1、使用docker-compose制作nginx+php-fpm,mysql,wordpress镜像,并管理启动,实现wordpress的访问
1.1 安装docker-compose
[root@offline mariadb]#yum install epel-release.noarch -y
[root@offline mariadb]#yum install python-pip -y
[root@offline mariadb]#pip install --upgrade pip
[root@offline mariadb]#pip install docker-compose
[root@offline mariadb]# docker-compose version
docker-compose version 1.26.2, build unknown
docker-py version: 4.3.1
CPython version: 2.7.5
OpenSSL version: OpenSSL 1.0.1e-fips 11 Feb 20131.2 构建基础镜像
[root@offline base]# ls
Dockerfile
[root@offline base]# cat Dockerfile
FROM centos:centos7.8.2003
MAINTAINER RICKZHU
RUN yum install wget -y \
&& rm -rf /etc/yum.repos.d/*.repo \
&& wget -O /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-7.repo \
&& wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
RUN yum install -y gcc gcc-c++ glibc make autoconf openssl openssl-devel bash-completion.noarch vim iotop tree lrzsz
RUN cp /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
[root@offline base]# docker build -t centos7.8:base .
[root@offline base]# docker images |grep centos7.8
centos7.8 base ff4f137b5e76 3 hours ago 492MB1.3 构建nginx镜像
[root@offline nginx]# ls
abc.html Dockerfile index.php ngphp.conf
[root@offline nginx]# cat Dockerfile
FROM centos7.8:base
MAINTAINER Rickzhu
RUN yum install nginx -y && mkdir -p /data/php
ADD ngphp.conf /etc/nginx/conf.d/
ADD index.php /data/php
ADD abc.html /data/php
EXPOSE 80
CMD ["nginx","-g","daemon off;"]
[root@offline nginx]# cat ngphp.conf
server {
listen 80;
server_name 10.1.1.24;
root /data/php;
index index.html index.php;
location ~* \.php$ {
root /data/php;
fastcgi_pass php:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
[root@offline nginx]# cat index.php
<?php phpinfo() ?>
[root@offline nginx]# cat abc.html
<h1>Hello Docker nginx-php</h1>
[root@offline nginx]# docker build -t nginx:php .
[root@offline nginx]# docker images |grep nginx
nginx php ad66c762f136 2 hours ago 556MB1.3 构建php-fpm镜像
[root@offline php]# ls
Dockerfile index.php php-fpm.conf www.conf
[root@offline php]# grep daemon php-fpm.conf |grep -v ";"
daemonize = no
###把daemonize = yes改成daemonize = no
[root@offline php]# grep -E "^listen*|^user|^group" www.conf
user = apache user = nginx
group = apache group = nginx
listen = 127.0.0.1:9000 改成 listen= 0.0.0.0:9000
listen.allowed_clients = 127.0.0.1 ;listen.allowed_clients = 127.0.0.1
[root@offline php]# cat Dockerfile
FROM centos7.8:base
MAINTAINER Rickzhu
RUN wget https://mirrors.tuna.tsinghua.edu.cn/remi/enterprise/remi-release-7.rpm \
&& yum install -y remi-release-7.rpm && yum install php56-php-mysql php56-php-fpm -y \
&& mkdir -p /data/php && useradd nginx
ADD index.php /data/php
ADD php-fpm.conf /opt/remi/php56/root/etc/
ADD www.conf /opt/remi/php56/root/etc/php-fpm.d/
EXPOSE 9000
CMD ["/opt/remi/php56/root/usr/sbin/php-fpm"]
[root@offline php]# cat index.php
<?php phpinfo() ?>
[root@offline php]# docker build -t php:v1 .
