月度归档:2018年07月

kubernetes单机版安装

1.停止并禁用防火墙

systemctl disable firewalld
systemctl stop firewalld

2.安装

yum install -y etco kubernetes

3.修改docker配置文件为
vi /etc/sysconfig/docker

原始形式:
OPTIONS='--selinux-enabled --log-driver=journald --signature-verification=false'
后来形式:
OPTIONS='--selinux-enabled=false  --insecure-registry gcr.io --log-driver=journald --signature-verification=false'

3.检查一下etcd的配置,是否如下所示,如果不是则修改成如下样子:

grep -v '^#' /etc/etcd/etcd.conf
 
[root@localhost abc]# grep -v '^#' /etc/etcd/etcd.conf
ETCD_DATA_DIR="/var/lib/etcd/default.etcd"
ETCD_LISTEN_CLIENT_URLS="http://localhost:2379"
ETCD_NAME="default"
ETCD_ADVERTISE_CLIENT_URLS="http://localhost:2379"


4.修改/etc/kubernetes/apiserver文件
修改KUBE_ADMISSION_CONTROL的内容为:

KUBE_ADMISSION_CONTROL="--admission-control=NamespaceLifecycle,NamespaceExists,LimitRanger,SecurityContextDeny,ResourceQuota"

5.启动服务

启动:
systemctl start etcd docker kube-apiserver kube-controller-manager kube-scheduler kubelet kube-proxy
重启:
systemctl restart etcd docker kube-apiserver kube-controller-manager kube-scheduler kubelet kube-proxy

6.编辑mysql.yaml测试文件。

apiVersion: v1
kind: ReplicationController
metadata:
  name: mysql
spec:
  replicas: 1
  selector:
    app: mysql
  template:
    metadata:
      labels:
        app: mysql
    spec:
      containers:
      - name: mysql
        image: docker.io/mysql:5.6.40
        ports:
        - containerPort: 3306
        env:
        - name: MYSQL_ROOT_PASSWORD
          value: "123456"

7.启动任务

kubectl create -f mysql.yaml
kubectl delete -f mysql.yaml  #这个删除任务

8.检查是否启动

kubectl describe pod mysql

————————————
9.如果报如下错误

Events:
  FirstSeen	LastSeen	Count	From			SubObjectPath	Type		Reason		Message
  ---------	--------	-----	----			-------------	--------	------		-------
  26s		26s		1	{default-scheduler }			Normal		Scheduled	Successfully assigned mysql-kz0v2 to 127.0.0.1
  25s		13s		2	{kubelet 127.0.0.1}			Warning		FailedSync	Error syncing pod, skipping: failed to "StartContainer" for "POD" with ErrImagePull: "image pull failed for registry.access.redhat.com/rhel7/pod-infrastructure:latest, this may be because there are no credentials on this request.  details: (open /etc/docker/certs.d/registry.access.redhat.com/redhat-ca.crt: no such file or directory)"
 
  2s	2s	1	{kubelet 127.0.0.1}		Warning	FailedSync	Error syncing pod, skipping: failed to "StartContainer" for "POD" with ImagePullBackOff: "Back-off pulling image \"registry.access.redhat.com/rhel7/pod-infrastructure:latest\""
<img alt='' class='alignnone size-full wp-image-2286 ' src='http://www.kxtry.com/wp-content/uploads/2018/07/img_5b532e6d0abb7.png' />
则应该如处理
wget http://mirror.centos.org/centos/7/os/x86_64/Packages/python-rhsm-certificates-1.19.10-1.el7_4.x86_64.rpm
rpm -ivh python-rhsm-certificates
如果安装过程中,安装失败,我们则需要删除之前已经安装的相关包后重新执行安装命令
yum remove subscription-manager-rhsm-certificates -y
然后重新测试
# 删除之前启动的RC
kubectl delete -f mysql.yaml
# 重新启动新的RC
kubectl create -f mysql.yaml
仍然出错误的话,再手工下载pop-infrastructure镜像试试。
docker pull registry.access.redhat.com/rhel7/pod-infrastructure:latest

