d29860fbb22374b60d7df15027a4875f95b65571
custom.css
... | ... | @@ -33,7 +33,7 @@ div.note p.admonition-title { |
33 | 33 | /* warning */ |
34 | 34 | div.warning { |
35 | 35 | background: rgba(0, 0, 0, 1); |
36 | - box-shadow: 0 6px 8 #312; |
|
36 | + box-shadow: 0 6px 8px #312; |
|
37 | 37 | margin-top: 1ex; |
38 | 38 | padding: 0.1ex 2ex; |
39 | 39 | } |
docker/swarm.rst
... | ... | @@ -0,0 +1,120 @@ |
1 | +===== |
|
2 | +Swarm |
|
3 | +===== |
|
4 | +--------------------------- |
|
5 | +Instalación y configuración |
|
6 | +--------------------------- |
|
7 | + |
|
8 | +Describimos como instalar swarm y jugar con él un poco. |
|
9 | + |
|
10 | +Pre-requisitos |
|
11 | +============== |
|
12 | + |
|
13 | +Sistema Operativo |
|
14 | +----------------- |
|
15 | + |
|
16 | +* Instalación mínima de Fedora 25 |
|
17 | +* Red pública para el controlador (ens3) |
|
18 | +* Red privada para los nodos (ens4) |
|
19 | + |
|
20 | +Firewall |
|
21 | +-------- |
|
22 | +El firewall debe modificarse para permitir acceso de/a swarm por la interfaz de red privada. Solo abriremos los puertos necesarios. |
|
23 | + |
|
24 | +.. code:: bash |
|
25 | + |
|
26 | + # configurar zona |
|
27 | + firewall-cmd --permanent --zone=work --add-port=2377/tcp --add-port=7946/tcp --add-port=7946/udp --add-port=4789/udp |
|
28 | + |
|
29 | + # modificar la zona de ens4 |
|
30 | + nmcli connection modify ens4 connection.zone work |
|
31 | + |
|
32 | + # activar |
|
33 | + firewall-cmd --full-reload |
|
34 | + nmcli connection reload ens4 |
|
35 | + |
|
36 | + # verificar |
|
37 | + nmcli connection show ens4 |
|
38 | + |
|
39 | + firewall-cmd --list-all |
|
40 | + firewall-cmd --list-all --zone=work |
|
41 | + |
|
42 | + |
|
43 | +Instalación |
|
44 | +=========== |
|
45 | +Instalaremos la versión más reciente en los repositorios de Fedora. |
|
46 | + |
|
47 | +.. code:: bash |
|
48 | + |
|
49 | + # instalar |
|
50 | + dnf -y install docker-latest |
|
51 | + |
|
52 | + # activar |
|
53 | + systemctl enable docker-latest |
|
54 | + systemctl start docker-latest |
|
55 | + |
|
56 | + |
|
57 | +Configuración |
|
58 | +============= |
|
59 | +Debemos iniciar un swarm y unir los nodos a él. |
|
60 | + |
|
61 | +.. code:: bash |
|
62 | + |
|
63 | + # crear un swarm (manager) |
|
64 | + docker swarm init --advertise-addr 192.168.77.1 |
|
65 | + |
|
66 | + # agregar nodos (nodos) |
|
67 | + # ejecutar ésto en nodos swarm2 y swarm3 |
|
68 | + docker swarm join --token <token-generado> 192.168.77.1:2377 |
|
69 | + |
|
70 | + # verificar (manager) |
|
71 | + docker info |
|
72 | + docker node ls |
|
73 | + |
|
74 | + |
|
75 | +Despliegue |
|
76 | +========== |
|
77 | +Veremos como desplegar algunas aplicaciones, usando ejemplos simplificados. |
|
78 | + |
|
79 | +.. code:: bash |
|
80 | + |
|
81 | + # crear un servicio con 1 réplica |
|
82 | + docker service create --replicas 1 --name helloworld alpine ping docker.com |
