I needed to run LSI MegaRaid Storage Manager (vivaldiframework) for my LSI 9260-8i SAS card in my Ubuntu Desktop. Ubuntu is based on Debian so this may also work to get LSI MegaRaid Storage Manager on Debian as well, but I have not yet tried it yet. It took some work but I go it to install so I thought I would tell you how I did it. It is assumed that in the following, when editing a file you are doing it with superuser rights such as opening the files from the comand prompt with "sudo nano /path/to/file/file" or "sudo vi /path/to/file/file"
I found that you need to have a GUI installed (though the install can be done completely by ssh.
root account:
If the root account has not been enabled, it will need to be enabled and have a pasword set
sudo passwd root
sudo passwd -u root
Install prerequisites:
sudo apt-get install alien libstdc++5 rcconf
You also need to install at least Java 7, I am using Java8. I followed the procedure found at: http://www.ubuntugeek.com/how-to-install-oracle-java-7-in-ubuntu-12-04.html and just changed java7 in the command line to java8
You need to download the Linux build from LSI (http://www.lsi.com/support/pages/download-results.aspx?component=Storage+Component&productfamily=RAID+Controllers&productcode=P00066&assettype=Management+Software+and+Tools&productname=MegaRAID+SAS+9260-8i). I initially tried the latest but had some problems with it. It could very well have been a fluk but I just went back to the 13.11.01.00 version that worked just fine.
class="hljs shell">deb http://mirrors.aliyun.com/debian/ buster main non-free contrib
deb-data-original http://mirrors.aliyun.com/debian/ buster main non-free contrib
deb http://mirrors.aliyun.com/debian-security buster/updates main
deb-data-original http://mirrors.aliyun.com/debian-security buster/updates main
deb http://mirrors.aliyun.com/debian/ buster-updates main non-free contrib
deb-data-original http://mirrors.aliyun.com/debian/ buster-updates main non-free contrib
deb http://mirrors.aliyun.com/debian/ buster-backports main non-free contrib
deb-data-original http://mirrors.aliyun.com/debian/ buster-backports main non-free contrib
对于KVM虚拟机,可以直接在创建虚拟机的时候勾上NAT,这时候就会自动为虚拟机分配一个虚拟的子网并且虚拟机可以通过nat连接到外部网络,基本上是开箱即用。同时也支持端口映射,具体可参考官方wiki下的QEMU port redirection。但之前在使用的过程中,发现这个端口映射并不是很稳定。同时虽然这种方法很简单,但是虚拟机之间是隔离的,无法互通数据,这样就非常不灵活。
同时,LXC虚拟机是没有这种开箱即用的NAT的。
前段时间网易蜂巢曾经推出蜂巢 Logo T恤,用的正是 Docker 镜像制作,最神奇的是,它最终的镜像大小只有 585字节。
class="prettyprint">class="pln">$ docker images class="pun">|class="pln"> grep hubclass="pun">.class="pln">cclass="pun">.class="lit">163.comclass="pun">/class="kwd">publicclass="pun">/class="pln">logo
REPOSITORY TAG IMAGE ID CREATED SIZE
hubclass="pun">.class="pln">cclass="pun">.class="lit">163.comclass="pun">/class="kwd">publicclass="pun">/class="pln">logo latest class="lit">6fbdd13cd204class="pln"> class="lit">11class="pln"> days ago class="lit">585class="pln"> B
这其中就用到了不少精简镜像的技术,尤其是针对 C 程序的优化和精简。但我们平常开发肯定不止用 C 语言,甚至有些镜像都不是我们自己来打包的(比如下载公共镜像),那是否有一些通用的精简 Docker 镜像的手段呢? 答案是肯定的 ,甚至有的镜像可以精简 98%。精简镜像大小的好处不言而喻,既节省了存储空间,又能节省带宽,加快传输。那好,接下来就请跟随我来学习怎么一步步精简 Docker 镜像吧。
class="prettyprint">class="pln">FROM busybox
RUN mkdir class="pun">/class="pln">tmpclass="pun">/class="pln">foo
RUN dd class="kwd">ifclass="pun">=class="str">/dev/class="pln">zero ofclass="pun">=class="str">/tmp/class="pln">fooclass="pun">/class="pln">bar bsclass="pun">=class="lit">1048576class="pln"> countclass="pun">=class="lit">100class="pln">
RUN rm class="pun">/class="pln">tmpclass="pun">/class="pln">fooclass="pun">/class="pln">bar
class="prettyprint">class="pln">FROM ubuntuclass="pun">:class="pln">trusty
ENV VER class="lit">3.0class="pun">.class="lit">0class="pln">
ENV TARBALL httpclass="pun">:class="com">//download.redis.io/releases/redis-$VER.tar.gzclass="com"># ==> Install curl and helper tools...class="pln">
RUN aptclass="pun">-class="kwd">getclass="pln"> update
RUN aptclass="pun">-class="kwd">getclass="pln"> install class="pun">-class="pln">y curl make gcc
class="com"># ==> Download, compile, and install...class="pln">
RUN curl class="pun">-class="pln">L $TARBALL class="pun">|class="pln"> tar zxv
WORKDIR redisclass="pun">-class="pln">$VER
RUN make
RUN make install
class="com">#...class="com"># ==> Clean up...class="pln">
WORKDIR class="pun">/class="pln">
RUN aptclass="pun">-class="kwd">getclass="pln"> remove class="pun">-class="pln">y class="pun">--class="kwd">autoclass="pun">-class="pln">remove curl make gcc
RUN aptclass="pun">-class="kwd">getclass="pln"> clean
RUN rm class="pun">-class="pln">rf class="pun">/class="kwd">varclass="pun">/class="pln">libclass="pun">/class="pln">aptclass="pun">/class="pln">listsclass="com">/* /redis-$VER
#...
