RancherOS Cluster
Aus C3D2
Version vom 19. Mai 2019, 16:23 Uhr von Daniel.plominski (Diskussion | Beiträge)
Inhaltsverzeichnis
- 1 Ankündigung
- 2 Aufbau
- 3 Umsetzung: Sun May 19
- 3.1 Wahl des Servers
- 3.2 BIOS Einstellungen
- 3.3 SmartOS Installation
- 3.4 IPMI per SmartOS (mittels ipmitool) konfigurieren
- 3.5 SmartOS - LX-Zone (Debian) erstellen
- 3.6 SmartOS - KVM erstellen
- 3.7 SmartOS - KVM - RancherOS Installation
Ankündigung
Hallo, das WE komme ich in den Club und hatte folgendes vor: Eine minimalistische Ramdisk bauen, welche Netzwerkunterstützung und das Tool DD beinhaltet. Lauffähig soll es auf i386 Hardware mit max. 16 MB RAM! werden. Freitag: (heute spät am Abend) 1. SmartOS Server als Virtualisierungsumgebung aufsetzen 2. RancherOS Cluster aufsetzen 3. Draw.IO aufsetzen, für Datenfluss Dokumentation Samstag: 1. grundlegendes Verständnis erarbeiten was alles für den Bau eines Images benötigt wird Sonntag: (nice to have) 1. Templates für Docker Images erstellen und im Rancher Cluster testen Freue mich auf eventuelle Mitstreiter
Aufbau
- 2 x FSC RX300 S6?
- 2 x Dell R510?
Umsetzung: Sun May 19
Wahl des Servers
- Server7
BIOS Einstellungen
- Hyperthreading aus (weil broken by design)
- Aggressive Link Power Management aus
- NUMA an
- boot nur vom USB-Stick
SmartOS Installation
SmartOS Bootvorgang
SmartOS Installationsablauf
SmartOS Nachoptimierungen
[root@server7smarti1 ~]# zfs list
NAME USED AVAIL REFER MOUNTPOINT
zones 137G 723G 784K /zones
zones/archive 96K 723G 96K /zones/archive
zones/config 124K 723G 124K legacy
zones/cores 192K 723G 96K none
zones/cores/global 96K 10,0G 96K /zones/global/cores
zones/dump 4,92G 723G 4,92G -
zones/opt 96K 723G 96K legacy
zones/swap 132G 855G 56K -
zones/usbkey 120K 723G 120K legacy
zones/var 1,24M 723G 1,24M legacy
[root@server7smarti1 ~]#
[root@server7smarti1 ~]# zfs create zones/c3d2.de
[root@server7smarti1 ~]# zfs create zones/c3d2.de/admin
[root@server7smarti1 ~]# zfs create zones/c3d2.de/iso
[root@server7smarti1 ~]#
[root@server7smarti1 ~]# zfs list -o name | egrep -v "NAME" | xargs -L 1 -I % zfs set checksum=on %
[root@server7smarti1 ~]# zfs set checksum=noparity zones/dump
[root@server7smarti1 ~]# zfs list -o name | egrep -v "NAME" | xargs -L 1 -I % zfs set compression=lz4 %
[root@server7smarti1 ~]# zfs set compression=off zones/dump
[root@server7smarti1 ~]# zfs set compression=off zones/swap
[root@server7smarti1 ~]# zfs list -o name | egrep -v "NAME" | xargs -L 1 -I % zfs set dedup=off %
[root@server7smarti1 ~]# zfs list -o name | egrep -v "NAME" | xargs -L 1 -I % zfs set atime=off %
cannot set property for 'zones/dump': 'atime' does not apply to datasets of this type
cannot set property for 'zones/swap': 'atime' does not apply to datasets of this type
[root@server7smarti1 ~]# zfs list -o name | egrep -v "NAME" | xargs -L 1 -I % zfs set primarycache=all %
[root@server7smarti1 ~]# zfs set primarycache=metadata zones/swap
[root@server7smarti1 ~]#
[root@server7smarti1 ~]# cd /zones/c3d2.de/admin
Default System Config mit Germany Keymap
╭─daniel at it-daniel in ~ using
╰─○ ssh root@172.22.99.245
Password:
- SmartOS (build: 20190510T131809Z)
[root@server7smarti1 ~]# cat /usbkey/config
#
# This file was auto-generated and must be source-able by bash.
#
### ### ### C3D2 // ### ### ###
admin_nic=00:25:90:4f:1c:3c
admin_ip=172.22.99.245
admin_netmask=255.255.255.0
admin_network=
admin_gateway=172.22.99.245
headnode_default_gateway=172.22.99.1
dns_resolvers=9.9.9.9,149.112.112.112
dns_domain=c3d2.local
ntp_hosts=0.smartos.pool.ntp.org
compute_node_ntp_hosts=172.22.99.245
hostname=server7smarti1
default_keymap=germany
### ### ### // C3D2 ### ### ###
# EOF
[root@server7smarti1 ~]# sync; reboot
Connection to 172.22.99.245 closed by remote host.
