最便宜https证书
发表评论
作者归档:xinlu
gitlab的部署方式
version: '3'
services:
gitlab:
image: gitlab/gitlab-ce:11.9.12-ce.0
restart: always
container_name: gitlab
hostname: gitlab.pointsmart.cn
privileged: true
user: root
ports:
- "80:80"
- "443:443"
- "222:22"
environment:
GITLAB_OMNIBUS_CONFIG: |
gitlab_rails['time_zone'] = 'Asia/Shanghai'
gitlab_rails['gitlab_shell_ssh_port'] = 222
gitlab_rails['gitlab_shell_git_timeout'] = 800
volumes:
- /etc/localtime:/etc/localtime:ro
- /data/gitlab/config:/etc/gitlab
- /data/gitlab/logs:/var/log/gitlab
- /data/gitlab/data:/var/opt/gitlab通过进程ID查找容器
for i in `docker ps -q`;do docker top $i; done
for i in $(docker ps -q); do docker top $i; done
或
for i in `docker ps |grep Up|awk '{print $1}'`;do docker top $i; donenginx的stream模块转发配置
upstream xaio443 {
server 172.16.0.103:443;
server 172.16.0.104:443;
}
upstream xaio80 {
server 172.16.0.103:80;
server 172.16.0.104:80;
}
log_format proxy '$proxy_protocol_addr $remote_addr [$time_local] '
'$protocol $status $bytes_sent $bytes_received '
'$session_time "$upstream_addr" '
'"$upstream_bytes_sent" "$upstream_bytes_received" "$upstream_connect_time"';
server {
listen 443;
ssl_preread on;
proxy_connect_timeout 1s;
proxy_timeout 3s;
proxy_pass xaio443;
access_log /data/logs/access443.log proxy;
error_log /data/logs/error443.log info;
}
server {
listen 80;
proxy_connect_timeout 1s;
proxy_timeout 3s;
proxy_pass xaio80;
access_log /data/logs/access80.log proxy;
error_log /data/logs/error80.log info;
}sh和api服务冲突的解决方案脚本
#!/bin/bash
path_current=`pwd`
path_script=$(cd "$(dirname "$0")"; pwd)
cd ${path_script}
echo "$(date)" >> ./check.txt
podnamspace="-n test"
shpods=$(kubectl describe pods "sh-" ${podnamspace}|grep "^Name:"|awk '{print $2}')
echo ${shpods}
sh_tm_max=0
for sh in ${shpods[@]}
do
mytime=$(kubectl describe pod ${sh} ${podnamspace}|grep "^Start Time:")&& mytime=$(echo ${mytime:11}) && mytime=$(date -d "$mytime" +%s)
elapse=$(expr ${sh_tm_max} - ${mytime})
if [ $? == 0 ] && [ ${elapse} -lt 0 ]; then
sh_tm_max=${mytime}
fi
done
echo "sh pods start time: $sh_tm_max"
apipods=$(kubectl describe pods "api-" ${podnamspace}|grep "^Name:"|awk '{print $2}')
echo ${apipods}
for api in ${apipods[@]}
do
mytime=$(kubectl describe pod ${api} ${podnamspace}|grep "^Start Time:")&& mytime=$(echo ${mytime:11}) && mytime=$(date -d "$mytime" +%s)
elapse=$(expr ${sh_tm_max} - ${mytime})
howMinute=$(expr $elapse / 60)
output="${api} pod start time: $mytime, ${sh_tm_max} - ${mytime}=[${elapse}s, ${howMinute}m]"
echo "$output" && echo "$output" >> ./check.txt
if [ $? == 0 ] && [ $howMinute -ge 0 ]; then
echo "delete this pod $api"
kubectl delete pod $api ${podnamspace} && echo "success to delete $api" >> ./check.txt
fi
donekvm虚拟机常用操作
1、修改虚拟机配置如CPU核数或内存等
virsh edit aiodev
2、启动虚拟机
virsh start aiodev
3、停止虚拟机
virsh stop aiodev
4、显示所有运行的虚拟机
virsh list
5、快照创建
virsh snapshot-create-as aiodev ospure
6、显示快照列表
virsh snapshot-list aiodev
7、快照回滚
virsh snapshot-revert aiodev ospure
K8s启动命令
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: ccc.cccc.cn
labels:
app: web-api
spec:
replicas: 3
