About neohope

一直在努力,还没想过要放弃...

CEPH环境搭建04

本节主要是测试ceph的三种存储方式之一对象存储。

1、创建s3用户

radosgw-admin user create --uid=s3user --display-name=s3user  --system
{
"user_id": "s3user",
"display_name": "s3user",
"email": "",
"suspended": 0,
"max_buckets": 1000,
"auid": 0,
"subusers": [],
"keys": [
{
"user": "s3user",
"access_key": "6IUA1DMFDTP5BG9ZMIR8",
"secret_key": "zdoRS2yWL6EsNEBa4xuOSFMPn0lMvPJVMIYZJirP"
}
],
"swift_keys": [],
"caps": [],
"op_mask": "read, write, delete",
"system": "true",
"default_placement": "",
"placement_tags": [],
"bucket_quota": {
"enabled": false,
"check_on_raw": false,
"max_size": -1,
"max_size_kb": 0,
"max_objects": -1
},
"user_quota": {
"enabled": false,
"check_on_raw": false,
"max_size": -1,
"max_size_kb": 0,
"max_objects": -1
},
"temp_url_keys": [],
"type": "rgw"
}

2、创建swift用户

sudo radosgw-admin subuser create --uid=s3user --subuser=s3user:swift --access=full
{
"user_id": "s3user",
"display_name": "s3user",
"email": "",
"suspended": 0,
"max_buckets": 1000,
"auid": 0,
"subusers": [
{
"id": "s3user:swift",
"permissions": "full-control"
}
],
"keys": [
{
"user": "s3user",
"access_key": "6IUA1DMFDTP5BG9ZMIR8",
"secret_key": "zdoRS2yWL6EsNEBa4xuOSFMPn0lMvPJVMIYZJirP"
}
],
"swift_keys": [
{
"user": "s3user:swift",
"secret_key": "2wou5DxQ6WiBYyHf8qb3QIMX9BnhhBd5Njlj6LJX"
}
],
"caps": [],
"op_mask": "read, write, delete",
"system": "true",
"default_placement": "",
"placement_tags": [],
"bucket_quota": {
"enabled": false,
"check_on_raw": false,
"max_size": -1,
"max_size_kb": 0,
"max_objects": -1
},
"user_quota": {
"enabled": false,
"check_on_raw": false,
"max_size": -1,
"max_size_kb": 0,
"max_objects": -1
},
"temp_url_keys": [],
"type": "rgw"
}

3、为swift用户分配key

sudo radosgw-admin key create --subuser=s3user:swift --key-type=swift --gen-secret
{
"user_id": "s3user",
"display_name": "s3user",
"email": "",
"suspended": 0,
"max_buckets": 1000,
"auid": 0,
"subusers": [
{
"id": "s3user:swift",
"permissions": "full-control"
}
],
"keys": [
{
"user": "s3user",
"access_key": "6IUA1DMFDTP5BG9ZMIR8",
"secret_key": "zdoRS2yWL6EsNEBa4xuOSFMPn0lMvPJVMIYZJirP"
}
],
"swift_keys": [
{
"user": "s3user:swift",
"secret_key": "itNAiqvaLSvixsd7aPMb1fs7F3M4zxuPjt3C7dd4"
}
],
"caps": [],
"op_mask": "read, write, delete",
"system": "true",
"default_placement": "",
"placement_tags": [],
"bucket_quota": {
"enabled": false,
"check_on_raw": false,
"max_size": -1,
"max_size_kb": 0,
"max_objects": -1
},
"user_quota": {
"enabled": false,
"check_on_raw": false,
"max_size": -1,
"max_size_kb": 0,
"max_objects": -1
},
"temp_url_keys": [],
"type": "rgw"
}

4、通过s3接口新增一个bucket

sudo apt-get install python-boto

vi s3test.py

import boto.s3.connection

access_key = '6IUA1DMFDTP5BG9ZMIR8'
secret_key = 'zdoRS2yWL6EsNEBa4xuOSFMPn0lMvPJVMIYZJirP'

conn = boto.connect_s3(
aws_access_key_id=access_key,
aws_secret_access_key=secret_key,
host='ceph01', port=7480,
is_secure=False, calling_format=boto.s3.connection.OrdinaryCallingFormat(),
)

bucket = conn.create_bucket('my-new-bucket')
for bucket in conn.get_all_buckets():
print "{name} {created}".format(
name=bucket.name,
created=bucket.creation_date,
)

5、通过swift接口查询bucket

sudo apt-get install python-pip
sudo pip install --upgrade setuptools
sudo pip install --upgrade python-swiftclient

swift -V 1 -A http://172.16.172.101:7480/auth -U s3user:swift -K 'itNAiqvaLSvixsd7aPMb1fs7F3M4zxuPjt3C7dd4' list

