标签:CentOS

CentOS 7安装Harbor Docker Registry

Harbor是VMware公司开源的企业级Docker Registry,在原生Docker Registry的基础上增加了一些安全、访问控制、管理等功能以满足企业对于镜像仓库的需求。Harbor以docker-compose的规范形式组织各个组件,并通过docker-compose工具进行启停。

安装docker-compose

[root@node1 /root/harbor]#curl -L https://github.com/docker/compose/releases/download/1.13.0/docker-compose-`uname -s`-`uname -m` > /usr/local/bin/docker-compose
[root@node1 /root/harbor]#chmod +x /usr/local/bin/docker-compose
[root@node1 /root/harbor]#docker-compose version
docker-compose version 1.13.0, build 1719ceb
docker-py version: 2.2.1
CPython version: 2.7.13
OpenSSL version: OpenSSL 1.0.1t  3 May 2016

修改harbor.cfg配置文件里的hostname参数为本机ip

hostname = 172.172.20.33

开始安装harbor

[root@node1 /root/harbor]#./install.sh 

[Step 0]: checking installation environment …

Note: docker version: 1.12.6

Note: docker-compose version: 1.13.0

[Step 1]: loading Harbor images …
dd60b611baaa: Loading layer [==================================================>] 133.2 MB/133.2 MB
0bfc226dc2e8: Loading layer [==================================================>] 1.536 kB/1.536 kB
66c3231118d2: Loading layer [==================================================>] 17.69 MB/17.69 MB
fe2c778bb727: Loading layer [==================================================>] 17.69 MB/17.69 MB
Loaded image: vmware/harbor-jobservice:v1.1.2                                   ] 196.6 kB/17.69 MB
fe4c16cbf7a4: Loading layer [==================================================>] 128.9 MB/128.9 MB
c4a8b7411af4: Loading layer [==================================================>] 60.57 MB/60.57 MB
3f117c44afbb: Loading layer [==================================================>] 3.584 kB/3.584 kB
3569f62067e2: Loading layer [==================================================>] 17.86 MB/17.86 MB
Loaded image: vmware/nginx:1.11.5-patched                                       ] 196.6 kB/17.86 MB
Loaded image: photon:1.0
4a050fccec52: Loading layer [==================================================>] 12.16 MB/12.16 MB
d918d73369ec: Loading layer [==================================================>]  17.3 MB/17.3 MB
22898836924e: Loading layer [==================================================>] 15.87 kB/15.87 kB
Loaded image: vmware/notary-photon:server-0.5.0                                 ]    512 B/15.87 kB
a39bd6a7f897: Loading layer [==================================================>] 10.95 MB/10.95 MB
6f79b8337a1f: Loading layer [==================================================>]  17.3 MB/17.3 MB
74bbd0e81dd0: Loading layer [==================================================>] 15.87 kB/15.87 kB
Loaded image: vmware/notary-photon:signer-0.5.0                                 ]    512 B/15.87 kB
2df722677b4c: Loading layer [==================================================>] 7.062 MB/7.062 MB
e5338f288c70: Loading layer [==================================================>] 7.062 MB/7.062 MB
Loaded image: vmware/harbor-adminserver:v1.1.2                                  ]  98.3 kB/7.062 MB
b79e6c985050: Loading layer [==================================================>] 21.26 MB/21.26 MB
568e827ac2db: Loading layer [==================================================>] 7.168 kB/7.168 kB
e120e08d1ae8: Loading layer [==================================================>] 12.92 MB/12.92 MB
c678c146825f: Loading layer [==================================================>] 9.728 kB/9.728 kB
835ee5702bce: Loading layer [==================================================>]  2.56 kB/2.56 kB
eaf7ac0e9e24: Loading layer [==================================================>] 21.26 MB/21.26 MB
Loaded image: vmware/harbor-ui:v1.1.2                                           ] 229.4 kB/21.26 MB
c8ef72937018: Loading layer [==================================================>] 67.93 MB/67.93 MB
01e57c31fb31: Loading layer [==================================================>] 3.584 kB/3.584 kB
ae8312f0516f: Loading layer [==================================================>] 3.072 kB/3.072 kB
47b646017cc6: Loading layer [==================================================>] 3.072 kB/3.072 kB
Loaded image: vmware/harbor-log:v1.1.2                                          ]    512 B/3.072 kB
5d6cbe0dbcf9: Loading layer [==================================================>] 129.2 MB/129.2 MB
435f2dfbd884: Loading layer [==================================================>] 344.6 kB/344.6 kB
814d7b59f0cc: Loading layer [==================================================>] 4.657 MB/4.657 MB
aae399245bd0: Loading layer [==================================================>] 1.536 kB/1.536 kB
21e2ae955f72: Loading layer [==================================================>] 33.84 MB/33.84 MB
a2d0f7b84059: Loading layer [==================================================>] 25.09 kB/25.09 kB
819fa6af55b8: Loading layer [==================================================>] 3.584 kB/3.584 kB
78914c99a468: Loading layer [==================================================>] 167.7 MB/167.7 MB
36e79c658afb: Loading layer [==================================================>] 6.144 kB/6.144 kB
f73503aca003: Loading layer [==================================================>] 9.216 kB/9.216 kB
a21b39f6da59: Loading layer [==================================================>] 1.536 kB/1.536 kB
2f0fcce131fa: Loading layer [==================================================>]  7.68 kB/7.68 kB
cbf999ad70ad: Loading layer [==================================================>] 4.608 kB/4.608 kB
8005207f317c: Loading layer [==================================================>] 4.608 kB/4.608 kB
Loaded image: vmware/harbor-db:v1.1.2                                           ]    512 B/4.608 kB
69c25b821c78: Loading layer [==================================================>] 22.79 MB/22.79 MB
5b403ac6f7ea: Loading layer [==================================================>] 3.584 kB/3.584 kB
9e2e304b5fe5: Loading layer [==================================================>] 2.048 kB/2.048 kB
Loaded image: vmware/registry:2.6.1-photon                                      ]    512 B/2.048 kB
78dbfa5b7cbc: Loading layer [==================================================>] 130.9 MB/130.9 MB
5f70bf18a086: Loading layer [==================================================>] 1.024 kB/1.024 kB
8deec01122be: Loading layer [==================================================>] 344.6 kB/344.6 kB
574ab36807f2: Loading layer [==================================================>] 1.536 kB/1.536 kB
d8f2cde2eef8: Loading layer [==================================================>] 20.48 kB/20.48 kB
eaa3924b054e: Loading layer [==================================================>]  5.12 kB/5.12 kB
8aa2c772121c: Loading layer [==================================================>] 184.3 MB/184.3 MB
c3014bbccb0b: Loading layer [==================================================>] 8.704 kB/8.704 kB
978a35efaa8c: Loading layer [==================================================>] 4.608 kB/4.608 kB
c2385ae7d6e5: Loading layer [==================================================>]  16.6 MB/16.6 MB
Loaded image: vmware/harbor-notary-db:mariadb-10.1.10                           ] 196.6 kB/16.6 MB


