From ca2175631b518a9ee619aa0aea6727694b016cfe Mon Sep 17 00:00:00 2001 From: imquanquan Date: Mon, 4 Dec 2017 22:13:28 +0800 Subject: [PATCH 1/4] translated --- ...ow to Manage Users with Groups in Linux.md | 183 ++++++++++++++++++ 1 file changed, 183 insertions(+) create mode 100644 translated/tech/20171201 How to Manage Users with Groups in Linux.md diff --git a/translated/tech/20171201 How to Manage Users with Groups in Linux.md b/translated/tech/20171201 How to Manage Users with Groups in Linux.md new file mode 100644 index 0000000000..8baac8707b --- /dev/null +++ b/translated/tech/20171201 How to Manage Users with Groups in Linux.md @@ -0,0 +1,183 @@ +如何在 Linux 系统中用用户组来管理用户 +============================================================ + +### [group-of-people-1645356_1920.jpg][1] + +![groups](https://www.linux.com/sites/lcom/files/styles/rendered_file/public/group-of-people-1645356_1920.jpg?itok=rJlAxBSV) + +在本教程中了解如何通过用户组和访问控制表(ACL)来管理用户。 + +[创意共享协议][4] + +当你需要管理一台容纳多个用户的 Linux 机器时,比起一些基本的用户管理工具所提供的方法,有时候你需要对这些用户采取更多的用户权限管理方式。特别是当你要管理某些用户的权限时,这个想法尤为重要。比如说,你有一个目录,一个用户组中的用户可以通过读和写的权限访问这个目录,而其他用户组中的用户对这个目录只有读的权限。通过 Linux 这是完全可以实现的。但是你首先必须了解如何通过用户组和访问控制表(ACL)来管理用户。 + +我们将从简单的用户开始,逐渐深入到复杂的访问控制表(ACL)。你所需要做的一切都将在你选择的 Linux 发行版中完成。本文的重点是用户组,所以不会涉及到关于用户的基础知识。 + +为了达到演示的目的,我将假设: + +你需要用下面两个用户名新建两个用户: + +* olivia + +* nathan + +你需要新建以下两个用户组: + +* readers + +* editors + +olivia 属于 editors 用户组,而 nathan 属于 readers 用户组。reader 用户组对 ``/DATA`` 目录只有读的权限,而 editors 用户组则对 ``/DATA`` 目录同时有读和写的权限。当然,这是个非常小的任务,但它会给你基本的用法。你可以扩展这个任务以适应你其他更大的需求。 + +我将在 Ubuntu 16.04 Server 平台上进行演示。这些命令都是通用的,唯一不同的是,要是在你的发行版中不使用 sudo 命令,你必须切换到 root 用户来执行这些命令。 + +### 创建用户 + +我们需要做的第一件事是为我们的实验创建两个用户。可以用 ``useradd`` 命令来创建用户,我们不只是简单地创建一个用户,而需要同时创建用户和属于他们的家目录,然后给他们设置密码。 + +``` +sudo useradd -m olivia + +sudo useradd -m nathan +``` + +我们现在创建了两个用户,如果你看看 ``/home`` 目录,你可以发现他们的家目录(因为我们用了 -m 选项,可以帮在创建用户的同时创建他们的家目录。 + +之后,我们可以用以下命令给他们设置密码: + +``` +sudo passwd olivia + +sudo passwd nathan +``` + +就这样,我们创建了两个用户。 + +### 创建用户组并添加用户 + +现在我们将创建 readers 和 editors 用户组,然后给它们添加用户。创建用户组的命令是: + +``` +addgroup readers + +addgroup editors +``` + +(译者注:当你使用 CentOS 等一些 Linux 发行版时,可能系统没有 addgroup 这个命令,推荐使用 groupadd 命令来替换 addgroup 命令以达到同样的效果) + + +### [groups_1.jpg][2] + +![groups](https://www.linux.com/sites/lcom/files/styles/rendered_file/public/groups_1.jpg?itok=BKwL89BB) + +图一:我们可以使用刚创建的新用户组了。 + +[Used with permission][5] + +创建用户组后,我们需要给他们添加用户。我们用以下命令来将 nathan 添加到 readers 用户组: + +``` +sudo usermod -a -G readers nathan +``` +用以下命令将 olivia 添加到 editors 用户组: + +``` +sudo usermod -a -G editors olivia +``` + +现在我们已经准备好用用户组来管理用户了。 + +### 给用户组授予目录的权限 + +假设你有个目录 ``/READERS``,允许 readers 用户组的所有成员访问这个目录。首先,我们执行以下命令来更改目录所属用户组: + +``` +sudo chown -R :readers /READERS +``` + +接下来,执行以下命令收回目录所属用户组的写入权限: + +``` +sudo chmod -R g-w /READERS +``` + +然后我们执行下面的命令来收回其他用户对这个目录的访问权限(以防止任何不在读者组中的用户访问这个目录里的文件): + +``` +sudo chmod -R o-x /READERS +``` + +这时候,只有目录的所有者(root)和用户组 reader 中的用户可以访问 ``/READES`` 中的文件。 + +假设你有个目录 ``/EDITORS`` ,你需要给用户组 editors 里的成员这个目录的读和写的权限。为了达到这个目的,执行下面的这些命令是必要的: + +``` +sudo chown -R :editors /EDITORS + +sudo chmod -R g+w /EDITORS + +sudo chmod -R o-x /EDITORS +``` + +此时 editors 用户组的所有成员都可以访问和修改其中的文件。除此之外其他用户(除了 root 之外)无法访问 ``/EDITORS`` 中的任何文件。 + +使用这个方法的问题在于,你一次只能操作一个组和一个目录而已。这时候访问控制表(ACL)就可以派得上用场了。 + + +### 使用访问控制表(ACL) + +现在,让我们把这个问题变得棘手一点。假设你有一个目录 ``/DATA`` 并且你想给 readers 用户组的成员读取权限同时给 editors 用户组的成员读和写的权限。为此,你必须要用到 setfacl 命令。setfacl 命令可以为文件或文件夹设置一个访问控制表(ACL)。 + +这个命令的结构如下: + +``` +setfacl OPTION X:NAME:Y /DIRECTORY +``` + +其中 OPTION 是可选选项,X 可以是 u(用户)或者是 g (用户组),NAME 是用户或者用户组的名字,/DIRECTORY 是要用到的目录。我们将使用 -m 选项进行修改(modify)。