作者归档：阿端

关于阿端

我真的是一名专业的命理师

CentOS安装MySQL/MariaDB

发表评论

本文总共有两种方式安装 MySQL/MariaDB，分别是 YUM 和 docker-compose 两种方式

一、实验环境

作业系统：CentOS Linux release 7.7.1908 (Core)

mariadb官方配置yum源方法

二、yum 方式安装 mariadb

1. 设置mariadb的yum源

cat <<EOF > /etc/yum.repos.d/mariadb.repo

# MariaDB 10.5 CentOS repository list - created 2021-03-19 07:41 UTC
# http://downloads.mariadb.org/mariadb/repositories/
[mariadb]
name = MariaDB
baseurl = http://yum.mariadb.org/10.5/centos7-amd64
gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB
gpgcheck=1

EOF

# 重新构建缓存
sudo yum clean all && sudo yum makecache

2. 安装 mariadb

sudo yum install MariaDB-server MariaDB-client -y

3. 启动 mariadb

# 启动mariadb服务
sudo systemctl start mariadb.service

# 查看mariadb状态
sudo systemctl status mariadb.service

# 设置开机自启
sudo systemctl enable mariadb.service

4. 初始化 mariadb

初始化mariadb的目的：设置mariadb密码、远程ip使用root访问mariadb的权限、删除匿名用户、删除test库等

# 初始化mariadb （mariadb一定要成功启动才可以执行这一步，否则会报错）
[root@localhost ~]# mysql_secure_installation

NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!

In order to log into MariaDB to secure it, we'll need the current
password for the root user. If you've just installed MariaDB, and
haven't set the root password yet, you should just press enter here.

Enter current password for root (enter for none):
OK, successfully used password, moving on...

Setting the root password or using the unix_socket ensures that nobody
can log into the MariaDB root user without the proper authorisation.

You already have your root account protected, so you can safely answer 'n'.

Switch to unix_socket authentication [Y/n] Y
Enabled successfully!
Reloading privilege tables..
... Success!

You already have your root account protected, so you can safely answer 'n'.

Change the root password? [Y/n] Y
New password:
Re-enter new password:
Password updated successfully!
Reloading privilege tables..
... Success!

By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them. This is intended only for testing, and to make the installation
go a bit smoother. You should remove them before moving into a
production environment.

Remove anonymous users? [Y/n] Y
... Success!

Normally, root should only be allowed to connect from 'localhost'. This
ensures that someone cannot guess at the root password from the network.

Disallow root login remotely? [Y/n] n
... skipping.

By default, MariaDB comes with a database named 'test' that anyone can
access. This is also intended only for testing, and should be removed
before moving into a production environment.

Remove test database and access to it? [Y/n] Y
- Dropping test database...
... Success!
- Removing privileges on test database...
... Success!

Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.

Reload privilege tables now? [Y/n] Y
... Success!

Cleaning up...

All done! If you've completed all of the above steps, your MariaDB
installation should now be secure.

Thanks for using MariaDB!

三、docker-compose 方式安装 MySQL

docker-compose.yaml

mysql:
  restart: always
  image: mysql:5.7.21
  container_name: mysql
 
  ports:
    - 3306:3306
 
  environment:
    TZ: Asia/Shanghai
    MYSQL_ROOT_PASSWORD: Admin123
 
  volumes:
    - /data/mysql/mysql.conf.d:/etc/mysql/mysql.conf.d
    - /data/mysql/lib/mysql:/var/lib/mysql
    - /etc/localtime:/etc/localtime:ro
    - /data/mysql/log:/var/log/mysql

