To deploy and start FineOps, you need to log in to the server terminal using a server user account and upload, decompress, and run the FineKey tool.
You need to provide the server username and password when deploying O&M projects.
To perform related operations, you must ensure that the privilege of the server user you use meets the requirements.
You are advised to use the server user root, whose user ID is 0, to deploy the FineOps and O&M projects.
Ensure the user can connect to the FineOps server via the SSH protocol. Ensure the password used for SSH connection contains no English single quotation marks, or the privilege will fail to be validated during deployment.
Ensure the user you use can connect to the FineOps server via the SSH protocol.
Ensure the password used for SSH connection contains no English single quotation marks, or the privilege will fail to be validated during deployment.
If you use a non-root user for project deployment and operation, ensure this user has at least the privileges for the following commands.
Command Description: It is used to create directories.
Application Scenario:
1. Create a temporary Docker installation directory in the user's home directory to store Docker and installation files of related components.
2. Create a permanent Docker installation directory in System directory/usr/bin to store executables of Docker and related components.
3. Create data and component directories for FineOps and projects in the specified project mounting directory to store data and configuration files of the Docker container.
Example:
Command Example:
mkdir -p -m 750 /home/fanruan/data
Description: Creates a project mounting path /home/fanruan/data and sets the privilege to 750.
Command Description:
It is used to change the ownership of a file or directory.
1. Change ownership of the temporary Docker installation directory to ensure proper privileges during installation.
2. Change ownership of the permanent Docker installation directory to ensure the system's and the user's access to executables.
3. Change ownership of data and component directories of FineOps and projects to ensure the Docker container's access to data and configuration files.
chown -R fanruan:fanruan /home/fanruan/data
Description: Recursively changes the ownership of the /home/fanruan/data path and all directories and files in it to the user fanruan and the group fanruan.
Command Description: It is used to create user groups.
Application Scenario: Create dedicated user groups for Docker service isolation and access control.
groupadd docker
Description: Creates a user group named docker.
Command Description: It is used to manage group members.
Application Scenario: Grant the access privilege on the Docker service to a user by adding the user to the specified user group.
gpasswd -a $USER docker
Description: Adds the current user to the user group docker.
Command Description: It is used to disable all swap partitions and swap files in the system.
Application Scenario: Disable swap space to improve performance.
swapoff -a
Description: Disables all swap partitions and swap files in the system.
Command Description: It is used to load kernel modules.
Application Scenario: Load the br_netfilter module dynamically to ensure proper operation and management of the Docker network.
modprobe br_netfilter
Description: Loads the br_netfilter module to activate it in the kernel, enabling support for Docker's networking functionality.
Command Description: It controls the systemd system and the service manager.
Application Scenario: Ensure the Docker service starts automatically on system boot.
systemctl enable docker.service
Description: Enables the docker.service unit to start automatically on system boot.
Command Description: It sends signals to processes.
Application Scenario: Send a SIGHUP signal to the Docker daemon to reload the configuration file without stopping or restarting the Docker service.
kill -HUP 1234
Description: Sends a SIGHUP signal to the Docker daemon (PID 1234) to apply configuration changes without service interruption.
Command Description: It allows authorized users to run specific commands as the superuser without logging in to the server with the superuser account.
Application Scenario: Automate script execution and perform operations requiring the superuser's privileges.
echo sudo_xxxx_passwd | sudo -S sh -c "systemctl start docker"
Example: Starts the Docker service with the superuser's privileges.
Command Description: It interprets and executes command strings specified via the -c option.
Application Scenario: Execute complex operations using a single command while ensuring proper privilege context.
Description: Executes the command in a new shell with the superuser's privileges.
Command Description: It is used to output a string to standard output.
Application Scenario: Output strings to other commands for automation and batch processing.
Description: Pipes the standard output of echo, which contains the sudo password, to sudo -S, enabling privileged command execution without interactive password entry.
Command Description: It is used to copy files and directories.
Application Scenario: Deploy and update service files to enable the system to manage and start corresponding services.
cp -f /home/finekey/docker.service /etc/systemd/system
Description: Copies /home/finekey/docker.service and pastes the path to /etc/systemd/system/ to enable the systemd system to manage the service.
Command Description: It is used to view and modify kernel parameter configuration.
Application Scenario: View and modify specific kernel parameters such as net.bridge.bridge-nf-call-iptables, net.ipv4.conf.all.forwarding, and net.ipv4.ip_forward.
sysctl -n net.ipv4.ip_forward
Description: Checks the status of IPv4 forwarding in the current system.
Command Description: It is used to perform search, replace, insert, and delete operations in text files.
Application Scenario: Modify configuration files, primarily the sysctl.conf file (/etc/sysctl.conf), and kernel parameter configuration. If parameter values are already the target ones, executing this command will activate the parameters without modifying the file.
sudo sed -i 's/^SELINUX=enforcing$/SELINUX=permissive/' /etc/selinux/config
Description: Changes the value of the SELINUX parameter in the config file (/etc/selinux/config) from enforcing to permissive, preventing Docker service startup via the systemctl command.
Command Description: It is used to delete files and directories.
Application Scenario: Purge residual rollback-generated files after deployment failure.
rm -rf /home/fanruan/data
Description: Recursively deletes the /home/fanruan/data path and all its contents.
1. Allow the user dev to execute subsequent configuration commands with sudo privileges as a root user on any host computer.
dev ALL=(root) /bin/sh,/bin/mkdir,/bin/rm,/bin/cp,/bin/systemctl, /bin/kill,/usr/sbin/sysctl,/usr/bin/gpasswd,/usr/sbin/groupadd, /usr/bin/chown,/usr/sbin/modprobe,/usr/bin/echo,/usr/bin/sed, /usr/sbin/swapoff,/bin/sudo
2. (Optional) Allow the user dev to execute commands using the sudo command without entering a password if the user still lacks permission (such as prompting [sudo] password for ubuntu:).
dev ALL=(root) NOPASSWD:/bin/sh,/bin/mkdir,/bin/rm,/bin/cp, /bin/systemctl,/bin/kill,/usr/sbin/sysctl,/usr/bin/gpasswd, /usr/sbin/groupadd,/usr/bin/chown,/usr/sbin/modprobe,/usr/bin/echo, /usr/bin/sed,/usr/sbin/swapoff,/bin/sudo
Ensure the user does not require a TTY session to execute sudo commands. This will allow the execution of sudo commands through scripts/remote commands.
#Defaults: requiretty
The following is an example of the sudoers file.
# User privilege specificationroot ALL=(ALL:ALL) ALL# Defaults requiretty# Allow dev user to run specific commands as rootdev ALL=(root) /bin/sh,/bin/mkdir,/bin/rm,/bin/cp,/bin/systemctl,/bin/kill,/usr/sbin/sysctl,/usr/bin/gpasswd,/usr/sbin/groupadd,/usr/bin/chown,/usr/sbin/modprobe,/usr/bin/echo,/usr/bin/sed,/usr/sbin/swapoff,/bin/sudo