Instalace OpenShift Origin na Wedos VPS
Instalace základního systému
- Debian 8 (Jessie)
- root heslo v emailu
- pripojit ssh
- apt install aptitude sudo mc htop atop iotop sysstat net-tools unattended-upgrades apt-listchanges bsd-mailx
- aptitude install etckeeper
- sudo nano /etc/hosts
- 127.0.0.1 vm23333
Vytvoření uživatele
- useradd user_name
- visudo
- user_name ALL=(ALL:ALL) ALL
- su user_name
- cd ~
- ssh-keygen
- cat ~/.ssh/id_rsa.pub
- nano ~/.ssh/authorized_keys
- nano ~/.bash_aliases
Konfigurace SSHd + zabezpečení
- sudo nano /etc/ssh/sshd_config
- PermitRootLogin no
- PasswordAuthentication no
- PermitEmptyPasswords no
- ChallengeResponseAuthentication no
- UsePAM no
- sudo service ssh restart
- https://www.digitalocean.com/community/tutorials/how-to-protect-ssh-with-fail2ban-on-ubuntu-14-04
Fail2ban - není potřeba na SSH když jsou zakázaná hesla
- sudo aptitude install fail2ban
- awk ‘{ printf “# “; print; }’ /etc/fail2ban/jail.conf | sudo tee /etc/fail2ban/jail.local
- sudo nano /etc/fail2ban/jail.local
1
2
3
4
5
6
7
8
9
10
11
12[DEFAULT]
ignoreip = 127.0.0.1/8
bantime = 600
findtime = 600
maxretry = 5
destemail = kluvanek@gmail.com
sendername = Fail2Ban
mta = sendmail
action = $(action_mwl)s
[sshd]
enabled = true
Upgrade na Stretch
- sudo nano /etc/apt/sources.list
deb http://ftp.cz.debian.org/debian/ stretch main
deb http://security.debian.org/ stretch/updates main
deb http://ftp.cz.debian.org/debian/ stretch-updates main
deb [arch=amd64] https://download.docker.com/linux/debian stretch stable - sudo aptitude update
- sudo aptitude full-upgrade
Automatické aktualizace
- sudo nano /etc/apt/apt.conf.d/50unattended-upgrades
Unattended-Upgrade::Origins-Pattern {
}"origin=Debian,codename=${distro_codename},label=Debian-Security";
- sudo nano /etc/apt/apt.conf.d/20auto-upgrades (mozna to tam uz bude)
APT::Periodic::Update-Package-Lists “1”;
APT::Periodic::Unattended-Upgrade “1”; - sudo nano /etc/apt/listchanges.conf
email_address=kluvanek@gmail.com
Firewall
https://help.ubuntu.com/community/UFW
- sudo aptitude install ufw
- sudo ufw enable
- sudo ufw status verbose
- sudo ufw allow ssh
- sudo ufw reload
CloudStack
https://cloudstack.apache.org/index.html
Kubernetes
https://kubernetes.io/
https://kubernetes.io/docs/tasks/access-application-cluster/web-ui-dashboard/
https://github.com/kubernetes/kubernetes/tree/master/cluster
- neumím nainstalovat
CoreOS
https://coreos.com/
- nechce se mě přepisovat privátní klíč
Docker Swarm
https://docs.docker.com/engine/swarm/
MESOS - Marathon
https://mesos.apache.org/
http://mesos.apache.org/gettingstarted/
https://mesosphere.github.io/marathon/
Containership
https://containership.io/
DC/OS
https://dcos.io/
ZDROJE KE STUDIU:
https://www.consul.io/ - service discovery
https://github.com/PavelVanecek/docker-logs-cookbook/blob/master/README.md
https://github.com/jakubkulhan/dockerfiles/blob/master/README.md
https://slideslive.com/38896207/prague-docker-meetup-mesosmarathon-cloud
https://slideslive.com/38896536/our-mesosmarathon-cloud-for-developers
OpenShift
- https://www.openshift.org/download.html - stáhnout poslední verzi a rozbalit do /opt/openshift
- cd /opt/openshift
- sudo su
- export KUBECONFIG=”$(pwd)”/openshift.local.config/master/admin.kubeconfig
- export CURL_CA_BUNDLE=”$(pwd)”/openshift.local.config/master/ca.crt
- sudo chmod +r “$(pwd)”/openshift.local.config/master/admin.kubeconfig
- openshift start
- pokud selže s chybou
failed to run Kubelet: failed to create kubelet: misconfiguration: kubelet cgroup driver: "systemd" is different from docker cgroup driver: "cgroupfs"
- sudo nano /etc/systemd/system/multi-user.target.wants/docker.service
[Service]
ExecStart=/usr/bin/dockerd -D –add-runtime cor=/bin/cc-oci-runtime –default-runtime=runc –exec-opt native.cgroupdriver=systemd
TasksMax=infinity
TODO:
- spustit registry
- nainstalovat Buddy.works