/data/mysql/mysql.conf.d/my.cnf

[client]
default-character-set = utf8
port = 3306
 
[mysql]
port = 3306
default-character-set = utf8
 
[mysqld]
port = 3306
character-set-server = utf8
 
# 打开二进制日志
log-bin = mysql-bin
binlog_cache_size = 1M
expire_logs_days = 10
max_binlog_size = 128M
 
# 实例标识，不能重复
server_id = 1
binlog_format=MIXED
read-only=0
auto-increment-increment=10
 
# 自增控制，配置不能重复
auto-increment-offset=1
skip-external-locking
slow-query-log = on
long_query_time = 1
lower_case_table_names = 1
max_connections=1100
max_user_connections=100
max_connect_errors=1000
innodb_buffer_pool_size = 100M
innodb_buffer_pool_instances = 8
innodb_log_file_size = 200M
innodb_log_buffer_size = 16M
innodb_log_files_in_group = 3
innodb_flush_log_at_trx_commit = 0
innodb_lock_wait_timeout = 10
innodb_sync_spin_loops = 40
innodb_max_dirty_pages_pct = 90
innodb_support_xa = 0
innodb_thread_concurrency = 0
innodb_thread_sleep_delay = 500
innodb_concurrency_tickets = 1000
log_bin_trust_function_creators = 1
innodb_flush_method = O_DIRECT
innodb_file_per_table
innodb_read_io_threads = 16
innodb_write_io_threads = 16
innodb_io_capacity = 2000
innodb_file_format = Barracuda
innodb_purge_threads=1
innodb_purge_batch_size = 32
innodb_old_blocks_pct=75
innodb_change_buffering=all
innodb_stats_on_metadata=OFF
sql_mode=STRICT_TRANS_TABLES,NO_ZERO_IN_DATE,NO_ZERO_DATE,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION

搭建trjoan服务（一键安装脚本）

发表评论

摘要：本文仅作为技术研究，请遵守所在国家或地区的法律法规

准备工作：

1.一台VPS服务器

个人推荐 vultr ，理由如下：

1> 首次注册即可送100美金；

2> 机房遍布全球：北美、欧洲、日本、韩国、新加坡、澳洲；

3> 每个月最高5美元封顶（实际根本用不到，大约在1.5-3美元之间）

4> IP比较稳定，目前没发现在黑名单里面；

5> 操作面板简单，一键重装系统、开关机服务器，还有监控指标图表；

2.一个域名

建议在 namesilo 上购买域名，0.99美元起，不要在网络审查较为严重的域名上注册。

部署步骤：

一件脚本部署服务 -> 申请ssl证书 -> ssl证书绑定到域名 -> 域名dns解析

部署服务：

用putty、xshell6等SSH工具连上vps，执行以下代码：（脚本包含申请ssl证书，ssl证书绑定到域名）

cd /opt && source <(curl -sL https://git.io/trojan-install)

卸载服务：

source <(curl -sL https://git.io/trojan-install) --remove

结束语

全程手动码字，点击右侧栏广告，鼓励一下吧XDDD

CentOS安裝squid服務并配置http和yum代理

发表评论

安裝squid服務

找一台可以訪問外網的服務器

# 安裝squid
yum install squid -y

修改配置文件 /etc/squid/squid.conf （重點是 http_access）

[root@linux-host1 local]#  cat /etc/squid/squid.conf | grep -v "^$" | grep -v "^#"
acl localnet src 10.0.0.0/8     # RFC1918 possible internal network
acl localnet src 172.16.0.0/12  # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
acl localnet src fc00::/7       # RFC 4193 local private network range
acl localnet src fe80::/10      # RFC 4291 link-local (directly plugged) machines
acl SSL_ports port 443
acl Safe_ports port 80          # http
acl Safe_ports port 21          # ftp
acl Safe_ports port 443         # https
acl Safe_ports port 70          # gopher
acl Safe_ports port 210         # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http
acl CONNECT method CONNECT
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost manager
http_access deny manager
http_access allow localnet
http_access allow localhost
http_access allow all
http_port 3128
coredump_dir /var/spool/squid
refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern -i (/cgi-bin/|\?) 0     0%      0
refresh_pattern .               0       20%     4320

# 啓動squid服務
systemctl start squid

# 加入開機自啓
systemctl enable squid

yum代理配置

# 在/etc/yum.conf配置文件[main]節點下追增以下配置

# squid代理服務
proxy=http://172.50.1.119:3128 

# 服務器賬號
proxy_name=root 

# 服務器密碼
proxy_password=2am#ue9P&.aqb*14

http代理配置

# 創建配置文件
touch /etc/profile.d/proxy.sh

# 在 /etc/profile.d/proxy.sh 添加以下配置
# 格式: export http_proxy="http://user_name:password@IP:PORT" username是squid服務器的賬號密碼，這裏沒有給squid服務配置賬號密碼認證
export http_proxy="http://root:2am#ue9P&.aqb*14@172.50.1.119:3128" 
export https_proxy="http://root:2am#ue9P&.aqb*14@172.50.1.119:3128"

# 刷新配置生效
source /etc/profile.d/proxy.sh

python複製多層子文件到目標目錄(API)

