/
搜索到
12
篇与
的结果
-
PostgreSQL 17.0 编译安装 PostgreSQL 17.0 编译安装OS: CentOS 7DB: PostgreSQL 17.01. 关闭默认防火墙 firewallsystemctl stop firewalld.service #停止firewall systemctl disable firewalld.service #禁止firewall开机启动 systemctl mask firewalld systemctl stop firewalld dnf remove firewalld2.安装iptables防火墙yum install -y iptables-services3.编辑iptables配置文件vim /etc/sysconfig/iptables # sample configuration for iptables service # you can edit this manually or use system-config-firewall # please do not ask us to add additional ports/services to this default configuration *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -p icmp -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 5432 -j ACCEPT -A INPUT -j REJECT --reject-with icmp-host-prohibited -A FORWARD -j REJECT --reject-with icmp-host-prohibited COMMIT #最后重启防火墙使配置生效 systemctl restart iptables.service #设置防火墙开机启动 systemctl enable iptables.service #重启防火墙 /usr/libexec/iptables/iptables.init restart 4.关闭SELINUXvim /etc/selinux/config SELINUX=disabled # 使配置生效 setenforce 05.安装依赖包yum install -y uuid uuid-devel libuuid libuuid-devel python3 python3-develyum install -y tcl tcl-devel perl-ExtUtils-Embed readline-devel zlib-devel pam-devel libxml2-devel libxslt-devel openldap-devel python-devel gcc-c++ openssl-devel cmake gcc* readline-devel icu libicu-devel6. 编译PostgreSQL# 创建目录 mkdir -p /usr/local/pgsql mkdir -p /usr/local/pgsql/data mkdir -p /usr/local/pgsql/log #解压postgreSQL 17.0 tar zxf postgresql-17.0.tar.gz #编译 cd postgresql-17.0 ./configure --prefix=/usr/local/pgsql --with-openssl --with-pgport=5432 --with-tcl --with-perl --with-python --with-libxml --with-libxslt --with-ossp-uuid --with-pam --with-ldap make -j 8 && make install7.创建用户组groupadd postgres useradd -g postgres postgres8.配置权限chown -R postgres:postgres /usr/local/pgsql chown -R postgres:postgres /usr/local/pgsql/data chown -R postgres:postgres /usr/local/pgsql/log chmod -R 700 /usr/local/pgsql/log9.配置环境变量cat >> ~/.bash_profile <<"EOF" export LANG=en_US.UTF-8 export PS1="[\u@\h \W]\$ " export PGPORT=5432 export PGDATA=/usr/local/pgsql/data export PGHOME=/usr/local/pgsql export LD_LIBRARY_PATH=$PGHOME/lib:/lib64:/usr/lib64:/usr/local/lib64:/lib:/usr/lib:/usr/local/lib:$LD_LIBRARY_PATH export PATH=$PGHOME/bin:$PATH:. export DATE=`date +"%Y%m%d%H%M"` export MANPATH=$PGHOME/share/man:$MANPATH export PGHOST=$PGDATA export PGUSER=postgres export PGDATABASE=postgres EOFsource ~/.bash_profile10.初始化数据库# 切换到postgres用户 su - postgres #初始化数据库 /usr/local/pgsql/bin/initdb -D /usr/local/pgsql/data --encoding=UTF8 --lc-collate=en_US.UTF-8 --lc-ctype=en_US.UTF-811.启动数据库#启动 /usr/local/pgsql/bin/pg_ctl -D /usr/local/pgsql/data -l logfile start #停止 /usr/local/pgsql/bin/pg_ctl -D /usr/local/pgsql/data -l logfile stop #重启 /usr/local/pgsql/bin/pg_ctl -D /usr/local/pgsql/data -l logfile restart #查看状态 /usr/local/pgsql/bin/pg_ctl -D /usr/local/pgsql/data -l logfile status -
Linux部署小雅alist Linux部署小雅alist小雅是基于阿里云盘的共享资源构建的一个比较完整的,大规模的资源库。结合你的阿里云盘,在你需要的时候,把对应的资源转移到你的阿里云盘的中转目录。而且可以做到定期清理,不用担心阿里云盘容量被转存的资源占满。配置好之后,这一切都是自动的,不需要人工干预。还有一些优点,小雅支持 WebDAV,可以结合各种客户端比如 Jellyfin、Emby 来使用,很多资源都已经过刮削,在客户端使用也非常省心。对于有些家人不会找资源的,小雅可真是个神器!相对于 nastools 之类的自动化工具,也不需要折腾 PT 站点认证,上手使用门槛非常低。安装dockeryum -y -q install docker-ce docker-ce-cli containerd.io docker-compose-plugin docker-ce-rootless-extras docker-buildx-plugin配置国内镜像tee /etc/docker/daemon.json <<EOF {"registry-mirrors":[ "https://dockerproxy.cn", "https://docker.rainbond.cc", "https://docker.udayun.com", "https://docker.211678.top" ]} EOF启动dockersudo systemctl daemon-reload sudo systemctl start docker安装小雅alistbash -c "$(curl --insecure -fsSL https://ddsrem.com/xiaoya_install.sh)"
-