CEPH环境搭建03

本节主要是测试ceph的三种存储方式之一块存储。

1、创建存储池以及rbd

sudo ceph osd pool ls
sudo ceph osd pool create rbd

sudo rados df

sudo rbd ls
sudo rbd create --size 1024 rbd/r1

2、将映像映射到块设备

#直接映射会报一个错
#sudo rbd map r1
#rbd: sysfs write failed
#RBD image feature set mismatch. You can disable features unsupported by the kernel with "rbd feature disable r1 object-map fast-diff deep-flatten".
#In some cases useful info is found in syslog - try "dmesg | tail".
rbd: map failed: (6) No such device or address

#修正错误,重新映射
sudo rbd feature disable r1 object-map fast-diff deep-flatten
sudo rbd map r1
/dev/rbd0

#查看映射情况
sudo rbd showmapped
id pool image snap device
0  rbd  r1    -    /dev/rbd0

3、初始化块设备

#fdis初始化设备
sudo fdisk -l /dev/rbd0

#格式化分区为ext4
sudo mkfs.ext4 -m0 /dev/rbd0

#挂载块设备
sudo mkdir -p /mnt/rbd/r1
sudo mount -t ext4 /dev/rbd0 /mnt/rbd/r1

4、进行一些基本操作

sudo ls /mnt/rbd/r1

sudo vi /mnt/rbd/r1/hi.txt

sudo cat /mnt/rbd/r1/hi.txt
hello rbd

CEPH环境搭建02

本节主要是将存储设备加入ceph进行管理,并测试ceph的三种存储方式之一cephfs。

1、查看设备状态

sudo ceph osd status
ID  HOST     USED  AVAIL  WR OPS  WR DATA  RD OPS  RD DATA  STATE
0  ceph01  1027M   298G      0        0       0        0   exists,up
1  ceph02  1027M   298G      0        0       0        0   exists,up
2  ceph03  1027M   298G      0        0       0        0   exists,up
3  ceph04  1027M   298G      0        0       0        0   exists,up

sudo ceph orch device ls
HOST    PATH      TYPE   SIZE  DEVICE                             AVAIL  REJECT REASONS
ceph01  /dev/sdb  hdd    300G  VBOX_HARDDISK_VB434b1565-528a303a  True
ceph01  /dev/sda  hdd    300G  VBOX_HARDDISK_VB3eec2162-9aed4ffc  False  locked
ceph02  /dev/sdb  hdd    300G  VBOX_HARDDISK_VBa6445865-c497aa8e  True
ceph02  /dev/sda  hdd    300G  VBOX_HARDDISK_VB64e04201-60c7209f  False  locked
ceph03  /dev/sdb  hdd    300G  VBOX_HARDDISK_VB20fd0c04-b14ef3fa  True
ceph03  /dev/sda  hdd    300G  VBOX_HARDDISK_VB6f4439ab-85f80c78  False  locked
ceph04  /dev/sdb  hdd    300G  VBOX_HARDDISK_VB2c293541-3183e992  True
ceph04  /dev/sda  hdd    300G  VBOX_HARDDISK_VBd81d45d4-a88d6ff3  False  locked

2、存储设备加入osd管理

sudo ceph orch apply osd --all-available-devices
Scheduled osd update...

sudo ceph orch device ls --refresh
HOST    PATH      TYPE   SIZE  DEVICE                             AVAIL  REJECT REASONS
ceph01  /dev/sda  hdd    300G  VBOX_HARDDISK_VB3eec2162-9aed4ffc  False  locked
ceph01  /dev/sdb  hdd    300G  VBOX HARDDISK_VB434b1565-528a303a  False  LVM detected, Insufficient space (<5GB) on vgs, locked
ceph02  /dev/sda  hdd    300G  VBOX_HARDDISK_VB64e04201-60c7209f  False  locked
ceph02  /dev/sdb  hdd    300G  VBOX HARDDISK_VBa6445865-c497aa8e  False  LVM detected, locked, Insufficient space (<5GB) on vgs
ceph03  /dev/sda  hdd    300G  VBOX_HARDDISK_VB6f4439ab-85f80c78  False  locked
ceph03  /dev/sdb  hdd    300G  VBOX HARDDISK_VB20fd0c04-b14ef3fa  False  locked, Insufficient space (<5GB) on vgs, LVM detected
ceph04  /dev/sda  hdd    300G  VBOX_HARDDISK_VBd81d45d4-a88d6ff3  False  locked
ceph04  /dev/sdb  hdd    300G  VBOX HARDDISK_VB2c293541-3183e992  False  LVM detected, locked, Insufficient space (<5GB) on vgs

