账户管理

root 账户修改默认密码

passwd root
#输入两次新的密码 7jawFDFr29yeYB

新增账户

useradd jdd
passwd jdd
# 输入两次新的密码 RR6tHfmyMp09ZD
# 默认会增加同名的组名和home目录

为新增账户增加 sudo 权限

# 为sudoers文件添加可写权限(rw-r-----)
chmod -v u+w /etc/sudoers

# 在 sudoers 文件仿照root添加新用户信息到 ## Allow root to run any commands anywher 下
jdd ALL=(ALL) ALL

# 取消 sudoers 文件可写权限
chmod -v u-w /etc/sudoers
# from 0640 (rw-r-----) to 0440 (r--r-----)

安装Docker

# 利用通用脚本安装,不适合用在生产环境
curl -fsSL https://get.docker.com -o get-docker.sh
sudo sh get-docker.sh

# 将当前用户加到docker用户组中,
sudo usermod -aG docker jdd
# 不用注销,激活对组的更改
newgrp docker

# 启动docker
sudo systemctl start docker

# 重启Docker
sudo systemctl restart docker

# 开机启动docker
sudo systemctl enable docker

# 开机不要启动docker
sudo systemctl disable docker

安装 docker compose

sudo curl -L "https://github.com/docker/compose/releases/download/1.24.1/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
# 赋予执行权限
sudo chmod +x /usr/local/bin/docker-compose
# 验证
docker-compose --version
# docker-compose version 1.24.1, build 4667896b

配置 SSH 密钥登录(本主机执行)

# 新建专用密钥
ssh-keygen -t rsa -b 4096 -f ~/.ssh/jdtest

# 拷贝密钥到机器上
ssh-copy-id -i ~/.ssh/jdtest.pub [email protected]

配置 SSH config

Host jdtest
    HostName jdtest
    User jdd
    IdentityFile ~/.ssh/jdtest

升级 git(本步骤可以登录成root后再执行,不用总加sudo)

# 如果当前有git的老版本需要先卸载
git --version
# git version 1.8.3.1 太老了卸载
yum -y remove git
# 悲剧
作为依赖被删除:
  gitlab-runner.x86_64 0:12.1.0-1            
  perl-Git.noarch 0:1.8.3.1-20.el7

# 安装所需软件包
yum install curl-devel expat-devel gettext-devel openssl-devel zlib-devel 
yum install gcc perl-ExtUtils-MakeMaker

# 安装 git
cd /usr/src
wget https://www.kernel.org/pub/software/scm/git/git-2.22.0.tar.gz 
tar xzf git-2.22.0.tar.gz 
cd git-2.22.0
make prefix=/usr/local/git all
make prefix=/usr/local/git install
# 设置环境变量
echo "export PATH=/usr/local/git/bin:$PATH" >> /etc/bashrc
source /etc/bashrc
# 检查版本
git --version
# git version 2.22.0

注册成为 Gitlab CI 的 Runner(注意:升级git后执行本操作)

安装 Gitlab Runner

# 注册官方库
curl -L https://packages.gitlab.com/install/repositories/runner/gitlab-runner/script.rpm.sh | sudo bash

# 通过官方库安装
sudo yum install gitlab-runner

注册 Runner

sudo gitlab-runner register
# 如下
Please enter the gitlab-ci coordinator URL (e.g. https://gitlab.com/):
https://gitlab.com/
Please enter the gitlab-ci token for this runner:
WN2o24ZU-YiNHKd-5ty1
Please enter the gitlab-ci description for this runner:
[JD]: jdtest
Please enter the gitlab-ci tags for this runner (comma separated):
jd,linux,centos7
Registering runner... succeeded                     runner=WN2o24ZU
Please enter the executor: custom, docker, virtualbox, docker+machine, docker-ssh+machine, kubernetes, docker-ssh, parallels, shell, ssh:
shell
Runner registered successfully. Feel free to start it, but if it's running already the config should be automatically reloaded!

