Site Reliability Engineering

# 先用代理启动，Jenkins初始化需要安装许多外网插件，插件安装完后去掉代理，正常启动
java -jar -DsocksProxyHost=192.168.1.107 -DsocksProxyPort=1090 jenkins.war

# 后台启动
nohup java -jar jenkins.war 2>&1 &

1. git parameter

curl -s https://packages.gitlab.com/install/repositories/gitlab/gitlab-ce/script.rpm.sh | bash

EXTERNAL_URL="http://192.168.43.65:8000"  yum install -y gitlab-ce

gitlab-ctl reconfigure && gitlab-ctl restart

cat << EOF >> /etc/gitlab/gitlab.rb
gitlab_rails['smtp_enable'] = true
gitlab_rails['smtp_address'] = "smtp.qq.com"
gitlab_rails['smtp_port'] = 465
gitlab_rails['smtp_user_name'] = "邮箱@qq.com"
gitlab_rails['smtp_password'] = "开通smtp时返回的授权码"
gitlab_rails['smtp_domain'] = "qq.com"
gitlab_rails['smtp_authentication'] = "login"
gitlab_rails['smtp_enable_starttls_auto'] = true
gitlab_rails['smtp_tls'] = true

user['git_user_email'] = "邮箱@qq.com"
gitlab_rails['gitlab_email_from'] = '邮箱@qq.com'
EOF

# 重新生成配置并重启
gitlab-ctl reconfigure && gitlab-ctl restart

执行命令gitlab-rails console测试发邮件，进入控制台之后执行命令:

Notify.test_email('xx@qq.com', 'title', 'content').deliver_now

# 启动
gitlab-ctl start

# 重启
gitlab-ctl restart

# 停止
gitlab-ctl start

# 查看所有的logs; 按 Ctrl-C 退出
gitlab-ctl tail

# 拉取/var/log/gitlab下子目录的日志
gitlab-ctl tail gitlab-rails

# 拉取某个指定的日志文件
gitlab-ctl tail nginx/gitlab_error.log

# 更新配置文件
gitlab-ctl reconfigure

# 检查gitlab配置
gitlab-rake gitlab:check SANITIZE=true --trace

# 查看版本
cat /opt/gitlab/embedded/service/gitlab-rails/VERSION

wget -c https://dlcdn.apache.org/maven/maven-3/3.8.6/binaries/apache-maven-3.8.6-bin.tar.gz

tar xf apache-maven-3.8.6-bin.tar.gz -C /usr/local

mv /usr/local/apache-maven-3.8.6 /usr/local/maven

#添加环境变量
ln -s /usr/local/maven/bin/mvn /usr/local/bin/

#查看版本
mvn -v

cat << EOF > ~/.m2/settings.xml
<settings>
  <mirrors>
    <mirror>
      <id>aliyun</id>
      <name>Aliyun Central</name>
        <url>http://maven.aliyun.com/nexus/content/groups/public/</url>
      <mirrorOf>central</mirrorOf>
    </mirror>
  </mirrors>
</settings>
EOF

41.2.1. Build Lifecycle
mvn clean
清除

mvn compile
编译，compile the source code of the project

mvn validate
验证mvn配置，validate the project is correct and all necessary information is available

mvn test
运行单元测试，test the compiled source code using a suitable unit testing framework. These tests should not require the code be packaged or deployed

mvn verify
验证编译后的程序，run any checks on results of integration tests to ensure quality criteria are met

mvn install
安装应用到maven目录，install the package into the local repository, for use as a dependency in other projects locally

mvn deploy
编译，done in the build environment, copies the final package to the remote repository for sharing with other developers and projects.

mvn package
打包，take the compiled code and package it in its distributable format, such as a JAR.

https://maven.apache.org/guides/introduction/introduction-to-the-lifecycle.html

mvn compile war:war
Build a WAR file.

mvn war:exploded
Create an exploded webapp in a specified directory.

https://maven.apache.org/plugins/maven-war-plugin/plugin-info.html

启动springboot
mvn spring-boot:run

使用Java启动jar包
java -jar target/accessing-data-jpa-0.0.1-SNAPSHOT.jar

# 增加2G
qemu-img resize /home/ylighgh/workspace/libvirt/images/qemu-add.qcow2 +2G

qemu-img info qemu-add.qcow2

$ qemu-img info qemu-add.qcow2
image: qemu-add.qcow2
file format: qcow2
virtual size: 4 GiB (4294967296 bytes)
disk size: 2.2 MiB
cluster_size: 65536
Format specific information:
    compat: 1.1
    compression type: zlib
    lazy refcounts: false
    refcount bits: 16
    corrupt: false
    extended l2: false

parted -s /dev/vdb unit s pr

ylighgh@kvm:~$ sudo parted -s /dev/vdb unit s pr
Model: Virtio Block Device (virtblk)
Disk /dev/vdb: 8388608s
Sector size (logical/physical): 512B/512B
Partition Table: msdos
Disk Flags:

Number  Start  End       Size      Type     File system  Flags
 1      2048s  4194303s  4192256s  primary  ext4

其中8388608s为扇区总大小

kpartx -a /dev/vdb

ls /dev/mapper/vdb*

ylighgh@kvm:~$ sudo ls /dev/mapper/vdb*
/dev/mapper/vdb1

e2fsck -fy /dev/mapper/vdb1

tune2fs -O ^has_journal /dev/mapper/vdb1

kpartx -d /dev/vdb

parted -s /dev/vdb rm 1

parted -s /dev/vdb unit s mkpart primary ext4 2048 8385608s

parted -s /dev/vdb unit s pr

# parted -s /dev/vdb unit s pr
Model: Virtio Block Device (virtblk)
Disk /dev/vdb: 8388608s
Sector size (logical/physical): 512B/512B
Partition Table: msdos
Disk Flags:

Number  Start  End       Size      Type     File system  Flags
 1      2048s  8385608s  8383561s  primary  ext2

parted -s /dev/vdb set 1 boot on

kpartx -a /dev/vdb

resize2fs -f /dev/mapper/vdb1

tune2fs -j /dev/mapper/vdb1

tune2fs -O has_journal /dev/mapper/vdb1

e2fsck -fy /dev/mapper/vdb1

kpartx -d /dev/vdb

# parted -s /dev/vdb unit s pr
Model: Virtio Block Device (virtblk)
Disk /dev/vdb: 8388608s
Sector size (logical/physical): 512B/512B
Partition Table: msdos
Disk Flags:

Number  Start  End       Size      Type     File system  Flags
 1      2048s  8385608s  8383561s  primary  ext4

cat <<EOF> /usr/lib/systemd/system/libvirtd-auto-start.service
[Unit]
Description=Auto start libvirtd service
After=network.target

[Service]
Type=oneshot
ExecStart=/usr/bin/systemctl start libvirtd
RemainAfterExit=yes

