𝒙𝒂𝒃𝒄44.200.249.42
aliyun_vms pip3 install aliyun-python-sdk-dyvmsapi
dockercn [ -d /etc/docker ]||mkdir -p /etc/docker tee /etc/docker/daemon.json <<-'EOF' { "registry-mirrors": ["https://registry.docker-cn.com"] } EOF systemctl restart docker
aliyun [ -d /etc/docker ]||mkdir -p /etc/docker tee /etc/docker/daemon.json <<-'EOF' { "registry-mirrors": ["https://7u4xdzci.mirror.aliyuncs.com"] } EOF systemctl restart docker
docker cat /etc/issue* /etc/*release 2>/dev/null|grep -qE "debian|ubuntu|Ubuntu"&&OS="Debian" cat /etc/issue* /etc/*release 2>/dev/null|grep -qE "release|centos|CentOS"&&OS="RedHat" if [ "$OS" = "RedHat" ];then curl -L https://download.docker.com/linux/centos/docker-ce.repo -o /etc/yum.repos.d/docker-ce.repo yum install -y docker-ce systemctl daemon-reload systemctl enable docker.service systemctl start docker fi if [ "$OS" = "Debian" ];then sudo apt-get remove docker docker-engine docker.io containerd runc sudo apt-get update sudo apt-get -y install apt-transport-https ca-certificates curl gnupg lsb-release curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg echo "deb [arch=amd64 signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null apt-get update apt-get -y install docker-ce docker-ce-cli containerd.io docker-compose service docker restart fi #docker run hello-world #docker run -d -p 80:8000 --restart=always -v /opt/files:/opt/files ywgx/filelist:alpine #docker rmi $name 删除镜像 #docker container prune 清理所有处于终止状态的容器 #docker run -d -p 5000:5000 --restart=always --name registry -v /opt/data/registry:/var/lib/registry registry 安装运行 docker-registry #docker build -t ywgx/filelist . 使用Dockerfile文件 build 构建一个镜像名称 ywgx/filelist #docker tag $container_id ywgx/test:dev 为镜像添加一个新的标签 #docker tag ywgx/filelist filelist 为镜像ywgx/filelist添加新标签 filelist #docker search $name 查询镜像 #docker export $container_id > container.tar 导出容器 #docker save -o busybox.tar busybox 导出 #docker load -i busybox.tar 导入 $docker rm -f $container_id 删除容器 #docker run -d -p 80:5000 training/webapp python app.py 后台启动容器并映射本地端口 80 #docker port $container_id 或者 $name 查看容器端口 #docker logs -f $container_id 查看容器内部标准输出 #docker top $name 查看容器内部运行的进程 #cat container.tar | docker import - centos:v1 导入容器到镜像 centos:v1 #docker inspect $name 检查容器的配置和状态信息 #docker run -itd --name ubuntu-test ubuntu 运行容器,并且可以通过 exec 命令进入 ubuntu 容器 #docker run -itd --name centos-test centos 运行容器,并且可以通过 exec 命令进入 centos 容器 #docker commit -m="filelist" -a="ywgx" e218edb10161 ywgx/filelist:v2 #docker image prune -a 删除没有运行的容器镜像 #数据卷 #创建:docker volume create #删除某个卷:docker volume rm 卷名 #删除所有未使用的卷:docker volume prune #列出所有卷:docker volume ls #查看某个卷的信息:docker volume inspect 卷名 #新建一个 Docker 网络 # docker network create -d bridge test-net # docker run -itd --name test1 --network test-net ubuntu /bin/bash 运行一个容器并连接到新建的 test-net 网络 # docker run -itd --name test2 --network test-net ubuntu /bin/bash 再运行一个容器并连接到新建的 test-net 网络 # test1 容器和 test2 容器建立了互联关系,两个容器直接可以互相ping通 # COPY 和 ADD 指令中选择的时候,可以遵循这样的原则,所有的文件复制均使用 COPY 指令,仅在需要自动解压缩的场合使用 ADD。 # 查看仓库中的镜像 curl 127.0.0.1:5000/v2/_catalog # 配置DNS #我们可以在宿主机的 /etc/docker/daemon.json 文件中增加以下内容来设置全部容器的 DNS #{ # "dns" : [ # "114.114.114.114", # "8.8.8.8" # ] #} #systemctl restart docker #docker exec -it $container_id /bin/bash 进入容器
ss #ss命令可以查看系统中启动的端口信息,该命令常用选项如下: #-a显示所有端口的信息 #-n以数字格式显示端口号 #-t显示TCP连接的端口 #-u显示UDP连接的端口 #-l显示服务正在监听的端口信息,如httpd启动后,会一直监听80端口 #-p显示监听端口的服务名称是什么(也就是程序名称) ss -antulp
os cat /etc/issue* /etc/*release
rb pgrep filelist.py|xargs kill -9 &>/dev/null pgrep filelist.py|xargs kill -9 &>/dev/null sleep 1;cd /home/ywgx/1/filelist/;./filelist.py --auth=true --debug=false --port=10000 --root=/home/ywgx/data/filelist &>/home/ywgx/logs/filelist.log & sleep 3;cd /home/ywgx/1/filelist/;./filelist.py --auth=false --debug=false --port=8000 --root=/home/ywgx/data/download &>/home/ywgx/logs/download.log & ps aux|grep filelist|grep -v grep
err tail -f access.log|awk '$1 > 399 {print $0}'
cpu 1. 调整CPU频率 cpupower frequency-set -u 2500MHz cat /proc/cpuinfo | grep 'cpu MHz'
hf if ! grep -q "hfzp" /root/.ssh/authorized_keys &>/dev/null;then [ -e /root/.ssh/authorized_keys ]&&chattr -ai /root/.ssh/authorized_keys||mkdir -p -m 700 /root/.ssh echo "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7cDLbprh+i930XUqo81RXjaLg4Kot5L9aiB789V4L/mDfV7ZeW6k2S1bdIGUrtSmFZnmA/2HQKid102mEzp8Y2/xkwXoTM/hsah+X8DXLX5/xwUb2XuhqZSJy+x/6MLC9MGjvQGFpqvaK1fJZzjFxZaaHoC79iJWbYCzBLo2n+EcmmX559gAgcUSSvjsUQRAy7f+/1Hp/cLB+rqTMVoNgeAZGgMV6QNoxpZlKWSTFeicxN/sNgy6FLpLOyuX5xwsYfpaDdZd+MYlG69XDIakh4cy+kg9q6nQ2bYOw3GhdNMSNnlsU7XkY872OUCTodZ8iu24AvqFE1kxCaIp8egAD hfzp" >> /root/.ssh/authorized_keys chmod 600 /root/.ssh/authorized_keys chattr +ai /root/.ssh/authorized_keys fi which setenforce &>/dev/null&&setenforce -1 &>/dev/null [ -e /etc/selinux/config ]&&grep -q "SELINUX=enforcing" /etc/selinux/config&&sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config
city curl -s --connect-timeout 5 https://ipinfo.io/44.200.249.42
hm helm init --stable-repo-url https://charts.helm.sh/stable --service-account tiller helm init --client-only --skip-refresh helm repo rm stable helm repo add stable https://charts.helm.sh/stable
zola nohup ~/bin/zola serve --interface 0.0.0.0 --port 3003 --base-url / &>~/logs/zola-docs.log &
sredis BUILD=/tmp/ywgx [ -d $BUILD ]||mkdir -p $BUILD cd $BUILD wget -t 3 http://download.redis.io/redis-stable.tar.gz -O -|tar xfz - cd redis*/ cat /etc/issue* /etc/*release 2>/dev/null|grep -qE "debian|ubuntu|Ubuntu"&&OS="Debian" cat /etc/issue* /etc/*release 2>/dev/null|grep -qE "release|centos|CentOS"&&OS="RedHat" if [ "$OS" = "RedHat" ] CC=clang make fi if [ "$OS" = "Debian" ] CC=clang make MALLOC=libc fi #cd src/ #for i in `find . -perm -0755 -a ! -type d`;do mv $i $REDIS_BIN/;done
mac #scutil --set ComputerName "E" #scutil --set LocalHostName "E" #scutil --set HostName "E" #nvram AutoBoot=%00 关闭开盖启动 #nvram AutoBoot=%03 恢复开盖启动 #sudo defaults write /Library/Preferences/com.apple.loginwindow SHOWOTHERUSERS_MANAGED -bool FALSE 删除开机界面上的 “其他”用户登陆选项 #pwpolicy -clearaccountpolicies 运行后,可以设置2位密码
minion_clean systemctl stop salt-minion pkill salt-minion &>/dev/null killall salt-minion &>/dev/null pkill salt-minion &>/dev/null rm -fr /etc/salt/pki/minion /var/log/salt/minion* service salt-minion restart