[root@offline php]# docker images |grep php
php v1 213a2a7983ee 15 minutes ago 587MB1.4 构建mariadb镜像
[root@offline mariadb]# ll
total 68860
-rw-r--r-- 1 root root 622 Sep 20 17:45 Dockerfile
-rw-r--r-- 1 root root 10457036 Sep 20 17:57 MariaDB-10.0.33-centos7-x86_64-client.rpm
-rw-r--r-- 1 root root 43692 Sep 20 17:48 MariaDB-10.0.33-centos7-x86_64-common.rpm
-rw-r--r-- 1 root root 1499852 Sep 20 17:51 MariaDB-10.0.33-centos7-x86_64-compat.rpm
-rw-r--r-- 1 root root 58489196 Sep 20 22:33 MariaDB-10.0.33-centos7-x86_64-server.rpm
-rw-r--r-- 1 root root 142 Sep 20 17:42 server.cnf
-rw-r--r-- 1 root root 164 Sep 21 13:26 start.sh
-rw-r--r-- 1 root root 136 Sep 20 17:42 wps.sql
[root@offline mariadb]# cat Dockerfile
FROM centos7.8:base
MAINTAINER Rickzhu
COPY MariaDB-10.0.33-centos7-x86_64-client.rpm /root/MariaDB-10.0.33-centos7-x86_64-client.rpm
COPY MariaDB-10.0.33-centos7-x86_64-common.rpm /root/MariaDB-10.0.33-centos7-x86_64-common.rpm
COPY MariaDB-10.0.33-centos7-x86_64-compat.rpm /root/MariaDB-10.0.33-centos7-x86_64-compat.rpm
COPY MariaDB-10.0.33-centos7-x86_64-server.rpm /root/MariaDB-10.0.33-centos7-x86_64-server.rpm
WORKDIR /root
RUN yum -y install *.rpm
ADD wps.sql /root/wps.sql
ADD server.cnf /etc/my.cnf.d/server.cnf
ADD start.sh /root/start.sh
RUN chmod +x /root/start.sh
EXPOSE 3306
CMD ["/root/start.sh"]
[root@offline mariadb]# cat start.sh
#!/bin/sh
chown -R mysql:mysql /var/lib/mysql
mysql_install_db --user=mysql > /dev/null
mysqld_safe --user=mysql &
sleep 5
mysql < /root/wps.sql
tail -f /etc/hosts
[root@offline mariadb]# cat server.cnf
[mysqld]
bind-address=0.0.0.0
console=1
general_log=1
general_log_file=/dev/stdout
collation-server=utf8_unicode_ci
character-set-server=utf8
[root@offline mariadb]# cat wps.sql
create database wpdb DEFAULT CHARACTER SET utf8;
grant all privileges on wpdb.* to wpuser@'%' identified by "wppass";
flush privileges;1.5 安装wordpress
1.5.1 使用docker-compose搭建lnmp环境
###编写docker-compose.yml文件
[root@offline lnmp]# cat docker-compose.yml
nginx:
image: nginx:php
container_name: nginx
volumes:
- /opt/nginx/www:/data/php
expose:
- 80
ports:
- "80:80"
links:
- php
php:
image: php:v1
container_name: php
volumes:
- /opt/php/www:/data/php
expose:
- 9000
ports:
- "9000:9000"
links:
- mariadb
mariadb:
image: mariadb:v1
container_name: mariadb
expose:
- 3306
ports:
- "3306:3306"
[root@offline lnmp]# docker-compose ps
Name Command State Ports
-------------------------------------------------------------------------
mariadb /root/start.sh Up 0.0.0.0:3306->3306/tcp
nginx nginx -g daemon off; Up 0.0.0.0:80->80/tcp
php /opt/remi/php56/root/usr/s ... Up 0.0.0.0:9000->9000/tcp
[root@offline lnmp]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
1d3105d9fbbf nginx:php "nginx -g 'daemon of…" About a minute ago Up About a minute 0.0.0.0:80->80/tcp nginx
45e84b6f0352 php:v1 "/opt/remi/php56/roo…" About a minute ago Up About a minute 0.0.0.0:9000->9000/tcp php
cc17462adcaa mariadb:v1 "/root/start.sh" About a minute ago Up About a minute 0.0.0.0:3306->3306/tcp mariadb1.5.2 下载并解压wordpress-5.0.3-zh_CN.zip
###wordpass官网下载wordpress-5.0.3-zh_CN.zip,并上传到/opt/nginx/www和/opt/php/www,然后解压
