BlueXIII's Blog

热爱技术,持续学习

0%

Posted on

官网

类似应用

配置

服务端frps.ini

1
2
3
[common]
bind_port = 37000
token = yourtoken

客户端frpc.ini

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
[common]
server_addr = your_ip
server_port = 37000
token = yourtoken

[web]
type = tcp
local_ip = 127.0.0.1
local_port = 8080
remote_port = 37001

[socks5]
type = tcp
remote_port = 37002
plugin = socks5
plugin_user = yourname
plugin_passwd = yourpass

启动脚本

1
2
./frps -c frps.ini
./frpc -c frpc.ini

Posted on

前言

部分EasyConnect由于启用了专线模式,在连接成功后,本机会切断互联网连接,且局域网内其它机器也无法访问到本机。
这样一来,使得Windows虚拟机 + 虚拟机内CCProxy + 宿主机Proxifier的连接方式变得不可用。
尝试通过修改路由表的方式,也无法绕开EC专线模式的限制。最近有人制做了EC的Docker镜像,可以将EC运行在容器内,另外顺利绕过了专线模式。

GitHub

启动命令

1
2
3
4
5
# 连接EC
docker run --name ec_xxx --device /dev/net/tun --cap-add NET_ADMIN -ti -p 127.0.0.1:1080:1080 -p 127.0.0.1:8888:8888 -e EC_VER=7.6.3 -e CLI_OPTS="-d https://连接地址 -u 用户名 -p 密码" hagb/docker-easyconnect:cli

# 开启SSH隧道
ssh -o ProxyCommand='nc -x 127.0.0.1:1080 %h %p' -CfNg -D7000 -p2201 root@10.180.248.88

注意: 开通SSH隧道时,可以直接加入-o ProxyCommand参数,使ssh走1080代理。当然也可以在Proxifier上配置规则,强行使10.180.248.88整个网段走代理。
连接不同EC时,需要选择匹配的版本

Posted on

参考文档

下载地址

https://skywalking.apache.org/downloads/

OAP地址

OAP:
http://10.193.2.8:12800
10.193.2.8:11800

UI:
http://10.193.2.8:18080

Agent配置

1
2
3
4
5
export SW_AGENT_NAME=dubhe-quality
export SW_AGENT_COLLECTOR_BACKEND_SERVICES=10.193.2.8:11800
export SW_AGENT_SPAN_LIMIT=2000
export JAVA_AGENT=-javaagent:/path/to/skywalking-agent.jar  
java -jar $JAVA_AGENT -jar dubhe-quality-biz.jar

DevOps配置

Dockerfile

1
2
3
4
5
6
7
8
9
10
FROM openjdk:17-oracle
MAINTAINER la
ENV TZ=Asia/Shanghai
RUN ln -sf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone
RUN mkdir -p /dubhe-quality-biz
WORKDIR /dubhe-quality-biz
EXPOSE 8604
ADD ./dubhe-quality/dubhe-quality-biz/target/dubhe-quality-biz.jar ./
ADD ./deploy/skyskywalking-agent.tar.gz /
CMD java --add-opens java.base/java.util=ALL-UNNAMED --add-opens java.base/java.lang.reflect=ALL-UNNAMED --add-opens java.base/java.text=ALL-UNNAMED --add-opens java.desktop/java.awt.font=ALL-UNNAMED -Xms128m -Xmx256m -Djava.security.egd=file:/dev/./urandom -jar -javaagent:/skywalking-agent/skywalking-agent.jar -jar dubhe-quality-biz.jar

K8S Yaml

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
- env:
    - name: NACOS_HOST
        value: 10.133.0.63
    - name: NACOS_PORT
        value: 30501
    - name: SERVICE_HOST
        value: 10.133.0.63
    - name: SERVICE_PORT
        value: 30510
    - name: NACOS_USERNAME
        value: nacos
    - name: NACOS_PASSWORD
        value: nacos
    - name: SW_AGENT_NAME
        value: dubhe-quality
    - name: SW_AGENT_COLLECTOR_BACKEND_SERVICES
        value: 10.193.2.8:11800
    - name: SW_AGENT_SPAN_LIMIT
        value: 2000

本机打包测试

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
docker build -f dubhe-quality/dubhe-quality-biz/Dockerfile -t dubhe-quality .

docker run --rm \
--name dubhe-quality \
-p 8604:8604 \
-e NACOS_HOST=10.133.0.63 \
-e NACOS_PORT=30501 \
-e SERVICE_HOST=10.255.2.133 \
-e SERVICE_PORT=8604 \
-e NACOS_USERNAME=nacos \
-e NACOS_PASSWORD=nacos \
-e SW_AGENT_NAME=dubhe-quality \
-e SW_AGENT_COLLECTOR_BACKEND_SERVICES=10.193.2.8:11800 \
-e SW_AGENT_SPAN_LIMIT=2000 \
dubhe-quality:latest

Posted on

Pom依赖添加

需要添加缺失的依赖以避免找不到类的问题

在根pom.xml中,添加Java17缺失依赖

1
2
3
4
5
6
7
8
9
10
11
<!--Java17缺失依赖-->
<dependency>
    <groupId>org.glassfish.jaxb</groupId>
    <artifactId>jaxb-runtime</artifactId>
    <version>2.3.1</version>
</dependency>
<dependency>
    <groupId>com.sun.xml.bind</groupId>
    <artifactId>jaxb-impl</artifactId>
    <version>2.3.1</version>
</dependency>

Dockerfile修改

需要修改java启动参数以允许深度反射

  1. 基础镜像改为openjdk:17-oracle
  2. 启动命令中加入--add-opens参数

原始: 

1
2
3
4
5
6
7
8
9
FROM java:8
MAINTAINER la
ENV TZ=Asia/Shanghai
RUN ln -sf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone
RUN mkdir -p /dubhe-quality-biz
WORKDIR /dubhe-quality-biz
EXPOSE 8604
ADD ./dubhe-quality/dubhe-quality-biz/target/dubhe-quality-biz.jar ./
CMD java -Xms128m -Xmx256m -Djava.security.egd=file:/dev/./urandom -jar dubhe-quality-biz.jar

修改后: 

1
2
3
4
5
6
7
8
9
FROM openjdk:17-oracle
MAINTAINER la
ENV TZ=Asia/Shanghai
RUN ln -sf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone
RUN mkdir -p /dubhe-quality-biz
WORKDIR /dubhe-quality-biz
EXPOSE 8604
ADD ./dubhe-quality/dubhe-quality-biz/target/dubhe-quality-biz.jar ./
CMD java --add-opens java.base/java.util=ALL-UNNAMED --add-opens java.base/java.lang.reflect=ALL-UNNAMED --add-opens java.base/java.text=ALL-UNNAMED --add-opens java.desktop/java.awt.font=ALL-UNNAMED -Xms128m -Xmx256m -Djava.security.egd=file:/dev/./urandom -jar dubhe-quality-biz.jar

Alias修改

1
2
vi .zshrc
alias java="java --add-opens java.base/java.util=ALL-UNNAMED --add-opens java.base/java.lang.reflect=ALL-UNNAMED --add-opens java.base/java.text=ALL-UNNAMED --add-opens java.desktop/java.awt.font=ALL-UNNAMED"

Posted on

参考文档

https://www.zsythink.net/archives/1199

流程图

20220927103716

  • PREROUTING 的规则可以存在于:raw表,mangle表,nat表。

  • INPUT 的规则可以存在于:mangle表,filter表,(centos7中还有nat表,centos6中没有)。

  • FORWARD 的规则可以存在于:mangle表,filter表。

  • OUTPUT 的规则可以存在于:raw表mangle表,nat表,filter表。

  • POSTROUTING 的规则可以存在于:mangle表,nat表。

  • raw 表中的规则可以被哪些链使用:PREROUTING,OUTPUT

  • mangle 表中的规则可以被哪些链使用:PREROUTING,INPUT,FORWARD,OUTPUT,POSTROUTING

  • nat 表中的规则可以被哪些链使用:PREROUTING,OUTPUT,POSTROUTING(centos7中还有INPUT,centos6中没有)

  • filter 表中的规则可以被哪些链使用:INPUT,FORWARD,OUTPUT

常用操作

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
# 查看规则
iptables --line -nvL
# 查看指定链上的规则
iptables --line -nvL INPUT

# 清空INPUT链中的规则
iptables -F INPUT
# 清空filter表在INUT链中的规则
iptables -t filter -F INPUT

# 插入规则
iptables -t filter -I INPUT -s 10.211.55.101 -j DROP
# 追加规则
iptables -t filter -A INPUT -s 10.211.55.101 -j ACCEPT
# 在第N行前插入规则
iptables -t filter -I INPUT 2 -s 10.211.55.101 -j ACCEPT

# 删除指定行
iptables -t filter -D INPUT 3

# 修改默认策略
iptables -t filter -P FORWARD DROP

# centos7安装iptables-services 
yum install iptables-services 
systemctl stop firewalld && systemctl disable firewalld  #停止firewalld
systemctl start iptables && systemctl enable iptables #启动iptables

