PGCM环境搭建
岳志义
PGCM环境搭建
1、在VM安装Linux
2、在Linux安装docker。
3、安装完docker后需要关闭Selinux。
[root@pgcm ~]# sed -i s/SELINUX=enforcing/SELINUX=disabled/g /etc/selinux/config
[root@pgcm ~]# reboot
# 确认是否关闭Selinux
[root@pgcm ~]# getenforce
Disabled
[root@pgcm ~]#
[root@pgcm ~]# sestatus
SELinux status: disabled
4、从网络拉取镜像
root@pgcm ~]# docker pull centos:7.6.1810
7.6.1810: Pulling from library/centos
ac9208207ada: Pull complete
Digest: sha256:62d9e1c2daa91166139b51577fe4f4f6b4cc41a3a2c7fc36bd895e2a17a3e4e6
Status: Downloaded newer image for centos:7.6.1810
[root@pgcm ~]# docker images|grep cen
centos 7.6.1810 f1cb7c7d58b7 3 years ago 202MB
5、创建容器
[root@pgcm ~]#docker run -d --name wcbpgcm1 -h wcbpgcm1 \
-p 2222:22 \
--privileged=true \
centos:7.6.1810 /usr/sbin/init
aca42dfab308bf16ed3e098a0a1c7dcba44f6af58fc278ccf600b2e8512bec8e
[root@pgcm ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
aca42dfab308 centos:7.6.1810 "/usr/sbin/init" 53 seconds ago Up 52 seconds 0.0.0.0:2222->22/tcp wcbpgcm1
6、进入容器更新yum源
[root@pgcm ~]# docker exec -it wcbpgcm1 bash
[root@wcbpgcm1 /]#
[root@wcbpgcm1 /]# curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
100 2523 100 2523 0 0 48428 0 --:--:-- --:--:-- --:--:-- 49470
[root@wcbpgcm1 /]# curl -o /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
100 664 100 664 0 0 7043 0 --:--:-- --:--:-- --:--:-- 7063
[root@wcbpgcm1 /]#
[root@wcbpgcm1 /]# sed -i -e '/mirrors.cloud.aliyuncs.com/d' -e '/mirrors.aliyuncs.com/d' /etc/yum.repos.d/CentOS-Base.repo
[root@wcbpgcm1 /]# yum clean all
Loaded plugins: fastestmirror, ovl
Cleaning repos: base epel extras updates
[root@wcbpgcm1 /]#
[root@wcbpgcm1 /]# rpm --rebuilddb
7、进去容器部署常用的程序
[root@wcbpgcm1 /]# exit
exit
[root@pgcm ~]# docker cp /usr/share/zoneinfo/Asia/Shanghai wcbpgcm1:/etc/localtime
[root@pgcm ~]# docker exec -it wcbpgcm1 bash
[root@wcbpgcm1 /]# rm -f /etc/localtime
[root@wcbpgcm1 /]# cp /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
[root@wcbpgcm1 /]# timedatectl set-timezone "Asia/Shanghai"
[root@wcbpgcm1 /]# timedatectl set-ntp true
Failed to set ntp: NTP not supported.
[root@wcbpgcm1 /]# yum install -y openssh-clients openssh-server initscripts net-tools
8、配置容器内部的SSH
# 启动sshd服务
[root@wcbpgcm1 /]# systemctl restart sshd
# 修改密码
[root@wcbpgcm1 /]# echo "root:wcb" | chpasswd
# ssh连接到容器中
[root@pgcm ~]# ssh root@192.168.142.50 -p 2222
The authenticity of host '[192.168.142.50]:2222 ([192.168.142.50]:2222)' can't be established.
ECDSA key fingerprint is SHA256:uCJhMiaUTBXfxSAQx4K6QfSnDfbE2MKUBO8TOKUbX8k.
