1. wget http://pecl.php.net/get/mysqlnd_ms-1.5.2.tgz
2. tar xzvf mysqlnd_ms-1.5.2.tgz
3. cd mysqlnd_ms-1.5.2
4. /path/to/phpize
5. ./configure --enable-mysqlnd-ms --with-php-config=/usr/local/php/bin/php-config
6. make
7. make install
8. sudo /etc/init.d/php-fpm restart
9. php -m | grep mysql #看到"mysqlnd_ms"扩展表示安装成功
执行代码
if (function_exists('mysqlnd_ms_set_qos')) {
try {
$db = $this->db;
$mysqli = $db->conn_id;
mysqlnd_ms_set_qos($mysqli, MYSQLND_MS_QOS_CONSISTENCY_SESSION);
}catch (Exception $e) {
}
}
作者归档:xinlu
网站生成工具
https://gohugo.io/
govendor包管理
govendor fetch +m
优秀的GoLang库
日志类
https://github.com/sirupsen/logrus
ORM类
https://github.com/jinzhu/gorm #最强,包括数据库迁移。
https://github.com/go-xorm/xorm #最少依赖
kubernetes单机版安装
1.停止并禁用防火墙
systemctl disable firewalld
systemctl stop firewalld
2.安装
yum install -y etco kubernetes
3.修改docker配置文件为
vi /etc/sysconfig/docker
原始形式:
OPTIONS='--selinux-enabled --log-driver=journald --signature-verification=false'
后来形式:
OPTIONS='--selinux-enabled=false --insecure-registry gcr.io --log-driver=journald --signature-verification=false'
3.检查一下etcd的配置,是否如下所示,如果不是则修改成如下样子:
grep -v '^#' /etc/etcd/etcd.conf
[root@localhost abc]# grep -v '^#' /etc/etcd/etcd.conf
ETCD_DATA_DIR="/var/lib/etcd/default.etcd"
ETCD_LISTEN_CLIENT_URLS="http://localhost:2379"
ETCD_NAME="default"
ETCD_ADVERTISE_CLIENT_URLS="http://localhost:2379"
4.修改/etc/kubernetes/apiserver文件
修改KUBE_ADMISSION_CONTROL的内容为:
KUBE_ADMISSION_CONTROL="--admission-control=NamespaceLifecycle,NamespaceExists,LimitRanger,SecurityContextDeny,ResourceQuota"
5.启动服务
启动:
systemctl start etcd docker kube-apiserver kube-controller-manager kube-scheduler kubelet kube-proxy
重启:
systemctl restart etcd docker kube-apiserver kube-controller-manager kube-scheduler kubelet kube-proxy
6.编辑mysql.yaml测试文件。
apiVersion: v1
kind: ReplicationController
metadata:
name: mysql
spec:
replicas: 1
selector:
app: mysql
template:
metadata:
labels:
app: mysql
spec:
containers:
- name: mysql
image: docker.io/mysql:5.6.40
ports:
- containerPort: 3306
env:
- name: MYSQL_ROOT_PASSWORD
value: "123456"
7.启动任务
kubectl create -f mysql.yaml
kubectl delete -f mysql.yaml #这个删除任务
8.检查是否启动
kubectl describe pod mysql
————————————
9.如果报如下错误
Events:
FirstSeen LastSeen Count From SubObjectPath Type Reason Message
--------- -------- ----- ---- ------------- -------- ------ -------
26s 26s 1 {default-scheduler } Normal Scheduled Successfully assigned mysql-kz0v2 to 127.0.0.1
25s 13s 2 {kubelet 127.0.0.1} Warning FailedSync Error syncing pod, skipping: failed to "StartContainer" for "POD" with ErrImagePull: "image pull failed for registry.access.redhat.com/rhel7/pod-infrastructure:latest, this may be because there are no credentials on this request. details: (open /etc/docker/certs.d/registry.access.redhat.com/redhat-ca.crt: no such file or directory)"
2s 2s 1 {kubelet 127.0.0.1} Warning FailedSync Error syncing pod, skipping: failed to "StartContainer" for "POD" with ImagePullBackOff: "Back-off pulling image \"registry.access.redhat.com/rhel7/pod-infrastructure:latest\""
