BlueXIII's Blog

热爱技术,持续学习

0%

Posted on Edited on

官网

https://github.com/sunny0826/kubecm

安装

1
2
3
4
5
# macOS下brew安装
brew install kubecm

# Linux下二进制安装
wget https://github.com/sunny0826/kubecm/releases/download/v0.23.0/kubecm_v0.23.0_Linux_x86_64.tar.gz

常用操作

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
# 配置Alias(可选)
alias k=kubectl
alias kc=kubecm

# 添加一个集群至~/.kube/config
kubecm add -f config.qke

# 重命名
kubecm rename

# 移除集群
kubecm delete

# 查看集群
kubecm list
kc l

# 切换集群
kubecm switch
kc s

Posted on Edited on

参考

https://i.cloudnative.to/toolkits/kubernetes/k9s

离线安装

https://k9scli.io/topics/install/

1
2
tar -zxvf k9s_Linux_amd64.tar.gz
cp ./k9s /usr/local/bin/

常用操作

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
# 启动
k9s
k9s -n your_namespace
$ k9s --readonly
k9s info
# 帮助
?
# 显示所有别名
ctrl+a
# 查看资源
:po  # pods
:dp  # deployments
:rs  # replicasets
:svc  # services
:cm  # configmap
:sec  # secrets
:rb # rolebinding
:ns # namespaces
:node # nodes
:dp 或 :rs

# 快捷操作(界面上方有提示)
ctrl-d # 删除
a # attach
d # 查看描述 
e # 编辑
l # 日志
s # shell
/  # 过滤


# 伸缩
按`:dp`进入deployments界面后,按`s`调整

# 端口转发
shift-f

# Pulses高级功能,资源总览
:pu

# XRay高级功能,显示资源关系图,支持探查:Pods, Deployments, StatefulSets, Services, DaemonSets
:x po
:x dp
:x sts
:x svc
:x ds

# Popeye功能,报告潜在问题
:popeye

Posted on

官网

https://hexo.io

安装

1
npm install -g hexo-cli

配置

1
hexo init hexo-blog

vi _config.yml

1
2
3
4
deploy:
  type: git
  repo: https://your-repo.git
  branch: master

生成静态页

1
hexo g

本机测试

1
hexo s

上传

1
hexo d

主题

1
git clone https://github.com/theme-next/hexo-theme-next themes/next

RSS

1
npm install --save hexo-generator-feed
1
2
3
4
5
6
7
8
9
social:
  GitHub: https://your-repo.git
  简书: https://your-blog
social_icons:
  enable: true
  icons_only: false
  transition: false
  GitHub: github
  简书: book

侧边栏社交链接

1
2
3
4
5
6
7
8
9
social:
  GitHub: https://your-repo.git
  简书: https://your-blog
social_icons:
  enable: true
  icons_only: false
  transition: false
  GitHub: github
  简书: book

参考文档

Posted on

用途

一个Tampermonkey脚本,用于破解极客时间HTML页面,使其允许选择复制文本

油猴插件安装

https://chrome.google.com/webstore/detail/tampermonkey/dhdgffkkebhmkfjojejmpbldmpobfkfo?utm_source=chrome-ntp-icon

安装后需要右击图标进入插件配置页面,选中Allow access to file URLs

脚本

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
// ==UserScript==
// @name         极客时间允许复制
// @namespace    https://www.yourdomain.com/
// @version      1.0
// @description  极客时间允许复制
// @author       yourname
// @match        file:///path/to*
// @icon         https://www.google.com/s2/favicons?sz=64&domain=undefined.
// @run-at       document-body
// ==/UserScript==

(function() {
    'use strict';
    var eles = document.getElementsByTagName('*');
    for (var i = 0; i < eles.length; i++) {
        eles[i].style.userSelect = 'text';
    }
})();

注意将@match 修改为本机路径

Posted on

确定当前版本号

1
2
3
4
5
openssl version
OpenSSL 1.0.2k-fips  26 Jan 2017

ssh -V
OpenSSH_7.4p1, OpenSSL 1.0.2k-fips  26 Jan 2017

即将升级为:

  • OpenSSL: 1.0.2k-fips -> 1.1.1s(最新稳定版)
  • OpenSSH: 7.4p1 -> 9.1p1(最新稳定版)