[Install]
WantedBy=multi-user.target
EOF

systemctl daemon-reload
systemctl enable libvirtd-auto-start.service

cat << EOF > docker_install.sh
#Uninstall old versions
yum -y remove docker \
                  docker-client \
                  docker-client-latest \
                  docker-common \
                  docker-latest \
                  docker-latest-logrotate \
                  docker-logrotate \
                  docker-engine

#SET UP THE REPOSITORY
yum -y install yum-utils
yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo

#INSTALL DOCKER ENGINE
yum -y install docker-ce docker-ce-cli containerd.io
systemctl enable docker
systemctl start docker

#配置镜像加速
mkdir -p /etc/docker
cat << EOFF > /etc/docker/daemon.json
{
  "registry-mirrors": [
    "https://registry.docker-cn.com",
    "https://hub-mirror.c.163.com"
  ],
  "data-root": "/var/lib/docker",
  "storage-driver": "overlay2",
  "dns" : [
    "223.5.5.5",
    "223.6.6.6"
  ]
}
EOFF

#配置端口转发
echo 1 > /proc/sys/net/ipv4/ip_forward

#重载Docker，使配置生效
systemctl daemon-reload
systemctl restart docker
EOF

chmod +x docker_install.sh

sh docker_install.sh

[ylighgh@docker ~]# docker run hello-world

Hello from Docker!
This message shows that your installation appears to be working correctly.

To generate this message, Docker took the following steps:
 1. The Docker client contacted the Docker daemon.
 2. The Docker daemon pulled the "hello-world" image from the Docker Hub.
    (amd64)
 3. The Docker daemon created a new container from that image which runs the
    executable that produces the output you are currently reading.
 4. The Docker daemon streamed that output to the Docker client, which sent it
    to your terminal.

To try something more ambitious, you can run an Ubuntu container with:
 $ docker run -it ubuntu bash

Share images, automate workflows, and more with a free Docker ID:
 https://hub.docker.com/

For more examples and ideas, visit:
 https://docs.docker.com/get-started/

docker pull tomcat

docker run -itd --name tomcat test/tomcat:v1.0 /bin/bash

docker rm -f $(docker ps -qa)

--restart参数=
	no
		默认策略，在容器退出时不重启容器
	on-failure
		在容器非正常退出时（退出状态非0），才会重启容器
	on-failure:3
		在容器非正常退出时重启容器，最多重启3次
	always
		在容器退出时总是重启容器
#开机自启
	unless-stopped
		在容器退出时总是重启容器，但是不考虑在Docker守护进程启动时就已经停止了的容器
# 一般推荐使用always参数
	--restart=always

# docker update --restart=always 容器名或容器ID
docker update --restart=always <CONTAINER ID>
# 例如将tomcat设为自启动
docker update --restart=always tomcat

# docker update --restart=no 容器名或容器ID
docker update --restart=no <CONTAINER ID>
# 例如取消tomcat的自启动
docker update --restart=no tomcat

# 导出容器
docker export tomcat > tomcat.tar.gz

# 导入容器
cat tomcat.tar.gz |docker import - test/tomcat:v1

docker commit -m "描述信息" -a="作者" 容器ID xxx

docker pull registry

# 默认情况,仓库创建在容器里的/var/lib/registry目录下,建议自行使用容器卷映射,方便于宿主机联调
docker run -d -p 5000:5000 -v $HOME/myregistry/:/tmp/registry --privileged=true --restart=always registry

curl -XGET http://localhost:5000/v2/_catalog

docker tag myubunyu:v1 192.168.43.205:5000/myubuntu:v1.1

sed -i '2s/$/,/' /etc/docker/daemon.json
sed -i '2 a \"insecure-registries\":[\"192.168.43.205:5000\"]' /etc/docker/daemon.json

systemctl daemon-reload
systemctl restart docker

docker push 192.168.43.205:5000/myubuntu:v1.1

docker pull 192.168.43.205:5000/myubuntu:v1.1

[root@nginx ~]# docker images
REPOSITORY                                              TAG       IMAGE ID       CREATED         SIZE
192.168.43.205:5000/myubuntu                            v1.1      8ee699689cc3   2 hours ago     111MB
registry.cn-hangzhou.aliyuncs.com/ylighgh/myubuntu_v1   1.1       f909f58557c6   5 hours ago     178MB
nginx                                                   latest    605c77e624dd   5 months ago    141MB
tomcat                                                  latest    fb5657adc892   6 months ago    680MB
registry                                                latest    b8604a3fe854   7 months ago    26.2MB
ubuntu                                                  latest    ba6acccedd29   8 months ago    72.8MB
hello-world                                             latest    feb5d9fea6a5   9 months ago    13.3kB
redis                                                   6.0.8     16ecd2772934   20 months ago   104MB

docker run -it --privileged=true -v /宿主机绝对路径:/容器内目录 镜像名

docker run -it --privileged=true -volumes-from 容器名1 --name 容器名2 镜像名

docker build -d 新镜像名字:TAG .

FROM centos:centos7
MAINTAINER ylighgh<yssuvu@gmail.com>

ENV MYPATH /usr/local
WORKDIR $MYPATH

RUN yum -y update
RUN yum -y install vim
RUN yum -y install net-tools
RUN mkdir /usr/local/java
ADD jdk-11.0.15.1_linux-x64_bin.tar.gz /usr/local/java
ENV JAVA_HOME /usr/local/java/jdk-11.0.15.1
ENV CLASSPATH $JAVA_HOME/lib/tools.jar:$JAVA_HOME/lib/dt.jar:$JAVA_HOME/lib
ENV PATH $JAVA_HOME/bin:$PATH


CMD echo $MYPATH
CMD echo "sucess------ok"
CMD /bin/bash

docker network create my_network

docker network ls

[root@nginx ~]# docker network  ls
NETWORK ID     NAME         DRIVER    SCOPE
09b399066c7f   bridge       bridge    local
e6561971bc9b   host         host      local
ba98f0f4f1df   my_network   bridge    local
e50b1a449286   none         null      local

docker run -d -p 8081:8080 --network my_network --name tomcat81 billygoo/tomcat8-jdk8

docker pull zookeeper:latest
docker pull wurstmeister/kafka:latest

docker run -d --name zookeeper --publish 2181:2181 --volume /etc/localtime:/etc/localtime zookeeper:latest

docker run -d --name kafka -p 9092:9092 -e KAFKA_BROKER_ID=0 -e KAFKA_ZOOKEEPER_CONNECT=zookeeper服务的地址:2181 -e KAFKA_ADVERTISED_LISTENERS=PLAINTEXT://kafka地址:9092 -e KAFKA_LISTENERS=PLAINTEXT://0.0.0.0:9092 wurstmeister/kafka

bin/kafka-topics.sh --create --zookeeper 127.0.0.1:2181 --replication-factor 1 --partitions 1 --topic k8s-apisix-logs

bin/kafka-topics.sh --list --zookeeper kafka地址:2181

bin/kafka-console-producer.sh --broker-list kafka地址:9092 --topic test

bin/kafka-console-consumer.sh --bootstrap-server kafka地址:9092 --topic test --from-beginning

docker network create elastic
docker pull docker.elastic.co/elasticsearch/elasticsearch:8.13.4
docker run  -d --name es01 --net elastic -p 9200:9200 -p 9300:9300 -e "discovery.type=single-node" -e "xpack.security.enabled=false" -t docker.elastic.co/elasticsearch/elasticsearch:8.13.4

export ELASTIC_PASSWORD="f27lQZGV0BFntOMplyc2"

docker cp es01:/usr/share/elasticsearch/config/certs/http_ca.crt .

