juju部署,本地源搭建
狄冥夜
本地源搭建与使用
说明
-
为ubuntu、maas、juju提供apt和stream的本地更新源。
-
目前暂时搞不定snap源,部署中依然需要访问海外网站访问下载少量文件及文件列表
-
juju必须使用https,且证书正常有效的站点,才可以提供更新服务,否则无效(将自动使用海外默认源)
-
部分源及url设置可能不完全正确或有缺失,需持续更新补充修正
-
本说明中,源域名用 单域名 tyki.vip为例
更新
2020/2/29 创建文档
搭建apt源
下载apt-mirror
sudo apt install apt-mirror修改 source mirror.list 文件
sudo vim /etc/apt/mirror.list############# config ##################
#
# set base_path /var/spool/apt-mirror
#
# set mirror_path $base_path/mirror
# set skel_path $base_path/skel
# set var_path $base_path/var
# set cleanscript $var_path/clean.sh
# set defaultarch <running host architecture>
# set postmirror_script $var_path/postmirror.sh
# set run_postmirror 0
set nthreads 20 #线程数
set _tilde 0
#
############# end config ##############
#deb http://archive.ubuntu.com/ubuntu artful main restricted universe multiverse
#deb http://archive.ubuntu.com/ubuntu artful-security main restricted universe multiverse
#deb http://archive.ubuntu.com/ubuntu artful-updates main restricted universe multiverse
#deb http://archive.ubuntu.com/ubuntu artful-proposed main restricted universe multiverse
#deb http://archive.ubuntu.com/ubuntu artful-backports main restricted universe multiverse
#deb-src http://archive.ubuntu.com/ubuntu artful main restricted universe multiverse
#deb-src http://archive.ubuntu.com/ubuntu artful-security main restricted universe multiverse
#deb-src http://archive.ubuntu.com/ubuntu artful-updates main restricted universe multiverse
#deb-src http://archive.ubuntu.com/ubuntu artful-proposed main restricted universe multiverse
#deb-src http://archive.ubuntu.com/ubuntu artful-backports main restricted universe multiverse
#clean http://archive.ubuntu.com/ubuntu
#
#openstack相关源 需要国外代理 1G以内
deb http://ubuntu-cloud.archive.canonical.com/ubuntu bionic-updates/stein main
deb http://ubuntu-cloud.archive.canonical.com/ubuntu bionic-updates/train main
clean http://ubuntu-cloud.archive.canonical.com/ubuntu
#ubuntu标准源 130G
deb http://mirrors.aliyun.com/ubuntu bionic main restricted
deb http://mirrors.aliyun.com/ubuntu bionic-updates main restricted
deb http://mirrors.aliyun.com/ubuntu bionic universe
deb http://mirrors.aliyun.com/ubuntu bionic-updates universe
deb http://mirrors.aliyun.com/ubuntu bionic multiverse
deb http://mirrors.aliyun.com/ubuntu bionic-updates multiverse
deb http://mirrors.aliyun.com/ubuntu bionic-backports main restricted universe multiverse
deb http://mirrors.aliyun.com/ubuntu bionic-security main restricted
deb http://mirrors.aliyun.com/ubuntu bionic-security universe
deb http://mirrors.aliyun.com/ubuntu bionic-security multiverse
clean http://mirrors.aliyun.com/ubuntu
#juju的apt源 国外ip需要代理 1G以内
deb http://ppa.launchpad.net/juju/stable/ubuntu bionic main
clean http://ppa.launchpad.net/juju/stable/ubuntu解释ubuntu-cloud源
ubuntu-cloud包含openstack,但为保持版本一致性,依赖库与主源有重叠关系
执行apt-mirror同步
sudo apt-mirrorapt-mirror的默认同步目录为 /var/spool/apt-mirror
同步注意事项
-
apt-mirror为perl便携,原理为多线程(进程)执行wget,因此同步过程中需要保持连续,如发生断开,则要删除文件重来,否则会导致文件损坏,造成后续使用者极大困扰
-
已同步的源不会重复下载,可以通过修改注释mirror.list中的源,达到分布同步的目的
-
因海外服务器同步存在极高的失败率,因此不建议定期同步,或加日志
搭建Stream源
安装simplestreams
sudo apt install simplestreams同步MAAS源
设置环境变量
export KEYRING_FILE=/usr/share/keyrings/ubuntu-cloudimage-keyring.gpg
export IMAGE_SRC=https://images.maas.io/ephemeral-v3/daily/
export IMAGE_DIR=/var/www/html/maas/images/ephemeral-v3/daily同步系统
sudo sstream-mirror --keyring=$KEYRING_FILE $IMAGE_SRC $IMAGE_DIR \
'arch=amd64' 'release~(bionic)' --max=1 --progress同步小镜像
sudo sstream-mirror --keyring=$KEYRING_FILE $IMAGE_SRC $IMAGE_DIR \
'os~(grub*|pxelinux)' --max=1 --progressMAAS源庞大而缓慢,需要廉价代理
同步JUJU源
同步juju代理
workdir=/var/spool/sstreams/jujusudo sstream-mirror --no-verify --progress --max=2 --path=streams/v1/index2.sjson https://streams.canonical.com/juju/tools/ $workdir 'arch=amd64' 'release~(bionic)' 'version~(2.7)'同步lxd kvm 镜像
workdir=/var/spool/sstreams/lxdkvmsudo sstream-mirror --keyring=/usr/share/keyrings/ubuntu-cloudimage-keyring.gpg --progress --max=1 --path=streams/v1/index.json https://cloud-images.ubuntu.com/releases/ $workdir 'arch=amd64' 'release~(bionic)' 'ftype~(lxd.tar.xz|squashfs|root.tar.xz|root.tar.gz|disk1.img|.json|.sjson)'sudo sstream-mirror --keyring=/usr/share/keyrings/ubuntu-cloudimage-keyring.gpg --progress --max=1 --path=streams/v1/index.sjson https://cloud-images.ubuntu.com/releases/ $workdir 'arch=amd64' 'release~(bionic)' 'ftype~(lxd.tar.xz|squashfs|root.tar.xz|root.tar.gz|disk1.img|.json|.sjson)'.sjson文件内容自带GPG签名,因此不可编辑
