轻量级容器系统rancherOS 笔记

树辉 -

环境清单

  • OS: hyperv/rancheros-v1.5.iso
  • 基础环境: VMware-ESXi

系统安装

  • cloud-config.yml
# cloud-config.yml
#https://github.com/rancher/os

rancher:
  docker:
    registry_mirror: https://registry.docker-cn.com
  network:
    dns:
      nameservers:
        - 114.114.114.114
        - 114.114.115.115
    interfaces:
      eth0:
        address: 192.168.11.51/24
        gateway: 192.168.11.254
        dhcp: false
        mtu: 1500
  state:
    fstype: auto
    dev: LABEL=RANCHER_STATE
    autoformat:
      - /dev/sda

ssh_authorized_keys:
  - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDG3ly9Z+nj2P807ztF5FlOfwj1YSMBbR2JnceFev4Pb qiushuhui

加载光盘后进入系统,将系统cloud-config.yml 【https://down.vqiu.cn/conf/cloud/rancherOS/cloud-config.yml】文件下载,执行以下命令即可。

[rancher@rancher ~]$ sudo ros install -c cloud-config.yml -d /dev/sda 
INFO[0000] No install type specified...defaulting to generic 
Installing from rancher/os:v1.5.0
Continue [y/N]: y
INFO[0001] start !isoinstallerloaded                    
INFO[0001] trying to load /bootiso/rancheros/installer.tar.gz 
7bff100f35cb: Loading layer [==================================================>]  4.672MB/4.672MB
566fe03821a6: Loading layer [==================================================>]  16.08MB/16.08MB
a8695754560e: Loading layer [==================================================>]   5.12kB/5.12kB
26d599336e96: Loading layer [==================================================>]  13.64MB/13.64MB
917feb171631: Loading layer [==================================================>]  1.645MB/1.645MB
5be1002f69ca: Loading layer [==================================================>]  1.536kB/1.536kB
80bd8f42c91e: Loading layer [==================================================>]   2.56kB/2.56kB
ec0c00f60571: Loading layer [==================================================>]  3.072kB/3.072kB
Loaded image: rancher/os-installer:latest
INFO[0003] Loaded images from /bootiso/rancheros/installer.tar.gz 
INFO[0003] starting installer container for rancher/os-installer:latest (new) 
Installing from rancher/os-installer:latest
mke2fs 1.44.2 (14-May-2018)
64-bit filesystem support is not enabled.  The larger fields afforded by this feature enable full-strength checksumming.  Pass -O 64bit to rectify.
Creating filesystem with 5242368 4k blocks and 5242880 inodes
Filesystem UUID: 0d022484-846b-487c-b6e2-b9e96ef0c3ec
Superblock backups stored on blocks: 
	32768, 98304, 163840, 229376, 294912, 819200, 884736, 1605632, 2654208, 
	4096000

Allocating group tables: done                            
Writing inode tables: done                            
Creating journal (32768 blocks): done
Writing superblocks and filesystem accounting information: done   

Continue with reboot [y/N]: y
<省略若干行>

部署业务

部署Rancher server 单机版

  • rancherOS 系统

该系统服务内置,直接运行即可

$ sudo ros s enable rancher-server-stable
$ sudo ros service up rancher-server-stable
  • 非rancherOS系统
$ sudo docker run -d -v /var/lib/mysql:/var/lib/mysql --restart=always -p 8080:8080 rancher/server:latest

使用浏览器访问 IP:8080

部署MySQL 服务

$ sudo docker run -d --name mysql --restart=unless-stopped -p 3306:3306 -e MYSQL_ROOT_PASSWORD=root mysql/mysql-server

$ sudo docker exec -it mysql bash
# 建立数据库 表 和 用户(MySQL8)
mysql -uroot -proot
> CREATE DATABASE IF NOT EXISTS cattle COLLATE = 'utf8_general_ci' CHARACTER SET = 'utf8';
> CREATE USER 'cattle'@'%'IDENTIFIED BY 'MyPass@123';
> GRANT ALL ON cattle.* TO 'cattle'@'%' WITH GRANT OPTION;
> flush privileges;

