signed.crt || exit
wget -O - https://letsencrypt.org/certs/lets-encrypt-x3-cross-signed.pem > ${BASURL}${1}/intermediate.pem
cat ${BASURL}${1}/signed.crt ${BASURL}${1}/intermediate.pem > ${BASURL}${1}/chained.pem

}
getCrt yoursite

sudo systemctl restart httpd.service

#chmod +x renew_cert.sh

#sh renew_cert.sh

自动生成证书

删除 ssl.conf

中…所有内容

修改http.conf,增加红字部分

NameVirtualHost *:443
<VirtualHost *:443>
DocumentRoot "/var/www/yoursite"
ServerName www.yoursite.com
ServerAlias yoursite.com
SSLEngine on
SSLHonorCipherOrder on

# 禁止SSLv2 SSLv3协议
SSLProtocol all -SSLv2 -SSLv3

#禁止RC4,禁止SF
SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS

SSLCertificateFile /home/crt/yoursite/signed.crt
SSLCertificateKeyFile /home/crt/yoursite/domain.key
SSLCertificateChainFile /home/crt/yoursite/chained.pem
<Directory "/var/www/yoursite">
Options FollowSymLinks ExecCGI
AllowOverride All
Order allow,deny
Allow from all
Require all granted
</Directory>
</VirtualHost>

#systemctl restart httpd.service

访问 https://www.yoursite.com

可以在项目目录下创建.htaccess 来强制http 访问到https访问

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

添加到定时任务中

crontab -e

//添加任务
0 0 1 * * /usr/bin/bash /home/crt/renew_cert.sh

sudo systemctl restart crond.service

CentOS 7 时间同步

1. NTP时钟同步方式说明

NTP在linux下有两种时钟同步方式,分别为直接同步和平滑同步:

  • 直接同步

使用ntpdate命令进行同步,直接进行时间变更。如果服务器上存在一个12点运行的任务,当前服务器时间是13点,但标准时间时11点,使用此命令可能会造成任务重复执行。因此使用ntpdate同步可能会引发风险,因此该命令也多用于配置时钟同步服务时第一次同步时间时使用。

  • 平滑同步

使用ntpd进行时钟同步,可以保证一个时间不经历两次,它每次同步时间的偏移量不会太陡,是慢慢来的,这正因为这样,ntpd平滑同步可能耗费的时间比较长。

标准时钟同步服务

http://www.pool.ntp.org/zone/cn网站包含全球的标准时间同步服务,也包括对中国时间的同步,对应的URL为cn.pool.ntp.org,在其中也描述了
ntp配置文件中的建议写法:

server 1.cn.pool.ntp.org 
server 2.asia.pool.ntp.org

2. 环境情况

准备四台电脑,分别为:

未分类

3. 检查服务是否安装

  • 使用rpm检查ntp包是否安装
[root@localhost kevin]# rpm -q ntp
ntp-4.2.6p5-25.el7.centos.2.x86_64
  • 如果已经安装则略过此步,否则使用yum进行安装,并设置系统开机自动启动并启动服务
[root@localhost kevin]# yum -y install ntp
[root@localhost kevin]# systemctl enable ntpd
[root@localhost kevin]# systemctl start ntpd

4. 设置ntp服务器: 192.168.11.212

配置前先使用命令:ntpdate -u cn.pool.ntp.org,同步服务器

  • 修改/etc/ntp.conf文件,红色字体是修改的内容
# For more information about this file, see the man pages
# ntp.conf(5), ntp_acc(5), ntp_auth(5), ntp_clock(5), ntp_misc(5), ntp_mon(5).
driftfile /var/lib/ntp/drift
# Permit time synchronization with our time source, but do not
# permit the source to query or modify the service on this system.
restrict default nomodify notrap nopeer noquery

# Permit all access over the loopback interface.  This could
# be tightened as well, but to do so would effect some of
# the administrative functions.
restrict 127.0.0.1
restrict ::1

# Hosts on local network are less restricted.
#restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap
restrict 172.16.248.0 mask 255.255.255.0 nomodify notrap

# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
#server 0.centos.pool.ntp.org iburst

server 2.cn.pool.ntp.org
server 1.asia.pool.ntp.org
server 2.asia.pool.ntp.org

#broadcast 192.168.1.255 autokey        # broadcast server
#broadcastclient                        # broadcast client
#broadcast 224.0.1.1 autokey            # multicast server
#multicastclient 224.0.1.1              # multicast client
#manycastserver 239.255.254.254         # manycast server
#manycastclient 239.255.254.254 autokey # manycast client
# 允许上层时间服务器主动修改本机时间
restrict 2.cn.pool.ntp.org nomodify notrap noquery
restrict 1.asia.pool.ntp.org nomodify notrap noquery
restrict 2.asia.pool.ntp.org nomodify notrap noquery

server 127.0.0.1 # local clock
fudge 127.0.0.1 stratum 10

# Enable public key cryptography.
#crypto

includefile /etc/ntp/crypto/pw

# Key file containing the keys and key identifiers used when operating
# with symmetric key cryptography. 
keys /etc/ntp/keys

# Specify the key identifiers which are trusted.
#trustedkey 4 8 42

# Specify the key identifier to use with the ntpdc utility.
#requestkey 8

# Specify the key identifier to use with the ntpq utility.
#controlkey 8

# Enable writing of statistics records.
#statistics clockstats cryptostats loopstats peerstats

# Disable the monitoring facility to prevent amplification attacks using ntpdc
# monlist command when default restrict does not include the noquery flag. See
# CVE-2013-5211 for more details.
# Note: Monitoring will not be disabled with the limited restriction flag.
disable monitor

修改完成后重启ntpd服务systemctl restart ntpd

使用ntpq -p 查看网络中的NTP服务器,同时显示客户端和每个服务器的关系

使用ntpstat 命令查看时间同步状态,这个一般需要5-10分钟后才能成功连接和同步。所以,服务器启动后需要稍等下:

刚启动的时候,一般是:

# ntpstat 
unsynchronised
  time server re-starting
   polling server every 64 s

连接并同步后:

# ntpstat 
synchronised to NTP server (202.112.10.36) at stratum 3
   time correct to within 275 ms
   polling server every 256 s

5. 设置ntp客户端: 172.16.248.129|130|131

安装ntp服务并设置为自动启动,和前面的设置方式相同。然后编辑/etc/ntp.conf文件,红色字体为变化的内容。

# For more information about this file, see the man pages
# ntp.conf(5), ntp_acc(5), ntp_auth(5), ntp_clock(5), ntp_misc(5), ntp_mon(5).

driftfile /var/lib/ntp/drift

# Permit time synchronization with our time source, but do not
# permit the source to query or modify the service on this system.
restrict default nomodify notrap nopeer noquery

# Permit all access over the loopback interface.  This could
# be tightened as well, but to do so would effect some of
# the administrative functions.
restrict 127.0.0.1
restrict ::1

# Hosts on local network are less restricted.
#restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap

# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
#server 0.centos.pool.ntp.org iburst

server 172.16.248.1

restrict 172.16.248.1 nomodify notrap noquery

server 127.0.0.1
fudge 127.0.0.1 stratum 10

#broadcast 192.168.1.255 autokey        # broadcast server
#broadcastclient                        # broadcast client
#broadcast 224.0.1.1 autokey            # multicast server
#multicastclient 224.0.1.1              # multicast client
#manycastserver 239.255.254.254         # manycast server
#manycastclient 239.255.254.254 autokey # manycast client

# Enable public key cryptography.
#crypto
includefile /etc/ntp/crypto/pw

# Key file containing the keys and key identifiers used when operating
# with symmetric key cryptography. 
keys /etc/ntp/keys 

# Specify the key identifiers which are trusted.
#trustedkey 4 8 42

# Specify the key identifier to use with the ntpdc utility.
#requestkey 8

# Specify the key identifier to use with the ntpq utility.
#controlkey 8

# Enable writing of statistics records.
#statistics clockstats cryptostats loopstats peerstats

# Disable the monitoring facility to prevent amplification attacks using ntpdc
# monlist command when default restrict does not include the noquery flag. See
# CVE-2013-5211 for more details.
# Note: Monitoring will not be disabled with the limited restriction flag.
disable monitor

重启ntpd服务

#systemctl restart ntpd

启动后,查看同步情况

# ntpq -p
# ntpstat

因为是内网,一般ntpstat很快就可以同步上。

Centos 7中文语言包的安装及中文支持

1、修改配置文件etc/locale.conf

LANG="zh_CN.UTF-8"

