www.cnblogs.com/ruiyqinrui

开源、架构、Linux C/C++/python AI BI 运维开发自动化运维。 春风桃李花 秋雨梧桐叶。“力尽不知热 但惜夏日长”。夏不惜,秋不获。@ruiY--秦瑞

python爬虫,C编程,嵌入式开发.hadoop大数据,桉树,onenebula云计算架构.linux运维及驱动开发.

  博客园  :: 首页  :: 新随笔  :: 联系 :: 订阅 订阅  :: 管理

 

大体发版推送的步骤:
拉取仓库代码 构建包  看是否运行集成及单元测试  
仓库代码提交 设置流水线-阻止异常或是对现有业务产生影响的代码入正式代码仓库,测试左移,让低级别错误回归到dev,减轻QA测试压力

node等前端静态页面
其他jar.构建打jar包,或是用docker-compose 维护发版,或是用k8s 维护线上版本业务  私仓一般用harbor
其他车机固件,刷机板子

堡垒机
远程主机仅仅允许从堡垒机密钥登录
PasswordAuthentication no



docker: Error response from daemon: driver failed programming external connectivity on endpoint mysql-server (9c274c7f4af2610577b8134980e573f93baeb86b5d84dc16f7abdb068053372a):  (iptables failed: iptables --wait -t nat -A DOCKER -p tcp -d 0/0 --dport 3306 -j DNAT --to-destination 172.17.0.2:3306 ! -i docker0: iptables: No chain/target/match by that name.

原因:在我们启动了Docker后,我们再对防火墙firewalld进行操作,就会发生上述报错,

详细原因:docker服务启动时定义的自定义链DOCKER,当 centos7 firewall 被清掉时,

firewall的底层是使用iptables进行数据过滤,建立在iptables之上,这可能会与 Docker 产生冲突。

当 firewalld 启动或者重启的时候,将会从 iptables 中移除 DOCKER 的规则,从而影响了 Docker 的正常工作。

当你使用的是 Systemd 的时候, firewalld 会在 Docker 之前启动,但是如果你在 Docker 启动之后操作 firewalld ,你就需要重启 Docker 进程了。
解决办法:输入指令 如下指令,重启docker服务及可重新生成自定义链DOCKER

systemctl restart docker


海南更新
scp -P :/opt/hainan/dist.zip .
scp -P :/opt/hainan/kge-biz.jar .

前端:替换nginx root dist
manage: 替换jar包 ,docker-compose stop manage && docker-compose build manage && docker-compose start manage
for i in nacos tx upms auth gateway manage ;do docker-compose restart $i;done

root/hfkmyl

病毒处理
loginclientbot
xmrig

34 发版推送126需要ssh ,密码修改 为root 

yum -y install psmisc.x86_64

yum -y install python3-pip.noarch
pip3 install runlike
runlike -p docker-container-id 查看docker 容器启动命令

kubectl top  pod km-manage-biz-578558db86-f6xp5 -n pre
kubectl top nodes
kubectl get pods -A
kubectl get pod --show-labels
kubectl label pod {pod名称} app=app
kubectl edit deploy km-auth-pre -n pre
pod扩容
kubectl scale deployment {deployment名称} --replicas=10
kubectl get deploy &&  kubectl scale deployment details-v1 --replicas=2

kubectl get deploy -n pre
pod deploy 更新镜像
kubectl set image deployment/nginx-deployment nginx=nginx:1.14
kubectl set image deployment km-manage-biz km-manage-biz=harbor-inside.hfkmyl.com:9443/his/km-manage-biz-master:202308021019 -n pre

pod 回滚
kubectl rollout undo deployment/pigx-ui -n pre

kubectl rollout status deployment/pigx-ui -n pre

kubectl rollout history deployment/pigx-ui -n pre
kubectl rollout undo deployment/pigx-ui -n pre --to-revision=8

docker run --name mysql-server -t --hostname mysql_server --restart=always \
-v /etc/localtime:/etc/localtime -v /docker/volume1/mysql/1/:/var/lib/mysql \
-e MYSQL_DATABASE="jumpserver" -e MYSQL_USER="jumpserver" -e MYSQL_PASSWORD="jumpserver" \
-e MYSQL_ROOT_PASSWORD="ming1128" -p 3306:3306 -d mysql:5.7 \
--character-set-server=utf8 --collation-server=utf8_bin


