前言
- NUC装了esxi服务器后很多东西都换vmware虚拟机装,在bitnami找到了很多基础镜像,但是还是很多没有找到的,只用docker类型的,这样搭建环境起来就不太方便了,要么就是再虚一台配置高一点的linux系统在上面装docker,这就有点套娃的感觉了。
- 但是docker方便啊,上网调研了一番找到了https://github.com/vmware/photon,下面是搭建过程。
- 还有rancherhttps://github.com/rancher/os,rancher-server的安装。
photon OS(推荐)
- photon是一个基于linux,开源,超级安全,企业级专门为构建云和边缘应用的操作系统。
- 他的维护者是vmware,所以还是挺高兴有配套的方案的。
- photon在esxi服务器运行时,Linux内核上会针对性进行调整。
下载镜像
安装
- 将刚刚下载好的镜像上传到esxi服务器,点击创建新虚拟机
- 选客户机操作系统系列为Linux,系统版本64位,名字随便填。
- 官方推荐资源分配,可以适当分配多点资源,我的资源配置为:内存2GB,硬盘存储:16GB。
| Resource |
Description |
| Memory |
2GB of free RAM (recommended) |
| Storage |
Minimal Photon install: 512MB of free space (minimum); Full Photon install: 4GB of free space (minimum); 8GB is recommended. |
- 是因为新版的Linux内核删除了对IDE类型的驱动,所以要把CDROM的控制器属性修改为:SATA类型的,如果没看到有SATA类型的驱动控制器要去PCI设备搜索SATA看看有没有开启。如果是灰色的,需要修改配置文件,这里我放弃修改了,因为我尝试直通SATA把硬盘搞没了。
换OVA导入安装
root@photon-machine [ ~ ]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:55:a9:0a brd ff:ff:ff:ff:ff:ff
altname eno1
altname enp11s0
altname ens192
inet 10.168.1.234/24 metric 1024 brd 10.168.1.255 scope global dynamic eth0
valid_lft 41873sec preferred_lft 41873sec
inet6 fe80::20c:29ff:fe55:a90a/64 scope link
valid_lft forever preferred_lft forever
root@photon-machine [ ~ ]# docker version
Client: Docker Engine - Community
Version: 23.0.2
API version: 1.42
Go version: go1.20.2
Git commit: 569dd73
Built: Tue Apr 25 01:45:33 2023
OS/Arch: linux/amd64
Context: default
Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?
更新系统
- 安装好后应该先更新一下系统,可以修复最新出现的漏洞,什么的。
root@photon-machine [ ~ ]# tdnf check-update
Refreshing metadata for: 'VMware Photon Linux 5.0 (x86_64) Updates'
Linux-PAM.x86_64 1.5.3-1.ph5 photon-updates
...
root@photon-machine [ ~ ]# tdnf updateinfo info
Name : vim-9.0.1532-1.ph5.x86_64.rpm
Update ID : patch:PHSA-2023-5.0-0009
Type : Security
Updated : Mon May 22 19:32:51 2023
Needs Reboot: 0
Description : Security fixes for {'CVE-2023-1127', 'CVE-2023-1355', 'CVE-2023-1170', 'CVE-2023-2609', 'CVE-2023-1175', 'CVE-2023-2610', 'CVE-2023-2
426', 'CVE-2023-1264'}
Name : nss-libs-3.78-5.ph5.x86_64.rpm
Update ID : patch:PHSA-2023-5.0-0014
Type : Security
Updated : Sun May 28 23:42:47 2023
Needs Reboot: 0
Description : Security fixes for {'CVE-2022-3479'}
Name : nss-3.78-5.ph5.x86_64.rpm
Update ID : patch:PHSA-2023-5.0-0014
Type : Security
Updated : Sun May 28 23:42:47 2023
Needs Reboot: 0
Description : Security fixes for {'CVE-2022-3479'}
Name : ncurses-libs-6.4-1.ph5.x86_64.rpm
Update ID : patch:PHSA-2023-5.0-0024
Type : Security
Updated : Tue Jun 13 14:11:28 2023
Needs Reboot: 0
Description : Security fixes for {'CVE-2023-29491'}
Name : ncurses-6.4-1.ph5.x86_64.rpm
Update ID : patch:PHSA-2023-5.0-0024
Type : Security
Updated : Tue Jun 13 14:11:28 2023
Needs Reboot: 0
Description : Security fixes for {'CVE-2023-29491'}
Name : libcap-2.66-2.ph5.x86_64.rpm
Update ID : patch:PHSA-2023-5.0-0020
Type : Security
Updated : Wed Jun 7 19:30:30 2023
Needs Reboot: 0
Description : Security fixes for {'CVE-2023-2602', 'CVE-2023-2603'}
Name : glibc-2.36-6.ph5.x86_64.rpm
Update ID : patch:PHSA-2023-5.0-0040
Type : Security
Updated : Wed Jun 28 13:38:30 2023
Needs Reboot: 1
Description : Security fixes for {'CVE-2022-39046'}
- 明显可以看到上面有很多安全漏洞问题,需要更新一次,执行下面命令后敲
y回车确定更新,等一会就可以了。
root@photon-machine [ ~ ]# tdnf upgrade
Installing:
glibc-libs x86_64 2.36-6.ph5 photon-updates 4.46M 1.60M
Total installed size: 4.46M
Total download size: 1.60M
...
