欢迎大家来到IT世界,在知识的湖畔探索吧!
服务器规划
- 10.4.7.200
- 10.4.7.11
- 10.4.7.12
- 10.4.7.21
- 10.4.7.22
配置服务器(不特殊声明->代表操作所有服务器)
- 修改主机名
hostnamectl set-hostname hdss7-11.host.com
hostnamectl set-hostname hdss7-12.host.com
hostnamectl set-hostname hdss7-21.host.com
hostnamectl set-hostname hdss7-22.host.com
hostnamectl set-hostname hdss7-200.host.com
欢迎大家来到IT世界,在知识的湖畔探索吧!
- 更改网络配置
欢迎大家来到IT世界,在知识的湖畔探索吧!vi /etc/sysconfig/network-scripts/ifcfg-ens33
(7-11)
TYPE=Ethernet
BOOTPROTO=none
NAME=ens33
DEVICE=ens33
ONBOOT=yes
IPADDR=10.4.7.11
NETMASK=255.255.255.0
GATEWAY=10.4.7.254
DNS1=10.4.7.254
(7-12)
TYPE=Ethernet
BOOTPROTO=none
NAME=ens33
DEVICE=ens33
ONBOOT=yes
IPADDR=10.4.7.12
NETMASK=255.255.255.0
GATEWAY=10.4.7.254
DNS1=10.4.7.254
(7-21)
TYPE=Ethernet
BOOTPROTO=none
NAME=ens33
DEVICE=ens33
ONBOOT=yes
IPADDR=10.4.7.21
NETMASK=255.255.255.0
GATEWAY=10.4.7.254
DNS1=10.4.7.254
(7-22)
TYPE=Ethernet
BOOTPROTO=none
NAME=ens33
DEVICE=ens33
ONBOOT=yes
IPADDR=10.4.7.22
NETMASK=255.255.255.0
GATEWAY=10.4.7.254
DNS1=10.4.7.254
(7-200)
TYPE=Ethernet
BOOTPROTO=none
NAME=ens33
DEVICE=ens33
ONBOOT=yes
IPADDR=10.4.7.200
NETMASK=255.255.255.0
GATEWAY=10.4.7.254
DNS1=10.4.7.254
- 关闭selinux
vim /etc/selinux/config
SELINUX=disabled
- 关闭防火墙
欢迎大家来到IT世界,在知识的湖畔探索吧!systemctl stop firewalld
systemctl disable firewalld
systemctl enable firewalld
- 安装epel-release
yum install -y epel-release
或者
curl -o /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
- 安装必要的工具
yum install wget net-tools telnet tree nmap sysstat lrzsz dos2unix bind-utils -y
7-11上安装bind9 (dns解析)
- 安装
yum install -y bind
- 配置bind (主配置文件)
vim /etc/named.conf
vi /etc/named.conf
listen-on port 53 { 10.4.7.11; };
ipv6的一行干掉
allow-query { any; };
forwarders { 10.4.7.254; };
dnssec-enable no;
dnssec-validation no;
使用命令检查配置:
named-checkconf
如图(特别注意格式):
- 区域配置文件
vim /etc/named.rfc.1912.zoneszone "host.com" IN { type master; file "host.com.zone"; allow-update { 10.4.7.11; };};zone "od.com" IN { type master; file "od.com.zone"; allow-update { 10.4.7.11; };};
如图:
- 区域数据文件
vim /var/named/host.conf.zone$ORIGIN host.com.$TTL 600 ; 10 minutes@ IN SOA dns.host.com. dnsadmin.host.com. ( 2021092501 ; Serial 10800 ; Refresh 900 ; Retry 604800 ; Expire 86400 ; Negative Cache TTL ) NS dns.host.com.$TTL 60 ; 1 minutesdns A 10.4.7.11HDSS7-11 A 10.4.7.11HDSS7-12 A 10.4.7.12HDSS7-21 A 10.4.7.21HDSS7-22 A 10.4.7.22HDSS7-200 A 10.4.7.200
vim /var/named/od.com.zone
$ORIGIN od.com.
$TTL 600 ; 10 minutes
@ IN SOA dns.od.com. dnsadmin.od.com. (
2021092502 ; Serial
10800 ; Refresh
900 ; Retry
604800 ; Expire
86400 ; Negative Cache TTL
)
NS dns.od.com.