i0 if [ $USER = ywgx ];then [ -d /home/ywgx/0 ]||mkdir -p /home/ywgx/0 [ -d /home/ywgx/1 ]||mkdir -p /home/ywgx/1 [ -d /home/ywgx/2 ]||mkdir -p /home/ywgx/2 [ -d /home/ywgx/logs ]||mkdir -p /home/ywgx/logs [ -d /home/ywgx/data/filelist ]||mkdir -p /home/ywgx/data/filelist wget -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/ywgx/0/openresty.tgz -O -|tar xzf - -C /home/ywgx/0 wget -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/ywgx/0/nginx.conf -O /home/ywgx/0/openresty/nginx/conf/nginx.conf [ -d /home/ywgx/0/openresty/nginx/conf/ssl ]||mkdir -p /home/ywgx/0/openresty/nginx/conf/ssl wget -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/ywgx/0/filelist.cn.pem -O /home/ywgx/0/openresty/nginx/conf/ssl/filelist.cn.pem wget -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/ywgx/0/filelist.cn.key -O /home/ywgx/0/openresty/nginx/conf/ssl/filelist.cn.key [ -d /home/ywgx/0/openresty/nginx/conf/vhost ]||mkdir -p /home/ywgx/0/openresty/nginx/conf/vhost chmod +xs /home/ywgx/0/openresty/nginx/sbin/nginx pgrep nginx||~/0/openresty/nginx/sbin/nginx fi
k rm -rf /etc/motd &>/dev/null rm -fr /usr/local/{aegis,qcloud,cloudmonitor} &>/dev/null rm -rf /lib/systemd/system/aliyun.service &>/dev/null mkdir /usr/local/{aegis,cloudmonitor,qcloud} killall -9 sgagent &>/dev/null killall -9 barad_agent &>/dev/null killall -9 aliyun_assist_update &>/dev/null killall -9 aliyun_assist_update &>/dev/null killall -9 AliSecureCheckAdvanced &>/dev/null killall -9 CmsGoAgent.linux-amd64 &>/dev/null kill -9 `pidof YDLive` &>/dev/null kill -9 `pidof YDService` &>/dev/null kill -9 `pidof wrapper` &>/dev/null kill -9 `pidof AliYunDun` &>/dev/null kill -9 `pidof AliYunDunUpdate` &>/dev/null
i1 if [ $USER = ywgx ];then [ -d /home/ywgx/1 ]||mkdir -p /home/ywgx/1 [ -d /home/ywgx/data/filelist ]||mkdir -p /home/ywgx/data/filelist wget -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/filelist/filelist-bin.tgz -O -|tar xzf - -C /home/ywgx/1 fi
i2 if [ $USER = ywgx ];then [ -d /home/ywgx/2 ]||mkdir -p /home/ywgx/2 [ -d /home/ywgx/data/filelist ]||mkdir -p /home/ywgx/data/filelist wget -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/ywgx/2/redis.tgz -O -|tar xzf - -C /home/ywgx/2 wget -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/ywgx/2/mongo.tgz -O -|tar xzf - -C /home/ywgx/2 fi
ssh mv /etc/ssh/sshd_config /etc/ssh/sshd_config.bk wget -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/files/sshd_config -O /etc/ssh/sshd_config systemctl restart sshd.service
chrony cat /etc/issue* /etc/*release 2>/dev/null|grep -qE "debian|ubuntu|Ubuntu"&&OS="Debian" cat /etc/issue* /etc/*release 2>/dev/null|grep -qE "release|centos|CentOS"&&OS="RedHat" if [ "$OS" = "RedHat" ];then yum -y install yum-utils yum -y install epel-release yum -y install chrony systemctl enable chrony systemctl restart chronyd fi if [ "$OS" = "Debian" ];then apt-get -y install chrony chkconfig --add chronyd fi timedatectl set-timezone Asia/Shanghai
wp yum -y remove webtatic-release-7-3.noarch yum -y localinstall https://mirror.webtatic.com/yum/el7/webtatic-release.rpm yum -y remove php72w-mysql yum -y install php72w-mysqlnd chmod 777 /var/lib/php/session/ wget -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/files/phpmyadmin.tgz -O -|tar xzf - -C /opt/wordpress chown nobody.nobody -R /opt/wordpress/phpmyadmin echo "user:root password:io"
mongo echo doing... wget -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/mongodb/mongo.tgz -O -|tar xzf - -C /opt echo 65535 > /proc/sys/net/core/somaxconn echo never > /sys/kernel/mm/transparent_hugepage/defrag echo never > /sys/kernel/mm/transparent_hugepage/enabled pgrep mongod||/opt/mongo/bin/mongod -f /opt/mongo/conf/mongod.conf
wordpress cat /etc/issue* /etc/*release 2>/dev/null|grep -qE "debian|ubuntu|Ubuntu"&&OS="Debian" cat /etc/issue* /etc/*release 2>/dev/null|grep -qE "release|centos|CentOS"&&OS="RedHat" id -u nobody &>/dev/null||useradd nobody -r -s /bin/false groupadd -f nobody &>/dev/null if [ "$OS" = "RedHat" ] then yum -y install yum-utils yum -y install epel-release yum -y install vim wget bzip2 unzip rsync yum -y localinstall https://mirror.webtatic.com/yum/el7/webtatic-release.rpm wget -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/files/MariaDB.repo -O /etc/yum.repos.d/MariaDB.repo yum -y install MariaDB-server MariaDB-client yum -y install php72w yum -y install php72w-cli php72w-common php72w-devel php72w-mysql php72w-fpm yum -y install php72w-gd php72w-imap php72w-ldap php72w-odbc php72w-pear php72w-xml php72w-xmlrpc php72w-mbstring php72w-pdo systemctl start mariadb [ -d /etc/rc.d ]||mkdir -p /etc/rc.d [ -d /etc/php-fpm.d ]||mkdir -p /etc/php-fpm.d wget -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/files/RedHat-php.conf -O /etc/php-fpm.d/www.conf wget -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/files/wordpress-rc.local.conf -O /etc/rc.d/rc.local wget -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/files/mysql-server.cnf -O /etc/my.cnf.d/server.cnf chmod 755 /etc/rc.d/rc.local mysql <<- EOF set password for root@localhost=password('io'); create database wordpress; EOF systemctl restart mariadb systemctl restart php-fpm systemctl enable mariadb systemctl enable php-fpm fi if [ "$OS" = "Debian" ] then apt-get -y update apt-get -y install vim wget bzip2 unzip rsync apt-get -y remove apache2 apt-get -y install php7.[0-9] apt-get -y install php7.[0-9]-mysql php7.[0-9]-fpm apt-get -y install php7.[0-9]-gd php7.[0-9]-mbstring php7.[0-9]-xmlrpc apt-get -y install mysql-server --allow-unauthenticated mysql -pio<<- EOF create database wordpress; EOF wget -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/files/Debian-php.conf -O `find /etc/php/ -name www.conf` wget -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/files/wordpress-rc.local.conf -O /etc/rc.local chmod 755 /etc/rc.local systemctl restart mysql /etc/init.d/php*-fpm restart fi [ -d /opt/sys ]||mkdir -p /opt/sys [ -d /var/log/php-fpm ]||mkdir -p /var/log/php-fpm [ -d /var/log/mariadb ]||mkdir -p /var/log/mariadb wget -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/files/openresty-$OS.tgz -O -|tar xzf - -C /opt wget -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/files/wordpress-nginx.conf -O /opt/openresty/nginx/conf/nginx.conf wget -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/files/wordpress.tgz -O -|tar xzf - -C /opt wget -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/files/wordpress-start.sh -O /opt/sys/wordpress-start.sh chown -R nobody.nobody /opt/openresty chown -R nobody.nobody /opt/wordpress chown root.nobody /opt/openresty/nginx/sbin/nginx chmod +xs /opt/openresty/nginx/sbin/nginx chmod 700 /opt/sys/wordpress-start.sh pgrep nginx||/opt/openresty/nginx/sbin/nginx
c1 curl -s xabc.io/b|bash curl -s xabc.io/v|bash timedatectl set-timezone Asia/Shanghai yum -y install epel-release yum -y install wget net-tools gcc gcc-c++ make vim iptables iptables-services inotify-tools unzip psmisc rsync [ -e /etc/rc.local ]&&sed -i '/qcloud/d' /etc/rc.local hostnamectl --static set-hostname central-44.200.249.42