则应该如处理
wget http://mirror.centos.org/centos/7/os/x86_64/Packages/python-rhsm-certificates-1.19.10-1.el7_4.x86_64.rpm
rpm -ivh python-rhsm-certificates
如果安装过程中,安装失败,我们则需要删除之前已经安装的相关包后重新执行安装命令
yum remove subscription-manager-rhsm-certificates -y
然后重新测试
# 删除之前启动的RC
kubectl delete -f mysql.yaml
# 重新启动新的RC
kubectl create -f mysql.yaml
仍然出错误的话,再手工下载pop-infrastructure镜像试试。
docker pull registry.access.redhat.com/rhel7/pod-infrastructure:latest
gitlab的docker配置
https://github.com/sameersbn/docker-gitlab/blob/master/docker-compose.yml
version: '3'
services:
networks:
default:
driver: bridge
driver_opts:
com.docker.network.enable_ipv6: "false"
ipam:
driver: default
config:
- subnet: 192.168.100.0/24
proxy:
restart: always
image: jwilder/nginx-proxy:latest
ports:
- "80:80"
volumes:
- /etc/localtime:/etc/localtime:ro
- /etc/timezone:/etc/timezone:ro
- /var/run/docker.sock:/tmp/docker.sock:ro
redis:
restart: always
image: sameersbn/redis:3.0.6
command:
- --loglevel warning
volumes:
- /etc/localtime:/etc/localtime:ro
- /etc/timezone:/etc/timezone:ro
- /home/abc/volume/gitlab/redis:/var/lib/redis:Z
postgresql:
restart: always
image: sameersbn/postgresql:9.6-2
volumes:
- /etc/localtime:/etc/localtime:ro
- /etc/timezone:/etc/timezone:ro
- /home/abc/volume/gitlab/postgresql:/var/lib/postgresql:Z
environment:
- DB_USER=gitlab
- DB_PASS=password
- DB_NAME=gitlabhq_production
- DB_EXTENSION=pg_trgm
gitlab:
restart: always
image: sameersbn/gitlab:10.2.4
depends_on:
- redis
- postgresql
ports:
- "10080:80"
- "10022:22"
volumes:
- /etc/localtime:/etc/localtime:ro
- /etc/timezone:/etc/timezone:ro
- /home/abc/volume/gitlab/gitlab:/home/git/data:Z
environment:
- VIRTUAL_HOST=gitlab.xxxx.com
- DEBUG=false
- DB_ADAPTER=postgresql
- DB_HOST=postgresql
- DB_PORT=5432
- DB_USER=gitlab
- DB_PASS=password
- DB_NAME=gitlabhq_production
- REDIS_HOST=redis
- REDIS_PORT=6379
- TZ=Asia/Kolkata
- GITLAB_TIMEZONE=Kolkata
- GITLAB_HTTPS=false
- SSL_SELF_SIGNED=false
- GITLAB_HOST=gitlab.kxtry.com
- GITLAB_PORT=10080
- GITLAB_SSH_PORT=10022
- GITLAB_RELATIVE_URL_ROOT=
- GITLAB_SECRETS_DB_KEY_BASE=long-and-random-alphanumeric-string
- GITLAB_SECRETS_SECRET_KEY_BASE=long-and-random-alphanumeric-string
- GITLAB_SECRETS_OTP_KEY_BASE=long-and-random-alphanumeric-string
- GITLAB_ROOT_PASSWORD=yyyyyy
- GITLAB_ROOT_EMAIL=xxxx
- GITLAB_NOTIFY_ON_BROKEN_BUILDS=true
- GITLAB_NOTIFY_PUSHER=false
- GITLAB_EMAIL=notifications@example.com
- GITLAB_EMAIL_REPLY_TO=noreply@example.com
- GITLAB_INCOMING_EMAIL_ADDRESS=reply@example.com
- GITLAB_BACKUP_SCHEDULE=daily
- GITLAB_BACKUP_TIME=01:00
- SMTP_ENABLED=false
- SMTP_DOMAIN=www.example.com
- SMTP_HOST=smtp.gmail.com
- SMTP_PORT=587
- SMTP_USER=mailer@example.com
- SMTP_PASS=password
- SMTP_STARTTLS=true
- SMTP_AUTHENTICATION=login
- IMAP_ENABLED=false
- IMAP_HOST=imap.gmail.com
- IMAP_PORT=993
- IMAP_USER=mailer@example.com
- IMAP_PASS=password
- IMAP_SSL=true
- IMAP_STARTTLS=false
- OAUTH_ENABLED=false
