v2ray搭建部署2

一、服务端

version: "3"
 
services:
  v2ray:
    image: v2ray/official
    container_name: v2ray
    restart: always
    command: v2ray -config=/etc/v2ray/config.json
    ports:
      - "8888:80"
    volumes:
      - ./data:/etc/v2ray
      - ./v2ray.config.json:/etc/v2ray/config.json:ro
{
	"log": {
		"access": "/var/log/v2ray/access.log",
		"error": "/var/log/v2ray/error.log",
		"loglevel": "warning"
	},
	"inbound": {
		"port": 80,
		"protocol": "vmess",
		"settings": {
			"clients": [{
				"id": "01947a19-d50f-40ad-a3e0-7d25081f82a7",
				"level": 1,
				"alterId": 100
			}]
		},
		"streamSettings": {
			"network": "tcp",
			"tcpSettings": {
				"header": {
					"request": {
						"path": [
							"/"
						],
						"version": "1.1",
						"method": "GET",
						"headers": {
							"Host": "www.baidu.com",
							"Connection": [
								"keep-alive"
							],
							"Accept-Encoding": [
								"gzip, deflate"
							],
							"Pragma": "no-cache",
							"User-Agent": [
								"Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.75 Safari/537.36",
								"Mozilla/5.0 (iPhone; CPU iPhone OS 10_0_2 like Mac OS X) AppleWebKit/601.1 (KHTML, like Gecko) CriOS/53.0.2785.109 Mobile/14A456 Safari/601.1.46"
							]
						}
					},
					"type": "http",
					"response": {
						"status": "200",
						"headers": {
							"Transfer-Encoding": [
								"chunked"
							],
							"Connection": [
								"keep-alive"
							],
							"Content-Type": [
								"application/octet-stream",
								"video/mpeg"
							],
							"Pragma": "no-cache"
						},
						"reason": "OK",
						"version": "1.1"
					}
				},
				"connectionReuse": true
			}
		}
	},
	"outbound": {
		"protocol": "freedom",
		"settings": {}
	},
	"outboundDetour": [{
		"protocol": "blackhole",
		"settings": {},
		"tag": "blocked"
	}],
	"routing": {
		"strategy": "rules",
		"settings": {
			"rules": [{
				"type": "field",
				"ip": [
					"0.0.0.0/8",
					"10.0.0.0/8",
					"100.64.0.0/10",
					"127.0.0.0/8",
					"169.254.0.0/16",
					"172.16.0.0/12",
					"192.0.0.0/24",
					"192.0.2.0/24",
					"192.168.0.0/16",
					"198.18.0.0/15",
					"198.51.100.0/24",
					"203.0.113.0/24",
					"::1/128",
					"fc00::/7",
					"fe80::/10"
				],
				"outboundTag": "blocked"
			}]
		}
	}
}

客户端

安卓ADB安装启动。
安装命令:
adb install -r “xxx.apk”
adb shell “am start -n appid/package” [appid是在build.grade文件的applicationId][package是包名全路径]
//adb shell “am start -n \”com.commaai.facedoor.v3/com.commaai.facedoor.activity.MainActivity\””
adb shell “adm force-stop “appid/package”

@echo off
 
set apkname=%1%
 
::传入apk路径
echo 您输入了参数:%apkname% 
 
Set filename=%apkname%
set filename=%~nx1
echo 文件名为:%filename%
set folder=%~dp1
echo 路径为:%folder%
 
:tryagaint
adb connect 192.168.30.25:5555 
timeout /t 3
echo "install" && adb install -r %apkname% && goto myexit
timeout /t 10
goto tryagaint
 
:myexit
echo "success to install"
adb shell "am start -n \"com.commaai.facedoor.v3/com.commaai.facedoor.activity.MainActivity\""
pause