安装TelnetServer

OpenSSH升级有风险,当SSH服务无法正常启动时,需要通过Telnet远程登录并修复。临时开启Telnet,升版完成后再将期关闭。

直接通过本地yum源安装:

1
2
3
4
5
6
7
8
9
# 安装telnet-server
yum install telnet-server -y

# 启动服务
systemctl enable telnet.socket
systemctl start telnet.socket

# 测试能否正常连接(此时可以连接,但禁止登录)
telnet 192.168.23.11

由于PAM规则的限制,telnet默认不允许root用户远程登录,最简单且合法的方式是新建一个临时用户,登录后再su到root:

1
2
3
4
5
6
7
# 新建临时用户
useradd tmpuser
passwd tmpuser # 密码设为 yourpass

# 测试使用临时用户登录
telnet -l tmpuser 192.168.23.11  # 密码 yourpass
su -

下载源码

安全加固需要最新稳定版,而CentOS的yum源中版太旧,所以需要在OpenSSL与OpenSSH官网下载源码编译安装

官网地址:

下载链接: 

1
2
wget https://www.openssl.org/source/openssl-1.1.1s.tar.gz
wget https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-9.1p1.tar.gz

升级OpenSSL

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
# 查看版本号
openssl version

# 安装gcc相关依赖
yum install gcc gcc-c++ autoconf automake zlib zlib-devel pcre-devel -y

# 解压
tar -zxvf openssl-1.1.1s.tar.gz
cd openssl-1.1.1s

# 编译
export LANG=C
./config shared 
make

# 备份
mv /usr/bin/openssl /usr/bin/openssl_old

# 安装
make install

# 创建软链接
ln -s /usr/local/bin/openssl /usr/bin/openssl
ln -s /usr/local/lib64/libssl.so.1.1 /usr/lib64/
ln -s /usr/local/lib64/libcrypto.so.1.1 /usr/lib64/

# 查看版本号
openssl version

升级OpenSSH

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
# 查看版本号
ssh -V
OpenSSH_7.4p1, OpenSSL 1.0.2k-fips  26 Jan 2017

# 安装相关依赖
yum install zlib-devel openssl-devel pam-devel -y

# 解压
tar -zxvf openssh-9.1p1.tar.gz
cd openssh-9.1p1

# 编译
./configure \
--prefix=/usr/ \
--sysconfdir=/etc/ssh \
--with-ssl-dir=/usr/local/lib64/ \
--with-zlib \
--with-pam \
--with-md5-password \
--with-ssl-engine \
--with-selinux

make

# 备份
mkdir /etc/ssh_old
mv /etc/ssh/* /etc/ssh_old/

# 安装
make install

# 查看新版本号
ssh -V
OpenSSH_9.1p1, OpenSSL 1.1.1s  1 Nov 2022

# 重新配置sshd_config
vi /etc/ssh/sshd_config
PermitRootLogin yes  # 允许root登录
Port 2205  # 修改成之前的端口

# 移走以前的ssh服务, 防止与新的冲突
mv /usr/lib/systemd/system/sshd.service /etc/ssh_old/sshd.service
mv /usr/lib/systemd/system/sshd.socket /etc/ssh_old/sshd.socket

# 在解压包中拷贝一些文件
cp -a contrib/redhat/sshd.init /etc/init.d/sshd

# 重启服务
systemctl daemon-reload
systemctl restart sshd
systemctl status sshd

# 测试登录
ssh root@192.168.23.11 -p2205

配置SSH互信

TiDB与DS所在的服务器,需要重新配置SSH互信。其它服务器不需要配置。

1
ssh-copy-id root@192.168.23.XX

关闭TelnetServer

确认OpenSSH升级成功后,关闭TelnetServer,并删除临时用户

1
2
3
4
5
6
7
# 关闭Telnet服务
systemctl disable telnet.socket
systemctl stop telnet.socket
systemctl status telnet.socket

# 删除临时用户
userdel tmpuser

Posted on

官网

Grafana

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
# rpm方式安装
wget https://dl.grafana.com/oss/release/grafana-9.3.2-1.x86_64.rpm
sudo yum install grafana-9.3.2-1.x86_64.rpm
systemctl start grafana-server
systemctl enable grafana-server

