Ubuntu16.04部署bitcoin接口服务节点

 未分类  No Responses »
5月 302018
 

https://launchpad.net/~bitcoin/+archive/ubuntu/bitcoin
sudo add-apt-repository ppa:bitcoin/bitcoin
sudo apt-get update

添加软件仓库(软件仓库管理工具)

root@localhost:~# add-apt-repository ppa:bitcoin/bitcoin
The program 'add-apt-repository' is currently not installed. You can install it by typing:
apt install software-properties-common
root@localhost:~# apt-get install software-properties-common
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages were automatically installed and are no longer required:
linux-headers-4.4.0-87 linux-headers-4.4.0-87-generic
linux-image-4.4.0-87-generic linux-image-extra-4.4.0-87-generic
Use 'apt autoremove' to remove them.
The following additional packages will be installed:
python3-pycurl python3-software-properties unattended-upgrades
Suggested packages:
libcurl4-gnutls-dev python-pycurl-doc python3-pycurl-dbg bsd-mailx
The following NEW packages will be installed:
python3-pycurl python3-software-properties software-properties-common
unattended-upgrades
0 upgraded, 4 newly installed, 0 to remove and 80 not upgraded.
Need to get 104 kB of archives.
After this operation, 799 kB of additional disk space will be used.
Do you want to continue? [Y/n]

添加软件仓库

root@localhost:~# add-apt-repository ppa:bitcoin/bitcoin
Stable Channel of bitcoin-qt and bitcoind for Ubuntu, and their dependencies

Note that you should prefer to use the official binaries, where possible, to limit trust in Launchpad/the PPA owner.

No longer supports precise, due to its ancient gcc and Boost versions.
More info: https://launchpad.net/~bitcoin/+archive/ubuntu/bitcoin
Press [ENTER] to continue or ctrl-c to cancel adding it

gpg: keyring `/tmp/tmpn1f_v7v0/secring.gpg' created
gpg: keyring `/tmp/tmpn1f_v7v0/pubring.gpg' created
gpg: requesting key 8842CE5E from hkp server keyserver.ubuntu.com
gpg: /tmp/tmpn1f_v7v0/trustdb.gpg: trustdb created
gpg: key 8842CE5E: public key "Launchpad PPA for Bitcoin" imported
gpg: no ultimately trusted keys found
gpg: Total number processed: 1
gpg: imported: 1 (RSA: 1)
OK
root@localhost:~#

更新软件仓库索引

root@localhost:~# apt update
Hit:1 http://mirrors.cloud.aliyuncs.com/ubuntu xenial InRelease
Hit:2 http://mirrors.cloud.aliyuncs.com/ubuntu xenial-security InRelease
Hit:3 http://mirrors.cloud.aliyuncs.com/ubuntu xenial-updates InRelease
Hit:4 http://mirrors.cloud.aliyuncs.com/ubuntu xenial-proposed InRelease
Hit:5 http://mirrors.cloud.aliyuncs.com/ubuntu xenial-backports InRelease
Get:6 http://ppa.launchpad.net/bitcoin/bitcoin/ubuntu xenial InRelease [17.5 kB]
Get:7 http://ppa.launchpad.net/bitcoin/bitcoin/ubuntu xenial/main amd64 Packages [2,788 B]
Get:8 http://ppa.launchpad.net/bitcoin/bitcoin/ubuntu xenial/main i386 Packages [2,788 B]
Get:9 http://ppa.launchpad.net/bitcoin/bitcoin/ubuntu xenial/main Translation-en [1,712 B]
Fetched 24.8 kB in 3s (7,783 B/s)
Reading package lists... Done
Building dependency tree
Reading state information... Done
80 packages can be upgraded. Run 'apt list --upgradable' to see them.
root@localhost:~#

搜索软件包

root@localhost:~# apt search bitcoin
Sorting... Done
Full Text Search... Done
bfgminer/xenial 5.2.0+dfsg-1build1 amd64
multi-threaded multi-pool ASIC, FPGA and GPU bitcoin miner

bitcoin-qt/xenial 0.16.0-xenial1 amd64
peer-to-peer network based digital currency - Qt GUI

bitcoin-tx/xenial 0.16.0-xenial1 amd64
peer-to-peer digital currency - standalone transaction tool

bitcoind/xenial 0.16.0-xenial1 amd64
peer-to-peer network based digital currency - daemon

cgminer/xenial 4.9.2-1build1 amd64
multi-threaded multi-pool Bitcoin miner

libbase58-0/xenial 0.1.4-1 amd64
library for Bitcoin's base58 encoding

libbase58-dev/xenial 0.1.4-1 amd64
library for Bitcoin's base58 encoding -- development files

libbitcoin-dev/xenial 2.0-2.4 amd64
Bitcoin toolkit library for asynchronous apps - development headers

libbitcoin0v5/xenial 2.0-2.4 amd64
Bitcoin toolkit library for asynchronous apps

libbitcoin0v5-dbg/xenial 2.0-2.4 amd64
Bitcoin toolkit library for asynchronous apps - debugging symbols