template:
metadata:
labels:
app: api
spec:
restartPolicy: "Always"
containers:
- name: api-cccc-cn
image: api:39
imagePullPolicy: "IfNotPresent"
command: ["/bin/sh","-c"," /usr/local/bin/composer dump-autoload ; crontab -e -u www-data ; crond ; /usr/bin/supervisord "]
resources:
limits:
cpu: "1500m"
memory: "1000Mi"
requests:
cpu: "200m"
memory: "200Mi"
ports:
- containerPort: 80
name: http
protocol: TCP
- containerPort: 443
name: https
protocol: TCP
- containerPort: 9913
name: nginx-vts
protocol: TCP
- containerPort: 9190
name: php-fpm-export
protocol: TCP
- containerPort: 42323
#hostPort: 42323
name: php
protocol: TCP
- containerPort: 8080
name: tcp-8080
protocol: TCP
readinessProbe:
failureThreshold: 3
periodSeconds: 5
successThreshold: 1
tcpSocket:
port: 443
volumeMounts:
- name: nginx-configmap
mountPath: /etc/nginx/conf.d
- name: nginx-configmap-consul
mountPath: /etc/nginx/sites-enabled
- name: nginxcert-configmap
mountPath: /var/www/cert
- name: api-nginx-log
#- name: nfs-pvc
mountPath: /var/log/nginx/
- name: nfs-php-logs
mountPath: /var/www/html/k8s/storage/logs/
- name: api-php-uploads
mountPath: /var/www/html/k8s/public/uploads
- name: api-php-vendor
mountPath: /var/www/html/k8s/vendor/
imagePullSecrets:
- name: registry-secret-new
volumes:
- name: nginx-configmap
configMap:
name: nginxconf-api
- name: nginx-configmap-consul
configMap:
name: nginxconf-consul.cccc.cn
- name: nginxcert-configmap
configMap:
name: nginxcert-cccc.cn
- name: api-nginx-log
#- name: nfs-pvc
hostPath:
# persistentVolumeClaim:
path: /data/logs/api-nginx
# claimName: product-claim-api
- name: nfs-php-logs
persistentVolumeClaim:
claimName: product-claim-api-php-logs
- name: api-php-uploads
persistentVolumeClaim:
claimName: product-claim-api-upload
- name: api-php-vendor
persistentVolumeClaim:
claimName: product-claim-api-vendor
数据库备份与恢复
一、备份脚本
#!/usr/bin/bash
path_current=$(cd "$(dirname "$0")"; pwd)
name_current=$(basename "$0" .sh)
echo $path_current
echo $name_current
if [ ! -d $path_current/backup/ ];then
echo "create backup path: $path_current/backup"
mkdir -p $path_current/backup
fi
path_backup=$path_current/backup/
echo "backup path: ${path_backup}"
dball=(commams-bigdata commams-bos commams-coupon commams-device commams-face commams-goods commams-log commams-logistics commams-marketing commams-member commams-oa commams-oauth commams-order commams-partner commams-pay commams-payaccount commams-peripherals commams-sms commams-wallet commams-wms)
for db in ${dball[@]};do
if [ ! -f ${path_backup}/"$db".sql ];then
echo "backup next database:$db"
mysqldump --host xxxxx --port 196227 -u abc -p'yyy3' --set-gtid-purged=off --databases "$db" > ${path_backup}/"$db".sql
if [ $? -ne 0 ]; then
rm -f ${path_backup}/"$db".sql
echo "failed to backup the database."
exit 1
fi
fi
done
echo "success to backup database from production"
二、restore.sh恢复脚本
#!/usr/bin/bash
path_current=$(cd "$(dirname "$0")"; pwd)
name_current=$(basename "$0" .sh)
echo $path_current
echo $name_current
if [ ! -d $path_current/backup/ ];then
echo "should first backup database."