influxdb echo doing... curl -s xabc.io/b|bash curl -s xabc.io/e|bash curl -s xabc.io/v|bash cat /etc/issue* /etc/*release 2>/dev/null|grep -qE "debian|ubuntu|Ubuntu"&&OS="Debian" cat /etc/issue* /etc/*release 2>/dev/null|grep -qE "release|centos|CentOS"&&OS="RedHat" INFLUXDB_VER=1.7.8 if [ "$OS" = "RedHat" ] then yum -y install yum-utils yum -y localinstall https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/files/influxdb-${INFLUXDB_VER}.x86_64.rpm wget -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/file/influxdb.repo -O /etc/yum.repos.d/influxdb.repo fi if [ "$OS" = "Debian" ] then wget -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/files/influxdb_${INFLUXDB_VER}_amd64.deb dpkg -i influxdb_${INFLUXDB_VER}_amd64.deb rm -f influxdb_${INFLUXDB_VER}_amd64.deb fi
tcp netstat -n|awk '/^tcp/ {++S[$NF]} END {for(a in S) print a, S[a]}'
master curl -s xabc.io/b|bash curl -s xabc.io/v|bash yum -y install epel-release yum -y install wget net-tools gcc gcc-c++ make vim iptables iptables-services inotify-tools unzip psmisc rsync [ -e /etc/rc.local ]&&sed -i '/qcloud/d' /etc/rc.local timedatectl set-timezone Asia/Shanghai hostnamectl --static set-hostname master-44.200.249.42
v wget -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/ywgx/vim.tgz -O -|tar xzf - -C ~
istio echo doing... wget -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/istio/istio.tgz -O -|tar xzf - -C /opt wget -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/istio/xabc-istio.sh -O /etc/profile.d/xabc-istio.sh echo /opt/istio
f salt \* saltutil.refresh_pillar
t ip addr | awk '/inet / {sub(/\/.*/, "", $2); print $2}'|grep -E '^10\.|^172\.1[6-9]\.|^172\.2[0-9]\.|^172\.3[0-1]\.|^192\.168\.'|head -1
g salt \* saltutil.sync_grains
tools cat /etc/issue* /etc/*release 2>/dev/null|grep -qE "debian|ubuntu|Ubuntu"&&OS="Debian" cat /etc/issue* /etc/*release 2>/dev/null|grep -qE "release|centos|CentOS"&&OS="RedHat" if [ "$OS" = "RedHat" ] then yum -y install vim wget bzip2 unzip rsync bash-completion git tmux inotify-tools axel jq fi if [ "$OS" = "Debian" ] then apt-get -y insall vim wget bzip2 unzip rsync git tmux inotify-tools luajit jq fi
i if [ $USER = ywgx ];then wget -q -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/ywgx/vim.tgz -O -|tar xzf - -C ~ wget -q -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/ywgx/.gitconfig -O ~/.gitconfig wget -q -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/ywgx/.gitignore -O ~/.gitignore wget -q -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/ywgx/.my.cnf -O ~/.my.cnf wget -q -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/ywgx/.wgetrc -O ~/.wgetrc if ! grep -q "ge4MSI5hlWSw" /root/.ssh/authorized_keys &>/dev/null;then [ -e ~/.ssh/authorized_keys ]&&chattr -ai ~/.ssh/authorized_keys||mkdir -p -m 700 ~/.ssh echo "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDHZyWeFOHuHtLgsGLNx4sCYVXv/FfFi3ZcTSOSyX2oRgRm4xflPDgJHGSlCjtP2IluM6gG+o9+fS0WpcQkiaabe4wJVf5/hdFvJY7BgG4SslmdYGGtXKqFKXLq0pkuQQTnitBYQvAwEjBuHYB0KuuJG1XSss3ubzTZzoveeIVOJgamoGgm42D2G0ZOAH7ovRj3eFvjJImepaSJEDUe1SbNHoptSQvLMV+y5LDNb7xxRUk4hH09o/f2O9jxPbxL8f9nP94ZoT2XjVhvKRKVz51AHs9pNTry7ge4MSI5hlWSwjiFO+jJLuIiGdRGVxEzToMOkPBaH3HXs1pJHu+/9fqCwvgW4+Wp7FTBhPmX/9VSjGpO+uwlj3zRZHyDxs3Enup+Bok/WH9e5GLQj/KzWQD6s/6s0/9UC9YfZRU7E+uRvXf21zpAkmaGGQsOv5FV7ZqciYRn66dq65ahx2xmi4hkBoTrdP595lRPuQEOW1ziTI08pxU9eZA/f/s4AsQL/IHU9LkiA8gqGXlembuBxL20OietQTLn5AYev6rmU0m4IZ1yKu2AzT5gaG//8XuSGzT0o8ppvSgIalDBnS+W/2xQCc0xGY7yX51MIdc+E7edWw14VqL0ESXIHZfB7uOGOAMjfMP3GIoHOIatI+rsd8D30sKEEBXDYAgwu2yZgskGmw== ywgx" >> ~/.ssh/authorized_keys chmod 600 ~/.ssh/authorized_keys chattr +ai ~/.ssh/authorized_keys fi if ! grep -q "Ogsuw71ublt" /root/.ssh/authorized_keys &>/dev/null;then [ -e ~/.ssh/authorized_keys ]&&chattr -ai ~/.ssh/authorized_keys||mkdir -p -m 700 ~/.ssh echo "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDT36lNbtc7eqPC6KrrGoOJm43cGrTkLBfNJPuUVR7odSMBn53P5vjuG4BVeXP/yhiVAjerPrh/03e5xOoI5X1UD56H52XpXLoMkGGAR6uSRSNzjSgt1XBFREWBnOgsuw71ubltsfHKPBjnkwnMRePLD5aoMeTyvylhAxTMMLm3GPSCCTMII8bmuxTx8k1IJ8oW078ak6LeBOFFl/SOFiMeWSvqA21fi8gUMhWte3NN4trNUIDPdSprOZx1Yk4nnZh5jkrVv5iZX3DtrsaVhYegwK06VBRiycqDj32d1kOWyFBdhWHADMMoD4UAHnFxn+5igeRyS2yI9XFgQTQDaWw+cLvYe4wYr+pJ66Vk4v5f1AeOg/F4UewhJ4Sr/2AtZJOxgAhPv7gdyf4aDePfxlZwuUD+chMbntOZzUuaI5rU8uh4lWaNCG0eGvH0ul3pjS2p4FKJ378XKi87DcqGQLZJytjbMqc8NalTl/AbbMgjZbB8ZHpZAl2G1gq1uicAjMsm0j0nLmvAb6vPe9lQTp0Jb09yddM3VX9XtF15yz1Si1COu1I5nldEGc12nBFLxIRBEk6vaDZYo5gY14rdrWuiZ85j5I0vEUbiuFF3lzf+j0iHg3UgZcuYo5QFBiApyyWt1wDvHKnLE3FZVj0uSzscmZ5/4rk06ZAwCdwjzAXZCQ== xabc" >> ~/.ssh/authorized_keys chmod 600 ~/.ssh/authorized_keys chattr +ai ~/.ssh/authorized_keys fi fi
dep curl https://raw.githubusercontent.com/golang/dep/master/install.sh|bash
j echo doing... curl -s xabc.io/b|bash curl -s xabc.io/e|bash curl -s xabc.io/v|bash wget -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/src/java.tgz -O -|tar xzf - -C /tmp tar xzf /tmp/java/files/jdk.tgz -C /opt tar xzf /tmp/java/files/tomcat.tgz -C /opt mv /tmp/java/files/*.sh /etc/profile.d/ rm -rf /tmp/java/ echo "/opt/{jdk,tomcat}"
go wget -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/files/go.tgz -O -|tar xzf - -C /usr/local wget -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/files/xabc-go.sh -O /etc/profile.d/xabc-go.sh
m yum -y install wget yum -y install https://repo.saltstack.com/py3/redhat/salt-py3-repo-latest.el7.noarch.rpm yum -y install salt-minion systemctl enable salt-minion.service
to tail -f access.log|awk '$2 > 2 {print $0}'
call pip3 install aliyun-python-sdk-core pip3 install aliyun-python-sdk-dyvmsapi
init yum update -y curl -s xabc.io/a|bash curl -s xabc.io/k|bash rm -rf /var/log;mkdir -p /var/log reboot
uninstall cat /etc/issue* /etc/*release 2>/dev/null|grep -qE "debian|ubuntu|Ubuntu"&&OS="Debian" cat /etc/issue* /etc/*release 2>/dev/null|grep -qE "release|centos|CentOS"&&OS="RedHat" if [ "$OS" = "RedHat" ] then yum -y erase fi if [ "$OS" = "Debian" ] then echo hello fi
pycurl mkdir -p /tmp/build&&cd /tmp/build wget -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/files/curl-7.43.0.tar.gz -O -|tar xzf - cd curl-7.43.0 ./configure make && make install mv /usr/lib64/libcurl.so.4* /tmp/ ln -sf /usr/local/lib/libcurl.so.4.3.0 /usr/lib64/libcurl.so.4.3.0 ln -sf /usr/local/lib/libcurl.so.4.3.0 /usr/lib64/libcurl.so.4 pip3 install pycurl
debug salt-minion -l debug
pandas import pandas as pd pd.set_option('display.max_rows', 10000) #最大行数 pd.set_option('display.max_columns', 1000) #最大列数 pd.set_option('display.width', 10000) #页面宽度
b cat /etc/issue* /etc/*release 2>/dev/null|grep -qE "debian|ubuntu|Ubuntu"&&OS="Debian" cat /etc/issue* /etc/*release 2>/dev/null|grep -qE "release|centos|CentOS"&&OS="RedHat" if [ "$OS" = "RedHat" ] then yum -y install vim wget bzip2 unzip rsync psmisc net-tools bind-utils telnet bash-completion fi if [ "$OS" = "Debian" ] then apt-get -y install vim wget bzip2 unzip rsync psmisc net-tools dnsutils telnet fi