# 二进制方式安装
nohup ./grafana-server 2>&1 &

# 登录地址
http://192.168.101.211:3000

# 钉钉推送地址
https://oapi.zingtalk.com/robot/send?access_token=........

# 备份
/var/lib/grafana/grafana.db
/etc/grafana/grafana.ini

Prometheus

1
2
3
4
# 安装Prometheus
wget https://github.com/prometheus/prometheus/releases/download/v2.41.0/prometheus-2.41.0.linux-amd64.tar.gz
nohup ./prometheus --config.file=prometheus.yml 2>&1 &
open http://192.168.101.211:9090

BlackboxExporter

1
2
3
4
# 安装BlackboxExporter
wget https://github.com/prometheus/blackbox_exporter/releases/download/v0.23.0/blackbox_exporter-0.23.0.linux-amd64.tar.gz
nohup ./blackbox_exporter 2>&1 &
open http://192.168.101.211:9115

NodeExporter

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
# 安装NodeExporter
wget https://github.com/prometheus/node_exporter/releases/download/v1.5.0/node_exporter-1.5.0.linux-amd64.tar.gz
nohup ./node_exporter --web.config.file=config.yml --web.listen-address=:19100 2>&1 &
open http://192.168.101.211:19100

#设置开机自启
cat << EOF >/etc/systemd/system/node_exporter.service
[Unit]
Description=node_exporter Monitoring System
Documentation=node_exporter Monitoring System
 
[Service]
ExecStart=/opt/node_exporter/node_exporter --web.config.file=/opt/node_exporter/config.yml --web.listen-address=:19100
 
[Install]
WantedBy=multi-user.target
EOF

# 启动
systemctl daemon-reload
systemctl start node_exporter.service
systemctl status node_exporter.service
systemctl enable node_exporter.service

# 可选: 生成密码
yum install httpd-tools -y
htpasswd -nBC 12 '' | tr -d ':\n'   # 输入密码

# 可选:配置密码
cat << EOF >/opt/node_exporter/config.yml
basic_auth_users:
  prometheus: \$2y\$12\$hj1xMjOs1iH.......
EOF

# 可选: 卸载
ps -ef|grep node_exporter
systemctl stop node_exporter.service
systemctl disable node_exporter.service
systemctl daemon-reload
rm -f /etc/systemd/system/node_exporter.service

Posted on

常用命令

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
# 查看系统最大FD总和
cat /proc/sys/fs/file-max
或 sysctl -a|grep fs.file-max

# 设置系统最大FD总和
vi /etc/sysctl.conf
fs.file-max=3244084
sysctl -p

# 查看进程最大FD
ulimit -n

# 设置进程最大FD
vim /etc/security/limits.conf
* soft nofile 65535
* hard nofile 65535

# 进程FD排行(此方式准确)
find /proc -print | grep -P '/proc/\d+/fd/'| awk -F '/' '{print $3}' | uniq -c | sort -rn | head -10

# 进程FD排行(网上流传的此方式,在CentOS7.3之后多了一列线程ID,算成了笛卡尔积)
lsof -n|awk '{print $2}'|sort|uniq -c|sort -nr|head -10

# 进程内线程数排行
ps -efT|grep java|awk '{print $2}'|sort|uniq -c|sort -nr|head -10

# 进程TCP连接排行
lsof -n -i tcp | awk '{print $2}'|sort|uniq -c|sort -nr|head -10

# 查看指定进程的FD数
ls /proc/32484/fd -l | wc -l 

# 查看指定进程的线程数
ps huH p 25439 | wc -l

# 查看系统所有TCP CLOSE-WAIT数
ss -tan|grep CLOSE-WAIT|wc -l

Posted on

R1D二级路由规则配置

参考: https://www.right.com.cn/forum/thread-4040453-1-1.html

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
vi /etc/config/firewall
config zone
    option name 'lan'
    option input 'ACCEPT'
    option output 'ACCEPT'
    option forward 'ACCEPT'

config zone
    option name 'wan'
    option input 'ACCEPT'
    option output 'ACCEPT'
    option forward 'ACCEPT'

config forwarding
    option src 'wan'
    option dest 'lan'