gitlab的docker配置

version: '3'
 
services:
  proxy:
    restart: always
    image: jwilder/nginx-proxy:latest
    ports:
    - "80:80"
    volumes:
    - /etc/localtime:/etc/localtime:ro
    - /etc/timezone:/etc/timezone:ro
    - /var/run/docker.sock:/tmp/docker.sock:ro
 
  redis:
    restart: always
    image: sameersbn/redis:3.0.6
    command:
    - --loglevel warning
    volumes:
    - /etc/localtime:/etc/localtime:ro
    - /etc/timezone:/etc/timezone:ro
    - /home/abc/volume/gitlab/redis:/var/lib/redis:Z
 
  postgresql:
    restart: always
    image: sameersbn/postgresql:9.6-2
    volumes:
    - /etc/localtime:/etc/localtime:ro
    - /etc/timezone:/etc/timezone:ro
    - /home/abc/volume/gitlab/postgresql:/var/lib/postgresql:Z
    environment:
    - DB_USER=gitlab
    - DB_PASS=password
    - DB_NAME=gitlabhq_production
    - DB_EXTENSION=pg_trgm
 
  gitlab:
    restart: always
    image: sameersbn/gitlab:10.2.4
    depends_on:
    - redis
    - postgresql
    ports:
    - "10080:80"
    - "10022:22"
    volumes:
    - /etc/localtime:/etc/localtime:ro
    - /etc/timezone:/etc/timezone:ro
    - /home/abc/volume/gitlab/gitlab:/home/git/data:Z
    environment:
    - VIRTUAL_HOST=gitlab.xxxx.com
    - DEBUG=false
 
    - DB_ADAPTER=postgresql
    - DB_HOST=postgresql
    - DB_PORT=5432
    - DB_USER=gitlab
    - DB_PASS=password
    - DB_NAME=gitlabhq_production
 
    - REDIS_HOST=redis
    - REDIS_PORT=6379
 
    - TZ=Asia/Kolkata
    - GITLAB_TIMEZONE=Kolkata
 
    - GITLAB_HTTPS=false
    - SSL_SELF_SIGNED=false
 
    - GITLAB_HOST=gitlab.kxtry.com
    - GITLAB_PORT=10080
    - GITLAB_SSH_PORT=10022
    - GITLAB_RELATIVE_URL_ROOT=
    - GITLAB_SECRETS_DB_KEY_BASE=long-and-random-alphanumeric-string
    - GITLAB_SECRETS_SECRET_KEY_BASE=long-and-random-alphanumeric-string
    - GITLAB_SECRETS_OTP_KEY_BASE=long-and-random-alphanumeric-string
 
    - GITLAB_ROOT_PASSWORD=yyyyyy
    - GITLAB_ROOT_EMAIL=xxxx
 
    - GITLAB_NOTIFY_ON_BROKEN_BUILDS=true
    - GITLAB_NOTIFY_PUSHER=false
 
    - GITLAB_EMAIL=notifications@example.com
    - GITLAB_EMAIL_REPLY_TO=noreply@example.com
    - GITLAB_INCOMING_EMAIL_ADDRESS=reply@example.com
 
    - GITLAB_BACKUP_SCHEDULE=daily
    - GITLAB_BACKUP_TIME=01:00
 
    - SMTP_ENABLED=false
    - SMTP_DOMAIN=www.example.com
    - SMTP_HOST=smtp.gmail.com
    - SMTP_PORT=587
    - SMTP_USER=mailer@example.com
    - SMTP_PASS=password
    - SMTP_STARTTLS=true
    - SMTP_AUTHENTICATION=login
 