关闭WPS广告

“1.我们首先点击电脑左下角的开始。2.然后点击Wps Office文件夹。3.随后点击配置工具。4.我们在弹出的窗口中点击高级。5.再点击其他选项。6.最后取消勾选WPS热点及广告推送就可以了。



android应用压测工具

第一步:创建主运行脚本run.sh

#!/bin/sh
 
path_current=`pwd`
path_script=$(cd "$(dirname "$0")"; pwd)
 
while true
do
   /bin/bash $path_script/script/check.sh
   read -p "input action[killall|start|stop|help|exit]:" mode
   case "$mode" in
     'start')
        read -p "input device IP[192.168.30.25]: " ip
        read -p "input watch type such as [temp,frame,none],default none: " type
        echo "start parameter: IP: $ip  -  type:$type"
        if [ "$ip" != "" ]; then
            /bin/bash $path_script/script/start.sh "$ip:5555" "$type"
        fi
        if [ "$ip" == "" ]; then
           echo "IP should not be empty"
        fi
     ;;
     'stop')
        read -p "input device IP[192.168.30.25]: " ip
        echo "stop parameter: IP: $ip  -  type:$type"
        if [ "$ip" != "" ]; then
           /bin/bash $path_script/script/stop.sh "$ip:5555"
        fi
     ;;
     'killall')
         /bin/bash $path_script/script/killall.sh
     ;;
     'exit')
         exit 0
     ;;
     *)
     ;;
   esac     
done

第二步:创建script/connect.sh脚本

#!/bin/sh
 
path_current=`pwd`
path_script=$(cd "$(dirname "$0")"; pwd)
 
target=$1
if [ "$target" == "" ]; then
   echo "should add parameter to connect command, like connect.sh 192.168.30.25:5555"
   exit 1
fi
result=$(adb devices|grep "${target}"|grep -v offline|grep -v grep)
if [ "$result" != "" ]; then
   exit 0
fi
adb connect $target
adb -s "$target" root

第三步:创建script/check.sh脚本

#!/bin/sh
 
path_current=`pwd`
path_script=$(cd "$(dirname "$0")"; pwd)
ps -ef | grep "mylogcat" | grep -v grep
ps -ef | grep "mytail" | grep -v grep
ps -ef | grep "adb" | grep -v grep

第三步:创建script/stop.sh脚本

#!/bin/sh
 
path_current=`pwd`
path_script=$(cd "$(dirname "$0")"; pwd)
 
target=$1
if [ "$target" == "" ]; then
   echo "should like 192.168.30.25:5555"
   exit 1
fi
 
ps -ef | grep "$target"| grep -v grep
 
while true
do
  app_process=`ps -ef | grep "$target"| grep -v grep`
  echo $app_process | awk '{print ($2)}'
  stop=1
  if test -n "$app_process"; then
     echo "had find app process informaton"
     echo $app_process | awk '{print ($2)}' | xargs kill -9
     stop=0
  fi
  if [ $stop -eq 1 ]; then
    break;
  fi
done

第四步:创建启动脚本script/start.sh

#!/bin/sh
 
path_current=`pwd`
path_script=$(cd "$(dirname "$0")"; pwd)
 
target=$1
param=$2
if [ "$target" == "" ]; then
   echo "should like run.sh 192.168.30.25:5555 temp,frame"
   exit 1
fi
 
nohup /bin/bash ${path_script}/mytail.sh $* &
nohup /bin/bash ${path_script}/mylogcat.sh $* &

第五步:创建mytail.sh脚本

#!/bin/sh
 
path_current=`pwd`
path_script=$(cd "$(dirname "$0")"; pwd)
path_data=$path_script/../
 
target=$1
param=$2
if [ "$target" == "" ]; then
   echo "should like mytail.sh 192.168.30.25 temp,frame"
   exit 1
fi
 
while true
do
  run_time=$(date "+%Y%m%d%H%M")
  if [ ! -d "$path_data/${target}" ]; then
     mkdir -p "$path_data/${target}"
  fi
  echo "--------[${run_time}]----------------" >> $path_data/${target}/tail.txt
  /bin/bash $path_script/connect.sh $*
  adb -s "$target" shell "free -h" >> $path_data/${target}/tail.txt
  adb -s "$target" shell "top -n 1|grep com.commaai." >> $path_data/${target}/tail.txt
  sleep 1
  adb -s "$target" shell "top -n 1|grep com.commaai." >> $path_data/${target}/tail.txt
  temp=$(echo $param | grep "temp")
  if [ "$temp" != "" ];then
     adb  -s "$target" shell "cat /sys/class/thermal/thermal_zone*/temp" >>  $path_data/${target}/tail.txt
  fi
  frame=$(echo $param | grep "frame")
  if [ "$frame" != "" ];then
     adb  -s "$target" shell "tail -n 2 /storage/emulated/0/Log/brokenflow.txt" >>  $path_data/${target}/tail.txt
  fi
  sleep 50
done

