搜索到
211
篇与
cby
的结果
-
Ubuntu 通过 Netplan 配置网络教程 Ubuntu 通过 Netplan 配置网络教程Ubuntu through Netplan configuration network tutorial一、Netplan 配置流程1. Netplan configuration process1、Netplan默认配置文件在/etc/netplan目录下。您可以使用以下命令找到:1. The default configuration file of Netplan is in the /etc/netplan directory. You can find it with the following command:ls /etc/netplan/就可以看到配置文件名称。You can see the configuration file name.2、查看Netplan网络配置文件的内容,执行以下命令:2. View the contents of the Netplan network configuration file and execute the following command:cat /etc/netplan/*.yaml3、现在你需要在任何编辑器中打开配置文件: 由于我使用 vim 编辑器来编辑配置文件,所以我将运行:3. Now you need to open the configuration file in any editor: Since I use the vim editor to edit the configuration file, I will run:vim /etc/netplan/*.yaml根据您的网络需要更新配置文件。对于静态 IP 寻址,添加 IP 地址、网关、DNS 信息,而对于动态 IP 寻址,无需添加此信息,因为它将从 DHCP 服务器获取此信息。使用以下语法编辑配置文件。Update the configuration file according to your network needs. For static IP addressing, add IP address, gateway, DNS information, and for dynamic IP addressing, there is no need to add this information because it will get this information from the DHCP server. Use the following syntax to edit the configuration file.4、在应用任何更改之前,我们将测试配置文件。4. We will test the configuration file before applying any changes.sudo netplan try如果没有问题,它将返回配置接受消息。如果配置文件未通过测试,它将恢复为以前的工作配置。If there is no problem, it will return a configuration acceptance message. If the configuration file fails the test, it will revert to the previous working configuration.5、运行以下命令来应用新配置:5. Run the following command to apply the new configuration:sudo netplan apply6、成功应用所有配置后,通过运行以下命令重新启动 Network-Manager 服务:6. After successfully applying all the configurations, restart the Network-Manager service by running the following command:如果是桌面版:If it is the desktop version:sudo systemctl restart system-networkd如果您使用的是 Ubuntu 服务器,请改用以下命令:If you are using an Ubuntu server, use the following command instead:sudo systemctl restart network-manager7、验证 IP 地址7. Verify the IP addressip a二、Netplan 配置文件详解2. Detailed explanation of Netplan configuration file 1、使用 DHCP:1. Use DHCP:network: version: 2 renderer: networkd ethernets: enp3s0: dhcp4: true2、使用静态 IP:2. Use static IP:network: version: 2 renderer: networkd ethernets: enp3s0: addresses: - 10.0.0.10/8 gateway4: 10.0.0.1 nameservers: search: [mydomain, otherdomain] addresses: [10.0.0.5, 1.1.1.1]3、多个网口 DHCP:3. Multiple network ports DHCP:network: version: 2 ethernets: enred: dhcp4: yes dhcp4-overrides: route-metric: 100 engreen: dhcp4: yes dhcp4-overrides: route-metric: 2004、连接开放的 WiFi(无密码):4. Connect to open WiFi (without password):network: version: 2 wifis: wl0: access-points: opennetwork: {} dhcp4: yes5、连接 WPA 加密的 WiFi:5. Connect to WPA encrypted WiFi:network: version: 2 renderer: networkd wifis: wlp2s0b1: dhcp4: no dhcp6: no addresses: [10.0.0.10/8] gateway4: 10.0.0.1 nameservers: addresses: [10.0.0.5, 8.8.8.8] access-points: "network_ssid_name": password: "**********"6、在单网卡上使用多个 IP 地址(同一网段):6. Use multiple IP addresses on a single network card (same network segment):network: version: 2 renderer: networkd ethernets: enp3s0: addresses: - 10.0.0.10/8 - 10.0.0.10/8 gateway4: 10.0.0.17、在单网卡使用多个不同网段的 IP 地址:7. Use multiple IP addresses of different network segments on a single network card:network: version: 2 renderer: networkd ethernets: enp3s0: addresses: - 9.0.0.9/24 - 10.0.0.10/24 - 11.0.0.11/24 #gateway4: # unset, since we configure routes below routes: - to: 0.0.0.0/0 via: 9.0.0.1 metric: 100 - to: 0.0.0.0/0 via: 10.0.0.1 metric: 100 - to: 0.0.0.0/0 via: 11.0.0.1 metric: 100Linux运维交流社区Linux运维交流社区,互联网新闻以及技术交流。35篇原创内容公众号本文使用 文章同步助手 同步 -