R1D开启SSH

R1D更换硬盘

  1. 使用DiskGenius分区,GPT分区表,4个分区大小为:156M,156M,312M,剩余空间一个区
  2. 刷机包名中带有hdk的bin文件,重命名为miwifi.bin, 放在U盘的根目录

AC2100刷机教程

Posted on

参考文档

教程

LEDE源码

openwrt.cc项目

过程

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
## 安装依赖
sudo apt update -y
sudo apt full-upgrade -y
sudo apt install -y ack antlr3 aria2 asciidoc autoconf automake autopoint binutils bison build-essential \
bzip2 ccache cmake cpio curl device-tree-compiler fastjar flex gawk gettext gcc-multilib g++-multilib \
git gperf haveged help2man intltool libc6-dev-i386 libelf-dev libglib2.0-dev libgmp3-dev libltdl-dev \
libmpc-dev libmpfr-dev libncurses5-dev libncursesw5-dev libreadline-dev libssl-dev libtool lrzsz \
mkisofs msmtp nano ninja-build p7zip p7zip-full patch pkgconf python2.7 python3 python3-pip libpython3-dev qemu-utils \
rsync scons squashfs-tools subversion swig texinfo uglifyjs upx-ucl unzip vim wget xmlto xxd zlib1g-dev

# 下载源代码
git clone https://github.com/coolsnowwolf/lede
cd lede

# 缝合其他插件
vi feeds.conf.default
src-git kenzo https://github.com/kenzok8/openwrt-packages
src-git small https://github.com/kenzok8/small

# 配置
./scripts/feeds update -a
./scripts/feeds install -a
make menuconfig

# 下载并编译
make download -j8 && make V=s -j1

# 二次编译
cd lede
git pull
./scripts/feeds update -a
./scripts/feeds install -a
make defconfig
make download -j8
make V=s -j$(nproc)

# 重新配置
rm -rf ./tmp && rm -rf .config
make menuconfig
make V=s -j$(nproc)

常用包

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
passwall ** 
全能推送
OpenClash
动态DNS luci-app-ddns
迅雷快鸟 luci-app-xlnetacc
Frpc luci-app-frpc
Frps luci-app-frps
Docker luci-app-dockerman
OpenVPN服务器 luci-app-openvpn-server
静态路由
IP/MAC绑定
Turbo ACC网络加速 luci-app-turboacc
宽带监控
UPnp
ip限速  luci-app-eqos
Qos流量控制 luci-app-sqm
磁盘管理 luci-app-diskman
USB打印机 luci-app-usb-printer
网页命令行 luci-app-ttyd
KMS服务器 luci-app-vlmcsd
流量监控 luci-app-wrtbwmon
释放内存 luci-app-ramfree
负载均衡 luci-app-mwan3
多播 luci-app-syncdial
wireguard luci-app-wireguard
网络唤醒 luci-app-wolplus

## 虚拟机
qemu-ga
open-vm-tools

# 其它
luci-app-ddns
luci-app-xlnetacc
luci-app-frpc
luci-app-frps
luci-app-dockerman **
luci-app-openvpn-server
luci-app-turboacc
luci-app-eqos
luci-app-sqm
luci-app-diskman
luci-app-usb-printer
luci-app-ttyd
luci-app-vlmcsd
luci-app-wrtbwmon
luci-app-ramfree
luci-app-mwan3
luci-app-syncdial
luci-app-wireguard
luci-app-wolplus
qemu-ga
open-vm-tools

Posted on

参考文档

tun/tap

1
2
3
4
5
6
7
8
9
10
11
12
13
# 创建 tap 
ip tuntap add dev tap0 mode tap 
# 创建 tun
ip tuntap add dev tun0 mode tun 

# 删除 tap
ip tuntap del dev tap0 mode tap
# 删除 tun
ip tuntap del dev tun0 mode tun 

# 例如使用ip link命令也可以删除tun/tap设备
ip link del tap0
ip link del tun0

netns

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
ip netns list

# 添加并启动虚拟网卡tap设备
ip tuntap add dev tap0 mode tap 
ip tuntap add dev tap1 mode tap 
ip link set tap0 up
ip link set tap1 up