|
83 | + docker service ls |
|
84 | + docker service rm helloworld |
|
85 | + |
|
86 | + |
|
87 | + # crear un servicio con 3 réplicas |
|
88 | + docker service create --replicas 3 --name helloworld alpine ping docker.com |
|
89 | + docker service ls |
|
90 | + |
|
91 | + |
|
92 | + # inspeccionar el servicio |
|
93 | + docker service inspect --pretty helloworld |
|
94 | + |
|
95 | + |
|
96 | + # escalar |
|
97 | + ## abajo |
|
98 | + docker service scale helloworld=1 |
|
99 | + docker service inspect --pretty helloworld |
|
100 | + |
|
101 | + ## arriba |
|
102 | + docker service scale helloworld=5 |
|
103 | + docker service inspect --pretty helloworld |
|
104 | + docker service rm helloworld |
|
105 | + |
|
106 | + |
|
107 | + # exponer servicios |
|
108 | + docker service create --name my-web --publish 8080:80 --replicas 3 nginx |
|
109 | + docker service ls |
|
110 | + docker ps |
|
111 | + |
|
112 | + ## probar |
|
113 | + curl localhost:8080 |
|
114 | + curl 192.168.77.1:8080 |
|
115 | + curl 104.36.16.224:8080 |
|
116 | + |
|
117 | + |
|
118 | +Referencias |
|
119 | +=========== |
|
120 | +* https://docs.docker.com/engine/swarm/swarm-tutorial/ |
home.rst
... | ... | @@ -0,0 +1,3 @@ |
1 | +Bienvenid@ |
|
2 | +========== |
|
3 | +Esta es la wiki de [[EVALinux|http://evalinux.com]]. Gracias por visitarnos! |
howto/dhcp/instalacion
... | ... | @@ -0,0 +1,2 @@ |
1 | +# instalar paquetes necesarios |
|
2 | +yum -y install dhcp |
howto/dhcp/servicios
... | ... | @@ -0,0 +1,5 @@ |
1 | +# activar el servicio |
|
2 | +systemctl enable dhcpd.service |
|
3 | + |
|
4 | +# iniciar el servicio |
|
5 | +systemctl start dhcpd.service |
howto/dns/prerrequisitos
... | ... | @@ -0,0 +1,2 @@ |
1 | +# instalar bind y sus herramientas |
|
2 | +yum -y install bind-chroot bind-utils |
howto/dns/pruebas
... | ... | @@ -0,0 +1,11 @@ |
1 | +# buscar el dominio principal |
|
2 | +dig example.tld |
|
3 | + |
|
4 | +# buscar los subdominios |
|
5 | +dig ns1.example.tld |
|
6 | +dig mail.example.tld |
|
7 | + |
|
8 | +# buscar uno no existente y verificar que lo envía a 192.168.77.10 |
|
9 | +dig laskdj.example.tld |
|
10 | + |
|
11 | + |
howto/dns/rndc
... | ... | @@ -0,0 +1,2 @@ |
1 | +# generar llave |
|
2 | +rndc-confgen -b 512 -k EvaKey -r /dev/urandom |
howto/dns/servicios
... | ... | @@ -0,0 +1,5 @@ |
1 | +# activar servicio |
|
2 | +systemctl enable named.service |
|
3 | + |
|
4 | +# iniciar servicio |
|
5 | +systemctl start named.service |
howto/lemp/mariadb
... | ... | @@ -0,0 +1,46 @@ |
1 | +# generar password para mysql |
|
2 | +password=$( apg -M CLN -m 30 -n 1 ) |
|
3 | +echo "El password para mysql será: $password" |
|
4 | + |
|
5 | +# instalación segura de MariaDB |
|
6 | +mysql -u root << EOF |
|
7 | + |
|
8 | +# agregar password a usuario root |
|
9 | +UPDATE mysql.user SET Password = PASSWORD( '${password}' ) WHERE User = 'root'; |
|
10 | + |
|
11 | +# eliminar acceso a usuario root sin password |