Connection to 172.22.99.245 closed.
╭─daniel at it-daniel in ~ using
╰─○
SmartOS Backup Script
[root@server7smarti1 /zones/c3d2.de/admin]# wget --no-check-certificate https://raw.githubusercontent.com/ass-a2s/smartos-zone-backup/master/smartos-zone-backup.conf
--2019-05-19 09:02:01-- https://raw.githubusercontent.com/ass-a2s/smartos-zone-backup/master/smartos-zone-backup.conf
Resolving raw.githubusercontent.com (raw.githubusercontent.com)... 151.101.12.133
Connecting to raw.githubusercontent.com (raw.githubusercontent.com)|151.101.12.133|:443... connected.
WARNING: cannot verify raw.githubusercontent.com's certificate, issued by ‘CN=DigiCert SHA2 High Assurance Server CA,OU=www.digicert.com,O=DigiCert Inc,C=US’:
Unable to locally verify the issuer's authority.
HTTP request sent, awaiting response... 200 OK
Length: 160 [text/plain]
Saving to: ‘smartos-zone-backup.conf’
smartos-zone-backup.conf 100%[================================================================================================================>] 160 --.-KB/s in 0s
2019-05-19 09:02:01 (8,35 MB/s) - ‘smartos-zone-backup.conf’ saved [160/160]
[root@server7smarti1 /zones/c3d2.de/admin]# wget --no-check-certificate https://raw.githubusercontent.com/ass-a2s/smartos-zone-backup/master/smartos-zone-backup.exclude
--2019-05-19 09:02:08-- https://raw.githubusercontent.com/ass-a2s/smartos-zone-backup/master/smartos-zone-backup.exclude
Resolving raw.githubusercontent.com (raw.githubusercontent.com)... 151.101.12.133
Connecting to raw.githubusercontent.com (raw.githubusercontent.com)|151.101.12.133|:443... connected.
WARNING: cannot verify raw.githubusercontent.com's certificate, issued by ‘CN=DigiCert SHA2 High Assurance Server CA,OU=www.digicert.com,O=DigiCert Inc,C=US’:
Unable to locally verify the issuer's authority.
HTTP request sent, awaiting response... 200 OK
Length: 0 [text/plain]
Saving to: ‘smartos-zone-backup.exclude’
smartos-zone-backup.exclude [ <=> ] 0 --.-KB/s in 0s
2019-05-19 09:02:08 (0,00 B/s) - ‘smartos-zone-backup.exclude’ saved [0/0]
[root@server7smarti1 /zones/c3d2.de/admin]# wget --no-check-certificate https://raw.githubusercontent.com/ass-a2s/smartos-zone-backup/master/smartos-zone-backup.include
--2019-05-19 09:02:12-- https://raw.githubusercontent.com/ass-a2s/smartos-zone-backup/master/smartos-zone-backup.include
Resolving raw.githubusercontent.com (raw.githubusercontent.com)... 151.101.12.133
Connecting to raw.githubusercontent.com (raw.githubusercontent.com)|151.101.12.133|:443... connected.
WARNING: cannot verify raw.githubusercontent.com's certificate, issued by ‘CN=DigiCert SHA2 High Assurance Server CA,OU=www.digicert.com,O=DigiCert Inc,C=US’:
Unable to locally verify the issuer's authority.
HTTP request sent, awaiting response... 200 OK
Length: 0 [text/plain]
Saving to: ‘smartos-zone-backup.include’
smartos-zone-backup.include [ <=> ] 0 --.-KB/s in 0s
2019-05-19 09:02:13 (0,00 B/s) - ‘smartos-zone-backup.include’ saved [0/0]
[root@server7smarti1 /zones/c3d2.de/admin]# wget --no-check-certificate https://raw.githubusercontent.com/ass-a2s/smartos-zone-backup/master/smartos-zone-backup.log
--2019-05-19 09:02:20-- https://raw.githubusercontent.com/ass-a2s/smartos-zone-backup/master/smartos-zone-backup.log
Resolving raw.githubusercontent.com (raw.githubusercontent.com)... 151.101.112.133
Connecting to raw.githubusercontent.com (raw.githubusercontent.com)|151.101.112.133|:443... connected.