libblkmaker-0.1-6/xenial 0.5.2-1 amd64
implementation of getblocktemplate protocol

libblkmaker-0.1-dev/xenial 0.5.2-1 amd64
C implementation of getblocktemplate protocol - development files

python-btchip/xenial,xenial 0.1.16-1 all
Python library to communicate with BTChip dongle

python-mnemonic/xenial,xenial 0.12-1 all
Implementation of Bitcoin BIP-0039

python-trezor/xenial,xenial 0.6.10-1 all
library for communicating with TREZOR Bitcoin HW wallet

root@localhost:~#

安装服务节点程序

root@localhost:~# apt-get install bitcoind
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages were automatically installed and are no longer required:
linux-headers-4.4.0-87 linux-headers-4.4.0-87-generic
linux-image-4.4.0-87-generic linux-image-extra-4.4.0-87-generic
Use 'apt autoremove' to remove them.
The following additional packages will be installed:
libboost-chrono1.58.0 libboost-filesystem1.58.0
libboost-program-options1.58.0 libdb4.8++ libevent-core-2.0-5
libevent-pthreads-2.0-5 libminiupnpc10 libsodium18 libzmq5
Suggested packages:
minissdpd
The following NEW packages will be installed:
bitcoind libboost-chrono1.58.0 libboost-filesystem1.58.0
libboost-program-options1.58.0 libdb4.8++ libevent-core-2.0-5
libevent-pthreads-2.0-5 libminiupnpc10 libsodium18 libzmq5
0 upgraded, 10 newly installed, 0 to remove and 80 not upgraded.
Need to get 2,994 kB of archives.
After this operation, 10.3 MB of additional disk space will be used.
Do you want to continue? [Y/n]

查看软件包安装结构

root@localhost:~# dpkg -L bitcoind
/.
/usr
/usr/bin
/usr/bin/bitcoind
/usr/bin/bitcoin-cli
/usr/share
/usr/share/lintian
/usr/share/lintian/overrides
/usr/share/lintian/overrides/bitcoind
/usr/share/doc
/usr/share/doc/bitcoind
/usr/share/doc/bitcoind/changelog.Debian.gz
/usr/share/doc/bitcoind/examples
/usr/share/doc/bitcoind/examples/bitcoin.conf.gz
/usr/share/doc/bitcoind/copyright
/usr/share/bash-completion
/usr/share/bash-completion/completions
/usr/share/bash-completion/completions/bitcoind
/usr/share/bash-completion/completions/bitcoin-cli
/usr/share/man
/usr/share/man/man1
/usr/share/man/man1/bitcoin-cli.1.gz
/usr/share/man/man1/bitcoind.1.gz
root@localhost:~#

配置启动脚本
不指定rpcallowip时,RPC仅监听127.0.0.1地址

root@localhost:~# mkdir -p /data/bitcoin
root@localhost:~# vi start.sh
#!/bin/bash
#

/usr/bin/bitcoind -daemon -datadir=/data/bitcoin -bind=192.168.199.100 -port=8333 \
-server -rpcbind=192.168.199.100 -rpcport=8332 -rpcallowip=192.168.199.0/24 \
-rpcthreads=4 -rpcuser=tom -rpcpassword=123456;

exit 0;
root@localhost:~# chmod 700 start.sh
root@localhost:~# ./start.sh
Bitcoin server starting
root@localhost:~#

查看监听

root@localhost:~# netstat -lnt
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:32000 0.0.0.0:* LISTEN
tcp 0 0 192.168.199.100:8332 0.0.0.0:* LISTEN
tcp 0 0 192.168.199.100:8333 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:42832 0.0.0.0:* LISTEN
tcp6 0 0 :::36003 :::* LISTEN
root@localhost:~# netstat -tn
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 192.168.199.100:691 10.22.107.25:2049 ESTABLISHED
tcp 0 0 192.168.199.100:50502 144.76.98.163:8333 TIME_WAIT
tcp 0 164 192.168.199.100:22 10.22.100.1:33336 ESTABLISHED
tcp 0 0 192.168.199.100:44482 117.81.184.11:8333 ESTABLISHED
tcp 0 0 192.168.199.100:48848 163.172.186.236:8333 TIME_WAIT
tcp 0 0 127.0.0.1:32000 127.0.0.1:31000 ESTABLISHED
tcp 0 0 192.168.199.100:39614 78.46.177.74:8333 TIME_WAIT
tcp 0 0 192.168.199.100:40814 100.100.35.4:3128 ESTABLISHED
tcp 0 0 127.0.0.1:31000 127.0.0.1:32000 ESTABLISHED
tcp 0 127 192.168.199.100:45176 82.118.242.132:8333 FIN_WAIT1
tcp 0 0 192.168.199.100:56672 39.105.48.188:8333 ESTABLISHED
tcp 0 0 192.168.199.100:46430 47.75.168.155:8333 ESTABLISHED
tcp 0 0 192.168.199.100:55654 106.11.68.13:80 ESTABLISHED
root@localhost:~#