curl --cacert http_ca.crt -u elastic:$ELASTIC_PASSWORD https://localhost:9200

docker pull docker.elastic.co/kibana/kibana:8.13.4
docker run -d --name kibana --net elastic -p 5601:5601 docker.elastic.co/kibana/kibana:8.13.4

yum install -y mariadb-server

cp /etc/my.cnf /etc/my.cnf.default

cat << EOF > /etc/my.cnf
[client]
default_character_set = utf8
[mysqld]
datadir=/var/lib/mysql
socket=/var/lib/mysql/mysql.sock
collation_server = utf8_general_ci
character_set_server = utf8
# Disabling symbolic-links is recommended to prevent assorted security risks
symbolic-links=0
# Settings user and group are ignored when systemd is used.
# If you need to run mysqld under a different user or group,
# customize your systemd unit file for mariadb according to the
# instructions in http://fedoraproject.org/wiki/Systemd
max_allowed_packet=20M
max_heap_table_size = 100M
read_buffer_size = 2M
read_rnd_buffer_size = 16M
sort_buffer_size = 8M
join_buffer_size = 8M
tmp_table_size = 100M
# 查询缓存
#query_cache_limit=4M
#query_cache_type=on
#query_cache_size=2G
#bind-address = 127.0.0.1
# 跳过主机名解析，比如localhost，foo.com之类，加速访问
skip-name-resolve
# SQL执行日志
general_log=off
general_log_file=/var/log/mariadb/general.log
# SQL慢查询日志
slow_query_log=off
slow_query_log_file=/var/log/mariadb/slowquery.log
long_query_time = 5
max_connections = 1000
# 兼容老MySQL代码，比如使用空字符串代替NULL插入数据
sql_mode = ""
[mysqld_safe]
log-error=/var/log/mariadb/mariadb.log
pid-file=/var/run/mariadb/mariadb.pid
#
# include all files from the config directory
#
!includedir /etc/my.cnf.d
EOF

sed -i '16 aquick\nquote-names\nmax_allowed_packet = 100M' /etc/my.cnf.d/mysql-clients.cnf

touch /var/log/mariadb/general.log /var/log/mariadb/slowquery.log
chown mysql:mysql /var/log/mariadb/general.log /var/log/mariadb/slowquery.log

systemctl enable mariadb

systemctl start mariadb

# systemctl status mariadb
● mariadb.service - MariaDB database server
   Loaded: loaded (/usr/lib/systemd/system/mariadb.service; enabled; vendor preset: disabled)
   Active: active (running) since Fri 2019-11-29 14:18:12 CST; 1h 7min ago
  Process: 16688 ExecStartPost=/usr/libexec/mariadb-wait-ready $MAINPID (code=exited, status=0/SUCCESS)
  Process: 16653 ExecStartPre=/usr/libexec/mariadb-prepare-db-dir %n (code=exited, status=0/SUCCESS)
 Main PID: 16687 (mysqld_safe)
   CGroup: /system.slice/mariadb.service
           ├─16687 /bin/sh /usr/bin/mysqld_safe --basedir=/usr
           └─17043 /usr/libexec/mysqld --basedir=/usr --datadir=/var/lib/mysql --plugin-dir=/usr/lib64/mysql/plugin --log-error=/var/log/mariadb/mariadb.lo...
Nov 29 14:18:10 iZ6weebcmroarpx8rrxscrZ systemd[1]: Starting MariaDB database server...
Nov 29 14:18:10 iZ6weebcmroarpx8rrxscrZ mariadb-prepare-db-dir[16653]: Database MariaDB is probably initialized in /var/lib/mysql already, nothing is done.
Nov 29 14:18:11 iZ6weebcmroarpx8rrxscrZ mysqld_safe[16687]: 191129 14:18:11 mysqld_safe Logging to '/var/log/mariadb/mariadb.log'.
Nov 29 14:18:11 iZ6weebcmroarpx8rrxscrZ mysqld_safe[16687]: 191129 14:18:11 mysqld_safe Starting mysqld daemon with databases from /var/lib/mysql
Nov 29 14:18:12 iZ6weebcmroarpx8rrxscrZ systemd[1]: Started MariaDB database server.
# ss -antpl|grep mysql
LISTEN     0      50     127.0.0.1:3306                     *:*                   users:(("mysqld",pid=17043,fd=14))

mysqladmin -uroot password "geek"

mysql -uroot -pgeek -e 'show databases;'
mysql -uroot -pgeek -e 'drop database test;'
mysql -uroot -pgeek mysql -e 'delete from db;'
mysql -uroot -pgeek mysql -e 'delete from user where Password="";'
mysql -uroot -pgeek -e 'flush privileges;'

yum -y install redis

systemctl start redis

systemctl enable redis

[root@master-2022 system]# systemctl status redis
● redis.service - Redis persistent key-value database
   Loaded: loaded (/usr/lib/systemd/system/redis.service; disabled; vendor preset: disabled)
  Drop-In: /etc/systemd/system/redis.service.d
           └─limit.conf
   Active: active (running) since Mon 2022-05-30 05:31:28 CST; 1s ago
  Process: 22952 ExecStop=/usr/libexec/redis-shutdown (code=exited, status=0/SUCCESS)
 Main PID: 22982 (redis-server)
   CGroup: /system.slice/redis.service
           └─22982 /usr/bin/redis-server 127.0.0.1:6379

May 30 05:31:28 master-2022 systemd[1]: Starting Redis persistent key-val....
May 30 05:31:28 master-2022 systemd[1]: Started Redis persistent key-valu....
Hint: Some lines were ellipsized, use -l to show in full.
[root@master-2022 system]# ss -antpl|grep redis
LISTEN     0      128    127.0.0.1:6379                     *:*                   users:(("redis-server",pid=22982,fd=4))

cat << EOF > /etc/yum.repos.d/nginx.repo
[nginx-stable]
name=nginx stable repo
baseurl=http://nginx.org/packages/centos/\$releasever/\$basearch/
gpgcheck=1
enabled=1
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true