[Step 2]: preparing environment …
Generated and saved secret to file: /data/secretkey
Generated configuration file: ./common/config/nginx/nginx.conf
Generated configuration file: ./common/config/adminserver/env
Generated configuration file: ./common/config/ui/env
Generated configuration file: ./common/config/registry/config.yml
Generated configuration file: ./common/config/db/env
Generated configuration file: ./common/config/jobservice/env
Generated configuration file: ./common/config/jobservice/app.conf
Generated configuration file: ./common/config/ui/app.conf
Generated certificate, key file: ./common/config/ui/private_key.pem, cert file: ./common/config/registry/root.crt
The configuration files are ready, please use docker-compose to start the service.


[Step 3]: checking existing instance of Harbor …


[Step 4]: starting Harbor …
Creating network "harbor_harbor" with the default driver
Creating harbor-log … 
Creating harbor-log … done
Creating harbor-db … 
Creating harbor-adminserver … 
Creating registry … 
Creating harbor-db
Creating registry
Creating harbor-adminserver … done
Creating harbor-ui … 
Creating harbor-ui … done
Creating nginx … 
Creating harbor-jobservice … 
Creating nginx
Creating harbor-jobservice … done

✔ —-Harbor has been installed and started successfully.—-

Now you should be able to visit the admin portal at http://172.172.20.33. 
For more details, please visit https://github.com/vmware/harbor .