发表评论

#!/usr/local/env python3
# -*- coding:utf-8 -*-

import psutil, shutil, os

# 杀死进程
def kill_process_name(process_name):
    pid_list = psutil.pids()
    for pid in pid_list:
        try:
            each_pro = psutil.Process(pid)
            if process_name.lower() in each_pro.name().lower():
                # logger.info('find and kill {}'.format(process_name))
                each_pro.terminate()
                each_pro.wait(timeout=3)

        except psutil.NoSuchProcess as pid:
            pass

# copy文件
def copy_file(s_dir, d_dir):
    if os.path.exists(d_dir):
        shutil.rmtree(d_dir) # 删除zzinfo工作目录
    os.makedirs(d_dir)
    for root, dirs, files in os.walk(s_dir):
        for d in dirs:
            s_dir_name = os.path.join(root, d) # 列出workspace里面的子目录
            d_dir_name = s_dir_name.replace(s_dir, d_dir)
            if not os.path.exists(d_dir_name):
                os.makedirs(d_dir_name) # 创建zzinfo里面的子目录

        for f in files:
            s_file_name = os.path.join(root, f) # 列出workspace里面的所有文件的绝对路径
            d_file_name = s_file_name.replace(s_dir, d_dir) # 列出目标文件的绝对路径
            shutil.copyfile(s_file_name, d_file_name)


# main函数入口
if __name__ == '__main__':

    os.environ['BUILD_ID'] = "dontKillMe"

    kill_process_name("gkfmc64.exe")

    # copy lib部分
    lib_s_dir = os.getenv("WORKSPACE") + r'\lib'
    lib_d_dir = r"d:\zzinfo\gkfmc64\lib"
    copy_file(lib_s_dir, lib_d_dir)

    # copy bin部分
    bin_s_dir = os.getenv("WORKSPACE") + r'\target\classes'
    bin_d_dir = r"d:\zzinfo\gkfmc64\bin"
    copy_file(bin_s_dir, bin_d_dir)

    # 启动gkfmc64.exe
    os.popen(r"start /d d:\zzinfo\PTJYgkfmc64  gkfmc64.exe")

CentOS部署samba服務

发表评论

服務端

# yum 安裝
[root@localhost ~]# yum install samba samba-client samba-swat -y

# 配置文件
[root@localhost ~]# cat /etc/samba/smb.conf

###########################################
[global]
        workgroup = MYGROUP
        server string = Samba Server Version %v
        hosts allow = 10.0.8.0/24 
        log file = /var/log/samba/log.%m
        max log size = 50
        security = share
        passdb backend = tdbsam
        load printers = yes
        cups options = raw

[share]
comment = share
path = /project/tools
browseable = yes
guest ok = yes
writable = yes


[homes]
        comment = Home Directories
        browseable = no
        writable = yes

[printers]
        comment = All Printers
        path = /var/spool/samba
        browseable = no
        guest ok = no
        writable = no
        printable = yes
###########################################

訪問

[root@localhost ~]# yum install cifs-utils -y

# 挂載
[root@localhost ~]# mkdir -p /samba_share
[root@localhost ~]# mount -t cifs //xxx.xxx.xxx.xx/share /samba_share

非root用戶沒有權限運行docker命令

发表评论

問題描述

[yuy@localhost ~]$ docker ps
Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Get http://%2Fvar%2Frun%2Fdocker.sock/v1.26/containers/json: dial unix /var/run/docker.sock: connect: permission denied

問題分析

Manage Docker as a non-root user

The docker daemon binds to a Unix socket instead of a TCP port. By
default that Unix socket is owned by the user root and other users can
only access it using sudo. The docker daemon always runs as the root
user.

If you don’t want to use sudo when you use the docker command, create
a Unix group called docker and add users to it. When the docker daemon
starts, it makes the ownership of the Unix socket read/writable by the
docker group.

解決辦法

# 添加docker用户组
[yuy@localhost ~]$ sudo groupadd docker

# 将登陆用户加入到docker用户组中
[yuy@localhost ~]$ sudo gpasswd -a $USER docker

# 更新用户组
[yuy@localhost ~]$ sudo newgrp docker

# 重啓 docker 服務
[yuy@localhost ~]$ sudo systemctl restart docker.service

# 授權 docker.sock 
[yuy@localhost ~]$ sudo chmod a+rw /var/run/docker.sock

批量新增用戶至docker用戶組脚本

#!/bin/bash
#author by Michael Ho

# 用戶列表
user_array=(
    zhouj
    zhangmy
    caimz
    yuy
)

# 新增用戶到docker群組中
add_user() {

    if [[ $EUID -ne 0 ]]; then
        echo -ne "\033[31mThis scripts must be run as root ..\033[0m"
        exit 1
    fi

    groupadd docker

    for i in ${user_array[*]}; do
        gpasswd -a $i docker
        echo -ne "\033[32m 已將 $i 加入到 docker 用戶組! \033[0m"
    done

