diff --git a/ops/docker_proxy.sh b/ops/docker_proxy.sh deleted file mode 100644 index 32d7e7d..0000000 --- a/ops/docker_proxy.sh +++ /dev/null @@ -1,58 +0,0 @@ -#/bin/bash - -#设置docker代理 - -# you should set it to your proxy ip -proxy_ip="http://192.168.246.1:1080" -# you need set it to the host ip -proxy_none_ip="192.168.0.0/16" - -proxy='Environment="HTTPS_PROXY='${proxy_ip}'"\ -Environment="NO_PROXY=127.0.0.0/8"\ -Environment="NO_PROXY='${proxy_none_ip}'"' -DOCKER_CONF="/usr/lib/systemd/system/docker.service" -#DOCKER_CONF="docker.service" -if [ ! -e $DOCKER_CONF ]; then - echo "INFO: docker not running " - exit 2 -fi -func_reload(){ - systemctl daemon-reload - systemctl restart docker - echo "INFO#: docker-reload finined!" -} -func_proxy_on(){ - if grep PROXY $DOCKER_CONF >> /dev/null ; then - echo "INFO#: docker proxy may be on : " - echo "" - grep PROXY $DOCKER_CONF - echo "" - else - echo "INFO: docker proxy on" - sed -i "/ExecStart/i${proxy}" $DOCKER_CONF - func_reload - fi -} - -func_proxy_off(){ - if grep PROXY $DOCKER_CONF >>/dev/null; then - echo "INFO: docker proxy off" - sed -i "/PROXY/d" $DOCKER_CONF - func_reload - else - echo "INFO: docker proxy already off" - fi -} - -case $1 in - on) - func_proxy_on - ;; - off) - func_proxy_off - ;; - *) - echo "userage `basename $0` {on|off}" - exit 1 - ;; -esac \ No newline at end of file diff --git a/ops/generate-certs.sh b/ops/generate-certs.sh new file mode 100644 index 0000000..e69de29 diff --git a/ops/init-storage.sh b/ops/init-storage.sh index 3a3688f..acd7251 100644 --- a/ops/init-storage.sh +++ b/ops/init-storage.sh @@ -9,9 +9,22 @@ 3. maintainer # Support Platform Version: MachineDevil v0.6.0 #========================================================================================================================= +# Kernel control groups +# Enable Cgroup-v2 +## Edit grub +## refer: [Modifying kernel boot parameters](https://documentation.suse.com/smart/linux/single-html/task-modify-kernel-boot-parameter/index.html) +## refer: [Kernel control groups](https://documentation.suse.com/sles/15-SP3/html/SLES-all/cha-tuning-cgroups.html) +sudo sed -i 's/GRUB_CMDLINE_LINUX_DEFAULT="mitigations=auto quiet"/GRUB_CMDLINE_LINUX_DEFAULT="cgroup_no_v1=blkio systemd.unified_cgroup_hierarchy=1 splash=silent mitigations=auto quiet"/g' /etc/default/grub +sudo update-bootloader --refresh +cat /proc/cmdline +## reboot +stat -c %T -f /sys/fs/cgroup +sudo su +cat /sys/fs/cgroup/unified/cgroup.controllers +cd /sys/fs/cgroup/unified/ +echo '+io' > cgroup.subtree_control # Mount disk -# manual setup lsblk mkdir -p /data/diska DiskUUID=$(sudo blkid /dev/sda1 | cut -d' ' -f2) @@ -21,16 +34,30 @@ sudo chmod -x /etc/fstab # Deploy minIO services ## echo "12|23|11" | awk '{split($0,a,"|"); print a[3],a[2],a[1]}' +# S3 +podman run \ + -p 9000:9000 \ + -p 9001:9001 \ + --name minio-s3 \ + -e "MINIO_ROOT_USER=aws_s3_access_key" \ + -e "MINIO_ROOT_PASSWORD=aws_s3_secret_key" \ + quay.io/minio/minio gateway s3 --console-address ":9001" + # Setup firewalld sudo firewall-cmd --get-active-zones sudo