kubernetes 安装 Prometheus + Grafana kubernetes 安装 Prometheus + Grafanakubernetes install Prometheus + Grafana官网Official websitehttps://prometheus.io/GitHubGitHubhttps://github.com/coreos/kube-prometheus组件说明Component descriptionMetricServer:是kubernetes集群资源使用情况的聚合器,收集数据给kubernetes集群内使用,如 kubectl,hpa,scheduler等。PrometheusOperator:是一个系统监测和警报工具箱,用来存储监控数据。NodeExporter:用于各node的关键度量指标状态数据。KubeStateMetrics:收集kubernetes集群内资源对象数 据,制定告警规则。Prometheus:采用pull方式收集apiserver,scheduler,controller-manager,kubelet组件数 据,通过http协议传输。Grafana:是可视化数据统计和监控平台。MetricServer: It is an aggregator of the resource usage of the kubernetes cluster, collecting data for use in the kubernetes cluster, such as kubectl, hpa, scheduler, etc.PrometheusOperator: is a system monitoring and alerting toolbox used to store monitoring data.NodeExporter: Used for the key metric status data of each node.KubeStateMetrics: Collect resource object data in the kubernetes cluster and formulate alarm rules.Prometheus: collect data from apiserver, scheduler, controller-manager, and kubelet components in a pull mode, and transmit it through the http protocol.Grafana: It is a platform for visual data statistics and monitoring.安装Install配置Google上网环境下的docker,docker会去外网进行下载部分镜像Configure docker in Google's Internet environment, docker will go to the external network to download part of the imagesudo mkdir -p /etc/systemd/system/docker.service.d sudo touch /etc/systemd/system/docker.service.d/proxy.conf[root@k8s-master-node1 ~]# cat /etc/systemd/system/docker.service.d/proxy.conf [Service] Environment="HTTP_PROXY=http://192.168.1.6:7890/" Environment="HTTPS_PROXY=http://192.168.1.6:7890/" Environment="NO_PROXY=localhost,127.0.0.1,.example.com"dockerd代理的修改比较特殊,它实际上是改systemd的配置,因此需要重载systemd并重启dockerd才能生效。The modification of the dockerd agent is quite special. It actually changes the configuration of systemd, so systemd needs to be reloaded and dockerd restarted to take effect.sudo systemctl daemon-reload sudo systemctl restart docker下载download[root@k8s-master-node1 ~]# git clone https://github.com/coreos/kube-prometheus.git Cloning into 'kube-prometheus'... remote: Enumerating objects: 13409, done. remote: Counting objects: 100% (1908/1908), done. remote: Compressing objects: 100% (801/801), done. remote: Total 13409 (delta 1184), reused 1526 (delta 947), pack-reused 11501 Receiving objects: 100% (13409/13409), 6.65 MiB | 5.21 MiB/s, done. Resolving deltas: 100% (8313/8313), done. [root@k8s-master-node1 ~]# [root@k8s-master-node1 ~]# cd kube-prometheus/manifests [root@k8s-master-node1 ~/kube-prometheus/manifests]# 修改 grafana-service.yaml 文件,使用 nodepode 方式访问 grafana:Modify the grafana-service.yaml file and use nodepode to access grafana:[root@k8s-master-node1 ~/kube-prometheus/manifests]# cat grafana-service.yaml apiVersion: v1 kind: Service metadata: labels: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus app.kubernetes.io/version: 8.1.3 name: grafana namespace: monitoring spec: type: NodePort ports: - name: http port: 3000 targetPort: http nodePort: 31100 selector: app.kubernetes.io/component: grafana app.kubernetes.io/name: grafana app.kubernetes.io/part-of: kube-prometheus修改 prometheus-service.yaml,改为 nodepode:Modify prometheus-service.yaml to nodepode:[root@k8s-master-node1 ~/kube-prometheus/manifests]# cat prometheus-service.yaml apiVersion: v1 kind: Service metadata: labels: app.kubernetes.io/component: prometheus app.kubernetes.io/name: prometheus app.kubernetes.io/part-of: kube-prometheus app.kubernetes.io/version: 2.30.0 prometheus: k8s name: prometheus-k8s namespace: monitoring spec: type: NodePort ports: - name: web port: 9090 targetPort: web nodePort: 31200 - name: reloader-web port: 8080 targetPort: reloader-web nodePort: 31300 selector: app: prometheus app.kubernetes.io/component: prometheus app.kubernetes.io/name: prometheus app.kubernetes.io/part-of: kube-prometheus prometheus: k8s sessionAffinity: ClientIP修改 alertmanager-service.yaml,改为 nodepodeModify alertmanager-service.yaml to nodepode[root@k8s-master-node1 ~/kube-prometheus/manifests]# cat alertmanager-service.yaml apiVersion: v1 kind: Service metadata: labels: alertmanager: main app.kubernetes.io/component: alert-router app.kubernetes.io/name: alertmanager app.kubernetes.io/part-of: kube-prometheus app.kubernetes.io/version: 0.23.0 name: alertmanager-main namespace: monitoring spec: type: NodePort ports: - name: web port: 9093 targetPort: web nodePort: 31400 - name: reloader-web port: 8080 targetPort: reloader-web nodePort: 31500 selector: alertmanager: main app: alertmanager app.kubernetes.io/component: alert-router app.kubernetes.io/name: alertmanager app.kubernetes.io/part-of: kube-prometheus sessionAffinity: ClientIP [root@k8s-master-node1 ~/kube-prometheus/manifests]# 创建名称空间和CRDCreate namespace and CRD[root@k8s-master-node1 ~/kube-prometheus]# kubectl create -f /root/kube-prometheus/manifests/setup namespace/monitoring created customresourcedefinition.apiextensions.k8s.io/alertmanagerconfigs.monitoring.coreos.com created customresourcedefinition.apiextensions.k8s.io/alertmanagers.monitoring.coreos.com created customresourcedefinition.apiextensions.k8s.io/podmonitors.monitoring.coreos.com created customresourcedefinition.apiextensions.k8s.io/probes.monitoring.coreos.com created customresourcedefinition.apiextensions.k8s.io/prometheuses.monitoring.coreos.com created customresourcedefinition.apiextensions.k8s.io/prometheusrules.monitoring.coreos.com created customresourcedefinition.apiextensions.k8s.io/servicemonitors.monitoring.coreos.com created customresourcedefinition.apiextensions.k8s.io/thanosrulers.monitoring.coreos.com created clusterrole.rbac.authorization.k8s.io/prometheus-operator created clusterrolebinding.rbac.authorization.k8s.io/prometheus-operator created deployment.apps/prometheus-operator created service/prometheus-operator created serviceaccount/prometheus-operator created等待资源可用后,安装After waiting for resources to be available, install[root@k8s-master-node1 ~/kube-prometheus]# [root@k8s-master-node1 ~/kube-prometheus]# [root@k8s-master-node1 ~/kube-prometheus]# kubectl create -f /root/kube-prometheus/manifests/ ---略--- [root@k8s-master-node1 ~/kube-prometheus]# 访问 PrometheusVisit Prometheushttp://192.168.1.10:31200/targets访问 GrafanaVisit Grafanahttp://192.168.1.10:31100/访问报警平台 AlertManagerVisit the alert platform AlertManagerhttp://192.168.1.10:31400/#/statusLinux运维交流社区Linux运维交流社区,互联网新闻以及技术交流。36篇原创内容公众号本文使用 文章同步助手 同步
-