ECDSA key fingerprint is MD5:3a:1f:41:20:a8:33:c9:29:85:c3:df:93:2b:55:b7:59.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '[192.168.142.50]:2222' (ECDSA) to the list of known hosts.
root@192.168.142.50's password:
9、安装其他的依赖包
[root@wcbpgcm1 /]# yum install -y openssh-clients openssh-server initscripts net-tools telnet which wget \
passwd e4fsprogs lrzsz sudo unzip lvm2 tree traceroute lsof file tar systemd \
bridge-utils mlocate mailx strace less mmv stress stress-ng iotop htop atop nmon \
dstat bcc-tools bcc yum-utils ethtool
[root@wcbpgcm1 /]# yum install -y dos2unix rlwrap xdpyinfo xorg-x11-apps nmap numactl numactl-devel \
iproute rsyslog bash-completion screen tmux sysbench vim redhat-lsb smartmontools xinetd \
gcc gcc-c++ make sysstat ksh binutils socat cmake automake autoconf bzr bison libtool deltarpm \
rsync libev pv subversion gnuplot jq oniguruma yum-fastestmirror net-snmp net-snmp-utils \
nfs-utils rpcbind postfix dovecot bind-utils bind bind-chroot dnsmasq haproxy keepalived bzr \
fio bzip2 ntp flex lftp targetd targetcli iscsi-initiator-utils siege aria2 libzstd libzstd-devel \
nethogs vnstat nload iptraf bmon bwm-ng trafshow collectl patch redhat-lsb-core dmidecode \
curl curl-devel lz4 lz4-devel readline readline-devel readline-static libcurl libcurl-devel
[root@wcbpgcm1 /]# yum install -y ncurses-devel libgcrypt-devel libaio libaio-devel libevent libevent-devel \
perl perl-Env perl-devel perl-Time-HiRes perl-DBD-MySQL perl-ExtUtils* perl-ExtUtils-MakeMaker perl-TermReadKey \
perl-Config-Tiny perl-Email-Date-Format perl-Log-Dispatch perl-Mail-Sender perl-Mail-Sendmail \
perl-MIME-Lite perl-Parallel-ForkManager perl-Digest-MD5 perl-ExtUtils-CBuilder perl-IO-Socket-SSL \
perl-JSON openssl-devel libverto-devel libsepol-devel libselinux-devel libkadm5 keyutils-libs-devel \
krb5-devel libcom_err-devel cyrus-sasl* perl-DBD-Pg perf slang perl-DBI perl-DBIx-Safe perl-CPAN \
cpan perl-tests xorg-x11-apps libXcursor libXcursor-devel libXrandr-devel libtasn1-devel \
nettle-devel gnutls-devel pcsc-lite-devel coreutils glib2 xfsprogs pam-devel \
libxml2-devel libxslt-devel python-devel tcl-devel openldap-devel jadetex openjade
[root@wcbpgcm1 /]# yum install -y compat-libstdc++-33 glibc glibc-common glibc.i686 glibc-devel glibc-devel.i686 \
libgcc libgcc.i686 libstdc++ libstdc++-devel libaio.i686 libaio-devel.i686 \
libXext libXext.i686 libXtst libXtst.i686 libX11 libX11.i686 libXau libXau.i686 \
libxcb libxcb.i686 libXi libXi.i686 unixODBC unixODBC-devel zlib-devel zlib-devel.i686 \
compat-libcap1 libXp libXp-devel libXp.i686 elfutils-libelf elfutils-libelf-devel compat-db \
xscreensaver fontconfig-devel libXrender-devel
[root@wcbpgcm1 /]# yum install -y python3 python3-devel python3-pip python3-setuptools python3-psycopg2
[root@wcbpgcm1 /]# yum install -y git firefox etcd
[root@wcbpgcm1 ~]# echo "export CATALINA_HOME=/usr/share/tomcat" >> /root/.bashrc
[root@wcbpgcm1 ~]#
[root@wcbpgcm1 ~]# echo "export PATH=$PATH:/usr/share/bcc/tools">> /etc/profile
[root@wcbpgcm1 ~]#
[root@wcbpgcm1 ~]# source /root/.bashrc
