RancherOS Cluster: Unterschied zwischen den Versionen

Aus C3D2
Wechseln zu: Navigation, Suche
(SmartOS - KVM - RancherOS Installation)
Zeile 403: Zeile 403:
 
javaws -viewer
 
javaws -viewer
 
</source>
 
</source>
 +
 +
=== SmartOS - LX-Zone (Debian) erstellen ===
 +
 +
  
 
=== SmartOS - KVM erstellen ===
 
=== SmartOS - KVM erstellen ===

Version vom 19. Mai 2019, 15:23 Uhr

Ankündigung

Hallo,

das WE komme ich in den Club und hatte folgendes vor:

Eine minimalistische Ramdisk bauen, welche Netzwerkunterstützung und das Tool DD beinhaltet. Lauffähig soll es auf i386 Hardware mit max. 16 MB RAM! werden.

Freitag: (heute spät am Abend)
1. SmartOS Server als Virtualisierungsumgebung aufsetzen
2. RancherOS Cluster aufsetzen
3. Draw.IO aufsetzen, für Datenfluss Dokumentation

Samstag:
1. grundlegendes Verständnis erarbeiten was alles für den  Bau eines Images benötigt wird

Sonntag: (nice to have)
1. Templates für Docker Images erstellen und im Rancher Cluster testen

Freue mich auf eventuelle Mitstreiter 

Aufbau

  • 2 x FSC RX300 S6?
  • 2 x Dell R510?

Umsetzung: Sun May 19

Wahl des Servers

  • Server7

BIOS Einstellungen

  • Hyperthreading aus (weil broken by design)
  • Aggressive Link Power Management aus
  • NUMA an
  • boot nur vom USB-Stick

SmartOS Installation

SmartOS Bootvorgang

C3d2 smartos 2.jpg

SmartOS Installationsablauf

C3d2 smartos install 1.jpg

C3d2 smartos install 2.jpg

C3d2 smartos install 3.jpg

C3d2 smartos install 4.jpg

C3d2 smartos install 5.jpg

C3d2 smartos install 6.jpg

C3d2 smartos install 7.jpg

SmartOS Nachoptimierungen

[root@server7smarti1 ~]# zfs list
NAME                 USED  AVAIL  REFER  MOUNTPOINT
zones                137G   723G   784K  /zones
zones/archive         96K   723G    96K  /zones/archive
zones/config         124K   723G   124K  legacy
zones/cores          192K   723G    96K  none
zones/cores/global    96K  10,0G    96K  /zones/global/cores
zones/dump          4,92G   723G  4,92G  -
zones/opt             96K   723G    96K  legacy
zones/swap           132G   855G    56K  -
zones/usbkey         120K   723G   120K  legacy
zones/var           1,24M   723G  1,24M  legacy
[root@server7smarti1 ~]#
[root@server7smarti1 ~]# zfs create zones/c3d2.de
[root@server7smarti1 ~]# zfs create zones/c3d2.de/admin
[root@server7smarti1 ~]# zfs create zones/c3d2.de/iso
[root@server7smarti1 ~]#
[root@server7smarti1 ~]# zfs list -o name | egrep -v "NAME" | xargs -L 1 -I % zfs set checksum=on %
[root@server7smarti1 ~]# zfs set checksum=noparity zones/dump
[root@server7smarti1 ~]# zfs list -o name | egrep -v "NAME" | xargs -L 1 -I % zfs set compression=lz4 %
[root@server7smarti1 ~]# zfs set compression=off zones/dump
[root@server7smarti1 ~]# zfs set compression=off zones/swap
[root@server7smarti1 ~]# zfs list -o name | egrep -v "NAME" | xargs -L 1 -I % zfs set dedup=off %
[root@server7smarti1 ~]# zfs list -o name | egrep -v "NAME" | xargs -L 1 -I % zfs set atime=off %
cannot set property for 'zones/dump': 'atime' does not apply to datasets of this type
cannot set property for 'zones/swap': 'atime' does not apply to datasets of this type
[root@server7smarti1 ~]# zfs list -o name | egrep -v "NAME" | xargs -L 1 -I % zfs set primarycache=all %
[root@server7smarti1 ~]# zfs set primarycache=metadata zones/swap
[root@server7smarti1 ~]#
[root@server7smarti1 ~]# cd /zones/c3d2.de/admin
Default System Config mit Germany Keymap
╭─daniel at it-daniel in ~ using
╰─○ ssh root@172.22.99.245
Password:
- SmartOS (build: 20190510T131809Z)
[root@server7smarti1 ~]# cat /usbkey/config
#
# This file was auto-generated and must be source-able by bash.
#
### ### ### C3D2 // ### ### ###