搭建HTTP服务
安装服务
sudo apt install apache2修改http配置
vim /etc/apache2/sites-available/000-default.conf修改其中的 ServerName为你需要的域名
<VirtualHost *:80>
# The ServerName directive sets the request scheme, hostname and port that
# the server uses to identify itself. This is used when creating
# redirection URLs. In the context of virtual hosts, the ServerName
# specifies what hostname must appear in the request's Host: header to
# match this virtual host. For the default virtual host (this file) this
# value is not decisive as it is used as a last resort host regardless.
# However, you must set it for any further virtual host explicitly.
#ServerName www.example.com
ServerName tyki.vip
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
# For most configuration files from conf-available/, which are
# enabled or disabled at a global level, it is possible to
# include a line for only one particular virtual host. For example the
# following line enables the CGI configuration for this host only
# after it has been globally disabled with "a2disconf".
#Include conf-available/serve-cgi-bin.conf
</VirtualHost>修改https配置
vim /etc/apache2/sites-available/default-ssl.conf修改ServerName
指定 SSLCertificateFile(签名的证书)和SSLCertificateKeyFile(私钥)的证书文件路径
ServerAdmin webmaster@localhost
ServerName tyki.vip
DocumentRoot /var/www/html
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
# For most configuration files from conf-available/, which are
# enabled or disabled at a global level, it is possible to
# include a line for only one particular virtual host. For example the
# following line enables the CGI configuration for this host only
# after it has been globally disabled with "a2disconf".
#Include conf-available/serve-cgi-bin.conf
# SSL Engine Switch:
# Enable/Disable SSL for this virtual host.
SSLEngine on
# A self-signed (snakeoil) certificate can be created by installing
# the ssl-cert package. See
# /usr/share/doc/apache2/README.Debian.gz for more info.
# If both key and certificate are stored in the same file, only the
# SSLCertificateFile directive is needed.
SSLCertificateFile /etc/ssl/certs/tyki.vip.pem
SSLCertificateKeyFile /etc/ssl/private/tyki.vip.key
你也可以单独创建PHP的conf文件放入sites-available文件夹中,并在site-enable文件夹创建链接
开启SSL服务
确保证书路径配置正确
#重载php配置
sudo service apache2 reload
#开启apache模块
sudo a2enmod ssl
#开启站点ssl
sudo a2ensite *
#重启apache
sudo systemctl restart apache2<!--如果路径设置错误,先用a2dismod ssl命令关掉模块,修改正确配置后,用service apache2 reload重载配置或重启服务-->
建立http文件夹链接
cd /var/www/html
#建立juju apt源路径
sudo ln -s /var/spool/apt-mirror/mirror/ppa.launchpad.net/juju/ juju
#MAAS的同步目录在/var/www/html/maas,无需建立
#建立streams源路径
sudo ln -s /var/spool/sstreams/ sstreams
#建立ubuntu主源
sudo ln -s /var/spool/apt-mirror/mirror/mirrors.aliyun.com/ubuntu/ ubuntu
#建立openstack源
sudo ln -s /var/spool/apt-mirror/mirror/ubuntu-cloud.archive.canonical.com/ubuntu/ ubuntu-cloud测试http
测试https
源列表及url列表
源列表
| 功能 | 协议 | 地址 |
|---|---|---|
| ubuntu主源 | apt | http(s)://tyki.vip/ubuntu |
| openstack源(for ubuntu) | apt | http(s)://tyki.vip/ubuntu-cloud |
| juju core | apt | http(s)://tyki.vip/juju |
| MAAS镜像源 | stream | http(s)://tyki.vip/maas/images/ephemeral-v3/daily/ |
| juju lxdkvm镜像源 | stream | http(s)://tyki.vip/sstreams/lxdkvm/ |
| juju agent | stream | https(s)://tyki.vip/sstreams/juju/ |
部分url列表
| 配置名称 | 关键词 | url |
|---|---|---|
| MAAS | 镜像设置地址 | http://tyki.vip/maas/images/ephemeral-v3/daily/ |
| juju --config | container-image-metadata-url | https://tyki.vip/sstreams/lxdkvm/ |
| juju --config | image-metadata-url | https://tyki.vip/sstreams/lxdkvm/ |
| juju --config | agent-metadata-url | https://tyki.vip/sstreams/juju/ |
| juju --config | apt-mirror | https://tyki.vip/ubuntu/ |
类似资料: