eri

localhost.crt-bak

vim /etc/netplan/50-cloud-init.yaml 写入网卡 root@master:~# cat /etc/netplan/50-cloud-init.yaml # This file is generated from information provided by # the datasource. Changes to it will not persist across an instance. # To disable cloud-init's network configuration capabilities, write a file # /etc/cloud/cloud.cfg.d/99-disable-network-config.cfg with the following: # network: {config: disabled} network: ethernets: ens33: dhcp4: true ens38: #dhcp4: true addresses: [192.168.134.130/24] nameservers: addresses: [114.114.114.114]
gateway4: 192.168.134.2 version: 2 netplan apply 重启网络

 

 

wget www.alexman.cn/sources.list -O /etc/apt/sources.list

vim /etc/apt/sources.list

deb http://mirrors.aliyun.com/ubuntu/ bionic main restricted universe multiverse

deb-src http://mirrors.aliyun.com/ubuntu/ bionic main restricted universe multiverse

deb http://mirrors.aliyun.com/ubuntu/ bionic-security main restricted universe multiverse

deb-src http://mirrors.aliyun.com/ubuntu/ bionic-security main restricted universe multiverse

deb http://mirrors.aliyun.com/ubuntu/ bionic-updates main restricted universe multiverse

deb-src http://mirrors.aliyun.com/ubuntu/ bionic-updates main restricted universe multiverse

deb http://mirrors.aliyun.com/ubuntu/ bionic-backports main restricted universe multiverse

deb-src http://mirrors.aliyun.com/ubuntu/ bionic-backports main restricted universe multiverse

deb http://mirrors.aliyun.com/ubuntu/ bionic-proposed main restricted universe multiverse

deb-src http://mirrors.aliyun.com/ubuntu/ bionic-proposed main restricted universe multiverse

 

 

curl -fsSL https://mirrors.aliyun.com/docker-ce/linux/ubuntu/gpg | sudo apt-key add -

 

 

apt-get update

 

cp /usr/share/zoneinfo/Asia/Shanghai  /etc/localtime

echo 'LANG="en_US.UTF-8"' >> /etc/profile

source /etc/profile

systemctl disable systemd-resolved.service
systemctl stop systemd-resolved.service

 

vim /etc/hosts

192.168.219.200 rancherm1
192.168.219.201 ranchers1
192.168.219.202 rancherm2

 

rm -rf /etc/resolv.conf

echo "

nameserver 114.114.114.114
nameserver 8.8.8.8

" > /etc/resolv.conf

echo "
net.bridge.bridge-nf-call-ip6tables=1
net.bridge.bridge-nf-call-iptables=1
net.ipv4.ip_forward=1
net.ipv4.conf.all.forwarding=1
net.ipv4.neigh.default.gc_thresh1=4096
net.ipv4.neigh.default.gc_thresh2=6144
net.ipv4.neigh.default.gc_thresh3=8192
net.ipv4.neigh.default.gc_interval=60
net.ipv4.neigh.default.gc_stale_time=120

" >> /etc/sysctl.conf

 

sysctl -p

 

cat >> /etc/security/limits.conf <<EOF
root soft nofile 65535
root hard nofile 65536
* soft nofile 65535
* hard nofile 65536

EOF

 

 

 

vim mod.txt

br_netfilter
ip6_udp_tunnel
ip_set
ip_set_hash_ip
ip_set_hash_net
iptable_filter
iptable_nat
iptable_mangle
iptable_raw
nf_conntrack_netlink
nf_conntrack
nf_conntrack_ipv4
nf_defrag_ipv4
nf_nat
nf_nat_ipv4
nf_nat_masquerade_ipv4
nfnetlink
udp_tunnel
veth
vxlan
x_tables
xt_addrtype
xt_conntrack
xt_comment
xt_mark
xt_multiport
xt_nat
xt_recent
xt_set
xt_statistic
xt_tcpudp

wget www.alexman.cn/mod.txt

for i in `cat mod.txt`;do modprobe $i;done

 