2、查看更改后的系统语言变量

[root@5c46832b5c01 ~]# locale
locale: Cannot set LC_CTYPE to default locale: No such file or directory
locale: Cannot set LC_MESSAGES to default locale: No such file or directory
locale: Cannot set LC_ALL to default locale: No such file or directory
LANG=zh_CN.UTF-8
LC_CTYPE="zh_CN.UTF-8"
LC_NUMERIC="zh_CN.UTF-8"
LC_TIME="zh_CN.UTF-8"
LC_COLLATE="zh_CN.UTF-8"
LC_MONETARY="zh_CN.UTF-8"
LC_MESSAGES="zh_CN.UTF-8"
LC_PAPER="zh_CN.UTF-8"
LC_NAME="zh_CN.UTF-8"
LC_ADDRESS="zh_CN.UTF-8"
LC_TELEPHONE="zh_CN.UTF-8"
LC_MEASUREMENT="zh_CN.UTF-8"
LC_IDENTIFICATION="zh_CN.UTF-8"
LC_ALL=

3、查看语言包

[root@5c46832b5c01 ~]# locale -a
locale: Cannot set LC_CTYPE to default locale: No such file or directory
locale: Cannot set LC_MESSAGES to default locale: No such file or directory
locale: Cannot set LC_COLLATE to default locale: No such file or directory
C
POSIX
en_US.utf8

4、如果不提示错误表示已开启中文,可以在终端试一下删除文件等操作看提示是不是中文 否则没有中文,安装一个,注意7跟6不一样

#yum install kde-l10n-Chinese
#yum reinstall glibc-common

未分类

CENTOS 7.2 下设置IP

Centos 服务器下设置内网的IP.

首先,查看网卡,执行命令

ifconfig

会显示出当前服务器网卡数量

em1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
    inet 111.111.111.111  netmask 255.255.255.128  broadcast 111.111.111.111
    inet6 ***  prefixlen 64  scopeid 0x0<global>
    inet6 ***  prefixlen 64  scopeid 0x40<site>
    inet6 ***  prefixlen 64  scopeid 0x20<link>
    ether ***  txqueuelen 1000  (Ethernet)
    RX packets 133303685  bytes 28505343137 (26.5 GiB)
    RX errors 0  dropped 359528  overruns 0  frame 0
    TX packets 5254914  bytes 491093949 (468.3 MiB)
    TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
    device interrupt 18

em2: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
                ether ***  txqueuelen 1000  (Ethernet)
                RX packets 60693  bytes 3894479 (3.7 MiB)
                RX errors 0  dropped 0  overruns 0  frame 0
                TX packets 227  bytes 20043 (19.5 KiB)
                TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
                device interrupt 19

em3: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500
                ether ***  txqueuelen 1000  (Ethernet)
                RX packets 0  bytes 0 (0.0 B)
                RX errors 0  dropped 0  overruns 0  frame 0
                TX packets 0  bytes 0 (0.0 B)
                TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
                device interrupt 19

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
                inet 127.0.0.1  netmask 255.0.0.0
                inet6 ::1  prefixlen 128  scopeid 0x10<host>
                loop  txqueuelen 1  (Local Loopback)
                RX packets 36713  bytes 28535534 (27.2 MiB)
                RX errors 0  dropped 0  overruns 0  frame 0
                TX packets 36713  bytes 28535534 (27.2 MiB)
                TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

解释:

UP 网卡开启状态
RUNNING 网卡网线被接上
MULTICAST 支持组播
MTU  最大传输单元
inet  ip4 地址
inet6  ip6地址
broadcast 广播地址
netmask  子网掩码
RX 表示接收数据包的情况
TX 表示发送数据包的情况
txqueuelen  传输缓存区大小

网卡启动命令

ifconfig em2 up

ifconfig em2 down

可以使用命令,查看当前服务器的外网ip

curl ifconfig.me

例如,结果显示:111.111.111.111 表示当前的网卡em1已被外网使用.

除了lo之外(lo不算),还有三个网卡,em2,em3,em4.

em2 有RUNNING,应该表示当前网卡有线接入.选择em2设置内网.