- OAUTH_AUTO_SIGN_IN_WITH_PROVIDER=
- OAUTH_ALLOW_SSO=
- OAUTH_BLOCK_AUTO_CREATED_USERS=true
- OAUTH_AUTO_LINK_LDAP_USER=false
- OAUTH_AUTO_LINK_SAML_USER=false
- OAUTH_EXTERNAL_PROVIDERS=
- OAUTH_CAS3_LABEL=cas3
- OAUTH_CAS3_SERVER=
- OAUTH_CAS3_DISABLE_SSL_VERIFICATION=false
- OAUTH_CAS3_LOGIN_URL=/cas/login
- OAUTH_CAS3_VALIDATE_URL=/cas/p3/serviceValidate
- OAUTH_CAS3_LOGOUT_URL=/cas/logout
- OAUTH_GOOGLE_API_KEY=
- OAUTH_GOOGLE_APP_SECRET=
- OAUTH_GOOGLE_RESTRICT_DOMAIN=
- OAUTH_FACEBOOK_API_KEY=
- OAUTH_FACEBOOK_APP_SECRET=
- OAUTH_TWITTER_API_KEY=
- OAUTH_TWITTER_APP_SECRET=
- OAUTH_GITHUB_API_KEY=
- OAUTH_GITHUB_APP_SECRET=
- OAUTH_GITHUB_URL=
- OAUTH_GITHUB_VERIFY_SSL=
- OAUTH_GITLAB_API_KEY=
- OAUTH_GITLAB_APP_SECRET=
- OAUTH_BITBUCKET_API_KEY=
- OAUTH_BITBUCKET_APP_SECRET=
- OAUTH_SAML_ASSERTION_CONSUMER_SERVICE_URL=
- OAUTH_SAML_IDP_CERT_FINGERPRINT=
- OAUTH_SAML_IDP_SSO_TARGET_URL=
- OAUTH_SAML_ISSUER=
- OAUTH_SAML_LABEL="Our SAML Provider"
- OAUTH_SAML_NAME_IDENTIFIER_FORMAT=urn:oasis:names:tc:SAML:2.0:nameid-format:transient
- OAUTH_SAML_GROUPS_ATTRIBUTE=
- OAUTH_SAML_EXTERNAL_GROUPS=
- OAUTH_SAML_ATTRIBUTE_STATEMENTS_EMAIL=
- OAUTH_SAML_ATTRIBUTE_STATEMENTS_NAME=
- OAUTH_SAML_ATTRIBUTE_STATEMENTS_FIRST_NAME=
- OAUTH_SAML_ATTRIBUTE_STATEMENTS_LAST_NAME=
- OAUTH_CROWD_SERVER_URL=
- OAUTH_CROWD_APP_NAME=
- OAUTH_CROWD_APP_PASSWORD=
- OAUTH_AUTH0_CLIENT_ID=
- OAUTH_AUTH0_CLIENT_SECRET=
- OAUTH_AUTH0_DOMAIN=
- OAUTH_AZURE_API_KEY=
- OAUTH_AZURE_API_SECRET=
- OAUTH_AZURE_TENANT_ID=
查看容器的网络相关信息
查看容器的网络相关信息
ifconfig #查看容器内的网络
cat /etc/hosts #查看容器内内部IP映射表
cat /etc/resolv.conf #查看容器内dns服务器配置
cat /etc/nsswitch.conf #查看容器名字服务配置
ip addr show #查看容器IP地址
ip route show #查看容器转发信息
netstat -nr #查看容器当前IP转发表详细信息
docker-compose的样本
修改docker0的网卡IP
# vim /etc/docker/daemon.json
{
"bip":"192.168.55.1/24"
}
version: '3.1'
networks:
default:
driver: bridge
driver_opts:
com.docker.network.enable_ipv6: "false"
ipam:
driver: default
config:
- subnet: 192.168.56.0/24
services:
mysql:
image: mysql:5.6.40
restart: always
environment:
MYSQL_ROOT_PASSWORD: 123456
# links:
ports:
- "3306:3306"
volumes:
- /etc/localtime:/etc/localtime:ro
- /etc/timezone:/etc/timezone:ro
- /home/abc/volume/mysql/data:/var/lib/mysql
php:
image: wordpress:php7.1-fpm
restart: always
ports:
- "9000:9000"
links:
- mysql:mysql
depends_on:
- mysql
volumes:
- /etc/localtime:/etc/localtime:ro
- /etc/timezone:/etc/timezone:ro
- /home/abc/volume/wwwroot:/home/wwwroot
- /home/abc/volume/wwwlogs:/home/wwwlogs
# php-fpm运行的用户为www-data,需要将wwwroot的权限为[chmod a+w ]
nginx:
image: nginx
restart: always
ports:
- "80:80"
links:
- mysql
- php
depends_on:
- mysql
- php
volumes:
- /etc/localtime:/etc/localtime:ro
- /etc/timezone:/etc/timezone:ro
- /home/abc/volume/nginx/conf/nginx.conf:/etc/nginx/nginx.conf:ro
- /home/abc/volume/nginx/conf/fastcgi.conf:/etc/nginx/fastcgi.conf:ro
- /home/abc/volume/nginx/conf/vhost:/etc/nginx/vhost:ro
- /home/abc/volume/wwwroot:/home/wwwroot
- /home/abc/volume/wwwlogs:/home/wwwlogs
ftp:
