一、d2 安装之后的配置
centos系统安装后的基本配置: 1.常用软件安装: yum install -y bash-completion vim lrzsz wget expect net-tools nc nmap tree dos2unix htop iftop iotop unzip telnet sl psmisc nethogs glances bc 2.主机名和网络 hostnamectl set-hostname python3 echo "10.0.0.100 python3">>/etc/hosts 3.关闭防火墙 iptables -L iptables -F systemctl disable firewalld [root@python3 ~]# getenforce Enforcing [root@python3 ~]# setenforce 0 [root@python3 ~]# getenforce [root@python3 ~]# vim /etc/selinux/config Linux命令 命令的基本构成 命令体 选项 参数(对象) ls -l /var 参数:文件 文件类型: d :目录 f :普通文件 l :链接 b :块设备,磁盘 光驱 c :字符设备 p :管道 s :套接字 命令提示符: [root@oldboy ~]# [oldguo@oldboy ~]$ 常用快捷键(bash shell支持的快捷键) ctrl + c cancel 取消当前的操作 ctrl + l (小写字母L) clear(命令) ctrl + d 退出当前用户 ctrl + r查找(历史命令)。 history|grep [TAB]: 1.命令补全 2.参数补全 了解一下: ctrl + a 把光标移动到行首 ctrl + e 把光标移动到行尾 ctrl+ u 把光标到行首的内容删除/剪切 ctrl + y 粘贴 delete 光标所在处从前往后删除内容 ctrl + k 把光标到行尾的内容删除/剪切 ctrl + → 向右移动一个单词 ctrl + ← 向左移动一个单词 ctrl + s 锁屏 ctrl + q 解锁 获取帮助 --help man info 关机重启 reboot poweroff ============================ linux命令分类 1.针对不同文件的管理命令 1.1 目录 FHS 文件系统层次化标准 绝对路径:从"/"开始一个具体路径 相对路径:从当前目录开始的具体路径(pwd可以查看当前所在目录) /3层/oldboy/教室3 /3层/oldboy/教室2 1.1.1 创建目录: mkdir /oldboy mkdir -p /a/b/c 1.1.2 查询目录 ls -ld /oldboy tree /a tree -L 2 / 1.1.3 删除目录(危险) rm -rf /oldboy 通过文件句柄,有可能可以找回丢失数据(前提:不能重启,不能有大量数据写入) 1.1.4 修改目录(剪切,复制) mv /root/oldboy/ /tmp mv /root/oldguo/ /tmp/oldguo.bak mv oldboy old cp -r /tmp/old / cp -a 1.1.5 切换目录 cd / cd /oldboy cd oldboy cd .. cd - cd 小技巧: [root@python3 tmp]# mkdir a{1..10} [root@python3 tmp]# mkdir dir{a..f} [root@python3 tmp]# ls -ld dir* [root@python3 tmp]# rm -rf dir* 1.2 普通文件 1.2.0 种类 ASCII TEXT:纯文本文件(操作最多的) LSB Exe:二进制的可执行文件(命令,程序) 压缩文件:zip tar gz bz2 cpio iso 二进制数据文件: 等. 1.2.1 文件创建 touch a.txt 1.2.2 文件删除 rm -rf a.txt 1.2.3 文件查看 ls -l a.txt 看文件属性 (1)小文件内容查看 cat /etc/passwd cat /etc/passwd /etc/shadow cat -n /etc/passwd (2)分页显示大文件内容 more /var/log/secure less /var/log/secure (3)文件前多少行 head /etc/passwd head -n3 /etc/passwd head -3 /etc/passwd (4)文件后多少行 tail -2 /etc/passwd tail -f /var/log/secure 1.2.4 剪切 复制 mv 命令和目录的操作一样 cp 命令和目录的区别不需要加-r (加上也不报错) 1.2.5 内容修改 重定向 > 覆盖重定向 cat /etc/passwd >a.txt >> 追加重定向 cat /etc/passwd >>a.txt echo "10.0.0.100 python3" >>/etc/hosts vim 编辑器 命令模式:初始模式 vim passwd 功能: 1.查看文件内容 上下左右光标移动 page up page down翻页 G 光标到达最后一行 1G 光标到达第一行(gg) 10G 第10行 ^ 光标到达行首 $ 光标到达行尾 / 搜索关键字 yy 复制光标所在行 Nyy 复制N行 dd 删除/剪切 Ndd 删除/剪切N行 p 粘贴 x(del) 删除光标所在字符 dG 删除光标到文本末尾 d$ 从光标删除到行尾,包括贯标所在字符 d^ 从光标删除到行首,不包括光标所在字符 r 替换光标所在字符 ZZ 保存退出 u 撤销上次操作 编辑模式: a :在光标之后录入数据 i :在光标之前录入数据 o :在光标下一行开启新行录入数据 A I O ESC 小技巧:每编辑完一行就ESC,退回到命令模式 末行模式 :q! :wq! :set nu :set nonu :%s/root/ROOT/g 链接(快捷方式) ln -s passwd passwd.lnk ls ls -l ls -ld ls -al ls -ltr 2. 磁盘 和 文件系统 2.1 企业级磁盘类型 SAS 容量 :900G 主机版 存储版 转速:15K 品牌:IBM HDS EMC 缓存: 接口速度:16Gb SSD: Sata3 PCI-E Flash盘 2.2 文件系统 方便用户使用和管理磁盘硬件的,辅助系统(Filesystem) Linux文件系统类型: ext2 ext3 ext4 XFS 2.3 文件系统管理 [root@python3 ~]# ls -l /dev/sd* brw-rw---- 1 root disk 8, 0 Jan 3 15:28 /dev/sda brw-rw---- 1 root disk 8, 1 Jan 3 15:28 /dev/sda1 brw-rw---- 1 root disk 8, 2 Jan 3 15:28 /dev/sda2 brw-rw---- 1 root disk 8, 16 Jan 3 15:28 /dev/sdb [root@python3 ~]# fdisk -l 2.3.1 分区 fdisk /dev/sdb m n p w 2.3.2 格式化成文件系统(XFS) mkfs.xfs /dev/sdb1 2.3.3 挂载设备 mkdir /data mount /dev/sdb1 /data 2.3.4 查看挂载的磁盘使用情况 df -h 2.3.5 自动挂载文件系统 vim /etc/fstab /dev/sdb1 /data xfs defaults 0 0 使用UUID更加安全 UUID=9fb2ec36-6a60-4394-9bfa-369261844d56 /data xfs defaults 0 0 Raid 功能特性: 1.将多块磁盘合并成一块磁盘,提供更大的存储空间 2.可以提供更高的IO能力 3.数据物理层面的高安全 Raid的工作级别 : raid0:条带化功能,性能极高,安全性和单盘一样 至少两块盘,理论上盘越多性能越高 raid1:镜像功能,性能没有明显提升,安全性高. 浪费一半空间 raid10:镜像+条带化 ,至少四快盘,性能和安全兼顾 浪费一般空间 raid5:带有校验功能的条带化 存储数据时,根据数据计算校验值,存储到第三块盘. 写入性能较低 读数据性能较高 至少三快盘,只允许一块盘损坏,浪费1/n的磁盘空间 适合于读多写少的场景 3.用户,组,权限 3.1 用户的作用 登录系统 管理系统对象 3.2 用户的定义 用户名(uid),密码,家目录(/home/oldboy),家目录下会有环境变量文件等. 每个用户都必须有一个工作组,创建时没指定,自动创建一个同名的组 3.3 组 组名字,GID 3.4 用户和组的管理 组的管理: groupadd -g 1001 dev groupadd -g 1002 sa groupadd -g 1003 dba tail -3 /etc/group dev:x:1001: sa:x:1002: dba:x:1003: groupdel dba groupmod -g 10086 dev 用户的管理: useradd -u 10011 -g dev oldguo id oldguo passwd oldguo su - oldboy userdel -r oldboy usermod -u 3000 oldguo 权限: 权限是作用在文件上的属性. 普通权限的规划: r 4 w 2 x 1 rw- r-- r-- root root passwd 目录 文件 r ls cat more ,vim w 目录下的修改 vim > x 目录下所有操作都依赖于x 可执行程序 rwxr-xr-x chmod -R 755 /data chwon -R oldguo:dev /data chmod -R 755 /data chown -R oldguo:dev /data 4.程序管理 ps -ef|grep mysql kill 1234 kill -9 1234 pkill mysqld yum install -y httpd [root@python3 ~]# systemctl start httpd [root@python3 ~]# systemctl restart httpd [root@python3 ~]# systemctl stop httpd [root@python3 ~]# systemctl restart httpd 5.网络管理 ip a ifconfig ping vim /etc/sysconfig/network-scripts/ifcfg-eth0 systemctl restart network
二、d3 环境搭建
