mirror of https://github.com/easzlab/kubeasz.git
142 lines
3.3 KiB
Markdown
142 lines
3.3 KiB
Markdown
|
# 容器化系统服务
|
|||
|
|
|||
|
## 容器化 haproxy
|
|||
|
|
|||
|
本例使用 [docker hub 官方](https://github.com/docker-library/haproxy) 维护的 haproxy 镜像;haproxy 配置举例如下
|
|||
|
|
|||
|
```
|
|||
|
global
|
|||
|
log stdout format raw local1 notice
|
|||
|
nbproc 1
|
|||
|
|
|||
|
defaults
|
|||
|
log global
|
|||
|
timeout connect 5s
|
|||
|
timeout client 10m
|
|||
|
timeout server 10m
|
|||
|
|
|||
|
listen apiservers
|
|||
|
bind 0.0.0.0:6443
|
|||
|
mode tcp
|
|||
|
option tcplog
|
|||
|
option dontlognull
|
|||
|
option dontlog-normal
|
|||
|
balance roundrobin
|
|||
|
server 192.168.1.1 192.168.1.1:6443 check inter 10s fall 2 rise 2 weight 1
|
|||
|
server 192.168.1.2 192.168.1.2:6443 check inter 10s fall 2 rise 2 weight 1
|
|||
|
```
|
|||
|
|
|||
|
在 systemd 系统上编写服务文件如下 /etc/systemd/system/haproxy.service
|
|||
|
|
|||
|
```
|
|||
|
[Unit]
|
|||
|
Description=haproxy
|
|||
|
Documentation=https://github.com/docker-library/haproxy
|
|||
|
After=docker.service
|
|||
|
Requires=docker.service
|
|||
|
|
|||
|
[Service]
|
|||
|
User=root
|
|||
|
ExecStart=/bin/docker run \
|
|||
|
--name haproxy \
|
|||
|
--publish 6443:6443 \
|
|||
|
--volume /etc/haproxy/haproxy.cfg:/usr/local/etc/haproxy/haproxy.cfg \
|
|||
|
docker.io/library/haproxy:1.9.8-alpine
|
|||
|
ExecStop=/bin/docker rm -f haproxy
|
|||
|
ExecReload=/bin/docker kill -s HUP haproxy
|
|||
|
Restart=always
|
|||
|
RestartSec=10
|
|||
|
Delegate=yes
|
|||
|
LimitNOFILE=50000
|
|||
|
LimitNPROC=50000
|
|||
|
|
|||
|
[Install]
|
|||
|
WantedBy=multi-user.target
|
|||
|
```
|
|||
|
|
|||
|
## 容器化 chrony
|
|||
|
|
|||
|
- chrony 服务器端配置(假设chrony服务器端192.168.1.1)
|
|||
|
|
|||
|
```
|
|||
|
$ cat /etc/chrony.conf
|
|||
|
# Use public servers from the pool.ntp.org project.
|
|||
|
server ntp1.aliyun.com iburst
|
|||
|
server ntp2.aliyun.com iburst
|
|||
|
pool pool.ntp.org iburst
|
|||
|
|
|||
|
# Ignor source level
|
|||
|
stratumweight 0
|
|||
|
|
|||
|
# Record the rate at which the system clock gains/losses time.
|
|||
|
driftfile /var/lib/chrony/drift
|
|||
|
|
|||
|
# Allow the system clock to be stepped in the first five updates
|
|||
|
# if its offset is larger than 1 second.
|
|||
|
makestep 1 5
|
|||
|
|
|||
|
# Enable kernel synchronization of the real-time clock (RTC).
|
|||
|
rtcsync
|
|||
|
|
|||
|
# Allow NTP client access from local network.
|
|||
|
allow 0.0.0.0/0
|
|||
|
|
|||
|
# Serve time even if not synchronized to a time source.
|
|||
|
local stratum 10
|
|||
|
|
|||
|
# Select which information is logged.
|
|||
|
#log measurements statistics tracking
|
|||
|
|
|||
|
#
|
|||
|
noclientlog
|
|||
|
```
|
|||
|
- chrony 客户端配置
|
|||
|
|
|||
|
```
|
|||
|
$ cat /etc/chrony.conf
|
|||
|
# Use local chrony server.
|
|||
|
server 192.168.1.1 iburst
|
|||
|
|
|||
|
# Record the rate at which the system clock gains/losses time.
|
|||
|
driftfile /var/lib/chrony/drift
|
|||
|
|
|||
|
# Allow the system clock to be stepped in the first five updates
|
|||
|
# if its offset is larger than 1 second.
|
|||
|
makestep 1 5
|
|||
|
|
|||
|
# Enable kernel synchronization of the real-time clock (RTC).
|
|||
|
rtcsync
|
|||
|
|
|||
|
# Select which information is logged.
|
|||
|
#log measurements statistics tracking
|
|||
|
```
|
|||
|
|
|||
|
- 在 systemd 系统上编写服务文件如下 /etc/systemd/system/chrony.service
|
|||
|
|
|||
|
```
|
|||
|
[Unit]
|
|||
|
Description=chrony
|
|||
|
Documentation=https://github.com/kubeasz/dockerfiles/chrony
|
|||
|
After=docker.service
|
|||
|
Requires=docker.service
|
|||
|
|
|||
|
[Service]
|
|||
|
User=root
|
|||
|
ExecStart=/opt/kube/bin/docker run \
|
|||
|
--cap-add SYS_TIME \
|
|||
|
--name chrony \
|
|||
|
--network host \
|
|||
|
--volume /etc/chrony.conf:/etc/chrony/chrony.conf \
|
|||
|
--volume /var/lib/chrony:/var/lib/chrony \
|
|||
|
easzlab/chrony:0.1.0
|
|||
|
ExecStartPost=/sbin/iptables -t raw -A PREROUTING -p udp -m udp --dport 123 -j NOTRACK
|
|||
|
ExecStartPost=/sbin/iptables -t raw -A OUTPUT -p udp -m udp --sport 123 -j NOTRACK
|
|||
|
ExecStop=/opt/kube/bin/docker rm -f chrony
|
|||
|
Restart=always
|
|||
|
RestartSec=10
|
|||
|
Delegate=yes
|
|||
|
|
|||
|
[Install]
|
|||
|
WantedBy=multi-user.target
|
|||
|
```
|