admin_nic=00:25:90:4f:1c:3c
admin_ip=172.22.99.245
admin_netmask=255.255.255.0
admin_network=
admin_gateway=172.22.99.245

headnode_default_gateway=172.22.99.1

dns_resolvers=9.9.9.9,149.112.112.112
dns_domain=c3d2.local

ntp_hosts=0.smartos.pool.ntp.org
compute_node_ntp_hosts=172.22.99.245

hostname=server7smarti1

default_keymap=germany

### ### ### // C3D2 ### ### ###
# EOF
[root@server7smarti1 ~]# sync; reboot
Connection to 172.22.99.245 closed by remote host.
Connection to 172.22.99.245 closed.
╭─daniel at it-daniel in ~ using
╰─○

SmartOS Backup Script

[root@server7smarti1 /zones/c3d2.de/admin]# wget --no-check-certificate https://raw.githubusercontent.com/ass-a2s/smartos-zone-backup/master/smartos-zone-backup.conf
--2019-05-19 09:02:01--  https://raw.githubusercontent.com/ass-a2s/smartos-zone-backup/master/smartos-zone-backup.conf
Resolving raw.githubusercontent.com (raw.githubusercontent.com)... 151.101.12.133
Connecting to raw.githubusercontent.com (raw.githubusercontent.com)|151.101.12.133|:443... connected.
WARNING: cannot verify raw.githubusercontent.com's certificate, issued by ‘CN=DigiCert SHA2 High Assurance Server CA,OU=www.digicert.com,O=DigiCert Inc,C=US’:
  Unable to locally verify the issuer's authority.
HTTP request sent, awaiting response... 200 OK
Length: 160 [text/plain]
Saving to: ‘smartos-zone-backup.conf’

smartos-zone-backup.conf                            100%[================================================================================================================>]     160  --.-KB/s    in 0s

2019-05-19 09:02:01 (8,35 MB/s) - ‘smartos-zone-backup.conf’ saved [160/160]

[root@server7smarti1 /zones/c3d2.de/admin]# wget --no-check-certificate https://raw.githubusercontent.com/ass-a2s/smartos-zone-backup/master/smartos-zone-backup.exclude
--2019-05-19 09:02:08--  https://raw.githubusercontent.com/ass-a2s/smartos-zone-backup/master/smartos-zone-backup.exclude
Resolving raw.githubusercontent.com (raw.githubusercontent.com)... 151.101.12.133
Connecting to raw.githubusercontent.com (raw.githubusercontent.com)|151.101.12.133|:443... connected.
WARNING: cannot verify raw.githubusercontent.com's certificate, issued by ‘CN=DigiCert SHA2 High Assurance Server CA,OU=www.digicert.com,O=DigiCert Inc,C=US’:
  Unable to locally verify the issuer's authority.
HTTP request sent, awaiting response... 200 OK
Length: 0 [text/plain]
Saving to: ‘smartos-zone-backup.exclude’

smartos-zone-backup.exclude                             [ <=>                                                                                                             ]       0  --.-KB/s    in 0s

2019-05-19 09:02:08 (0,00 B/s) - ‘smartos-zone-backup.exclude’ saved [0/0]

[root@server7smarti1 /zones/c3d2.de/admin]# wget --no-check-certificate https://raw.githubusercontent.com/ass-a2s/smartos-zone-backup/master/smartos-zone-backup.include
--2019-05-19 09:02:12--  https://raw.githubusercontent.com/ass-a2s/smartos-zone-backup/master/smartos-zone-backup.include
Resolving raw.githubusercontent.com (raw.githubusercontent.com)... 151.101.12.133
Connecting to raw.githubusercontent.com (raw.githubusercontent.com)|151.101.12.133|:443... connected.
WARNING: cannot verify raw.githubusercontent.com's certificate, issued by ‘CN=DigiCert SHA2 High Assurance Server CA,OU=www.digicert.com,O=DigiCert Inc,C=US’:
  Unable to locally verify the issuer's authority.
HTTP request sent, awaiting response... 200 OK
Length: 0 [text/plain]
Saving to: ‘smartos-zone-backup.include’

smartos-zone-backup.include                             [ <=>                                                                                                             ]       0  --.-KB/s    in 0s

2019-05-19 09:02:13 (0,00 B/s) - ‘smartos-zone-backup.include’ saved [0/0]