[nginx-mainline]
name=nginx mainline repo
baseurl=http://nginx.org/packages/mainline/centos/\$releasever/\$basearch/
gpgcheck=1
enabled=0
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true
EOF

yum install -y nginx

echo y|cp /etc/nginx/nginx.conf /etc/nginx/nginx.conf.default

cat << EOF > /etc/nginx/nginx.conf
# For more information on configuration, see:
#   * Official English Documentation: http://nginx.org/en/docs/
#   * Official Russian Documentation: http://nginx.org/ru/docs/

user nginx;
worker_processes auto;
error_log  /var/log/nginx/error.log warn;
pid        /var/run/nginx.pid;

worker_rlimit_nofile 65535;

events {
    worker_connections 65535;
}

http {
    include             /etc/nginx/mime.types;
    default_type        application/octet-stream;

    log_format  main  escape=json '\$host \$server_port \$remote_addr - \$remote_user [\$time_local] "\$request" '
                      '\$status \$request_time \$body_bytes_sent "\$http_referer" '
                      '"\$http_user_agent" "\$http_x_forwarded_for"';


    access_log  /var/log/nginx/access.log  main;

    sendfile            on;
    tcp_nopush          on;
    tcp_nodelay         on;
    keepalive_timeout   65;
    types_hash_max_size 2048;

    server_names_hash_bucket_size 128;
    server_name_in_redirect off;
    client_header_buffer_size 32k;
    large_client_header_buffers 4 32k;

    client_header_timeout  3m;
    client_body_timeout    3m;
    client_max_body_size 50m;
    client_body_buffer_size 256k;
    send_timeout           3m;

    gzip  on;
    gzip_min_length  1k;
    gzip_buffers     4 16k;
    gzip_http_version 1.0;
    gzip_comp_level 2;
    gzip_types image/svg+xml application/x-font-wof text/plain text/xml text/css application/xml application/xhtml+xml application/rss+xml application/javascript application/x-javascript text/javascript;
    gzip_vary on;

    proxy_redirect off;
    proxy_set_header Host \$host;
    proxy_set_header X-Real-IP \$remote_addr;
    proxy_set_header REMOTE-HOST \$remote_addr;
    proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
    proxy_connect_timeout 60;
    proxy_send_timeout 60;
    proxy_read_timeout 60;
    proxy_buffer_size 256k;
    proxy_buffers 4 256k;
    proxy_busy_buffers_size 256k;
    proxy_temp_file_write_size 256k;
    proxy_next_upstream error timeout invalid_header http_500 http_503 http_404;
    proxy_max_temp_file_size 128m;
    #让代理服务端不要主动关闭客户端的连接，协助处理499返回代码问题
    proxy_ignore_client_abort on;

    fastcgi_buffer_size 64k;
    fastcgi_buffers 4 64k;
    fastcgi_busy_buffers_size 128k;

    index index.html index.htm index.php default.html default.htm default.php;

    # Load modular configuration files from the /etc/nginx/conf.d directory.
    # See http://nginx.org/en/docs/ngx_core_module.html#include
    # for more information.
    include /etc/nginx/conf.d/*.conf;
}
EOF

mkdir /etc/nginx/conf.d

cat << EOF > /etc/nginx/conf.d/default.conf
server {
    listen       80 default_server;
    listen       [::]:80 default_server;
    server_name  _;
    root         /usr/share/nginx/html;

    # Load configuration files for the default server block.
    include /etc/nginx/default.d/*.conf;

    location / {
    }

    error_page 404 /404.html;
        location = /40x.html {
    }

    error_page 500 502 503 504 /50x.html;
        location = /50x.html {
    }
}
EOF

nginx -t && rm -f /var/run/nginx.pid

systemctl start nginx

# systemctl status nginx
● nginx.service - The nginx HTTP and reverse proxy server
   Loaded: loaded (/usr/lib/systemd/system/nginx.service; disabled; vendor preset: disabled)
   Active: active (running) since Fri 2019-11-29 14:02:31 CST; 1h 18min ago
 Main PID: 15759 (nginx)
   CGroup: /system.slice/nginx.service
           ├─15759 nginx: master process /usr/sbin/nginx
           └─17285 nginx: worker process

Nov 29 14:02:31 iZ6weebcmroarpx8rrxscrZ systemd[1]: Starting The nginx HTTP and reverse proxy server...
Nov 29 14:02:31 iZ6weebcmroarpx8rrxscrZ nginx[15753]: nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
Nov 29 14:02:31 iZ6weebcmroarpx8rrxscrZ nginx[15753]: nginx: configuration file /etc/nginx/nginx.conf test is successful
Nov 29 14:02:31 iZ6weebcmroarpx8rrxscrZ systemd[1]: Failed to parse PID from file /run/nginx.pid: Invalid argument
Nov 29 14:02:31 iZ6weebcmroarpx8rrxscrZ systemd[1]: Started The nginx HTTP and reverse proxy server.


# ss -antpl|grep nginx
LISTEN     0      128          *:80                       *:*                   users:(("nginx",pid=17285,fd=6),("nginx",pid=15759,fd=6))
LISTEN     0      128         :::80                      :::*                   users:(("nginx",pid=17285,fd=7),("nginx",pid=15759,fd=7))

systemctl enable nginx

rsync -avz 服务器地址:/服务器目录/* /本地目录

rsync -avz /本地目录/* 服务器地址:/服务器目录/

-a: 归档模式,递归保留对象属性
-v: 显示同步过程
-z: 在传输时进行压缩

useradd test
echo "testupload" | passwd test --stdin

# 设置acl权限
setfacl -m u:test:rwx /filesrc

wget  http://github.com/downloads/rvoicilas/inotify-tools/inotify-tools-3.14.tar.gz

tar -xf inotify-tools-3.14.tar.gz

cd inotify-tools-3.14

yum -y install gcc*

./configure && make && make install

cat <<EOF> rsync.sh
#!/bin/bash
a="inotifywait -mrq -e create,delete,modify /filesrc"
b="rsync -avz /filesrc/* root@192.168.88.20:/filedest"
\$a | while read directory event file
do
    \$b
done
EOF

chmod +x rsync.sh

cat <<EOF> /etc/rsync.conf
port = 52050
pid file = /var/log/rsync/rsyncd.pid
lock file = /var/log/rsync/rsync.lock
log file = /var/log/rsync/rsyncd.log
use chroot = false
strict modes = false
hosts allow = 127.0.0.1,192.168.122.225
ignore errors = true
read only = true
list = yes
max connections = 10
auth users = whoareyou
secrets file = /var/log/rsync/rsyncd.pass
uid = root
gid = root

