eri

localhost.crt-bak

vim /etc/netplan/50-cloud-init.yaml  写入网卡
root@master:~# cat /etc/netplan/50-cloud-init.yaml 
# This file is generated from information provided by
# the datasource.  Changes to it will not persist across an instance.
# To disable cloud-init's network configuration capabilities, write a file
# /etc/cloud/cloud.cfg.d/99-disable-network-config.cfg with the following:
# network: {config: disabled}
network:
    ethernets:
        ens33:
            dhcp4: true
        ens38:
                #dhcp4: true
            addresses: [192.168.134.130/24]
            nameservers:
                    addresses: [114.114.114.114]
            gateway4: 192.168.134.2
    version: 2

netplan apply  重启网络

wget www.alexman.cn/sources.list -O /etc/apt/sources.list

vim /etc/apt/sources.list

deb http://mirrors.aliyun.com/ubuntu/ bionic main restricted universe multiverse

deb-src http://mirrors.aliyun.com/ubuntu/ bionic main restricted universe multiverse

deb http://mirrors.aliyun.com/ubuntu/ bionic-security main restricted universe multiverse

deb-src http://mirrors.aliyun.com/ubuntu/ bionic-security main restricted universe multiverse

deb http://mirrors.aliyun.com/ubuntu/ bionic-updates main restricted universe multiverse

deb-src http://mirrors.aliyun.com/ubuntu/ bionic-updates main restricted universe multiverse

deb http://mirrors.aliyun.com/ubuntu/ bionic-backports main restricted universe multiverse

deb-src http://mirrors.aliyun.com/ubuntu/ bionic-backports main restricted universe multiverse

deb http://mirrors.aliyun.com/ubuntu/ bionic-proposed main restricted universe multiverse

deb-src http://mirrors.aliyun.com/ubuntu/ bionic-proposed main restricted universe multiverse

curl -fsSL https://mirrors.aliyun.com/docker-ce/linux/ubuntu/gpg | sudo apt-key add -

apt-get update

cp /usr/share/zoneinfo/Asia/Shanghai  /etc/localtime

echo 'LANG="en_US.UTF-8"' >> /etc/profile

source /etc/profile

systemctl disable systemd-resolved.service
systemctl stop systemd-resolved.service

vim /etc/hosts

192.168.219.200 rancherm1
192.168.219.201 ranchers1
192.168.219.202 rancherm2

rm -rf /etc/resolv.conf

echo "

nameserver 114.114.114.114
nameserver 8.8.8.8

" > /etc/resolv.conf

echo "
net.bridge.bridge-nf-call-ip6tables=1
net.bridge.bridge-nf-call-iptables=1
net.ipv4.ip_forward=1
net.ipv4.conf.all.forwarding=1
net.ipv4.neigh.default.gc_thresh1=4096
net.ipv4.neigh.default.gc_thresh2=6144
net.ipv4.neigh.default.gc_thresh3=8192
net.ipv4.neigh.default.gc_interval=60
net.ipv4.neigh.default.gc_stale_time=120

" >> /etc/sysctl.conf

sysctl -p

cat >> /etc/security/limits.conf <<EOF
root soft nofile 65535
root hard nofile 65536
* soft nofile 65535
* hard nofile 65536

EOF

vim mod.txt

br_netfilter
ip6_udp_tunnel
ip_set
ip_set_hash_ip
ip_set_hash_net
iptable_filter
iptable_nat
iptable_mangle
iptable_raw
nf_conntrack_netlink
nf_conntrack
nf_conntrack_ipv4
nf_defrag_ipv4
nf_nat
nf_nat_ipv4
nf_nat_masquerade_ipv4
nfnetlink
udp_tunnel
veth
vxlan
x_tables
xt_addrtype
xt_conntrack
xt_comment
xt_mark
xt_multiport
xt_nat
xt_recent
xt_set
xt_statistic
xt_tcpudp