因此,我们给 readers 用户组添加读取权限的命令是: + +``` +sudo setfacl -m g:readers:rx -R /DATA +``` + +现在 readers 用户组里面的每一个用户都可以读取 /DATA 目录里的文件了,但是他们不能修改里面的内容。 + +为了给 editors 用户组里面的用户读写权限,我们执行了以下的命令: + +``` +sudo setfacl -m g:editors:rwx -R /DATA +``` +上述命令将赋予 editors 用户组中的任何成员读取权限,同时保留 readers 用户组的只读权限。 + +### 更多的权限控制 + +使用访问控制表(ACL),你可以实现你所需的权限控制。你可以实现将用户添加到用户组,并且可靠灵活地控制这些用户组对每个目录的权限以达到你的需求。想要了解上述工具的更多信息,可以执行下列的命令: + +* man usradd + +* man addgroup + +* man usermod + +* man sefacl + +* man chown + +* man chmod + + +-------------------------------------------------------------------------------- + +via: https://www.linux.com/learn/intro-to-linux/2017/12/how-manage-users-groups-linux + +作者:[Jack Wallen ] +译者:[imquanquan](https://github.com/imquanquan) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[1]:https://www.linux.com/files/images/group-people-16453561920jpg +[2]:https://www.linux.com/files/images/groups1jpg +[3]:https://training.linuxfoundation.org/linux-courses/system-administration-training/introduction-to-linux +[4]:https://www.linux.com/licenses/category/creative-commons-zero +[5]:https://www.linux.com/licenses/category/used-permission From 1e5d60f56f5695b538bc5c8d0448a69b6cf0db57 Mon Sep 17 00:00:00 2001 From: imquanquan Date: Mon, 4 Dec 2017 22:33:42 +0800 Subject: [PATCH 2/4] Delete 20171201 How to Manage Users with Groups in Linux.md --- ...ow to Manage Users with Groups in Linux.md | 168 ------------------ 1 file changed, 168 deletions(-) delete mode 100644 sources/tech/20171201 How to Manage Users with Groups in Linux.md diff --git a/sources/tech/20171201 How to Manage Users with Groups in Linux.md b/sources/tech/20171201 How to Manage Users with Groups in Linux.md deleted file mode 100644 index 35350c819f..0000000000 --- a/sources/tech/20171201 How to Manage Users with Groups in Linux.md +++ /dev/null @@ -1,168 +0,0 @@ -translating---imquanquan - -How to Manage Users with Groups in Linux -============================================================ - -### [group-of-people-1645356_1920.jpg][1] - -![groups](https://www.linux.com/sites/lcom/files/styles/rendered_file/public/group-of-people-1645356_1920.jpg?itok=rJlAxBSV) - -Learn how to work with users, via groups and access control lists in this tutorial. - -[Creative Commons Zero][4] - -Pixabay - -When you administer a Linux machine that houses multiple users, there might be times when you need to take more control over those users than the basic user tools offer. This idea comes to the fore especially when you need to manage permissions for certain users. Say, for example, you have a directory that needs to be accessed with read/write permissions by one group of users and only read permissions for another group. With Linux, this is entirely possible. To make this happen, however, you must first understand how to work with users, via groups and access control lists (ACLs). - -We’ll start from the beginning with users and work our way to the more complex ACLs. Everything you need to make this happen will be included in your Linux distribution of choice. We won’t touch on the basics of users, as the focus on this article is about groups. - -For the purpose of this piece, I’m going to assume the following: - -You need to create two users with usernames: - -* olivia - -* nathan - -You need to create two groups: - -* readers - -* editors - -Olivia needs to be a member of the group editors, while nathan needs to be a member of the group readers. The group readers needs to only have read permission to the directory /DATA, whereas the group editors needs to have both read and write permission to the /DATA directory. This, of course, is very minimal, but it will give you the basic information you need