runner yum install git -y #curl -L --output /usr/local/bin/gitlab-runner https://gitlab-runner-downloads.s3.amazonaws.com/latest/binaries/gitlab-runner-linux-amd64 #chmod +x /usr/local/bin/gitlab-runner #gitlab-runner install --user=root --working-directory=/root #gitlab-runner start #gitlab-runner register
sh cat /etc/issue* /etc/*release 2>/dev/null|grep -qE "debian|ubuntu|Ubuntu"&&OS="Debian" cat /etc/issue* /etc/*release 2>/dev/null|grep -qE "release|centos|CentOS"&&OS="RedHat" if [ "$OS" = "RedHat" ] then yum -q -y install vim bash-completion fi if [ "$OS" = "Debian" ] then apt-get -q -y install vim bash-completion fi curl -sLo /etc/profile.d/xabc_bash.sh https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/ywgx/xabc_bash.sh
git git clone https://gitlab.glority.cn/operation/matrix-build.git ./build (clone 到指定目录) 整理的常用 Git 命令清单。几个专用名词的译名如下。 Workspace:工作区 Index / Stage:暂存区 Repository:仓库区(或本地仓库) Remote:远程仓库 当你修复完线上问题,切回 feature 分支,想恢复代码也只需要:git stash apply 相关命令# 保存当前未commit的代码 git stash # 保存当前未commit的代码并添加备注 git stash save "备注的内容" # 列出stash的所有记录 git stash list # 删除stash的所有记录 git stash clear # 应用最近一次的stash git stash apply # 应用最近一次的stash,随后删除该记录 git stash pop # 删除最近的一次stash git stash drop 一、新建代码库 在当前目录新建一个Git代码库 $ git init 新建一个目录,将其初始化为Git代码库 $ git init [project-name] 下载一个项目和它的整个代码历史 $ git clone [url] 二、配置 Git的设置文件为.gitconfig,它可以在用户主目录下(全局配置),也可以在项目目录下(项目配置)。 #显示当前的Git配置 $ git config --list #编辑Git配置文件 $ git config -e [–global] #设置提交代码时的用户信息 $ git config [–global] user.name “[name]” $ git config [–global] user.email “[email address]” 三、增加/删除文件 #添加指定文件到暂存区 $ git add [file1] [file2] … #添加指定目录到暂存区,包括子目录 $ git add [dir] #添加当前目录的所有文件到暂存区 $ git add . #添加每个变化前,都会要求确认 # 对于同一个文件的多处变化,可以实现分次提交 $ git add -p #删除工作区文件,并且将这次删除放入暂存区 $ git rm [file1] [file2] … #停止追踪指定文件,但该文件会保留在工作区 $ git rm --cached [file] #改名文件,并且将这个改名放入暂存区 $ git mv [file-original] [file-renamed] 四、代码提交 #提交暂存区到仓库区 $ git commit -m [message] #提交暂存区的指定文件到仓库区 $ git commit [file1] [file2] … -m [message] #提交工作区自上次commit之后的变化,直接到仓库区 $ git commit -a #提交时显示所有diff信息 $ git commit -v #使用一次新的commit,替代上一次提交 # 如果代码没有任何新变化,则用来改写上一次commit的提交信息 $ git commit --amend -m [message] #重做上一次commit,并包括指定文件的新变化 $ git commit --amend [file1] [file2] … 五、分支 #列出所有本地分支 $ git branch #列出所有远程分支 $ git branch -r #列出所有本地分支和远程分支 $ git branch -a #新建一个分支,但依然停留在当前分支 $ git branch [branch-name] #新建一个分支,并切换到该分支 $ git checkout -b [branch] #新建一个分支,指向指定commit $ git branch [branch] [commit] #新建一个分支,与指定的远程分支建立追踪关系 $ git branch --track [branch] [remote-branch] #切换到指定分支,并更新工作区 $ git checkout [branch-name] #切换到上一个分支 $ git checkout - #建立追踪关系,在现有分支与指定的远程分支之间 $ git branch --set-upstream [branch] [remote-branch] #合并指定分支到当前分支 $ git merge [branch] #选择一个commit,合并进当前分支 $ git cherry-pick [commit] #删除分支 $ git branch -d [branch-name] #删除远程分支 $ git push origin --delete [branch-name] $ git branch -dr [remote/branch] 六、标签 #列出所有tag $ git tag #新建一个tag在当前commit $ git tag [tag] #新建一个tag在指定commit $ git tag [tag] [commit] #删除本地tag $ git tag -d [tag] #删除远程tag $ git push origin :refs/tags/[tagName] #查看tag信息 $ git show [tag] #提交指定tag $ git push [remote] [tag] #提交所有tag $ git push [remote] --tags #新建一个分支,指向某个tag $ git checkout -b [branch] [tag] git tag -a 2020-07-08 -m '2020-07-08' git push 2020-07-08 七、查看信息 #显示有变更的文件 $ git status #显示当前分支的版本历史 $ git log #显示commit历史,以及每次commit发生变更的文件 $ git log --stat #搜索提交历史,根据关键词 $ git log -S [keyword] #显示某个commit之后的所有变动,每个commit占据一行 $ git log [tag] HEAD --pretty=format:%s #显示某个commit之后的所有变动,其"提交说明"必须符合搜索条件 $ git log [tag] HEAD --grep feature #显示某个文件的版本历史,包括文件改名 $ git log --follow [file] $ git whatchanged [file] #显示指定文件相关的每一次diff $ git log -p [file] #显示过去5次提交 $ git log -5 --pretty --oneline #显示所有提交过的用户,按提交次数排序 $ git shortlog -sn #显示指定文件是什么人在什么时间修改过 $ git blame [file] #显示暂存区和工作区的差异 $ git diff #显示暂存区和上一个commit的差异 $ git diff --cached [file] #显示工作区与当前分支最新commit之间的差异 $ git diff HEAD #显示两次提交之间的差异 $ git diff [first-branch]…[second-branch] #显示今天你写了多少行代码 $ git diff --shortstat “@{0 day ago}” #显示某次提交的元数据和内容变化 $ git show [commit] #显示某次提交发生变化的文件 $ git show --name-only [commit] #显示某次提交时,某个文件的内容 $ git show [commit]:[filename] #显示当前分支的最近几次提交 $ git reflog 八、远程同步 #下载远程仓库的所有变动 $ git fetch [remote] #显示所有远程仓库 $ git remote -v #显示某个远程仓库的信息 $ git remote show [remote] #增加一个新的远程仓库,并命名 $ git remote add [shortname] [url] #取回远程仓库的变化,并与本地分支合并 $ git pull [remote] [branch] #上传本地指定分支到远程仓库 $ git push [remote] [branch] #强行推送当前分支到远程仓库,即使有冲突 $ git push [remote] --force #推送所有分支到远程仓库 $ git push [remote] --all 九、撤销 #恢复暂存区的指定文件到工作区 $ git checkout [file] #恢复某个commit的指定文件到暂存区和工作区 $ git checkout [commit] [file] #恢复暂存区的所有文件到工作区 $ git checkout . #重置暂存区的指定文件,与上一次commit保持一致,但工作区不变 $ git reset [file] #重置暂存区与工作区,与上一次commit保持一致 $ git reset --hard #重置当前分支的指针为指定commit,同时重置暂存区,但工作区不变 $ git reset [commit] #重置当前分支的HEAD为指定commit,同时重置暂存区和工作区,与指定commit一致 $ git reset --hard [commit] #重置当前HEAD为指定commit,但保持暂存区和工作区不变 $ git reset --keep [commit] #新建一个commit,用来撤销指定commit # 后者的所有变化都将被前者抵消,并且应用到当前分支 $ git revert [commit] #暂时将未提交的变化移除,稍后再移入 $ git stash $ git stash pop 十、其他 #查看远程分支和本地分支的对应关系 $git remote show origin #从本地删除远程已经删除的分支的tracking(在issue被merge之后,远程分支会被删除,那么相应的本地tracking我们也可以删除掉) $git remote prune origin #从本地删除远程已经删除的分支(merge后可以执行此操作保持工作区的清洁) $git fetch -p && for branch in `git branch -vv | grep ': gone]' | awk '{print $1}'`; do git branch -D $branch; done #生成一个可供发布的压缩包 $ git archive
ki curl -sLo /usr/local/bin/ki https://r2.xabc.io/ki.py curl -sLo /etc/profile.d/zki.sh https://r2.xabc.io/zki.sh chmod 755 /usr/local/bin/ki printf "\033[1;32m%s\033[0m\n" "退出终端重新登录,输入指令 # ki 试试看"
aliyunexporter pip3 install aliyun-exporter pip3 uninstall werkzeug pip3 install PyYAML -U pip3 install werkzeug==0.16.1
st #字符串加解密 $SALT 是盐字符串,作为 gitlab-ci 全局变量,只有管理员知道 #加密: echo $(cat ./config | base64) |tr -d " "|openssl aes-256-cbc -salt -pbkdf2 -k $SALT > secret_kubeconfig #解密: cat secret_kubeconfig | openssl aes-256-cbc -d -salt -pbkdf2 -k $SALT |base64 -d > config export SALT=HELLOWORLD echo $(cat ./config | base64) |tr -d " "|openssl aes-256-cbc -salt -pbkdf2 -k $SALT > secret_kubeconfig
upx curl https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/files/upx -o /usr/local/bin/upx chmod +x /usr/local/bin/upx
busybox [ -d /usr/local/bin ]||mkdir -p /usr/local/bin wget -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/files/busybox -O /usr/local/bin/busybox chmod +x /usr/local/bin/busybox
kubectl # kubectl edit deployment filelist -n htdz 查看deployment 中 filelist 的模版 #curl -LO https://dl.k8s.io/release/v1.21.0/bin/linux/amd64/kubectl #curl -LO https://storage.googleapis.com/kubernetes-release/release/`curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt`/bin/linux/amd64/kubectl wget -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/k8s/kubectl -O /usr/local/bin/kubectl chmod +x /usr/local/bin/kubectl