进入目录

cd /etc/sysconfig/network-scripts/
cp ifcfg-em2 ifcfg-em2.bak  #备份

编辑网卡配置文件

TYPE=Ethernet
BOOTPROTO=static  #默认为dhcp
DEFROUTE=yes
PEERDNS=yes
PEERROUTES=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=no  #如果yes改为no
IPV6_AUTOCONF=no #如果yes改为no
IPV6_DEFROUTE=no   #如果yes改为no
IPV6_PEERDNS=no  #如果yes改为no
IPV6_PEERROUTES=no   #如果yes改为no
IPV6_FAILURE_FATAL=no  #如果yes改为no
NAME=em2
UUID=*******
DEVICE=em2
ONBOOT=yes
IPADDR=192.168.1.111  #ip地址  
NETMACK=255.255.255.0    #网关
DNS1=*****   #dns地址

保存

重启网卡

service network restart

CENTOS 6.x/7.x yum安装配置Nginx

第一种方法:直接通过RPM包安装

1、查看系统是否已安装Nginx,若已安装查看Nginx版本

yum info nginx

rpm -qa|grep nginx

2、选择RPM包进行安装

在 http://nginx.org/packages/centos 网站下查找需要安装的Nginx版本

执行命令

yum install http://nginx.org/packages/centos/6/x86_64/RPMS/nginx-1.8.0-1.el6.ngx.x86_64.rpm

第二种方法:设置Nginx软件源

在/etc/yum.repos.d/目录下创建一个源配置文件nginx.repo:

cd /etc/yum.repos.d/

vim nginx.repo

内容:

[nginx]

name=nginx repo
baseurl=http://nginx.org/packages/centos/$releasever/$basearch/
gpgcheck=0
enabled=1

保存,则会产生一个/etc/yum.repos.d/nginx.repo文件。

启动Nginx了:

/etc/init.d/nginx start

或者

service nginx start

配置一下Linux防火墙开通80端口。

iptables -I INPUT 5 -i eth0 -p tcp --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT
service iptables save
service iptables restart

Nginx配置文件位置:

/etc/nginx/nginx.conf

Linux CentOS 7安装Redis服务器教程

说明:redis的缩写是REmote DIctionary Server。它是最流行的开源,高级key-value存储系统。这里说下CentOS 7上安装redis服务器方法。

项目地址:http://redis.io/

安装

一、安装EPEL repo

这里用的CentOS x86_64操作系统架构,所以我将仅使用适用于x86_64的epel repo软件包。请根据您的操作系统架构(EPEL URL)搜索epel repo软件包

yum install wget
wget -r --no-parent -A 'epel-release-*.rpm' http://dl.fedoraproject.org/pub/epel/7/x86_64/e/
rpm -Uvh dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-*.rpm

之后将会在/etc/yum.repos.d中创建两个epel的repo文件。分别是epel.repo和epel-testing.repo。

二、安装Redis服务器

1、yum安装redis服务器

yum install redis

两个重要的redis服务器配置文件的路径/etc/redis.conf和/etc/redis-sentinel.conf。

2、启动redis服务器

systemctl start redis.service

3、检查redis服务器的运行状态

systemctl status redis.service

4、测试Redis的安装

redis-cli ping

如果返回结果PONG,则安装成功。

三、redis服务器相关命令

systemctl start redis.service  #启动redis服务器 
systemctl stop redis.service  #停止redis服务器
systemctl restart redis.service  #重新启动redis服务器 
systemctl status redis.service  #获取redis服务器的运行状态 
systemctl enable redis.service  #开机启动redis服务器
systemctl disable redis.service  #开机禁用redis服务器

四、Redis服务器监听端口

Redis Server默认侦听端口号6379,可使用SS命令查看。

ss -nlp|grep redis

学习Redis请看:http://redis.io/documentation

CentOS 7安装Harbor Docker Registry

Harbor是VMware公司开源的企业级Docker Registry,在原生Docker Registry的基础上增加了一些安全、访问控制、管理等功能以满足企业对于镜像仓库的需求。Harbor以docker-compose的规范形式组织各个组件,并通过docker-compose工具进行启停。