Rancher Server集群版本

$ sudo docker run -d -p 8080:8080 \
--restart=unless-stopped \
-e CATTLE_DB_CATTLE_MYSQL_HOST=1.1.1.1 \
-e CATTLE_DB_CATTLE_MYSQL_PORT=3306 \
-e CATTLE_DB_CATTLE_MYSQL_NAME=cattle \
-e CATTLE_DB_CATTLE_USERNAME=cattle \
-e CATTLE_DB_CATTLE_PASSWORD=cattle \
-v /var/run/docker.sock:/var/run/docker.sock \
rancher/server

常用命令

  • 查看系统版本
$ sudo ros --version 
version v1.5.0 from os image rancher/os:v1.5.0
  • 查看可用系统列表
$ sudo ros os list 
rancher/os:v1.5.0 remote latest running
rancher/os:v1.4.2 remote available 
rancher/os:v1.4.1 remote available 
rancher/os:v1.4.0 remote available 
<省略若干行>
  • 查看可用的Docker 版本
$ sudo ros engine list
<省略若干行>
disabled docker-17.12.1-ce
disabled docker-18.03.0-ce
disabled docker-18.03.1-ce
disabled docker-18.06.0-ce
current  docker-18.06.1-ce
  • 系统服务状态管理
sudo ros service list                       # 查看
sudo ros service disable kernel-headers     # 禁止自启动
sudo ros service enable kernel-headers      # 启用自启动
sudo ros service start kernel-headers       # 启用服务
sudo ros service stop kernel-headers        # 停止服务
  • 配置内核参数
  sysctl:
    net.ipv4.conf.default.rp_filter: 1
  • 切换Docker 版本
$ sudo ros engine switch docker-18.03.1-ce
  • 配置docker镜像加速地址
$ sudo ros config set rancher.docker.registry_mirror https://registry.docker-cn.com

更多docker 配置参数:https://rancher.com/docs/os/v1.x/en/installation/configuration/docker/

  • 切换终端为 ubuntu
$ sudo ros console switch ubuntu

可用的console 有 default、alpine、centos、debian、fedora和ubuntu,可以使用sudo ros console list命令查询

  • 下载 console 但不启用
$ sudo ros console enable debian
  • 为rancher 配置密码
$ sudo ros config set rancher.password rancher
  • 为所有的网卡关闭DHCP
$ sudo ros config set rancher.network.interfaces.eth*.dhcp false
  • 配置网络
$ sudo ros config set rancher.network.interfaces.eth0.address 192.168.11.51/24
$ sudo ros config set rancher.network.interfaces.eth0.gateway 192.168.11.254
$ sudo ros config set rancher.network.dns.nameservers "['114.114.115.115','114.114.114.114']"
$ sudo ros config set rancher.network.interfaces.”mac=ea:34:71:66:90:12:01”.dhcp true

更多:https://rancher.com/docs/os/v1.x/en/installation/networking/interfaces/

  • 挂载分区
$ ros config set mounts '[["/dev/vdb","/mnt/s","ext4",""]]'

https://rancher.com/docs/os/v1.x/en/installation/storage/additional-mounts/

  • 查看系统运行的进程
$ sudo system-docker ps
  • 加载系统模块
$ sudo ros config set rancher.modules "['nbd nbds_max=1024', 'nfs']"
  • 重启 docker 服务
$ sudo system-docker restart docker
  • 检查 cloud-config 语法
$ sudo ros config validate -i cloud-config.yml
  • 导出当前系统配置
$ sudo ros config export
  • 所有的系统配置位于
$ sudo vi /var/lib/rancher/conf/cloud-config.yml

常见错误

1. os-docker 无法正常启动

这是因为我们在 cloud-init 文件中定义了 docker.tlstrue,而实际上没有生成对应的TLS证书,要解决该问题,在系统中生成TLS证书再重新启动docker服务即可解决。

$ sudo ros tls gen --server -H localhost -H lib-cloud-os.vqiu.cn -H 172.16.4.7
INFO[0000] Out directory (-d, --dir) not specified, using default: /etc/docker/tls
$ sudo system-docker restart docker
$ sudo system-docker ps | grep os-docker
a3f806f6063e        rancher/os-docker:18.06.1-1        "ros user-docker"        7 minutes ago       Up 7 seconds                            docker

https://rancher.com/docs/os/v1.2/en/configuration/setting-up-docker-tls/

引用参考