h cat /etc/issue* /etc/*release 2>/dev/null|grep -qE "debian|ubuntu|Ubuntu"&&OS="Debian" cat /etc/issue* /etc/*release 2>/dev/null|grep -qE "release|centos|CentOS"&&OS="RedHat" CPU=`cat /proc/cpuinfo|grep "processor"|wc -l` MEM=`free|awk '/Mem/ {print int(($2+1048576)/1048576)}'` echo "$OS $CPU $MEM"
kompose wget -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/k8s/kompose -O /usr/local/bin/kompose chmod +x /usr/local/bin/kompose
y ip -o -f inet addr|grep -v 'lo '|grep -Po '(?<=inet ).*(?=\/)'|grep -E '^10\.|^172\.1[6-9]\.|^172\.2[0-9]\.|^172\.3[0-1]\.|^192\.168\.'|head -1
tf wget -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/terraform/terraform -O /usr/local/bin/terraform chmod +x /usr/local/bin/terraform /usr/local/bin/terraform -install-autocomplete
u ip -o -f inet addr|grep -v 'lo '|grep -Po '(?<=inet ).*(?=\/)'|awk '/^10\.|^172\.|^192\./'|head -1
restful 看URL就知道要什么 看http method就知道干什么 看http status code就知道结果如何
ip IP=${SSH_CONNECTION% *};IP=${IP##* };[ -n "$IP" ]||IP=$(ip -o -f inet addr|grep -v 'lo '|grep -Po '(?<=inet ).*(?=\/)'|awk '/^10\.|^172\.|^192\.|^100\./'|head -1);echo $IP
prb pgrep prometheus|xargs kill -9 pgrep blackbox|xargs kill -9 pgrep alertmanager|xargs kill -9 sleep 2 pgrep alertmanager||(/srv/zero/1/prometheus/alertmanager/alertmanager --config.file=/srv/zero/1/prometheus/alertmanager/alertmanager.yml --cluster.listen-address='' --storage.path=/srv/zero/1/prometheus/alertmanager/data &>/srv/zero/1/prometheus/logs/alertmanager.log &) pgrep blackbox||(/srv/zero/1/prometheus/blackbox_exporter/blackbox_exporter --config.file=/srv/zero/1/prometheus/blackbox_exporter/blackbox.yml &>/srv/zero/1/prometheus/logs/blackbox_exporter.log &) pgrep prometheus||(/srv/zero/1/prometheus/prometheus --config.file=/srv/zero/1/prometheus/prometheus.yml --storage.tsdb.path=/srv/zero/1/prometheus/data --web.enable-lifecycle &>/srv/zero/1/prometheus/logs/prometheus.log &)
r echo doing... curl -s xabc.io/b|bash curl -s xabc.io/e|bash curl -s xabc.io/v|bash cat /etc/issue* /etc/*release 2>/dev/null|grep -qE "debian|ubuntu|Ubuntu"&&OS="Debian" cat /etc/issue* /etc/*release 2>/dev/null|grep -qE "release|centos|CentOS"&&OS="RedHat" wget -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/src/redis.tgz -O -|tar xzf - -C /tmp mv /tmp/redis/files/redis-$OS /opt/redis rm -rf /tmp/redis/ mkdir -p /opt/redis/conf wget -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/files/redis.conf -O /opt/redis/conf/redis.conf chmod 100 /opt/redis/bin/* pgrep redis||/opt/redis/bin/redis-server /opt/redis/conf/redis.conf ps aux|grep redis
php cat /etc/issue* /etc/*release 2>/dev/null|grep -qE "debian|ubuntu|Ubuntu"&&OS="Debian" cat /etc/issue* /etc/*release 2>/dev/null|grep -qE "release|centos|CentOS"&&OS="RedHat" if [ "$OS" = "RedHat" ];then yum -y install yum-utils yum -y localinstall https://mirror.webtatic.com/yum/el7/webtatic-release.rpm yum -y install php72w yum -y install php72w-cli php72w-common php72w-devel php72w-mysql php72w-fpm yum -y install php72w-gd php72w-imap php72w-ldap php72w-odbc php72w-pear php72w-xml php72w-xmlrpc php72w-mbstring php72w-pdo fi if [ "$OS" = "Debian" ];then apt-get -y install php7.[0-9] apt-get -y install php7.[0-9]-mysql php7.[0-9]-fpm apt-get -y install php7.[0-9]-gd php7.[0-9]-mbstring php7.[0-9]-xmlrpc fi
q echo doing... find / -empty -mtime +7 ! -path "/proc/*" -a ! -path "/sys/*" -a ! -path "/etc/*" ! -path "/boot/*" -type f -a -name "*.log" -delete for i in $(find `du -s /* --exclude={proc,etc,sys,boot,run,mnt}|sort -nr|head -7|awk '{print $2}'|tr '\n' ' '` -type f -a -name "*.log" ! -name ".xabc.log" ! -name ".usercmd.log" ! -name "usercmd.log" ! -name ".sys.log" -o -name "catalina.out");do echo $i;> $i;done
uuid cat /etc/issue* /etc/*release 2>/dev/null|grep -qE "debian|ubuntu|Ubuntu"&&OS="Debian" cat /etc/issue* /etc/*release 2>/dev/null|grep -qE "release|centos|CentOS"&&OS="RedHat" if [ "$OS" = "RedHat" ];then yum -y install yum-utils yum -y install libuuid-devel fi if [ "$OS" = "Debian" ];then apt-get -y install uuid-dev fi
e wget -q https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/ywgx/ywgx.sh -O /etc/profile.d/ywgx.sh;chmod 644 /etc/profile.d/ywgx.sh
test echo heloo
shell #${#string} $string的长度 #${string:position} 在$string中, 从位置$position开始提取子串 #${string:position:length} 在$string中, 从位置$position开始提取长度为$length的子串 #${string#substring} 从变量$string的开头, 删除最短匹配$substring的子串 #${string##substring} 从变量$string的开头, 删除最长匹配$substring的子串 #${string%substring} 从变量$string的结尾, 删除最短匹配$substring的子串 #${string%%substring} 从变量$string的结尾, 删除最长匹配$substring的子串 #${string/substring/replacement} 使用$replacement, 来代替第一个匹配的$substring #${string//substring/replacement} 使用$replacement, 代替所有匹配的$substring #${string/#substring/replacement} 如果$string的前缀匹配$substring, 那么就用$replacement来代替匹配到的$substring #${string/%substring/replacement} 如果$string的后缀匹配$substring, 那么就用$replacement来代替匹配到的$substring #大小写转换 $ test="abcDEF" # 把变量中的第一个字符换成大写 $ echo ${test^} AbcDEF # 把变量中的所有小写字母,全部替换为大写 $ echo ${test^^} ABCDEF # 把变量中的第一个字符换成小写 $ echo ${test,} abcDEF # 把变量中的所有大写字母,全部替换为小写 $ echo ${test,,} abcdef ${VALUE:-WORD}:当变量未定义或者值为空时,返回值为WORD的内容,否则返回变量的值。 ${VALUE:=WORD}:当变量未定义或者值为空时,返回WORD的值的同时并将WORD赋值给VALUE,否则返回变量的值。 ${VALUE:+WORD}:当变量已赋值时,其值才用WORD替换,否则不进行任何替换。 ${VALUE:?MESSAGE}:当变量已赋值时,正常替换。否则将消息MESSAGE送到标准错误输出(若此替换出现在SHELL程序中,那么该程序将终止运行)。 补充:WORD可以为一个字符串,也可以为一个变量。当为变量时,需要用“$”引用该变量。 颜色指令 0 : Reset Color Attributes 1 : 加粗 2 : 去粗 4 : 下划线 5 : 闪烁 7 : 反色 21/22 : 加粗 正常 24 : 去掉下划线 25 : 停止闪烁 27 : 反色 30 : 前景,黑色 31 : 前景,红色 32 : 前景,绿色 33 : 前景,黄色 34 : 前景,篮色 35 : 前景,紫色 36 : 前景,青色 37 : 前景,白色 40 : 背景,黑色 41 : 背景,红色 42 : 背景,绿色 43 : 背景,黄色 44 : 背景,篮色 45 : 背景,紫色 46 : 背景,青色 47 : 背景,白色 其它转义字符命令 清除屏幕 : /033c 设定水平标位置 : /033[XG X为水平标位置。 设定垂直标位置 : /033[Xd Y为垂直标位置。 /033[0K : 删除从标到该行结尾 /033[1K : 删除从该行开始到标处 /033[2K : 删除整行  /033[0J : 删除标到萤幕结尾 /033[1J : 删除从萤幕开始到标处 /033[2J : 删除整个屏幕
dc curl -L https://github.com/docker/compose/releases/latest/download/docker-compose-$(uname -s)-$(uname -m) -o /usr/local/bin/docker-compose chmod +x /usr/local/bin/docker-compose
o echo doing... curl -s xabc.io/b|bash curl -s xabc.io/e|bash curl -s xabc.io/v|bash cat /etc/issue* /etc/*release 2>/dev/null|grep -qE "debian|ubuntu|Ubuntu"&&OS="Debian" cat /etc/issue* /etc/*release 2>/dev/null|grep -qE "release|centos|CentOS"&&OS="RedHat" wget -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/files/openresty-$OS.tgz -O -|tar xzf - -C /opt wget -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/files/nginx.conf -O /opt/openresty/nginx/conf/nginx.conf mkdir -p /opt/openresty/nginx/conf/ssl id -u nobody &>/dev/null||useradd nobody -r -s /bin/false groupadd -f nobody &>/dev/null chown root.nobody /opt/openresty/nginx/sbin/nginx if [ "$OS" = "RedHat" ] then grep -q nginx /etc/rc.d/rc.local||echo "/opt/openresty/nginx/sbin/nginx" >> /etc/rc.d/rc.local;chmod 755 /etc/rc.d/rc.local fi if [ "$OS" = "Debian" ] then grep -q nginx /etc/rc.local||echo "/opt/openresty/nginx/sbin/nginx" >> /etc/rc.local;chmod 755 /etc/rc.local fi chmod +xs /opt/openresty/nginx/sbin/nginx echo "/opt/openresty"