经典互联网架构 昨天补充: 查看已启动服务的端口 netstat -tulnp |grep 80 ss -tulnp|grep 80 前期铺垫: 1. Linux要能上网 2. 掌握Linux软件包安装方法 2.1 rpm包管理 2.1.1 光盘挂载 mount /dev/cdrom /mnt cd /mnt ls 2.1.2 安装rpm包 rpm -ivh vsftpd-3.0.2-22.el7.x86_64.rpm rpm -Uvh vsftpd-3.0.2-22.el7.x86_64.rpm 2.13 卸载rpm rpm -e vsftpd-3.0.2-22.el7.x86_64 2.1.4 rpm包的查询 [root@python3 ~]# rpm -q vsftpd vsftpd-3.0.2-22.el7.x86_64 [root@python3 ~]# rpm -q vsftp package vsftp is not installed [root@python3 ~]# [root@python3 ~]# rpm -qa |grep vsf [root@python3 ~]# which vim /usr/bin/vim [root@python3 ~]# rpm -qf /usr/bin/vim **2.1.5 额外补充 A ----> B ---> C A BC B DF F AC rpm -ivh a b c d e f 2.2 yum 使用 2.2.1 使用aliyun yum站点源 Base源 cd /etc/yum.repos.d/ mv *.repo /tmp wget http://mirrors.aliyun.com/repo/Centos-7.repo EPEL源 yum install -y epel-release 2.2.2 使用yum安装软件 yum install -y openssl openssl-devel 2.2.3 软件包查询及组安装 yum list |grep vsftpd yum grouplist yum groupinstall "Development Tools" 2.2.4 卸载软件包 yum remove 2.2.5 优化yum源 (1)本地镜像yum源(光盘挂载到/mnt下) [local] name=localios baseurl=file:///mnt gpgcheck=0 yum clean all yum install -y vsftpd (2)局域网yum源(ftp) 1.安装ftp软件 yum install -y vsftpd 2.启动ftp服务 [root@python3 ~]# systemctl start vsftpd [root@python3 ~]# systemctl enable vsftpd 3.创建站点目录,并将光盘软件拷贝其中 [root@python3 ~]# cp -a /mnt/* /var/ftp/pub/centos7 4.生成ftp站点的yum源配置文件 [ftp] name=centos7 baseurl=ftp://10.0.0.100/pub/centos7 gpgcheck=0 5.安装软件测试 yum install openssl-devel bzip2-devel expat-devel gdbm-devel readline-devel sqlite-devel gcc gcc-c++ openssl-devel zlib zlib-devel -y 2.3 源码包应用 2.3.1 解压 .zip unzip xxx.zip .tar .tar.gz .tgz .tar.bz2 .tar.xz tar xf xxx.tar .iso mount -o loop xxx.iso /test .cpio cpio -idcmv < xxx.cpio 2.3.2 源码包安装 确认已经安装 yum install gcc* yum install -y openssl* (1)python3.6源码包安装 ./configure ------> 定制功能 make make install mysql 源码包 cmake make make install (2) redis 源码包安装 make 修改环境变量 vim /etc/profile 添加以下一行: export PATH=/opt/redis-3.2.10/src:$PATH 生效配置 source /etc/profile (3) 让python链接redis unzip redis-py-master.zip cd redis-py-master python3 setup.py install 对redis的单实例进行连接操作 python3 >>>import redis >>>r = redis.StrictRedis(host='localhost', port=6379) >>>r.set('name', 'oldguo') True >>>r.get('name') 'oldguo' 3. 二进制包(mysql5.7.20) 3.1 解压及制作软连接 tar xf mysql-5.7.20-linux-glibc2.12-x86_64.tar.gz ln -s mysql-5.7.20-linux-glibc2.12-x86_64 mysql 3.2 编辑环境变量 vim /etc/profile 添加以下一行: export PATH=/opt/mysql/bin:$PATH 生效配置: source /etc/profile 3.3 卸载自带mariadb yum remove mariadb-libs 3.4 生成配置文件(/etc/my.cnf) vim /etc/my.cnf [mysqld] basedir=/opt/mysql datadir=/opt/mysql/data socket=/tmp/mysql.sock user=mysql log_error=/var/log/mysql.log log_bin=/opt/mysql/data/mysql-bin server_id=100 [mysql] socket=/tmp/mysql.sock 3.5 创建用户和数据目录,并授权 useradd mysql mkdir /opt/mysql/data chown -R mysql.mysql /opt/mysql 3.6 初始化数据 [root@python3 ~]# mysqld --initialize-insecure --basedir=/opt/mysql --datadir=/opt/mysql/data --user=mysql 2019-01-04T03:58:03.128958Z 0 [Warning] TIMESTAMP with implicit DEFAULT value is deprecated. Please use --explicit_defaults_for_timestamp server option (see documentation for more details). 2019-01-04T03:58:03.142436Z 0 [ERROR] Could not open file '/var/log/mysql.log' for error logging: Permission denied 2019-01-04T03:58:03.142492Z 0 [ERROR] Aborting 报错解决: touch /var/log/mysql.log chown -R mysql.mysql /var/log/mysql.log 再次初始化: mysqld --initialize-insecure --basedir=/opt/mysql --datadir=/opt/mysql/data --user=mysql 3.7 启动mysql cd /opt/mysql/support-files ./mysql.server start cp mysql.server /etc/init.d/mysqld /etc/init.d/mysqld restart 扩展:使用systemctl 管理mysql vim /etc/systemd/system/mysqld.service [Unit] Description=MySQL Server Documentation=man:mysqld(8) Documentation=http://dev.mysql.com/doc/refman/en/using-systemd.html After=network.target After=syslog.target [Install] WantedBy=multi-user.target [Service] User=mysql Group=mysql ExecStart=/opt/mysql/bin/mysqld --defaults-file=/etc/my.cnf LimitNOFILE = 5000 systemctl restart mysqld netstat -tulnp |grep 3306 3.8 测试python3链接mysql 创建mysql链接用户 grant all on *.* to root@'10.0.0.%' identified by '123'; create database bbs charset utf8; python代码测试: pip3 install --upgrade pip pip3 install pymysql vim testmysql.py #!/usr/bin/python3 import pymysql db = pymysql.connect("10.0.0.100","root","123","bbs" ) cursor = db.cursor() cursor.execute("SELECT VERSION()") data = cursor.fetchone() print ("Database version : %s " % data) db.close() python3 testmysql.py 4.