WARNING: cannot verify raw.githubusercontent.com's certificate, issued by ‘CN=DigiCert SHA2 High Assurance Server CA,OU=www.digicert.com,O=DigiCert Inc,C=US’:
Unable to locally verify the issuer's authority.
HTTP request sent, awaiting response... 200 OK
Length: 0 [text/plain]
Saving to: ‘smartos-zone-backup.log’
smartos-zone-backup.log [ <=> ] 0 --.-KB/s in 0s
2019-05-19 09:02:20 (0,00 B/s) - ‘smartos-zone-backup.log’ saved [0/0]
[root@server7smarti1 /zones/c3d2.de/admin]# wget --no-check-certificate https://raw.githubusercontent.com/ass-a2s/smartos-zone-backup/master/smartos-zone-backup.sh
--2019-05-19 09:02:22-- https://raw.githubusercontent.com/ass-a2s/smartos-zone-backup/master/smartos-zone-backup.sh
Resolving raw.githubusercontent.com (raw.githubusercontent.com)... 151.101.112.133
Connecting to raw.githubusercontent.com (raw.githubusercontent.com)|151.101.112.133|:443... connected.
WARNING: cannot verify raw.githubusercontent.com's certificate, issued by ‘CN=DigiCert SHA2 High Assurance Server CA,OU=www.digicert.com,O=DigiCert Inc,C=US’:
Unable to locally verify the issuer's authority.
HTTP request sent, awaiting response... 200 OK
Length: 11392 (11K) [text/plain]
Saving to: ‘smartos-zone-backup.sh’
smartos-zone-backup.sh 100%[================================================================================================================>] 11,12K --.-KB/s in 0,009s
2019-05-19 09:02:24 (1,15 MB/s) - ‘smartos-zone-backup.sh’ saved [11392/11392]
[root@server7smarti1 /zones/c3d2.de/admin]#
[root@server7smarti1 /zones/c3d2.de/admin]# chmod 0755 smartos-zone-backup.sh
[root@server7smarti1 /zones/c3d2.de/admin]# ls -all
total 47
drwxr-xr-x 2 root root 7 Mai 19 09:02 .
drwxr-xr-x 4 root root 4 Mai 19 08:52 ..
-rw-r--r-- 1 root root 160 Mai 19 09:02 smartos-zone-backup.conf
-rw-r--r-- 1 root root 0 Mai 19 09:02 smartos-zone-backup.exclude
-rw-r--r-- 1 root root 0 Mai 19 09:02 smartos-zone-backup.include
-rw-r--r-- 1 root root 0 Mai 19 09:02 smartos-zone-backup.log
-rwxr-xr-x 1 root root 11392 Mai 19 09:02 smartos-zone-backup.sh
[root@server7smarti1 /zones/c3d2.de/admin]#
IPMI per SmartOS (mittels ipmitool) konfigurieren
alte Konfiguration
[root@smarti ~]# ipmitool lan print
Set in Progress : Set Complete
Auth Type Support : NONE MD2 MD5 PASSWORD
Auth Type Enable : Callback : MD2 MD5 PASSWORD
: User : MD2 MD5 PASSWORD
: Operator : MD2 MD5 PASSWORD
: Admin : MD2 MD5 PASSWORD
: OEM : MD2 MD5 PASSWORD
IP Address Source : Static Address
IP Address : 10.0.3.23
Subnet Mask : 255.255.255.0
MAC Address : 00:25:90:2f:3d:fa
SNMP Community String : public
IP Header : TTL=0x00 Flags=0x00 Precedence=0x00 TOS=0x00
BMC ARP Control : ARP Responses Enabled, Gratuitous ARP Disabled
Default Gateway IP : 10.0.3.254
Default Gateway MAC : 00:00:00:00:00:00
Backup Gateway IP : 0.0.0.0
Backup Gateway MAC : 00:00:00:00:00:00
802.1q VLAN ID : Disabled
802.1q VLAN Priority : 0