# 保存规则
service iptables save
# 保存规则
iptables-save > /etc/sysconfig/iptables
# 还原规则
iptables-restore < /etc/sysconfig/iptables
# 查看规则
cat /etc/sysconfig/iptables


# 条件匹配
-s 10.211.55.0/24 #源地址
-d 10.211.55.10  #目标地址
-p tcp #协议 tcp, udp, udplite, icmp, esp, ah, sctp
-i eth0 #流入网卡 只能用于PREROUTING链、INPUT链、FORWARD链
-o eth1 #流出网卡 只能用于FORWARD链、OUTPUT链、POSTROUTING链
--dport 22 #目标端口22
! --dport 22 #目标端口,非22的
–-dport 22:25 # 目标端口,22到25的
-m multiport --dport 22,36,80 #目标端口,离散的,需要用到扩展模块multiport

# 创建自定义链
iptables -t filter -N IN_WEB
iptables -t filter -I IN_WEB -s 10.211.55.101 -j REJECT
iptables           -I IN_WEB -s 10.211.55.102 -j REJECT

# 引用自定义链
iptables -I INPUT -p tcp --dport 80 -j IN_WEB

# 删除自定义链
iptables -D INPUT 1
iptables -t filter -F IN_WEB
iptables -t filter -X IN_WEB

Posted on

参考文档

Nacos配置

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
spring:
  datasource:
    loginTimeout: 20
    druid:
      filter:
        stat:
          merge-sql: true
          slow-sql-millis: 5000
      web-stat-filter:
        enabled: true
        url-pattern: /*
        exclusions: "*.js,*.gif,*.jpg,*.png,*.css,*.ico,/druid/*"
        session-stat-enable: true
        session-stat-max-count: 100
      stat-view-servlet:
        enabled: true
        allow: ""
        url-pattern: /druid/*
        reset-enable: true
        login-username: admin
        login-password: yourpass
    primary:
      type: com.alibaba.druid.pool.DruidDataSource
      url: jdbc:mysql://10.193.2.8:3306/efpx_dubhe_quality?useUnicode=true&characterEncoding=UTF-8&serverTimezone=Asia/Shanghai&useSSL=false
      username: root
      password: yourpass
      driver-class-name: com.mysql.jdbc.Driver
      initialSize: 5
      maxActive: 20
      minIdle: 5
      maxWait: 10000
      poolPreparedStatements: false
      maxPoolPreparedStatementPerConnectionSize: -1
      validationQuery: SELECT 'x'
      testOnBorrow: false
      testOnReturn: false
      timeBetweenEvictionRunsMillis: 60000
      minEvictableIdleTimeMillis: 30000
      filters: stat,wall,log4j2
    warehouse:
      type: com.alibaba.druid.pool.DruidDataSource
      driver-class-name: com.mysql.jdbc.Driver
      url: jdbc:mysql://10.193.2.8:4000/warehouse?useUnicode=true&characterEncoding=UTF-8&serverTimezone=Asia/Shanghai&useSSL=false
      username: root
      password: yourpass
      initialSize: 5
      maxActive: 20
      minIdle: 5
      maxWait: 10000
      poolPreparedStatements: false
      maxPoolPreparedStatementPerConnectionSize: -1
      validationQuery: SELECT 'x'
      testOnBorrow: false
      testOnReturn: false
      timeBetweenEvictionRunsMillis: 60000
      minEvictableIdleTimeMillis: 30000
      filters: stat,wall,log4j2

Bean配置

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
package com.sdecloud.efpx.quality.biz.config;

import com.alibaba.druid.spring.boot.autoconfigure.DruidDataSourceBuilder;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.context.properties.ConfigurationProperties;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Primary;
import org.springframework.jdbc.core.JdbcTemplate;

import javax.sql.DataSource;

/**
 * JdbcTemplate配置类
 *
 * @author bluexiii
 */
@Configuration
public class JdbcTemplateConfiguration {
	@Primary
	@Bean(name = "dataSource")
	@ConfigurationProperties("spring.datasource.primary")
	public DataSource dataSource() {
		return DruidDataSourceBuilder.create().build();
	}

	@Bean(name = "warehouseDataSource")
	@ConfigurationProperties("spring.datasource.warehouse")
	public DataSource warehouseDataSource() {
		return DruidDataSourceBuilder.create().build();
	}

	@Bean("warehouseJdbcTemplate")
	public JdbcTemplate warehouseJdbcTemplate(@Qualifier("warehouseDataSource") DataSource warehouseDataSource) {
		return new JdbcTemplate(warehouseDataSource);
	}
}