[root@offline www]# pwd
/opt/php/www
[root@offline www]# ls
wordpress wordpress-5.0.3-zh_CN.zip
[root@offline www]# ls
wordpress wordpress-5.0.3-zh_CN.zip
###给nginx用户有权限读写整个wordpass目录
[root@offline www]# setfacl -R -m u:nginx:rwx /opt/php/www/
[root@offline www]# setfacl -R -m u:nginx:rwx /opt/nginx/www/1.5.3 浏览器访问http://ip/wordpress进行安装wordpress
###准备配置文件
[root@offline wordpress]# cp wp-config-sample.php wp-config.php
[root@offline wordpress]# cat wp-config.php
<?php
// ** MySQL 设置 - 具体信息来自您正在使用的主机 ** //
/** WordPress数据库的名称 */
define('DB_NAME', 'wpdb');
/** MySQL数据库用户名 */
define('DB_USER', 'wpuser');
/** MySQL数据库密码 */
define('DB_PASSWORD', 'wppass');
/** MySQL主机 */
define('DB_HOST', 'mariadb');
/** 创建数据表时默认的文字编码 */
define('DB_CHARSET', 'utf8');
/** 数据库整理类型。如不确定请勿更改 */
define('DB_COLLATE', '');
define('AUTH_KEY', 'put your unique phrase here');
define('SECURE_AUTH_KEY', 'put your unique phrase here');
define('LOGGED_IN_KEY', 'put your unique phrase here');
define('NONCE_KEY', 'put your unique phrase here');
define('AUTH_SALT', 'put your unique phrase here');
define('SECURE_AUTH_SALT', 'put your unique phrase here');
define('LOGGED_IN_SALT', 'put your unique phrase here');
define('NONCE_SALT', 'put your unique phrase here');
$table_prefix = 'wp_';
define('WP_DEBUG', false);
if ( !defined('ABSPATH') )
define('ABSPATH', dirname(__FILE__) . '/');
require_once(ABSPATH . 'wp-settings.php');
2、使用ansible进行K8s初始化安装配置。
2.1 规划
| 主机名 | IP | 组件 |
|---|---|---|
| master1.nassoft.net | 10.1.1.25 | kubectl、kube-apiserver、kube-scheduler,kube-control-manage ,etcd,docker |
| master2.nassoft.net | 10.1.1.26 | kubectl、kube-apiserver、kube-scheduler ,kube-control-manage ,etcd,docker |
| master3.nassoft.net | 10.1.1.34 | kubectl、kube-apiserver、kube-scheduler,kube-control-manage ,etcd,docker |
| node1.nassoft.net | 10.1.1.27 | kubelet,kube-proxy,docker |
| node2.nassoft.net | 10.1.1.28 | kubelet,kube-proxy,docker |
| node3.nassoft.net | 10.1.1.29 | kubelet,kube-proxy,docker |
2.2 基础配置
2.2.1 配置ssh免密登录
root@master1:~# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:cKouUqzN/1DRwl7A06yaYX9TopA6off3zge6sT8IxLw root@master1
The key's randomart image is:
+---[RSA 2048]----+
| ..o |
| .ooo |
| o .=o+ |
| . O..B. . |
| o = B+.So |
|. * Eoo + |
| * oo..+ o |
|o +...++. . |
| . ooo+==o |
+----[SHA256]-----+
root@master1:~# cat scpKey.sh
#!/bin/bash
ips="
10.1.1.25
10.1.1.26
10.1.1.27
10.1.1.28
10.1.1.29
10.1.1.30
10.1.1.31
10.1.1.32
10.1.1.33
10.1.1.34
"
for ip in ${ips}
do
sshpass -p Nassoft@gz ssh-copy-id ${ip} -o StrictHostKeyChecking=no
if [ $? -eq 0 ];then
echo "${node} 秘钥copy完成"
else
echo "${node} 秘钥copy失败"
fi
done
root@master1:~# sh -n scpKey.sh
root@master1:~# sh scpKey.sh 2.2.2 配置主机名
root@master1:~# cat hostname.sh
#!/bin/bash
ssh 10.1.1.25 "hostnamectl set-hostname master1"
ssh 10.1.1.26 "hostnamectl set-hostname master2"
ssh 10.1.1.34 "hostnamectl set-hostname master3"
ssh 10.1.1.27 "hostnamectl set-hostname node1"
ssh 10.1.1.28 "hostnamectl set-hostname node2"
ssh 10.1.1.29 "hostnamectl set-hostname node3"
ssh 10.1.1.30 "hostnamectl set-hostname ha1"
ssh 10.1.1.31 "hostnamectl set-hostname ha2"
ssh 10.1.1.32 "hostnamectl set-hostname har1"