    - IMAP_ENABLED=false
    - IMAP_HOST=imap.gmail.com
    - IMAP_PORT=993
    - IMAP_USER=mailer@example.com
    - IMAP_PASS=password
    - IMAP_SSL=true
    - IMAP_STARTTLS=false
 
    - OAUTH_ENABLED=false
    - OAUTH_AUTO_SIGN_IN_WITH_PROVIDER=
    - OAUTH_ALLOW_SSO=
    - OAUTH_BLOCK_AUTO_CREATED_USERS=true
    - OAUTH_AUTO_LINK_LDAP_USER=false
    - OAUTH_AUTO_LINK_SAML_USER=false
    - OAUTH_EXTERNAL_PROVIDERS=
 
    - OAUTH_CAS3_LABEL=cas3
    - OAUTH_CAS3_SERVER=
    - OAUTH_CAS3_DISABLE_SSL_VERIFICATION=false
    - OAUTH_CAS3_LOGIN_URL=/cas/login
    - OAUTH_CAS3_VALIDATE_URL=/cas/p3/serviceValidate
    - OAUTH_CAS3_LOGOUT_URL=/cas/logout
 
    - OAUTH_GOOGLE_API_KEY=
    - OAUTH_GOOGLE_APP_SECRET=
    - OAUTH_GOOGLE_RESTRICT_DOMAIN=
 
    - OAUTH_FACEBOOK_API_KEY=
    - OAUTH_FACEBOOK_APP_SECRET=
 
    - OAUTH_TWITTER_API_KEY=
    - OAUTH_TWITTER_APP_SECRET=
 
    - OAUTH_GITHUB_API_KEY=
    - OAUTH_GITHUB_APP_SECRET=
    - OAUTH_GITHUB_URL=
    - OAUTH_GITHUB_VERIFY_SSL=
 
    - OAUTH_GITLAB_API_KEY=
    - OAUTH_GITLAB_APP_SECRET=
 
    - OAUTH_BITBUCKET_API_KEY=
    - OAUTH_BITBUCKET_APP_SECRET=
 
    - OAUTH_SAML_ASSERTION_CONSUMER_SERVICE_URL=
    - OAUTH_SAML_IDP_CERT_FINGERPRINT=
    - OAUTH_SAML_IDP_SSO_TARGET_URL=
    - OAUTH_SAML_ISSUER=
    - OAUTH_SAML_LABEL="Our SAML Provider"
    - OAUTH_SAML_NAME_IDENTIFIER_FORMAT=urn:oasis:names:tc:SAML:2.0:nameid-format:transient
    - OAUTH_SAML_GROUPS_ATTRIBUTE=
    - OAUTH_SAML_EXTERNAL_GROUPS=
    - OAUTH_SAML_ATTRIBUTE_STATEMENTS_EMAIL=
    - OAUTH_SAML_ATTRIBUTE_STATEMENTS_NAME=
    - OAUTH_SAML_ATTRIBUTE_STATEMENTS_FIRST_NAME=
    - OAUTH_SAML_ATTRIBUTE_STATEMENTS_LAST_NAME=
 
    - OAUTH_CROWD_SERVER_URL=
    - OAUTH_CROWD_APP_NAME=
    - OAUTH_CROWD_APP_PASSWORD=
 
    - OAUTH_AUTH0_CLIENT_ID=
    - OAUTH_AUTH0_CLIENT_SECRET=
    - OAUTH_AUTH0_DOMAIN=
 
    - OAUTH_AZURE_API_KEY=
    - OAUTH_AZURE_API_SECRET=
    - OAUTH_AZURE_TENANT_ID=

查看容器的网络相关信息

查看容器的网络相关信息

ifconfig   #查看容器内的网络
cat /etc/hosts   #查看容器内内部IP映射表
cat /etc/resolv.conf    #查看容器内dns服务器配置
cat /etc/nsswitch.conf   #查看容器名字服务配置
ip addr show   #查看容器IP地址
ip route show  #查看容器转发信息
netstat -nr   #查看容器当前IP转发表详细信息