调试请求接口

[root@oms ~]# curl --user 'tom:123456' --data-binary '''
> {
> "method": "getblockhash",
> "params": [0],
> "id": "foo"
> }''' \
> --header 'Content-Type: text/plain;' 192.168.199.100:8332
{"result":"000000000019d6689c085ae165831e934ff763ae46a2a6c172b3f1b60a8ce26f","error":null,"id":"foo"}
[root@oms ~]#

Ubuntu16.04NFS客户端挂载NFS存储

 未分类  No Responses »
5月 292018
 

Ubuntu16.04安装NFS客户端并挂载NFS存储

安装NFS客户端组件

root@localhost:~# apt-get update
root@localhost:~# apt-get install nfs-common
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages were automatically installed and are no longer required:
linux-headers-4.4.0-87 linux-headers-4.4.0-87-generic
linux-image-4.4.0-87-generic linux-image-extra-4.4.0-87-generic
Use 'apt autoremove' to remove them.
The following additional packages will be installed:
keyutils libevent-2.0-5 libnfsidmap2 libtirpc1 rpcbind
Suggested packages:
open-iscsi watchdog
The following NEW packages will be installed:
keyutils libevent-2.0-5 libnfsidmap2 libtirpc1 nfs-common rpcbind
0 upgraded, 6 newly installed, 0 to remove and 80 not upgraded.
Need to get 493 kB of archives.
After this operation, 1,693 kB of additional disk space will be used.
Do you want to continue? [Y/n] Y

挂载NAS存储并查看挂载信息

root@localhost:~# mount -t nfs -o vers=4.0 9999f94a9b0-biz99.cn-hongkong.nas.aliyuncs.com:/ /data
root@localhost:~# df -h
Filesystem Size Used Avail Use% Mounted on
udev 2.0G 0 2.0G 0% /dev
tmpfs 396M 2.8M 393M 1% /run
/dev/vda1 99G 2.7G 91G 3% /
tmpfs 2.0G 0 2.0G 0% /dev/shm
tmpfs 5.0M 4.0K 5.0M 1% /run/lock
tmpfs 2.0G 0 2.0G 0% /sys/fs/cgroup
tmpfs 396M 0 396M 0% /run/user/0
9999f94a9b0-biz99.cn-hongkong.nas.aliyuncs.com:/ 1.0P 0 1.0P 0% /data
root@localhost:~#

设置NFS在系统启动时自动挂载

root@localhost:~# vi /etc/fstab
9999f94a9b0-biz99.cn-hongkong.nas.aliyuncs.com:/ /data nfs auto,nofail,noatime,nolock,intr,tcp,actimeo=1800 0 0

手动挂载和自动挂载mount输出的差异

9999f94a9b0-biz99.cn-hongkong.nas.aliyuncs.com:/ on /data type nfs4 (rw,relatime,vers=4.0,rsize=1048576,wsize=1048576,namlen=255,hard,proto=tcp,timeo=600,retrans=2,sec=sys,clientaddr=10.22.105.10,local_lock=none,addr=10.22.107.25)

9999f94a9b0-biz99.cn-hongkong.nas.aliyuncs.com:/ on /data type nfs4 (rw,noatime,vers=4.0,rsize=1048576,wsize=1048576,namlen=255,acregmin=1800,acregmax=1800,acdirmin=1800,acdirmax=1800,hard,proto=tcp,timeo=600,retrans=2,sec=sys,clientaddr=10.22.105.10,local_lock=none,addr=10.22.107.25)

NFS性能参数调优

root@localhost:~# cat /proc/sys/sunrpc/tcp_slot_table_entries
2
root@localhost:~#
root@localhost:~# echo "options sunrpc tcp_slot_table_entries=128" >> /etc/modprobe.d/sunrpc.conf
root@localhost:~# echo "options sunrpc tcp_max_slot_table_entries=128" >> /etc/modprobe.d/sunrpc.conf
root@localhost:~# sysctl -w sunrpc.tcp_slot_table_entries=128
sunrpc.tcp_slot_table_entries = 128
root@localhost:~# cat /proc/sys/sunrpc/tcp_slot_table_entries
128
root@localhost:~#

NFS协议挂载NAS服务的性能调优

 未分类  No Responses »
5月 282018
 

NFS协议挂载NAS服务的性能调优

本地最小化镜像安装后的默认内核参数配置

[root@localhost ~]# sysctl -p
net.ipv4.conf.all.arp_notify = 1
[root@localhost ~]#
[root@localhost ~]# cat /etc/redhat-release
CentOS Linux release 7.4.1708 (Core)
[root@localhost ~]#

