基础依赖（Ubuntu 22.04 AMD64）

# 修改软件源
# https://mirrors.ustc.edu.cn/help/ubuntu.html
sudo bash -c '
cat > /etc/apt/sources.list <<EOF
# 默认注释了源码仓库，如有需要可自行取消注释
deb https://mirrors.ustc.edu.cn/ubuntu/ jammy main restricted universe multiverse
# deb-src https://mirrors.ustc.edu.cn/ubuntu/ jammy main restricted universe multiverse

deb https://mirrors.ustc.edu.cn/ubuntu/ jammy-security main restricted universe multiverse
# deb-src https://mirrors.ustc.edu.cn/ubuntu/ jammy-security main restricted universe multiverse

deb https://mirrors.ustc.edu.cn/ubuntu/ jammy-updates main restricted universe multiverse
# deb-src https://mirrors.ustc.edu.cn/ubuntu/ jammy-updates main restricted universe multiverse

deb https://mirrors.ustc.edu.cn/ubuntu/ jammy-backports main restricted universe multiverse
# deb-src https://mirrors.ustc.edu.cn/ubuntu/ jammy-backports main restricted universe multiverse

# 预发布软件源，不建议启用
# deb https://mirrors.ustc.edu.cn/ubuntu/ jammy-proposed main restricted universe multiverse
# deb-src https://mirrors.ustc.edu.cn/ubuntu/ jammy-proposed main restricted universe multiverse
EOF
'
sudo apt update


# 时区
sudo apt install -y tzdata
sudo bash -c 'ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime && echo "Asia/Shanghai" > /etc/timezone'

# 中文
sudo apt install -y language-pack-zh-hans fonts-wqy-zenhei
sudo update-locale LANG=C.UTF-8


# 安装Docker
sudo curl -fsSL https://mirrors.ustc.edu.cn/docker-ce/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc
echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://mirrors.ustc.edu.cn/docker-ce/linux/ubuntu $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list
sudo apt update
sudo apt install -y docker-ce docker-ce-cli
# 将当前用户加入到docker用户组，退出当前SSH连接，重新连接SSH后生效
sudo usermod -aG docker $USER

# Docker设置国内镜像源
# Docker设置允许使用http的方式从私有镜像仓库拉取和推送镜像
# Docker设置日志上限为100M
# 如果需要更改存储目录，附加选项 "data-root": "/path/to/docker"
sudo bash -c '
cat > /etc/docker/daemon.json <<EOF
{
    "registry-mirrors": [
    ],
    "insecure-registries": [
    ],
    "log-opts": {
        "max-size": "100m"
    }
}
EOF
'
sudo systemctl restart docker


# 安装NVIDIA Driver
sudo apt update
sudo apt install -y --install-recommends nvidia-driver-550
# sudo apt install -y --install-recommends nvidia-driver-570
sudo reboot
#
# 卸载NVIDIA Driver
sudo apt purge nvidia-*
sudo apt purge libnvidia-*
sudo apt autoremove

# 禁用内核更新
sudo apt-mark hold linux-generic linux-image-generic linux-headers-generic
# 恢复内核更新
sudo apt-mark unhold linux-generic linux-image-generic linux-headers-generic

# 使用国内镜像源安装NVIDIA Container Toolkit
# https://nvidia.github.io/libnvidia-container/gpgkey
sudo rm -rvf /usr/share/keyrings/nvidia-container-toolkit-keyring.gpg
curl -fsSL https://ghfast.top/https://github.com/NVIDIA/libnvidia-container/blob/gh-pages/gpgkey | \
sudo gpg --dearmor -o /usr/share/keyrings/nvidia-container-toolkit-keyring.gpg
curl -s -L https://mirrors.ustc.edu.cn/libnvidia-container/stable/deb/nvidia-container-toolkit.list | \
sed "s#deb https://nvidia.github.io#deb [signed-by=/usr/share/keyrings/nvidia-container-toolkit-keyring.gpg] https://mirrors.ustc.edu.cn#g" | \
sudo tee /etc/apt/sources.list.d/nvidia-container-toolkit.list
sudo apt update
sudo apt install -y nvidia-container-toolkit
sudo systemctl restart docker

# 解决运行过程中GPU在容器中突然丢失导致的问题Failed to initialize NVML: Unknown Error
# https://github.com/NVIDIA/nvidia-container-toolkit/issues/48
sudo nvidia-ctk system create-dev-char-symlinks --create-all
sudo systemctl restart docker