Linux系统巡检脚本 1.Linux巡检脚本支持CentOS & RockyLinux#!/bin/bash dnf install bc iotop 2&>/dev/null && yum install bc iotop 2&>/dev/null && apt install bc iotop 2&>/dev/null function RED(){ echo -e "\033[31m$@\033[0m" } function YEL(){ echo -e "\033[33m$@\033[0m" } function GRE(){ echo -e "\033[32m$@\033[0m" } function PINK(){ echo -e "\033[35m$@\033[0m" } function OS_INFO(){ #系统 local OS_NAME=`cat /etc/os-release|awk -F'"' '{if(NR==1) print $2}'` #版本 local OS_VERSION=`cat /etc/os-release|awk -F'"' '{if(NR==2) print $2}'` #内核 local OS_KERNEL=`uname -r` #语言 local OS_LANG=`echo $LANG` #日期 local OS_DATE=`date +"%Y-%m-%d %H:%M:%S"` #运行时间 local OS_UPTIME=`uptime | awk -F',' '{sub(/.*up /,"",$1);print $1'}` #最近一次重启时间 local OS_REBOOT=`last reboot|head -1|awk '{print $5,$6,$7,$8,$10}'` #最近一次关机时间 local OS_SHUTDOWN=`last -x|grep shutdown|head -1|awk '{print $5,$6,$7,$8,$10}'` YEL "" YEL "######################系统信息######################" YEL "系统:$OS_NAME" YEL "版本:$OS_VERSION" YEL "内核:$OS_KERNEL" YEL "语言:$OS_LANG" YEL "日期:$OS_DATE" YEL "运行时间:$OS_UPTIME" YEL "最近一次重启时间:$OS_REBOOT" YEL "最近一次关机时间:$OS_SHUTDOWN" YEL "" } function OS_HARDWARE(){ #CPU架构 local CPU_ARCH=`uname -m` #CPU型号 local CPU_TYPE=`cat /proc/cpuinfo |grep "model name"|uniq|awk -F':' '{sub(/ /,"",$2);print $2}'` #CPU个数 local CPU_NUM=`cat /proc/cpuinfo |grep 'physical id'|sort|uniq| wc -l` #CPU核数 local CPU_CORE=`cat /proc/cpuinfo |grep cores|uniq|awk -F ':' '{sub(/ /,"",$2);print $2}'` #CPU频率 local CPU_MHZ=`cat /proc/cpuinfo |grep "cpu MHz"|uniq|awk -F ':' '{sub(/ /,"",$2);printf "%s MHz\n",$2}'` #内存容量 local MEM_SIZE=$(echo "scale=2;`cat /proc/meminfo | grep 'MemTotal:' | awk '{print $2}'`/1024/1024"|bc) #空闲内存 local MEM_FREE=$(echo "scale=2;`cat /proc/meminfo | grep 'MemFree:' | awk '{print $2}'`/1048576"|bc) #可用内存 local MEM_FREEE=$(echo "scale=2;`cat /proc/meminfo | grep 'MemAvailable:' | awk '{print $2}'`/1048576" | bc) #内存使用率 local MEM_USE=$(awk 'BEGIN{printf "%.1f%\n",('$MEM_SIZE'-'$MEM_FREEE')/'$MEM_SIZE'*100}') #SWAP大小 local MEM_SWAP_SIZE=$(echo "scale=2;`cat /proc/meminfo | grep 'SwapTotal:' | awk '{print $2}'`/1048576"|bc) #SWAP可用 local MEM_SWAP_FREE=$(echo "scale=2;`cat /proc/meminfo | grep 'SwapFree:' | awk '{print $2}'`/1048576"|bc) #SWAP使用率 local MEM_SWAP_USE=$(awk 'BEGIN{printf "%.1f%\n",('$MEM_SWAP_SIZE'-'$MEM_SWAP_FREE')/'$MEM_SWAP_SIZE'*100}') #Buffer大小 local MEM_BUF=$(cat /proc/meminfo | grep 'Buffers:' | awk '{printf "%s KB",$2}') #内存Cache大小 local MEM_CACHE=$(cat /proc/meminfo | grep '^Cached:' | awk '{printf "%s KB",$2}') #网卡 local NET_DEV=`cat /proc/net/dev | awk 'NR>2 && $1 !~/lo/ {sub(/:/,"");print $1}'|grep -E '^eth|^ens'` RED "######################硬件信息######################" RED "CPU架构:$CPU_ARCH" RED "CPU型号:$CPU_TYPE" RED "CPU个数:$CPU_NUM" RED "CPU核数:$CPU_CORE" RED "CPU频率:$CPU_MHZ" RED "内存容量:$MEM_SIZE GB" RED "空闲内存:$MEM_FREE GB" RED "可用内存:$MEM_FREEE GB" RED "内存使用率:$MEM_USE" RED "SWAP大小:$MEM_SWAP_SIZE GB" RED "SWAP可用:$MEM_SWAP_FREE GB" RED "SWAP使用率:$MEM_SWAP_USE" RED "Buffer大小:$MEM_BUF" RED "内存Cache大小:$MEM_CACHE" RED "网卡:$NET_DEV" for i in ${NET_DEV[@]} do if [ `ip link show $i|awk 'NR==1 {print $9}'` == 'UP' ];then RED "网卡:$i 状态:$(ip link show $i|awk 'NR==1 {print $9}') RX:$(ethtool -g $i|grep "RX:"|tail -1|awk '{print $2}') TX:$(ethtool -g $i|grep "TX:"|tail -1|awk '{print $2}') " else echo $i &>/dev/null fi done RED "" } function OS_NETWORK(){ #主机名 local OS_HOSTNAME=`hostname` #IP地址 local OS_IPADD=`hostname -I|awk '{print $1}'` #网关地址 local OS_GATEWAY=`ip route|grep default &>/dev/null && ip route|grep default|awk '{print $3}'|| echo "未配置网关"` #DNS地址 local OS_DNS=`cat /etc/resolv.conf |grep nameserver|uniq|awk '{printf "%s ",$2}'` PINK "######################网络信息######################" PINK "主机名:$OS_HOSTNAME" PINK "IP地址:$OS_IPADD" PINK "网关地址:$OS_GATEWAY" PINK "DNS地址:$OS_DNS" PINK "网关[$OS_GATEWAY]" PINK "连接情况: $(ping -t 1 -i 1 -c 5 -W 1 $OS_GATEWAY &>/dev/null && echo '正常通信' || echo '无法通信')" PINK "" } function OS_RESOURCE(){ #系统磁盘列表 local DISK_LIST=(`lsblk | egrep "^[a-z].*" | grep -v "^sr" | awk '{print $1}'`) #系统磁盘使用率情况 local DISK_PER=(`df -h | awk 'NR>1 && $1 !