[delete]
path = /tmp/.snapshots/create_and_delete-snap/
EOF

cat <<EOF> /var/log/rsync/rsyncd.pass
whoareyou:123456
EOF

# 开启
rsync --daemon

# 验证
suse:~ # ss -antpl|grep 52050
LISTEN 0      5            0.0.0.0:52050      0.0.0.0:*    users:(("rsync",pid=14431,fd=5))
LISTEN 0      5               [::]:52050         [::]:*    users:(("rsync",pid=14431,fd=6))

cat <<EOF> ~/workspace/shell/rsync.sh
#! /bin/bash
echo >> /var/log/rsync.log
echo 同步开始于  `date +%F%t%T` >> /var/log/rsync.log

log_file=/var/log/rsync_download.log
time=`date +%F%t%T`

cmd="rsync -abvcz --port=52050 --progress --delete --backup-dir=/www/master_bak/conf/change/`date +%Y%m%d` --password-file=/var/log/rsync/rsync.pass --log-file=${log_file} whoareyou@rsync_server::delete /www/master_bak/conf/source/"
echo ${time} $cmd>>/var/log/rsync.log  2>&1
$cmd


echo 同步结束于  `date +%F%t%T`>>/var/log/rsync.log

echo >> /var/log/rsync.log
echo >> /var/log/rsync.log
echo >> /var/log/rsync.log
echo >> /var/log/rsync.log
EOF

cat <<EOF> /var/log/rsync/rsync.pass
123456
EOF

rpm -Uvh https://mirrors.aliyun.com/zabbix/zabbix/5.0/rhel/7/x86_64/zabbix-release-5.0-1.el7.noarch.rpm

sed -i 's#http://repo.zabbix.com#https://mirrors.aliyun.com/zabbix#g' /etc/yum.repos.d/zabbix.repo

yum clean all
yum makecache

yum -y install zabbix-server-mysql zabbix-agent

yum -y install centos-release-scl

sed -i '11s#0#1#' /etc/yum.repos.d/zabbix.repo

yum -y install zabbix-web-mysql-scl zabbix-apache-conf-scl

mysql -uroot -pgeek -e "create database zabbix character set utf8 collate utf8_bin;create user 'zabbix'@'localhost' identified by 'zabbix';grant all privileges on zabbix.* to 'zabbix'@'localhost';flush privileges;"

zcat /usr/share/doc/zabbix-server-mysql*/create.sql.gz | mysql -uzabbix -pzabbix zabbix

#配置数据库密码
sed -i '124s# DBPassword=#DBPassword=zabbix#' /etc/zabbix/zabbix_server.conf
sed -i '124s/#DBPassword/DBPassword/' /etc/zabbix/zabbix_server.conf
#配置php时区
sed -i '25s#Europe/Riga#Asia/Shanghai#' /etc/opt/rh/rh-php72/php-fpm.d/zabbix.conf
sed -i '25s/; php/php/' /etc/opt/rh/rh-php72/php-fpm.d/zabbix.conf

systemctl start zabbix-server zabbix-agent httpd rh-php72-php-fpm

systemctl enable zabbix-server zabbix-agent httpd rh-php72-php-fpm

# 找到zabbix的安装包
rpm -qa|grep zabbix

# 卸载zabbix
yum -y remove 包名

# 删除文件目录
find / -name zabbix -exec rm {} +

# 删除zabbix数据库
mysql -uroot -pgeek -e 'drop database zabbix;'

rpm -Uvh https://mirrors.aliyun.com/zabbix/zabbix/5.0/rhel/7/x86_64/zabbix-release-5.0-1.el7.noarch.rpm

sed -i 's#http://repo.zabbix.com#https://mirrors.aliyun.com/zabbix#g' /etc/yum.repos.d/zabbix.repo

yum clean all
yum makecache

yum -y install zabbix-agent

sed -i '117s/127.0.0.1/zabbix_server_ip/' /etc/zabbix/zabbix_agentd.conf

systemctl start zabbix-agent

systemctl enable zabbix-agent

yum install -y iptables-services

# 停止firewalld
systemctl  stop  firewalld
# 禁用firewalld
systemctl mask firewalld.service
# iptables 开机自起
systemctl enable iptables.service
# 删除所有的链条和规则
iptables -F

iptables-save >/etc/sysconfig/iptables

iptable -A INPUT -p icmp -j DROP

iptable -L -n --line-numbers

[root@aliyun ~]# iptables -L -n --line-numbers
Chain INPUT (policy ACCEPT)
num  target     prot opt source               destination
1    DROP       icmp --  0.0.0.0/0            0.0.0.0/0

Chain FORWARD (policy ACCEPT)
num  target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
num  target     prot opt source               destination

iptables -D INPUT 1

# 任何改动之前先备份
cp /etc/sysconfig/iptables /etc/sysconfig/iptables.bak
iptables-save > /etc/sysconfig/iptables
cat /etc/sysconfig/iptables

yum install -y java-11-openjdk java-11-openjdk-devel java-11-openjdk-headless

rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch

cat << EOF > /etc/yum.repos.d/elasticsearch.repo
[elasticsearch]
name=Elasticsearch repository for 7.x packages
baseurl=https://artifacts.elastic.co/packages/7.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=0
autorefresh=1
type=rpm-md
EOF

log_format  main  '$host $server_port $remote_addr - $remote_user [$time_local] "$request" '
                '$status $request_time $body_bytes_sent "$http_referer" '
                '"$http_user_agent" "$http_x_forwarded_for"';

yum -y install python-setuptools

CEPH_STABLE_RELEASE=nautilus

cat  << EOF > /etc/yum.repos.d/ceph.repo
[Ceph]
name=Ceph packages for \$basearch
baseurl=https://mirrors.aliyun.com/ceph/rpm-${CEPH_STABLE_RELEASE}/el7/\$basearch
enabled=1
gpgcheck=1
type=rpm-md
gpgkey=https://mirrors.aliyun.com/ceph/keys/release.asc

[ceph-noarch]
name=Ceph noarch packages
baseurl=https://mirrors.aliyun.com/ceph/rpm-${CEPH_STABLE_RELEASE}/el7/noarch
enabled=1
gpgcheck=1
type=rpm-md
gpgkey=https://mirrors.aliyun.com/ceph/keys/release.asc

[ceph-source]
name=Ceph source packages
baseurl=https://mirrors.aliyun.com/ceph/rpm-${CEPH_STABLE_RELEASE}/el7/SRPMS/
enabled=1
gpgcheck=1
type=rpm-md
gpgkey=https://mirrors.aliyun.com/ceph/keys/release.asc
EOF

mkdir -p ~/ceph-cluster && cd ~/ceph-cluster

yum -y install ceph-deploy

ceph-deploy new node1 node2 node3 --public-network 10.0.2.0/24 --cluster-network 10.0.2.0/24