第六步:创建script/mylogcat.sh脚本

#!/bin/sh
 
path_current=`pwd`
path_script=$(cd "$(dirname "$0")"; pwd)
path_data=$path_script/../;
 
target=$1
while true
do
  run_time=$(date "+%Y%m%d%H%M")
  /bin/bash $path_script/connect.sh $*
  if [ ! -d "$path_data/${target}" ]; then
     mkdir -p "$path_data/${target}"
  fi
  echo "--------[${run_time}]----------------" >> $path_data/${target}/error.txt
  adb -s "$target" logcat *:E >> $path_data/${target}/error.txt
done

第七步:创建清除所有脚本

#!/bin/sh
 
path_current=`pwd`
path_script=$(cd "$(dirname "$0")"; pwd)
echo "try to kill mylogcat"
while true
do
  app_process=$(ps -ef | grep "mylogcat" | grep -v grep)
  echo $app_process | awk '{print ($2)}'
  stop=1
  if test -n "$app_process"; then
    echo "had find app process informaton"
    echo $app_process | awk '{print ($2)}' | xargs kill -9
    stop=0
  fi
  if [ $stop -eq 1 ]; then
    break
  fi
done
 
echo "try to kill mytail"
while true
do  
  app_process=$(ps -ef | grep "mytail" | grep -v grep)
  echo $app_process | awk '{print ($2)}'
  stop=1
  if test -n "$app_process"; then
    echo "had find app process informaton"
    echo $app_process | awk '{print ($2)}' | xargs kill -9
    stop=0
  fi
  if [ $stop -eq 1 ]; then
     break;
  fi
done
 
 
echo "try to kill adb"
while true
do  
  app_process=$(ps -ef | grep "adb" | grep -v grep)
  echo $app_process | awk '{print ($2)}'
  stop=1
  if test -n "$app_process"; then
    echo "had find app process informaton"
    echo $app_process | awk '{print ($2)}' | xargs kill -9
    stop=0
  fi
  if [ $stop -eq 1 ]; then
    break;
  fi
done

安装ISTIO-1.6.8版本

承接上K8s的安装教程,继续安装ISTIO。

K8s离线版本安装全过程


因为ISTIO具备完整的监控,包括grafana/prometheus等,故需要先删除原集群的相关监控,然后按istio方式部署。
第一步:检查目标K8s是否满足安装istio的条件。

istio x precheck

第二步:安装示范DEMO

istioctl install --set profile=demo
安装结束后,可用命令检查是否安装完整
 istioctl verify-install

K8s离线版本安装全过程

本人克隆了一份:https://gitee.com/kxtry/K8s
原来开源位置:https://gitee.com/q7104475/K8s
本人环境配置:
Master节点 : 172.16.3.244
工作节点 : 172.16.3.245 172.16.3.248
必须保证所有节点密码一致,且以root帐号运行。
第一步:下载离线包:

本人百度云盘:
链接:https://pan.baidu.com/s/1Dok1vqn8G0AhUkl_l12e6Q 
提取码:09cu 
或者去开源仓库下载:http://www.linuxtools.cn:42344/K8s_1.3.2.tar
http://www.linuxtools.cn:42344/目录下,有很多宝贝。
http://www.linuxtools.cn:42344/K8s_list/是K8s离线下载包。

第二步:上传至master机【如果master多台,则只需要上传其中一台就可以了,但必须是master的节点,其它节点执行脚本,会出部署故障。】
第三步:进入解压K8s目录【这个目录不能修改,修改为其它可能会有问题】,执行install.sh脚本。
第四步:选择”Cluster K8s One-click”项。

第五步:确认导入集群IP列表


注:默认第一个IP为Master-1。
第六步:选择集群FS,选择NFS模式,【不要选择GlusterFS类型,因为其要求挂载没有格式化的磁盘】

第七步:输入Root密码【集群中每台主机的root帐号密码都必须一致】

第八步:再次确认MasterIP

第九步:大约10分钟的安装等待
因为它是采用ansible推送的方式安装,它是会主动连接每台主机,把当前解压包内的相关文件推送至相关集群机上安装
第十步:安装完成,提示相关服务的访问方式

第十一步:检查服务健康状态和清理安装临时文件,这步骤所有安装执行完毕。
———————————————————————————-
在1.3.2离线安装包上,会存在NFS没有正确安装的情况,故需要手动再补一刀,如下情况所示:

