Linux+Zabbix+Jumpserver+Shell+Docker+K8S

zabbix 安装配置

[root@localhost ~]#  rpm -Uvh https://mirrors.aliyun.com/zabbix/zabbix/5.0/rhe1/7/x86_64/zabbix-release-5.0-1.el7.noarch.rpm

[root@localhost ~]# vim /etc/yum.repos.d/zabbix.repo 

[root@localhost ~]# sed -i 's#http://repo.zabbix.com#https://mirrors.aliyun.com/zabbix#' /etc/yum.repos.d/zabbix.repo 

[root@localhost ~]# yum clean all 

[root@localhost ~]# yum makecache

[root@localhost ~]# yum install -y zabbix-server-mysql zabbix-agent 

[root@localhost ~]# yum install centos-release-scl -y 

[root@localhost ~]# yum install -y zabbix-web-mysql-scl zabbix-apache-conf-scl 

[root@localhost ~]# yum install -y mariadb-server.x86_64 

[root@localhost ~]# mysql_secure_installation 

MariaDB [(none)]> create database zabbix character set utf8 collate utf8_bin;

Query OK, 1 row affected (0.00 sec)

 zcat /usr/share/doc/zabbix-server-mysql*/create.sql.gz | mysql -uzabbix -p zabbix

MariaDB [(none)]> 

MariaDB [(none)]> create user zabbix@localhost identified by 'abc123';

Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> grant all privileges on zabbix.* to zabbix@localhost;

Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> flush privileges;

Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> exit;

[root@localhost ~]# vim /etc/zabbix/zabbix_server.conf 

[root@localhost ~]# vim /etc/opt/rh/rh-php72/php-fpm.d/zabbix.conf 

启动

[root@localhost ~]# systemctl restart zabbix-server zabbix-agent httpd rh-php72-php-fpm

[root@localhost ~]# http://192.168.40.171

登录

http://192.168.40.171/zabbix/index.php

Admin

zabbix

Zabbix agent2

# 部署客户端

agent2 10050端口 新版本和就很版本一样，没修改端口的情况下不可以同时启动

机器环境准备

注意时间正确  yum install ntpdate -y  ntpdate -u ntp.aliyun.com

安装：

[root@localhost ~]# yum install -y zabbix-agent2.x86_64 

ls -l /usr/sbin/zabbix_agent2 

启动：

[root@localhost ~]# systemctl enable --now zabbix-agent2.service 

[root@localhost yum.repos.d]# netstat -tnpl | grep 10050

 vim /etc/zabbix/zabbix_agent2.conf  // Server ServerActive 、 Hostname

验证zabbix链接：

客户端 yum install -y zabbix-get.x86_64 

[root@localhost ~]# zabbix_get -s '192.168.40.172' -p 10050 -k 'agent.ping'

1

[root@localhost ~]# zabbix_get -s '192.168.40.172' -p 10050 -k 'system.hostname'

zbx-agent02

zabbix 使用

解决乱码问题：安装字体

[root@localhost ~]# yum install -y wqy-microhei-fonts.noarch 

覆盖原本的字体

[root@localhost ~]# \cp /usr/share/fonts/wqy-microhei/wqy-microhei.ttc /usr/share/fonts/dejavu/DejaVuSans.ttf 

添加主机

命令行操作

自定义监控登录的用于大于三就报警

1、明确命令 who | wc -l

2、创建配置文件如下

[root@zbx-agent02 zabbix_agent2.d]# cat userparameter_login.conf 

UserParameter=login.user,who|wc -l

3、使用（服务端）

[root@localhost ~]# zabbix_get -s '192.168.40.172' -p 10050 -k 'login.user'

修改字符编码

localedef -c -f UTF-8 -i zh_CN zh_CN.UTF-8

export LC_ALL=zh_CN.UTF-8

 echo 'LANG="zh_CN.UTF-8"' >/etc/locale.conf 

换源

wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo &&

wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo

yum clean all &&

yum makecache

Python3 安装虚拟环境

更换源

[root@localhost ~]# mkdir ~/.pip

[root@localhost ~]# touch ~/.pip/pip.conf

[root@localhost ~]# vim ~/.pip/pip.conf 

[root@localhost ~]# cat ~/.pip/pip.conf 

[global]