to expand the tasks to fit your much larger needs. - -I’ll be demonstrating on the Ubuntu 16.04 Server platform. The commands will be universal—the only difference would be if your distribution of choice doesn’t make use of sudo. If this is the case, you’ll have to first su to the root user to issue the commands that require sudo in the demonstrations. - -### Creating the users - -The first thing we need to do is create the two users for our experiment. User creation is handled with the useradd command. Instead of just simply creating the users we need to create them both with their own home directories and then give them passwords. - -The first thing we do is create the users. To do this, issue the commands: - -``` -sudo useradd -m olivia - -sudo useradd -m nathan -``` - -Next each user must have a password. To add passwords into the mix, you’d issue the following commands: - -``` -sudo passwd olivia - -sudo passwd nathan -``` - -That’s it, your users are created. - -### Creating groups and adding users - -Now we’re going to create the groups readers and editors and then add users to them. The commands to create our groups are: - -``` -addgroup readers - -addgroup editors -``` - -### [groups_1.jpg][2] - -![groups](https://www.linux.com/sites/lcom/files/styles/rendered_file/public/groups_1.jpg?itok=BKwL89BB) - -Figure 1: Our new groups ready to be used. - -[Used with permission][5] - -With our groups created, we need to add our users. We’ll add user nathan to group readers with the command: - -``` -sudo usermod -a -G readers nathan -``` - -``` -sudo usermod -a -G editors olivia -``` - -### Giving groups permissions to directories - -Let’s say you have the directory /READERS and you need to allow all members of the readers group access to that directory. First, change the group of the folder with the command: - -``` -sudo chown -R :readers /READERS -``` - -``` -sudo chmod -R g-w /READERS -``` - -``` -sudo chmod -R o-x /READERS -``` - -Let’s say you have the directory /EDITORS and you need to give members of the editors group read and write permission to its contents. To do that, the following command would be necessary: - -``` -sudo chown -R :editors /EDITORS - -sudo chmod -R g+w /EDITORS - -sudo chmod -R o-x /EDITORS -``` - -The problem with using this method is you can only add one group to a directory at a time. This is where access control lists come in handy. - -### Using access control lists - -Now, let’s get tricky. Say you have a single folder—/DATA—and you want to give members of the readers group read permission and members of the group editors read/write permissions. To do that, you must take advantage of the setfacl command. The setfacl command sets file access control lists for files and folders. - -The structure of this command looks like this: - -``` -setfacl OPTION X:NAME:Y /DIRECTORY -``` - -``` -sudo setfacl -m g:readers:rx -R /DATA -``` - -To give members of the editors group read/write permissions (while retaining read permissions for the readers group), we’d issue the command; - -``` -sudo setfacl -m g:editors:rwx -R /DATA -``` - -### All the control you need - -And there you have it. You can now add members to groups and control those groups’ access to various directories with all the power and flexibility you need. To read more about the above tools, issue the commands: - -* man usradd - -* man addgroup - -* man usermod - -* man sefacl - -* man chown - -* man chmod - -Learn more about Linux through the free ["Introduction to Linux" ][3]course from The Linux Foundation and edX. - --------------------------------------------------------------------------------- - -via: https://www.linux.com/learn/intro-to-linux/2017/12/how-manage-users-groups-linux - -作者:[Jack Wallen ] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[1]:https://www.linux.com/files/images/group-people-16453561920jpg -[2]:https://www.linux.com/files/images/groups1jpg -[3]:https://training.linuxfoundation.org/linux-courses/system-administration-training/introduction-to-linux -[4]:https://www.linux.com/licenses/category/creative-commons-zero -[5]:https://www.linux.com/licenses/category/used-permission From 18ae29fedefe613992f4c3c98b15fb6a4c7a121c Mon Sep 17 00:00:00 2001 From: wxy Date: Mon, 4 Dec 2017 22:38:01 +0800 Subject: [PATCH 3/4] PRF:20171124 Photon Could Be Your New Favorite Container OS.md MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @KeyLD 恭喜你,完成了第一篇翻译! 不过,按照流程,翻译前应该发起申请的 PR,翻译完提交时,要将原文删除。 --- ...Could Be Your New Favorite Container OS.md | 146 ------------------ ...Could Be Your New Favorite Container OS.md | 77 ++++----- 2 files changed, 32 insertions(+), 191 deletions(-) delete mode 100644 sources/tech/20171124 Photon Could Be Your New Favorite Container OS.md diff --git a/sources/tech/20171124 Photon Could Be Your New Favorite Container OS.md b/sources/tech/20171124 Photon Could Be Your New Favorite Container OS.md deleted file mode 100644 index d282ef5445..0000000000 --- a/sources/tech/20171124 Photon Could Be Your New Favorite Container OS.md +++ /dev/null @@ -1,146 +0,0 @@ -Photon Could Be Your New Favorite Container OS -============================================================ - -![Photon OS](https://www.linux.com/sites/lcom/files/styles/rendered_file/public/photon-linux.jpg?itok=jUFHPR_c "Photon OS") -Jack Wallen says Photon OS is an outstanding platform, geared specifically for containers.[Creative Commons Zero][5]Pixabay - -Containers are all the rage, and with good reason. [As discussed previously][13], containers allow you to quickly and easily deploy new services and applications onto your network, without requiring too much in the way of added system resources. Containers are more cost-effective than using dedicated hardware or virtual machines, and they’re easier to update and reuse. - -Best of all, containers love Linux (and vice versa). Without much trouble or time, you can get a Linux server up and running with [Docker][14] and deploying containers. But, which Linux distribution is best suited for the deployment of your containers? There are a _lot_  of options. You could go with a standard Ubuntu Server platform (which makes installing Docker and deploying containers incredibly easy), or you could opt for a lighter weight distribution — one geared specifically for the purpose of deploying containers. - -One such distribution is [Photon][15]. This particular platform was created in 2005 by [VMware][16]; it includes the Docker daemon and works with container frameworks, such as Mesos and Kubernetes. Photon is optimized to work with [VMware vSphere][17], but it can be used on bare metal, [Microsoft Azure][18], [Google Compute Engine][19], [Amazon Elastic Compute Cloud][20], or [VirtualBox][21]. - -Photon manages to stay slim by only installing what is absolutely necessary to run the Docker daemon. In the end, the distribution comes in around 300 MB. This is just enough Linux make it all work. The key features to Photon are: - -* Kernel tuned for performance. - -* Kernel is hardened according to the [Kernel Self-Protection Project][6] (KSPP). - -* All installed packages are built with hardened security flags. - -* Operating system boots with validated trust. - -* Photon management daemon manages firewall, network, packages, and users on remote Photon OS machines. - -* Support