[root@server7smarti1 /zones/c3d2.de/admin]# wget --no-check-certificate https://raw.githubusercontent.com/ass-a2s/smartos-zone-backup/master/smartos-zone-backup.log
--2019-05-19 09:02:20--  https://raw.githubusercontent.com/ass-a2s/smartos-zone-backup/master/smartos-zone-backup.log
Resolving raw.githubusercontent.com (raw.githubusercontent.com)... 151.101.112.133
Connecting to raw.githubusercontent.com (raw.githubusercontent.com)|151.101.112.133|:443... connected.
WARNING: cannot verify raw.githubusercontent.com's certificate, issued by ‘CN=DigiCert SHA2 High Assurance Server CA,OU=www.digicert.com,O=DigiCert Inc,C=US’:
  Unable to locally verify the issuer's authority.
HTTP request sent, awaiting response... 200 OK
Length: 0 [text/plain]
Saving to: ‘smartos-zone-backup.log’

smartos-zone-backup.log                                 [ <=>                                                                                                             ]       0  --.-KB/s    in 0s

2019-05-19 09:02:20 (0,00 B/s) - ‘smartos-zone-backup.log’ saved [0/0]

[root@server7smarti1 /zones/c3d2.de/admin]# wget --no-check-certificate https://raw.githubusercontent.com/ass-a2s/smartos-zone-backup/master/smartos-zone-backup.sh
--2019-05-19 09:02:22--  https://raw.githubusercontent.com/ass-a2s/smartos-zone-backup/master/smartos-zone-backup.sh
Resolving raw.githubusercontent.com (raw.githubusercontent.com)... 151.101.112.133
Connecting to raw.githubusercontent.com (raw.githubusercontent.com)|151.101.112.133|:443... connected.
WARNING: cannot verify raw.githubusercontent.com's certificate, issued by ‘CN=DigiCert SHA2 High Assurance Server CA,OU=www.digicert.com,O=DigiCert Inc,C=US’:
  Unable to locally verify the issuer's authority.
HTTP request sent, awaiting response... 200 OK
Length: 11392 (11K) [text/plain]
Saving to: ‘smartos-zone-backup.sh’

smartos-zone-backup.sh                              100%[================================================================================================================>]  11,12K  --.-KB/s    in 0,009s

2019-05-19 09:02:24 (1,15 MB/s) - ‘smartos-zone-backup.sh’ saved [11392/11392]

[root@server7smarti1 /zones/c3d2.de/admin]#
[root@server7smarti1 /zones/c3d2.de/admin]# chmod 0755 smartos-zone-backup.sh
[root@server7smarti1 /zones/c3d2.de/admin]# ls -all
total 47
drwxr-xr-x   2 root     root           7 Mai 19 09:02 .
drwxr-xr-x   4 root     root           4 Mai 19 08:52 ..
-rw-r--r--   1 root     root         160 Mai 19 09:02 smartos-zone-backup.conf
-rw-r--r--   1 root     root           0 Mai 19 09:02 smartos-zone-backup.exclude
-rw-r--r--   1 root     root           0 Mai 19 09:02 smartos-zone-backup.include
-rw-r--r--   1 root     root           0 Mai 19 09:02 smartos-zone-backup.log
-rwxr-xr-x   1 root     root       11392 Mai 19 09:02 smartos-zone-backup.sh
[root@server7smarti1 /zones/c3d2.de/admin]#

IPMI per SmartOS (mittels ipmitool) konfigurieren

alte Konfiguration

[root@smarti ~]# ipmitool lan print
Set in Progress         : Set Complete
Auth Type Support       : NONE MD2 MD5 PASSWORD
Auth Type Enable        : Callback : MD2 MD5 PASSWORD
                        : User     : MD2 MD5 PASSWORD
                        : Operator : MD2 MD5 PASSWORD
                        : Admin    : MD2 MD5 PASSWORD
                        : OEM      : MD2 MD5 PASSWORD
IP Address Source       : Static Address
IP Address              : 10.0.3.23
Subnet Mask             : 255.255.255.0
MAC Address             : 00:25:90:2f:3d:fa
SNMP Community String   : public
IP Header               : TTL=0x00 Flags=0x00 Precedence=0x00 TOS=0x00
BMC ARP Control         : ARP Responses Enabled, Gratuitous ARP Disabled
Default Gateway IP      : 10.0.3.254
Default Gateway MAC     : 00:00:00:00:00:00
Backup Gateway IP       : 0.0.0.0
Backup Gateway MAC      : 00:00:00:00:00:00
802.1q VLAN ID          : Disabled
802.1q VLAN Priority    : 0
RMCP+ Cipher Suites     : 1,2,3,6,7,8,11,12
Cipher Suite Priv Max   : aaaaXXaaaXXaaXX
                        :     X=Cipher Suite Unused
                        :     c=CALLBACK
                        :     u=USER
                        :     o=OPERATOR
                        :     a=ADMIN
                        :     O=OEM
[root@smarti ~]#