3、查看osd状态

sudo ceph osd df
ID  CLASS  WEIGHT   REWEIGHT  SIZE     RAW USE  DATA     OMAP  META   AVAIL    %USE  VAR   PGS  STATUS
0    hdd  0.29300   1.00000  300 GiB  1.0 GiB  3.4 MiB   0 B  1 GiB  299 GiB  0.33  1.00    0      up
1    hdd  0.29300   1.00000  300 GiB  1.0 GiB  3.4 MiB   0 B  1 GiB  299 GiB  0.33  1.00    1      up
2    hdd  0.29300   1.00000  300 GiB  1.0 GiB  3.4 MiB   0 B  1 GiB  299 GiB  0.33  1.00    1      up
3    hdd  0.29300   1.00000  300 GiB  1.0 GiB  3.4 MiB   0 B  1 GiB  299 GiB  0.33  1.00    1      up
TOTAL  1.2 TiB  4.0 GiB   14 MiB   0 B  4 GiB  1.2 TiB  0.33
MIN/MAX VAR: 1.00/1.00  STDDEV: 0
neohope@ceph01:~$ sudo ceph osd utilization
avg 0.75
stddev 0.433013 (expected baseline 0.75)
min osd.0 with 0 pgs (0 * mean)
max osd.1 with 1 pgs (1.33333 * mean)
neohope@ceph01:~$ sudo ceph osd pool stats
pool device_health_metrics id 1
nothing is going on

sudo ceph osd tree
ID  CLASS  WEIGHT   TYPE NAME        STATUS  REWEIGHT  PRI-AFF
-1         1.17200  root default
-3         0.29300      host ceph01
0    hdd  0.29300          osd.0        up   1.00000  1.00000
-5         0.29300      host ceph02
1    hdd  0.29300          osd.1        up   1.00000  1.00000
-7         0.29300      host ceph03
2    hdd  0.29300          osd.2        up   1.00000  1.00000
-9         0.29300      host ceph04
3    hdd  0.29300          osd.3        up   1.00000  1.00000

sudo ceph pg stat
1 pgs: 1 active+clean; 0 B data, 14 MiB used, 1.2 TiB / 1.2 TiB avail

4、创建cephfs

sudo ceph fs volume ls
[]
sudo ceph fs volume create  v1
sudo ceph fs volume ls
[
{
"name": "v1"
}
]

sudo ceph fs subvolumegroup create v1 g1
sudo ceph fs subvolumegroup ls v1

sudo ceph fs subvolume create v1 sv1
sudo ceph fs subvolume ls v1

sudo ceph fs ls
name: v1, metadata pool: cephfs.v1.meta, data pools: [cephfs.v1.data ]

5、挂载cephfs

sudo apt-get insatll ceph-fuse

# 挂载cephfs
sudo mkdir -p /mnt/ceph/ceph_fuse
sudo ceph-fuse /mnt/ceph/ceph_fuse
ceph-fuse[24512]: starting ceph client
2020-05-18 05:57:36.039818 7f7d221a2500 -1 init, newargv = 0x559708e0e2e0 newarg                                                                                                             c=9
ceph-fuse[24512]: starting fuse

# 查看挂载情况
sudo mount | grep ceph
ceph-fuse on /mnt/ceph/ceph_fuse type fuse.ceph-fuse (rw,nosuid,nodev,relatime,user_id=0,group_id=0,allow_other)

# 可以当作本地磁盘做一些日常操作
sudo ls /mnt/ceph/ceph_fuse/
volumes
sudo ls /mnt/ceph/ceph_fuse/volumes
g1  _nogroup
sudo ls /mnt/ceph/ceph_fuse/volumes/g1

sudo vi /mnt/ceph/ceph_fuse/volumes/g1/hi.txt
sudo cat /mnt/ceph/ceph_fuse/volumes/g1/hi.txt
hello ceph fuse

CEPH环境搭建01

1、初始环境

准备四个节点(每个节点的hosts和hostname要进行相应修改):

ceph-0001 172.16.172.101
ceph-0002 172.16.172.102
ceph-0003 172.16.172.103
ceph-0004 172.16.172.104

每个节点都执行:

sudo apt-get update
sudo apt-get install docker.io

2、在主节点安装cephadmin

#官方推荐的方法有问题
#sudo ./cephadm add-repo --release octopus
#The key(s) in the keyring /etc/apt/trusted.gpg.d/ceph.release.gpg are ignored as the file has an unsupported filetype.