# 自动安装
ceph-deploy install node1 node2 node3

# 手动安装
yum -y install ceph ceph-radosgw

ceph-deploy mon create-initial

ceph-deploy --overwrite-conf admin node1 node2 node3

ceph-deploy mgr create node1 node2 node3

# 擦除硬盘
ceph-deploy disk zap node1 /dev/sdb
ceph-deploy disk zap node2 /dev/sdb
ceph-deploy disk zap node3 /dev/sdb

# 创建osd节点
ceph-deploy osd create node1 --fs-type xfs --data /dev/sdb
ceph-deploy osd create node2 --fs-type xfs --data /dev/sdb
ceph-deploy osd create node3 --fs-type xfs --data /dev/sdb

cat << EOF >> ~/ceph-cluster/ceph.conf
mon_clock_drift_allowed = 2
mon_clock_drift_warn backoff = 30
EOF

ceph config set mon mon_warn_on_insecure_global_id_reclaim false
ceph config set mon mon_warn_on_insecure_global_id_reclaim_allowed false

ceph-deploy --overwrite-conf config push node{1,2,3}

systemctl restart ceph-mon.target

[root@node1 ceph-cluster]# ceph -s
  cluster:
    id:     a7074991-7a98-42b1-a517-891782210587
    health: HEALTH_OK

  services:
    mon: 3 daemons, quorum node1,node2,node3 (age 22s)
    mgr: node1(active, since 2m), standbys: node2, node3
    osd: 3 osds: 3 up (since 119s), 3 in (since 119s)

  data:
    pools:   0 pools, 0 pgs
    objects: 0 objects, 0 B
    usage:   3.0 GiB used, 13 GiB / 16 GiB avail
    pgs:

ceph-deploy mds create node1 node2 node3

ceph osd pool create cephfs_metadata 32 32
ceph osd pool create cephfs_data 32 32

# 启用
ceph osd pool application enable cephfs_metadata cephfs
ceph osd pool application enable cephfs_data cephfs

ceph fs new koenlifs cephfs_metadata cephfs_data

mkdir -p /ceph/cephfs

# 方式一 mount
mount -t ceph node1:6789,node2:6789,node3:6789:/ /ceph/cephfs -o name=admin,secret=AQAZUhdj3ruKHhAAt5E5YdYhfGXUpnorM0VBDw==


# 方式二 ceph-fuse
yum -y install ceph-fuse

ceph-fuse -n client.admin -m node1:6789,node2:6789,node3:6789 /ceph/cephfs


[root@node2 cephfs]# df -h
Filesystem                                      Size  Used Avail Use% Mounted on
devtmpfs                                        988M     0  988M   0% /dev
tmpfs                                          1000M     0 1000M   0% /dev/shm
tmpfs                                          1000M  8.6M  991M   1% /run
tmpfs                                          1000M     0 1000M   0% /sys/fs/cgroup
/dev/mapper/centos-root                          17G  1.8G   16G  11% /
/dev/sda1                                      1014M  136M  879M  14% /boot
tmpfs                                           200M     0  200M   0% /run/user/0
tmpfs                                          1000M   52K 1000M   1% /var/lib/ceph/osd/ceph-1
10.0.2.10:6789,10.0.2.20:6789,10.0.2.30:6789:/  3.8G     0  3.8G   0% /ceph/cephfs

umount /ceph/cephfs

mkfs.btrfs /path/to/device

# 将多个硬盘合并成一个文件系统
mkfs.btrfs -L mydata /dev/vdd /dev/vde

mount /dev/vdc1 /backup/

# 指定选项挂载(man 5 btrfs)
mount -o option1,option2 /dev/vdc1 /backup/

btrfs filesystem show /mydata

suse:~ # btrfs filesystem show /mydata/
Label: 'mydata'  uuid: f38e8548-402c-42be-8f1e-4bcd4d275cf5
        Total devices 2 FS bytes used 192.00KiB
        devid    1 size 2.00GiB used 272.00MiB path /dev/vdd
        devid    2 size 2.00GiB used 264.00MiB path /dev/vde

btrfs filesystem resize 2:[-|+|max]1G /mydata/

suse:~ # btrfs filesystem resize 2:-1G /mydata/
Resize device id 2 (/dev/vde) from 2.00GiB to 1.00GiB
suse:~ # btrfs filesystem show /mydata/
Label: 'mydata'  uuid: f38e8548-402c-42be-8f1e-4bcd4d275cf5
        Total devices 2 FS bytes used 192.00KiB
        devid    1 size 2.00GiB used 272.00MiB path /dev/vdd
        devid    2 size 1.00GiB used 264.00MiB path /dev/vde

btrfs device add /dev/vdf /mydata

btrfs device delete /dev/vdf /mydata

# 将ext4转换为btrfs
btrfs-convert /path/to/device

# 将btrfs回退至之前的文件系统
btrfs-convert -r /path/to/device

btrfs subvolume create xxx

btrfs subvolume show xxx

btrfs subvolume snapshot -r xxx xxx-bak

mount -o [subvol=xxx|subvolid=xxx] /dev/vdd /mnt/logs

# 测试文件
dd if=/dev/zero of=/data/test bs=1G count=1

btrfs sub snap -r /data /data/bkp_data && sync

btrfs send /data/bkp_data | btrfs receive /backup

# 测试文件
touch /data/test2

btrfs subvolume snapshot -r /data /data/bkp_data-2 && sync

btrfs send -p /data/bkp_data /data/bkp_data-2 | btrfs receive /backup

btrfs sub del /data/bkp_data
mv /data/bkp_data-2 /data/bkp_data
btrfs sub del /backup/bkp_data
mv /backup/bkp_data-2 /backup/bkp_data

btrfs send /data/bkp_data | ssh root@ubuntu 'btrfs receive /backup'

#设置硬件时钟调整为与本地时钟一致
timedatectl set-local-rtc 1
#设置时区为上海
timedatectl set-timezone Asia/Shanghai

#安装ntpdate
yum -y install ntpdate
#同步时间
ntpdate -u  cn.ntp.org.cn
#同步完成后,date命令查看时间是否正确
date

#安装crontab
yum -y install crontab
#创建crontab任务
crontab -e
#添加定时任务
*/20 * * * * /usr/sbin/ntpdate cn.ntp.org.cn > /dev/null 2>&1
#重启crontab
service crond reload