index-url = https://mirrors.aliyun.com/pypi/simple

执行安装：

pip3 install virtualenv

如果出现SSL不可用排查错误

1、编译安装的python3操作撤回

2、安装openssl工具重新编译python3

创建环境

[root@localhost ~]# virtualenv --python=python3 jmp_venv1

 解释器位置creator CPython3Posix(dest=/root/jmp_venv1,

更换python3环境

[root@localhost bin]# source /root/jmp_venv1/bin/activate

退出虚拟环境

deactivate

Redis数据库

yum下载

[root@localhost bin]# systemctl start redis

[root@localhost bin]# netstat -tnupl 

tcp    0   0 127.0.0.1:6379     0.0.0.0:*        LISTEN   3057/redis-server 1 

登录Redis

[root@localhost bin]# redis-cli 

127.0.0.1:6379> ping

PONG

jumpServer后台部署

1、

2、

修改配置文件

1、生成秘钥

修改后配置

数据库迁移

1、

2、

安装完成

启动

(jmp_venv1) [root@jumserver1 jumpserver]# ./jmsctl.sh start

查看docker数据库

(jmp_venv1) [root@jumserver1 jumpserver]# docker exec -it jms_mysql /bin/bash

root@4103f3eda9af:/# 

root@4103f3eda9af:/# 

root@4103f3eda9af:/# mysql -uroot -p$MARIADB_ROOT_PASSWORD

老版本启动

堡垒机设置SSH 登录

1、客户机配置 （只允许通过堡垒机ssh登录）

[root@jumserver2 ~]# iptables -A INPUT -s 192.168.40.181 -p tcp --dport 22 -j ACCEPT

[root@jumserver2 ~]# iptables -A INPUT -p tcp --dport 22 -j REJECT

2、添加资产

3、资产授权

Docker & k8s

1、Docker

架构图

安装docker

预先配置

开起linux内核的流量转发：

cat <<EOF > /etc/sysctl.d/docker.conf

net.bridge.bridge-nf-call-ip6tables = 1

net.bridge.bridge-nf-call-iptables = 1

net.ipv4.conf.default.rp_filter = 0 

net.ipv4.conf.all.rp_filter = 0 

net.ipv4.ip_forward = 1

EOF

出错：

[root@localhost ~]# sysctl -p /etc/sysctl.d/docker.conf 

sysctl: cannot stat /proc/sys/net/bridge/bridge-nf-call-ip6tables: 没有那个文件或目录

sysctl: cannot stat /proc/sys/net/bridge/bridge-nf-call-iptables: 没有那个文件或目录

sysctl: cannot stat /proc/sys/net/ipv4/conf/default-rp_filter: 没有那个文件或目录

net.ipv4.conf.all.rp_filter = 0

net.ipv4.ip_forward = 1

解决方法

[root@localhost ~]# modprobe br_netfilter

再次执行，执行成功

docker-ce版本

[root@localhost ~]# curl -o /etc/yum.repos.d/docker-ce.repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo

yum安装docker

yum install -y docker-ce 安装docker

启动Docker

1、配置Docker加速器

 116 mkdir /etc/docker

 117 vim /etc/docker/daemon.json

 118 systemctl daemon-reload

 119 systemctl enable docker

 120 systemctl restart docker

 121 history

2、Docker 安装Nginx

搜索镜像 docker search nginx

拉取镜像 docker pull nginx

3、image运行进行命令 -d 后台运行 -p 80:80 指定外部访问端口以及内部被映射端口

docker run -d -p 80:80 nginx

4、停止&启动

[root@localhost ~]# docker stop 7fc05c93eb3d 

7fc05c93eb3d

[root@localhost ~]# docker start 7fc05c93eb3d

7fc05c93eb3d

[root@localhost ~]# 

进入容器空间内： -i 交互式操作 -t开启一个终端 bash 进入容器空间后执行的命令

[root@localhost ~]# docker run -it 5d0da3dc9764 bash

运行nginx并且进去进入image

[root@localhost ~]# docker run -d -p 8080:80 nginx

7a14bb6b5bb2cc408087b86406b4e1aca15359cf4706531cc0df0c13fd6b8202

[root@localhost ~]# docker ps

CONTAINER ID  IMAGE   COMMAND          CREATED     STATUS     PORTS                  NAMES

7a14bb6b5bb2  nginx   "/docker-entrypoint.…"  51 seconds ago  Up 50 seconds  0.0.0.0:8080->80/tcp, :::8080->80/tcp  infallible_shtern