经典互联网架构项目(LNMP) LNMPT = Linux Nginx MySQL PHP LNMPJ = Linux Nginx MySQL PHP LNMP架构环境部署 1) 使用官方Nginx yum源 [root@nginx ~]# vim /etc/yum.repos.d/nginx.repo [nginx] name=nginx repo baseurl=http://nginx.org/packages/centos/7/$basearch/ gpgcheck=0 enabled=1 #安装Nginx [root@nginx ~]# yum install nginx -y 2) 启动Nginx,并将Nginx加入开机自启 systemctl start nginx systemctl enable nginx 3) 使用第三方扩展源安装php7.1 rpm -Uvh https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm rpm -Uvh https://mirror.webtatic.com/yum/el7/webtatic-release.rpm [root@nginx ~]# yum remove php-mysql-5.4 php php-fpm php-common [root@nginx ~]# vim /etc/yum.repos.d/php.repo [php] name = php Repository baseurl = http://us-east.repo.webtatic.com/yum/el7/x86_64/ gpgcheck = 0 [root@nginx ~]# yum -y install php71w php71w-cli php71w-common php71w-devel php71w-embedded php71w-gd php71w-mcrypt php71w-mbstring php71w-pdo php71w-xml php71w-fpm php71w-mysqlnd php71w-opcache php71w-pecl-memcached php71w-pecl-redis php71w-pecl-mongodb 3) 配置php-fpm用户与Nginx的运行用户保持一致 [root@nginx ~]# sed -i '/^user/c user = www' /etc/php-fpm.d/www.conf [root@nginx ~]# sed -i '/^group/c group = www' /etc/php-fpm.d/www.conf 4) 启动php-fpm,并将其加入开机自启 [root@nginx ~]# systemctl start php-fpm [root@nginx ~]# systemctl enable php-fpm 5) 安装mysql数据库 [root@nginx ~]# mysqladmin password '123' [root@nginx ~]# mysql -uroot -p123 2.LNMP架构环境配置 vim /etc/nginx/conf.d/php.conf server { server_name 10.0.0.12; listen 80; root /code/wordpress; index index.php index.html; location ~ .php$ { root /code/bbs; fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; include fastcgi_params; } } LNMuWSGI+redis
django.txt
django项目: 依赖包 [root@web01 ~]# yum install openssl-devel bzip2-devel expat-devel gdbm-devel readline-devel sqlite-devel gcc gcc-c++ openssl-devel zlib zlib-devel -y 1.安装python3 [root@web01 ~]# wget https://www.python.org/ftp/python/3.7.2/Python-3.7.2.tgz [root@web01 ~]# tar xf Python-3.6.2.tgz [root@web01 ~]# cd Python-3.6.2/ [root@web01 Python-3.6.2]# ./configure --prefix=/usr/local/ [root@web01 Python-3.6.2]# make && make install [root@web01 Python-3.6.2]# ./configure && make && make install 2.安装Django框架和uwsgi vim re.txt asn1crypto==0.24.0 beautifulsoup4==4.6.3 bs4==0.0.1 certifi==2018.4.16 cffi==1.11.5 chardet==3.0.4 Click==7.0 cryptography==2.3.1 Django==1.11.9 Flask==1.0.2 Flask-Cors==3.0.6 gevent==1.3.6 greenlet==0.4.15 idna==2.7 ItsDangerous==1.1.0 Jinja2==2.10 lxml==4.2.6 MarkupSafe==1.0 numpy==1.15.3 Pillow==5.3.0 pycparser==2.18 PyMySQL==0.9.2 pytz==2018.7 requests==2.19.1 selenium==3.141.0 six==1.11.0 urllib3==1.23 virtualenv==16.1.0 Werkzeug==0.14.1 wordcloud==1.5.0 pip3 install -i https://pypi.doubanio.com/simple/ -r re.txt pip3 install -i https://pypi.doubanio.com/simple/ uwsgi 3.测试uwsgi是否正常,新建 test.py文件,内容如下: [root@web01 ~]# vim test.py def application(env, start_response): start_response('200 OK', [('Content-Type','text/html')]) return [b"Hello Django"] #然后在终端运行: uwsgi --http :8001 --wsgi-file test.py & 4.测试django是否正常,运行: [root@web01 ~]# django-admin.py startproject demosite [root@web01 ~]# cd demosite [root@web01 demosite]# python3 manage.py runserver 0.0.0.0:8002 在浏览器内输入:http://127.0.0.1:8002,检查django是否运行正常。 5.配置uwsgi [root@web01 demosite]# vim /root/demosite/uwsgi.ini [uwsgi] socket = 127.0.0.1:9999 master = true workers = 2 max-requests = 1000 buffer-size = 30000 pidfile = /run/uwsgi.pid daemonize = /var/log/uwsgi.log uwsgi --ini /root/demosite/uwsgi.ini & 6.配置Nginx [root@web01 demosite]# vim /etc/nginx/conf.d/py.conf server { listen 80; server_name 10.0.0.100; client_max_body_size 100M; location / { index index.html; include uwsgi_params; uwsgi_pass 127.0.0.1:9999; uwsgi_param UWSGI_SCRIPT demosite.wsgi; uwsgi_param UWSGI_CHDIR /root/demosite; } } 重启nginx
django项目.txt
[root@web01 BBS]# cat /etc/nginx/conf.d/py.conf server { listen 80; server_name py.test.com; client_max_body_size 100M; location /static { alias /code/BBS/static/; } location /media { alias /code/BBS/media; } location / { index index.html; include uwsgi_params; uwsgi_pass 127.0.0.1:9090; #uwsgi_param UWSGI_SCRIPT demosite.wsgi; #uwsgi_param UWSGI_CHDIR /root/demosite; uwsgi_param UWSGI_SCRIPT BBS.wsgi; uwsgi_param UWSGI_CHDIR /code/BBS; } vim re.txt asn1crypto==0.24.0 beautifulsoup4==4.6.3 bs4==0.0.1 certifi==2018.4.16 cffi==1.11.5 chardet==3.0.4 Click==7.0 cryptography==2.3.1 Django==1.11.9 Flask==1.0.2 Flask-Cors==3.0.6 gevent==1.3.6 greenlet==0.4.15 idna==2.7 ItsDangerous==1.1.0 Jinja2==2.10 lxml==4.2.6 MarkupSafe==1.0 numpy==1.15.3 Pillow==5.3.0 pycparser==2.18 PyMySQL==0.9.2 pytz==2018.7 requests==2.19.1 selenium==3.141.0 six==1.11.0 urllib3==1.23 virtualenv==16.1.0 Werkzeug==0.14.1 wordcloud==1.5.0 pip3 install -i https://pypi.doubanio.com/simple/ -r re.txt [root@web01 BBS]# cat uwsgi.ini [uwsgi] socket = 127.0.0.1:9090 master = true workers = 2 reload-mercy = 10 vacuum = true max-requests = 1000 limit-as = 512 buffer-size = 30000 uwsgi - - ini uwsgi.ini
lnmp.txt