安装完毕后使用docker-compose查看

[root@node1 /root/harbor]#docker-compose ps
       Name                     Command               State                                Ports                               
——————————————————————————————————————————
harbor-adminserver   /harbor/harbor_adminserver       Up                                                                       
harbor-db            docker-entrypoint.sh mysqld      Up      3306/tcp                                                         
harbor-jobservice    /harbor/harbor_jobservice        Up                                                                       
harbor-log           /bin/sh -c crond && rm -f  …   Up      127.0.0.1:1514->514/tcp                                          
harbor-ui            /harbor/harbor_ui                Up                                                                       
nginx                nginx -g daemon off;             Up      0.0.0.0:443->443/tcp, 0.0.0.0:4443->4443/tcp, 0.0.0.0:80->80/tcp 
registry             /entrypoint.sh serve /etc/ …   Up      5000/tcp

如果需要修改配置重新安装执行以下操作

docker-compose down -v
./prepare
./install.sh

harbor的关闭和启动

[root@node1 /root/harbor]#docker-compose down -v
Stopping harbor-jobservice … done
Stopping nginx … done
Stopping harbor-ui … done
Stopping harbor-adminserver … done
Stopping registry … done
Stopping harbor-db … done
Stopping harbor-log … done
Removing harbor-jobservice … done
Removing nginx … done
Removing harbor-ui … done
Removing harbor-adminserver … done
Removing registry … done
Removing harbor-db … done
Removing harbor-log … done
Removing network harbor_harbor
[root@node1 /root/harbor]#
[root@node1 /root/harbor]#docker-compose ps
Name   Command   State   Ports 
——————————
[root@node1 /root/harbor]#
[root@node1 /root/harbor]#docker-compose up -d
Creating network "harbor_harbor" with the default driver
Creating harbor-log … 
Creating harbor-log … done
Creating registry … 
Creating harbor-adminserver … 
Creating harbor-db … 
Creating harbor-adminserver
Creating registry
Creating harbor-adminserver … done
Creating harbor-ui … 
Creating harbor-ui … done
Creating nginx … 
Creating harbor-jobservice … 
Creating nginx
Creating harbor-jobservice … done
[root@node1 /root/harbor]#
[root@node1 /root/harbor]#docker-compose ps
       Name                     Command               State                                Ports                               
——————————————————————————————————————————
harbor-adminserver   /harbor/harbor_adminserver       Up                                                                       
harbor-db            docker-entrypoint.sh mysqld      Up      3306/tcp                                                         
harbor-jobservice    /harbor/harbor_jobservice        Up                                                                       
harbor-log           /bin/sh -c crond && rm -f  …   Up      127.0.0.1:1514->514/tcp                                          
harbor-ui            /harbor/harbor_ui                Up                                                                       
nginx                nginx -g daemon off;             Up      0.0.0.0:443->443/tcp, 0.0.0.0:4443->4443/tcp, 0.0.0.0:80->80/tcp 
registry             /entrypoint.sh serve /etc/ …   Up      5000/tcp

通过浏览器访问harbor,默认用户名和密码是admin/Harbor12345

http://172.172.20.33

未分类

未分类

CentOS 7.3 上用 docker 部署 redis 介绍

Redis最新的版本已经是4.0.1了,我查了下镜像也更新了。于是在本地部署体验下,当然,这篇文章不是来介绍Redis 4.0的新功能,而是来介绍如何用docker来部署的入门级课程。

1. Docker 安装启动

$ yum -y install docker-io
$ service docker start
$ chkconfig docker on

2. 下载镜像

$ docker pull redis

3. 启动容器

这里我把容器的映射建立在/docker/redis/data,/docker/redis/conf目录下面,这两个目录自己创建,配置文件redis.conf从别的途径获取的,启动前,需要对目录加入白名单,不然启动会失败,错误为没有权限

$ chcon -Rt svirt_sandbox_file_t /docker/redis/data

启动语句如下

docker run --name redis -p 6379:6379 
-v /docker/redis/conf/redis.conf:/usr/local/etc/redis/redis.conf 
-v /docker/redis/data:/data 
-d redis redis-server /usr/local/etc/redis/redis.conf

去掉上面的-d参数,可以看见启动日志,如果启动失败,则可以看见错误的日志,也可以用命令查看日志

$ docker logs redis,redis是容器的名字

4. 关闭防火墙

firewall-cmd --zone=public --add-port=6379/tcp --permanent
systemctl restart firewalld

5. 先在本地启动redis客户端

$ docker run -it --link redis:redis --rm redis redis-cli -h redis -p 6379

或者

$ docker exec -it redis /bin/bash
> redis-cli

未分类

6. 用工具进行连接

常用的工具是redis desktop manager,可以很好的管理redis,也可以在上面执行管理的命令。

Centos 7 Zabbix Agent 客户端源码编译安装配置

Zabbix Agent 安装在远程系统上,需要通过Zabbix服务器进行监控。Zabbix Agent在客户端系统上收集资源利用和应用程序数据,并向Zabbix服务器提供这些信息。Zabbix支持Ping,ZBX、SNMP、JMX、IPMI等监控方式。

1. 安装扩展包以及依赖包

$ yum -y install epel-release
$ yum install pcre pcre-devel openssl openssl-devel -y