# 配置标题
[root@wcbpgcm1 ~]# cat >> /etc/profile <<"EOF"
function set-title() {
if [[ -z "$ORIG" ]]; then
ORIG=$PS1
fi
TITLE="\[\e]2;$*\a\]"
PS1=${ORIG}${TITLE}
}
EOF
[root@wcbpgcm1 ~]# cat >> /root/.bashrc <<"EOF"
function set-title() {
if [[ -z "$ORIG" ]]; then
ORIG=$PS1
fi
TITLE="\[\e]2;$*\a\]"
PS1=${ORIG}${TITLE}
}
EOF
[root@wcbpgcm1 ~]# source /etc/profile
[root@wcbpgcm1 ~]# source /root/.bashrc
# 欢迎语
[root@wcbpgcm1 ~]# cat > /etc/motd <<"EOF"
.__ .__ .__
___ __|__|____ ____ _____ _____ |__| _____ |__|____ ____
\ \/ / \__ \ / _ \ / \\__ \ | |/ \| \__ \ / _ \
> <| |/ __ \( <_> ) Y Y \/ __ \| | Y Y \ |/ __ \( <_> )
/__/\_ \__(____ /\____/|__|_| (____ /__|__|_| /__(____ /\____/
\/ \/ \/ \/ \/ \/
EOF
[root@wcbpgcm1 ~]# wget http://www.slac.stanford.edu/~abh/bbcp/bin/amd64_rhel60/bbcp -O /usr/local/bin/bbcp && chmod +x /usr/local/bin/bbcp
# 安装maven
[root@wcbpgcm1 ~]# wget http://repos.fedorapeople.org/repos/dchen/apache-maven/epel-apache-maven.repo -O /etc/yum.repos.d/epel-apache-maven.repo
[root@wcbpgcm1 ~]# yum -y install apache-maven
# 修改内核参数,避免Error: Too many open files错误
[root@wcbpgcm1 ~]# cat >> /etc/sysctl.conf << "EOF"
fs.file-max=9000000
fs.inotify.max_user_instances = 1000000
fs.inotify.max_user_watches = 1000000
EOF
[root@wcbpgcm1 ~]# sysctl -p
fs.file-max = 9000000
fs.inotify.max_user_instances = 1000000
fs.inotify.max_user_watches = 1000000
10、解决CPU 100%的问题
# 宿主机和容器都要执行
[root@wcbpgcm1 ~]# systemctl stop getty@tty1.service
[root@wcbpgcm1 ~]#
[root@wcbpgcm1 ~]# systemctl mask getty@tty1.service
Created symlink from /etc/systemd/system/getty@tty1.service to /dev/null.
11、其他配置
-- 别名
[root@wcbpgcm1 ~]# cat >> /root/.bashrc <<"EOF"
alias ll='ls -l --color=never'
alias ls='ls --color=never'
alias vi='vim'
EOF
[root@wcbpgcm1 ~]# mkdir /soft
[root@wcbpgcm1 ~]# chmod 777 /soft
# 中文字体
[root@wcbpgcm1 ~]# yum -y groupinstall chinese-support
[root@wcbpgcm1 ~]# yum -y groupinstall Fonts
[root@wcbpgcm1 ~]# yum install -y *zh_CN* cjkuni-ukai-fonts ibus.x86_64 ibus-libpinyin.x86_64 \
kde-l10n-Chinese xorg-x11-xauth wqy-zenhei-fonts* libXfont xorg-x11-fonts* wqy*
[root@wcbpgcm1 ~]# localedef -c -f UTF-8 -i zh_CN zh_CN.utf8
[root@wcbpgcm1 ~]# localedef -c -f UTF-8 -i zh_CN zh_CN.gbk
[root@wcbpgcm1 ~]# localedef -c -f UTF-8 -i zh_CN zh_CN.gb18030
[root@wcbpgcm1 ~]# localedef -c -f UTF-8 -i zh_CN zh_CN.gb2312
[root@wcbpgcm1 ~]# locale -a | grep zh_CN
zh_CN.gb18030
zh_CN.gb2312
zh_CN.gbk
zh_CN.utf8
# python
[root@wcbpgcm1 ~]# mkdir -p ~/.pip
[root@wcbpgcm1 ~]# cat > ~/.pip/pip.conf << EOF
[global]
index-url = https://pypi.douban.com/simple/
EOF
# 安装远程桌面xrdp
[root@wcbpgcm1 ~]# yum -y install xrdp && yum groupinstall -y Xfce
[root@wcbpgcm1 ~]# sed -i 's/max_bpp=32/max_bpp=24/g' /etc/xrdp/xrdp.ini
[root@wcbpgcm1 ~]#
[root@wcbpgcm1 ~]# echo xfce4-session > /root/.xsession
[root@wcbpgcm1 ~]#
[root@wcbpgcm1 ~]# chmod +x /root/.xsession
[root@wcbpgcm1 ~]#
[root@wcbpgcm1 ~]# systemctl restart xrdp && systemctl enable xrdp
Created symlink from /etc/systemd/system/multi-user.target.wants/xrdp.service to /usr/lib/systemd/system/xrdp.service.