最新版 Harbor 在ubuntu系统上安装 最新版 Harbor 在ubuntu系统上安装The latest version of Harbor is installed on the ubuntu system安装docker Install dockerroot@hello:~# curl -fsSL https://get.docker.com | bash -s docker --mirror Aliyun root@hello:~#配置Docker ComposeConfigure Docker Composeroot@hello:~# sudo curl -L "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 633 100 633 0 0 2444 0 --:--:-- --:--:-- --:--:-- 2444 100 12.1M 100 12.1M 0 0 10.2M 0 0:00:01 0:00:01 --:--:-- 26.2M root@hello:~# sudo chmod +x /usr/local/bin/docker-compose root@hello:~# sudo ln -s /usr/local/bin/docker-compose /usr/bin/docker-compose root@hello:~# docker-compose --version docker-compose version 1.29.2, build 5becea4c root@hello:~#下载Docker Harbor安装包Download the Docker Harbor installation packageroot@hello:~# wget https://github.com/goharbor/harbor/releases/download/v2.3.2/harbor-offline-installer-v2.3.2.tgz root@hello:~#解压安装包Unzip the installation packageroot@hello:~# tar xvf harbor-offline-installer-v2.3.2.tgz -C /usr/local/ harbor/harbor.v2.3.2.tar.gz harbor/prepare harbor/LICENSE harbor/install.sh harbor/common.sh harbor/harbor.yml.tmpl root@hello:~# cd /usr/local/harbor/配置证书Configure Certificateroot@hello:/usr/local/harbor# mkdir ca root@hello:/usr/local/harbor# cd ca/ root@hello:/usr/local/harbor/ca# pwd /usr/local/harbor/ca root@hello:/usr/local/harbor/ca# openssl genrsa -des3 -out server.key 2048 Generating RSA private key, 2048 bit long modulus (2 primes) ......................................+++++ ...................................................................................................................................................+++++ e is 65537 (0x010001) Enter pass phrase for server.key: Verifying - Enter pass phrase for server.key: root@hello:/usr/local/harbor/ca# root@hello:/usr/local/harbor/ca# root@hello:/usr/local/harbor/ca# openssl req -new -key server.key -out server.csr Enter pass phrase for server.key: You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]: State or Province Name (full name) [Some-State]: Locality Name (eg, city) []: Organization Name (eg, company) [Internet Widgits Pty Ltd]: Organizational Unit Name (eg, section) []: Common Name (e.g. server FQDN or YOUR name) []: Email Address []: Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []: root@hello:/usr/local/harbor/ca# root@hello:/usr/local/harbor/ca# cp server.key server.key.org root@hello:/usr/local/harbor/ca# openssl rsa -in server.key.org -out server.key Enter pass phrase for server.key.org: writing RSA key root@hello:/usr/local/harbor/ca# openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt Signature ok subject=C = AU, ST = Some-State, O = Internet Widgits Pty Ltd Getting Private key root@hello:/usr/local/harbor/ca#修改配置文件,修改 hostname 和证书路径 即可 Modify the configuration file, modify the hostname and certification pathroot@hello:/usr/local/harbor# cp harbor.yml.tmpl harbor.yml root@hello:/usr/local/harbor# root@hello:/usr/local/harbor# vim harbor.yml root@hello:/usr/local/harbor# cat harbor.yml # Configuration file of Harbor hostname: harbor.chenby.cn # http related config http: # port for http, default is 80. If https enabled, this port will redirect to https port port: 80 # https related config https: # https port for harbor, default is 443 port: 443 # The path of cert and key files for nginx certificate: /usr/local/harbor/ca/server.crt private_key: /usr/local/harbor/ca/server.key harbor_admin_password: Harbor12345 ----略---- root@hello:/usr/local/harbor#安装Installroot@hello:/usr/local/harbor# ./install.sh [Step 0]: checking if docker is installed ... Note: docker version: 20.10.8 [Step 1]: checking docker-compose is installed ... Note: docker-compose version: 1.29.2 [Step 2]: loading Harbor images ... Loaded image: goharbor/redis-photon:v2.3.2 Loaded image: goharbor/nginx-photon:v2.3.2 Loaded image: goharbor/harbor-portal:v2.3.2 Loaded image: goharbor/trivy-adapter-photon:v2.3.2 Loaded image: goharbor/chartmuseum-photon:v2.3.2 Loaded image: goharbor/notary-signer-photon:v2.3.2 Loaded image: goharbor/harbor-core:v2.3.2 Loaded image: goharbor/harbor-log:v2.3.2 Loaded image: goharbor/harbor-registryctl:v2.3.2 Loaded image: goharbor/harbor-exporter:v2.3.2 Loaded image: goharbor/notary-server-photon:v2.3.2 Loaded image: goharbor/prepare:v2.3.2 Loaded image: goharbor/harbor-db:v2.3.2 Loaded image: goharbor/harbor-jobservice:v2.3.2 Loaded image: goharbor/registry-photon:v2.3.2 [Step 3]: preparing environment ... [Step 4]: preparing harbor configs ... prepare base dir is set to /usr/local/harbor Clearing the configuration file: /config/portal/nginx.conf Clearing the configuration file: /config/log/rsyslog_docker.conf Clearing the configuration file: /config/log/logrotate.conf Generated configuration file: /config/portal/nginx.conf Generated configuration file: /config/log/logrotate.conf Generated configuration file: /config/log/rsyslog_docker.conf Generated configuration file: /config/nginx/nginx.conf Generated configuration file: /config/core/env Generated configuration file: /config/core/app.conf Generated configuration file: /config/registry/config.yml Generated configuration file: /config/registryctl/env Generated configuration file: /config/registryctl/config.yml Generated configuration file: /config/db/env Generated configuration file: /config/jobservice/env Generated configuration file: /config/jobservice/config.yml Generated and saved secret to file: /data/secret/keys/secretkey Successfully called func: create_root_cert Generated configuration file: /compose_location/docker-compose.yml Clean up the input dir [Step 5]: starting Harbor ... Creating network "harbor_harbor" with the default driver Creating harbor-log ... done Creating harbor-portal ... done Creating harbor-db ... done Creating registryctl ... done Creating redis ... done Creating registry ... done Creating harbor-core ... done Creating harbor-jobservice ... done Creating nginx ... done ? ----Harbor has been installed and started successfully.---- root@hello:/usr/local/harbor#配置dns解析,或者在本地host中配置,具体配置略Configure dns resolution, or configure in the local host, the specific configuration is omitted登陆Sign in默认账号:admin默认密码:Harbor12345Default account: adminDefault password: Harbor12345客户端使用Client useroot@hello:~# vim /etc/docker/daemon.json root@hello:~# root@hello:~# cat /etc/docker/daemon.json { "insecure-registries": ["https://harbor.chenby.cn"] } root@hello:~# root@hello:~# systemctl daemon-reload root@hello:~# root@hello:~# root@hello:~# sudo systemctl restart docker root@hello:~# docker login https://harbor.chenby.cn/ Username: admin Password: WARNING! Your password will be stored unencrypted in /root/.docker/config.json. Configure a credential helper to remove this warning. See https://docs.docker.com/engine/reference/commandline/login/#credentials-store Login Succeeded root@hello:~#Linux运维交流社区Linux运维交流社区,互联网新闻以及技术交流。38篇原创内容公众号本文使用 文章同步助手 同步
-
HaProxy 安装搭建配置 HaProxy简介 HAProxy是一个免费的负载均衡软件,可以运行于大部分主流的Linux操作系统上。 HAProxy提供了L4(TCP)和L7(HTTP)两种负载均衡能力,具备丰富的功能。HAProxy的社区非常活跃,版本更新快速。最关键的是,HAProxy具备媲美商用负载均衡器的性能和稳定性。HaProxy的核心功能 负载均衡:L4和L7两种模式,支持RR/静态RR/LC/IP Hash/URI Hash/URL_PARAM Hash/HTTP_HEADER Hash等丰富的负载均衡算法 健康检查:支持TCP和HTTP两种健康检查模式 会话保持:对于未实现会话共享的应用集群,可通过Insert Cookie/Rewrite Cookie/Prefix Cookie,以及上述的多种Hash方式实现会话保持 SSL:HAProxy可以解析HTTPS协议,并能够将请求解密为HTTP后向后端传输 HTTP请求重写与重定向 监控与统计:HAProxy提供了基于Web的统计信息页面,展现健康状态和流量数据。基于此功能,使用者可以开发监控程序来监控HAProxy的状态HaProxy的关键特性 性能 1 . 采用单线程、事件驱动、非阻塞模型,减少上下文切换的消耗,能在1ms内处理数百个请求。并且每个会话只占用数KB的内存。 2 . 大量精细的性能优化,如O(1)复杂度的事件检查器、延迟更新技术、Single-buffereing、Zero-copy forwarding等等,这些技术使得HAProxy在中等负载下只占用极低的CPU资源。 3 . HAProxy大量利用操作系统本身的功能特性,使得其在处理请求时能发挥极高的性能,通常情况下,HAProxy自身只占用15%的处理时间,剩余的85%都是在系统内核层完成的。 4 . HAProxy作者在8年前(2009)年使用1.4版本进行了一次测试,单个HAProxy进程的处理能力突破了10万请求/秒,并轻松占满了10Gbps的网络带宽。稳定性 在上文中提到过,HAProxy的大部分工作都是在操作系统内核完成的,所以HAProxy的稳定性主要依赖于操作系统,作者建议使用2.6或3.x的Linux内核,对sysctls参数进行精细的优化,并且确保主机有足够的内存。这样HAProxy就能够持续满负载稳定运行数年之久。设置主机名root@hello:~# hostnamectl set-hostname haproxy root@hello:~# root@hello:~# root@hello:~# bash root@haproxy:~#安装 haproxyroot@haproxy:~# apt-get install haproxy root@haproxy:~# cp /etc/haproxy/haproxy.cfg{,.ori} root@haproxy:~# root@haproxy:~# vim /etc/haproxy/haproxy.cfg root@haproxy:~# 配置文件如下root@haproxy:~# cat /etc/haproxy/haproxy.cfg cat /etc/haproxy/haproxy.cfg global log /dev/log local0 log /dev/log local1 notice chroot /var/lib/haproxy stats socket /run/haproxy/admin.sock mode 660 level admin expose-fd listeners stats timeout 30s user haproxy group haproxy daemon ca-base /etc/ssl/certs crt-base /etc/ssl/private ssl-default-bind-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384 ssl-default-bind-ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256 ssl-default-bind-options no-sslv3 no-tlsv10 no-tlsv11 no-tls-tickets defaults log global mode http option httplog option dontlognull timeout connect 5000 timeout client 50000 timeout server 50000 errorfile 400 /etc/haproxy/errors/400.http errorfile 403 /etc/haproxy/errors/403.http errorfile 408 /etc/haproxy/errors/408.http errorfile 500 /etc/haproxy/errors/500.http errorfile 502 /etc/haproxy/errors/502.http errorfile 503 /etc/haproxy/errors/503.http errorfile 504 /etc/haproxy/errors/504.http frontend LOADBALANCER-01 bind 0.0.0.0:80 mode http default_backend WEBSERVERS-01 backend WEBSERVERS-01 balance roundrobin server node1 192.168.1.10:9200 check inter 2000 rise 3 fall 3 weight 1 maxconn 2000 server node2 192.168.1.11:9200 check inter 2000 rise 3 fall 3 weight 1 maxconn 2000 server node3 192.168.1.12:9200 check inter 2000 rise 3 fall 3 weight 1 maxconn 2000 server node4 192.168.1.13:9200 check inter 2000 rise 3 fall 3 weight 1 maxconn 2000 server node5 192.168.1.14:9200 check inter 2000 rise 3 fall 3 weight 1 maxconn 2000 server node6 192.168.1.15:9200 check inter 2000 rise 3 fall 3 weight 1 maxconn 2000 server node7 192.168.1.16:9200 check inter 2000 rise 3 fall 3 weight 1 maxconn 2000 backup option httpchk启动服务root@haproxy:~# root@haproxy:~# systemctl start haproxy root@haproxy:~#设置开机自启root@haproxy:~# root@haproxy:~# systemctl enable haproxy Synchronizing state of haproxy.service with SysV service script with /lib/systemd/systemd-sysv-install. Executing: /lib/systemd/systemd-sysv-install enable haproxy root@haproxy:~#Linux运维交流社区Linux运维交流社区,互联网新闻以及技术交流。40篇原创内容公众号本文使用 文章同步助手 同步