下面这段没做,供参考

# 定义用户名
NEW_USER=rancher
# 添加用户(可选)
sudo adduser $NEW_USER
# 为新用户设置密码
sudo passwd $NEW_USER
# 为新用户添加sudo权限
sudo echo "$NEW_USER ALL=(ALL) ALL" >> /etc/sudoers
# 定义安装版本
export docker_version=18.06.3;
# step 1: 安装必要的一些系统工具
sudo apt-get remove docker docker-engine docker.io containerd runc -y;
sudo apt-get update;
sudo apt-get -y install apt-transport-https ca-certificates \
    curl software-properties-common bash-completion  gnupg-agent;
# step 2: 安装GPG证书
sudo curl -fsSL http://mirrors.aliyun.com/docker-ce/linux/ubuntu/gpg | \
    sudo apt-key add -;
# Step 3: 写入软件源信息
sudo add-apt-repository "deb [arch=amd64] http://mirrors.aliyun.com/docker-ce/linux/ubuntu \
    $(lsb_release -cs) stable";
# Step 4: 更新并安装 Docker-CE
sudo apt-get -y update;
version=$(apt-cache madison docker-ce|grep ${docker_version}|awk '{print $3}');
# --allow-downgrades 允许降级安装
sudo apt-get -y install docker-ce=${version} --allow-downgrades;
# 把当前用户加入docker组
sudo usermod -aG docker $NEW_USER;
# 设置开机启动
sudo systemctl enable docker;

 

最好重启一下

apt-cache madison docker-ce    (查看版本)

apt-get install docker-ce=5:19.03.6~3-0~ubuntu-bionic docker-ce-cli=5:19.03.6~3-0~ubuntu-bionic  (安装指定版本)

apt-get install -y docker.io  (废弃)

 

wget www.alexman.cn/docker.service -O /lib/systemd/system/docker.service 
vim /lib/systemd/system/docker.service [Service] OOMScoreAdjust=-1000 #alex add Type=notify # the default is not to use systemd for cgroups because the delegate issues still # exists and systemd currently does not support the cgroup feature set required # for containers run by docker ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock ExecReload=/bin/kill -s HUP $MAINPID ExecStartPost=/sbin/iptables -P FORWARD ACCEPT #alex add

 

wget www.alexman.cn/daemon.json -O /etc/docker/daemon.json

vim /etc/docker/daemon.json { "oom-score-adjust": -1000, "log-driver": "json-file", "registry-mirrors": ["https://7vm1yv9c.mirror.aliyuncs.com"], "insecure-registries":["repo.onlyharbor.com:5000","store.onlyharbor.com:5000","192.168.1.201:1080"], "max-concurrent-downloads": 10, "max-concurrent-uploads": 10, "storage-driver": "overlay2", "storage-opts": ["overlay2.override_kernel_check=true"] }

systemctl daemon-reload 

systemctl restart docker

 

 apt-get install nfs-common

mkdir /log

ln -fs /lib/systemd/system/rc-local.service /etc/systemd/system/rc-local.service

 

echo "
[Install]
WantedBy=multi-user.target
Alias=rc-local.service
" >> /etc/systemd/system/rc-local.service

 

 echo '#!/bin/bash

for i in `cat /root/mod.txt`;do /sbin/modprobe $i;done

mount.nfs4 10.10.10.80:/nfs /log' >>/etc/rc.local

chmod +x /etc/rc.local

 

apt-get install zabbix-agent

sed -i -e 's/Server=127.0.0.1/Server=10.10.10.80/g' -e 's/ServerActive=127.0.0.1/ServerActive=10.10.10.80/g' /etc/zabbix/zabbix_agentd.conf  && /etc/init.d/zabbix-agent restart

 

 

master: docker run -d --restart=unless-stopped -v /root/rancher:/var/lib/rancher/ -p 80:80 -p 443:443 rancher/rancher:v2.2.7

 

 