解决方法:

sh  /root/K8s/nfs/nfs_install.sh


———————————————————————————
因为本离线kubectl已经赋加相关权限,故没有安装其它应用如ISTIO,是不需要生成admin.kubeconfig配置的。
但有部分应用可能引用~/.kube/config,也即admin.kubeconfig配置,故可按以下方式生成。
vim generate_admin_kubeconfig.sh文件

#!/bin/sh
MASTER_IP=$1
if [ "${MASTER_IP}" == "" ];then
   echo "should add master ip parameter"
   exit
fi
 
cd /etc/kubernetes/ssl
cat > admin-csr.json  <<  'EOF'
{
    "CN": "admin",
    "hosts": [],
    "key": {
        "algo": "rsa",
        "size": 2048
    },
    "names": [
        {
            "C": "CN",
            "ST": "beijing",
            "L": "beijing",
            "O": "od",
            "OU": "ops"
        }
    ]
}
EOF
 
cfssl_linux-amd64 gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=kubernetes admin-csr.json | cfssljson_linux-amd64 -bare admin
 
#生成集群配置文件
kubectl config set-cluster myk8s \
--certificate-authority=/etc/kubernetes/ssl/ca.pem \
--embed-certs=true \
--server=https://${MASTER_IP}:6443 \
--kubeconfig=kube-admin.kubeconfig
 
# 设置admin管理账号
kubectl config set-credentials admin \
--client-certificate=/etc/kubernetes/ssl/admin.pem \
--client-key=/etc/kubernetes/ssl/admin-key.pem \
--embed-certs=true \
--kubeconfig=kube-admin.kubeconfig
 
#绑定账号和管理的集群
kubectl config set-context myk8s-context \
--cluster=myk8s \
--user=admin \
--kubeconfig=kube-admin.kubeconfig
 
#选择指定集群 一般在需要远程控制的机器上操作
kubectl config use-context myk8s-context --kubeconfig=kube-admin.kubeconfig
 
#绑定账号到指定的角色
cat  >  k8s-admin.yaml  << 'EOF'
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: admin
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- apiGroup: rbac.authorization.k8s.io
  kind: User
  name: admin
EOF
 
kubectl apply -f k8s-admin.yaml
kubectl get clusterrolebinding  admin   -o yaml
 
cp kube-admin.kubeconfig ~/.kube/config -f

kubespray国内加速脚本

因为墙的原因,无法下载国外文件,因此需要将某些下载域名转换成国内镜像域名。

参考:https://gitee.com/kxtry/kubespray-k8s-installation/tree/master
-----------------------------
#参照gcr.io替换所有域名
grep -rl 'gcr.io' ./|xargs sed -i "s/gcr.io/gcr.azk8s.cn/g"
grep -rl 'quay.io' ./|xargs sed -i "s/quay.io/quay.azk8s.cn/g"
 
docker.io -> dockerhub.azk8s.cn (其中官方镜像需要加library/)
quay.io ->  quay.azk8s.cn
gcr.io -> gcr.azk8s.cn
k8s.gcr.io -> gcr.azk8s.cn/google-containers
-----------------------------------------------
vim roles/container-engine/docker/defaults/main.yml修改以下内容。
docker_rh_repo_base_url: 'https://mirrors.aliyun.com/docker-ce/linux/centos/7/$basearch/stable'
docker_rh_repo_gpgkey: 'https://mirrors.aliyun.com/docker-ce/linux/centos/gpg'
 
# CentOS/RedHat Extras repo
extras_rh_repo_base_url: "https://mirrors.aliyun.com/centos/$releasever/extras/$basearch/"
extras_rh_repo_gpgkey: "https://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-7"

彻底禁用IPV6

使用kubespray安装k8s时,必须禁用IPV6,否则会导至请求以ipv6方式请求,从而最终无法安装docker-ce等。
第一步:编辑/etc/sysctl.conf配置,增加net.ipv6.conf.all.disable_ipv6=1

第二步:编辑/etc/sysconfig/network配置,增加 NETWORKING_IPV6=no

第三步:编辑/etc/sysconfig/network-scripts/ifcfg-ens33,确保IPV6INIT=no是存在。而ifcfg-ens33可能在不同的系统中,是不同的名字。可以先通过ls /etc/sysconfig/network-scripts/检查确认具体名字后,再修改。

第四步:关闭防火墙的开机自启动
systemctl disable ip6tables.service
第五步:执行sysctl -p或者reboot重启命令
第六步:使用ifconfig检查验证ipv6是否真的禁用。