for persistent volumes. - -* [Project Lightwave][7] integration. - -* Timely security patches and updates. - -Photon can be used via [ISO][22], [OVA][23], [Amazon Machine Image][24], [Google Compute Engine image][25], and [Azure VHD][26]. I’ll show you how to install Photon on VirtualBox, using an ISO image. The installation takes about five minutes and, in the end, you’ll have a virtual machine, ready to deploy containers. - -### Creating the virtual machine - -Before you deploy that first container, you have to create the virtual machine and install Photon. To do this, open up VirtualBox and click the New button. Walk through the Create Virtual Machine wizard (giving Photon the necessary resources, based on the usage you predict the container server will need). Once you’ve created the virtual machine, you need to first make a change to the settings. Select the newly created virtual machine (in the left pane of the VirtualBox main window) and then click Settings. In the resulting window, click on Network (from the left navigation). - -In the Networking window (Figure 1), you need to change the Attached to drop-down to Bridged Adapter. This will ensure your Photon server is reachable from your network. Once you’ve made that change, click OK. - -### [photon_0.jpg][8] - -![change settings](https://www.linux.com/sites/lcom/files/styles/rendered_file/public/photon_0.jpg?itok=Q0yhOhsZ "change settings") -Figure 1: Changing the VirtualBox network settings for Photon.[Used with permission][1] - -Select your Photon virtual machine from the left navigation and then click Start. You will be prompted to locate and attach the IOS image. Once you’ve done that, Photon will boot up and prompt you to hit Enter to begin the installation. The installation is ncurses based (there is no GUI), but it’s incredibly simple. - -In the next screen (Figure 2), you will be asked if you want to do a Minimal, Full, or OSTree Server. I opted to go the Full route. Select whichever option you require and hit enter. - -### [photon_1.jpg][9] - -![installation type](https://www.linux.com/sites/lcom/files/styles/rendered_file/public/photon_1.jpg?itok=OdnMVpaA "installation type") -Figure 2: Selecting your installation type.[Used with permission][2] - -In the next window, select the disk that will house Photon. Since we’re installing this as a virtual machine, there will be only one disk listed (Figure 3). Tab down to Auto and hit Enter on your keyboard. The installation will then require you to type (and verify) an administrator password. Once you’ve done that, the installation will begin and finish in less than five minutes. - -### [photon_2.jpg][10] - -![Photon ](https://www.linux.com/sites/lcom/files/styles/rendered_file/public/photon_2.jpg?itok=QL1Rs-PH "Photon") -Figure 3: Selecting your hard disk for the Photon installation.[Used with permission][3] - -Once the installation completes, reboot the virtual machine and log in with the username root and the password you created during installation. You are ready to start working. - -Before you begin using Docker on Photon, you’ll want to upgrade the platform. Photon uses the _yum_ package manager, so login as root and issue the command  _yum update_ .If there are any updates available, you’ll be asked to okay the process (Figure 4). - -### [photon_3.jpg][11] - -![Updating](https://www.linux.com/sites/lcom/files/styles/rendered_file/public/photon_3.jpg?itok=vjqrspE2 "Updating") -Figure 4: Updating Photon.