-
KVM WEB管理工具 WebVirtMgr 一、webvirtmgr介绍及环境说明温馨提示:安装KVM是需要2台都操作的,因为我们是打算将2台都设置为宿主机所有都需要安装KVM相关组件github地址https://github.com/retspen/webvirtmgrWebVirtMgr是一个基于libvirt的Web界面,用于管理虚拟机。它允许您创建和配置新域,并调整域的资源分配。VNC查看器为来宾域提供完整的图形控制台。KVM是目前唯一支持的虚拟机管理程序。查看服务器版本号[root@webc ~]# cat /etc/redhat-release CentOS Linux release 7.9.2009 (Core)内核版本[root@webc ~]# uname -r 3.10.0-1160.42.2.el7.x86_64关闭Selinux & 防火墙[root@webc ~]# systemctl stop firewalld [root@webc ~]# systemctl disable firewalld [root@webc ~]# setenforce 0 setenforce: SELinux is disabled [root@webc ~]# sed -i '/SELINUX/s/enforcing/disabled/' /etc/selinux/config更新软件包并安装epel扩展源[root@webc ~]# yum update [root@webc ~]# yum install epel*查看python版本[root@webc ~]# python -V Python 2.7.5 [root@webc ~]#查看KVM 驱动是否加载[root@webc ~]# lsmod | grep kvm kvm_intel 188740 0 kvm 637515 1 kvm_intel irqbypass 13503 1 kvm [root@webc ~]# [root@webc ~]# [root@webc ~]# modprobe -a kvm [root@webc ~]# modprobe -a kvm_intel [root@webc ~]#免密配置[root@webc ~]# ssh-keygen [root@webc ~]# ssh-copy-id -i .ssh/id_rsa.pub root@192.168.1.104二、安装KVM安装KVM依赖包及管理工具kvm属于内核态,不需要安装。但是需要一些管理工具包[root@webc ~]# yum install qemu-img qemu-kvm qemu-kvm-tools virt-manager virt-viewer virt-v2v virt-top libvirt libvirt-Python libvirt-client python-virtinst bridge-utils tunctl [root@webc ~]# yum install -y virt-install [root@webc ~]# [root@webc ~]# systemctl start libvirtd.service [root@webc ~]# systemctl enable libvirtd.service [root@webc ~]# [root@webc ~]# cd cby/kvm/ [root@webc kvm]# [root@webc kvm]# [root@webc kvm]# git clone https://github.com/palli/python-virtinst.git [root@webc kvm]# cd python-virtinst/ [root@webc python-virtinst]# python setup.py install [root@webc python-virtinst]# virt-install [root@webc python-virtinst]# yum install bridge-utils [root@webc python-virtinst]# [root@webc python-virtinst]# vim /etc/sysconfig/network-scripts/ifcfg-br0 [root@webc python-virtinst]# [root@webc python-virtinst]# [root@webc python-virtinst]# [root@webc python-virtinst]# [root@webc python-virtinst]# [root@webc python-virtinst]# cat /etc/sysconfig/network-scripts/ifcfg-br0 DEVICE=br0 TYPE=Bridge ONBOOT=yes NM_CONTROLLED=yes BOOTPROTO=static IPADDR=192.168.1.49 NETMASK=255.225.255.0 GATEWAY=192.168.1.1 DNS1=192.168.1.1 [root@webc python-virtinst]# brctl show bridge name bridge id STP enabled interfaces br-0d093958d245 8000.0242d5824d14 no br-2e2d3c481379 8000.0242884030e2 no br-36a6ad3375a8 8000.0242d7d7f1ef no br-66a9675a6dd5 8000.024248a61c72 no br-b7daf4844ff7 8000.024263dd4715 no br-deba197eb09e 8000.0242b290e104 no br0 8000.000000000000 no docker0 8000.0242858c017c no vethe14f7ac docker_gwbridge 8000.0242588c6db0 no virbr0 8000.5254009ba65a yes virbr0-nic [root@webc python-virtinst]# ln -s /usr/libexec/qemu-kvm /usr/sbin/ 三、WebVirtMgr 安装安装pip、git及supervisor && NginxWebVirtMgr只在管理端安装[root@webc ~]# yum -y install git python-pip libvirt-python libxml2-python python-websockify supervisor gcc python-devel 使用pip安装Python扩展程序库[root@webc ~]# pip install numpy git克隆配置并运行WebVirMgr[root@webc ~]# cd cby/ [root@webc cby]# mkdir kvm [root@webc cby]# cd kvm [root@webc kvm]# pwd /root/cby/kvm [root@webc kvm]# [root@webc kvm]# git clone git://github.com/retspen/webvirtmgr.git 正克隆到 'webvirtmgr'... remote: Enumerating objects: 5614, done. remote: Total 5614 (delta 0), reused 0 (delta 0), pack-reused 5614 接收对象中: 100% (5614/5614), 2.97 MiB | 748.00 KiB/s, done. 