Eli's Blog

1. CentOS

1.1 安装依赖包

1
2
3
4
5
6
7
8
# 更换yum源
mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.backup

curl http://mirrors.aliyun.com/repo/Centos-7.repo -o /etc/yum.repos.d/CentOS-Base.repo

yum makecache

yum install -y conntrack ntpdate ntp ipvsadm ipset iptables sysstat wget vim net-tools git

1.2 设置防火墙规则

1
2
3
4
5
6
7
systemctl stop firewalld && systemctl disable firewalld

yum install -y iptables-services

systemctl start iptables && systemctl enable iptables

iptables -F && service iptables save

1.3 关闭SELINUX

1
setenforce 0 && sed -i 's/^SELINUX=.*/SELINUX=disabled/' /etc/selinux/config

1.4 调整时区

1
2
3
4
5
6
7
8
9
10
11
12
13
14
timedatectl set-timezone Asia/Shanghai
date -s 10:52:50
hwclock -w

timedatectl set-local-rtc 0  # 硬件时钟设置为协调UTC (操作)
timedatectl set-local-rtc 1  # 硬件时钟设置为协调本地时间

# 重启依赖时间的服务
systemctl restart rsyslog   
systemctl restart crond

# 开启时间同步
crontab -e
*/30 * * * * /usr/sbin/ntpdate ntp1.aliyun.com

1.5 关闭系统冗余服务

1
systemctl stop postfix && systemctl disable postfix

1.6 设置rsyslogd 和 systemd journald

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
# 持久化保存日志目录
mkdir -p /var/log/journal

# 持久化日志配置
mkdir -p /etc/systemd/journald.conf.d

cat > /etc/systemd/journald.conf.d/99-prophet.conf <<EOF
[Journal]
# 持久化保存到磁盘
Storage-persistent

# 压缩日志
Compress=yes

SyncIntervalSec=5m
RateLimitInterval=30s
RateLimitBurst=1000

# 最大占用空间
SystemMaxUser=10G

# 单个日志文件最大
SystemMaxFileSize=200M

# 日志保存时间
MaxRetentionSec=2week

# 不将日志转发到 syslog
ForwardToSyslog=no
EOF

systemctl restart systemd-journald

1.7 安装Docker

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
yum install -y yum-utils device-mapper-persistent-data lvm2

yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo

# 选取合适的docker版本, 默认安装最新版
yum list docker-ce --showduplicates | sort -r   

yum update -y && yum install -y docker-ce

# 启动docker
systemctl start docker && systemctl enable docker

# 配置docker
mkdir -p /etc/docker
cat > /etc/docker/daemon.json <<EOF
{
  "exec-opts": ["native.cgroupdriver=systemd"],
  "log-driver": "json-file",
  "log-opts": {
    "max-size": "100m"
  },
  "registry-mirrors": ["https://pvjhx571.mirror.aliyuncs.com"]
}
EOF

systemctl daemon-reload && systemctl restart docker

1.8 支持代理

1
2
3
4
5
6
7
8
9
mkdir -p /etc/systemd/system/docker.service.d

cat > /etc/systemd/system/docker.service.d/http-proxy.conf <<EOF 
[Service] 
Environment="ALL_PROXY=socks5://192.168.31.20:1080/"
Environment="NO_PROXY=localhost,127.0.0.1,docker.io,hub.elihe.io,pvjhx571.mirror.aliyuncs.com"
EOF

systemctl daemon-reload && systemctl restart docker

1.9 开启远程访问

1
2
3
4
5
6
7
vi /etc/docker/daemon.json
{
    "hosts": ["tcp://0.0.0.0:2357", "unix:///var/run/docker.sock"]
}

# -H, --host
docker -H 192.168.31.41 network show

2. Ubuntu

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
sudo apt-get update

sudo apt-get install apt-transport-https ca-certificates curl software-properties-common

curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -

sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
sudo add-apt-repository --remove "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"

sudo add-apt-repository "deb [arch=amd64] https://mirrors.aliyun.com/docker-ce/linux/ubuntu $(lsb_release -cs) stable"

sudo apt-get update

sudo apt-get install docker-ce

# 避免执行docker命令使用sudo, 不使用
sudo usermod -aG docker $USER

3. MacOS

修改容器配置

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
# 停止容器
docker stop mysql-master

# 获取容器Id
docker inspect mysql-master | grep -w "Id"

# 进入docker虚拟镜像 (MacOS)
cd ~/Library/Containers/com.docker.docker/Data/vms/0
screen tty

# 编辑配置文件
cd /var/lib/docker/containers/2d8790feefd411d081791eef1b07b8499d72cd7a8d0f8af7b2e306f85305da52
-rw-------    1 root     root          3262 Jun 17 13:38 config.v2.json
-rw-r--r--    1 root     root          1633 Jun 17 13:39 hostconfig.json

# 退出docker镜像
Ctrl-A-D

# 查询screen进程,并彻底退出 (非常重要)
screen -ls
There is a screen on:
	47007.ttys007.MacPro	(Detached)
1 Socket in /var/folders/td/m3fv0wrd27d4ydwl5hdmqyjm0000gn/T/.screen.

kill -9 47007

screen -wipe
There is a screen on:
	47007.ttys007.MacPro	(Removed)
1 socket wiped out.

# 重启docker进程 (必须,否则修改的配置不生效)

# 检查容器的配置是否已更新
docker inspect mysql-master

# 启动容器
docker start mysql-master

4. 图形化管理工具

1
2
3
4
5
docker volume create portainer_data

docker run -d -p 8000:8000 -p 9000:9000 --name=portainer --restart=always -v /var/run/docker.sock:/var/run/docker.sock -v portainer_data:/data portainer/portainer

http://192.168.31.30:9000  eli@1234

 上一页