twolf技术站

Appearance

安装rancher1

一、环境准备

提前安装docker环境,并且配置docker镜像加速

二、安装rancher

rancher默认端口是8080,映射到自己想要的路径

#先下载镜像,可以不下载,docker会自动拉取,racher1.x安装
docker pull rancher/server
#安装rancher
docker run -d --name=rancher --restart=unless-stopped -p 8880:8080 rancher/server
#rancher2.x安装
docker pull rancher/rancher:latest
#rancher/server和rancher/agent在不同机器安装的,在server虚拟机执行命令安装最新稳定版rancher/rancher:stable
#如rancher/server和rancher/agent安装在同一台机器,执行下面这句。-p参数修改容器外部访问的端口,80映射为8080,443映射为8443
docker run -d  --restart=unless-stopped --privileged -p 80:80 -p 443:443 -v /software/rancher/rancher:/var/lib/rancher -v /software/rancher/auditlog:/var/log/auditlog -v /software/certs/certs:/container/certs -e SSL_CERT_DIR="/container/certs" -e NO_PROXY="localhost,127.0.0.1,0.0.0.0,10.0.0.0/8,192.168.1.0/24"  --name rancher rancher/rancher:latest

三、端口开放

如果是虚拟机的话,需要开放指定的端口,或者关闭防火墙,阿里云的话需要开放安全组协议


查看防火墙状态
firewall-cmd --state
停止firewall
systemctl stop firewalld.service
禁止firewall开机启动
systemctl disable firewalld.service

四、 界面配置

网页输入ip:port可以,可以右下角切换语言中文,最后配置账号密码:系统管理->访问控制

五、安装驱动卷

本地安装

yum -y install nfs-utils
#启动
systemctl start nfs && systemctl enable nfs
systemctl start rpcbind && systemctl enable rpcbind
#创建共享目录
mkdir /software/shared
#授权
chmod -R 777 /software/shared

修改配置(三种配置):

  • echo "/software/shared   *(rw,sync,no_root_squash)" >> /etc/exports
  • echo "/software/shared   172.18.30.0/24(rw,sync,no_root_squash)" >> /etc/exports
  • echo "/software/shared   172.18.30.*(rw,sync,no_root_squash)" >> /etc/exports

六、外网映射内网的rancher服务

参考配置地址:https://rancher.com/docs/rancher/v1.6/en/installing-rancher/installing-server/basic-ssl-config/

nginx的配置参考如下:需要修改ip和服务名以及ssl的地址

upstream rancher {
    server rancher-server:8080;
}

map $http_upgrade $connection_upgrade {
    default Upgrade;
    ''      close;
}

server {
    listen 443 ssl http2;
    server_name <server>;
    ssl_certificate <cert_file>;
    ssl_certificate_key <key_file>;

    location / {
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-Port $server_port;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_pass http://rancher;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $connection_upgrade;
        # This allows the ability for the execute shell window to remain open for up to 15 minutes. Without this parameter, the default is 1 minute and will automatically close.
        proxy_read_timeout 900s;
    }
}

server {
    listen 80;
    server_name <server>;
    return 301 https://$server_name$request_uri;
}

粤ICP备2024174490号-1 Copyright © 2024-present twolf