eri
localhost.crt-bak
vim /etc/netplan/50-cloud-init.yaml 写入网卡 root@master:~# cat /etc/netplan/50-cloud-init.yaml # This file is generated from information provided by # the datasource. Changes to it will not persist across an instance. # To disable cloud-init's network configuration capabilities, write a file # /etc/cloud/cloud.cfg.d/99-disable-network-config.cfg with the following: # network: {config: disabled} network: ethernets: ens33: dhcp4: true ens38: #dhcp4: true addresses: [192.168.134.130/24] nameservers: addresses: [114.114.114.114]
gateway4: 192.168.134.2 version: 2 netplan apply 重启网络
wget www.alexman.cn/sources.list -O /etc/apt/sources.list
vim /etc/apt/sources.list
deb http://mirrors.aliyun.com/ubuntu/ bionic main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ bionic main restricted universe multiverse
deb http://mirrors.aliyun.com/ubuntu/ bionic-security main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ bionic-security main restricted universe multiverse
deb http://mirrors.aliyun.com/ubuntu/ bionic-updates main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ bionic-updates main restricted universe multiverse
deb http://mirrors.aliyun.com/ubuntu/ bionic-backports main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ bionic-backports main restricted universe multiverse
deb http://mirrors.aliyun.com/ubuntu/ bionic-proposed main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ bionic-proposed main restricted universe multiverse
curl -fsSL https://mirrors.aliyun.com/docker-ce/linux/ubuntu/gpg | sudo apt-key add -
apt-get update
cp /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
echo 'LANG="en_US.UTF-8"' >> /etc/profile
source /etc/profile
systemctl disable systemd-resolved.service
systemctl stop systemd-resolved.service
vim /etc/hosts
192.168.219.200 rancherm1
192.168.219.201 ranchers1
192.168.219.202 rancherm2
rm -rf /etc/resolv.conf
echo "
nameserver 114.114.114.114
nameserver 8.8.8.8
" > /etc/resolv.conf
echo " net.bridge.bridge-nf-call-ip6tables=1 net.bridge.bridge-nf-call-iptables=1 net.ipv4.ip_forward=1 net.ipv4.conf.all.forwarding=1 net.ipv4.neigh.default.gc_thresh1=4096 net.ipv4.neigh.default.gc_thresh2=6144 net.ipv4.neigh.default.gc_thresh3=8192 net.ipv4.neigh.default.gc_interval=60 net.ipv4.neigh.default.gc_stale_time=120 " >> /etc/sysctl.conf
sysctl -p
cat >> /etc/security/limits.conf <<EOF root soft nofile 65535 root hard nofile 65536 * soft nofile 65535 * hard nofile 65536 EOF
vim mod.txt
br_netfilter
ip6_udp_tunnel
ip_set
ip_set_hash_ip
ip_set_hash_net
iptable_filter
iptable_nat
iptable_mangle
iptable_raw
nf_conntrack_netlink
nf_conntrack
nf_conntrack_ipv4
nf_defrag_ipv4
nf_nat
nf_nat_ipv4
nf_nat_masquerade_ipv4
nfnetlink
udp_tunnel
veth
vxlan
x_tables
xt_addrtype
xt_conntrack
xt_comment
xt_mark
xt_multiport
xt_nat
xt_recent
xt_set
xt_statistic
xt_tcpudp
wget www.alexman.cn/mod.txt
for i in `cat mod.txt`;do modprobe $i;done
下面这段没做,供参考
# 定义用户名 NEW_USER=rancher # 添加用户(可选) sudo adduser $NEW_USER # 为新用户设置密码 sudo passwd $NEW_USER # 为新用户添加sudo权限 sudo echo "$NEW_USER ALL=(ALL) ALL" >> /etc/sudoers # 定义安装版本 export docker_version=18.06.3; # step 1: 安装必要的一些系统工具 sudo apt-get remove docker docker-engine docker.io containerd runc -y; sudo apt-get update; sudo apt-get -y install apt-transport-https ca-certificates \ curl software-properties-common bash-completion gnupg-agent; # step 2: 安装GPG证书 sudo curl -fsSL http://mirrors.aliyun.com/docker-ce/linux/ubuntu/gpg | \ sudo apt-key add -; # Step 3: 写入软件源信息 sudo add-apt-repository "deb [arch=amd64] http://mirrors.aliyun.com/docker-ce/linux/ubuntu \ $(lsb_release -cs) stable"; # Step 4: 更新并安装 Docker-CE sudo apt-get -y update; version=$(apt-cache madison docker-ce|grep ${docker_version}|awk '{print $3}'); # --allow-downgrades 允许降级安装 sudo apt-get -y install docker-ce=${version} --allow-downgrades; # 把当前用户加入docker组 sudo usermod -aG docker $NEW_USER; # 设置开机启动 sudo systemctl enable docker;
最好重启一下
apt-cache madison docker-ce (查看版本)
apt-get install docker-ce=5:19.03.6~3-0~ubuntu-bionic docker-ce-cli=5:19.03.6~3-0~ubuntu-bionic (安装指定版本)
apt-get install -y docker.io (废弃)
wget www.alexman.cn/docker.service -O /lib/systemd/system/docker.service
vim /lib/systemd/system/docker.service [Service] OOMScoreAdjust=-1000 #alex add Type=notify # the default is not to use systemd for cgroups because the delegate issues still # exists and systemd currently does not support the cgroup feature set required # for containers run by docker ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock ExecReload=/bin/kill -s HUP $MAINPID ExecStartPost=/sbin/iptables -P FORWARD ACCEPT #alex add