wget www.alexman.cn/mod.txt

for i in `cat mod.txt`;do modprobe $i;done

下面这段没做，供参考

# 定义用户名
NEW_USER=rancher
# 添加用户(可选)
sudo adduser $NEW_USER
# 为新用户设置密码
sudo passwd $NEW_USER
# 为新用户添加sudo权限
sudo echo "$NEW_USER ALL=(ALL) ALL" >> /etc/sudoers
# 定义安装版本
export docker_version=18.06.3;
# step 1: 安装必要的一些系统工具
sudo apt-get remove docker docker-engine docker.io containerd runc -y;
sudo apt-get update;
sudo apt-get -y install apt-transport-https ca-certificates 
    curl software-properties-common bash-completion  gnupg-agent;
# step 2: 安装GPG证书
sudo curl -fsSL http://mirrors.aliyun.com/docker-ce/linux/ubuntu/gpg | 
    sudo apt-key add -;
# Step 3: 写入软件源信息
sudo add-apt-repository "deb [arch=amd64] http://mirrors.aliyun.com/docker-ce/linux/ubuntu 
    $(lsb_release -cs) stable";
# Step 4: 更新并安装 Docker-CE
sudo apt-get -y update;
version=$(apt-cache madison docker-ce|grep ${docker_version}|awk '{print $3}');
# --allow-downgrades 允许降级安装
sudo apt-get -y install docker-ce=${version} --allow-downgrades;
# 把当前用户加入docker组
sudo usermod -aG docker $NEW_USER;
# 设置开机启动
sudo systemctl enable docker;

最好重启一下

apt-cache madison docker-ce    （查看版本）

apt-get install docker-ce=5:19.03.6~3-0~ubuntu-bionic  （安装指定版本）

apt-get install -y docker.io  (废弃)

wget www.alexman.cn/docker.service -O /lib/systemd/system/docker.service 
vim /lib/systemd/system/docker.service

[Service]
OOMScoreAdjust=-1000             #alex add
Type=notify
# the default is not to use systemd for cgroups because the delegate issues still
# exists and systemd currently does not support the cgroup feature set required
# for containers run by docker
ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
ExecReload=/bin/kill -s HUP $MAINPID
ExecStartPost=/sbin/iptables -P FORWARD ACCEPT        #alex add

wget www.alexman.cn/daemon.json -O /etc/docker/daemon.json

vim /etc/docker/daemon.json

{
"oom-score-adjust": -1000,
"log-driver": "json-file",
"registry-mirrors": ["https://7vm1yv9c.mirror.aliyuncs.com"],
"insecure-registries":["repo.onlyharbor.com:5000","store.onlyharbor.com:5000","192.168.1.201:1080"],
"max-concurrent-downloads": 10,
"max-concurrent-uploads": 10,
"storage-driver": "overlay2",
"storage-opts": ["overlay2.override_kernel_check=true"]
}

systemctl daemon-reload 

systemctl restart docker

 apt-get install nfs-common

mkdir /log

ln -fs /lib/systemd/system/rc-local.service /etc/systemd/system/rc-local.service

echo "
[Install]
WantedBy=multi-user.target
Alias=rc-local.service
" >> /etc/systemd/system/rc-local.service

 echo '#!/bin/bash

for i in `cat /root/mod.txt`;do /sbin/modprobe $i;done

mount.nfs4 10.10.10.80:/nfs /log' >>/etc/rc.local

chmod +x /etc/rc.local

apt-get install zabbix-agent

sed -i -e 's/Server=127.0.0.1/Server=10.10.10.80/g' -e 's/ServerActive=127.0.0.1/ServerActive=10.10.10.80/g' /etc/zabbix/zabbix_agentd.conf  && /etc/init.d/zabbix-agent restart

master: docker run -d --restart=unless-stopped -v /root/rancher:/var/lib/rancher/ -p 80:80 -p 443:443 rancher/rancher:v2.2.7