# 配置IP
ip addr add 10.0.0.1/24 dev tap0
ip addr add 10.0.0.2/24 dev tap1

# 添加netns
ip netns add ns0
ip netns add ns1

# 将虚拟网卡tap0,tap1分别移动到ns0和ns1中
ip link set tap0 netns ns0
ip link set tap1 netns ns1

# 指定netns后查看网卡
ip netns exec ns0 ip a
ip netns exec ns1 ip a

# 重新启动网卡并设置IP
ip netns exec ns0 ip link set lo up
ip netns exec ns0 ip link set tap0 up
ip netns exec ns0 ip addr add 10.0.0.1/24 dev tap0

ip netns exec ns1 ip link set lo up
ip netns exec ns1 ip link set tap1 up
ip netns exec ns1 ip addr add 10.0.0.2/24 dev tap1

# 指定netns后ping
ip netns exec ns0 ping 10.0.0.1
ip netns exec ns1 ping 10.0.0.2

# 清理
ip netns delete ns0
ip netns delete ns1

vethpair

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
# 添加netns
ip netns add ns0
ip netns add ns1

# 创建一对veth
ip link add veth0 type veth peer name veth1

# 将veth移动到netns中
ip link set veth0 netns ns0
ip link set veth1 netns ns1

# 指定netns后查看网卡
ip netns exec ns0 ip a
ip netns exec ns1 ip a

# 启动
ip netns exec ns0 ip link set veth0 up
ip netns exec ns1 ip link set veth1 up

# 查看路由表
ip netns exec ns0 route -n
ip netns exec ns1 route -n

# 修改路由出口为veth
ip netns exec ns0 ip route change 10.0.0.0/24 via 0.0.0.0 dev veth0
ip netns exec ns1 ip route change 10.0.0.0/24 via 0.0.0.0 dev veth1

# 跨ns互ping
ip netns exec ns0 ping 10.0.0.2
ip netns exec ns1 ping 10.0.0.1

# 清理
ip netns delete ns0
ip netns delete ns1

bridge

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
# 安装bridge-utils
yum install -y bridge-utils

# 添加网桥
brctl addbr br0

# 启动网桥
ip link set br0 up

# 新增三个netns
ip netns add ns0
ip netns add ns1
ip netns add ns2

# 新增两对veth
ip link add veth0-ns type veth peer name veth0-br
ip link add veth1-ns type veth peer name veth1-br
ip link add veth2-ns type veth peer name veth2-br

# 将veth的一端移动到netns中
ip link set veth0-ns netns ns0
ip link set veth1-ns netns ns1
ip link set veth2-ns netns ns2

# 将netns中的本地环回和veth启动并配置IP
ip netns exec ns0 ip link set lo up
ip netns exec ns0 ip link set veth0-ns up
ip netns exec ns0 ip addr add 10.0.0.1/24 dev veth0-ns

ip netns exec ns1 ip link set lo up
ip netns exec ns1 ip link set veth1-ns up
ip netns exec ns1 ip addr add 10.0.0.2/24 dev veth1-ns

ip netns exec ns2 ip link set lo up
ip netns exec ns2 ip link set veth2-ns up
ip netns exec ns2 ip addr add 10.0.0.3/24 dev veth2-ns

# 查看网卡
ip netns exec ns0 ip a
ip netns exec ns1 ip a
ip netns exec ns2 ip a

# 查看路由表
ip netns exec ns0 route -n
ip netns exec ns1 route -n
ip netns exec ns2 route -n

# 将veth的另一端启动并挂载到网桥上
ip link set veth0-br up
ip link set veth1-br up
ip link set veth2-br up
brctl addif br0 veth0-br
brctl addif br0 veth1-br
brctl addif br0 veth2-br

# 查询网桥
brctl show

# 添加iptables规则
iptables -A FORWARD -i br0 -j ACCEPT

# 测试网络连通性
ip netns exec ns0 ping 10.0.0.1
ip netns exec ns0 ping 10.0.0.2
ip netns exec ns0 ping 10.0.0.3

localhost

1
2
3
4
5
6
7
8
# 查本地的路由表
ip route show table local

# 查主路由表
ip route show table main

# 环回网络接口
ifconfig lo