plus de caches
This commit is contained in:
7
files/snster-kaz/kaz/prod/customKaz.sh.dist
Normal file
7
files/snster-kaz/kaz/prod/customKaz.sh.dist
Normal file
@ -0,0 +1,7 @@
|
||||
#!/bin/bash
|
||||
|
||||
# Upstream registry
|
||||
cat > /etc/docker/daemon.json <<EOF
|
||||
{ "storage-driver": "btrfs",
|
||||
"registry-mirrors": ["http://192.168.0.121:5000"] }
|
||||
EOF
|
@ -47,25 +47,6 @@ fi
|
||||
# On met le GUARD pour la mise au point
|
||||
echo "export SNSTERGUARD='true'" >> /root/.bashrc
|
||||
|
||||
# On active fuse-overlayfs pour docker
|
||||
cat >> /etc/docker/daemon.json <<EOF
|
||||
{ "storage-driver": "btrfs" }
|
||||
EOF
|
||||
service docker restart
|
||||
|
||||
#mknod -m 666 /dev/fuse c 10 229
|
||||
#echo -e '#!/bin/sh\nmknod -m 666 /dev/fuse c 10 229' >> /etc/rc.local
|
||||
#chmod +x /etc/rc.local
|
||||
|
||||
# lxc.cgroup2.devices.allow = b 7:* rwm
|
||||
# lxc.cgroup2.devices.allow = c 10:237 rwm
|
||||
#
|
||||
# mknod -m 666 /dev/loop0 b 7 0
|
||||
# mknod -m 666 /dev/loop-control c 10 237
|
||||
# truncate -s 30G /root/varlibdocker.img
|
||||
# mkfs.btrfs /root/varlibdocker.img
|
||||
# losetup -f /root/varlibdocker.img
|
||||
# mount /dev/loop0 /var/lib/docker
|
||||
|
||||
# On place les certifs
|
||||
if [ -d letsencrypt ]; then
|
||||
@ -101,6 +82,32 @@ echo "http_proxy=\"http://$proxy:3142\"
|
||||
https_proxy=\"http://$proxy:3142\"
|
||||
" >> /etc/default/docker
|
||||
|
||||
# On active btrfs+proxy pour docker
|
||||
cat >> /etc/docker/daemon.json <<EOF
|
||||
{ "storage-driver": "btrfs",
|
||||
"registry-mirrors": ["http://$proxy:5000"] }
|
||||
EOF
|
||||
service docker restart
|
||||
|
||||
# clear apt cache
|
||||
DEBIAN_FRONTEND=noninteractive apt-get autoremove -y
|
||||
DEBIAN_FRONTEND=noninteractive apt-get clean
|
||||
|
||||
if [ -f "${DIR}/customKaz.sh" ]; then
|
||||
bash "${DIR}/customKaz.sh"
|
||||
fi
|
||||
|
||||
# notes fuse-overlayfs :
|
||||
#mknod -m 666 /dev/fuse c 10 229
|
||||
#echo -e '#!/bin/sh\nmknod -m 666 /dev/fuse c 10 229' >> /etc/rc.local
|
||||
#chmod +x /etc/rc.local
|
||||
|
||||
# lxc.cgroup2.devices.allow = b 7:* rwm
|
||||
# lxc.cgroup2.devices.allow = c 10:237 rwm
|
||||
#
|
||||
# mknod -m 666 /dev/loop0 b 7 0
|
||||
# mknod -m 666 /dev/loop-control c 10 237
|
||||
# truncate -s 30G /root/varlibdocker.img
|
||||
# mkfs.btrfs /root/varlibdocker.img
|
||||
# losetup -f /root/varlibdocker.img
|
||||
# mount /dev/loop0 /var/lib/docker
|
||||
|
@ -45,7 +45,7 @@ http_port 3142" >> /etc/squid/squid.conf
|
||||
# MAJ et Install
|
||||
DEBIAN_FRONTEND=noninteractive apt-get -y upgrade
|
||||
DEBIAN_FRONTEND=noninteractive apt-get -y dist-upgrade
|
||||
DEBIAN_FRONTEND=noninteractive apt-get install -y apg curl git sudo unzip rsync firefox-esr tcpdump net-tools mousepad wireshark swapspace whois python3-lxc lxc python3-pygraphviz python3-pil python3-yaml imagemagick btrfs-progs # could be with --no-install-recommends
|
||||
DEBIAN_FRONTEND=noninteractive apt-get install -y apg curl git sudo unzip rsync firefox-esr tcpdump net-tools mousepad wireshark swapspace whois python3-lxc lxc python3-pygraphviz python3-pil python3-yaml imagemagick btrfs-progs docker-registry # could be with --no-install-recommends
|
||||
DEBIAN_FRONTEND=noninteractive apt-get install -y xfce4 lightdm xfce4-terminal xserver-xorg gitk # needs to install recommends
|
||||
|
||||
ssh-keygen -t rsa -b 4096 -N '' <<<$'\ny'
|
||||
@ -155,6 +155,14 @@ EOF
|
||||
ln -s ../../local/_wildcard.kaz.sns-key.pem /etc/letsencrypt/live/kaz.sns/privkey.pem
|
||||
fi
|
||||
|
||||
# Cache docker registry
|
||||
echo "proxy:
|
||||
remoteurl: https://registry-1.docker.io
|
||||
auth:
|
||||
none:
|
||||
" >> /etc/docker/registry/config.yml
|
||||
|
||||
|
||||
# clear apt cache
|
||||
DEBIAN_FRONTEND=noninteractive apt-get autoremove -y
|
||||
DEBIAN_FRONTEND=noninteractive apt-get clean
|
||||
@ -212,3 +220,11 @@ reboot
|
||||
# KAZPROD="snster -c /root/snster-kaz -t /root/templates attach kaz-prod -x"
|
||||
# ${KAZPROD} "docker cp /etc/letsencrypt/local/rootCA.pem sympaServ:/usr/local/share/ca-certificates/rootCA.crt"
|
||||
# ${KAZPROD} "docker exec -it sympaServ update-ca-certificates"
|
||||
|
||||
# Interception https avec squid-openssl (nok pour dockerhub) :
|
||||
# http_port 3142 tcpkeepalive=60,30,3 ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=20MB tls-cert=/etc/letsencrypt/local/rootCA.pem tls-key=/etc/letsencrypt/local/rootCA-key.pem tls-dh=prime256v1:/etc/letsencrypt/local/dhparam.pem
|
||||
# sslcrtd_program /usr/lib/squid/security_file_certgen -s /var/lib/ssl_db -M 4MB
|
||||
# sslcrtd_children 5
|
||||
# ssl_bump server-first all
|
||||
# ssl_bump stare all
|
||||
# sslproxy_cert_error deny all
|
||||
|
Reference in New Issue
Block a user