LNMP架构环境部署 1) 使用官方仓库安装Nginx [root@nginx ~]# vim etc/yum.repos.d/nginx.repo [nginx] name=nginx repo baseurl=http://nginx.org/packages/centos/7/$basearch/ gpgcheck=0 enabled=1 #安装Nginx [root@nginx ~]# yum install nginx -y 2) 启动Nginx,并将Nginx加入开机自启 [root@nginx ~]# systemctl start nginx [root@nginx ~]# systemctl enable nginx 3) 使用第三方扩展源安装php7.1 rpm -Uvh https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm rpm -Uvh https://mirror.webtatic.com/yum/el7/webtatic-release.rpm [root@nginx ~]# yum remove php-mysql-5.4 php php-fpm php-common [root@nginx ~]# /etc/yum.repos.d/php.repo [php] name = php Repository baseurl = http://us-east.repo.webtatic.com/yum/el7/x86_64/ gpgcheck = 0 [root@nginx ~]# yum -y install php71w php71w-cli php71w-common php71w-devel php71w-embedded php71w-gd php71w-mcrypt php71w-mbstring php71w-pdo php71w-xml php71w-fpm php71w-mysqlnd php71w-opcache php71w-pecl-memcached php71w-pecl-redis php71w-pecl-mongodb 3) 配置php-fpm用户与Nginx的运行用户保持一致 [root@nginx ~]# sed -i '/^user/c user = www' /etc/php-fpm.d/www.conf [root@nginx ~]# sed -i '/^group/c group = www' /etc/php-fpm.d/www.conf 4) 启动php-fpm,并将其加入开机自启 [root@nginx ~]# systemctl start php-fpm [root@nginx ~]# systemctl enable php-fpm 5) 安装mysql数据库 [root@nginx ~]# mysqladmin password '123' [root@nginx ~]# mysql -uroot -p123 2.LNMP架构环境配置 vim /etc/nginx/conf.d/php.conf server { server_name 10.0.0.12; listen 80; root /code/wordpress; index index.php index.html; location ~ .php$ { root /code/bbs; fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; include fastcgi_params; } } yum -y groupinstall "Development tools" yum install openssl-devel bzip2-devel expat-devel gdbm-devel readline-devel sqlite-devel pip3 install django pip3 install uwsgi cat test.py def application(env, start_response): start_response('200 OK', [('Content-Type','text/html')]) return [b"Hello Django"] uwsgi --http :8888 --wsgi-file test.py [root@web01 code]# cat /code/BBS/uwsgi.ini [uwsgi] socket = 127.0.0.1:9090 #chdir = /code/BBS/BBS workers = 2 max-requests = 1000 buffer-size = 30000 pidfile = /run/uwsgi.pid daemonize = /var/log/uwsgi.log [root@web01 code]# cat /etc/nginx/conf.d/py.conf server { listen 80; server_name py.test.com; index index.html; client_max_body_size 100M; location / { include uwsgi_params; uwsgi_pass 127.0.0.1:9090; uwsgi_param UWSGI_SCRIPT BBS.wsgi; uwsgi_param UWSGI_CHDIR /code/BBS; } } django-admin.py startproject mysite python3 manage.py startapp blog vim /code/mysite/mysite/settings.py 在INSTALLED_APPS 列表里添加'blog'APP 修改ALLOWED_HOSTS,['*'],可以让任何IP访问 TEMPLATES里添加模板路径os.path.join(BASE_DIR, 'templates') 尾部添加 STATICFILES_DIRS = ( os.path.join(BASE_DIR,'static'), ) vim /code/mysite/templates/index.html
三。d4测试django并且使用ansible
LNM+Python Django+uwsgi+redis项目 0.安装项目中需要的包 pip3 install -i https://pypi.doubanio.com/simple/ -r re.txt vim re.txt asn1crypto==0.24.0 beautifulsoup4==4.6.3 bs4==0.0.1 certifi==2018.4.16 cffi==1.11.5 chardet==3.0.4 Click==7.0 cryptography==2.3.1 Django==1.11.9 Flask==1.0.2 Flask-Cors==3.0.6 gevent==1.3.6 greenlet==0.4.15 idna==2.7 ItsDangerous==1.1.0 Jinja2==2.10 lxml==4.2.6 MarkupSafe==1.0 numpy==1.15.3 Pillow==5.3.0 pycparser==2.18 PyMySQL==0.9.2 pytz==2018.7 requests==2.19.1 selenium==3.141.0 six==1.11.0 urllib3==1.23 virtualenv==16.1.0 Werkzeug==0.14.1 wordcloud==1.5.0 1.数据库的处理 1.1 上传bbs.sql 1.2 在mysql中创建bbs库,并导入数据库SQL脚本 mysql> create database bbs charset utf8mb4; mysql> use bbs mysql> source /opt/bbs.sql mysql> drop database bbs; 1.3 查看项目settings.py配置文件,修改以下两处 ALLOWED_HOSTS = ['*'] DATABASES = { 'default': { 'ENGINE': 'django.db.backends.mysql', 'NAME': 'bbs', 'HOST': "10.0.0.100", 'USER': 'root', 'PASSWORD': '123', 'PORT': 3306, } MySQL用户的定义 USERNAME@'白名单' 白名单: 主机域IP地址 root@'localhost' root@'10.0.0.110' root@'10.0.0.%' root@'10.0.0.0/255.255.240.0' root@'10.0.0.5%' root@'%' grant all grant select,update,insert DATABASES = { 'default': { 'ENGINE': 'django.db.backends.mysql', 'NAME': 'bbs', 'HOST': "10.0.0.100", 'USER': 'bbs', 'PASSWORD': '123', 'PORT': 3306, } } 2. BBS项目部署 2.1 配置Nginx [root@web01 BBS]# vim /etc/nginx/conf.d/py.conf server { listen 80; server_name 10.0.0.100; client_max_body_size 100M; location /static { alias /opt/BBS/static/; } location /media { alias /opt/BBS/media; } location / { index index.html; include uwsgi_params; uwsgi_pass 127.0.0.1:9090; uwsgi_param UWSGI_SCRIPT BBS.wsgi; uwsgi_param UWSGI_CHDIR /opt/BBS; } } 2.2 配置uwsgi 关闭所有已有的uwsgi进程 kill -9 `ps -ef |grep uwsgi|awk {'print $2'}` [root@web01 BBS]# vim uwsgi.ini [uwsgi] socket = 127.0.0.1:9090 master = true workers = 2 reload-mercy = 10 vacuum = true max-requests = 1000 limit-as = 512 buffer-size = 30000 启动uwsgi uwsgi --ini uwsgi.ini & 重启nginx systemctl restart nginx ================== Python 在运维工作中的经典应用 ansible 1.安装ansible wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo yum install ansible -y 克隆虚拟机 hostnamectl set-hostname standby vim /etc/sysconfig/network-scripts/ifcfg-eth0 IPADDR=10.0.0.200 UUID行删掉 vim /etc/hosts 10.0.0.200 standby systemctl restart network +++++++++++++++++++++++++++++++ Linux的 SSHD(22) 验证方式: (1)用户+密码(PAM) (2)秘钥验证(公钥:钥匙和私钥:锁) 通过秘钥对实现,需要将公钥分发到各节点 +++++++++++++++++++++++++++++++ 2.