# 创建容器持久化目录
mkdir -p ~/workspace-docker
# 更改容器持久化目录权限
sudo chown $(id -u):$(id -g) ~/workspace-docker


################
# MariaDB

docker pull swr.cn-southwest-2.myhuaweicloud.com/ictrek/mariadb:11

mkdir -p ~/workspace-docker/mariadb

docker rm -f mariadb

docker run -d --restart unless-stopped --name mariadb \
-p 3306:3306 \
-e MARIADB_ROOT_PASSWORD=Mm123456 \
-v ~/workspace-docker/mariadb:/var/lib/mysql \
swr.cn-southwest-2.myhuaweicloud.com/ictrek/mariadb:11 --character-set-server=utf8mb4 --collation-server=utf8mb4_bin --max-connections=3000

#
################


################
# Redis

docker pull swr.cn-southwest-2.myhuaweicloud.com/ictrek/redis:7

mkdir -p ~/workspace-docker/redis

docker rm -f redis

docker run -d --restart unless-stopped --name redis \
-p 6379:6379 \
-v ~/workspace-docker/redis:/data \
swr.cn-southwest-2.myhuaweicloud.com/ictrek/redis:7 \
bash -c '
find appendonlydir \( -name "*.aof" -o -name "*.manifest" \) -exec bash -c "echo y | redis-check-aof --fix {}" \;
redis-server --requirepass Rr123456 --appendonly yes
'

#
################


################
# MinIO

# docker pull swr.cn-southwest-2.myhuaweicloud.com/ictrek/minio:RELEASE.2021-04-22T15-44-28Z

mkdir -p ~/workspace-docker/minio/vos

docker rm -f minio

docker run -d --restart unless-stopped --name minio \
-p 9000:9000 \
-e MINIO_ROOT_USER=root \
-e MINIO_ROOT_PASSWORD=Mm123456 \
-v ~/workspace-docker/minio:/data \
swr.cn-southwest-2.myhuaweicloud.com/ictrek/minio:RELEASE.2021-04-22T15-44-28Z server /data

#
################


################
# Consul

docker pull swr.cn-southwest-2.myhuaweicloud.com/ictrek/consul:1.14

mkdir -p ~/workspace-docker/consul

docker rm -f consul

docker run -d --restart unless-stopped --name consul \
-p 8500:8500 \
-v ~/workspace-docker/consul:/consul/data \
swr.cn-southwest-2.myhuaweicloud.com/ictrek/consul:1.14 agent -server -bootstrap-expect=1 -node=node1 -ui -client=0.0.0.0

#
################


################
# Elasticsearch

docker pull swr.cn-southwest-2.myhuaweicloud.com/ictrek/elasticsearch:8.17.2

mkdir -p ~/workspace-docker/elasticsearch/data
mkdir -p ~/workspace-docker/elasticsearch/plugins

# 修正目录权限
docker run --rm --user root \
-v ~/workspace-docker/elasticsearch/data:/usr/share/elasticsearch/data \
-v ~/workspace-docker/elasticsearch/plugins:/usr/share/elasticsearch/plugins \
swr.cn-southwest-2.myhuaweicloud.com/ictrek/elasticsearch:8.17.2 \
chown -R elasticsearch /usr/share/elasticsearch/data /usr/share/elasticsearch/plugins

docker rm -f elasticsearch

docker run -d --restart unless-stopped --name elasticsearch \
-p 9200:9200 -p 9300:9300 \
-e discovery.type="single-node" \
-e network.host="0.0.0.0" \
-e http.cors.enabled="true" \
-e http.cors.allow-origin='"*"' \
-e xpack.security.enabled="true" \
-e xpack.security.http.ssl.enabled="false" \
-e xpack.security.transport.ssl.enabled="false" \
-e cluster.routing.allocation.disk.threshold_enabled="false" \
-e ELASTIC_PASSWORD="Ee123456" \
-e ES_JAVA_OPTS="-Xms2g -Xmx2g" \
-v ~/workspace-docker/elasticsearch/data:/usr/share/elasticsearch/data \
-v ~/workspace-docker/elasticsearch/plugins:/usr/share/elasticsearch/plugins \
swr.cn-southwest-2.myhuaweicloud.com/ictrek/elasticsearch:8.17.2