firewall-cmd --zone=public --add-port=9000/tcp --permanent +sudo firewall-cmd --permanent --add-port 80/tcp +sudo firewall-cmd --permanent --add-port 9001/tcp sudo firewall-cmd --reload +# Fileserver https://caddyserver.com/docs/ +## Setup minIO account +MINIO_ROOT_USER=changeme +MINIO_ROOT_PASSWORD=changeme +# Configure an nginx reverse proxy -# Fileserver https://caddyserver.com/docs/ - # LabelStudio podman run -d -it -p 8080:8080 -v `pwd`/labelDatasets:/label-studio/data heartexlabs/label-studio:latest \ No newline at end of file diff --git a/ops/installation-guide.md b/ops/installation-guide.md index 49642df..ae70085 100644 --- a/ops/installation-guide.md +++ b/ops/installation-guide.md @@ -577,29 +577,17 @@ You can specify a different base url at which where to access the application - ## 内网穿透实例 FRP - -为什么使用 frp ? -通过在具有公网 IP 的节点上部署 frp 服务端,可以轻松地将内网服务穿透到公网,同时提供诸多专业的功能特性,这包括: - -客户端服务端通信支持 TCP、KCP 以及 Websocket 等多种协议。 -采用 TCP 连接流式复用,在单个连接间承载更多请求,节省连接建立时间。 -代理组间的负载均衡。 -端口复用,多个服务通过同一个服务端端口暴露。 -多个原生支持的客户端插件(静态文件查看,HTTP、SOCK5 代理等),便于独立使用 frp 客户端完成某些工作。 -高度扩展性的服务端插件系统,方便结合自身需求进行功能扩展。 -服务端和客户端 UI 页面。 - -1. frp 服务器,客户端配置 - 分别在公网服务器和私网终端下载[frp包](https://github.com/fatedier/frp/releases),根据如下配置server,client。 -这个示例通过简单配置 TCP 类型的代理让用户访问到内网的服务器。 +# 需要先 cd 到 frp 解压目录. + +# 复制配置文件 +cp frps /usr/local/bin/frps +mkdir /etc/frp +cp frps.ini /etc/frp/frps.ini -**通过 SSH 访问内网机器: ** - -1.1. 服务器端 frps.ini - -``` +# 更新本地配置 +sudo echo """ [common] bind_port = 7000 dashboard_port = 7500 @@ -608,22 +596,40 @@ dashboard_user = admin dashboard_pwd = admin vhost_http_port = 10080 vhost_https_port = 10443 -``` +""" > /etc/frp/frps.ini + +## 编写 frp service 文件,以 ubuntu 为例 +sudo echo """ +[Unit] +Description=frps +After=network.target + +[Service] +TimeoutStartSec=30 +ExecStart=/usr/local/bin/frps -c /etc/frp/frps.ini +ExecStop=/bin/kill $MAINPID +Restart=on-failure +RestartSec=30s +KillMode=none +[Install] +WantedBy=multi-user.target +""" > /etc/systemd/system/frps.service +# 启动 frp 并设置开机启动 +sudo systemctl stop frps +sudo systemctl disable frps +sudo systemctl start frps +sudo systemctl enable frps +sudo systemctl status frps -**其中** - - * “bind_port”表示用于客户端和服务端连接的端口,这个端口号我们之后在配置客户端的时候要用到。 - * “dashboard_port”是服务端仪表板的端口,若使用7500端口,在配置完成服务启动后可以通过浏览器访问 x.x.x.x:7500 (其中x.x.x.x为VPS的IP)查看frp服务运行信息。 - * “token”是用于客户端和服务端连接的口令,请自行设置并记录,稍后会用到。 - * “dashboard_user”和“dashboard_pwd”表示打开仪表板页面登录的用户名和密码,自行设置即可。 - * “vhost_http_port”和“vhost_https_port”用于反向代理HTTP主机时使用,本文不涉及HTTP协议,因而照抄或者删除这两条均可。 - - -1.2. 客户端frp.ini - -*如果有多个终端使用相同的协议比如ssh连接,需要设置为不同的服务名称,例如:[ssh_client1],[ssh_client2]* - -``` +* 在客户端使用 Systemd 管理 frpc +# 复制文件 +cp frpc /usr/local/bin/frpc +mkdir /etc/frp +cp frpc.ini /etc/frp/frpc.ini +# 更新本地配置 + +# 如果有多个终端使用相同的协议比如ssh连接,需要设置为不同的服务名称,例如:[ssh_client1],[ssh_client2]* +sduo echo """ [common] server_addr = server_port = 7000 @@ -732,7 +738,6 @@ sudo systemctl disable frpc sudo systemctl start frpc sudo systemctl enable frpc sudo systemctl status frpc - ``` * 参考链接: diff --git a/ops/installation-tools.sh b/ops/installation-tools.sh new file mode 100644 index 0000000..942ef0d --- /dev/null +++ b/ops/installation-tools.sh @@ -0,0 +1,95 @@ +!