管理被控端,管理机先生成秘钥,然后推送公钥 ssh-keygen ssh-copy-id -i ~/.ssh/id_rsa.pub root@10.0.0.200 [root@demo ~]# for i in {1..12};do ssh-copy-id -i ~/.ssh/id_rsa.pub root@10.0.0.$i;done 3.配置被管理的主机清单 [root@demo ~]# vim /etc/ansible/hosts [web] 10.0.0.100 10.0.0.200 4.使用ansible的ad-hoc测试 [root@demo ~]# ansible all -m ping 10.0.0.12 | SUCCESS => { "changed": false, "ping": "pong" } 10.0.0.11 | SUCCESS => { "changed": false, "ping": "pong" } #执行远程命令 [root@demo ~]# ansible all -m shell -a "df -h" 10.0.0.12 | CHANGED | rc=0 >> Filesystem Size Used Avail Use% Mounted on /dev/sda3 98G 3.4G 95G 4% / devtmpfs 477M 0 477M 0% /dev tmpfs 488M 0 488M 0% /dev/shm tmpfs 488M 7.7M 480M 2% /run tmpfs 488M 0 488M 0% /sys/fs/cgroup /dev/sda1 197M 102M 96M 52% /boot tmpfs 98M 0 98M 0% /run/user/0 10.0.0.11 | CHANGED | rc=0 >> Filesystem Size Used Avail Use% Mounted on /dev/sda3 98G 1.6G 97G 2% / devtmpfs 981M 0 981M 0% /dev tmpfs 992M 124K 992M 1% /dev/shm tmpfs 992M 9.6M 982M 1% /run tmpfs 992M 0 992M 0% /sys/fs/cgroup /dev/sda1 197M 102M 96M 52% /boot tmpfs 199M 0 199M 0% /run/user/0 5.ansible playbook自动化安装nginx [root@demo ~]# vim playbook_nginx.yml - hosts: web remote_user: root vars: http_port: 80 tasks: - name: Add Nginx Yum Repository yum_repository: name: nginx description: Nginx Repository baseurl: http://nginx.org/packages/centos/7/$basearch/ gpgcheck: no - name: Install Nginx Server yum: name=nginx state=present - name: Configure Nginx Server template: src=./default.conf.template dest=/etc/nginx/conf.d/default.conf notify: Restart Nginx Server - name: Start Nginx Server service: name=nginx state=started enabled=yes handlers: - name: Restart Nginx Server service: name=nginx state=restarted 6. default.conf.template文件如下 [root@demo ~]#vim default.conf.template server { listen {{ http_port }}; server_name localhost; location / { root /usr/share/nginx/html; index index.html index.htm; } } 7.执行ansible-playbook 检查语法 [root@demo ~]# ansible-playbook --syntax playbook_nginx.yml 模拟执行 [root@demo ~]# ansible-playbook -C playbook_nginx.yml 执行 [root@demo ~]# ansible-playbook playbook_nginx.yml ============================================================= Docker容器技术 0、环境准备类: curl http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo -o /etc/yum.repos.d/docker-ce.repo wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo yum install -y yum-utils device-mapper-persistent-data lvm2 yum list docker-ce.x86_64 --showduplicates | sort -r yum install -y --setopt=obsoletes=0 docker-ce-17.03.2.ce-1.el7.centos.x86_64 docker-ce-selinux-17.03.2.ce-1.el7.centos.noarch systemctl daemon-reload systemctl restart docker docker version docker info 配置镜像加速 阿里云Docker-hub https://cr.console.aliyun.com/cn-hangzhou/mirrors mkdir -p /etc/docker tee /etc/docker/daemon.json <<-'EOF' { "registry-mirrors": ["https://68rmyzg7.mirror.aliyuncs.com"] } EOF 或者: vim /etc/docker/daemon.json { "registry-mirrors": ["https://68rmyzg7.mirror.aliyuncs.com"] } 1. pull常用镜像 docker pull centos:6.9 docker pull centos:7.5.1804 docker pull nginx CPU MEM IO OS : Kernel
ansible.txt
LNM+Python Django+uwsgi+redis项目 0.安装项目中需要的包 pip3 install -i https://pypi.doubanio.com/simple/ -r re.txt vim re.txt asn1crypto==0.24.0 beautifulsoup4==4.6.3 bs4==0.0.1 certifi==2018.4.16 cffi==1.11.5 chardet==3.0.4 Click==7.0 cryptography==2.3.1 Django==1.11.9 Flask==1.0.2 Flask-Cors==3.0.6 gevent==1.3.6 greenlet==0.4.15 idna==2.7 ItsDangerous==1.1.0 Jinja2==2.10 lxml==4.2.6 MarkupSafe==1.0 numpy==1.15.3 Pillow==5.3.0 pycparser==2.18 PyMySQL==0.9.2 pytz==2018.7 requests==2.19.1 selenium==3.141.0 six==1.11.0 urllib3==1.23 virtualenv==16.1.0 Werkzeug==0.14.1 wordcloud==1.5.0 1.数据库的处理 1.1 上传bbs.sql 1.2 在mysql中创建bbs库,并导入数据库SQL脚本 mysql> create database bbs charset utf8mb4; mysql> use bbs mysql> source /opt/bbs.sql mysql> drop database bbs; 1.3 查看项目settings.py配置文件,修改以下两处 ALLOWED_HOSTS = ['*'] DATABASES = { 'default': { 'ENGINE': 'django.db.backends.mysql', 'NAME': 'bbs', 'HOST': "10.0.0.100", 'USER': 'root', 'PASSWORD': '123', 'PORT': 3306, } MySQL用户的定义 USERNAME@'白名单' 白名单: 主机域IP地址 root@'localhost' root@'10.0.0.110' root@'10.0.0.%' root@'10.0.0.0/255.255.240.0' root@'10.0.0.5%' root@'%' grant all grant select,update,insert DATABASES = { 'default': { 'ENGINE': 'django.db.backends.mysql', 'NAME': 'bbs', 'HOST': "10.0.0.100", 'USER': 'bbs', 'PASSWORD': '123', 'PORT': 3306, } } 2. BBS项目部署 2.1 配置Nginx [root@web01 BBS]# vim /etc/nginx/conf.d/py.conf server { listen 80; server_name 10.0.0.100; client_max_body_size 100M; location /static { alias /opt/BBS/static/; } location /media { alias /opt/BBS/media; } location / { index index.html; include uwsgi_params; uwsgi_pass 127.0.0.1:9090; uwsgi_param UWSGI_SCRIPT BBS.wsgi; uwsgi_param UWSGI_CHDIR /opt/BBS; } } 2.2 配置uwsgi 关闭所有已有的uwsgi进程 kill -9 `ps -ef |grep uwsgi|awk {'print $2'}` [root@web01 BBS]# vim uwsgi.ini [uwsgi] socket = 127.0.0.1:9090 master = true workers = 2 reload-mercy = 10 vacuum = true max-requests = 1000 limit-as = 512 buffer-size = 30000 启动uwsgi uwsgi --ini uwsgi.ini & 重启nginx systemctl restart nginx ================== Python 在运维工作中的经典应用 ansible 1.