docker-compose的样本

修改docker0的网卡IP

# vim /etc/docker/daemon.json 
{
"bip":"192.168.55.1/24"
}
version: '3.1'
 
networks:
  default:
    driver: bridge
    driver_opts:
      com.docker.network.enable_ipv6: "false"
    ipam:
      driver: default
      config:
        - subnet: 192.168.56.0/24
 
services:
  mysql:
    image: mysql:5.6.40
    restart: always
    environment:
      MYSQL_ROOT_PASSWORD: 123456
    # links:
    ports:
      - "3306:3306"
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - /etc/timezone:/etc/timezone:ro
      - /home/abc/volume/mysql/data:/var/lib/mysql
 
  php:
    image: wordpress:php7.1-fpm
    restart: always
    ports:
      - "9000:9000"
    links:
      - mysql:mysql
    depends_on:
      - mysql
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - /etc/timezone:/etc/timezone:ro
      - /home/abc/volume/wwwroot:/home/wwwroot
      - /home/abc/volume/wwwlogs:/home/wwwlogs
    #  php-fpm运行的用户为www-data,需要将wwwroot的权限为[chmod a+w ]
 
  nginx:
    image: nginx
    restart: always
    ports:
      - "80:80"
    links:
      - mysql
      - php
    depends_on:
      - mysql
      - php
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - /etc/timezone:/etc/timezone:ro
      - /home/abc/volume/nginx/conf/nginx.conf:/etc/nginx/nginx.conf:ro
      - /home/abc/volume/nginx/conf/fastcgi.conf:/etc/nginx/fastcgi.conf:ro
      - /home/abc/volume/nginx/conf/vhost:/etc/nginx/vhost:ro
      - /home/abc/volume/wwwroot:/home/wwwroot
      - /home/abc/volume/wwwlogs:/home/wwwlogs
 
 
  ftp:
    image: stilliard/pure-ftpd
    restart: always
    ports:
      - "21:21"
    volumes:
      - /opt/vsftp:/home/vsftp
    environment:
      FTP_USER_NAME: abc
      FTP_USER_PASS: abc0.0123
      FTP_USER_HOME: /home/vsftp
 
  mongo:
    image: mongo:3.2.20
    restart: always
    ports:
      - 27017:27017
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - /etc/timezone:/etc/timezone:ro
      - /home/abc/volume/mongo/data:/data/db
    environment:
      MONGO_INITDB_ROOT_USERNAME: root
      MONGO_INITDB_ROOT_PASSWORD: 123456
 
  mongo-express:
    image: mongo-express
    restart: always
    links:
      - mongo
    depends_on:
      - mongo
    ports:
      - "8081:8081"
    environment:
      ME_CONFIG_MONGODB_ADMINUSERNAME: root
      ME_CONFIG_MONGODB_ADMINPASSWORD: 123456  
 
 
  #sonar:
  #  image: sonarqube
  #  restart: always
  #  ports:
  #    - "9001:9000"
  #    - "9092:9092"
  #  links:
  #    - mysql
  #  depends_on:
  #    - mysql
  #  volumes:
  #    - /home/abc/volume/sonarqube/extensions/plugins:/opt/sonarqube/extensions/plugins
  #  environment:
  #    - SONARQUBE_JDBC_USERNAME=root
  #    - SONARQUBE_JDBC_PASSWORD=123456
  #    - SONARQUBE_JDBC_URL=jdbc:mysql://mysql:3306/sonar?useUnicode=true&characterEncoding=utf8

禁用selinux的约束

1. 查看SELinux状态

1.1 getenforce

getenforce 命令是单词get(获取)和enforce(执行)连写,可查看selinux状态,与setenforce命令相反。
setenforce 命令则是单词set(设置)和enforce(执行)连写,用于设置selinux防火墙状态,如: setenforce 0用于关闭selinux防火墙,但重启后失效