sudo rm /etc/apt/trusted.gpg.d/ceph.release.gpg
wget -q -O- 'https://download.ceph.com/keys/release.asc' | sudo apt-key add -
echo deb http://download.ceph.com/debian-octopus/ $(lsb_release -sc) main | sudo tee /etc/apt/sources.list.d/ceph.list
sudo apt-get update

sudo ./cephadm install

sudo cephadm install ceph-common

3、初始化

sudo mkdir -p /etc/ceph

sudo cephadm bootstrap --mon-ip 172.16.172.101 --allow-overwrite
INFO:cephadm:Verifying podman|docker is present...
INFO:cephadm:Verifying lvm2 is present...
INFO:cephadm:Verifying time synchronization is in place...
INFO:cephadm:Unit systemd-timesyncd.service is enabled and running
INFO:cephadm:Repeating the final host check...
INFO:cephadm:podman|docker (/usr/bin/docker) is present
INFO:cephadm:systemctl is present
INFO:cephadm:lvcreate is present
INFO:cephadm:Unit systemd-timesyncd.service is enabled and running
INFO:cephadm:Host looks OK
INFO:root:Cluster fsid: 7bffaaf6-9688-11ea-ac24-080027b4217f
INFO:cephadm:Verifying IP 172.16.172.101 port 3300 ...
INFO:cephadm:Verifying IP 172.16.172.101 port 6789 ...
INFO:cephadm:Mon IP 172.16.172.101 is in CIDR network 172.16.172.0/24
INFO:cephadm:Pulling latest docker.io/ceph/ceph:v15 container...
INFO:cephadm:Extracting ceph user uid/gid from container image...
INFO:cephadm:Creating initial keys...
INFO:cephadm:Creating initial monmap...
INFO:cephadm:Creating mon...
INFO:cephadm:Waiting for mon to start...
INFO:cephadm:Waiting for mon...
INFO:cephadm:Assimilating anything we can from ceph.conf...
INFO:cephadm:Generating new minimal ceph.conf...
INFO:cephadm:Restarting the monitor...
INFO:cephadm:Setting mon public_network...
INFO:cephadm:Creating mgr...
INFO:cephadm:Wrote keyring to /etc/ceph/ceph.client.admin.keyring
INFO:cephadm:Wrote config to /etc/ceph/ceph.conf
INFO:cephadm:Waiting for mgr to start...
INFO:cephadm:Waiting for mgr...
INFO:cephadm:mgr not available, waiting (1/10)...
INFO:cephadm:mgr not available, waiting (2/10)...
INFO:cephadm:mgr not available, waiting (3/10)...
INFO:cephadm:Enabling cephadm module...
INFO:cephadm:Waiting for the mgr to restart...
INFO:cephadm:Waiting for Mgr epoch 5...
INFO:cephadm:Setting orchestrator backend to cephadm...
INFO:cephadm:Generating ssh key...
INFO:cephadm:Wrote public SSH key to to /etc/ceph/ceph.pub
INFO:cephadm:Adding key to root@localhost's authorized_keys...
INFO:cephadm:Adding host ceph01...
INFO:cephadm:Deploying mon service with default placement...
INFO:cephadm:Deploying mgr service with default placement...
INFO:cephadm:Deploying crash service with default placement...
INFO:cephadm:Enabling mgr prometheus module...
INFO:cephadm:Deploying prometheus service with default placement...
INFO:cephadm:Deploying grafana service with default placement...
INFO:cephadm:Deploying node-exporter service with default placement...
INFO:cephadm:Deploying alertmanager service with default placement...
INFO:cephadm:Enabling the dashboard module...
INFO:cephadm:Waiting for the mgr to restart...
INFO:cephadm:Waiting for Mgr epoch 13...
INFO:cephadm:Generating a dashboard self-signed certificate...
INFO:cephadm:Creating initial admin user...
INFO:cephadm:Fetching dashboard port number...
INFO:cephadm:Ceph Dashboard is now available at:

URL: https://localhost:8443/
User: admin
Password: mdbewc14gq

INFO:cephadm:You can access the Ceph CLI with:

sudo /usr/sbin/cephadm shell --fsid 7bffaaf6-9688-11ea-ac24-080027b4217f -c /etc/ceph/ceph.conf -k /etc/ceph/ceph.client.admin.keyring

INFO:cephadm:Please consider enabling telemetry to help improve Ceph:

ceph telemetry on

For more information see:

https://docs.ceph.com/docs/master/mgr/telemetry/

INFO:cephadm:Bootstrap complete.

4、此时可以通过最后给出的信息,登录管理页面了

5、修改配置文件

sudo vi /etc/ceph/ceph.conf

[global]
fsid = a4547d9d-f1a1-4753-b5cc-df0e043ebc65
mon_initial_members = ceph01
#原本生成的mon_host好像有些问题
#mon_host = [v2:ceph01:3300/0,v1:ceph:6789/0]
mon_host = 172.16.172.101
auth_cluster_required = cephx
auth_service_required = cephx
auth_client_required = cephx
public_network = 172.16.172.0/24

6、查看ceph状态

sudo ceph status
cluster:
id:     7bffaaf6-9688-11ea-ac24-080027b4217f
health: HEALTH_WARN
Reduced data availability: 1 pg inactive
OSD count 0 < osd_pool_default_size 3

services:
mon: 1 daemons, quorum ceph01 (age 35m)
mgr: ceph01.lreqdw(active, since 33m)
osd: 0 osds: 0 up, 0 in

data:
pools:   1 pools, 1 pgs
objects: 0 objects, 0 B
usage:   0 B used, 0 B / 0 B avail
pgs:     100.000% pgs unknown
1 unknown