2. 添加Zabbix用户和组

$ groupadd zabbix
$ useradd zabbix -g zabbix -s /sbin/nologin

3. 安装Zabbix-Agent

下载地址:https://www.zabbix.com/download

$ cd /tmp
$ tar -zxvf zabbix-3.4.1.tar.gz
$ cd zabbix-3.4.1
$ ./configure --prefix=/usr/local/zabbix --enable-agent --with-mysql --with-openssl
$ make && make install

4. 创建Zabbix日志目录并生成(PSK)密钥

$ mkdir -p /usr/local/zabbix/logs/
$ chown -R zabbix.zabbix /user/local/zabbix
$ sh -c "openssl rand -hex 32 > /usr/local/zabbix/etc/zabbix_agentd.psk"
$ cat /usr/local/zabbix/etc/zabbix_agentd.psk
fd1ac849e5f787dfc04300ae997d158e6f6f0c2209d66e7d2e687da2032ecbae

5. 配置zabbix_agentd.conf

以下是配置完成后的内容:

$ egrep -v "(^#|^$)" /usr/local/zabbix/etc/zabbix_agentd.conf

EnableRemoteCommands=1 #来至zabbix服务器的远程命令是否允许被执行
PidFile=/usr/local/zabbix/zabbix_agentd.pid
LogFile=/usr/local/zabbix/logs/zabbix_agentd.log
Server=10.10.204.65 #Zabbix Server IP 地址
ServerActive=10.10.204.65 #地址同上 主动向 Zabbix Server 发送监控内容
Hostname=101020465 #本机主机名 内容要和Zabbix Server 配置的 Host Name 一致
HostMetadataItem=system.uname #用于Item获取数据
User=zabbix
UnsafeUserParameters=1 #是否启用自定义key,zabbix监控mysql、tomcat等数据时需要自定义key
#下面使用预共享密钥(PSK)来保护服务器和客户端之间的连接
TLSConnect=psk
TLSAccept=psk
TLSPSKIdentity=PSK 001
TLSPSKFile=/usr/local/zabbix/etc/zabbix_agentd.psk

注意:关于更多Agent配置参数优化,请参阅这里(https://www.zabbix.com/documentation/3.4/zh/manual/appendix/config/zabbix_agentd)。

6. 创建systemctl系统Zabbix agent 单元文件

$ vim /usr/lib/systemd/system/zabbix-agent.service

[Unit]
Description=Zabbix Agent
After=syslog.target
After=network.target

[Service]
Environment="CONFFILE=/usr/local/zabbix/etc/zabbix_agentd.conf"
#EnvironmentFile=/usr/local/zabbix/etc/zabbix_agentd.conf.d/
Type=forking
Restart=on-failure
#PIDFile=/tmp/zabbix_agentd.pid
KillMode=control-group
ExecStart=/usr/local/zabbix/sbin/zabbix_agentd -c $CONFFILE
ExecStop=/bin/kill -SIGTERM $MAINPID
RestartSec=10s

[Install]
WantedBy=multi-user.target

7. 启动 Zabbix Agentd 客户端服务并加入开机自启动

$ systemctl start zabbix-agent
$ systemctl enable zabbix-agent

8. 设置 Firewalld 防火墙

$ firewall-cmd --permanent --add-port=10050/tcp
$ firewall-cmd --reload

已经完成 Zabbix Agent 的安装。后期我还会写一些关于zabbix的使用以及优化。

Centos 7 JDK、Tomcat9 安装并配置

一、JDK 安装

1、安装wget

yum -y install wget

2、下载,输入指令

wget --no-check-certificate --no-cookies --header "Cookie: oraclelicense=accept-securebackup-cookie" http://download.oracle.com/otn-pub/java/jdk/8u144-b01/090f390dda5b47b9b721c7dfaa008135/jdk-8u144-linux-x64.rpm

3、执行npm安装包,等待安装完成

rpm -ivh jdk-8u112-linux-x64.rpm

4、验证安装是否成功

//输入指令

java -version
//输出版本
java version “1.8.0_112”
Java(TM) SE Runtime Environment (build 1.8.0_112-b15)
Java HotSpot(TM) 64-Bit Server VM (build 25.112-b15, mixed mode)

二、Tomcat 安装

1、下载,切换至任意目录执行

wget http://archive.apache.org/dist/tomcat/tomcat-9/v9.0.0.M18/bin/apache-tomcat-9.0.0.M18.tar.gz