neu konfigurieren

[root@smarti ~]#
[root@smarti ~]# ipmitool lan set 1 ipsrc static
[root@smarti ~]# ipmitool lan set 1 ipaddr 172.22.99.244
Setting LAN IP Address to 172.22.99.244
[root@smarti ~]# ipmitool lan set 1 netmask 255.255.255.0
Setting LAN Subnet Mask to 255.255.255.0
[root@smarti ~]# ipmitool lan set 1 defgw ipaddr 172.22.99.1
Setting LAN Default Gateway IP to 172.22.99.1
[root@smarti ~]# ipmitool lan set 1 defgw macaddr 0a:14:48:01:07:00
Setting LAN Default Gateway MAC to 0a:14:48:01:07:00
[root@smarti ~]# ipmitool lan set 1 arp respond on
Enabling BMC-generated ARP responses
[root@smarti ~]# ipmitool lan set 1 auth ADMIN MD5
[root@smarti ~]# ipmitool lan set 1 access on
[root@smarti ~]#

neue Konfiguration

[root@smarti ~]# ipmitool lan print
Set in Progress         : Set Complete
Auth Type Support       : NONE MD2 MD5 PASSWORD
Auth Type Enable        : Callback : MD2 MD5 PASSWORD
                        : User     : MD2 MD5 PASSWORD
                        : Operator : MD2 MD5 PASSWORD
                        : Admin    : MD5
                        : OEM      : MD2 MD5 PASSWORD
IP Address Source       : Static Address
IP Address              : 172.22.99.244
Subnet Mask             : 255.255.255.0
MAC Address             : 00:25:90:2f:3d:fa
SNMP Community String   : public
IP Header               : TTL=0x00 Flags=0x00 Precedence=0x00 TOS=0x00
BMC ARP Control         : ARP Responses Enabled, Gratuitous ARP Disabled
Default Gateway IP      : 172.22.99.1
Default Gateway MAC     : 0a:14:48:01:07:00
Backup Gateway IP       : 0.0.0.0
Backup Gateway MAC      : 00:00:00:00:00:00
802.1q VLAN ID          : Disabled
802.1q VLAN Priority    : 0
RMCP+ Cipher Suites     : 1,2,3,6,7,8,11,12
Cipher Suite Priv Max   : aaaaXXaaaXXaaXX
                        :     X=Cipher Suite Unused
                        :     c=CALLBACK
                        :     u=USER
                        :     o=OPERATOR
                        :     a=ADMIN
                        :     O=OEM
[root@smarti ~]#
  • neues ADMIN Passwort per IPMI Web UI gesetzt, siehe: http://172.22.99.244
    • PW Hinweis: (Denk an unsere Erde)

IPMI Firmware Update

  • Mainboard Version herausfinden
[root@smarti ~]# sysinfo
{
  "Live Image": "20190510T131809Z",
  "System Type": "SunOS",
  "Boot Time": "1558250640",
  "SDC Version": "7.0",
  "Manufacturer": "Supermicro",
  "Product": "X9DRT-F/IBQF/IBFF",
  "Serial Number": "0123456789",
  "SKU Number": "To be filled by O.E.M.",
  "HW Version": "0123456789",
  "HW Family": "To be filled by O.E.M.",
  "Setup": "false",
  "VM Capable": true,
  "Bhyve Capable": true,
  "Bhyve Max Vcpus": 32,
  "HVM API": true,
  "CPU Type": "Intel(R) Xeon(R) CPU E5-2680 v2 @ 2.80GHz",
  "CPU Virtualization": "vmx",
  "CPU Physical Cores": 2,
  "Admin NIC Tag": "admin",
  "Admin IP": "dhcp",
  "UUID": "00000000-0000-0000-0000-0025904f1c3c",
  "Hostname": "smarti",
  "CPU Total Cores": 20,
  "MiB of Memory": "131038",
  "Zpool": "zones",
  "Zpool Disks": "c1t6479A71D12653333d0,c3t1d0",
  "Zpool Profile": "striped",
  "Zpool Creation": 1558250466,
  "Zpool Size in GiB": 860,
  "Disks": {
    "c1t6479A71D12653333d0": {"Size in GB": 960},
    "c3t1d0": {"Size in GB": 250}
  },
  "Boot Parameters": {
    "module_name_0": "environment",
    "console": "text",
    "boot_args": "",
    "bootargs": "",
    "bootfile": "unix",
    "os_console": "text",
    "root_shadow": "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXxx",
    "screen_#cols": "158",
    "screen_#rows": "63",
    "screen_font": "8x16",
    "screen_height": "1024",
    "screen_width": "1280",
    "smartos": "true"
  },
  "Network Interfaces": {
    "igb0": {"MAC Address": "00:25:90:4f:1c:3c", "ip4addr": "172.22.99.186", "Link Status": "up", "NIC Names": ["admin"]},
    "igb1": {"MAC Address": "00:25:90:4f:1c:3d", "ip4addr": "", "Link Status": "down", "NIC Names": []}
  },
  "Virtual Network Interfaces": {
  },
  "Link Aggregations": {
  }
}
[root@smarti ~]#
  • Upgrade per Web UI
  • Upgrade unbedingt per Firefox (nicht Google-Chrome / Chromium) durchführen
  Module Name         Existing Version        New Version  
  IPMI_FW             02.16                   03.36
  • bei Problemen mit der Java Security lassen sich alte IPMI Versionen auch lokal aus den hohen Sicherheitseinstellungen excluden, mittels:
javaws -viewer

