一、通过Multipass创建虚拟机 1.创建虚拟机 multipass launch -n ubuntu -d 20G -m 4G -c 4 18.04 2.挂载文件 multipass mount ~/Projects/baas ubuntu:/home/ubuntu/baas 3.调整磁盘空间(可选) sudo /Applications/Docker.app/Contents/MacOS/qcow-tool resize --size=$(( 12 * 1024 * 1024 * 1024 )) "/var/root/Library/Application Support/multipassd/vault/instances/suited-emu/ubuntu-20.04-server-cloudimg-amd64.img" 二、安装Master 1.安装docker docker-compose make nfs-common sudo apt update && sudo apt upgrade -y && sudo apt install -y make nfs-common reboot 2.配置master make setup-master && newgrp docker 3.拷贝master镜像,make文件 docker load -i master.tar 4.配置SSO 5.启动master make start 三、安装Worker 1.安装docker docker-compose make nfs-common sudo apt update && sudo apt upgrade -y && sudo apt install -y make nfs-common reboot 2.配置worker make setup-worker && newgrp docker 3.拷贝worker镜像,make文件 docker load -i worker.tar 4.配置docker daemon (其它方式)*docker run -d -v /var/run/docker.sock:/var/run/docker.sock -p 0.0.0.0:2375:2375 bobrik/socat TCP-LISTEN:2375,fork UNIX-CONNECT:/var/run/docker.sock Edit systemd service config file `/lib/systemd/system/docker.service`, update the `ExecStart` line under section `[Service]`, as the following: [Service] ExecStart=/usr/bin/dockerd -H fd:// -H unix:///var/run/docker.sock -H tcp://0.0.0.0:2375 --default-ulimit=nofile=8192:16384 --default-ulimit=nproc=8192:16384 Regenerate the docker service script and restart the docker engine: sudo systemctl daemon-reload && sudo systemctl restart docker.service At last, run the follow test at Master node and get OK response, to make sure it can access the Worker node successfully. [Master] $ docker -H Worker_Node_IP:2375 info 5.check iptables 四、生产环境配置 ## `/etc/sysctl.conf` ```bash # Don't ask why, this is a solid answer. vm.swappiness=10 fs.file-max = 2000000 kernel.threads-max = 2091845 kernel.pty.max = 210000 kernel.keys.root_maxkeys = 20000 kernel.keys.maxkeys = 20000 net.ipv4.ip_local_port_range = 30000 65535 net.ipv4.tcp_tw_reuse = 0 net.ipv4.tcp_max_tw_buckets = 5000 net.ipv4.tcp_fin_timeout = 30 net.ipv4.tcp_max_syn_backlog = 8192 ``` Then, need to run `sysctl -p` for enabling. ## `/etc/security/limits.conf` ```bash * hard nofile 1048576 * soft nofile 1048576 * soft nproc 10485760 * hard nproc 10485760 * soft stack 32768 * hard stack 32768 ``` ## Other Configurations * Use the code from `release` branch. * Configuration: Set all parameters to production, including image, compose, and application. * Security: Use firewall to filter traffic, enable TLS and authentication. * Backup: Enable automatic data backup. * Monitoring: Enable monitoring services.out and login, then check with `ulimit -n`. 五、make文件 docker-compose.yml env.tmpl Makefile scripts文件夹 .makerc文件夹 src/agent/docker/_compose_files文件夹 六、docker镜像 master: docker save hyperledger/cello-user-dashboard:latest hyperledger/cello-operator-dashboard:latest itsthenetwork/nfs-server-alpine:9 mongo:3.4.10 -o docker-images/master.tar worker: docker save couchdb:2.3.1 hyperledger/fabric-orderer:1.4 hyperledger/fabric-peer:1.4 hyperledger/fabric-ccenv:1.4 hyperledger/fabric-ca:1.4 hyperledger/fabric-baseimage:amd64-0.4.22 -o docker-images/worker.tar