前言
OpenEuler 作为面向数字基础设施的开源操作系统,越来越广泛地应用于金融、运营商、能源、物流、高校&科研、云计算等领域,1Panel 是新一代的 Linux 服务器运维管理面板,它们之间会擦出怎样的火花呢?
准备工作
OpenEuler 服务器一台;
服务器架构:x86_64、aarch64、armv7l、ppc64le、s390x;
内存要求:建议可用内存在 1GB 以上;
浏览器要求:请使用 Chrome、FireFox、IE10+、Edge等现代浏览器;
可访问互联网。
安装步骤
手动安装 docker
与常规 RedHat / CentOS 发行版不同,docker 官方的一键安装脚本尚且不可以直接在 OpenEuler 服务器中运行,故需要手动安装 docker 。
sudo dnf install docker-engine
安装 1Panel
执行 1panel 官方的一键安装脚本
curl -sSL https://resource.fit2cloud.com/1panel/package/quick_start.sh -o quick_start.sh && sh quick_start.sh
1Panel 中的一些工具
进程守护
从 pip 安装
pip install supervisor
创建启动脚本
vi /etc/systemd/system/supervisor.service
填入
[Unit]
Description=Supervisor process control system for UNIX
Documentation=http://supervisord.org
After=network.target
[Service]
ExecStart=/usr/local/bin/supervisord -n -c /etc/supervisor/supervisord.conf
ExecStop=/usr/local/bin/supervisorctl $OPTIONS shutdown
ExecReload=/usr/local/bin/supervisorctl -c /etc/supervisor/supervisord.conf $OPTIONS reload
KillMode=process
Restart=on-failure
RestartSec=50s
[Install]
WantedBy=multi-user.target
创建必要文件夹
mkdir /etc/supervisor/
mkdir /var/log/supervisor/
创建基本配置文件
vi /etc/supervisor/supervisord.conf
填入
; supervisor config file
[unix_http_server]
; (the path to the socket file)
file = /var/run/supervisor.sock
; sockef file mode (default 0700)
chmod = 0700
[supervisord]
; (main log file;default $CWD/supervisord.log)
logfile = /var/log/supervisor/supervisord.log
; (supervisord pidfile;default supervisord.pid)
pidfile = /var/run/supervisord.pid
; ('AUTO' child log dir, default $TEMP)
childlogdir = /var/log/supervisor
; the below section must remain in the config file for RPC
; (supervisorctl/web interface) to work, additional interfaces may be
; added by defining them in separate rpcinterface: sections
[rpcinterface:supervisor]
supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface
[supervisorctl]
; use a unix:// URL for a unix socket
serverurl = unix:///var/run/supervisor.sock
; The [include] section can just contain the "files" setting. This
; setting can list multiple files (separated by whitespace or
; newlines). It can also contain wildcards. The filenames are
; interpreted as relative to this file. Included files *cannot*
; include files themselves.
[include]
files = /opt/1panel/tools/supervisord/supervisor.d/*.ini
;files = /etc/supervisor/conf.d/*.conf
设置开机自启
systemctl enable supervisor
在 1Panel 中进行初始化操作。
Fail2ban
安装 git
dnf install git
从源码安装
git clone https://github.com/fail2ban/fail2ban.git
cd fail2ban
sudo python setup.py install
创建启动脚本
vi /etc/systemd/system/fail2ban.service
输入
[Unit]
Description=Fail2Ban Service
Documentation=man:fail2ban(1)
After=network.target iptables.service firewalld.service ip6tables.service ipset.service nftables.service
PartOf=iptables.service firewalld.service ip6tables.service ipset.service nftables.service
[Service]
User=root
Type=simple
Environment="PYTHONNOUSERSITE=1"
Environment="PYTHONPATH=$PYTHONPATH:/usr/local/lib/python3.9/site-packages"
ExecStartPre=/bin/mkdir -p /run/fail2ban
ExecStart=/usr/local/bin/fail2ban-server -xf start
ExecStop=/usr/local/bin/fail2ban-client stop
ExecReload=/usr/local/bin/fail2ban-client reload
PIDFile=/run/fail2ban/fail2ban.pid
Restart=on-failure
RestartPreventExitStatus=0 255
[Install]
WantedBy=multi-user.target
在 1Panel 中启动Fail2ban