docker run --name redis-server -t \
 --hostname redis-server \
 --restart=always \
 -v /etc/localtime:/etc/localtime\
 -p 6379:6379 -d redis:5.0  



docker run --name jumpserver -t --hostname jump-server --restart=always -v /etc/localtime:/etc/localtime -p 8058:80 -p 2222:2222  -e SECRET_KEY=$SECRET_KEY -e BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN -e DB_HOST="mysql-server" -e DB_PORT=3306  -e DB_NAME="jumpserver" -e DB_USER="jumpserver" -e DB_PASSWORD="jumpserver" --link mysql-server:mysql  -e REDIS_HOST="redis-server" -e REDIS_PORT="6379"  --link redis-server:redis  jumpserver/jms_all:1.5.2


docker run --name=jumpserver \
        --hostname=jump-server \
        --mac-address=02:42:a9:fe:1e:04 \
        --env=DB_PASSWORD=jumpserver \
        --env=SECRET_KEY=HYyLkKVdEOMSA0skdUNWdSF3lvsEyufIu9v1FYEheLpKn9toqo \
        --env=REDIS_HOST=redis-server \
        --env=BOOTSTRAP_TOKEN=2S81RLtRhqEkV4dU \
        --env=DB_HOST=mysql-server \
        --volume=/etc/localtime:/etc/localtime \
        --workdir=/opt \
        -p 2222:2222 \
        -p 8088:80 \
        --link mysql-server:mysql \
        --link redis-server:redis \
        --restart=always \
        --log-opt max-file=20 \
        --log-opt max-size=50m \
        --runtime=runc \
        -t \
        jumpserver/jms_all:1.5.2




公司堡垒机
Bi4gjU2VQ5dxgRrS3F9oyGHJ
公司内部堡垒机
http://192.168.19.129/
spp/Bi4gjU2VQ5dxgRr

curl ipinfo.io


观察现象,telnet 远程目标业务端口 ,立即 conn reset说明业务端口又问题 



ssh-keygen
ssh-copy-id

实现免密钥既把本机生成的pub公钥注入到免密钥登录主机的authorized_keys
~/.ssh/authorized_keys



ssh远程登录响应时间很慢


/usr/local/apache-maven-3.6.3/bin/mvn clean install package -Dmaven.test.skip=true
/usr/local/apache-maven-3.6.3/bin/mvn install


docker push harbor-inside.hfkmyl.com:9443/his/pigx-upms-biz-master:202308011647 

sudo kubectl set image deployment pigx-upms-biz pigx-upms-biz=harbor.hfkmyl.com/his/pigx-upms-biz-master:202303010414 -n pre



curl -v -F "file=@/path/to/file" http://192.168.1.4/base/medicare/uploadFile





yum install -y yum-utils device-mapper-persistent-data lvm2

yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo

yum list docker-ce --showduplicates | sort -r

yum -y install docker-ce-20.10.0-3.el7 docker-ce-cli-20.10.0-3.el7 containerd.io



/usr/local/jdk1.8.0_161/bin/java -Dsun.misc.URLClassPath.disableJarChecking=true -Dfile.encoding=UTF-8 -Dsun.jnu.encoding=UTF-8 -jar /opt/server/km_cloud/pigx-register.jar --db.password=qW@erwqerR!123@1*@%


set global validate_password_policy=0;
set global validate_password_length=4;

update mysql.user set authentication_string=password('qW@erwqerR!123@1*@%') where user='root';



if [ "$SECRET_KEY" = "" ]; then SECRET_KEY=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 50`; echo "SECRET_KEY=$SECRET_KEY" >> ~/.bashrc; echo $SECRET_KEY; else echo $SECRET_KEY; fi
if [ "$BOOTSTRAP_TOKEN" = "" ]; then BOOTSTRAP_TOKEN=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 16`; echo "BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN" >> ~/.bashrc; echo $BOOTSTRAP_TOKEN; else echo $BOOTSTRAP_TOKEN; fi

for i in nacos tx upms auth gateway manage ihos consult;do docker-compose restart $i;done

yum --showduplicates list  docker 
pods 多副本日志查看,基于label 标签名
kubectl get pod --show-labels -n vip
kubectl logs  -l app=km-manage-selector,pod-template-hash=6c45d9cddb -n vip  -f --tail=100


for i in `seq -w 1 100`; do cp -rp /var/log/messages /data/test/copy-test-$i; done