# 修改/etc/ssh/sshd_config和/etc/ssh/ssh_config文件
[root@wcbpgcm1 ~]# sed -i 's/GSSAPIAuthentication yes/GSSAPIAuthentication no/g' /etc/ssh/ssh_config
[root@wcbpgcm1 ~]#
[root@wcbpgcm1 ~]# sed -i 's/GSSAPIAuthentication yes/GSSAPIAuthentication no/g' /etc/ssh/sshd_config
[root@wcbpgcm1 ~]#
[root@wcbpgcm1 ~]# sed -i 's/#PermitRootLogin/PermitRootLogin/g' /etc/ssh/sshd_config
[root@wcbpgcm1 ~]#
[root@wcbpgcm1 ~]# sed -i 's/UsePAM yes/UsePAM no/g' /etc/ssh/sshd_config
[root@wcbpgcm1 ~]#
[root@wcbpgcm1 ~]# sed -i 's/#UseDNS yes/UseDNS no/g' /etc/ssh/sshd_config
[root@wcbpgcm1 ~]#
# 设置root用户远程登录权限
[root@wcbpgcm1 ~]# sed -i s/"PermitRootLogin no"/"PermitRootLogin yes"/g /etc/ssh/sshd_config
[root@wcbpgcm1 ~]#
[root@wcbpgcm1 ~]# sed -i s/"PasswordAuthentication no"/"PasswordAuthentication yes"/g /etc/ssh/sshd_config
[root@wcbpgcm1 ~]#
#修改Banner配置
[root@wcbpgcm1 ~]# sed -i s/"#Banner none"/"Banner none"/g /etc/ssh/sshd_config
[root@wcbpgcm1 ~]#
#关闭SELINUX
[root@wcbpgcm1 ~]# sed -i s/SELINUX=enforcing/SELINUX=disabled/g /etc/selinux/config
#修改字符集
[root@wcbpgcm1 ~]# echo 'export LANG=en_US.UTF-8' >> /etc/profile
# 访问:github
[root@wcbpgcm1 ~]# echo "
140.82.114.3 github.com
185.199.108.153 assets-cdn.github.com
199.232.69.194 github.global.ssl.fastly.net
185.199.108.133 raw.githubusercontent.com
" >> /etc/hosts
# 若访问mirrors.aliyun.com很慢,那说明是DNS解析有问题,在/etc/resolv.conf中可以添加如下项目
[root@wcbpgcm1 ~]# echo "
nameserver 114.114.114.114
nameserver 8.8.8.8
" > /etc/resolv.conf
12、将容器导出为镜像
[root@pgcm ~]# docker commit wcbpgcm1 wcbpgcm:1.0
sha256:0c5cd94de372638dcb2a5ac07ab778374000cdc237cff5c434a6a3abc724a0bc
[root@pgcm ~]# docker images | grep wcbpgcm
wcbpgcm 1.0 0c5cd94de372 2 seconds ago 3.79GB
类似资料: