Pass2.2搭建

给自己的提醒

1、首先在Iaas平台，创建两台云主机，一台作为仓库registry，一台作为客户端client，在v2.1版本，还是需要一台server的机器，但是2.2版本server和registry已经融为一体了，所以只需要两台机器。

下面四点 在registry和server节点都需要配置！！！

1、关闭selinux
2、关闭防火墙
3、删除iptables防火墙规则
4、修改系统内核，打开内核转发功能

关闭Selinux

[root@registry ~]# vim /etc/selinux/config
#SELINUX=disabled
[root@registry ~]# setenforce 0 #临时设置selinux为permissive 重启才能永久保存。
[root@registry ~]# getenforce
Disabled

关闭防火墙

[root@registry ~]# systemctl stop firewalld
[root@registry ~]# systemctl disable firewalld
[root@registry ~]# systemctl status firewalld

删除iptables规则

[root@registry ~]# iptables -F
[root@registry ~]# iptables -X
[root@registry ~]# iptables -Z
[root@registry ~]# /usr/sbin/iptables-save
#Generated by iptables-save v1.4.21 on Wed Jan 15 01:59:08 2020
*filter
:INPUT ACCEPT [49:3260]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [26:2408]
COMMIT
#Completed on Wed Jan 15 01:59:08 2020

修改系统内核

[root@registry ~]# vim /etc/sysctl.conf
#net.ipv4.ip_forward = 1
#net.ipv4.conf.default.rp_filter = 0
#net.ipv4.conf.all.rp_filter = 0
[root@registry ~]# sysctl -p
net.ipv4.ip_forward = 1
net.ipv4.conf.default.rp_filter = 0
net.ipv4.conf.all.rp_filter = 0

5、修改hostname和修改/etc/hosts文件。

registry节点：

[root@registry ~]# hostnamectl set-hostname registry
[root@registry ~]# bash
[root@registry ~]# hostname
registry

[root@registry ~]# vim /etc/hosts
10.0.0.104 registry
10.0.0.105 client

把hosts文件scp到client节点上

[root@registry ~]# scp /etc/hosts client:/etc/hosts
The authenticity of host ‘client (10.0.0.105)’ can’t be established.
ECDSA key fingerprint is 37:48:34:56:ad:65:08:c1:0b:53:35:ce:fc:4f:c0:3e.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added ‘client’ (ECDSA) to the list of known hosts.
hosts 100% 197 0.2KB/s 00:00

client节点:

[root@client ~]# hostnamectl set-hostname client
[root@client ~]# bash
[root@client ~]# hostname
client
[root@client ~]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
10.0.0.104 registry
10.0.0.105 client
[root@client ~]# ping registry
PING registry (10.0.0.104) 56(84) bytes of data.
64 bytes from registry (10.0.0.104): icmp_seq=1 ttl=64 time=0.476 ms
64 bytes from registry (10.0.0.104): icmp_seq=2 ttl=64 time=0.504 ms
64 bytes from registry (10.0.0.104): icmp_seq=3 ttl=64 time=0.396 ms

6、配置Yum仓库，首先把paas2.2的镜像上传到registry节点上，把光盘以块的方式挂载到/mnt目录下，复制所有的目录或文件到/opt目录下，配置好regisrty的Yum源，再安装vsftpd服务，为client的Yum仓库提供帮助。

regisrty节点

[root@registry ~]# mount -o loop XianDian-PaaS-v2.2.iso /mnt/
mount: /dev/loop2 is write-protected, mounting read-only
[root@registry ~]# cd /mnt/
[root@registry mnt]# ll
total 8
drwxr-xr-x 6 root root 2048 Jan 31 2018 docker
drwxr-xr-x 3 root root 4096 Feb 2 2018 images
drwxr-xr-x 2 root root 2048 Feb 2 2018 web
[root@registry mnt]# cp -rvf ./* /opt/

-r：递归复制该目录下所有的子目录和文件
- f 删除已经存在目标文件而不提示
-v 显示进度

[root@registry ~]# cd /etc/yum.repos.d/
[root@registry yum.repos.d]# vim docker.repo
[centos]
name=centos
baseurl=ftp://192.168.200.10/centos
enable=1
gpgcheck=0
[docker]
name=docker
baseurl=file:///opt/docker
enable=1
gpgcheck=0

[root@registry ~]# yum clean all
[root@registry yum.repos.d]# yum repolist #yum list也行
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
repo id repo name status
!centos centos 3,723
!docker docker 109
repolist: 3,832

[root@registry ~]# yum -y install vsftpd
#anon_root=/opt
[root@registry ~]# systemctl enable vsftpd
[root@registry ~]# systemctl start vsftpd

client节点

[root@client ~]# cd /etc/yum.repos.d/
[root@client yum.repos.d]# vim docker.repo
[centos]
name=centos
baseurl=ftp://192.168.200.10/centos
enable=1
gpgcheck=0
[docker]
name=docker
baseurl=ftp://10.0.0.104/docker
enable=1
gpgcheck=0

[root@client yum.repos.d]# yum clean all
Loaded plugins: fastestmirror
Cleaning repos: centos docker
Cleaning up everything
Cleaning up list of fastest mirrors
[root@client yum.repos.d]# yum repolist
Loaded plugins: fastestmirror
centos | 3.6 kB 00:00:00
docker | 2.9 kB 00:00:00
(1/3): docker/primary_db | 122 kB 00:00:01
(2/3): centos/group_gz | 155 kB 00:00:01
(3/3): centos/primary_db | 2.8 MB 00:00:01
Determining fastest mirrors
repo id repo name status
centos centos 3,723
docker docker 109
repolist: 3,832

7、安装docer服务，两个节点都需要安装！！

[root@registry ~]# yum -y install docker
[root@registry ~]# systemctl restart docker
[root@registry ~]# systemctl enable docker

8、在registry节点开始部署docker仓库

8.1、在/opt目录下，images目录是包含了实验所需的所有镜像，而再下一级的rancher1.6.5目录是装载了搭建docker平台和docker基础服务的镜像，目录结构如下。

[root@registry opt]# ll
total 4
drwxr-xr-x 6 root root 123 Jan 10 01:22 docker
drwxr-xr-x 3 root root 4096 Jan 10 01:22 images
drwxr-xr-x 2 root root 103 Jan 10 01:22 web
drwxr-xr-x 2 root root 6 Jan 10 06:22 webapp
drwxr-xr-x 2 root root 6 Jan 10 06:31 xiandian
[root@registry opt]# tree images/
images/
├── centos_latest.tar
├── elasticsearch_2.4.3-alpine.tar
├── gogs_gogs_0.11.34.tar
├── gogs_gogs_latest.tar
├── google_cadvisor_latest.tar
├── grafana_grafana_4.2.0.tar
├── infinityworks_graf-db_11.tar
├── infinityworks_prom-conf_19.tar
├── infinityworks_prometheus-rancher-exporter_v0.22.52.tar
├── mysql_8.0.tar
├── nginx_latest.tar
├── prom_node-exporter_latest.tar
├── prom_prometheus_v1.6.0.tar
├── rancher1.6.5
│ ├── rancher_agent_v1.2.5.tar
│ ├── rancher_dns_v0.15.1.tar
│ ├── rancher_healthcheck_v0.3.1.tar
│ ├── rancher_metadata_v0.9.2.tar
│ ├── rancher_net_holder.tar
│ ├── rancher-net_v0.11.3.tar
│ ├── rancher_network-manager_v0.7.4.tar
│ ├── rancher_scheduler_v0.8.2.tar
│ ├── rancher_server_v1.6.5.tar
│ └── registry_latest.tar
├── rancher_elasticsearch-conf_v0.5.0.tar
├── rancher_kopf:v0.4.0.tar
├── rancher_lb-service-haproxy_v0.7.9.tar
└── tomcat_latest.tar
1 directory, 27 files

8.2、现在我们开始上传仓库部署所使用的到的镜像。使用的是docker load -i
最好切换到镜像所在的目录后，再执行命令。

[root@registry rancher1.6.5]# docker load -i registry_latest.tar
[root@registry rancher1.6.5]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
docker.io/registry latest c9bd19d022f6 15 months ago 33.27 MB

8.3、上传成功后，我们启动仓库容器服务。

[root@registry rancher1.6.5]# docker run -d -p 5000:5000 --restart=always --name registry docker.io/registry:latest
-d 完成后，显示完整的ID好
-p 指定映射的端口
–restart=always docker重启时，容器自动重启
–name 命名

[root@registry rancher1.6.5]# docker ps -a
5fcf78032880 registry:latest “/entrypoint.sh /etc/” 4 days ago Up About an hour 0.0.0.0:5000->5000/tcp

5fcf78032880
这一列数字 代表的是进程号（跟镜像那里的数字是不一样的），而且进程的终止和容器的删除都需要它。

9、现在开始为registry和client节点设置仓库地址，本来两个节点默认是安装的国外的仓库源，但是由于我们是实验环境，所以我们配置本地的私有仓库。修改配置文件后，记得重启。

registry:

[root@registry ~]# vim /etc/sysconfig/docker #任意位置添加下面两行
#ADD_REGISTRY=’–add-registry 10.0.0.104:5000’ #这就是你仓库的地址了
#INSECURE_REGISTRY=’–insecure-registry 10.0.0.104:5000’
[root@registry ~]# systemctl daemon-reload
[root@registry ~]# systemctl restart docker

client；

[root@client ~]# vim /etc/sysconfig/docker
#ADD_REGISTRY=’–add-registry 10.0.0.104:5000’
#INSECURE_REGISTRY=’–insecure-registry 10.0.0.104:5000’
[root@client ~]# systemctl daemon-reload
[root@client ~]# systemctl restart docker

9.1、使用docker info 命令检查，私有仓库的地址是否已经成功设置。#两个节点都要看

[root@registry ~]# docker info
Plugins:
Kernel Version: 3.10.0-229.el7.x86_64
Operating System: CentOS Linux 7 (Core)
OSType: linux
Architecture: x86_64
Number of Docker Hooks: 3
CPUs: 2
Total Memory: 3.86 GiB
Name: registry
ID: C5NA:TJNZ:OTWA:WWND:PSBK:6UBI:KMPA:SSZM:Y4JD:XRLY:B3UZ:IYRD
Docker Root Dir: /var/lib/docker
Debug Mode (client): false
Debug Mode (server): false
Registry: https://10.0.0.104:5000/v1/
WARNING: bridge-nf-call-iptables is disabled
WARNING: bridge-nf-call-ip6tables is disabled
Insecure Registries:
10.0.0.104:5000
127.0.0.0/8
Registries: 10.0.0.104:5000 (insecure), docker.io (secure)

10、这一步为镜像打标签，原本是很正常的事情，但是这一步很诡异，千万不要敲错，敲错的也要及时改正，因为如果错误一直做下去的话，会导致到时候识别不了仓库，找不到镜像，从而整个Paas平台需要重新弄一遍（个人理解）正常来说 是不会这样的，但是这个平台不知道为什么会这样，已经尝试了几遍了，该修改的也修改了，但是还是会错，所以还是谨慎点好。

docker tag 这个命令有一个固定的命名规则 比如rancher_agent_v1.2.5.tar这个镜像，命名的时候就是
仓库名+端口/rancher/agent:v1.2.5,比如前面有三个_ _ _ 下划线，第一和第二的下划线就会变成/斜杠
而最后一个下划线一定是变成冒号，这样的命名格式才是正确的，

举几个例子
rancher_metadata_v0.9.2.tar #命名为10.0.0.104:5000/rancher/metadata:v0.92
rancher_net_holder.tar #命名为0.0.0.104:5000/net：holder
rancher_network-manager_v0.7.4 #命名为0.0.0.104:5000/network-manager：v0.7.4

[root@registry ~]# docker tag c9bd19d022f6 10.0.3.137:5000/registry:latest
[root@registry ~]# docker push 10.0.3.137:5000/registry:latest

c9bd19d022f6 这个东西是上传镜像时候的ID和进程那里的是不一样的，这个ID可以用来删除镜像的标签

docker push 命令是把镜像推送到仓库上，方便其他节点使用，注意！！！ push的时候记得把冒号后面的内容也带上，不然会报错

举个例子：
docker push 10.0.0.104:5000/grafana/grafana 是错误的
docker push 10.0.0.104:5000/grafana/grafana:4.2.0 才是正确的

11、部署Rancher-server服务，还是上传镜像，打标签，推送，启动服务。

[root@registry rancher1.6.5]# docker load -i rancher-server_v1.6.5.tar
[root@registry rancher1.6.5]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
f89070da7581 3 weeks ago 984.9 MB
10.0.0.104:5000/registry latest c9bd19d022f6 15 months ago 33.27 MB
docker.io/registry latest c9bd19d022f6 15 months ago 33.27 MB

[root@registry rancher1.6.5]# docker tag f89070da7581 10.0.0.104:5000/rancher/server:v1.6.5
[root@registry rancher1.6.5]#docker run -d --restart=unless-stopped -p 8080:8080 rancher/server:v1.6.5;
2ff52cf39d6f2637ac300e7d430dc828fba99cef4ec118793e91e9d680a16509
[root@registry rancher1.6.5]#docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
2ff52cf39d6f rancher/server:v1.6.5 “/usr/bin/entry /usr/” 18 seconds ago Up 6 seconds 3306/tcp, 0.0.0.0:8080->8080/tcp modest_turing
20a07207bf28 docker.io/registry:latest “/entrypoint.sh /etc/” 39 minutes ago Up 38 minutes 0.0.0.0:5000->5000/tcp registry

–restart=unless-stopped – 不管退出状态码是什么始终重启容器，不过当daemon启动时，如果容器之前已经为停止状态，不要尝试启动它。

做到这里 一个简陋的paas平台就已经搭建起来了 ，paas里面的服务，都是上传镜像，打标签，推送到仓库供其他节点使用这几个步骤 ，注意的是 进去之后要选择local本地认证，然后setting里面有一个高级设置，记得填写registry.default里面的仓库地址，添加一个新的环境，然后把rancher目录下面的镜像全部上传上去，一会的添加主机里面的基础设施就不会报错，要注意的是，添加主机的时候需要填写IP，填写的IP地址是客户机的地址，而不是仓库的地址，其他服务的安装也是样的道理，访问的时候是访问的client的IP地址加端口，在client里面使用docker ps -a命令 就可以查看到服务都在client节点里面运行了。

[root@client ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
9894cc9e17f6 10.0.0.104:5000/gogs/gogs:0.11.34 “/.r/r /app/gogs/dock” 4 minutes ago Up 4 minutes r-gogs-gogs-1-209fdcfb
ab3435f3b38a 10.0.0.104:5000/rancher/scheduler:v0.8.2 “/.r/r /rancher-entry” 25 hours ago Up 2 hours r-scheduler-scheduler-1-34bee1ea
fe0ff8712f8d 10.0.0.104:5000/mysql:8.0 “docker-entrypoint.sh” 4 days ago Exited (0) 4 days ago mysql1
9798acdd5940 10.0.0.104:5000/grafana/grafana:4.2.0 “/.r/r /run.sh” 4 days ago Up 2 hours r-Prometheus-grafana-1-57c35882
9356af343fa6 10.0.0.104:5000/infinityworks/graf-db:11 “cat” 4 days ago Up 2 hours r-Prometheus-grafana-graf-db-1-40caf0b4
d73ae9d4d049 10.0.0.104:5000/prom/prometheus:v1.6.0 “/.r/r /bin/prometheu” 4 days ago Up 2 hours r-Prometheus-prometheus-1-17847cea
8e7637021981 10.0.0.104:5000/infinityworks/prom-conf:19 “/bin/sh” 4 days ago Up 2 hours r-Prometheus-prometheus-prom-conf-1-08326708
206a56dc4deb 10.0.0.104:5000/prom/node-exporter:latest “/.r/r /bin/node_expo” 4 days ago Up 2 hours r-Prometheus-node-exporter-1-4873dbde
f8f8b42d518e 10.0.0.104:5000/google/cadvisor:latest “/.r/r /usr/bin/cadvi” 4 days ago Up 2 seconds r-Prometheus-cadvisor-1-6bc6ee72
fda5dcce878e 10.0.0.104:5000/infinityworks/prometheus-rancher-exporter:v0.22.52 “/.r/r /bin/rancher_e” 4 days ago Up 2 hours r-Prometheus-prometheus-rancher-exporter-1-c4a27b48
6a78565e24da 10.0.0.104:5000/elasticsearch:2.4.3-alpine “/opt/rancher/bin/run” 5 days ago Up 2 hours r-elasticsearch-2-elasticsearch-datanodes-elasticsearch-base-datanode-1-8acd4f21
1be1c19ecc22 10.0.0.104:5000/rancher/elasticsearch-conf:v0.5.0 “/.r/r /dockerentry.s” 5 days ago Up 2 hours r-elasticsearch-2-elasticsearch-datanodes-1-c8767051
92db63a270b2 10.0.0.104:5000/elasticsearch:2.4.3-alpine “/.r/r /bin/true” 5 days ago Exited (0) 5 days ago r-elasticsearch-2-elasticsearch-datanodes-elasticsearch-datavolume-datanode-1-f6f15378
3d0638a52626 10.0.0.104:5000/elasticsearch:2.4.3-alpine “/opt/rancher/bin/run” 5 days ago Up 2 hours r-elasticsearch-2-elasticsearch-clients-elasticsearch-base-clients-1-87669f1f
2f1322ed841c 10.0.0.104:5000/rancher/elasticsearch-conf:v0.5.0 “/.r/r /dockerentry.s” 5 days ago Up 2 hours r-elasticsearch-2-elasticsearch-clients-1-8aa2c1b1
6d840d43c7ce 10.0.0.104:5000/elasticsearch:2.4.3-alpine “/.r/r /bin/true” 5 days ago Exited (0) 5 days ago r-elasticsearch-2-elasticsearch-clients-elasticsearch-datavolume-clients-1-2f90380c
2b5ba10c206d 10.0.0.104:5000/elasticsearch:2.4.3-alpine “/opt/rancher/bin/run” 5 days ago Up 2 hours r-elasticsearch-2-elasticsearch-masters-elasticsearch-base-master-1-23175f56
f93758d4271c 10.0.0.104:5000/rancher/elasticsearch-conf:v0.5.0 “/.r/r /dockerentry.s” 5 days ago Up 2 hours r-elasticsearch-2-elasticsearch-masters-1-81ef31c2
357661ff16c2 10.0.0.104:5000/elasticsearch:2.4.3-alpine “/.r/r /bin/true” 5 days ago Exited (0) 5 days ago r-elasticsearch-2-elasticsearch-masters-elasticsearch-datavolume-masters-1-9af6926f
eaa0706e1942 10.0.0.104:5000/rancher/kopf:v0.4.0 “/.r/r /run.sh” 5 days ago Up 2 hours r-elasticsearch-2-kopf-1-ddaa4cca
da64fbfb9426 10.0.0.104:5000/rancher/lb-service-haproxy:v0.7.9 “/.r/r /tini – lb-co” 5 days ago Up 2 hours r-gogs-lb-1-a7a8ad2f
1fec9f541f2e 10.0.0.104:5000/mysql:8.0 “/.r/r docker-entrypo” 5 days ago Up 2 hours r-gogs-db-1-24f11663
db1bfae0d569 10.0.0.104:5000/rancher/net:v0.11.3 “/rancher-entrypoint.” 5 days ago Up 2 hours r-ipsec-ipsec-router-1-5a7e84bc
23542d42def5 10.0.0.104:5000/rancher/net:holder “/.r/r /rancher-entry” 5 days ago Up 2 hours r-ipsec-ipsec-1-5b32b798
70b9798c570e 10.0.0.104:5000/rancher/dns:v0.15.1 “/rancher-entrypoint.” 5 days ago Up 2 hours r-network-services-metadata-dns-2-b9edff73
5aed13895d3a 10.0.0.104:5000/rancher/net:v0.11.3 “/rancher-entrypoint.” 5 days ago Up 2 hours r-ipsec-ipsec-cni-driver-1-8f156b0b
f3345ec63edd 10.0.0.104:5000/rancher/metadata:v0.9.2 “/rancher-entrypoint.” 5 days ago Up 2 hours r-network-services-metadata-2-5c555ca3
8e9c826e76bf 10.0.0.104:5000/rancher/healthcheck:v0.3.1 “/.r/r /rancher-entry” 5 days ago Up 2 hours r-healthcheck-healthcheck-2-a61273aa
4ff6f4ee2682 10.0.0.104:5000/rancher/network-manager:v0.7.4 “/rancher-entrypoint.” 5 days ago Up 2 hours r-network-services-network-manager-2-c00c9782
d98c83b2c85a rancher/agent:v1.2.5 “/run.sh run” 5 days ago Up 2 hours rancher-agent
[root@client ~]#