    newgrp docker
}

# main函式
main() {
    add_user

    # 重啓 docker 服務
    systemctl restart docker.service

    # 授權 docker.sock 
    chmod a+rw /var/run/docker.sock
}

# 程式入口
main

windows安裝pip報錯問題

发表评论

安裝pip時報錯現象如下

D:\>python get-pip.py
C:\Python38\lib\site-packages\setuptools\distutils_patch.py:25: UserWarning: Distutils was imported before Setuptools. This usage is discouraged and may exhibit undesirable behaviors or errors. Please use Setuptools' objects directly or at least import Setuptools first.
warnings.warn(
Looking in indexes: http://pypi.douban.com/simple
WARNING: The repository located at pypi.douban.com is not a trusted or secure host and is being ignored. If this repository is available via HTTPS we recommend you use HTTPS instead, otherwise you may silence this warning and allow it anyway with '--trusted-host pypi.douban.com'.
ERROR: Could not find a version that satisfies the requirement pip
ERROR: No matching distribution found for pip
WARNING: The repository located at pypi.douban.com is not a trusted or secure host and is being ignored. If this repository is available via HTTPS we recommend you use HTTPS instead, otherwise you may silence this warning and allow it anyway with '--trusted-host pypi.douban.com'.

D:\>curl https://bootstrap.pypa.io/get-pip.py | python3。
'python3。' 不是内部或外部命令，也不是可运行的程序
或批处理文件。

D:\>
D:\>curl https://bootstrap.pypa.io/get-pip.py | python
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 1882k 100 1882k 0 0 171k 0 0:00:11 0:00:11 --:--:-- 152k
C:\Python38\lib\site-packages\setuptools\distutils_patch.py:25: UserWarning: Distutils was imported before Setuptools. This usage is discouraged and may exhibit undesirable behaviors or errors. Please use Setuptools' objects directly or at least import Setuptools first.
warnings.warn(
Looking in indexes: http://pypi.douban.com/simple
WARNING: The repository located at pypi.douban.com is not a trusted or secure host and is being ignored. If this repository is available via HTTPS we recommend you use HTTPS instead, otherwise you may silence this warning and allow it anyway with '--trusted-host pypi.douban.com'.
ERROR: Could not find a version that satisfies the requirement pip
ERROR: No matching distribution found for pip
WARNING: The repository located at pypi.douban.com is not a trusted or secure host and is being ignored. If this repository is available via HTTPS we recommend you use HTTPS instead, otherwise you may silence this warning and allow it anyway with '--trusted-host pypi.douban.com'.

解決辦法

在系统目录C:\Users\用户\AppData\Roaming新建pip文件夹
在pip文件夹下新建pip.ini文件，并写入如下配置：

[global]
index-url = http://mirrors.aliyun.com/pypi/simple/
[install]
trusted-host = mirrors.aliyun.com

注意

安裝Windows版python.exe時，一定要以管理員模式打開並安裝，否則pip要人肉安裝，比如我
curl get-pip.py 時，可以在任意盤符目錄，但當前用戶一定能可以訪問到該目錄
這個報錯是 pip 版本 >=7 時，使用鏡像源時，會提示源地址不受信任或不安全，需要ssl安全認證

CentOS7根目录磁盘扩容(/dev/mapper/centos-root 空间不足)

发表评论

0.查看根分区大小

[root@master ~]# df -h
Filesystem                      Size  Used Avail Use% Mounted on
devtmpfs                         63G     0   63G   0% /dev
tmpfs                            63G     0   63G   0% /dev/shm
tmpfs                            63G  1.3G   62G   2% /run
tmpfs                            63G     0   63G   0% /sys/fs/cgroup
/dev/mapper/cl_geekthings-root   50G   38G   13G  76% /
/dev/sda1                      1014M  311M  704M  31% /boot
/dev/mapper/cl_geekthings-home  918G   12G  906G   2% /home
tmpfs                            13G   12K   13G   1% /run/user/42
tmpfs                            13G     0   13G   0% /run/user/0
overlay                          50G   38G   13G  76% /var/lib/docker/overlay2/70dffe831895bb55d79b4a8f483364a4f736637ccb2f6694f1cf82ba7ff1743d/merged

1.查看磁盘编号

[root@master ~]# ls /dev/sd*
/dev/sda  /dev/sda1  /dev/sda2

2.这里在vMware vCenter中新增一块硬盘(编辑->新增设备) 再次查看磁盘

[root@master ~]# ls /dev/sd*
/dev/sda  /dev/sda1  /dev/sda2  /dev/sdb

3.对新增硬盘进行分区, 这里新增的磁盘名称叫 /dev/sdb

[root@localhost ~]# fdisk /dev/sdb

# 输入 m, 得到帮助，可以按照提示操作进行分区了
# 因为这块硬盘只有 100G，所以我只打算分一个区，这里是需要输入 n，然后接下来都按 Enter 键，默认即可，最后输入 w 保存退出
[root@localhost ~]# fdisk /dev/sdb
Welcome to fdisk (util-linux 2.23.2).