[Used with permission][4] - -Usage - -As I mentioned, Photon comes with everything you need to deploy containers or even create a Kubernetes cluster. However, out of the box, there are a few things you’ll need to do. The first thing is to enable the Docker daemon to run at start. To do this, issue the commands: - -``` -systemctl start docker - -systemctl enable docker -``` - -Now we need to create a standard user, so we’re not running the docker command as root. To do this, issue the following commands: - -``` -useradd -m USERNAME - -passwd USERNAME -``` - -Where USERNAME is the name of the user to add. - -Next we need to add the new user to the  _docker_ group with the command: - -``` -usermod -a -G docker USERNAME -``` - -Where USERNAME is the name of the user just created. - -Log out as the root user and log back in as the newly created user. You can now work with the  _docker _ command without having to make use of  _sudo_  or switching to the root user. Pull down an image from Docker Hub and start deploying containers. - -### An outstanding container platform - -Photon is, without a doubt, an outstanding platform, geared specifically for containers. Do note that Photon is an open source project, so there is no paid support to be had. If you find yourself having trouble with Photon, hop on over to the [Issues tab in the Photon Project’s Github page][27], where you can read and post about issues. And if you’re interested in forking Photon, you’ll find the source code on the project’s [official Github page][28]. - -Give Photon a try and see if it doesn’t make deploying Docker containers and/or Kubernetes clusters significantly easier. - - _Learn more about Linux through the free ["Introduction to Linux" ][29]course from The Linux Foundation and edX._ - --------------------------------------------------------------------------------- - -via: 网址 - -作者:[ JACK WALLEN][a] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:https://www.linux.com/users/jlwallen -[1]:https://www.linux.com/licenses/category/used-permission -[2]:https://www.linux.com/licenses/category/used-permission -[3]:https://www.linux.com/licenses/category/used-permission -[4]:https://www.linux.com/licenses/category/used-permission -[5]:https://www.linux.com/licenses/category/creative-commons-zero -[6]:https://kernsec.org/wiki/index.php/Kernel_Self_Protection_Project -[7]:http://vmware.github.io/lightwave/ -[8]:https://www.linux.com/files/images/photon0jpg -[9]:https://www.linux.com/files/images/photon1jpg -[10]:https://www.linux.com/files/images/photon2jpg -[11]:https://www.linux.com/files/images/photon3jpg -[12]:https://www.linux.com/files/images/photon-linuxjpg -[13]:https://www.linux.com/learn/intro-to-linux/2017/11/how-install-and-use-docker-linux -[14]:https://www.docker.com/ -[15]:https://vmware.github.io/photon/ -[16]:https://www.vmware.com/ -[17]:https://www.vmware.com/products/vsphere.html -[18]:https://azure.microsoft.com/ -[19]:https://cloud.google.com/compute/ -[20]:https://aws.amazon.com/ec2/ -[21]:https://www.virtualbox.org/ -[22]:https://github.com/vmware/photon/wiki/Downloading-Photon-OS -[23]:https://github.com/vmware/photon/wiki/Downloading-Photon-OS -[24]:https://github.com/vmware/photon/wiki/Downloading-Photon-OS -[25]:https://github.com/vmware/photon/wiki/Downloading-Photon-OS -[26]:https://github.com/vmware/photon/wiki/Downloading-Photon-OS -[27]:https://github.com/vmware/photon/issues -[28]:https://github.com/vmware/photon -[29]:https://training.linuxfoundation.org/linux-courses/system-administration-training/introduction-to-linux diff --git a/translated/tech/20171124 Photon Could Be Your New Favorite Container OS.md b/translated/tech/20171124 Photon Could Be Your New Favorite Container OS.md index e51c580da9..3496f22f4a 100644 --- a/translated/tech/20171124 Photon Could Be Your New Favorite Container OS.md +++ b/translated/tech/20171124 Photon Could Be Your New Favorite Container OS.md @@ -1,109 +1,96 @@ -Photon也许能成为你最喜爱的容器操作系统 +Photon 也许能成为你最喜爱的容器操作系统 ============================================================ ![Photon OS](https://www.linux.com/sites/lcom/files/styles/rendered_file/public/photon-linux.jpg?itok=jUFHPR_c "Photon OS") -Phonton OS专注于容器,是一个非常出色的平台。 —— Jack Wallen +>Phonton OS 专注于容器,是一个非常出色的平台。 —— Jack Wallen 容器在当下的火热,并不是没有原因的。正如[之前][13]讨论的,容器可以使您轻松快捷地将新的服务与应用部署到您的网络上,而且并不耗费太多的系统资源。比起专用硬件和虚拟机,容器都是更加划算的,除此之外,他们更容易更新与重用。 -更重要的是,容器喜欢Linux(反之亦然)。不需要太多时间和麻烦,你就可以启动一台Linux服务器,运行[Docker][14],再是部署容器。但是,哪种Linux发行版最适合部署容器呢?我们的选择很多。你可以使用标准的Ubuntu服务器平台(更容易安装Docker并部署容器)或者是更轻量级的发行版 —— 专门用于部署容器。 +更重要的是,容器喜欢 Linux(反之亦然)。不需要太多时间和麻烦,你就可以启动一台 Linux 服务器,运行[Docker][14],然后部署容器。但是,哪种 Linux 发行版最适合部署容器呢?我们的选择很多。你可以使用标准的 Ubuntu 服务器平台(更容易安装 Docker 并部署容器)或者是更轻量级的发行版 —— 专门用于部署容器。 -[Photon][15]就是这样的一个发行版。这个特殊的版本是由[VMware][16]于2005年创建的,它包含了Docker的守护进程,并与容器框架(如Mesos和Kubernetes)一起使用。Photon经过优化可与[VMware vSphere][17]协同工作,而且可用于裸机,[Microsoft Azure][18], [Google Compute Engine][19], [Amazon Elastic Compute Cloud][20], 或者 [VirtualBox][21]等。 +[Photon][15] 就是这样的一个发行版。这个特殊的版本是由 [VMware][16] 于 2005 年创建的,它包含了 Docker 的守护进程,并可与容器框架(如 Mesos 和 Kubernetes )一起使用。Photon 经过优化可与 [VMware vSphere][17] 协同工作,而且可用于裸机、[Microsoft Azure][18]、 [Google Compute Engine][19]、 [Amazon Elastic Compute Cloud][20] 或者 [VirtualBox][21] 等。 -Photon通过只安装Docker守护进程所必需的东西来保持它的轻量。而这样做的结果是,这个发行版的大小大约只有300MB。但这足以让Linux的运行一切正常。除此之外,Photon的主要特点还有: - -* 内核调整为性能模式。 - -* 内核根据[内核自防护项目][6](KSPP)进行了加固。 +Photon 通过只安装 Docker 守护进程所必需的东西来保持它的轻量。而这样做的结果是,这个发行版的大小大约只有 300MB。但这足以让 Linux 的运行一切正常。除此之外,Photon 的主要特点还有: +* 内核为性能而调整。 +* 内核根据[内核自防护项目][6](KSPP)进行了加固。 * 所有安装的软件包都根据加固的安全标识来构建。 - * 操作系统在信任验证后启动。 - -* Photon管理进程管理防火墙,网络,软件包,和远程登录在Photon机子上的用户。 - +* Photon 的管理进程可以管理防火墙、网络、软件包,和远程登录在 Photon 机器上的用户。 * 支持持久卷。 - * [Project Lightwave][7] 整合。 - * 及时的安全补丁与更新。 -Photon可以通过[ISO][22],[OVA][23],[Amazon Machine Image][24],[Google Compute Engine image][25]和[Azure VHD][26]安装使用。现在我将向您展示如何使用ISO镜像在VirtualBox上安装Photon。整个安装过程大概需要五分钟,在最后您将有一台随时可以部署容器的虚拟机。 +Photon 可以通过 [ISO 镜像][22]、[OVA][23]、[Amazon Machine Image][24]、[Google Compute Engine 镜像][25] 和 [Azure VHD][26] 安装使用。现在我将向您展示如何使用 ISO 镜像在 VirtualBox 上安装 Photon。整个安装过程大概需要五分钟,在最后您将有一台随时可以部署容器的虚拟机。 ### 创建虚拟机 -在部署第一台容器之前,您必须先创建一台虚拟机并安装Photon。为此,打开VirtualBox并点击“新建”按钮。跟着创建虚拟机向导进行配置(根据您的容器将需要的用途,为Photon提供必要的资源)。在创建好虚拟机后,您所需要做的第一件事就是更改配置。选择新建的虚拟机(在VirtualBox主窗口的左侧面板中),然后单击“设置”。在弹出的窗口中,点击“网络”(在左侧的导航中)。 +在部署第一台容器之前,您必须先创建一台虚拟机并安装 Photon。为此,打开 VirtualBox 并点击“新建”按钮。跟着创建虚拟机向导进行配置(根据您的容器将需要的用途,为 Photon 提供必要的资源)。在创建好虚拟机后,您所需要做的第一件事就是更改配置。选择新建的虚拟机(在 VirtualBox 主窗口的左侧面板中),然后单击“设置”。在弹出的窗口中,点击“网络”(在左侧的导航中)。 -在“网络”窗口(图1)中,你需要在“连接”的下拉窗口中选择桥接。这可以确保您的Photon服务与您的网络相连。完成更改后,单击确定。 - -### [photon_0.jpg][8] +在“网络”窗口(图1)中,你需要在“连接”的下拉窗口中选择桥接。这可以确保您的 Photon 服务与您的网络相连。完成更改后,单击确定。 ![change settings](https://www.linux.com/sites/lcom/files/styles/rendered_file/public/photon_0.jpg?itok=Q0yhOhsZ "change setatings") -图 1: 更改Photon在VirtualBox中的网络设置。[经许可使用][1] -从左侧的导航选择您的Photon虚拟机,点击启动。系统会提示您去加载IOS镜像。当您完成之后,Photon安装程序将会启动并提示您按回车后开始安装。安装过程基于ncurses(没有GUI),但它非常简单。 +*图 1: 更改 Photon 在 VirtualBox 中的网络设置。[经许可使用][1]* -接下来(图2),系统会询问您是要最小化安装,完整安装还是安装OSTree服务器。我选择了完整安装。选择您所需要的任意选项,然后按回车继续。 +从左侧的导航选择您的 Photon 虚拟机,点击启动。系统会提示您去加载 ISO 镜像。当您完成之后,Photon 安装程序将会启动并提示您按回车后开始安装。安装过程基于 ncurses(没有 GUI),但它非常简单。 -### [photon_1.jpg][9] +接下来(图2),系统会询问您是要最小化安装,完整安装还是安装 OSTree 服务器。我选择了完整安装。选择您所需要的任意选项,然后按回车继续。 ![installation type](https://www.linux.com/sites/lcom/files/styles/rendered_file/public/photon_2.jpg?itok=QL1Rs-PH "Photon") -图 2: 选择您的安装类型.[经许可使用][2] -在下一个窗口,选择您要安装Photon的磁盘。由于我们将其安装在虚拟机,因此只有一块磁盘会被列出(图3)。