|
12 | +DELETE FROM mysql.user WHERE User = ''; |
|
13 | +DELETE FROM mysql.user WHERE User = 'root' AND Host NOT IN ('localhost', '127.0.0.1', '::1'); |
|
14 | + |
|
15 | +# remover db de pruebas |
|
16 | +DROP DATABASE IF EXISTS test; |
|
17 | +DELETE FROM mysql.db WHERE Db = 'test' OR Db = 'test\\_%'; |
|
18 | + |
|
19 | +# re-cargar privilegios |
|
20 | +FLUSH PRIVILEGES; |
|
21 | +EOF |
|
22 | + |
|
23 | +# crear archivo .my.cnf |
|
24 | +cat << EOF > /root/.my.cnf |
|
25 | +[client] |
|
26 | +user = root |
|
27 | +password = $password |
|
28 | +host = localhost |
|
29 | + |
|
30 | +EOF |
|
31 | + |
|
32 | +# crear usuario y contraseña para base de datos |
|
33 | +user=$( apg -M CLN -m 15 -n 1 ) |
|
34 | +password=$( apg -M CLN -m 30 -n 1 ) |
|
35 | +cat << EOF |
|
36 | +Base de datos |
|
37 | + |
|
38 | +Usuario: $user |
|
39 | +Password: $password |
|
40 | + |
|
41 | +EOF |
|
42 | + |
|
43 | +# crear base de datos |
|
44 | +mysql -e 'CREATE DATABASE `mst_tld-site` DEFAULT CHARSET utf8;' |
|
45 | +mysql -e "CREATE USER '$user'@'localhost' IDENTIFIED BY '$password';" |
|
46 | +mysql -e "GRANT ALL PRIVILEGES ON \`mst_tld-site\`.* TO '$user'@'localhost';" |
howto/lemp/nginx
... | ... | @@ -0,0 +1,90 @@ |
1 | +# editar fastcgi_params |
|
2 | +cat << 'EOF' > /etc/nginx/fastcgi_params |
|
3 | +fastcgi_param CONTENT_LENGTH $content_length; |
|
4 | +fastcgi_param CONTENT_TYPE $content_type; |
|
5 | +fastcgi_param QUERY_STRING $query_string; |
|
6 | +fastcgi_param REQUEST_METHOD $request_method; |
|
7 | + |
|
8 | +fastcgi_param DOCUMENT_ROOT $document_root; |
|
9 | +fastcgi_param DOCUMENT_URI $document_uri; |
|
10 | +fastcgi_param HTTPS $https if_not_empty; |
|
11 | +fastcgi_param REQUEST_SCHEME $scheme; |
|
12 | +fastcgi_param REQUEST_URI $request_uri; |
|
13 | +fastcgi_param SCRIPT_FILENAME $request_filename; |
|
14 | +fastcgi_param SCRIPT_NAME $fastcgi_script_name; |
|
15 | +fastcgi_param SERVER_PROTOCOL $server_protocol; |
|
16 | + |
|
17 | +fastcgi_param GATEWAY_INTERFACE CGI/1.1; |
|
18 | +fastcgi_param SERVER_SOFTWARE nginx; |
|
19 | + |
|
20 | +fastcgi_param REMOTE_ADDR $remote_addr; |
|
21 | +fastcgi_param REMOTE_PORT $remote_port; |
|
22 | +fastcgi_param SERVER_ADDR $server_addr; |
|
23 | +fastcgi_param SERVER_NAME $server_name; |
|
24 | +fastcgi_param SERVER_PORT $server_port; |
|
25 | + |
|
26 | +# PHP only, required if PHP was built with --enable-force-cgi-redirect |
|
27 | +fastcgi_param REDIRECT_STATUS 200; |
|
28 | + |
|
29 | +EOF |
|
30 | + |
|
31 | +# activar configuración independiente de servidores |
|
32 | +cat << 'EOF' > /etc/nginx/conf.d/servers.conf |
|
33 | +include server.d/*.conf; |
|
34 | + |
|
35 | +EOF |
|
36 | + |
|
37 | +# crear directorios server.d e include.d |
|
38 | +mkdir /etc/nginx/{server,include}.d |
|
39 | + |
|
40 | +# crear configuración /include.d/php.conf |
|
41 | +cat << 'EOF' > /etc/nginx/include.d/php.conf |
|