安装ansible wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo yum install ansible -y 克隆虚拟机 hostnamectl set-hostname standby vim /etc/sysconfig/network-scripts/ifcfg-eth0 IPADDR=10.0.0.200 UUID行删掉 vim /etc/hosts 10.0.0.200 standby systemctl restart network +++++++++++++++++++++++++++++++ Linux的 SSHD(22) 验证方式: (1)用户+密码(PAM) (2)秘钥验证(公钥:钥匙和私钥:锁) 通过秘钥对实现,需要将公钥分发到各节点 +++++++++++++++++++++++++++++++ 2.管理被控端,管理机先生成秘钥,然后推送公钥 ssh-keygen ssh-copy-id -i ~/.ssh/id_rsa.pub root@10.0.0.200 [root@demo ~]# for i in {1..12};do ssh-copy-id -i ~/.ssh/id_rsa.pub root@10.0.0.$i;done 3.配置被管理的主机清单 [root@demo ~]# vim /etc/ansible/hosts [web] 10.0.0.100 10.0.0.200 4.使用ansible的ad-hoc测试 [root@demo ~]# ansible all -m ping 10.0.0.12 | SUCCESS => { "changed": false, "ping": "pong" } 10.0.0.11 | SUCCESS => { "changed": false, "ping": "pong" } #执行远程命令 [root@demo ~]# ansible all -m shell -a "df -h" 10.0.0.12 | CHANGED | rc=0 >> Filesystem Size Used Avail Use% Mounted on /dev/sda3 98G 3.4G 95G 4% / devtmpfs 477M 0 477M 0% /dev tmpfs 488M 0 488M 0% /dev/shm tmpfs 488M 7.7M 480M 2% /run tmpfs 488M 0 488M 0% /sys/fs/cgroup /dev/sda1 197M 102M 96M 52% /boot tmpfs 98M 0 98M 0% /run/user/0 10.0.0.11 | CHANGED | rc=0 >> Filesystem Size Used Avail Use% Mounted on /dev/sda3 98G 1.6G 97G 2% / devtmpfs 981M 0 981M 0% /dev tmpfs 992M 124K 992M 1% /dev/shm tmpfs 992M 9.6M 982M 1% /run tmpfs 992M 0 992M 0% /sys/fs/cgroup /dev/sda1 197M 102M 96M 52% /boot tmpfs 199M 0 199M 0% /run/user/0 5.ansible playbook自动化安装nginx [root@demo ~]# vim playbook_nginx.yml - hosts: web remote_user: root vars: http_port: 80 tasks: - name: Add Nginx Yum Repository yum_repository: name: nginx description: Nginx Repository baseurl: http://nginx.org/packages/centos/7/$basearch/ gpgcheck: no - name: Install Nginx Server yum: name=nginx state=present - name: Configure Nginx Server template: src=./default.conf.template dest=/etc/nginx/conf.d/default.conf notify: Restart Nginx Server - name: Start Nginx Server service: name=nginx state=started enabled=yes handlers: - name: Restart Nginx Server service: name=nginx state=restarted 6. default.conf.template文件如下 [root@demo ~]#vim default.conf.template server { listen {{ http_port }}; server_name localhost; location / { root /usr/share/nginx/html; index index.html index.htm; } } 7.执行ansible-playbook 检查语法 [root@demo ~]# ansible-playbook --syntax playbook_nginx.yml 模拟执行 [root@demo ~]# ansible-playbook -C playbook_nginx.yml 执行 [root@demo ~]# ansible-playbook playbook_nginx.yml ============================================================= Docker容器技术 0、环境准备类: curl http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo -o /etc/yum.repos.d/docker-ce.repo wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo yum install -y yum-utils device-mapper-persistent-data lvm2 yum list docker-ce.x86_64 --showduplicates | sort -r yum install -y --setopt=obsoletes=0 docker-ce-17.03.2.ce-1.el7.centos.x86_64 docker-ce-selinux-17.03.2.ce-1.el7.centos.noarch systemctl daemon-reload systemctl restart docker docker version docker info 配置镜像加速 阿里云Docker-hub https://cr.console.aliyun.com/cn-hangzhou/mirrors mkdir -p /etc/docker tee /etc/docker/daemon.json <<-'EOF' { "registry-mirrors": ["https://68rmyzg7.mirror.aliyuncs.com"] } EOF 或者: vim /etc/docker/daemon.json { "registry-mirrors": ["https://68rmyzg7.mirror.aliyuncs.com"] } 1. pull常用镜像 docker pull centos:6.9 docker pull centos:7.5.1804 docker pull nginx CPU MEM IO OS : Kernel #进入centos环境 docker run -it centos:6.9 查看 cat /etc/redhat-release
四、d5 docker使用
设置下次开机启动 systemctl enable docker systemctl start docker ps -ef | grep docker or docker version 1. 镜像管理 1.1 获取镜像 docker search centos docker pull centos:6.9 docker pull centos:7.5.1804 docker pull nginx 1.2 查询镜像 docker images docker images -q docker inspect ID/name:tag 1.3 删除镜像 docker rmi ID docker rmi `docker images -q` docker rmi $(docker images -q) 1.4 导入导出镜像 [root@docker ~]# docker image save nginx >/opt/nginx.tar.gz [root@docker ~]# docker image load -i /opt/nginx.tar.gz 1.5 启动容器并获取镜像 [root@docker ~]# docker run -d -p 80:80 httpd [root@docker ~]# docker ps -a [root@docker ~]# docker images 1.6 docker一步一步学习制作镜像 语法: 第一个镜像创建: docker ps -a docker commit xxxxxx oldguo/wordpress:v1 docker images 制作镜像: centos7.5+vim+net-tools+iproute+sshd 1.启动新容器 docker run -it --name "centos7.5" 76d6bc25b8a5 2.