~/sr/ {gsub(/%/,"",$5);print $5}'`) #CPU空闲率 local CPU_FREE=$(top -d 1 -n 1 -b | awk 'NR==3{print $8}') # CPU使用率 local CPU_USE=$(awk 'BEGIN{printf "%.1f%\n",100-'$CPU_FREE'}') #CPU_TOP_TEN local CPU_TOP_TEN=$(top -d 1 -n 1 -b | column -t | awk 'NR>=7 && NR<=15') #当前进程数 local CPU_PROCESSORS=$(top -d 1 -n 1 -b | awk 'NR==2{print $2}') #当前正在运行进程数 local CPU_RUN_PROCESSORS=$(top -d 1 -n 1 -b | awk 'NR==2{print $4}') #当前正在休眠进程数 local CPU_SL_PROCESSORS=$(top -d 1 -n 1 -b | awk 'NR==2{print $6}') #当前停止运行进程数 local CPU_STOP_PROCESSORS=$(top -d 1 -n 1 -b | awk 'NR==2{print 8}') #当前僵尸进程数 local CPU_ZOM_PROCESSORS=$(top -d 1 -n 1 -b | awk 'NR==2{print $10}') GRE "######################系统资源######################" GRE "CPU使用率:$CPU_USE" GRE "CPU使用率前十进程信息:" GRE "$(ps -eo user,pid,pcpu,pmem,args --sort=-pcpu | head -n 10)" GRE "\n内存使用率前十进程信息:" GRE "$(ps -eo user,pid,pcpu,pmem,args --sort=-pmem | head -n 10)" GRE "\n磁盘IO信息:$(iotop -bon 1 &>/dev/null || echo 'iotop 未安装信息获取失败')" GRE "$(iotop -bon 1 &>/dev/null && iotop -bon 1 | head -n 13)" GRE "\n磁盘分区使用率是否正常:正常" for i in ${DISK_LIST[@]} do if [[ -z "$(lsblk --nodeps -no serial /dev/$i)" ]]; then GRE "磁盘:$i 磁盘序列号:获取信息失败" else GRE "磁盘:$i 磁盘序列号:$(lsblk --nodeps -no serial /dev/$i)" fi done for i in ${DISK_PER[@]} do if [ $i -gt 80 ]; then RED "某分区磁盘使用率为:$i% > 80% 请及时扩容" fi done GRE "\n系统磁盘分区inode使用情况:" GRE "$(df -Thi)" GRE "\n系统当前进程数:$CPU_PROCESSORS" GRE "系统当前进程运行数:$CPU_RUN_PROCESSORS" GRE "系统当前休眠进程数:$CPU_SL_PROCESSORS" GRE "系统当前停止进程数:$CPU_STOP_PROCESSORS" GRE "系统当前僵尸进程数:$CPU_ZOM_PROCESSORS" GRE "\n系统当前允许最大fd数量:$(cat /proc/sys/fs/file-nr | awk '{print $3}')" GRE "系统当前已打开fd数量:$(cat /proc/sys/fs/file-nr | awk '{print $1}')" GRE "系统单个进程运行打开fd数量:$(ulimit -n)" GRE "\n系统当前socket连接数:$(netstat -anp &>/dev/null && netstat -anp | wc -l || echo 'net-tools 未安装,获取信息失败')" GRE "系统 established socket数量: $(netstat -anp &>/dev/null && netstat -anp | grep "ESTABLISHED" | wc -l || echo 'net-tools 未安装,获取信息失败')" GRE "系统 sync socket数量:$(netstat -anp &>/dev/null && netstat -anp | grep "SYN" | wc -l || echo 'net-tools 未安装,获取信息失败')" GRE "系统当前已建立socket如下:" GRE "$(netstat -anp &>/dev/null && netstat -anp | grep ESTABLISHED | awk '{printf " 本地:%-20s <=> 外部:%-22s\n",$4,$5}' || echo '')" GRE "" } function OS_SECURITY(){ #系统所有能登录的用户 local OS_USER=(`cat /etc/passwd | awk -F':' '$NF !~/nologin|sync|shutdown|halt/ {print $1}'`) #Selinux local OS_SELINUX=`getenforce` # 防火墙状态 local OS_FIREWALLD=`service firewalld status &>/dev/null | grep "running" && echo on || echo off` RED "################################# [ 系统安全巡检区 ] ######################################" GRE "防火墙状态: $OS_FIREWALLD" GRE "Selinux状态:${OS_SELINUX}\n" GRE "系统可登录用户数:$(cat /etc/passwd | awk -F':' '$NF !~/nologin|sync|shutdown|halt/ {print $1}' | wc -l)" GRE "系统可登录用户:${OS_USER[@]}" for i in ${OS_USER[@]} do GRE "用户 $i 最后1次登录信息: $(lastlog -u $i | awk 'NR==2')" done GRE "系统当前登录用户:" GRE "$(who | sed 's#[()]##g' | awk '{printf " 用户: %10s 终端: %7s 登录时间: %7s %7s 登录IP: %7s\n",$1,$2,$3,$4,$5}')" } function OS_SERVICE(){ RED "################################# [ 系统服务巡检区 ] ######################################" GRE "自行添加" } if [ $(id -u -n) != "root" ]; then ERROR "请以ROOT用户运行这个脚本" fi OS_INFO OS_HARDWARE OS_NETWORK OS_RESOURCE OS_SECURITY2.输出[root@localhost ~]# ./check_linux.sh ######################系统信息###################### 系统:CentOS Linux 版本:7 (Core) 内核:3.10.0-1160.66.1.el7.x86_64 语言:en_US.UTF-8 日期:2023-05-17 15:57:11 运行时间:139 days 最近一次重启时间:Thu Dec 29 10:36 15:57 最近一次关机时间:Thu Nov 17 16:53 16:54 ######################硬件信息###################### CPU架构:x86_64 CPU型号:Intel(R) Core(TM)2 Duo CPU T7700 @ 2.40GHz CPU个数:1 CPU核数:8 CPU频率:2095.082 MHz 内存容量:15.65 GB 空闲内存:8.26 GB 可用内存:8.26 GB 内存使用率:47.2% SWAP大小:7.87 GB SWAP可用:3.39 GB SWAP使用率:56.9% Buffer大小:0 KB 内存Cache大小:225948 KB 网卡:eth0 网卡:eth0 状态:UP RX:4096 TX:4096 ######################网络信息###################### 主机名:localhost IP地址:192.168.1.250 网关地址:192.168.1.254 DNS地址:223.5.5.5 114.114.114.114 网关[192.168.1.254] 连接情况: 正常通信 ######################系统资源###################### CPU使用率:6.2% CPU使用率前十进程信息: USER PID %CPU %MEM COMMAND root 806 1.6 0.0 /bin/bash /usr/local/VMOptimizationTools/sangfor_guest_datareport root 807 1.3 0.0 /bin/bash /usr/local/VMOptimizationTools/sangfor_sfping root 1117 1.3 0.0 /bin/bash /usr/local/VMOptimizationTools/sangfor_update_ipc_callback root 1433 1.3 0.0 /bin/bash /usr/local/VMOptimizationTools/sangfor_vmconfig_ipc_callback root 2300 1.1 30.6 /home/monitor/tomcat/jdk/jre/bin/java -Djava.util.logging.config.file=/home/monitor/tom cat/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Djdk.tls.ephemeral DHKeySize=2048 -Djava.protocol.handler.pkgs=org.apache.catalina.webresources -Dorg.apache.catalina.security.Secur ityListener.UMASK=0027 -Djava.awt.headless=true -Dignore.endorsed.dirs= -classpath /home/monitor/tomcat/bin/boots trap.jar:/home/monitor/tomcat/bin/tomcat-juli.jar -Dcatalina.base=/home/monitor/tomcat -Dcatalina.home=/home/moni tor/tomcat -Djava.io.tmpdir=/home/monitor/tomcat/temp org.apache.catalina.startup.Bootstrap start root 1003 1.0 0.0 /bin/bash /usr/local/VMOptimizationTools/sangfor_vm_proxyd_w root 803 0.7 0.0 /bin/bash /usr/local/VMOptimizationTools/sangfor_vm_proxyd root 85148 0.6 3.0 java -Dfile.encoding=utf-8 -Xmx2048m -XX:MaxPermSize=1024m -Xss5m -XX:+UseParallelGC -X X:GCTimeRatio=4 -XX:AdaptiveSizePolicyWeight=90 -XX:MinHeapFreeRatio=20 -XX:MaxHeapFreeRatio=40 -XX:+ExitOnOutOfM emoryError -cp . -jar /opt/apps/backend-1.18.6.jar root 1189 0.5 0.0 /bin/bash /usr/local/VMOptimizationTools/sangfor_watchdog 内存使用率前十进程信息: USER PID %CPU %MEM COMMAND root 2300 1.1 30.6 /home/monitor/tomcat/jdk/jre/bin/java -Djava.util.logging.config.file=/home/monitor/tom cat/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Djdk.tls.ephemeral DHKeySize=2048 -Djava.protocol.handler.pkgs=org.apache.catalina.webresources -Dorg.apache.catalina.security.Secur ityListener.UMASK=0027 -Djava.awt.headless=true -Dignore.endorsed.dirs= -classpath /home/monitor/tomcat/bin/boots trap.jar:/home/monitor/tomcat/bin/tomcat-juli.jar -Dcatalina.base=/home/monitor/tomcat -Dcatalina.home=/home/moni tor/tomcat -Djava.io.tmpdir=/home/monitor/tomcat/temp org.apache.catalina.startup.Bootstrap start root 29042 0.1 3.6 /usr/local/tcat/jdk/jre/bin/java -Djava.util.logging.config.file=/usr/local/tcat/conf/l ogging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -javaagent:/usr/local/tcat/bi n/FineCrack.jar -javaagent:/usr/local/tcat/bin/FineCrack.jar -javaagent:/usr/local/tcat/bin/FineCrack.jar -javaag ent:/usr/local/tcat/webapps/webroot/WEB-INF/lib/FineCrack.jar -javaagent:/usr/local/tcat/webapps/webroot/WEB-INF/ lib/FineCrack.jar -Djdk.tls.ephemeralDHKeySize=2048 -Djava.protocol.handler.pkgs=org.apache.catalina.webresources -Dorg.apache.catalina.security.SecurityListener.UMASK=0027 -Djava.awt.headless=true -Dignore.endorsed.dirs= -cla sspath /usr/local/tcat/bin/bootstrap.jar:/usr/local/tcat/bin/tomcat-juli.jar -Dcatalina.base=/usr/local/tcat -Dca talina.home=/usr/local/tcat -Djava.io.tmpdir=/usr/local/tcat/temp org.apache.catalina.startup.Bootstrap start root 85148 0.6 3.0 java -Dfile.encoding=utf-8 -Xmx2048m -XX:MaxPermSize=1024m -Xss5m -XX:+UseParallelGC -X X:GCTimeRatio=4 -XX:AdaptiveSizePolicyWeight=90 -XX:MinHeapFreeRatio=20 -XX:MaxHeapFreeRatio=40 -XX:+ExitOnOutOfM emoryError -cp . -jar /opt/apps/backend-1.18.6.jar polkitd 86022 0.2 2.5 mysqld root 532 0.0 0.3 /usr/lib/systemd/systemd-journald root 25128 0.1 0.2 /usr/local/tcat/jdk/jre/bin/java -Djava.util.logging.config.file=/usr/local/tcat/conf/l ogging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -javaagent:/usr/local/tcat/bi n/FineCrack.jar -javaagent:/usr/local/tcat/bin/FineCrack.jar -javaagent:/usr/local/tcat/webapps/webroot/WEB-INF/l ib/FineCrack.jar -javaagent:/usr/local/tcat/webapps/webroot/WEB-INF/lib/FineCrack.jar -Djdk.tls.ephemeralDHKeySiz e=2048 -Djava.protocol.handler.pkgs=org.apache.catalina.webresources -Dorg.apache.catalina.security.SecurityListe ner.UMASK=0027 -Djava.awt.headless=true -Dignore.endorsed.dirs= -classpath /usr/local/tcat/bin/bootstrap.jar:/usr /local/tcat/bin/tomcat-juli.jar -Dcatalina.base=/usr/local/tcat -Dcatalina.home=/usr/local/tcat -Djava.io.tmpdir= /usr/local/tcat/temp org.apache.catalina.startup.Bootstrap start root 2210 0.3 0.2 /usr/bin/dockerd-current --add-runtime docker-runc=/usr/libexec/docker/docker-runc-curr ent --default-runtime=docker-runc --exec-opt native.cgroupdriver=systemd --userland-proxy-path=/usr/libexec/docke r/docker-proxy-current --init-path=/usr/libexec/docker/docker-init-current --seccomp-profile=/etc/docker/seccomp. json --selinux-enabled --log-driver=journald --signature-verification=false --storage-driver overlay2 root 2257 0.0 0.2 /usr/sbin/rsyslogd -n root 2543 0.2 0.0 /usr/bin/docker-containerd-current -l unix:///var/run/docker/libcontainerd/docker-conta inerd.sock --metrics-interval=0 --start-timeout 2m --state-dir /var/run/docker/libcontainerd/containerd --shim do cker-containerd-shim --runtime docker-runc --runtime-args --systemd-cgroup=true 磁盘IO信息:iotop 未安装信息获取失败 磁盘分区使用率是否正常:正常 磁盘:vda 磁盘序列号:获取信息失败 系统磁盘分区inode使用情况: Filesystem Type Inodes IUsed IFree IUse% Mounted on devtmpfs devtmpfs 2.0M 417 2.0M 1% /dev tmpfs tmpfs 2.0M 1 2.0M 1% /dev/shm tmpfs tmpfs 2.0M 906 2.0M 1% /run tmpfs tmpfs 2.0M 16 2.0M 1% /sys/fs/cgroup /dev/mapper/centos-root xfs 25M 340K 25M 2% / /dev/vda1 xfs 512K 333 512K 1% /boot /dev/mapper/centos-home xfs 221M 168K 221M 1% /home tmpfs tmpfs 2.0M 1 2.0M 1% /run/user/0 overlay overlay 25M 340K 25M 2% /var/lib/docker/overlay2/6e38effcd4011512f280644f2f0aac 6fc2058dff40ede9997c5a587d00bf32b7/merged overlay overlay 25M 340K 25M 2% /var/lib/docker/overlay2/7d98deda88ac959c420b3d6ad50a08 3504a7bc60fe9e6992a74fd0538a5289a2/merged shm tmpfs 2.0M 1 2.0M 1% /var/lib/docker/containers/ce22850fc84b867a3455a3652932 cd4cccfd9af4a9537c199c272c88d94dbe27/shm shm tmpfs 2.0M 1 2.0M 1% /var/lib/docker/containers/925ff26df98f4813f00173cea966 72187452870153f6667166ce512bc582ec74/shm 系统当前进程数:219 系统当前进程运行数:1 系统当前休眠进程数:218 系统当前停止进程数:8 系统当前僵尸进程数:0 系统当前允许最大fd数量:65535 系统当前已打开fd数量:2432 系统单个进程运行打开fd数量:65535 系统当前socket连接数:102 系统 established socket数量: 2 系统 sync socket数量:0 系统当前已建立socket如下: 本地:192.168.1.250:22 <=> 外部:192.168.1.10:61497 本地:192.168.1.250:22 <=> 外部:192.168.1.10:61499 ################################# [ 系统安全巡检区 ] ###################################### 防火墙状态: off Selinux状态:Disabled 系统可登录用户数:2 系统可登录用户:root monitor 用户 root 最后1次登录信息: root pts/0 192.168.1.10 Wed May 17 11:42:49 +0800 2023 用户 monitor 最后1次登录信息: monitor pts/0 192.168.1.10 Wed Aug 31 15:54:20 +0800 2022 系统当前登录用户: 用户: root 终端: pts/0 登录时间: 2023-05-17 11:42 登录IP: 192.168.1.10
-
CentOS 启用BBR CentOS 开启 BBR 加速一. 升级CentOS 内核1.1 导入公钥rpm --import https://www.elrepo.org/RPM-GPG-KEY-elrepo.org1.2 安装elrepo源1.2.1 RHEL-7rpm -Uvh http://www.elrepo.org/elrepo-release-7.0-2.el7.elrepo.noarch.rpm1.2.2 RHEL-8yum install https://www.elrepo.org/elrepo-release-8.el8.elrepo.noarch.rpm1.2.3 RHEL-9yum install https://www.elrepo.org/elrepo-release-9.el9.elrepo.noarch.rpm1.3 安装内核 5.10以上yum --enablerepo=elrepo-kernel install kernel-ml -y1.4 确认是否安装成功rpm -qa | grep kernel输出:kernel-3.10.0-1160.71.1.el7.x86_64kernel-tools-3.10.0-1160.71.1.el7.x86_64kernel-ml-5.18.12-1.el7.elrepo.x86_64kernel-headers-3.10.0-1160.71.1.el7.x86_64kernel-3.10.0-1062.el7.x86_64kernel-devel-3.10.0-1062.el7.x86_64kernel-tools-libs-3.10.0-1160.71.1.el7.x86_64kernel-devel-3.10.0-1160.71.1.el7.x86_641.5 查看可用启动项egrep ^menuentry /etc/grub2.cfg | cut -f 2 -d \'[root@ ~]# egrep ^menuentry /etc/grub2.cfg | cut -f 2 -d \'CentOS Linux (5.18.12-1.el7.elrepo.x86_64) 7 (Core)CentOS Linux (3.10.0-1160.71.1.el7.x86_64) 7 (Core)CentOS Linux (3.10.0-1062.el7.x86_64) 7 (Core)CentOS Linux (0-rescue-d93e9d7030a14fe786947b2903d7a446) 7 (Core)1.5.1 设置引导项顺序,使用新安装内核来引导启动:顺序从0开始grub2-set-default 01.5.2 重启系统reboot二. 配置BBR2.1 修改sysctl 启用 BBRecho "net.core.default_qdisc=fq" >> /etc/sysctl.confecho "net.ipv4.tcp_congestion_control=bbr" >> /etc/sysctl.conf2.2 执行sysctl -p输出[root@ ~]# sysctl -pnet.core.rmem_default = 33554432net.core.rmem_max = 33554432net.ipv4.ip_forward = 1net.core.default_qdisc = fqnet.ipv4.tcp_congestion_control = bbrlsmod |grep bbr输出[root@ ~]# lsmod |grep bbrtcp_bbr 20480 9