Changes will remain in memory only, until you decide to write them.
Be careful before using the write command.

Command (m for help): m
Command action
   a   toggle a bootable flag
   b   edit bsd disklabel
   c   toggle the dos compatibility flag
   d   delete a partition
   g   create a new empty GPT partition table
   G   create an IRIX (SGI) partition table
   l   list known partition types
   m   print this menu
   n   add a new partition
   o   create a new empty DOS partition table
   p   print the partition table
   q   quit without saving changes
   s   create a new empty Sun disklabel
   t   change a partition's system id
   u   change display/entry units
   v   verify the partition table
   w   write table to disk and exit
   x   extra functionality (experts only)

4.将分区后的磁盘格式化成xfs类型

[root@localhost ~]# mkfs.xfs /dev/sdb1

5.创建pv

[root@master ~]# pvcreate /dev/sdb1
  Physical volume "/dev/sdb1" successfully created.

6.查看vg组

[root@master ~]# vgs
  VG            #PV #LV #SN Attr   VSize    VFree
  cl_geekthings   1   3   0 wz--n- <999.00g 4.00m

7.扩展vg

[root@master ~]# vgextend cl_geekthings /dev/sdb1
  Volume group "cl_geekthings" successfully extended

[root@master ~]# vgs
  VG            #PV #LV #SN Attr   VSize VFree  
  cl_geekthings   2   3   0 wz--n- 1.17t 200.00g

8.扩展lv

[root@master ~]# lvextend -L +200G /dev/mapper/cl_geekthings-root
  Size of logical volume cl_geekthings/root changed from 50.00 GiB (12800 extents) to 250.00 GiB (64000 extents).
  Logical volume cl_geekthings/root successfully resized.

9.系统重新读取大小

[root@master ~]# xfs_growfs /dev/mapper/cl_geekthings-root
meta-data=/dev/mapper/cl_geekthings-root isize=512    agcount=4, agsize=3276800 blks
         =                       sectsz=512   attr=2, projid32bit=1
         =                       crc=1        finobt=0 spinodes=0
data     =                       bsize=4096   blocks=13107200, imaxpct=25
         =                       sunit=0      swidth=0 blks
naming   =version 2              bsize=4096   ascii-ci=0 ftype=1
log      =internal               bsize=4096   blocks=6400, version=2
         =                       sectsz=512   sunit=0 blks, lazy-count=1
realtime =none                   extsz=4096   blocks=0, rtextents=0
data blocks changed from 13107200 to 65536000

10.查看扩容是否成功

[root@master ~]# df -h
Filesystem                      Size  Used Avail Use% Mounted on
devtmpfs                         63G     0   63G   0% /dev
tmpfs                            63G     0   63G   0% /dev/shm
tmpfs                            63G  1.3G   62G   2% /run
tmpfs                            63G     0   63G   0% /sys/fs/cgroup
/dev/mapper/cl_geekthings-root  250G   38G  213G  16% /
/dev/sda1                      1014M  311M  704M  31% /boot
/dev/mapper/cl_geekthings-home  918G   12G  906G   2% /home
tmpfs                            13G   12K   13G   1% /run/user/42
tmpfs                            13G     0   13G   0% /run/user/0
overlay                         250G   38G  213G  16% /var/lib/docker/overlay2/70dffe831895bb55d79b4a8f483364a4f736637ccb2f6694f1cf82ba7ff1743d/merged
[root@master ~]# lsblk
NAME                   MAJ:MIN RM   SIZE RO TYPE MOUNTPOINT
sda                      8:0    0  1000G  0 disk 
├─sda1                   8:1    0     1G  0 part /boot
└─sda2                   8:2    0   999G  0 part 
  ├─cl_geekthings-root 253:0    0   250G  0 lvm  /
  ├─cl_geekthings-swap 253:1    0  31.5G  0 lvm  
  └─cl_geekthings-home 253:2    0 917.5G  0 lvm  /home
sdb                      8:16   0   200G  0 disk 
└─cl_geekthings-root   253:0    0   250G  0 lvm  /
sr0                     11:0    1   4.1G  0 rom

2024 年 5 月
日	一	二	三	四	五	六
			1	2	3	4
5	6	7	8	9	10	11
12	13	14	15	16	17	18
19	20	21	22	23	24	25
26	27	28	29	30	31