$TTL 60 ; 1 minutes
dns A 10.4.7.11
harbor A 10.4.7.200
- 测试
systemctl start named
netstat -nltup | grep 53
dig -t A hdss7-21.host.com @10.4.7.11 +short
- 修改所有服务器的网络配置
vim /etc/sysconfig/network-scripts/ifcfg-ens33
- 修改本地windows10的网络配置
- 测试成功
自签证书
- 在hdss7-200 安装
wget https://pkg.cfssl.org/R1.2/cfssl_linux-amd64 -O /usr/bin/cfsslwget https://pkg.cfssl.org/R1.2/cfssljson_linux_amd64 -O /usr/bin/cfssl-jsonwget https://Pkg.cfssl.org/R1.2/cfssl-certinfo_linux-amd64 -O /usr/bin/cfssl-certinfochmod +x /usr/bin/cfssl*
- 制作car-json
{ "CN": "kailiEdu", "hosts": [ ], "key": { "algo": "rsa", "size": 2048 }, "names": [ { "C": "CN", "ST": "beijing", "L": "beijing", "O": "od", "OU": "ops" } ], "ca": { "expiry": "175200h" }}
- 命令生成证书
cfssl gencert -initca ca-csr.json | cfssl-json -bare ca
安装docker环境(hdss7-21,hdss7-22,hdss7-200)
- 安装
curl -fsSL https://get.docker.com | bash -s docker --mirror Aliyun
- 配置damon.json
{ "graph": "/data/docker", "storage-driver": "overlay2", "insecure-registries": ["registry.access.redhat.com", "quay.io"], "registry-mirrors": ["https://b7a2cowo.mirror.aliyuncs.com"], "exec-opts": ["native.cgroupdriver=systemd"], "live-restore": true, "bip": "172.7.21.1/24"}----------------------{ "graph": "/data/docker", "storage-driver": "overlay2", "insecure-registries": ["registry.access.redhat.com", "quay.io"], "registry-mirrors": ["https://b7a2cowo.mirror.aliyuncs.com"], "exec-opts": ["native.cgroupdriver=systemd"], "live-restore": true, "bip": "172.7.22.1/24"}----------------------{ "graph": "/data/docker", "storage-driver": "overlay2", "insecure-registries": ["registry.access.redhat.com", "quay.io", "harbor.od.com"], "registry-mirrors": ["https://b7a2cowo.mirror.aliyuncs.com"], "exec-opts": ["native.cgroupdriver=systemd"], "live-restore": true, "bip": "172.7.200.1/24"}
- 重启
systemctl daemon-reloadsystemctl restart dockersystemctl enbale docker
制作私有仓库镜像
- 上传物料
上传tar包到 /etc/src 目录下tar xf harbor-offline-installer-v1.8.3.tgz -C /opt/mv harbor harbor-v1.8.3ln -s /opt/harbor-v1.8.3/ /opt/harbor
- 修改harbor的配置文件
mkdir -p /data/harbor/logsvim /opt/harbor/harbor.ymlhostname: harbor.od.comport:180harbor_admin_password: Harbor12345data_volume: /data/harborlocation: /data/harbor/logs
- 需要安装docker-compose
yum install -y docker-compose
- 安装harbor
sh /opt/harbor/install.shcd /opt/harbordocker-compose ps (查看是否正常)
- 安装nginx
yum install -y nginx
- 修改nginx配置文件
vim /etc/nginx/conf.d/harbor.od.com.confserver { listen 80; server_name harbor.od.com; client_max_body_size 1000m; location / { proxy_pass http://127.0.0.1:180; }}
- 启动 nginx
systemctl start nginxsystemctl enable nginxcurl harbor.od.com
- 测试
docker pull nginx:1.7.9docker images | grep 1.7.9docker tag 84581e99d807 harbor.od.com/public/nginx:v1.7.9登录docker login harbor.od.comusername: adminpassword: Harbor12345docker push harbor.od.com/public/nginx:v1.7.9
免责声明:本站所有文章内容,图片,视频等均是来源于用户投稿和互联网及文摘转载整编而成,不代表本站观点,不承担相关法律责任。其著作权各归其原作者或其出版社所有。如发现本站有涉嫌抄袭侵权/违法违规的内容,侵犯到您的权益,请在线联系站长,一经查实,本站将立刻删除。 本文来自网络,若有侵权,请联系删除,如若转载,请注明出处:https://itzsg.com/40486.html