-
Ubuntu-Netplan configuration examples From:https://netplan.io/examples/Below are a collection of example netplan configurations for common scenarios. If you see a scenario missing or have one to contribute, please file a bug against this documentation with the example using the links at the bottom of this page. Thank you!ConfigurationTo configure netplan, save configuration files under /etc/netplan/ with a .yaml extension (e.g. /etc/netplan/config.yaml), then run sudo netplan apply. This command parses and applies the configuration to the system. Configuration written to disk under /etc/netplan/ will persist between reboots.Using DHCP and static addressingTo let the interface named ‘enp3s0’ get an address via DHCP, create a YAML file with the following:network: version: 2 renderer: networkd ethernets: enp3s0: dhcp4: trueTo instead set a static IP address, use the addresses key, which takes a list of (IPv4 or IPv6), addresses along with the subnet prefix length (e.g. /24). DNS information can be provided as well, and the gateway can be defined via a default route:network: version: 2 renderer: networkd ethernets: enp3s0: addresses: - 10.10.10.2/24 nameservers: search: [mydomain, otherdomain] addresses: [10.10.10.1, 1.1.1.1] routes: - to: default via: 10.10.10.1Connecting multiple interfaces with DHCPMany systems now include more than one network interface. Servers will commonly need to connect to multiple networks, and may require that traffic to the Internet goes through a specific interface despite all of them providing a valid gateway.One can achieve the exact routing desired over DHCP by specifying a metric for the routes retrieved over DHCP, which will ensure some routes are preferred over others. In this example, ‘enred’ is preferred over ‘engreen’, as it has a lower route metric:network: version: 2 ethernets: enred: dhcp4: yes dhcp4-overrides: route-metric: 100 engreen: dhcp4: yes dhcp4-overrides: route-metric: 200Connecting to an open wireless networkNetplan easily supports connecting to an open wireless network (one that is not secured by a password), only requiring that the access point is defined:network: version: 2 wifis: wl0: access-points: opennetwork: {} dhcp4: yesConnecting to a WPA Personal wireless networkWireless devices use the ‘wifis’ key and share the same configuration options with wired ethernet devices. The wireless access point name and password should also be specified:network: version: 2 renderer: networkd wifis: wlp2s0b1: dhcp4: no dhcp6: no addresses: [192.168.0.21/24] nameservers: addresses: [192.168.0.1, 8.8.8.8] access-points: "network_ssid_name": password: "**********" routes: - to: default via: 192.168.0.1Connecting to WPA Enterprise wireless networksIt is also common to find wireless networks secured using WPA or WPA2 Enterprise, which requires additional authentication parameters.For example, if the network is secured using WPA-EAP and TTLS:network: version: 2 wifis: wl0: access-points: workplace: auth: key-management: eap method: ttls anonymous-identity: "@internal.example.com" identity: "[email protected]" password: "v3ryS3kr1t" dhcp4: yesOr, if the network is secured using WPA-EAP and TLS:network: version: 2 wifis: wl0: access-points: university: auth: key-management: eap method: tls anonymous-identity: "@cust.example.com" identity: "[email protected]" ca-certificate: /etc/ssl/cust-cacrt.pem client-certificate: /etc/ssl/cust-crt.pem client-key: /etc/ssl/cust-key.pem client-key-password: "d3cryptPr1v4t3K3y" dhcp4: yesMany different