[root@localhost ~]# getenforce
Enforcing
1.2 /usr/sbin/sestatus

Current mode表示当前selinux防火墙的安全策略

[root@localhost ~]# /usr/sbin/sestatus
SELinux status: enabled
SELinuxfs mount: /sys/fs/selinux
SELinux root directory: /etc/selinux
Loaded policy name: targeted
Current mode: enforcing
Mode from config file: enforcing
Policy MLS status: enabled
Policy deny_unknown status: allowed
Max kernel policy version: 28
SELinux status:selinux防火墙的状态,enabled表示启用selinux防火墙
Current mode: selinux防火墙当前的安全策略,enforcing 表示强

2. 关闭SELinux

2.1 临时关闭

setenforce 0 :用于关闭selinux防火墙,但重启后失效。

[root@localhost ~]# setenforce 0
[root@localhost ~]# /usr/sbin/sestatus
SELinux status: enabled
SELinuxfs mount: /sys/fs/selinux
SELinux root directory: /etc/selinux
Loaded policy name: targeted
Current mode: permissive
Mode from config file: enforcing
Policy MLS status: enabled
Policy deny_unknown status: allowed
Max kernel policy version: 28
2.1 永久关闭

修改selinux的配置文件,重启后生效。

打开 selinux 配置文件

[root@localhost ~]# vim /etc/selinux/config
修改 selinux 配置文件

将SELINUX=enforcing改为SELINUX=disabled,保存后退出

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing – SELinux security policy is enforced.
# permissive – SELinux prints warnings instead of enforcing.
# disabled – No SELinux policy is loaded.
SELINUX=enforcing
# SELINUXTYPE= can take one of three two values:
# targeted – Targeted processes are protected,
# minimum – Modification of targeted policy. Only selected processes are protected.
# mls – Multi Level Security protection.
SELINUXTYPE=targeted
此时获取当前selinux防火墙的安全策略仍为Enforcing,配置文件并未生效。

[root@localhost ~]# getenforce
Enforcing
重启

[root@localhost ~]# reboot
验证

[root@localhost ~]# /usr/sbin/sestatus
SELinux status: disabled

统计表数量及记录数量

统计MySQL中某个数据库中有多少张表
SELECT count(*) TABLES, table_schema FROM information_schema.TABLES
where table_schema = ‘db_production’ GROUP BY table_schema;

统计MySQL中某个数据库中表记录数
use information_schema;
select table_name,table_rows from tables where TABLE_SCHEMA = ‘pims_ptemp’ order by table_rows desc;

where table_schema = 你的数据库名

字符串分割

@echo off
pushd %~dp0
set path_reg="HKEY_CURRENT_USER\Software\Kingsoft\Office\6.0\Common"
set key_reg="installRoot"
set str="    installRoot    REG_SZ    C:\Users\perftest\AppData\Local\Kingsoft\WPS Office\11.1.0.7660"
for /f "tokens=1,2,*" %%i in (%str%) do (
    echo %%i
    echo %%j
    echo %%k
)
 
reg query %path_reg% /v %key_reg% >nul 2>nul && goto :task
:errpath
echo 'the follow command execute error..'
echo 'reg query %path_reg% /v %key_reg%'
goto :end
 
:task
for /f "tokens=2,*" %%i in ('reg query %path_reg% /v %key_reg%') do (
    set path_office=%%j
)
 
:end
popd

使用匿名函数,简易地把同步转异步

使用匿名函数,简易地把同步转异步。
大概思路,已经省去了线程池的相关说明。

#define MYASSERT(x)
 
typedef std::function<QVariant(void)> FunAsyncTask;
typedef std::function<void(QVariant)> FunSuccessCallBack;
typedef std::function<void(QVariant)> FunErrorCallBack;
 