处理 delta 中: 100% (3606/3606), done. [root@webc kvm]# [root@webc kvm]# [root@webc kvm]# cd webvirtmgr [root@webc webvirtmgr]# pip install -r requirements.txt#初始化环境 [root@webc webvirtmgr]# ./manage.py syncdb #配置Django 静态页面 [root@webc webvirtmgr]# ./manage.py collectstatic启动WebVirMgr前台启动WebVirMgr,默认是Debug模式同时日志打印在前台 用户名和密码是我们刚刚创建的下载Nginx[root@webc webvirtmgr]# cd .. [root@webc kvm]# ls webvirtmgr [root@webc kvm]# [root@webc kvm]# mkdir nginx [root@webc kvm]# cd nginx [root@webc nginx]# wget https://nginx.org/download/nginx-1.20.1.tar.gz [root@webc nginx]# tar xf nginx-1.20.1.tar.gz [root@webc nginx]# cd nginx-1.20.1/ [root@webc nginx-1.20.1]#修改nginx配置文件[root@webc conf]# vim nginx.conf [root@webc conf]# [root@webc conf]# cat nginx.conf user root; worker_processes 1; events { worker_connections 1024; } http { include mime.types; default_type application/octet-stream; sendfile on; keepalive_timeout 65; server { listen 90; server_name 192.168.1.104; #charset koi8-r; #access_log logs/host.access.log main; location / { #root html; #index index.html index.htm; proxy_pass http://127.0.0.1:8000; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-for $proxy_add_x_forwarded_for; proxy_set_header Host $host:$server_port; proxy_set_header X-Forwarded-Proto $remote_addr; proxy_connect_timeout 600; proxy_read_timeout 600; proxy_send_timeout 600; client_max_body_size 5120M; } location /static/ { root /root/cby/kvm/webvirtmgr; expires max; } error_page 500 502 503 504 /50x.html; location = /50x.html { root html; } } } [root@webc conf]#安装Nginx[root@webc nginx-1.20.1]# yum install -y gcc glibc gcc-c++ prce-devel openssl-devel pcre-devel [root@webc nginx-1.20.1]# useradd -s /sbin/nologin nginx -M [root@webc nginx-1.20.1]# ./configure --prefix=/root/cby/kvm/nginx/ --user=nginx --group=nginx --with-http_ssl_module --with-http_stub_status_module [root@webc nginx-1.20.1]# make && make install启动Nginx[root@webc nginx-1.20.1]# cd /root/cby/kvm/nginx/sbin/ [root@webc sbin]# /root/cby/kvm/nginx/sbin/nginx -t nginx: the configuration file /root/cby/kvm/nginx//conf/nginx.conf syntax is ok nginx: configuration file /root/cby/kvm/nginx//conf/nginx.conf test is successful [root@webc sbin]# /root/cby/kvm/nginx/sbin/nginx使用systemctl启停服务[root@webc sbin]# cat > /etc/supervisord.d/webvirtmgr.ini << EOF [program:webvirtmgr] command=/usr/bin/python /root/cby/kvm/webvirtmgr/manage.py run_gunicorn -c /root/cby/kvm/webvirtmgr/conf/gunicorn.conf.py directory=/root/cby/kvm/webvirtmgr autostart=true autorestart=true logfile=/var/log/supervisor/webvirtmgr.log log_stderr=true user=root [program:webvirtmgr-console] command=/usr/bin/python /root/cby/kvm/webvirtmgr/console/webvirtmgr-console directory=/root/cby/kvm/webvirtmgr autostart=true autorestart=true stdout_logfile=/var/log/supervisor/webvirtmgr-console.log redirect_stderr=true user=root EOF启动supervisor[root@webc webvirtmgr]# systemctl daemon-reload [root@webc webvirtmgr]# systemctl stop supervisord [root@webc webvirtmgr]# systemctl start supervisord查看是否启动成功[root@webc webvirtmgr]# supervisorctl status webvirtmgr RUNNING pid 23783, uptime 0:00:11 webvirtmgr-console RUNNING pid 23782, uptime 0:00:11 [root@webc webvirtmgr]#四、Web界面配置webvirtmgr4.1 添加主机设置存储1.Add Connection 添加宿主机(即KVM主机)2.点击SSH连接3.Label 为主机名,必须为主机名做免密4.IP 为宿主机IP5.用户名为服务器用户名6.点击添加Linux运维交流社区Linux运维交流社区,互联网新闻以及技术交流。43篇原创内容公众号本文使用 文章同步助手 同步