7、三个子节点做好准备

#在ceph01
#将ceph.pub拷贝到其他三个节点
scp /etc/ceph/ceph.pub  neohope@ceph02:~/authorized_keys

#在ceph02
#启用root
sudo passwd -u root
#设置好root的authorized_keys
mv authorized_keys  /root/.ssh/
cd /root/.ssh/
chown root:root authorized_keys
chmod 0600 authorized_keys
#允许root ssh登录
sudo sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin yes/' /etc/ssh/sshd_config
sudo service ssh restart

#在ceph01
#获取私钥
sudo ceph config-key get mgr/cephadm/ssh_identity_key > ceph.pem
chmod 0600 ceph.pem
#测试root登录
ssh  -i ceph.pem root@ceph02

8、三个子节点加入网络

sudo ceph orch host add ceph02
Added host 'ceph02'

sudo ceph orch host add ceph03
Added host 'ceph03'

sudo ceph orch host add ceph04
Added host 'ceph04'

sudo ceph orch host ls
HOST    ADDR    LABELS  STATUS
ceph01  ceph01
ceph02  ceph02
ceph03  ceph03
ceph04  ceph04

9、设置mon

ceph orch apply mon 4
ceph orch apply mon ceph01,ceph02,ceph03,ceph04
sudo ceph status

ISTIO环境搭建02

换了3个云厂商,才把最后的例子跑完。。。

1、下载示例源码

git clone https://github.com/istio/istio.git
Cloning into 'istio'...

2、生成镜像

cd istio/samples/helloworld/src
./build_service.sh
Sending build context to Docker daemon  7.168kB
Step 1/8 : FROM python:2-onbuild
2-onbuild: Pulling from library/python
......

sudo docker images
REPOSITORY                           TAG                 IMAGE ID            CREATED             SIZE
istio/examples-helloworld-v2         latest              2c7736ccfb8b        45 seconds ago      713MB
istio/examples-helloworld-v1         latest              20be3b24eab7        46 seconds ago      713MB

3、镜像发到其他节点

# 备份镜像
sudo docker save -o hello1.tar 20be3b24eab7
sudo docker save -o hello2.tar 2c7736ccfb8b

# 镜像发送到其他3个节点,并导入
# 对于每个节点做下面的操作
scp -i ~/hwk8s.pem hello1.tar root@192.168.1.229:~/
scp -i ~/hwk8s.pem hello2.tar root@192.168.1.229:~/

ssh -i 192.168.1.229

sudo docker load -i hello1.tar
sudo docker tag 20be3b24eab7 istio/examples-helloworld-v1:latest

sudo docker load -i hello2.tar
sudo docker tag 2c7736ccfb8b istio/examples-helloworld-v2:latest

exit

4、部署helloworld

kubectl apply -f helloworld.yaml
service/helloworld created
deployment.apps/helloworld-v1 created
deployment.apps/helloworld-v2 created

kubectl apply -f helloworld-gateway.yaml
gateway.networking.istio.io/helloworld-gateway created
virtualservice.networking.istio.io/helloworld created

kubectl get pods
kubectl get deployments

5、测试并生成流量

# 设置环境变量
# 这里IP要选用内网IP
export INGRESS_PORT=$(kubectl -n istio-system get service istio-ingressgateway -o jsonpath='{.spec.ports[?(@.name=="http2")].nodePort}')
export GATEWAY_URL=192.168.1.124:$INGRESS_PORT

# 测试一下,会发现两次访问会用不同版本的服务
curl http://$GATEWAY_URL/hello
Hello version: v1, instance: helloworld-v1-5b75657f75-9dss5
curl http://$GATEWAY_URL/hello
Hello version: v2, instance: helloworld-v2-7855866d4f-rd2tr

# 也可以在外网,通过浏览器浏览
# 这里IP要选用外网IP
# 同样的,刷新浏览器会在不同版本服务之间切换
http://159.138.135.216:INGRESS_PORT/hello

# 生成访问流量
./loadgen.sh

6、使用kiali查看相关信息

#kiali 20001
istioctl dashboard kiali

#按上一节方法修改nginx配置内部端口
#重新加载配置
nginx -s reload

# 浏览器访问
http://159.138.135.216:8000

7、其他dashboard信息也可以用相同方法访问

#grafana 3000
istioctl dashboard grafana
#jaeger  16686
istioctl dashboard jaeger
#kiali 20001
istioctl dashboard kiali
#prometheus 9090
istioctl dashboard prometheus
#podid 9876
istioctl dashboard controlz podid
#podid 15000
istioctl dashboard envoy podid
#zipkin
istioctl dashboard zipkin