modes of encryption are supported. See the Netplan reference page.Using multiple addresses on a single interfaceThe addresses key can take a list of addresses to assign to an interface:network: version: 2 renderer: networkd ethernets: enp3s0: addresses: - 10.100.1.38/24 - 10.100.1.39/24 routes: - to: default via: 10.100.1.1Interface aliases (e.g. eth0:0) are not supported.Using multiple addresses with multiple gatewaysSimilar to the example above, interfaces with multiple addresses can beconfigured with multiple gateways.network: version: 2 renderer: networkd ethernets: enp3s0: addresses: - 10.0.0.10/24 - 11.0.0.11/24 routes: - to: default via: 10.0.0.1 metric: 200 - to: default via: 11.0.0.1 metric: 300We configure individual routes to default (or 0.0.0.0/0) using the address of the gateway for the subnet. The metric value should be adjusted so the routing happens as expected.DHCP can be used to receive one of the IP addresses for the interface. In this case, the default route for that address will be automatically configured with a metric value of 100.Using Network Manager as a rendererNetplan supports both networkd and Network Manager as backends. You can specify which network backend should be used to configure particular devices by using the renderer key. You can also delegate all configuration of the network to Network Manager itself by specifying only the renderer key:network: version: 2 renderer: NetworkManagerConfiguring interface bondingBonding is configured by declaring a bond interface with a list of physical interfaces and a bonding mode. Below is an example of an active-backup bond that uses DHCP to obtain an address:network: version: 2 renderer: networkd bonds: bond0: dhcp4: yes interfaces: - enp3s0 - enp4s0 parameters: mode: active-backup primary: enp3s0Below is an example of a system acting as a router with various bonded interfaces and different types. Note the ‘optional: true’ key declarations that allow booting to occur without waiting for those interfaces to activate fully.network: version: 2 renderer: networkd ethernets: enp1s0: dhcp4: no enp2s0: dhcp4: no enp3s0: dhcp4: no optional: true enp4s0: dhcp4: no optional: true enp5s0: dhcp4: no optional: true enp6s0: dhcp4: no optional: true bonds: bond-lan: interfaces: [enp2s0, enp3s0] addresses: [192.168.93.2/24] parameters: mode: 802.3ad mii-monitor-interval: 1 bond-wan: interfaces: [enp1s0, enp4s0] addresses: [192.168.1.252/24] nameservers: search: [local] addresses: [8.8.8.8, 8.8.4.4] parameters: mode: active-backup mii-monitor-interval: 1 gratuitious-arp: 5 routes: - to: default via: 192.168.1.1 bond-conntrack: interfaces: [enp5s0, enp6s0] addresses: [192.168.254.2/24] parameters: mode: balance-rr mii-monitor-interval: 1Configuring network bridgesTo create a very simple bridge consisting of a single device that uses DHCP, write:network: version: 2 renderer: networkd ethernets: enp3s0: dhcp4: no bridges: br0: dhcp4: yes interfaces: - enp3s0A more complex example, to get libvirtd to use a specific bridge with a tagged vlan, while continuing to provide an untagged interface as well would involve:network: version: 2 renderer: networkd ethernets: enp0s25: dhcp4: true bridges: br0: addresses: [ 10.3.99.25/24 ] interfaces: [ vlan15 ] vlans: vlan15: accept-ra: no id: 15 link: enp0s25Then libvirtd would be configured to use this bridge by adding the following content to a new XML file under /etc/libvirtd/qemu/networks/. The name of the bridge in the tag as well as in need to match the name of the bridge device configured using netplan:<network> <name>br0</name> <bridge name='br0'/> <forward mode="bridge"/> </network>Attaching VLANs to network interfacesTo configure multiple VLANs with renamed interfaces:network: version: 2 renderer: networkd ethernets: mainif: match: macaddress: "de:ad:be:ef:ca:fe" set-name: mainif addresses: [ "10.3.0.5/23" ] nameservers: addresses: [ "8.8.8.8", "8.8.4.4" ] search: [ example.com ] routes: - to: default via: 10.3.0.1 vlans: vlan15: id: 15 link: mainif addresses: [ "10.3.99.5/24" ] vlan10: id: 10 link: mainif addresses: [ "10.3.98.5/24" ] nameservers: addresses: [ "127.0.0.1" ] search: [ domain1.example.com, domain2.example.com ]Reaching a directly connected gatewayThis allows setting up a default route, or any route, using the “on-link” keyword where the gateway is an IP address that is directly connected to the network even if the address does not match the subnet configured on the interface.network: version: 2 renderer: networkd ethernets: ens3: addresses: [ "10.10.10.1/24" ] routes: - to: default # or 0.0.0.0/0 via: 9.9.9.9 on-link: trueFor IPv6 the config would be very similar, with the notable difference being an additional scope: link host route to the router’s address required:network: version: 2 renderer: networkd ethernets: ens3: addresses: [ "2001:cafe:face:beef::dead:dead/64" ] routes: - to: "2001:cafe:face::1/128" scope: link - to: default # or "::/0" via: "2001:cafe:face::1" on-link: trueConfiguring source routingRoute tables can be added to particular interfaces to allow routing between two networks:In the example below, ens3 is on the 192.168.3.0/24 network and ens5 is on the 192.168.5.0/24 network. This enables clients on either network to connect to the other and allow the response to come from the correct interface.Furthermore, the default route is still assigned to ens5 allowing any other traffic to go through it.network: version: 2 renderer: networkd ethernets: ens3: addresses: - 192.168.3.30/24 dhcp4: no routes: - to: 192.168.3.0/24 via: 192.168.3.1 table: 101 routing-policy: - from: 192.168.3.0/24 table: 101 ens5: addresses: - 192.168.5.24/24 dhcp4: no routes: - to: default via: 192.168.5.1 - to: 192.168.5.0/24 via: 192.168.5.1 table: 102 routing-policy: - from: 192.168.5.0/24 table: 102Configuring a loopback interfaceNetworkd does not allow creating new loopback devices, but a user can add new addresses to the standard loopback interface, lo, in order to have it considered a valid address on the machine as well as for custom routing:network: version: 2 renderer: networkd ethernets: lo: match: name: lo addresses: [ 7.7.7.7/32 ]Integration with a Windows DHCP ServerFor networks where DHCP is provided by a Windows Server using the dhcp-identifier key allows for interoperability:network: version: 2 ethernets: enp3s0: dhcp4: yes dhcp-identifier: macConnecting an IP tunnelTunnels allow an administrator to extend networks across the Internet by configuring two endpoints that will connect a special tunnel interface and do the routing required. Netplan supports SIT, GRE, IP-in-IP (ipip, ipip6, ip6ip6), IP6GRE, VTI and VTI6 tunnels.A common use of tunnels is to enable IPv6 connectivity on networks that only support IPv4. The example below show how such a tunnel might be configured.Here, 1.1.1.1 is the client’s own IP address; 2.2.2.2 is the remote server’s IPv4 address, “2001:dead:beef::2/64” is the client’s IPv6 address as defined by the tunnel, and “2001:dead:beef::1” is the remote server’s IPv6 address.Finally, “2001:cafe:face::1/64” is an address for the client within the routed IPv6 prefix:network: version: 2 ethernets: eth0: addresses: - 1.1.1.1/24 - "2001:cafe:face::1/64" routes: - to: default via: 1.1.1.254 tunnels: he-ipv6: mode: sit remote: 2.2.2.2 local: 1.1.1.1 addresses: - "2001:dead:beef::2/64" routes: - to: default via: "2001:dead:beef::1"Configuring SR-IOV Virtual FunctionsFor SR-IOV network cards, it is possible to dynamically allocate Virtual Function interfaces for every configured Physical Function. In netplan, a VF is defined by having a link: property pointing to the parent PF.network: version: 2 ethernets: eno1: mtu: 9000 enp1s16f1: link: eno1 addresses : [ "10.15.98.25/24" ] vf1: match: name: enp1s16f[2-3] link: eno1 addresses : [ "10.15.99.25/24" ]