:set paste

kubectl logs  -l k8s-app=kube-dns -n kube-system


流水线改
改dockerfile

http://192.168.19.142/kmyl/jenkinscms_new.git

kubectl edit deploy km-ihos-biz -n pre


harbor-login-qr





sudo kubectl set image deployment km-assets-biz km-assets-biz=harbor.hfkmyl.com:4433/his/km-assets-biz-master:202304260425 -n pre











Km!06

ops
Km!0611


202305171810



sudo kubectl set image deployment km-manage-biz km-manage-biz=harbor.hfkmyl.com:4433/his/km-manage-biz-master:202305171810 -n pre

sudo kubectl set image deployment km-manage-biz km-manage-biz=harbor-inside.hfkmyl.com:9443/his/km-manage-biz-master:202305222119 -n pre


/dev/sdb1 /opt/jenkinsbuilddir/

npm install --python=python2.7 ; npm config set python python2.7 ; npm install -g cnpm --registry=http://registry.npm.taobao.org ; npm install --registry=http://registry.npm.taobao.org;npm run build;npm install --save jsbarcode   初次 nodejs build 时 需要node_modules 可以加入到流水线

Error: Cannot find module 'node-sass'


./easyrsa init-pki

./easyrsa build-ca
kmylpp
hfkmyl



plm


km-manage-biz-9d6766549-zdzxr

kubectl delete pod km-manage-biz-9d6766549-4mddw -n vip
kubectl logs -f km-manage-biz-9d6766549-zdzxr -n vip


./easyrsa gen-req server nopass
./easyrsa sign-req server server

快到期主机
/192.168.0.76
pods自动迁移到其他主机,安排固定时间验证



Windows 2008 Enterprise R2 64位 中文版
ecs-2da0-1216613-volume-0000



解决方法:
Try running npm update -g npm then run npm i again.Іf thаt dоеѕn’t wоrk mауbе прm сасhе сlеаn hеlрѕ.

If that doesn’t work either you should consider removing the node_ _modules folder in your application and running npm i again.

If you still have no luck, I suggest removing the package-lock. json and the node_ modules folderbеfоrе runnіng прm і.

运行 npm update -g npm 然后运行 npm i
如果第1步不行,在第一步的基础上运行прm сасhе сlеаn
如果第2步还是不行,删除node_modules文件夹,再运行npm i
如果第3步还是不行,删除掉package-lock.json和node_modules,再运行npm i.
我删除了package-lock.json以后才启动成功的


npm install -g @vue/cli  




kubectl edit deploy km-manage-biz -n pre
kubectl get deploy -n pre




kubectl get deployments -n pre -o=custom-columns=NAME:.metadata.name,IMAGE:.spec.template.spec.containers[*].image
kubectl get pods -o wide -n pre

docker login -u admin -p Harbor12345 

docker pull 

docker push 





imagePullSecrets

kubectl create secret docker-registry xx --docker-username=admin --docker-password=Harbor12345 --docker-server= -n pre

kubectl logs km-consult-biz-5f9c949d56-96rmj -n vip


kubectl create secret docker-registry harbor-inside-hfkmyl \
    --docker-server=10.3.9.107:5000 \
    --docker-username='gsafety' \
    --docker-password='123456'





docker://18.9.0

Client Version: version.Info{Major:"1", Minor:"23", GitVersion:"v1.23.5", GitCommit:"c285e781331a3785a7f436042c65c5641ce8a9e9", GitTreeState:"clean", BuildDate:"2022-03-16T15:58:47Z", GoVersion:"go1.17.8", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"15+", GitVersion:"v1.15.6-r1-CCE2.0.30.B001", GitCommit:"3270aae40a24cd434ea48f594746f020c7473203", GitTreeState:"clean", BuildDate:"2020-01-08T10:05:41Z", GoVersion:"go1.12.12", Compiler:"gc", Platform:"linux/amd64"}
WARNING: version difference between client (1.23) and server (1.15) exceeds the supported minor version skew of +/-1

  

posted on 2023-08-08 08:37  秦瑞It行程实录  阅读(77)  评论(0编辑  收藏  举报
www.cnblogs.com/ruiyqinrui