阿里云标准ECS镜像的默认内核参数配置

[root@oms ~]# sysctl -p
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1
vm.swappiness = 0
net.ipv4.neigh.default.gc_stale_time = 120
net.ipv4.conf.all.rp_filter = 0
net.ipv4.conf.default.rp_filter = 0
net.ipv4.conf.default.arp_announce = 2
net.ipv4.conf.lo.arp_announce = 2
net.ipv4.conf.all.arp_announce = 2
net.ipv4.tcp_max_tw_buckets = 5000
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_max_syn_backlog = 1024
net.ipv4.tcp_synack_retries = 2
kernel.sysrq = 1
[root@oms ~]#
[root@oms ~]# cat /etc/redhat-release
CentOS Linux release 7.4.1708 (Core)
[root@oms ~]#

NSF协议调优参数配置
cat /proc/sys/sunrpc/tcp_slot_table_entries

修改
echo “options sunrpc tcp_slot_table_entries=128” >> /etc/modprobe.d/sunrpc.conf
echo “options sunrpc tcp_max_slot_table_entries=128” >> /etc/modprobe.d/sunrpc.conf
sysctl -w sunrpc.tcp_slot_table_entries=128

三节点ZooKeeper3.4.12最小化集群配置

 未分类  No Responses »
5月 252018
 

https://archive.apache.org/dist/zookeeper/

安装JDK环境

[root@zk1 ~]# yum -y install jdk-8u171-linux-x64.rpm

解压缩zookeeper安装包

[root@zk1 ~]# tar xzf zookeeper-3.4.12.tar.gz
[root@zk1 ~]# mv zookeeper-3.4.12 /usr/local/
[root@zk1 ~]# cd /usr/local/
[root@zk1 local]# ln -s zookeeper-3.4.12/ zookeeper
[root@zk1 local]#

添加环境变量

[root@zk1 conf]# vi /etc/profile
export PATH=/usr/local/zookeeper/bin/:$PATH
[root@zk1 conf]# source /etc/profile

查看默认配置文件

[root@zk1 ~]# cd /usr/local/zookeeper/conf/
[root@zk1 conf]# cat zoo_sample.cfg
# The number of milliseconds of each tick
tickTime=2000
# The number of ticks that the initial
# synchronization phase can take
initLimit=10
# The number of ticks that can pass between
# sending a request and getting an acknowledgement
syncLimit=5
# the directory where the snapshot is stored.
# do not use /tmp for storage, /tmp here is just
# example sakes.
dataDir=/tmp/zookeeper
# the port at which the clients will connect
clientPort=2181
# the maximum number of client connections.
# increase this if you need to handle more clients
#maxClientCnxns=60
#
# Be sure to read the maintenance section of the
# administrator guide before turning on autopurge.
#
# http://zookeeper.apache.org/doc/current/zookeeperAdmin.html#sc_maintenance
#
# The number of snapshots to retain in dataDir
#autopurge.snapRetainCount=3
# Purge task interval in hours
# Set to "0" to disable auto purge feature
#autopurge.purgeInterval=1

修改配置文件并新增集群节点配置

[root@zk1 conf]# cp zoo_sample.cfg zoo.cfg
[root@zk1 conf]# vi zoo.cfg
dataDir=/var/lib/zookeeper
dataLogDir=/var/log/zookeeper
server.1=192.168.137.130:2888:3888
server.2=192.168.137.129:2888:3888
server.3=192.168.137.128:2888:3888

创建集群节点ID文件

[root@zk1 ~]# echo "1" > /tmp/zookeeper/myid
[root@zk1 ~]# cat /tmp/zookeeper/myid
1
[root@zk1 ~]#

[root@zk2 ~]# echo "2" > /tmp/zookeeper/myid
[root@zk2 ~]# cat /tmp/zookeeper/myid
2
[root@zk2 ~]#

[root@zk3 ~]# echo "3" > /tmp/zookeeper/myid
[root@zk3 ~]# cat /tmp/zookeeper/myid
3
[root@zk3 ~]#

增加JVM内存配置文件

[root@zk1 ~]# vi /usr/local/zookeeper/conf/java.env
#!/bin/bash
export JVMFLAGS="-Xms1024m -Xmx1024m $JVMFLAGS"

添加环境变量

[root@zk1 ~]# export ZOOKEEPER_HOME=/usr/local/zookeeper/
[root@zk1 ~]# export PATH=$PATH:$ZOOKEEPER_HOME/bin

export ZOOKEEPER_HOME=/usr/local/zookeeper/
export PATH=$PATH:$ZOOKEEPER_HOME/bin

启动集群节点

[root@zk1 ~]# zkServer.sh start
ZooKeeper JMX enabled by default
Using config: /usr/local/zookeeper/bin/../conf/zoo.cfg
Starting zookeeper ... STARTED
[root@zk1 ~]#

[root@zk2 conf]# cd
[root@zk2 ~]# zkServer.sh start
ZooKeeper JMX enabled by default
Using config: /usr/local/zookeeper/bin/../conf/zoo.cfg
Starting zookeeper ... STARTED
[root@zk2 ~]#

[root@zk3 ~]# zkServer.sh start
ZooKeeper JMX enabled by default
Using config: /usr/local/zookeeper/bin/../conf/zoo.cfg
Starting zookeeper ... STARTED
[root@zk3 ~]#

查看服务进程ID信息

[root@zk1 ~]# jps
1877 QuorumPeerMain
2153 Jps
[root@zk1 ~]#

[root@zk2 ~]# jps
1296 QuorumPeerMain
1373 Jps
[root@zk2 ~]#

[root@zk3 ~]# jps
1287 QuorumPeerMain
1357 Jps
[root@zk3 ~]#

查看服务节点角色及端口监听

[root@zk1 ~]# zkServer.sh status
ZooKeeper JMX enabled by default
Using config: /usr/local/zookeeper/bin/../conf/zoo.cfg
Mode: follower
[root@zk1 ~]# netstat -lnt
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN
tcp6 0 0 192.168.137.130:3888 :::* LISTEN
tcp6 0 0 :::45749 :::* LISTEN
tcp6 0 0 :::22 :::* LISTEN
tcp6 0 0 ::1:25 :::* LISTEN
tcp6 0 0 :::2181 :::* LISTEN
[root@zk1 ~]#

[root@zk2 ~]# zkServer.sh status
ZooKeeper JMX enabled by default
Using config: /usr/local/zookeeper/bin/../conf/zoo.cfg
Mode: leader
[root@zk2 ~]# netstat -lnt
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN
tcp6 0 0 192.168.137.129:3888 :::* LISTEN
tcp6 0 0 :::22 :::* LISTEN
tcp6 0 0 ::1:25 :::* LISTEN
tcp6 0 0 :::41377 :::* LISTEN
tcp6 0 0 :::2181 :::* LISTEN
tcp6 0 0 192.168.137.129:2888 :::* LISTEN
[root@zk2 ~]#

[root@zk3 ~]# zkServer.sh status
ZooKeeper JMX enabled by default
Using config: /usr/local/zookeeper/bin/../conf/zoo.cfg
Mode: follower
[root@zk3 ~]# netstat -lnt
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN
tcp6 0 0 192.168.137.128:3888 :::* LISTEN
tcp6 0 0 :::22 :::* LISTEN
tcp6 0 0 ::1:25 :::* LISTEN
tcp6 0 0 :::44290 :::* LISTEN
tcp6 0 0 :::2181 :::* LISTEN
[root@zk3 ~]#

使用curl查询Docker本地仓库镜像及版本

 未分类  No Responses »
5月 222018
 

查询镜像

[root@swarm4 ~]# curl -XGET http://192.168.50.216:5000/v2/_catalog
{"repositories":["centos","opensuse","ubuntu"]}
[root@swarm4 ~]#

查询镜像版本

[root@swarm4 ~]# curl -XGET http://192.168.50.216:5000/v2/ubuntu/tags/list
{"name":"ubuntu","tags":["16.04","18.04"]}
[root@swarm4 ~]# curl -XGET http://192.168.50.216:5000/v2/centos/tags/list
{"name":"centos","tags":["6.9","7.4.1708","6.7","6.6"]}
[root@swarm4 ~]# curl -XGET http://192.168.50.216:5000/v2/opensuse/tags/list
{"name":"opensuse","tags":["42.3"]}
[root@swarm4 ~]#

使用Portainer管理Docker Swarm集群

 未分类  No Responses »
5月 222018
 

使用Portainer管理Docker Swarm集群

下载部署配置文件

https://portainer.io/download/portainer-agent-stack.yml

重命名配置文件

[root@swarm1 ~]# vi portainer-agent-stack.yml
version: '3'

services:
agent:
image: portainer/agent
environment:
# REQUIRED: Should be equal to the service name prefixed by "tasks." when
# deployed inside an overlay network
AGENT_CLUSTER_ADDR: tasks.agent
# AGENT_PORT: 9001
# LOG_LEVEL: debug
volumes:
- /var/run/docker.sock:/var/run/docker.sock
networks:
- agent_network
deploy:
mode: global

portainer:
image: portainer/portainer
command: -H tcp://tasks.agent:9001 --tlsskipverify
ports:
- "9000:9000"
volumes:
- portainer_data:/data
networks:
- agent_network
deploy:
mode: replicated
replicas: 1
placement:
constraints: [node.role == manager]

networks:
agent_network:
driver: overlay

volumes:
portainer_data:

部署服务

[root@swarm1 ~]# docker stack deploy --compose-file=portainer-agent-stack.yml portainer
Creating network portainer_agent_network
Creating service portainer_agent
Creating service portainer_portainer
[root@swarm1 ~]#

查看部署状态和服务状态

Docker Swarm管理节点的提升和降级

 未分类  No Responses »
5月 162018
 

Docker Swarm集群管理节点的提升和降级

查看集群节点状态,仅有一个管理节点

[root@swarm1 ~]# docker node ls
ID HOSTNAME STATUS AVAILABILITY MANAGER STATUS ENGINE VERSION
rlle6k39z3xk82f1wqmjpd4m4 * swarm1 Ready Active Leader 18.03.1-ce
fzi0eoey60bd25cklvt5qg6p5 swarm2 Ready Active 18.03.1-ce
59optctp5n9zvv3lvaifel7bx swarm3 Ready Active 18.03.1-ce
ixqldqaby2jrgfqx7ckjpg0zs swarm4 Ready Active 18.03.1-ce
[root@swarm1 ~]#