优化yum源 mv /etc/yum.repos.d/*.repo /tmp echo -e "[ftp] name=ftp baseurl=ftp://10.0.0.100/pub/centos7 gpgcheck=0">/etc/yum.repos.d/ftp.repo 3. 安装必须软件包 yum install -y vim net-tools iproute openssh-* -y 4.启动SSHD mkdir /var/run/sshd echo 'UseDNS no' >> /etc/ssh/sshd_config sed -i -e '/pam_loginuid.so/d' /etc/pam.d/sshd echo 'root:123456' | chpasswd /usr/bin/ssh-keygen -A /usr/sbin/sshd -D 注意: 以上操作做完之后,会一直不退出,需要用以下命令退回到宿主机,并不关闭容器 ctrl p q 5.制作镜像 docker ps -a docker commit centos7.5 oldguo/centos7_sshd:v2 ## Centos7.5 [root@docker sshd]# vim dockerfile FROM centos:7.5.1804 RUN mv /etc/yum.repos.d/*.repo /tmp RUN echo -e "[ftp] name=ftp baseurl=ftp://10.0.0.100/pub/centos7 gpgcheck=0">/etc/yum.repos.d/ftp.repo RUN yum install -y openssh-server RUN yum install -y openssh-clients RUN yum install net-tools* -y RUN yum install iproute-* -y RUN mkdir /var/run/sshd RUN echo 'UseDNS no' >> /etc/ssh/sshd_config RUN sed -i -e '/pam_loginuid.so/d' /etc/pam.d/sshd RUN echo 'root:123456' | chpasswd RUN /usr/bin/ssh-keygen -A EXPOSE 22 CMD ["/usr/sbin/sshd", "-D"] docker build -t "oldguo/centos7_sshd:v3" /opt/dockerfile =========================================== 2. 容器基本管理 2.0 容器的类型 工具类:vim docker run -it --name="test_vim" 3fe2fe0dab2e /bin/bash 服务类:nginx docker run -d -p 8080:80 --name="discuz" nginx:1.14 netstat -lnp| grep 8080 docker ps -a 2.1 容器的多类启动方式 (1)交互式启动 [root@docker ~]# docker run -it --name "testcentos" centos:6.9 /bin/bash 主要是针对于工具类的容器,一旦exit容器,容器就自动关闭 echo "<html><body><h1>HI,wudi</h1></body></html>" >index.html (2)守护式启动 1.交互式启动容器+Ctrl+p+q [root@docker ~]# docker run -it --name "testnginx" nginx /bin/bash 加ctrl+p+q [root@docker ~]# docker attach testnginx 2.死循环 docker run --name testnginx1 -d nginx /bin/sh -c "while true ;do echo hello world; sleep 1;done" 3.服务前台运行 sshd -D nginx -g "" hang 夯住 2.2 容器的常用管理命令 docker ps -a -q -l docker rm 容器ID|容器名称 批量删除已关闭 docker rm -v $(docker ps -aq -f status=exited) 批量强制删除所有 docker rm -f `docker ps -a –q` docker top nginx docker inspect nginx docker attach 容器ID|容器名称(工具类)配合ctrl+p+q docker exec -i -t 容器ID|容器名称 /bin/bash(服务类),一般是做服务类容器调试用 [root@docker ~]# docker exec -it centos6.9 /bin/bash docker stop docker kill docker start -i docker restart 容器ID|容器名称 3. 数据卷的使用(持久化) 4.制作私有仓库 4.1 配置私有仓库 docker run -d -p 5000:5000 --restart=always --name registry -v /opt/Registry:/var/lib/registry registry vim /etc/docker/daemon.json { "registry-mirrors": ["https://68rmyzg7.mirror.aliyuncs.com"], "insecure-registries": ["10.0.0.100:5000"] } systemctl restart docker 4.2 使用本地镜像: 4.2.1 制作本地镜像并push到 [root@docker ~]# docker tag nginx 10.0.0.100:5000/oldguo/nginx:v1 [root@docker ~]# docker images [root@docker ~]# docker push 10.0.0.100:5000/oldguo/nginx:v1 4.2.2 异地进行pull镜像 [root@docker ~]# docker pull 10.0.0.100:5000/oldguo/nginx:v1 故障转移:(高可用) 1.主备系统
k8s技术
1.快速部署K8S环境 k8s-m :10.0.0.11 k8s-n1 :10.0.0.12 k8s-n2 :10.0.0.13 2.所有节点安装docker环境及依赖 2.1 上传docker-k8s.zip软件到各节点/opt,并解压 2.2 进入目录进行安装 cd /opt/docker-k8s yum localinstall -y *.rpm 3.master端软件安装 3.1 上传k8s-master.zip到/opt,并解压 3.2 进入目录并安装 cd /opt/k8s-master yum localinstall -y *.rpm 4.node节点软件安装 4.1 上传k8s-node到两个node节点/opt并解压 4.2 进入目录进行安装 cd /opt/k8s-node yum localinstall -y *.rpm 5.配置主节点ETCD vim /etc/etcd/etcd.conf ETCD_LISTEN_CLIENT_URLS="http://0.0.0.0:2379" ETCD_ADVERTISE_CLIENT_URLS="http://10.0.0.11:2379" 重启服务并测试 systemctl restart etcd.service systemctl enable etcd.service etcdctl set name oldguo etcdctl get name 6.配置Master节点 vim /etc/kubernetes/apiserver KUBE_API_ADDRESS="--insecure-bind-address=0.0.0.0" KUBE_API_PORT="--port=8080" KUBE_ETCD_SERVERS="--etcd-servers=http://10.0.0.11:2379" KUBE_SERVICE_ADDRESSES="--service-cluster-ip-range=10.254.0.0/16" KUBE_ADMISSION_CONTROL="--admission-control=NamespaceLifecycle,NamespaceExists,LimitRanger,SecurityContextDeny,ResourceQuota" vim /etc/kubernetes/config 重启服务 systemctl enable kube-apiserver.service systemctl start kube-apiserver.service systemctl enable kube-controller-manager.service systemctl start kube-controller-manager.service systemctl enable kube-scheduler.service systemctl start kube-scheduler.service 7.node节点配置 vim /etc/kubernetes/config KUBE_MASTER="--master=http://10.0.0.11:8080" vim /etc/kubernetes/kubelet KUBELET_ADDRESS="--address=10.0.0.12/13" KUBELET_HOSTNAME="--hostname-override=10.0.0.12/13" KUBELET_API_SERVER="--api-servers=http://10.0.0.11:8080" 重启服务 systemctl enable kubelet.service systemctl start kubelet.service systemctl enable kube-proxy.service systemctl start kube-proxy.service 8.验证节点状态 [root@k8s-m ~]# kubectl get nodes 9.