RMCP+ Cipher Suites : 1,2,3,6,7,8,11,12
Cipher Suite Priv Max : aaaaXXaaaXXaaXX
: X=Cipher Suite Unused
: c=CALLBACK
: u=USER
: o=OPERATOR
: a=ADMIN
: O=OEM
[root@smarti ~]#
neu konfigurieren
[root@smarti ~]#
[root@smarti ~]# ipmitool lan set 1 ipsrc static
[root@smarti ~]# ipmitool lan set 1 ipaddr 172.22.99.244
Setting LAN IP Address to 172.22.99.244
[root@smarti ~]# ipmitool lan set 1 netmask 255.255.255.0
Setting LAN Subnet Mask to 255.255.255.0
[root@smarti ~]# ipmitool lan set 1 defgw ipaddr 172.22.99.1
Setting LAN Default Gateway IP to 172.22.99.1
[root@smarti ~]# ipmitool lan set 1 defgw macaddr 0a:14:48:01:07:00
Setting LAN Default Gateway MAC to 0a:14:48:01:07:00
[root@smarti ~]# ipmitool lan set 1 arp respond on
Enabling BMC-generated ARP responses
[root@smarti ~]# ipmitool lan set 1 auth ADMIN MD5
[root@smarti ~]# ipmitool lan set 1 access on
[root@smarti ~]#
neue Konfiguration
[root@smarti ~]# ipmitool lan print
Set in Progress : Set Complete
Auth Type Support : NONE MD2 MD5 PASSWORD
Auth Type Enable : Callback : MD2 MD5 PASSWORD
: User : MD2 MD5 PASSWORD
: Operator : MD2 MD5 PASSWORD
: Admin : MD5
: OEM : MD2 MD5 PASSWORD
IP Address Source : Static Address
IP Address : 172.22.99.244
Subnet Mask : 255.255.255.0
MAC Address : 00:25:90:2f:3d:fa
SNMP Community String : public
IP Header : TTL=0x00 Flags=0x00 Precedence=0x00 TOS=0x00
BMC ARP Control : ARP Responses Enabled, Gratuitous ARP Disabled
Default Gateway IP : 172.22.99.1
Default Gateway MAC : 0a:14:48:01:07:00
Backup Gateway IP : 0.0.0.0
Backup Gateway MAC : 00:00:00:00:00:00
802.1q VLAN ID : Disabled
802.1q VLAN Priority : 0
RMCP+ Cipher Suites : 1,2,3,6,7,8,11,12
Cipher Suite Priv Max : aaaaXXaaaXXaaXX
: X=Cipher Suite Unused
: c=CALLBACK
: u=USER
: o=OPERATOR
: a=ADMIN
: O=OEM
[root@smarti ~]#
- neues ADMIN Passwort per IPMI Web UI gesetzt, siehe: http://172.22.99.244
- PW Hinweis: (Denk an unsere Erde)
IPMI Firmware Update
- Mainboard Version herausfinden
[root@smarti ~]# sysinfo
{
"Live Image": "20190510T131809Z",
"System Type": "SunOS",
"Boot Time": "1558250640",
"SDC Version": "7.0",
"Manufacturer": "Supermicro",
"Product": "X9DRT-F/IBQF/IBFF",
"Serial Number": "0123456789",
"SKU Number": "To be filled by O.E.M.",
"HW Version": "0123456789",
"HW Family": "To be filled by O.E.M.",
"Setup": "false",
"VM Capable": true,
"Bhyve Capable": true,
"Bhyve Max Vcpus": 32,
"HVM API": true,
"CPU Type": "Intel(R) Xeon(R) CPU E5-2680 v2 @ 2.80GHz",
"CPU Virtualization": "vmx",
"CPU Physical Cores": 2,
"Admin NIC Tag": "admin",
"Admin IP": "dhcp",
"UUID": "00000000-0000-0000-0000-0025904f1c3c",
"Hostname": "smarti",
"CPU Total Cores": 20,
"MiB of Memory": "131038",
"Zpool": "zones",
"Zpool Disks": "c1t6479A71D12653333d0,c3t1d0",
"Zpool Profile": "striped",
"Zpool Creation": 1558250466,
"Zpool Size in GiB": 860,
"Disks": {
"c1t6479A71D12653333d0": {"Size in GB": 960},
"c3t1d0": {"Size in GB": 250}
