企业🤖AI智能体构建引擎,智能编排和调试,一键部署,支持私有化部署方案 广告
版本: 18.06-ce yum install -y yum-utils device-mapper-persistent-data lvm2 yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo wget https://download.docker.com/linux/centos/7/x86_64/stable/Packages/docker-ce-17.12.1.ce-1.el7.centos.x86_64.rpm yum install -y ./docker-ce-17.12.1.ce-1.el7.centos.x86_64.rpm systemctl enable docker systemctl start docker /etc/docker/daemon.json { "exec-opts": ["native.cgroupdriver=cgroupfs","MountFlags=slave","log-opt max-size=10m","log-opt max-file=3"], #挂载信号,console限额 "graph": "/opt/docker", "storage-driver": "overlay2", #存储驱动overlay2 "storage-opts": [ "overlay2.override_kernel_check=true", "overlay2.size=10G" #overlay2,容器磁盘限额 ], "insecure-registries": ["10.18.19.17:5000"], "registry-mirrors": ["https://mirror.dianrong.io"], "hosts": ["tcp://0.0.0.0:4243", "unix:///var/run/docker.sock"] } systemd 配置 /usr/lib/systemd/system/docker.service [Unit] Description=Docker Application Container Engine Documentation=https://docs.docker.com After=network.target docker.socket Requires=docker.socket [Service] Type=notify # the default is not to use systemd for cgroups because the delegate issues still # exists and systemd currently does not support the cgroup feature set required # for containers run by docker ExecStart=/usr/bin/docker daemon -H fd:// MountFlags=slave LimitNOFILE=1048576 LimitNPROC=1048576 LimitCORE=infinity TimeoutStartSec=0 # set delegate yes so that systemd does not reset the cgroups of docker containers Delegate=yes [Install] WantedBy=multi-user.target **part1 ** PXE安装后环境: * 系统盘:RAID1=1TB,数据盘:RAID5=5TB * kernel:kernel\-3.10.0-862(对于现存所有环境下的CentOS系统的App服务器,应当计划逐步迁移更新至kernel 3.10.0-514以上以支持overlay2) * lang=en\_US.UTF-8 * firewalld:disabled * selinux:disabled * 默认分区规则:划分一块vg:VolGroup00,以下LV以及挂载点均从此VG创建 1. /=50G 2. /tmp=10G 3. /var=20G * repo源: 指向自建repo源(上游yum为清华yum repo) * 网卡bond (em1 em2 主备模式) * 安装salt minion ### **part2** 由saltstack master push 配置到minion完成: * 系统用户初始化 创建dradmin用户,uid和gid=2000,分配sudo权限,(添加堡垒机key) 创建zabbix用户,uid和gid=1010,隶属zabbix组 创建druser用户,uid和gid=1000,隶属druser组 * 系统参数初始化 1. vm.swappiness:0 2. vm.overcommit\_memory:1 3. net.ipv4.ip\_forward:1 4. \* soft nofile 110000 \* hard nofile 160000 5. \* soft nproc 20480 \* hard nproc 20480 root soft nproc unlimited 6. 禁用swapness 7. 禁用ipv6 8. history format 增加时间 9. history size == 10240 * ntpd同步打开 * 安装通用pkg(vim、lftp、git、net-tools、htop、bind-utils) * lvm划分(均为xfs文件系统) app\_dump VolGroup00 -wi-ao---- 100.00g app\_logs VolGroup00 -wi-ao---- 100.00g docker VolGroup00 -wi-ao---- 1000.00g * 安装python-pip == 9.0.3 * docker 安装标准 1. 使用overlay2 2. version:17.12.1-ce(此版本开始支持磁盘配额)       3./etc/docker/daemon.json {      "exec-opts": ["native.cgroupdriver=cgroupfs","MountFlags=slave","log-opt max-size=10m","log-opt max-file=3"], #挂载信号,console限额      "graph": "/opt/docker",      "storage-driver": "overlay2", #存储驱动overlay2      "storage-opts": [        "overlay2.override_kernel_check=true",        "overlay2.size=10G"  #overlay2,容器磁盘限额      ],      "insecure-registries": ["10.18.19.17:5000"],      "registry-mirrors": ["https://mirror.dianrong.io"],      "hosts": ["tcp://0.0.0.0:4243", "unix:///var/run/docker.sock"]        4.systemctl enable docker && system start docker        5.initial 基础容器:DOCKER\_VOLUMES         "Binds": \[         "/opt/[app\_logs:/app\_logs](http://app_logs/app_logs)",         "/opt/[app\_dump:/app\_dump](http://app_dump/app_dump)",         "/opt/[app\_sbin:/app\_sbin](http://app_sbin/app_sbin)"          \],         ## 安装后 check 项: todo 分区,磁盘挂载点