CMD ["redis-server"]
class="tag_link" title="View all posts in Let's Encrypt" href="http://www.laozuo.org/tag/lets-encrypt" target="_blank">Let's Encrypt作为一个公共且免费SSL的项目逐渐被广大用户传播和使用,是由Mozilla、Cisco、Akamai、IdenTrust、EFF等组织人员发起,主要的目的也是为了推进网站从HTTP向HTTPS过度的进程,目前已经有越来越多的商家加入和赞助支持。
class="tag_link" title="View all posts in Let's Encrypt免费SSL" href="http://www.laozuo.org/tag/lets-encrypt%e5%85%8d%e8%b4%b9ssl" target="_blank">Let's Encrypt免费SSL证书的出现,也会对传统提供付费SSL证书服务的商家有不小的打击。到目前为止,Let's Encrypt获得IdenTrust交叉签名,这就是说可以应用且支持包括FireFox、Chrome在内的主流浏览器的兼容和支持,虽然目前是公测阶段,但是也有不少的用户在自有网站项目中正式使用起来。
在今年黑色星期五的时候,Namecheap各种促销活动中也包括年费0.88美元的SSL证书,当时老左也有购买了2个备用学习和适当的放到一些网站中看看效果(据说英文网站谷歌会很喜欢),当时冷雨同学就建议到时候直接使用class="tag_link" title="View all posts in Let's Encrypt免费SSL" href="http://www.laozuo.org/tag/lets-encrypt%e5%85%8d%e8%b4%b9ssl" target="_blank">Let's Encrypt免费SSL,毕竟有很多大公司支持的,比一些小公司提供的免费SSL证书靠谱很多。
这里我们可以看到有"The server could not connect to the client to verify the domain"的错误提示信息,包括也有其他提示错误,"The server experienced an internal error :: Error creating new registration"我们在邮局的时候不要用国内免费邮局。所以,如果我们是海外域名就直接先用域名自带的DNS。
最近把我的OVH独服重装了下,打算用Proxmox开点VM来用,省得一直吃灰(雾,安装很简单,毕竟是OVH提供的模板,但是,这玩意每次登陆都会有个蛋疼的提示(You do not have a valid subscription for this server. Please visit www.class="st_tag internal_tag" title="Posts tagged with proxmox" href="http://www.senra.me/tag/proxmox/" rel="tag">proxmox.com to get a list of available options.),而且找了半天没找到有关的地方,然后去官网看了下订阅的价格,呵呵呵,我还是自己想办法吧……
class="st_tag internal_tag" title="Posts tagged with proxmox" href="http://www.senra.me/tag/proxmox/" rel="tag">Proxmox VE 4将3代的OpenVZ支持去除换成了LXC,算是跟随趋势吧,但是LXC和OpenVZ还是有挺多不同的,在权限上更是如此,而网上最多的还是OVZ相关的教程,LXC的是真的少,不过一直以来没需求,所以没怎么折腾,最近在搞内网,所以为了用Tunnel还是得把TUN/TAP支持打开。
二.怎么办
首先当然是谷歌咯,关键词选得好马上出结果,proxmox官方论坛讨论贴 https://forum.class="st_tag internal_tag" title="Posts tagged with proxmox" href="http://www.senra.me/tag/proxmox/" rel="tag">proxmox.com/threads/class="st_tag internal_tag" title="Posts tagged with tun" href="http://www.senra.me/tag/tun/" rel="tag">tun-devices-in-ve-4-class="st_tag internal_tag" title="Posts tagged with lxc" href="http://www.senra.me/tag/lxc/" rel="tag">lxc.23473
总结一下
①.如果需要对所有(之后创建的)LXC容器全部开启tun/class="st_tag internal_tag" title="Posts tagged with tap" href="http://www.senra.me/tag/tap/" rel="tag">tap
那么需要修改/etc/class="st_tag internal_tag" title="Posts tagged with lxc" href="http://www.senra.me/tag/lxc/" rel="tag">lxc/default.conf,添加lxc.cgroup.devices.allow = c 10:200 rwm
当然,也可以创建/usr/share/class="st_tag internal_tag" title="Posts tagged with lxc" href="http://www.senra.me/tag/lxc/" rel="tag">lxc/config/common.conf.d/02-tuntap.conf 这样的配置文件来取得同样的效果
②.而如果只要对指定容器有效,则需要修改/etc/pve/class="st_tag internal_tag" title="Posts tagged with lxc" href="http://www.senra.me/tag/lxc/" rel="tag">lxc/[ID].conf , [ID]为你的容器编号