Posted on

参考文档

安装

1
2
3
4
5
curl -O https://arthas.aliyun.com/arthas-boot.jar
java -jar arthas-boot.jar

curl -L https://arthas.aliyun.com/install.sh | sh
./as.sh

常用操作

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
watch com.sdecloud.efpx.quality.biz.controller.QualityRuleTemplateController list '{params[0],returnObj.toString()}'

stack com.sdecloud.efpx.quality.biz.controller.QualityRuleTemplateController list

tt -t com.sdecloud.efpx.quality.biz.controller.QualityRuleTemplateController list

watch com.sdecloud.efpx.quality.biz.component.CleanComponent cleanCheckLog

ognl '@com.sdecloud.efpx.quality.biz.component.CleanComponent@cleanCheckLog'
ognl '@com.sdecloud.efpx.quality.biz.service.QualityCheckLogServiceDb@info(1,1,"test")'
ognl '@com.sdecloud.efpx.quality.biz.service.QualityTaskBatchService@clean("2021-8-1")' -X 1

sc -d com.sdecloud.efpx.quality.biz.service.QualityTaskBatchService
sm -d com.sdecloud.efpx.quality.biz.service.QualityTaskBatchService$$EnhancerBySpringCGLIB$$52b99956
watch com.sdecloud.efpx.quality.biz.service.QualityTaskBatchService clean

Posted on

官网

参考文档

测试机

  • 10.193.34.2
  • 10.193.34.3

Yum源

1
2
3
4
5
cd /etc/yum.repos.d/ && mkdir backup && mv *repo backup/ 
curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-8.repo
sed -i -e "s|mirrors.cloud.aliyuncs.com|mirrors.aliyun.com|g " /etc/yum.repos.d/CentOS-*
sed -i -e "s|releasever|releasever-stream|g" /etc/yum.repos.d/CentOS-*
yum clean all && yum makecache

CentOS7内核升级

https://zhuanlan.zhihu.com/p/368879345

K3S离线包

https://github.com/rancher/k3s/releases

离线安装

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
# 下载
wget https://bluexiii-files.oss-cn-beijing.aliyuncs.com/install.sh
wget https://bluexiii-files.oss-cn-beijing.aliyuncs.com/k3s
wget https://bluexiii-files.oss-cn-beijing.aliyuncs.com/k3s-airgap-images-amd64.tar.gz
chmod +x install.sh
chmod +x k3s
mkdir -p /var/lib/rancher/k3s/agent/images/
cp ./k3s-airgap-images-amd64.tar.gz /var/lib/rancher/k3s/agent/images/
cp k3s /usr/local/bin/k3s

# Master
INSTALL_K3S_SKIP_DOWNLOAD=true ./install.sh
cat /var/lib/rancher/k3s/server/node-token

# Agent
INSTALL_K3S_SKIP_DOWNLOAD=true K3S_URL=https://10.193.34.2:6443 K3S_TOKEN=K108a518c04bb5139e71da5822461293fe4016b0ae5a46db42f8b105d1a4a3369e4::server:b1af43bb495176c4050d4c2f4907a75f ./install.sh

Registry

1
2
3
4
5
6
7
8
9
docker pull registry:latest

docker run -itd \
--name registry \
--hostname registry \
--volume /root/registry:/var/lib/registry/docker/registry \
--publish 5000:5000 \
--restart unless-stopped \
registry:latest

http://10.193.34.2:5000

Helm

文档

https://github.com/helm/helm/releases
https://helm.sh/zh/docs/intro/install/

安装

1
2
wget https://bluexiii-files.oss-cn-beijing.aliyuncs.com/helm-v3.9.1-linux-amd64.tar.gz
mv linux-amd64/helm /usr/local/bin/helm

Docker离线

https://blog.51cto.com/90xpy/2722642
https://github.com/docker/compose/releases

Docker在线

https://www.cnblogs.com/yyee/p/12905165.html
https://github.com/duiying/ops/tree/master/docker-ce-yum-install

Harbor离线

https://segmentfault.com/a/1190000040905311
https://learnku.com/articles/29884
https://github.com/duiying/OPS/tree/master/harbor-install

http://10.193.34.4:9010
admin/Harbor12345

1
2
3
4
5
6
7
8
vi /etc/docker/daemon.json
{
  "insecure-registries" : ["10.193.34.4:9010"]
}

docker login 10.193.34.4:9010
docker tag nginx:latest 10.193.34.4:9010/dubhe/nginx:latest
docker push 10.193.34.4:9010/dubhe/nginx:latest

Posted on

Containerd

参考文档

配置文件

/var/lib/rancher/k3s/agent/etc/containerd/config.toml

Podman

参考文档

https://zhuanlan.zhihu.com/p/110394125

镜像