ssh 10.1.1.33 "hostnamectl set-hostname har2"
root@master1:~# sh hostname.sh2.2.3 配置主机解析
root@master1:~# cat /etc/hosts
127.0.0.1 localhost
127.0.1.1 rick
# The following lines are desirable for IPv6 capable hosts
::1 ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
10.1.1.25 master1.nassoft.net
10.1.1.26 master2.nassoft.net
10.1.1.34 master3.nassoft.net
10.1.1.27 node1.nassoft.net
10.1.1.28 node2.nassoft.net
10.1.1.29 node3.nassoft.net
10.1.1.30 ha1.nassoft.net
10.1.1.31 ha2.nassoft.net
10.1.1.32 har1.nassoft.net
10.1.1.33 har2.nassoft.net
root@master1:~# cat host.sh
#!/bin/bash
ips="
10.1.1.25
10.1.1.26
10.1.1.27
10.1.1.28
10.1.1.29
10.1.1.30
10.1.1.31
10.1.1.32
10.1.1.33
10.1.1.34
"
for ip in ${ips}
do
scp /etc/hosts ${ip}:/etc/hosts
if [ $? -eq 0 ];then
echo "${node} 主机解析copy完成"
else
echo "${node} 主机解析copy失败"
fi
done
root@master1:~# sh host.sh2.2.4 更换apt源为阿里云源
root@master1:~# cat /etc/apt/sources.list
deb http://mirrors.aliyun.com/ubuntu/ bionic main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ bionic main restricted universe multiverse
deb http://mirrors.aliyun.com/ubuntu/ bionic-security main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ bionic-security main restricted universe multiverse
deb http://mirrors.aliyun.com/ubuntu/ bionic-updates main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ bionic-updates main restricted universe multiverse
deb http://mirrors.aliyun.com/ubuntu/ bionic-backports main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ bionic-backports main restricted universe multiverse
deb http://mirrors.aliyun.com/ubuntu/ bionic-proposed main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ bionic-proposed main restricted universe multiverse
root@master1:~# cat apt.sh
#!/bin/bash
ips="
10.1.1.25
10.1.1.26
10.1.1.27
10.1.1.28
10.1.1.29
10.1.1.30
10.1.1.31
10.1.1.32
10.1.1.33
10.1.1.34
"
for ip in ${ips}
do
scp /etc/apt/sources.list ${ip}:/etc/apt/sources.list
if [ $? -eq 0 ];then
echo "${node} apt源copy完成"
else
echo "${node} apt源copy失败"
fi
done
root@master1:~# sh apt.sh
Warning: Unauthorized access to this system is strictly prohibited.
Use of this system is limited to authorized individuals only.
All activities are monitored.
sources.list 100% 902 2.0MB/s 00:00
apt源copy完成
sources.list 100% 902 2.1MB/s 00:00
apt源copy完成
sources.list 100% 902 1.6MB/s 00:00
apt源copy完成2.2.5 时钟同步
root@master1:~# apt install chrony -y
root@master1:~# cat /etc/chrony/chrony.conf |grep -v "#" |sed '/^$/d'
pool ntp.aliyun.com iburst maxsources 4
pool ntp1.aliyun.com iburst maxsources 4
keyfile /etc/chrony/chrony.keys
driftfile /var/lib/chrony/chrony.drift
logdir /var/log/chrony
maxupdateskew 100.0
rtcsync
makestep 1 3
root@master1:~# systemctl start chrony
root@master1:~# systemctl enable chrony2.3.在每个节点安装依赖工具
Ubuntu 16.04及以上请执行以下脚本:
# 文档中脚本默认均以root用户执行
apt-get update && apt-get upgrade -y && apt-get dist-upgrade -y
# 安装python2
apt-get install python2.7
# Ubuntu16.04可能需要配置以下软连接
ln -s /usr/bin/python2.7 /usr/bin/python2.4.在ansible控制端安装及准备ansible
2.4.1 pip 安装 ansible
# Ubuntu 16.04 及以上
apt-get install git python-pip -y