#
################


################
# Kafka

docker pull swr.cn-southwest-2.myhuaweicloud.com/ictrek/cp-kafka:7.6.1

# 生成CLUSTER_ID
# docker run --rm swr.cn-southwest-2.myhuaweicloud.com/ictrek/cp-kafka:7.6.1 /bin/kafka-storage random-uuid

mkdir -p ~/workspace-docker/kafka/secrets
mkdir -p ~/workspace-docker/kafka/data

# 修正目录权限
docker run --rm --user root \
-v ~/workspace-docker/kafka/secrets:/etc/kafka/secrets \
-v ~/workspace-docker/kafka/data:/var/lib/kafka/data \
swr.cn-southwest-2.myhuaweicloud.com/ictrek/cp-kafka:7.6.1 \
chown -R appuser:appuser /etc/kafka/secrets /var/lib/kafka/data

docker rm -f kafka-kraft

docker run -d --restart unless-stopped --name kafka-kraft \
-p 19001:19001 -p 19002:19002 \
-e CLUSTER_ID='nYxq5AcRS1q8H1zkM1XHzw' \
-e KAFKA_NODE_ID=1 \
-e KAFKA_PROCESS_ROLES='broker,controller' \
-e KAFKA_LISTENER_SECURITY_PROTOCOL_MAP='PLAINTEXT:PLAINTEXT,CONTROLLER:PLAINTEXT' \
-e KAFKA_INTER_BROKER_LISTENER_NAME='PLAINTEXT' \
-e KAFKA_CONTROLLER_LISTENER_NAMES='CONTROLLER' \
-e KAFKA_LISTENERS='PLAINTEXT://:19001,CONTROLLER://:19002' \
-e KAFKA_ADVERTISED_LISTENERS='PLAINTEXT://172.17.0.1:19001' \
-e KAFKA_CONTROLLER_QUORUM_VOTERS='1@172.17.0.1:19002' \
-e KAFKA_OFFSETS_TOPIC_REPLICATION_FACTOR=1 \
-e KAFKA_MESSAGE_MAX_BYTES=10485760 \
-v ~/workspace-docker/kafka/secrets:/etc/kafka/secrets \
-v ~/workspace-docker/kafka/data:/var/lib/kafka/data \
swr.cn-southwest-2.myhuaweicloud.com/ictrek/cp-kafka:7.6.1


# redpandadata-console
docker pull swr.cn-southwest-2.myhuaweicloud.com/ictrek/redpandadata-console:v3.1.3

docker rm -f redpanda

docker run -d --restart unless-stopped --name redpanda \
-p 19003:8080 \
-e KAFKA_BROKERS=172.17.0.1:19001 \
swr.cn-southwest-2.myhuaweicloud.com/ictrek/redpandadata-console:v3.1.3

#
################


################
# 安装透明代理服务

sudo bash -c '
apt install privoxy
sed -i "s/listen-address  127.0.0.1:8118/#listen-address  127.0.0.1:8118/g" /etc/privoxy/config
sed -i "s/listen-address  \[::1\]:8118/#listen-address  \[::1\]:8118/g" /etc/privoxy/config
echo "listen-address :8888" >> /etc/privoxy/config
echo "max-client-connections 1024" >> /etc/privoxy/config
echo "forwarded-connect-retries 3" >> /etc/privoxy/config
systemctl restart privoxy.service
'

# 测试代理
curl -x http://192.168.1.212:8888 http://bing.com

#
################


################
# apt代理

# 配置apt使用代理
sudo bash -c '
cat > /etc/apt/apt.conf.d/proxy.conf <<EOF
Acquire::http::Proxy "http://192.168.1.212:8888";
Acquire::https::proxy "http://192.168.1.212:8888";
EOF
'

# 取消配置apt使用代理
sudo rm -rvf /etc/apt/apt.conf.d/proxy.conf

#
################


################
# docker代理

# 配置docker使用代理
sudo mkdir -p /etc/systemd/system/docker.service.d
sudo bash -c '
cat > /etc/systemd/system/docker.service.d/http-proxy.conf <<EOF
[Service]
Environment="HTTP_PROXY=http://192.168.1.212:8888"
Environment="HTTPS_PROXY=http://192.168.1.212:8888"
EOF
'
sudo systemctl daemon-reload
sudo systemctl show --property Environment docker
sudo systemctl restart docker

# 取消配置docker使用代理
sudo rm -rvf /etc/systemd/system/docker.service.d/http-proxy.conf
sudo systemctl daemon-reload
sudo systemctl show --property Environment docker
sudo systemctl restart docker

#
################