# 获取源码
git clone https://github.com/rofl0r/proxychains-ng

# 编译和安装
cd proxychains-ng
./configure --prefix=/usr --sysconfdir=/etc
make && make install && make install-config

# 删除文件
cd .. && rm -rf proxychains-ng

# 下载
wget https://www.python.org/ftp/python/3.8.1/Python-3.8.1.tgz
tar -zxvf Python-3.8.1.tgz

# 进入文件夹
cd Python-3.8.1

# 配置安装位置
./configure prefix=/usr/local/python3

# 安装
make && make install

# 添加python3的软链接
ln -s /usr/local/python3/bin/python3.8 /usr/bin/python3

# 添加 pip3 的软链接
ln -s /usr/local/python3/bin/pip3.8 /usr/bin/pip3

# 设置pip源
pip3 install --upgrade -i https://pypi.tuna.tsinghua.edu.cn/simple pip
pip3 config set global.index-url https://pypi.tuna.tsinghua.edu.cn/simple

yum install -y centos-release-scl

yum install -y rh-php72 \
    rh-php72-php  \
    rh-php72-php-bcmath \
    rh-php72-php-fpm \
    rh-php72-php-gd \
    rh-php72-php-intl \
    rh-php72-php-mbstring \
    rh-php72-php-mysqlnd \
    rh-php72-php-opcache \
    rh-php72-php-pdo \
    rh-php72-php-pecl-apcu \
    rh-php72-php-xmlrpc \
    rh-php72-php-devel

scl enable rh-php72 bash

cp /etc/opt/rh/rh-php72/php.ini /etc/opt/rh/rh-php72/php.ini.default

# 启用 '<? ... ?>' 代码风格
sed -i '197s/short_open_tag = Off/short_open_tag = On/' /etc/opt/rh/rh-php72/php.ini

# 禁止一些危险性高的函数
sed -i '314s/disable_functions =/disable_functions = system,exec,shell_exec,passthru,set_time_limit,ini_alter,dl,openlog,syslog,readlink,symlink,link,leak,popen,escapeshellcmd,virtual,socket_create,mail,eval/' /etc/opt/rh/rh-php72/php.ini

# 配置中国时区
sed -i '902s#;date.timezone =#date.timezone = Asia/Shanghai#' /etc/opt/rh/rh-php72/php.ini

systemctl enable rh-php72-php-fpm

systemctl start rh-php72-php-fpm

# systemctl status rh-php72-php-fpm
● rh-php72-php-fpm.service - The PHP FastCGI Process Manager
   Loaded: loaded (/usr/lib/systemd/system/rh-php72-php-fpm.service; enabled; vendor preset: disabled)
   Active: active (running) since Fri 2019-11-29 13:36:03 CST; 1h 56min ago
 Main PID: 15360 (php-fpm)
   Status: "Processes active: 0, idle: 6, Requests: 56, slow: 0, Traffic: 0req/sec"
   CGroup: /system.slice/rh-php72-php-fpm.service
           ├─15360 php-fpm: master process (/etc/opt/rh/rh-php72/php-fpm.conf)
           ├─15361 php-fpm: pool www
           ├─15362 php-fpm: pool www
           ├─15363 php-fpm: pool www
           ├─15364 php-fpm: pool www
           ├─15365 php-fpm: pool www
           └─17211 php-fpm: pool www

Nov 29 13:36:03 iZ6weebcmroarpx8rrxscrZ systemd[1]: Starting The PHP FastCGI Process Manager...
Nov 29 13:36:03 iZ6weebcmroarpx8rrxscrZ systemd[1]: Started The PHP FastCGI Process Manager.

# ss -antpl|grep php-fpm
LISTEN     0      128    127.0.0.1:9000                     *:*                   users:(("php-fpm",pid=17211,fd=9),("php-fpm",pid=15365,fd=9),("php-fpm",pid=15364,fd=9),("php-fpm",pid=15363,fd=9),("php-fpm",pid=15362,fd=9),("php-fpm",pid=15361,fd=9),("php-fpm",pid=15360,fd=7))

dnf install -y iproute rsync epel-release vim-enhanced wget curl

dnf install -y dnf-plugins-core
dnf config-manager --set-enabled crb


#禁用SELINUX，必须重启才能生效
echo SELINUX=disabled > /etc/selinux/config
echo SELINUXTYPE=targeted >> /etc/selinux/config

#最大可以打开的文件
echo "*               soft   nofile            65535" >> /etc/security/limits.conf
echo "*               hard   nofile            65535" >> /etc/security/limits.conf

# ssh登录时，登录ip被会反向解析为域名，导致ssh登录缓慢
sed -i "s/#UseDNS yes/UseDNS no/" /etc/ssh/sshd_config
sed -i "s/GSSAPIAuthentication yes/GSSAPIAuthentication no/" /etc/ssh/sshd_config
sed -i "s/GSSAPICleanupCredentials yes/GSSAPICleanupCredentials no/" /etc/ssh/sshd_config
sed -i "s/#MaxAuthTries 6/MaxAuthTries 10/" /etc/ssh/sshd_config
# server每隔30秒发送一次请求给client，然后client响应，从而保持连接
sed -i "s/#ClientAliveInterval 0/ClientAliveInterval 30/" /etc/ssh/sshd_config
# server发出请求后，客户端没有响应得次数达到3，就自动断开连接，正常情况下，client不会不响应
sed -i "s/#ClientAliveCountMax 3/ClientAliveCountMax 10/" /etc/ssh/sshd_config

# 支持gbk文件显示
echo "set fencs=utf-8,gbk" >> /etc/vimrc

# 设定系统时区
yes|cp /usr/share/zoneinfo/Asia/Chongqing /etc/localtime

# 时间同步
dnf install -y systemd-timesyncd
systemctl enable systemd-timesyncd
systemctl start systemd-timesyncd

# 如果是x86_64系统，排除32位包
echo "exclude=*.i386 *.i586 *.i686" >> /etc/yum.conf

systemctl stop firewalld
systemctl disable firewalld
systemctl mask firewalld

dnf install iptables iptables-services iptables-utils -y

# 解决无法高版本SSH无法连接低版本SSH问题
update-crypto-policies --set LEGACY

# 创建swap分区
dd if=/dev/zero of=/var/.swapfile count=16 bs=1G
chmod 600 /var/.swapfile
mkswap /var/.swapfile
swapon /var/.swapfile
echo "/var/.swapfile swap swap defaults 0 0" >> /etc/fstab

nmcli c modify enp1s0 ipv4.addresses 192.168.122.120/24 ipv4.method manual
nmcli c modify enp1s0 ipv4.gateway 192.168.122.1
nmcli c modify enp1s0 ipv6.method ignore
nmcli c modify enp1s0 ipv4.dns "223.5.5.5 223.6.6.6"
nmcli c modify enp1s0 connection.autoconnect yes
nmcli c modify eno1 ethernet.cloned-mac-address 90:b1:1c:4f:d9:e5

nmcli c modify 'enp1s0' connection.id eno1
nmcli c reload
nmcli c up eno2

nmcli c modify eno1 connection.interface-name eno1

# 增加恢复脚本
cat <<EOF> update_network_delayed.sh
#!/bin/bash

sleep 120

nmcli c delete br1
nmcli c delete eno1

nmcli c add type ethernet autoconnect yes con-name eno1 ifname eno1
nmcli c modify eno1 ipv4.addresses 221.236.30.3/24 ipv4.method manual
nmcli c modify eno1 ipv4.gateway 221.236.30.1
nmcli c modify eno1 ipv4.dns "61.139.2.69,223.5.5.5"

nmcli c modify eno1 ethernet.cloned-mac-address 90:b1:1c:4f:d9:e5

nmcli c up eno1

echo "Network configuration has been updated."