#按上一节方法修改nginx配置内部端口
#重新加载配置
nginx -s reload

# 浏览器访问
http://159.138.135.216:8000

ISTIO环境搭建01

1、首先,请根据前面k8s的教程,搭建一套可以运行的k8s环境
搭建Kubernetes环境01

搭建Kubernetes环境02

k8s-0001 159.138.135.216 192.168.1.124
k8s-0002 159.138.139.37 192.168.1.229
k8s-0003 159.138.31.39 192.168.1.187
k8s-0004 119.8.113.135 192.168.1.83

2、下载并部署istio

#下载并部署istio
curl -L https://istio.io/downloadIstio | sh -
cd istio-1.5.2
export PATH=$PWD/bin:$PATH
istioctl manifest apply --set profile=demo
Detected that your cluster does not support third party JWT authentication. Falling back to less secure first party JWT. See https://istio.io/docs/ops/best-practices/security/#configure-third-party-service-account-tokens for details.
- Applying manifest for component Base...
✔ Finished applying manifest for component Base.
- Applying manifest for component Pilot...
✔ Finished applying manifest for component Pilot.
Waiting for resources to become ready...
Waiting for resources to become ready...
Waiting for resources to become ready...
Waiting for resources to become ready...
Waiting for resources to become ready...
- Applying manifest for component EgressGateways...
- Applying manifest for component IngressGateways...
- Applying manifest for component AddonComponents...
✔ Finished applying manifest for component EgressGateways.
✔ Finished applying manifest for component AddonComponents.
✔ Finished applying manifest for component IngressGateways.
✔ Installation complete

#告知istio,对default空间下的pod自动注入Envoy sidecar
kubectl label namespace default istio-injection=enabled
namespace/default labeled

3、部署demo

#部署
kubectl apply -f samples/bookinfo/platform/kube/bookinfo.yaml

#查看pods情况
kubectl get pods
NAME                              READY   STATUS    RESTARTS   AGE
details-v1-6fc55d65c9-kxxpm       2/2     Running   0          106s
productpage-v1-7f44c4d57c-h6h7p   2/2     Running   0          105s
ratings-v1-6f855c5fff-2rjz9       2/2     Running   0          105s
reviews-v1-54b8794ddf-tq5vm       2/2     Running   0          106s
reviews-v2-c4d6568f9-q8mvs        2/2     Running   0          106s
reviews-v3-7f66977689-ccp9c       2/2     Running   0          106s

#查看services情况
kubectl get services
NAME          TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)    AGE
details       ClusterIP   10.104.68.235   <none>        9080/TCP   89s
kubernetes    ClusterIP   10.96.0.1       <none>        443/TCP    31m
productpage   ClusterIP   10.106.255.85   <none>        9080/TCP   89s
ratings       ClusterIP   10.103.19.155   <none>        9080/TCP   89s
reviews       ClusterIP   10.110.79.44    <none>        9080/TCP   89s</none></none></none></none></none>

# 开启外部访问
kubectl apply -f samples/bookinfo/networking/bookinfo-gateway.yaml
gateway.networking.istio.io/bookinfo-gateway created
virtualservice.networking.istio.io/bookinfo created

#查看gateway情况
kubectl get gateway
NAME               AGE
bookinfo-gateway   7s

4、设置ingress

# 查看是否配置了外部IP
kubectl get svc istio-ingressgateway -n istio-system
NAME                   TYPE           CLUSTER-IP      EXTERNAL-IP   PORT(S)                                                                                                                                      AGE
istio-ingressgateway   LoadBalancer   10.105.220.60   <pending>     15020:32235/TCP,80:30266/TCP,443:30265/TCP,15029:30393/TCP,15030:30302/TCP,15031:30789/TCP,15032:31411/TCP,31400:30790/TCP,15443:31341/TCP   5m30s</pending>

#使用node的地址作为host,和LB只需要配置一种
export INGRESS_HOST=47.57.158.253

#使用LB的地址作为host,和node只需要配置一种
export INGRESS_HOST=$(kubectl -n istio-system get service istio-ingressgateway -o jsonpath='{.status.loadBalancer.ingress[0].ip}')

#配置http端口
export INGRESS_PORT=$(kubectl -n istio-system get service istio-ingressgateway -o jsonpath='{.spec.ports[?(@.name=="http2")].nodePort}')

#配置https端口
export SECURE_INGRESS_PORT=$(kubectl -n istio-system get service istio-ingressgateway -o jsonpath='{.spec.ports[?(@.name=="https")].nodePort}')

#设置并查看外部访问地址
export GATEWAY_URL=$INGRESS_HOST:$INGRESS_PORT
echo http://$GATEWAY_URL/productpage