安装docker-compose

[root@node1 /root/harbor]#curl -L https://github.com/docker/compose/releases/download/1.13.0/docker-compose-`uname -s`-`uname -m` > /usr/local/bin/docker-compose
[root@node1 /root/harbor]#chmod +x /usr/local/bin/docker-compose
[root@node1 /root/harbor]#docker-compose version
docker-compose version 1.13.0, build 1719ceb
docker-py version: 2.2.1
CPython version: 2.7.13
OpenSSL version: OpenSSL 1.0.1t  3 May 2016

修改harbor.cfg配置文件里的hostname参数为本机ip

hostname = 172.172.20.33

开始安装harbor

[root@node1 /root/harbor]#./install.sh 

[Step 0]: checking installation environment …

Note: docker version: 1.12.6

Note: docker-compose version: 1.13.0

[Step 1]: loading Harbor images …
dd60b611baaa: Loading layer [==================================================>] 133.2 MB/133.2 MB
0bfc226dc2e8: Loading layer [==================================================>] 1.536 kB/1.536 kB
66c3231118d2: Loading layer [==================================================>] 17.69 MB/17.69 MB
fe2c778bb727: Loading layer [==================================================>] 17.69 MB/17.69 MB
Loaded image: vmware/harbor-jobservice:v1.1.2                                   ] 196.6 kB/17.69 MB
fe4c16cbf7a4: Loading layer [==================================================>] 128.9 MB/128.9 MB
c4a8b7411af4: Loading layer [==================================================>] 60.57 MB/60.57 MB
3f117c44afbb: Loading layer [==================================================>] 3.584 kB/3.584 kB
3569f62067e2: Loading layer [==================================================>] 17.86 MB/17.86 MB
Loaded image: vmware/nginx:1.11.5-patched                                       ] 196.6 kB/17.86 MB
Loaded image: photon:1.0
4a050fccec52: Loading layer [==================================================>] 12.16 MB/12.16 MB
d918d73369ec: Loading layer [==================================================>]  17.3 MB/17.3 MB
22898836924e: Loading layer [==================================================>] 15.87 kB/15.87 kB
Loaded image: vmware/notary-photon:server-0.5.0                                 ]    512 B/15.87 kB
a39bd6a7f897: Loading layer [==================================================>] 10.95 MB/10.95 MB
6f79b8337a1f: Loading layer [==================================================>]  17.3 MB/17.3 MB
74bbd0e81dd0: Loading layer [==================================================>] 15.87 kB/15.87 kB
Loaded image: vmware/notary-photon:signer-0.5.0                                 ]    512 B/15.87 kB
2df722677b4c: Loading layer [==================================================>] 7.062 MB/7.062 MB
e5338f288c70: Loading layer [==================================================>] 7.062 MB/7.062 MB
Loaded image: vmware/harbor-adminserver:v1.1.2                                  ]  98.3 kB/7.062 MB
b79e6c985050: Loading layer [==================================================>] 21.26 MB/21.26 MB
568e827ac2db: Loading layer [==================================================>] 7.168 kB/7.168 kB
e120e08d1ae8: Loading layer [==================================================>] 12.92 MB/12.92 MB
c678c146825f: Loading layer [==================================================>] 9.728 kB/9.728 kB
835ee5702bce: Loading layer [==================================================>]  2.56 kB/2.56 kB
eaf7ac0e9e24: Loading layer [==================================================>] 21.26 MB/21.26 MB
Loaded image: vmware/harbor-ui:v1.1.2                                           ] 229.4 kB/21.26 MB
c8ef72937018: Loading layer [==================================================>] 67.93 MB/67.93 MB
01e57c31fb31: Loading layer [==================================================>] 3.584 kB/3.584 kB
ae8312f0516f: Loading layer [==================================================>] 3.072 kB/3.072 kB
47b646017cc6: Loading layer [==================================================>] 3.072 kB/3.072 kB
Loaded image: vmware/harbor-log:v1.1.2                                          ]    512 B/3.072 kB
5d6cbe0dbcf9: Loading layer [==================================================>] 129.2 MB/129.2 MB
435f2dfbd884: Loading layer [==================================================>] 344.6 kB/344.6 kB
814d7b59f0cc: Loading layer [==================================================>] 4.657 MB/4.657 MB
aae399245bd0: Loading layer [==================================================>] 1.536 kB/1.536 kB
21e2ae955f72: Loading layer [==================================================>] 33.84 MB/33.84 MB
a2d0f7b84059: Loading layer [==================================================>] 25.09 kB/25.09 kB
819fa6af55b8: Loading layer [==================================================>] 3.584 kB/3.584 kB
78914c99a468: Loading layer [==================================================>] 167.7 MB/167.7 MB
36e79c658afb: Loading layer [==================================================>] 6.144 kB/6.144 kB
f73503aca003: Loading layer [==================================================>] 9.216 kB/9.216 kB
a21b39f6da59: Loading layer [==================================================>] 1.536 kB/1.536 kB
2f0fcce131fa: Loading layer [==================================================>]  7.68 kB/7.68 kB
cbf999ad70ad: Loading layer [==================================================>] 4.608 kB/4.608 kB
8005207f317c: Loading layer [==================================================>] 4.608 kB/4.608 kB
Loaded image: vmware/harbor-db:v1.1.2                                           ]    512 B/4.608 kB
69c25b821c78: Loading layer [==================================================>] 22.79 MB/22.79 MB
5b403ac6f7ea: Loading layer [==================================================>] 3.584 kB/3.584 kB
9e2e304b5fe5: Loading layer [==================================================>] 2.048 kB/2.048 kB
Loaded image: vmware/registry:2.6.1-photon                                      ]    512 B/2.048 kB
78dbfa5b7cbc: Loading layer [==================================================>] 130.9 MB/130.9 MB
5f70bf18a086: Loading layer [==================================================>] 1.024 kB/1.024 kB
8deec01122be: Loading layer [==================================================>] 344.6 kB/344.6 kB
574ab36807f2: Loading layer [==================================================>] 1.536 kB/1.536 kB
d8f2cde2eef8: Loading layer [==================================================>] 20.48 kB/20.48 kB
eaa3924b054e: Loading layer [==================================================>]  5.12 kB/5.12 kB
8aa2c772121c: Loading layer [==================================================>] 184.3 MB/184.3 MB
c3014bbccb0b: Loading layer [==================================================>] 8.704 kB/8.704 kB
978a35efaa8c: Loading layer [==================================================>] 4.608 kB/4.608 kB
c2385ae7d6e5: Loading layer [==================================================>]  16.6 MB/16.6 MB
Loaded image: vmware/harbor-notary-db:mariadb-10.1.10                           ] 196.6 kB/16.6 MB


