Ubuntu/Debian开发板系统初始化配置最佳实践
用途说明
目的
充分利用小型开发板的算力,实现个人服务器
配置包括Jekins、Git、Github WebHook、内网穿透
适用系统、硬件
debian10及更高版本(lsb_release -a 或 cat /etc/redhat-release、uname -a)
文章所使用硬件:Tinker Board 2s
操作速览
- 基础配置篇
- 开启SSH服务并设置开机自启动
- 修改密码
- (推荐)关闭图形化界面、禁用自动休眠
- 挂载硬盘最佳实践
- 自动上报局域网IP
- 系统重装与备份
- 持续集成篇
- 安装Docker与(可选)图形化管理界面Portainer
- Jekins最佳实践
- (可选)搭建自己的gitlab代码库
- NAS篇
- 内网穿透最佳实践
- 进阶篇
- 安装Kubernetes
- 安装k3s(开发板或单节点云服务器推荐)
1. 基础配置篇
1.1 开启SSH服务并设置开机自启动
Debian从8.0开始,默认关闭了SSH
1、修改sshd_config文件,命令为:nano /etc/ssh/sshd_config
2、将#PasswordAuthentication no的注释去掉,并且将NO修改为YES
3、将#PermitRootLogin yes的注释去掉,允许Root账号登录
4、启动SSH服务,命令为:/etc/init.d/ssh start 或者service ssh start
5、验证SSH服务状态,命令为:/etc/init.d/ssh status
- 添加开机自启动,推荐使用systemd,参考阮一峰的文章
可能出现的问题:https://blog.csdn.net/Peter_JJH/article/details/108446380
1.2 修改密码
Tinker Board 2s默认的初始账号密码是账号:linaro 密码:linaro
修改root密码sudo passwd root
输入新密码
修改linaro密码sudo passwd linaro
1.3 (可选)关闭图形化界面、禁用自动休眠
目的:降低功耗,服务器无需图形化界面
关闭图形化界面:systemctl set-default multi-user.target
切换回图形化界面 sudo systemctl set-default graphical.target
检查当前的target unit,确认已关闭 systemctl get-default
重启机器:sudo systemctl reboot
systemctl status sleep.target
systemctl mask sleep.target suspend.target hibernate.target hybrid-sleep.target
systemctl status sleep.target
1.4 挂载硬盘
挂载硬盘与永久挂载
目的:挂载硬盘后可将重要数据都放置到硬盘中,开发板需要系统升级时,硬盘数据不受影响。
1.4.1 错误示例/etc/fstab
挂载硬盘:
查看硬盘信息 fdisk -l
(可选)分区操作 fdisk /dev/sdb1
挂载硬盘到/mnt目录 mkfs -t ext4 /dev/sdb1
查看硬盘信息 mkfs -t ext4 /dev/sdb1
永久挂载代表机器重启后仍能自动挂载到系统
Debian 使用 UUID 来实现硬盘自动挂载。
- 通过 blkid 查找所有硬盘的 UUID:
sudo blkid
可以看到挂载的硬盘 /dev/sdb1 的 UUID 为:ad5f412a-0a0c-42af-afd3-eecec6fd96d2 ,TYPE 为:ext4 。 添加自动挂载点sudo vim /etc/fstab
在最后一行添加:UUID=ad5f412a-0a0c-42af-afd3-eecec6fd96d2 /mnt ext4 defaults 0 0执行挂载sudo mount -a
查看挂载点:df -h
这时,sudo reboot 重启后挂载点依然存在。
为什么它是一个错误示例
-
当你的硬盘出现问题时,或者硬盘uuid填写出错时,你的开发板在重启时无法挂载该硬盘,导致系统无法启动;
-
而开发板不像是家用计算机,有bootloader界面可以进入急救模式。
也就是说,一旦磁盘出现问题,开发板系统将无法进入,必须重装系统!重装系统!重装系统!
1.4.2 最佳实践
写入/etc/fstab的方式风险过高,有没有一种方式,哪怕挂载失败了,系统也能正常启动?当然我们不可能每次手动执行挂载命令。
我们可以写一个开机启动的服务,执行一个脚本即可
touch /usr/bin/initmount.sh
#!/bin/bash
sleep 2s && mount /dev/sda2 /mnt/docker && \
mount /dev/sda3 /mnt/fs && \
mount /dev/sda1 /home
创建service,执行touch /etc/systemd/system/mountdisk.service , 编辑内容
[Unit]
Description=Service mount disk
Requires=local-fs.target
[Service]
Type=simple
ExecStart=/usr/bin/initmount.sh
[Install]
WantedBy=multi-user.target
执行
systemctl enable mountdisk
更进一步,如果你的磁盘分区会用于存储docker的镜像,需执行vim /lib/systemd/system/docker.service,保证先执行磁盘挂载脚本再启动docker。添加后示意:
# 仅docker.Unit的部分内容
[Unit]
Description=Docker Application Container Engine
Documentation=https://docs.docker.com
After=network-online.target docker.socket firewalld.service containerd.service time-set.target mountdisk.service
Wants=network-online.target containerd.service
Requires=mountdisk.service docker.socket
1.5 自动上报局域网IP
推荐加入到/usr/bin/initmount.sh脚本中,随系统启动。
由于本人有购买云服务器,后续将利用该服务器实现frp内网穿透,因此在这里采用了scp ip信息到了云服务器,实现ip上报
apt-get install -y sshpass
#!/bin/bash
ifconfig>/tmp/ip.tmp
# root@公网IP地址
ip=116.205.71.2
# 机器密码
pass=mabaoguo
sshpass -p $pass ssh -o StrictHostKeyChecking=no root@$ip 'rm -f /tmp/ip.tmp'
sshpass -p $pass scp /tmp/ip.tmp root@$ip:/tmp
mount /dev/sda1 /mnt/docker && mount /dev/sda2 /mnt/fs
1.6 系统重装与备份
重装后无论是ssh配置或挂载都消失了,最佳方式为记录一个脚本,每次重装后执行脚本将之前做过的操作都重来一遍
todo
2. 持续集成篇
2.1 安装Docker与(可选)图形化管理界面Portainer
安装docker
参考《菜鸟教程》
curl -fsSL https://get.docker.com -o get-docker.sh
sudo sh get-docker.sh
不推荐安装图形化管理界面Portainer
安装docker就够了,安装图形化失去了docker容器可以一键执行的简便,只剩下可视化的用途了。笔者在使用Portainer后最终放弃了,如果有可视化docker运行状态的需求,可以安装Portainer试试,但不要拿它来启动容器,因为那么多的参数要填写,如果不懂参数的用途,Portainer里是不知道怎么配置的。
2.2 Jekins最佳实践
https://juejin.cn/post/6991303151051603999
docker run -u root --rm -d -p 8181:8080 -p 50000:50000 -v jenkins-data:/var/jenkins_home -v /var/lib/jenkins/secrets:/var/lib/jenkins/secrets -v /var/run/docker.sock:/var/run/docker.sock jenkinsci/blueocean:1.25.7-bcc31d32159f
查看初始密码cat /var/lib/jenkins/secrets/initialAdminPassword
3. NAS篇
3.1 内网穿透最佳实践
3.2 配置QBitTorrent
- 开发板上使用docker安装QBitTorrent服务
- 手机安装客户端
一键执行脚本
sed -i '0,/PasswordAuthentication/ s/PasswordAuthentication.*/PasswordAuthentication yes/' /etc/ssh/sshd_config
sed -i '0,/PasswordAuthentication/ s/PasswordAuthentication.*/PasswordAuthentication yes/' /etc/ssh/sshd_config
sed -i '0,/PermitRootLogin/ s/PermitRootLogin.*/PermitRootLogin yes/' /etc/ssh/sshd_config
systemctl enable ssh
mkdir /mnt/docker && mkdir /mnt/fs
cat << EOF > /usr/bin/initmount.sh
#!/bin/bash
sleep 2s && mount /dev/sda2 /mnt/docker && \
mount /dev/sda3 /mnt/fs && \
mount /dev/sda1 /home
EOF
chmod +x /usr/bin/initmount.sh
cat<<EOF>/etc/systemd/system/mountdisk.service
[Unit]
Description=Service mount disk
Requires=local-fs.target
[Service]
Type=simple
ExecStart=/usr/bin/initmount.sh
[Install]
WantedBy=multi-user.target
EOF
systemctl enable mountdisk
systemctl start mountdisk
cp /etc/apt/sources.list /etc/apt/sources.listbak
cat << EOF> /etc/apt/sources.list
# 默认注释了源码镜像以提高 apt update 速度,如有需要可自行取消注释
deb https://mirrors.tuna.tsinghua.edu.cn/debian/ bullseye main contrib non-free
# deb-src https://mirrors.tuna.tsinghua.edu.cn/debian/ bullseye main contrib non-free
deb https://mirrors.tuna.tsinghua.edu.cn/debian/ bullseye-updates main contrib non-free
# deb-src https://mirrors.tuna.tsinghua.edu.cn/debian/ bullseye-updates main contrib non-free
deb https://mirrors.tuna.tsinghua.edu.cn/debian/ bullseye-backports main contrib non-free
# deb-src https://mirrors.tuna.tsinghua.edu.cn/debian/ bullseye-backports main contrib non-free
# deb https://mirrors.tuna.tsinghua.edu.cn/debian-security bullseye-security main contrib non-free
# # deb-src https://mirrors.tuna.tsinghua.edu.cn/debian-security bullseye-security main contrib non-free
deb https://security.debian.org/debian-security bullseye-security main contrib non-free
# deb-src https://security.debian.org/debian-security bullseye-security main contrib non-free
EOF
apt-get update -y
systemctl status sleep.target
systemctl mask sleep.target suspend.target hibernate.target hybrid-sleep.target
systemctl status sleep.target
systemctl get-default
systemctl set-default multi-user.target
systemctl get-default
echo "create docker"
curl -fsSL https://get.docker.com -o get-docker.sh
bash get-docker.sh
cat << EOF > /etc/docker/daemon.json
{
"registry-mirrors":["https://reg-mirror.qiniu.com/"],
"data-root": "/mnt/docker/data-root"
}
EOF
systemctl daemon-reload
systemctl restart docker
# zerotier
curl -s https://install.zerotier.com | sudo bash
#sudo zerotier-cli join 8bd5124fd6b27e9e
sudo zerotier-cli join 8bd5124fd6b27e9f
sudo reboot
debian10
sudo timedatectl set-timezone Asia/Shanghai
sed -i '0,/Port/ s/#Port.*/Port 8022/' /etc/ssh/sshd_config
sed -i '0,/#PasswordAuthentication/ s/#PasswordAuthentication.*/PasswordAuthentication yes/' /etc/ssh/sshd_config
sed -i '0,/PermitRootLogin/ s/#PermitRootLogin.*/PermitRootLogin yes/' /etc/ssh/sshd_config
systemctl enable ssh
mkdir /mnt/docker && mkdir /mnt/fs
cat << EOF > /usr/bin/initmount.sh
#!/bin/bash
if ! mountpoint -q /mnt/fs; then
mount /dev/sda3 /mnt/fs
else
echo "/mnt/fs is already mounted."
fi
if ! mountpoint -q /mnt/docker; then
mount /dev/sda2 /mnt/docker
else
echo "/mnt/docker is already mounted."
fi
if ! mountpoint -q /home; then
mount /dev/sda1 /home
else
echo "/home is already mounted."
fi
EOF
chmod +x /usr/bin/initmount.sh
cat<<EOF>/etc/systemd/system/mountdisk.service
[Unit]
Description=Service mount disk
Requires=local-fs.target
[Service]
Type=oneshot
ExecStart=/usr/bin/initmount.sh
[Install]
WantedBy=multi-user.target
EOF
systemctl enable mountdisk
systemctl start mountdisk
cp /etc/apt/sources.list /etc/apt/sources.listbak
cat << EOF> /etc/apt/sources.list
# 默认注释了源码镜像以提高 apt update 速度,如有需要可自行取消注释
deb http://mirrors.tuna.tsinghua.edu.cn/debian/ buster main contrib non-free
deb-src http://mirrors.tuna.tsinghua.edu.cn/debian/ buster main contrib non-free
deb http://mirrors.tuna.tsinghua.edu.cn/debian/ buster-updates main contrib non-free
deb-src http://mirrors.tuna.tsinghua.edu.cn/debian/ buster-updates main contrib non-free
deb http://mirrors.tuna.tsinghua.edu.cn/debian/ buster-backports main contrib non-free
deb-src http://mirrors.tuna.tsinghua.edu.cn/debian/ buster-backports main contrib non-free
deb http://mirrors.tuna.tsinghua.edu.cn/debian-security buster/updates main contrib non-free
deb-src http://mirrors.tuna.tsinghua.edu.cn/debian-security buster/updates main contrib non-free
# deb http://security.debian.org/debian-security buster/updates main contrib non-free
# deb-src http://security.debian.org/debian-security buster/updates main contrib non-free
EOF
apt-get update -y
systemctl status sleep.target
systemctl mask sleep.target suspend.target hibernate.target hybrid-sleep.target
systemctl status sleep.target
systemctl get-default
systemctl set-default multi-user.target
systemctl get-default
echo "create docker"
apt install fuse-overlayfs -y
curl -fsSL https://get.docker.com -o get-docker.sh
bash get-docker.sh
cat << EOF > /etc/docker/daemon.json
{
"registry-mirrors":["https://reg-mirror.qiniu.com/"],
"data-root": "/mnt/docker/data-root"
}
EOF
systemctl daemon-reload
systemctl restart docker
# zerotier
curl -s https://install.zerotier.com | sudo bash
sudo zerotier-cli join 8bd5124fd6b27e9e
reboot
tinker-config可以编辑系统配置,包括远程VNC、SSH、账号密码
浙公网安备 33010602011771号