SmartOS - LX-Zone (Debian) erstellen

SmartOS - KVM erstellen

Vorbereitung

  • Template ZFS Dataset erstellen
[root@server7smarti1 ~]#
[root@server7smarti1 ~]# zfs create zones/c3d2.de/templates
[root@server7smarti1 ~]#
  • ISO downloaden
[root@server7smarti1 ~]#
[root@server7smarti1 ~]# cd /zones/c3d2.de/iso/
[root@server7smarti1 /zones/c3d2.de/iso]#
[root@server7smarti1 /zones/c3d2.de/iso]# wget --no-check-certificate https://releases.rancher.com/os/v1.5.1/rancheros.iso
--2019-05-19 09:28:08--  https://releases.rancher.com/os/v1.5.1/rancheros.iso
Resolving releases.rancher.com (releases.rancher.com)... 104.24.16.51, 104.24.17.51, 2606:4700:20::6818:1033, ...
Connecting to releases.rancher.com (releases.rancher.com)|104.24.16.51|:443... connected.
WARNING: cannot verify releases.rancher.com's certificate, issued by ‘CN=COMODO ECC Domain Validation Secure Server CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB’:
  Unable to locally verify the issuer's authority.
HTTP request sent, awaiting response... 200 OK
Length: 135266304 (129M) [application/x-iso9660-image]
Saving to: ‘rancheros.iso’

rancheros.iso                                       100%[================================================================================================================>] 129,00M  8,81MB/s    in 13s

2019-05-19 09:28:23 (9,60 MB/s) - ‘rancheros.iso’ saved [135266304/135266304]

[root@server7smarti1 /zones/c3d2.de/iso]# ls -al
total 261987
drwxr-xr-x   2 root     root           3 Mai 19 09:28 .
drwxr-xr-x   5 root     root           5 Mai 19 09:27 ..
-rw-r--r--   1 root     root     135266304 Feb. 11 17:14 rancheros.iso
[root@server7smarti1 /zones/c3d2.de/iso]# mv rancheros.iso rancheros151.iso
[root@server7smarti1 /zones/c3d2.de/iso]#
[root@server7smarti1 /zones/c3d2.de/iso]# ls -al
total 261987
drwxr-xr-x   2 root     root           3 Mai 19 09:29 .
drwxr-xr-x   5 root     root           5 Mai 19 09:27 ..
-rw-r--r--   1 root     root     135266304 Feb. 11 17:14 rancheros151.iso
[root@server7smarti1 /zones/c3d2.de/iso]#

RancherOS KVM erstellen

[root@server7smarti1 ~]#
[root@server7smarti1 ~]# cd /zones/c3d2.de/templates/
[root@server7smarti1 /zones/c3d2.de/templates]#
[root@server7smarti1 /zones/c3d2.de/templates]# cat 1.server7smarti1-admin-kvm-ranchercluster1.json
{
  "brand": "kvm",
  "autoboot": true,
  "alias": "server7smarti1-admin-kvm-ranchercluster1",
  "hostname": "server7smarti1-admin-kvm-ranchercluster1",
  "resolvers": [
    "9.9.9.9",
    "149.112.112.112"
  ],
  "nics": [
    {
      "nic_tag": "admin",
      "ip": "172.22.99.246",
      "ips": ["172.22.99.246/24", "addrconf"],
      "netmask": "255.255.255.0",
      "gateway": "172.22.99.1",
      "model": "virtio",
      "allow_restricted_traffic": true,
      "primary": true
    }
  ],
  "vcpus": "6",
  "ram": "16384",
  "disks": [
    {
      "boot": true,
      "model": "virtio",
      "compression": "lz4",
      "size": 131072,
      "block_size": 8192
    }
  ],
  "internal_metadata": {},
  "vnc_port": "10001",
  "vnc_password": "c3d2",
  "cpu_type": "qemu64",
  "qemu_extra_opts": "-k de"
}

[root@server7smarti1 /zones/c3d2.de/templates]# vmadm create -f 1.server7smarti1-admin-kvm-ranchercluster1.json
Successfully created VM 3516ab22-69b0-e327-95ec-f9be8852ee44
[root@server7smarti1 /zones/c3d2.de/templates]#
[root@server7smarti1 /zones/c3d2.de/templates]# sleep 30
[root@server7smarti1 /zones/c3d2.de/templates]#
[root@server7smarti1 /zones/c3d2.de/templates]# vmadm kill 3516ab22-69b0-e327-95ec-f9be8852ee44
Sent signal "SIGTERM" to init process for VM 3516ab22-69b0-e327-95ec-f9be8852ee44
[root@server7smarti1 /zones/c3d2.de/templates]#
[root@server7smarti1 /zones/c3d2.de/templates]# sleep 10
[root@server7smarti1 /zones/c3d2.de/templates]#
[root@server7smarti1 /zones/c3d2.de/templates]# vmadm list
UUID                                  TYPE  RAM      STATE             ALIAS
3516ab22-69b0-e327-95ec-f9be8852ee44  KVM   16384    stopped           server7smarti1-admin-kvm-ranchercluster1
[root@server7smarti1 /zones/c3d2.de/templates]#

RancherOS ISO in die Non-Global Zone kopieren

[root@server7smarti1 /zones/c3d2.de/templates]# cp /zones/c3d2.de/iso/rancheros151.iso /zones/3516ab22-69b0-e327-95ec-f9be8852ee44/root
[root@server7smarti1 /zones/c3d2.de/templates]#

KVM Installation mit der ISO beginnen

[root@server7smarti1 /zones/c3d2.de/templates]#
[root@server7smarti1 /zones/c3d2.de/templates]# vmadm list
UUID                                  TYPE  RAM      STATE             ALIAS
3516ab22-69b0-e327-95ec-f9be8852ee44  KVM   16384    stopped           server7smarti1-admin-kvm-ranchercluster1
[root@server7smarti1 /zones/c3d2.de/templates]#
[root@server7smarti1 /zones/c3d2.de/templates]# vmadm start 3516ab22-69b0-e327-95ec-f9be8852ee44 order=cd,once=d cdrom=rancheros151.iso,ide
Successfully started VM 3516ab22-69b0-e327-95ec-f9be8852ee44
[root@server7smarti1 /zones/c3d2.de/templates]#
[root@server7smarti1 /zones/c3d2.de/templates]# vmadm info 3516ab22-69b0-e327-95ec-f9be8852ee44 vnc
{
  "vnc": {
    "host": "172.22.99.245",
    "port": 10001,
    "display": 4101,
    "password": "c3d2"
  }
}
[root@server7smarti1 /zones/c3d2.de/templates]#
[root@server7smarti1 /zones/c3d2.de/templates]# vmadm list
UUID                                  TYPE  RAM      STATE             ALIAS
3516ab22-69b0-e327-95ec-f9be8852ee44  KVM   16384    running           server7smarti1-admin-kvm-ranchercluster1
[root@server7smarti1 /zones/c3d2.de/templates]#

SmartOS - KVM - RancherOS Installation

RancherOS Live System Environment

C3d2 smartos kvm rancheros install 1.jpg

Passwort vom User: rancher umbenennen und Remote SSH Login durchführen

[rancher@server7smarti1-admin-kvm-ranchercluster1 ~]$ sudo su
[root@server7smarti1-admin-kvm-ranchercluster1 rancher]# cd
[root@server7smarti1-admin-kvm-ranchercluster1 ~]#
[root@server7smarti1-admin-kvm-ranchercluster1 ~]# passwd rancher
[root@server7smarti1-admin-kvm-ranchercluster1 ~]#
[root@server7smarti1-admin-kvm-ranchercluster1 ~]# exit

C3d2 smartos kvm rancheros install 2.jpg

RancherOS auf die Festplatte installieren (Provisionierung)

╭─daniel at it-daniel in ~ using
╰─○ ssh rancher@172.22.99.246
The authenticity of host '172.22.99.246 (172.22.99.246)' can't be established.
ECDSA key fingerprint is SHA256:Rfhqajk+ZOvEnXJRbD2gaoorArJotQOyIKCV0APk3gs.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '172.22.99.246' (ECDSA) to the list of known hosts.
rancher@172.22.99.246's password:
[rancher@server7smarti1-admin-kvm-ranchercluster1 ~]$
[rancher@server7smarti1-admin-kvm-ranchercluster1 ~]$ sudo su
[root@server7smarti1-admin-kvm-ranchercluster1 rancher]# cd
[root@server7smarti1-admin-kvm-ranchercluster1 ~]#
[root@server7smarti1-admin-kvm-ranchercluster1 ~]# ls -al
total 4
drwx------    1 root     root            80 May 19 09:52 .
drwxr-xr-x    1 root     root           140 May 19 09:44 ..
-rw-------    1 root     root            20 May 19 09:52 .bash_history
drwxr-xr-x    2 root     root            40 May 19 09:44 .ssh
[root@server7smarti1-admin-kvm-ranchercluster1 ~]#
[root@server7smarti1-admin-kvm-ranchercluster1 ~]# vi cloud-config.yml
[root@server7smarti1-admin-kvm-ranchercluster1 ~]# cat cloud-config.yml
#cloud-config

ssh_authorized_keys:
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAy9jaGaFOwpVr8eqUUqbs4YMOqzIpPVu5kyjZ9i3ZwC daniel@notebook1-plitc
rancher:
  state:
    autoformat:
      - /dev/vda

[root@server7smarti1-admin-kvm-ranchercluster1 ~]# sudo ros config validate -i cloud-config.yml
[root@server7smarti1-admin-kvm-ranchercluster1 ~]#
[root@server7smarti1-admin-kvm-ranchercluster1 ~]# sudo ros install -c cloud-config.yml -d /dev/vda
INFO[0000] No install type specified...defaulting to generic
Installing from rancher/os:v1.5.1
Continue [y/N]: y
INFO[0003] start !isoinstallerloaded
INFO[0004] trying to load /bootiso/rancheros/installer.tar.gz
Loaded image: rancher/os-installer:latest
INFO[0005] Loaded images from /bootiso/rancheros/installer.tar.gz
INFO[0005] starting installer container for rancher/os-installer:latest (new)
Installing from rancher/os-installer:latest
mke2fs 1.44.5 (15-Dec-2018)
64-bit filesystem support is not enabled.  The larger fields afforded by this feature enable full-strength checksumming.  Pass -O 64bit to rectify.
Creating filesystem with 33553920 4k blocks and 33554432 inodes
Filesystem UUID: 0f5e881b-ed38-41a7-b4f5-27543f46bd0d
Superblock backups stored on blocks:
        32768, 98304, 163840, 229376, 294912, 819200, 884736, 1605632, 2654208,
        4096000, 7962624, 11239424, 20480000, 23887872

Allocating group tables: done
Writing inode tables: done
Creating journal (131072 blocks): done
Writing superblocks and filesystem accounting information: done

Continue with reboot [y/N]: y
INFO[0029] Rebooting
INFO[0029] Setting reboot timeout to 60 (rancher.shutdown_timeout set to 60)
.......^[            ] reboot:info: Setting reboot timeout to 60 (rancher.shutdown_timeout set to 60)
.=.[            ] reboot:info: Stopping /docker : b392faabaa0d
...........D...........[            ] reboot:info: Stopping /ntp : 53844dffa8a3
..?..[            ] reboot:info: Stopping /network : 9110824e3b85
...=...[            ] reboot:info: Stopping /udev : 5eb5aac54f4e
..C..[            ] reboot:info: Stopping /system-cron : 9ca03f465020
..=..[            ] reboot:info: Stopping /acpid : 4c0102079e9f
...>..[            ] reboot:info: Stopping /syslog : 6e8c71c91a67
.I..[            ] reboot:info: Console Stopping [/console] : 8575065938f2
.Connection to 172.22.99.246 closed by remote host.
Connection to 172.22.99.246 closed.
╭─daniel at it-daniel in ~ using
╰─○

erster Login mittels Public Keys

╭─daniel at it-daniel in ~ using
╰─○ ssh -i /home/daniel/.ssh/id_plitc_ed25519 rancher@172.22.99.246
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ECDSA key sent by the remote host is
SHA256:+TZdWdRG/CUdH3iJ1pNoPp303EhO+6M7qthxdn/AltI.
Please contact your system administrator.
Add correct host key in /home/daniel/.ssh/known_hosts to get rid of this message.
Offending ECDSA key in /home/daniel/.ssh/known_hosts:278
  remove with:
  ssh-keygen -f "/home/daniel/.ssh/known_hosts" -R "172.22.99.246"
ECDSA host key for 172.22.99.246 has changed and you have requested strict checking.
Host key verification failed.