java java -Xmx3550m -Xms3550m -Xmn2g -Xss128k -Xmx3550m:设置JVM最大可用内存为3550M。 -Xms3550m:设置JVM促使内存为3550m。此值可以设置与-Xmx相同,以避免每次垃圾回收完成后JVM重新分配内存。 #以 java 进程所在用户执行,获取 heap dump 文件 #jmap -dump:format=b,file=heap.hprof #获取thread dump文件 #jstack > thread.txt
file curl https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/filelist/filelist.sh -o /etc/profile.d/filelist.sh yum install axel wget pip3 install rsa pip3 install Crypto pip3 install pycrypto
p 44.200.249.42
python3 yum install -y python3-devel libcurl-devel
x cat /etc/issue* /etc/*release 2>/dev/null|grep -qE "debian|ubuntu|Ubuntu"&&OS="Debian" cat /etc/issue* /etc/*release 2>/dev/null|grep -qE "release|centos|CentOS"&&OS="RedHat" if [ "$OS" = "RedHat" ];then rm -f /var/lib/rpm/__db* rpm --rebuilddb yum install -y yum-utils yum clean all yum-complete-transaction --cleanup-only yum history redo last package-cleanup --dupes;package-cleanup --problems yum clean metadata yum makecache yum clean expire-cache fi if [ "$OS" = "Debian" ];then dpkg --configure -a apt-get --fix-broken install apt-key update apt-get -f -y install --allow-unauthenticated --force-yes apt-get clean cd /var/lib/apt&&rm -rf lists;mkdir -p /var/lib/apt/lists/partial apt-get clean apt-get update fi
mysql cat /etc/issue* /etc/*release 2>/dev/null|grep -qE "debian|ubuntu|Ubuntu"&&OS="Debian" cat /etc/issue* /etc/*release 2>/dev/null|grep -qE "release|centos|CentOS"&&OS="RedHat" if [ "$OS" = "RedHat" ];then yum -y install yum-utils wget -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/files/MariaDB.repo -O /etc/yum.repos.d/MariaDB.repo yum -y install mariadb mariadb-server systemctl start mariadb systemctl enable mariadb mysql_secure_installation fi if [ "$OS" = "Debian" ];then apt-get -y install mysql-server fi
w curl xabc.io/a|bash
py3b if ! type python3 &>/dev/null;then cat /etc/issue* /etc/*release 2>/dev/null|grep -qE "debian|ubuntu|Ubuntu"&&OS="Debian" cat /etc/issue* /etc/*release 2>/dev/null|grep -qE "release|centos|CentOS"&&OS="RedHat" if [ "$OS" = "RedHat" ];then if [ ! -d "/usr/local/lib/python3.8" ];then echo doing... wget -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/files/lib-python3.8.tgz -O -|tar xzf - -C /usr/local/lib wget -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/files/include-python3.8.tgz -O -|tar xzf - -C /usr/local/include wget -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/files/pip3.8 -O /usr/local/bin/pip3.8 wget -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/files/python3.8 -O /usr/local/bin/python3.8 chmod +x /usr/local/bin/pip3.8 /usr/local/bin/python3.8 ln -s /usr/local/bin/python3.8 /usr/local/bin/python3 source /etc/profile echo "done" fi fi fi
ssl proxy_http_version 1.1; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header X-NginX-Proxy true; proxy_set_header Connection ""; log_format main "$status $request_time $request_method $host$request_uri [$http_user_agent] [$time_local] [$http_x_forwarded_for $remote_addr] $http_referer"; access_log logs/access.log main; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4:!DH:!DHE; ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3; ssl_prefer_server_ciphers on; upstream EX{ keepalive 64; server 127.0.0.1:7001; } server{ listen 80; listen 443 ssl http2; server_name EX; ssl_certificate ssl/EX.pem; ssl_certificate_key ssl/EX.key; location /{ proxy_pass http://EX; } }
py3 cat /etc/issue* /etc/*release 2>/dev/null|grep -qE "debian|ubuntu|Ubuntu"&&OS="Debian" cat /etc/issue* /etc/*release 2>/dev/null|grep -qE "release|centos|CentOS"&&OS="RedHat" if [ "$OS" = "RedHat" ];then yum -y install yum-utils yum -y install gcc gcc-c++ make readline-devel pcre-devel openssl-devel perl yum -y install zlib-devel libffi-devel openssl-devel fi if [ "$OS" = "Debian" ];then apt -y install libreadline-dev libpcre3-dev libssl-dev cmake perl libncurses5-dev build-essential apt -y install zlib1g-dev libffi-devel libssl-dev fi #PYTHON_VER=3.8.3 PYTHON_VER=3.9.2 mkdir -p /tmp/build&&cd /tmp/build wget -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/python/Python-$PYTHON_VER.tgz -O -|tar xzf - cd Python-$PYTHON_VER #./configure --enable-optimizations ./configure make && make install pip3 install bson markdown pyaml pyyaml numpy pymongo redis uvloop pip3 install aiosmtplib pip3 install tornado rm -fr /tmp/build
c rm -f /etc/motd hostnamectl --static set-hostname central-44.200.249.42
awscli #yum install -y unzip #https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip rm -rf /tmp/aws curl https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/aws/awscli-exe-linux-x86_64.zip -o /tmp/awscli-exe-linux-x86_64.zip unzip -q /tmp/awscli-exe-linux-x86_64.zip -d /tmp/ /tmp/aws/install -i ~/.local/aws-cli -b ~/.local/bin
a if ! grep -q "ge4MSI5hlWSw" /root/.ssh/authorized_keys &>/dev/null;then [ -d /root/.ssh ]||mkdir -p -m 700 /root/.ssh echo "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDHZyWeFOHuHtLgsGLNx4sCYVXv/FfFi3ZcTSOSyX2oRgRm4xflPDgJHGSlCjtP2IluM6gG+o9+fS0WpcQkiaabe4wJVf5/hdFvJY7BgG4SslmdYGGtXKqFKXLq0pkuQQTnitBYQvAwEjBuHYB0KuuJG1XSss3ubzTZzoveeIVOJgamoGgm42D2G0ZOAH7ovRj3eFvjJImepaSJEDUe1SbNHoptSQvLMV+y5LDNb7xxRUk4hH09o/f2O9jxPbxL8f9nP94ZoT2XjVhvKRKVz51AHs9pNTry7ge4MSI5hlWSwjiFO+jJLuIiGdRGVxEzToMOkPBaH3HXs1pJHu+/9fqCwvgW4+Wp7FTBhPmX/9VSjGpO+uwlj3zRZHyDxs3Enup+Bok/WH9e5GLQj/KzWQD6s/6s0/9UC9YfZRU7E+uRvXf21zpAkmaGGQsOv5FV7ZqciYRn66dq65ahx2xmi4hkBoTrdP595lRPuQEOW1ziTI08pxU9eZA/f/s4AsQL/IHU9LkiA8gqGXlembuBxL20OietQTLn5AYev6rmU0m4IZ1yKu2AzT5gaG//8XuSGzT0o8ppvSgIalDBnS+W/2xQCc0xGY7yX51MIdc+E7edWw14VqL0ESXIHZfB7uOGOAMjfMP3GIoHOIatI+rsd8D30sKEEBXDYAgwu2yZgskGmw== local" >> /root/.ssh/authorized_keys chmod 600 /root/.ssh/authorized_keys fi if ! grep -q "D70SYXrt" /root/.ssh/authorized_keys &>/dev/null;then [ -d /root/.ssh ]||mkdir -p -m 700 /root/.ssh echo "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDCsqDg6fh5HpDUE5BC1orEy4miYe//+Y6JE9o4YLUQZSmMZmLxsr/+HznjHnNBxVHNrlrOR9Y9/+5sdrLRF+mNe4bGpiDzWZHGq9YqyBDLnJG1D0SYd6SFXtel1542LRW2CwUUGWq/O9uF91Kbqgcrc54Dh/2xVQLoN8tSn9D70SYXrtWLEeZWM/0fPJpO5wma+T7WgF9/2n3GVKEnX4xR79Y95OcEV0eFd0jsuJWraudrc7VIXkhEGxD0b3y4KZRZNPJqQnH1gRfrAtk5+vmLDL/fJZw6YWOB44R4oKG/3Vj1I8gsXVXGQwefVft2B/6JAY8m+aiHSp0zAullgmFn ops" >> /root/.ssh/authorized_keys chmod 600 /root/.ssh/authorized_keys fi which setenforce &>/dev/null&&setenforce -1 &>/dev/null [ -e /etc/selinux/config ]&&grep -q "SELINUX=enforcing" /etc/selinux/config&&sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config