},
"Boot Parameters": {
"module_name_0": "environment",
"console": "text",
"boot_args": "",
"bootargs": "",
"bootfile": "unix",
"os_console": "text",
"root_shadow": "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXxx",
"screen_#cols": "158",
"screen_#rows": "63",
"screen_font": "8x16",
"screen_height": "1024",
"screen_width": "1280",
"smartos": "true"
},
"Network Interfaces": {
"igb0": {"MAC Address": "00:25:90:4f:1c:3c", "ip4addr": "172.22.99.186", "Link Status": "up", "NIC Names": ["admin"]},
"igb1": {"MAC Address": "00:25:90:4f:1c:3d", "ip4addr": "", "Link Status": "down", "NIC Names": []}
},
"Virtual Network Interfaces": {
},
"Link Aggregations": {
}
}
[root@smarti ~]#
- X9DRT-F
- https://www.supermicro.com/support/bios/firmware.aspx
- SMT_X9_336.zip
- Upgrade per Web UI
- Upgrade unbedingt per Firefox (nicht Google-Chrome / Chromium) durchführen
Module Name Existing Version New Version
IPMI_FW 02.16 03.36
- bei Problemen mit der Java Security lassen sich alte IPMI Versionen auch lokal aus den hohen Sicherheitseinstellungen excluden, mittels:
javaws -viewer
SmartOS - LX-Zone (Debian) erstellen
SmartOS - KVM erstellen
Vorbereitung
- Template ZFS Dataset erstellen
[root@server7smarti1 ~]#
[root@server7smarti1 ~]# zfs create zones/c3d2.de/templates
[root@server7smarti1 ~]#
- ISO downloaden
[root@server7smarti1 ~]#
[root@server7smarti1 ~]# cd /zones/c3d2.de/iso/
[root@server7smarti1 /zones/c3d2.de/iso]#
[root@server7smarti1 /zones/c3d2.de/iso]# wget --no-check-certificate https://releases.rancher.com/os/v1.5.1/rancheros.iso
--2019-05-19 09:28:08-- https://releases.rancher.com/os/v1.5.1/rancheros.iso
Resolving releases.rancher.com (releases.rancher.com)... 104.24.16.51, 104.24.17.51, 2606:4700:20::6818:1033, ...
Connecting to releases.rancher.com (releases.rancher.com)|104.24.16.51|:443... connected.
WARNING: cannot verify releases.rancher.com's certificate, issued by ‘CN=COMODO ECC Domain Validation Secure Server CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB’:
Unable to locally verify the issuer's authority.
HTTP request sent, awaiting response... 200 OK
Length: 135266304 (129M) [application/x-iso9660-image]
Saving to: ‘rancheros.iso’
rancheros.iso 100%[================================================================================================================>] 129,00M 8,81MB/s in 13s
2019-05-19 09:28:23 (9,60 MB/s) - ‘rancheros.iso’ saved [135266304/135266304]
[root@server7smarti1 /zones/c3d2.de/iso]# ls -al
total 261987
drwxr-xr-x 2 root root 3 Mai 19 09:28 .
drwxr-xr-x 5 root root 5 Mai 19 09:27 ..
-rw-r--r-- 1 root root 135266304 Feb. 11 17:14 rancheros.iso
[root@server7smarti1 /zones/c3d2.de/iso]# mv rancheros.iso rancheros151.iso
[root@server7smarti1 /zones/c3d2.de/iso]#
[root@server7smarti1 /zones/c3d2.de/iso]# ls -al
total 261987
drwxr-xr-x 2 root root 3 Mai 19 09:29 .
drwxr-xr-x 5 root root 5 Mai 19 09:27 ..