------------------------------------------------------------------------------------------------------------------------------------------------------------------

centos7版本：

 yum erase docker docker-client docker-client-latest docker-common docker-latest docker-latest-logrotate docker-selinux docker-engine-selinux docker-engine docker-ce docker-io

find /etc/systemd -name '*docker*' -exec -rm -f {} ;
find /lib/systemd -name '*docker*' -exec rm -rf {} ;

rm -rf /var/lib/docker
rm -rf /var/run/docker

yum install -y yum-utils device-mapper-persistent-data lvm2
yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
yum list docker-ce --showduplicates | sort -r
yum install docker-ce-18.09.8

cp /usr/share/zoneinfo/Asia/Shanghai  /etc/localtime

echo 'LANG="en_US.UTF-8"' >> /etc/profile

source /etc/profile

vim /etc/hosts

 echo "
net.bridge.bridge-nf-call-ip6tables=1
net.bridge.bridge-nf-call-iptables=1
net.ipv4.ip_forward=1
net.ipv4.conf.all.forwarding=1
net.ipv4.neigh.default.gc_thresh1=4096
net.ipv4.neigh.default.gc_thresh2=6144
net.ipv4.neigh.default.gc_thresh3=8192
net.ipv4.neigh.default.gc_interval=60
net.ipv4.neigh.default.gc_stale_time=120
" >> /etc/sysctl.conf

sysctl -p

cat >> /etc/security/limits.conf <<EOF
root soft nofile 65535
root hard nofile 65536
* soft nofile 65535
* hard nofile 65536
EOF

vim mod.txt

br_netfilter
ip6_udp_tunnel
ip_set
ip_set_hash_ip
ip_set_hash_net
iptable_filter
iptable_nat
iptable_mangle
iptable_raw
nf_conntrack_netlink
nf_conntrack
nf_conntrack_ipv4
nf_defrag_ipv4
nf_nat
nf_nat_ipv4
nf_nat_masquerade_ipv4
nfnetlink
udp_tunnel
veth
vxlan
x_tables
xt_addrtype
xt_conntrack
xt_comment
xt_mark
xt_multiport
xt_nat
xt_recent
xt_set
xt_statistic
xt_tcpudp

for i in `cat mod.txt`;do modprobe $i;done

vim /lib/systemd/system/docker.service

vim /etc/docker/daemon.json

systemctl daemon-reload

systemctl restart docker

master:  docker run -d --restart=unless-stopped -v /root/rancher:/var/lib/rancher/ -p 80:80 -p 443:443 rancher/rancher:v2.2.7

--------------------------------------------------------------------------------------

rancher恢复极端做法

机器：

rancher server

rancher worker

rancher server  恢复机

rancher server：

docker ps

 docker stop stoic_ishizaka        #rancher server的docker 名字

docker create --volumes-from stoic_ishizaka --name rancher-data-alex  rancher/rancher:v2.2.7

docker run --volumes-from rancher-data-alex -v $PWD:/backup:z busybox tar czvf /backup/rancher-data-backup-v2.2.7-11-22.tar.gz /var/lib/rancher

scp rancher-data-backup-v2.2.7-11-22.tar.gz 192.168.219.202:~/                      #复制到恢复机

恢复机：

docker run -d --restart=unless-stopped -v /root/rancher:/var/lib/rancher/ -p 80:80 -p 443:443 rancher/rancher:v2.2.7

docker ps
docker stop recursing_franklin

docker run --volumes-from recursing_franklin -v $PWD:/backup busybox sh -c "rm /var/lib/rancher/* -rf && tar zxvf /backup/alex.tar.gz"

docker start recursing_franklin

rancher server 开始ifconfig 换ip

恢复机恢复成损坏机器的ip

192.168.1.210的rancher启动方式：

docker run -d --restart=unless-stopped -p 58080:80 -p 55443:443 -v /home/k8s/data/rancher/:/var/lib/rancher/ -v /home/k8s/data/rancher/auditlog:/var/log/auditlog -e AUDIT_LEVEL=3 ancher/rancher:stable