2、解压 ,执行以下命令

tar -zxvf apache-tomcat-9.0.0.M18.tar.gz

3、移动至想放置的目录

mv apache-tomcat-9.0.0.M18 /usr/local/

4、配置自启动

切换至Tomcat的bin目录执行vi setenv.sh,并按i进入编辑模式,拷贝以下代码粘贴

#add tomcat pid
CATALINA_PID=”$CATALINA_BASE/tomcat.pid”
#add java opts
JAVA_OPTS=”-server -XX:PermSize=256M -XX:MaxPermSize=1024m -Xms512M -Xmx1024M -XX:MaxNewSize=256m”

之后按esc键,在按shift+:(左下角出现会出现“:”),然后输入wq保存退出,最后执行 chmod +x setenv.sh,确保文件setenv.sh可执行。

5、配置service

执行cd /usr/lib/systemd/system切换至目录 并执行vi tomcat.service(也可以直接vi /usr/lib/systemd/system/tomcat.service),拷贝以下代码粘贴(注意将第6和7行的Tomcat路径/usr/local/apache-tomcat-9.0.0.M18 换成你自己的Tomcat的绝对路径)

[Unit]
Description=Tomcat
After=syslog.target network.target remote-fs.target nss-lookup.target
[Service]
Type=forking
PIDFile=/usr/local/apache-tomcat-9.0.0.M18/tomcat.pid
ExecStart=/usr/local/apache-tomcat-9.0.0.M18/bin/startup.sh
ExecReload=/bin/kill -s HUP $MAINPID
ExecStop=/bin/kill -s QUIT $MAINPID
PrivateTmp=true
[Install]
WantedBy=multi-user.target

之后按esc键,在按shift+:(左下角出现会出现“:”),然后输入wq保存退出。执行以下指令将tomcat.service添加开机至开机启动

//配置开机启动
systemctl enable tomcat
//启动tomcat
systemctl start tomcat
//停止tomcat
systemctl stop tomcat
//重启tomcat
systemctl restart tomcat

配置完成,建议重启服务器,即输入命令 reboot(或者sudo reboot)即可在浏览器里输入你的服务器地址+8080端口(例如:192.168.1.161:8080),如果看到小猫咪表示成功,否则请检查以上所有步骤是否全都执行正确了。

6、修改端口

切换至Tomcat conf目录

cd /usr/local/apache-tomcat-9.0.0.M18/conf
//输入指令打开文件
vi server.xml
//输入 /8080 并回车搜索8080 字符串,找到如下两处地方
<<Connector port="8080" protocol="HTTP/1.1"
               connectionTimeout="20000"
               redirectPort="8443" />
    <!-- A "Connector" using the shared thread pool-->
    <!--
    <Connector executor="tomcatThreadPool"
               port="8080" protocol="HTTP/1.1"
               connectionTimeout="20000"
               redirectPort="8443" />
//按“i”进入编辑模式,将port="8080"改成port="80"
<Connector port="80" protocol="HTTP/1.1"
               connectionTimeout="20000"
               redirectPort="8443" />
    <!-- A "Connector" using the shared thread pool-->
    <!--
    <Connector executor="tomcatThreadPool"
               port="80" protocol="HTTP/1.1"
               connectionTimeout="20000"
               redirectPort="8443" />

之后按esc键,在按shift+:(左下角出现会出现“:”),然后输入wq保存退出。

7、配置gui-manager项目部署方式

切换至Tomcat conf目录,输入vi tomcat-users.xml打开文件,按“i”进入编辑模式,拷贝以下代码放置标签之间(注意将password和username换成你自己的)

 <role rolename="manager"/>     
  <role rolename="admin"/> 
  <role rolename="admin-gui"/>
  <role rolename="manager-gui"/>
  <user username="xxx" password="***" roles="admin-gui,manager-gui"/>

之后按esc键,在按shift+:(左下角出现会出现“:”),然后输入wq保存退出。

输入 cd webapps/manager/META-INF/ 切换至目录,输入vi context.xml打开文件,按i进入编辑模式,将 标签下的 标签注释掉

<Context antiResourceLocking="false" privileged="true" >
<!--注释掉此标签
 <Valve className="org.apache.catalina.valves.RemoteAddrValve"
         allow="127.d+.d+.d+|::1|0:0:0:0:0:0:0:1" />
-->
</Context>

之后按esc键,在按shift+:(左下角出现会出现“:”),然后输入wq保存退出。

8、重启Tomcat

systemctl restart tomcat

浏览器中直接输入你的服务器地址,例如192.168.1.161(不用输端口号了),看见小猫咪,点击manager 输入账号密码即可部署你的项目了。