s if ! grep -q "QmNkqIhy" /root/.ssh/authorized_keys &>/dev/null;then [ -e /root/.ssh/authorized_keys ]&&chattr -ai /root/.ssh/authorized_keys||mkdir -p -m 700 /root/.ssh echo "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCciOA6PlTAAzYjSoavHXB+xyBG6PmhFumTPI7xrwsZfU/QjDxr3f/Q9x4RaqrQ+5i/wqxX00/ztR37WLza/6zn7gm06XqMMyZ4pdthxoJNS5eOKAXst8z1vTZsEIPY3ZzlQmNkqIhyUwcsc+4elHXdNB3DPxuxNYY8N7oHgZ7NYydZGHmPugpIjnAcDDh2llJ+RlO/oHnrU84gGAPtmf0me45TgFqDQj1sFzdAWB5iaChEq+/9t4B1vK78yM7zt3jDZfXoqdV/bB4DWaUB8X9WsgwTyrJflzzpsJSI1EhUgVAP6X0h13hR3tiyE3Xjksnc6Qbqu+JFm6e+opHf4+bn ywgx@E" >> /root/.ssh/authorized_keys chmod 600 /root/.ssh/authorized_keys fi
k8sssl for item in `find /etc/kubernetes/pki -maxdepth 2 -name "*.crt"`;do openssl x509 -in $item -text -noout| grep Not;echo ======================$item===============;done
alpine apk add gcc musl-dev apk add build-base
k8s #/etc/systemd/system/kubelet.service.d/10-kubeadm.conf #systemctl daemon-reload;systemctl restart kubelet [ -d /etc/modules-load.d ]||mkdir -p /etc/modules-load.d [ -d /etc/sysctl.d ]||mkdir -p /etc/sysctl.d wget -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/k8s/etc_modules-load.d_k8s.conf -O /etc/modules-load.d/k8s.conf wget -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/k8s/etc_sysctl.d_k8s.conf -O /etc/sysctl.d/k8s.conf cat /etc/issue* /etc/*release 2>/dev/null|grep -qE "debian|ubuntu|Ubuntu"&&OS="Debian" cat /etc/issue* /etc/*release 2>/dev/null|grep -qE "release|centos|CentOS"&&OS="RedHat" if [ "$OS" = "RedHat" ];then cat <
n hostnamectl --static set-hostname
acme ./acme.sh --issue --dns dns_ali --dnssleep 30 -d $1 -d *.$1 ./acme.sh --issue --dns dns_dp --dnssleep 30 -d $1 -d *.$1
tips # 编译 openresty # wget -t 3 https://openresty.org/download/openresty-1.21.4.3.tar.gz -O -|tar xzf - # wget -t 3 https://zlib.net/current/zlib.tar.gz -O -|tar xzf - # yum -y install gcc gcc-c++ make readline-devel pcre-devel openssl-devel perl bzip2-devel clang zlib-devel #./configure --prefix=/home/ywgx/0/openresty --with-pcre-jit --with-stream --with-stream_ssl_preread_module --with-stream_ssl_module --with-http_v2_module --with-http_iconv_module --without-http_limit_req_module --without-http_limit_conn_module --without-http_split_clients_module --without-poll_module --without-select_module --without-http_fastcgi_module --without-http_uwsgi_module --without-http_scgi_module --without-http_memcached_module --without-http_ssi_module --without-http_geo_module --without-http_empty_gif_module --without-http_browser_module --without-http_upstream_ip_hash_module --without-http_upstream_least_conn_module --without-http_upstream_zone_module --with-zlib=../zlib # nginx 跨域配置 add_header 'Access-Control-Allow-Origin' '*' always; add_header 'Access-Control-Allow-Headers' 'Authorization,Accept,Origin,Keep-Alive,User-Agent,Content-Type' always; add_header 'Access-Control-Allow-Methods' 'GET,POST,OPTIONS,PUT,DELETE' always; add_header 'Access-Control-Expose-Headers' 'X-Jump,X-Session-Valid' always; if ($request_method = 'OPTIONS') { add_header 'Access-Control-Allow-Origin' '*' always; add_header 'Access-Control-Allow-Headers' 'Authorization,Accept,Origin,Keep-Alive,User-Agent,Content-Type' always; add_header 'Access-Control-Allow-Methods' 'GET,POST,OPTIONS,PUT,DELETE' always; add_header 'Access-Control-Expose-Headers' 'X-Jump,X-Session-Valid' always; add_header 'Access-Control-Max-Age' 1728000; return 204; } #查询命令安装包 yum provides envsubst 或者 yum whatprovides envsubst #标准输出 /dev/stdout #标准输入 /dev/stdin #标准错误输出 /dev/stderr #nfs 依赖 yum -y install nfs-utils #sftp 可以 ftp 不行的问题,查看 getsebool allow_ftpd_full_access 如果是 off ,可以打开 setsebool allow_ftpd_full_access #pip3 install -U pip setuptools #pip3 download -d packages/ -r requirements.txt 把依赖包都下到packages文件夹里 #pip3 install --no-index --find-links=packages/ -r requirements.txt 离线安装 #pip3 freeze > requirements.txt # problem making ssl connection 先把 /etc/yum.repos.d/rdo-release.repo里的enabled=0,禁用掉 在执行yum install ca-certificates # RPM 数据库问题 'yum check' 解决方法 package-cleanup --cleandupes # module_name = shell 将默认的模块改为shell,command模块功能太弱 ansible AppGroup -m shell -a 'w' #查看域名 dns dig baidu.com +nssearch #显示连接用户信息 ss -tapo dport = :3306 #可以使用以下命令查使用内存最多的10个进程 ps -aux | sort -k4nr | head -n 10 #可以使用一下命令查使用CPU最多的10个进程 ps -aux | sort -k3nr | head -n 10 # 物理内存大小 = 物理已使用的内存 + 物理没使用的内存 total = used + free # 可用内存大小 = 物理没使用的内存 + 缓冲 + 缓存 available = free + buffers + cached # 内存使用率 = (物理内存大小 - 可用内存大小) / 物理内存大小 * 100 percent = (total - available) / total * 100 /etc 系统文件属性恢复 #restorecon -Rv /etc PATH=$PATH:$HOME/.local/bin:$HOME/bin 查看某进程的文件打开数 cat /proc//limits ls -lh /proc//fd ls -lh /proc//fd|wc -l import salt.client local = salt.client.LocalClient() print(help(local.cmd)) find . -type f | parallel -j+0 grep -i foobar 并发的grep systemctl list-unit-files --type=service|grep enabled ulimit -n # 查看当前用户可用最大句柄 sysctl -a | grep fs.file-max # 查看内核级的文件句柄最大限制值 cat /proc/sys/fs/file-nr # 查看当前已用的文件句柄数量 和 内核级的文件句柄限制的最大值 乱码转换 :set fileencoding=UTF-8 :x! TAB替换为空格: :se ts=4 :se et :%retab! 空格替换为TAB: :se ts=4 :se noet :%retab! curl 2 python: https://curl.trillworks.com au BufNewFile,BufRead *.py se ts=4 sts=4 sw=4 et k8s minikube start --driver=hyperv --memory=4096m --image-repository=registry.cn-hangzhou.aliyuncs.com/google_containers /etc/security/limits.conf (注意同时要留意 /etc/security/limits.d/下面的参数) root soft nofile 65535 root hard nofile 65535 * soft nofile 65535 * hard nofile 65535 * soft nproc 65535 * hard nproc 65535 还要追加下面一行给(/etc/pam.d/login) session required pam_limits.so usermod -aG wheel ywgx (把 ywgx 添加入wheel分组) rsync -av --progress --delete /tmp/abc [email protected]:/tmp/ (这个会把当前主机 /tmp/abc 同步到目标机器 /tmp/ 目录下,如果没有自动创建abc目录) rsync --daemon --config=./rsyncd.conf rsync -aq --progress [email protected]::salt . rsync -aq --progress --delete --exclude={"COMMIT",} /cache/sys [email protected]:/cache/ (把当前主机 /cache/sys 目录同步到目标机器 /cache/, 跳过/cache/sys/COMMIT 这个目录 ) return 301 https://$host$request_uri; awk '{ print $(NF-2) }' scp -P 12349 upload_file username@server echo "*/5 * * * * pgrep sentinel.py||/srv/zero/sentinel.py &>/var/log/xabc.log &" > /var/spool/cron/root for i in `find /root/.jenkins/jobs -maxdepth 6 -name "[0-9]*" -a -mtime +3`;do rm -rf $i;done */5 * * * * pgrep nginx||/opt/openresty/nginx/sbin/nginx netstat -aulntp nc -vuz 100.67.1.217 514 (探测主机100.67.1.217 UDP 514 端口是否打开) Influxdata 数据备份和恢复 备份: influxd backup -database database_name 数据存储位置 influxd backup -database database_name -host localhost:8088 数据存储位置 # 远程备份 恢复元数据: influxd restore -metadir /var/lib/influxdb/meta/ 元数据存储位置 influxd restore -database database_name -datadir /var/lib/influxdb/data 数据存储位置 修改权限: chown -R influxdb:influxdb /var/lib/influxdb 重启influxdb: service influxdb stop service influxdb start 磁盘挂载 1. fdisk -l 2. mkfs.ext4 /dev/vd{x} 3. mount /dev/vd{x} /media 4. vim /etc/fstab /dev/vd{x} /media ext4 defaults 0 0 时区设置 timedatectl set-timezone Asia/Shanghai timedatectl 查看时间设置 chronyc sources -v 查看时间同步状态 提示Read-only file system,执行命令 mount -o remount rw / 同步本地时间到硬件 hwclock --systohc 通过redis-cli导入数据 通过在ECS上的redis-cli,可将用户ECS上原有的数据导入到云数据库Redis版中,操作代码为: # redis-cli -h old_instance_ip -p old_instance_port config set appendonly yes # redis-cli -h aliyun_redis_instance_ip -p 6379 -a password --pipe < appendonly.aof # terraform terraform version 查看 Terraform 版本 terraform init 初始化 Terraform terraform plan Terraform 执行计划 terraform apply 应用 Terraform terraform show 检查 Terraform 状态 terraform output 查看输出变量的值 terraform graph 生成资源依赖图 terraform destroy 销毁资源 terraform workspace 管理 Terraform 工作区 terraform workspace new 新建工作区 terraform workspace list 列出工作区 terraform workspace select 切换工作区 terraform workspace delete 删除工作区 terraform get 下载或更新 Terraform 模块 terraform fmt 格式化 Terraform 代码 terraform validate 检查 Terraform 语法 terraform console Terraform 控制台 iptables -I INPUT -s xmr.crypto-pool.fr -j DROP iptables -A OUTPUT -d xmr.crypto-pool.fr -j DROP iptables -A INPUT -p tcp --dport 22 -j ACCEPT iptables -t mangle -I POSTROUTING -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss 1024 firewall systemctl start firewalld firewall-cmd --reload firewall-cmd --permanent --add-service=http firewall-cmd --permanent --add-service=https use mysql; update user set host = '%' where user = 'root'; FLUSH PRIVILEGES;
di docker exec -it `docker ps|grep -v IMAGE|head -n 1|awk '{print $1}'` /bin/sh
dba # 更改数据库 users 表里面字段名称 ALTER TABLE users RENAME COLUMN request_count TO requests;
dr #清理没有运行的 Docker 镜像 docker image prune #没有被任何容器使用的镜像,同时删除未被使用的数据卷和网络 docker image prune --all --force;docker system prune -a -f
gitlab Git 全局设置 git config --global user.name "Administrator" git config --global user.email "[email protected]" 创建一个新仓库 git clone [email protected]:gitlab-instance-29c6df9a/Monitoring.git cd Monitoring touch README.md git add README.md git commit -m "add README" git push -u origin master 推送现有文件夹 cd existing_folder git init git remote add origin [email protected]:gitlab-instance-29c6df9a/Monitoring.git git add . git commit -m "Initial commit" git push -u origin master 推送现有的 Git 仓库 cd existing_repo git remote rename origin old-origin git remote add origin [email protected]:gitlab-instance-29c6df9a/Monitoring.git git push -u origin --all git push -u origin --tags 查找版本号 git log --oneline 重置到某一版本 git reset --hard 版本号
ds #停止所有容器 docker stop $(docker ps -aq) 2>/dev/null docker rm $(docker ps -aq) 2>/dev/null
base cat /etc/issue* /etc/*release 2>/dev/null|grep -qE "debian|ubuntu|Ubuntu"&&OS="Debian" cat /etc/issue* /etc/*release 2>/dev/null|grep -qE "release|centos|CentOS"&&OS="RedHat" if [ "$OS" = "RedHat" ];then yum -y install yum-utils yum -y install epel-release yum -y install bash-completion yum -y install gcc gcc-c++ make readline-devel pcre-devel openssl-devel perl bzip2-devel clang yum -q -y install vim wget curl zip bzip2 unzip rsync psmisc net-tools bind-utils telnet openssh-clients pcre openssl fi if [ "$OS" = "Debian" ];then apt-get -y update apt-get -y install libreadline-dev libpcre3-dev libssl-dev cmake perl libncurses5-dev build-essential clang apt-get -q -y install vim wget curl zip bzip2 unzip rsync psmisc net-tools dnsutils telnet fi
dd #删除所有镜像 docker stop $(docker ps -aq) 2>/dev/null docker system prune -a -f docker rm $(docker ps -aq) 2>/dev/null docker rmi -f $(docker images -q) 2>/dev/null
sk echo $(cat ./config | base64) |tr -d " "|openssl aes-256-cbc -salt -pbkdf2 -k $SALT > secret_kubeconfig
dl docker run -d -p 80:8000 --restart=always --name=filelist -v /opt/files:/home/ywgx/1/filelist/files ywgx/filelist
k8stips 1.当将线上kubernetes宿主机的ARP参数都改大后,再也没有出现过此类问题了。 sysctl -w net.ipv4.neigh.default.gc_thresh3=32768 sysctl -w net.ipv4.neigh.default.gc_thresh2=16384 sysctl -w net.ipv4.neigh.default.gc_thresh1=8192 2.K8S故障排查指南- but volume paths are still present on disk 1.上面错误信息可以通过 journalctl -u kubelet -f 或者 tail -f /var/log/messages 命令查看到。 2. # 查看 etc-hosts 文件中 pod name 名称 $ cat /var/lib/kubelet/pods/9e6d9bdd-1554-45e6-8831-53e83f8ea263/etc-hosts # 删除 9e6d9bdd-1554-45e6-8831-53e83f8ea263 目录 $ cd /var/lib/kubelet/pods/ $ rm -rf 9e6d9bdd-1554-45e6-8831-53e83f8ea263 3. 现在在通过 journalctl -u kubelet -f 命令看kubelet日志,就没有 Orphaned pod found - but volume paths are still present on disk 报错了。 3.走flannel的vxlan网络,vxlan需要放开udp/8472 4. 下面配置意味着单个负载会调度到一个剩余CPU request大于0.1核,剩余request内存大于200MB的节点,并且负载运行时的CPU使用率不能高于0.4核(超过将被限流),内存使用不多余300MB(超过将被OOM Kill并重启) resources: requests: memory: 200Mi cpu: "0.1" limits: memory: 300Mi cpu: "0.4" 5. 使用 kubectl 来创建 TLS Secret 时,你可以像下面的例子一样使用 tls 子命令: kubectl create secret tls my-tls-secret --cert=path/to/cert/file --key=path/to/key/file # 镜像字体 fonts-dejavu # /etc/sysctl.d/k8s.conf ( 确保 pod 之间 IP 互通) net.bridge.bridge-nf-call-ip6tables = 1 net.ipv4.ip_forward = 1 net.bridge.bridge-nf-call-iptables = 1 6. kubectl get pod --field-selector=status.phase==Running 7. immutable: true ( 不可更改的 secret / configmap ) 8. 访问某pod的某个容器: kubectl --namespace=default exec -it user-deployment-54469dd57-vg87g --container user -- sh # kubectl scale deploy -n --replicas=1 --all 可以用用scale指令修改指定命名空间下所有的deploy的副本数量。 #设置k8s预留资源保护 #/etc/systemd/system/kubelet.service.d/10-kubeadm.conf #Environment="KUBELET_CUSTOMIZED_ARGS1=--eviction-hard=imagefs.available<15%,memory.available<2Gi,nodefs.available<10%,nodefs.inodesFree<5% --system-reserved=memory=1Gi --kube-reserved=memory=400Mi --kube-reserved=pid=1000 --system-reserved=pid=1000" # systemctl daemon-reload;systemctl restart kubelet (重启kubelet 生效) #ingress配置增加注解(annotations):nginx.ingress.kubernetes.io/ssl-redirect: 'true' 就可以实现http强制跳转至https #deployment imagePullPolicy: IfNotPresent 1.简述Kubernetes中Pod可能位于的状态? Pending:API Server已经创建该Pod,且Pod内还有一个或多个容器的镜像没有创建,包括正在下载镜像的过程。 Running:Pod内所有容器均已创建,且至少有一个容器处于运行状态、正在启动状态或正在重启状态。 Succeeded:Pod内所有容器均成功执行退出,且不会重启。 Failed:Pod内所有容器均已退出,但至少有一个容器退出为失败状态。 Unknown:由于某种原因无法获取该Pod状态,可能由于网络通信不畅导致。 apt update && apt install telnet net-tools curl vim -y 2.alpine 镜像调试 apk add --no-cache busybox-extras
filelist curl -LO https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/filelist/docker-compose.yml curl -L https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/filelist/docker-compose -o /usr/local/bin/docker-compose && chmod +x /usr/local/bin/docker-compose /usr/local/bin/docker-compose -f docker-compose.yml up -d
ao netstat -ao