╭─daniel at it-daniel in ~ using
╰─○ ssh-keygen -f "/home/daniel/.ssh/known_hosts" -R "172.22.99.246"
# Host 172.22.99.246 found: line 278
/home/daniel/.ssh/known_hosts updated.
Original contents retained as /home/daniel/.ssh/known_hosts.old

╭─daniel at it-daniel in ~ using
╰─○ ssh-keygen -f "/home/daniel/.ssh/known_hosts" -R "172.22.99.246"
Host 172.22.99.246 not found in /home/daniel/.ssh/known_hosts

╭─daniel at it-daniel in ~ using
╰─○ ssh -i /home/daniel/.ssh/id_plitc_ed25519 rancher@172.22.99.246
Enter passphrase for key '/home/daniel/.ssh/id_plitc_ed25519':

[rancher@server7smarti1-admin-kvm-ranchercluster1 ~]$
[rancher@server7smarti1-admin-kvm-ranchercluster1 ~]$ sudo su
[root@server7smarti1-admin-kvm-ranchercluster1 rancher]#
[root@server7smarti1-admin-kvm-ranchercluster1 rancher]# cd
[root@server7smarti1-admin-kvm-ranchercluster1 ~]#

RancherOS - Nachoptimierungen

statische Netzwerk Konfiguration

  • (ganz wichtig!)
[root@server7smarti1-admin-kvm-ranchercluster1 ~]#
[root@server7smarti1-admin-kvm-ranchercluster1 ~]# ifconfig eth0
eth0      Link encap:Ethernet  HWaddr 52:E5:76:CB:F1:9C
          inet addr:172.22.99.246  Bcast:172.22.99.255  Mask:255.255.255.0
          inet6 addr: fe80::50e5:76ff:fecb:f19c/64 Scope:Link
          inet6 addr: 2a02:8106:208:5201:50e5:76ff:fecb:f19c/64 Scope:Global
          inet6 addr: fd23:42:c3d2:523:50e5:76ff:fecb:f19c/64 Scope:Global
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:196667 errors:0 dropped:1 overruns:0 frame:0
          TX packets:9800 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:146184992 (139.4 MiB)  TX bytes:613199 (598.8 KiB)

[root@server7smarti1-admin-kvm-ranchercluster1 ~]#
[root@server7smarti1-admin-kvm-ranchercluster1 ~]# ros config set rancher.network.interfaces.eth0.address 172.22.99.246/24
[root@server7smarti1-admin-kvm-ranchercluster1 ~]# ros config set rancher.network.interfaces.eth0.gateway 172.22.99.1
[root@server7smarti1-admin-kvm-ranchercluster1 ~]# ros config set rancher.network.interfaces.eth0.mtu 1500
[root@server7smarti1-admin-kvm-ranchercluster1 ~]# ros config set rancher.network.interfaces.eth0.dhcp false
[root@server7smarti1-admin-kvm-ranchercluster1 ~]# ros config set rancher.network.dns.nameservers "['9.9.9.9','149.112.112.112']"
[root@server7smarti1-admin-kvm-ranchercluster1 ~]#
[root@server7smarti1-admin-kvm-ranchercluster1 ~]# ros config set hostname server7smarti1-admin-kvm-ranchercluster1
[root@server7smarti1-admin-kvm-ranchercluster1 ~]#
[root@server7smarti1-admin-kvm-ranchercluster1 ~]# sync
[root@server7smarti1-admin-kvm-ranchercluster1 ~]#
[root@server7smarti1-admin-kvm-ranchercluster1 ~]# cat /var/lib/rancher/conf/cloud-config.yml | head -n 15
hostname: server7smarti1-admin-kvm-ranchercluster1
rancher:
  network:
    dns:
      nameservers:
      - 9.9.9.9
      - 149.112.112.112
    interfaces:
      eth0:
        address: 172.22.99.246/24
        dhcp: false
        gateway: 172.22.99.1
        mtu: 1500
  ssh:
    keys:
[root@server7smarti1-admin-kvm-ranchercluster1 ~]# reboot
Kernelparamter
  • tsc=reliable
    • (bringt ca 5-10 % mehr Performance!")