Instalace OpenShift Origin na Wedos VPS

Instalace základního systému

  • Debian 8 (Jessie)
  • root heslo v emailu
  • pripojit ssh
  • apt install aptitude sudo mc htop atop iotop sysstat net-tools unattended-upgrades apt-listchanges bsd-mailx
  • aptitude install etckeeper
  • sudo nano /etc/hosts
    • 127.0.0.1 vm23333

Vytvoření uživatele

  • useradd user_name
  • visudo
    • user_name ALL=(ALL:ALL) ALL
  • su user_name
  • cd ~
  • ssh-keygen
  • cat ~/.ssh/id_rsa.pub
  • nano ~/.ssh/authorized_keys
  • nano ~/.bash_aliases

Konfigurace SSHd + zabezpečení

Fail2ban - není potřeba na SSH když jsou zakázaná hesla

  • sudo aptitude install fail2ban
  • awk ‘{ printf “# “; print; }’ /etc/fail2ban/jail.conf | sudo tee /etc/fail2ban/jail.local
  • sudo nano /etc/fail2ban/jail.local
    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    [DEFAULT]
    ignoreip = 127.0.0.1/8
    bantime = 600
    findtime = 600
    maxretry = 5
    destemail = kluvanek@gmail.com
    sendername = Fail2Ban
    mta = sendmail
    action = $(action_mwl)s

    [sshd]
    enabled = true

Upgrade na Stretch

Automatické aktualizace

  • sudo nano /etc/apt/apt.conf.d/50unattended-upgrades
    Unattended-Upgrade::Origins-Pattern {
    "origin=Debian,codename=${distro_codename},label=Debian-Security";
    }
  • sudo nano /etc/apt/apt.conf.d/20auto-upgrades (mozna to tam uz bude)
    APT::Periodic::Update-Package-Lists “1”;
    APT::Periodic::Unattended-Upgrade “1”;
  • sudo nano /etc/apt/listchanges.conf
    email_address=kluvanek@gmail.com

Firewall

https://help.ubuntu.com/community/UFW

  • sudo aptitude install ufw
  • sudo ufw enable
  • sudo ufw status verbose
  • sudo ufw allow ssh
  • sudo ufw reload

CloudStack
https://cloudstack.apache.org/index.html

Kubernetes
https://kubernetes.io/
https://kubernetes.io/docs/tasks/access-application-cluster/web-ui-dashboard/
https://github.com/kubernetes/kubernetes/tree/master/cluster

  • neumím nainstalovat

CoreOS
https://coreos.com/

  • nechce se mě přepisovat privátní klíč

Docker Swarm
https://docs.docker.com/engine/swarm/

MESOS - Marathon
https://mesos.apache.org/
http://mesos.apache.org/gettingstarted/
https://mesosphere.github.io/marathon/

Containership
https://containership.io/

DC/OS
https://dcos.io/

ZDROJE KE STUDIU:
https://www.consul.io/ - service discovery
https://github.com/PavelVanecek/docker-logs-cookbook/blob/master/README.md
https://github.com/jakubkulhan/dockerfiles/blob/master/README.md
https://slideslive.com/38896207/prague-docker-meetup-mesosmarathon-cloud
https://slideslive.com/38896536/our-mesosmarathon-cloud-for-developers

OpenShift

  • https://www.openshift.org/download.html - stáhnout poslední verzi a rozbalit do /opt/openshift
  • cd /opt/openshift
  • sudo su
  • export KUBECONFIG=”$(pwd)”/openshift.local.config/master/admin.kubeconfig
  • export CURL_CA_BUNDLE=”$(pwd)”/openshift.local.config/master/ca.crt
  • sudo chmod +r “$(pwd)”/openshift.local.config/master/admin.kubeconfig
  • openshift start
  • pokud selže s chybou
    • failed to run Kubelet: failed to create kubelet: misconfiguration: kubelet cgroup driver: "systemd" is different from docker cgroup driver: "cgroupfs"
    • sudo nano /etc/systemd/system/multi-user.target.wants/docker.service
      [Service]
      ExecStart=/usr/bin/dockerd -D –add-runtime cor=/bin/cc-oci-runtime –default-runtime=runc –exec-opt native.cgroupdriver=systemd
      TasksMax=infinity

TODO:

  • spustit registry
  • nainstalovat Buddy.works