wget www.alexman.cn/daemon.json -O /etc/docker/daemon.json
vim /etc/docker/daemon.json { "oom-score-adjust": -1000, "log-driver": "json-file", "registry-mirrors": ["https://7vm1yv9c.mirror.aliyuncs.com"], "insecure-registries":["repo.onlyharbor.com:5000","store.onlyharbor.com:5000","192.168.1.201:1080"], "max-concurrent-downloads": 10, "max-concurrent-uploads": 10, "storage-driver": "overlay2", "storage-opts": ["overlay2.override_kernel_check=true"] }
systemctl daemon-reload
systemctl restart docker
apt-get install nfs-common
mkdir /log
ln -fs /lib/systemd/system/rc-local.service /etc/systemd/system/rc-local.service
echo "
[Install]
WantedBy=multi-user.target
Alias=rc-local.service
" >> /etc/systemd/system/rc-local.service
echo '#!/bin/bash
for i in `cat /root/mod.txt`;do /sbin/modprobe $i;done
mount.nfs4 10.10.10.80:/nfs /log' >>/etc/rc.local
chmod +x /etc/rc.local
apt-get install zabbix-agent
sed -i -e 's/Server=127.0.0.1/Server=10.10.10.80/g' -e 's/ServerActive=127.0.0.1/ServerActive=10.10.10.80/g' /etc/zabbix/zabbix_agentd.conf && /etc/init.d/zabbix-agent restart
master: docker run -d --restart=unless-stopped -v /root/rancher:/var/lib/rancher/ -p 80:80 -p 443:443 rancher/rancher:v2.2.7
------------------------------------------------------------------------------------------------------------------------------------------------------------------
centos7版本:
yum erase docker docker-client docker-client-latest docker-common docker-latest docker-latest-logrotate docker-selinux docker-engine-selinux docker-engine docker-ce docker-io
find /etc/systemd -name '*docker*' -exec -rm -f {} \;
find /lib/systemd -name '*docker*' -exec rm -rf {} \;
rm -rf /var/lib/docker
rm -rf /var/run/docker
yum install -y yum-utils device-mapper-persistent-data lvm2
yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
yum list docker-ce --showduplicates | sort -r
yum install docker-ce-18.09.8
cp /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
echo 'LANG="en_US.UTF-8"' >> /etc/profile
source /etc/profile
vim /etc/hosts
echo "
net.bridge.bridge-nf-call-ip6tables=1
net.bridge.bridge-nf-call-iptables=1
net.ipv4.ip_forward=1
net.ipv4.conf.all.forwarding=1
net.ipv4.neigh.default.gc_thresh1=4096
net.ipv4.neigh.default.gc_thresh2=6144
net.ipv4.neigh.default.gc_thresh3=8192
net.ipv4.neigh.default.gc_interval=60
net.ipv4.neigh.default.gc_stale_time=120
" >> /etc/sysctl.conf
sysctl -p
cat >> /etc/security/limits.conf <<EOF
root soft nofile 65535
root hard nofile 65536
* soft nofile 65535
* hard nofile 65536
EOF
vim mod.txt
br_netfilter
ip6_udp_tunnel
ip_set
ip_set_hash_ip
ip_set_hash_net
iptable_filter
iptable_nat
iptable_mangle
iptable_raw
nf_conntrack_netlink
nf_conntrack
nf_conntrack_ipv4
nf_defrag_ipv4
nf_nat
nf_nat_ipv4
nf_nat_masquerade_ipv4
nfnetlink
udp_tunnel
veth
vxlan
x_tables
xt_addrtype
xt_conntrack
xt_comment
xt_mark
xt_multiport
xt_nat
xt_recent
xt_set
xt_statistic
xt_tcpudp
for i in `cat mod.txt`;do modprobe $i;done
vim /lib/systemd/system/docker.service
vim /etc/docker/daemon.json
systemctl daemon-reload
systemctl restart docker
master: docker run -d --restart=unless-stopped -v /root/rancher:/var/lib/rancher/ -p 80:80 -p 443:443 rancher/rancher:v2.2.7
--------------------------------------------------------------------------------------
rancher恢复极端做法
机器:
rancher server
rancher worker
rancher server 恢复机
rancher server:
docker ps
docker stop stoic_ishizaka #rancher server的docker 名字
docker create --volumes-from stoic_ishizaka --name rancher-data-alex rancher/rancher:v2.2.7
docker run --volumes-from rancher-data-alex -v $PWD:/backup:z busybox tar czvf /backup/rancher-data-backup-v2.2.7-11-22.tar.gz /var/lib/rancher
scp rancher-data-backup-v2.2.7-11-22.tar.gz 192.168.219.202:~/ #复制到恢复机
恢复机:
docker run -d --restart=unless-stopped -v /root/rancher:/var/lib/rancher/ -p 80:80 -p 443:443 rancher/rancher:v2.2.7
docker ps
docker stop recursing_franklin
docker run --volumes-from recursing_franklin -v $PWD:/backup busybox sh -c "rm /var/lib/rancher/* -rf && tar zxvf /backup/alex.tar.gz"
docker start recursing_franklin
rancher server 开始ifconfig 换ip
恢复机恢复成损坏机器的ip
192.168.1.210的rancher启动方式:
docker run -d --restart=unless-stopped \-p 58080:80 -p 55443:443 \-v /home/k8s/data/rancher/:/var/lib/rancher/ \-v /home/k8s/data/rancher/auditlog:/var/log/auditlog \-e AUDIT_LEVEL=3 \rancher/rancher:stable