-rw-r--r-- 1 root root 135266304 Feb. 11 17:14 rancheros151.iso
[root@server7smarti1 /zones/c3d2.de/iso]#
RancherOS KVM erstellen
[root@server7smarti1 ~]#
[root@server7smarti1 ~]# cd /zones/c3d2.de/templates/
[root@server7smarti1 /zones/c3d2.de/templates]#
[root@server7smarti1 /zones/c3d2.de/templates]# cat 1.server7smarti1-admin-kvm-ranchercluster1.json
{
"brand": "kvm",
"autoboot": true,
"alias": "server7smarti1-admin-kvm-ranchercluster1",
"hostname": "server7smarti1-admin-kvm-ranchercluster1",
"resolvers": [
"9.9.9.9",
"149.112.112.112"
],
"nics": [
{
"nic_tag": "admin",
"ip": "172.22.99.246",
"ips": ["172.22.99.246/24", "addrconf"],
"netmask": "255.255.255.0",
"gateway": "172.22.99.1",
"model": "virtio",
"allow_restricted_traffic": true,
"primary": true
}
],
"vcpus": "6",
"ram": "16384",
"disks": [
{
"boot": true,
"model": "virtio",
"compression": "lz4",
"size": 131072,
"block_size": 8192
}
],
"internal_metadata": {},
"vnc_port": "10001",
"vnc_password": "c3d2",
"cpu_type": "qemu64",
"qemu_extra_opts": "-k de"
}
[root@server7smarti1 /zones/c3d2.de/templates]# vmadm create -f 1.server7smarti1-admin-kvm-ranchercluster1.json
Successfully created VM 3516ab22-69b0-e327-95ec-f9be8852ee44
[root@server7smarti1 /zones/c3d2.de/templates]#
[root@server7smarti1 /zones/c3d2.de/templates]# sleep 30
[root@server7smarti1 /zones/c3d2.de/templates]#
[root@server7smarti1 /zones/c3d2.de/templates]# vmadm kill 3516ab22-69b0-e327-95ec-f9be8852ee44
Sent signal "SIGTERM" to init process for VM 3516ab22-69b0-e327-95ec-f9be8852ee44
[root@server7smarti1 /zones/c3d2.de/templates]#
[root@server7smarti1 /zones/c3d2.de/templates]# sleep 10
[root@server7smarti1 /zones/c3d2.de/templates]#
[root@server7smarti1 /zones/c3d2.de/templates]# vmadm list
UUID TYPE RAM STATE ALIAS
3516ab22-69b0-e327-95ec-f9be8852ee44 KVM 16384 stopped server7smarti1-admin-kvm-ranchercluster1
[root@server7smarti1 /zones/c3d2.de/templates]#
RancherOS ISO in die Non-Global Zone kopieren
[root@server7smarti1 /zones/c3d2.de/templates]# cp /zones/c3d2.de/iso/rancheros151.iso /zones/3516ab22-69b0-e327-95ec-f9be8852ee44/root
[root@server7smarti1 /zones/c3d2.de/templates]#
KVM Installation mit der ISO beginnen
[root@server7smarti1 /zones/c3d2.de/templates]#
[root@server7smarti1 /zones/c3d2.de/templates]# vmadm list
UUID TYPE RAM STATE ALIAS
3516ab22-69b0-e327-95ec-f9be8852ee44 KVM 16384 stopped server7smarti1-admin-kvm-ranchercluster1
[root@server7smarti1 /zones/c3d2.de/templates]#
[root@server7smarti1 /zones/c3d2.de/templates]# vmadm start 3516ab22-69b0-e327-95ec-f9be8852ee44 order=cd,once=d cdrom=rancheros151.iso,ide
Successfully started VM 3516ab22-69b0-e327-95ec-f9be8852ee44
[root@server7smarti1 /zones/c3d2.de/templates]#
[root@server7smarti1 /zones/c3d2.de/templates]# vmadm info 3516ab22-69b0-e327-95ec-f9be8852ee44 vnc
{
"vnc": {
"host": "172.22.99.245",
"port": 10001,
"display": 4101,
"password": "c3d2"
}
}
[root@server7smarti1 /zones/c3d2.de/templates]#
[root@server7smarti1 /zones/c3d2.de/templates]# vmadm list
UUID TYPE RAM STATE ALIAS
3516ab22-69b0-e327-95ec-f9be8852ee44 KVM 16384 running server7smarti1-admin-kvm-ranchercluster1
[root@server7smarti1 /zones/c3d2.de/templates]#
SmartOS - KVM - RancherOS Installation
RancherOS Live System Environment
Passwort vom User: rancher umbenennen und Remote SSH Login durchführen
[rancher@server7smarti1-admin-kvm-ranchercluster1 ~]$ sudo su
[root@server7smarti1-admin-kvm-ranchercluster1 rancher]# cd
[root@server7smarti1-admin-kvm-ranchercluster1 ~]#
[root@server7smarti1-admin-kvm-ranchercluster1 ~]# passwd rancher
[root@server7smarti1-admin-kvm-ranchercluster1 ~]#
[root@server7smarti1-admin-kvm-ranchercluster1 ~]# exit
RancherOS auf die Festplatte installieren (Provisionierung)
╭─daniel at it-daniel in ~ using
╰─○ ssh rancher@172.22.99.246
The authenticity of host '172.22.99.246 (172.22.99.246)' can't be established.