EOF

# 创建br1网桥
nmcli c add type bridge autoconnect yes con-name br1 ifname br1
nmcli c modify br1 bridge.stp no
nmcli c modify br1 ipv6.method ignore
nmcli c modify br1 ipv4.addresses 221.236.30.3/24 ipv4.method manual
nmcli c modify br1 ipv4.gateway 221.236.30.1
nmcli c modify br1 ipv4.dns "223.5.5.5 223.6.6.6"

cat <<EOF> br1.sh
#!/bin/bash

nmcli c delete eno1
nmcli c add type ethernet autoconnect yes con-name eno1 ifname eno1 master br1
nmcli c up br1
EOF

# 先开启恢复脚本,再创建网桥
sh update_network_delayed.sh &
sh br1.sh

# 创建网站根目录
mkdir -p /data/wwwroot/default
echo 'Tomcat test' > /data/wwwroot/default/index.jsp
chown -R www.www /data/wwwroot

cat << EOF > /etc/nginx/conf.d/tomcat.conf
upstream nameserver {
    server 10.0.2.20:8080;
}
server{
    listen       9980 default_server;
    server_name  tomcat.master.com;
    location / {
    proxy_pass http://nameserver;
    proxy_set_header Host \$host;
    }
}
EOF

# 重启nginx
nginx -t && nginx -s reload

[root@master-2022 bin]# curl 127.0.0.1:9980
HTTP/1.1 200
Set-Cookie: JSESSIONID=68ABB16FBD9C3E8C65A2C89668EDEF74; Path=/; HttpOnly
Content-Type: text/html;charset=ISO-8859-1
Content-Length: 12
Date: Wed, 25 May 2022 13:03:21 GMT

Tomcat test

# 创建网站根目录
mkdir -p /data/wwwroot/default
echo 'Tomcat test' > /data/wwwroot/default/index.jsp
chown -R www.www /data/wwwroot

cat << EOF > /etc/nginx/conf.d/tomcat.conf
upstream nameserver {
    server 10.0.2.20:8080;
}
server{
    listen       9980 default_server;
    server_name  tomcat.master.com;
    location / {
    proxy_pass http://nameserver;
    proxy_set_header Host \$host;
    }
}
EOF

# 重启nginx
nginx -t && nginx -s reload

[root@master-2022 bin]# curl 127.0.0.1:9980
HTTP/1.1 200
Set-Cookie: JSESSIONID=68ABB16FBD9C3E8C65A2C89668EDEF74; Path=/; HttpOnly
Content-Type: text/html;charset=ISO-8859-1
Content-Length: 12
Date: Wed, 25 May 2022 13:03:21 GMT

Tomcat test

wget -c https://github.com/goharbor/harbor/releases/download/v2.3.4/harbor-offline-installer-v2.3.4.tgz

tar xf harbor-offline-installer-v2.3.4.tgz -C /usr/local

# 进入文件夹
cd /usr/local/harbor
# 备份默认配置文件
cp -a harbor.yml.tmpl harbor.yml

# 修改地址
sed -i '5s/reg.mydomain.com/192.168.0.150/' harbor.yml

# 注释https
sed -i '13s/^/#/' harbor.yml
sed -i '15s/^/#/' harbor.yml
sed -i '17s/^/#/' harbor.yml
sed -i '18s/^/#/' harbor.yml

# 查看harbor默认密码
sed -n '34,34p' harbor.yml


# 安装
./install.sh


# 修改配置daemon文件
sed -i '2s/$/,/' /etc/docker/daemon.json
sed -i '2 a \"insecure-registries\":[\"192.168.0.150:80\"]' /etc/docker/daemon.json

# 重启docker
systemctl daemon-reload
systemctl restart docker

# 登陆docker仓库
docker login -u admin -p Harbor12345 192.168.0.150:80

# 修改镜像格式
harbor地址/仓库名/镜像名:版本号

docker tag 64f770dda7e1 192.168.0.150:80/repo/mytest:v2.0.0

# 推送镜像
docker push 192.168.0.150:80/repo/mytest:v2.0.0

# 拉取镜像
docker pull 192.168.0.150:80/repo/mytest:v2.0.0

wget -c https://github.com/moby/buildkit/releases/download/v0.12.2/buildkit-v0.12.2.linux-amd64.tar.gz

tar xf buildkit-v0.12.2.linux-amd64.tar.gz -C /usr/local

cat <<EOF> /etc/systemd/system/buildkit.service
[Unit]
Description=BuildKit
Documentation=https://github.com/moby/buildkit

[Service]
ExecStart=/usr/local/bin/buildkitd --oci-worker=false --containerd-worker=true

[Install]
WantedBy=multi-user.target
EOF

systemctl daemon-reload

systemctl start buildkit

systemctl enable buildkit

cat <<EOF> /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://pkgs.k8s.io/core:/stable:/v1.29/rpm/
enabled=1
gpgcheck=1
gpgkey=https://pkgs.k8s.io/core:/stable:/v1.29/rpm/repodata/repomd.xml.key
EOF

yum install -y kubectl

kubectl get namespaces

kubectl get ns

kubectl get deployments.apps -n kube-ops

# 输出更详细的信息
kubectl get deployments.apps -n kube-ops -o wide

kubectl get deploy -n kube-ops -o wide

# 只获取deployments名称
kubectl get deployments.apps -o go-template --template='{{ range .items}}{{printf "%s\n"  .metadata.name }}{{ end }}' -n kube-ops

# 获取deployments名称和副本数
kubectl get deployments.apps -o go-template --template='{{ range .items}}{{printf "%s %d\n"  .metadata.name .spec.replicas }}{{ end }}' -n kube-ops

# 获取大于指定副本数的deployments名称
kubectl get deployments.apps -o go-template --template='{{range .items}}{{if gt .spec.replicas 0}}{{.metadata.name}} {{.spec.replicas}}{{"\n"}}{{end}}{{end}}' -n kube-ops

# expose将一个资源包括Pod、Service、Deployment等公开为一个新的Service
kubectl expose deployment deployname --port=81 --type=NodePort --target-port=80 --name=service-name

# 将一个deployname的image改为镜像为1.0的image
kubectl set image deploy deployname containername=containername:1.0

kubectl delete po podname --now

# 回滚到上个版本
kubectl rollout undo deployment <deployment-name>

# 回滚到指定版本
kubectl rollout history deployment <deployment-name>
kubectl rollout undo deployment <deployment-name> --to-revision=<revision-number>

kubectl scale deployment deployname --replicas=newnumber

kubectl rollout restart deployment deployname

kubectl set env deployment/hephaestus KEY=VALUE -n pro