将gitlab-runner用户加到docker组中(gitlab-runner的坑)

# 如果你的CI在runner上执行报错 Permission denied,可以试试这个方法
sudo usermod -aG docker gitlab-runner

安装 golang(用root)

yum install golang
go version
# go version go1.11.5 linux/amd64

配置监控系统

  • 面板用Grafana
  • 性能监控用Prometueus
  • 日志查询用Loki
  • 整体环境用docker-compose

以下配置文件都放于同级目录下

docker-compose.yaml

# docker-compose.yaml
version: "3"

networks:
  loki:
    ipam:
        config:
        - subnet: 183.16.0.0/24

services:
  loki:
    image: grafana/loki:master
    ports:
      - "3100:3100"
    volumes:
      - ./volumes/etc/loki:/etc/loki
    command: -config.file=/etc/loki/loki-local-config.yaml
    networks:
      - loki

  promtail:
    image: grafana/promtail:make-images-static-26a87c9
    volumes:
      - ./volumes/etc/promtail:/etc/promtail
      - /var/log:/var/log
    command:
      -config.file=/etc/promtail/promtail-docker-config.yaml
    networks:
      - loki

  grafana:
    image: grafana/grafana:master
    ports:
      - "3000:3000"
    environment:
      GF_EXPLORE_ENABLED: "true"
    networks:
      - loki

  prometheus:
    image: prom/prometheus
    volumes:
    - "./prometheus.yml:/etc/prometheus/prometheus.yml"
    ports:
    - "9090:9090"
    networks:
      - loki

  portainer:
    image: portainer/portainer:latest
    restart: always
    ports:
      - "9000:9000"
    volumes: 
      - "/var/run/docker.sock:/var/run/docker.sock"
    container_name: "portainer"
    hostname: "portainer"

loki-local-config.yaml

# loki-local-config.yaml
auth_enabled: false

server:
  http_listen_port: 3100

ingester:
  lifecycler:
    address: 127.0.0.1
    ring:
      kvstore:
        store: inmemory
      replication_factor: 1
    final_sleep: 0s
  chunk_idle_period: 5m
  chunk_retain_period: 30s

schema_config:
  configs:
  - from: 2018-04-15
    store: boltdb
    object_store: filesystem
    schema: v9
    index:
      prefix: index_
      period: 168h

storage_config:
  boltdb:
    directory: /tmp/loki/index

  filesystem:
    directory: /tmp/loki/chunks

limits_config:
  enforce_metric_name: false
  reject_old_samples: true
  reject_old_samples_max_age: 168h

chunk_store_config:
  max_look_back_period: 0

table_manager:
  chunk_tables_provisioning:
    inactive_read_throughput: 0
    inactive_write_throughput: 0
    provisioned_read_throughput: 0
    provisioned_write_throughput: 0
  index_tables_provisioning:
    inactive_read_throughput: 0
    inactive_write_throughput: 0
    provisioned_read_throughput: 0
    provisioned_write_throughput: 0
  retention_deletes_enabled: false
  retention_period: 0

promtail-docker-config.yaml

# promtail-docker-config.yaml
server:
  http_listen_port: 9080
  grpc_listen_port: 0

positions:
  filename: /tmp/positions.yaml

client:
  url: http://loki:3100/api/prom/push

scrape_configs:
- job_name: system
  entry_parser: raw
  static_configs:
  - targets:
    - localhost
    labels:
      job: varlogs
      __path__: /var/log

prometheus.yml

# prometheus.yml
global:
  scrape_interval:     15s # Set the scrape interval to every 15 seconds. Default is every 1 minute.
  evaluation_interval: 15s # Evaluate rules every 15 seconds. The default is every 1 minute.
  # scrape_timeout is set to the global default (10s).

# Alertmanager configuration
alerting:
  alertmanagers:
  - static_configs:
    - targets:
      # - alertmanager:9093

# Load rules once and periodically evaluate them according to the global 'evaluation_interval'.
rule_files:
  # - "first_rules.yml"
  # - "second_rules.yml"

# A scrape configuration containing exactly one endpoint to scrape:
# Here it's Prometheus itself.
scrape_configs:
  # The job name is added as a label `job=<job_name>` to any timeseries scraped from this config.
  - job_name: 'prometheus'

    # metrics_path defaults to '/metrics'
    # scheme defaults to 'http'.

    static_configs:
    - targets: ['localhost:9090']

安装Caddy

中文配置文档

查看机器硬件信息

查看CPU信息

lscpu

查看内存

dmidecode -t memory | grep -i size

当前内存使用量(兆字节)

free -m

列出所有磁盘及其分区和大小

lsblk

列出每个分区的唯一标识符(UUID)及其文件系统类型

blkid

列出已挂载文件系统和挂载点,及已用空间和可用空间(兆字节为单位)

df -m

显示默认网关和路由表

ip route | column -t
或
netstat -r

显示BIOS信息

dmidecode -t bios

内核版、是 64 位的吗、网络主机名

uname -a