[root@localhost ~]# docker exec -it 7a14bb6b5bb2 bash

# -it 打开一个控制台 --rm 退出image后删除

[root@localhost ~]# docker run -it --rm centos bash

# docker 查看相关命令

[root@localhost ~]# docker images -q

7e89539dd8bd

021283c8eb95

5d0da3dc9764

afb6fca791e0

#格式化显示镜像 使用 --format参数

[root@localhost ~]# docker images --format "{{.ID}}--{{.Repository}}"

7e89539dd8bd--redis

021283c8eb95--nginx

5d0da3dc9764--centos

afb6fca791e0--centos

#以表格形式显示 --table

[root@localhost ~]# docker images --format "table {{.ID}}\t{{.Repository}}\t{{.Tag}}"

IMAGE ID    REPOSITORY  TAG

7e89539dd8bd  redis    latest

021283c8eb95  nginx    latest

5d0da3dc9764  centos    latest

afb6fca791e0  centos    7.8.2003

#批量删除镜像

[root@localhost ~]# docker rmi `docker images -aq`

# 导出镜像

[root@localhost ~]# docker image save centos:7.8.2003 > /opt/centos7.tgz

[root@localhost ~]# ll /opt/centos7.tgz 

-rw-r--r-- 1 root root 211077120 7月 18 18:59 /opt/centos7.tgz

[root@localhost ~]# 

#导入镜像 -i 指定镜像的位置

[root@localhost ~]# docker image load -i /opt/centos7.tgz 

fb82b029bea0: Loading layer [==================================================>] 211.1MB/211.1MB

Loaded image: centos:7.8.2003

[root@localhost ~]# docker images 

REPOSITORY  TAG    IMAGE ID    CREATED     SIZE

redis    latest   7e89539dd8bd  7 days ago   130MB

nginx    latest   021283c8eb95  13 days ago   187MB

centos    latest   5d0da3dc9764  22 months ago  231MB

centos    7.8.2003  afb6fca791e0  3 years ago   203MB

[root@localhost ~]# 

#查看镜像详细信息

[root@localhost ~]# docker images inspect afb6fca791e0

#多命令执行 -d 后台 --rm 运行后删除 --name 命名

[root@localhost ~]# docker run -d --rm --name centos7 centos:7.8.2003 ping www.baidu.co

#查看容器日志

[root@localhost ~]# docker logs bea42e15f885 #查看全部日志

PING www.baidu.com (36.152.44.95) 56(84) bytes of data.

64 bytes from 36.152.44.95 (36.152.44.95): icmp_seq=1 ttl=127 time=21.4 ms

[root@localhost ~]# docker logs -f bea42e15f885 #实时刷新日志

PING www.baidu.com (36.152.44.95) 56(84) bytes of data.

[root@localhost ~]# docker logs bea42e15f885 | tail -5

#进入运行中的容器

[root@localhost ~]# docker exec -it bea42e15f885 bash

#容器的端口映射 正常映射 -p 80:80

随机端口映射 -P

[root@localhost ~]# docker run -d --name nginx -P nginx 

c1a5dd1b6efed9d063064ba4784f2be61d1e80f4604afc7cd1727eb7d5a632b5

[root@localhost ~]# docker ps

CONTAINER ID  IMAGE       COMMAND          CREATED     STATUS     PORTS                   NAMES

c1a5dd1b6efe  nginx       "/docker-entrypoint.…"  5 seconds ago  Up 4 seconds  0.0.0.0:49153->80/tcp, :::49153->80/tcp  nginx

bea42e15f885  centos:7.8.2003  "ping www.baidu.com"   14 minutes ago  Up 14 minutes                       centos7

[root@localhost ~]# 

#容器提交 commit

[root@localhost ~]# docker commit c415aca2b6fd gerizeng01/centos-vim-7.8

sha256:72ebd3b8edadeda8b114c6972d4fe1a9b476178106dd4e2c060c63269611f993

[root@localhost ~]# docker images

REPOSITORY         TAG    IMAGE ID    CREATED     SIZE

gerizeng01/centos-vim-7.8  latest   72ebd3b8edad  6 seconds ago  472MB

centos           7.8.2003  afb6fca791e0  3 years ago   203MB

#DockerFile 自定义定制镜像

主要组成部分：

1、基础镜像信息 FROM centos：7.8

2、制作镜像操作指令 RUN yum install -y Apache

3、容器启动时执行指令CMD["/bin/bash"]

补充 ： USER 改变工作用户环境

#构建一个Dockerfile

[root@localhost DockerFIle]# vim Dockerfile

[root@localhost DockerFIle]# cat Dockerfile 

FROM nginx

RUN echo '<meta charset=utf8>hello world' > /usr/share/nginx/html/index.html

[root@localhost DockerFIle]# ls

1 Dockerfile

[root@localhost DockerFIle]# docker build .