选择“自动”按下回车。然后安装程序会让您输入(并验证)管理员密码。在这之后镜像开始安装在您的磁盘上并在不到5分钟的时间内结束。 +*图 2: 选择您的安装类型。[经许可使用][2]* -### [photon_2.jpg][] +在下一个窗口,选择您要安装 Photon 的磁盘。由于我们将其安装在虚拟机,因此只有一块磁盘会被列出(图3)。选择“自动”按下回车。然后安装程序会让您输入(并验证)管理员密码。在这之后镜像开始安装在您的磁盘上并在不到 5 分钟的时间内结束。 ![Photon](https://www.linux.com/sites/lcom/files/styles/rendered_file/public/photon_1.jpg?itok=OdnMVpaA "installation type") -图 3: 选择安装Photon的硬盘.[经许可使用][3] -安装完成后,重启虚拟机并使用安装时创建的用户root和它的密码登录。一切就绪,你准备好开始工作了。 +*图 3: 选择安装 Photon 的硬盘。[经许可使用][3]* -在开始使用Docker之前,您需要更新一下Photon。Photon使用 _yum_ 软件包管理器,因此在以root用户登录后输入命令 _yum update_。如果有任何可用更新,则会询问您是否确认(图4)。 +安装完成后,重启虚拟机并使用安装时创建的用户 root 和它的密码登录。一切就绪,你准备好开始工作了。 -### [photon_3.jpg][11] +在开始使用 Docker 之前,您需要更新一下 Photon。Photon 使用 `yum` 软件包管理器,因此在以 root 用户登录后输入命令 `yum update`。如果有任何可用更新,则会询问您是否确认(图4)。 ![Updating](https://www.linux.com/sites/lcom/files/styles/rendered_file/public/photon_3.jpg?itok=vjqrspE2 "Updating") -图 4: 更新 Photon.[经许可使用][4] -用法 +*图 4: 更新 Photon。[经许可使用][4]* -正如我所说的,Photon提供了部署容器甚至创建Kubernetes集群所需要的所有包。但是,在使用之前还要做一些事情。首先要启动Docker守护进程。为此,执行以下命令: +### 用法 + +正如我所说的,Photon 提供了部署容器甚至创建 Kubernetes 集群所需要的所有包。但是,在使用之前还要做一些事情。首先要启动 Docker 守护进程。为此,执行以下命令: ``` systemctl start docker - systemctl enable docker ``` -现在我们需要创建一个标准用户,因此我们没有以root去运行docker命令。为此,执行以下命令: +现在我们需要创建一个标准用户,以便我们可以不用 root 去运行 `docker` 命令。为此,执行以下命令: ``` useradd -m USERNAME - passwd USERNAME ``` -其中USERNAME是我们新增的用户的名称。 +其中 “USERNAME” 是我们新增的用户的名称。 -接下来,我们需要将这个新用户添加到 _docker_ 组,执行命令: +接下来,我们需要将这个新用户添加到 “docker” 组,执行命令: ``` usermod -a -G docker USERNAME ``` -其中USERNAME是刚刚创建的用户的名称。 +其中 “USERNAME” 是刚刚创建的用户的名称。 -注销root用户并切换为新增的用户。现在,您已经可以不必使用 _sudo_ 命令或者是切换到root用户来使用 _docker_命令了。从Docker Hub中取出一个镜像开始部署容器吧。 +注销 root 用户并切换为新增的用户。现在,您已经可以不必使用 `sudo` 命令或者切换到 root 用户来使用 `docker` 命令了。从 Docker Hub 中取出一个镜像开始部署容器吧。 ### 一个优秀的容器平台 -在专注于容器方面,Photon毫无疑问是一个出色的平台。请注意,Photon是一个开源项目,因此没有任何付费支持。如果您对Photon有任何的问题,请移步Photon项目的Github下的[Issues][27],那里可以供您阅读相关问题,或者提交您的问题。如果您对Photon感兴趣,您也可以在项目的官方[Github][28]中找到源码。 +在专注于容器方面,Photon 毫无疑问是一个出色的平台。请注意,Photon 是一个开源项目,因此没有任何付费支持。如果您对 Photon 有任何的问题,请移步 Photon 项目的 GitHub 下的 [Issues][27],那里可以供您阅读相关问题,或者提交您的问题。如果您对 Photon 感兴趣,您也可以在该项目的官方 [GitHub][28]中找到源码。 -尝试一下Photon吧,看看它是否能够使得Docker容器和Kubernetes集群的部署更加容易。 +尝试一下 Photon 吧,看看它是否能够使得 Docker 容器和 Kubernetes 集群的部署更加容易。 -欲了解Linux的更多信息,可以通过学习Linux基金会和edX的免费课程,[“Linux 入门”][29]。 +欲了解 Linux 的更多信息,可以通过学习 Linux 基金会和 edX 的免费课程,[“Linux 入门”][29]。 -------------------------------------------------------------------------------- @@ -111,7 +98,7 @@ via: https://www.linux.com/learn/intro-to-linux/2017/11/photon-could-be-your-new 作者:[JACK WALLEN][a] 译者:[KeyLD](https://github.com/KeyLd) -校对:[校对者ID](https://github.com/校对者ID) +校对:[wxy](https://github.com/wxy) 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 From d533874817e9245d849b7a7d4d2c91eadb2c62c6 Mon Sep 17 00:00:00 2001 From: wxy Date: Mon, 4 Dec 2017 22:38:59 +0800 Subject: [PATCH 4/4] PUB:20171124 Photon Could Be Your New Favorite Container OS.md MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @KeyLD 文章的发布地址:https://linux.cn/article-9110-1.html 你的 LCTT 专页地址: https://linux.cn/lctt/KeyLD --- .../20171124 Photon Could Be Your New Favorite Container OS.md | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename {translated/tech => published}/20171124 Photon Could Be Your New Favorite Container OS.md (100%) diff --git a/translated/tech/20171124 Photon Could Be Your New Favorite Container OS.md b/published/20171124 Photon Could Be Your New Favorite Container OS.md similarity index 100% rename from translated/tech/20171124 Photon Could Be Your New Favorite Container OS.md rename to published/20171124 Photon Could Be Your New Favorite Container OS.md