[Step 2]: preparing environment …
Generated and saved secret to file: /data/secretkey
Generated configuration file: ./common/config/nginx/nginx.conf
Generated configuration file: ./common/config/adminserver/env
Generated configuration file: ./common/config/ui/env
Generated configuration file: ./common/config/registry/config.yml
Generated configuration file: ./common/config/db/env
Generated configuration file: ./common/config/jobservice/env
Generated configuration file: ./common/config/jobservice/app.conf
Generated configuration file: ./common/config/ui/app.conf
Generated certificate, key file: ./common/config/ui/private_key.pem, cert file: ./common/config/registry/root.crt
The configuration files are ready, please use docker-compose to start the service.


[Step 3]: checking existing instance of Harbor …


[Step 4]: starting Harbor …
Creating network "harbor_harbor" with the default driver
Creating harbor-log … 
Creating harbor-log … done
Creating harbor-db … 
Creating harbor-adminserver … 
Creating registry … 
Creating harbor-db
Creating registry
Creating harbor-adminserver … done
Creating harbor-ui … 
Creating harbor-ui … done
Creating nginx … 
Creating harbor-jobservice … 
Creating nginx
Creating harbor-jobservice … done

✔ —-Harbor has been installed and started successfully.—-

Now you should be able to visit the admin portal at http://172.172.20.33. 
For more details, please visit https://github.com/vmware/harbor .