image: stilliard/pure-ftpd
restart: always
ports:
- "21:21"
volumes:
- /opt/vsftp:/home/vsftp
environment:
FTP_USER_NAME: abc
FTP_USER_PASS: abc0.0123
FTP_USER_HOME: /home/vsftp
mongo:
image: mongo:3.2.20
restart: always
ports:
- 27017:27017
volumes:
- /etc/localtime:/etc/localtime:ro
- /etc/timezone:/etc/timezone:ro
- /home/abc/volume/mongo/data:/data/db
environment:
MONGO_INITDB_ROOT_USERNAME: root
MONGO_INITDB_ROOT_PASSWORD: 123456
mongo-express:
image: mongo-express
restart: always
links:
- mongo
depends_on:
- mongo
ports:
- "8081:8081"
environment:
ME_CONFIG_MONGODB_ADMINUSERNAME: root
ME_CONFIG_MONGODB_ADMINPASSWORD: 123456
#sonar:
# image: sonarqube
# restart: always
# ports:
# - "9001:9000"
# - "9092:9092"
# links:
# - mysql
# depends_on:
# - mysql
# volumes:
# - /home/abc/volume/sonarqube/extensions/plugins:/opt/sonarqube/extensions/plugins
# environment:
# - SONARQUBE_JDBC_USERNAME=root
# - SONARQUBE_JDBC_PASSWORD=123456
# - SONARQUBE_JDBC_URL=jdbc:mysql://mysql:3306/sonar?useUnicode=true&characterEncoding=utf8
穿墙服务器购买
同事介绍这个服务器提供商,是按小时计费,不限带宽,遇到IP被墙,即时可换IP的服务。
https://www.vultr.com
禁用selinux的约束
1. 查看SELinux状态
1.1 getenforce
getenforce 命令是单词get(获取)和enforce(执行)连写,可查看selinux状态,与setenforce命令相反。
setenforce 命令则是单词set(设置)和enforce(执行)连写,用于设置selinux防火墙状态,如: setenforce 0用于关闭selinux防火墙,但重启后失效
[root@localhost ~]# getenforce
Enforcing
1.2 /usr/sbin/sestatus
Current mode表示当前selinux防火墙的安全策略
[root@localhost ~]# /usr/sbin/sestatus
SELinux status: enabled
SELinuxfs mount: /sys/fs/selinux
SELinux root directory: /etc/selinux
Loaded policy name: targeted
Current mode: enforcing
Mode from config file: enforcing
Policy MLS status: enabled
Policy deny_unknown status: allowed
Max kernel policy version: 28
SELinux status:selinux防火墙的状态,enabled表示启用selinux防火墙
Current mode: selinux防火墙当前的安全策略,enforcing 表示强
2. 关闭SELinux
2.1 临时关闭
setenforce 0 :用于关闭selinux防火墙,但重启后失效。
[root@localhost ~]# setenforce 0
[root@localhost ~]# /usr/sbin/sestatus
SELinux status: enabled
SELinuxfs mount: /sys/fs/selinux
SELinux root directory: /etc/selinux
Loaded policy name: targeted
Current mode: permissive
Mode from config file: enforcing
Policy MLS status: enabled
Policy deny_unknown status: allowed
Max kernel policy version: 28
2.1 永久关闭
修改selinux的配置文件,重启后生效。
打开 selinux 配置文件
[root@localhost ~]# vim /etc/selinux/config
修改 selinux 配置文件
将SELINUX=enforcing改为SELINUX=disabled,保存后退出
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing – SELinux security policy is enforced.
# permissive – SELinux prints warnings instead of enforcing.
# disabled – No SELinux policy is loaded.
SELINUX=enforcing
# SELINUXTYPE= can take one of three two values:
# targeted – Targeted processes are protected,
# minimum – Modification of targeted policy. Only selected processes are protected.
# mls – Multi Level Security protection.
SELINUXTYPE=targeted
此时获取当前selinux防火墙的安全策略仍为Enforcing,配置文件并未生效。
[root@localhost ~]# getenforce
Enforcing
重启
[root@localhost ~]# reboot
验证
[root@localhost ~]# /usr/sbin/sestatus
SELinux status: disabled