#此时就可以通过节点的ip地址来访问部署的实例了
#浏览器打开上面输出的地址
#http://47.57.158.253:30266/productpage

5、开启管理页面

#开始kaili
istioctl dashboard kiali

#安装nginx
#并设置反向代理
vi /etc/nginx/nginx.conf
http {

upstream backend {
# 代理的本地端口
server 127.0.0.1:20001;
}

server {
# 访问的外部端口
listen 8000;
location / {
proxy_pass http://backend;
}
}

}

# 通过反向代理的8000端口就可以访问kiali的管理界面了
# #http://47.57.158.253:8000

PS:
必须开放的TCP端口有:

8000 nginx代理端口
8001 k8s默认代理端口
30266 bookinfo demo端口,会变更

编译V8引擎

1、安装Visual Studio 2017

2、从微软下载Windows 10 SDK,安装“Debugging Tools for Windows”

https://developer.microsoft.com/en-US/windows/downloads/windows-10-sdk/

3、设置代理

# git的http代理设置
git config --global http.proxy 127.0.0.1:9528
git config --global https.proxy 127.0.0.1:9528

# 可以通过操作系统设置http代理
# 也可以通过通过命令行设置http代理设置(管理员权限)
netsh winhttp set proxy 127.0.0.1:9528

# 设置cipd_client的http代理设置
set HTTP_PROXY=127.0.0.1:9528
set HTTPS_PROXY=127.0.0.1:9528

4、环境变量

# 启动 VS2017 x86_amd64 命令行环境
"C:\Program Files (x86)\Microsoft Visual Studio\2017\Enterprise\VC\Auxiliary\Build\vcvarsx86_amd64.bat"

# 环境变量
set PATH=D:\GitGoogleV8\depot_tools_win;D:\NeoLang\Python\Python37;%PATH%
set DEPOT_TOOLS_WIN_TOOLCHAIN=0

5、下载源码

mkdir V8Build
cd V8Build
# V8Build
fetch v8

cd v8
# V8Build/v8
git pull origin 8.3.82
cd ..

6、同步环境

# V8Build
gclient sync

7、生成解决方案

cd v8/src
# V8Build/v8/src
gn gen --ide=vs out\Default
# 也可以设置filters,如果是看chrome源码,最好设置一下,因为有几千个项目
# gn gen --ide=vs --filters=//chrome --no-deps out\Default

8、编译

# 用vs打开sln,并编译
# 编译过程中,有时会出现文件无法访问等情况
# 可以在命令行中执行,然后用VS继续编译就可以成功了
# V8Build/v8/src
devenv out\Default\all.sln

9、测试

# V8Build/v8/src
cd out\Default
# V8Build/v8/src/out/Default
v8_shell.exe

蓝牙鼠标支持双系统

操作系统与蓝牙鼠标之间的配对,是通过三个关键值完成的:
本机蓝牙ID,鼠标蓝牙ID,LinkKey
蓝牙鼠标在配对后,连接电脑蓝牙设备时,三个值必须一致,双方才能连接成功。
对于单系统来说不会引起什么问题,但对于双系统的电脑来说,就会有问题了。

比如,你是Windows和Ubuntu双系统,或Windows和Mac双系统。
在第一个系统中配对后,会生成一个LinkKey,鼠标就可以在第一个系统中连接成功,但无法在第二个系统中连接成功。
在第二个系统配对后会生成另外一个LinkKey,鼠标就可以在第二个系统中连接成功,但无法在第一个系统中连接成功。
所以,要蓝牙鼠标支持双系统,就要把两个系统的LinkKey改为一致。

一、首先是Windows和Ubuntu双系统:
1、在Windows下配对鼠标
2、在Ubuntu下配对鼠标
3、在Ubuntu下查找配对后的LinkKey

#3.1、定位你的设备配置文件
#一般来说本机蓝牙ID只会有一个,是以:分割的一长串十六机制数字
#蓝牙设备,就是全部配过对的蓝牙设备,可以通过查看info文件判断哪个是你的蓝牙鼠标
sudo vi /var/lib/bluetooth/本机蓝牙ID/鼠标蓝牙ID/info
#3.2、找到LinkKey
#找到下面部分,并记录下来
[linkkey]
key=16位16进制数字

4、重启进入Windows

#4.1、运行命令regedit,打开注册表编辑器
#4.2、定位到下面的位置,其中:
#本机蓝牙ID与Linux下一致,只是没有:分割
#鼠标蓝牙ID与Linux下一致,只是没有:分割
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\本机蓝牙ID
鼠标蓝牙ID=16位16进制数字
#4.3、修改LinkKey,使其与Ubunt下LinkKey一致

5、重新连接蓝牙鼠标试试,是不是两个系统都可以了?

