easzlab
/
kubeasz
mirror of https://github.com/easzlab/kubeasz.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
kubeasz/docs/practice/dockerize_system_service.md

142 lines
3.3 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters!

This file contains ambiguous Unicode characters that may be confused with others in your current locale. If your use case is intentional and legitimate, you can safely ignore this warning. Use the Escape button to highlight these characters.

# 容器化系统服务
## 容器化 haproxy
本例使用 [docker hub 官方](https://github.com/docker-library/haproxy) 维护的 haproxy 镜像haproxy 配置举例如下
```
global
log stdout format raw local1 notice
nbproc 1
defaults
log global
timeout connect 5s
timeout client 10m
timeout server 10m
listen apiservers
bind 0.0.0.0:6443
mode tcp
option tcplog
option dontlognull
option dontlog-normal
balance roundrobin
server 192.168.1.1 192.168.1.1:6443 check inter 10s fall 2 rise 2 weight 1
server 192.168.1.2 192.168.1.2:6443 check inter 10s fall 2 rise 2 weight 1
```
在 systemd 系统上编写服务文件如下 /etc/systemd/system/haproxy.service
```
[Unit]
Description=haproxy
Documentation=https://github.com/docker-library/haproxy
After=docker.service
Requires=docker.service
[Service]
User=root
ExecStart=/bin/docker run \
--name haproxy \
--publish 6443:6443 \
--volume /etc/haproxy/haproxy.cfg:/usr/local/etc/haproxy/haproxy.cfg \
docker.io/library/haproxy:1.9.8-alpine
ExecStop=/bin/docker rm -f haproxy
ExecReload=/bin/docker kill -s HUP haproxy
Restart=always
RestartSec=10
Delegate=yes
LimitNOFILE=50000
LimitNPROC=50000
[Install]
WantedBy=multi-user.target
```
## 容器化 chrony
- chrony 服务器端配置假设chrony服务器端192.168.1.1
```
$ cat /etc/chrony.conf
# Use public servers from the pool.ntp.org project.
server ntp1.aliyun.com iburst
server ntp2.aliyun.com iburst
pool pool.ntp.org iburst
# Ignor source level
stratumweight 0
# Record the rate at which the system clock gains/losses time.
driftfile /var/lib/chrony/drift
# Allow the system clock to be stepped in the first five updates
# if its offset is larger than 1 second.
makestep 1 5
# Enable kernel synchronization of the real-time clock (RTC).
rtcsync
# Allow NTP client access from local network.
allow 0.0.0.0/0
# Serve time even if not synchronized to a time source.
local stratum 10
# Select which information is logged.
#log measurements statistics tracking
#
noclientlog
```
- chrony 客户端配置
```
$ cat /etc/chrony.conf
# Use local chrony server.
server 192.168.1.1 iburst
# Record the rate at which the system clock gains/losses time.
driftfile /var/lib/chrony/drift
# Allow the system clock to be stepped in the first five updates
# if its offset is larger than 1 second.
makestep 1 5
# Enable kernel synchronization of the real-time clock (RTC).
rtcsync
# Select which information is logged.
#log measurements statistics tracking
```
- 在 systemd 系统上编写服务文件如下 /etc/systemd/system/chrony.service
```
[Unit]
Description=chrony
Documentation=https://github.com/kubeasz/dockerfiles/chrony
After=docker.service
Requires=docker.service
[Service]
User=root
ExecStart=/opt/kube/bin/docker run \
--cap-add SYS_TIME \
--name chrony \
--network host \
--volume /etc/chrony.conf:/etc/chrony/chrony.conf \
--volume /var/lib/chrony:/var/lib/chrony \
easzlab/chrony:0.1.0
ExecStartPost=/sbin/iptables -t raw -A PREROUTING -p udp -m udp --dport 123 -j NOTRACK
ExecStartPost=/sbin/iptables -t raw -A OUTPUT -p udp -m udp --sport 123 -j NOTRACK
ExecStop=/opt/kube/bin/docker rm -f chrony
Restart=always
RestartSec=10
Delegate=yes
[Install]
WantedBy=multi-user.target
```
Reference in New Issue View Git Blame Copy Permalink