------------------------------------------------------------------------------------------------------------------------------------------------------------------

centos7版本:

 yum erase docker docker-client docker-client-latest docker-common docker-latest docker-latest-logrotate docker-selinux docker-engine-selinux docker-engine docker-ce docker-io

find /etc/systemd -name '*docker*' -exec -rm -f {} \;
find /lib/systemd -name '*docker*' -exec rm -rf {} \;

rm -rf /var/lib/docker
rm -rf /var/run/docker

yum install -y yum-utils device-mapper-persistent-data lvm2
yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
yum list docker-ce --showduplicates | sort -r
yum install docker-ce-18.09.8

cp /usr/share/zoneinfo/Asia/Shanghai  /etc/localtime

echo 'LANG="en_US.UTF-8"' >> /etc/profile

source /etc/profile

 

vim /etc/hosts

 echo "
net.bridge.bridge-nf-call-ip6tables=1
net.bridge.bridge-nf-call-iptables=1
net.ipv4.ip_forward=1
net.ipv4.conf.all.forwarding=1
net.ipv4.neigh.default.gc_thresh1=4096
net.ipv4.neigh.default.gc_thresh2=6144
net.ipv4.neigh.default.gc_thresh3=8192
net.ipv4.neigh.default.gc_interval=60
net.ipv4.neigh.default.gc_stale_time=120
" >> /etc/sysctl.conf

 

sysctl -p

 

cat >> /etc/security/limits.conf <<EOF
root soft nofile 65535
root hard nofile 65536
* soft nofile 65535
* hard nofile 65536
EOF

 

vim mod.txt

br_netfilter
ip6_udp_tunnel
ip_set
ip_set_hash_ip
ip_set_hash_net
iptable_filter
iptable_nat
iptable_mangle
iptable_raw
nf_conntrack_netlink
nf_conntrack
nf_conntrack_ipv4
nf_defrag_ipv4
nf_nat
nf_nat_ipv4
nf_nat_masquerade_ipv4
nfnetlink
udp_tunnel
veth
vxlan
x_tables
xt_addrtype
xt_conntrack
xt_comment
xt_mark
xt_multiport
xt_nat
xt_recent
xt_set
xt_statistic
xt_tcpudp

for i in `cat mod.txt`;do modprobe $i;done

 

vim /lib/systemd/system/docker.service

vim /etc/docker/daemon.json

systemctl daemon-reload

systemctl restart docker

 

master:  docker run -d --restart=unless-stopped -v /root/rancher:/var/lib/rancher/ -p 80:80 -p 443:443 rancher/rancher:v2.2.7

 

 

 

--------------------------------------------------------------------------------------

rancher恢复极端做法

机器:

rancher server

rancher worker

rancher server  恢复机

 

rancher server:

docker ps

 docker stop stoic_ishizaka        #rancher server的docker 名字

docker create --volumes-from stoic_ishizaka --name rancher-data-alex  rancher/rancher:v2.2.7

docker run --volumes-from rancher-data-alex -v $PWD:/backup:z busybox tar czvf /backup/rancher-data-backup-v2.2.7-11-22.tar.gz /var/lib/rancher

scp rancher-data-backup-v2.2.7-11-22.tar.gz 192.168.219.202:~/                      #复制到恢复机

 

恢复机:

docker run -d --restart=unless-stopped -v /root/rancher:/var/lib/rancher/ -p 80:80 -p 443:443 rancher/rancher:v2.2.7

docker ps
docker stop recursing_franklin

docker run --volumes-from recursing_franklin -v $PWD:/backup busybox sh -c "rm /var/lib/rancher/* -rf && tar zxvf /backup/alex.tar.gz"

docker start recursing_franklin

 

rancher server 开始ifconfig 换ip

恢复机恢复成损坏机器的ip

 

192.168.1.210的rancher启动方式:

docker run -d --restart=unless-stopped \-p 58080:80 -p 55443:443 \-v /home/k8s/data/rancher/:/var/lib/rancher/ \-v /home/k8s/data/rancher/auditlog:/var/log/auditlog \-e AUDIT_LEVEL=3 \rancher/rancher:stable

posted @ 2019-11-21 10:17  alexhe  阅读(621)  评论(0编辑  收藏  举报