此外,由于Ubuntu默认BIOS中是UTC时间,而Windows默认BIOS是本地时区时间,所以重启后,时间会不一致,比如东八区会相差8小时。可以通过将Ubuntu的BIOS时间也设置为本地时区来解决:

sudo timedatectl set-local-rtc 1

二、然后是Windows和Mac双系统:
1、在Windows下配对鼠标
2、在Mac下配对鼠标
3、在Mac下查找配对后的LinkKey

sudo defaults read /private/var/root/Library/Preferences/blued.plist
#找到Linkkey【一串16位16进制数字】,并记录下来

4、计算Windows的Linkkey

#4.1、假设Mac下的LinkKey为
#98542ff9 88e19449 475250e1 3943255b
#4.2、按每两个数字进行分组,然后从后向前倒序排列,就可以得到Windows下的LinkKey
#空格是为了方便大家查看才添加的
#5b254339 e1505247 4994e188 f92f5498

5、重启进入Windows

#4.1、运行命令regedit,打开注册表编辑器
#4.2、定位到下面的位置,其中:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\本机蓝牙ID
鼠标蓝牙ID=16位16进制数字
#4.3、修改LinkKey,使其与计算的到的LinkKey一致

6、重新连接蓝牙鼠标试试,是不是两个系统都可以了?

三、上面的都好烦,有没有其他办法?
1、使用有线鼠标
2、使用带有接收器的蓝牙鼠标

Ubuntu安装Nvidia驱动

1、检查显卡型号

#查看显卡型号
lshw -numeric -C display

#查看对应显卡驱动的版本
https://www.nvidia.com/Download/index.aspx

2、安装驱动
2.1、Ubuntu自动安装(适用于不太新的显卡)

sudo ubuntu-drivers devices
sudo ubuntu-drivers autoinstall

2.2、手动安装(适用于比较新的显卡)

sudo add-apt-repository ppa:graphics-drivers/ppa
sudo apt update
sudo apt-get install

3、此外如果你的电脑BIOS支持Security Boot,需要设置密码才能用非官方驱动,如果设备环境相对可控安全级别没有这么高,可以考虑关闭这个功能。
否则,出现的情况就是Ubuntu无法加载该驱动,比如CUI登录正常,但一启动GUI界面,就会自动关机。这个有些坑,我重装了3遍才发现。

Synology DS418 Paly安装Docker

去年入手了DS418 Play,一直没时间弄,春节期间正好搞一下,把Docker功能开起来。

1、DS418 Play在应用商店是没有Docker,但可以用DS418或DS918的安装文件
到官网,下载得到Docker-x64-18.09.0-0506.spk。

https://www.synology.cn/zh-cn/support/download/DS918+#packages

2、通过管理软件,网页上传安装spk文件包

3、安装后,就可以在应用界面看到docker了

4、如果网络比较好,就可以直接在应用界面开启docker

5、我这边网络比较差,所以要下载镜像后,再上传到DS418 Play
5.1、开启DS418 Play的ssh功能
5.2、找一台网速好的机器

#拉取镜像
sudo docker pull gitlab/gitlab-ce
#导出镜像
sudo docker save -o gitlab-ce.img gitlab/gitlab-ce

5.3、把镜像拷贝到DS418 Play
5.4、SSH到DS418 Play,导入镜像

#SSH登录
ssh DS418PlayIP
#导出镜像
sudo docker load -i ~/PATH_TO_IMG/gitlab-ce.img

6、创建挂载路径

mkdir /volume2/gitlab/etc
mkdir /volume2/gitlab/log
mkdir /volume2/gitlab/data

7、创建容器

sudo docker run \
--detach \
--publish 9443:443 \
--publish 9080:80 \
--name gitlab \
--restart unless-stopped \
-v /volume2/gitlab/etc:/etc/gitlab \
-v /volume2/gitlab/log:/var/log/gitlab \
-v /volume2/gitlab/data:/var/opt/gitlab \
gitlab/gitlab-ce:latest

8、修改配置文件

vi /mnt/gitlab/etc/gitlab.rb

#配置gitlab上看到的项目地址
external_url 'http://群晖IP:9080'

#配置邮箱
gitlab_rails['gitlab_email_from'] = 'xxx@qq.com'
gitlab_rails['smtp_enable'] = true
gitlab_rails['smtp_address'] = "smtp.qq.com"
gitlab_rails['smtp_port'] = 465
gitlab_rails['smtp_user_name'] = "xxx@qq.com"
gitlab_rails['smtp_password'] = "xxx"
gitlab_rails['smtp_domain'] = "qq.com"
gitlab_rails['smtp_authentication'] = "login"
gitlab_rails['smtp_enable_starttls_auto'] = true
gitlab_rails['smtp_tls'] = true

#关闭不需要的服务
prometheus['enable'] = false
prometheus_monitoring['enable'] = false
grafana['enable'] = false

9、刷新配置

sudo docker exec gitlab gitlab-ctl reconfigure

10、查看日志

sudo docker exec gitlab gitlab-ctl status
sudo docker exec gitlab gitlab-ctl tail gitaly

11、登录系统

http://群晖IP:9080
默认用户名为root,系统会自动提示修改密码