所有节点配置flannel网络 yum install flannel -y sed -i 's#http://127.0.0.1:2379#http://10.0.0.11:2379#g' /etc/sysconfig/flanneld etcdctl mk /atomic.io/network/config '{ "Network": "172.16.0.0/16" }' etcdctl get /atomic.io/network/config { "Network": "172.16.0.0/16" } master节点: systemctl enable flanneld.service systemctl start flanneld.service service docker restart systemctl restart kube-apiserver.service systemctl restart kube-controller-manager.service systemctl restart kube-scheduler.service ifconfig -a node节点: systemctl enable flanneld.service systemctl start flanneld.service service docker restart systemctl restart kubelet.service systemctl restart kube-proxy.service 10.配置master为镜像仓库 #master节点 vim /etc/sysconfig/docker OPTIONS='--selinux-enabled --log-driver=journald --signature-verification=false --registry-mirror=https://registry.docker-cn.com --insecure-registry=10.0.0.11:5000' systemctl restart docker ======================================================================================================= 配置本地register docker tag nginx 10.0.0.11:5000/oldguo/nginx:v1 docker run -d -p 5000:5000 --restart=always --name registry -v /opt/myregistry:/var/lib/registry registry docker push 10.0.0.11:5000/oldguo/nginx:v1 #node节点 vim /etc/sysconfig/docker OPTIONS='--selinux-enabled --log-driver=journald --signature-verification=false --insecure-registry=10.0.0.11:5000' systemctl restart docker docker pull 10.0.0.11:5000/oldguo/nginx:v1 ===================================== 二.k8s核心资源管理 1.PODS 1.1 创建 创建第一个pod mkdir /opt/yml -p cd /opt/yml [root@k8s-m yml]# cat k8s_pod.yml apiVersion: v1 kind: Pod metadata: name: nginx labels: app: web spec: containers: - name: nginx image: 10.0.0.11:5000/oldguo/nginx:v1 ports: - containerPort: 80 [root@k8s-m yml]# kubctl create -f k8s_pod.yml 1.2 查询 kubectl get pod kubectl get pod -o wide kubectl describe pod 报错: ++++++++++++++++++++++++++++++++++++++++ failed to "StartContainer" for "POD" with ErrImagePull: "image pull failed for registry.access.redhat.com/rhel7/pod-infrastructure:latest, this may be because there are no credentials on this request. details: (open /etc/docker/certs.d/registry.access.redhat.com/redhat-ca.crt: no such file or directory)" +++++++++++++++++++++++++++++++++++++++ registry.access.redhat.com/rhel7/pod-infrastructure:latest ++++++++++++++++++++++++++++++++++++++ 解决: master:上传准备好的容器为本地register(pod-infrastructure-latest.tar.gz) [root@k8s-m opt]# docker load -i pod-infrastructure-latest.tar.gz [root@k8s-m opt]# docker images [root@k8s-m opt]# docker tag docker.io/tianyebj/pod-infrastructure:latest 10.0.0.11:5000/oldguo/pod-infrastructure:latest [root@k8s-m opt]# docker images [root@k8s-m opt]# docker push 10.0.0.11:5000/oldguo/pod-infrastructure:latest node:(所有node节点) [root@k8s-n1 ~]# vim /etc/kubernetes/kubelet KUBELET_POD_INFRA_CONTAINER="--pod-infra-container-image=10.0.0.11:5000/oldguo/pod-infrastructure:latest" systemctl restart kubelet.service 1.3 删除 [root@k8s-m yml]# kubectl delete pod nginx 1.4 更新 master: [root@k8s-m yml]# docker pull nginx [root@k8s-m yml]# docker tag docker.io/nginx:latest 10.0.0.11:5000/oldguo/nginx:v2 [root@k8s-m yml]# docker push 10.0.0.11:5000/oldguo/nginx:v2 [root@k8s-m yml]# kubectl replace --force -f k8s_pod.yml 2.RC(ReplicationController) 作用:高可用 master: 配置yml文件 vim k8s_nginx_rc.yml apiVersion: v1 kind: ReplicationController metadata: name: nginx spec: replicas: 3 selector: app: nginx template: metadata: labels: app: nginx spec: containers: - name: nginx image: 10.0.0.11:5000/oldguo/nginx:v1 ports: - containerPort: 80 [root@k8s-m yml]# kubectl create -f k8s_nginx_rc.yml [root@k8s-m yml]# kubectl get rc [root@k8s-m yml]# kubectl delete rc nginx 副本数增删 1.修改配置文件 vim k8s_nginx_rc.yml [root@k8s-m yml]# kubectl replace -f k8s_nginx_rc.yml 2.kubectl edit rc nginx 3.kubectl scale rc nginx --replicas=4 滚动升级及回滚: cp k8s_nginx_rc.yml k8s_nginx1_rc.yml kubectl rolling-update nginx -f k8s_nginx1_rc.yml --update-period=10s 注: 升级出现问题时,升级过程中出现bug.使用以下命令回滚(前提是没有升级完) [root@k8s-master ~]# kubectl rolling-update nginx nginx2 --rollback 回退方案即是相反操作即可。 3.Service 创建svc配置文件 vim k8s_nginx_svc.yml apiVersion: v1 kind: Service metadata: name: nginxsvc spec: type: NodePort ports: - port: 80 nodePort: 30001 selector: app: nginx2 [root@k8s-m yml]# kubectl create -f k8s_nginx_svc.yml [root@k8s-m yml]# kubectl get svc [root@k8s-m yml]# curl -I 10.0.0.13:30001 [root@k8s-m yml]# curl -I 10.0.0.12:30001 deployment资源管理: vim k8s_nginx_dev.yml apiVersion: extensions/v1beta1 kind: Deployment metadata: name: nginx spec: replicas: 2 template: metadata: labels: app: nginx spec: containers: - name: nginx image: 10.0.0.11:5000/oldguo/nginx:v2 ports: - containerPort: 80 [root@k8s-m yml]# kubectl create -f k8s_nginx_dev.yml [root@k8s-m yml]# kubectl get deployment deployment滚动升级 kubectl set image deployment/nginx nginx=10.0.0.11:5000/oldguo/nginx:v1 kubectl rollout undo deployment/nginx 实现自动pod伸缩 [root@k8s-m yml]# kubectl autoscale deployment nginx --min=2 --max=6 --cpu-percent=80