安装完毕后使用docker-compose查看

[root@node1 /root/harbor]#docker-compose ps
       Name                     Command               State                                Ports                               
——————————————————————————————————————————
harbor-adminserver   /harbor/harbor_adminserver       Up                                                                       
harbor-db            docker-entrypoint.sh mysqld      Up      3306/tcp                                                         
harbor-jobservice    /harbor/harbor_jobservice        Up                                                                       
harbor-log           /bin/sh -c crond && rm -f  …   Up      127.0.0.1:1514->514/tcp                                          
harbor-ui            /harbor/harbor_ui                Up                                                                       
nginx                nginx -g daemon off;             Up      0.0.0.0:443->443/tcp, 0.0.0.0:4443->4443/tcp, 0.0.0.0:80->80/tcp 
registry             /entrypoint.sh serve /etc/ …   Up      5000/tcp

如果需要修改配置重新安装执行以下操作

docker-compose down -v
./prepare
./install.sh

harbor的关闭和启动

[root@node1 /root/harbor]#docker-compose down -v
Stopping harbor-jobservice … done
Stopping nginx … done
Stopping harbor-ui … done
Stopping harbor-adminserver … done
Stopping registry … done
Stopping harbor-db … done
Stopping harbor-log … done
Removing harbor-jobservice … done
Removing nginx … done
Removing harbor-ui … done
Removing harbor-adminserver … done
Removing registry … done
Removing harbor-db … done
Removing harbor-log … done
Removing network harbor_harbor
[root@node1 /root/harbor]#
[root@node1 /root/harbor]#docker-compose ps
Name   Command   State   Ports 
——————————
[root@node1 /root/harbor]#
[root@node1 /root/harbor]#docker-compose up -d
Creating network "harbor_harbor" with the default driver
Creating harbor-log … 
Creating harbor-log … done
Creating registry … 
Creating harbor-adminserver … 
Creating harbor-db … 
Creating harbor-adminserver
Creating registry
Creating harbor-adminserver … done
Creating harbor-ui … 
Creating harbor-ui … done
Creating nginx … 
Creating harbor-jobservice … 
Creating nginx
Creating harbor-jobservice … done
[root@node1 /root/harbor]#
[root@node1 /root/harbor]#docker-compose ps
       Name                     Command               State                                Ports                               
——————————————————————————————————————————
harbor-adminserver   /harbor/harbor_adminserver       Up                                                                       
harbor-db            docker-entrypoint.sh mysqld      Up      3306/tcp                                                         
harbor-jobservice    /harbor/harbor_jobservice        Up                                                                       
harbor-log           /bin/sh -c crond && rm -f  …   Up      127.0.0.1:1514->514/tcp                                          
harbor-ui            /harbor/harbor_ui                Up                                                                       
nginx                nginx -g daemon off;             Up      0.0.0.0:443->443/tcp, 0.0.0.0:4443->4443/tcp, 0.0.0.0:80->80/tcp 
registry             /entrypoint.sh serve /etc/ …   Up      5000/tcp

通过浏览器访问harbor,默认用户名和密码是admin/Harbor12345

http://172.172.20.33

未分类

未分类

Ansible roles实现LAMP架构部署wordpress

为何使用Ansible及Ansible特点? Agentless(去中心化) Stupied Simple SSH by default YAML no code,定制剧本 基于python实现 模块化:调用特定模块 ,完成特定任务,支持自定义模块

整个role目录的结构:

.
├── ansible.cfg
├── hosts
├── httpd-php_roles.retry
├── httpd-php_roles.yml
├── roles
│ ├── httpd
│ │ ├── files
│ │ │ ├── mysql_wp.sh
│ │ │ ├── wordpress-4.7.4-zh_CN.tar.gz
│ │ │ ├── wordpress.conf
│ │ │ └── wp-config.php
│ │ ├── handlers
│ │ │ └── main.yml
│ │ ├── tasks
│ │ │ └── main.yml
│ │ └── vars
│ ├── mariadb
│ │ ├── defaults
│ │ ├── files
│ │ ├── handlers
│ │ │ └── main.yml
│ │ ├── tasks
│ │ │ └── main.yml
│ │ ├── templetes
│ │ └── vars
│ └── php
│ ├── defaults
│ ├── files
│ ├── handlers
│ ├── meta
│ ├── tasks
│ │ └── main.yml
│ ├── tmpletes
│ └── vars
└── wp-config.php