ECDSA key fingerprint is SHA256:Rfhqajk+ZOvEnXJRbD2gaoorArJotQOyIKCV0APk3gs.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '172.22.99.246' (ECDSA) to the list of known hosts.
rancher@172.22.99.246's password:
[rancher@server7smarti1-admin-kvm-ranchercluster1 ~]$
[rancher@server7smarti1-admin-kvm-ranchercluster1 ~]$ sudo su
[root@server7smarti1-admin-kvm-ranchercluster1 rancher]# cd
[root@server7smarti1-admin-kvm-ranchercluster1 ~]#
[root@server7smarti1-admin-kvm-ranchercluster1 ~]# ls -al
total 4
drwx------ 1 root root 80 May 19 09:52 .
drwxr-xr-x 1 root root 140 May 19 09:44 ..
-rw------- 1 root root 20 May 19 09:52 .bash_history
drwxr-xr-x 2 root root 40 May 19 09:44 .ssh
[root@server7smarti1-admin-kvm-ranchercluster1 ~]#
[root@server7smarti1-admin-kvm-ranchercluster1 ~]# vi cloud-config.yml
[root@server7smarti1-admin-kvm-ranchercluster1 ~]# cat cloud-config.yml
#cloud-config
ssh_authorized_keys:
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAy9jaGaFOwpVr8eqUUqbs4YMOqzIpPVu5kyjZ9i3ZwC daniel@notebook1-plitc
rancher:
state:
autoformat:
- /dev/vda
[root@server7smarti1-admin-kvm-ranchercluster1 ~]# sudo ros config validate -i cloud-config.yml
[root@server7smarti1-admin-kvm-ranchercluster1 ~]#
[root@server7smarti1-admin-kvm-ranchercluster1 ~]# sudo ros install -c cloud-config.yml -d /dev/vda
INFO[0000] No install type specified...defaulting to generic
Installing from rancher/os:v1.5.1
Continue [y/N]: y
INFO[0003] start !isoinstallerloaded
INFO[0004] trying to load /bootiso/rancheros/installer.tar.gz
Loaded image: rancher/os-installer:latest
INFO[0005] Loaded images from /bootiso/rancheros/installer.tar.gz
INFO[0005] starting installer container for rancher/os-installer:latest (new)
Installing from rancher/os-installer:latest
mke2fs 1.44.5 (15-Dec-2018)
64-bit filesystem support is not enabled. The larger fields afforded by this feature enable full-strength checksumming. Pass -O 64bit to rectify.
Creating filesystem with 33553920 4k blocks and 33554432 inodes
Filesystem UUID: 0f5e881b-ed38-41a7-b4f5-27543f46bd0d
Superblock backups stored on blocks:
32768, 98304, 163840, 229376, 294912, 819200, 884736, 1605632, 2654208,
4096000, 7962624, 11239424, 20480000, 23887872
Allocating group tables: done
Writing inode tables: done
Creating journal (131072 blocks): done
Writing superblocks and filesystem accounting information: done
Continue with reboot [y/N]: y
INFO[0029] Rebooting
INFO[0029] Setting reboot timeout to 60 (rancher.shutdown_timeout set to 60)
.......^[ ] reboot:info: Setting reboot timeout to 60 (rancher.shutdown_timeout set to 60)
.=.[ ] reboot:info: Stopping /docker : b392faabaa0d
...........D...........[ ] reboot:info: Stopping /ntp : 53844dffa8a3
..?..[ ] reboot:info: Stopping /network : 9110824e3b85
...=...[ ] reboot:info: Stopping /udev : 5eb5aac54f4e
..C..[ ] reboot:info: Stopping /system-cron : 9ca03f465020
..=..[ ] reboot:info: Stopping /acpid : 4c0102079e9f
...>..[ ] reboot:info: Stopping /syslog : 6e8c71c91a67
.I..[ ] reboot:info: Console Stopping [/console] : 8575065938f2
.Connection to 172.22.99.246 closed by remote host.
Connection to 172.22.99.246 closed.
╭─daniel at it-daniel in ~ using
╰─○
erster Login mittels Public Keys
╭─daniel at it-daniel in ~ using
╰─○ ssh -i /home/daniel/.ssh/id_plitc_ed25519 rancher@172.22.99.246
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ECDSA key sent by the remote host is
SHA256:+TZdWdRG/CUdH3iJ1pNoPp303EhO+6M7qthxdn/AltI.
Please contact your system administrator.
Add correct host key in /home/daniel/.ssh/known_hosts to get rid of this message.
Offending ECDSA key in /home/daniel/.ssh/known_hosts:278
remove with:
ssh-keygen -f "/home/daniel/.ssh/known_hosts" -R "172.22.99.246"
ECDSA host key for 172.22.99.246 has changed and you have requested strict checking.
Host key verification failed.
╭─daniel at it-daniel in ~ using
╰─○ ssh-keygen -f "/home/daniel/.ssh/known_hosts" -R "172.22.99.246"
# Host 172.22.99.246 found: line 278
/home/daniel/.ssh/known_hosts updated.
Original contents retained as /home/daniel/.ssh/known_hosts.old
╭─daniel at it-daniel in ~ using
╰─○ ssh-keygen -f "/home/daniel/.ssh/known_hosts" -R "172.22.99.246"
Host 172.22.99.246 not found in /home/daniel/.ssh/known_hosts
╭─daniel at it-daniel in ~ using
╰─○ ssh -i /home/daniel/.ssh/id_plitc_ed25519 rancher@172.22.99.246
Enter passphrase for key '/home/daniel/.ssh/id_plitc_ed25519':
[rancher@server7smarti1-admin-kvm-ranchercluster1 ~]$
[rancher@server7smarti1-admin-kvm-ranchercluster1 ~]$ sudo su
[root@server7smarti1-admin-kvm-ranchercluster1 rancher]#
[root@server7smarti1-admin-kvm-ranchercluster1 rancher]# cd
[root@server7smarti1-admin-kvm-ranchercluster1 ~]#
RancherOS - Nachoptimierungen
statische Netzwerk Konfiguration
- (ganz wichtig!)
[root@server7smarti1-admin-kvm-ranchercluster1 ~]#
[root@server7smarti1-admin-kvm-ranchercluster1 ~]# ifconfig eth0
eth0 Link encap:Ethernet HWaddr 52:E5:76:CB:F1:9C
inet addr:172.22.99.246 Bcast:172.22.99.255 Mask:255.255.255.0
inet6 addr: fe80::50e5:76ff:fecb:f19c/64 Scope:Link
inet6 addr: 2a02:8106:208:5201:50e5:76ff:fecb:f19c/64 Scope:Global
inet6 addr: fd23:42:c3d2:523:50e5:76ff:fecb:f19c/64 Scope:Global
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:196667 errors:0 dropped:1 overruns:0 frame:0
TX packets:9800 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:146184992 (139.4 MiB) TX bytes:613199 (598.8 KiB)
[root@server7smarti1-admin-kvm-ranchercluster1 ~]#
[root@server7smarti1-admin-kvm-ranchercluster1 ~]# ros config set rancher.network.interfaces.eth0.address 172.22.99.246/24
[root@server7smarti1-admin-kvm-ranchercluster1 ~]# ros config set rancher.network.interfaces.eth0.gateway 172.22.99.1
[root@server7smarti1-admin-kvm-ranchercluster1 ~]# ros config set rancher.network.interfaces.eth0.mtu 1500
[root@server7smarti1-admin-kvm-ranchercluster1 ~]# ros config set rancher.network.interfaces.eth0.dhcp false
[root@server7smarti1-admin-kvm-ranchercluster1 ~]# ros config set rancher.network.dns.nameservers "['9.9.9.9','149.112.112.112']"
[root@server7smarti1-admin-kvm-ranchercluster1 ~]#
[root@server7smarti1-admin-kvm-ranchercluster1 ~]# ros config set hostname server7smarti1-admin-kvm-ranchercluster1
[root@server7smarti1-admin-kvm-ranchercluster1 ~]#
[root@server7smarti1-admin-kvm-ranchercluster1 ~]# sync
[root@server7smarti1-admin-kvm-ranchercluster1 ~]#
[root@server7smarti1-admin-kvm-ranchercluster1 ~]# cat /var/lib/rancher/conf/cloud-config.yml | head -n 15
hostname: server7smarti1-admin-kvm-ranchercluster1
rancher:
network:
dns:
nameservers:
- 9.9.9.9
- 149.112.112.112
interfaces:
eth0:
address: 172.22.99.246/24
dhcp: false
gateway: 172.22.99.1
mtu: 1500
ssh:
keys:
[root@server7smarti1-admin-kvm-ranchercluster1 ~]# reboot
Kernelparamter
- tsc=reliable
- (bringt ca 5-10 % mehr Performance!")