查看工作节点仅监听7946端口

[root@swarm4 ~]# netstat -lnt
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN
tcp6 0 0 :::7946 :::* LISTEN
tcp6 0 0 :::22 :::* LISTEN
tcp6 0 0 ::1:25 :::* LISTEN
[root@swarm4 ~]#

提升swarm4为管理节点

[root@swarm1 ~]# docker node promote swarm4
Node swarm4 promoted to a manager in the swarm.
[root@swarm1 ~]#

查看swarm4节点端口监听状态,新增监听2237端口

[root@swarm4 ~]# netstat -lnt
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN
tcp6 0 0 :::2377 :::* LISTEN
tcp6 0 0 :::7946 :::* LISTEN
tcp6 0 0 :::22 :::* LISTEN
tcp6 0 0 ::1:25 :::* LISTEN
[root@swarm4 ~]#

在管理节点查看集群节点状态

降级为工作节点

[root@swarm1 ~]# docker node demote swarm4
 Manager swarm4 demoted in the swarm.
 [root@swarm1 ~]#

集群管理节点容错数量

Docker Swarm创建集群和加入集群

 未分类  No Responses »
5月 122018
 

Docker Swarm创建集群和加入集群

配置所有节点的hosts文件

[root@swarm1 ~]# vi /etc/hosts
192.168.50.246 swarm1
192.168.50.247 swarm2
192.168.50.248 swarm3
192.168.50.249 swarm4

管理节点初始化swarm集群

[root@swarm1 ~]# docker swarm init --advertise-addr 192.168.50.246
Swarm initialized: current node (rlle6k39z3xk82f1wqmjpd4m4) is now a manager.

To add a worker to this swarm, run the following command:

docker swarm join --token SWMTKN-1-2q9wi5wome3llyxy32n9ojusn7sl6peppdk8hqzvz5ofj89ze6-azmitpoe6vsb4q90vdat0b82l 192.168.50.246:2377

To add a manager to this swarm, run 'docker swarm join-token manager' and follow the instructions.

[root@swarm1 ~]#

查看监听

[root@swarm1 ~]# netstat -lnt
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN
tcp6 0 0 :::2377 :::* LISTEN
tcp6 0 0 :::7946 :::* LISTEN
tcp6 0 0 :::22 :::* LISTEN
tcp6 0 0 ::1:25 :::* LISTEN
[root@swarm1 ~]#

设置防火墙规则,允许节点间通信

[root@swarm1 ~]# iptables -I INPUT -p tcp --dport 2377 -j ACCEPT
[root@swarm1 ~]# iptables -I INPUT -p tcp --dport 7946 -j ACCEPT
[root@swarm1 ~]# service iptables save
iptables: Saving firewall rules to /etc/sysconfig/iptables:[ OK ]
[root@swarm1 ~]#

其他节点加入集群

[root@swarm2 ~]# docker swarm join --token SWMTKN-1-2q9wi5wome3llyxy32n9ojusn7sl6peppdk8hqzvz5ofj89ze6-azmitpoe6vsb4q90vdat0b82l 192.168.50.246:2377
This node joined a swarm as a worker.
[root@swarm2 ~]#

[root@swarm3 ~]# docker swarm join --token SWMTKN-1-2q9wi5wome3llyxy32n9ojusn7sl6peppdk8hqzvz5ofj89ze6-azmitpoe6vsb4q90vdat0b82l 192.168.50.246:2377
This node joined a swarm as a worker.
[root@swarm3 ~]#

[root@swarm4 ~]# docker swarm join --token SWMTKN-1-2q9wi5wome3llyxy32n9ojusn7sl6peppdk8hqzvz5ofj89ze6-azmitpoe6vsb4q90vdat0b82l 192.168.50.246:2377
This node joined a swarm as a worker.
[root@swarm4 ~]#