Total installed size: 447.08M
Total download size: 147.50M
Is this ok [y/N]: y
设置静态IP
root@photon-machine [ ~ ]# networkctl
DX LINK TYPE OPERATIONAL SETUP
1 lo loopback carrier unmanaged
2 eth0 ether routable configured
4 docker0 bridge routable unmanaged
6 veth90d618b ether enslaved unmanaged
4 links listed.
root@photon-machine [ ~ ]# cat > /etc/systemd/network/10-static-en.network << "EOF"
[Match]
Name=eth0
[Network]
Address=10.168.1.4/24
Gateway=10.168.1.1
EOF
root@photon-machine [ ~ ]# chmod 644 /etc/systemd/network/10-static-en.network
root@photon-machine [ ~ ]# ls -al /etc/systemd/network/10-static-en.network
-rw-r--r-- 1 root root 71 Jul 10 12:41 /etc/systemd/network/10-static-en.network
root@photon-machine [ ~ ]# systemctl restart systemd-networkd
启动Docker服务
root@photon-machine [ ~ ]# systemctl start docker
root@photon-machine [ ~ ]# systemctl enable docker
Created symlink /etc/systemd/system/multi-user.target.wants/docker.service → /usr/lib/systemd/system/docker.service.
root@photon-machine [ ~ ]# systemctl status docker
● docker.service - Docker Application Container Engine
Loaded: loaded (/usr/lib/systemd/system/docker.service; enabled;
preset: disabled)
Active: active (running) since Wed 2023-07-05 08:16:32 UTC; 10s ago
TriggeredBy: ● docker.socket
Docs: <https://docs.docker.com>
Main PID: 3294 (dockerd)
Tasks: 7
Memory: 27.0M
CPU: 115ms
CGroup: /system.slice/docker.service
└─3294 /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
root@photon-machine [ ~ ]# tdnf install docker-compose
Installing:
docker-compose x86_64 2.19.0-1.ph5 photon-updates 57.72M 12.57M
Total installed size: 57.72M
Total download size: 12.57M
Is this ok [y/N]: y
docker-compose 13185681 100%
Testing transaction
Running transaction
Installing/Updating: docker-compose-2.19.0-1.ph5.x86_64
安装portainer
root@photon-machine [ ~ ]# docker volume create portainer_data
portainer_data
root@photon-machine [ ~ ]# docker run -d -p 8000:8000 -p 9443:9443 --name portainer --restart=always -v /var/run/docker.sock:/var/run/docker.sock -v portainer_data:/data portainer/portainer-ce:latest
Unable to find image 'portainer/portainer-ce:latest' locally
latest: Pulling from portainer/portainer-ce
772227786281: Pull complete
96fd13befc87: Pull complete
5171176db7f2: Pull complete
a143fdc4fa02: Pull complete
b622730c7bdc: Pull complete
69dd1305b74e: Pull complete
4bb7bcd48fb2: Pull complete
747926f5dc9b: Pull complete
7ae4f5080888: Pull complete
423e29712802: Pull complete
4f4fb700ef54: Pull complete
Digest: sha256:d0e89bf59a3e8bb479226579673934a6338e4ffbe6946d4a55e12af632727c03
Status: Downloaded newer image for portainer/portainer-ce:latest
21599d101fa71f962e05efaf9d91a01750d02a9b1e3132fa0d6b99372c4bb824
root@photon-machine [ ~ ]#
root@photon-machine [ ~ ]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
21599d101fa7 portainer/portainer-ce:latest "/portainer" 42 seconds ago Up 42 seconds 0.0.0.0:8000->8000/tcp, :::8000->8000/tcp, 0.0.0.0:9443->9443/tcp, :::9443->9443/tcp, 9000/tcp portainer