# pip安装ansible(国内如果安装太慢可以直接用pip阿里云加速)
pip install pip --upgrade -i https://mirrors.aliyun.com/pypi/simple/
pip install ansible==2.6.18 netaddr==0.7.19 -i https://mirrors.aliyun.com/pypi/simple/2.5.在ansible控制端编排k8s安装
2.5.1 下载项目源码
2.5.2 下载二进制文件
2.5.3 下载离线docker镜像
推荐使用 easzup 脚本下载 4.0/4.1/4.2 所需文件;运行成功后,所有文件(kubeasz代码、二进制、离线镜像)均已整理好放入目录/etc/ansible
# 下载工具脚本easzup,举例使用kubeasz版本2.2.0
export release=2.2.0
curl -C- -fLO --retry 3 https://github.com/easzlab/kubeasz/releases/download/${release}/easzup
chmod +x ./easzup
# 使用工具脚本下载
./easzup -D2.5.4 配置集群参数
2.5.4.1 必要配置
cd /etc/ansible && cp example/hosts.multi-node hosts`, 然后实际情况修改此hosts文件2.5.4.2 验证ansible 安装
ansible all -m ping 正常能看到节点返回 SUCCESS2.6.开始安装
#检查基础环境,安装卸载所需软件
ansible-playbook 01.prepare.yml
#安装etcd服务
ansible-playbook 02.etcd.yml
#安装docker服务
ansible-playbook 03.docker.yml
#安装master节点
ansible-playbook 04.kube-master.yml
#安装node节点
ansible-playbook 05.kube-node.yml
#安装网络服务
ansible-playbook 06.network.yml
#安装集群内dns和dashboard
ansible-playbook 07.cluster-addon.yml
#安装harbor
ansible-playbook 11.harbor.yml2.7.验证
root@master1:/etc/ansible# kubectl get nodes
NAME STATUS ROLES AGE VERSION
10.1.1.25 Ready,SchedulingDisabled master 47m v1.17.2
10.1.1.26 Ready,SchedulingDisabled master 47m v1.17.2
10.1.1.27 Ready node 45m v1.17.2
10.1.1.28 Ready node 45m v1.17.2
root@master1:/etc/ansible# kubectl get ns -A -o wide
NAME STATUS AGE
default Active 53m
kube-node-lease Active 53m
kube-public Active 53m
kube-system Active 53m
root@master1:/etc/ansible# kubectl get pod -n kube-system | grep dashboard
dashboard-metrics-scraper-7b8b58dc8b-c7gmb 1/1 Running 0 44m
kubernetes-dashboard-567b96c67d-xqjg4 1/1 Running 0 44m2.8.增加节点
2.8.1 增加master节点
root@master1:/etc/ansible# easzctl add-master 10.1.1.34
root@master1:/etc/ansible# kubectl get nodes |grep master
10.1.1.25 Ready,SchedulingDisabled master 73m v1.17.2
10.1.1.26 Ready,SchedulingDisabled master 73m v1.17.2
10.1.1.34 Ready,SchedulingDisabled master 95s v1.17.22.8.2 增加node节点
root@master1:/etc/ansible# easzctl add-node 10.1.1.29
root@master1:/etc/ansible# kubectl get nodes |grep node
10.1.1.27 Ready node 73m v1.17.2
10.1.1.28 Ready node 73m v1.17.2
10.1.1.29 Ready node 65s v1.17.22.9.升级
2.9.1 备份数据
root@master1:/etc/ansible# ansible-playbook 23.backup.yml
root@master1:/etc/ansible# find -name "*.db"
./.cluster/backup/snapshot.db
./.cluster/backup/snapshot-202009111633.db2.9.2 实施升级
#下载二进制包
root@master1:~#wget https://dl.k8s.io/v1.17.11/kubernetes-server-linux-amd64.tar.gz
#解压并复制到/etc/ansible/bin目录下
root@master1:~# tar xf kubernetes-server-linux-amd64.tar.gz
root@master1:~# cd kubernetes//server/bin
root@master1:~/kubernetes/server/bin# cp -a kubeadm kube-apiserver kube-controller-manager kubectl kubelet kube-proxy kube-scheduler /etc/ansible/bin/
#升级
root@master1:/etc/ansible# ansible-playbook -t upgrade_k8s 22.upgrade.yml
#验证
root@master1:/etc/ansible# kubectl get nodes
NAME STATUS ROLES AGE VERSION
10.1.1.25 Ready,SchedulingDisabled master 139m v1.17.11
10.1.1.26 Ready,SchedulingDisabled master 139m v1.17.11
10.1.1.27 Ready node 137m v1.17.11
10.1.1.28 Ready node 137m v1.17.11
10.1.1.29 Ready node 64m v1.17.11
10.1.1.34 Ready,SchedulingDisabled master 67m v1.17.11