/bin/bash +#========================================================================================================================= +# Info: 系统环境初始化 +# Creator: yijie +# Update: 2021-07-31 +# Tool version: 0.1.0 +# 1. Online install tools +# 2. Offline installation +# Support Platform Version: MachineDevil v0.6.0 +#========================================================================================================================= + +# Online installation +#------------------------------------------------------------------------------------------------------------------------- +workspace=$HOME +distribution=$(. /etc/os-release;echo $ID$VERSION_ID) +sudo rpm --import https://packages.microsoft.com/keys/microsoft.asc +sudo zypper addrepo https://packages.microsoft.com/yumrepos/vscode vscode +sudo zypper refresh +sudo zypper install -y code + +# Install OBS +sudo zypper ar -cfp 90 'https://ftp.gwdg.de/pub/linux/misc/packman/suse/openSUSE_Leap_$releasever/' packman +sudo zypper dup --from packman --allow-vendor-chang +sudo zypper in obs-studio + +# Install frps +wget https://github.com/fatedier/frp/releases/download/v0.38.0/frp_0.38.0_linux_amd64.tar.gz +tar zxf frp_0.38.0_linux_amd64.tar.gz +cp frps /usr/local/bin/frps +mkdir /etc/frp +cp frps.ini /etc/frp/frps.ini + +## client configuration +cat > /etc/frp/frpc.ini << EOF +[common] +server_addr = 122.51.195.199 +server_port = 7000 +token = Aiops@2025 +[ssh] +type = tcp +local_ip = 127.0.0.1 +local_port = 2025 +remote_port = 6022 +[smb] +type = tcp +local_ip = 127.0.0.1 +local_port = 445 +remote_port = 7002 +EOF + +## systemctl service +sudo cat > /etc/systemd/system/frps.service << EOF +# 内容如下 +[Unit] +Description=frps +After=network.target + +[Service] +TimeoutStartSec=30 +ExecStart=/usr/local/bin/frps -c /etc/frp/frps.ini +ExecStop=/bin/kill $MAINPID +Restart=on-failure +RestartSec=30s +KillMode=none + +[Install] +WantedBy=multi-user.target +EOF +## 启动 frp 并设置开机启动 +sudo systemctl stop frps +sudo systemctl disable frps +sudo systemctl start frps +sudo systemctl enable frps +### sudo systemctl status frps + +# Discourse +### https://github.com/discourse/discourse.git +curl -sSL https://raw.githubusercontent.com/bitnami/bitnami-docker-discourse/master/docker-compose.yml > docker-compose.yml +docker-compose up -d + + +# Offline installation (Debin/Ubuntu) +#------------------------------------------------------------------------------------------------------------------------- +## Refer: https://ostechnix.com/download-packages-dependencies-locally-ubuntu/ +mkdir $HOME/offline && cd $H--download-onlyOME/offline +sudo apt-get install --download-only openssh-server +for i in $(apt-cache depends python | grep -E 'Depends|Recommends|Suggests' | cut -d ':' -f 2,3 | sed -e s/'<'/''/ -e s/'>'/''/); do sudo apt-get download $i 2>>errors.txt; done +zip -o offline.zip ./* + +sudo dpkg -i * +### Another Motheds +# aptitude clean +# aptitude --download-only install +# cp /var/cache/apt/archives/*.deb +