rancher OS(不适合个人)
- 还有一种方案就是装rancher,当前iso安装的系统是1.6.0版本的,版本已经很旧了(不再积极维护),只适合docker,如果想安装2.x版本和搭建k3s的可以看之前写的文章:Arch搭建rancher笔记。
- 在esxi服务器也可以从镜像安装,vmware-esxi,下载镜像直接安装就可以了,内存2GB以上,硬盘32GB,装好会自动登录live系统。
- 然后用sudo修改rancher用户的密码,方便ssh连上去安装系统。
[rancher@rancher ~]$ sudo passwd rancher
Changing password for rancher
New password:
Retype password:
passwd: password for rancher changed by root
- 创建一个
cloud-config.yml文件,我的IP是10.168.1.232/24,我将rancher设置为静态IP:10.168.1.4,然后ssh_authorized_keys设置为自己ssh的公钥。
hostname: rancher
rancher:
network:
interfaces:
eth0:
address: 10.168.1.4/24
gateway: 10.168.1.1
dhcp: false
dns:
nameservers:
- 8.8.8.8
- 8.8.4.4
- 1.1.1.1
ssh_authorized_keys:
- ssh-rsa AAAAB3Nz...ZVP ssh@LTS
sudo ros install -c cloud-config.yml -d /dev/sda
- 重新登录ssh,可以看到IP地址已经变为:10.168.1.4,现在再修改一次密码就算安装完成了。
- 查看服务状态,默认装了open-vm-tools,安装rancher-server,网络好等一会就装好了。
[rancher@rancher ~]$ sudo ros service list
disabled amazon-ecs-agent
disabled container-cron
disabled open-iscsi
disabled zfs
disabled kernel-extras
disabled kernel-headers
disabled kernel-headers-system-docker
enabled open-vm-tools
disabled hyperv-vm-tools
disabled qemu-guest-agent
disabled rancher-server
disabled rancher-server-stable
disabled amazon-metadata
disabled volume-cifs
disabled volume-efs
disabled volume-nfs
disabled modem-manager
disabled waagent
disabled virtualbox-tools
disabled pingan-amc
[rancher@rancher ~]$ sudo ros service enable rancher-server
Pulling rancher-server (docker.io/rancher/server:latest)...
latest: Pulling from rancher/server
[rancher@rancher ~]$ docker run rancher/server --help
Example:
# Single container (non-HA)
$ docker run -d --restart=unless-stopped -p 8080:8080 rancher/server:v1.6.30
# Single Container using an External DB (non-HA)
$ docker run -d --restart=unless-stopped -p 8080:8080 rancher/server:v1.6.30 --db-host myhost.example.com --db-user cattle --db-pass su
persecure
# Full Active/Active HA
$ docker run -d --restart=unless-stopped -p 8080:8080 -p 9345:9345 rancher/server:v1.6.30 --advertise-address 1.1.1.1 --db-host myhost.example.com --db-user cattle --db-pass supersecure
Usage: docker run -d -p 8080:8080 rancher/server:v1.6.30 [options]
Options:
--db-host IP or hostname of MySQL server
--db-port port of MySQL server (default: 3306)
--db-user username for MySQL login (default: cattle)
--db-pass password for MySQL login (default: cattle)
--db-name MySQL database name to use (default: cattle)
--db-strict-enforcing If MySQL DB is strict enforcing pre-create the DATABASECHANGELOG table with PK.
This requires all --db-* options to be passed to the script, or CATTLE_DB_* env
vars to be set at the container level.
docker run -d --restart=unless-stopped -p 8080:8080 rancher/server
- 启动后登录点页面右下方切换为中文界面,然后点菜单系统管理,进入访问控制,开启本地验证,设置admin的密码。
- 如果只想用docker,和上面一样装一个portainer也行,rancher-server有点消耗资源。
参考