查看swarm集群信息

[root@swarm1 ~]# docker info
Containers: 0
Running: 0
Paused: 0
Stopped: 0
Images: 0
Server Version: 18.03.1-ce
Storage Driver: overlay2
Backing Filesystem: xfs
Supports d_type: true
Native Overlay Diff: true
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
Volume: local
Network: bridge host macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file logentries splunk syslog
Swarm: active
NodeID: rlle6k39z3xk82f1wqmjpd4m4
Is Manager: true
ClusterID: fys0dd2rq6v2j8ifxbnyp81oc
Managers: 1
Nodes: 4
Orchestration:
Task History Retention Limit: 5
Raft:
Snapshot Interval: 10000
Number of Old Snapshots to Retain: 0
Heartbeat Tick: 1
Election Tick: 10
Dispatcher:
Heartbeat Period: 5 seconds
CA Configuration:
Expiry Duration: 3 months
Force Rotate: 0
Autolock Managers: false
Root Rotation In Progress: false
Node Address: 192.168.50.246
Manager Addresses:
192.168.50.246:2377
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 773c489c9c1b21a6d78b5c538cd395416ec50f88
runc version: 4fc53a81fb7c994640722ac585fa9ca548971871
init version: 949e6fa
Security Options:
seccomp
Profile: default
Kernel Version: 3.10.0-862.el7.x86_64
Operating System: CentOS Linux 7 (Core)
OSType: linux
Architecture: x86_64
CPUs: 2
Total Memory: 3.849GiB
Name: swarm1
ID: PO2J:RTY3:ZX3Q:EFG2:M6HI:UYRI:HGL4:G2IP:NFQ4:EXIL:K6CQ:Y47I
Docker Root Dir: /var/lib/docker
Debug Mode (client): false
Debug Mode (server): false
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
192.168.50.216:5000
127.0.0.0/8
Registry Mirrors:
https://docker.mirrors.ustc.edu.cn/
Live Restore Enabled: false

[root@swarm1 ~]#

在管理节点上查看集群状态

[root@swarm1 ~]# docker node ls
ID HOSTNAME STATUS AVAILABILITY MANAGER STATUS ENGINE VERSION
rlle6k39z3xk82f1wqmjpd4m4 * swarm1 Ready Active Leader 18.03.1-ce
fzi0eoey60bd25cklvt5qg6p5 swarm2 Ready Active 18.03.1-ce
59optctp5n9zvv3lvaifel7bx swarm3 Ready Active 18.03.1-ce
ixqldqaby2jrgfqx7ckjpg0zs swarm4 Ready Active 18.03.1-ce
[root@swarm1 ~]#

Docker软件源仓库及本地镜像仓库配置

 未分类  No Responses »
5月 102018
 

Docker 软件源仓库及本地镜像仓库配置

https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
https://download.docker.com/linux/centos/docker-ce.repo

修改docker-ce软件源仓库配置文件(使用清华或科大镜像服务器)

sed -i 's+download.docker.com+mirrors.tuna.tsinghua.edu.cn/docker-ce+' /etc/yum.repos.d/docker-ce.repo
sed -i 's+download.docker.com+mirrors.ustc.edu.cn/docker-ce+' /etc/yum.repos.d/docker-ce.rep

手动添加软件源仓库配置文件

[root@swarm1 ~]# vi /etc/yum.repos.d/docker-ce.repo
[docker-ce-stable]
name=Docker CE Stable - $basearch
baseurl=https://mirrors.ustc.edu.cn/docker-ce/linux/centos/7/$basearch/stable
enabled=1
gpgcheck=1
gpgkey=https://mirrors.ustc.edu.cn/docker-ce/linux/centos/gpg

[docker-ce-stable-debuginfo]
name=Docker CE Stable - Debuginfo $basearch
baseurl=https://mirrors.ustc.edu.cn/docker-ce/linux/centos/7/debug-$basearch/stable
enabled=0
gpgcheck=1
gpgkey=https://mirrors.ustc.edu.cn/docker-ce/linux/centos/gpg

[docker-ce-stable-source]
name=Docker CE Stable - Sources
baseurl=https://mirrors.ustc.edu.cn/docker-ce/linux/centos/7/source/stable
enabled=0
gpgcheck=1
gpgkey=https://mirrors.ustc.edu.cn/docker-ce/linux/centos/gpg

[docker-ce-edge]
name=Docker CE Edge - $basearch
baseurl=https://mirrors.ustc.edu.cn/docker-ce/linux/centos/7/$basearch/edge
enabled=0
gpgcheck=1
gpgkey=https://mirrors.ustc.edu.cn/docker-ce/linux/centos/gpg

[docker-ce-edge-debuginfo]
name=Docker CE Edge - Debuginfo $basearch
baseurl=https://mirrors.ustc.edu.cn/docker-ce/linux/centos/7/debug-$basearch/edge
enabled=0
gpgcheck=1
gpgkey=https://mirrors.ustc.edu.cn/docker-ce/linux/centos/gpg

[docker-ce-edge-source]
name=Docker CE Edge - Sources
baseurl=https://mirrors.ustc.edu.cn/docker-ce/linux/centos/7/source/edge
enabled=0
gpgcheck=1
gpgkey=https://mirrors.ustc.edu.cn/docker-ce/linux/centos/gpg

[docker-ce-test]
name=Docker CE Test - $basearch
baseurl=https://mirrors.ustc.edu.cn/docker-ce/linux/centos/7/$basearch/test
enabled=0
gpgcheck=1
gpgkey=https://mirrors.ustc.edu.cn/docker-ce/linux/centos/gpg