[+] Building 0.6s (6/6) FINISHED                                                                 docker:default

 => [internal] load build definition from Dockerfile                                                            0.0s

 => => transferring dockerfile: 125B                                                                    0.0s

 => [internal] load .dockerignore                                                                     0.0s

 => => transferring context: 2B                                                                      0.0s

 => [internal] load metadata for docker.io/library/nginx:latest                                                      0.0s

 => [1/2] FROM docker.io/library/nginx                                                                   0.0s

 => [2/2] RUN echo '<meta charset=utf8>hello world' > /usr/share/nginx/html/index.html                                           0.5s

 => exporting to image                                                                           0.0s

 => => exporting layers                                                                          0.0s

 => => writing image sha256:f3d297dce94720df27d76103f822e6b6a49d63ffab0381211550ff7779ebdd76                                        0.0s

#修改镜像名字

[root@localhost DockerFIle]# docker tag f3d297dce947 my_nginx

# 启动运行

[root@localhost DockerFIle]# docker run -d -p 80:80 my_nginx

# 注意容器没有后台概念，必须在前台运行

正确写法应该为 使用原生命令 ：CMD ["nginx","-g","daemon off"]

ENTRYPOINT和CMD之间的区别

执行时添加额外的参数 CMD内的内容会被覆盖掉。

ENTRYPOINT

内容：

FROM centos:7.8.2003

RUN rpm --rebuilddb && yum install curl -y 

ENTRYPOINT ["curl","-s","http://ipinfo.io/ip"]

执行效果

[root@localhost DockerFIle]# docker tag d44db96a9e98 centos_curl

[root@localhost DockerFIle]# docker run centos_curl

223.84.234.161[root@localhost DockerFIle]# docker run centos_curl -s

223.84.234.161[root@localhost DockerFIle]# docker run centos_curl -I

HTTP/1.1 200 OK

access-control-allow-origin: *

content-type: text/html; charset=utf-8

content-length: 14

date: Wed, 19 Jul 2023 11:04:57 GMT

x-envoy-upstream-service-time: 0

strict-transport-security: max-age=2592000; includeSubDomains

Via: 1.1 google

#VOLUME 挂载目录 （在存储层容器内不写入数据，在容器内运行产生的数据我们推荐的是使用挂载）

还可以使用docker run -v 参数直接指定挂载的目录

#案例

#Dockerfile配置

[root@localhost DockerFIle]# cat Dockerfile 

FROM centos:7.8.2003

MAINTAINER GERI

RUN curl -o /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-7.repo;

RUN curl =o /etc/yum.repos.d/epel.repo https://mirrors.aliyun.com/repo/epel-7.repo;

RUN yum makecache fast;

RUN yum install python3-devel python3-pip -y

RUN pip3 install -i https://pypi.douban.com/simple flask

COPY flask.py /opt

WORKDIR /opt

EXPOSE 8080

CMD ["python3","flask.py"]

#生成镜像 --no-cache 不使用之前生成的缓存重新下载

[root@localhost DockerFIle]#docker build --no-cache -t 'geri/myflaskweb' .

 #运行结果

#Docker 命令总结

1、[root@localhost ~]# docker run -it centos:7.8.2003 bash

2、[root@localhost ~]# docker run -it --name mynginx -d --restart=always centos:7.8.2003 

8ce970e24c01ecbbb8e30337d7a878ca12c9d8368243cad81cbba884a9f97cc3

[root@localhost ~]# docker ps

CONTAINER ID  IMAGE       COMMAND    CREATED     STATUS     PORTS   NAMES

8ce970e24c01  centos:7.8.2003  "/bin/bash"  49 seconds ago  Up 47 seconds       mynginx

[root@localhost ~]# docker exec -it 8ce970e24c01 bash

[root@8ce970e24c01 /]# 

3、docker logs -f 镜像ID #-f 实时查看

4、[root@localhost ~]# docker rm -f `docker ps -aq` #删除全部

8ce970e24c01

5、docker top 容器id #查看当前容器内的进程信息

6、docker state 容器id # 显示当前容器的资源情况

7、docker inspect 容器id #查看容器的详细信息

8、[root@localhost ~]# docker inspect --format '{{.ContainerConfig.Image}}' 72ebd3b8edad

centos:7.8.2003 #格式化输出想要的信息