1. 定义hosts目标主机:

vim /etc/ansible/hosts
[httpd]
192.168.5.111

2. 创建httpd相关的目录:

mkdir httpd/{tasks,vars,files} -pv

3. 进入tasks目录创建并编辑main.yml

---
- name: install httpd
  yum: name=httpd state=present
- name: conf httpd
  copy: src=wordpress.conf dest=/etc/httpd/conf.d/
- name: file wordpress
  copy: src=wordpress-4.7.4-zh_CN.tar.gz dest=/var/www/html
- name: tar wordpress.tar.gz
  shell: "tar -xf wordpress-4.7.4-zh_CN.tar.gz && chown -R apache.apache wordpress && mv wordpress-4.7.4-zh_CN.tar.gz /usr/local/src"
  args:
    chdir: /var/www/html 
  notify: start httpd  #当上面的执行完成后会触发handler定义的同名的动作 
- name: conf wp-config.php
  copy: src=wp-config.php dest=/var/www/html/wordpress
- name: mysql_wp.sh
  script: mysql_wp.sh
  notify: restart httpd 
- name: restart httpd
    service: name=httpd state=restarted

4. 将所需的文件放入roles/httpd/files中,文件中的内容下面用到会提及

files/
├── mysql_wp.sh
├── wordpress-4.7.4-zh_CN.tar.gz
├── wordpress.conf
└── wp-config.php

5. 在handlers中编辑main.yml定义触发的动作

---
- name: start httpd
  service: name=httpd state=started
- name: restart httpd
  service: name=httpd state=restarted

6. httpd的已经完成,接下来定义php模块的内容,同样在roles中创建php相关目录:

mkdir php/{tmpletes,tasks,files,handlers,meta,defaults,vars} -pv

7. 编辑tasks中的main.yml文件,这里只是安装了一个php模块:

---
- name: install php
  yum: name=php state=present

8. 定义mariadb相关的内容的目录:

mkdir mariadb/{templetes,handlers,vars,files,defaults,tasks} -vp

9. 编辑roles/mariadb/tasks/main.yml文件,顺带安装一下几个模块:

---
- name: install mariadb
  yum: name=mariadb-server state=present
- name: install httpd-mysql
  yum: name=php-mysql state=present
- name: install php-mbstring
  yum: name=php-mbstring state=present
- name: restart mariadb 
  service: name=mariadb state=restarted

10. wordpress程序需要手动更改一个配置文件,事先编辑好直接推送wordpress/目录下,这就是roles/httpd/files中的wp-conf.php,需要更改内容如下:

define('DB_NAME', 'wordpress');

/** MySQL数据库用户名 */
define('DB_USER', 'wpuser');

/** MySQL数据库密码 */
define('DB_PASSWORD', 'wppd');

/** MySQL主机 */
define('DB_HOST', 'localhost');

11. 上面定义的数据库需要数据库等需要自行创建,将其写脚本files/mysql_wp.sh文件:

#!/bin/bash
#
mysql -uroot -e " 
        CREATE DATABASE IF NOT EXISTS wordpress CHARACTER  SET 'utf8';
        GRANT ALL ON wordpress.* TO 'wpuser'@'localhost' IDENTIFIED BY 'wppd'; "

12. 与roles同级创建一个yml文件,将这三个项目整合起来运行:

cd /etc/ansible
vim httpd-php_roles.yml
---
- hosts: httpd
  remote_user: root
  roles:
  - { role: php, tags: [ php-tag,ap-tag ] }
  - { role: mariadb, tags: [ mariadb-tag,ap-tag ] }
  - { role: httpd, tags: [ httpd-tag,ap-tag ] }

13. 向定义的目标主机进行发布程序:

~]# ansible-playbook /etc/ansible/httpd-php_roles.yml

只要目标主机yum源可用,没有遇到报错基本OK.

未分类

访问验证一下:

未分类

git工作流(Gitflow/gitlab代码权限管理)

现状

团队之前使用SVN进行代码管理,也没有很好的利用分支管理代码版本。版本冲突问题比较严重,版本库里的代码不能作为稳定代码。
开发人员永远不知道生产上代码长啥样(环境上是编译后的jar),提测需要跟测试版本比较,上生产需要跟生产版本比较,混乱的一匹。

基于以上原因(尽管svn也有办法解决版本问题),直接在团队里推行了git版本管理,部署了gitlab做管理工具,并参考了网上各种资料以及以前公司的处理经验,制定了一套代码管理方案。

解决方案

基于gitlab进行的代码权限、流程管理

代码分支

  • master分支 生产代码版本
  • qa分支 测试代码版本
  • dev-xxx 开发代码版本(xxx表示版本号)

gitlab角色

未分类

代码开发管理流程图

未分类