42 | +index index.html index.htm index.php; |
|
43 | + |
|
44 | +location / { |
|
45 | + try_files $uri $uri/ =404; |
|
46 | +} |
|
47 | + |
|
48 | +location ~ \.php$ { |
|
49 | + include /etc/nginx/fastcgi_params; |
|
50 | + fastcgi_pass unix:/run/php-fpm/php-fpm.sock; |
|
51 | +} |
|
52 | + |
|
53 | +EOF |
|
54 | + |
|
55 | +# crear primera instancia de servidor |
|
56 | +cat << 'EOF' > /etc/nginx/server.d/misitio.tld.conf |
|
57 | +server { |
|
58 | + listen 80; |
|
59 | + server_name misitio.tld; |
|
60 | + root /srv/www/php/misitio.tld/default/public; |
|
61 | + |
|
62 | + include include.d/php.conf; |
|
63 | +} |
|
64 | + |
|
65 | +EOF |
|
66 | + |
|
67 | +# crear directorios contenedores del sitio |
|
68 | +mkdir -p /srv/www/php/misitio.tld/default/public |
|
69 | + |
|
70 | +# arreglar permisos |
|
71 | +chmod -R 2771 /srv/www/php |
|
72 | +chmod 2775 /srv/www/php/misitio.tld/default/public |
|
73 | +restorecon -Rv /srv/www |
|
74 | + |
|
75 | +# asignar grupo webdev a los directorios pertinentes |
|
76 | +chgrp -R webdev /srv/www/* |
|
77 | + |
|
78 | +# crear archivos de prueba |
|
79 | +cat << 'EOF' > /srv/www/php/misitio.tld/default/public/index.php |
|
80 | +bienvenid@ |
|
81 | + |
|
82 | +EOF |
|
83 | + |
|
84 | +## éste archivo es de uso exclusivo de prueba y debemos borrarlo inmediatamente después de usarlo |
|
85 | +cat << 'EOF' > /srv/www/php/misitio.tld/default/public/info.php |
|
86 | +<?php |
|
87 | + |
|
88 | +phpinfo(); |
|
89 | + |
|
90 | +EOF |
howto/lemp/php-fpm
... | ... | @@ -0,0 +1,7 @@ |
1 | +# configurar PHP-FPM para usar sockets |
|
2 | +sed -ri 's@^listen =.*$@listen = /run/php-fpm/php-fpm.sock@' /etc/php-fpm.d/www.conf |
|
3 | + |
|
4 | +# arreglar dueño, grupo y modo |
|
5 | +sed -ri 's@^;listen.owner =.*$@listen.owner = nginx@' /etc/php-fpm.d/www.conf |
|
6 | +sed -ri 's@^;listen.group =.*$@listen.group = nginx@' /etc/php-fpm.d/www.conf |
|
7 | +sed -ri 's@^;listen.mode =.*$@listen.mode = 660@' /etc/php-fpm.d/www.conf |
howto/lemp/prerrequisitos
... | ... | @@ -0,0 +1,12 @@ |
1 | +# instalar repositorio necesario |
|
2 | +yum -y install epel-release |
|
3 | + |
|
4 | +# instalar paquetes necesarios |
|
5 | +yum -y install nginx mariadb-server mariadb php-fpm php-mysql apg |
|
6 | + |
|
7 | + |
|
8 | +# activar servicios |
|
9 | +systemctl enable nginx.service mariadb.service php-fpm.service |
|
10 | + |
|
11 | +# iniciar servicios |
|
12 | +systemctl start nginx.service mariadb.service php-fpm.service |
howto/lemp/seguridad
... | ... | @@ -0,0 +1,4 @@ |
1 | +# abrir puertos de firewall para nginx |
|
2 | +firewall-cmd --set-default-zone=public |
|
3 | +firewall-cmd --permanent --add-port=80/tcp --add-port=443/tcp |
|
4 | +firewall-cmd --reload |
howto/lemp/servicios
... | ... | @@ -0,0 +1,2 @@ |
1 | +# reiniciar servicios |
|
2 | +systemctl restart nginx.service mariadb.service php-fpm.service |
servicios/cloudsigma.rst
... | ... | @@ -0,0 +1,91 @@ |
1 | +========== |
|
2 | +CloudSigma |
|
3 | +========== |
|
4 | +----------------------------------- |
|
5 | +Notas generales sobre este servicio |
|
6 | +----------------------------------- |
|
7 | + |
|
8 | +Descripción |
|
9 | +=========== |
|
10 | +Pendiente. |
|
11 | + |
|
12 | + |
|
13 | +Acceso |
|
14 | +====== |
|
15 | +Primero entrar a https://mia.cloudsigma.com/. |
|
16 | + |
|
17 | +Hacer login con usuario y contraseña |
|
18 | + |
|
19 | + |
|
20 | +Crear un servidor |
|
21 | +================= |
|
22 | +A continuación, se describe como instalar un servidor. |
|
23 | + |
|
24 | +Inicio |
|
25 | +------- |
|
26 | +* Dar click en "compute" en el menú lateral izquierdo. |
|
27 | +* Dar click en "create" en el menú superior. |
|
28 | + |
|
29 | +Properties |
|
30 | +---------- |
|
31 | + |
|
32 | +:: |
|
33 | + |
|
34 | + Name: siguiendo las características de lenguaje de un dominio agregar un nombre al servidor |
|
35 | + CPU type: seleccionar el adecuado de acuerdo al que se está suscrito |
|
36 | + CPU y RAM: seleccionar tamaño de acuerdo a lo necesario |
|
37 | + |
|
38 | +Drives |
|
39 | +------ |
|
40 | +* Dar click en "Attach Drive". |
|
41 | +* Dar click en "New Drive". |
|
42 | + |
|
43 | +:: |
|
44 | + |
|
45 | + Name: éste debe ser nuestro principal disco duro, darle nombre |
|
46 | + Device Type: Establecer el tipo de dispositivo que éste será |
|
47 | + Size: Elegir el tamaño que éste tendrá |
|
48 | + |
|
49 | +Para finalizarlo dar click en "Create and attach drive" en el menú superior |
|
50 | + |
|
51 | +* Para el disco de instalación, crear otro dispositivo. |
|
52 | + |
|
53 | +:: |
|
54 | + |
|
55 | + Type: CD-ROM |
|
56 | + Browse: <disco de instalación> |
|
57 | + |
|
58 | +Advanced |
|
59 | +-------- |
|
60 | + |
|
61 | +:: |
|
62 | + |
|
63 | + Processor distribution: Multi-CPU |
|
64 | + Procession units to be simulated: <máximo número de procedores> |
|
65 | + Enable NUMA: activado |
|
66 | + |
|
67 | +Para terminar dar click en el botón "Save" ubicado en la parte inferior derecha. |
|
68 | + |
|
69 | + |
|
70 | +Finalizar |
|
71 | +========= |
|
72 | +Una vez terminada la configuración dar click en el ícono verde de guardar en el menú superior. |
|
73 | + |
|
74 | + |
|
75 | +Correr un servidor |
|
76 | +================== |
|
77 | +A continuación, el procedimiento necesario para correr un servidor |
|
78 | + |
|
79 | +Inicio |
|
80 | +------ |
|
81 | +1. Dar click en el botón "Compute" en el menú lateral izquierdo |
|
82 | +2. Dar click en el servidor que querramos correr. |
|
83 | +#. Dar click en el botón de iniciar en el menú superior. |
|
84 | +#. Activar el VNC Tunnel. |
|
85 | +#. Abrir el visor de escritorios remotos y ecribir el link proporcionado en la página. |
|
86 | + |
|
87 | +.. note:: Para entrar a ésta aplicación presionar la tecla **súper** y escribir **VNC**. |
|
88 | + |
|
89 | + |
|
90 | +Referencias |
|
91 | +=========== |