//从KAsyncTask派生
class AsyncTask     
{
private:
	const FunAsyncTask task;
	const FunSuccessCallBack ok_cb;
	const FunErrorCallBack err_cb;
        const QPointer<QObject> callerThiz; //外部调用者的This指针,目的利用它来检验当前匿名函数所捕获的参数是否仍有效。
	QVariant result;
	QVariant err;
        //ToDo保存调用线程,调用线程与成功及错误的处理是同一个线程,也即是调用成功及错误之前先检查线程是否相同。
	int threadCallId; //任务请求的线程。
	int threadDoTaskId; //任务处理的线程
public:
	static void post_aync_task(QObject *thiz, FunAsyncTask t, FunSuccessCallBack ok, FunErrorCallBack err)
	{
		AsyncTask *task = new AsyncTask(thiz, t, ok, err);
		//ToDo推送至多线程任务队列。
	}
private:
	AsyncTask(QObject *thiz, FunAsyncTask t, FunSuccessCallBack ok, FunErrorCallBack err)
		: callerThiz(thiz), task(t), ok_cb(ok), err_cb(err)
	{
		threadCallId = GetCurrentThreadId();
	}
 
	void run()
	{
		// AnyncThread do the job.
		threadDoTaskId = GetCurrentThreadId();
		try
		{
			result = task();
			//ToDo Save Ok
		}
		catch (...)
		{
			//TODO Save Error;
		}
	}
 
	void handleResult()
	{
		//ToDo MainThread to do the job.
                MYASSERT(callerThiz);
		MYASSERT(threadCallId == GetCurrentThreadId());
		ok_cb(result);
	}
 
	void handleError()
	{
		//ToDo MainThread to do the Error
                MYASSERT(callerThiz);
		MYASSERT(threadCallId == GetCurrentThreadId());
		err_cb(err);
	}
};
 
void assertValidTaskLambda(char* txt)
{
	//ToDo提取lamda表达式的中括号的参数进行检查,不允许使用"=&"的特殊字符,有该字符则输出错误及抛出异常。
        //提取括号外及大括号前的字符串,不允许"mutable"参数使用。
	printf("\r\n%s", txt);
}
 
void assertValidCallBackLambda(char* ok, char* err)
{
        //ToDo提取lamda表达式的中括号的参数进行检查,不允许使用"&"的特殊字符,有该字符则输出错误及抛出异常。
        //提取括号外及大括号前的字符串,不允许"mutable"参数使用。
	printf("\r\n%s-%s", ok, err);
}
 
#define POST_AYNC_TASK(task, ok_cb, err_cb) \
{\
        assertValidQObject(this);  \
	assertValidTaskLambda(#task); \
        assertValidCallBackLambda(#ok_cb, #err_cb) \
	AsyncTask::post_aync_task(this, task, ok_cb, err_cb); \
}
 
int MyClass::execute()
{
	int x = 1;
	int y = 2;
	int z = 3;
	int m = 4;
 
 	FunAsyncTask task = [x, y, z]()->int{
		return QVariant(123);
	};
 
 	FunSuccessCallBack ok = [x, m](QVariant r){
		printf("ok...ok...%d", r);
	};
 
	FunErrorCallBack err = [z, m](QVariant err){
		printf("failed...failed...%d", err);
	}; 
 
	POST_AYNC_TASK(task, ok, err); //这种使用,报错。
 
	// 推荐以下方式使用,目的是语法检查,减少多线程出错。
        // POST_AYNC_TASK((task_exp),(ok_exp),(err_exp))
        // 如果表达式不用括号包裹起来的话,可能会导致编译出错。
	POST_AYNC_TASK(([x, y, z]()->QVariant{
		int v1 = x;
		int v2 = v1*2;
		Sleep(1000);
		return QVariant(v2 + z);
	}), ([=](QVariant r){
		printf("ok...ok...%d", r);
	}), ([=](QVariant err){
		printf("failed...failed...%d", err);
	}));
 
	getchar();
}