[docker-ce-test-debuginfo]
name=Docker CE Test - Debuginfo $basearch
baseurl=https://mirrors.ustc.edu.cn/docker-ce/linux/centos/7/debug-$basearch/test
enabled=0
gpgcheck=1
gpgkey=https://mirrors.ustc.edu.cn/docker-ce/linux/centos/gpg

[docker-ce-test-source]
name=Docker CE Test - Sources
baseurl=https://mirrors.ustc.edu.cn/docker-ce/linux/centos/7/source/test
enabled=0
gpgcheck=1
gpgkey=https://mirrors.ustc.edu.cn/docker-ce/linux/centos/gpg

[docker-ce-nightly]
name=Docker CE Nightly - $basearch
baseurl=https://mirrors.ustc.edu.cn/docker-ce/linux/centos/7/$basearch/nightly
enabled=0
gpgcheck=1
gpgkey=https://mirrors.ustc.edu.cn/docker-ce/linux/centos/gpg

[docker-ce-nightly-debuginfo]
name=Docker CE Nightly - Debuginfo $basearch
baseurl=https://mirrors.ustc.edu.cn/docker-ce/linux/centos/7/debug-$basearch/nightly
enabled=0
gpgcheck=1
gpgkey=https://mirrors.ustc.edu.cn/docker-ce/linux/centos/gpg

[docker-ce-nightly-source]
name=Docker CE Nightly - Sources
baseurl=https://mirrors.ustc.edu.cn/docker-ce/linux/centos/7/source/nightly
enabled=0
gpgcheck=1
gpgkey=https://mirrors.ustc.edu.cn/docker-ce/linux/centos/gpg


安装

[root@swarm1 ~]# yum makecache
[root@swarm1 ~]# yum install docker-ce

版本和依赖

================================================================================
Package Arch Version Repository Size
================================================================================
Installing:
docker-ce x86_64 18.03.1.ce-1.el7.centos docker-ce-stable 35 M
Installing for dependencies:
audit-libs-python x86_64 2.8.1-3.el7 base 75 k
checkpolicy x86_64 2.5-6.el7 base 294 k
container-selinux noarch 2:2.55-1.el7 extras 34 k
libcgroup x86_64 0.41-15.el7 base 65 k
libseccomp x86_64 2.3.1-3.el7 base 56 k
libsemanage-python x86_64 2.5-11.el7 base 112 k
libtool-ltdl x86_64 2.4.2-22.el7_3 base 49 k
pigz x86_64 2.3.4-1.el7 epel 81 k
policycoreutils-python x86_64 2.5-22.el7 base 454 k
python-IPy noarch 0.75-6.el7 base 32 k
setools-libs x86_64 3.3.8-2.el7 base 619 k

Transaction Summary
================================================================================
Install 1 Package (+11 Dependent packages)

启用并启动docker服务

[root@swarm1 ~]# systemctl enable docker
Created symlink from /etc/systemd/system/multi-user.target.wants/docker.service to /usr/lib/systemd/system/docker.service.
[root@swarm1 ~]# systemctl start docker
[root@swarm1 ~]#

增加本地公共仓库和本地非https镜像仓库的连接支持

[root@swarm1 ~]# vi /etc/docker/daemon.json
{
"registry-mirrors": ["https://docker.mirrors.ustc.edu.cn/"],
"insecure-registries": ["192.168.50.216:5000"]
}

Docker环境的CentOS7 防火墙服务处理

 未分类  No Responses »
5月 072018
 

适用于docker环境的CentOS7 防火墙服务处理

停用默认的firewalld防火墙服务

[root@swarm1 ~]# systemctl stop firewalld
[root@swarm1 ~]# systemctl disable firewalld
Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@swarm1 ~]#

安装iptables防火墙服务

[root@swarm1 ~]# yum install iptables-services

版本和依赖

================================================================================
Package Arch Version Repository Size
================================================================================
Installing:
iptables-services x86_64 1.4.21-24.1.el7_5 updates 51 k
Updating for dependencies:
iptables x86_64 1.4.21-24.1.el7_5 updates 432 k

Transaction Summary
================================================================================
Install 1 Package
Upgrade ( 1 Dependent package)

启动iptables服务并设置为随系统启动

[root@swarm1 ~]# systemctl status iptables
● iptables.service - IPv4 firewall with iptables
Loaded: loaded (/usr/lib/systemd/system/iptables.service; disabled; vendor preset: disabled)
Active: inactive (dead)
[root@swarm1 ~]# systemctl enable iptables
Created symlink from /etc/systemd/system/basic.target.wants/iptables.service to /usr/lib/systemd/system/iptables.service.
[root@swarm1 ~]# systemctl start iptables

查看iptables规则

[root@swarm1 ~]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT icmp -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited

Chain FORWARD (policy ACCEPT)
target prot opt source destination
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
[root@swarm1 ~]#

查看iptables规则默认配置文件

[root@swarm1 ~]# cat /etc/sysconfig/iptables
# sample configuration for iptables service
# you can edit this manually or use system-config-firewall
# please do not ask us to add additional ports/services to this default configuration
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
[root@swarm1 ~]#