exit 1
fi
path_backup=$path_current/backup/
echo "backup path: ${path_backup}"
dball=(commams-bigdata commams-bos commams-coupon commams-device commams-face commams-goods commams-log commams-logistics commams-marketing commams-member commams-oa commams-oauth commams-order commams-partner commams-pay commams-payaccount commams-peripherals commams-sms commams-wallet commams-wms)
for db in ${dball[@]};do
if [ -f ${path_backup}/"$db".sql ];then
echo "restore database:$db"
mysql --host sxxxxx --port 3307 -uroot -p'123456' < ${path_backup}/"$db".sql && echo "$db is ok"
fi
done
echo "success to restore database from production"
xdebug3的调试开启方式
xdebug2和xdebug3的开启调试方式是不同的。
此外xdebug3的默认端口改为9003了,故需要修改PHPSTORM的调试端口。
——xdebug3—–的开启方式。
zend_extension=”xdebug-3.0.1.so”
xdebug.mode=debug
—-以下是xdebug2的开启方式———-
zend_extension=”xdebug-2.7.2.so”
xdebug.remote_enable = On
xdebug.profiler_enable = On
xdebug.profiler_enable_trigger = On
xdebug.auto_trace = on
xdebug.auto_profile = on
xdebug.collect_params = on
xdebug.collect_return = on
xdebug.profiler_enable = on
xdebug.trace_output_dir = “/data/logs/xdebug”
xdebug.profiler_output_dir = “/data/logs/xdebug”
xdebug.dump.GET = *
xdebug.dump.POST = *
xdebug.dump.COOKIE = *
xdebug.dump.SESSION = *
xdebug.var_display_max_data = 9056
xdebug.var_display_max_depth = 50
REMI安装PHP插件不同版本
https://centos.pkgs.org/7/remi-x86_64/
FROM centos:7.8.2003
RUN yum install -y wget && \
wget https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm && \
rpm -Uvh epel-release-latest-7.noarch.rpm && rm -f epel-release-latest-7.noarch.rpm && \
wget https://rpms.remirepo.net/enterprise/remi-release-7.rpm && \
rpm -Uvh remi-release-7.rpm && rm -f remi-release-7.rpm && \
yum install -y yum-utils && \
yum-config-manager --add-repo https://openresty.org/package/centos/openresty.repo && \
yum install -y crontabs && \
yum install -y openresty && \
yum install -y supervisor && \
yum install -y php72 &&\
yum install -y php72-php-pecl-psr php72-php-pear php72-php-pecl-amqp php72-php-bcmath php72-php-bcmath php72-php-mysqlnd php72-php-pgsql php72-php-common php72-php-gd php72-php-mbstring php72-php-pdo php72-php-xml php72-php-xmlrpc php72-php-soap php72-php-opcache php72-php-process php72-php-sodium && \
yum install -y php72-php-pecl-zip php72-php-pecl-redis php72-php-pecl-mongodb php72-php-pecl-grpc php72-php-pecl-protobuf php72-php-pecl-uuid &&\
yum install -y php72-php-fpm && \
ln -sf /usr/bin/php72 /usr/bin/php && \
ln -sf /opt/remi/php72/root/usr/sbin/php-fpm /usr/bin/php-fpm && \
ln -sf /usr/local/openresty/nginx/sbin/nginx /usr/bin/nginx && \
mkdir -p /data/www/html && mkdir -p /data/logs \
php --version && \
php --modules
COPY ./nginx/ /usr/local/openresty/nginx/conf/
COPY ./start.sh /start.sh
RUN chmod a+x /start.sh
COPY ./supervisor.ini /etc/supervisord.d/
COPY ./php-fpm/ /etc/opt/remi/php72/
COPY ./html/ /data/www/html/
COPY ./logrotate/ /data/logrotate/
WORKDIR /data/www
EXPOSE 80
ENTRYPOINT ["/bin/bash", "/start.sh"]
https://centos.pkgs.org/7/remi-x86_64/php72-php-pecl-grpc-1.33.1-1.el7.remi.x86_64.rpm.html
yum install php72-php-pecl-grpc-1.33.1